HTTPS_Context.cpp
Go to the documentation of this file.
00001 // $Id: HTTPS_Context.cpp 91118 2010-07-17 10:29:57Z mcorino $ 00002 00003 #include "ace/INet/HTTPS_Context.h" 00004 00005 #if !defined (__ACE_INLINE__) 00006 #include "ace/INet/HTTPS_Context.inl" 00007 #endif 00008 00009 #include "ace/OS_NS_stdlib.h" 00010 #include "ace/OS_NS_unistd.h" 00011 #include "ace/OS_NS_sys_stat.h" 00012 #include "ace/INet/INet_Log.h" 00013 00014 ACE_BEGIN_VERSIONED_NAMESPACE_DECL 00015 00016 namespace ACE 00017 { 00018 namespace HTTPS 00019 { 00020 00021 int Context::ssl_mode_ = ACE_SSL_Context::SSLv3; 00022 bool Context::ssl_strict_ = false; 00023 bool Context::ssl_once_ = true; 00024 int Context::ssl_depth_ = 0; 00025 bool Context::ssl_verify_peer_ = true; 00026 00027 Context::Context (bool verify_peer, 00028 bool strict, 00029 bool once, 00030 int depth, 00031 int ssl_mode, 00032 ACE_SSL_Context* ssl_ctx, 00033 bool release, 00034 ACE::INet::SSL_CallbackManager* ssl_cbmngr) 00035 : ssl_ctx_ (0) 00036 { 00037 if (ssl_ctx == 0) 00038 { 00039 ACE_NEW_NORETURN (ssl_ctx, ACE_SSL_Context ()); 00040 release = true; 00041 } 00042 if (ssl_ctx != 0) 00043 { 00044 if (release) 00045 { 00046 this->alloc_safe.reset (ssl_ctx); 00047 } 00048 this->ssl_ctx_ = ssl_ctx; 00049 00050 this->ssl_ctx_->set_mode (ssl_mode); 00051 if (verify_peer) 00052 this->ssl_ctx_->set_verify_peer (strict ? 1 : 0, 00053 once ? 1 : 0, 00054 depth); 00055 if (ssl_cbmngr != 0) 00056 ssl_cbmngr->initialize_callbacks (this->ssl_ctx_); 00057 // do this to be sure that these settings have been properly set 00058 // ACE_SSL_Context does not handle this quite correctly 00059 ::SSL_CTX_set_verify (this->ssl_ctx_->context (), 00060 this->ssl_ctx_->default_verify_mode (), 00061 this->ssl_ctx_->default_verify_callback ()); 00062 INET_DEBUG (9,(LM_INFO, DLINFO 00063 ACE_TEXT ("HTTPS_Context::ctor - ") 00064 ACE_TEXT ("ssl_mode = [%d], ") 00065 ACE_TEXT ("verify_peer = [%d], ") 00066 ACE_TEXT ("verify_mode = [%d]\n"), 00067 this->ssl_ctx_->get_mode (), 00068 (verify_peer ? 1 : 0), 00069 this->ssl_ctx_->default_verify_mode ())); 00070 } 00071 } 00072 00073 Context::Context (ACE_SSL_Context* ssl_ctx, 00074 bool release, 00075 ACE::INet::SSL_CallbackManager* ssl_cbmngr) 00076 : ssl_ctx_ (ssl_ctx) 00077 { 00078 if (this->ssl_ctx_ != 0) 00079 { 00080 if (release) 00081 this->alloc_safe.reset (this->ssl_ctx_); 00082 00083 if (ssl_cbmngr != 0) 00084 ssl_cbmngr->initialize_callbacks (this->ssl_ctx_); 00085 } 00086 } 00087 00088 Context& Context::instance () 00089 { 00090 return *ACE_Unmanaged_Singleton<Context, ACE_SYNCH::MUTEX>::instance (); 00091 } 00092 00093 Context::Context (const Context&) 00094 { 00095 } 00096 00097 Context::~Context () 00098 { 00099 } 00100 00101 bool Context::load_trusted_ca (const char* ca_location) 00102 { 00103 ACE_stat stat; 00104 if (ca_location != 0 && ACE_OS::stat (ca_location, &stat) == 0) 00105 { 00106 bool is_dir = ((stat.st_mode & S_IFMT) == S_IFDIR); 00107 if (this->ssl_ctx_->load_trusted_ca (is_dir ? 0 : ca_location, 00108 is_dir ? ca_location : 0, 00109 false) == 0) 00110 return true; 00111 } 00112 else 00113 { 00114 INET_ERROR (1, (LM_ERROR, DLINFO 00115 ACE_TEXT ("Context::load_trusted_ca - ") 00116 ACE_TEXT ("invalid ca_location [%C]\n"), 00117 ca_location == 0 ? "(null)" : ca_location)); 00118 } 00119 return false; 00120 } 00121 00122 } 00123 } 00124 00125 ACE_END_VERSIONED_NAMESPACE_DECL
