sensu-em 2.4.0-x86-mingw32

Sign up to get free protection for your applications and to get access to all the features.
Files changed (178) hide show
  1. checksums.yaml +7 -0
  2. data/.gitignore +21 -0
  3. data/.travis.yml +12 -0
  4. data/.yardopts +7 -0
  5. data/CHANGELOG.md +33 -0
  6. data/GNU +281 -0
  7. data/Gemfile +2 -0
  8. data/LICENSE +60 -0
  9. data/README.md +109 -0
  10. data/Rakefile +20 -0
  11. data/docs/DocumentationGuidesIndex.md +27 -0
  12. data/docs/GettingStarted.md +521 -0
  13. data/docs/old/ChangeLog +211 -0
  14. data/docs/old/DEFERRABLES +246 -0
  15. data/docs/old/EPOLL +141 -0
  16. data/docs/old/INSTALL +13 -0
  17. data/docs/old/KEYBOARD +42 -0
  18. data/docs/old/LEGAL +25 -0
  19. data/docs/old/LIGHTWEIGHT_CONCURRENCY +130 -0
  20. data/docs/old/PURE_RUBY +75 -0
  21. data/docs/old/RELEASE_NOTES +94 -0
  22. data/docs/old/SMTP +4 -0
  23. data/docs/old/SPAWNED_PROCESSES +148 -0
  24. data/docs/old/TODO +8 -0
  25. data/eventmachine.gemspec +37 -0
  26. data/examples/guides/getting_started/01_eventmachine_echo_server.rb +18 -0
  27. data/examples/guides/getting_started/02_eventmachine_echo_server_that_recognizes_exit_command.rb +22 -0
  28. data/examples/guides/getting_started/03_simple_chat_server.rb +149 -0
  29. data/examples/guides/getting_started/04_simple_chat_server_step_one.rb +27 -0
  30. data/examples/guides/getting_started/05_simple_chat_server_step_two.rb +43 -0
  31. data/examples/guides/getting_started/06_simple_chat_server_step_three.rb +98 -0
  32. data/examples/guides/getting_started/07_simple_chat_server_step_four.rb +121 -0
  33. data/examples/guides/getting_started/08_simple_chat_server_step_five.rb +141 -0
  34. data/examples/old/ex_channel.rb +43 -0
  35. data/examples/old/ex_queue.rb +2 -0
  36. data/examples/old/ex_tick_loop_array.rb +15 -0
  37. data/examples/old/ex_tick_loop_counter.rb +32 -0
  38. data/examples/old/helper.rb +2 -0
  39. data/ext/binder.cpp +124 -0
  40. data/ext/binder.h +46 -0
  41. data/ext/cmain.cpp +887 -0
  42. data/ext/ed.cpp +1992 -0
  43. data/ext/ed.h +424 -0
  44. data/ext/em.cpp +2352 -0
  45. data/ext/em.h +253 -0
  46. data/ext/eventmachine.h +128 -0
  47. data/ext/extconf.rb +179 -0
  48. data/ext/fastfilereader/extconf.rb +103 -0
  49. data/ext/fastfilereader/mapper.cpp +214 -0
  50. data/ext/fastfilereader/mapper.h +59 -0
  51. data/ext/fastfilereader/rubymain.cpp +127 -0
  52. data/ext/kb.cpp +79 -0
  53. data/ext/page.cpp +107 -0
  54. data/ext/page.h +51 -0
  55. data/ext/pipe.cpp +347 -0
  56. data/ext/project.h +161 -0
  57. data/ext/rubymain.cpp +1318 -0
  58. data/ext/ssl.cpp +476 -0
  59. data/ext/ssl.h +95 -0
  60. data/java/.classpath +6 -0
  61. data/java/.gitignore +1 -0
  62. data/java/.project +17 -0
  63. data/java/src/com/rubyeventmachine/DatagramPacket.java +13 -0
  64. data/java/src/com/rubyeventmachine/EmReactor.java +531 -0
  65. data/java/src/com/rubyeventmachine/EmReactorException.java +40 -0
  66. data/java/src/com/rubyeventmachine/EventCallback.java +7 -0
  67. data/java/src/com/rubyeventmachine/EventCode.java +26 -0
  68. data/java/src/com/rubyeventmachine/EventableChannel.java +130 -0
  69. data/java/src/com/rubyeventmachine/EventableDatagramChannel.java +179 -0
  70. data/java/src/com/rubyeventmachine/EventableSocketChannel.java +405 -0
  71. data/java/src/com/rubyeventmachine/SslBox.java +311 -0
  72. data/lib/em/buftok.rb +110 -0
  73. data/lib/em/callback.rb +58 -0
  74. data/lib/em/channel.rb +64 -0
  75. data/lib/em/completion.rb +304 -0
  76. data/lib/em/connection.rb +716 -0
  77. data/lib/em/deferrable.rb +210 -0
  78. data/lib/em/deferrable/pool.rb +2 -0
  79. data/lib/em/file_watch.rb +73 -0
  80. data/lib/em/future.rb +61 -0
  81. data/lib/em/iterator.rb +231 -0
  82. data/lib/em/messages.rb +66 -0
  83. data/lib/em/pool.rb +151 -0
  84. data/lib/em/process_watch.rb +45 -0
  85. data/lib/em/processes.rb +123 -0
  86. data/lib/em/protocols.rb +37 -0
  87. data/lib/em/protocols/header_and_content.rb +138 -0
  88. data/lib/em/protocols/httpclient.rb +279 -0
  89. data/lib/em/protocols/httpclient2.rb +600 -0
  90. data/lib/em/protocols/line_and_text.rb +125 -0
  91. data/lib/em/protocols/line_protocol.rb +29 -0
  92. data/lib/em/protocols/linetext2.rb +161 -0
  93. data/lib/em/protocols/memcache.rb +331 -0
  94. data/lib/em/protocols/object_protocol.rb +46 -0
  95. data/lib/em/protocols/postgres3.rb +246 -0
  96. data/lib/em/protocols/saslauth.rb +175 -0
  97. data/lib/em/protocols/smtpclient.rb +365 -0
  98. data/lib/em/protocols/smtpserver.rb +643 -0
  99. data/lib/em/protocols/socks4.rb +66 -0
  100. data/lib/em/protocols/stomp.rb +205 -0
  101. data/lib/em/protocols/tcptest.rb +54 -0
  102. data/lib/em/pure_ruby.rb +1017 -0
  103. data/lib/em/queue.rb +71 -0
  104. data/lib/em/resolver.rb +209 -0
  105. data/lib/em/spawnable.rb +84 -0
  106. data/lib/em/streamer.rb +118 -0
  107. data/lib/em/threaded_resource.rb +90 -0
  108. data/lib/em/tick_loop.rb +85 -0
  109. data/lib/em/timers.rb +61 -0
  110. data/lib/em/version.rb +3 -0
  111. data/lib/eventmachine.rb +1553 -0
  112. data/lib/fastfilereaderext.rb +2 -0
  113. data/lib/jeventmachine.rb +321 -0
  114. data/lib/rubyeventmachine.rb +2 -0
  115. data/rakelib/cpp.rake_example +77 -0
  116. data/rakelib/package.rake +98 -0
  117. data/rakelib/test.rake +8 -0
  118. data/tests/client.crt +31 -0
  119. data/tests/client.key +51 -0
  120. data/tests/em_test_helper.rb +64 -0
  121. data/tests/server.crt +36 -0
  122. data/tests/server.key +51 -0
  123. data/tests/test_attach.rb +150 -0
  124. data/tests/test_basic.rb +294 -0
  125. data/tests/test_channel.rb +62 -0
  126. data/tests/test_completion.rb +177 -0
  127. data/tests/test_connection_count.rb +53 -0
  128. data/tests/test_defer.rb +18 -0
  129. data/tests/test_deferrable.rb +35 -0
  130. data/tests/test_epoll.rb +145 -0
  131. data/tests/test_error_handler.rb +38 -0
  132. data/tests/test_exc.rb +28 -0
  133. data/tests/test_file_watch.rb +65 -0
  134. data/tests/test_futures.rb +170 -0
  135. data/tests/test_get_sock_opt.rb +37 -0
  136. data/tests/test_handler_check.rb +35 -0
  137. data/tests/test_hc.rb +155 -0
  138. data/tests/test_httpclient.rb +190 -0
  139. data/tests/test_httpclient2.rb +133 -0
  140. data/tests/test_idle_connection.rb +25 -0
  141. data/tests/test_inactivity_timeout.rb +54 -0
  142. data/tests/test_iterator.rb +97 -0
  143. data/tests/test_kb.rb +34 -0
  144. data/tests/test_line_protocol.rb +33 -0
  145. data/tests/test_ltp.rb +138 -0
  146. data/tests/test_ltp2.rb +288 -0
  147. data/tests/test_next_tick.rb +104 -0
  148. data/tests/test_object_protocol.rb +36 -0
  149. data/tests/test_pause.rb +102 -0
  150. data/tests/test_pending_connect_timeout.rb +52 -0
  151. data/tests/test_pool.rb +194 -0
  152. data/tests/test_process_watch.rb +48 -0
  153. data/tests/test_processes.rb +128 -0
  154. data/tests/test_proxy_connection.rb +180 -0
  155. data/tests/test_pure.rb +88 -0
  156. data/tests/test_queue.rb +50 -0
  157. data/tests/test_resolver.rb +55 -0
  158. data/tests/test_running.rb +14 -0
  159. data/tests/test_sasl.rb +47 -0
  160. data/tests/test_send_file.rb +217 -0
  161. data/tests/test_servers.rb +33 -0
  162. data/tests/test_set_sock_opt.rb +37 -0
  163. data/tests/test_shutdown_hooks.rb +23 -0
  164. data/tests/test_smtpclient.rb +55 -0
  165. data/tests/test_smtpserver.rb +57 -0
  166. data/tests/test_spawn.rb +293 -0
  167. data/tests/test_ssl_args.rb +78 -0
  168. data/tests/test_ssl_echo_data.rb +60 -0
  169. data/tests/test_ssl_methods.rb +56 -0
  170. data/tests/test_ssl_verify.rb +82 -0
  171. data/tests/test_stomp.rb +37 -0
  172. data/tests/test_system.rb +42 -0
  173. data/tests/test_threaded_resource.rb +53 -0
  174. data/tests/test_tick_loop.rb +59 -0
  175. data/tests/test_timers.rb +123 -0
  176. data/tests/test_ud.rb +8 -0
  177. data/tests/test_unbind_reason.rb +48 -0
  178. metadata +300 -0
data/ext/ssl.cpp ADDED
@@ -0,0 +1,476 @@
1
+ /*****************************************************************************
2
+
3
+ $Id$
4
+
5
+ File: ssl.cpp
6
+ Date: 30Apr06
7
+
8
+ Copyright (C) 2006-07 by Francis Cianfrocca. All Rights Reserved.
9
+ Gmail: blackhedd
10
+
11
+ This program is free software; you can redistribute it and/or modify
12
+ it under the terms of either: 1) the GNU General Public License
13
+ as published by the Free Software Foundation; either version 2 of the
14
+ License, or (at your option) any later version; or 2) Ruby's License.
15
+
16
+ See the file COPYING for complete licensing information.
17
+
18
+ *****************************************************************************/
19
+
20
+
21
+ #ifdef WITH_SSL
22
+
23
+ #include "project.h"
24
+
25
+
26
+ bool SslContext_t::bLibraryInitialized = false;
27
+
28
+
29
+
30
+ static void InitializeDefaultCredentials();
31
+ static EVP_PKEY *DefaultPrivateKey = NULL;
32
+ static X509 *DefaultCertificate = NULL;
33
+
34
+ static char PrivateMaterials[] = {
35
+ "-----BEGIN RSA PRIVATE KEY-----\n"
36
+ "MIICXAIBAAKBgQDCYYhcw6cGRbhBVShKmbWm7UVsEoBnUf0cCh8AX+MKhMxwVDWV\n"
37
+ "Igdskntn3cSJjRtmgVJHIK0lpb/FYHQB93Ohpd9/Z18pDmovfFF9nDbFF0t39hJ/\n"
38
+ "AqSzFB3GiVPoFFZJEE1vJqh+3jzsSF5K56bZ6azz38VlZgXeSozNW5bXkQIDAQAB\n"
39
+ "AoGALA89gIFcr6BIBo8N5fL3aNHpZXjAICtGav+kTUpuxSiaym9cAeTHuAVv8Xgk\n"
40
+ "H2Wbq11uz+6JMLpkQJH/WZ7EV59DPOicXrp0Imr73F3EXBfR7t2EQDYHPMthOA1D\n"
41
+ "I9EtCzvV608Ze90hiJ7E3guGrGppZfJ+eUWCPgy8CZH1vRECQQDv67rwV/oU1aDo\n"
42
+ "6/+d5nqjeW6mWkGqTnUU96jXap8EIw6B+0cUKskwx6mHJv+tEMM2748ZY7b0yBlg\n"
43
+ "w4KDghbFAkEAz2h8PjSJG55LwqmXih1RONSgdN9hjB12LwXL1CaDh7/lkEhq0PlK\n"
44
+ "PCAUwQSdM17Sl0Xxm2CZiekTSlwmHrtqXQJAF3+8QJwtV2sRJp8u2zVe37IeH1cJ\n"
45
+ "xXeHyjTzqZ2803fnjN2iuZvzNr7noOA1/Kp+pFvUZUU5/0G2Ep8zolPUjQJAFA7k\n"
46
+ "xRdLkzIx3XeNQjwnmLlncyYPRv+qaE3FMpUu7zftuZBnVCJnvXzUxP3vPgKTlzGa\n"
47
+ "dg5XivDRfsV+okY5uQJBAMV4FesUuLQVEKb6lMs7rzZwpeGQhFDRfywJzfom2TLn\n"
48
+ "2RdJQQ3dcgnhdVDgt5o1qkmsqQh8uJrJ9SdyLIaZQIc=\n"
49
+ "-----END RSA PRIVATE KEY-----\n"
50
+ "-----BEGIN CERTIFICATE-----\n"
51
+ "MIID6TCCA1KgAwIBAgIJANm4W/Tzs+s+MA0GCSqGSIb3DQEBBQUAMIGqMQswCQYD\n"
52
+ "VQQGEwJVUzERMA8GA1UECBMITmV3IFlvcmsxETAPBgNVBAcTCE5ldyBZb3JrMRYw\n"
53
+ "FAYDVQQKEw1TdGVhbWhlYXQubmV0MRQwEgYDVQQLEwtFbmdpbmVlcmluZzEdMBsG\n"
54
+ "A1UEAxMUb3BlbmNhLnN0ZWFtaGVhdC5uZXQxKDAmBgkqhkiG9w0BCQEWGWVuZ2lu\n"
55
+ "ZWVyaW5nQHN0ZWFtaGVhdC5uZXQwHhcNMDYwNTA1MTcwNjAzWhcNMjQwMjIwMTcw\n"
56
+ "NjAzWjCBqjELMAkGA1UEBhMCVVMxETAPBgNVBAgTCE5ldyBZb3JrMREwDwYDVQQH\n"
57
+ "EwhOZXcgWW9yazEWMBQGA1UEChMNU3RlYW1oZWF0Lm5ldDEUMBIGA1UECxMLRW5n\n"
58
+ "aW5lZXJpbmcxHTAbBgNVBAMTFG9wZW5jYS5zdGVhbWhlYXQubmV0MSgwJgYJKoZI\n"
59
+ "hvcNAQkBFhllbmdpbmVlcmluZ0BzdGVhbWhlYXQubmV0MIGfMA0GCSqGSIb3DQEB\n"
60
+ "AQUAA4GNADCBiQKBgQDCYYhcw6cGRbhBVShKmbWm7UVsEoBnUf0cCh8AX+MKhMxw\n"
61
+ "VDWVIgdskntn3cSJjRtmgVJHIK0lpb/FYHQB93Ohpd9/Z18pDmovfFF9nDbFF0t3\n"
62
+ "9hJ/AqSzFB3GiVPoFFZJEE1vJqh+3jzsSF5K56bZ6azz38VlZgXeSozNW5bXkQID\n"
63
+ "AQABo4IBEzCCAQ8wHQYDVR0OBBYEFPJvPd1Fcmd8o/Tm88r+NjYPICCkMIHfBgNV\n"
64
+ "HSMEgdcwgdSAFPJvPd1Fcmd8o/Tm88r+NjYPICCkoYGwpIGtMIGqMQswCQYDVQQG\n"
65
+ "EwJVUzERMA8GA1UECBMITmV3IFlvcmsxETAPBgNVBAcTCE5ldyBZb3JrMRYwFAYD\n"
66
+ "VQQKEw1TdGVhbWhlYXQubmV0MRQwEgYDVQQLEwtFbmdpbmVlcmluZzEdMBsGA1UE\n"
67
+ "AxMUb3BlbmNhLnN0ZWFtaGVhdC5uZXQxKDAmBgkqhkiG9w0BCQEWGWVuZ2luZWVy\n"
68
+ "aW5nQHN0ZWFtaGVhdC5uZXSCCQDZuFv087PrPjAMBgNVHRMEBTADAQH/MA0GCSqG\n"
69
+ "SIb3DQEBBQUAA4GBAC1CXey/4UoLgJiwcEMDxOvW74plks23090iziFIlGgcIhk0\n"
70
+ "Df6hTAs7H3MWww62ddvR8l07AWfSzSP5L6mDsbvq7EmQsmPODwb6C+i2aF3EDL8j\n"
71
+ "uw73m4YIGI0Zw2XdBpiOGkx2H56Kya6mJJe/5XORZedh1wpI7zki01tHYbcy\n"
72
+ "-----END CERTIFICATE-----\n"};
73
+
74
+ /* These private materials were made with:
75
+ * openssl req -new -x509 -keyout cakey.pem -out cacert.pem -nodes -days 6500
76
+ * TODO: We need a full-blown capability to work with user-supplied
77
+ * keypairs and properly-signed certificates.
78
+ */
79
+
80
+
81
+ /*****************
82
+ builtin_passwd_cb
83
+ *****************/
84
+
85
+ extern "C" int builtin_passwd_cb (char *buf, int bufsize, int rwflag, void *userdata)
86
+ {
87
+ strcpy (buf, "kittycat");
88
+ return 8;
89
+ }
90
+
91
+ /****************************
92
+ InitializeDefaultCredentials
93
+ ****************************/
94
+
95
+ static void InitializeDefaultCredentials()
96
+ {
97
+ BIO *bio = BIO_new_mem_buf (PrivateMaterials, -1);
98
+ assert (bio);
99
+
100
+ if (DefaultPrivateKey) {
101
+ // we may come here in a restart.
102
+ EVP_PKEY_free (DefaultPrivateKey);
103
+ DefaultPrivateKey = NULL;
104
+ }
105
+ PEM_read_bio_PrivateKey (bio, &DefaultPrivateKey, builtin_passwd_cb, 0);
106
+
107
+ if (DefaultCertificate) {
108
+ // we may come here in a restart.
109
+ X509_free (DefaultCertificate);
110
+ DefaultCertificate = NULL;
111
+ }
112
+ PEM_read_bio_X509 (bio, &DefaultCertificate, NULL, 0);
113
+
114
+ BIO_free (bio);
115
+ }
116
+
117
+
118
+
119
+ /**************************
120
+ SslContext_t::SslContext_t
121
+ **************************/
122
+
123
+ SslContext_t::SslContext_t (bool is_server, const string &privkeyfile, const string &certchainfile, bool use_tls, const string &cipherlist):
124
+ pCtx (NULL),
125
+ PrivateKey (NULL),
126
+ Certificate (NULL)
127
+ {
128
+ /* TODO: the usage of the specified private-key and cert-chain filenames only applies to
129
+ * client-side connections at this point. Server connections currently use the default materials.
130
+ * That needs to be fixed asap.
131
+ * Also, in this implementation, server-side connections use statically defined X-509 defaults.
132
+ * One thing I'm really not clear on is whether or not you have to explicitly free X509 and EVP_PKEY
133
+ * objects when we call our destructor, or whether just calling SSL_CTX_free is enough.
134
+ */
135
+
136
+ if (!bLibraryInitialized) {
137
+ bLibraryInitialized = true;
138
+ SSL_library_init();
139
+ OpenSSL_add_ssl_algorithms();
140
+ OpenSSL_add_all_algorithms();
141
+ SSL_load_error_strings();
142
+ ERR_load_crypto_strings();
143
+
144
+ InitializeDefaultCredentials();
145
+ }
146
+
147
+ bIsServer = is_server;
148
+ if (use_tls)
149
+ pCtx = SSL_CTX_new (is_server ? TLSv1_server_method() : TLSv1_client_method());
150
+ else
151
+ pCtx = SSL_CTX_new (is_server ? SSLv23_server_method() : SSLv23_client_method());
152
+
153
+ if (!pCtx)
154
+ throw std::runtime_error ("no SSL context");
155
+
156
+ SSL_CTX_set_options (pCtx, SSL_OP_ALL);
157
+ //SSL_CTX_set_options (pCtx, (SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3));
158
+ #ifdef SSL_MODE_RELEASE_BUFFERS
159
+ SSL_CTX_set_mode (pCtx, SSL_MODE_RELEASE_BUFFERS);
160
+ #endif
161
+
162
+ if (is_server) {
163
+ // The SSL_CTX calls here do NOT allocate memory.
164
+ int e;
165
+ if (privkeyfile.length() > 0)
166
+ e = SSL_CTX_use_PrivateKey_file (pCtx, privkeyfile.c_str(), SSL_FILETYPE_PEM);
167
+ else
168
+ e = SSL_CTX_use_PrivateKey (pCtx, DefaultPrivateKey);
169
+ if (e <= 0) ERR_print_errors_fp(stderr);
170
+ assert (e > 0);
171
+
172
+ if (certchainfile.length() > 0)
173
+ e = SSL_CTX_use_certificate_chain_file (pCtx, certchainfile.c_str());
174
+ else
175
+ e = SSL_CTX_use_certificate (pCtx, DefaultCertificate);
176
+ if (e <= 0) ERR_print_errors_fp(stderr);
177
+ assert (e > 0);
178
+ }
179
+
180
+ if (cipherlist.length() > 0)
181
+ SSL_CTX_set_cipher_list (pCtx, cipherlist.c_str());
182
+ else
183
+ SSL_CTX_set_cipher_list (pCtx, "ALL:!ADH:!LOW:!EXP:!DES-CBC3-SHA:@STRENGTH");
184
+
185
+ if (is_server) {
186
+ SSL_CTX_sess_set_cache_size (pCtx, 128);
187
+ SSL_CTX_set_session_id_context (pCtx, (unsigned char*)"eventmachine", 12);
188
+ }
189
+ else {
190
+ int e;
191
+ if (privkeyfile.length() > 0) {
192
+ e = SSL_CTX_use_PrivateKey_file (pCtx, privkeyfile.c_str(), SSL_FILETYPE_PEM);
193
+ if (e <= 0) ERR_print_errors_fp(stderr);
194
+ assert (e > 0);
195
+ }
196
+ if (certchainfile.length() > 0) {
197
+ e = SSL_CTX_use_certificate_chain_file (pCtx, certchainfile.c_str());
198
+ if (e <= 0) ERR_print_errors_fp(stderr);
199
+ assert (e > 0);
200
+ }
201
+ }
202
+ }
203
+
204
+
205
+
206
+ /***************************
207
+ SslContext_t::~SslContext_t
208
+ ***************************/
209
+
210
+ SslContext_t::~SslContext_t()
211
+ {
212
+ if (pCtx)
213
+ SSL_CTX_free (pCtx);
214
+ if (PrivateKey)
215
+ EVP_PKEY_free (PrivateKey);
216
+ if (Certificate)
217
+ X509_free (Certificate);
218
+ }
219
+
220
+
221
+
222
+ /******************
223
+ SslBox_t::SslBox_t
224
+ ******************/
225
+
226
+ SslBox_t::SslBox_t (bool is_server, const string &privkeyfile, const string &certchainfile, bool verify_peer, bool use_tls, const string &cipherlist, const unsigned long binding):
227
+ bIsServer (is_server),
228
+ bHandshakeCompleted (false),
229
+ bVerifyPeer (verify_peer),
230
+ bUseTls (use_tls),
231
+ pSSL (NULL),
232
+ pbioRead (NULL),
233
+ pbioWrite (NULL)
234
+ {
235
+ /* TODO someday: make it possible to re-use SSL contexts so we don't have to create
236
+ * a new one every time we come here.
237
+ */
238
+
239
+ Context = new SslContext_t (bIsServer, privkeyfile, certchainfile, use_tls, cipherlist);
240
+ assert (Context);
241
+
242
+ pbioRead = BIO_new (BIO_s_mem());
243
+ assert (pbioRead);
244
+
245
+ pbioWrite = BIO_new (BIO_s_mem());
246
+ assert (pbioWrite);
247
+
248
+ pSSL = SSL_new (Context->pCtx);
249
+ assert (pSSL);
250
+ SSL_set_bio (pSSL, pbioRead, pbioWrite);
251
+
252
+ // Store a pointer to the binding signature in the SSL object so we can retrieve it later
253
+ SSL_set_ex_data(pSSL, 0, (void*) binding);
254
+
255
+ if (bVerifyPeer)
256
+ SSL_set_verify(pSSL, SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE, ssl_verify_wrapper);
257
+
258
+ if (!bIsServer)
259
+ SSL_connect (pSSL);
260
+ }
261
+
262
+
263
+
264
+ /*******************
265
+ SslBox_t::~SslBox_t
266
+ *******************/
267
+
268
+ SslBox_t::~SslBox_t()
269
+ {
270
+ // Freeing pSSL will also free the associated BIOs, so DON'T free them separately.
271
+ if (pSSL) {
272
+ if (SSL_get_shutdown (pSSL) & SSL_RECEIVED_SHUTDOWN)
273
+ SSL_shutdown (pSSL);
274
+ else
275
+ SSL_clear (pSSL);
276
+ SSL_free (pSSL);
277
+ }
278
+
279
+ delete Context;
280
+ }
281
+
282
+
283
+
284
+ /***********************
285
+ SslBox_t::PutCiphertext
286
+ ***********************/
287
+
288
+ bool SslBox_t::PutCiphertext (const char *buf, int bufsize)
289
+ {
290
+ assert (buf && (bufsize > 0));
291
+
292
+ assert (pbioRead);
293
+ int n = BIO_write (pbioRead, buf, bufsize);
294
+
295
+ return (n == bufsize) ? true : false;
296
+ }
297
+
298
+
299
+ /**********************
300
+ SslBox_t::GetPlaintext
301
+ **********************/
302
+
303
+ int SslBox_t::GetPlaintext (char *buf, int bufsize)
304
+ {
305
+ if (!SSL_is_init_finished (pSSL)) {
306
+ int e = bIsServer ? SSL_accept (pSSL) : SSL_connect (pSSL);
307
+ if (e < 0) {
308
+ int er = SSL_get_error (pSSL, e);
309
+ if (er != SSL_ERROR_WANT_READ) {
310
+ // Return -1 for a nonfatal error, -2 for an error that should force the connection down.
311
+ return (er == SSL_ERROR_SSL) ? (-2) : (-1);
312
+ }
313
+ else
314
+ return 0;
315
+ }
316
+ bHandshakeCompleted = true;
317
+ // If handshake finished, FALL THROUGH and return the available plaintext.
318
+ }
319
+
320
+ if (!SSL_is_init_finished (pSSL)) {
321
+ // We can get here if a browser abandons a handshake.
322
+ // The user can see a warning dialog and abort the connection.
323
+ cerr << "<SSL_incomp>";
324
+ return 0;
325
+ }
326
+
327
+ //cerr << "CIPH: " << SSL_get_cipher (pSSL) << endl;
328
+
329
+ int n = SSL_read (pSSL, buf, bufsize);
330
+ if (n >= 0) {
331
+ return n;
332
+ }
333
+ else {
334
+ if (SSL_get_error (pSSL, n) == SSL_ERROR_WANT_READ) {
335
+ return 0;
336
+ }
337
+ else {
338
+ return -1;
339
+ }
340
+ }
341
+
342
+ return 0;
343
+ }
344
+
345
+
346
+
347
+ /**************************
348
+ SslBox_t::CanGetCiphertext
349
+ **************************/
350
+
351
+ bool SslBox_t::CanGetCiphertext()
352
+ {
353
+ assert (pbioWrite);
354
+ return BIO_pending (pbioWrite) ? true : false;
355
+ }
356
+
357
+
358
+
359
+ /***********************
360
+ SslBox_t::GetCiphertext
361
+ ***********************/
362
+
363
+ int SslBox_t::GetCiphertext (char *buf, int bufsize)
364
+ {
365
+ assert (pbioWrite);
366
+ assert (buf && (bufsize > 0));
367
+
368
+ return BIO_read (pbioWrite, buf, bufsize);
369
+ }
370
+
371
+
372
+
373
+ /**********************
374
+ SslBox_t::PutPlaintext
375
+ **********************/
376
+
377
+ int SslBox_t::PutPlaintext (const char *buf, int bufsize)
378
+ {
379
+ // The caller will interpret the return value as the number of bytes written.
380
+ // WARNING WARNING WARNING, are there any situations in which a 0 or -1 return
381
+ // from SSL_write means we should immediately retry? The socket-machine loop
382
+ // will probably wait for a time-out cycle (perhaps a second) before re-trying.
383
+ // THIS WOULD CAUSE A PERCEPTIBLE DELAY!
384
+
385
+ /* We internally queue any outbound plaintext that can't be dispatched
386
+ * because we're in the middle of a handshake or something.
387
+ * When we get called, try to send any queued data first, and then
388
+ * send the caller's data (or queue it). We may get called with no outbound
389
+ * data, which means we try to send the outbound queue and that's all.
390
+ *
391
+ * Return >0 if we wrote any data, 0 if we didn't, and <0 for a fatal error.
392
+ * Note that if we return 0, the connection is still considered live
393
+ * and we are signalling that we have accepted the outbound data (if any).
394
+ */
395
+
396
+ OutboundQ.Push (buf, bufsize);
397
+
398
+ if (!SSL_is_init_finished (pSSL))
399
+ return 0;
400
+
401
+ bool fatal = false;
402
+ bool did_work = false;
403
+
404
+ while (OutboundQ.HasPages()) {
405
+ const char *page;
406
+ int length;
407
+ OutboundQ.Front (&page, &length);
408
+ assert (page && (length > 0));
409
+ int n = SSL_write (pSSL, page, length);
410
+ if (n > 0) {
411
+ did_work = true;
412
+ OutboundQ.PopFront();
413
+ }
414
+ else {
415
+ int er = SSL_get_error (pSSL, n);
416
+ if ((er != SSL_ERROR_WANT_READ) && (er != SSL_ERROR_WANT_WRITE))
417
+ fatal = true;
418
+ break;
419
+ }
420
+ }
421
+
422
+
423
+ if (did_work)
424
+ return 1;
425
+ else if (fatal)
426
+ return -1;
427
+ else
428
+ return 0;
429
+ }
430
+
431
+ /**********************
432
+ SslBox_t::GetPeerCert
433
+ **********************/
434
+
435
+ X509 *SslBox_t::GetPeerCert()
436
+ {
437
+ X509 *cert = NULL;
438
+
439
+ if (pSSL)
440
+ cert = SSL_get_peer_certificate(pSSL);
441
+
442
+ return cert;
443
+ }
444
+
445
+
446
+ /******************
447
+ ssl_verify_wrapper
448
+ *******************/
449
+
450
+ extern "C" int ssl_verify_wrapper(int preverify_ok, X509_STORE_CTX *ctx)
451
+ {
452
+ unsigned long binding;
453
+ X509 *cert;
454
+ SSL *ssl;
455
+ BUF_MEM *buf;
456
+ BIO *out;
457
+ int result;
458
+
459
+ cert = X509_STORE_CTX_get_current_cert(ctx);
460
+ ssl = (SSL*) X509_STORE_CTX_get_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx());
461
+ binding = (unsigned long) SSL_get_ex_data(ssl, 0);
462
+
463
+ out = BIO_new(BIO_s_mem());
464
+ PEM_write_bio_X509(out, cert);
465
+ BIO_write(out, "\0", 1);
466
+ BIO_get_mem_ptr(out, &buf);
467
+
468
+ ConnectionDescriptor *cd = dynamic_cast <ConnectionDescriptor*> (Bindable_t::GetObject(binding));
469
+ result = (cd->VerifySslPeer(buf->data) == true ? 1 : 0);
470
+ BIO_free(out);
471
+
472
+ return result;
473
+ }
474
+
475
+ #endif // WITH_SSL
476
+