generic-library/poco
1
0
Fork 0
mirror of https://github.com/pocoproject/poco.git synced 2025-10-22 16:02:29 +02:00
Code Issues Projects Releases Wiki Activity

exceptions instead of assertions

Browse Source
This commit is contained in:
Peter Schojer
2008-09-18 10:38:22 +00:00
parent 14a4c61355
commit de1518b091
1 changed files with 30 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

37
NetSSL_OpenSSL/src/SecureSocketImpl.cpp
View File

@@ -1,7 +1,7 @@
//
// SecureSocketImpl.cpp
//
// $Id: //poco/svn/NetSSL_OpenSSL/src/SecureSocketImpl.cpp#1 $
// $Id: //poco/Main/NetSSL_OpenSSL/src/SecureSocketImpl.cpp#25 $
//
// Library: NetSSL_OpenSSL
// Package: SSLSockets
@@ -290,7 +290,8 @@ void SecureSocketImpl::close()
int SecureSocketImpl::sendBytes(const void* buffer, int length, int flags)
{
poco_assert (sockfd() != POCO_INVALID_SOCKET);
poco_check_ptr (_pSSL);
if (!_pSSL)
throw SSLException("Cannot write to closed/uninitialized socket");
int rc;
do
@@ -309,8 +310,8 @@ int SecureSocketImpl::sendBytes(const void* buffer, int length, int flags)
int SecureSocketImpl::receiveBytes(void* buffer, int length, int flags)
{
poco_assert (sockfd() != POCO_INVALID_SOCKET);
poco_check_ptr (_pSSL);
if (sockfd() == POCO_INVALID_SOCKET || !_pSSL)
throw SSLException("Cannot read from closed/uninitialized socket");
int rc;
bool renegotiating = false;
@@ -371,12 +372,36 @@ long SecureSocketImpl::postConnectionCheck(bool server, SSL* pSSL, const std::st
static std::string locHost("127.0.0.1");
SSLManager& mgr = SSLManager::instance();
Context::VerificationMode mode = server? mgr.defaultServerContext()->verificationMode() : mgr.defaultClientContext()->verificationMode();
SSLManager::ContextPtr pContext = server? mgr.defaultServerContext(): mgr.defaultClientContext();
Context::VerificationMode mode = pContext->verificationMode();
if (hostName == locHost && mode != Context::VERIFY_STRICT)
return X509_V_OK;
X509* cert = 0;
X509_NAME* subj = 0;
if (mode == Context::VERIFY_NONE) // should we allow none on the client side?
{
return X509_V_OK;
}
cert = SSL_get_peer_certificate(pSSL);
return postConnectionCheck(pContext, cert, hostName);
}
long SecureSocketImpl::postConnectionCheck(SSLManager::ContextPtr pContext, X509* pCert, const std::string& hostName)
{
static std::string locHost("127.0.0.1");
SSLManager& mgr = SSLManager::instance();
bool server = pContext->serverContext();
Context::VerificationMode mode = pContext->verificationMode();
if (hostName == locHost && mode != Context::VERIFY_STRICT)
return X509_V_OK;
X509* cert = pCert;
X509_NAME* subj = 0;
char* host = const_cast<char*>(hostName.c_str());
int extcount=0;
@@ -385,8 +410,6 @@ long SecureSocketImpl::postConnectionCheck(bool server, SSL* pSSL, const std::st
{
return X509_V_OK;
}
cert = SSL_get_peer_certificate(pSSL);
// note: the check is used by the client, so as long we don't set None at the client we reject
// cases where no certificate/incomplete info is presented by the server