generic-library/poco
1
0
Fork 0
mirror of https://github.com/pocoproject/poco.git synced 2025-04-24 17:18:32 +02:00
Code Issues Projects Releases Wiki Activity

* Allows SecureStreamSocket::attach to be used in server connections

Browse Source 
* Move order of condition for isLocalHost in peer certificate verification, to skip DNS lookup if not needed
This commit is contained in:
Rangell Reale 2014-09-12 15:47:00 -03:00 committed by Rangel Reale
parent 67b206f663
commit 21f2e115eb
2 changed files with 25 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
NetSSL_OpenSSL/src/SecureSocketImpl.cpp
View File

@ -358,7 +358,7 @@ long SecureSocketImpl::verifyPeerCertificateImpl(const std::string& hostName)
{ {
Context::VerificationMode mode = _pContext->verificationMode(); Context::VerificationMode mode = _pContext->verificationMode();
if (mode == Context::VERIFY_NONE || !_pContext->extendedCertificateVerificationEnabled() || if (mode == Context::VERIFY_NONE || !_pContext->extendedCertificateVerificationEnabled() ||
(isLocalHost(hostName) && mode != Context::VERIFY_STRICT)) (mode != Context::VERIFY_STRICT && isLocalHost(hostName)))
{ {
return X509_V_OK; return X509_V_OK;
} }

18
NetSSL_OpenSSL/src/SecureStreamSocket.cpp
View File

@ -153,6 +153,9 @@ SecureStreamSocket SecureStreamSocket::attach(const StreamSocket& streamSocket)
{ {
SecureStreamSocketImpl* pImpl = new SecureStreamSocketImpl(static_cast<StreamSocketImpl*>(streamSocket.impl()), SSLManager::instance().defaultClientContext()); SecureStreamSocketImpl* pImpl = new SecureStreamSocketImpl(static_cast<StreamSocketImpl*>(streamSocket.impl()), SSLManager::instance().defaultClientContext());
SecureStreamSocket result(pImpl); SecureStreamSocket result(pImpl);
if (pImpl->context()->isForServerUse())
pImpl->acceptSSL();
else
pImpl->connectSSL(); pImpl->connectSSL();
return result; return result;
} }
@ -162,6 +165,9 @@ SecureStreamSocket SecureStreamSocket::attach(const StreamSocket& streamSocket,
{ {
SecureStreamSocketImpl* pImpl = new SecureStreamSocketImpl(static_cast<StreamSocketImpl*>(streamSocket.impl()), pContext); SecureStreamSocketImpl* pImpl = new SecureStreamSocketImpl(static_cast<StreamSocketImpl*>(streamSocket.impl()), pContext);
SecureStreamSocket result(pImpl); SecureStreamSocket result(pImpl);
if (pImpl->context()->isForServerUse())
pImpl->acceptSSL();
else
pImpl->connectSSL(); pImpl->connectSSL();
return result; return result;
} }
@ -172,6 +178,9 @@ SecureStreamSocket SecureStreamSocket::attach(const StreamSocket& streamSocket,
SecureStreamSocketImpl* pImpl = new SecureStreamSocketImpl(static_cast<StreamSocketImpl*>(streamSocket.impl()), pContext); SecureStreamSocketImpl* pImpl = new SecureStreamSocketImpl(static_cast<StreamSocketImpl*>(streamSocket.impl()), pContext);
SecureStreamSocket result(pImpl); SecureStreamSocket result(pImpl);
result.useSession(pSession); result.useSession(pSession);
if (pImpl->context()->isForServerUse())
pImpl->acceptSSL();
else
pImpl->connectSSL(); pImpl->connectSSL();
return result; return result;
} }
@ -182,6 +191,9 @@ SecureStreamSocket SecureStreamSocket::attach(const StreamSocket& streamSocket,
SecureStreamSocketImpl* pImpl = new SecureStreamSocketImpl(static_cast<StreamSocketImpl*>(streamSocket.impl()), SSLManager::instance().defaultClientContext()); SecureStreamSocketImpl* pImpl = new SecureStreamSocketImpl(static_cast<StreamSocketImpl*>(streamSocket.impl()), SSLManager::instance().defaultClientContext());
SecureStreamSocket result(pImpl); SecureStreamSocket result(pImpl);
result.setPeerHostName(peerHostName); result.setPeerHostName(peerHostName);
if (pImpl->context()->isForServerUse())
pImpl->acceptSSL();
else
pImpl->connectSSL(); pImpl->connectSSL();
return result; return result;
} }
@ -192,6 +204,9 @@ SecureStreamSocket SecureStreamSocket::attach(const StreamSocket& streamSocket,
SecureStreamSocketImpl* pImpl = new SecureStreamSocketImpl(static_cast<StreamSocketImpl*>(streamSocket.impl()), pContext); SecureStreamSocketImpl* pImpl = new SecureStreamSocketImpl(static_cast<StreamSocketImpl*>(streamSocket.impl()), pContext);
SecureStreamSocket result(pImpl); SecureStreamSocket result(pImpl);
result.setPeerHostName(peerHostName); result.setPeerHostName(peerHostName);
if (pImpl->context()->isForServerUse())
pImpl->acceptSSL();
else
pImpl->connectSSL(); pImpl->connectSSL();
return result; return result;
} }
@ -203,6 +218,9 @@ SecureStreamSocket SecureStreamSocket::attach(const StreamSocket& streamSocket,
SecureStreamSocket result(pImpl); SecureStreamSocket result(pImpl);
result.setPeerHostName(peerHostName); result.setPeerHostName(peerHostName);
result.useSession(pSession); result.useSession(pSession);
if (pImpl->context()->isForServerUse())
pImpl->acceptSSL();
else
pImpl->connectSSL(); pImpl->connectSSL();
return result; return result;
} }