ACE_SSL_SOCK_Acceptor Class Reference

Defines a factory that creates new ACE_SSL_SOCK_Stream objects passively. More...

#include <SSL_SOCK_Acceptor.h>

Inheritance diagram for ACE_SSL_SOCK_Acceptor:

[legend]Collaboration diagram for ACE_SSL_SOCK_Acceptor:

[legend]List of all members.

Public Types
typedef ACE_INET_Addr	PEER_ADDR
typedef ACE_SSL_SOCK_Stream	PEER_STREAM
Public Member Functions
	ACE_SSL_SOCK_Acceptor (void)
	Default constructor.
	~ACE_SSL_SOCK_Acceptor (void)
	Default destructor.
	ACE_SSL_SOCK_Acceptor (const ACE_Addr &local_sap, int reuse_addr=0, int protocol_family=PF_UNSPEC, int backlog=ACE_DEFAULT_BACKLOG, int protocol=0)
	ACE_SSL_SOCK_Acceptor (const ACE_Addr &local_sap, ACE_Protocol_Info *protocolinfo, ACE_SOCK_GROUP g, u_long flags, int reuse_addr, int protocol_family=PF_UNSPEC, int backlog=ACE_DEFAULT_BACKLOG, int protocol=0)
int	open (const ACE_Addr &local_sap, int reuse_addr=0, int protocol_family=PF_UNSPEC, int backlog=ACE_DEFAULT_BACKLOG, int protocol=0)
int	close (void)
	Close the listening socket.
Passive Connection "accept" Methods
These are the canonical methods exposed by the Acceptor pattern.
int	accept (ACE_SSL_SOCK_Stream &new_stream, ACE_Addr *remote_addr=0, ACE_Time_Value *timeout=0, int restart=1, int reset_new_handle=0) const
int	accept (ACE_SSL_SOCK_Stream &new_stream, ACE_Accept_QoS_Params qos_params, ACE_Addr *remote_addr=0, ACE_Time_Value *timeout=0, int restart=1, int reset_new_handle=0) const
Public Attributes
	ACE_ALLOC_HOOK_DECLARE
	Declare the dynamic allocation hooks.
Protected Member Functions
int	ssl_accept (ACE_SSL_SOCK_Stream &new_stream, ACE_Time_Value *timeout) const
	Complete SSL passive connection establishment.
Private Attributes
ACE_SOCK_Acceptor	acceptor_
	The BSD-socket workhorse.

---

Detailed Description

Defines a factory that creates new ACE_SSL_SOCK_Stream objects passively.

The ACE_SSL_SOCK_Acceptor has its own ACE_SOCK_Acceptor which handles the basic socket acceptance. This class is a wrapper which adds the SSL acceptance handshake handling. Since SSL is record oriented, some additional steps must be taken after the basic socket acceptance to complete the SSL handshake that takes place at session establishment.

Note:

The user must currently ensure that only one thread services a given SSL session at any given time since some underlying SSL implementations, such as OpenSSL, are not entirely thread-safe or reentrant.

Definition at line 52 of file SSL_SOCK_Acceptor.h.

---

Member Typedef Documentation

typedef ACE_INET_Addr ACE_SSL_SOCK_Acceptor::PEER_ADDR

Definition at line 170 of file SSL_SOCK_Acceptor.h.

typedef ACE_SSL_SOCK_Stream ACE_SSL_SOCK_Acceptor::PEER_STREAM

Definition at line 171 of file SSL_SOCK_Acceptor.h.

---

Constructor & Destructor Documentation

ACE_BEGIN_VERSIONED_NAMESPACE_DECL ACE_INLINE ACE_SSL_SOCK_Acceptor::ACE_SSL_SOCK_Acceptor (  void   )

Default constructor. Definition at line 8 of file SSL_SOCK_Acceptor.i. References ACE_TRACE. : acceptor_ () { ACE_TRACE ("ACE_SSL_SOCK_Acceptor::ACE_SSL_SOCK_Acceptor"); }

ACE_SSL_SOCK_Acceptor::~ACE_SSL_SOCK_Acceptor (  void   )

Default destructor.

ACE_INLINE ACE_SSL_SOCK_Acceptor::ACE_SSL_SOCK_Acceptor (  const ACE_Addr &  local_sap, int  reuse_addr = 0, int  protocol_family = PF_UNSPEC, int  backlog = ACE_DEFAULT_BACKLOG, int  protocol = 0 )

Initiate a passive mode SSL/BSD-style acceptor socket. Parameters: local_sap  The address that we're going to listen for connections on. If this is ACE_Addr::sap_any, this socket listens on an the "any" IP address and selects an unused port. To find out what port was selected, call this object's ACE_SOCK::get_local_addr(ACE_Addr&) method upon return. Definition at line 15 of file SSL_SOCK_Acceptor.i. References ACE_TRACE, and ACE_SSL_SOCK::set_handle(). : acceptor_ (local_sap, reuse_addr, protocol_family, backlog, protocol) { ACE_TRACE ("ACE_SSL_SOCK_Acceptor::ACE_SSL_SOCK_Acceptor"); this->set_handle (this->acceptor_.get_handle ()); }

ACE_INLINE ACE_SSL_SOCK_Acceptor::ACE_SSL_SOCK_Acceptor (  const ACE_Addr &  local_sap, ACE_Protocol_Info *  protocolinfo, ACE_SOCK_GROUP  g, u_long  flags, int  reuse_addr, int  protocol_family = PF_UNSPEC, int  backlog = ACE_DEFAULT_BACKLOG, int  protocol = 0 )

Initiate a passive-mode QoS-enabled acceptor socket. Parameters: local_sap  The address that we're going to listen for connections on. If this is ACE_Addr::sap_any, this socket listens on an the "any" IP address and selects an unused port. To find out what port was selected, call this object's ACE_SOCK::get_local_addr(ACE_Addr&) method upon return. Definition at line 32 of file SSL_SOCK_Acceptor.i. References ACE_TRACE, and ACE_SSL_SOCK::set_handle(). : acceptor_ (local_sap, protocolinfo, g, flags, reuse_addr, protocol_family, backlog, protocol) { ACE_TRACE ("ACE_SSL_SOCK_Acceptor::ACE_SSL_SOCK_Acceptor"); this->set_handle (this->acceptor_.get_handle ()); }

---

Member Function Documentation

int ACE_SSL_SOCK_Acceptor::accept (  ACE_SSL_SOCK_Stream &  new_stream, ACE_Accept_QoS_Params  qos_params, ACE_Addr *  remote_addr = 0, ACE_Time_Value *  timeout = 0, int  restart = 1, int  reset_new_handle = 0 )  const

Accept a new ACE_SSL_SOCK_Stream connection using the RVSP QoS information in qos_params. Parameters: new_stream  The ACE_SSL_SOCK_Stream object that will receive the new SSL socket. remote_addr  Pointer to an ACE_INET_Addr object that will receive the address of the peer that connected. timeout  The maximum time to wait for the combined socket acceptance and handshake completion. 0 means block forever, a timeout of {0, 0} means poll. restart  1 means "restart if interrupted," that is, if errno == EINTR. Returns: 0 if success; -1 for failure (errno contains error code). Definition at line 212 of file SSL_SOCK_Acceptor.cpp. References ACE_SOCK_Acceptor::accept(), ACE_TRACE, ACE_SSL_SOCK_Stream::close(), ACE_IPC_SAP::get_handle(), ACE_IPC_SAP::set_handle(), ACE_SSL_SOCK_Stream::set_handle(), ssl_accept(), and ACE_Countdown_Time::update(). { ACE_TRACE ("ACE_SSL_SOCK_Acceptor::accept"); // Take into account the time to complete the basic TCP handshake // and the SSL handshake. ACE_Countdown_Time countdown (timeout); ACE_SOCK_Stream temp_stream; if (-1 == this->acceptor_.accept (temp_stream, qos_params, remote_addr, timeout, restart, reset_new_handle)) return -1; (void) countdown.update (); new_stream.set_handle (temp_stream.get_handle ()); temp_stream.set_handle (ACE_INVALID_HANDLE); if (this->ssl_accept (new_stream, timeout) == -1) { new_stream.close (); new_stream.set_handle (ACE_INVALID_HANDLE); return -1; } return 0; }

int ACE_SSL_SOCK_Acceptor::accept (  ACE_SSL_SOCK_Stream &  new_stream, ACE_Addr *  remote_addr = 0, ACE_Time_Value *  timeout = 0, int  restart = 1, int  reset_new_handle = 0 )  const

Accept a new ACE_SSL_SOCK_Stream connection. On successful return, the socket has been accepted and the SSL handshake has been completed. Parameters: new_stream  The ACE_SSL_SOCK_Stream object that will receive the new SSL socket. remote_addr  Pointer to an ACE_INET_Addr object that will receive the address of the peer that connected. timeout  The maximum time to wait for the combined socket acceptance and handshake completion. 0 means block forever, a timeout of {0, 0} means poll. restart  1 means "restart if interrupted," that is, if errno == EINTR. Returns: 0 if success; -1 for failure (errno contains error code). Definition at line 175 of file SSL_SOCK_Acceptor.cpp. References ACE_SOCK_Acceptor::accept(), ACE_TRACE, ACE_SSL_SOCK_Stream::close(), ACE_IPC_SAP::get_handle(), ACE_IPC_SAP::set_handle(), ACE_SSL_SOCK_Stream::set_handle(), ssl_accept(), and ACE_Countdown_Time::update(). { ACE_TRACE ("ACE_SSL_SOCK_Acceptor::accept"); // Take into account the time to complete the basic TCP handshake // and the SSL handshake. ACE_Countdown_Time countdown (timeout); ACE_SOCK_Stream temp_stream; if (-1 == this->acceptor_.accept (temp_stream, remote_addr, timeout, restart, reset_new_handle)) return -1; (void) countdown.update (); new_stream.set_handle (temp_stream.get_handle ()); temp_stream.set_handle (ACE_INVALID_HANDLE); if (this->ssl_accept (new_stream, timeout) == -1) { new_stream.close (); new_stream.set_handle (ACE_INVALID_HANDLE); return -1; } return 0; }

ACE_INLINE int ACE_SSL_SOCK_Acceptor::close (  void   )

Close the listening socket. Reimplemented from ACE_SOCK. Definition at line 75 of file SSL_SOCK_Acceptor.i. References ACE_TRACE, ACE_SOCK_Acceptor::close(), and ACE_SSL_SOCK::set_handle(). { ACE_TRACE ("ACE_SSL_SOCK_Acceptor::close ()"); int result = this->acceptor_.close (); this->set_handle (ACE_INVALID_HANDLE); return result; }

ACE_INLINE int ACE_SSL_SOCK_Acceptor::open (  const ACE_Addr &  local_sap, int  reuse_addr = 0, int  protocol_family = PF_UNSPEC, int  backlog = ACE_DEFAULT_BACKLOG, int  protocol = 0 )

Initiate a passive mode SSL/BSD-style acceptor socket. Parameters: local_sap  The address that we're going to listen for connections on. If this is ACE_Addr::sap_any, this socket listens on an the "any" IP address and selects an unused port. To find out what port was selected, call this object's ACE_SOCK::get_local_addr(ACE_Addr&) method upon return. Returns: 0 if success; -1 for failure (errno contains error code). Definition at line 55 of file SSL_SOCK_Acceptor.i. References ACE_TRACE, ACE_SOCK_Acceptor::open(), and ACE_SSL_SOCK::set_handle(). { ACE_TRACE ("ACE_SSL_SOCK_Acceptor::open"); if (this->acceptor_.open (local_sap, reuse_addr, protocol_family, backlog, protocol) != 0) return -1; else this->set_handle (this->acceptor_.get_handle ()); return 0; }

int ACE_SSL_SOCK_Acceptor::ssl_accept (  ACE_SSL_SOCK_Stream &  new_stream, ACE_Time_Value *  timeout )  const [protected]

Complete SSL passive connection establishment. Definition at line 34 of file SSL_SOCK_Acceptor.cpp. References ACE_ASSERT, ACE_BIT_DISABLED, ACE_NONBLOCK, ACE::clr_flags(), EWOULDBLOCK, ACE_SSL_SOCK::get_handle(), ACE_Handle_Set::num_set(), ACE_SSL_Context::report_error(), ACE::select(), ACE_Handle_Set::set_bit(), ACE_OS::set_errno_to_last_error(), ACE::set_flags(), ACE_SSL_SOCK_Stream::ssl(), and ACE_Countdown_Time::update(). Referenced by accept(). { SSL *ssl = new_stream.ssl (); if (SSL_is_init_finished (ssl)) return 0; if (!SSL_in_accept_init (ssl)) ::SSL_set_accept_state (ssl); ACE_HANDLE handle = new_stream.get_handle (); // We're going to call SSL_accept, optionally doing ACE::select and // retrying the SSL_accept, until the SSL handshake is done or // it fails. // To get the timeout affect, set the socket to nonblocking mode // before beginning if there is a timeout specified. If the timeout // is 0 (wait as long as it takes) then don't worry about the blocking // status; we'll block in SSL_accept if the socket is blocking, and // block in ACE::select if not. int reset_blocking_mode = 0; if (timeout != 0) { reset_blocking_mode = ACE_BIT_DISABLED (ACE::get_flags (handle), ACE_NONBLOCK); // Set the handle into non-blocking mode if it's not already // in it. if (reset_blocking_mode && ACE::set_flags (handle, ACE_NONBLOCK) == -1) return -1; } // Take into account the time between each select() call below. ACE_Countdown_Time countdown (timeout); int status; do { // These handle sets are used to set up for whatever SSL_accept // says it wants next. They're reset on each pass around the loop. ACE_Handle_Set rd_handle; ACE_Handle_Set wr_handle; status = ::SSL_accept (ssl); switch (::SSL_get_error (ssl, status)) { case SSL_ERROR_NONE: status = 0; // To tell caller about success break; // Done case SSL_ERROR_WANT_WRITE: wr_handle.set_bit (handle); status = 1; // Wait for more activity break; case SSL_ERROR_WANT_READ: rd_handle.set_bit (handle); status = 1; // Wait for more activity break; case SSL_ERROR_ZERO_RETURN: // The peer has notified us that it is shutting down via // the SSL "close_notify" message so we need to // shutdown, too. status = -1; break; case SSL_ERROR_SYSCALL: // On some platforms (e.g. MS Windows) OpenSSL does not // store the last error in errno so explicitly do so. // // Explicitly check for EWOULDBLOCK since it doesn't get // converted to an SSL_ERROR_WANT_{READ,WRITE} on some // platforms. If SSL_accept failed outright, though, don't // bother checking more. This can happen if the socket gets // closed during the handshake. if (ACE_OS::set_errno_to_last_error () == EWOULDBLOCK && status == -1) { // Although the SSL_ERROR_WANT_READ/WRITE isn't getting // set correctly, the read/write state should be valid. // Use that to decide what to do. status = 1; // Wait for more activity if (SSL_want_write (ssl)) wr_handle.set_bit (handle); else if (SSL_want_read (ssl)) rd_handle.set_bit (handle); else status = -1; // Doesn't want anything - bail out } else status = -1; break; default: ACE_SSL_Context::report_error (); status = -1; break; } if (status == 1) { // Must have at least one handle to wait for at this point. ACE_ASSERT (rd_handle.num_set() == 1 || wr_handle.num_set () == 1); status = ACE::select (int (handle) + 1, &rd_handle, &wr_handle, 0, timeout); (void) countdown.update (); // 0 is timeout, so we're done. // -1 is error, so we're done. // Could be both handles set (same handle in both masks) so // set to 1. if (status >= 1) status = 1; else // Timeout or failure status = -1; } } while (status == 1 && !SSL_is_init_finished (ssl)); if (reset_blocking_mode) { ACE_Errno_Guard eguard (errno); ACE::clr_flags (handle, ACE_NONBLOCK); } return (status == -1 ? -1 : 0); }

---

Member Data Documentation

ACE_SOCK_Acceptor ACE_SSL_SOCK_Acceptor::acceptor_ [private]

The BSD-socket workhorse. Definition at line 186 of file SSL_SOCK_Acceptor.h.

ACE_SSL_SOCK_Acceptor::ACE_ALLOC_HOOK_DECLARE

Declare the dynamic allocation hooks. Reimplemented from ACE_SOCK. Definition at line 175 of file SSL_SOCK_Acceptor.h.

---

The documentation for this class was generated from the following files:

• SSL_SOCK_Acceptor.h
• SSL_SOCK_Acceptor.cpp
• SSL_SOCK_Acceptor.i

---