* Allows SecureStreamSocket::attach to be used in server connections

* Move order of condition for isLocalHost in peer certificate verification, to skip DNS lookup if not needed
This commit is contained in:
Rangell Reale 2014-09-12 15:47:00 -03:00 committed by Rangel Reale
parent 67b206f663
commit 21f2e115eb
2 changed files with 25 additions and 7 deletions

View File

@ -358,7 +358,7 @@ long SecureSocketImpl::verifyPeerCertificateImpl(const std::string& hostName)
{
Context::VerificationMode mode = _pContext->verificationMode();
if (mode == Context::VERIFY_NONE || !_pContext->extendedCertificateVerificationEnabled() ||
(isLocalHost(hostName) && mode != Context::VERIFY_STRICT))
(mode != Context::VERIFY_STRICT && isLocalHost(hostName)))
{
return X509_V_OK;
}

View File

@ -153,7 +153,10 @@ SecureStreamSocket SecureStreamSocket::attach(const StreamSocket& streamSocket)
{
SecureStreamSocketImpl* pImpl = new SecureStreamSocketImpl(static_cast<StreamSocketImpl*>(streamSocket.impl()), SSLManager::instance().defaultClientContext());
SecureStreamSocket result(pImpl);
pImpl->connectSSL();
if (pImpl->context()->isForServerUse())
pImpl->acceptSSL();
else
pImpl->connectSSL();
return result;
}
@ -162,7 +165,10 @@ SecureStreamSocket SecureStreamSocket::attach(const StreamSocket& streamSocket,
{
SecureStreamSocketImpl* pImpl = new SecureStreamSocketImpl(static_cast<StreamSocketImpl*>(streamSocket.impl()), pContext);
SecureStreamSocket result(pImpl);
pImpl->connectSSL();
if (pImpl->context()->isForServerUse())
pImpl->acceptSSL();
else
pImpl->connectSSL();
return result;
}
@ -172,7 +178,10 @@ SecureStreamSocket SecureStreamSocket::attach(const StreamSocket& streamSocket,
SecureStreamSocketImpl* pImpl = new SecureStreamSocketImpl(static_cast<StreamSocketImpl*>(streamSocket.impl()), pContext);
SecureStreamSocket result(pImpl);
result.useSession(pSession);
pImpl->connectSSL();
if (pImpl->context()->isForServerUse())
pImpl->acceptSSL();
else
pImpl->connectSSL();
return result;
}
@ -182,7 +191,10 @@ SecureStreamSocket SecureStreamSocket::attach(const StreamSocket& streamSocket,
SecureStreamSocketImpl* pImpl = new SecureStreamSocketImpl(static_cast<StreamSocketImpl*>(streamSocket.impl()), SSLManager::instance().defaultClientContext());
SecureStreamSocket result(pImpl);
result.setPeerHostName(peerHostName);
pImpl->connectSSL();
if (pImpl->context()->isForServerUse())
pImpl->acceptSSL();
else
pImpl->connectSSL();
return result;
}
@ -192,7 +204,10 @@ SecureStreamSocket SecureStreamSocket::attach(const StreamSocket& streamSocket,
SecureStreamSocketImpl* pImpl = new SecureStreamSocketImpl(static_cast<StreamSocketImpl*>(streamSocket.impl()), pContext);
SecureStreamSocket result(pImpl);
result.setPeerHostName(peerHostName);
pImpl->connectSSL();
if (pImpl->context()->isForServerUse())
pImpl->acceptSSL();
else
pImpl->connectSSL();
return result;
}
@ -203,7 +218,10 @@ SecureStreamSocket SecureStreamSocket::attach(const StreamSocket& streamSocket,
SecureStreamSocket result(pImpl);
result.setPeerHostName(peerHostName);
result.useSession(pSession);
pImpl->connectSSL();
if (pImpl->context()->isForServerUse())
pImpl->acceptSSL();
else
pImpl->connectSSL();
return result;
}