2012-05-10 12:06:41 +02:00
|
|
|
/******************************************************************************
|
|
|
|
* Icinga 2 *
|
2018-10-18 09:27:04 +02:00
|
|
|
* Copyright (C) 2012-2018 Icinga Development Team (https://icinga.com/) *
|
2012-05-10 12:06:41 +02:00
|
|
|
* *
|
|
|
|
* This program is free software; you can redistribute it and/or *
|
|
|
|
* modify it under the terms of the GNU General Public License *
|
|
|
|
* as published by the Free Software Foundation; either version 2 *
|
|
|
|
* of the License, or (at your option) any later version. *
|
|
|
|
* *
|
|
|
|
* This program is distributed in the hope that it will be useful, *
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of *
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
|
|
|
|
* GNU General Public License for more details. *
|
|
|
|
* *
|
|
|
|
* You should have received a copy of the GNU General Public License *
|
|
|
|
* along with this program; if not, write to the Free Software Foundation *
|
2012-05-11 13:33:57 +02:00
|
|
|
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA. *
|
2012-05-10 12:06:41 +02:00
|
|
|
******************************************************************************/
|
|
|
|
|
2014-05-25 16:23:35 +02:00
|
|
|
#include "base/tlsstream.hpp"
|
|
|
|
#include "base/utility.hpp"
|
|
|
|
#include "base/exception.hpp"
|
2014-10-19 14:21:12 +02:00
|
|
|
#include "base/logger.hpp"
|
2018-09-13 18:05:31 +02:00
|
|
|
#include "base/configuration.hpp"
|
|
|
|
#include "base/convert.hpp"
|
2014-06-05 15:34:54 +02:00
|
|
|
#include <iostream>
|
2012-04-24 14:02:15 +02:00
|
|
|
|
2015-02-13 21:02:48 +01:00
|
|
|
#ifndef _WIN32
|
|
|
|
# include <poll.h>
|
|
|
|
#endif /* _WIN32 */
|
|
|
|
|
2018-02-13 17:29:48 +01:00
|
|
|
#define TLS_TIMEOUT_SECONDS 10
|
|
|
|
|
2012-04-24 14:02:15 +02:00
|
|
|
using namespace icinga;
|
|
|
|
|
2017-12-31 07:22:16 +01:00
|
|
|
int TlsStream::m_SSLIndex;
|
|
|
|
bool TlsStream::m_SSLIndexInitialized = false;
|
2012-04-24 14:54:05 +02:00
|
|
|
|
2012-05-08 15:36:28 +02:00
|
|
|
/**
|
2012-11-22 12:04:32 +01:00
|
|
|
* Constructor for the TlsStream class.
|
2012-05-08 15:36:28 +02:00
|
|
|
*
|
|
|
|
* @param role The role of the client.
|
|
|
|
* @param sslContext The SSL context for the client.
|
|
|
|
*/
|
2017-11-21 13:20:55 +01:00
|
|
|
TlsStream::TlsStream(const Socket::Ptr& socket, const String& hostname, ConnectionRole role, const std::shared_ptr<SSL_CTX>& sslContext)
|
2018-07-24 15:06:55 +02:00
|
|
|
: SocketEvents(socket), m_Eof(false), m_HandshakeOK(false), m_VerifyOK(true), m_ErrorCode(0),
|
2017-12-19 15:50:05 +01:00
|
|
|
m_ErrorOccurred(false), m_Socket(socket), m_Role(role), m_SendQ(new FIFO()), m_RecvQ(new FIFO()),
|
|
|
|
m_CurrentAction(TlsActionNone), m_Retry(false), m_Shutdown(false)
|
2012-11-22 12:04:32 +01:00
|
|
|
{
|
2014-08-05 11:30:06 +02:00
|
|
|
std::ostringstream msgbuf;
|
|
|
|
char errbuf[120];
|
|
|
|
|
2017-11-21 13:20:55 +01:00
|
|
|
m_SSL = std::shared_ptr<SSL>(SSL_new(sslContext.get()), SSL_free);
|
2012-04-24 14:54:05 +02:00
|
|
|
|
2013-04-04 16:08:02 +02:00
|
|
|
if (!m_SSL) {
|
2014-08-20 14:07:23 +02:00
|
|
|
msgbuf << "SSL_new() failed with code " << ERR_peek_error() << ", \"" << ERR_error_string(ERR_peek_error(), errbuf) << "\"";
|
2014-06-05 15:34:54 +02:00
|
|
|
Log(LogCritical, "TlsStream", msgbuf.str());
|
|
|
|
|
2013-04-04 16:08:02 +02:00
|
|
|
BOOST_THROW_EXCEPTION(openssl_error()
|
|
|
|
<< boost::errinfo_api_function("SSL_new")
|
2014-08-20 14:07:23 +02:00
|
|
|
<< errinfo_openssl_error(ERR_peek_error()));
|
2013-04-04 16:08:02 +02:00
|
|
|
}
|
2012-04-24 14:54:05 +02:00
|
|
|
|
2013-04-04 16:08:02 +02:00
|
|
|
if (!m_SSLIndexInitialized) {
|
2017-12-14 15:37:20 +01:00
|
|
|
m_SSLIndex = SSL_get_ex_new_index(0, const_cast<char *>("TlsStream"), nullptr, nullptr, nullptr);
|
2013-04-04 16:08:02 +02:00
|
|
|
m_SSLIndexInitialized = true;
|
|
|
|
}
|
2012-04-24 14:02:15 +02:00
|
|
|
|
2013-04-04 16:08:02 +02:00
|
|
|
SSL_set_ex_data(m_SSL.get(), m_SSLIndex, this);
|
2012-05-07 11:41:23 +02:00
|
|
|
|
2015-06-22 11:11:21 +02:00
|
|
|
SSL_set_verify(m_SSL.get(), SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE, &TlsStream::ValidateCertificate);
|
2012-07-18 11:15:39 +02:00
|
|
|
|
2014-04-23 13:42:59 +02:00
|
|
|
socket->MakeNonBlocking();
|
|
|
|
|
2014-08-01 14:28:32 +02:00
|
|
|
SSL_set_fd(m_SSL.get(), socket->GetFD());
|
2012-06-24 02:56:48 +02:00
|
|
|
|
2014-05-03 20:02:22 +02:00
|
|
|
if (m_Role == RoleServer)
|
2013-04-04 16:08:02 +02:00
|
|
|
SSL_set_accept_state(m_SSL.get());
|
2015-03-05 14:15:42 +01:00
|
|
|
else {
|
|
|
|
#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
|
|
|
|
if (!hostname.IsEmpty())
|
|
|
|
SSL_set_tlsext_host_name(m_SSL.get(), hostname.CStr());
|
|
|
|
#endif /* SSL_CTRL_SET_TLSEXT_HOSTNAME */
|
|
|
|
|
2013-04-04 16:08:02 +02:00
|
|
|
SSL_set_connect_state(m_SSL.get());
|
2015-03-05 14:15:42 +01:00
|
|
|
}
|
2012-06-24 02:56:48 +02:00
|
|
|
}
|
|
|
|
|
2018-01-04 04:25:35 +01:00
|
|
|
TlsStream::~TlsStream()
|
2015-02-15 18:50:25 +01:00
|
|
|
{
|
2016-01-19 16:24:12 +01:00
|
|
|
CloseInternal(true);
|
2015-02-15 18:50:25 +01:00
|
|
|
}
|
|
|
|
|
2014-10-16 09:01:18 +02:00
|
|
|
int TlsStream::ValidateCertificate(int preverify_ok, X509_STORE_CTX *ctx)
|
|
|
|
{
|
2018-01-04 09:07:03 +01:00
|
|
|
auto *ssl = static_cast<SSL *>(X509_STORE_CTX_get_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx()));
|
|
|
|
auto *stream = static_cast<TlsStream *>(SSL_get_ex_data(ssl, m_SSLIndex));
|
2016-07-21 22:00:32 +02:00
|
|
|
|
|
|
|
if (!preverify_ok) {
|
2014-10-16 09:58:01 +02:00
|
|
|
stream->m_VerifyOK = false;
|
2016-07-21 22:00:32 +02:00
|
|
|
|
|
|
|
std::ostringstream msgbuf;
|
|
|
|
int err = X509_STORE_CTX_get_error(ctx);
|
|
|
|
msgbuf << "code " << err << ": " << X509_verify_cert_error_string(err);
|
|
|
|
stream->m_VerifyError = msgbuf.str();
|
|
|
|
}
|
|
|
|
|
2014-10-16 09:01:18 +02:00
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
|
2018-01-04 04:25:35 +01:00
|
|
|
bool TlsStream::IsVerifyOK() const
|
2014-10-16 09:01:18 +02:00
|
|
|
{
|
|
|
|
return m_VerifyOK;
|
|
|
|
}
|
|
|
|
|
2018-01-04 04:25:35 +01:00
|
|
|
String TlsStream::GetVerifyError() const
|
2016-07-21 22:00:32 +02:00
|
|
|
{
|
|
|
|
return m_VerifyError;
|
|
|
|
}
|
|
|
|
|
2012-06-24 02:56:48 +02:00
|
|
|
/**
|
|
|
|
* Retrieves the X509 certficate for this client.
|
|
|
|
*
|
|
|
|
* @returns The X509 certificate.
|
|
|
|
*/
|
2018-01-04 04:25:35 +01:00
|
|
|
std::shared_ptr<X509> TlsStream::GetClientCertificate() const
|
2012-06-24 02:56:48 +02:00
|
|
|
{
|
2015-02-13 21:02:48 +01:00
|
|
|
boost::mutex::scoped_lock lock(m_Mutex);
|
2017-11-21 13:20:55 +01:00
|
|
|
return std::shared_ptr<X509>(SSL_get_certificate(m_SSL.get()), &Utility::NullDeleter);
|
2012-06-24 02:56:48 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Retrieves the X509 certficate for the peer.
|
|
|
|
*
|
|
|
|
* @returns The X509 certificate.
|
|
|
|
*/
|
2018-01-04 04:25:35 +01:00
|
|
|
std::shared_ptr<X509> TlsStream::GetPeerCertificate() const
|
2012-06-24 02:56:48 +02:00
|
|
|
{
|
2015-02-13 21:02:48 +01:00
|
|
|
boost::mutex::scoped_lock lock(m_Mutex);
|
2017-11-21 13:20:55 +01:00
|
|
|
return std::shared_ptr<X509>(SSL_get_peer_certificate(m_SSL.get()), X509_free);
|
2012-04-24 14:02:15 +02:00
|
|
|
}
|
|
|
|
|
2015-02-13 21:02:48 +01:00
|
|
|
void TlsStream::OnEvent(int revents)
|
2012-11-22 12:04:32 +01:00
|
|
|
{
|
2016-02-02 13:51:17 +01:00
|
|
|
int rc;
|
2015-02-13 21:02:48 +01:00
|
|
|
size_t count;
|
2014-09-05 08:19:47 +02:00
|
|
|
|
2015-02-13 21:02:48 +01:00
|
|
|
boost::mutex::scoped_lock lock(m_Mutex);
|
2014-05-03 19:56:47 +02:00
|
|
|
|
2015-02-25 14:35:49 +01:00
|
|
|
if (!m_SSL)
|
|
|
|
return;
|
|
|
|
|
2016-02-02 08:28:54 +01:00
|
|
|
char buffer[64 * 1024];
|
2013-03-02 09:07:47 +01:00
|
|
|
|
2015-02-13 21:02:48 +01:00
|
|
|
if (m_CurrentAction == TlsActionNone) {
|
2018-10-29 12:57:24 +01:00
|
|
|
if (revents & (POLLIN | POLLERR | POLLHUP))
|
2015-02-13 21:02:48 +01:00
|
|
|
m_CurrentAction = TlsActionRead;
|
2015-02-24 08:31:14 +01:00
|
|
|
else if (m_SendQ->GetAvailableBytes() > 0 && (revents & POLLOUT))
|
|
|
|
m_CurrentAction = TlsActionWrite;
|
|
|
|
else {
|
2018-10-29 12:57:24 +01:00
|
|
|
ChangeEvents(POLLIN);
|
2018-02-27 14:49:15 +01:00
|
|
|
|
2015-02-24 08:31:14 +01:00
|
|
|
return;
|
|
|
|
}
|
2013-04-04 16:08:02 +02:00
|
|
|
}
|
2012-11-22 12:04:32 +01:00
|
|
|
|
2016-02-02 13:51:17 +01:00
|
|
|
bool success = false;
|
|
|
|
|
2016-07-05 15:25:02 +02:00
|
|
|
/* Clear error queue for this thread before using SSL_{read,write,do_handshake}.
|
|
|
|
* Otherwise SSL_*_error() does not work reliably.
|
|
|
|
*/
|
|
|
|
ERR_clear_error();
|
|
|
|
|
2018-03-06 08:49:43 +01:00
|
|
|
size_t readTotal = 0;
|
|
|
|
|
2015-02-13 21:02:48 +01:00
|
|
|
switch (m_CurrentAction) {
|
|
|
|
case TlsActionRead:
|
|
|
|
do {
|
|
|
|
rc = SSL_read(m_SSL.get(), buffer, sizeof(buffer));
|
2013-04-01 16:25:23 +02:00
|
|
|
|
2015-02-13 21:02:48 +01:00
|
|
|
if (rc > 0) {
|
|
|
|
m_RecvQ->Write(buffer, rc);
|
2016-02-02 13:51:17 +01:00
|
|
|
success = true;
|
2018-03-06 08:49:43 +01:00
|
|
|
|
|
|
|
readTotal += rc;
|
2015-02-13 21:02:48 +01:00
|
|
|
}
|
2018-06-19 20:27:52 +02:00
|
|
|
|
|
|
|
#ifdef I2_DEBUG /* I2_DEBUG */
|
|
|
|
Log(LogDebug, "TlsStream")
|
|
|
|
<< "Read bytes: " << rc << " Total read bytes: " << readTotal;
|
|
|
|
#endif /* I2_DEBUG */
|
|
|
|
/* Limit read size. We cannot do this check inside the while loop
|
|
|
|
* since below should solely check whether OpenSSL has more data
|
|
|
|
* or not. */
|
|
|
|
if (readTotal >= 64 * 1024) {
|
|
|
|
#ifdef I2_DEBUG /* I2_DEBUG */
|
|
|
|
Log(LogWarning, "TlsStream")
|
|
|
|
<< "Maximum read bytes exceeded: " << readTotal;
|
|
|
|
#endif /* I2_DEBUG */
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Use OpenSSL's state machine here to determine whether we need
|
|
|
|
* to read more data. SSL_has_pending() is available with 1.1.0.
|
|
|
|
*/
|
|
|
|
} while (SSL_pending(m_SSL.get()));
|
2016-02-02 13:51:17 +01:00
|
|
|
|
|
|
|
if (success)
|
|
|
|
m_CV.notify_all();
|
2014-10-18 00:29:39 +02:00
|
|
|
|
2015-02-13 21:02:48 +01:00
|
|
|
break;
|
|
|
|
case TlsActionWrite:
|
2015-06-22 11:11:21 +02:00
|
|
|
count = m_SendQ->Peek(buffer, sizeof(buffer), true);
|
2014-10-18 00:29:39 +02:00
|
|
|
|
2015-02-13 21:02:48 +01:00
|
|
|
rc = SSL_write(m_SSL.get(), buffer, count);
|
2014-09-05 08:19:47 +02:00
|
|
|
|
2016-02-02 13:51:17 +01:00
|
|
|
if (rc > 0) {
|
2017-12-14 15:37:20 +01:00
|
|
|
m_SendQ->Read(nullptr, rc, true);
|
2016-02-02 13:51:17 +01:00
|
|
|
success = true;
|
|
|
|
}
|
2014-09-05 08:19:47 +02:00
|
|
|
|
2015-02-13 21:02:48 +01:00
|
|
|
break;
|
|
|
|
case TlsActionHandshake:
|
|
|
|
rc = SSL_do_handshake(m_SSL.get());
|
2014-04-23 13:42:59 +02:00
|
|
|
|
2015-02-13 21:02:48 +01:00
|
|
|
if (rc > 0) {
|
2016-02-02 13:51:17 +01:00
|
|
|
success = true;
|
2015-02-13 21:02:48 +01:00
|
|
|
m_HandshakeOK = true;
|
|
|
|
m_CV.notify_all();
|
|
|
|
}
|
2014-05-03 19:56:47 +02:00
|
|
|
|
2015-02-13 21:02:48 +01:00
|
|
|
break;
|
|
|
|
default:
|
|
|
|
VERIFY(!"Invalid TlsAction");
|
|
|
|
}
|
|
|
|
|
2016-02-03 09:54:31 +01:00
|
|
|
if (rc <= 0) {
|
2016-02-02 13:51:17 +01:00
|
|
|
int err = SSL_get_error(m_SSL.get(), rc);
|
|
|
|
|
|
|
|
switch (err) {
|
|
|
|
case SSL_ERROR_WANT_READ:
|
|
|
|
m_Retry = true;
|
|
|
|
ChangeEvents(POLLIN);
|
|
|
|
|
|
|
|
break;
|
|
|
|
case SSL_ERROR_WANT_WRITE:
|
|
|
|
m_Retry = true;
|
|
|
|
ChangeEvents(POLLOUT);
|
|
|
|
|
|
|
|
break;
|
|
|
|
case SSL_ERROR_ZERO_RETURN:
|
|
|
|
lock.unlock();
|
|
|
|
|
|
|
|
Close();
|
|
|
|
|
2016-02-03 09:54:31 +01:00
|
|
|
return;
|
2016-02-02 13:51:17 +01:00
|
|
|
default:
|
|
|
|
m_ErrorCode = ERR_peek_error();
|
|
|
|
m_ErrorOccurred = true;
|
|
|
|
|
|
|
|
if (m_ErrorCode != 0) {
|
|
|
|
Log(LogWarning, "TlsStream")
|
2017-12-14 15:37:20 +01:00
|
|
|
<< "OpenSSL error: " << ERR_error_string(m_ErrorCode, nullptr);
|
2016-02-02 13:51:17 +01:00
|
|
|
} else {
|
|
|
|
Log(LogWarning, "TlsStream", "TLS stream was disconnected.");
|
|
|
|
}
|
|
|
|
|
|
|
|
lock.unlock();
|
|
|
|
|
|
|
|
Close();
|
|
|
|
|
2016-02-03 09:54:31 +01:00
|
|
|
return;
|
2016-02-02 13:51:17 +01:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
if (success) {
|
2015-02-24 08:31:14 +01:00
|
|
|
m_CurrentAction = TlsActionNone;
|
|
|
|
|
2015-09-29 10:31:16 +02:00
|
|
|
if (!m_Eof) {
|
|
|
|
if (m_SendQ->GetAvailableBytes() > 0)
|
|
|
|
ChangeEvents(POLLIN|POLLOUT);
|
|
|
|
else
|
|
|
|
ChangeEvents(POLLIN);
|
|
|
|
}
|
2012-07-16 00:02:31 +02:00
|
|
|
|
2015-02-14 16:34:36 +01:00
|
|
|
lock.unlock();
|
|
|
|
|
2018-10-29 12:57:24 +01:00
|
|
|
while (m_RecvQ->IsDataAvailable() && IsHandlingEvents())
|
2015-02-14 16:34:36 +01:00
|
|
|
SignalDataAvailable();
|
2013-04-04 16:08:02 +02:00
|
|
|
}
|
2012-08-06 10:01:21 +02:00
|
|
|
|
2016-02-03 09:54:31 +01:00
|
|
|
if (m_Shutdown && !m_SendQ->IsDataAvailable()) {
|
2016-03-29 13:49:38 +02:00
|
|
|
if (!success)
|
|
|
|
lock.unlock();
|
|
|
|
|
2016-02-03 09:54:31 +01:00
|
|
|
Close();
|
|
|
|
}
|
2012-04-24 14:02:15 +02:00
|
|
|
}
|
|
|
|
|
2018-01-04 04:25:35 +01:00
|
|
|
void TlsStream::HandleError() const
|
2015-02-13 21:02:48 +01:00
|
|
|
{
|
|
|
|
if (m_ErrorOccurred) {
|
|
|
|
BOOST_THROW_EXCEPTION(openssl_error()
|
2017-12-19 15:50:05 +01:00
|
|
|
<< boost::errinfo_api_function("TlsStream::OnEvent")
|
|
|
|
<< errinfo_openssl_error(m_ErrorCode));
|
2015-02-13 21:02:48 +01:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2018-01-04 04:25:35 +01:00
|
|
|
void TlsStream::Handshake()
|
2012-04-24 16:27:23 +02:00
|
|
|
{
|
2015-02-13 21:02:48 +01:00
|
|
|
boost::mutex::scoped_lock lock(m_Mutex);
|
|
|
|
|
|
|
|
m_CurrentAction = TlsActionHandshake;
|
|
|
|
ChangeEvents(POLLOUT);
|
2014-09-10 08:51:25 +02:00
|
|
|
|
2018-09-13 18:05:31 +02:00
|
|
|
boost::system_time const timeout = boost::get_system_time() + boost::posix_time::milliseconds(long(Configuration::TlsHandshakeTimeout * 1000));
|
2018-02-13 17:29:48 +01:00
|
|
|
|
|
|
|
while (!m_HandshakeOK && !m_ErrorOccurred && !m_Eof && timeout > boost::get_system_time())
|
|
|
|
m_CV.timed_wait(lock, timeout);
|
|
|
|
|
|
|
|
if (timeout < boost::get_system_time())
|
2018-09-13 18:05:31 +02:00
|
|
|
BOOST_THROW_EXCEPTION(std::runtime_error("Timeout was reached (" + Convert::ToString(Configuration::TlsHandshakeTimeout) + ") during TLS handshake."));
|
2015-02-13 21:02:48 +01:00
|
|
|
|
2016-05-11 10:09:54 +02:00
|
|
|
if (m_Eof)
|
|
|
|
BOOST_THROW_EXCEPTION(std::runtime_error("Socket was closed during TLS handshake."));
|
|
|
|
|
2015-02-13 21:02:48 +01:00
|
|
|
HandleError();
|
2014-12-19 12:07:06 +01:00
|
|
|
}
|
|
|
|
|
2015-02-13 21:02:48 +01:00
|
|
|
/**
|
|
|
|
* Processes data for the stream.
|
|
|
|
*/
|
2015-06-22 11:11:21 +02:00
|
|
|
size_t TlsStream::Peek(void *buffer, size_t count, bool allow_partial)
|
|
|
|
{
|
|
|
|
boost::mutex::scoped_lock lock(m_Mutex);
|
|
|
|
|
|
|
|
if (!allow_partial)
|
|
|
|
while (m_RecvQ->GetAvailableBytes() < count && !m_ErrorOccurred && !m_Eof)
|
|
|
|
m_CV.wait(lock);
|
|
|
|
|
|
|
|
HandleError();
|
|
|
|
|
|
|
|
return m_RecvQ->Peek(buffer, count, true);
|
|
|
|
}
|
|
|
|
|
2015-02-14 16:34:36 +01:00
|
|
|
size_t TlsStream::Read(void *buffer, size_t count, bool allow_partial)
|
2014-12-19 12:07:06 +01:00
|
|
|
{
|
2015-02-13 21:02:48 +01:00
|
|
|
boost::mutex::scoped_lock lock(m_Mutex);
|
2014-09-10 08:51:25 +02:00
|
|
|
|
2015-02-14 16:34:36 +01:00
|
|
|
if (!allow_partial)
|
|
|
|
while (m_RecvQ->GetAvailableBytes() < count && !m_ErrorOccurred && !m_Eof)
|
|
|
|
m_CV.wait(lock);
|
2014-05-03 19:56:47 +02:00
|
|
|
|
2015-02-13 21:02:48 +01:00
|
|
|
HandleError();
|
2014-05-03 19:56:47 +02:00
|
|
|
|
2015-02-14 16:34:36 +01:00
|
|
|
return m_RecvQ->Read(buffer, count, true);
|
2015-02-13 21:02:48 +01:00
|
|
|
}
|
2014-08-05 09:35:28 +02:00
|
|
|
|
2015-02-13 21:02:48 +01:00
|
|
|
void TlsStream::Write(const void *buffer, size_t count)
|
|
|
|
{
|
|
|
|
boost::mutex::scoped_lock lock(m_Mutex);
|
2014-05-03 19:56:47 +02:00
|
|
|
|
2015-02-13 21:02:48 +01:00
|
|
|
m_SendQ->Write(buffer, count);
|
2014-05-03 19:56:47 +02:00
|
|
|
|
2015-02-24 07:11:22 +01:00
|
|
|
ChangeEvents(POLLIN|POLLOUT);
|
2015-02-13 21:02:48 +01:00
|
|
|
}
|
|
|
|
|
2018-01-04 04:25:35 +01:00
|
|
|
void TlsStream::Shutdown()
|
2015-06-22 11:11:21 +02:00
|
|
|
{
|
|
|
|
m_Shutdown = true;
|
2016-02-03 09:54:31 +01:00
|
|
|
ChangeEvents(POLLOUT);
|
2015-06-22 11:11:21 +02:00
|
|
|
}
|
|
|
|
|
2015-02-13 21:02:48 +01:00
|
|
|
/**
|
|
|
|
* Closes the stream.
|
|
|
|
*/
|
2018-01-04 04:25:35 +01:00
|
|
|
void TlsStream::Close()
|
2015-02-13 21:02:48 +01:00
|
|
|
{
|
2016-01-19 16:24:12 +01:00
|
|
|
CloseInternal(false);
|
|
|
|
}
|
|
|
|
|
|
|
|
void TlsStream::CloseInternal(bool inDestructor)
|
|
|
|
{
|
2016-02-03 09:54:31 +01:00
|
|
|
if (m_Eof)
|
|
|
|
return;
|
|
|
|
|
|
|
|
m_Eof = true;
|
|
|
|
|
|
|
|
if (!inDestructor)
|
2016-01-13 10:30:38 +01:00
|
|
|
SignalDataAvailable();
|
|
|
|
|
2015-02-26 14:59:39 +01:00
|
|
|
SocketEvents::Unregister();
|
|
|
|
|
2016-01-19 16:24:12 +01:00
|
|
|
Stream::Close();
|
2015-02-25 14:35:49 +01:00
|
|
|
|
2016-01-19 16:24:12 +01:00
|
|
|
boost::mutex::scoped_lock lock(m_Mutex);
|
2015-08-29 01:16:16 +02:00
|
|
|
|
2015-02-25 14:35:49 +01:00
|
|
|
if (!m_SSL)
|
|
|
|
return;
|
|
|
|
|
2018-09-10 16:10:16 +02:00
|
|
|
/* https://www.openssl.org/docs/manmaster/man3/SSL_shutdown.html
|
|
|
|
*
|
|
|
|
* It is recommended to do a bidirectional shutdown by checking
|
|
|
|
* the return value of SSL_shutdown() and call it again until
|
|
|
|
* it returns 1 or a fatal error. A maximum of 2x pending + 2x data
|
|
|
|
* is recommended.
|
|
|
|
*/
|
|
|
|
int rc = 0;
|
|
|
|
|
|
|
|
for (int i = 0; i < 4; i++) {
|
|
|
|
if ((rc = SSL_shutdown(m_SSL.get())))
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
|
2015-02-25 14:35:49 +01:00
|
|
|
m_SSL.reset();
|
|
|
|
|
2015-02-25 13:21:38 +01:00
|
|
|
m_Socket->Close();
|
2015-02-26 14:59:39 +01:00
|
|
|
m_Socket.reset();
|
2015-11-08 21:23:04 +01:00
|
|
|
|
|
|
|
m_CV.notify_all();
|
2012-11-22 12:04:32 +01:00
|
|
|
}
|
2013-08-27 12:21:41 +02:00
|
|
|
|
2018-01-04 04:25:35 +01:00
|
|
|
bool TlsStream::IsEof() const
|
2013-08-27 12:21:41 +02:00
|
|
|
{
|
2018-06-20 16:55:33 +02:00
|
|
|
return m_Eof && m_RecvQ->GetAvailableBytes() < 1u;
|
2013-08-27 12:21:41 +02:00
|
|
|
}
|
2015-02-14 16:34:36 +01:00
|
|
|
|
2018-01-04 04:25:35 +01:00
|
|
|
bool TlsStream::SupportsWaiting() const
|
2015-02-14 16:34:36 +01:00
|
|
|
{
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
2018-01-04 04:25:35 +01:00
|
|
|
bool TlsStream::IsDataAvailable() const
|
2015-02-14 16:34:36 +01:00
|
|
|
{
|
|
|
|
boost::mutex::scoped_lock lock(m_Mutex);
|
|
|
|
|
|
|
|
return m_RecvQ->GetAvailableBytes() > 0;
|
2015-02-14 19:14:45 +01:00
|
|
|
}
|
2016-07-25 09:43:13 +02:00
|
|
|
|
2018-01-04 04:25:35 +01:00
|
|
|
Socket::Ptr TlsStream::GetSocket() const
|
2016-07-25 09:43:13 +02:00
|
|
|
{
|
|
|
|
return m_Socket;
|
|
|
|
}
|