Mercurial > trustbridge
annotate ui/sslconnection.cpp @ 432:16b5cd858571
Updated layout and certificate details in trustbridge installer.
| author | Raimund Renkert <rrenkert@intevation.de> |
|---|---|
| date | Tue, 22 Apr 2014 11:20:13 +0200 |
| parents | 09bb19e5e369 |
| children | f8b480b08532 |
| rev | line source |
|---|---|
| 404 | 1 /* Copyright (C) 2014 by Bundesamt für Sicherheit in der Informationstechnik |
| 2 * Software engineering by Intevation GmbH | |
| 3 * | |
| 4 * This file is Free Software under the GNU GPL (v>=2) | |
| 5 * and comes with ABSOLUTELY NO WARRANTY! | |
| 6 * See LICENSE.txt for details. | |
| 7 */ | |
|
45
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
8 /* TODO: Wrap ssl_session in a class for reuse. |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
9 * see programs/ssl/ssl_client2.c for example of session reuse */ |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
10 #include "sslconnection.h" |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
11 |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
12 #include <QFile> |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
13 #include <QUuid> |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
14 #include <QApplication> |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
15 |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
16 #define MAX_IO_TRIES 10 |
|
46
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
17 #define MAX_RESETS 10 |
|
45
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
18 |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
19 #ifdef CONNECTION_DEBUG |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
20 static void my_debug(void *ctx, int level, const char *str) |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
21 { |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
22 fprintf((FILE *) ctx, "%s", str); |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
23 fflush((FILE *) ctx); |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
24 } |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
25 #endif |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
26 |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
27 QString getErrorMsg(int ret) |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
28 { |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
29 char errbuf[255]; |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
30 polarssl_strerror(ret, errbuf, 255); |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
31 errbuf[254] = '\0'; /* Just to be sure */ |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
32 return QString::fromLatin1(errbuf); |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
33 } |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
34 |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
35 SSLConnection::SSLConnection(const QString& url, |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
36 const QByteArray& certificate): |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
37 mUrl(url), |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
38 mPinnedCert(certificate), |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
39 mInitialized(false), |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
40 mConnected(false), |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
41 mServerFD(-1), |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
42 mErrorState(NoError) |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
43 { |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
44 int ret = -1; |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
45 |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
46 memset(&mSSL, 0, sizeof(ssl_context)); |
|
46
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
47 memset(&mSavedSession, 0, sizeof( ssl_session ) ); |
|
45
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
48 |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
49 if (certificate.isEmpty()) { |
|
409
09bb19e5e369
Remove m13 mentions and change test certificate to intevation.de
Andre Heinecke <aheinecke@intevation.de>
parents:
404
diff
changeset
|
50 QFile certResource(":certs/intevation.de"); |
|
45
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
51 certResource.open(QFile::ReadOnly); |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
52 mPinnedCert = certResource.readAll(); |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
53 certResource.close(); |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
54 } |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
55 |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
56 ret = init(); |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
57 if (ret == 0) { |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
58 mInitialized = true; |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
59 } else { |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
60 qDebug() << "Initialization error: " + getErrorMsg(ret); |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
61 } |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
62 } |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
63 |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
64 int SSLConnection::init() |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
65 { |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
66 int ret = -1; |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
67 QUuid uuid = QUuid::createUuid(); |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
68 QString personalString = QApplication::applicationName() + uuid.toString(); |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
69 QByteArray personalBa = personalString.toLocal8Bit(); |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
70 |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
71 x509_crt_init(&mX509PinnedCert); |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
72 entropy_init(&mEntropy); |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
73 |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
74 ret = ssl_init(&mSSL); |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
75 if (ret != 0) { |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
76 /* The only documented error is malloc failed */ |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
77 mErrorState = ErrUnknown; |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
78 return ret; |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
79 } |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
80 |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
81 /* |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
82 * Initialize random generator. |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
83 * Personalisation string, does not need to be random but |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
84 * should be unique according to documentation. |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
85 * |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
86 * the ctr_drbg structure does not need to be freed explicitly. |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
87 */ |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
88 ret = ctr_drbg_init(&mCtr_drbg, entropy_func, &mEntropy, |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
89 (const unsigned char*) personalBa.constData(), |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
90 personalBa.size()); |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
91 if (ret != 0) { |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
92 ssl_free(&mSSL); |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
93 mErrorState = ErrUnknown; |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
94 return ret; |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
95 } |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
96 |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
97 ret = x509_crt_parse(&mX509PinnedCert, |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
98 (const unsigned char*) mPinnedCert.constData(), |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
99 mPinnedCert.size()); |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
100 if (ret != 0){ |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
101 ssl_free(&mSSL); |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
102 mErrorState = InvalidPinnedCertificate; |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
103 return ret; |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
104 } |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
105 |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
106 ssl_set_endpoint(&mSSL, SSL_IS_CLIENT); |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
107 ssl_set_authmode(&mSSL, SSL_VERIFY_OPTIONAL); |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
108 ssl_set_ca_chain(&mSSL, &mX509PinnedCert, NULL, NULL); |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
109 ssl_set_renegotiation(&mSSL, SSL_RENEGOTIATION_DISABLED); |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
110 ssl_set_rng(&mSSL, ctr_drbg_random, &mCtr_drbg); |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
111 #ifdef RELEASE_BUILD |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
112 ssl_set_min_version(&mSSL, SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3); |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
113 #endif |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
114 |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
115 #ifdef CONNECTION_DEBUG |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
116 ssl_set_dbg(&mSSL, my_debug, stdout); |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
117 #endif |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
118 |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
119 return 0; |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
120 } |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
121 |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
122 SSLConnection::~SSLConnection() { |
|
46
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
123 disconnect(); |
|
45
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
124 x509_crt_free(&mX509PinnedCert); |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
125 entropy_free(&mEntropy); |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
126 if (mInitialized) { |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
127 ssl_free(&mSSL); |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
128 } |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
129 } |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
130 |
|
46
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
131 void SSLConnection::disconnect() { |
|
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
132 if (mConnected) { |
|
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
133 ssl_close_notify(&mSSL); |
|
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
134 if (mServerFD != -1) { |
|
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
135 net_close(mServerFD); |
|
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
136 mServerFD = -1; |
|
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
137 } |
|
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
138 ssl_session_free(&mSavedSession); |
|
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
139 mConnected = false; |
|
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
140 } |
|
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
141 } |
|
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
142 |
|
45
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
143 int SSLConnection::connect() { |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
144 int ret = -1; |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
145 |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
146 if (!mInitialized) { |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
147 mErrorState = ErrUnknown; |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
148 return -1; |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
149 } |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
150 |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
151 ret = net_connect(&mServerFD, mUrl.host().toLatin1().constData(), |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
152 mUrl.port(443)); |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
153 |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
154 if (ret != 0) { |
|
46
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
155 qDebug() << "Connect failed: " << getErrorMsg(ret); |
|
45
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
156 mErrorState = NoConnection; |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
157 return ret; |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
158 } |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
159 |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
160 ssl_set_bio(&mSSL, net_recv, &mServerFD, |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
161 net_send, &mServerFD); |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
162 |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
163 while ((ret = ssl_handshake(&mSSL)) != 0) { |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
164 if (ret != POLARSSL_ERR_NET_WANT_READ && |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
165 ret != POLARSSL_ERR_NET_WANT_WRITE) { |
|
46
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
166 qDebug() << "SSL Handshake failed: " << getErrorMsg(ret); |
|
45
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
167 mErrorState = SSLHandshakeFailed; |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
168 return ret; |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
169 } |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
170 } |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
171 |
|
46
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
172 ret = ssl_get_session(&mSSL, &mSavedSession); |
|
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
173 if (ret != 0) { |
|
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
174 qDebug() << "SSL get session failed: " << getErrorMsg(ret); |
|
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
175 |
|
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
176 mErrorState = NoConnection; |
|
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
177 return ret; |
|
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
178 } |
|
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
179 printf( " ok\n [ Ciphersuite is %s ]\n", |
|
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
180 ssl_get_ciphersuite( &mSSL) ); |
|
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
181 ret = validateCertificate(); |
|
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
182 |
|
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
183 if (ret == 0) { |
|
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
184 mConnected = true; |
|
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
185 } |
|
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
186 return ret; |
|
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
187 } |
|
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
188 |
|
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
189 int SSLConnection::validateCertificate() |
|
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
190 { |
|
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
191 int ret = -1; |
|
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
192 const x509_crt *peerCert = NULL; |
|
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
193 |
|
45
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
194 /* we might want to set the verify function |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
195 * with ssl_set_verify before to archive the |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
196 * certificate pinning. */ |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
197 |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
198 ret = ssl_get_verify_result(&mSSL); |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
199 |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
200 if (ret != 0 ) { |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
201 if((ret & BADCERT_EXPIRED) != 0) |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
202 qDebug() << "server certificate has expired"; |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
203 if((ret & BADCERT_REVOKED) != 0) |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
204 qDebug() << "server certificate has been revoked"; |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
205 if((ret & BADCERT_CN_MISMATCH) != 0) |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
206 qDebug() << "CN mismatch"; |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
207 if((ret & BADCERT_NOT_TRUSTED) != 0) |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
208 qDebug() << "self-signed or not signed by a trusted CA"; |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
209 ret = -1; |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
210 #ifdef RELEASE_BUILD |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
211 mErrorState = InvalidCertificate; |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
212 return -1; |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
213 #endif |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
214 } |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
215 |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
216 peerCert = ssl_get_peer_cert(&mSSL); |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
217 |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
218 if (!peerCert) { |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
219 mErrorState = InvalidCertificate; |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
220 qDebug() << "Failed to get peer cert"; |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
221 return -1; |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
222 } |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
223 |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
224 if (peerCert->raw.len == 0 || |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
225 peerCert->raw.len != mX509PinnedCert.raw.len) { |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
226 mErrorState = InvalidCertificate; |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
227 qDebug() << "Certificate length mismatch"; |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
228 return -1; |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
229 } |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
230 |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
231 /* You can never be sure what those c++ operators do.. |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
232 if (mPinnedCert != QByteArray::fromRawData( |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
233 (const char*) peerCert->raw.p, |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
234 peerCert->raw.len)) { |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
235 qDebug() << "Certificate content mismatch"; |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
236 } |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
237 */ |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
238 |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
239 for (unsigned int i = 0; i < peerCert->raw.len; i++) { |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
240 if (peerCert->raw.p[i] != mX509PinnedCert.raw.p[i]) { |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
241 qDebug() << "Certificate content mismatch"; |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
242 mErrorState = InvalidCertificate; |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
243 return -1; |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
244 } |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
245 } |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
246 return 0; |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
247 } |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
248 |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
249 int SSLConnection::write (const QByteArray& request) |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
250 { |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
251 unsigned int tries = 0; |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
252 int ret = -1; |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
253 |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
254 const unsigned char *buf = (const unsigned char *) request.constData(); |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
255 size_t len = (size_t) request.size(); |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
256 |
|
46
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
257 if (mNeedsReset) { |
|
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
258 ret = reset(); |
|
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
259 if (ret != 0) { |
|
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
260 qDebug() << "Reset failed: " << getErrorMsg(ret); |
|
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
261 return ret; |
|
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
262 } |
|
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
263 } |
|
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
264 |
|
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
265 qDebug() << "Sending request: " << request; |
|
45
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
266 /* According to doc for ssl_write: |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
267 * |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
268 * When this function returns POLARSSL_ERR_NET_WANT_WRITE, |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
269 * it must be called later with the same arguments, |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
270 * until it returns a positive value. |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
271 */ |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
272 do { |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
273 ret = ssl_write(&mSSL, buf, len); |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
274 if (ret >= 0) { |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
275 if ((unsigned int) ret == len) { |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
276 return 0; |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
277 } else { |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
278 qDebug() << "Write failed to write everything"; |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
279 return -1; |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
280 } |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
281 } |
|
46
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
282 if (ret != POLARSSL_ERR_NET_WANT_WRITE && |
|
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
283 ret != POLARSSL_ERR_NET_WANT_READ) { |
|
45
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
284 return ret; |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
285 } |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
286 tries++; |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
287 net_usleep(100000); /* sleep 100ms to give the socket a chance |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
288 to clean up. */ |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
289 } while (tries < MAX_IO_TRIES); |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
290 |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
291 return ret; |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
292 } |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
293 |
|
46
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
294 |
|
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
295 int SSLConnection::reset() |
|
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
296 { |
|
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
297 int ret = -1; |
|
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
298 ssl_close_notify(&mSSL); |
|
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
299 |
|
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
300 ret = ssl_session_reset(&mSSL); |
|
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
301 if (ret != 0) |
|
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
302 { |
|
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
303 qDebug() << "SSL Connection reset failed: " |
|
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
304 << getErrorMsg(ret); |
|
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
305 return ret; |
|
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
306 } |
|
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
307 |
|
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
308 ssl_set_session(&mSSL, &mSavedSession); |
|
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
309 |
|
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
310 ret = net_connect(&mServerFD, mUrl.host().toLatin1().constData(), |
|
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
311 mUrl.port(443)); |
|
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
312 |
|
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
313 if (ret != 0) { |
|
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
314 mErrorState = NoConnection; |
|
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
315 qDebug() << "Connection failed." << getErrorMsg(ret); |
|
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
316 return ret; |
|
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
317 } |
|
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
318 |
|
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
319 while ((ret = ssl_handshake(&mSSL)) != 0) { |
|
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
320 if (ret != POLARSSL_ERR_NET_WANT_READ && |
|
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
321 ret != POLARSSL_ERR_NET_WANT_WRITE) { |
|
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
322 qDebug() << "SSL Handshake failed: " |
|
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
323 << getErrorMsg(ret); |
|
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
324 mErrorState = SSLHandshakeFailed; |
|
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
325 return ret; |
|
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
326 } |
|
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
327 } |
|
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
328 |
|
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
329 qDebug() << "Reset connection. "; |
|
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
330 /* Validation should not be necessary as we reused a saved |
|
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
331 * session. But just to be sure. */ |
|
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
332 return validateCertificate(); |
|
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
333 } |
|
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
334 |
|
45
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
335 QByteArray SSLConnection::read(size_t len) |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
336 { |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
337 unsigned char buf[len]; |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
338 QByteArray retval(""); |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
339 int ret = -1; |
|
46
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
340 unsigned int tries = 0; |
|
45
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
341 |
|
46
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
342 mNeedsReset = true; |
|
45
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
343 do { |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
344 memset (buf, 0, sizeof(buf)); |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
345 ret = ssl_read(&mSSL, buf, len); |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
346 if (ret == 0 || |
|
46
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
347 ret == POLARSSL_ERR_SSL_CONN_EOF || |
|
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
348 ret == POLARSSL_ERR_SSL_PEER_CLOSE_NOTIFY) { |
|
45
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
349 /* EOF */ |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
350 return retval; |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
351 } |
|
46
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
352 if (ret == POLARSSL_ERR_NET_WANT_WRITE || |
|
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
353 ret == POLARSSL_ERR_NET_WANT_READ) { |
|
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
354 net_usleep(100000); /* sleep 100ms to give the socket a chance |
|
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
355 to recover */ |
|
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
356 tries++; |
|
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
357 } |
|
45
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
358 if (ret <= 0) { |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
359 qDebug() << "Read failed: " << getErrorMsg(ret); |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
360 return QByteArray(); |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
361 } |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
362 if (len < (len - (unsigned int) ret)) { |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
363 /* Should never happen if ssl_read behaves */ |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
364 qDebug() << "integer overflow in polarSSLRead"; |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
365 return QByteArray(); |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
366 } |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
367 len -= (unsigned int) ret; |
|
46
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
368 retval.append((const char *)buf, ret); |
|
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
369 } while (len > 0 && tries < MAX_IO_TRIES); |
|
45
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
370 |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
371 return retval; |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
372 } |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
373 |