From 531c9d1aef70f788265f60ca63efb1654d6e32b7 Mon Sep 17 00:00:00 2001 From: Andrew Stitcher Date: Wed, 24 Oct 2012 05:51:45 +0000 Subject: QPID-4272: Large amounts of code are duplicated between the SSL and TCP transports Refactor SslMux support simplifying it and remove need for separate SslHandler and SslIo code. Refactored SSL client code to use the same connect and broker SSL to use the same accept sequences as the TCP code. This also solves QPID-3565: IPv6 support for SSL transport on Unix C++ client/broker Remove now unneeded ssl files. git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk/qpid@1401561 13f79535-47bb-0310-9956-ffa450edef68 --- cpp/src/qpid/sys/ssl/SslSocket.cpp | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) (limited to 'cpp/src/qpid/sys/ssl/SslSocket.cpp') diff --git a/cpp/src/qpid/sys/ssl/SslSocket.cpp b/cpp/src/qpid/sys/ssl/SslSocket.cpp index 22f9f63fff..a328e49c13 100644 --- a/cpp/src/qpid/sys/ssl/SslSocket.cpp +++ b/cpp/src/qpid/sys/ssl/SslSocket.cpp @@ -87,6 +87,7 @@ SslSocket::SslSocket(const std::string& certName, bool clientAuth) : { //configure prototype socket: prototype = SSL_ImportFD(0, PR_NewTCPSocket()); + if (clientAuth) { NSS_CHECK(SSL_OptionSet(prototype, SSL_REQUEST_CERTIFICATE, PR_TRUE)); NSS_CHECK(SSL_OptionSet(prototype, SSL_REQUIRE_CERTIFICATE, PR_TRUE)); @@ -131,7 +132,10 @@ void SslSocket::setTcpNoDelay() const void SslSocket::connect(const SocketAddress& addr) const { BSDSocket::connect(addr); +} +void SslSocket::finishConnect(const SocketAddress& addr) const +{ nssSocket = SSL_ImportFD(0, PR_ImportTCPSocket(fd)); void* arg; @@ -167,9 +171,9 @@ void SslSocket::close() const int SslSocket::listen(const SocketAddress& sa, int backlog) const { //get certificate and key (is this the correct way?) - std::string certName( (certname == "") ? "localhost.localdomain" : certname); - CERTCertificate *cert = PK11_FindCertFromNickname(const_cast(certName.c_str()), 0); - if (!cert) throw Exception(QPID_MSG("Failed to load certificate '" << certName << "'")); + std::string cName( (certname == "") ? "localhost.localdomain" : certname); + CERTCertificate *cert = PK11_FindCertFromNickname(const_cast(cName.c_str()), 0); + if (!cert) throw Exception(QPID_MSG("Failed to load certificate '" << cName << "'")); SECKEYPrivateKey *key = PK11_FindKeyByAnyCert(cert, 0); if (!key) throw Exception(QPID_MSG("Failed to retrieve private key from certificate")); NSS_CHECK(SSL_ConfigSecureServer(prototype, cert, key, NSS_FindCertKEAType(cert))); -- cgit v1.2.1