1
1
// **********************************************************************
3
// Copyright (c) 2003-2009 ZeroC, Inc. All rights reserved.
3
// Copyright (c) 2003-2010 ZeroC, Inc. All rights reserved.
5
5
// This copy of Ice is licensed to you under the terms described in the
6
6
// ICE_LICENSE file included in this distribution.
8
8
// **********************************************************************
10
#include <IceUtil/Config.h>
12
# include <winsock2.h>
10
15
#include <IceSSL/Util.h>
16
#include <IceUtil/FileUtil.h>
11
17
#include <Ice/LocalException.h>
12
18
#include <Ice/Network.h>
15
21
# include <direct.h>
16
22
# include <sys/types.h>
17
# include <sys/stat.h>
19
# define S_ISDIR(mode) ((mode) & _S_IFDIR)
20
# define S_ISREG(mode) ((mode) & _S_IFREG)
23
# include <sys/stat.h>
26
25
#include <openssl/err.h>
39
41
// They are not keys themselves, but the basis for generating DH keys
42
static unsigned char dh512_p[] =
44
unsigned char dh512_p[] =
44
46
0xF5,0x2A,0xFF,0x3C,0xE1,0xB1,0x29,0x40,0x18,0x11,0x8D,0x7C,
45
47
0x84,0xA7,0x0A,0x72,0xD6,0x86,0xC4,0x03,0x19,0xC8,0x07,0x29,
49
51
0xE9,0x2A,0x05,0x5F,
52
static unsigned char dh512_g[] = { 0x02 };
54
unsigned char dh512_g[] = { 0x02 };
54
static unsigned char dh1024_p[] =
56
unsigned char dh1024_p[] =
56
58
0xF4,0x88,0xFD,0x58,0x4E,0x49,0xDB,0xCD,0x20,0xB4,0x9D,0xE4,
57
59
0x91,0x07,0x36,0x6B,0x33,0x6C,0x38,0x0D,0x45,0x1D,0x0F,0x7C,
66
68
0xA2,0x5E,0xC3,0x55,0xE9,0x2F,0x78,0xC7,
69
static unsigned char dh1024_g[] = { 0x02 };
71
unsigned char dh1024_g[] = { 0x02 };
71
static unsigned char dh2048_p[] =
73
unsigned char dh2048_p[] =
73
75
0xF6,0x42,0x57,0xB7,0x08,0x7F,0x08,0x17,0x72,0xA2,0xBA,0xD6,
74
76
0xA9,0x42,0xF3,0x05,0xE8,0xF9,0x53,0x11,0x39,0x4F,0xB6,0xF1,
94
96
0xE9,0x32,0x0B,0x3B,
97
static unsigned char dh2048_g[] = { 0x02 };
99
unsigned char dh2048_g[] = { 0x02 };
99
static unsigned char dh4096_p[] =
101
unsigned char dh4096_p[] =
101
103
0xFA,0x14,0x72,0x52,0xC1,0x4D,0xE1,0x5A,0x49,0xD4,0xEF,0x09,
102
104
0x2D,0xC0,0xA8,0xFD,0x55,0xAB,0xD7,0xD9,0x37,0x04,0x28,0x09,
143
145
0xB9,0xBD,0x78,0xE1,0x84,0x41,0xA0,0xDF,
146
static unsigned char dh4096_g[] = { 0x02 };
148
unsigned char dh4096_g[] = { 0x02 };
149
153
// Convert a predefined parameter set into a DH value.
281
285
// argument is modified and true is returned. Otherwise
282
286
// false is returned.
286
int err = ::_stat(path.c_str(), &st);
289
int err = ::stat(path.c_str(), &st);
288
IceUtilInternal::structstat st;
289
int err = IceUtilInternal::stat(path, &st);
293
292
return dir ? S_ISDIR(st.st_mode) != 0 : S_ISREG(st.st_mode) != 0;
299
298
string s = defaultDir + "\\" + path;
300
err = ::_stat(s.c_str(), &st);
302
300
string s = defaultDir + "/" + path;
303
err = ::stat(s.c_str(), &st);
302
err = ::IceUtilInternal::stat(s.c_str(), &st);
305
303
if(err == 0 && ((!dir && S_ISREG(st.st_mode)) || (dir && S_ISDIR(st.st_mode))))
316
IceSSL::populateConnectionInfo(SSL* ssl, SOCKET fd, const string& adapterName, bool incoming)
319
info.adapterName = adapterName;
320
info.incoming = incoming;
325
// On the client side, SSL_get_peer_cert_chain returns the entire chain of certs.
326
// On the server side, the peer certificate must be obtained separately.
328
// Since we have no clear idea whether the connection is server or client side,
329
// the peer certificate is obtained separately and compared against the first
330
// certificate in the chain. If they are not the same, it is added to the chain.
332
X509* cert = SSL_get_peer_certificate(ssl);
333
STACK_OF(X509)* chain = SSL_get_peer_cert_chain(ssl);
334
if(cert != 0 && (chain == 0 || sk_X509_num(chain) == 0 || cert != sk_X509_value(chain, 0)))
336
info.certs.push_back(new Certificate(cert));
345
for(int i = 0; i < sk_X509_num(chain); ++i)
347
X509* cert = sk_X509_value(chain, i);
349
// Duplicate the certificate since the stack comes straight from the SSL connection.
351
info.certs.push_back(new Certificate(X509_dup(cert)));
355
info.cipher = SSL_get_cipher_name(ssl); // Nothing needs to be free'd.
357
IceInternal::fdToLocalAddress(fd, info.localAddr);
359
if(!IceInternal::fdToRemoteAddress(fd, info.remoteAddr))
363
// A bug exists in Windows XP Service Pack 2 that causes getpeername to return a
364
// "socket not connected" error when using IPv6. See the following bug report:
366
// https://connect.microsoft.com/WNDP/feedback/ViewFeedback.aspx?FeedbackID=338445
368
// As a workaround, we do not raise a socket exception, but instead return a
369
// "null" value for the remote address.
371
memset(&info.remoteAddr, 0, sizeof(info.remoteAddr));
372
info.remoteAddr.ss_family = AF_UNSPEC;
374
SocketException ex(__FILE__, __LINE__);
375
ex.error = IceInternal::getSocketErrno();
384
314
IceSSL::getSslErrors(bool verbose)