diff options
| author | Gordon Sim <gsim@apache.org> | 2009-11-09 15:30:18 +0000 |
|---|---|---|
| committer | Gordon Sim <gsim@apache.org> | 2009-11-09 15:30:18 +0000 |
| commit | 58efa10f3ed794dac024a1995e871a1368faeddc (patch) | |
| tree | 7a96ce8642acfdc19546512fadfc8783fbc252d3 /cpp/src/qpid/sys/ssl | |
| parent | bb32d235be89547bb7e8621ce56c66e4dabdd43a (diff) | |
| download | qpid-python-58efa10f3ed794dac024a1995e871a1368faeddc.tar.gz | |
QPID-1899: Applied patch from Ken Giusti to tie in SASL enctryption to the handling of the --require-encrypted option
git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk/qpid@834108 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'cpp/src/qpid/sys/ssl')
| -rw-r--r-- | cpp/src/qpid/sys/ssl/SslHandler.cpp | 4 | ||||
| -rw-r--r-- | cpp/src/qpid/sys/ssl/SslIo.cpp | 1 | ||||
| -rw-r--r-- | cpp/src/qpid/sys/ssl/SslIo.h | 3 | ||||
| -rw-r--r-- | cpp/src/qpid/sys/ssl/SslSocket.cpp | 20 | ||||
| -rw-r--r-- | cpp/src/qpid/sys/ssl/SslSocket.h | 2 |
5 files changed, 28 insertions, 2 deletions
diff --git a/cpp/src/qpid/sys/ssl/SslHandler.cpp b/cpp/src/qpid/sys/ssl/SslHandler.cpp index 9cf74e4b6d..3469f88c0f 100644 --- a/cpp/src/qpid/sys/ssl/SslHandler.cpp +++ b/cpp/src/qpid/sys/ssl/SslHandler.cpp @@ -111,7 +111,7 @@ void SslHandler::readbuff(SslIO& , SslIO::BufferBase* buff) { decoded = in.getPosition(); QPID_LOG(debug, "RECV [" << identifier << "] INIT(" << protocolInit << ")"); try { - codec = factory->create(protocolInit.getVersion(), *this, identifier); + codec = factory->create(protocolInit.getVersion(), *this, identifier, aio->getKeyLen()); if (!codec) { //TODO: may still want to revise this... //send valid version header & close connection. @@ -166,7 +166,7 @@ void SslHandler::nobuffs(SslIO&) { void SslHandler::idle(SslIO&){ if (isClient && codec == 0) { - codec = factory->create(*this, identifier); + codec = factory->create(*this, identifier, aio->getKeyLen()); write(framing::ProtocolInitiation(codec->getVersion())); return; } diff --git a/cpp/src/qpid/sys/ssl/SslIo.cpp b/cpp/src/qpid/sys/ssl/SslIo.cpp index 282d77258f..c149d6ea74 100644 --- a/cpp/src/qpid/sys/ssl/SslIo.cpp +++ b/cpp/src/qpid/sys/ssl/SslIo.cpp @@ -436,3 +436,4 @@ void SslIO::close(DispatchHandle& h) { } } +int SslIO::getKeyLen() {return socket.getKeyLen();} diff --git a/cpp/src/qpid/sys/ssl/SslIo.h b/cpp/src/qpid/sys/ssl/SslIo.h index 2d0d5b296c..3162abac40 100644 --- a/cpp/src/qpid/sys/ssl/SslIo.h +++ b/cpp/src/qpid/sys/ssl/SslIo.h @@ -121,6 +121,7 @@ public: typedef boost::function1<void, SslIO&> BuffersEmptyCallback; typedef boost::function1<void, SslIO&> IdleCallback; + private: ReadCallback readCallback; EofCallback eofCallback; @@ -155,6 +156,8 @@ public: bool writeQueueEmpty() { return writeQueue.empty(); } BufferBase* getQueuedBuffer(); + int getKeyLen(); + private: ~SslIO(); void readable(qpid::sys::DispatchHandle& handle); diff --git a/cpp/src/qpid/sys/ssl/SslSocket.cpp b/cpp/src/qpid/sys/ssl/SslSocket.cpp index 9181f56b94..aa8cf127d7 100644 --- a/cpp/src/qpid/sys/ssl/SslSocket.cpp +++ b/cpp/src/qpid/sys/ssl/SslSocket.cpp @@ -274,4 +274,24 @@ void SslSocket::setTcpNoDelay(bool nodelay) const } } + +/** get the bit length of the current cipher's key */ +int SslSocket::getKeyLen() const +{ + int enabled = 0; + int keySize = 0; + SECStatus rc; + + rc = SSL_SecurityStatus( socket, + &enabled, + NULL, + NULL, + &keySize, + NULL, NULL ); + if (rc == SECSuccess && enabled) { + return keySize; + } + return 0; +} + }}} // namespace qpid::sys::ssl diff --git a/cpp/src/qpid/sys/ssl/SslSocket.h b/cpp/src/qpid/sys/ssl/SslSocket.h index a0e73e8181..f1f05e7a98 100644 --- a/cpp/src/qpid/sys/ssl/SslSocket.h +++ b/cpp/src/qpid/sys/ssl/SslSocket.h @@ -100,6 +100,8 @@ public: */ int getError() const; + int getKeyLen() const; + private: mutable std::string connectname; mutable PRFileDesc* socket; |