diff options
author | Ossama Othman <ossama-othman@users.noreply.github.com> | 2001-03-20 09:35:28 +0000 |
---|---|---|
committer | Ossama Othman <ossama-othman@users.noreply.github.com> | 2001-03-20 09:35:28 +0000 |
commit | b2ed9e0c7ec3915e83415ecd51fdf2670b9eb0ee (patch) | |
tree | 1e5cdb20aecb9e9b6775e8abf9a7f76551090b09 | |
parent | 39a7e87b9fded44317dffa9c6f1ce00572d65452 (diff) | |
download | ATCD-b2ed9e0c7ec3915e83415ecd51fdf2670b9eb0ee.tar.gz |
ChangeLogTag:Tue Mar 20 01:33:24 2001 Ossama Othman <ossama@uci.edu>
-rw-r--r-- | ChangeLog | 11 | ||||
-rw-r--r-- | ChangeLogs/ChangeLog-02a | 11 | ||||
-rw-r--r-- | ChangeLogs/ChangeLog-03a | 11 | ||||
-rw-r--r-- | ace/SSL/SSL_SOCK_Acceptor.cpp | 62 | ||||
-rw-r--r-- | ace/SSL/SSL_SOCK_Connector.cpp | 48 | ||||
-rw-r--r-- | ace/SSL/SSL_SOCK_Stream.i | 111 |
6 files changed, 141 insertions, 113 deletions
diff --git a/ChangeLog b/ChangeLog index ffe813c2fe7..6f3308e1a91 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,14 @@ +Tue Mar 20 01:33:24 2001 Ossama Othman <ossama@uci.edu> + + * ace/SSL/SSL_SOCK_Acceptor.cpp (ssl_accept): + * ace/SSL/SSL_SOCK_Connector.cpp (ssl_connect): + * ace/SSL/SSL_SOCK_Stream.i (send, close): + + Wrap the underlying OpenSSL calls in a do-while(SSL_pending()) + loop. I decided to wrap the SSL_write() calls just in case. + This should fix the last of the non-blocking IO issues in ACE's + SSL wrappers. [Bug 393] + Tue Mar 20 00:40:43 2001 Ossama Othman <ossama@uci.edu> * ace/SSL/SSL_SOCK_Stream.i (recv): diff --git a/ChangeLogs/ChangeLog-02a b/ChangeLogs/ChangeLog-02a index ffe813c2fe7..6f3308e1a91 100644 --- a/ChangeLogs/ChangeLog-02a +++ b/ChangeLogs/ChangeLog-02a @@ -1,3 +1,14 @@ +Tue Mar 20 01:33:24 2001 Ossama Othman <ossama@uci.edu> + + * ace/SSL/SSL_SOCK_Acceptor.cpp (ssl_accept): + * ace/SSL/SSL_SOCK_Connector.cpp (ssl_connect): + * ace/SSL/SSL_SOCK_Stream.i (send, close): + + Wrap the underlying OpenSSL calls in a do-while(SSL_pending()) + loop. I decided to wrap the SSL_write() calls just in case. + This should fix the last of the non-blocking IO issues in ACE's + SSL wrappers. [Bug 393] + Tue Mar 20 00:40:43 2001 Ossama Othman <ossama@uci.edu> * ace/SSL/SSL_SOCK_Stream.i (recv): diff --git a/ChangeLogs/ChangeLog-03a b/ChangeLogs/ChangeLog-03a index ffe813c2fe7..6f3308e1a91 100644 --- a/ChangeLogs/ChangeLog-03a +++ b/ChangeLogs/ChangeLog-03a @@ -1,3 +1,14 @@ +Tue Mar 20 01:33:24 2001 Ossama Othman <ossama@uci.edu> + + * ace/SSL/SSL_SOCK_Acceptor.cpp (ssl_accept): + * ace/SSL/SSL_SOCK_Connector.cpp (ssl_connect): + * ace/SSL/SSL_SOCK_Stream.i (send, close): + + Wrap the underlying OpenSSL calls in a do-while(SSL_pending()) + loop. I decided to wrap the SSL_write() calls just in case. + This should fix the last of the non-blocking IO issues in ACE's + SSL wrappers. [Bug 393] + Tue Mar 20 00:40:43 2001 Ossama Othman <ossama@uci.edu> * ace/SSL/SSL_SOCK_Stream.i (recv): diff --git a/ace/SSL/SSL_SOCK_Acceptor.cpp b/ace/SSL/SSL_SOCK_Acceptor.cpp index f81a87fb23c..e9a6d9f3eac 100644 --- a/ace/SSL/SSL_SOCK_Acceptor.cpp +++ b/ace/SSL/SSL_SOCK_Acceptor.cpp @@ -13,7 +13,9 @@ ACE_ALLOC_HOOK_DEFINE(ACE_SSL_SOCK_Acceptor) #include "SSL_SOCK_Acceptor.i" #endif /* ACE_LACKS_INLINE_FUNCTIONS */ -ACE_RCSID (ACE_SSL, SSL_SOCK_Acceptor, "$Id$") +ACE_RCSID (ACE_SSL, + SSL_SOCK_Acceptor, + "$Id$") int ACE_SSL_SOCK_Acceptor::shared_accept_start (ACE_Time_Value *timeout, @@ -95,48 +97,50 @@ ACE_SSL_SOCK_Acceptor::ssl_accept (ACE_SSL_SOCK_Stream &new_stream) const if (!SSL_in_accept_init (new_stream.ssl ())) ::SSL_set_accept_state (new_stream.ssl ()); - int status = ::SSL_accept (new_stream.ssl ()); - - if (status <= 0) + int status = 0; + long verify_error = 0; + do { -// if (::BIO_sock_should_retry (status)) -// { + status = ::SSL_accept (new_stream.ssl ()); + switch (::SSL_get_error (new_stream.ssl (), status)) { + case SSL_ERROR_NONE: + verify_error = + ::SSL_get_verify_result (new_stream.ssl ()); + + if (verify_error != X509_V_OK) + { +#ifndef ACE_NDEBUG + ACE_DEBUG ((LM_DEBUG, + "(%P|%t) X.509 certificate verification " + "error:%s\n", + ::X509_verify_cert_error_string (verify_error))); +#endif /* ACE_NDEBUG */ + + (void) new_stream.close (); + return -1; + } + + return 0; + case SSL_ERROR_WANT_WRITE: case SSL_ERROR_WANT_READ: - case SSL_ERROR_WANT_X509_LOOKUP: - // If blocked, try again. - errno = EWOULDBLOCK; break; + default: #ifndef ACE_NDEBUG ERR_print_errors_fp (stderr); #endif /* ACE_NDEBUG */ - break; + return -1; } -// } -#ifndef ACE_NDEBUG -// else -// ERR_print_errors_fp (stderr); -#endif /* ACE_NDEBUG */ - // return -1; } + while (::SSL_pending (new_stream.ssl ())); - long verify_error = ::SSL_get_verify_result (new_stream.ssl ()); - if (verify_error != X509_V_OK) - { -#ifndef ACE_NDEBUG - ACE_DEBUG ((LM_DEBUG, - "(%P|%t) X.509 certificate verify error:%s\n", - ::X509_verify_cert_error_string (verify_error))); -#endif /* ACE_NDEBUG */ - - (void) new_stream.close (); - return -1; - } + // If we get this far then we would have blocked. + errno = EWOULDBLOCK; - return 0; + return -1; } // General purpose routine for accepting new connections. diff --git a/ace/SSL/SSL_SOCK_Connector.cpp b/ace/SSL/SSL_SOCK_Connector.cpp index 58aaf82ab0d..dc28dbe2bed 100644 --- a/ace/SSL/SSL_SOCK_Connector.cpp +++ b/ace/SSL/SSL_SOCK_Connector.cpp @@ -14,7 +14,9 @@ #include "SSL_SOCK_Connector.i" #endif /* ACE_LACKS_INLINE_FUNCTIONS */ -ACE_RCSID (ACE_SSL, SSL_SOCK_Connector, "$Id$") +ACE_RCSID (ACE_SSL, + SSL_SOCK_Connector, + "$Id$") ACE_ALLOC_HOOK_DEFINE(ACE_SSL_SOCK_Connector) @@ -99,38 +101,34 @@ ACE_SSL_SOCK_Connector::ssl_connect (ACE_SSL_SOCK_Stream &new_stream) if (!SSL_in_connect_init (new_stream.ssl ())) ::SSL_set_connect_state (new_stream.ssl ()); - int status = ::SSL_connect (new_stream.ssl ()); - if (status <= 0) + int status = 0; + do { - if (::BIO_sock_should_retry (status)) + status = ::SSL_connect (new_stream.ssl ()); + + switch (::SSL_get_error (new_stream.ssl (), status)) { - switch (::SSL_get_error (new_stream.ssl (), status)) - { - case SSL_ERROR_WANT_WRITE: - case SSL_ERROR_WANT_READ: - case SSL_ERROR_WANT_X509_LOOKUP: - // If blocked, try again. - errno = EWOULDBLOCK; - break; - default: + case SSL_ERROR_NONE: + // Start out with non-blocking disabled on the + // <new_stream>. + new_stream.disable (ACE_NONBLOCK); + return 0; + case SSL_ERROR_WANT_WRITE: + case SSL_ERROR_WANT_READ: + break; + default: #ifndef ACE_NDEBUG - ERR_print_errors_fp (stderr); + ERR_print_errors_fp (stderr); #endif /* ACE_NDEBUG */ - break; - } + return -1; } -#ifndef ACE_NDEBUG - else - ERR_print_errors_fp (stderr); -#endif /* ACE_NDEBUG */ - - return -1; } + while (::SSL_pending (new_stream.ssl ())); - // Start out with non-blocking disabled on the <new_stream>. - new_stream.disable (ACE_NONBLOCK); + // If we get this far then we would have blocked. + errno = EWOULDBLOCK; - return 0; + return -1; } int diff --git a/ace/SSL/SSL_SOCK_Stream.i b/ace/SSL/SSL_SOCK_Stream.i index 6971840c236..f9e6376cc59 100644 --- a/ace/SSL/SSL_SOCK_Stream.i +++ b/ace/SSL/SSL_SOCK_Stream.i @@ -69,26 +69,33 @@ ACE_SSL_SOCK_Stream::send (const void *buf, if (flags != 0) ACE_NOTSUP_RETURN (-1); - int status = ::SSL_write (this->ssl_, + int status = 0; + do + { + status = ::SSL_write (this->ssl_, ACE_static_cast (const char*, buf), n); - if (status <= 0) - { switch (::SSL_get_error (this->ssl_, status)) { + case SSL_ERROR_NONE: + return status; + case SSL_ERROR_WANT_READ: case SSL_ERROR_WANT_WRITE: - errno = EWOULDBLOCK; break; default: #ifndef ACE_NDEBUG ERR_print_errors_fp (stderr); #endif /* ACE_NDEBUG */ - break; + return -1; } } + while (::SSL_pending (this->ssl_)); - return status; + // If we get this far then we would have blocked. + errno = EWOULDBLOCK; + + return status; } ASYS_INLINE ssize_t @@ -122,6 +129,7 @@ ACE_SSL_SOCK_Stream::recv (void *buf, case SSL_ERROR_NONE: return status; case SSL_ERROR_WANT_READ: + case SSL_ERROR_WANT_WRITE: break; case SSL_ERROR_ZERO_RETURN: // @@ This appears to be the right/expected thing to do. @@ -131,7 +139,7 @@ ACE_SSL_SOCK_Stream::recv (void *buf, // the SSL "close_notify" message so we need to // shutdown, too. (void) ::SSL_shutdown (this->ssl_); - return 0; + return status; default: #ifndef ACE_NDEBUG ERR_print_errors_fp (stderr); @@ -141,7 +149,7 @@ ACE_SSL_SOCK_Stream::recv (void *buf, } while (::SSL_pending (this->ssl_)); - // If we get this far then, we would have blocked. + // If we get this far then we would have blocked. errno = EWOULDBLOCK; return status; @@ -155,24 +163,32 @@ ACE_SSL_SOCK_Stream::send (const void *buf, // @@ FIXME: Not thread safe! - int status = ::SSL_write (this->ssl_, + int status = 0; + + do + { + status = ::SSL_write (this->ssl_, ACE_static_cast (const char *, buf), n); - if (status <= 0) - { switch (::SSL_get_error (this->ssl_, status)) { + case SSL_ERROR_NONE: + return 0; + case SSL_ERROR_WANT_READ: case SSL_ERROR_WANT_WRITE: - errno = EWOULDBLOCK; break; default: #ifndef ACE_NDEBUG ERR_print_errors_fp (stderr); #endif /* ACE_NDEBUG */ - break; + return -1; } } + while (::SSL_pending (this->ssl_)); + + // If we get this far then we would have blocked. + errno = EWOULDBLOCK; return status; } @@ -198,6 +214,7 @@ ACE_SSL_SOCK_Stream::recv (void *buf, case SSL_ERROR_NONE: return status; case SSL_ERROR_WANT_READ: + case SSL_ERROR_WANT_WRITE: break; case SSL_ERROR_ZERO_RETURN: // @@ This appears to be the right/expected thing to do. @@ -207,7 +224,7 @@ ACE_SSL_SOCK_Stream::recv (void *buf, // the SSL "close_notify" message so we need to // shutdown, too. (void) ::SSL_shutdown (this->ssl_); - return 0; + return status; default: #ifndef ACE_NDEBUG ERR_print_errors_fp (stderr); @@ -217,7 +234,7 @@ ACE_SSL_SOCK_Stream::recv (void *buf, } while (::SSL_pending (this->ssl_)); - // If we get this far then, we would have blocked. + // If we get this far then we would have blocked. errno = EWOULDBLOCK; return status; @@ -277,33 +294,17 @@ ACE_SSL_SOCK_Stream::close (void) if (this->ssl_ == 0 || this->get_handle () == ACE_INVALID_HANDLE) return 0; // SSL_SOCK_Stream was never opened. - // SSL_shutdown() returns 1 on successful shutdown of the SSL - // connection, not 0. - int status = ::SSL_shutdown (this->ssl_); - - - if (status <= 0) + int status = 0; + do { + // SSL_shutdown() returns 1 on successful shutdown of the SSL + // connection, not 0. + status = ::SSL_shutdown (this->ssl_); + switch (::SSL_get_error (this->ssl_, status)) { -#if 0 - case SSL_ERROR_WANT_WRITE: - ACE_DEBUG ((LM_DEBUG, "SSL_ERROR_WANT_WRITE\n")); - break; - case SSL_ERROR_WANT_READ: - ACE_DEBUG ((LM_DEBUG, "SSL_ERROR_WANT_READ\n")); - break; - case SSL_ERROR_WANT_X509_LOOKUP: - ACE_DEBUG ((LM_DEBUG, "SSL_ERROR_WANT_X509_LOOKUP\n")); - break; case SSL_ERROR_NONE: - ACE_DEBUG ((LM_DEBUG, "SSL_ERROR_NONE\n")); - break; -#endif /* 0 */ - case SSL_ERROR_SYSCALL: - // ACE_DEBUG ((LM_DEBUG, "SSL_ERROR_SYSCALL\n")); - - // Ignore this error condition. + case SSL_ERROR_SYSCALL: // Ignore this error condition. // Don't set the handle in OpenSSL; only in the // SSL_SOCK_Stream. We do this to avoid any potential side @@ -313,33 +314,25 @@ ACE_SSL_SOCK_Stream::close (void) this->ACE_SSL_SOCK::set_handle (ACE_INVALID_HANDLE); return this->stream_.close (); - // break; -#if 0 - case SSL_ERROR_ZERO_RETURN: - ACE_DEBUG ((LM_DEBUG, "SSL_ERROR_ZERO_RETURN\n")); - break; -#endif /* 0 */ - default: -#ifndef ACE_NDEBUG - // ACE_DEBUG ((LM_DEBUG, "STATUS = %d\n", status)); -#endif /* ACE_NDEBUG */ + + case SSL_ERROR_WANT_READ: + case SSL_ERROR_WANT_WRITE: break; - } - // Save/restore errno - ACE_Errno_Guard error (errno); - (void) this->stream_.close (); + default: + ACE_Errno_Guard error (errno); // Save/restore errno + (void) this->stream_.close (); - return -1; + return -1; + } } + while (::SSL_pending (this->ssl_)); - // Don't set the handle in OpenSSL; only in the SSL_SOCK_Stream. We - // do this to avoid any potential side effects. - // Invoking ACE_SSL_SOCK::set_handle() bypasses the OpenSSL - // SSL_set_fd() call ACE_SSL_SOCK_Stream::set_handle() does. - this->ACE_SSL_SOCK::set_handle (ACE_INVALID_HANDLE); + // @@ Would this ever happen? + // If we get this far then we would have blocked. + errno = EWOULDBLOCK; - return this->stream_.close (); + return -1; } ASYS_INLINE ACE_SOCK_Stream & |