RubyGems - zeroc-ice - Versions diffs - 3.7.5 → 3.7.8 - Mend

zeroc-ice 3.7.5 → 3.7.8

Files changed (271) hide show

checksums.yaml +4 -4
data/ext/Config.h +13 -0
data/ext/Util.cpp +0 -4
data/ext/ice/cpp/include/Ice/Exception.h +3 -3
data/ext/ice/cpp/include/Ice/Functional.h +3 -1
data/ext/ice/cpp/include/Ice/IconvStringConverter.h +1 -1
data/ext/ice/cpp/include/Ice/Object.h +7 -0
data/ext/ice/cpp/include/Ice/Proxy.h +25 -16
data/ext/ice/cpp/include/Ice/Service.h +1 -1
data/ext/ice/cpp/include/IceSSL/Plugin.h +142 -0
data/ext/ice/cpp/include/IceUtil/Config.h +3 -2
data/ext/ice/cpp/include/IceUtil/Functional.h +3 -1
data/ext/ice/cpp/include/IceUtil/MutexPtrLock.h +4 -4
data/ext/ice/cpp/include/IceUtil/ResourceConfig.h +2 -2
data/ext/ice/cpp/include/generated/Ice/BuiltinSequences.h +2 -2
data/ext/ice/cpp/include/generated/Ice/Communicator.h +8 -2
data/ext/ice/cpp/include/generated/Ice/CommunicatorF.h +2 -2
data/ext/ice/cpp/include/generated/Ice/Connection.h +45 -2
data/ext/ice/cpp/include/generated/Ice/ConnectionF.h +2 -2
data/ext/ice/cpp/include/generated/Ice/Current.h +2 -2
data/ext/ice/cpp/include/generated/Ice/Endpoint.h +38 -2
data/ext/ice/cpp/include/generated/Ice/EndpointF.h +2 -2
data/ext/ice/cpp/include/generated/Ice/EndpointTypes.h +2 -2
data/ext/ice/cpp/include/generated/Ice/FacetMap.h +2 -2
data/ext/ice/cpp/include/generated/Ice/Identity.h +2 -2
data/ext/ice/cpp/include/generated/Ice/ImplicitContext.h +8 -2
data/ext/ice/cpp/include/generated/Ice/ImplicitContextF.h +2 -2
data/ext/ice/cpp/include/generated/Ice/Instrumentation.h +62 -2
data/ext/ice/cpp/include/generated/Ice/InstrumentationF.h +2 -2
data/ext/ice/cpp/include/generated/Ice/LocalException.h +464 -68
data/ext/ice/cpp/include/generated/Ice/Locator.h +55 -7
data/ext/ice/cpp/include/generated/Ice/LocatorF.h +2 -2
data/ext/ice/cpp/include/generated/Ice/Logger.h +8 -2
data/ext/ice/cpp/include/generated/Ice/LoggerF.h +2 -2
data/ext/ice/cpp/include/generated/Ice/Metrics.h +63 -11
data/ext/ice/cpp/include/generated/Ice/ObjectAdapter.h +8 -2
data/ext/ice/cpp/include/generated/Ice/ObjectAdapterF.h +2 -2
data/ext/ice/cpp/include/generated/Ice/ObjectFactory.h +8 -2
data/ext/ice/cpp/include/generated/Ice/Plugin.h +14 -2
data/ext/ice/cpp/include/generated/Ice/PluginF.h +2 -2
data/ext/ice/cpp/include/generated/Ice/Process.h +8 -2
data/ext/ice/cpp/include/generated/Ice/ProcessF.h +2 -2
data/ext/ice/cpp/include/generated/Ice/Properties.h +8 -2
data/ext/ice/cpp/include/generated/Ice/PropertiesAdmin.h +8 -2
data/ext/ice/cpp/include/generated/Ice/PropertiesF.h +2 -2
data/ext/ice/cpp/include/generated/Ice/RemoteLogger.h +21 -3
data/ext/ice/cpp/include/generated/Ice/Router.h +14 -2
data/ext/ice/cpp/include/generated/Ice/RouterF.h +2 -2
data/ext/ice/cpp/include/generated/Ice/ServantLocator.h +8 -2
data/ext/ice/cpp/include/generated/Ice/ServantLocatorF.h +2 -2
data/ext/ice/cpp/include/generated/Ice/SliceChecksumDict.h +2 -2
data/ext/ice/cpp/include/generated/Ice/ValueFactory.h +14 -2
data/ext/ice/cpp/include/generated/Ice/Version.h +2 -2
data/ext/ice/cpp/include/generated/IceSSL/ConnectionInfo.h +7 -2
data/ext/ice/cpp/include/generated/IceSSL/ConnectionInfoF.h +2 -2
data/ext/ice/cpp/include/generated/IceSSL/EndpointInfo.h +7 -2
data/ext/ice/cpp/src/Ice/BuiltinSequences.cpp +2 -2
data/ext/ice/cpp/src/Ice/Communicator.cpp +2 -2
data/ext/ice/cpp/src/Ice/CommunicatorF.cpp +2 -2
data/ext/ice/cpp/src/Ice/Connection.cpp +2 -2
data/ext/ice/cpp/src/Ice/ConnectionF.cpp +2 -2
data/ext/ice/cpp/src/Ice/ConnectionFactory.cpp +3 -3
data/ext/ice/cpp/src/Ice/Current.cpp +2 -2
data/ext/ice/cpp/src/Ice/Endpoint.cpp +2 -2
data/ext/ice/cpp/src/Ice/EndpointF.cpp +2 -2
data/ext/ice/cpp/src/Ice/EndpointTypes.cpp +2 -2
data/ext/ice/cpp/src/Ice/FacetMap.cpp +2 -2
data/ext/ice/cpp/src/Ice/Identity.cpp +2 -2
data/ext/ice/cpp/src/Ice/ImplicitContext.cpp +2 -2
data/ext/ice/cpp/src/Ice/ImplicitContextF.cpp +2 -2
data/ext/ice/cpp/src/Ice/InputStream.cpp +10 -10
data/ext/ice/cpp/src/Ice/Instrumentation.cpp +2 -2
data/ext/ice/cpp/src/Ice/InstrumentationF.cpp +2 -2
data/ext/ice/cpp/src/Ice/LocalException.cpp +398 -2
data/ext/ice/cpp/src/Ice/Locator.cpp +32 -2
data/ext/ice/cpp/src/Ice/LocatorF.cpp +2 -2
data/ext/ice/cpp/src/Ice/LocatorInfo.cpp +3 -3
data/ext/ice/cpp/src/Ice/Logger.cpp +2 -2
data/ext/ice/cpp/src/Ice/LoggerF.cpp +2 -2
data/ext/ice/cpp/src/Ice/Metrics.cpp +8 -2
data/ext/ice/cpp/src/Ice/ObjectAdapter.cpp +2 -2
data/ext/ice/cpp/src/Ice/ObjectAdapterF.cpp +2 -2
data/ext/ice/cpp/src/Ice/ObjectAdapterFactory.cpp +4 -4
data/ext/ice/cpp/src/Ice/ObjectAdapterI.cpp +8 -8
data/ext/ice/cpp/src/Ice/ObjectFactory.cpp +2 -2
data/ext/ice/cpp/src/Ice/Plugin.cpp +2 -2
data/ext/ice/cpp/src/Ice/PluginF.cpp +2 -2
data/ext/ice/cpp/src/Ice/Process.cpp +2 -2
data/ext/ice/cpp/src/Ice/ProcessF.cpp +2 -2
data/ext/ice/cpp/src/Ice/Properties.cpp +2 -2
data/ext/ice/cpp/src/Ice/PropertiesAdmin.cpp +2 -2
data/ext/ice/cpp/src/Ice/PropertiesF.cpp +2 -2
data/ext/ice/cpp/src/Ice/PropertyNames.cpp +5 -3
data/ext/ice/cpp/src/Ice/PropertyNames.h +1 -1
data/ext/ice/cpp/src/Ice/RemoteLogger.cpp +8 -2
data/ext/ice/cpp/src/Ice/Router.cpp +2 -2
data/ext/ice/cpp/src/Ice/RouterF.cpp +2 -2
data/ext/ice/cpp/src/Ice/RouterInfo.cpp +6 -2
data/ext/ice/cpp/src/Ice/SHA1.cpp +2 -0
data/ext/ice/cpp/src/Ice/ServantLocator.cpp +2 -2
data/ext/ice/cpp/src/Ice/ServantLocatorF.cpp +2 -2
data/ext/ice/cpp/src/Ice/SliceChecksumDict.cpp +2 -2
data/ext/ice/cpp/src/Ice/Thread.cpp +2 -2
data/ext/ice/cpp/src/Ice/ThreadPool.cpp +5 -1
data/ext/ice/cpp/src/Ice/ValueFactory.cpp +2 -2
data/ext/ice/cpp/src/Ice/Version.cpp +2 -2
data/ext/ice/cpp/src/IceDiscovery/IceDiscovery.cpp +2 -2
data/ext/ice/cpp/src/IceDiscovery/IceDiscovery.h +14 -2
data/ext/ice/cpp/src/IceLocatorDiscovery/IceLocatorDiscovery.cpp +2 -2
data/ext/ice/cpp/src/IceLocatorDiscovery/IceLocatorDiscovery.h +14 -2
data/ext/ice/cpp/src/IceSSL/CertificateI.cpp +23 -1
data/ext/ice/cpp/src/IceSSL/ConnectionInfo.cpp +2 -2
data/ext/ice/cpp/src/IceSSL/ConnectionInfoF.cpp +2 -2
data/ext/ice/cpp/src/IceSSL/EndpointInfo.cpp +2 -2
data/ext/ice/cpp/src/IceSSL/OpenSSLCertificateI.cpp +114 -6
data/ext/ice/cpp/src/IceSSL/OpenSSLEngine.cpp +60 -1
data/ext/ice/cpp/src/IceSSL/OpenSSLTransceiverI.cpp +132 -7
data/ext/ice/cpp/src/IceSSL/OpenSSLTransceiverI.h +1 -0
data/ext/ice/cpp/src/IceSSL/OpenSSLUtil.cpp +2 -0
data/ext/ice/cpp/src/IceSSL/PluginI.cpp +114 -0
data/ext/ice/cpp/src/IceSSL/PluginI.h +21 -0
data/ext/ice/cpp/src/IceSSL/SChannelCertificateI.cpp +142 -1
data/ext/ice/cpp/src/IceSSL/SChannelTransceiverI.cpp +117 -3
data/ext/ice/cpp/src/IceSSL/SChannelTransceiverI.h +1 -0
data/ext/ice/cpp/src/IceSSL/SSLEngine.cpp +20 -1
data/ext/ice/cpp/src/IceSSL/SSLEngine.h +4 -0
data/ext/ice/cpp/src/IceSSL/SecureTransportCertificateI.cpp +133 -2
data/ext/ice/cpp/src/IceSSL/SecureTransportTransceiverI.cpp +150 -88
data/ext/ice/cpp/src/IceSSL/SecureTransportTransceiverI.h +1 -0
data/ext/ice/cpp/src/IceUtil/OutputUtil.cpp +7 -2
data/ext/ice/cpp/src/IceUtil/StringConverter.cpp +6 -0
data/ext/ice/cpp/src/IceUtil/Time.cpp +2 -2
data/ext/ice/cpp/src/Slice/CPlusPlusUtil.cpp +9 -5
data/ext/ice/cpp/src/Slice/JavaUtil.cpp +8 -0
data/ext/ice/cpp/src/Slice/MD5I.cpp +2 -1
data/ext/ice/cpp/src/Slice/PHPUtil.cpp +4 -0
data/ext/ice/cpp/src/Slice/Parser.cpp +4 -0
data/ext/ice/cpp/src/Slice/Parser.h +2 -2
data/ext/ice/cpp/src/Slice/PythonUtil.cpp +40 -3
data/ext/ice/cpp/src/Slice/Scanner.cpp +620 -368
data/ext/ice/mcpp/CMakeLists.txt +80 -0
data/ext/ice/mcpp/expand.c +6 -6
data/ice.gemspec +1 -1
data/lib/Glacier2/Metrics.rb +1 -1
data/lib/Glacier2/PermissionsVerifier.rb +1 -1
data/lib/Glacier2/PermissionsVerifierF.rb +1 -1
data/lib/Glacier2/Router.rb +1 -1
data/lib/Glacier2/RouterF.rb +1 -1
data/lib/Glacier2/SSLInfo.rb +1 -1
data/lib/Glacier2/Session.rb +1 -1
data/lib/Ice/BuiltinSequences.rb +1 -1
data/lib/Ice/Communicator.rb +1 -1
data/lib/Ice/CommunicatorF.rb +1 -1
data/lib/Ice/Connection.rb +1 -1
data/lib/Ice/ConnectionF.rb +1 -1
data/lib/Ice/Current.rb +1 -1
data/lib/Ice/Endpoint.rb +1 -1
data/lib/Ice/EndpointF.rb +1 -1
data/lib/Ice/EndpointTypes.rb +1 -1
data/lib/Ice/FacetMap.rb +1 -1
data/lib/Ice/Identity.rb +1 -1
data/lib/Ice/ImplicitContext.rb +1 -1
data/lib/Ice/ImplicitContextF.rb +1 -1
data/lib/Ice/Instrumentation.rb +1 -1
data/lib/Ice/InstrumentationF.rb +1 -1
data/lib/Ice/LocalException.rb +1 -1
data/lib/Ice/Locator.rb +1 -1
data/lib/Ice/LocatorF.rb +1 -1
data/lib/Ice/Logger.rb +1 -1
data/lib/Ice/LoggerF.rb +1 -1
data/lib/Ice/Metrics.rb +1 -1
data/lib/Ice/ObjectAdapter.rb +1 -1
data/lib/Ice/ObjectAdapterF.rb +1 -1
data/lib/Ice/ObjectFactory.rb +1 -1
data/lib/Ice/Plugin.rb +1 -1
data/lib/Ice/PluginF.rb +1 -1
data/lib/Ice/Process.rb +1 -1
data/lib/Ice/ProcessF.rb +1 -1
data/lib/Ice/Properties.rb +1 -1
data/lib/Ice/PropertiesAdmin.rb +1 -1
data/lib/Ice/PropertiesF.rb +1 -1
data/lib/Ice/RemoteLogger.rb +1 -1
data/lib/Ice/Router.rb +1 -1
data/lib/Ice/RouterF.rb +1 -1
data/lib/Ice/ServantLocator.rb +1 -1
data/lib/Ice/ServantLocatorF.rb +1 -1
data/lib/Ice/SliceChecksumDict.rb +1 -1
data/lib/Ice/ValueFactory.rb +1 -1
data/lib/Ice/Version.rb +1 -1
data/lib/IceBox/IceBox.rb +1 -1
data/lib/IceGrid/Admin.rb +1 -1
data/lib/IceGrid/Descriptor.rb +1 -1
data/lib/IceGrid/Exception.rb +1 -1
data/lib/IceGrid/FileParser.rb +1 -1
data/lib/IceGrid/PluginFacade.rb +1 -1
data/lib/IceGrid/Registry.rb +1 -1
data/lib/IceGrid/Session.rb +1 -1
data/lib/IceGrid/UserAccountMapper.rb +1 -1
data/lib/IcePatch2/FileInfo.rb +1 -1
data/lib/IcePatch2/FileServer.rb +1 -1
data/lib/IceStorm/IceStorm.rb +1 -1
data/lib/IceStorm/Metrics.rb +1 -1
data/slice/Glacier2/PermissionsVerifier.ice +1 -0
data/slice/Glacier2/PermissionsVerifierF.ice +1 -0
data/slice/Glacier2/Router.ice +1 -0
data/slice/Glacier2/RouterF.ice +1 -0
data/slice/Glacier2/SSLInfo.ice +1 -0
data/slice/Glacier2/Session.ice +1 -0
data/slice/Ice/BuiltinSequences.ice +1 -0
data/slice/Ice/Communicator.ice +1 -0
data/slice/Ice/CommunicatorF.ice +1 -0
data/slice/Ice/Connection.ice +1 -0
data/slice/Ice/ConnectionF.ice +1 -0
data/slice/Ice/Current.ice +1 -0
data/slice/Ice/Endpoint.ice +1 -0
data/slice/Ice/EndpointF.ice +1 -0
data/slice/Ice/EndpointTypes.ice +1 -0
data/slice/Ice/FacetMap.ice +1 -0
data/slice/Ice/Identity.ice +1 -0
data/slice/Ice/ImplicitContext.ice +1 -0
data/slice/Ice/ImplicitContextF.ice +1 -0
data/slice/Ice/Instrumentation.ice +1 -0
data/slice/Ice/InstrumentationF.ice +1 -0
data/slice/Ice/LocalException.ice +1 -0
data/slice/Ice/Locator.ice +1 -0
data/slice/Ice/LocatorF.ice +1 -0
data/slice/Ice/Logger.ice +1 -0
data/slice/Ice/LoggerF.ice +1 -0
data/slice/Ice/Metrics.ice +1 -0
data/slice/Ice/ObjectAdapter.ice +1 -0
data/slice/Ice/ObjectAdapterF.ice +1 -0
data/slice/Ice/ObjectFactory.ice +1 -0
data/slice/Ice/Plugin.ice +1 -0
data/slice/Ice/PluginF.ice +1 -0
data/slice/Ice/Process.ice +1 -0
data/slice/Ice/ProcessF.ice +1 -0
data/slice/Ice/Properties.ice +1 -0
data/slice/Ice/PropertiesAdmin.ice +1 -0
data/slice/Ice/PropertiesF.ice +1 -0
data/slice/Ice/RemoteLogger.ice +1 -0
data/slice/Ice/Router.ice +1 -0
data/slice/Ice/RouterF.ice +1 -0
data/slice/Ice/ServantLocator.ice +1 -0
data/slice/Ice/ServantLocatorF.ice +1 -0
data/slice/Ice/SliceChecksumDict.ice +1 -0
data/slice/Ice/ValueFactory.ice +1 -0
data/slice/Ice/Version.ice +1 -0
data/slice/IceBT/ConnectionInfo.ice +1 -0
data/slice/IceBT/EndpointInfo.ice +1 -0
data/slice/IceBT/Types.ice +1 -0
data/slice/IceBox/IceBox.ice +1 -0
data/slice/IceDiscovery/IceDiscovery.ice +1 -0
data/slice/IceGrid/Admin.ice +1 -0
data/slice/IceGrid/Descriptor.ice +1 -0
data/slice/IceGrid/Exception.ice +1 -0
data/slice/IceGrid/FileParser.ice +1 -0
data/slice/IceGrid/PluginFacade.ice +1 -0
data/slice/IceGrid/Registry.ice +1 -0
data/slice/IceGrid/Session.ice +1 -0
data/slice/IceGrid/UserAccountMapper.ice +1 -0
data/slice/IceIAP/ConnectionInfo.ice +1 -0
data/slice/IceIAP/EndpointInfo.ice +1 -0
data/slice/IceLocatorDiscovery/IceLocatorDiscovery.ice +1 -0
data/slice/IcePatch2/FileInfo.ice +1 -0
data/slice/IcePatch2/FileServer.ice +1 -0
data/slice/IceSSL/ConnectionInfo.ice +1 -0
data/slice/IceSSL/ConnectionInfoF.ice +1 -0
data/slice/IceSSL/EndpointInfo.ice +1 -0
data/slice/IceStorm/IceStorm.ice +1 -0
data/slice/IceStorm/Metrics.ice +4 -1
metadata +4 -4

data/ext/ice/cpp/src/IceSSL/SChannelTransceiverI.cpp CHANGED Viewed

@@ -9,6 +9,7 @@
 #include <IceSSL/ConnectionInfo.h>
 #include <IceSSL/Instance.h>
 #include <IceSSL/SChannelEngine.h>
+#include <IceSSL/PluginI.h>
 #include <IceSSL/Util.h>
 #include <Ice/Communicator.h>
 #include <Ice/LoggerUtil.h>
@@ -19,6 +20,10 @@ using namespace std;
 using namespace Ice;
 using namespace IceSSL;
+#ifndef CERT_CHAIN_DISABLE_AIA
+#   define CERT_CHAIN_DISABLE_AIA 0x00002000
+#endif
 namespace
 {
@@ -47,6 +52,93 @@ protocolName(DWORD protocol)
     }
 }
+TrustError
+trustStatusToTrustError(DWORD status)
+{
+    if (status & CERT_TRUST_NO_ERROR)
+    {
+        return IceSSL::ICE_ENUM(TrustError, NoError);
+    }
+    if ((status & CERT_TRUST_IS_UNTRUSTED_ROOT) ||
+        (status & CERT_TRUST_IS_CYCLIC) ||
+        (status & CERT_TRUST_CTL_IS_NOT_TIME_VALID) ||
+        (status & CERT_TRUST_CTL_IS_NOT_SIGNATURE_VALID) ||
+        (status & CERT_TRUST_CTL_IS_NOT_VALID_FOR_USAGE))
+    {
+        return IceSSL::ICE_ENUM(TrustError, UntrustedRoot);
+    }
+    if (status & CERT_TRUST_IS_EXPLICIT_DISTRUST)
+    {
+        return IceSSL::ICE_ENUM(TrustError, NotTrusted);
+    }
+    if (status & CERT_TRUST_IS_PARTIAL_CHAIN)
+    {
+        return IceSSL::ICE_ENUM(TrustError, PartialChain);
+    }
+    if (status & CERT_TRUST_INVALID_BASIC_CONSTRAINTS)
+    {
+        return IceSSL::ICE_ENUM(TrustError, InvalidBasicConstraints);
+    }
+    if (status & CERT_TRUST_IS_NOT_SIGNATURE_VALID)
+    {
+        return IceSSL::ICE_ENUM(TrustError, InvalidSignature);
+    }
+    if (status & CERT_TRUST_IS_NOT_VALID_FOR_USAGE)
+    {
+        return IceSSL::ICE_ENUM(TrustError, InvalidPurpose);
+    }
+    if (status & CERT_TRUST_IS_REVOKED)
+    {
+        return IceSSL::ICE_ENUM(TrustError, Revoked);
+    }
+    if (status & CERT_TRUST_INVALID_EXTENSION)
+    {
+        return IceSSL::ICE_ENUM(TrustError, InvalidExtension);
+    }
+    if (status & CERT_TRUST_INVALID_POLICY_CONSTRAINTS)
+    {
+        return IceSSL::ICE_ENUM(TrustError, InvalidPolicyConstraints);
+    }
+    if (status & CERT_TRUST_INVALID_NAME_CONSTRAINTS)
+    {
+        return IceSSL::ICE_ENUM(TrustError, InvalidNameConstraints);
+    }
+    if (status & CERT_TRUST_HAS_NOT_SUPPORTED_NAME_CONSTRAINT)
+    {
+        return IceSSL::ICE_ENUM(TrustError, HasNonSupportedNameConstraint);
+    }
+    if (status & CERT_TRUST_HAS_NOT_DEFINED_NAME_CONSTRAINT)
+    {
+        return IceSSL::ICE_ENUM(TrustError, HasNonDefinedNameConstraint);
+    }
+    if (status & CERT_TRUST_HAS_NOT_PERMITTED_NAME_CONSTRAINT)
+    {
+        return IceSSL::ICE_ENUM(TrustError, HasNonPermittedNameConstraint);
+    }
+    if (status & CERT_TRUST_HAS_EXCLUDED_NAME_CONSTRAINT)
+    {
+        return IceSSL::ICE_ENUM(TrustError, HasExcludedNameConstraint);
+    }
+    if (status & CERT_TRUST_NO_ISSUANCE_CHAIN_POLICY)
+    {
+        return IceSSL::ICE_ENUM(TrustError, InvalidPolicyConstraints);
+    }
+    if (status & CERT_TRUST_HAS_NOT_SUPPORTED_CRITICAL_EXT)
+    {
+        return IceSSL::ICE_ENUM(TrustError, HasNonSupportedCriticalExtension);
+    }
+    if (status & CERT_TRUST_IS_OFFLINE_REVOCATION ||
+        status & CERT_TRUST_REVOCATION_STATUS_UNKNOWN)
+    {
+        return IceSSL::ICE_ENUM(TrustError, RevocationStatusUnknown);
+    }
+    if (status & CERT_TRUST_IS_NOT_TIME_VALID)
+    {
+        return IceSSL::ICE_ENUM(TrustError, InvalidTime);
+    }
+    return IceSSL::ICE_ENUM(TrustError, UnknownTrustFailure);
+}
 string
 trustStatusToString(DWORD status)
 {
@@ -674,21 +766,38 @@ SChannel::TransceiverI::initialize(IceInternal::Buffer& readBuffer, IceInternal:
         string trustError;
         PCCERT_CHAIN_CONTEXT certChain;
-        if(!CertGetCertificateChain(_engine->chainEngine(), cert, 0, 0, &chainP,
-                                    CERT_CHAIN_REVOCATION_CHECK_CACHE_ONLY, 0, &certChain))
+        DWORD dwFlags = 0;
+        int revocationCheck = _engine->getRevocationCheck();
+        if(revocationCheck > 0)
+        {
+            if(_engine->getRevocationCheckCacheOnly())
+            {
+                // Disable network I/O for revocation checks.
+                dwFlags = CERT_CHAIN_REVOCATION_CHECK_CACHE_ONLY | CERT_CHAIN_DISABLE_AIA;
+            }
+            dwFlags |= (revocationCheck == 1 ?
+                        CERT_CHAIN_REVOCATION_CHECK_END_CERT :
+                        CERT_CHAIN_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT);
+        }
+        if(!CertGetCertificateChain(_engine->chainEngine(), cert, 0, cert->hCertStore, &chainP, dwFlags, 0, &certChain))
         {
             CertFreeCertificateContext(cert);
             trustError = IceUtilInternal::lastErrorToString();
+            _trustError = IceSSL::ICE_ENUM(TrustError, UnknownTrustFailure);
         }
         else
         {
             if(certChain->TrustStatus.dwErrorStatus != CERT_TRUST_NO_ERROR)
             {
                 trustError = trustStatusToString(certChain->TrustStatus.dwErrorStatus);
+                _trustError = trustStatusToTrustError(certChain->TrustStatus.dwErrorStatus);
             }
             else
             {
                 _verified = true;
+                _trustError = IceSSL::ICE_ENUM(TrustError, NoError);
             }
             CERT_SIMPLE_CHAIN* simpleChain = certChain->rgpChain[0];
@@ -753,7 +862,10 @@ SChannel::TransceiverI::initialize(IceInternal::Buffer& readBuffer, IceInternal:
     }
     catch(const Ice::SecurityException&)
     {
+        _trustError = IceSSL::ICE_ENUM(TrustError, HostNameMismatch);
         _verified = false;
+        ICE_DYNAMIC_CAST(ExtendedConnectionInfo, info)->errorCode = IceSSL::ICE_ENUM(TrustError, HostNameMismatch);
+        info->verified = false;
         if(_engine->getVerifyPeer() > 0)
         {
             throw;
@@ -1001,13 +1113,15 @@ SChannel::TransceiverI::toDetailedString() const
 Ice::ConnectionInfoPtr
 SChannel::TransceiverI::getInfo() const
 {
-    ConnectionInfoPtr info = ICE_MAKE_SHARED(ConnectionInfo);
+    ExtendedConnectionInfoPtr info = ICE_MAKE_SHARED(ExtendedConnectionInfo);
     info->underlying = _delegate->getInfo();
     info->incoming = _incoming;
     info->adapterName = _adapterName;
     info->cipher = _cipher;
     info->certs = _certs;
     info->verified = _verified;
+    info->errorCode = _trustError;
+    info->host = _incoming ? "" : _host;
     return info;
 }

data/ext/ice/cpp/src/IceSSL/SChannelTransceiverI.h CHANGED Viewed

@@ -120,6 +120,7 @@ private:
     std::string _cipher;
     std::vector<IceSSL::CertificatePtr> _certs;
     bool _verified;
+    TrustError _trustError;
 };
 typedef IceUtil::Handle<TransceiverI> TransceiverIPtr;

data/ext/ice/cpp/src/IceSSL/SSLEngine.cpp CHANGED Viewed

@@ -27,7 +27,9 @@ IceSSL::SSLEngine::SSLEngine(const Ice::CommunicatorPtr& communicator) :
     _initialized(false),
     _communicator(communicator),
     _logger(communicator->getLogger()),
-    _trustManager(new TrustManager(communicator))
+    _trustManager(new TrustManager(communicator)),
+    _revocationCheckCacheOnly(false),
+    _revocationCheck(0)
 {
 }
@@ -135,6 +137,11 @@ IceSSL::SSLEngine::initialize()
     _securityTraceLevel = properties->getPropertyAsInt("IceSSL.Trace.Security");
     _securityTraceCategory = "Security";
+    const_cast<bool&>(_revocationCheckCacheOnly) =
+        properties->getPropertyAsIntWithDefault("IceSSL.RevocationCheckCacheOnly", 1) > 0;
+    const_cast<int&>(_revocationCheck) =
+        properties->getPropertyAsIntWithDefault("IceSSL.RevocationCheck", 0);
 }
 void
@@ -292,3 +299,15 @@ IceSSL::SSLEngine::securityTraceCategory() const
 {
     return _securityTraceCategory;
 }
+bool
+IceSSL::SSLEngine::getRevocationCheckCacheOnly() const
+{
+    return _revocationCheckCacheOnly;
+}
+int
+IceSSL::SSLEngine::getRevocationCheck() const
+{
+    return _revocationCheck;
+}

data/ext/ice/cpp/src/IceSSL/SSLEngine.h CHANGED Viewed

@@ -66,6 +66,8 @@ public:
     bool getServerNameIndication() const;
     int getVerifyPeer() const;
     int securityTraceLevel() const;
+    bool getRevocationCheckCacheOnly() const;
+    int getRevocationCheck() const;
     std::string securityTraceCategory() const;
 protected:
@@ -89,6 +91,8 @@ private:
     int _verifyPeer;
     int _securityTraceLevel;
     std::string _securityTraceCategory;
+    const bool _revocationCheckCacheOnly;
+    const int _revocationCheck;
 };
 }

data/ext/ice/cpp/src/IceSSL/SecureTransportCertificateI.cpp CHANGED Viewed

@@ -8,7 +8,7 @@
 //
 #include <IceUtil/DisableWarnings.h>
-#include <IceSSL/Plugin.h>
+#include <IceSSL/PluginI.h>
 #include <IceSSL/SecureTransport.h>
 #include <IceSSL/CertificateI.h>
 #include <IceSSL/SecureTransportUtil.h>
@@ -32,6 +32,29 @@ using namespace std;
 namespace
 {
+static unsigned char _ekuAnyKeyUsage[4] = {0x55, 0x1d, 0x25, 0x00};
+static unsigned char _ekuServerAuthentication[8] = {0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x01};
+static unsigned char _ekuClientAuthentication[8] = {0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x02};
+static unsigned char _ekuCodeSigning[8] = {0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x03};
+static unsigned char _ekuEmailProtection[8] = {0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x04};
+static unsigned char _ekuTimeStamping[8] = {0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x08};
+static unsigned char _ekuOCSPSigning[8] = {0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x09};
+static CFDataRef ekuAnyKeyUsage =
+    CFDataCreateWithBytesNoCopy(kCFAllocatorDefault, _ekuAnyKeyUsage, 4, kCFAllocatorNull);
+static CFDataRef ekuServerAuthentication =
+    CFDataCreateWithBytesNoCopy(kCFAllocatorDefault, _ekuServerAuthentication, 8, kCFAllocatorNull);
+static CFDataRef ekuClientAuthentication =
+    CFDataCreateWithBytesNoCopy(kCFAllocatorDefault, _ekuClientAuthentication, 8, kCFAllocatorNull);
+static CFDataRef ekuCodeSigning =
+    CFDataCreateWithBytesNoCopy(kCFAllocatorDefault, _ekuCodeSigning, 8, kCFAllocatorNull);
+static CFDataRef ekuEmailProtection =
+    CFDataCreateWithBytesNoCopy(kCFAllocatorDefault, _ekuEmailProtection, 8, kCFAllocatorNull);
+static CFDataRef ekuTimeStamping =
+    CFDataCreateWithBytesNoCopy(kCFAllocatorDefault, _ekuTimeStamping, 8, kCFAllocatorNull);
+static CFDataRef ekuOCSPSigning =
+    CFDataCreateWithBytesNoCopy(kCFAllocatorDefault, _ekuOCSPSigning, 8, kCFAllocatorNull);
 string
 certificateOIDAlias(const string& name)
 {
@@ -226,7 +249,8 @@ private:
 #endif
 class SecureTransportCertificateI ICE_FINAL : public IceSSL::SecureTransport::Certificate,
-                                              public IceSSL::CertificateI
+                                              public IceSSL::CertificateI,
+                                              public IceSSL::CertificateExtendedInfo
 {
 public:
@@ -254,6 +278,8 @@ public:
     virtual vector<pair<int, string> > getSubjectAlternativeNames() const;
     virtual int getVersion() const;
     virtual SecCertificateRef getCert() const;
+    virtual unsigned int getKeyUsage() const;
+    virtual unsigned int getExtendedKeyUsage() const;
 private:
@@ -792,6 +818,111 @@ SecureTransportCertificateI::initializeAttributes() const
 }
 #endif
+unsigned int
+SecureTransportCertificateI::getKeyUsage() const
+{
+#ifdef ICE_USE_SECURE_TRANSPORT_IOS
+    throw Ice::FeatureNotSupportedException(__FILE__, __LINE__);
+#else
+    unsigned int keyUsage = 0;
+    UniqueRef<CFDictionaryRef> property(getCertificateProperty(_cert.get(), kSecOIDKeyUsage));
+    if(property)
+    {
+        CFNumberRef value = static_cast<CFNumberRef>(CFDictionaryGetValue(property.get(), kSecPropertyKeyValue));
+        if(value)
+        {
+            unsigned int usageBits = 0;
+            CFNumberGetValue(value, kCFNumberSInt32Type, &usageBits);
+            if(usageBits & kSecKeyUsageDigitalSignature)
+            {
+                keyUsage |= KEY_USAGE_DIGITAL_SIGNATURE;
+            }
+            if(usageBits & kSecKeyUsageNonRepudiation)
+            {
+                keyUsage |= KEY_USAGE_NON_REPUDIATION;
+            }
+            if(usageBits & kSecKeyUsageKeyEncipherment)
+            {
+                keyUsage |= KEY_USAGE_KEY_ENCIPHERMENT;
+            }
+            if(usageBits & kSecKeyUsageDataEncipherment)
+            {
+                keyUsage |= KEY_USAGE_DATA_ENCIPHERMENT;
+            }
+            if(usageBits & kSecKeyUsageKeyAgreement)
+            {
+                keyUsage |= KEY_USAGE_KEY_AGREEMENT;
+            }
+            if(usageBits & kSecKeyUsageKeyCertSign)
+            {
+                keyUsage |= KEY_USAGE_KEY_CERT_SIGN;
+            }
+            if(usageBits & kSecKeyUsageCRLSign)
+            {
+                keyUsage |= KEY_USAGE_CRL_SIGN;
+            }
+            if(usageBits & kSecKeyUsageEncipherOnly)
+            {
+                keyUsage |= KEY_USAGE_ENCIPHER_ONLY;
+            }
+            if(usageBits & kSecKeyUsageDecipherOnly)
+            {
+                keyUsage |= KEY_USAGE_DECIPHER_ONLY;
+            }
+        }
+    }
+    return keyUsage;
+#endif
+}
+unsigned int
+SecureTransportCertificateI::getExtendedKeyUsage() const
+{
+#ifdef ICE_USE_SECURE_TRANSPORT_IOS
+    throw Ice::FeatureNotSupportedException(__FILE__, __LINE__);
+#else
+    unsigned int extendedKeyUsage = 0;
+    UniqueRef<CFDictionaryRef> property(getCertificateProperty(_cert.get(), kSecOIDExtendedKeyUsage));
+    if(property)
+    {
+        CFArrayRef usages = static_cast<CFArrayRef>(CFDictionaryGetValue(property.get(), kSecPropertyKeyValue));
+        if(usages)
+        {
+            long size = CFArrayGetCount(usages);
+            if (CFArrayContainsValue(usages, CFRangeMake(0, size), ekuAnyKeyUsage))
+            {
+                extendedKeyUsage |= EXTENDED_KEY_USAGE_ANY_KEY_USAGE;
+            }
+            if (CFArrayContainsValue(usages, CFRangeMake(0, size), ekuServerAuthentication))
+            {
+                extendedKeyUsage |= EXTENDED_KEY_USAGE_SERVER_AUTH;
+            }
+            if (CFArrayContainsValue(usages, CFRangeMake(0, size), ekuClientAuthentication))
+            {
+                extendedKeyUsage |= EXTENDED_KEY_USAGE_CLIENT_AUTH;
+            }
+            if (CFArrayContainsValue(usages, CFRangeMake(0, size), ekuCodeSigning))
+            {
+                extendedKeyUsage |= EXTENDED_KEY_USAGE_CODE_SIGNING;
+            }
+            if (CFArrayContainsValue(usages, CFRangeMake(0, size), ekuEmailProtection))
+            {
+                extendedKeyUsage |= EXTENDED_KEY_USAGE_EMAIL_PROTECTION;
+            }
+            if (CFArrayContainsValue(usages, CFRangeMake(0, size), ekuTimeStamping))
+            {
+                extendedKeyUsage |= EXTENDED_KEY_USAGE_TIME_STAMPING;
+            }
+            if (CFArrayContainsValue(usages, CFRangeMake(0, size), ekuOCSPSigning))
+            {
+                extendedKeyUsage |= EXTENDED_KEY_USAGE_OCSP_SIGNING;
+            }
+        }
+    }
+    return extendedKeyUsage;
+#endif
+}
 IceSSL::SecureTransport::CertificatePtr
 IceSSL::SecureTransport::Certificate::create(SecCertificateRef cert)
 {