generic-library/poco
1
0
Fork 0
mirror of https://github.com/pocoproject/poco.git synced 2025-04-16 06:56:41 +02:00
Code Issues Projects Releases Wiki Activity

fix openssl session resumption, add quiet shutdown option, support FTPS with hostname (#4103)

Browse Source
This commit is contained in:
chrisbednarski 2023-11-27 04:12:11 +11:00 committed by GitHub
parent 11de40399c
commit 388a3b4010
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
6 changed files with 46 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
Net/include/Poco/Net/FTPClientSession.h
View File

@ -325,6 +325,9 @@ protected:
DEFAULT_TIMEOUT = 30000000 // 30 seconds default timeout for socket operations DEFAULT_TIMEOUT = 30000000 // 30 seconds default timeout for socket operations
}; };
const std::string& getHost() const;
/// Returns the host name
static bool isPositivePreliminary(int status); static bool isPositivePreliminary(int status);
static bool isPositiveCompletion(int status); static bool isPositiveCompletion(int status);
static bool isPositiveIntermediate(int status); static bool isPositiveIntermediate(int status);
@ -422,6 +425,10 @@ inline const std::string& FTPClientSession::welcomeMessage()
return _welcomeMessage; return _welcomeMessage;
} }
inline const std::string& FTPClientSession::getHost() const
{
return _host;
}
} } // namespace Poco::Net } } // namespace Poco::Net

15
NetSSL_OpenSSL/include/Poco/Net/Context.h
View File

@ -439,6 +439,21 @@ public:
void setSecurityLevel(SecurityLevel level); void setSecurityLevel(SecurityLevel level);
/// Sets the security level. /// Sets the security level.
void ignoreUnexpectedEof(bool flag = true);
/// Enable or disable SSL/TLS SSL_OP_IGNORE_UNEXPECTED_EOF
///
/// Some TLS implementations do not send the mandatory close_notify alert on shutdown.
/// If the application tries to wait for the close_notify alert
/// but the peer closes the connection without sending it, an error is generated.
/// When this option is enabled the peer does not need to send the close_notify alert
/// and a closed connection will be treated as if the close_notify alert was received.
void setQuietShutdown(bool flag = true);
/// Normally, when an SSL connection is finished, the parties must send out close_notify alert messages for a clean shutdown.
/// When setting the "quiet shutdown" flag to true, the SecureSocketImpl::shutdown() will set the SSL shutdown flags,
/// but no close_notify alert is sent to the peer. This behaviour violates the TLS standard.
/// The default is a normal shutdown behaviour as described by the TLS standard.
private: private:
void init(const Params& params); void init(const Params& params);
/// Initializes the Context with the given parameters. /// Initializes the Context with the given parameters.

20
NetSSL_OpenSSL/src/Context.cpp
View File

@ -229,6 +229,26 @@ void Context::setSecurityLevel(SecurityLevel level)
#endif #endif
} }
void Context::ignoreUnexpectedEof(bool flag)
{
if (flag)
{
#if defined(SSL_OP_IGNORE_UNEXPECTED_EOF)
SSL_CTX_set_options(_pSSLContext, SSL_OP_IGNORE_UNEXPECTED_EOF);
#endif
}
else
{
#if defined(SSL_OP_IGNORE_UNEXPECTED_EOF)
SSL_CTX_clear_options(_pSSLContext, SSL_OP_IGNORE_UNEXPECTED_EOF);
#endif
}
}
void Context::setQuietShutdown(bool flag)
{
SSL_CTX_set_quiet_shutdown(_pSSLContext, flag ? 1 : 0);
}
void Context::useCertificate(const Poco::Crypto::X509Certificate& certificate) void Context::useCertificate(const Poco::Crypto::X509Certificate& certificate)
{ {

4
NetSSL_OpenSSL/src/FTPSClientSession.cpp
View File

@ -96,7 +96,7 @@ void FTPSClientSession::afterCreateControlSocket()
try try
{ {
if (!_pContext) _pContext = Poco::Net::SSLManager::instance().defaultClientContext(); if (!_pContext) _pContext = Poco::Net::SSLManager::instance().defaultClientContext();
Poco::Net::SecureStreamSocket sss(Poco::Net::SecureStreamSocket::attach(*_pControlSocket, _pContext)); Poco::Net::SecureStreamSocket sss(Poco::Net::SecureStreamSocket::attach(*_pControlSocket, getHost(), _pContext));
*_pControlSocket = sss; *_pControlSocket = sss;
} }
catch (Poco::Exception&) catch (Poco::Exception&)
@ -125,7 +125,7 @@ StreamSocket FTPSClientSession::establishDataConnection(const std::string& comma
Poco::Net::SecureStreamSocketImpl* pSecure = dynamic_cast<Poco::Net::SecureStreamSocketImpl*>(_pControlSocket->impl()); Poco::Net::SecureStreamSocketImpl* pSecure = dynamic_cast<Poco::Net::SecureStreamSocketImpl*>(_pControlSocket->impl());
if (pSecure != nullptr) if (pSecure != nullptr)
{ {
Poco::Net::SecureStreamSocket sss(Poco::Net::SecureStreamSocket::attach(ss, pSecure->context(), pSecure->currentSession())); Poco::Net::SecureStreamSocket sss(Poco::Net::SecureStreamSocket::attach(ss, getHost(), pSecure->context(), pSecure->currentSession()));
ss = sss; ss = sss;
if (_forceSessionReuse) if (_forceSessionReuse)
{ {

1
NetSSL_OpenSSL/src/SSLManager.cpp
View File

@ -103,6 +103,7 @@ void SSLManager::shutdown()
ServerVerificationError.clear(); ServerVerificationError.clear();
_ptrDefaultServerContext = 0; _ptrDefaultServerContext = 0;
_ptrDefaultClientContext = 0; _ptrDefaultClientContext = 0;
_socketIndex = _contextIndex = -1;
} }

1
NetSSL_OpenSSL/testsuite/src/TCPServerTest.cpp
View File

@ -324,6 +324,7 @@ void TCPServerTest::testReuseSession()
9, 9,
true, true,
"ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH"); "ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH");
pServerContext->disableProtocols(Context::PROTO_TLSV1_3);
pServerContext->enableSessionCache(true, "TestSuite"); pServerContext->enableSessionCache(true, "TestSuite");
pServerContext->setSessionTimeout(10); pServerContext->setSessionTimeout(10);
pServerContext->setSessionCacheSize(1000); pServerContext->setSessionCacheSize(1000);