Added SSLIOP enhancements as factory config options. See SSLIOP-USAGE.html

for descriptions of -SSLCheckHost, -SSLPassword, and -SSLVersionList. -SSLCheckHost enforces verification of peer-host identity in certificate -SSLPassword supports password protected private keys -SSLVersionList limits allowed crypto library versions
author: Phil Mesnier <mesnier_p@ociweb.com> 2015-03-17 17:04:29 -0500
committer: Phil Mesnier <mesnier_p@ociweb.com> 2015-03-17 17:04:29 -0500
commit: abba99954a4df6c680aeb4764ece28885f199e14 (patch)
tree: 6c8d9737e2702499948a8c0fb9e48afa0ff038ce /TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Connector.cpp
parent: a4f928e8bf747aa2d20f7c367b3fd6beb078345b (diff)
download: ATCD-abba99954a4df6c680aeb4764ece28885f199e14.tar.gz
1 files changed, 20 insertions, 2 deletions
diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Connector.cpp b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Connector.cpp
index 99828bd5367..6b17c141510 100644
--- a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Connector.cpp
+++ b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Connector.cpp
@@ -22,9 +22,10 @@
 
 TAO_BEGIN_VERSIONED_NAMESPACE_DECL
 
-TAO::SSLIOP::Connector::Connector (::Security::QOP qop)
+TAO::SSLIOP::Connector::Connector (::Security::QOP qop, bool check_host)
   : TAO::IIOP_SSL_Connector (),
     qop_ (qop),
+    check_host_ (check_host),
     connect_strategy_ (),
     base_connector_ (0)
 {
@@ -682,6 +683,23 @@ TAO::SSLIOP::Connector::ssliop_connect (
               svc_handler->cancel_pending_connection ();
             }
 
+          // If required, verify the host in the endpoint match the cert
+          if (this->check_host_ && !svc_handler->check_host ())
+            {
+              // Close the handler.
+              svc_handler->close ();
+
+              if (TAO_debug_level > 0)
+                {
+                  ORBSVCS_ERROR ((LM_ERROR,
+                              "TAO (%P|%t) - SLIIOP_Connector::ssliop_connect, "
+                              "hostname verification failed\n"));
+                }
+
+              return 0;
+            }
+
+
           // At this point, the connection has be successfully connected.
           // #REFCOUNT# is one.
           if (TAO_debug_level > 2)
@@ -698,7 +716,7 @@ TAO::SSLIOP::Connector::ssliop_connect (
                                                                     transport);
 
           // Failure in adding to cache.
-        if (retval == -1)
+          if (retval == -1)
             {
               // Close the handler.
               svc_handler->close ();
author	Phil Mesnier <mesnier_p@ociweb.com>	2015-03-17 17:04:29 -0500
committer	Phil Mesnier <mesnier_p@ociweb.com>	2015-03-17 17:04:29 -0500
commit	abba99954a4df6c680aeb4764ece28885f199e14 (patch)
tree	6c8d9737e2702499948a8c0fb9e48afa0ff038ce /TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Connector.cpp
parent	a4f928e8bf747aa2d20f7c367b3fd6beb078345b (diff)
download	ATCD-abba99954a4df6c680aeb4764ece28885f199e14.tar.gz