zeroc-ice 3.7.5 → 3.7.8
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/ext/Config.h +13 -0
- data/ext/Util.cpp +0 -4
- data/ext/ice/cpp/include/Ice/Exception.h +3 -3
- data/ext/ice/cpp/include/Ice/Functional.h +3 -1
- data/ext/ice/cpp/include/Ice/IconvStringConverter.h +1 -1
- data/ext/ice/cpp/include/Ice/Object.h +7 -0
- data/ext/ice/cpp/include/Ice/Proxy.h +25 -16
- data/ext/ice/cpp/include/Ice/Service.h +1 -1
- data/ext/ice/cpp/include/IceSSL/Plugin.h +142 -0
- data/ext/ice/cpp/include/IceUtil/Config.h +3 -2
- data/ext/ice/cpp/include/IceUtil/Functional.h +3 -1
- data/ext/ice/cpp/include/IceUtil/MutexPtrLock.h +4 -4
- data/ext/ice/cpp/include/IceUtil/ResourceConfig.h +2 -2
- data/ext/ice/cpp/include/generated/Ice/BuiltinSequences.h +2 -2
- data/ext/ice/cpp/include/generated/Ice/Communicator.h +8 -2
- data/ext/ice/cpp/include/generated/Ice/CommunicatorF.h +2 -2
- data/ext/ice/cpp/include/generated/Ice/Connection.h +45 -2
- data/ext/ice/cpp/include/generated/Ice/ConnectionF.h +2 -2
- data/ext/ice/cpp/include/generated/Ice/Current.h +2 -2
- data/ext/ice/cpp/include/generated/Ice/Endpoint.h +38 -2
- data/ext/ice/cpp/include/generated/Ice/EndpointF.h +2 -2
- data/ext/ice/cpp/include/generated/Ice/EndpointTypes.h +2 -2
- data/ext/ice/cpp/include/generated/Ice/FacetMap.h +2 -2
- data/ext/ice/cpp/include/generated/Ice/Identity.h +2 -2
- data/ext/ice/cpp/include/generated/Ice/ImplicitContext.h +8 -2
- data/ext/ice/cpp/include/generated/Ice/ImplicitContextF.h +2 -2
- data/ext/ice/cpp/include/generated/Ice/Instrumentation.h +62 -2
- data/ext/ice/cpp/include/generated/Ice/InstrumentationF.h +2 -2
- data/ext/ice/cpp/include/generated/Ice/LocalException.h +464 -68
- data/ext/ice/cpp/include/generated/Ice/Locator.h +55 -7
- data/ext/ice/cpp/include/generated/Ice/LocatorF.h +2 -2
- data/ext/ice/cpp/include/generated/Ice/Logger.h +8 -2
- data/ext/ice/cpp/include/generated/Ice/LoggerF.h +2 -2
- data/ext/ice/cpp/include/generated/Ice/Metrics.h +63 -11
- data/ext/ice/cpp/include/generated/Ice/ObjectAdapter.h +8 -2
- data/ext/ice/cpp/include/generated/Ice/ObjectAdapterF.h +2 -2
- data/ext/ice/cpp/include/generated/Ice/ObjectFactory.h +8 -2
- data/ext/ice/cpp/include/generated/Ice/Plugin.h +14 -2
- data/ext/ice/cpp/include/generated/Ice/PluginF.h +2 -2
- data/ext/ice/cpp/include/generated/Ice/Process.h +8 -2
- data/ext/ice/cpp/include/generated/Ice/ProcessF.h +2 -2
- data/ext/ice/cpp/include/generated/Ice/Properties.h +8 -2
- data/ext/ice/cpp/include/generated/Ice/PropertiesAdmin.h +8 -2
- data/ext/ice/cpp/include/generated/Ice/PropertiesF.h +2 -2
- data/ext/ice/cpp/include/generated/Ice/RemoteLogger.h +21 -3
- data/ext/ice/cpp/include/generated/Ice/Router.h +14 -2
- data/ext/ice/cpp/include/generated/Ice/RouterF.h +2 -2
- data/ext/ice/cpp/include/generated/Ice/ServantLocator.h +8 -2
- data/ext/ice/cpp/include/generated/Ice/ServantLocatorF.h +2 -2
- data/ext/ice/cpp/include/generated/Ice/SliceChecksumDict.h +2 -2
- data/ext/ice/cpp/include/generated/Ice/ValueFactory.h +14 -2
- data/ext/ice/cpp/include/generated/Ice/Version.h +2 -2
- data/ext/ice/cpp/include/generated/IceSSL/ConnectionInfo.h +7 -2
- data/ext/ice/cpp/include/generated/IceSSL/ConnectionInfoF.h +2 -2
- data/ext/ice/cpp/include/generated/IceSSL/EndpointInfo.h +7 -2
- data/ext/ice/cpp/src/Ice/BuiltinSequences.cpp +2 -2
- data/ext/ice/cpp/src/Ice/Communicator.cpp +2 -2
- data/ext/ice/cpp/src/Ice/CommunicatorF.cpp +2 -2
- data/ext/ice/cpp/src/Ice/Connection.cpp +2 -2
- data/ext/ice/cpp/src/Ice/ConnectionF.cpp +2 -2
- data/ext/ice/cpp/src/Ice/ConnectionFactory.cpp +3 -3
- data/ext/ice/cpp/src/Ice/Current.cpp +2 -2
- data/ext/ice/cpp/src/Ice/Endpoint.cpp +2 -2
- data/ext/ice/cpp/src/Ice/EndpointF.cpp +2 -2
- data/ext/ice/cpp/src/Ice/EndpointTypes.cpp +2 -2
- data/ext/ice/cpp/src/Ice/FacetMap.cpp +2 -2
- data/ext/ice/cpp/src/Ice/Identity.cpp +2 -2
- data/ext/ice/cpp/src/Ice/ImplicitContext.cpp +2 -2
- data/ext/ice/cpp/src/Ice/ImplicitContextF.cpp +2 -2
- data/ext/ice/cpp/src/Ice/InputStream.cpp +10 -10
- data/ext/ice/cpp/src/Ice/Instrumentation.cpp +2 -2
- data/ext/ice/cpp/src/Ice/InstrumentationF.cpp +2 -2
- data/ext/ice/cpp/src/Ice/LocalException.cpp +398 -2
- data/ext/ice/cpp/src/Ice/Locator.cpp +32 -2
- data/ext/ice/cpp/src/Ice/LocatorF.cpp +2 -2
- data/ext/ice/cpp/src/Ice/LocatorInfo.cpp +3 -3
- data/ext/ice/cpp/src/Ice/Logger.cpp +2 -2
- data/ext/ice/cpp/src/Ice/LoggerF.cpp +2 -2
- data/ext/ice/cpp/src/Ice/Metrics.cpp +8 -2
- data/ext/ice/cpp/src/Ice/ObjectAdapter.cpp +2 -2
- data/ext/ice/cpp/src/Ice/ObjectAdapterF.cpp +2 -2
- data/ext/ice/cpp/src/Ice/ObjectAdapterFactory.cpp +4 -4
- data/ext/ice/cpp/src/Ice/ObjectAdapterI.cpp +8 -8
- data/ext/ice/cpp/src/Ice/ObjectFactory.cpp +2 -2
- data/ext/ice/cpp/src/Ice/Plugin.cpp +2 -2
- data/ext/ice/cpp/src/Ice/PluginF.cpp +2 -2
- data/ext/ice/cpp/src/Ice/Process.cpp +2 -2
- data/ext/ice/cpp/src/Ice/ProcessF.cpp +2 -2
- data/ext/ice/cpp/src/Ice/Properties.cpp +2 -2
- data/ext/ice/cpp/src/Ice/PropertiesAdmin.cpp +2 -2
- data/ext/ice/cpp/src/Ice/PropertiesF.cpp +2 -2
- data/ext/ice/cpp/src/Ice/PropertyNames.cpp +5 -3
- data/ext/ice/cpp/src/Ice/PropertyNames.h +1 -1
- data/ext/ice/cpp/src/Ice/RemoteLogger.cpp +8 -2
- data/ext/ice/cpp/src/Ice/Router.cpp +2 -2
- data/ext/ice/cpp/src/Ice/RouterF.cpp +2 -2
- data/ext/ice/cpp/src/Ice/RouterInfo.cpp +6 -2
- data/ext/ice/cpp/src/Ice/SHA1.cpp +2 -0
- data/ext/ice/cpp/src/Ice/ServantLocator.cpp +2 -2
- data/ext/ice/cpp/src/Ice/ServantLocatorF.cpp +2 -2
- data/ext/ice/cpp/src/Ice/SliceChecksumDict.cpp +2 -2
- data/ext/ice/cpp/src/Ice/Thread.cpp +2 -2
- data/ext/ice/cpp/src/Ice/ThreadPool.cpp +5 -1
- data/ext/ice/cpp/src/Ice/ValueFactory.cpp +2 -2
- data/ext/ice/cpp/src/Ice/Version.cpp +2 -2
- data/ext/ice/cpp/src/IceDiscovery/IceDiscovery.cpp +2 -2
- data/ext/ice/cpp/src/IceDiscovery/IceDiscovery.h +14 -2
- data/ext/ice/cpp/src/IceLocatorDiscovery/IceLocatorDiscovery.cpp +2 -2
- data/ext/ice/cpp/src/IceLocatorDiscovery/IceLocatorDiscovery.h +14 -2
- data/ext/ice/cpp/src/IceSSL/CertificateI.cpp +23 -1
- data/ext/ice/cpp/src/IceSSL/ConnectionInfo.cpp +2 -2
- data/ext/ice/cpp/src/IceSSL/ConnectionInfoF.cpp +2 -2
- data/ext/ice/cpp/src/IceSSL/EndpointInfo.cpp +2 -2
- data/ext/ice/cpp/src/IceSSL/OpenSSLCertificateI.cpp +114 -6
- data/ext/ice/cpp/src/IceSSL/OpenSSLEngine.cpp +60 -1
- data/ext/ice/cpp/src/IceSSL/OpenSSLTransceiverI.cpp +132 -7
- data/ext/ice/cpp/src/IceSSL/OpenSSLTransceiverI.h +1 -0
- data/ext/ice/cpp/src/IceSSL/OpenSSLUtil.cpp +2 -0
- data/ext/ice/cpp/src/IceSSL/PluginI.cpp +114 -0
- data/ext/ice/cpp/src/IceSSL/PluginI.h +21 -0
- data/ext/ice/cpp/src/IceSSL/SChannelCertificateI.cpp +142 -1
- data/ext/ice/cpp/src/IceSSL/SChannelTransceiverI.cpp +117 -3
- data/ext/ice/cpp/src/IceSSL/SChannelTransceiverI.h +1 -0
- data/ext/ice/cpp/src/IceSSL/SSLEngine.cpp +20 -1
- data/ext/ice/cpp/src/IceSSL/SSLEngine.h +4 -0
- data/ext/ice/cpp/src/IceSSL/SecureTransportCertificateI.cpp +133 -2
- data/ext/ice/cpp/src/IceSSL/SecureTransportTransceiverI.cpp +150 -88
- data/ext/ice/cpp/src/IceSSL/SecureTransportTransceiverI.h +1 -0
- data/ext/ice/cpp/src/IceUtil/OutputUtil.cpp +7 -2
- data/ext/ice/cpp/src/IceUtil/StringConverter.cpp +6 -0
- data/ext/ice/cpp/src/IceUtil/Time.cpp +2 -2
- data/ext/ice/cpp/src/Slice/CPlusPlusUtil.cpp +9 -5
- data/ext/ice/cpp/src/Slice/JavaUtil.cpp +8 -0
- data/ext/ice/cpp/src/Slice/MD5I.cpp +2 -1
- data/ext/ice/cpp/src/Slice/PHPUtil.cpp +4 -0
- data/ext/ice/cpp/src/Slice/Parser.cpp +4 -0
- data/ext/ice/cpp/src/Slice/Parser.h +2 -2
- data/ext/ice/cpp/src/Slice/PythonUtil.cpp +40 -3
- data/ext/ice/cpp/src/Slice/Scanner.cpp +620 -368
- data/ext/ice/mcpp/CMakeLists.txt +80 -0
- data/ext/ice/mcpp/expand.c +6 -6
- data/ice.gemspec +1 -1
- data/lib/Glacier2/Metrics.rb +1 -1
- data/lib/Glacier2/PermissionsVerifier.rb +1 -1
- data/lib/Glacier2/PermissionsVerifierF.rb +1 -1
- data/lib/Glacier2/Router.rb +1 -1
- data/lib/Glacier2/RouterF.rb +1 -1
- data/lib/Glacier2/SSLInfo.rb +1 -1
- data/lib/Glacier2/Session.rb +1 -1
- data/lib/Ice/BuiltinSequences.rb +1 -1
- data/lib/Ice/Communicator.rb +1 -1
- data/lib/Ice/CommunicatorF.rb +1 -1
- data/lib/Ice/Connection.rb +1 -1
- data/lib/Ice/ConnectionF.rb +1 -1
- data/lib/Ice/Current.rb +1 -1
- data/lib/Ice/Endpoint.rb +1 -1
- data/lib/Ice/EndpointF.rb +1 -1
- data/lib/Ice/EndpointTypes.rb +1 -1
- data/lib/Ice/FacetMap.rb +1 -1
- data/lib/Ice/Identity.rb +1 -1
- data/lib/Ice/ImplicitContext.rb +1 -1
- data/lib/Ice/ImplicitContextF.rb +1 -1
- data/lib/Ice/Instrumentation.rb +1 -1
- data/lib/Ice/InstrumentationF.rb +1 -1
- data/lib/Ice/LocalException.rb +1 -1
- data/lib/Ice/Locator.rb +1 -1
- data/lib/Ice/LocatorF.rb +1 -1
- data/lib/Ice/Logger.rb +1 -1
- data/lib/Ice/LoggerF.rb +1 -1
- data/lib/Ice/Metrics.rb +1 -1
- data/lib/Ice/ObjectAdapter.rb +1 -1
- data/lib/Ice/ObjectAdapterF.rb +1 -1
- data/lib/Ice/ObjectFactory.rb +1 -1
- data/lib/Ice/Plugin.rb +1 -1
- data/lib/Ice/PluginF.rb +1 -1
- data/lib/Ice/Process.rb +1 -1
- data/lib/Ice/ProcessF.rb +1 -1
- data/lib/Ice/Properties.rb +1 -1
- data/lib/Ice/PropertiesAdmin.rb +1 -1
- data/lib/Ice/PropertiesF.rb +1 -1
- data/lib/Ice/RemoteLogger.rb +1 -1
- data/lib/Ice/Router.rb +1 -1
- data/lib/Ice/RouterF.rb +1 -1
- data/lib/Ice/ServantLocator.rb +1 -1
- data/lib/Ice/ServantLocatorF.rb +1 -1
- data/lib/Ice/SliceChecksumDict.rb +1 -1
- data/lib/Ice/ValueFactory.rb +1 -1
- data/lib/Ice/Version.rb +1 -1
- data/lib/IceBox/IceBox.rb +1 -1
- data/lib/IceGrid/Admin.rb +1 -1
- data/lib/IceGrid/Descriptor.rb +1 -1
- data/lib/IceGrid/Exception.rb +1 -1
- data/lib/IceGrid/FileParser.rb +1 -1
- data/lib/IceGrid/PluginFacade.rb +1 -1
- data/lib/IceGrid/Registry.rb +1 -1
- data/lib/IceGrid/Session.rb +1 -1
- data/lib/IceGrid/UserAccountMapper.rb +1 -1
- data/lib/IcePatch2/FileInfo.rb +1 -1
- data/lib/IcePatch2/FileServer.rb +1 -1
- data/lib/IceStorm/IceStorm.rb +1 -1
- data/lib/IceStorm/Metrics.rb +1 -1
- data/slice/Glacier2/PermissionsVerifier.ice +1 -0
- data/slice/Glacier2/PermissionsVerifierF.ice +1 -0
- data/slice/Glacier2/Router.ice +1 -0
- data/slice/Glacier2/RouterF.ice +1 -0
- data/slice/Glacier2/SSLInfo.ice +1 -0
- data/slice/Glacier2/Session.ice +1 -0
- data/slice/Ice/BuiltinSequences.ice +1 -0
- data/slice/Ice/Communicator.ice +1 -0
- data/slice/Ice/CommunicatorF.ice +1 -0
- data/slice/Ice/Connection.ice +1 -0
- data/slice/Ice/ConnectionF.ice +1 -0
- data/slice/Ice/Current.ice +1 -0
- data/slice/Ice/Endpoint.ice +1 -0
- data/slice/Ice/EndpointF.ice +1 -0
- data/slice/Ice/EndpointTypes.ice +1 -0
- data/slice/Ice/FacetMap.ice +1 -0
- data/slice/Ice/Identity.ice +1 -0
- data/slice/Ice/ImplicitContext.ice +1 -0
- data/slice/Ice/ImplicitContextF.ice +1 -0
- data/slice/Ice/Instrumentation.ice +1 -0
- data/slice/Ice/InstrumentationF.ice +1 -0
- data/slice/Ice/LocalException.ice +1 -0
- data/slice/Ice/Locator.ice +1 -0
- data/slice/Ice/LocatorF.ice +1 -0
- data/slice/Ice/Logger.ice +1 -0
- data/slice/Ice/LoggerF.ice +1 -0
- data/slice/Ice/Metrics.ice +1 -0
- data/slice/Ice/ObjectAdapter.ice +1 -0
- data/slice/Ice/ObjectAdapterF.ice +1 -0
- data/slice/Ice/ObjectFactory.ice +1 -0
- data/slice/Ice/Plugin.ice +1 -0
- data/slice/Ice/PluginF.ice +1 -0
- data/slice/Ice/Process.ice +1 -0
- data/slice/Ice/ProcessF.ice +1 -0
- data/slice/Ice/Properties.ice +1 -0
- data/slice/Ice/PropertiesAdmin.ice +1 -0
- data/slice/Ice/PropertiesF.ice +1 -0
- data/slice/Ice/RemoteLogger.ice +1 -0
- data/slice/Ice/Router.ice +1 -0
- data/slice/Ice/RouterF.ice +1 -0
- data/slice/Ice/ServantLocator.ice +1 -0
- data/slice/Ice/ServantLocatorF.ice +1 -0
- data/slice/Ice/SliceChecksumDict.ice +1 -0
- data/slice/Ice/ValueFactory.ice +1 -0
- data/slice/Ice/Version.ice +1 -0
- data/slice/IceBT/ConnectionInfo.ice +1 -0
- data/slice/IceBT/EndpointInfo.ice +1 -0
- data/slice/IceBT/Types.ice +1 -0
- data/slice/IceBox/IceBox.ice +1 -0
- data/slice/IceDiscovery/IceDiscovery.ice +1 -0
- data/slice/IceGrid/Admin.ice +1 -0
- data/slice/IceGrid/Descriptor.ice +1 -0
- data/slice/IceGrid/Exception.ice +1 -0
- data/slice/IceGrid/FileParser.ice +1 -0
- data/slice/IceGrid/PluginFacade.ice +1 -0
- data/slice/IceGrid/Registry.ice +1 -0
- data/slice/IceGrid/Session.ice +1 -0
- data/slice/IceGrid/UserAccountMapper.ice +1 -0
- data/slice/IceIAP/ConnectionInfo.ice +1 -0
- data/slice/IceIAP/EndpointInfo.ice +1 -0
- data/slice/IceLocatorDiscovery/IceLocatorDiscovery.ice +1 -0
- data/slice/IcePatch2/FileInfo.ice +1 -0
- data/slice/IcePatch2/FileServer.ice +1 -0
- data/slice/IceSSL/ConnectionInfo.ice +1 -0
- data/slice/IceSSL/ConnectionInfoF.ice +1 -0
- data/slice/IceSSL/EndpointInfo.ice +1 -0
- data/slice/IceStorm/IceStorm.ice +1 -0
- data/slice/IceStorm/Metrics.ice +4 -1
- metadata +4 -4
@@ -10,8 +10,10 @@
|
|
10
10
|
|
11
11
|
#include <IceSSL/ConnectionInfo.h>
|
12
12
|
#include <IceSSL/Instance.h>
|
13
|
+
#include <IceSSL/PluginI.h>
|
13
14
|
#include <IceSSL/SSLEngine.h>
|
14
15
|
#include <IceSSL/Util.h>
|
16
|
+
|
15
17
|
#include <Ice/Communicator.h>
|
16
18
|
#include <Ice/LoggerUtil.h>
|
17
19
|
#include <Ice/Buffer.h>
|
@@ -72,6 +74,103 @@ IceSSL_opensslVerifyCallback(int ok, X509_STORE_CTX* ctx)
|
|
72
74
|
|
73
75
|
}
|
74
76
|
|
77
|
+
namespace
|
78
|
+
{
|
79
|
+
|
80
|
+
TrustError trustStatusToTrustError(long status)
|
81
|
+
{
|
82
|
+
switch (status)
|
83
|
+
{
|
84
|
+
case X509_V_OK:
|
85
|
+
return IceSSL::ICE_ENUM(TrustError, NoError);
|
86
|
+
|
87
|
+
case X509_V_ERR_CERT_CHAIN_TOO_LONG:
|
88
|
+
return IceSSL::ICE_ENUM(TrustError, ChainTooLong);
|
89
|
+
|
90
|
+
case X509_V_ERR_EXCLUDED_VIOLATION:
|
91
|
+
return IceSSL::ICE_ENUM(TrustError, HasExcludedNameConstraint);
|
92
|
+
|
93
|
+
case X509_V_ERR_PERMITTED_VIOLATION:
|
94
|
+
return IceSSL::ICE_ENUM(TrustError, HasNonPermittedNameConstraint);
|
95
|
+
|
96
|
+
case X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION:
|
97
|
+
return IceSSL::ICE_ENUM(TrustError, HasNonSupportedCriticalExtension);
|
98
|
+
|
99
|
+
case X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE:
|
100
|
+
case X509_V_ERR_SUBTREE_MINMAX:
|
101
|
+
return IceSSL::ICE_ENUM(TrustError, HasNonSupportedNameConstraint);
|
102
|
+
|
103
|
+
case X509_V_ERR_HOSTNAME_MISMATCH:
|
104
|
+
case X509_V_ERR_IP_ADDRESS_MISMATCH:
|
105
|
+
return IceSSL::ICE_ENUM(TrustError, HostNameMismatch);
|
106
|
+
|
107
|
+
case X509_V_ERR_INVALID_CA:
|
108
|
+
case X509_V_ERR_INVALID_NON_CA:
|
109
|
+
case X509_V_ERR_PATH_LENGTH_EXCEEDED:
|
110
|
+
case X509_V_ERR_KEYUSAGE_NO_CERTSIGN:
|
111
|
+
case X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE:
|
112
|
+
return IceSSL::ICE_ENUM(TrustError, InvalidBasicConstraints);
|
113
|
+
|
114
|
+
case X509_V_ERR_INVALID_EXTENSION:
|
115
|
+
return IceSSL::ICE_ENUM(TrustError, InvalidExtension);
|
116
|
+
|
117
|
+
case X509_V_ERR_UNSUPPORTED_NAME_SYNTAX:
|
118
|
+
return IceSSL::ICE_ENUM(TrustError, InvalidNameConstraints);
|
119
|
+
|
120
|
+
case X509_V_ERR_INVALID_POLICY_EXTENSION:
|
121
|
+
case X509_V_ERR_NO_EXPLICIT_POLICY:
|
122
|
+
return IceSSL::ICE_ENUM(TrustError, InvalidPolicyConstraints);
|
123
|
+
|
124
|
+
case X509_V_ERR_INVALID_PURPOSE:
|
125
|
+
return IceSSL::ICE_ENUM(TrustError, InvalidPurpose);
|
126
|
+
|
127
|
+
case X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE:
|
128
|
+
case X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY:
|
129
|
+
case X509_V_ERR_CERT_SIGNATURE_FAILURE:
|
130
|
+
return IceSSL::ICE_ENUM(TrustError, InvalidSignature);
|
131
|
+
|
132
|
+
case X509_V_ERR_CERT_NOT_YET_VALID:
|
133
|
+
case X509_V_ERR_CERT_HAS_EXPIRED:
|
134
|
+
case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
|
135
|
+
case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
|
136
|
+
return IceSSL::ICE_ENUM(TrustError, InvalidTime);
|
137
|
+
|
138
|
+
case X509_V_ERR_CERT_REJECTED:
|
139
|
+
return IceSSL::ICE_ENUM(TrustError, NotTrusted);
|
140
|
+
|
141
|
+
case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
|
142
|
+
case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY:
|
143
|
+
case X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE:
|
144
|
+
return IceSSL::ICE_ENUM(TrustError, PartialChain);
|
145
|
+
|
146
|
+
case X509_V_ERR_CRL_HAS_EXPIRED:
|
147
|
+
case X509_V_ERR_CRL_NOT_YET_VALID:
|
148
|
+
case X509_V_ERR_CRL_SIGNATURE_FAILURE:
|
149
|
+
case X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD:
|
150
|
+
case X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD:
|
151
|
+
case X509_V_ERR_KEYUSAGE_NO_CRL_SIGN:
|
152
|
+
case X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE:
|
153
|
+
case X509_V_ERR_UNABLE_TO_GET_CRL:
|
154
|
+
case X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER:
|
155
|
+
case X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION:
|
156
|
+
case X509_V_ERR_CRL_PATH_VALIDATION_ERROR:
|
157
|
+
return IceSSL::ICE_ENUM(TrustError, RevocationStatusUnknown);
|
158
|
+
|
159
|
+
case X509_V_ERR_CERT_REVOKED:
|
160
|
+
return IceSSL::ICE_ENUM(TrustError, Revoked);
|
161
|
+
|
162
|
+
case X509_V_ERR_CERT_UNTRUSTED:
|
163
|
+
case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
|
164
|
+
case X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN:
|
165
|
+
return IceSSL::ICE_ENUM(TrustError, UntrustedRoot);
|
166
|
+
|
167
|
+
default:
|
168
|
+
return IceSSL::ICE_ENUM(TrustError, UnknownTrustFailure);
|
169
|
+
}
|
170
|
+
}
|
171
|
+
|
172
|
+
}
|
173
|
+
|
75
174
|
IceInternal::NativeInfoPtr
|
76
175
|
OpenSSL::TransceiverI::getNativeInfo()
|
77
176
|
{
|
@@ -300,16 +399,28 @@ OpenSSL::TransceiverI::initialize(IceInternal::Buffer& readBuffer, IceInternal::
|
|
300
399
|
}
|
301
400
|
case SSL_ERROR_SSL:
|
302
401
|
{
|
303
|
-
|
304
|
-
|
305
|
-
|
306
|
-
|
402
|
+
#if defined(SSL_R_UNEXPECTED_EOF_WHILE_READING)
|
403
|
+
if (SSL_R_UNEXPECTED_EOF_WHILE_READING == ERR_GET_REASON(ERR_get_error()))
|
404
|
+
{
|
405
|
+
throw ConnectionLostException(__FILE__, __LINE__, 0);
|
406
|
+
}
|
407
|
+
else
|
408
|
+
{
|
409
|
+
#endif
|
410
|
+
ostringstream ostr;
|
411
|
+
ostr << "SSL error occurred for new " << (_incoming ? "incoming" : "outgoing")
|
412
|
+
<< " connection:\n" << _delegate->toString() << "\n" << _engine->sslErrors();
|
413
|
+
throw ProtocolException(__FILE__, __LINE__, ostr.str());
|
414
|
+
#if defined(SSL_R_UNEXPECTED_EOF_WHILE_READING)
|
415
|
+
}
|
416
|
+
#endif
|
307
417
|
}
|
308
418
|
}
|
309
419
|
}
|
310
420
|
}
|
311
421
|
|
312
422
|
long result = SSL_get_verify_result(_ssl);
|
423
|
+
_trustError = trustStatusToTrustError(result);
|
313
424
|
if(result != X509_V_OK)
|
314
425
|
{
|
315
426
|
if(_engine->getVerifyPeer() == 0)
|
@@ -350,6 +461,7 @@ OpenSSL::TransceiverI::initialize(IceInternal::Buffer& readBuffer, IceInternal::
|
|
350
461
|
}
|
351
462
|
catch(const SecurityException&)
|
352
463
|
{
|
464
|
+
_trustError = IceSSL::ICE_ENUM(TrustError, HostNameMismatch);
|
353
465
|
_verified = false;
|
354
466
|
if(_engine->getVerifyPeer() > 0)
|
355
467
|
{
|
@@ -647,8 +759,19 @@ OpenSSL::TransceiverI::read(IceInternal::Buffer& buf)
|
|
647
759
|
}
|
648
760
|
case SSL_ERROR_SSL:
|
649
761
|
{
|
650
|
-
|
651
|
-
|
762
|
+
#if defined(SSL_R_UNEXPECTED_EOF_WHILE_READING)
|
763
|
+
if (SSL_R_UNEXPECTED_EOF_WHILE_READING == ERR_GET_REASON(ERR_get_error()))
|
764
|
+
{
|
765
|
+
throw ConnectionLostException(__FILE__, __LINE__, 0);
|
766
|
+
}
|
767
|
+
else
|
768
|
+
{
|
769
|
+
#endif
|
770
|
+
throw ProtocolException(__FILE__, __LINE__,
|
771
|
+
"SSL protocol error during read:\n" + _engine->sslErrors());
|
772
|
+
#if defined(SSL_R_UNEXPECTED_EOF_WHILE_READING)
|
773
|
+
}
|
774
|
+
#endif
|
652
775
|
}
|
653
776
|
}
|
654
777
|
}
|
@@ -823,13 +946,15 @@ OpenSSL::TransceiverI::toDetailedString() const
|
|
823
946
|
Ice::ConnectionInfoPtr
|
824
947
|
OpenSSL::TransceiverI::getInfo() const
|
825
948
|
{
|
826
|
-
|
949
|
+
ExtendedConnectionInfoPtr info = ICE_MAKE_SHARED(ExtendedConnectionInfo);
|
827
950
|
info->underlying = _delegate->getInfo();
|
828
951
|
info->incoming = _incoming;
|
829
952
|
info->adapterName = _adapterName;
|
830
953
|
info->cipher = _cipher;
|
831
954
|
info->certs = _certs;
|
832
955
|
info->verified = _verified;
|
956
|
+
info->errorCode = _trustError;
|
957
|
+
info->host = _incoming ? "" : _host;
|
833
958
|
return info;
|
834
959
|
}
|
835
960
|
|
@@ -130,3 +130,117 @@ ICEregisterIceSSL(bool loadOnInitialize)
|
|
130
130
|
{
|
131
131
|
Ice::registerIceSSL(loadOnInitialize);
|
132
132
|
}
|
133
|
+
|
134
|
+
IceSSL::TrustError
|
135
|
+
IceSSL::getTrustError(const IceSSL::ConnectionInfoPtr& info)
|
136
|
+
{
|
137
|
+
ExtendedConnectionInfoPtr extendedInfo = ICE_DYNAMIC_CAST(ExtendedConnectionInfo, info);
|
138
|
+
if (extendedInfo)
|
139
|
+
{
|
140
|
+
return extendedInfo->errorCode;
|
141
|
+
}
|
142
|
+
return info->verified ? IceSSL::ICE_ENUM(TrustError, NoError) : IceSSL::ICE_ENUM(TrustError, UnknownTrustFailure);
|
143
|
+
}
|
144
|
+
|
145
|
+
std::string
|
146
|
+
IceSSL::getTrustErrorDescription(TrustError error)
|
147
|
+
{
|
148
|
+
switch(error)
|
149
|
+
{
|
150
|
+
case IceSSL::ICE_ENUM(TrustError, NoError):
|
151
|
+
{
|
152
|
+
return "no error";
|
153
|
+
}
|
154
|
+
case IceSSL::ICE_ENUM(TrustError, ChainTooLong):
|
155
|
+
{
|
156
|
+
return "the certificate chain length is greater than the specified maximum depth";
|
157
|
+
}
|
158
|
+
case IceSSL::ICE_ENUM(TrustError, HasExcludedNameConstraint):
|
159
|
+
{
|
160
|
+
return "the X509 chain is invalid because a certificate has excluded a name constraint";
|
161
|
+
}
|
162
|
+
case IceSSL::ICE_ENUM(TrustError, HasNonDefinedNameConstraint):
|
163
|
+
{
|
164
|
+
return "the certificate has an undefined name constraint";
|
165
|
+
}
|
166
|
+
case IceSSL::ICE_ENUM(TrustError, HasNonPermittedNameConstraint):
|
167
|
+
{
|
168
|
+
return "the certificate has a non permitted name constrain";
|
169
|
+
}
|
170
|
+
case IceSSL::ICE_ENUM(TrustError, HasNonSupportedCriticalExtension):
|
171
|
+
{
|
172
|
+
return "the certificate does not support a critical extension";
|
173
|
+
}
|
174
|
+
case IceSSL::ICE_ENUM(TrustError, HasNonSupportedNameConstraint):
|
175
|
+
{
|
176
|
+
return "the certificate does not have a supported name constraint or has a name constraint that "
|
177
|
+
"is unsupported";
|
178
|
+
}
|
179
|
+
case IceSSL::ICE_ENUM(TrustError, HostNameMismatch):
|
180
|
+
{
|
181
|
+
return "a host name mismatch has occurred";
|
182
|
+
}
|
183
|
+
case IceSSL::ICE_ENUM(TrustError, InvalidBasicConstraints):
|
184
|
+
{
|
185
|
+
return "the X509 chain is invalid due to invalid basic constraints";
|
186
|
+
}
|
187
|
+
case IceSSL::ICE_ENUM(TrustError, InvalidExtension):
|
188
|
+
{
|
189
|
+
return "the X509 chain is invalid due to an invalid extension";
|
190
|
+
}
|
191
|
+
case IceSSL::ICE_ENUM(TrustError, InvalidNameConstraints):
|
192
|
+
{
|
193
|
+
return "the X509 chain is invalid due to invalid name constraints";
|
194
|
+
}
|
195
|
+
case IceSSL::ICE_ENUM(TrustError, InvalidPolicyConstraints):
|
196
|
+
{
|
197
|
+
return "the X509 chain is invalid due to invalid policy constraints";
|
198
|
+
}
|
199
|
+
case IceSSL::ICE_ENUM(TrustError, InvalidPurpose):
|
200
|
+
{
|
201
|
+
return "the supplied certificate cannot be used for the specified purpose";
|
202
|
+
}
|
203
|
+
case IceSSL::ICE_ENUM(TrustError, InvalidSignature):
|
204
|
+
{
|
205
|
+
return "the X509 chain is invalid due to an invalid certificate signature";
|
206
|
+
}
|
207
|
+
case IceSSL::ICE_ENUM(TrustError, InvalidTime):
|
208
|
+
{
|
209
|
+
return "the X509 chain is not valid due to an invalid time value, such as a value that indicates an "
|
210
|
+
"expired certificate";
|
211
|
+
}
|
212
|
+
case IceSSL::ICE_ENUM(TrustError, NotTrusted):
|
213
|
+
{
|
214
|
+
return "the certificate is explicitly distrusted";
|
215
|
+
}
|
216
|
+
case IceSSL::ICE_ENUM(TrustError, PartialChain):
|
217
|
+
{
|
218
|
+
return "the X509 chain could not be built up to the root certificate";
|
219
|
+
}
|
220
|
+
case IceSSL::ICE_ENUM(TrustError, RevocationStatusUnknown):
|
221
|
+
{
|
222
|
+
return "it is not possible to determine whether the certificate has been revoked";
|
223
|
+
}
|
224
|
+
case IceSSL::ICE_ENUM(TrustError, Revoked):
|
225
|
+
{
|
226
|
+
return "the X509 chain is invalid due to a revoked certificate";
|
227
|
+
}
|
228
|
+
case IceSSL::ICE_ENUM(TrustError, UntrustedRoot):
|
229
|
+
{
|
230
|
+
return "the X509 chain is invalid due to an untrusted root certificate";
|
231
|
+
}
|
232
|
+
case IceSSL::ICE_ENUM(TrustError, UnknownTrustFailure):
|
233
|
+
{
|
234
|
+
return "unknown failure";
|
235
|
+
}
|
236
|
+
}
|
237
|
+
assert(false);
|
238
|
+
return "unknown failure";
|
239
|
+
}
|
240
|
+
|
241
|
+
std::string
|
242
|
+
IceSSL::getHost(const IceSSL::ConnectionInfoPtr& info)
|
243
|
+
{
|
244
|
+
ExtendedConnectionInfoPtr extendedInfo = ICE_DYNAMIC_CAST(ExtendedConnectionInfo, info);
|
245
|
+
return extendedInfo ? extendedInfo->host : "";
|
246
|
+
}
|
@@ -7,11 +7,32 @@
|
|
7
7
|
|
8
8
|
#include <IceSSL/Plugin.h>
|
9
9
|
#include <IceSSL/SSLEngineF.h>
|
10
|
+
#include <IceSSL/ConnectionInfo.h>
|
10
11
|
#include <Ice/CommunicatorF.h>
|
11
12
|
|
12
13
|
namespace IceSSL
|
13
14
|
{
|
14
15
|
|
16
|
+
class ExtendedConnectionInfo : public ConnectionInfo
|
17
|
+
{
|
18
|
+
public:
|
19
|
+
|
20
|
+
TrustError errorCode;
|
21
|
+
std::string host;
|
22
|
+
};
|
23
|
+
ICE_DEFINE_PTR(ExtendedConnectionInfoPtr, ExtendedConnectionInfo);
|
24
|
+
|
25
|
+
// TODO: This class provides new certificate virtual methods that canot be added directly to the certificate class
|
26
|
+
// without breaking binary compatibility. The class can be removed once the relevant methods can be marked as virtual in
|
27
|
+
// the certificate class in the next major release (3.8.x).
|
28
|
+
class ICESSL_API CertificateExtendedInfo
|
29
|
+
{
|
30
|
+
public:
|
31
|
+
|
32
|
+
virtual unsigned int getKeyUsage() const = 0;
|
33
|
+
virtual unsigned int getExtendedKeyUsage() const = 0;
|
34
|
+
};
|
35
|
+
|
15
36
|
class ICESSL_API PluginI : public virtual IceSSL::Plugin
|
16
37
|
{
|
17
38
|
public:
|
@@ -2,7 +2,7 @@
|
|
2
2
|
// Copyright (c) ZeroC, Inc. All rights reserved.
|
3
3
|
//
|
4
4
|
|
5
|
-
#include <IceSSL/
|
5
|
+
#include <IceSSL/PluginI.h>
|
6
6
|
#include <IceSSL/SChannel.h>
|
7
7
|
#include <IceSSL/CertificateI.h>
|
8
8
|
#include <IceSSL/Util.h>
|
@@ -59,6 +59,7 @@ private:
|
|
59
59
|
|
60
60
|
class SChannelCertificateI : public SChannel::Certificate,
|
61
61
|
public CertificateI,
|
62
|
+
public IceSSL::CertificateExtendedInfo,
|
62
63
|
public IceUtil::Mutex
|
63
64
|
{
|
64
65
|
public:
|
@@ -94,6 +95,9 @@ protected:
|
|
94
95
|
|
95
96
|
private:
|
96
97
|
|
98
|
+
virtual unsigned int getKeyUsage() const;
|
99
|
+
virtual unsigned int getExtendedKeyUsage() const;
|
100
|
+
|
97
101
|
CERT_SIGNED_CONTENT_INFO* _cert;
|
98
102
|
CERT_INFO* _certInfo;
|
99
103
|
CertInfoHolderPtr _certInfoHolder;
|
@@ -557,6 +561,143 @@ SChannelCertificateI::loadX509Extensions() const
|
|
557
561
|
}
|
558
562
|
}
|
559
563
|
|
564
|
+
unsigned int
|
565
|
+
SChannelCertificateI::getKeyUsage() const
|
566
|
+
{
|
567
|
+
unsigned int keyUsage = 0;
|
568
|
+
BYTE usage[2];
|
569
|
+
if(CertGetIntendedKeyUsage(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, _certInfo, usage, 2))
|
570
|
+
{
|
571
|
+
if (usage[0] & CERT_DIGITAL_SIGNATURE_KEY_USAGE)
|
572
|
+
{
|
573
|
+
keyUsage |= KEY_USAGE_DIGITAL_SIGNATURE;
|
574
|
+
}
|
575
|
+
if (usage[0] & CERT_NON_REPUDIATION_KEY_USAGE)
|
576
|
+
{
|
577
|
+
keyUsage |= KEY_USAGE_NON_REPUDIATION;
|
578
|
+
}
|
579
|
+
if (usage[0] & CERT_KEY_ENCIPHERMENT_KEY_USAGE)
|
580
|
+
{
|
581
|
+
keyUsage |= KEY_USAGE_KEY_ENCIPHERMENT;
|
582
|
+
}
|
583
|
+
if (usage[0] & CERT_DATA_ENCIPHERMENT_KEY_USAGE)
|
584
|
+
{
|
585
|
+
keyUsage |= KEY_USAGE_DATA_ENCIPHERMENT;
|
586
|
+
}
|
587
|
+
if (usage[0] & CERT_KEY_AGREEMENT_KEY_USAGE)
|
588
|
+
{
|
589
|
+
keyUsage |= KEY_USAGE_KEY_AGREEMENT;
|
590
|
+
}
|
591
|
+
if (usage[0] & CERT_KEY_CERT_SIGN_KEY_USAGE)
|
592
|
+
{
|
593
|
+
keyUsage |= KEY_USAGE_KEY_CERT_SIGN;
|
594
|
+
}
|
595
|
+
if(usage[0] & CERT_CRL_SIGN_KEY_USAGE)
|
596
|
+
{
|
597
|
+
keyUsage |= KEY_USAGE_CRL_SIGN;
|
598
|
+
}
|
599
|
+
if(usage[0] & CERT_ENCIPHER_ONLY_KEY_USAGE)
|
600
|
+
{
|
601
|
+
keyUsage |= KEY_USAGE_ENCIPHER_ONLY;
|
602
|
+
}
|
603
|
+
if(usage[1] & CERT_DECIPHER_ONLY_KEY_USAGE)
|
604
|
+
{
|
605
|
+
keyUsage |= KEY_USAGE_DECIPHER_ONLY;
|
606
|
+
}
|
607
|
+
}
|
608
|
+
else if(GetLastError())
|
609
|
+
{
|
610
|
+
throw CertificateEncodingException(__FILE__, __LINE__, IceUtilInternal::lastErrorToString());
|
611
|
+
}
|
612
|
+
return keyUsage;
|
613
|
+
}
|
614
|
+
|
615
|
+
unsigned int
|
616
|
+
SChannelCertificateI::getExtendedKeyUsage() const
|
617
|
+
{
|
618
|
+
unsigned int extendedKeyUsage = 0;
|
619
|
+
const CERT_CONTEXT* certContext = CertCreateCertificateContext(X509_ASN_ENCODING,
|
620
|
+
_cert->ToBeSigned.pbData,
|
621
|
+
_cert->ToBeSigned.cbData);
|
622
|
+
if(certContext == 0)
|
623
|
+
{
|
624
|
+
throw CertificateEncodingException(__FILE__, __LINE__, IceUtilInternal::lastErrorToString());
|
625
|
+
}
|
626
|
+
try
|
627
|
+
{
|
628
|
+
DWORD cbUsage;
|
629
|
+
if(!CertGetEnhancedKeyUsage(certContext, 0, 0, &cbUsage))
|
630
|
+
{
|
631
|
+
if(GetLastError() == CRYPT_E_NOT_FOUND)
|
632
|
+
{
|
633
|
+
return 0;
|
634
|
+
}
|
635
|
+
else
|
636
|
+
{
|
637
|
+
throw CertificateEncodingException(__FILE__, __LINE__, IceUtilInternal::lastErrorToString());
|
638
|
+
}
|
639
|
+
}
|
640
|
+
|
641
|
+
if (cbUsage > 0)
|
642
|
+
{
|
643
|
+
vector<unsigned char> pUsage;
|
644
|
+
pUsage.resize(cbUsage);
|
645
|
+
if(!CertGetEnhancedKeyUsage(certContext, 0, reinterpret_cast<CERT_ENHKEY_USAGE*>(&pUsage[0]), &cbUsage))
|
646
|
+
{
|
647
|
+
if(GetLastError() == CRYPT_E_NOT_FOUND)
|
648
|
+
{
|
649
|
+
return 0;
|
650
|
+
}
|
651
|
+
else
|
652
|
+
{
|
653
|
+
throw CertificateEncodingException(__FILE__, __LINE__, IceUtilInternal::lastErrorToString());
|
654
|
+
}
|
655
|
+
}
|
656
|
+
|
657
|
+
CERT_ENHKEY_USAGE* enkeyUsage = reinterpret_cast<CERT_ENHKEY_USAGE*>(&pUsage[0]);
|
658
|
+
for(DWORD i = 0; i < enkeyUsage->cUsageIdentifier; i++)
|
659
|
+
{
|
660
|
+
LPSTR oid = enkeyUsage->rgpszUsageIdentifier[i];
|
661
|
+
if(strcmp(oid, szOID_ANY_ENHANCED_KEY_USAGE) == 0)
|
662
|
+
{
|
663
|
+
extendedKeyUsage |= EXTENDED_KEY_USAGE_ANY_KEY_USAGE;
|
664
|
+
}
|
665
|
+
if(strcmp(oid, szOID_PKIX_KP_SERVER_AUTH) == 0)
|
666
|
+
{
|
667
|
+
extendedKeyUsage |= EXTENDED_KEY_USAGE_SERVER_AUTH;
|
668
|
+
}
|
669
|
+
if(strcmp(oid, szOID_PKIX_KP_CLIENT_AUTH) == 0)
|
670
|
+
{
|
671
|
+
extendedKeyUsage |= EXTENDED_KEY_USAGE_CLIENT_AUTH;
|
672
|
+
}
|
673
|
+
if(strcmp(oid, szOID_PKIX_KP_CODE_SIGNING) == 0)
|
674
|
+
{
|
675
|
+
extendedKeyUsage |= EXTENDED_KEY_USAGE_CODE_SIGNING;
|
676
|
+
}
|
677
|
+
if(strcmp(oid, szOID_PKIX_KP_EMAIL_PROTECTION) == 0)
|
678
|
+
{
|
679
|
+
extendedKeyUsage |= EXTENDED_KEY_USAGE_EMAIL_PROTECTION;
|
680
|
+
}
|
681
|
+
if(strcmp(oid, szOID_PKIX_KP_TIMESTAMP_SIGNING) == 0)
|
682
|
+
{
|
683
|
+
extendedKeyUsage |= EXTENDED_KEY_USAGE_TIME_STAMPING;
|
684
|
+
}
|
685
|
+
if(strcmp(oid, szOID_PKIX_KP_OCSP_SIGNING) == 0)
|
686
|
+
{
|
687
|
+
extendedKeyUsage |= EXTENDED_KEY_USAGE_OCSP_SIGNING;
|
688
|
+
}
|
689
|
+
}
|
690
|
+
}
|
691
|
+
CertFreeCertificateContext(certContext);
|
692
|
+
}
|
693
|
+
catch(...)
|
694
|
+
{
|
695
|
+
CertFreeCertificateContext(certContext);
|
696
|
+
throw;
|
697
|
+
}
|
698
|
+
return extendedKeyUsage;
|
699
|
+
}
|
700
|
+
|
560
701
|
SChannel::CertificatePtr
|
561
702
|
SChannel::Certificate::create(CERT_SIGNED_CONTENT_INFO* cert)
|
562
703
|
{
|