diff options
author | Ossama Othman <ossama-othman@users.noreply.github.com> | 2002-01-17 06:50:53 +0000 |
---|---|---|
committer | Ossama Othman <ossama-othman@users.noreply.github.com> | 2002-01-17 06:50:53 +0000 |
commit | 88e9cab6f18d8436b503553ae595a4a7bc4cc6c6 (patch) | |
tree | 76239f6a6d2b4ebc2d710f432023322a6788fcd0 | |
parent | ed0959200a1f301be71aaf2c3b4b897e39cdf7e4 (diff) | |
download | ATCD-88e9cab6f18d8436b503553ae595a4a7bc4cc6c6.tar.gz |
ChangeLogTag:Wed Jan 16 22:46:12 2002 Ossama Othman <ossama@uci.edu>
-rw-r--r-- | TAO/ChangeLogs/ChangeLog-02a | 22 | ||||
-rw-r--r-- | TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Connector.cpp | 66 | ||||
-rw-r--r-- | TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Connector.h | 3 | ||||
-rw-r--r-- | TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Factory.cpp | 54 |
4 files changed, 95 insertions, 50 deletions
diff --git a/TAO/ChangeLogs/ChangeLog-02a b/TAO/ChangeLogs/ChangeLog-02a index 1bd2a89b69b..96bc25be36f 100644 --- a/TAO/ChangeLogs/ChangeLog-02a +++ b/TAO/ChangeLogs/ChangeLog-02a @@ -1,3 +1,25 @@ +Wed Jan 16 22:46:12 2002 Ossama Othman <ossama@uci.edu> + + * orbsvcs/orbsvcs/SSLIOP/SSLIOP_Connector.h (ssliop_connect): + + Updated this method to accept a "no protection" parameter. + + * orbsvcs/orbsvcs/SSLIOP/SSLIOP_Connector.cpp + (connect, ssliop_connect): + + In the "NoProtection/EstablishTrust" case, establish a + connection using the "eNULL" cipher. This disables encryption + but allows certificate authentication to occur. Previously two + connections were used, one to authenticate over SSL and the + other to invoke requests over plain IIOP, which is clearly + undesirable. + + * orbsvcs/orbsvcs/SSLIOP/SSLIOP_Factory.cpp (init): + + If "NoProtection" is enabled, then add the "eNULL" cipher to the + default cipher list. This allows encryption to be disabled + while allowing certificate authentication to occur. + Wed Jan 16 20:08:39 2002 Ossama Othman <ossama@uci.edu> * orbsvcs/orbsvcs/Security/PrincipalAuthenticator.h: diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Connector.cpp b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Connector.cpp index 75036087f93..490f740242d 100644 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Connector.cpp +++ b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Connector.cpp @@ -159,23 +159,25 @@ TAO_SSLIOP_Connector::connect (TAO_GIOP_Invocation *invocation, // if no establishment of trust policy was set. Specifically, if // the "trust" pointer below is zero, then the SSLIOP pluggable // protocol default value will be used. - Security::EstablishTrust *trust = 0; - Security::EstablishTrust tmp_trust = { 0 , 0 }; + Security::EstablishTrust trust = { 0 , 0 }; if (!CORBA::is_nil (trust_policy.in ())) { - tmp_trust = trust_policy->trust (TAO_ENV_SINGLE_ARG_PARAMETER); + trust = trust_policy->trust (TAO_ENV_SINGLE_ARG_PARAMETER); ACE_CHECK_RETURN (-1); - - trust = &tmp_trust; } + // Flag that states whether any form of establishment of trust + // should occur. + CORBA::Boolean establish_trust = + trust.trust_in_target || trust.trust_in_client; + // @@ Should this be in a "policy validator?" // // If the SSL port is zero, then no SSLIOP tagged component was // available in the IOR, meaning that there is no way to establish // trust. Throw an exception. if (ssl_endpoint->ssl_component ().port == 0 - && trust != 0) + && establish_trust) { if (TAO_debug_level > 0) { @@ -235,34 +237,16 @@ TAO_SSLIOP_Connector::connect (TAO_GIOP_Invocation *invocation, -1); } - if (no_protection || ssl_endpoint->ssl_component ().port == 0) + if ((!establish_trust && no_protection) + || ssl_endpoint->ssl_component ().port == 0) { - // If establishment of trust is required, then establish an - // SSLIOP connection first. Certificate verification will occur - // during the connection negotiation. If the SSLIOP connection - // is successfully negotiated, then trust is established and - // continue on to the unprotected connection. - if (ssl_endpoint->ssl_component ().port != 0 - && trust != 0 - && trust->trust_in_target) - { - int result = this->ssliop_connect (ssl_endpoint, - trust, - invocation, - desc - TAO_ENV_ARG_PARAMETER); - ACE_CHECK_RETURN (-1); - - if (result != 0) - return -1; - } - return this->iiop_connect (ssl_endpoint, invocation TAO_ENV_ARG_PARAMETER); } return this->ssliop_connect (ssl_endpoint, + no_protection, trust, invocation, desc @@ -353,7 +337,8 @@ TAO_SSLIOP_Connector::iiop_connect (TAO_SSLIOP_Endpoint *ssl_endpoint, int TAO_SSLIOP_Connector::ssliop_connect (TAO_SSLIOP_Endpoint *ssl_endpoint, - Security::EstablishTrust *trust, + int no_protection, + const Security::EstablishTrust &trust, TAO_GIOP_Invocation *invocation, TAO_Transport_Descriptor_Interface *desc TAO_ENV_ARG_DECL) @@ -435,8 +420,7 @@ TAO_SSLIOP_Connector::ssliop_connect (TAO_SSLIOP_Endpoint *ssl_endpoint, // ACE_Strategy_Connector (the "base_connector_"). This is // thread-safe and reentrant, hence no synchronization is // necessary. - if (trust != 0 - &&(trust->trust_in_client || trust->trust_in_target) + if ((trust.trust_in_client || trust.trust_in_target) && this->base_connector_.creation_strategy ()->make_svc_handler ( svc_handler) == 0) { @@ -448,11 +432,11 @@ TAO_SSLIOP_Connector::ssliop_connect (TAO_SSLIOP_Endpoint *ssl_endpoint, // // In SSLIOP's case, trust_in_client also implies // trust_in_target. - if (trust->trust_in_client) + if (trust.trust_in_client) verify_mode = SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT; // Require verification of the target's certificate. - else if (trust->trust_in_target) + else if (trust.trust_in_target) verify_mode = SSL_VERIFY_PEER; // Trust in neither the client nor the target is required. @@ -462,6 +446,18 @@ TAO_SSLIOP_Connector::ssliop_connect (TAO_SSLIOP_Endpoint *ssl_endpoint, ::SSL_set_verify (svc_handler->peer().ssl(), verify_mode, 0); + + if (no_protection + && ::SSL_set_cipher_list (svc_handler->peer().ssl(), + "eNULL") == 0) + { + if (TAO_debug_level > 0) + ACE_DEBUG ((LM_ERROR, + ACE_TEXT ("(%P|%t) Unable to set eNULL ") + ACE_TEXT ("SSL cipher.\n"))); + + ACE_THROW_RETURN (CORBA::INV_POLICY (), -1); + } } // @@ This needs to change in the next round when we implement @@ -490,7 +486,7 @@ TAO_SSLIOP_Connector::ssliop_connect (TAO_SSLIOP_Endpoint *ssl_endpoint, if (TAO_debug_level > 0) ACE_DEBUG ((LM_DEBUG, - ACE_TEXT ("(%P|%t) SSLIOP_Connector::connect ") + ACE_TEXT ("(%P|%t) SSLIOP_Connector::connect - ") ACE_TEXT ("The result is <%d> \n"), result)); if (result == -1) @@ -501,10 +497,8 @@ TAO_SSLIOP_Connector::ssliop_connect (TAO_SSLIOP_Endpoint *ssl_endpoint, ssl_endpoint->addr_to_string (buffer, sizeof (buffer) - 1); ACE_DEBUG ((LM_ERROR, - ACE_TEXT ("(%P|%t) %s:%u, connection to ") + ACE_TEXT ("(%P|%t) %N:%l, connection to ") ACE_TEXT ("%s, SSL port %d failed (%p)\n"), - __FILE__, - __LINE__, buffer, remote_address.get_port_number (), ACE_TEXT ("errno"))); diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Connector.h b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Connector.h index 5c11930cfc4..a33118639a9 100644 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Connector.h +++ b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Connector.h @@ -82,7 +82,8 @@ protected: /// SSLIOP-specific connection establishment. int ssliop_connect (TAO_SSLIOP_Endpoint *ssliop_endpoint, - Security::EstablishTrust *trust, + int no_protection, + const Security::EstablishTrust &trust, TAO_GIOP_Invocation *invocation, TAO_Transport_Descriptor_Interface *desc TAO_ENV_ARG_DECL); diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Factory.cpp b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Factory.cpp index ddba949a6b3..4787652afe6 100644 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Factory.cpp +++ b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Factory.cpp @@ -66,19 +66,24 @@ TAO_SSLIOP_Protocol_Factory::init (int argc, for (int curarg = 0; curarg != argc; ++curarg) { if (ACE_OS::strcasecmp (argv[curarg], - "-SSLDisable") == 0) + "-SSLNoProtection") == 0) { - ACE_ERROR ((LM_WARNING, - ACE_TEXT ("(%P|%t) \"-SSLDisable\" has been ") - ACE_TEXT ("superceded by the ") - ACE_TEXT ("\"-SSLNoProtection\" option.\n"))); + // Enable the eNULL cipher. Note that enabling the "eNULL" + // cipher only disables encryption. However, certificate + // exchanges will still occur. + if (::SSL_CTX_set_cipher_list ( + ACE_SSL_Context::instance ()->context (), + "DEFAULT:eNULL") == 0) + { + if (TAO_debug_level > 0) + ACE_DEBUG ((LM_ERROR, + ACE_TEXT ("(%P|%t) Unable to set eNULL ") + ACE_TEXT ("SSL cipher in SSLIOP ") + ACE_TEXT ("factory.\n"))); - this->no_protection_ = 1; - } + return -1; + } - else if (ACE_OS::strcasecmp (argv[curarg], - "-SSLNoProtection") == 0) - { this->no_protection_ = 1; } @@ -94,6 +99,7 @@ TAO_SSLIOP_Protocol_Factory::init (int argc, const char *path = ACE_OS::strtok_r (0, ":", &lasts); int type = -1; + if (ACE_OS::strcasecmp (type_name, "ASN1") == 0) { type = SSL_FILETYPE_ASN1; @@ -102,7 +108,17 @@ TAO_SSLIOP_Protocol_Factory::init (int argc, { type = SSL_FILETYPE_PEM; } - ACE_SSL_Context::instance ()->certificate (path, type); + + if (ACE_SSL_Context::instance ()->certificate (path, type) != 0) + { + if (TAO_debug_level > 0) + ACE_DEBUG ((LM_ERROR, + ACE_TEXT ("(%P|%t) Unable to set eNULL ") + ACE_TEXT ("SSL cipher in SSLIOP ") + ACE_TEXT ("factory.\n"))); + + return -1; + } } } @@ -126,7 +142,18 @@ TAO_SSLIOP_Protocol_Factory::init (int argc, { type = SSL_FILETYPE_PEM; } - ACE_SSL_Context::instance ()->private_key (path, type); + + if (ACE_SSL_Context::instance ()->private_key (path, type) != 0) + { + if (TAO_debug_level > 0) + ACE_DEBUG ((LM_ERROR, + ACE_TEXT ("(%P|%t) Unable to set eNULL ") + ACE_TEXT ("SSL cipher in SSLIOP ") + ACE_TEXT ("factory.\n"))); + + return -1; + } + } } @@ -149,8 +176,9 @@ TAO_SSLIOP_Protocol_Factory::init (int argc, || ACE_OS::strcasecmp (argv[curarg], "SERVER_AND_CLIENT") == 0) { - mode = SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT; + mode = SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT; } + ACE_SSL_Context::instance ()->default_verify_mode (mode); } } |