| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
| |
Add an OpenSSL BIO that ignores SIGPIPE by passing MSG_NOSIGNAL to the
send() and recv() calls on platforms that support it.
Fixes #401
|
| |
|
|
|
|
|
|
|
|
| |
amqp_ssl_socket_verify_hostname returns 1 on success, 0 on not found,
and -1 on error. Refactor this code to be less error-prone and not use
magic numbers in return values.
Fixes #330
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
According to "https://www.openssl.org/docs/manmaster/ssl/SSL_get_verify_result.html",
to verify SSL connection result, SSL_get_verify_result() needs to be
called with SSL_get_peer_certificate(). In default mode, which
verify_peer and verify_hostname are activated, then there is no problem
because in verify_hostname, the existence of certificate is confirmed.
However, it is possible that the user want to verify_peer,
but not verify_host. In such case, it is not working as they wanted.
Because with invalid certificate, the attacker can bypass certificate validity check.
|
|
|
|
|
|
|
| |
Use vetted hostname validation code which should fix some of the issues with
memory leaks from incorrect use of the OpenSSL API.
Fixes #325
|
| |
|
|
|
|
|
|
|
|
| |
The cert object should be X509_free'd after use, it leaks otherwise.
Thanks Volker Schreiner for reporting this.
Fixes #323
|
|
|
|
|
| |
Add amqp_ssl_socket_versions function which allows a user to specify the
acceptable range of TLS versions they want to connect to the broker with.
|
|
|
|
|
| |
SSLv2 and SSLv3 are outdated, and contain serious security vulnerabilities.
Disable these outdated protocols so they cannot be used.
|
|
|
|
|
|
|
|
| |
If a heartbeat timeout occurs skip calling SSL_shutdown as it involves doing a
send() which will likely hang. Additionally don't wait for a response when doing
an SSL_shutdown, as the underlying transport will not be reused.
Fixes #313
|
|
|
|
|
|
|
|
| |
Add amqp_ssl_socket_set_verify_peer which controls peer certificate validation,
and amqp_ssl_socket_set_verify_hostname which controls hostname validation in
the certificate. Additionally this deprecates amqp_ssl_socket_set_verify.
Fixes #180, #279, #303
|
|
|
|
|
|
| |
Get rid of amqp_poll_{read,write} and flatten the call-tree to amqp_poll with an
appropriate flag. Done in preparation for adding a select()-based
implementation of the amqp_poll() function.
|
| |
|
| |
|
|
|
|
|
|
|
|
| |
As a performance optimization in the send path, add an AMQP_SF_MORE flag
indicating that more data is intended to be sent, and that packets shouldn't be
sent out on the wire unless there is a full packet's worth of data available.
Use this to specify MSG_MORE to send() on Linux.
|
|
|
|
|
|
| |
Function amqp_ssl_socket_send() should return the number of bytes
written. Retruning AMQP_STATUS_OK on success will cause all
amqp_socket_send() with SSL socket implementation to behave incorrectly.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
According to documentation SSL_connect() can return:
- 1 if handshake was successful or
- 0 or < 0 if handshake failed and connection was cleaned up or
communcation error occurred
When nonblocking flag is set on the socket and handshake is in progress,
SSL_connect() retruns -1 and sets error SSL_ERROR_WANT_READ. The test
will then skip the switch() branch, and proceed forward with hanshake
procedure in unfinished state. This may lead to certificate verification
failure, as should the handshake be interrupted too soon, no server
certificates would be received.
|
| |
|
|
|
|
|
| |
Rename amqp_timer_t related functions to improve readability of the code and
clarify what they do.
|
|
|
|
| |
Rename the files to better reflect the functions that they contain.
|
| |
|
|
|
|
|
|
|
|
| |
Alternate Names DNS entries.
Additional check for entries in SSL certificate.
Signed-off-by: Yevhen Kyriukha <kirgene@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
Check to state of socket when doing open/read/write/close to prevent double-open
and double-close issues with the socket implementation.
Fixes #228
|
| |
|
| |
|
|
|
|
|
|
|
|
| |
There is an unexpected local variable shadowing in
amqp_ssl_socket_open(). So the following code is meaningless
unexpectedly.
status = AMQP_STATUS_SSL_HOSTNAME_VERIFY_FAILED
|
|
|
|
| |
Most of this code comes from version Curl 7.35.
|
| |
|
|
|
|
|
|
|
| |
In amqp_ssl_socket_open() set self->ssl to NULL after SSL_free() to
avoid calling SSL_free() on a SSL object that has already been freed.
This fixes #129 crash while call amqp_destroy_connection() with ssl
|
| |
|
| |
|
|
|
|
|
| |
Get rid of experimental amqp_socket_error interface. Errors are returned
using the error codes from the primary function
|
|
|
|
|
|
|
|
| |
Improve the socket interface by making the amqp_connection_state_t
object the amqp_socket_t owner, and tie its lifetime to the connection's
lifetime. This prevents a class of silly errors where the socket object
isn't freed, or the socket object is assigned to two different
connection objects
|
|
|
|
|
| |
Doing this for code clarity, as its easier to see what the issues are
when you have all implementations in one file
|
| |
|
|
|
|
|
|
|
|
| |
Add the following error codes:
- hostname verify failure: e.g., provided hostname doesn't match peer
certificate
- peer verification failed
- connection handshake failed
|
|
|
|
|
| |
A 0 return value from SSL_read/SSL_write means the (SSL) connection has
been terminated.
|
|
|
|
|
|
|
|
|
|
| |
Publicly define the error codes returned from the various public API
functions. The error codes are defined in the amqp_status_enum and are
all negative in value to work with functions that return positive
values.
OS and SSL specific codes are no longer munged into the error code, as
it is unlikely for that information to be useful to library users.
|
| |
|
|
|
|
|
|
|
|
| |
For recv/send() functions, the functions themselves return a negative
number on error, then the amqp_ssl_socket_error() can be used to return
an opaque (e.g., not very useful to API users) error code. Internally we
store this error in the last_error field of the amqp_ssl_socket_t
object.
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
Signed-off-by: Michael Steinert <mike.steinert@gmail.com>
|
|
Signed-off-by: Michael Steinert <mike.steinert@gmail.com>
|