diff options
Diffstat (limited to 'externals/ace/SSL')
| -rw-r--r-- | externals/ace/SSL/SSL_Asynch_Stream.cpp | 38 | ||||
| -rw-r--r-- | externals/ace/SSL/SSL_Asynch_Stream.h | 49 | ||||
| -rw-r--r-- | externals/ace/SSL/SSL_Asynch_Stream.inl | 13 | ||||
| -rw-r--r-- | externals/ace/SSL/SSL_Context.cpp | 29 | ||||
| -rw-r--r-- | externals/ace/SSL/SSL_Context.h | 16 | ||||
| -rw-r--r-- | externals/ace/SSL/SSL_Context.inl | 16 | ||||
| -rw-r--r-- | externals/ace/SSL/SSL_Export.h | 1 | ||||
| -rw-r--r-- | externals/ace/SSL/SSL_SOCK_Acceptor.cpp | 12 | ||||
| -rw-r--r-- | externals/ace/SSL/SSL_SOCK_Acceptor.h | 10 | ||||
| -rw-r--r-- | externals/ace/SSL/SSL_SOCK_Acceptor.inl | 4 | ||||
| -rw-r--r-- | externals/ace/SSL/SSL_SOCK_Connector.h | 12 | ||||
| -rw-r--r-- | externals/ace/SSL/SSL_SOCK_Connector.inl | 4 | ||||
| -rw-r--r-- | externals/ace/SSL/SSL_SOCK_Stream.h | 29 | ||||
| -rw-r--r-- | externals/ace/SSL/SSL_SOCK_Stream.inl | 22 | ||||
| -rw-r--r-- | externals/ace/SSL/sslconf.h | 24 |
15 files changed, 221 insertions, 58 deletions
diff --git a/externals/ace/SSL/SSL_Asynch_Stream.cpp b/externals/ace/SSL/SSL_Asynch_Stream.cpp index ab8ec7fbbf9..15c648d18fe 100644 --- a/externals/ace/SSL/SSL_Asynch_Stream.cpp +++ b/externals/ace/SSL/SSL_Asynch_Stream.cpp @@ -2,7 +2,7 @@ ACE_RCSID (ACE_SSL, SSL_Asynch_Stream, - "$Id: SSL_Asynch_Stream.cpp 82574 2008-08-08 19:35:06Z parsons $") + "$Id: SSL_Asynch_Stream.cpp 84181 2009-01-16 22:37:49Z shuston $") // This only works on platforms with Asynchronous IO support. #if OPENSSL_VERSION_NUMBER > 0x0090581fL && ((defined (ACE_WIN32) && !defined (ACE_HAS_WINCE)) || (defined (ACE_HAS_AIO_CALLS))) @@ -17,6 +17,10 @@ ACE_RCSID (ACE_SSL, #include "ace/Proactor.h" #include "ace/Truncate.h" +#if !defined(__ACE_INLINE__) +#include "SSL_Asynch_Stream.inl" +#endif /* __ACE_INLINE__ */ + #include <openssl/err.h> ACE_BEGIN_VERSIONED_NAMESPACE_DECL @@ -93,13 +97,13 @@ ACE_SSL_Asynch_Stream::ACE_SSL_Asynch_Stream ( ACE_SSL_Asynch_Stream::Stream_Type s_type, ACE_SSL_Context * context) : type_ (s_type), - handle_ (ACE_INVALID_HANDLE), proactor_ (0), ext_handler_ (0), ext_read_result_ (0), ext_write_result_(0), flags_ (0), ssl_ (0), + handshake_complete_(false), bio_ (0), bio_istream_ (), bio_inp_msg_ (), @@ -260,7 +264,7 @@ ACE_SSL_Asynch_Stream::open (ACE_Handler & handler, // Get a proactor for/from the user. this->proactor_ = this->get_proactor (proactor, handler); this->ext_handler_ = & handler; - this->handle_ = handle; + this->handle (handle); // Open internal input stream if (this->bio_istream_.open (*this, // real callbacks to this @@ -342,7 +346,7 @@ ACE_SSL_Asynch_Stream::read (ACE_Message_Block & message_block, ACE_NEW_RETURN (this->ext_read_result_, ACE_SSL_Asynch_Read_Stream_Result ( *this->ext_handler_, - this->handle_, + this->handle (), message_block, bytes_to_read, act, @@ -385,7 +389,7 @@ ACE_SSL_Asynch_Stream::write (ACE_Message_Block & message_block, ACE_NEW_RETURN (this->ext_write_result_, ACE_SSL_Asynch_Write_Stream_Result ( *this->ext_handler_, - this->handle_, + this->handle (), message_block, bytes_to_write, act, @@ -491,7 +495,18 @@ int ACE_SSL_Asynch_Stream::do_SSL_handshake (void) { if (SSL_is_init_finished (this->ssl_)) - return 1; + { + if (!handshake_complete_) + { + handshake_complete_ = true; + + if (!post_handshake_check ()) + { + return -1; + } + } + return 1; + } if (this->flags_ & SF_REQ_SHUTDOWN) return -1; @@ -541,6 +556,13 @@ ACE_SSL_Asynch_Stream::do_SSL_handshake (void) return 1; } + +bool +ACE_SSL_Asynch_Stream::post_handshake_check (void) +{ + return true; +} + // ************************************************************ // Perform SSL_read call if necessary and notify user // ************************************************************ @@ -768,7 +790,7 @@ ACE_SSL_Asynch_Stream::print_error (int err_ssl, const ACE_TCHAR * pText) { ACE_DEBUG ((LM_DEBUG, - "SSL-error:%d %s\n" , + ACE_TEXT("SSL-error:%d %s\n"), err_ssl, pText)); @@ -781,7 +803,7 @@ ACE_SSL_Asynch_Stream::print_error (int err_ssl, { ERR_error_string_n (lerr, buf, sizeof buf); - ACE_DEBUG ((LM_DEBUG, "%s\n", buf)); + ACE_DEBUG ((LM_DEBUG, "%C\n", buf)); } #endif /* OPENSSL_VERSION_NUMBER */ } diff --git a/externals/ace/SSL/SSL_Asynch_Stream.h b/externals/ace/SSL/SSL_Asynch_Stream.h index faae6112cdb..af82300a428 100644 --- a/externals/ace/SSL/SSL_Asynch_Stream.h +++ b/externals/ace/SSL/SSL_Asynch_Stream.h @@ -4,7 +4,7 @@ /** * @file SSL_Asynch_Stream.h * - * $Id: SSL_Asynch_Stream.h 80826 2008-03-04 14:51:23Z wotte $ + * $Id: SSL_Asynch_Stream.h 84181 2009-01-16 22:37:49Z shuston $ * * @author Alexander Libman <alibman@baltimore.com> */ @@ -185,6 +185,9 @@ public: int close (void); + /// Return a pointer to the underlying SSL structure. + SSL *ssl (void) const; + /** * Initializes the factory with information which will be used with * each asynchronous call. @@ -295,6 +298,40 @@ protected: virtual void handle_wakeup (void); /** + * This method will be called after a successful SSL handshake indicating + * that the peer's certificate chain (if any) has been verified and the key + * exchange has completed. When a peer certificate is required, this + * method must be used to perform additional checks beyond the verification + * performed by OpenSSL. + * + * Check 1: + * + * SSL clients that require a peer certificate must specify SSL_VERIFY_PEER + * via ACE_SSL_Context::default_verify_mode. If the peer sends an invalid + * certificate, the SSL handshake will fail; however, if the peer does not + * send a certificate, the SSL handshake will complete successfully which + * may not be acceptable. In this case, you must override this method in a + * subclass and return false if the call to SSL_get_peer_certificate returns + * null. + * + * Check 2: + * + * An additional post handshake check that you should perform is to verify + * the certificate's FQDN against the host address you intended to connect + * to. This check will prevent an attacker from using a certificate signed + * by your CA to usurp your session. For further info on this check, see + * the post_connection_check method in Example 5-8 of 'Network Security with + * OpenSSL' by Viega, et. al. + * + * Return: + * + * false - Terminate the connection. Outstanding IO complete with ERR_CANCELED. + * + * true - Proceed with connection. The default implementation returns true. + */ + virtual bool post_handshake_check (void); + + /** * @name SSL State Machine */ //@{ @@ -342,9 +379,6 @@ protected: /// Stream Type ST_CLIENT/ST_SERVER Stream_Type type_; - /// The real file/socket handle - ACE_HANDLE handle_; - /// The proactor ACE_Proactor * proactor_; @@ -377,6 +411,9 @@ protected: /// The SSL session. SSL * ssl_; + /// Flag ensures that post_connection_check() is called at most one time. + bool handshake_complete_; + /// The BIO implementation BIO * bio_; @@ -417,6 +454,10 @@ protected: ACE_END_VERSIONED_NAMESPACE_DECL +#if defined(__ACE_INLINE__) +#include "SSL_Asynch_Stream.inl" +#endif /* __ACE_INLINE__ */ + #endif /* OPENSSL_VERSION_NUMBER > 0x0090581fL && (ACE_WIN32 || ACE_HAS_AIO_CALLS) */ diff --git a/externals/ace/SSL/SSL_Asynch_Stream.inl b/externals/ace/SSL/SSL_Asynch_Stream.inl new file mode 100644 index 00000000000..d9d0db95596 --- /dev/null +++ b/externals/ace/SSL/SSL_Asynch_Stream.inl @@ -0,0 +1,13 @@ +// -*- C++ -*- +// +// $Id: SSL_Asynch_Stream.inl 83916 2008-11-28 16:32:21Z johnnyw $ + +ACE_BEGIN_VERSIONED_NAMESPACE_DECL + +ACE_INLINE SSL * +ACE_SSL_Asynch_Stream::ssl (void) const +{ + return this->ssl_; +} + +ACE_END_VERSIONED_NAMESPACE_DECL diff --git a/externals/ace/SSL/SSL_Context.cpp b/externals/ace/SSL/SSL_Context.cpp index 72f02e3dc70..c7915797c37 100644 --- a/externals/ace/SSL/SSL_Context.cpp +++ b/externals/ace/SSL/SSL_Context.cpp @@ -28,7 +28,7 @@ ACE_RCSID (ACE_SSL, SSL_Context, - "$Id: SSL_Context.cpp 82574 2008-08-08 19:35:06Z parsons $") + "$Id: SSL_Context.cpp 85202 2009-04-28 18:52:57Z johnnyw $") namespace @@ -112,6 +112,7 @@ ACE_SSL_Context::ACE_SSL_Context (void) : context_ (0), mode_ (-1), default_verify_mode_ (SSL_VERIFY_NONE), + default_verify_callback_ (0), have_ca_ (0) { ACE_SSL_Context::ssl_library_init (); @@ -131,7 +132,7 @@ ACE_SSL_Context::~ACE_SSL_Context (void) ACE_SSL_Context * ACE_SSL_Context::instance (void) { - return ACE_Singleton<ACE_SSL_Context, ACE_SYNCH_MUTEX>::instance (); + return ACE_Unmanaged_Singleton<ACE_SSL_Context, ACE_SYNCH_MUTEX>::instance (); } void @@ -181,15 +182,15 @@ ACE_SSL_Context::ssl_library_init (void) (void) this->egd_file (egd_socket_file); #endif /* OPENSSL_VERSION_NUMBER */ - const char *rand_file = - ACE_OS::getenv (ACE_SSL_RAND_FILE_ENV); + const char *rand_file = ACE_OS::getenv (ACE_SSL_RAND_FILE_ENV); if (rand_file != 0) - (void) this->seed_file (rand_file); + { + (void) this->seed_file (rand_file); + } // Initialize the mutexes that will be used by the SSL and // crypto library. - } ++ssl_library_init_count; @@ -205,6 +206,9 @@ ACE_SSL_Context::ssl_library_fini (void) --ssl_library_init_count; if (ssl_library_init_count == 0) { + // Explicitly close the singleton + ACE_Unmanaged_Singleton<ACE_SSL_Context, ACE_SYNCH_MUTEX>::close(); + ::ERR_free_strings (); ::EVP_cleanup (); @@ -232,7 +236,11 @@ ACE_SSL_Context::set_mode (int mode) if (this->context_ != 0) return -1; +#if OPENSSL_VERSION_NUMBER >= 0x10000002 + const SSL_METHOD *method = 0; +#else SSL_METHOD *method = 0; +#endif switch (mode) { @@ -305,16 +313,20 @@ ACE_SSL_Context::load_trusted_ca (const char* ca_file, { // Use the default environment settings. ca_file = ACE_OS::getenv (ACE_SSL_CERT_FILE_ENV); +#ifdef ACE_DEFAULT_SSL_CERT_FILE if (ca_file == 0) ca_file = ACE_DEFAULT_SSL_CERT_FILE; +#endif } if (ca_dir == 0 && use_env_defaults) { // Use the default environment settings. ca_dir = ACE_OS::getenv (ACE_SSL_CERT_DIR_ENV); +#ifdef ACE_DEFAULT_SSL_CERT_DIR if (ca_dir == 0) ca_dir = ACE_DEFAULT_SSL_CERT_DIR; +#endif } // NOTE: SSL_CTX_load_verify_locations() returns 0 on error. @@ -566,7 +578,12 @@ ACE_SSL_Context::report_error (unsigned long error_code) char error_string[256]; +// OpenSSL < 0.9.6a doesn't have ERR_error_string_n() function. +#if OPENSSL_VERSION_NUMBER >= 0x0090601fL + (void) ::ERR_error_string_n (error_code, error_string, sizeof error_string); +#else /* OPENSSL_VERSION_NUMBER >= 0x0090601fL */ (void) ::ERR_error_string (error_code, error_string); +#endif /* OPENSSL_VERSION_NUMBER >= 0x0090601fL */ ACE_ERROR ((LM_ERROR, ACE_TEXT ("ACE_SSL (%P|%t) error code: %u - %C\n"), diff --git a/externals/ace/SSL/SSL_Context.h b/externals/ace/SSL/SSL_Context.h index bc3cb329042..003d6042c5b 100644 --- a/externals/ace/SSL/SSL_Context.h +++ b/externals/ace/SSL/SSL_Context.h @@ -4,7 +4,7 @@ /** * @file SSL_Context.h * - * $Id: SSL_Context.h 80826 2008-03-04 14:51:23Z wotte $ + * $Id: SSL_Context.h 83916 2008-11-28 16:32:21Z johnnyw $ * * @author Carlos O'Ryan <coryan@ece.uci.edu> * @author Ossama Othman <ossama@dre.vanderbilt.edu> @@ -264,7 +264,6 @@ public: */ void set_verify_peer (int strict = 0, int once = 1, int depth = 0); - /// TODO: a implementation that will lookup the CTX table for the list /// of files and paths etc. /// Query the location of trusted certification authority @@ -281,6 +280,14 @@ public: int default_verify_mode (void) const; /** + * Set and query the default verify callback for this context, it is + * inherited by all the ACE_SSL objects created using the context. + * It can be overriden on a per-ACE_SSL object. + */ + void default_verify_callback (int (*callback) (int, X509_STORE_CTX *)); + int (*default_verify_callback(void) const) (int,X509_STORE_CTX *); + + /** * @name OpenSSL Random Number Generator Seed Related Methods * * These are methods that can be used to seed OpenSSL's @@ -354,7 +361,7 @@ private: /// Cache the mode so we can answer fast int mode_; - /// The private key, certificate, and Diffie-Hellman paramters files + /// The private key, certificate, and Diffie-Hellman parameters files ACE_SSL_Data_File private_key_; ACE_SSL_Data_File certificate_; ACE_SSL_Data_File dh_params_; @@ -362,6 +369,9 @@ private: /// The default verify mode. int default_verify_mode_; + /// The default verify callback. + int (*default_verify_callback_)(int, X509_STORE_CTX *); + /// count of successful CA load attempts int have_ca_; diff --git a/externals/ace/SSL/SSL_Context.inl b/externals/ace/SSL/SSL_Context.inl index 990eab38293..7ecb3e0627e 100644 --- a/externals/ace/SSL/SSL_Context.inl +++ b/externals/ace/SSL/SSL_Context.inl @@ -1,6 +1,6 @@ // -*- C++ -*- // -// $Id: SSL_Context.inl 80826 2008-03-04 14:51:23Z wotte $ +// $Id: SSL_Context.inl 83916 2008-11-28 16:32:21Z johnnyw $ ACE_BEGIN_VERSIONED_NAMESPACE_DECL @@ -40,7 +40,8 @@ ACE_SSL_Context::check_context (void) this->set_mode (); } - ::SSL_CTX_set_verify (this->context_, this->default_verify_mode (), 0); + ::SSL_CTX_set_verify (this->context_, this->default_verify_mode (), + this->default_verify_callback ()); } ACE_INLINE SSL_CTX * @@ -98,6 +99,17 @@ ACE_SSL_Context::default_verify_mode (void) const return this->default_verify_mode_; } +ACE_INLINE void +ACE_SSL_Context::default_verify_callback (int (*callback) (int, X509_STORE_CTX*)) +{ + this->default_verify_callback_ = callback; +} + +ACE_INLINE int (*ACE_SSL_Context::default_verify_callback(void) const)(int,X509_STORE_CTX *) +{ + return this->default_verify_callback_; +} + ACE_INLINE int ACE_SSL_Context::get_mode (void) const { diff --git a/externals/ace/SSL/SSL_Export.h b/externals/ace/SSL/SSL_Export.h index 59bd892e7fd..9e0028a9d50 100644 --- a/externals/ace/SSL/SSL_Export.h +++ b/externals/ace/SSL/SSL_Export.h @@ -6,7 +6,6 @@ // ------------------------------ #if !defined (ACE_SSL_EXPORT_H) #define ACE_SSL_EXPORT_H -#define ACE_SSL_BUILD_DLL #include /**/ "ace/config-all.h" diff --git a/externals/ace/SSL/SSL_SOCK_Acceptor.cpp b/externals/ace/SSL/SSL_SOCK_Acceptor.cpp index 2ee8aa419b6..e94c988a392 100644 --- a/externals/ace/SSL/SSL_SOCK_Acceptor.cpp +++ b/externals/ace/SSL/SSL_SOCK_Acceptor.cpp @@ -1,6 +1,6 @@ // -*- C++ -*- // -// $Id: SSL_SOCK_Acceptor.cpp 82577 2008-08-09 17:43:11Z mitza $ +// $Id: SSL_SOCK_Acceptor.cpp 82723 2008-09-16 09:35:44Z johnnyw $ #include "SSL_SOCK_Acceptor.h" @@ -19,7 +19,7 @@ ACE_RCSID (ACE_SSL, SSL_SOCK_Acceptor, - "$Id: SSL_SOCK_Acceptor.cpp 82577 2008-08-09 17:43:11Z mitza $") + "$Id: SSL_SOCK_Acceptor.cpp 82723 2008-09-16 09:35:44Z johnnyw $") ACE_BEGIN_VERSIONED_NAMESPACE_DECL @@ -176,8 +176,8 @@ int ACE_SSL_SOCK_Acceptor::accept (ACE_SSL_SOCK_Stream &new_stream, ACE_Addr *remote_addr, ACE_Time_Value *timeout, - int restart, - int reset_new_handle) const + bool restart, + bool reset_new_handle) const { ACE_TRACE ("ACE_SSL_SOCK_Acceptor::accept"); @@ -214,8 +214,8 @@ ACE_SSL_SOCK_Acceptor::accept (ACE_SSL_SOCK_Stream &new_stream, ACE_Accept_QoS_Params qos_params, ACE_Addr *remote_addr, ACE_Time_Value *timeout, - int restart, - int reset_new_handle) const + bool restart, + bool reset_new_handle) const { ACE_TRACE ("ACE_SSL_SOCK_Acceptor::accept"); diff --git a/externals/ace/SSL/SSL_SOCK_Acceptor.h b/externals/ace/SSL/SSL_SOCK_Acceptor.h index 997378bf329..11f00651a73 100644 --- a/externals/ace/SSL/SSL_SOCK_Acceptor.h +++ b/externals/ace/SSL/SSL_SOCK_Acceptor.h @@ -4,7 +4,7 @@ /** * @file SSL_SOCK_Acceptor.h * - * $Id: SSL_SOCK_Acceptor.h 81826 2008-06-02 15:29:53Z schmidt $ + * $Id: SSL_SOCK_Acceptor.h 82723 2008-09-16 09:35:44Z johnnyw $ * * @author John Heitmann * @author Chris Zimman @@ -138,8 +138,8 @@ public: int accept (ACE_SSL_SOCK_Stream &new_stream, ACE_Addr *remote_addr = 0, ACE_Time_Value *timeout = 0, - int restart = 1, - int reset_new_handle = 0) const; + bool restart = true, + bool reset_new_handle = false) const; /** * Accept a new ACE_SSL_SOCK_Stream connection using the RVSP QoS @@ -160,8 +160,8 @@ public: ACE_Accept_QoS_Params qos_params, ACE_Addr *remote_addr = 0, ACE_Time_Value *timeout = 0, - int restart = 1, - int reset_new_handle = 0) const; + bool restart = true, + bool reset_new_handle = false) const; //@} /// Meta-type info diff --git a/externals/ace/SSL/SSL_SOCK_Acceptor.inl b/externals/ace/SSL/SSL_SOCK_Acceptor.inl index 318d66d5c25..d0833a309fc 100644 --- a/externals/ace/SSL/SSL_SOCK_Acceptor.inl +++ b/externals/ace/SSL/SSL_SOCK_Acceptor.inl @@ -1,6 +1,6 @@ // -*- C++ -*- // -// $Id: SSL_SOCK_Acceptor.inl 80826 2008-03-04 14:51:23Z wotte $ +// $Id: SSL_SOCK_Acceptor.inl 84619 2009-02-26 12:26:16Z johnnyw $ ACE_BEGIN_VERSIONED_NAMESPACE_DECL @@ -76,7 +76,7 @@ ACE_SSL_SOCK_Acceptor::close (void) { ACE_TRACE ("ACE_SSL_SOCK_Acceptor::close ()"); - int result = this->acceptor_.close (); + int const result = this->acceptor_.close (); this->set_handle (ACE_INVALID_HANDLE); return result; diff --git a/externals/ace/SSL/SSL_SOCK_Connector.h b/externals/ace/SSL/SSL_SOCK_Connector.h index f1708bf127d..2641bb6f703 100644 --- a/externals/ace/SSL/SSL_SOCK_Connector.h +++ b/externals/ace/SSL/SSL_SOCK_Connector.h @@ -4,7 +4,7 @@ /** * @file SSL_SOCK_Connector.h * - * $Id: SSL_SOCK_Connector.h 80826 2008-03-04 14:51:23Z wotte $ + * $Id: SSL_SOCK_Connector.h 84816 2009-03-13 08:16:32Z johnnyw $ * * @author Ossama Othman <ossama@uci.edu> * @author Carlos O'Ryan <coryan@uci.edu> @@ -86,7 +86,7 @@ public: * amount of time passes before the connection is made, * this method returns -1 and errno == ETIME. Note * the difference between this case and when a blocking - * connect is attmpted that TCP times out - in the latter + * connect is attempted that TCP times out - in the latter * case, errno will be ETIMEDOUT. * @param local_sap (optional) The local address to bind to. If it's * the default value of @c ACE_Addr::sap_any then the @@ -137,7 +137,7 @@ public: * amount of time passes before the connection is made, * this method returns -1 and errno == ETIME. Note * the difference between this case and when a blocking - * connect is attmpted that TCP times out - in the latter + * connect is attempted that TCP times out - in the latter * case, errno will be ETIMEDOUT. * @param local_sap (optional) The local address to bind to. If it's * the default value of @c ACE_Addr::sap_any then the @@ -191,7 +191,7 @@ public: * amount of time passes before the connection is made, * this method returns -1 and errno == ETIME. Note * the difference between this case and when a blocking - * connect is attmpted that TCP times out - in the latter + * connect is attempted that TCP times out - in the latter * case, errno will be ETIMEDOUT. * @param local_sap (optional) The local address to bind to. If it's * the default value of @c ACE_Addr::sap_any then the @@ -242,7 +242,7 @@ public: * amount of time passes before the connection is made, * this method returns -1 and errno == ETIME. Note * the difference between this case and when a blocking - * connect is attmpted that TCP times out - in the latter + * connect is attempted that TCP times out - in the latter * case, errno will be ETIMEDOUT. * @param local_sap (optional) The local address to bind to. If it's * the default value of @c ACE_Addr::sap_any then the @@ -279,7 +279,7 @@ public: const ACE_Time_Value *timeout = 0); /// Resets any event associations on this handle - int reset_new_handle (ACE_HANDLE handle); + bool reset_new_handle (ACE_HANDLE handle); /// Meta-type info //@{ diff --git a/externals/ace/SSL/SSL_SOCK_Connector.inl b/externals/ace/SSL/SSL_SOCK_Connector.inl index 58978966dcf..b2be51dd13a 100644 --- a/externals/ace/SSL/SSL_SOCK_Connector.inl +++ b/externals/ace/SSL/SSL_SOCK_Connector.inl @@ -1,6 +1,6 @@ // -*- C++ -*- // -// $Id: SSL_SOCK_Connector.inl 80826 2008-03-04 14:51:23Z wotte $ +// $Id: SSL_SOCK_Connector.inl 82728 2008-09-16 10:22:28Z johnnyw $ ACE_BEGIN_VERSIONED_NAMESPACE_DECL @@ -11,7 +11,7 @@ ACE_SSL_SOCK_Connector::ACE_SSL_SOCK_Connector (void) ACE_TRACE ("ACE_SSL_SOCK_Connector::ACE_SSL_SOCK_Connector"); } -ACE_INLINE int +ACE_INLINE bool ACE_SSL_SOCK_Connector::reset_new_handle (ACE_HANDLE handle) { ACE_TRACE ("ACE_SSL_SOCK_Connector::reset_new_handle"); diff --git a/externals/ace/SSL/SSL_SOCK_Stream.h b/externals/ace/SSL/SSL_SOCK_Stream.h index be78b924299..15c5297414b 100644 --- a/externals/ace/SSL/SSL_SOCK_Stream.h +++ b/externals/ace/SSL/SSL_SOCK_Stream.h @@ -4,7 +4,7 @@ /** * @file SSL_SOCK_Stream.h * - * $Id: SSL_SOCK_Stream.h 80826 2008-03-04 14:51:23Z wotte $ + * $Id: SSL_SOCK_Stream.h 91103 2010-07-15 12:36:57Z mcorino $ * * @author Ossama Othman <ossama@uci.edu> * @author Carlos O'Ryan <coryan@uci.edu> @@ -207,6 +207,18 @@ public: size_t *bytes_transferred = 0) const; /** + * Try to send exactly len bytes into buf (uses the send() call). + * If send() blocks for longer than timeout the number of bytes + * actually sent is returned with errno == ETIME. If a timeout does + * not occur, send_n() return len (i.e., the number of bytes + * requested to be sent). + */ + ssize_t send_n (const void *buf, + size_t len, + const ACE_Time_Value *timeout, + size_t *bytes_transferred = 0) const; + + /** * Try to receive exactly len bytes into buf (uses the recv() call). * The ACE_Time_Value indicates how long to blocking trying to * receive. If timeout == 0, the caller will block until action is @@ -221,6 +233,21 @@ public: int flags, const ACE_Time_Value *timeout, size_t *bytes_transferred = 0) const; + + /** + * Try to receive exactly len bytes into buf (uses the recv() call). + * The ACE_Time_Value indicates how long to blocking trying to + * receive. If timeout == 0, the caller will block until action is + * possible, else will wait until the relative time specified in + * timeout elapses). If recv() blocks for longer than timeout the + * number of bytes actually read is returned with errno == ETIME. + * If a timeout does not occur, recv_n return len (i.e., the number + * of bytes requested to be read). + */ + ssize_t recv_n (void *buf, + size_t len, + const ACE_Time_Value *timeout, + size_t *bytes_transferred = 0) const; //@} /** diff --git a/externals/ace/SSL/SSL_SOCK_Stream.inl b/externals/ace/SSL/SSL_SOCK_Stream.inl index 71661308f61..9f071cf4102 100644 --- a/externals/ace/SSL/SSL_SOCK_Stream.inl +++ b/externals/ace/SSL/SSL_SOCK_Stream.inl @@ -1,6 +1,6 @@ // -*- C++ -*- // -// $Id: SSL_SOCK_Stream.inl 82579 2008-08-10 23:03:06Z mitza $ +// $Id: SSL_SOCK_Stream.inl 91103 2010-07-15 12:36:57Z mcorino $ #include "ace/OS_NS_errno.h" #include "ace/Truncate.h" @@ -252,12 +252,32 @@ ACE_SSL_SOCK_Stream::recv_n (void *buf, int buf_size) const } ACE_INLINE ssize_t +ACE_SSL_SOCK_Stream::recv_n (void *buf, + size_t len, + const ACE_Time_Value *timeout, + size_t *bytes_transferred) const +{ + ACE_TRACE ("ACE_SSL_SOCK_Stream::recv_n"); + return this->recv_n (buf, len, 0, timeout, bytes_transferred); +} + +ACE_INLINE ssize_t ACE_SSL_SOCK_Stream::send_n (const void *buf, int len) const { ACE_TRACE ("ACE_SSL_SOCK_Stream::send_n"); return this->send_n (buf, len, 0); } +ACE_INLINE ssize_t +ACE_SSL_SOCK_Stream::send_n (const void *buf, + size_t len, + const ACE_Time_Value *timeout, + size_t *bytes_transferred) const +{ + ACE_TRACE ("ACE_SSL_SOCK_Stream::send_n"); + return this->send_n (buf, len, 0, timeout, bytes_transferred); +} + ACE_INLINE int ACE_SSL_SOCK_Stream::close_reader (void) { diff --git a/externals/ace/SSL/sslconf.h b/externals/ace/SSL/sslconf.h index c4ba34797c4..4da812cbc7d 100644 --- a/externals/ace/SSL/sslconf.h +++ b/externals/ace/SSL/sslconf.h @@ -4,7 +4,7 @@ /** * @file sslconf.h * - * $Id: sslconf.h 80826 2008-03-04 14:51:23Z wotte $ + * $Id: sslconf.h 83879 2008-11-26 10:46:30Z smcqueen $ * * @author Carlos O'Ryan <coryan@ece.uci.edu> */ @@ -19,19 +19,21 @@ #include /**/ "ace/config-all.h" #if !defined (ACE_DEFAULT_SSL_CERT_FILE) -# ifdef WIN32 -# define ACE_DEFAULT_SSL_CERT_FILE "cert.pem" -# else -# define ACE_DEFAULT_SSL_CERT_FILE "/etc/ssl/cert.pem" -# endif /* WIN32 */ +// Define a default CA certificate filename here if required e.g.: +// # ifdef WIN32 +// # define ACE_DEFAULT_SSL_CERT_FILE "cert.pem" +// # else +// # define ACE_DEFAULT_SSL_CERT_FILE "/etc/ssl/cert.pem" +// # endif /* WIN32 */ #endif /* ACE_DEFAULT_SSL_CERT_FILE */ #if !defined (ACE_DEFAULT_SSL_CERT_DIR) -# ifdef WIN32 -# define ACE_DEFAULT_SSL_CERT_DIR "certs" -# else -# define ACE_DEFAULT_SSL_CERT_DIR "/etc/ssl/certs" -# endif /* WIN32 */ +// Define a default CA certificate files directory here if required. e.g.: +// # ifdef WIN32 +// # define ACE_DEFAULT_SSL_CERT_DIR "certs" +// # else +// # define ACE_DEFAULT_SSL_CERT_DIR "/etc/ssl/certs" +// # endif /* WIN32 */ #endif /* ACE_DEFAULT_SSL_CERT_DIR */ #if !defined (ACE_SSL_CERT_FILE_ENV) |