diff options
author | jeliazkov_i <jeliazkov_i@ae88bc3d-4319-0410-8dbf-d08b4c9d3795> | 2005-02-28 23:16:23 +0000 |
---|---|---|
committer | jeliazkov_i <jeliazkov_i@ae88bc3d-4319-0410-8dbf-d08b4c9d3795> | 2005-02-28 23:16:23 +0000 |
commit | e9660dd6848dd10a99d85fbc3f80471c5058045b (patch) | |
tree | d2bd2b2e5128375bb8ea4412aea5255bd26cf88d | |
parent | a9105a03c32ac109a14e94b61c25f9b4b47ef9a9 (diff) | |
download | ATCD-e9660dd6848dd10a99d85fbc3f80471c5058045b.tar.gz |
Mon Feb 28 17:06:44 2005 Iliyan Jeliazkov <jeliazkov_i@ociweb.com>
-rw-r--r-- | TAO/ChangeLog | 393 | ||||
-rw-r--r-- | TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Factory.cpp | 157 | ||||
-rw-r--r-- | TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Factory.h | 2 |
3 files changed, 358 insertions, 194 deletions
diff --git a/TAO/ChangeLog b/TAO/ChangeLog index 4cc83d97148..1e2565ba52e 100644 --- a/TAO/ChangeLog +++ b/TAO/ChangeLog @@ -1,3 +1,30 @@ +Mon Feb 28 17:06:44 2005 Iliyan Jeliazkov <jeliazkov_i@ociweb.com> + + * orbsvcs/orbsvcs/SSLIOP/SSLIOP_Factory.h: + * orbsvcs/orbsvcs/SSLIOP/SSLIOP_Factory.cpp: + + Fixed an issue with servers requiring client authentication, whereby + the server failed to resume an SSL session and terminates a + connection in the middle of the handshake, because the + (OpenSSL-based) SSL library was not getting correctly initialized + with a call to SSL_CTX_set_session_id_context(3), as pointed out in + the man page warnings section. + + Added new service configuration option "-SSLCAFile FORMAT:file" to + allow the user to explicitly specify where TAO must load the Trusted + Certificates from. The FORMAT is either "PEM" or "DER". Added new + service configuration option "-SSLCAPath directory" to allow + explicit specification of the directory, where the Trusted + Certificates are located. The directory must be in a particular + format - see openssl(1) fom more details on how to install + additional CA certificates. Added new service configuration option + "-SSLRand file1:file2:.." to allow specification of additional + sources of randomness (entropy). The option mimics the -rand option + on genrsa(1), for example. Note that on Windows platforms it accepts + semi-colon (";") as path delimiter vs. colon (":") on Unix + platforms. + + Mon Feb 28 21:37:12 UTC 2005 Johnny Willemsen <jwillemsen@remedy.nl> * tao/ObjRefTemplate/Default_ORTA.cpp: @@ -59,22 +86,22 @@ Mon Feb 28 11:14:35 2005 Ciju John <john_c@ociweb.com> Mon Feb 28 07:21:14 2005 J.T. Conklin <jtc@acorntoolworks.com> - * orbsvcs/performance-tests/RTEvent/RTCORBA_Baseline/RTCORBA_Baseline.mpc: - * orbsvcs/performance-tests/RTEvent/RTCORBA_Callback/RTCORBA_Callback.mpc: - Reverted: - Fri Feb 25 21:58:39 2005 J.T. Conklin <jtc@acorntoolworks.com> + * orbsvcs/performance-tests/RTEvent/RTCORBA_Baseline/RTCORBA_Baseline.mpc: + * orbsvcs/performance-tests/RTEvent/RTCORBA_Callback/RTCORBA_Callback.mpc: + Reverted: + Fri Feb 25 21:58:39 2005 J.T. Conklin <jtc@acorntoolworks.com> - MPC's custom_only feature does not work with VC71. + MPC's custom_only feature does not work with VC71. - * orbsvcs/performance-tests/LoadBalancing/LBPerf/RPS/LoadBalancing.mpc: - * orbsvcs/orbsvcs/CosNaming.mpc: - * orbsvcs/orbsvcs/CosTrading.mpc: - * orbsvcs/orbsvcs/DsLogAdmin.mpc: + * orbsvcs/performance-tests/LoadBalancing/LBPerf/RPS/LoadBalancing.mpc: + * orbsvcs/orbsvcs/CosNaming.mpc: + * orbsvcs/orbsvcs/CosTrading.mpc: + * orbsvcs/orbsvcs/DsLogAdmin.mpc: - Reverted: - Fri Feb 25 07:00:19 2005 J.T. Conklin <jtc@acorntoolworks.com> + Reverted: + Fri Feb 25 07:00:19 2005 J.T. Conklin <jtc@acorntoolworks.com> - MPC's custom_only feature does not work with VC71. + MPC's custom_only feature does not work with VC71. Mon Feb 28 14:43:12 UTC 2005 Johnny Willemsen <jwillemsen@remedy.nl> @@ -149,61 +176,61 @@ Sun Feb 27 07:42:12 UTC 2005 Johnny Willemsen <jwillemsen@remedy.nl> Sat Feb 26 15:35:42 2005 J.T. Conklin <jtc@acorntoolworks.com> - * utils/catior/Makefile.am: - * utils/nslist/Makefile.am: + * utils/catior/Makefile.am: + * utils/nslist/Makefile.am: - Regenerated. + Regenerated. Sat Feb 26 15:17:19 2005 J.T. Conklin <jtc@acorntoolworks.com> - * orbsvcs/tests/Makefile.am: - * orbsvcs/tests/AVStreams/Makefile.am: - * orbsvcs/tests/AVStreams/Asynch_Three_Stage/Makefile.am: - * orbsvcs/tests/AVStreams/Bidirectional_Flows/Makefile.am: - * orbsvcs/tests/AVStreams/Component_Switching/Makefile.am: - * orbsvcs/tests/AVStreams/Full_Profile/Makefile.am: - * orbsvcs/tests/AVStreams/Latency/Makefile.am: - * orbsvcs/tests/AVStreams/Modify_QoS/Makefile.am: - * orbsvcs/tests/AVStreams/Multicast/Makefile.am: - * orbsvcs/tests/AVStreams/Multicast_Full_Profile/Makefile.am: - * orbsvcs/tests/AVStreams/Multiple_Flows/Makefile.am: - * orbsvcs/tests/AVStreams/Pluggable/Makefile.am: - * orbsvcs/tests/AVStreams/Pluggable_Flow_Protocol/Makefile.am: - * orbsvcs/tests/AVStreams/Simple_Three_Stage/Makefile.am: - * orbsvcs/tests/AVStreams/Simple_Two_Stage/Makefile.am: - * orbsvcs/tests/AVStreams/Simple_Two_Stage_With_QoS/Makefile.am: + * orbsvcs/tests/Makefile.am: + * orbsvcs/tests/AVStreams/Makefile.am: + * orbsvcs/tests/AVStreams/Asynch_Three_Stage/Makefile.am: + * orbsvcs/tests/AVStreams/Bidirectional_Flows/Makefile.am: + * orbsvcs/tests/AVStreams/Component_Switching/Makefile.am: + * orbsvcs/tests/AVStreams/Full_Profile/Makefile.am: + * orbsvcs/tests/AVStreams/Latency/Makefile.am: + * orbsvcs/tests/AVStreams/Modify_QoS/Makefile.am: + * orbsvcs/tests/AVStreams/Multicast/Makefile.am: + * orbsvcs/tests/AVStreams/Multicast_Full_Profile/Makefile.am: + * orbsvcs/tests/AVStreams/Multiple_Flows/Makefile.am: + * orbsvcs/tests/AVStreams/Pluggable/Makefile.am: + * orbsvcs/tests/AVStreams/Pluggable_Flow_Protocol/Makefile.am: + * orbsvcs/tests/AVStreams/Simple_Three_Stage/Makefile.am: + * orbsvcs/tests/AVStreams/Simple_Two_Stage/Makefile.am: + * orbsvcs/tests/AVStreams/Simple_Two_Stage_With_QoS/Makefile.am: - Regenerated. + Regenerated. - * orbsvcs/orbsvcs/Makefile.am: + * orbsvcs/orbsvcs/Makefile.am: - Regenerated without QoS support. + Regenerated without QoS support. - * configure.ac: + * configure.ac: - Add orbsvcs/test/BiDir_CORBALOC/Makefile to AC_CONFIG_FILES - list. + Add orbsvcs/test/BiDir_CORBALOC/Makefile to AC_CONFIG_FILES + list. - * orbsvcs/test/BiDir_CORBALOC/Makefile.am: + * orbsvcs/test/BiDir_CORBALOC/Makefile.am: - New file. + New file. Fri Feb 25 21:58:39 2005 J.T. Conklin <jtc@acorntoolworks.com> - * orbsvcs/performance-tests/RTEvent/Colocated_Roundtrip/Makefile.am: - * orbsvcs/performance-tests/RTEvent/Federated_Roundtrip/Makefile.am: - * orbsvcs/performance-tests/RTEvent/RTCORBA_Baseline/Makefile.am: - * orbsvcs/performance-tests/RTEvent/RTCORBA_Callback/Makefile.am: - * orbsvcs/performance-tests/RTEvent/Roundtrip/Makefile.am: - * orbsvcs/performance-tests/RTEvent/TCP_Baseline/Makefile.am: - * orbsvcs/performance-tests/RTEvent/lib/Makefile.am: + * orbsvcs/performance-tests/RTEvent/Colocated_Roundtrip/Makefile.am: + * orbsvcs/performance-tests/RTEvent/Federated_Roundtrip/Makefile.am: + * orbsvcs/performance-tests/RTEvent/RTCORBA_Baseline/Makefile.am: + * orbsvcs/performance-tests/RTEvent/RTCORBA_Callback/Makefile.am: + * orbsvcs/performance-tests/RTEvent/Roundtrip/Makefile.am: + * orbsvcs/performance-tests/RTEvent/TCP_Baseline/Makefile.am: + * orbsvcs/performance-tests/RTEvent/lib/Makefile.am: - Regenerated. + Regenerated. - * orbsvcs/performance-tests/RTEvent/RTCORBA_Baseline/RTCORBA_Baseline.mpc: - * orbsvcs/performance-tests/RTEvent/RTCORBA_Callback/RTCORBA_Callback.mpc: + * orbsvcs/performance-tests/RTEvent/RTCORBA_Baseline/RTCORBA_Baseline.mpc: + * orbsvcs/performance-tests/RTEvent/RTCORBA_Callback/RTCORBA_Callback.mpc: - Add new project for IDL generation. + Add new project for IDL generation. Fri Feb 25 18:39:12 UTC 2005 Johnny Willemsen <jwillemsen@remedy.nl> @@ -213,25 +240,25 @@ Fri Feb 25 18:39:12 UTC 2005 Johnny Willemsen <jwillemsen@remedy.nl> Fri Feb 25 07:00:19 2005 J.T. Conklin <jtc@acorntoolworks.com> - * orbsvcs/performance-tests/LoadBalancing/LBPerf/RPS/Makefile.am: + * orbsvcs/performance-tests/LoadBalancing/LBPerf/RPS/Makefile.am: - Regenerated. + Regenerated. - * orbsvcs/performance-tests/LoadBalancing/LBPerf/RPS/LoadBalancing.mpc: + * orbsvcs/performance-tests/LoadBalancing/LBPerf/RPS/LoadBalancing.mpc: - Added new project just for IDL generation using the new MPC - "custom_only" feature. This avoids problems in MPC's automake - support when aggregating multiple project Makefile.am's that - each contain rules to compile the IDL files. + Added new project just for IDL generation using the new MPC + "custom_only" feature. This avoids problems in MPC's automake + support when aggregating multiple project Makefile.am's that + each contain rules to compile the IDL files. - * orbsvcs/orbsvcs/CosNaming.mpc: - * orbsvcs/orbsvcs/CosTrading.mpc: - * orbsvcs/orbsvcs/DsLogAdmin.mpc: + * orbsvcs/orbsvcs/CosNaming.mpc: + * orbsvcs/orbsvcs/CosTrading.mpc: + * orbsvcs/orbsvcs/DsLogAdmin.mpc: - Added new project just for IDL generation using the new MPC - "custom_only" feature. This avoids a MPC bug where only source - files which are actually used in a project that compiles an IDL - file are added to the list of output files. + Added new project just for IDL generation using the new MPC + "custom_only" feature. This avoids a MPC bug where only source + files which are actually used in a project that compiles an IDL + file are added to the list of output files. Fri Feb 25 14:05:12 UTC 2005 Johnny Willemsen <jwillemsen@remedy.nl> @@ -285,170 +312,170 @@ Fri Feb 25 09:46:12 UTC 2005 Johnny Willemsen <jwillemsen@remedy.nl> Thu Feb 24 23:29:14 2005 Ossama Othman <ossama@dre.vanderbilt.edu> - * TAO_IDL/be/be_visitor_interface/interface_ss.cpp: - * TAO_IDL/be/be_visitor_operation/operation_ss.cpp: + * TAO_IDL/be/be_visitor_interface/interface_ss.cpp: + * TAO_IDL/be/be_visitor_operation/operation_ss.cpp: - Fixed unused "servant_upcall" argument warning in the case where - interceptor support is disabled. + Fixed unused "servant_upcall" argument warning in the case where + interceptor support is disabled. Thu Feb 24 23:13:36 2005 Ossama Othman <ossama@dre.vanderbilt.edu> - * tao/SystemException.h (SystemException): + * tao/SystemException.h (SystemException): - Made copy constructor public. HP aC++ wants to have a public - copy constructor when the exception is listed in an exception - specification. + Made copy constructor public. HP aC++ wants to have a public + copy constructor when the exception is listed in an exception + specification. Thu Feb 24 22:49:17 2005 Ossama Othman <ossama@dre.vanderbilt.edu> - * tao/PortableServer/Upcall_Wrapper.h: + * tao/PortableServer/Upcall_Wrapper.h: - Removed include directive for "tao/Environment.h". Johnny's - CORBA::Environment forward declaration fulfils the - requirements. + Removed include directive for "tao/Environment.h". Johnny's + CORBA::Environment forward declaration fulfils the + requirements. Thu Feb 24 22:19:33 2005 Ossama Othman <ossama@dre.vanderbilt.edu> - * tao/Sequence.cpp: - * tao/Sequence_T.cpp: - * tao/DynamicAny/DynAny_i.cpp: - * tao/DynamicAny/DynArray_i.cpp: - * tao/DynamicAny/DynCommon.cpp: - * tao/DynamicAny/DynSequence_i.cpp: - * tao/DynamicAny/DynUnion_i.cpp: - * tao/Messaging/Asynch_Invocation_Adapter.cpp: - * tao/Messaging/Connection_Timeout_Policy_i.cpp: - * tao/PortableServer/Active_Object_Map.cpp: - * tao/PortableServer/Collocated_Object_Proxy_Broker.cpp: - * tao/RTCORBA/Network_Priority_Mapping_Manager.i: - * tao/RTCORBA/Priority_Mapping_Manager.i: - * tao/RTCORBA/RT_Invocation_Endpoint_Selectors.cpp: - * tao/RTCORBA/RT_ORB.cpp: - * tao/RTCORBA/RT_Policy_i.cpp: - * tao/RTCORBA/RT_Protocols_Hooks.cpp: - * tao/RTCORBA/RT_Stub.cpp: - * tao/RTCORBA/RT_Transport_Descriptor.cpp: - * tao/RTCORBA/RT_Transport_Descriptor_Property.cpp: - * tao/RTPortableServer/RT_Policy_Validator.cpp: - * tao/RTScheduling/Current.cpp: - * tao/RTScheduling/RTScheduler_Manager.i: - * tao/RTScheduling/Request_Interceptor.cpp: - * tao/Strategies/DIOP_Acceptor.cpp: - * tao/Strategies/DIOP_Connector.cpp: - * tao/Strategies/DIOP_Endpoint.cpp: - * tao/Strategies/DIOP_Profile.cpp: - * tao/Strategies/SCIOP_Acceptor.cpp: - * tao/Strategies/SCIOP_Connector.cpp: - * tao/Strategies/SCIOP_Endpoint.cpp: - * tao/Strategies/SCIOP_Profile.cpp: - * tao/Strategies/SCIOP_Transport.cpp: - * tao/Strategies/UIOP_Endpoint.cpp: - * tao/Strategies/sciop_endpoints.cpp: - * tao/Strategies/sciop_endpoints.i: - * tao/Strategies/uiop_endpoints.cpp: - * tao/Strategies/uiop_endpoints.i: - * tao/Valuetype/AbstractBase.cpp: - * tao/Valuetype/Sequence_T.inl: - * tao/Valuetype/ValueBase.cpp: - * tao/Valuetype/ValueFactory_Map.cpp: - * tao/Valuetype/Value_VarOut_T.cpp: + * tao/Sequence.cpp: + * tao/Sequence_T.cpp: + * tao/DynamicAny/DynAny_i.cpp: + * tao/DynamicAny/DynArray_i.cpp: + * tao/DynamicAny/DynCommon.cpp: + * tao/DynamicAny/DynSequence_i.cpp: + * tao/DynamicAny/DynUnion_i.cpp: + * tao/Messaging/Asynch_Invocation_Adapter.cpp: + * tao/Messaging/Connection_Timeout_Policy_i.cpp: + * tao/PortableServer/Active_Object_Map.cpp: + * tao/PortableServer/Collocated_Object_Proxy_Broker.cpp: + * tao/RTCORBA/Network_Priority_Mapping_Manager.i: + * tao/RTCORBA/Priority_Mapping_Manager.i: + * tao/RTCORBA/RT_Invocation_Endpoint_Selectors.cpp: + * tao/RTCORBA/RT_ORB.cpp: + * tao/RTCORBA/RT_Policy_i.cpp: + * tao/RTCORBA/RT_Protocols_Hooks.cpp: + * tao/RTCORBA/RT_Stub.cpp: + * tao/RTCORBA/RT_Transport_Descriptor.cpp: + * tao/RTCORBA/RT_Transport_Descriptor_Property.cpp: + * tao/RTPortableServer/RT_Policy_Validator.cpp: + * tao/RTScheduling/Current.cpp: + * tao/RTScheduling/RTScheduler_Manager.i: + * tao/RTScheduling/Request_Interceptor.cpp: + * tao/Strategies/DIOP_Acceptor.cpp: + * tao/Strategies/DIOP_Connector.cpp: + * tao/Strategies/DIOP_Endpoint.cpp: + * tao/Strategies/DIOP_Profile.cpp: + * tao/Strategies/SCIOP_Acceptor.cpp: + * tao/Strategies/SCIOP_Connector.cpp: + * tao/Strategies/SCIOP_Endpoint.cpp: + * tao/Strategies/SCIOP_Profile.cpp: + * tao/Strategies/SCIOP_Transport.cpp: + * tao/Strategies/UIOP_Endpoint.cpp: + * tao/Strategies/sciop_endpoints.cpp: + * tao/Strategies/sciop_endpoints.i: + * tao/Strategies/uiop_endpoints.cpp: + * tao/Strategies/uiop_endpoints.i: + * tao/Valuetype/AbstractBase.cpp: + * tao/Valuetype/Sequence_T.inl: + * tao/Valuetype/ValueBase.cpp: + * tao/Valuetype/ValueFactory_Map.cpp: + * tao/Valuetype/Value_VarOut_T.cpp: Converting remaining deprecated ACE cast macro calls to their - standard C++ counterparts. + standard C++ counterparts. Thu Feb 24 22:09:24 2005 Ossama Othman <ossama@dre.vanderbilt.edu> - * tao/PortableServer/Upcall_Wrapper.cpp (upcall): + * tao/PortableServer/Upcall_Wrapper.cpp (upcall): - Instantiate TAO_PICurrent_Guard and perform upcall within their - own scope prior to invocation of an ending interception point. - Addresses a regression that was introduced after the skeleton - refactoring branch merge. + Instantiate TAO_PICurrent_Guard and perform upcall within their + own scope prior to invocation of an ending interception point. + Addresses a regression that was introduced after the skeleton + refactoring branch merge. Thu Feb 24 17:34:52 2005 Ossama Othman <ossama@dre.vanderbilt.edu> - * TAO_IDL/be/be_interface.cpp (gen_skel_helper): + * TAO_IDL/be/be_interface.cpp (gen_skel_helper): - Fixed order of "servant_upcall" and "servant" arguments passed - to "_skel" function corresponding to virtual base class. The - order was inadvertently swapped during the skeleton-refactor - merge. + Fixed order of "servant_upcall" and "servant" arguments passed + to "_skel" function corresponding to virtual base class. The + order was inadvertently swapped during the skeleton-refactor + merge. Thu Feb 24 16:07:15 2005 J.T. Conklin <jtc@acorntoolworks.com> - * orbsvcs/Concurrency_Service/Makefile.am: - * orbsvcs/CosEvent_Service/Makefile.am: - * orbsvcs/Dump_Schedule/Makefile.am: - * orbsvcs/Event_Service/Makefile.am: - * orbsvcs/FTRT_Event_Service/Event_Service/Makefile.am: - * orbsvcs/FTRT_Event_Service/Factory_Service/Makefile.am: - * orbsvcs/FTRT_Event_Service/Gateway_Service/Makefile.am: - * orbsvcs/FT_ReplicationManager/Makefile.am: - * orbsvcs/Fault_Detector/Makefile.am: - * orbsvcs/Fault_Notifier/Makefile.am: - * orbsvcs/IFR_Service/Makefile.am: - * orbsvcs/ImplRepo_Service/Makefile.am: - * orbsvcs/LifeCycle_Service/Makefile.am: - * orbsvcs/LoadBalancer/Makefile.am: - * orbsvcs/Logging_Service/Basic_Logging_Service/Makefile.am: - * orbsvcs/Logging_Service/Event_Logging_Service/Makefile.am: - * orbsvcs/Logging_Service/Notify_Logging_Service/Makefile.am: - * orbsvcs/Logging_Service/RTEvent_Logging_Service/Makefile.am: - * orbsvcs/Naming_Service/Makefile.am: - * orbsvcs/Notify_Service/Makefile.am: - * orbsvcs/Scheduling_Service/Makefile.am: - * orbsvcs/Time_Service/Makefile.am: - * orbsvcs/Trading_Service/Makefile.am: - - Regenerated. + * orbsvcs/Concurrency_Service/Makefile.am: + * orbsvcs/CosEvent_Service/Makefile.am: + * orbsvcs/Dump_Schedule/Makefile.am: + * orbsvcs/Event_Service/Makefile.am: + * orbsvcs/FTRT_Event_Service/Event_Service/Makefile.am: + * orbsvcs/FTRT_Event_Service/Factory_Service/Makefile.am: + * orbsvcs/FTRT_Event_Service/Gateway_Service/Makefile.am: + * orbsvcs/FT_ReplicationManager/Makefile.am: + * orbsvcs/Fault_Detector/Makefile.am: + * orbsvcs/Fault_Notifier/Makefile.am: + * orbsvcs/IFR_Service/Makefile.am: + * orbsvcs/ImplRepo_Service/Makefile.am: + * orbsvcs/LifeCycle_Service/Makefile.am: + * orbsvcs/LoadBalancer/Makefile.am: + * orbsvcs/Logging_Service/Basic_Logging_Service/Makefile.am: + * orbsvcs/Logging_Service/Event_Logging_Service/Makefile.am: + * orbsvcs/Logging_Service/Notify_Logging_Service/Makefile.am: + * orbsvcs/Logging_Service/RTEvent_Logging_Service/Makefile.am: + * orbsvcs/Naming_Service/Makefile.am: + * orbsvcs/Notify_Service/Makefile.am: + * orbsvcs/Scheduling_Service/Makefile.am: + * orbsvcs/Time_Service/Makefile.am: + * orbsvcs/Trading_Service/Makefile.am: + + Regenerated. Thu Feb 24 15:06:57 2005 J.T. Conklin <jtc@acorntoolworks.com> - * TAO_IDL/Makefile.am: - * orbsvcs/TAO_Service/Makefile.am: - * orbsvcs/orbsvcs/Makefile.am: - * tao/Makefile.am: + * TAO_IDL/Makefile.am: + * orbsvcs/TAO_Service/Makefile.am: + * orbsvcs/orbsvcs/Makefile.am: + * tao/Makefile.am: - Regenerated. + Regenerated. - * tao/tao.mpc: + * tao/tao.mpc: - Removed OBV_Constants.h from Header_Files section. + Removed OBV_Constants.h from Header_Files section. Thu Feb 24 12:54:54 2005 Ossama Othman <ossama@dre.vanderbilt.edu> - * tao/PortableServer/Fixed_Size_SArgument_T.cpp: - * tao/PortableServer/Fixed_Size_SArgument_T.h: - * tao/PortableServer/Fixed_Size_SArgument_T.inl: + * tao/PortableServer/Fixed_Size_SArgument_T.cpp: + * tao/PortableServer/Fixed_Size_SArgument_T.h: + * tao/PortableServer/Fixed_Size_SArgument_T.inl: - Fixed memory management and parameter passing problems. - Addresses run-time problems exhibited by applications that pass - fixed size types, such as fixed size structures, as parameters - or return values. + Fixed memory management and parameter passing problems. + Addresses run-time problems exhibited by applications that pass + fixed size types, such as fixed size structures, as parameters + or return values. Thu Feb 24 11:12:12 2005 Ossama Othman <ossama@dre.vanderbilt.edu> - * TAO_IDL/be/be_visitor_arg_traits.cpp (visit_attribute): + * TAO_IDL/be/be_visitor_arg_traits.cpp (visit_attribute): - Avoid generating a duplicate structure in the skeleton when - generating Arg_Traits<> for ThruPOA and direct collocation - code. + Avoid generating a duplicate structure in the skeleton when + generating Arg_Traits<> for ThruPOA and direct collocation + code. Thu Feb 24 10:38:04 2005 Ossama Othman <ossama@dre.vanderbilt.edu> - * tao/tao.mpc: + * tao/tao.mpc: - Removed all skeleton related "*SArgument* files. They are now - in the tao/PortableServer directory. + Removed all skeleton related "*SArgument* files. They are now + in the tao/PortableServer directory. Thu Feb 24 10:34:49 2005 Ossama Othman <ossama@dre.vanderbilt.edu> - * tao/Object_SArgument_T.h: - * tao/Var_Size_SArgument_T.h: + * tao/Object_SArgument_T.h: + * tao/Var_Size_SArgument_T.h: - Neglected to remove these files during the skeleton-refactor - branch merge. Thanks to J.T. for pointing out they were still - there. + Neglected to remove these files during the skeleton-refactor + branch merge. Thanks to J.T. for pointing out they were still + there. Thu Feb 24 18:14:23 2005 Olli Savia <ops@iki.fi> @@ -695,8 +722,8 @@ Tue Feb 22 07:31:33 2005 Ossama Othman <ossama@dre.vanderbilt.edu> Do not generate argument selection function templates if unconstrained interfaces were not seen in the IDL. Addresses - build problems for skeletons corresponding such IDL files. - Thanks to Johnny for pointing out the problem. + build problems for skeletons corresponding such IDL files. + Thanks to Johnny for pointing out the problem. Tue Feb 22 15:21:12 UTC 2005 Johnny Willemsen <jwillemsen@remedy.nl> diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Factory.cpp b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Factory.cpp index 5e29395ba31..95778a8cbe7 100644 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Factory.cpp +++ b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Factory.cpp @@ -10,6 +10,7 @@ #include "tao/debug.h" +#include "ace/SSL/sslconf.h" #include "ace/SSL/SSL_Context.h" @@ -18,8 +19,22 @@ ACE_RCSID (SSLIOP, "$Id$") +// An SSL session id seed value. Needs not be too unique, just somewhat +// different. See the OpenSSL manual +static const unsigned char session_id_context_[] = + "$Id$"; + +// Protocol name prefix static const char *prefix_[] = {"iiop", "ssliop"}; +// An OS-dependent path separator character +static const char *TAO_PATH_SEPARATOR_STRING = +#if defined(ACE_WIN32) + ACE_TEXT (";"); +#else + ACE_TEXT (":"); +#endif + namespace TAO { namespace SSLIOP @@ -81,7 +96,7 @@ TAO::SSLIOP::Protocol_Factory::make_acceptor (void) // Parses a X509 path. Beware: This function modifies // the buffer pointed to by arg! int -TAO::SSLIOP::Protocol_Factory::parse_x509_file_path (char *arg, +TAO::SSLIOP::Protocol_Factory::parse_x509_file (char *arg, char **path) { ACE_ASSERT (arg!= 0); @@ -108,6 +123,9 @@ TAO::SSLIOP::Protocol_Factory::init (int argc, char *certificate_path = 0; char *private_key_path = 0; char *dhparams_path = 0; + char *ca_file = 0; + char *ca_dir = 0; + char *rand_path = 0; int certificate_type = -1; int private_key_type = -1; @@ -126,11 +144,30 @@ TAO::SSLIOP::Protocol_Factory::init (int argc, // problems may occur later on due to lack of initialization of the // underlying SSL library (e.g. OpenSSL), which occurs when an // ACE_SSL_Context is instantiated. - // + // The code is cleaner this way anyway. ACE_SSL_Context * ssl_ctx = ACE_SSL_Context::instance (); ACE_ASSERT (ssl_ctx != 0); + size_t session_id_len = + (sizeof session_id_context_ >= SSL_MAX_SSL_SESSION_ID_LENGTH) + ? SSL_MAX_SSL_SESSION_ID_LENGTH + : sizeof session_id_context_; + + // Note that this function returns 1, if the operation succeded. + // See SSL_CTX_set_session_id_context(3) + if( 1 != ::SSL_CTX_set_session_id_context (ssl_ctx->context(), + session_id_context_, + session_id_len)) + { + if (TAO_debug_level > 0) + ACE_DEBUG ((LM_ERROR, + ACE_TEXT ("TAO (%P|%t) Unable to set the session id ") + ACE_TEXT ("context to \'%s\'\n"), session_id_context_)); + + return -1; + } + for (int curarg = 0; curarg != argc; ++curarg) { if ((ACE_OS::strcasecmp (argv[curarg], @@ -156,7 +193,7 @@ TAO::SSLIOP::Protocol_Factory::init (int argc, { if (TAO_debug_level > 0) ACE_DEBUG ((LM_ERROR, - ACE_TEXT ("(%P|%t) Unable to set eNULL ") + ACE_TEXT ("TAO (%P|%t) Unable to set eNULL ") ACE_TEXT ("SSL cipher in SSLIOP ") ACE_TEXT ("factory.\n"))); @@ -183,7 +220,7 @@ TAO::SSLIOP::Protocol_Factory::init (int argc, curarg++; if (curarg < argc) { - certificate_type = parse_x509_file_path (argv[curarg], &certificate_path); + certificate_type = parse_x509_file (argv[curarg], &certificate_path); } } @@ -193,7 +230,7 @@ TAO::SSLIOP::Protocol_Factory::init (int argc, curarg++; if (curarg < argc) { - private_key_type = parse_x509_file_path (argv[curarg], &private_key_path); + private_key_type = parse_x509_file (argv[curarg], &private_key_path); } } @@ -260,12 +297,112 @@ TAO::SSLIOP::Protocol_Factory::init (int argc, curarg++; if (curarg < argc) { - dhparams_type = parse_x509_file_path (argv[curarg], &dhparams_path); + dhparams_type = parse_x509_file (argv[curarg], &dhparams_path); + } + } + + else if (ACE_OS::strcasecmp (argv[curarg], + "-SSLCAfile") == 0) + { + curarg++; + if (curarg < argc) + { + (void) parse_x509_file (argv[curarg], &ca_file); + } + } + + else if (ACE_OS::strcasecmp (argv[curarg], + "-SSLCApath") == 0) + { + curarg++; + if (curarg < argc) + { + ca_dir = argv[curarg]; + } + } + + else if (ACE_OS::strcasecmp (argv[curarg], + "-SSLrand") == 0) + { + curarg++; + if (curarg < argc) + { + rand_path = argv[curarg]; } } + } + // Load some (more) entropy from the user specified sources + // in addition to what's pointed to by ACE_SSL_RAND_FILE_ENV + if (rand_path != 0) + { + short errors = 0; + char *file_name = 0; + const char *path = ACE_OS::strtok_r (rand_path, + TAO_PATH_SEPARATOR_STRING, + &file_name); + while ( path != 0) + { + if( -1 == ssl_ctx->seed_file (path, -1)) + { + errors++; + + if (TAO_debug_level > 0) + ACE_DEBUG ((LM_ERROR, + ACE_TEXT ("TAO (%P|%t) Failed to load ") + ACE_TEXT ("more entropy from <%s>: %m\n"), path)); + } + else + { + if (TAO_debug_level > 0) + ACE_DEBUG ((LM_ERROR, + ACE_TEXT ("TAO (%P|%t) Loaded ") + ACE_TEXT ("more entropy from <%s>\n"), path)); + } + + path = ACE_OS::strtok_r (0, TAO_PATH_SEPARATOR_STRING, &file_name); } + + if (errors > 0) + return -1; + } + + // Load any trusted certificates explicitely rather than relying on + // previously set SSL_CERT_FILE and/or SSL_CERT_PATH environment variable + if (ca_file != 0 || ca_dir != 0) + { + if (ssl_ctx->load_trusted_ca (ca_file, ca_dir) != 0) + { + if (TAO_debug_level > 0) + ACE_DEBUG ((LM_ERROR, + ACE_TEXT ("TAO (%P|%t) Unable to load ") + ACE_TEXT ("CA certs from %s%s%s\n"), + ((ca_file != 0) ? ca_file : ACE_TEXT ("a file pointed to by ") + ACE_TEXT (ACE_SSL_CERT_FILE_ENV) + ACE_TEXT (" env var (if any)")), + ACE_TEXT (" and "), + ((ca_dir != 0) ? ca_dir : ACE_TEXT ("a directory pointed to by ") + ACE_TEXT (ACE_SSL_CERT_DIR_ENV) + ACE_TEXT (" env var (if any)")))); + return -1; + } + else + { + if (TAO_debug_level > 0) + ACE_DEBUG ((LM_INFO, + ACE_TEXT ("TAO (%P|%t) SSLIOP loaded ") + ACE_TEXT ("Trusted Certificates from %s%s%s\n"), + ((ca_file != 0) ? ca_file : ACE_TEXT ("a file pointed to by ") + ACE_TEXT (ACE_SSL_CERT_FILE_ENV) + ACE_TEXT (" env var (if any)")), + ACE_TEXT (" and "), + ((ca_dir != 0) ? ca_dir : ACE_TEXT ("a directory pointed to by ") + ACE_TEXT (ACE_SSL_CERT_DIR_ENV) + ACE_TEXT (" env var (if any)")))); + } + } + // Load in the DH params. If there was a file explicitly specified, // then we do that here, otherwise we load them in from the cert file. // Note that we only do this on the server side, I think so we might @@ -331,7 +468,7 @@ TAO::SSLIOP::Protocol_Factory::init (int argc, { if (TAO_debug_level > 0) ACE_DEBUG ((LM_ERROR, - ACE_TEXT ("(%P|%t) Unable to set ") + ACE_TEXT ("TAO (%P|%t) Unable to set ") ACE_TEXT ("SSL certificate <%s> ") ACE_TEXT ("in SSLIOP factory.\n"), certificate_path)); @@ -342,7 +479,7 @@ TAO::SSLIOP::Protocol_Factory::init (int argc, { if (TAO_debug_level > 0) ACE_DEBUG ((LM_INFO, - ACE_TEXT ("(%P|%t) SSLIOP loaded ") + ACE_TEXT ("TAO (%P|%t) SSLIOP loaded ") ACE_TEXT ("SSL certificate ") ACE_TEXT ("from %s\n"), certificate_path)); @@ -357,7 +494,7 @@ TAO::SSLIOP::Protocol_Factory::init (int argc, if (TAO_debug_level > 0) { ACE_DEBUG ((LM_ERROR, - ACE_TEXT ("(%P|%t) Unable to set ") + ACE_TEXT ("TAO (%P|%t) Unable to set ") ACE_TEXT ("SSL private key ") ACE_TEXT ("<%s> in SSLIOP factory.\n"), private_key_path)); @@ -369,7 +506,7 @@ TAO::SSLIOP::Protocol_Factory::init (int argc, { if (TAO_debug_level > 0) ACE_DEBUG ((LM_INFO, - ACE_TEXT ("(%P|%t) SSLIOP loaded ") + ACE_TEXT ("TAO (%P|%t) SSLIOP loaded ") ACE_TEXT ("Private Key ") ACE_TEXT ("from %s\n"), private_key_path)); diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Factory.h b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Factory.h index 8429f0dc9ce..d4b989d0a0a 100644 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Factory.h +++ b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Factory.h @@ -93,7 +93,7 @@ namespace TAO /// /// Beware: This function modifies the buffer pointed to by arg! /// - static int parse_x509_file_path (char *arg, char **path); + static int parse_x509_file (char *arg, char **path); /// Create and register the SSLIOP ORB initializer. int register_orb_initializer ( |