blob: 8f77c9b12a17ec3288a14641babdab79b1bf9d59 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
|
// -*- C++ -*-
#include "SSL_Connect_Handler.h"
#include "SSL_SOCK_Stream.h"
#include <openssl/err.h>
ACE_RCSID (ACE_SSL,
SSL_Connect_Handler,
"$Id$")
ACE_SSL_Connect_Handler::ACE_SSL_Connect_Handler (ACE_SSL_SOCK_Stream &s)
: ssl_stream_ (s)
{
}
ACE_SSL_Connect_Handler::~ACE_SSL_Connect_Handler (void)
{
}
ACE_HANDLE
ACE_SSL_Connect_Handler::get_handle (void) const
{
return this->ssl_stream_.get_handle ();
}
int
ACE_SSL_Connect_Handler::handle_input (ACE_HANDLE)
{
return this->ssl_connect ();
}
int
ACE_SSL_Connect_Handler::handle_output (ACE_HANDLE)
{
return this->ssl_connect ();
}
int
ACE_SSL_Connect_Handler::handle_close (ACE_HANDLE /* handle */,
ACE_Reactor_Mask /* close_mask */)
{
return this->ssl_stream_.close ();
}
int
ACE_SSL_Connect_Handler::ssl_connect (void)
{
// A race condition exists where data may be sent over an SSL
// session after the SSL active connection is completed but before
// this event handler is deregistered from the Reactor.
// Specifically data meant to be handled by SSL_read() could end up
// being handled by the SSL_connect() call below, resulting in an SSL
// protocol error (i.e. "SSL_ERROR_SSL" error status). The
// following check prevents the race condition.
if (SSL_is_init_finished (this->ssl_stream_.ssl ()))
return 0;
// The SSL_connect() call is wrapped in a do/while(SSL_pending())
// loop to force a full SSL record (SSL is a record-oriented
// protocol, not a stream-oriented one) to be read prior to
// returning to the Reactor. This is necessary to avoid some subtle
// problems where data from another record is potentially handled
// before the current record is fully handled.
do
{
int status = ::SSL_connect (this->ssl_stream_.ssl ());
switch (::SSL_get_error (this->ssl_stream_.ssl (), status))
{
case SSL_ERROR_NONE:
// Start out with non-blocking disabled on the SSL stream.
this->ssl_stream_.disable (ACE_NONBLOCK);
return 0;
case SSL_ERROR_WANT_WRITE:
case SSL_ERROR_WANT_READ:
break;
default:
#ifndef ACE_NDEBUG
ERR_print_errors_fp (stderr);
#endif /* ACE_NDEBUG */
return -1;
}
}
while (::SSL_pending (this->ssl_stream_.ssl ()));
return 0;
}
|