diff options
| author | Andrew Stitcher <astitcher@apache.org> | 2012-10-24 05:51:45 +0000 |
|---|---|---|
| committer | Andrew Stitcher <astitcher@apache.org> | 2012-10-24 05:51:45 +0000 |
| commit | 531c9d1aef70f788265f60ca63efb1654d6e32b7 (patch) | |
| tree | bb1927b69b5a2814c10db864f1853489dd0f80f2 /cpp/src/qpid/sys/ssl/SslSocket.cpp | |
| parent | 46ac396386fee5e816e5d3a9fae2355017e079bb (diff) | |
| download | qpid-python-531c9d1aef70f788265f60ca63efb1654d6e32b7.tar.gz | |
QPID-4272: Large amounts of code are duplicated between the SSL and TCP transports
Refactor SslMux support simplifying it and remove need for separate
SslHandler and SslIo code.
Refactored SSL client code to use the same connect and broker SSL to use the same
accept sequences as the TCP code. This also solves QPID-3565: IPv6 support for SSL
transport on Unix C++ client/broker
Remove now unneeded ssl files.
git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk/qpid@1401561 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'cpp/src/qpid/sys/ssl/SslSocket.cpp')
| -rw-r--r-- | cpp/src/qpid/sys/ssl/SslSocket.cpp | 10 |
1 files changed, 7 insertions, 3 deletions
diff --git a/cpp/src/qpid/sys/ssl/SslSocket.cpp b/cpp/src/qpid/sys/ssl/SslSocket.cpp index 22f9f63fff..a328e49c13 100644 --- a/cpp/src/qpid/sys/ssl/SslSocket.cpp +++ b/cpp/src/qpid/sys/ssl/SslSocket.cpp @@ -87,6 +87,7 @@ SslSocket::SslSocket(const std::string& certName, bool clientAuth) : { //configure prototype socket: prototype = SSL_ImportFD(0, PR_NewTCPSocket()); + if (clientAuth) { NSS_CHECK(SSL_OptionSet(prototype, SSL_REQUEST_CERTIFICATE, PR_TRUE)); NSS_CHECK(SSL_OptionSet(prototype, SSL_REQUIRE_CERTIFICATE, PR_TRUE)); @@ -131,7 +132,10 @@ void SslSocket::setTcpNoDelay() const void SslSocket::connect(const SocketAddress& addr) const { BSDSocket::connect(addr); +} +void SslSocket::finishConnect(const SocketAddress& addr) const +{ nssSocket = SSL_ImportFD(0, PR_ImportTCPSocket(fd)); void* arg; @@ -167,9 +171,9 @@ void SslSocket::close() const int SslSocket::listen(const SocketAddress& sa, int backlog) const { //get certificate and key (is this the correct way?) - std::string certName( (certname == "") ? "localhost.localdomain" : certname); - CERTCertificate *cert = PK11_FindCertFromNickname(const_cast<char*>(certName.c_str()), 0); - if (!cert) throw Exception(QPID_MSG("Failed to load certificate '" << certName << "'")); + std::string cName( (certname == "") ? "localhost.localdomain" : certname); + CERTCertificate *cert = PK11_FindCertFromNickname(const_cast<char*>(cName.c_str()), 0); + if (!cert) throw Exception(QPID_MSG("Failed to load certificate '" << cName << "'")); SECKEYPrivateKey *key = PK11_FindKeyByAnyCert(cert, 0); if (!key) throw Exception(QPID_MSG("Failed to retrieve private key from certificate")); NSS_CHECK(SSL_ConfigSecureServer(prototype, cert, key, NSS_FindCertKEAType(cert))); |