-/******************************************************************************
- * Icinga 2 *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/) *
- * *
- * This program is free software; you can redistribute it and/or *
- * modify it under the terms of the GNU General Public License *
- * as published by the Free Software Foundation; either version 2 *
- * of the License, or (at your option) any later version. *
- * *
- * This program is distributed in the hope that it will be useful, *
- * but WITHOUT ANY WARRANTY; without even the implied warranty of *
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
- * GNU General Public License for more details. *
- * *
- * You should have received a copy of the GNU General Public License *
- * along with this program; if not, write to the Free Software Foundation *
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA. *
- ******************************************************************************/
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
#include "base/tlsstream.hpp"
#include "base/utility.hpp"
#include "base/logger.hpp"
#include "base/configuration.hpp"
#include "base/convert.hpp"
+#include <boost/asio/ssl/context.hpp>
#include <iostream>
#ifndef _WIN32
* @param sslContext The SSL context for the client.
*/
TlsStream::TlsStream(const Socket::Ptr& socket, const String& hostname, ConnectionRole role, const std::shared_ptr<SSL_CTX>& sslContext)
- : SocketEvents(socket, this), m_Eof(false), m_HandshakeOK(false), m_VerifyOK(true), m_ErrorCode(0),
+ : TlsStream(socket, hostname, role, sslContext.get())
+{
+}
+
+/**
+ * Constructor for the TlsStream class.
+ *
+ * @param role The role of the client.
+ * @param sslContext The SSL context for the client.
+ */
+TlsStream::TlsStream(const Socket::Ptr& socket, const String& hostname, ConnectionRole role, const std::shared_ptr<boost::asio::ssl::context>& sslContext)
+ : TlsStream(socket, hostname, role, sslContext->native_handle())
+{
+}
+
+/**
+ * Constructor for the TlsStream class.
+ *
+ * @param role The role of the client.
+ * @param sslContext The SSL context for the client.
+ */
+TlsStream::TlsStream(const Socket::Ptr& socket, const String& hostname, ConnectionRole role, SSL_CTX* sslContext)
+ : SocketEvents(socket), m_Eof(false), m_HandshakeOK(false), m_VerifyOK(true), m_ErrorCode(0),
m_ErrorOccurred(false), m_Socket(socket), m_Role(role), m_SendQ(new FIFO()), m_RecvQ(new FIFO()),
m_CurrentAction(TlsActionNone), m_Retry(false), m_Shutdown(false)
{
std::ostringstream msgbuf;
char errbuf[120];
- m_SSL = std::shared_ptr<SSL>(SSL_new(sslContext.get()), SSL_free);
+ m_SSL = std::shared_ptr<SSL>(SSL_new(sslContext), SSL_free);
if (!m_SSL) {
msgbuf << "SSL_new() failed with code " << ERR_peek_error() << ", \"" << ERR_error_string(ERR_peek_error(), errbuf) << "\"";
char buffer[64 * 1024];
if (m_CurrentAction == TlsActionNone) {
- bool corked = IsCorked();
- if (!corked && (revents & (POLLIN | POLLERR | POLLHUP)))
+ if (revents & (POLLIN | POLLERR | POLLHUP))
m_CurrentAction = TlsActionRead;
else if (m_SendQ->GetAvailableBytes() > 0 && (revents & POLLOUT))
m_CurrentAction = TlsActionWrite;
else {
- if (corked)
- ChangeEvents(0);
- else
- ChangeEvents(POLLIN);
+ ChangeEvents(POLLIN);
return;
}
lock.unlock();
- while (!IsCorked() && m_RecvQ->IsDataAvailable() && IsHandlingEvents())
+ while (m_RecvQ->IsDataAvailable() && IsHandlingEvents())
SignalDataAvailable();
}
if (!m_SSL)
return;
- (void)SSL_shutdown(m_SSL.get());
+ /* https://www.openssl.org/docs/manmaster/man3/SSL_shutdown.html
+ *
+ * It is recommended to do a bidirectional shutdown by checking
+ * the return value of SSL_shutdown() and call it again until
+ * it returns 1 or a fatal error. A maximum of 2x pending + 2x data
+ * is recommended.
+ */
+ int rc = 0;
+
+ for (int i = 0; i < 4; i++) {
+ if ((rc = SSL_shutdown(m_SSL.get())))
+ break;
+ }
+
m_SSL.reset();
m_Socket->Close();
return m_RecvQ->GetAvailableBytes() > 0;
}
-void TlsStream::SetCorked(bool corked)
-{
- Stream::SetCorked(corked);
-
- boost::mutex::scoped_lock lock(m_Mutex);
-
- if (corked)
- m_CurrentAction = TlsActionNone;
- else
- ChangeEvents(POLLIN | POLLOUT);
-}
-
Socket::Ptr TlsStream::GetSocket() const
{
return m_Socket;
projects / icinga2 / blobdiff