📄 tls.cpp
字号:
{ PEG_TRACE_STRING(TRC_SSL, Tracer::LEVEL3, "---> SSL: Client not certified, no certificate received"); } } else { PEG_TRACE_STRING(TRC_SSL, Tracer::LEVEL3, "---> SSL: Client certification disabled"); } PEG_METHOD_EXIT(); return 1;}Sint32 SSLSocket::connect(){ PEG_METHOD_ENTER(TRC_SSL, "SSLSocket::connect()"); Sint32 ssl_rc,ssl_rsn; SSL_set_connect_state(_SSLConnection);redo_connect: ssl_rc = SSL_connect(_SSLConnection); if (ssl_rc < 0) { ssl_rsn = SSL_get_error(_SSLConnection, ssl_rc); PEG_TRACE_STRING(TRC_SSL, Tracer::LEVEL3, "---> SSL: Not connected " + ssl_rsn); if ((ssl_rsn == SSL_ERROR_WANT_READ) || (ssl_rsn == SSL_ERROR_WANT_WRITE)) { goto redo_connect; } else { PEG_METHOD_EXIT(); return -1; } } else if (ssl_rc == 0) { PEG_TRACE_STRING(TRC_SSL, Tracer::LEVEL3, "---> SSL: Shutdown SSL_connect()"); PEG_TRACE_STRING(TRC_SSL, Tracer::LEVEL3, "Error string: " + String(ERR_error_string(ssl_rc, NULL))); PEG_METHOD_EXIT(); return -1; } PEG_TRACE_STRING(TRC_SSL, Tracer::LEVEL3, "---> SSL: Connected"); if (_SSLContext->isPeerVerificationEnabled()) { PEG_TRACE_STRING(TRC_SSL, Tracer::LEVEL3, "Attempting to verify server certificate."); X509* server_cert = SSL_get_peer_certificate(_SSLConnection); if (server_cert != NULL) { // // Do not check the verification result using // SSL_get_verify_result here to see whether or not to continue. // The prepareForCallback does not reset the verification result, // so it will still contain the original error. If the client // chose to override the default error in the callback and // return true, we got here and should proceed with the // transaction. Otherwise, the handshake was already terminated. // if (SSL_get_verify_result(_SSLConnection) == X509_V_OK) { PEG_TRACE_STRING(TRC_SSL, Tracer::LEVEL3, "--->SSL: Server Certificate verified."); } else { PEG_TRACE_STRING(TRC_SSL, Tracer::LEVEL3, "--->SSL: Server Certificate not verified, but the " "callback overrode the default error."); } X509_free (server_cert); } else { PEG_TRACE_STRING(TRC_SSL, Tracer::LEVEL3, "-->SSL: Server not certified, no certificate received."); PEG_METHOD_EXIT(); return -1; } } else { PEG_TRACE_STRING(TRC_SSL, Tracer::LEVEL3, "---> SSL: Server certification disabled"); } PEG_METHOD_EXIT(); return ssl_rc;}Boolean SSLSocket::isPeerVerificationEnabled(){ return _SSLContext->isPeerVerificationEnabled();}Array<SSLCertificateInfo*> SSLSocket::getPeerCertificateChain(){ Array<SSLCertificateInfo*> peerCertificate; if (_SSLCallbackInfo.get()) { peerCertificate = _SSLCallbackInfo->_rep->peerCertificate; } return peerCertificate;}Boolean SSLSocket::isCertificateVerified(){ return _certificateVerified;}//// MP_Socket (Multi-purpose Socket class)//MP_Socket::MP_Socket(SocketHandle socket) : _socket(socket), _isSecure(false), _socketWriteTimeout(20) {}MP_Socket::MP_Socket( SocketHandle socket, SSLContext * sslcontext, ReadWriteSem * sslContextObjectLock){ PEG_METHOD_ENTER(TRC_SSL, "MP_Socket::MP_Socket()"); if (sslcontext != NULL) { _isSecure = true; _sslsock = new SSLSocket( socket, sslcontext, sslContextObjectLock); } else { _isSecure = false; _socket = socket; } // 20 seconds are the default for client timeouts _socketWriteTimeout = 20; PEG_METHOD_EXIT();}MP_Socket::~MP_Socket(){ PEG_METHOD_ENTER(TRC_SSL, "MP_Socket::~MP_Socket()"); if (_isSecure) { delete _sslsock; } PEG_METHOD_EXIT();}Boolean MP_Socket::isSecure() {return _isSecure;}Boolean MP_Socket::incompleteReadOccurred(Sint32 retCode){ if (_isSecure) return _sslsock->incompleteReadOccurred(retCode); return (retCode <= 0);}SocketHandle MP_Socket::getSocket(){ if (_isSecure) return _sslsock->getSocket(); else return _socket;}Sint32 MP_Socket::read(void * ptr, Uint32 size){ if (_isSecure) return _sslsock->read(ptr,size); else return Socket::read(_socket,ptr,size);}Sint32 MP_Socket::write(const void * ptr, Uint32 size){ if (_isSecure) return _sslsock->timedWrite(ptr,size,_socketWriteTimeout); else return Socket::timedWrite(_socket,ptr,size,_socketWriteTimeout);}void MP_Socket::close(){ if (_isSecure) _sslsock->close(); else Socket::close(_socket);}void MP_Socket::enableBlocking(){ if (_isSecure) _sslsock->enableBlocking(); else Socket::enableBlocking(_socket);}void MP_Socket::disableBlocking(){ if (_isSecure) _sslsock->disableBlocking(); else Socket::disableBlocking(_socket);}Sint32 MP_Socket::accept(){ if (_isSecure) { return _sslsock->accept(); } return 1;}Sint32 MP_Socket::connect(){ if (_isSecure) if (_sslsock->connect() < 0) return -1; return 0;}Boolean MP_Socket::isPeerVerificationEnabled(){ if (_isSecure) { return _sslsock->isPeerVerificationEnabled(); } return false;}Array<SSLCertificateInfo*> MP_Socket::getPeerCertificateChain(){ Array<SSLCertificateInfo*> peerCertificate; if (_isSecure) { peerCertificate = _sslsock->getPeerCertificateChain(); } return peerCertificate;}Boolean MP_Socket::isCertificateVerified(){ if (_isSecure) { return _sslsock->isCertificateVerified(); } return false;}void MP_Socket::setSocketWriteTimeout(Uint32 socketWriteTimeout){ _socketWriteTimeout = socketWriteTimeout;}PEGASUS_NAMESPACE_END#elsePEGASUS_NAMESPACE_BEGIN#ifndef PEGASUS_OS_ZOSMP_Socket::MP_Socket(SocketHandle socket) : _socket(socket), _isSecure(false), _socketWriteTimeout(20) {}MP_Socket::MP_Socket( SocketHandle socket, SSLContext * sslcontext, ReadWriteSem * sslContextObjectLock) : _socket(socket), _isSecure(false), _socketWriteTimeout(20) {}#endifMP_Socket::~MP_Socket() {}Boolean MP_Socket::isSecure() {return _isSecure;}Boolean MP_Socket::incompleteReadOccurred(Sint32 retCode){ return (retCode <= 0);}SocketHandle MP_Socket::getSocket(){ return _socket;}Sint32 MP_Socket::read(void * ptr, Uint32 size){ return Socket::read(_socket,ptr,size);}Sint32 MP_Socket::write(const void * ptr, Uint32 size){ return Socket::timedWrite(_socket,ptr,size,_socketWriteTimeout);}void MP_Socket::close(){ Socket::close(_socket);}void MP_Socket::enableBlocking(){ Socket::enableBlocking(_socket);}void MP_Socket::disableBlocking(){ Socket::disableBlocking(_socket);}Sint32 MP_Socket::accept(){#ifndef PEGASUS_OS_ZOS return 1;#else PEG_METHOD_ENTER(TRC_SSL, "MP_Socket::accept()"); // ************************************************************************ // This is a z/OS specific section. No other platform can port this. // Pegasus on z/OS has no OpenSSL but cat use a transparent layer called // AT-TLS ( Applicatin Transparent Transport Layer Security ) to handle // HTTPS connections. // ************************************************************************ int rc; if (isSecure()) { PEG_TRACE_STRING(TRC_SSL, Tracer::LEVEL4, "---> HTTPS processing."); rc = ATTLS_zOS_query(); } else { PEG_TRACE_STRING(TRC_SSL, Tracer::LEVEL4, "---> Normal HTTP processing."); rc = 1; } PEG_METHOD_EXIT(); return rc;#endif}Sint32 MP_Socket::connect() { return 0; }Boolean MP_Socket::isPeerVerificationEnabled() { return false; }Array<SSLCertificateInfo*> MP_Socket::getPeerCertificateChain(){ // // Return empty array // return Array<SSLCertificateInfo*>();}Boolean MP_Socket::isCertificateVerified() { return false; }void MP_Socket::setSocketWriteTimeout(Uint32 socketWriteTimeout){ _socketWriteTimeout = socketWriteTimeout;}PEGASUS_NAMESPACE_END#endif // end of PEGASUS_HAS_SSL⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -