zeroc-ice 3.7.3 → 3.7.7
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/ext/Communicator.cpp +3 -0
- data/ext/Config.h +11 -0
- data/ext/Types.cpp +18 -2
- data/ext/Util.cpp +15 -3
- data/ext/Util.h +36 -0
- data/ext/ice/cpp/include/Ice/Exception.h +3 -3
- data/ext/ice/cpp/include/Ice/Functional.h +3 -1
- data/ext/ice/cpp/include/Ice/IconvStringConverter.h +1 -1
- data/ext/ice/cpp/include/Ice/Initialize.h +1 -1
- data/ext/ice/cpp/include/Ice/Object.h +7 -0
- data/ext/ice/cpp/include/Ice/Optional.h +1 -1
- data/ext/ice/cpp/include/Ice/OutgoingAsync.h +15 -0
- data/ext/ice/cpp/include/Ice/Proxy.h +56 -25
- data/ext/ice/cpp/include/Ice/Service.h +1 -1
- data/ext/ice/cpp/include/IceSSL/Plugin.h +142 -0
- data/ext/ice/cpp/include/IceUtil/Config.h +3 -2
- data/ext/ice/cpp/include/IceUtil/Functional.h +3 -1
- data/ext/ice/cpp/include/IceUtil/MutexPtrLock.h +4 -4
- data/ext/ice/cpp/include/IceUtil/ResourceConfig.h +2 -2
- data/ext/ice/cpp/include/generated/Ice/BuiltinSequences.h +2 -2
- data/ext/ice/cpp/include/generated/Ice/Communicator.h +10 -4
- data/ext/ice/cpp/include/generated/Ice/CommunicatorF.h +2 -2
- data/ext/ice/cpp/include/generated/Ice/Connection.h +58 -15
- data/ext/ice/cpp/include/generated/Ice/ConnectionF.h +2 -2
- data/ext/ice/cpp/include/generated/Ice/Current.h +2 -2
- data/ext/ice/cpp/include/generated/Ice/Endpoint.h +50 -14
- data/ext/ice/cpp/include/generated/Ice/EndpointF.h +2 -2
- data/ext/ice/cpp/include/generated/Ice/EndpointTypes.h +2 -2
- data/ext/ice/cpp/include/generated/Ice/FacetMap.h +2 -2
- data/ext/ice/cpp/include/generated/Ice/Identity.h +2 -2
- data/ext/ice/cpp/include/generated/Ice/ImplicitContext.h +8 -2
- data/ext/ice/cpp/include/generated/Ice/ImplicitContextF.h +2 -2
- data/ext/ice/cpp/include/generated/Ice/Instrumentation.h +62 -2
- data/ext/ice/cpp/include/generated/Ice/InstrumentationF.h +2 -2
- data/ext/ice/cpp/include/generated/Ice/LocalException.h +523 -127
- data/ext/ice/cpp/include/generated/Ice/Locator.h +62 -14
- data/ext/ice/cpp/include/generated/Ice/LocatorF.h +2 -2
- data/ext/ice/cpp/include/generated/Ice/Logger.h +8 -2
- data/ext/ice/cpp/include/generated/Ice/LoggerF.h +2 -2
- data/ext/ice/cpp/include/generated/Ice/Metrics.h +79 -27
- data/ext/ice/cpp/include/generated/Ice/ObjectAdapter.h +8 -2
- data/ext/ice/cpp/include/generated/Ice/ObjectAdapterF.h +2 -2
- data/ext/ice/cpp/include/generated/Ice/ObjectFactory.h +8 -2
- data/ext/ice/cpp/include/generated/Ice/Plugin.h +14 -2
- data/ext/ice/cpp/include/generated/Ice/PluginF.h +2 -2
- data/ext/ice/cpp/include/generated/Ice/Process.h +10 -4
- data/ext/ice/cpp/include/generated/Ice/ProcessF.h +2 -2
- data/ext/ice/cpp/include/generated/Ice/Properties.h +8 -2
- data/ext/ice/cpp/include/generated/Ice/PropertiesAdmin.h +11 -5
- data/ext/ice/cpp/include/generated/Ice/PropertiesF.h +2 -2
- data/ext/ice/cpp/include/generated/Ice/RemoteLogger.h +26 -8
- data/ext/ice/cpp/include/generated/Ice/Router.h +18 -6
- data/ext/ice/cpp/include/generated/Ice/RouterF.h +2 -2
- data/ext/ice/cpp/include/generated/Ice/ServantLocator.h +8 -2
- data/ext/ice/cpp/include/generated/Ice/ServantLocatorF.h +2 -2
- data/ext/ice/cpp/include/generated/Ice/SliceChecksumDict.h +2 -2
- data/ext/ice/cpp/include/generated/Ice/ValueFactory.h +14 -2
- data/ext/ice/cpp/include/generated/Ice/Version.h +2 -2
- data/ext/ice/cpp/include/generated/IceSSL/ConnectionInfo.h +10 -5
- data/ext/ice/cpp/include/generated/IceSSL/ConnectionInfoF.h +2 -2
- data/ext/ice/cpp/include/generated/IceSSL/EndpointInfo.h +8 -3
- data/ext/ice/cpp/src/Ice/ArgVector.cpp +1 -1
- data/ext/ice/cpp/src/Ice/BuiltinSequences.cpp +2 -2
- data/ext/ice/cpp/src/Ice/Communicator.cpp +2 -2
- data/ext/ice/cpp/src/Ice/CommunicatorF.cpp +2 -2
- data/ext/ice/cpp/src/Ice/Connection.cpp +2 -2
- data/ext/ice/cpp/src/Ice/ConnectionF.cpp +2 -2
- data/ext/ice/cpp/src/Ice/ConnectionFactory.cpp +3 -3
- data/ext/ice/cpp/src/Ice/Current.cpp +2 -2
- data/ext/ice/cpp/src/Ice/Endpoint.cpp +2 -2
- data/ext/ice/cpp/src/Ice/EndpointF.cpp +2 -2
- data/ext/ice/cpp/src/Ice/EndpointTypes.cpp +2 -2
- data/ext/ice/cpp/src/Ice/FacetMap.cpp +2 -2
- data/ext/ice/cpp/src/Ice/Identity.cpp +2 -2
- data/ext/ice/cpp/src/Ice/ImplicitContext.cpp +2 -2
- data/ext/ice/cpp/src/Ice/ImplicitContextF.cpp +2 -2
- data/ext/ice/cpp/src/Ice/ImplicitContextI.cpp +1 -1
- data/ext/ice/cpp/src/Ice/Initialize.cpp +1 -1
- data/ext/ice/cpp/src/Ice/InputStream.cpp +29 -14
- data/ext/ice/cpp/src/Ice/Instance.cpp +3 -0
- data/ext/ice/cpp/src/Ice/Instance.h +2 -0
- data/ext/ice/cpp/src/Ice/Instrumentation.cpp +2 -2
- data/ext/ice/cpp/src/Ice/InstrumentationF.cpp +2 -2
- data/ext/ice/cpp/src/Ice/LocalException.cpp +398 -2
- data/ext/ice/cpp/src/Ice/Locator.cpp +32 -2
- data/ext/ice/cpp/src/Ice/LocatorF.cpp +2 -2
- data/ext/ice/cpp/src/Ice/LocatorInfo.cpp +3 -3
- data/ext/ice/cpp/src/Ice/Logger.cpp +2 -2
- data/ext/ice/cpp/src/Ice/LoggerF.cpp +2 -2
- data/ext/ice/cpp/src/Ice/Metrics.cpp +8 -2
- data/ext/ice/cpp/src/Ice/Network.cpp +1 -1
- data/ext/ice/cpp/src/Ice/Network.h +0 -0
- data/ext/ice/cpp/src/Ice/ObjectAdapter.cpp +2 -2
- data/ext/ice/cpp/src/Ice/ObjectAdapterF.cpp +2 -2
- data/ext/ice/cpp/src/Ice/ObjectAdapterFactory.cpp +4 -4
- data/ext/ice/cpp/src/Ice/ObjectAdapterI.cpp +8 -8
- data/ext/ice/cpp/src/Ice/ObjectFactory.cpp +2 -2
- data/ext/ice/cpp/src/Ice/Plugin.cpp +2 -2
- data/ext/ice/cpp/src/Ice/PluginF.cpp +2 -2
- data/ext/ice/cpp/src/Ice/Process.cpp +2 -2
- data/ext/ice/cpp/src/Ice/ProcessF.cpp +2 -2
- data/ext/ice/cpp/src/Ice/Properties.cpp +2 -2
- data/ext/ice/cpp/src/Ice/PropertiesAdmin.cpp +2 -2
- data/ext/ice/cpp/src/Ice/PropertiesF.cpp +2 -2
- data/ext/ice/cpp/src/Ice/PropertyNames.cpp +6 -3
- data/ext/ice/cpp/src/Ice/PropertyNames.h +1 -1
- data/ext/ice/cpp/src/Ice/ProxyFactory.cpp +9 -0
- data/ext/ice/cpp/src/Ice/RemoteLogger.cpp +8 -2
- data/ext/ice/cpp/src/Ice/RetryQueue.cpp +5 -2
- data/ext/ice/cpp/src/Ice/Router.cpp +2 -2
- data/ext/ice/cpp/src/Ice/RouterF.cpp +2 -2
- data/ext/ice/cpp/src/Ice/RouterInfo.cpp +6 -2
- data/ext/ice/cpp/src/Ice/SHA1.cpp +2 -0
- data/ext/ice/cpp/src/Ice/ServantLocator.cpp +2 -2
- data/ext/ice/cpp/src/Ice/ServantLocatorF.cpp +2 -2
- data/ext/ice/cpp/src/Ice/SliceChecksumDict.cpp +2 -2
- data/ext/ice/cpp/src/Ice/StreamSocket.cpp +0 -0
- data/ext/ice/cpp/src/Ice/Thread.cpp +2 -2
- data/ext/ice/cpp/src/Ice/ThreadPool.cpp +5 -1
- data/ext/ice/cpp/src/Ice/ThreadPool.h +0 -4
- data/ext/ice/cpp/src/Ice/UdpTransceiver.cpp +0 -0
- data/ext/ice/cpp/src/Ice/ValueFactory.cpp +2 -2
- data/ext/ice/cpp/src/Ice/Version.cpp +2 -2
- data/ext/ice/cpp/src/IceDiscovery/IceDiscovery.cpp +2 -2
- data/ext/ice/cpp/src/IceDiscovery/IceDiscovery.h +491 -6
- data/ext/ice/cpp/src/IceLocatorDiscovery/IceLocatorDiscovery.cpp +2 -2
- data/ext/ice/cpp/src/IceLocatorDiscovery/IceLocatorDiscovery.h +16 -4
- data/ext/ice/cpp/src/IceLocatorDiscovery/PluginI.cpp +12 -1
- data/ext/ice/cpp/src/IceSSL/CertificateI.cpp +23 -1
- data/ext/ice/cpp/src/IceSSL/ConnectionInfo.cpp +2 -2
- data/ext/ice/cpp/src/IceSSL/ConnectionInfoF.cpp +2 -2
- data/ext/ice/cpp/src/IceSSL/EndpointInfo.cpp +2 -2
- data/ext/ice/cpp/src/IceSSL/OpenSSLCertificateI.cpp +124 -19
- data/ext/ice/cpp/src/IceSSL/OpenSSLEngine.cpp +60 -1
- data/ext/ice/cpp/src/IceSSL/OpenSSLTransceiverI.cpp +105 -2
- data/ext/ice/cpp/src/IceSSL/OpenSSLTransceiverI.h +1 -0
- data/ext/ice/cpp/src/IceSSL/OpenSSLUtil.cpp +2 -0
- data/ext/ice/cpp/src/IceSSL/PluginI.cpp +114 -0
- data/ext/ice/cpp/src/IceSSL/PluginI.h +21 -0
- data/ext/ice/cpp/src/IceSSL/SChannelCertificateI.cpp +142 -1
- data/ext/ice/cpp/src/IceSSL/SChannelTransceiverI.cpp +117 -3
- data/ext/ice/cpp/src/IceSSL/SChannelTransceiverI.h +1 -0
- data/ext/ice/cpp/src/IceSSL/SSLEngine.cpp +20 -1
- data/ext/ice/cpp/src/IceSSL/SSLEngine.h +4 -0
- data/ext/ice/cpp/src/IceSSL/SecureTransportCertificateI.cpp +133 -2
- data/ext/ice/cpp/src/IceSSL/SecureTransportTransceiverI.cpp +151 -89
- data/ext/ice/cpp/src/IceSSL/SecureTransportTransceiverI.h +1 -0
- data/ext/ice/cpp/src/IceSSL/Util.cpp +0 -0
- data/ext/ice/cpp/src/IceUtil/StringConverter.cpp +6 -0
- data/ext/ice/cpp/src/IceUtil/Time.cpp +8 -10
- data/ext/ice/cpp/src/Slice/CPlusPlusUtil.cpp +6 -2
- data/ext/ice/cpp/src/Slice/JavaUtil.cpp +12 -4
- data/ext/ice/cpp/src/Slice/PHPUtil.cpp +4 -0
- data/ext/ice/cpp/src/Slice/Parser.cpp +11 -7
- data/ext/ice/cpp/src/Slice/Parser.h +2 -2
- data/ext/ice/cpp/src/Slice/Preprocessor.cpp +12 -0
- data/ext/ice/cpp/src/Slice/Preprocessor.h +1 -1
- data/ext/ice/cpp/src/Slice/Python.cpp +1 -1
- data/ext/ice/cpp/src/Slice/PythonUtil.cpp +17 -5
- data/ext/ice/cpp/src/Slice/Scanner.cpp +621 -369
- data/ext/ice/mcpp/CMakeLists.txt +80 -0
- data/ext/ice/mcpp/expand.c +6 -6
- data/ice.gemspec +1 -1
- data/lib/Glacier2/Metrics.rb +1 -1
- data/lib/Glacier2/PermissionsVerifier.rb +1 -1
- data/lib/Glacier2/PermissionsVerifierF.rb +1 -1
- data/lib/Glacier2/Router.rb +1 -1
- data/lib/Glacier2/RouterF.rb +1 -1
- data/lib/Glacier2/SSLInfo.rb +1 -1
- data/lib/Glacier2/Session.rb +1 -1
- data/lib/Ice/BuiltinSequences.rb +1 -1
- data/lib/Ice/Communicator.rb +1 -1
- data/lib/Ice/CommunicatorF.rb +1 -1
- data/lib/Ice/Connection.rb +1 -1
- data/lib/Ice/ConnectionF.rb +1 -1
- data/lib/Ice/Current.rb +1 -1
- data/lib/Ice/Endpoint.rb +1 -1
- data/lib/Ice/EndpointF.rb +1 -1
- data/lib/Ice/EndpointTypes.rb +1 -1
- data/lib/Ice/FacetMap.rb +1 -1
- data/lib/Ice/Identity.rb +1 -1
- data/lib/Ice/ImplicitContext.rb +1 -1
- data/lib/Ice/ImplicitContextF.rb +1 -1
- data/lib/Ice/Instrumentation.rb +1 -1
- data/lib/Ice/InstrumentationF.rb +1 -1
- data/lib/Ice/LocalException.rb +1 -1
- data/lib/Ice/Locator.rb +1 -1
- data/lib/Ice/LocatorF.rb +1 -1
- data/lib/Ice/Logger.rb +1 -1
- data/lib/Ice/LoggerF.rb +1 -1
- data/lib/Ice/Metrics.rb +1 -1
- data/lib/Ice/ObjectAdapter.rb +1 -1
- data/lib/Ice/ObjectAdapterF.rb +1 -1
- data/lib/Ice/ObjectFactory.rb +1 -1
- data/lib/Ice/Plugin.rb +1 -1
- data/lib/Ice/PluginF.rb +1 -1
- data/lib/Ice/Process.rb +1 -1
- data/lib/Ice/ProcessF.rb +1 -1
- data/lib/Ice/Properties.rb +1 -1
- data/lib/Ice/PropertiesAdmin.rb +1 -1
- data/lib/Ice/PropertiesF.rb +1 -1
- data/lib/Ice/RemoteLogger.rb +1 -1
- data/lib/Ice/Router.rb +1 -1
- data/lib/Ice/RouterF.rb +1 -1
- data/lib/Ice/ServantLocator.rb +1 -1
- data/lib/Ice/ServantLocatorF.rb +1 -1
- data/lib/Ice/SliceChecksumDict.rb +1 -1
- data/lib/Ice/ValueFactory.rb +1 -1
- data/lib/Ice/Version.rb +1 -1
- data/lib/IceBox/IceBox.rb +1 -1
- data/lib/IceGrid/Admin.rb +1 -1
- data/lib/IceGrid/Descriptor.rb +1 -1
- data/lib/IceGrid/Exception.rb +1 -1
- data/lib/IceGrid/FileParser.rb +1 -1
- data/lib/IceGrid/PluginFacade.rb +1 -1
- data/lib/IceGrid/Registry.rb +1 -1
- data/lib/IceGrid/Session.rb +1 -1
- data/lib/IceGrid/UserAccountMapper.rb +1 -1
- data/lib/IcePatch2/FileInfo.rb +1 -1
- data/lib/IcePatch2/FileServer.rb +1 -1
- data/lib/IceStorm/IceStorm.rb +1 -1
- data/lib/IceStorm/Metrics.rb +1 -1
- data/slice/Ice/Communicator.ice +1 -1
- data/slice/IceBox/IceBox.ice +17 -2
- data/slice/IceDiscovery/IceDiscovery.ice +56 -0
- metadata +4 -4
@@ -2,7 +2,7 @@
|
|
2
2
|
// Copyright (c) ZeroC, Inc. All rights reserved.
|
3
3
|
//
|
4
4
|
//
|
5
|
-
// Ice version 3.7.
|
5
|
+
// Ice version 3.7.7
|
6
6
|
//
|
7
7
|
// <auto-generated>
|
8
8
|
//
|
@@ -38,7 +38,7 @@
|
|
38
38
|
# if ICE_INT_VERSION % 100 >= 50
|
39
39
|
# error Beta header file detected
|
40
40
|
# endif
|
41
|
-
# if ICE_INT_VERSION % 100 <
|
41
|
+
# if ICE_INT_VERSION % 100 < 7
|
42
42
|
# error Ice patch level mismatch!
|
43
43
|
# endif
|
44
44
|
#endif
|
@@ -2,7 +2,7 @@
|
|
2
2
|
// Copyright (c) ZeroC, Inc. All rights reserved.
|
3
3
|
//
|
4
4
|
//
|
5
|
-
// Ice version 3.7.
|
5
|
+
// Ice version 3.7.7
|
6
6
|
//
|
7
7
|
// <auto-generated>
|
8
8
|
//
|
@@ -44,7 +44,7 @@
|
|
44
44
|
# if ICE_INT_VERSION % 100 >= 50
|
45
45
|
# error Beta header file detected
|
46
46
|
# endif
|
47
|
-
# if ICE_INT_VERSION % 100 <
|
47
|
+
# if ICE_INT_VERSION % 100 < 7
|
48
48
|
# error Ice patch level mismatch!
|
49
49
|
# endif
|
50
50
|
#endif
|
@@ -242,7 +242,7 @@ public:
|
|
242
242
|
::std::function<void(bool)> sent = nullptr,
|
243
243
|
const ::Ice::Context& context = ::Ice::noExplicitContext)
|
244
244
|
{
|
245
|
-
return _makeLamdaOutgoing<void>(response, ex, sent, this, &IceLocatorDiscovery::LookupReplyPrx::_iceI_foundLocator, prx, context);
|
245
|
+
return _makeLamdaOutgoing<void>(std::move(response), std::move(ex), std::move(sent), this, &IceLocatorDiscovery::LookupReplyPrx::_iceI_foundLocator, prx, context);
|
246
246
|
}
|
247
247
|
|
248
248
|
/// \cond INTERNAL
|
@@ -328,7 +328,7 @@ public:
|
|
328
328
|
::std::function<void(bool)> sent = nullptr,
|
329
329
|
const ::Ice::Context& context = ::Ice::noExplicitContext)
|
330
330
|
{
|
331
|
-
return _makeLamdaOutgoing<void>(response, ex, sent, this, &IceLocatorDiscovery::LookupPrx::_iceI_findLocator, instanceName, reply, context);
|
331
|
+
return _makeLamdaOutgoing<void>(std::move(response), std::move(ex), std::move(sent), this, &IceLocatorDiscovery::LookupPrx::_iceI_findLocator, instanceName, reply, context);
|
332
332
|
}
|
333
333
|
|
334
334
|
/// \cond INTERNAL
|
@@ -705,6 +705,12 @@ public:
|
|
705
705
|
|
706
706
|
virtual ~LookupReply();
|
707
707
|
|
708
|
+
#ifdef ICE_CPP11_COMPILER
|
709
|
+
LookupReply() = default;
|
710
|
+
LookupReply(const LookupReply&) = default;
|
711
|
+
LookupReply& operator=(const LookupReply&) = default;
|
712
|
+
#endif
|
713
|
+
|
708
714
|
/**
|
709
715
|
* Determines whether this object supports an interface with the given Slice type ID.
|
710
716
|
* @param id The fully-scoped Slice type ID.
|
@@ -788,6 +794,12 @@ public:
|
|
788
794
|
|
789
795
|
virtual ~Lookup();
|
790
796
|
|
797
|
+
#ifdef ICE_CPP11_COMPILER
|
798
|
+
Lookup() = default;
|
799
|
+
Lookup(const Lookup&) = default;
|
800
|
+
Lookup& operator=(const Lookup&) = default;
|
801
|
+
#endif
|
802
|
+
|
791
803
|
/**
|
792
804
|
* Determines whether this object supports an interface with the given Slice type ID.
|
793
805
|
* @param id The fully-scoped Slice type ID.
|
@@ -706,7 +706,18 @@ void
|
|
706
706
|
LocatorI::foundLocator(const Ice::LocatorPrxPtr& locator)
|
707
707
|
{
|
708
708
|
Lock sync(*this);
|
709
|
-
|
709
|
+
|
710
|
+
if(!locator)
|
711
|
+
{
|
712
|
+
if(_traceLevel > 2)
|
713
|
+
{
|
714
|
+
Ice::Trace out(_lookup->ice_getCommunicator()->getLogger(), "Lookup");
|
715
|
+
out << "ignoring locator reply: (null locator)";
|
716
|
+
}
|
717
|
+
return;
|
718
|
+
}
|
719
|
+
|
720
|
+
if(!_instanceName.empty() && locator->ice_getIdentity().category != _instanceName)
|
710
721
|
{
|
711
722
|
if(_traceLevel > 2)
|
712
723
|
{
|
@@ -6,7 +6,7 @@
|
|
6
6
|
#include <IceUtil/Mutex.h>
|
7
7
|
#include <IceUtil/MutexPtrLock.h>
|
8
8
|
#include <IceUtil/StringUtil.h>
|
9
|
-
#include <IceSSL/
|
9
|
+
#include <IceSSL/PluginI.h>
|
10
10
|
#include <IceSSL/Util.h>
|
11
11
|
#include <IceSSL/RFC2253.h>
|
12
12
|
#include <IceSSL/CertificateI.h>
|
@@ -277,3 +277,25 @@ CertificateI::toString() const
|
|
277
277
|
os << "subject: " << string(getSubjectDN()) << "\n";
|
278
278
|
return os.str();
|
279
279
|
}
|
280
|
+
|
281
|
+
unsigned int
|
282
|
+
Certificate::getKeyUsage() const
|
283
|
+
{
|
284
|
+
const CertificateExtendedInfo* impl = dynamic_cast<const CertificateExtendedInfo*>(this);
|
285
|
+
if(impl)
|
286
|
+
{
|
287
|
+
return impl->getKeyUsage();
|
288
|
+
}
|
289
|
+
return 0;
|
290
|
+
}
|
291
|
+
|
292
|
+
unsigned int
|
293
|
+
Certificate::getExtendedKeyUsage() const
|
294
|
+
{
|
295
|
+
const CertificateExtendedInfo* impl = dynamic_cast<const CertificateExtendedInfo*>(this);
|
296
|
+
if(impl)
|
297
|
+
{
|
298
|
+
return impl->getExtendedKeyUsage();
|
299
|
+
}
|
300
|
+
return 0;
|
301
|
+
}
|
@@ -2,7 +2,7 @@
|
|
2
2
|
// Copyright (c) ZeroC, Inc. All rights reserved.
|
3
3
|
//
|
4
4
|
//
|
5
|
-
// Ice version 3.7.
|
5
|
+
// Ice version 3.7.7
|
6
6
|
//
|
7
7
|
// <auto-generated>
|
8
8
|
//
|
@@ -37,7 +37,7 @@
|
|
37
37
|
# if ICE_INT_VERSION % 100 >= 50
|
38
38
|
# error Beta header file detected
|
39
39
|
# endif
|
40
|
-
# if ICE_INT_VERSION % 100 <
|
40
|
+
# if ICE_INT_VERSION % 100 < 7
|
41
41
|
# error Ice patch level mismatch!
|
42
42
|
# endif
|
43
43
|
#endif
|
@@ -2,7 +2,7 @@
|
|
2
2
|
// Copyright (c) ZeroC, Inc. All rights reserved.
|
3
3
|
//
|
4
4
|
//
|
5
|
-
// Ice version 3.7.
|
5
|
+
// Ice version 3.7.7
|
6
6
|
//
|
7
7
|
// <auto-generated>
|
8
8
|
//
|
@@ -35,7 +35,7 @@
|
|
35
35
|
# if ICE_INT_VERSION % 100 >= 50
|
36
36
|
# error Beta header file detected
|
37
37
|
# endif
|
38
|
-
# if ICE_INT_VERSION % 100 <
|
38
|
+
# if ICE_INT_VERSION % 100 < 7
|
39
39
|
# error Ice patch level mismatch!
|
40
40
|
# endif
|
41
41
|
#endif
|
@@ -2,7 +2,7 @@
|
|
2
2
|
// Copyright (c) ZeroC, Inc. All rights reserved.
|
3
3
|
//
|
4
4
|
//
|
5
|
-
// Ice version 3.7.
|
5
|
+
// Ice version 3.7.7
|
6
6
|
//
|
7
7
|
// <auto-generated>
|
8
8
|
//
|
@@ -37,7 +37,7 @@
|
|
37
37
|
# if ICE_INT_VERSION % 100 >= 50
|
38
38
|
# error Beta header file detected
|
39
39
|
# endif
|
40
|
-
# if ICE_INT_VERSION % 100 <
|
40
|
+
# if ICE_INT_VERSION % 100 < 7
|
41
41
|
# error Ice patch level mismatch!
|
42
42
|
# endif
|
43
43
|
#endif
|
@@ -2,7 +2,7 @@
|
|
2
2
|
// Copyright (c) ZeroC, Inc. All rights reserved.
|
3
3
|
//
|
4
4
|
|
5
|
-
#include <IceSSL/
|
5
|
+
#include <IceSSL/PluginI.h>
|
6
6
|
#include <IceSSL/OpenSSL.h>
|
7
7
|
#include <IceSSL/CertificateI.h>
|
8
8
|
#include <IceSSL/OpenSSLUtil.h>
|
@@ -39,6 +39,12 @@ extern "C" typedef void (*FreeFunc)(void*);
|
|
39
39
|
|
40
40
|
#endif
|
41
41
|
|
42
|
+
#if defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER < 0x10100000L
|
43
|
+
# define X509_get_extension_flags(x) (x->ex_flags)
|
44
|
+
# define X509_get_key_usage(x) (x->ex_kusage)
|
45
|
+
# define X509_get_extended_key_usage(x) (x->ex_xkusage)
|
46
|
+
#endif
|
47
|
+
|
42
48
|
namespace
|
43
49
|
{
|
44
50
|
|
@@ -134,7 +140,10 @@ convertGeneralNames(GENERAL_NAMES* gens)
|
|
134
140
|
break;
|
135
141
|
}
|
136
142
|
}
|
137
|
-
|
143
|
+
if (!p.second.empty())
|
144
|
+
{
|
145
|
+
alt.push_back(p);
|
146
|
+
}
|
138
147
|
}
|
139
148
|
sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free);
|
140
149
|
return alt;
|
@@ -209,26 +218,23 @@ ASMUtcTimeToTime(const ASN1_UTCTIME* s)
|
|
209
218
|
}
|
210
219
|
# undef g2
|
211
220
|
|
212
|
-
//
|
213
|
-
// If timegm was on all systems this code could be
|
214
|
-
// return IceUtil::Time::seconds(timegm(&tm) - offset*60);
|
215
|
-
//
|
216
|
-
// Windows doesn't support the re-entrant _r versions.
|
217
|
-
//
|
218
|
-
#if defined(_MSC_VER)
|
219
|
-
# pragma warning(disable:4996) // localtime is depercated
|
220
|
-
#endif
|
221
221
|
time_t tzone;
|
222
222
|
{
|
223
223
|
IceUtilInternal::MutexPtrLock<IceUtil::Mutex> sync(mut);
|
224
224
|
time_t now = time(0);
|
225
|
-
|
226
|
-
|
225
|
+
struct tm localTime;
|
226
|
+
struct tm gmTime;
|
227
227
|
#if defined(_MSC_VER)
|
228
|
-
|
228
|
+
localtime_s(&localTime, &now);
|
229
|
+
gmtime_s(&gmTime, &now);
|
230
|
+
#else
|
231
|
+
localtime_r(&now, &localTime);
|
232
|
+
gmtime_r(&now, &gmTime);
|
229
233
|
#endif
|
234
|
+
tzone = mktime(&localTime) - mktime(&gmTime);
|
235
|
+
}
|
230
236
|
|
231
|
-
IceUtil::Time time = IceUtil::Time::seconds(mktime(&tm) - offset * 60 + tzone);
|
237
|
+
IceUtil::Time time = IceUtil::Time::seconds(mktime(&tm) - IceUtil::Int64(offset) * 60 + tzone);
|
232
238
|
|
233
239
|
#ifdef ICE_CPP11_MAPPING
|
234
240
|
return chrono::system_clock::time_point(chrono::microseconds(time.toMicroSeconds()));
|
@@ -257,6 +263,7 @@ private:
|
|
257
263
|
|
258
264
|
class OpenSSLCertificateI : public IceSSL::OpenSSL::Certificate,
|
259
265
|
public CertificateI,
|
266
|
+
public IceSSL::CertificateExtendedInfo,
|
260
267
|
public IceUtil::Mutex
|
261
268
|
{
|
262
269
|
public:
|
@@ -285,6 +292,8 @@ public:
|
|
285
292
|
virtual vector<pair<int, string> > getSubjectAlternativeNames() const;
|
286
293
|
virtual int getVersion() const;
|
287
294
|
virtual x509_st* getCert() const;
|
295
|
+
virtual unsigned int getKeyUsage() const;
|
296
|
+
virtual unsigned int getExtendedKeyUsage() const;
|
288
297
|
|
289
298
|
protected:
|
290
299
|
|
@@ -542,6 +551,94 @@ OpenSSLCertificateI::loadX509Extensions() const
|
|
542
551
|
}
|
543
552
|
}
|
544
553
|
|
554
|
+
unsigned int
|
555
|
+
OpenSSLCertificateI::getKeyUsage() const
|
556
|
+
{
|
557
|
+
unsigned int keyUsage = 0;
|
558
|
+
int flags = X509_get_extension_flags(_cert);
|
559
|
+
if(flags & EXFLAG_KUSAGE)
|
560
|
+
{
|
561
|
+
unsigned int kusage = X509_get_key_usage(_cert);
|
562
|
+
if(kusage & KU_DIGITAL_SIGNATURE)
|
563
|
+
{
|
564
|
+
keyUsage |= KEY_USAGE_DIGITAL_SIGNATURE;
|
565
|
+
}
|
566
|
+
if(kusage & KU_NON_REPUDIATION)
|
567
|
+
{
|
568
|
+
keyUsage |= KEY_USAGE_NON_REPUDIATION;
|
569
|
+
}
|
570
|
+
if(kusage & KU_KEY_ENCIPHERMENT)
|
571
|
+
{
|
572
|
+
keyUsage |= KEY_USAGE_KEY_ENCIPHERMENT;
|
573
|
+
}
|
574
|
+
if(kusage & KU_DATA_ENCIPHERMENT)
|
575
|
+
{
|
576
|
+
keyUsage |= KEY_USAGE_DATA_ENCIPHERMENT;
|
577
|
+
}
|
578
|
+
if(kusage & KU_KEY_AGREEMENT)
|
579
|
+
{
|
580
|
+
keyUsage |= KEY_USAGE_KEY_AGREEMENT;
|
581
|
+
}
|
582
|
+
if(kusage & KU_KEY_CERT_SIGN)
|
583
|
+
{
|
584
|
+
keyUsage |= KEY_USAGE_KEY_CERT_SIGN;
|
585
|
+
}
|
586
|
+
if(kusage & KU_CRL_SIGN)
|
587
|
+
{
|
588
|
+
keyUsage |= KEY_USAGE_CRL_SIGN;
|
589
|
+
}
|
590
|
+
if(kusage & KU_ENCIPHER_ONLY)
|
591
|
+
{
|
592
|
+
keyUsage |= KEY_USAGE_ENCIPHER_ONLY;
|
593
|
+
}
|
594
|
+
if(kusage & KU_DECIPHER_ONLY)
|
595
|
+
{
|
596
|
+
keyUsage |= KEY_USAGE_DECIPHER_ONLY;
|
597
|
+
}
|
598
|
+
}
|
599
|
+
return keyUsage;
|
600
|
+
}
|
601
|
+
|
602
|
+
unsigned int
|
603
|
+
OpenSSLCertificateI::getExtendedKeyUsage() const
|
604
|
+
{
|
605
|
+
unsigned int extendedKeyUsage = 0;
|
606
|
+
int flags = X509_get_extension_flags(_cert);
|
607
|
+
if(flags & EXFLAG_XKUSAGE)
|
608
|
+
{
|
609
|
+
unsigned int xkusage = X509_get_extended_key_usage(_cert);
|
610
|
+
if(xkusage & XKU_ANYEKU)
|
611
|
+
{
|
612
|
+
extendedKeyUsage |= EXTENDED_KEY_USAGE_ANY_KEY_USAGE;
|
613
|
+
}
|
614
|
+
if(xkusage & XKU_SSL_SERVER)
|
615
|
+
{
|
616
|
+
extendedKeyUsage |= EXTENDED_KEY_USAGE_SERVER_AUTH;
|
617
|
+
}
|
618
|
+
if(xkusage & XKU_SSL_CLIENT)
|
619
|
+
{
|
620
|
+
extendedKeyUsage |= EXTENDED_KEY_USAGE_CLIENT_AUTH;
|
621
|
+
}
|
622
|
+
if(xkusage & XKU_CODE_SIGN)
|
623
|
+
{
|
624
|
+
extendedKeyUsage |= EXTENDED_KEY_USAGE_CODE_SIGNING;
|
625
|
+
}
|
626
|
+
if(xkusage & XKU_SMIME)
|
627
|
+
{
|
628
|
+
extendedKeyUsage |= EXTENDED_KEY_USAGE_EMAIL_PROTECTION;
|
629
|
+
}
|
630
|
+
if(xkusage & XKU_TIMESTAMP)
|
631
|
+
{
|
632
|
+
extendedKeyUsage |= EXTENDED_KEY_USAGE_TIME_STAMPING;
|
633
|
+
}
|
634
|
+
if(xkusage & XKU_OCSP_SIGN)
|
635
|
+
{
|
636
|
+
extendedKeyUsage |= EXTENDED_KEY_USAGE_OCSP_SIGNING;
|
637
|
+
}
|
638
|
+
}
|
639
|
+
return extendedKeyUsage;
|
640
|
+
}
|
641
|
+
|
545
642
|
IceSSL::OpenSSL::CertificatePtr
|
546
643
|
IceSSL::OpenSSL::Certificate::create(x509_st* cert)
|
547
644
|
{
|
@@ -559,12 +656,16 @@ IceSSL::OpenSSL::Certificate::load(const std::string& file)
|
|
559
656
|
}
|
560
657
|
|
561
658
|
x509_st* x = PEM_read_bio_X509(cert, ICE_NULLPTR, ICE_NULLPTR, ICE_NULLPTR);
|
659
|
+
BIO_free(cert);
|
562
660
|
if(x == ICE_NULLPTR)
|
563
661
|
{
|
564
|
-
BIO_free(cert);
|
565
662
|
throw CertificateReadException(__FILE__, __LINE__, "error reading file:\n" + getSslErrors(false));
|
566
663
|
}
|
567
|
-
|
664
|
+
// Calling it with -1 for the side effects, this ensure that the extensions info is loaded
|
665
|
+
if(X509_check_purpose(x, -1, -1) == -1)
|
666
|
+
{
|
667
|
+
throw CertificateReadException(__FILE__, __LINE__, "error loading certificate:\n" + getSslErrors(false));
|
668
|
+
}
|
568
669
|
return ICE_MAKE_SHARED(OpenSSLCertificateI, x);
|
569
670
|
}
|
570
671
|
|
@@ -573,11 +674,15 @@ IceSSL::OpenSSL::Certificate::decode(const std::string& encoding)
|
|
573
674
|
{
|
574
675
|
BIO *cert = BIO_new_mem_buf(static_cast<void*>(const_cast<char*>(&encoding[0])), static_cast<int>(encoding.size()));
|
575
676
|
x509_st* x = PEM_read_bio_X509(cert, ICE_NULLPTR, ICE_NULLPTR, ICE_NULLPTR);
|
677
|
+
BIO_free(cert);
|
576
678
|
if(x == ICE_NULLPTR)
|
577
679
|
{
|
578
|
-
BIO_free(cert);
|
579
680
|
throw CertificateEncodingException(__FILE__, __LINE__, getSslErrors(false));
|
580
681
|
}
|
581
|
-
|
682
|
+
// Calling it with -1 for the side effects, this ensure that the extensions info is loaded
|
683
|
+
if(X509_check_purpose(x, -1, -1) == -1)
|
684
|
+
{
|
685
|
+
throw CertificateReadException(__FILE__, __LINE__, "error loading certificate:\n" + getSslErrors(false));
|
686
|
+
}
|
582
687
|
return ICE_MAKE_SHARED(OpenSSLCertificateI, x);
|
583
688
|
}
|
@@ -28,6 +28,9 @@
|
|
28
28
|
|
29
29
|
#ifdef _MSC_VER
|
30
30
|
# pragma warning(disable:4127) // conditional expression is constant
|
31
|
+
#elif defined(__GNUC__)
|
32
|
+
# // Ignore OpenSSL 3.0 deprecation warning
|
33
|
+
# pragma GCC diagnostic ignored "-Wdeprecated-declarations"
|
31
34
|
#endif
|
32
35
|
|
33
36
|
using namespace std;
|
@@ -816,7 +819,7 @@ OpenSSL::SSLEngine::initialize()
|
|
816
819
|
if(!_dhParams->add(keyLength, file))
|
817
820
|
{
|
818
821
|
throw PluginInitializationException(__FILE__, __LINE__,
|
819
|
-
|
822
|
+
"IceSSL: unable to read DH parameter file " + file);
|
820
823
|
}
|
821
824
|
}
|
822
825
|
}
|
@@ -824,6 +827,62 @@ OpenSSL::SSLEngine::initialize()
|
|
824
827
|
}
|
825
828
|
}
|
826
829
|
|
830
|
+
int revocationCheck = getRevocationCheck();
|
831
|
+
if(revocationCheck > 0)
|
832
|
+
{
|
833
|
+
vector<string> crlFiles =
|
834
|
+
properties->getPropertyAsList(propPrefix + "CertificateRevocationListFiles");
|
835
|
+
if(crlFiles.empty())
|
836
|
+
{
|
837
|
+
throw PluginInitializationException(
|
838
|
+
__FILE__,
|
839
|
+
__LINE__,
|
840
|
+
"IceSSL: cannot enable revocation checks without setting certificate revocation list files");
|
841
|
+
}
|
842
|
+
|
843
|
+
X509_STORE* store = SSL_CTX_get_cert_store(_ctx);
|
844
|
+
if(!store)
|
845
|
+
{
|
846
|
+
throw PluginInitializationException(
|
847
|
+
__FILE__,
|
848
|
+
__LINE__,
|
849
|
+
"IceSSL: unable to obtain the certificate store");
|
850
|
+
}
|
851
|
+
|
852
|
+
X509_LOOKUP* lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file());
|
853
|
+
if(!lookup)
|
854
|
+
{
|
855
|
+
throw PluginInitializationException(__FILE__, __LINE__, "IceSSL: add lookup failed");
|
856
|
+
}
|
857
|
+
|
858
|
+
for(vector<string>::const_iterator it = crlFiles.begin(); it != crlFiles.end(); it++)
|
859
|
+
{
|
860
|
+
string file;
|
861
|
+
if(!checkPath(*it, defaultDir, false, file))
|
862
|
+
{
|
863
|
+
throw PluginInitializationException(
|
864
|
+
__FILE__,
|
865
|
+
__LINE__,
|
866
|
+
"IceSSL: CRL file not found `" + *it + "'");
|
867
|
+
}
|
868
|
+
|
869
|
+
if(X509_LOOKUP_load_file(lookup, file.c_str(), X509_FILETYPE_PEM) == 0)
|
870
|
+
{
|
871
|
+
throw PluginInitializationException(
|
872
|
+
__FILE__,
|
873
|
+
__LINE__,
|
874
|
+
"IceSSL: CRL load failure `" + *it + "'");
|
875
|
+
}
|
876
|
+
}
|
877
|
+
|
878
|
+
unsigned long flags = X509_V_FLAG_CRL_CHECK;
|
879
|
+
if(revocationCheck > 1)
|
880
|
+
{
|
881
|
+
flags |= X509_V_FLAG_CRL_CHECK_ALL;
|
882
|
+
}
|
883
|
+
X509_STORE_set_flags(store, flags);
|
884
|
+
}
|
885
|
+
|
827
886
|
SSL_CTX_set_mode(_ctx, SSL_MODE_ENABLE_PARTIAL_WRITE);
|
828
887
|
}
|
829
888
|
|
@@ -10,8 +10,10 @@
|
|
10
10
|
|
11
11
|
#include <IceSSL/ConnectionInfo.h>
|
12
12
|
#include <IceSSL/Instance.h>
|
13
|
+
#include <IceSSL/PluginI.h>
|
13
14
|
#include <IceSSL/SSLEngine.h>
|
14
15
|
#include <IceSSL/Util.h>
|
16
|
+
|
15
17
|
#include <Ice/Communicator.h>
|
16
18
|
#include <Ice/LoggerUtil.h>
|
17
19
|
#include <Ice/Buffer.h>
|
@@ -72,6 +74,103 @@ IceSSL_opensslVerifyCallback(int ok, X509_STORE_CTX* ctx)
|
|
72
74
|
|
73
75
|
}
|
74
76
|
|
77
|
+
namespace
|
78
|
+
{
|
79
|
+
|
80
|
+
TrustError trustStatusToTrustError(long status)
|
81
|
+
{
|
82
|
+
switch (status)
|
83
|
+
{
|
84
|
+
case X509_V_OK:
|
85
|
+
return IceSSL::ICE_ENUM(TrustError, NoError);
|
86
|
+
|
87
|
+
case X509_V_ERR_CERT_CHAIN_TOO_LONG:
|
88
|
+
return IceSSL::ICE_ENUM(TrustError, ChainTooLong);
|
89
|
+
|
90
|
+
case X509_V_ERR_EXCLUDED_VIOLATION:
|
91
|
+
return IceSSL::ICE_ENUM(TrustError, HasExcludedNameConstraint);
|
92
|
+
|
93
|
+
case X509_V_ERR_PERMITTED_VIOLATION:
|
94
|
+
return IceSSL::ICE_ENUM(TrustError, HasNonPermittedNameConstraint);
|
95
|
+
|
96
|
+
case X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION:
|
97
|
+
return IceSSL::ICE_ENUM(TrustError, HasNonSupportedCriticalExtension);
|
98
|
+
|
99
|
+
case X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE:
|
100
|
+
case X509_V_ERR_SUBTREE_MINMAX:
|
101
|
+
return IceSSL::ICE_ENUM(TrustError, HasNonSupportedNameConstraint);
|
102
|
+
|
103
|
+
case X509_V_ERR_HOSTNAME_MISMATCH:
|
104
|
+
case X509_V_ERR_IP_ADDRESS_MISMATCH:
|
105
|
+
return IceSSL::ICE_ENUM(TrustError, HostNameMismatch);
|
106
|
+
|
107
|
+
case X509_V_ERR_INVALID_CA:
|
108
|
+
case X509_V_ERR_INVALID_NON_CA:
|
109
|
+
case X509_V_ERR_PATH_LENGTH_EXCEEDED:
|
110
|
+
case X509_V_ERR_KEYUSAGE_NO_CERTSIGN:
|
111
|
+
case X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE:
|
112
|
+
return IceSSL::ICE_ENUM(TrustError, InvalidBasicConstraints);
|
113
|
+
|
114
|
+
case X509_V_ERR_INVALID_EXTENSION:
|
115
|
+
return IceSSL::ICE_ENUM(TrustError, InvalidExtension);
|
116
|
+
|
117
|
+
case X509_V_ERR_UNSUPPORTED_NAME_SYNTAX:
|
118
|
+
return IceSSL::ICE_ENUM(TrustError, InvalidNameConstraints);
|
119
|
+
|
120
|
+
case X509_V_ERR_INVALID_POLICY_EXTENSION:
|
121
|
+
case X509_V_ERR_NO_EXPLICIT_POLICY:
|
122
|
+
return IceSSL::ICE_ENUM(TrustError, InvalidPolicyConstraints);
|
123
|
+
|
124
|
+
case X509_V_ERR_INVALID_PURPOSE:
|
125
|
+
return IceSSL::ICE_ENUM(TrustError, InvalidPurpose);
|
126
|
+
|
127
|
+
case X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE:
|
128
|
+
case X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY:
|
129
|
+
case X509_V_ERR_CERT_SIGNATURE_FAILURE:
|
130
|
+
return IceSSL::ICE_ENUM(TrustError, InvalidSignature);
|
131
|
+
|
132
|
+
case X509_V_ERR_CERT_NOT_YET_VALID:
|
133
|
+
case X509_V_ERR_CERT_HAS_EXPIRED:
|
134
|
+
case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
|
135
|
+
case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
|
136
|
+
return IceSSL::ICE_ENUM(TrustError, InvalidTime);
|
137
|
+
|
138
|
+
case X509_V_ERR_CERT_REJECTED:
|
139
|
+
return IceSSL::ICE_ENUM(TrustError, NotTrusted);
|
140
|
+
|
141
|
+
case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
|
142
|
+
case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY:
|
143
|
+
case X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE:
|
144
|
+
return IceSSL::ICE_ENUM(TrustError, PartialChain);
|
145
|
+
|
146
|
+
case X509_V_ERR_CRL_HAS_EXPIRED:
|
147
|
+
case X509_V_ERR_CRL_NOT_YET_VALID:
|
148
|
+
case X509_V_ERR_CRL_SIGNATURE_FAILURE:
|
149
|
+
case X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD:
|
150
|
+
case X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD:
|
151
|
+
case X509_V_ERR_KEYUSAGE_NO_CRL_SIGN:
|
152
|
+
case X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE:
|
153
|
+
case X509_V_ERR_UNABLE_TO_GET_CRL:
|
154
|
+
case X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER:
|
155
|
+
case X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION:
|
156
|
+
case X509_V_ERR_CRL_PATH_VALIDATION_ERROR:
|
157
|
+
return IceSSL::ICE_ENUM(TrustError, RevocationStatusUnknown);
|
158
|
+
|
159
|
+
case X509_V_ERR_CERT_REVOKED:
|
160
|
+
return IceSSL::ICE_ENUM(TrustError, Revoked);
|
161
|
+
|
162
|
+
case X509_V_ERR_CERT_UNTRUSTED:
|
163
|
+
case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
|
164
|
+
case X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN:
|
165
|
+
return IceSSL::ICE_ENUM(TrustError, UntrustedRoot);
|
166
|
+
|
167
|
+
default:
|
168
|
+
return IceSSL::ICE_ENUM(TrustError, UnknownTrustFailure);
|
169
|
+
}
|
170
|
+
}
|
171
|
+
|
172
|
+
}
|
173
|
+
|
75
174
|
IceInternal::NativeInfoPtr
|
76
175
|
OpenSSL::TransceiverI::getNativeInfo()
|
77
176
|
{
|
@@ -310,6 +409,7 @@ OpenSSL::TransceiverI::initialize(IceInternal::Buffer& readBuffer, IceInternal::
|
|
310
409
|
}
|
311
410
|
|
312
411
|
long result = SSL_get_verify_result(_ssl);
|
412
|
+
_trustError = trustStatusToTrustError(result);
|
313
413
|
if(result != X509_V_OK)
|
314
414
|
{
|
315
415
|
if(_engine->getVerifyPeer() == 0)
|
@@ -346,10 +446,11 @@ OpenSSL::TransceiverI::initialize(IceInternal::Buffer& readBuffer, IceInternal::
|
|
346
446
|
// Peer hostname verification is new in OpenSSL 1.0.2 for older versions
|
347
447
|
// We use IceSSL built-in hostname verification.
|
348
448
|
//
|
349
|
-
_engine->verifyPeerCertName(
|
449
|
+
_engine->verifyPeerCertName(_host, ICE_DYNAMIC_CAST(ConnectionInfo, getInfo()));
|
350
450
|
}
|
351
451
|
catch(const SecurityException&)
|
352
452
|
{
|
453
|
+
_trustError = IceSSL::ICE_ENUM(TrustError, HostNameMismatch);
|
353
454
|
_verified = false;
|
354
455
|
if(_engine->getVerifyPeer() > 0)
|
355
456
|
{
|
@@ -823,13 +924,15 @@ OpenSSL::TransceiverI::toDetailedString() const
|
|
823
924
|
Ice::ConnectionInfoPtr
|
824
925
|
OpenSSL::TransceiverI::getInfo() const
|
825
926
|
{
|
826
|
-
|
927
|
+
ExtendedConnectionInfoPtr info = ICE_MAKE_SHARED(ExtendedConnectionInfo);
|
827
928
|
info->underlying = _delegate->getInfo();
|
828
929
|
info->incoming = _incoming;
|
829
930
|
info->adapterName = _adapterName;
|
830
931
|
info->cipher = _cipher;
|
831
932
|
info->certs = _certs;
|
832
933
|
info->verified = _verified;
|
934
|
+
info->errorCode = _trustError;
|
935
|
+
info->host = _incoming ? "" : _host;
|
833
936
|
return info;
|
834
937
|
}
|
835
938
|
|