← Back to branch summary

~ubuntu-branches/ubuntu/quantal/zeroc-ice/quantal

« back to all changes in this revision

Viewing changes to cpp/src/IceSSL/Util.cpp

  • Committer: Bazaar Package Importer
  • Author(s): Cleto Martin Angelina
  • Date: 2011-04-25 18:44:24 UTC
  • mfrom: (6.1.14 sid)
  • Revision ID: james.westby@ubuntu.com-20110425184424-sep9i9euu434vq4c
Tags: 3.4.1-7
http://bugs.debian.org/623555
* Bug fix: "libdb5.1-java.jar was renamed to db.jar", thanks to Ondřej
  Surý (Closes: #623555).
* Bug fix: "causes noise in php5", thanks to Jayen Ashar (Closes:
  #623533).

Show diffs side-by-side

added added

removed removed

Lines of Context:
cpp/src/IceSSL/Util.cpp
1
1
// **********************************************************************
2
2
//
3
 
// Copyright (c) 2003-2009 ZeroC, Inc. All rights reserved.
 
3
// Copyright (c) 2003-2010 ZeroC, Inc. All rights reserved.
4
4
//
5
5
// This copy of Ice is licensed to you under the terms described in the
6
6
// ICE_LICENSE file included in this distribution.
7
7
//
8
8
// **********************************************************************
9
9
 
 
10
#include <IceUtil/Config.h>
 
11
#ifdef _WIN32
 
12
#   include <winsock2.h>
 
13
#endif
 
14
 
10
15
#include <IceSSL/Util.h>
 
16
#include <IceUtil/FileUtil.h>
11
17
#include <Ice/LocalException.h>
12
18
#include <Ice/Network.h>
13
19
 
14
20
#ifdef _WIN32
15
21
#   include <direct.h>
16
22
#   include <sys/types.h>
17
 
#   include <sys/stat.h>
18
 
#   ifdef _MSC_VER
19
 
#     define S_ISDIR(mode) ((mode) & _S_IFDIR)
20
 
#     define S_ISREG(mode) ((mode) & _S_IFREG)
21
 
#   endif
22
 
#else
23
 
#   include <sys/stat.h>
24
23
#endif
25
24
 
26
25
#include <openssl/err.h>
31
30
using namespace Ice;
32
31
using namespace IceSSL;
33
32
 
 
33
namespace
 
34
{
 
35
 
34
36
#ifndef OPENSSL_NO_DH
35
37
 
36
38
// The following arrays are predefined Diffie Hellman group parameters.
39
41
// They are not keys themselves, but the basis for generating DH keys
40
42
// on the fly.
41
43
 
42
 
static unsigned char dh512_p[] =
 
44
unsigned char dh512_p[] =
43
45
{
44
46
    0xF5,0x2A,0xFF,0x3C,0xE1,0xB1,0x29,0x40,0x18,0x11,0x8D,0x7C,
45
47
    0x84,0xA7,0x0A,0x72,0xD6,0x86,0xC4,0x03,0x19,0xC8,0x07,0x29,
49
51
    0xE9,0x2A,0x05,0x5F,
50
52
};
51
53
 
52
 
static unsigned char dh512_g[] = { 0x02 };
 
54
unsigned char dh512_g[] = { 0x02 };
53
55
 
54
 
static unsigned char dh1024_p[] =
 
56
unsigned char dh1024_p[] =
55
57
{
56
58
    0xF4,0x88,0xFD,0x58,0x4E,0x49,0xDB,0xCD,0x20,0xB4,0x9D,0xE4,
57
59
    0x91,0x07,0x36,0x6B,0x33,0x6C,0x38,0x0D,0x45,0x1D,0x0F,0x7C,
66
68
    0xA2,0x5E,0xC3,0x55,0xE9,0x2F,0x78,0xC7,
67
69
};
68
70
 
69
 
static unsigned char dh1024_g[] = { 0x02 };
 
71
unsigned char dh1024_g[] = { 0x02 };
70
72
 
71
 
static unsigned char dh2048_p[] =
 
73
unsigned char dh2048_p[] =
72
74
{
73
75
    0xF6,0x42,0x57,0xB7,0x08,0x7F,0x08,0x17,0x72,0xA2,0xBA,0xD6,
74
76
    0xA9,0x42,0xF3,0x05,0xE8,0xF9,0x53,0x11,0x39,0x4F,0xB6,0xF1,
94
96
    0xE9,0x32,0x0B,0x3B,
95
97
};
96
98
 
97
 
static unsigned char dh2048_g[] = { 0x02 };
 
99
unsigned char dh2048_g[] = { 0x02 };
98
100
 
99
 
static unsigned char dh4096_p[] =
 
101
unsigned char dh4096_p[] =
100
102
{
101
103
    0xFA,0x14,0x72,0x52,0xC1,0x4D,0xE1,0x5A,0x49,0xD4,0xEF,0x09,
102
104
    0x2D,0xC0,0xA8,0xFD,0x55,0xAB,0xD7,0xD9,0x37,0x04,0x28,0x09,
143
145
    0xB9,0xBD,0x78,0xE1,0x84,0x41,0xA0,0xDF,
144
146
};
145
147
 
146
 
static unsigned char dh4096_g[] = { 0x02 };
 
148
unsigned char dh4096_g[] = { 0x02 };
 
149
 
 
150
}
147
151
 
148
152
//
149
153
// Convert a predefined parameter set into a DH value.
281
285
    // argument is modified and true is returned. Otherwise
282
286
    // false is returned.
283
287
    //
284
 
#ifdef _WIN32
285
 
    struct _stat st;
286
 
    int err = ::_stat(path.c_str(), &st);
287
 
#else
288
 
    struct stat st;
289
 
    int err = ::stat(path.c_str(), &st);
290
 
#endif
 
288
    IceUtilInternal::structstat st;
 
289
    int err = IceUtilInternal::stat(path, &st);
291
290
    if(err == 0)
292
291
    {
293
292
        return dir ? S_ISDIR(st.st_mode) != 0 : S_ISREG(st.st_mode) != 0;
297
296
    {
298
297
#ifdef _WIN32
299
298
        string s = defaultDir + "\\" + path;
300
 
        err = ::_stat(s.c_str(), &st);
301
299
#else
302
300
        string s = defaultDir + "/" + path;
303
 
        err = ::stat(s.c_str(), &st);
304
301
#endif
 
302
        err = ::IceUtilInternal::stat(s.c_str(), &st);
305
303
        if(err == 0 && ((!dir && S_ISREG(st.st_mode)) || (dir && S_ISDIR(st.st_mode))))
306
304
        {
307
305
            path = s;
312
310
    return false;
313
311
}
314
312
 
315
 
ConnectionInfo
316
 
IceSSL::populateConnectionInfo(SSL* ssl, SOCKET fd, const string& adapterName, bool incoming)
317
 
{
318
 
    ConnectionInfo info;
319
 
    info.adapterName = adapterName;
320
 
    info.incoming = incoming;
321
 
 
322
 
    assert(ssl != 0);
323
 
 
324
 
    //
325
 
    // On the client side, SSL_get_peer_cert_chain returns the entire chain of certs.
326
 
    // On the server side, the peer certificate must be obtained separately.
327
 
    //
328
 
    // Since we have no clear idea whether the connection is server or client side,
329
 
    // the peer certificate is obtained separately and compared against the first
330
 
    // certificate in the chain. If they are not the same, it is added to the chain.
331
 
    //
332
 
    X509* cert = SSL_get_peer_certificate(ssl);
333
 
    STACK_OF(X509)* chain = SSL_get_peer_cert_chain(ssl);
334
 
    if(cert != 0 && (chain == 0 || sk_X509_num(chain) == 0 || cert != sk_X509_value(chain, 0)))
335
 
    {
336
 
        info.certs.push_back(new Certificate(cert));
337
 
    }
338
 
    else
339
 
    {
340
 
        X509_free(cert);
341
 
    }
342
 
 
343
 
    if(chain != 0)
344
 
    {
345
 
        for(int i = 0; i < sk_X509_num(chain); ++i)
346
 
        {
347
 
            X509* cert = sk_X509_value(chain, i);
348
 
            //
349
 
            // Duplicate the certificate since the stack comes straight from the SSL connection.
350
 
            //
351
 
            info.certs.push_back(new Certificate(X509_dup(cert)));
352
 
        }
353
 
    }
354
 
 
355
 
    info.cipher = SSL_get_cipher_name(ssl); // Nothing needs to be free'd.
356
 
 
357
 
    IceInternal::fdToLocalAddress(fd, info.localAddr);
358
 
 
359
 
    if(!IceInternal::fdToRemoteAddress(fd, info.remoteAddr))
360
 
    {
361
 
#ifdef _WIN32
362
 
        //
363
 
        // A bug exists in Windows XP Service Pack 2 that causes getpeername to return a
364
 
        // "socket not connected" error when using IPv6. See the following bug report:
365
 
        //
366
 
        // https://connect.microsoft.com/WNDP/feedback/ViewFeedback.aspx?FeedbackID=338445
367
 
        //
368
 
        // As a workaround, we do not raise a socket exception, but instead return a
369
 
        // "null" value for the remote address.
370
 
        //
371
 
        memset(&info.remoteAddr, 0, sizeof(info.remoteAddr));
372
 
        info.remoteAddr.ss_family = AF_UNSPEC;
373
 
#else
374
 
        SocketException ex(__FILE__, __LINE__);
375
 
        ex.error = IceInternal::getSocketErrno();
376
 
        throw ex;       
377
 
#endif
378
 
    }
379
 
 
380
 
    return info;
381
 
}
382
 
 
383
313
string
384
314
IceSSL::getSslErrors(bool verbose)
385
315
{