generic-library/poco
1
0
Fork 0
mirror of https://github.com/pocoproject/poco.git synced 2025-10-23 08:31:43 +02:00
Code Issues Projects Releases Wiki Activity

exceptions instead of assertions

Browse Source
This commit is contained in:
Peter Schojer
2008-09-18 10:38:22 +00:00
parent 14a4c61355
commit de1518b091
1 changed files with 30 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

37
NetSSL_OpenSSL/src/SecureSocketImpl.cpp
View File

@@ -1,7 +1,7 @@
// //
// SecureSocketImpl.cpp // SecureSocketImpl.cpp
// //
// $Id: //poco/svn/NetSSL_OpenSSL/src/SecureSocketImpl.cpp#1 $ // $Id: //poco/Main/NetSSL_OpenSSL/src/SecureSocketImpl.cpp#25 $
// //
// Library: NetSSL_OpenSSL // Library: NetSSL_OpenSSL
// Package: SSLSockets // Package: SSLSockets
@@ -290,7 +290,8 @@ void SecureSocketImpl::close()
int SecureSocketImpl::sendBytes(const void* buffer, int length, int flags) int SecureSocketImpl::sendBytes(const void* buffer, int length, int flags)
{ {
poco_assert (sockfd() != POCO_INVALID_SOCKET); poco_assert (sockfd() != POCO_INVALID_SOCKET);
poco_check_ptr (_pSSL); if (!_pSSL)
throw SSLException("Cannot write to closed/uninitialized socket");
int rc; int rc;
do do
@@ -309,8 +310,8 @@ int SecureSocketImpl::sendBytes(const void* buffer, int length, int flags)
int SecureSocketImpl::receiveBytes(void* buffer, int length, int flags) int SecureSocketImpl::receiveBytes(void* buffer, int length, int flags)
{ {
poco_assert (sockfd() != POCO_INVALID_SOCKET); if (sockfd() == POCO_INVALID_SOCKET || !_pSSL)
poco_check_ptr (_pSSL); throw SSLException("Cannot read from closed/uninitialized socket");
int rc; int rc;
bool renegotiating = false; bool renegotiating = false;
@@ -371,12 +372,36 @@ long SecureSocketImpl::postConnectionCheck(bool server, SSL* pSSL, const std::st
static std::string locHost("127.0.0.1"); static std::string locHost("127.0.0.1");
SSLManager& mgr = SSLManager::instance(); SSLManager& mgr = SSLManager::instance();
Context::VerificationMode mode = server? mgr.defaultServerContext()->verificationMode() : mgr.defaultClientContext()->verificationMode(); SSLManager::ContextPtr pContext = server? mgr.defaultServerContext(): mgr.defaultClientContext();
Context::VerificationMode mode = pContext->verificationMode();
if (hostName == locHost && mode != Context::VERIFY_STRICT) if (hostName == locHost && mode != Context::VERIFY_STRICT)
return X509_V_OK; return X509_V_OK;
X509* cert = 0; X509* cert = 0;
X509_NAME* subj = 0; X509_NAME* subj = 0;
if (mode == Context::VERIFY_NONE) // should we allow none on the client side?
{
return X509_V_OK;
}
cert = SSL_get_peer_certificate(pSSL);
return postConnectionCheck(pContext, cert, hostName);
}
long SecureSocketImpl::postConnectionCheck(SSLManager::ContextPtr pContext, X509* pCert, const std::string& hostName)
{
static std::string locHost("127.0.0.1");
SSLManager& mgr = SSLManager::instance();
bool server = pContext->serverContext();
Context::VerificationMode mode = pContext->verificationMode();
if (hostName == locHost && mode != Context::VERIFY_STRICT)
return X509_V_OK;
X509* cert = pCert;
X509_NAME* subj = 0;
char* host = const_cast<char*>(hostName.c_str()); char* host = const_cast<char*>(hostName.c_str());
int extcount=0; int extcount=0;
@@ -386,8 +411,6 @@ long SecureSocketImpl::postConnectionCheck(bool server, SSL* pSSL, const std::st
return X509_V_OK; return X509_V_OK;
} }
cert = SSL_get_peer_certificate(pSSL);
// note: the check is used by the client, so as long we don't set None at the client we reject // note: the check is used by the client, so as long we don't set None at the client we reject
// cases where no certificate/incomplete info is presented by the server // cases where no certificate/incomplete info is presented by the server
if ((!cert || !host) && mode != Context::VERIFY_NONE) if ((!cert || !host) && mode != Context::VERIFY_NONE)