Main Page   Class Hierarchy   Alphabetical List   Compound List   File List   Compound Members   File Members   Related Pages  

ACE_SSL_Context Class Reference

A wrapper for the OpenSSL SSL_CTX related functions. More...

#include <SSL_Context.h>

List of all members.

Public Types

enum  {
  INVALID_METHOD = -1, SSLv2_client = 1, SSLv2_server, SSLv2,
  SSLv3_client, SSLv3_server, SSLv3, SSLv23_client,
  SSLv23_server, SSLv23, TLSv1_client, TLSv1_server,
  TLSv1
}

Public Methods

 ACE_SSL_Context (void)
 Constructor. More...

 ~ACE_SSL_Context (void)
 Destructor. More...

int set_mode (int mode=ACE_SSL_Context::SSLv23)
int get_mode (void) const
SSL_CTX * context (void)
 Get the SSL context. More...

int private_key_type (void) const
 Get the file name and file format used for the private key. More...

const char * private_key_file_name (void) const
int private_key (const char *file_name, int type=SSL_FILETYPE_PEM)
 Set the private key file. More...

int verify_private_key (void)
 Verify that the private key is valid. More...

int certificate_type (void) const
 Get the file name and file format used for the certificate file. More...

const char * certificate_file_name (void) const
int certificate (const char *file_name, int type=SSL_FILETYPE_PEM)
 Set the certificate file. More...

int load_trusted_ca (const char *ca_file=0, const char *ca_dir=0)
int have_trusted_ca (void) const
void set_verify_peer (int strict=0, int once=1, int depth=0)
void default_verify_mode (int mode)
 TODO: a implementation that will lookup the CTX table for the list of files and paths etc. Query the location of trusted certification authority certificates. More...

int default_verify_mode (void) const
OpenSSL Random Number Generator Seed Related Methods
These are methods that can be used to seed OpenSSL's pseudo-random number generator. These methods can be called more than once.

int random_seed (const char *seed)
 Seed the underlying random number generator. This value should have at least 128 bits of entropy. More...

int egd_file (const char *socket_file)
 Set the Entropy Gathering Daemon (EGD) UNIX domain socket file to read random seed values from. More...

int seed_file (const char *seed_file, long bytes=-1)
Diffie-Hellman (DH) Parameters
When using DSS-based certificates, Diffie-Hellman keys need to be exchanged. These must be provided in the form of DH key generation parameters loaded in, or as fixed keys hardcoded into the code itself. ACE_SSL supports loaded parameters.

int dh_params (const char *file_name, int type=SSL_FILETYPE_PEM)
const char * dh_params_file_name () const
int dh_params_file_type () const

Static Public Methods

ACE_SSL_Context * instance (void)
 The Singleton context, the SSL components use the singleton if nothing else is available. More...

void report_error (unsigned long error_code)
 Print SSL error corresponding to the given error code. More...

void report_error (void)
 Print the last SSL error for the current thread. More...


Private Methods

void check_context (void)
 Verify if the context has been initialized or not. More...

void ssl_library_init ()
 More to document. More...

void ssl_library_fini ()

Friends

void ACE_SSL_locking_callback (int, int, const char *, int)
 Mutex locking/unlocking callback for OpenSSL multithread support. More...


Detailed Description

A wrapper for the OpenSSL SSL_CTX related functions.

This class provides a wrapper for the SSL_CTX data structure. Since most applications have a single SSL_CTX structure, this class can be used as a singleton.

Definition at line 87 of file SSL_Context.h.


Member Enumeration Documentation

anonymous enum
 

Enumeration values:
INVALID_METHOD 
SSLv2_client 
SSLv2_server 
SSLv2 
SSLv3_client 
SSLv3_server 
SSLv3 
SSLv23_client 
SSLv23_server 
SSLv23 
TLSv1_client 
TLSv1_server 
TLSv1 

Definition at line 93 of file SSL_Context.h.

00093        {
00094     INVALID_METHOD = -1,
00095     SSLv2_client = 1,
00096     SSLv2_server,
00097     SSLv2,
00098     SSLv3_client,
00099     SSLv3_server,
00100     SSLv3,
00101     SSLv23_client,
00102     SSLv23_server,
00103     SSLv23,
00104     TLSv1_client,
00105     TLSv1_server,
00106     TLSv1
00107   };


Constructor & Destructor Documentation

ACE_SSL_Context::ACE_SSL_Context void   
 

Constructor.

ACE_SSL_Context::~ACE_SSL_Context void   
 

Destructor.

Definition at line 39 of file SSL_Context.cpp.

References ssl_library_fini.

00040 {
00041   if (this->context_)
00042     {
00043       ::SSL_CTX_free (this->context_);
00044       this->context_ = 0;
00045     }
00046 
00047   ACE_SSL_Context::ssl_library_fini ();
00048 }


Member Function Documentation

int ACE_SSL_Context::certificate const char *    file_name,
int    type = SSL_FILETYPE_PEM
 

Set the certificate file.

Definition at line 334 of file SSL_Context.cpp.

References check_context.

00336 {
00337   if (this->certificate_.type () != -1)
00338     return 0;
00339 
00340   this->certificate_ = ACE_SSL_Data_File (file_name, type);
00341 
00342   this->check_context ();
00343 
00344   if (::SSL_CTX_use_certificate_file (this->context_,
00345                                       this->certificate_.file_name (),
00346                                       this->certificate_.type ()) <= 0)
00347     return -1;
00348   else
00349     return 0;
00350 }

ACE_INLINE const char * ACE_SSL_Context::certificate_file_name void    const
 

Definition at line 73 of file SSL_Context.inl.

00074 {
00075   return this->certificate_.file_name ();
00076 }

ACE_INLINE int ACE_SSL_Context::certificate_type void    const
 

Get the file name and file format used for the certificate file.

Definition at line 67 of file SSL_Context.inl.

00068 {
00069   return this->certificate_.type ();
00070 }

ACE_INLINE void ACE_SSL_Context::check_context void    [private]
 

Verify if the context has been initialized or not.

Definition at line 41 of file SSL_Context.inl.

References set_mode.

Referenced by certificate, context, dh_params, load_trusted_ca, private_key, set_verify_peer, and verify_private_key.

00042 {
00043   if (this->context_ == 0)
00044     this->set_mode ();
00045 }

ACE_INLINE SSL_CTX * ACE_SSL_Context::context void   
 

Get the SSL context.

Definition at line 48 of file SSL_Context.inl.

References check_context.

Referenced by ACE_RCSID.

00049 {
00050   this->check_context ();
00051   return this->context_;
00052 }

ACE_INLINE int ACE_SSL_Context::default_verify_mode void    const
 

Definition at line 97 of file SSL_Context.inl.

Referenced by set_verify_peer.

00098 {
00099   return this->default_verify_mode_;
00100 }

ACE_INLINE void ACE_SSL_Context::default_verify_mode int    mode
 

TODO: a implementation that will lookup the CTX table for the list of files and paths etc. Query the location of trusted certification authority certificates.

Set and query the default verify mode for this context, it is inherited by all the ACE_SSL objects created using the context. It can be overriden on a per-ACE_SSL object.

Definition at line 91 of file SSL_Context.inl.

Referenced by ACE_RCSID.

00092 {
00093   this->default_verify_mode_ = mode;
00094 }

int ACE_SSL_Context::dh_params const char *    file_name,
int    type = SSL_FILETYPE_PEM
 

Load Diffie-Hellman parameters from file_name. The specified file can be a standalone file containing only DH parameters (e.g., as created by openssl dhparam), or it can be a certificate which has a PEM-encoded set of DH params concatenated on to i.

Definition at line 442 of file SSL_Context.cpp.

References check_context.

00444 {
00445   if (this->dh_params_.type () != -1)
00446     return 0;
00447 
00448   this->dh_params_ = ACE_SSL_Data_File (file_name, type);
00449 
00450   this->check_context ();
00451 
00452   {
00453     // For now we only support PEM encodings
00454     if (this->dh_params_.type () != SSL_FILETYPE_PEM)
00455       return -1;
00456 
00457     // Swiped from Rescorla's examples and the OpenSSL s_server.c app
00458     DH *ret=0;
00459     BIO *bio = 0;
00460 
00461     if ((bio = ::BIO_new_file (this->dh_params_.file_name (), "r")) == NULL)
00462       return -1;
00463 
00464     ret = PEM_read_bio_DHparams (bio, NULL, NULL, NULL);
00465     BIO_free (bio);
00466 
00467     if (ret == 0)
00468       return -1;
00469 
00470     if(::SSL_CTX_set_tmp_dh (this->context_, ret) < 0)
00471       return -1;
00472     DH_free (ret);
00473   }
00474 
00475   return 0;
00476 }

ACE_INLINE const char * ACE_SSL_Context::dh_params_file_name   const
 

Load Diffie-Hellman parameters from file_name. The specified file can be a standalone file containing only DH parameters (e.g., as created by openssl dhparam), or it can be a certificate which has a PEM-encoded set of DH params concatenated on to i.

Definition at line 85 of file SSL_Context.inl.

00086 {
00087   return this->dh_params_.file_name ();
00088 }

ACE_INLINE int ACE_SSL_Context::dh_params_file_type   const
 

Load Diffie-Hellman parameters from file_name. The specified file can be a standalone file containing only DH parameters (e.g., as created by openssl dhparam), or it can be a certificate which has a PEM-encoded set of DH params concatenated on to i.

Definition at line 79 of file SSL_Context.inl.

00080 {
00081   return this->dh_params_.type ();
00082 }

int ACE_SSL_Context::egd_file const char *    socket_file
 

Set the Entropy Gathering Daemon (EGD) UNIX domain socket file to read random seed values from.

Definition at line 389 of file SSL_Context.cpp.

Referenced by ssl_library_init.

00390 {
00391 #if OPENSSL_VERSION_NUMBER < 0x00905100L
00392   // OpenSSL < 0.9.5 doesn't have EGD support.
00393   ACE_UNUSED_ARG (socket_file);
00394   ACE_NOTSUP_RETURN (-1);
00395 #else
00396   // RAND_egd() returns the amount of entropy used to seed the random
00397   // number generator.  The actually value should be greater than 16,
00398   // i.e. 128 bits.
00399   if (::RAND_egd (socket_file) > 0)
00400     return 0;
00401   else
00402     return -1;
00403 #endif  /* OPENSSL_VERSION_NUMBER >= 0x00905100L */
00404 }

ACE_INLINE int ACE_SSL_Context::get_mode void    const
 

Definition at line 103 of file SSL_Context.inl.

00104 {
00105   return this->mode_;
00106 }

ACE_INLINE int ACE_SSL_Context::have_trusted_ca void    const
 

Test whether any CA locations have been successfully loaded and return the number of successful attempts.

Returns:
>0 This value indicates the number of successful CA load attempts . 0 If all CA load attempts have failed.

Definition at line 109 of file SSL_Context.inl.

00110 {
00111   return this->have_ca_;
00112 }

ACE_INLINE ACE_SSL_Context * ACE_SSL_Context::instance void    [static]
 

The Singleton context, the SSL components use the singleton if nothing else is available.

Definition at line 35 of file SSL_Context.inl.

References ACE_Singleton::instance.

Referenced by ACE_RCSID.

int ACE_SSL_Context::load_trusted_ca const char *    ca_file = 0,
const char *    ca_dir = 0
 

Load the location of the trusted certification authority certificates. Note that CA certificates are stored in PEM format as a sequence of certificates in <ca_file> or as a set of individual certificates in <ca_dir> (or both).

Note this method is called by set_mode() to load the default environment settings for <ca_file> and <ca_dir>, if any. This allows for automatic service configuration (and backward compatibility with previous versions.

Note that the underlying SSL function will add valid file and directory names to the load location lists maintained as part of the SSL_CTX table. (... It therefore dosn't make sense to keep a copy of the file and path name of the most recently added <ca_file> or <ca_path>.

Returns:
0 for success or -1 on error.
See also:
OpenSSL manual SSL_CTX_load_verify_locations(3) for a detailed description of the CA file and directory requirements and processing.

Definition at line 224 of file SSL_Context.cpp.

References ACE_DEFAULT_SSL_CERT_DIR, ACE_DEFAULT_SSL_CERT_FILE, ACE_SSL_CERT_DIR_ENV, ACE_SSL_CERT_FILE_ENV, check_context, ACE::debug, ACE_OS::getenv, report_error, SSLv2, SSLv23, SSLv23_server, SSLv2_server, SSLv3, SSLv3_server, TLSv1, and TLSv1_server.

Referenced by set_mode.

00225 {
00226   this->check_context ();
00227 
00228   if (ca_file == 0)
00229     {
00230       // Use the default environment settings.
00231       ca_file = ACE_OS::getenv (ACE_SSL_CERT_FILE_ENV);
00232       if (ca_file == 0)
00233         ca_file = ACE_DEFAULT_SSL_CERT_FILE;
00234     }
00235 
00236   if (ca_dir == 0)
00237     {
00238       // Use the default environment settings.
00239       ca_dir = ACE_OS::getenv (ACE_SSL_CERT_DIR_ENV);
00240       if (ca_dir == 0)
00241         ca_dir = ACE_DEFAULT_SSL_CERT_DIR;
00242     }
00243 
00244   // NOTE: SSL_CTX_load_verify_locations() returns 0 on error.
00245   if (::SSL_CTX_load_verify_locations (this->context_,
00246                                        ca_file,
00247                                        ca_dir) <= 0)
00248     {
00249       if (ACE::debug ())
00250         ACE_SSL_Context::report_error ();
00251       return -1;
00252     }
00253   else
00254     {
00255       this->have_ca_++;
00256 
00257       // for TLS/SSL servers scan all certificates in ca_file and list
00258       // then as acceptable CAs when requesting a client certificate.
00259       if (mode_ == SSLv23
00260           || mode_ == SSLv23_server
00261           || mode_ == TLSv1
00262           || mode_ == TLSv1_server
00263           || mode_ == SSLv3
00264           || mode_ == SSLv3_server
00265           || mode_ == SSLv2
00266           || mode_ == SSLv2_server)
00267         {
00268           STACK_OF (X509_NAME) * cert_names;
00269           cert_names = ::SSL_CTX_get_client_CA_list(this->context_);
00270 
00271           if (cert_names == 0)
00272             {
00273               // Set the first certificate authorith list.
00274               cert_names = ::SSL_load_client_CA_file (ca_file);
00275               if (cert_names != 0 )
00276                 ::SSL_CTX_set_client_CA_list (this->context_,
00277                                               cert_names);
00278             }
00279           else
00280             {
00281               // Add new certificate names to the list.
00282               if (!::SSL_add_file_cert_subjects_to_stack (cert_names,
00283                                                           ca_file))
00284                 cert_names = 0;
00285             }
00286 
00287           if (cert_names == 0)
00288             {
00289               if (ACE::debug ())
00290                 ACE_SSL_Context::report_error ();
00291               return -1;
00292             }
00293 
00294           // @todo
00295           // If warranted do the same for ca_dir when the function
00296           // SSL_add_dir_cert_subjects_to_stack() is portable to
00297           // WIN32, VMS, MAC_OS_pre_X (nb. it is not defined for those
00298           // platforms by OpenSSL).
00299         }
00300     }
00301 
00302   return 0;
00303 }

int ACE_SSL_Context::private_key const char *    file_name,
int    type = SSL_FILETYPE_PEM
 

Set the private key file.

Note:
This method should only be called after a certificate has been set since key verification is performed against the certificate, among other things.

Definition at line 307 of file SSL_Context.cpp.

References check_context, and verify_private_key.

00309 {
00310   if (this->private_key_.type () != -1)
00311     return 0;
00312 
00313   this->check_context ();
00314 
00315   this->private_key_ = ACE_SSL_Data_File (file_name, type);
00316 
00317   if (::SSL_CTX_use_PrivateKey_file (this->context_,
00318                                      this->private_key_.file_name (),
00319                                      this->private_key_.type ()) <= 0)
00320     return -1;
00321   else
00322     return this->verify_private_key ();
00323 }

ACE_INLINE const char * ACE_SSL_Context::private_key_file_name void    const
 

Definition at line 61 of file SSL_Context.inl.

00062 {
00063   return this->private_key_.file_name ();
00064 }

ACE_INLINE int ACE_SSL_Context::private_key_type void    const
 

Get the file name and file format used for the private key.

Definition at line 55 of file SSL_Context.inl.

00056 {
00057   return this->private_key_.type ();
00058 }

int ACE_SSL_Context::random_seed const char *    seed
 

Seed the underlying random number generator. This value should have at least 128 bits of entropy.

Definition at line 376 of file SSL_Context.cpp.

References ACE_OS_String::strlen.

00377 {
00378   ::RAND_seed (seed, ACE_OS::strlen (seed));
00379 
00380 #if OPENSSL_VERSION_NUMBER >= 0x00905100L
00381   // RAND_status() returns 1 if the PRNG has enough entropy.
00382   return (::RAND_status () == 1 ? 0 : -1);
00383 #else
00384   return 0;  // Ugly, but OpenSSL <= 0.9.4 doesn't have RAND_status().
00385 #endif  /* OPENSSL_VERSION_NUMBER >= 0x00905100L */
00386 }

void ACE_SSL_Context::report_error void    [static]
 

Print the last SSL error for the current thread.

Definition at line 434 of file SSL_Context.cpp.

References ACE_OS::last_error.

Referenced by ACE_SSL_SOCK_Stream::close, load_trusted_ca, ACE_SSL_SOCK_Stream::recv_i, ACE_SSL_SOCK_Stream::send_i, ACE_SSL_SOCK_Acceptor::ssl_accept, and ACE_SSL_SOCK_Connector::ssl_connect.

00435 {
00436   unsigned long error = ::ERR_get_error ();
00437   ACE_SSL_Context::report_error (error);
00438   ACE_OS::last_error (error);
00439 }

void ACE_SSL_Context::report_error unsigned long    error_code [static]
 

Print SSL error corresponding to the given error code.

Definition at line 418 of file SSL_Context.cpp.

References ACE_ERROR, ACE_TEXT, and LM_ERROR.

00419 {
00420   if (error_code == 0)
00421     return;
00422 
00423   char error_string[256];
00424 
00425   (void) ::ERR_error_string (error_code, error_string);
00426 
00427   ACE_ERROR ((LM_ERROR,
00428               ACE_TEXT ("ACE_SSL (%P|%t) error code: %u - %C\n"),
00429               error_code,
00430               error_string));
00431 }

int ACE_SSL_Context::seed_file const char *    seed_file,
long    bytes = -1
 

Set the file that contains the random seed value state, and the amount of bytes to read. "-1" bytes causes the entire file to be read.

Definition at line 407 of file SSL_Context.cpp.

References seed_file.

Referenced by seed_file, and ssl_library_init.

00408 {
00409   // RAND_load_file() returns the number of bytes used to seed the
00410   // random number generator.
00411   if (::RAND_load_file (seed_file, bytes) > 0)
00412     return 0;
00413   else
00414     return -1;
00415 }

int ACE_SSL_Context::set_mode int    mode = ACE_SSL_Context::SSLv23
 

Set the CTX mode. The mode can be set only once, afterwards the function has no effect and returns -1. Once the mode is set the underlying SSL_CTX is initialized and the class can be used. If the mode is not set, then the class automatically initializes itself to the default mode.

Definition at line 151 of file SSL_Context.cpp.

References ACE_GUARD_RETURN, ACE_MT, ACE_Static_Object_Lock::instance, load_trusted_ca, SSLv2, SSLv23, SSLv23_client, SSLv23_server, SSLv2_client, SSLv2_server, SSLv3, SSLv3_client, SSLv3_server, TLSv1, TLSv1_client, and TLSv1_server.

Referenced by check_context.

00152 {
00153   ACE_MT (ACE_GUARD_RETURN (ACE_Recursive_Thread_Mutex,
00154                             ace_ssl_mon,
00155                             *ACE_Static_Object_Lock::instance (),
00156                             -1));
00157 
00158   if (this->context_ != 0)
00159     return -1;
00160 
00161   SSL_METHOD *method = 0;
00162 
00163   switch (mode)
00164     {
00165     case ACE_SSL_Context::SSLv2_client:
00166       method = ::SSLv2_client_method ();
00167       break;
00168     case ACE_SSL_Context::SSLv2_server:
00169       method = ::SSLv2_server_method ();
00170       break;
00171     case ACE_SSL_Context::SSLv2:
00172       method = ::SSLv2_method ();
00173       break;
00174     case ACE_SSL_Context::SSLv3_client:
00175       method = ::SSLv3_client_method ();
00176       break;
00177     case ACE_SSL_Context::SSLv3_server:
00178       method = ::SSLv3_server_method ();
00179       break;
00180     case ACE_SSL_Context::SSLv3:
00181       method = ::SSLv3_method ();
00182       break;
00183     case ACE_SSL_Context::SSLv23_client:
00184       method = ::SSLv23_client_method ();
00185       break;
00186     case ACE_SSL_Context::SSLv23_server:
00187       method = ::SSLv23_server_method ();
00188       break;
00189     case ACE_SSL_Context::SSLv23:
00190       method = ::SSLv23_method ();
00191       break;
00192     case ACE_SSL_Context::TLSv1_client:
00193       method = ::TLSv1_client_method ();
00194       break;
00195     case ACE_SSL_Context::TLSv1_server:
00196       method = ::TLSv1_server_method ();
00197       break;
00198     case ACE_SSL_Context::TLSv1:
00199       method = ::TLSv1_method ();
00200       break;
00201     default:
00202       method = ::SSLv3_method ();
00203       break;
00204     }
00205 
00206   this->context_ = ::SSL_CTX_new (method);
00207   if (this->context_ == 0)
00208     return -1;
00209 
00210   this->mode_ = mode;
00211 
00212   // Load the trusted certificate authority (default) certificate
00213   // locations. But do not return -1 on error, doing so confuses CTX
00214   // allocation (severe error) with the less important loading of CA
00215   // certificate location error.  If it is important for your
00216   // application then call ACE_SSL_Context::have_trusted_ca(),
00217   // immediately following this call to set_mode().
00218   (void) this->load_trusted_ca ();
00219 
00220   return 0;
00221 }

void ACE_SSL_Context::set_verify_peer int    strict = 0,
int    once = 1,
int    depth = 0
 

Todo:
Complete this documentation where elipses(...) are used

@doc Use this method when certificate chain verification is required. The default server behaviour is SSL_VERIFY_NONE i.e. client certicates are requested for verified. This method can be used to configure server to request client certificates and perform the certificate verification. If <strict> is set true the client connection is rejected when certificate verification fails. Otherwise the session is accepted with a warning, which is the default behaviour. If <once> is set true (default), certificates are requested only once per session. The last parameter <depth> can be used to set the verification depth.

Note for verification to work correctly there should be a valid CA name list set using load_trusted_ca().

See also:
OpenSSL documentation of SSL_CTX_set_verify(3) for details of the verification process.
See also:
OpenSSL documentation ... set_verify_depth(3) ...
Note that this method overrides the use of the default_verify_mode() method.

Definition at line 353 of file SSL_Context.cpp.

References check_context, and default_verify_mode.

00354 {
00355   this->check_context ();
00356 
00357   // Setup the peer verififcation mode.
00358 
00359   int verify_mode = SSL_VERIFY_PEER;
00360   if (once)
00361     verify_mode |= SSL_VERIFY_CLIENT_ONCE;
00362   if (strict)
00363     verify_mode |= SSL_VERIFY_FAIL_IF_NO_PEER_CERT;
00364 
00365   // set the default verify mode
00366   this->default_verify_mode (verify_mode);
00367 
00368   // Set the max certificate depth but later let the verify_callback
00369   // catch the depth error by adding one to the required depth.
00370   if (depth > 0)
00371     ::SSL_CTX_set_verify_depth (this->context_, depth + 1);
00372 }

void ACE_SSL_Context::ssl_library_fini   [private]
 

Definition at line 124 of file SSL_Context.cpp.

References ACE_GUARD, ACE_MT, ACE_Static_Object_Lock::instance, and ACE_OS::mutex_destroy.

Referenced by ~ACE_SSL_Context.

00125 {
00126   ACE_MT (ACE_GUARD (ACE_Recursive_Thread_Mutex,
00127                      ace_ssl_mon,
00128                      *ACE_Static_Object_Lock::instance ()));
00129 
00130   ACE_SSL_Context::library_init_count_--;
00131   if (ACE_SSL_Context::library_init_count_ == 0)
00132     {
00133       ::ERR_free_strings ();
00134       ::EVP_cleanup ();
00135 
00136       // Clean up the locking callbacks after everything else has been
00137       // cleaned up.
00138 #ifdef ACE_HAS_THREADS
00139       int num_locks = ::CRYPTO_num_locks ();
00140 
00141       ::CRYPTO_set_locking_callback (0);
00142       for (int i = 0; i < num_locks; ++i)
00143         ACE_OS::mutex_destroy (&(ACE_SSL_Context::lock_[i]));
00144 
00145       delete [] ACE_SSL_Context::lock_;
00146 #endif  /* ACE_HAS_THREADS */
00147     }
00148 }

void ACE_SSL_Context::ssl_library_init   [private]
 

More to document.

@

Definition at line 51 of file SSL_Context.cpp.

References ACE_ERROR, ACE_GUARD, ACE_MT, ACE_NEW, ACE_SSL_EGD_FILE_ENV, ACE_SSL_RAND_FILE_ENV, ACE_TEXT, egd_file, ACE_OS::getenv, ACE_Static_Object_Lock::instance, LM_ERROR, ACE_OS::mutex_init, and seed_file.

Referenced by ACE_RCSID.

00052 {
00053   ACE_MT (ACE_GUARD (ACE_Recursive_Thread_Mutex,
00054                      ace_ssl_mon,
00055                      *ACE_Static_Object_Lock::instance ()));
00056 
00057   if (ACE_SSL_Context::library_init_count_ == 0)
00058     {
00059       // Initialize the locking callbacks before initializing anything
00060       // else.
00061 #ifdef ACE_HAS_THREADS
00062       int num_locks = ::CRYPTO_num_locks ();
00063 
00064       ACE_NEW (ACE_SSL_Context::lock_,
00065                ACE_mutex_t[num_locks]);
00066 
00067       for (int i = 0; i < num_locks; ++i)
00068         {
00069           // rwlock_init(&(ACE_SSL_Context::lock_[i]), USYNC_THREAD,
00070           // 0);
00071           if (ACE_OS::mutex_init (&(ACE_SSL_Context::lock_[i]),
00072                                   USYNC_THREAD) != 0)
00073             ACE_ERROR ((LM_ERROR,
00074                         ACE_TEXT ("(%P|%t) ACE_SSL_Context::ssl_library_init ")
00075                         ACE_TEXT ("- %p\n"),
00076                         ACE_TEXT ("mutex_init")));
00077         }
00078 
00079 # if !defined (WIN32)
00080       // This call isn't necessary on some platforms.  See the CRYPTO
00081       // library's threads(3) man page for details.
00082       ::CRYPTO_set_id_callback (ACE_SSL_thread_id);
00083 # endif  /* WIN32 */
00084       ::CRYPTO_set_locking_callback (ACE_SSL_locking_callback);
00085 #endif  /* ACE_HAS_THREADS */
00086 
00087       ::SSLeay_add_ssl_algorithms ();
00088       ::SSL_load_error_strings ();
00089 
00090       // Seed the random number generator.  Note that the random
00091       // number generator can be seeded more than once to "stir" its
00092       // state.
00093 
00094 #ifdef WIN32
00095       // Seed the random number generator by sampling the screen.
00096       ::RAND_screen ();
00097 #endif  /* WIN32 */
00098 
00099 #if OPENSSL_VERSION_NUMBER >= 0x00905100L
00100       // OpenSSL < 0.9.5 doesn't have EGD support.
00101 
00102       const char *egd_socket_file =
00103         ACE_OS::getenv (ACE_SSL_EGD_FILE_ENV);
00104 
00105       if (egd_socket_file != 0)
00106         (void) this->egd_file (egd_socket_file);
00107 #endif  /* OPENSSL_VERSION_NUMBER */
00108 
00109       const char *rand_file =
00110         ACE_OS::getenv (ACE_SSL_RAND_FILE_ENV);
00111 
00112       if (rand_file != 0)
00113         (void) this->seed_file (rand_file);
00114 
00115       // Initialize the mutexes that will be used by the SSL and
00116       // crypto library.
00117 
00118     }
00119 
00120   ACE_SSL_Context::library_init_count_++;
00121 }

int ACE_SSL_Context::verify_private_key void   
 

Verify that the private key is valid.

Note:
This method should only be called after a certificate has been set since key verification is performed against the certificate, among other things.

Definition at line 326 of file SSL_Context.cpp.

References check_context.

Referenced by private_key.

00327 {
00328   this->check_context ();
00329 
00330   return (::SSL_CTX_check_private_key (this->context_) <= 0 ? -1 : 0);
00331 }


Friends And Related Function Documentation

void ACE_SSL_locking_callback int   ,
int   ,
const char *   ,
int   
[friend]
 

Mutex locking/unlocking callback for OpenSSL multithread support.

Definition at line 483 of file SSL_Context.cpp.

00487 {
00488   // #ifdef undef
00489   //   fprintf(stderr,"thread=%4d mode=%s lock=%s %s:%d\n",
00490   //           CRYPTO_thread_id(),
00491   //           (mode&CRYPTO_LOCK)?"l":"u",
00492   //           (type&CRYPTO_READ)?"r":"w",file,line);
00493   // #endif
00494   //   /*
00495   //     if (CRYPTO_LOCK_SSL_CERT == type)
00496   //     fprintf(stderr,"(t,m,f,l) %ld %d %s %d\n",
00497   //     CRYPTO_thread_id(),
00498   //     mode,file,line);
00499   //   */
00500   if (mode & CRYPTO_LOCK)
00501     ACE_OS::mutex_lock (&(ACE_SSL_Context::lock_[type]));
00502   else
00503     ACE_OS::mutex_unlock (&(ACE_SSL_Context::lock_[type]));
00504 }


The documentation for this class was generated from the following files:
Generated on Mon Jun 16 13:16:16 2003 for ACE_SSL by doxygen1.2.14 written by Dimitri van Heesch, © 1997-2002