Fri Nov 28 16:32:00 UTC 2008 Johnny Willemsen <jwillemsen@remedy.nl>

        * ace/SSL/SSL_Asynch_Stream.cpp:
        * ace/SSL/SSL_Asynch_Stream.h:
        * ace/SSL/SSL_Asynch_Stream.inl:
          Added accessor for SSL structure.

        * ace/SSL/SSL_Context.cpp:
        * ace/SSL/SSL_Context.h:
        * ace/SSL/SSL_Context.inl:
          Added possibility to set verify callback

        * ace/SSL/Makefile.am:
          Added new SSL_Asynch_Stream.inl

          This fixes bugzilla 3494, thanks to Paul Daugherty
          <paul at nextalk dot com> for providing the patches

7 files changed, 50 insertions, 2 deletions

diff --git a/ACE/ace/SSL/Makefile.am b/ACE/ace/SSL/Makefile.am
index 135fa9b937b..3b244c2eab0 100644
--- a/ACE/ace/SSL/Makefile.am
+++ b/ACE/ace/SSL/Makefile.am
@@ -47,6 +47,7 @@ libACE_SSL_la_LIBADD = \
 nobase_include_HEADERS = \
   SSL_Asynch_BIO.h \
   SSL_Asynch_Stream.h \
+  SSL_Asynch_Stream.inl \
   SSL_Context.h \
   SSL_Context.inl \
   SSL_Export.h \
diff --git a/ACE/ace/SSL/SSL_Asynch_Stream.cpp b/ACE/ace/SSL/SSL_Asynch_Stream.cpp
index 216f6cfd962..e586f4a6f07 100644
--- a/ACE/ace/SSL/SSL_Asynch_Stream.cpp
+++ b/ACE/ace/SSL/SSL_Asynch_Stream.cpp
@@ -17,6 +17,10 @@ ACE_RCSID (ACE_SSL,
 #include "ace/Proactor.h"
 #include "ace/Truncate.h"
 
+#if !defined(__ACE_INLINE__)
+#include "SSL_Asynch_Stream.inl"
+#endif /* __ACE_INLINE__ */
+
 #include <openssl/err.h>
 
 ACE_BEGIN_VERSIONED_NAMESPACE_DECL
diff --git a/ACE/ace/SSL/SSL_Asynch_Stream.h b/ACE/ace/SSL/SSL_Asynch_Stream.h
index 671cca46c24..ccc3e8adcd3 100644
--- a/ACE/ace/SSL/SSL_Asynch_Stream.h
+++ b/ACE/ace/SSL/SSL_Asynch_Stream.h
@@ -185,6 +185,9 @@ public:
 
   int close (void);
 
+  /// Return a pointer to the underlying SSL structure.
+  SSL *ssl (void) const;
+
   /**
    * Initializes the factory with information which will be used with
    * each asynchronous call.
@@ -417,6 +420,10 @@ protected:
 
 ACE_END_VERSIONED_NAMESPACE_DECL
 
+#if defined(__ACE_INLINE__)
+#include "SSL_Asynch_Stream.inl"
+#endif /* __ACE_INLINE__ */
+
 #endif  /* OPENSSL_VERSION_NUMBER > 0x0090581fL && (ACE_WIN32 ||
            ACE_HAS_AIO_CALLS) */
 
diff --git a/ACE/ace/SSL/SSL_Asynch_Stream.inl b/ACE/ace/SSL/SSL_Asynch_Stream.inl
new file mode 100644
index 00000000000..1fe5cc2ae9d
--- /dev/null
+++ b/ACE/ace/SSL/SSL_Asynch_Stream.inl
@@ -0,0 +1,13 @@
+// -*- C++ -*-
+//
+// $Id$
+
+ACE_BEGIN_VERSIONED_NAMESPACE_DECL
+
+ACE_INLINE SSL *
+ACE_SSL_Asynch_Stream::ssl (void) const
+{
+  return this->ssl_;
+}
+
+ACE_END_VERSIONED_NAMESPACE_DECL
diff --git a/ACE/ace/SSL/SSL_Context.cpp b/ACE/ace/SSL/SSL_Context.cpp
index c1fe7bf7006..b58f7e1c1d5 100644
--- a/ACE/ace/SSL/SSL_Context.cpp
+++ b/ACE/ace/SSL/SSL_Context.cpp
@@ -112,6 +112,7 @@ ACE_SSL_Context::ACE_SSL_Context (void)
   : context_ (0),
     mode_ (-1),
     default_verify_mode_ (SSL_VERIFY_NONE),
+    default_verify_callback_ (0),
     have_ca_ (0)
 {
   ACE_SSL_Context::ssl_library_init ();
diff --git a/ACE/ace/SSL/SSL_Context.h b/ACE/ace/SSL/SSL_Context.h
index 322b79b709b..575e5ca02bd 100644
--- a/ACE/ace/SSL/SSL_Context.h
+++ b/ACE/ace/SSL/SSL_Context.h
@@ -264,7 +264,6 @@ public:
    */
   void set_verify_peer (int strict = 0, int once = 1, int depth = 0);
 
-
   /// TODO: a implementation that will lookup the CTX table for the list
   /// of files and paths etc.
   /// Query the location of trusted certification authority
@@ -281,6 +280,14 @@ public:
   int default_verify_mode (void) const;
 
   /**
+   * Set and query the default verify callback for this context, it is
+   * inherited by all the ACE_SSL objects created using the context.
+   * It can be overriden on a per-ACE_SSL object.
+   */
+  void default_verify_callback (int (*callback) (int, X509_STORE_CTX *));
+  int (*default_verify_callback(void) const) (int,X509_STORE_CTX *);
+
+  /**
    * @name OpenSSL Random Number Generator Seed Related Methods
    *
    * These are methods that can be used to seed OpenSSL's
@@ -362,6 +369,9 @@ private:
   /// The default verify mode.
   int default_verify_mode_;
 
+  /// The default verify callback.
+  int (*default_verify_callback_)(int, X509_STORE_CTX *);
+
   /// count of successful CA load attempts
   int have_ca_;
 
diff --git a/ACE/ace/SSL/SSL_Context.inl b/ACE/ace/SSL/SSL_Context.inl
index 9962ad09bdc..8bb59b58b41 100644
--- a/ACE/ace/SSL/SSL_Context.inl
+++ b/ACE/ace/SSL/SSL_Context.inl
@@ -40,7 +40,8 @@ ACE_SSL_Context::check_context (void)
       this->set_mode ();
     }
 
-  ::SSL_CTX_set_verify (this->context_, this->default_verify_mode (), 0);
+  ::SSL_CTX_set_verify (this->context_, this->default_verify_mode (),
+                        this->default_verify_callback ());
 }
 
 ACE_INLINE SSL_CTX *
@@ -98,6 +99,17 @@ ACE_SSL_Context::default_verify_mode (void) const
   return this->default_verify_mode_;
 }
 
+ACE_INLINE void
+ACE_SSL_Context::default_verify_callback (int (*callback) (int, X509_STORE_CTX*))
+{
+  this->default_verify_callback_ = callback;
+}
+
+ACE_INLINE int (*ACE_SSL_Context::default_verify_callback(void) const)(int,X509_STORE_CTX *)
+{
+  return this->default_verify_callback_;
+}
+
 ACE_INLINE int
 ACE_SSL_Context::get_mode (void) const
 {