RubyGems - zeroc-ice - Versions diffs - 3.7.5 → 3.7.8 - Mend

zeroc-ice 3.7.5 → 3.7.8

Files changed (271) hide show

checksums.yaml +4 -4
data/ext/Config.h +13 -0
data/ext/Util.cpp +0 -4
data/ext/ice/cpp/include/Ice/Exception.h +3 -3
data/ext/ice/cpp/include/Ice/Functional.h +3 -1
data/ext/ice/cpp/include/Ice/IconvStringConverter.h +1 -1
data/ext/ice/cpp/include/Ice/Object.h +7 -0
data/ext/ice/cpp/include/Ice/Proxy.h +25 -16
data/ext/ice/cpp/include/Ice/Service.h +1 -1
data/ext/ice/cpp/include/IceSSL/Plugin.h +142 -0
data/ext/ice/cpp/include/IceUtil/Config.h +3 -2
data/ext/ice/cpp/include/IceUtil/Functional.h +3 -1
data/ext/ice/cpp/include/IceUtil/MutexPtrLock.h +4 -4
data/ext/ice/cpp/include/IceUtil/ResourceConfig.h +2 -2
data/ext/ice/cpp/include/generated/Ice/BuiltinSequences.h +2 -2
data/ext/ice/cpp/include/generated/Ice/Communicator.h +8 -2
data/ext/ice/cpp/include/generated/Ice/CommunicatorF.h +2 -2
data/ext/ice/cpp/include/generated/Ice/Connection.h +45 -2
data/ext/ice/cpp/include/generated/Ice/ConnectionF.h +2 -2
data/ext/ice/cpp/include/generated/Ice/Current.h +2 -2
data/ext/ice/cpp/include/generated/Ice/Endpoint.h +38 -2
data/ext/ice/cpp/include/generated/Ice/EndpointF.h +2 -2
data/ext/ice/cpp/include/generated/Ice/EndpointTypes.h +2 -2
data/ext/ice/cpp/include/generated/Ice/FacetMap.h +2 -2
data/ext/ice/cpp/include/generated/Ice/Identity.h +2 -2
data/ext/ice/cpp/include/generated/Ice/ImplicitContext.h +8 -2
data/ext/ice/cpp/include/generated/Ice/ImplicitContextF.h +2 -2
data/ext/ice/cpp/include/generated/Ice/Instrumentation.h +62 -2
data/ext/ice/cpp/include/generated/Ice/InstrumentationF.h +2 -2
data/ext/ice/cpp/include/generated/Ice/LocalException.h +464 -68
data/ext/ice/cpp/include/generated/Ice/Locator.h +55 -7
data/ext/ice/cpp/include/generated/Ice/LocatorF.h +2 -2
data/ext/ice/cpp/include/generated/Ice/Logger.h +8 -2
data/ext/ice/cpp/include/generated/Ice/LoggerF.h +2 -2
data/ext/ice/cpp/include/generated/Ice/Metrics.h +63 -11
data/ext/ice/cpp/include/generated/Ice/ObjectAdapter.h +8 -2
data/ext/ice/cpp/include/generated/Ice/ObjectAdapterF.h +2 -2
data/ext/ice/cpp/include/generated/Ice/ObjectFactory.h +8 -2
data/ext/ice/cpp/include/generated/Ice/Plugin.h +14 -2
data/ext/ice/cpp/include/generated/Ice/PluginF.h +2 -2
data/ext/ice/cpp/include/generated/Ice/Process.h +8 -2
data/ext/ice/cpp/include/generated/Ice/ProcessF.h +2 -2
data/ext/ice/cpp/include/generated/Ice/Properties.h +8 -2
data/ext/ice/cpp/include/generated/Ice/PropertiesAdmin.h +8 -2
data/ext/ice/cpp/include/generated/Ice/PropertiesF.h +2 -2
data/ext/ice/cpp/include/generated/Ice/RemoteLogger.h +21 -3
data/ext/ice/cpp/include/generated/Ice/Router.h +14 -2
data/ext/ice/cpp/include/generated/Ice/RouterF.h +2 -2
data/ext/ice/cpp/include/generated/Ice/ServantLocator.h +8 -2
data/ext/ice/cpp/include/generated/Ice/ServantLocatorF.h +2 -2
data/ext/ice/cpp/include/generated/Ice/SliceChecksumDict.h +2 -2
data/ext/ice/cpp/include/generated/Ice/ValueFactory.h +14 -2
data/ext/ice/cpp/include/generated/Ice/Version.h +2 -2
data/ext/ice/cpp/include/generated/IceSSL/ConnectionInfo.h +7 -2
data/ext/ice/cpp/include/generated/IceSSL/ConnectionInfoF.h +2 -2
data/ext/ice/cpp/include/generated/IceSSL/EndpointInfo.h +7 -2
data/ext/ice/cpp/src/Ice/BuiltinSequences.cpp +2 -2
data/ext/ice/cpp/src/Ice/Communicator.cpp +2 -2
data/ext/ice/cpp/src/Ice/CommunicatorF.cpp +2 -2
data/ext/ice/cpp/src/Ice/Connection.cpp +2 -2
data/ext/ice/cpp/src/Ice/ConnectionF.cpp +2 -2
data/ext/ice/cpp/src/Ice/ConnectionFactory.cpp +3 -3
data/ext/ice/cpp/src/Ice/Current.cpp +2 -2
data/ext/ice/cpp/src/Ice/Endpoint.cpp +2 -2
data/ext/ice/cpp/src/Ice/EndpointF.cpp +2 -2
data/ext/ice/cpp/src/Ice/EndpointTypes.cpp +2 -2
data/ext/ice/cpp/src/Ice/FacetMap.cpp +2 -2
data/ext/ice/cpp/src/Ice/Identity.cpp +2 -2
data/ext/ice/cpp/src/Ice/ImplicitContext.cpp +2 -2
data/ext/ice/cpp/src/Ice/ImplicitContextF.cpp +2 -2
data/ext/ice/cpp/src/Ice/InputStream.cpp +10 -10
data/ext/ice/cpp/src/Ice/Instrumentation.cpp +2 -2
data/ext/ice/cpp/src/Ice/InstrumentationF.cpp +2 -2
data/ext/ice/cpp/src/Ice/LocalException.cpp +398 -2
data/ext/ice/cpp/src/Ice/Locator.cpp +32 -2
data/ext/ice/cpp/src/Ice/LocatorF.cpp +2 -2
data/ext/ice/cpp/src/Ice/LocatorInfo.cpp +3 -3
data/ext/ice/cpp/src/Ice/Logger.cpp +2 -2
data/ext/ice/cpp/src/Ice/LoggerF.cpp +2 -2
data/ext/ice/cpp/src/Ice/Metrics.cpp +8 -2
data/ext/ice/cpp/src/Ice/ObjectAdapter.cpp +2 -2
data/ext/ice/cpp/src/Ice/ObjectAdapterF.cpp +2 -2
data/ext/ice/cpp/src/Ice/ObjectAdapterFactory.cpp +4 -4
data/ext/ice/cpp/src/Ice/ObjectAdapterI.cpp +8 -8
data/ext/ice/cpp/src/Ice/ObjectFactory.cpp +2 -2
data/ext/ice/cpp/src/Ice/Plugin.cpp +2 -2
data/ext/ice/cpp/src/Ice/PluginF.cpp +2 -2
data/ext/ice/cpp/src/Ice/Process.cpp +2 -2
data/ext/ice/cpp/src/Ice/ProcessF.cpp +2 -2
data/ext/ice/cpp/src/Ice/Properties.cpp +2 -2
data/ext/ice/cpp/src/Ice/PropertiesAdmin.cpp +2 -2
data/ext/ice/cpp/src/Ice/PropertiesF.cpp +2 -2
data/ext/ice/cpp/src/Ice/PropertyNames.cpp +5 -3
data/ext/ice/cpp/src/Ice/PropertyNames.h +1 -1
data/ext/ice/cpp/src/Ice/RemoteLogger.cpp +8 -2
data/ext/ice/cpp/src/Ice/Router.cpp +2 -2
data/ext/ice/cpp/src/Ice/RouterF.cpp +2 -2
data/ext/ice/cpp/src/Ice/RouterInfo.cpp +6 -2
data/ext/ice/cpp/src/Ice/SHA1.cpp +2 -0
data/ext/ice/cpp/src/Ice/ServantLocator.cpp +2 -2
data/ext/ice/cpp/src/Ice/ServantLocatorF.cpp +2 -2
data/ext/ice/cpp/src/Ice/SliceChecksumDict.cpp +2 -2
data/ext/ice/cpp/src/Ice/Thread.cpp +2 -2
data/ext/ice/cpp/src/Ice/ThreadPool.cpp +5 -1
data/ext/ice/cpp/src/Ice/ValueFactory.cpp +2 -2
data/ext/ice/cpp/src/Ice/Version.cpp +2 -2
data/ext/ice/cpp/src/IceDiscovery/IceDiscovery.cpp +2 -2
data/ext/ice/cpp/src/IceDiscovery/IceDiscovery.h +14 -2
data/ext/ice/cpp/src/IceLocatorDiscovery/IceLocatorDiscovery.cpp +2 -2
data/ext/ice/cpp/src/IceLocatorDiscovery/IceLocatorDiscovery.h +14 -2
data/ext/ice/cpp/src/IceSSL/CertificateI.cpp +23 -1
data/ext/ice/cpp/src/IceSSL/ConnectionInfo.cpp +2 -2
data/ext/ice/cpp/src/IceSSL/ConnectionInfoF.cpp +2 -2
data/ext/ice/cpp/src/IceSSL/EndpointInfo.cpp +2 -2
data/ext/ice/cpp/src/IceSSL/OpenSSLCertificateI.cpp +114 -6
data/ext/ice/cpp/src/IceSSL/OpenSSLEngine.cpp +60 -1
data/ext/ice/cpp/src/IceSSL/OpenSSLTransceiverI.cpp +132 -7
data/ext/ice/cpp/src/IceSSL/OpenSSLTransceiverI.h +1 -0
data/ext/ice/cpp/src/IceSSL/OpenSSLUtil.cpp +2 -0
data/ext/ice/cpp/src/IceSSL/PluginI.cpp +114 -0
data/ext/ice/cpp/src/IceSSL/PluginI.h +21 -0
data/ext/ice/cpp/src/IceSSL/SChannelCertificateI.cpp +142 -1
data/ext/ice/cpp/src/IceSSL/SChannelTransceiverI.cpp +117 -3
data/ext/ice/cpp/src/IceSSL/SChannelTransceiverI.h +1 -0
data/ext/ice/cpp/src/IceSSL/SSLEngine.cpp +20 -1
data/ext/ice/cpp/src/IceSSL/SSLEngine.h +4 -0
data/ext/ice/cpp/src/IceSSL/SecureTransportCertificateI.cpp +133 -2
data/ext/ice/cpp/src/IceSSL/SecureTransportTransceiverI.cpp +150 -88
data/ext/ice/cpp/src/IceSSL/SecureTransportTransceiverI.h +1 -0
data/ext/ice/cpp/src/IceUtil/OutputUtil.cpp +7 -2
data/ext/ice/cpp/src/IceUtil/StringConverter.cpp +6 -0
data/ext/ice/cpp/src/IceUtil/Time.cpp +2 -2
data/ext/ice/cpp/src/Slice/CPlusPlusUtil.cpp +9 -5
data/ext/ice/cpp/src/Slice/JavaUtil.cpp +8 -0
data/ext/ice/cpp/src/Slice/MD5I.cpp +2 -1
data/ext/ice/cpp/src/Slice/PHPUtil.cpp +4 -0
data/ext/ice/cpp/src/Slice/Parser.cpp +4 -0
data/ext/ice/cpp/src/Slice/Parser.h +2 -2
data/ext/ice/cpp/src/Slice/PythonUtil.cpp +40 -3
data/ext/ice/cpp/src/Slice/Scanner.cpp +620 -368
data/ext/ice/mcpp/CMakeLists.txt +80 -0
data/ext/ice/mcpp/expand.c +6 -6
data/ice.gemspec +1 -1
data/lib/Glacier2/Metrics.rb +1 -1
data/lib/Glacier2/PermissionsVerifier.rb +1 -1
data/lib/Glacier2/PermissionsVerifierF.rb +1 -1
data/lib/Glacier2/Router.rb +1 -1
data/lib/Glacier2/RouterF.rb +1 -1
data/lib/Glacier2/SSLInfo.rb +1 -1
data/lib/Glacier2/Session.rb +1 -1
data/lib/Ice/BuiltinSequences.rb +1 -1
data/lib/Ice/Communicator.rb +1 -1
data/lib/Ice/CommunicatorF.rb +1 -1
data/lib/Ice/Connection.rb +1 -1
data/lib/Ice/ConnectionF.rb +1 -1
data/lib/Ice/Current.rb +1 -1
data/lib/Ice/Endpoint.rb +1 -1
data/lib/Ice/EndpointF.rb +1 -1
data/lib/Ice/EndpointTypes.rb +1 -1
data/lib/Ice/FacetMap.rb +1 -1
data/lib/Ice/Identity.rb +1 -1
data/lib/Ice/ImplicitContext.rb +1 -1
data/lib/Ice/ImplicitContextF.rb +1 -1
data/lib/Ice/Instrumentation.rb +1 -1
data/lib/Ice/InstrumentationF.rb +1 -1
data/lib/Ice/LocalException.rb +1 -1
data/lib/Ice/Locator.rb +1 -1
data/lib/Ice/LocatorF.rb +1 -1
data/lib/Ice/Logger.rb +1 -1
data/lib/Ice/LoggerF.rb +1 -1
data/lib/Ice/Metrics.rb +1 -1
data/lib/Ice/ObjectAdapter.rb +1 -1
data/lib/Ice/ObjectAdapterF.rb +1 -1
data/lib/Ice/ObjectFactory.rb +1 -1
data/lib/Ice/Plugin.rb +1 -1
data/lib/Ice/PluginF.rb +1 -1
data/lib/Ice/Process.rb +1 -1
data/lib/Ice/ProcessF.rb +1 -1
data/lib/Ice/Properties.rb +1 -1
data/lib/Ice/PropertiesAdmin.rb +1 -1
data/lib/Ice/PropertiesF.rb +1 -1
data/lib/Ice/RemoteLogger.rb +1 -1
data/lib/Ice/Router.rb +1 -1
data/lib/Ice/RouterF.rb +1 -1
data/lib/Ice/ServantLocator.rb +1 -1
data/lib/Ice/ServantLocatorF.rb +1 -1
data/lib/Ice/SliceChecksumDict.rb +1 -1
data/lib/Ice/ValueFactory.rb +1 -1
data/lib/Ice/Version.rb +1 -1
data/lib/IceBox/IceBox.rb +1 -1
data/lib/IceGrid/Admin.rb +1 -1
data/lib/IceGrid/Descriptor.rb +1 -1
data/lib/IceGrid/Exception.rb +1 -1
data/lib/IceGrid/FileParser.rb +1 -1
data/lib/IceGrid/PluginFacade.rb +1 -1
data/lib/IceGrid/Registry.rb +1 -1
data/lib/IceGrid/Session.rb +1 -1
data/lib/IceGrid/UserAccountMapper.rb +1 -1
data/lib/IcePatch2/FileInfo.rb +1 -1
data/lib/IcePatch2/FileServer.rb +1 -1
data/lib/IceStorm/IceStorm.rb +1 -1
data/lib/IceStorm/Metrics.rb +1 -1
data/slice/Glacier2/PermissionsVerifier.ice +1 -0
data/slice/Glacier2/PermissionsVerifierF.ice +1 -0
data/slice/Glacier2/Router.ice +1 -0
data/slice/Glacier2/RouterF.ice +1 -0
data/slice/Glacier2/SSLInfo.ice +1 -0
data/slice/Glacier2/Session.ice +1 -0
data/slice/Ice/BuiltinSequences.ice +1 -0
data/slice/Ice/Communicator.ice +1 -0
data/slice/Ice/CommunicatorF.ice +1 -0
data/slice/Ice/Connection.ice +1 -0
data/slice/Ice/ConnectionF.ice +1 -0
data/slice/Ice/Current.ice +1 -0
data/slice/Ice/Endpoint.ice +1 -0
data/slice/Ice/EndpointF.ice +1 -0
data/slice/Ice/EndpointTypes.ice +1 -0
data/slice/Ice/FacetMap.ice +1 -0
data/slice/Ice/Identity.ice +1 -0
data/slice/Ice/ImplicitContext.ice +1 -0
data/slice/Ice/ImplicitContextF.ice +1 -0
data/slice/Ice/Instrumentation.ice +1 -0
data/slice/Ice/InstrumentationF.ice +1 -0
data/slice/Ice/LocalException.ice +1 -0
data/slice/Ice/Locator.ice +1 -0
data/slice/Ice/LocatorF.ice +1 -0
data/slice/Ice/Logger.ice +1 -0
data/slice/Ice/LoggerF.ice +1 -0
data/slice/Ice/Metrics.ice +1 -0
data/slice/Ice/ObjectAdapter.ice +1 -0
data/slice/Ice/ObjectAdapterF.ice +1 -0
data/slice/Ice/ObjectFactory.ice +1 -0
data/slice/Ice/Plugin.ice +1 -0
data/slice/Ice/PluginF.ice +1 -0
data/slice/Ice/Process.ice +1 -0
data/slice/Ice/ProcessF.ice +1 -0
data/slice/Ice/Properties.ice +1 -0
data/slice/Ice/PropertiesAdmin.ice +1 -0
data/slice/Ice/PropertiesF.ice +1 -0
data/slice/Ice/RemoteLogger.ice +1 -0
data/slice/Ice/Router.ice +1 -0
data/slice/Ice/RouterF.ice +1 -0
data/slice/Ice/ServantLocator.ice +1 -0
data/slice/Ice/ServantLocatorF.ice +1 -0
data/slice/Ice/SliceChecksumDict.ice +1 -0
data/slice/Ice/ValueFactory.ice +1 -0
data/slice/Ice/Version.ice +1 -0
data/slice/IceBT/ConnectionInfo.ice +1 -0
data/slice/IceBT/EndpointInfo.ice +1 -0
data/slice/IceBT/Types.ice +1 -0
data/slice/IceBox/IceBox.ice +1 -0
data/slice/IceDiscovery/IceDiscovery.ice +1 -0
data/slice/IceGrid/Admin.ice +1 -0
data/slice/IceGrid/Descriptor.ice +1 -0
data/slice/IceGrid/Exception.ice +1 -0
data/slice/IceGrid/FileParser.ice +1 -0
data/slice/IceGrid/PluginFacade.ice +1 -0
data/slice/IceGrid/Registry.ice +1 -0
data/slice/IceGrid/Session.ice +1 -0
data/slice/IceGrid/UserAccountMapper.ice +1 -0
data/slice/IceIAP/ConnectionInfo.ice +1 -0
data/slice/IceIAP/EndpointInfo.ice +1 -0
data/slice/IceLocatorDiscovery/IceLocatorDiscovery.ice +1 -0
data/slice/IcePatch2/FileInfo.ice +1 -0
data/slice/IcePatch2/FileServer.ice +1 -0
data/slice/IceSSL/ConnectionInfo.ice +1 -0
data/slice/IceSSL/ConnectionInfoF.ice +1 -0
data/slice/IceSSL/EndpointInfo.ice +1 -0
data/slice/IceStorm/IceStorm.ice +1 -0
data/slice/IceStorm/Metrics.ice +4 -1
metadata +4 -4

data/ext/ice/cpp/src/IceSSL/OpenSSLTransceiverI.cpp CHANGED Viewed

@@ -10,8 +10,10 @@
 #include <IceSSL/ConnectionInfo.h>
 #include <IceSSL/Instance.h>
+#include <IceSSL/PluginI.h>
 #include <IceSSL/SSLEngine.h>
 #include <IceSSL/Util.h>
 #include <Ice/Communicator.h>
 #include <Ice/LoggerUtil.h>
 #include <Ice/Buffer.h>
@@ -72,6 +74,103 @@ IceSSL_opensslVerifyCallback(int ok, X509_STORE_CTX* ctx)
 }
+namespace
+{
+TrustError trustStatusToTrustError(long status)
+{
+    switch (status)
+    {
+    case X509_V_OK:
+        return IceSSL::ICE_ENUM(TrustError, NoError);
+    case X509_V_ERR_CERT_CHAIN_TOO_LONG:
+        return IceSSL::ICE_ENUM(TrustError, ChainTooLong);
+    case X509_V_ERR_EXCLUDED_VIOLATION:
+        return IceSSL::ICE_ENUM(TrustError, HasExcludedNameConstraint);
+    case X509_V_ERR_PERMITTED_VIOLATION:
+        return IceSSL::ICE_ENUM(TrustError, HasNonPermittedNameConstraint);
+    case X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION:
+        return IceSSL::ICE_ENUM(TrustError, HasNonSupportedCriticalExtension);
+    case X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE:
+    case X509_V_ERR_SUBTREE_MINMAX:
+        return IceSSL::ICE_ENUM(TrustError, HasNonSupportedNameConstraint);
+    case X509_V_ERR_HOSTNAME_MISMATCH:
+    case X509_V_ERR_IP_ADDRESS_MISMATCH:
+        return IceSSL::ICE_ENUM(TrustError, HostNameMismatch);
+    case X509_V_ERR_INVALID_CA:
+    case X509_V_ERR_INVALID_NON_CA:
+    case X509_V_ERR_PATH_LENGTH_EXCEEDED:
+    case X509_V_ERR_KEYUSAGE_NO_CERTSIGN:
+    case X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE:
+        return IceSSL::ICE_ENUM(TrustError, InvalidBasicConstraints);
+    case X509_V_ERR_INVALID_EXTENSION:
+        return IceSSL::ICE_ENUM(TrustError, InvalidExtension);
+    case X509_V_ERR_UNSUPPORTED_NAME_SYNTAX:
+        return IceSSL::ICE_ENUM(TrustError, InvalidNameConstraints);
+    case X509_V_ERR_INVALID_POLICY_EXTENSION:
+    case X509_V_ERR_NO_EXPLICIT_POLICY:
+        return IceSSL::ICE_ENUM(TrustError, InvalidPolicyConstraints);
+    case X509_V_ERR_INVALID_PURPOSE:
+        return IceSSL::ICE_ENUM(TrustError, InvalidPurpose);
+    case X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE:
+    case X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY:
+    case X509_V_ERR_CERT_SIGNATURE_FAILURE:
+        return IceSSL::ICE_ENUM(TrustError, InvalidSignature);
+    case X509_V_ERR_CERT_NOT_YET_VALID:
+    case X509_V_ERR_CERT_HAS_EXPIRED:
+    case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
+    case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
+        return IceSSL::ICE_ENUM(TrustError, InvalidTime);
+    case X509_V_ERR_CERT_REJECTED:
+        return IceSSL::ICE_ENUM(TrustError, NotTrusted);
+    case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
+    case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY:
+    case X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE:
+        return IceSSL::ICE_ENUM(TrustError, PartialChain);
+    case X509_V_ERR_CRL_HAS_EXPIRED:
+    case X509_V_ERR_CRL_NOT_YET_VALID:
+    case X509_V_ERR_CRL_SIGNATURE_FAILURE:
+    case X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD:
+    case X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD:
+    case X509_V_ERR_KEYUSAGE_NO_CRL_SIGN:
+    case X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE:
+    case X509_V_ERR_UNABLE_TO_GET_CRL:
+    case X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER:
+    case X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION:
+    case X509_V_ERR_CRL_PATH_VALIDATION_ERROR:
+        return IceSSL::ICE_ENUM(TrustError, RevocationStatusUnknown);
+    case X509_V_ERR_CERT_REVOKED:
+        return IceSSL::ICE_ENUM(TrustError, Revoked);
+    case X509_V_ERR_CERT_UNTRUSTED:
+    case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
+    case X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN:
+        return IceSSL::ICE_ENUM(TrustError, UntrustedRoot);
+    default:
+        return IceSSL::ICE_ENUM(TrustError, UnknownTrustFailure);
+    }
+}
+}
 IceInternal::NativeInfoPtr
 OpenSSL::TransceiverI::getNativeInfo()
 {
@@ -300,16 +399,28 @@ OpenSSL::TransceiverI::initialize(IceInternal::Buffer& readBuffer, IceInternal::
             }
             case SSL_ERROR_SSL:
             {
-                ostringstream ostr;
-                ostr << "SSL error occurred for new " << (_incoming ? "incoming" : "outgoing")
-                     << " connection:\n" << _delegate->toString() << "\n" << _engine->sslErrors();
-                throw ProtocolException(__FILE__, __LINE__, ostr.str());
+#if defined(SSL_R_UNEXPECTED_EOF_WHILE_READING)
+                if (SSL_R_UNEXPECTED_EOF_WHILE_READING == ERR_GET_REASON(ERR_get_error()))
+                {
+                    throw ConnectionLostException(__FILE__, __LINE__, 0);
+                }
+                else
+                {
+#endif
+                    ostringstream ostr;
+                    ostr << "SSL error occurred for new " << (_incoming ? "incoming" : "outgoing")
+                         << " connection:\n" << _delegate->toString() << "\n" << _engine->sslErrors();
+                    throw ProtocolException(__FILE__, __LINE__, ostr.str());
+#if defined(SSL_R_UNEXPECTED_EOF_WHILE_READING)
+                }
+#endif
             }
             }
         }
     }
     long result = SSL_get_verify_result(_ssl);
+    _trustError = trustStatusToTrustError(result);
     if(result != X509_V_OK)
     {
         if(_engine->getVerifyPeer() == 0)
@@ -350,6 +461,7 @@ OpenSSL::TransceiverI::initialize(IceInternal::Buffer& readBuffer, IceInternal::
     }
     catch(const SecurityException&)
     {
+        _trustError = IceSSL::ICE_ENUM(TrustError, HostNameMismatch);
         _verified = false;
         if(_engine->getVerifyPeer() > 0)
         {
@@ -647,8 +759,19 @@ OpenSSL::TransceiverI::read(IceInternal::Buffer& buf)
             }
             case SSL_ERROR_SSL:
             {
-                throw ProtocolException(__FILE__, __LINE__,
-                                        "SSL protocol error during read:\n" + _engine->sslErrors());
+#if defined(SSL_R_UNEXPECTED_EOF_WHILE_READING)
+                if (SSL_R_UNEXPECTED_EOF_WHILE_READING == ERR_GET_REASON(ERR_get_error()))
+                {
+                    throw ConnectionLostException(__FILE__, __LINE__, 0);
+                }
+                else
+                {
+#endif
+                    throw ProtocolException(__FILE__, __LINE__,
+                                            "SSL protocol error during read:\n" + _engine->sslErrors());
+#if defined(SSL_R_UNEXPECTED_EOF_WHILE_READING)
+                }
+#endif
             }
             }
         }
@@ -823,13 +946,15 @@ OpenSSL::TransceiverI::toDetailedString() const
 Ice::ConnectionInfoPtr
 OpenSSL::TransceiverI::getInfo() const
 {
-    ConnectionInfoPtr info = ICE_MAKE_SHARED(ConnectionInfo);
+    ExtendedConnectionInfoPtr info = ICE_MAKE_SHARED(ExtendedConnectionInfo);
     info->underlying = _delegate->getInfo();
     info->incoming = _incoming;
     info->adapterName = _adapterName;
     info->cipher = _cipher;
     info->certs = _certs;
     info->verified = _verified;
+    info->errorCode = _trustError;
+    info->host = _incoming ? "" : _host;
     return info;
 }

data/ext/ice/cpp/src/IceSSL/OpenSSLTransceiverI.h CHANGED Viewed

@@ -71,6 +71,7 @@ private:
     std::string _cipher;
     std::vector<IceSSL::CertificatePtr> _certs;
     bool _verified;
+    TrustError _trustError;
     SSL* _ssl;
     BIO* _memBio;

data/ext/ice/cpp/src/IceSSL/OpenSSLUtil.cpp CHANGED Viewed

@@ -10,6 +10,8 @@
 //
 #if defined(__GNUC__)
 #  pragma GCC diagnostic ignored "-Wold-style-cast"
+#  // Ignore OpenSSL 3.0 deprecation warning
+#  pragma GCC diagnostic ignored "-Wdeprecated-declarations"
 #endif
 using namespace std;

data/ext/ice/cpp/src/IceSSL/PluginI.cpp CHANGED Viewed

@@ -130,3 +130,117 @@ ICEregisterIceSSL(bool loadOnInitialize)
 {
     Ice::registerIceSSL(loadOnInitialize);
 }
+IceSSL::TrustError
+IceSSL::getTrustError(const IceSSL::ConnectionInfoPtr& info)
+{
+    ExtendedConnectionInfoPtr extendedInfo = ICE_DYNAMIC_CAST(ExtendedConnectionInfo, info);
+    if (extendedInfo)
+    {
+        return extendedInfo->errorCode;
+    }
+    return info->verified ? IceSSL::ICE_ENUM(TrustError, NoError) : IceSSL::ICE_ENUM(TrustError, UnknownTrustFailure);
+}
+std::string
+IceSSL::getTrustErrorDescription(TrustError error)
+{
+    switch(error)
+    {
+        case  IceSSL::ICE_ENUM(TrustError, NoError):
+        {
+            return "no error";
+        }
+        case IceSSL::ICE_ENUM(TrustError, ChainTooLong):
+        {
+            return "the certificate chain length is greater than the specified maximum depth";
+        }
+        case IceSSL::ICE_ENUM(TrustError, HasExcludedNameConstraint):
+        {
+            return "the X509 chain is invalid because a certificate has excluded a name constraint";
+        }
+        case IceSSL::ICE_ENUM(TrustError, HasNonDefinedNameConstraint):
+        {
+            return "the certificate has an undefined name constraint";
+        }
+        case IceSSL::ICE_ENUM(TrustError, HasNonPermittedNameConstraint):
+        {
+            return "the certificate has a non permitted name constrain";
+        }
+        case IceSSL::ICE_ENUM(TrustError, HasNonSupportedCriticalExtension):
+        {
+            return "the certificate does not support a critical extension";
+        }
+        case IceSSL::ICE_ENUM(TrustError, HasNonSupportedNameConstraint):
+        {
+            return "the certificate does not have a supported name constraint or has a name constraint that "
+                   "is unsupported";
+        }
+        case IceSSL::ICE_ENUM(TrustError, HostNameMismatch):
+        {
+            return "a host name mismatch has occurred";
+        }
+        case IceSSL::ICE_ENUM(TrustError, InvalidBasicConstraints):
+        {
+            return "the X509 chain is invalid due to invalid basic constraints";
+        }
+        case IceSSL::ICE_ENUM(TrustError, InvalidExtension):
+        {
+            return "the X509 chain is invalid due to an invalid extension";
+        }
+        case IceSSL::ICE_ENUM(TrustError, InvalidNameConstraints):
+        {
+            return "the X509 chain is invalid due to invalid name constraints";
+        }
+        case IceSSL::ICE_ENUM(TrustError, InvalidPolicyConstraints):
+        {
+            return "the X509 chain is invalid due to invalid policy constraints";
+        }
+        case IceSSL::ICE_ENUM(TrustError, InvalidPurpose):
+        {
+            return "the supplied certificate cannot be used for the specified purpose";
+        }
+        case IceSSL::ICE_ENUM(TrustError, InvalidSignature):
+        {
+            return "the X509 chain is invalid due to an invalid certificate signature";
+        }
+        case IceSSL::ICE_ENUM(TrustError, InvalidTime):
+        {
+            return "the X509 chain is not valid due to an invalid time value, such as a value that indicates an "
+                   "expired certificate";
+        }
+        case IceSSL::ICE_ENUM(TrustError, NotTrusted):
+        {
+            return "the certificate is explicitly distrusted";
+        }
+        case IceSSL::ICE_ENUM(TrustError, PartialChain):
+        {
+            return "the X509 chain could not be built up to the root certificate";
+        }
+        case IceSSL::ICE_ENUM(TrustError, RevocationStatusUnknown):
+        {
+            return "it is not possible to determine whether the certificate has been revoked";
+        }
+        case IceSSL::ICE_ENUM(TrustError, Revoked):
+        {
+            return "the X509 chain is invalid due to a revoked certificate";
+        }
+        case IceSSL::ICE_ENUM(TrustError, UntrustedRoot):
+        {
+            return "the X509 chain is invalid due to an untrusted root certificate";
+        }
+        case IceSSL::ICE_ENUM(TrustError, UnknownTrustFailure):
+        {
+            return "unknown failure";
+        }
+    }
+    assert(false);
+    return "unknown failure";
+}
+std::string
+IceSSL::getHost(const IceSSL::ConnectionInfoPtr& info)
+{
+    ExtendedConnectionInfoPtr extendedInfo = ICE_DYNAMIC_CAST(ExtendedConnectionInfo, info);
+    return extendedInfo ? extendedInfo->host : "";
+}

data/ext/ice/cpp/src/IceSSL/PluginI.h CHANGED Viewed

@@ -7,11 +7,32 @@
 #include <IceSSL/Plugin.h>
 #include <IceSSL/SSLEngineF.h>
+#include <IceSSL/ConnectionInfo.h>
 #include <Ice/CommunicatorF.h>
 namespace IceSSL
 {
+class ExtendedConnectionInfo : public ConnectionInfo
+{
+public:
+    TrustError errorCode;
+    std::string host;
+};
+ICE_DEFINE_PTR(ExtendedConnectionInfoPtr, ExtendedConnectionInfo);
+// TODO: This class provides new certificate virtual methods that canot be added directly to the certificate class
+// without breaking binary compatibility. The class can be removed once the relevant methods can be marked as virtual in
+// the certificate class in the next major release (3.8.x).
+class ICESSL_API CertificateExtendedInfo
+{
+public:
+    virtual unsigned int getKeyUsage() const = 0;
+    virtual unsigned int getExtendedKeyUsage() const = 0;
+};
 class ICESSL_API PluginI : public virtual IceSSL::Plugin
 {
 public:

data/ext/ice/cpp/src/IceSSL/SChannelCertificateI.cpp CHANGED Viewed

@@ -2,7 +2,7 @@
 // Copyright (c) ZeroC, Inc. All rights reserved.
 //
-#include <IceSSL/Plugin.h>
+#include <IceSSL/PluginI.h>
 #include <IceSSL/SChannel.h>
 #include <IceSSL/CertificateI.h>
 #include <IceSSL/Util.h>
@@ -59,6 +59,7 @@ private:
 class SChannelCertificateI : public SChannel::Certificate,
                              public CertificateI,
+                             public IceSSL::CertificateExtendedInfo,
                              public IceUtil::Mutex
 {
 public:
@@ -94,6 +95,9 @@ protected:
 private:
+    virtual unsigned int getKeyUsage() const;
+    virtual unsigned int getExtendedKeyUsage() const;
     CERT_SIGNED_CONTENT_INFO* _cert;
     CERT_INFO* _certInfo;
     CertInfoHolderPtr _certInfoHolder;
@@ -557,6 +561,143 @@ SChannelCertificateI::loadX509Extensions() const
     }
 }
+unsigned int
+SChannelCertificateI::getKeyUsage() const
+{
+    unsigned int keyUsage = 0;
+    BYTE usage[2];
+    if(CertGetIntendedKeyUsage(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, _certInfo, usage, 2))
+    {
+        if (usage[0] & CERT_DIGITAL_SIGNATURE_KEY_USAGE)
+        {
+            keyUsage |= KEY_USAGE_DIGITAL_SIGNATURE;
+        }
+        if (usage[0] & CERT_NON_REPUDIATION_KEY_USAGE)
+        {
+            keyUsage |= KEY_USAGE_NON_REPUDIATION;
+        }
+        if (usage[0] & CERT_KEY_ENCIPHERMENT_KEY_USAGE)
+        {
+            keyUsage |= KEY_USAGE_KEY_ENCIPHERMENT;
+        }
+        if (usage[0] & CERT_DATA_ENCIPHERMENT_KEY_USAGE)
+        {
+            keyUsage |= KEY_USAGE_DATA_ENCIPHERMENT;
+        }
+        if (usage[0] & CERT_KEY_AGREEMENT_KEY_USAGE)
+        {
+            keyUsage |= KEY_USAGE_KEY_AGREEMENT;
+        }
+        if (usage[0] & CERT_KEY_CERT_SIGN_KEY_USAGE)
+        {
+            keyUsage |= KEY_USAGE_KEY_CERT_SIGN;
+        }
+        if(usage[0] & CERT_CRL_SIGN_KEY_USAGE)
+        {
+            keyUsage |= KEY_USAGE_CRL_SIGN;
+        }
+        if(usage[0] & CERT_ENCIPHER_ONLY_KEY_USAGE)
+        {
+            keyUsage |= KEY_USAGE_ENCIPHER_ONLY;
+        }
+        if(usage[1] & CERT_DECIPHER_ONLY_KEY_USAGE)
+        {
+            keyUsage |= KEY_USAGE_DECIPHER_ONLY;
+        }
+    }
+    else if(GetLastError())
+    {
+        throw CertificateEncodingException(__FILE__, __LINE__, IceUtilInternal::lastErrorToString());
+    }
+    return keyUsage;
+}
+unsigned int
+SChannelCertificateI::getExtendedKeyUsage() const
+{
+    unsigned int extendedKeyUsage = 0;
+    const CERT_CONTEXT* certContext = CertCreateCertificateContext(X509_ASN_ENCODING,
+                                                                   _cert->ToBeSigned.pbData,
+                                                                   _cert->ToBeSigned.cbData);
+    if(certContext == 0)
+    {
+        throw CertificateEncodingException(__FILE__, __LINE__, IceUtilInternal::lastErrorToString());
+    }
+    try
+    {
+        DWORD cbUsage;
+        if(!CertGetEnhancedKeyUsage(certContext, 0, 0, &cbUsage))
+        {
+            if(GetLastError() == CRYPT_E_NOT_FOUND)
+            {
+                return 0;
+            }
+            else
+            {
+                throw CertificateEncodingException(__FILE__, __LINE__, IceUtilInternal::lastErrorToString());
+            }
+        }
+        if (cbUsage > 0)
+        {
+            vector<unsigned char> pUsage;
+            pUsage.resize(cbUsage);
+            if(!CertGetEnhancedKeyUsage(certContext, 0, reinterpret_cast<CERT_ENHKEY_USAGE*>(&pUsage[0]), &cbUsage))
+            {
+                if(GetLastError() == CRYPT_E_NOT_FOUND)
+                {
+                    return 0;
+                }
+                else
+                {
+                    throw CertificateEncodingException(__FILE__, __LINE__, IceUtilInternal::lastErrorToString());
+                }
+            }
+            CERT_ENHKEY_USAGE* enkeyUsage = reinterpret_cast<CERT_ENHKEY_USAGE*>(&pUsage[0]);
+            for(DWORD i = 0; i < enkeyUsage->cUsageIdentifier; i++)
+            {
+                LPSTR oid = enkeyUsage->rgpszUsageIdentifier[i];
+                if(strcmp(oid, szOID_ANY_ENHANCED_KEY_USAGE) == 0)
+                {
+                    extendedKeyUsage |= EXTENDED_KEY_USAGE_ANY_KEY_USAGE;
+                }
+                if(strcmp(oid, szOID_PKIX_KP_SERVER_AUTH) == 0)
+                {
+                    extendedKeyUsage |= EXTENDED_KEY_USAGE_SERVER_AUTH;
+                }
+                if(strcmp(oid, szOID_PKIX_KP_CLIENT_AUTH) == 0)
+                {
+                    extendedKeyUsage |= EXTENDED_KEY_USAGE_CLIENT_AUTH;
+                }
+                if(strcmp(oid, szOID_PKIX_KP_CODE_SIGNING) == 0)
+                {
+                    extendedKeyUsage |= EXTENDED_KEY_USAGE_CODE_SIGNING;
+                }
+                if(strcmp(oid, szOID_PKIX_KP_EMAIL_PROTECTION) == 0)
+                {
+                    extendedKeyUsage |= EXTENDED_KEY_USAGE_EMAIL_PROTECTION;
+                }
+                if(strcmp(oid, szOID_PKIX_KP_TIMESTAMP_SIGNING) == 0)
+                {
+                    extendedKeyUsage |= EXTENDED_KEY_USAGE_TIME_STAMPING;
+                }
+                if(strcmp(oid, szOID_PKIX_KP_OCSP_SIGNING) == 0)
+                {
+                    extendedKeyUsage |= EXTENDED_KEY_USAGE_OCSP_SIGNING;
+                }
+            }
+        }
+        CertFreeCertificateContext(certContext);
+    }
+    catch(...)
+    {
+        CertFreeCertificateContext(certContext);
+        throw;
+    }
+    return extendedKeyUsage;
+}
 SChannel::CertificatePtr
 SChannel::Certificate::create(CERT_SIGNED_CONTENT_INFO* cert)
 {