From da9c2c109ad9740177adfc93e5e92cba92c56134 Mon Sep 17 00:00:00 2001
From: Alan Antonuk <alan.antonuk@gmail.com>
Date: Wed, 3 Jul 2013 12:35:27 -0700
Subject: Make connection the socket object owner

Improve the socket interface by making the amqp_connection_state_t
object the amqp_socket_t owner, and tie its lifetime to the connection's
lifetime.  This prevents a class of silly errors where the socket object
isn't freed, or the socket object is assigned to two different
connection objects
---
 librabbitmq/amqp_openssl.c | 56 +++++++++++++++++++++++++++++++++++-----------
 1 file changed, 43 insertions(+), 13 deletions(-)

(limited to 'librabbitmq/amqp_openssl.c')

diff --git a/librabbitmq/amqp_openssl.c b/librabbitmq/amqp_openssl.c
index 0f6c12c..cf0fc5b 100644
--- a/librabbitmq/amqp_openssl.c
+++ b/librabbitmq/amqp_openssl.c
@@ -300,15 +300,22 @@ static int
 amqp_ssl_socket_close(void *base)
 {
   struct amqp_ssl_socket_t *self = (struct amqp_ssl_socket_t *)base;
-  if (self) {
+
+  if (self->ssl) {
+    SSL_shutdown(self->ssl);
     SSL_free(self->ssl);
-    amqp_os_socket_close(self->sockfd);
-    SSL_CTX_free(self->ctx);
-    free(self->buffer);
-    free(self);
+    self->ssl = NULL;
   }
-  destroy_openssl();
-  return 0;
+
+  if (-1 != self->sockfd) {
+    if (amqp_os_socket_close(self->sockfd)) {
+      return AMQP_STATUS_SOCKET_ERROR;
+    }
+
+    self->sockfd = -1;
+  }
+
+  return AMQP_STATUS_OK;
 }
 
 static int
@@ -331,6 +338,21 @@ amqp_ssl_socket_get_sockfd(void *base)
   return self->sockfd;
 }
 
+static void
+amqp_ssl_socket_delete(void *base)
+{
+  struct amqp_ssl_socket_t *self = (struct amqp_ssl_socket_t *)base;
+
+  if (self) {
+    amqp_ssl_socket_close(self);
+
+    SSL_CTX_free(self->ctx);
+    free(self->buffer);
+    free(self);
+  }
+  destroy_openssl();
+}
+
 static const struct amqp_socket_class_t amqp_ssl_socket_class = {
   amqp_ssl_socket_writev, /* writev */
   amqp_ssl_socket_send, /* send */
@@ -338,30 +360,38 @@ static const struct amqp_socket_class_t amqp_ssl_socket_class = {
   amqp_ssl_socket_open, /* open */
   amqp_ssl_socket_close, /* close */
   amqp_ssl_socket_error, /* error */
-  amqp_ssl_socket_get_sockfd /* get_sockfd */
+  amqp_ssl_socket_get_sockfd, /* get_sockfd */
+  amqp_ssl_socket_delete /* delete */
 };
 
 amqp_socket_t *
-amqp_ssl_socket_new(void)
+amqp_ssl_socket_new(amqp_connection_state_t state)
 {
   struct amqp_ssl_socket_t *self = calloc(1, sizeof(*self));
   int status;
   if (!self) {
-    goto error;
+    return NULL;
   }
+
+  self->sockfd = -1;
+  self->klass = &amqp_ssl_socket_class;
+  self->verify = 1;
+
   status = initialize_openssl();
   if (status) {
     goto error;
   }
+
   self->ctx = SSL_CTX_new(SSLv23_client_method());
   if (!self->ctx) {
     goto error;
   }
-  self->klass = &amqp_ssl_socket_class;
-  self->verify = 1;
+
+  amqp_set_socket(state, (amqp_socket_t *)self);
+
   return (amqp_socket_t *)self;
 error:
-  amqp_socket_close((amqp_socket_t *)self);
+  amqp_ssl_socket_delete((amqp_socket_t *)self);
   return NULL;
 }
 
-- 
cgit v1.2.1


From 533a6c4415103548ad193b28cf7419ee852e3c6e Mon Sep 17 00:00:00 2001
From: Alan Antonuk <alan.antonuk@gmail.com>
Date: Wed, 3 Jul 2013 12:43:53 -0700
Subject: Get rid of amqp_socket_error interface

Get rid of experimental amqp_socket_error interface. Errors are returned
using the error codes from the primary function
---
 librabbitmq/amqp_openssl.c | 14 --------------
 1 file changed, 14 deletions(-)

(limited to 'librabbitmq/amqp_openssl.c')

diff --git a/librabbitmq/amqp_openssl.c b/librabbitmq/amqp_openssl.c
index cf0fc5b..f3cf379 100644
--- a/librabbitmq/amqp_openssl.c
+++ b/librabbitmq/amqp_openssl.c
@@ -318,19 +318,6 @@ amqp_ssl_socket_close(void *base)
   return AMQP_STATUS_OK;
 }
 
-static int
-amqp_ssl_socket_error(void *base)
-{
-  struct amqp_ssl_socket_t *self = (struct amqp_ssl_socket_t *)base;
-  return self->internal_error;
-}
-
-char *
-amqp_ssl_error_string(AMQP_UNUSED int err)
-{
-  return strdup("A ssl socket error occurred.");
-}
-
 static int
 amqp_ssl_socket_get_sockfd(void *base)
 {
@@ -359,7 +346,6 @@ static const struct amqp_socket_class_t amqp_ssl_socket_class = {
   amqp_ssl_socket_recv, /* recv */
   amqp_ssl_socket_open, /* open */
   amqp_ssl_socket_close, /* close */
-  amqp_ssl_socket_error, /* error */
   amqp_ssl_socket_get_sockfd, /* get_sockfd */
   amqp_ssl_socket_delete /* delete */
 };
-- 
cgit v1.2.1


From b6a1dfec14e70fc6afe8ce9710231e552ba6bfb5 Mon Sep 17 00:00:00 2001
From: Alan Antonuk <alan.antonuk@gmail.com>
Date: Sat, 6 Jul 2013 19:50:54 -0700
Subject: Squash OpenSSL deprecated warnings on MacOSX 10.7+

---
 librabbitmq/amqp_openssl.c | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'librabbitmq/amqp_openssl.c')

diff --git a/librabbitmq/amqp_openssl.c b/librabbitmq/amqp_openssl.c
index f3cf379..2bd4fda 100644
--- a/librabbitmq/amqp_openssl.c
+++ b/librabbitmq/amqp_openssl.c
@@ -25,6 +25,10 @@
 #include "config.h"
 #endif
 
+#if defined(__APPLE__) && defined(__MACH__)
+# define MAC_OS_X_VERSION_MIN_REQUIRED MAC_OS_X_VERSION_10_6
+#endif
+
 #include "amqp_ssl_socket.h"
 #include "amqp_socket.h"
 #include "amqp_private.h"
-- 
cgit v1.2.1


From 6ad770dc62f76fa0625d277b521a120b549d9fc2 Mon Sep 17 00:00:00 2001
From: zaq178miami <pinepain@gmail.com>
Date: Sun, 23 Jun 2013 19:36:10 +0300
Subject: Add nonblocking connect support

---
 librabbitmq/amqp_openssl.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'librabbitmq/amqp_openssl.c')

diff --git a/librabbitmq/amqp_openssl.c b/librabbitmq/amqp_openssl.c
index 2bd4fda..f70d377 100644
--- a/librabbitmq/amqp_openssl.c
+++ b/librabbitmq/amqp_openssl.c
@@ -232,7 +232,7 @@ error:
 }
 
 static int
-amqp_ssl_socket_open(void *base, const char *host, int port)
+amqp_ssl_socket_open(void *base, const char *host, int port, struct timeval *timeout)
 {
   struct amqp_ssl_socket_t *self = (struct amqp_ssl_socket_t *)base;
   long result;
@@ -247,7 +247,7 @@ amqp_ssl_socket_open(void *base, const char *host, int port)
   }
 
   SSL_set_mode(self->ssl, SSL_MODE_AUTO_RETRY);
-  self->sockfd = amqp_open_socket(host, port);
+  self->sockfd = amqp_open_socket_noblock(host, port, timeout);
   if (0 > self->sockfd) {
     status = self->sockfd;
     self->internal_error = amqp_os_socket_error();
-- 
cgit v1.2.1


From 59f943b0e4ce884ca5b518e7c20fb4ff938d0474 Mon Sep 17 00:00:00 2001
From: Alan Antonuk <alan.antonuk@gmail.com>
Date: Mon, 22 Jul 2013 16:07:35 -0700
Subject: BUG: double-free in ssl-socket on connect failure

In amqp_ssl_socket_open() set self->ssl to NULL after SSL_free() to
avoid calling SSL_free() on a SSL object that has already been freed.

This fixes #129 crash while call amqp_destroy_connection() with ssl
---
 librabbitmq/amqp_openssl.c | 1 +
 1 file changed, 1 insertion(+)

(limited to 'librabbitmq/amqp_openssl.c')

diff --git a/librabbitmq/amqp_openssl.c b/librabbitmq/amqp_openssl.c
index f70d377..1233b31 100644
--- a/librabbitmq/amqp_openssl.c
+++ b/librabbitmq/amqp_openssl.c
@@ -297,6 +297,7 @@ error_out2:
   self->sockfd = -1;
 error_out1:
   SSL_free(self->ssl);
+  self->ssl = NULL;
   goto exit;
 }
 
-- 
cgit v1.2.1


From 715901d6755eddcd3a91b7b80d4699e1cb3414d7 Mon Sep 17 00:00:00 2001
From: woldan <vvoldan@gmail.com>
Date: Tue, 29 Oct 2013 15:29:54 +0100
Subject: Moved mutex initialization inside ENABLE_THREAD_SAFETY guards.

---
 librabbitmq/amqp_openssl.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'librabbitmq/amqp_openssl.c')

diff --git a/librabbitmq/amqp_openssl.c b/librabbitmq/amqp_openssl.c
index 1233b31..32595ae 100644
--- a/librabbitmq/amqp_openssl.c
+++ b/librabbitmq/amqp_openssl.c
@@ -539,6 +539,7 @@ amqp_ssl_locking_callback(int mode, int n,
 static int
 initialize_openssl(void)
 {
+#ifdef ENABLE_THREAD_SAFETY
 #ifdef _WIN32
   /* No such thing as PTHREAD_INITIALIZE_MUTEX macro on Win32, so we use this */
   if (NULL == openssl_init_mutex) {
@@ -554,7 +555,6 @@ initialize_openssl(void)
   }
 #endif /* _WIN32 */
 
-#ifdef ENABLE_THREAD_SAFETY
   if (pthread_mutex_lock(&openssl_init_mutex)) {
     return -1;
   }
-- 
cgit v1.2.1


From a5669298f9c87fed00235aefea02d8b84b455570 Mon Sep 17 00:00:00 2001
From: Michael Steinert <mike.steinert@gmail.com>
Date: Tue, 4 Mar 2014 10:10:15 -0700
Subject: [openssl] Support wildcard hostname verification

Most of this code comes from version Curl 7.35.
---
 librabbitmq/amqp_openssl.c | 9 ++-------
 1 file changed, 2 insertions(+), 7 deletions(-)

(limited to 'librabbitmq/amqp_openssl.c')

diff --git a/librabbitmq/amqp_openssl.c b/librabbitmq/amqp_openssl.c
index 32595ae..ab8a94e 100644
--- a/librabbitmq/amqp_openssl.c
+++ b/librabbitmq/amqp_openssl.c
@@ -31,6 +31,7 @@
 
 #include "amqp_ssl_socket.h"
 #include "amqp_socket.h"
+#include "amqp_hostcheck.h"
 #include "amqp_private.h"
 #include "threads.h"
 
@@ -214,15 +215,9 @@ amqp_ssl_socket_verify_hostname(void *base, const char *host)
       goto error;
     }
   }
-#ifdef _MSC_VER
-#define strcasecmp _stricmp
-#endif
-  if (strcasecmp(host, (char *)utf8_value)) {
+  if (!amqp_hostcheck((char *)utf8_value, host)) {
     goto error;
   }
-#ifdef _MSC_VER
-#undef strcasecmp
-#endif
 exit:
   OPENSSL_free(utf8_value);
   return status;
-- 
cgit v1.2.1