* @param role The role of the client.
* @param sslContext The SSL context for the client.
*/
-TlsStream::TlsStream(const Socket::Ptr& socket, ConnectionRole role, shared_ptr<SSL_CTX> sslContext)
+TlsStream::TlsStream(const Socket::Ptr& socket, ConnectionRole role, const shared_ptr<SSL_CTX>& sslContext)
: m_Socket(socket), m_Role(role)
{
m_SSL = shared_ptr<SSL>(SSL_new(sslContext.get()), SSL_free);
socket->MakeNonBlocking();
- m_BIO = BIO_new_socket(socket->GetFD(), 0);
- BIO_set_nbio(m_BIO, 1);
- SSL_set_bio(m_SSL.get(), m_BIO, m_BIO);
+ SSL_set_fd(m_SSL.get(), socket->GetFD());
if (m_Role == RoleServer)
SSL_set_accept_state(m_SSL.get());
for (;;) {
int rc, err;
- {
- boost::mutex::scoped_lock lock(m_SSLLock);
- rc = SSL_do_handshake(m_SSL.get());
+ rc = SSL_do_handshake(m_SSL.get());
- if (rc > 0)
- break;
+ if (rc > 0)
+ break;
- err = SSL_get_error(m_SSL.get(), rc);
- }
+ err = SSL_get_error(m_SSL.get(), rc);
switch (err) {
case SSL_ERROR_WANT_READ:
while (left > 0) {
int rc, err;
- {
- boost::mutex::scoped_lock lock(m_SSLLock);
- rc = SSL_read(m_SSL.get(), ((char *)buffer) + (count - left), left);
+ rc = SSL_read(m_SSL.get(), ((char *)buffer) + (count - left), left);
- if (rc <= 0)
- err = SSL_get_error(m_SSL.get(), rc);
- }
+ if (rc <= 0)
+ err = SSL_get_error(m_SSL.get(), rc);
if (rc <= 0) {
switch (err) {
while (left > 0) {
int rc, err;
- {
- boost::mutex::scoped_lock lock(m_SSLLock);
- rc = SSL_write(m_SSL.get(), ((const char *)buffer) + (count - left), left);
+ rc = SSL_write(m_SSL.get(), ((const char *)buffer) + (count - left), left);
- if (rc <= 0)
- err = SSL_get_error(m_SSL.get(), rc);
- }
+ if (rc <= 0)
+ err = SSL_get_error(m_SSL.get(), rc);
if (rc <= 0) {
switch (err) {
for (;;) {
int rc, err;
- {
- boost::mutex::scoped_lock lock(m_SSLLock);
-
- do {
- rc = SSL_shutdown(m_SSL.get());
- } while (rc == 0);
+ do {
+ rc = SSL_shutdown(m_SSL.get());
+ } while (rc == 0);
- if (rc > 0)
- break;
+ if (rc > 0)
+ break;
- err = SSL_get_error(m_SSL.get(), rc);
- }
+ err = SSL_get_error(m_SSL.get(), rc);
switch (err) {
case SSL_ERROR_WANT_READ:
public:
DECLARE_PTR_TYPEDEFS(TlsStream);
- TlsStream(const Socket::Ptr& socket, ConnectionRole role, shared_ptr<SSL_CTX> sslContext);
+ TlsStream(const Socket::Ptr& socket, ConnectionRole role, const shared_ptr<SSL_CTX>& sslContext);
shared_ptr<X509> GetClientCertificate(void) const;
shared_ptr<X509> GetPeerCertificate(void) const;
virtual bool IsEof(void) const;
private:
- boost::mutex m_SSLLock;
shared_ptr<SSL> m_SSL;
BIO *m_BIO;
l_Mutexes[type].unlock();
}
+static unsigned long OpenSSLIDCallback(void)
+{
+#ifdef _WIN32
+ return static_cast<unsigned long>(GetCurrentThreadId());
+#else /* _WIN32 */
+ return static_cast<unsigned long>(pthread_self());
+#endif /* _WIN32 */
+}
+
/**
* Initializes the OpenSSL library.
*/
l_Mutexes = new boost::mutex[CRYPTO_num_locks()];
CRYPTO_set_locking_callback(&OpenSSLLockingCallback);
+ CRYPTO_set_id_callback(&OpenSSLIDCallback);
l_SSLInitialized = true;
}
shared_ptr<SSL_CTX> sslContext = shared_ptr<SSL_CTX>(SSL_CTX_new(TLSv1_method()), SSL_CTX_free);
- SSL_CTX_set_mode(sslContext.get(), SSL_MODE_ENABLE_PARTIAL_WRITE | SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER | SSL_MODE_AUTO_RETRY);
+ SSL_CTX_set_mode(sslContext.get(), SSL_MODE_ENABLE_PARTIAL_WRITE | SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
if (!SSL_CTX_use_certificate_chain_file(sslContext.get(), pubkey.CStr())) {
BOOST_THROW_EXCEPTION(openssl_error()
projects / icinga2 / commitdiff