Mercurial > trustbridge
annotate ui/sslconnection.cpp @ 802:2db9ab3f6b1b
String unified.
author | Bernhard Reiter <bernhard@intevation.de> |
---|---|
date | Tue, 15 Jul 2014 15:48:21 +0200 |
parents | e32ae933391f |
children |
rev | line source |
---|---|
404 | 1 /* Copyright (C) 2014 by Bundesamt für Sicherheit in der Informationstechnik |
2 * Software engineering by Intevation GmbH | |
3 * | |
4 * This file is Free Software under the GNU GPL (v>=2) | |
5 * and comes with ABSOLUTELY NO WARRANTY! | |
6 * See LICENSE.txt for details. | |
7 */ | |
45
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
8 /* TODO: Wrap ssl_session in a class for reuse. |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
9 * see programs/ssl/ssl_client2.c for example of session reuse */ |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
10 #include "sslconnection.h" |
452
f8b480b08532
Factor out polarssl error handling and start new sslhelp file
Andre Heinecke <aheinecke@intevation.de>
parents:
409
diff
changeset
|
11 #include "sslhelp.h" |
45
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
12 |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
13 #include <QFile> |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
14 #include <QUuid> |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
15 #include <QApplication> |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
16 |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
17 #define MAX_IO_TRIES 10 |
46
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
18 #define MAX_RESETS 10 |
45
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
19 |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
20 #ifdef CONNECTION_DEBUG |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
21 static void my_debug(void *ctx, int level, const char *str) |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
22 { |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
23 fprintf((FILE *) ctx, "%s", str); |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
24 fflush((FILE *) ctx); |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
25 } |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
26 #endif |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
27 |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
28 SSLConnection::SSLConnection(const QString& url, |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
29 const QByteArray& certificate): |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
30 mUrl(url), |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
31 mPinnedCert(certificate), |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
32 mInitialized(false), |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
33 mConnected(false), |
574
e32ae933391f
Initialised private member variable mNeedsReset for SSLConnection in constructor (cppcheck-1.65 warning).
Bernhard Reiter <bernhard@intevation.de>
parents:
452
diff
changeset
|
34 mNeedsReset(false), |
45
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
35 mServerFD(-1), |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
36 mErrorState(NoError) |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
37 { |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
38 int ret = -1; |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
39 |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
40 memset(&mSSL, 0, sizeof(ssl_context)); |
46
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
41 memset(&mSavedSession, 0, sizeof( ssl_session ) ); |
45
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
42 |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
43 if (certificate.isEmpty()) { |
409
09bb19e5e369
Remove m13 mentions and change test certificate to intevation.de
Andre Heinecke <aheinecke@intevation.de>
parents:
404
diff
changeset
|
44 QFile certResource(":certs/intevation.de"); |
45
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
45 certResource.open(QFile::ReadOnly); |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
46 mPinnedCert = certResource.readAll(); |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
47 certResource.close(); |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
48 } |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
49 |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
50 ret = init(); |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
51 if (ret == 0) { |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
52 mInitialized = true; |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
53 } else { |
452
f8b480b08532
Factor out polarssl error handling and start new sslhelp file
Andre Heinecke <aheinecke@intevation.de>
parents:
409
diff
changeset
|
54 qDebug() << "Initialization error: " + getPolarSSLErrorMsg(ret); |
45
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
55 } |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
56 } |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
57 |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
58 int SSLConnection::init() |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
59 { |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
60 int ret = -1; |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
61 QUuid uuid = QUuid::createUuid(); |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
62 QString personalString = QApplication::applicationName() + uuid.toString(); |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
63 QByteArray personalBa = personalString.toLocal8Bit(); |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
64 |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
65 x509_crt_init(&mX509PinnedCert); |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
66 entropy_init(&mEntropy); |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
67 |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
68 ret = ssl_init(&mSSL); |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
69 if (ret != 0) { |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
70 /* The only documented error is malloc failed */ |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
71 mErrorState = ErrUnknown; |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
72 return ret; |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
73 } |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
74 |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
75 /* |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
76 * Initialize random generator. |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
77 * Personalisation string, does not need to be random but |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
78 * should be unique according to documentation. |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
79 * |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
80 * the ctr_drbg structure does not need to be freed explicitly. |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
81 */ |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
82 ret = ctr_drbg_init(&mCtr_drbg, entropy_func, &mEntropy, |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
83 (const unsigned char*) personalBa.constData(), |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
84 personalBa.size()); |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
85 if (ret != 0) { |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
86 ssl_free(&mSSL); |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
87 mErrorState = ErrUnknown; |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
88 return ret; |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
89 } |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
90 |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
91 ret = x509_crt_parse(&mX509PinnedCert, |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
92 (const unsigned char*) mPinnedCert.constData(), |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
93 mPinnedCert.size()); |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
94 if (ret != 0){ |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
95 ssl_free(&mSSL); |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
96 mErrorState = InvalidPinnedCertificate; |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
97 return ret; |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
98 } |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
99 |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
100 ssl_set_endpoint(&mSSL, SSL_IS_CLIENT); |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
101 ssl_set_authmode(&mSSL, SSL_VERIFY_OPTIONAL); |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
102 ssl_set_ca_chain(&mSSL, &mX509PinnedCert, NULL, NULL); |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
103 ssl_set_renegotiation(&mSSL, SSL_RENEGOTIATION_DISABLED); |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
104 ssl_set_rng(&mSSL, ctr_drbg_random, &mCtr_drbg); |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
105 #ifdef RELEASE_BUILD |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
106 ssl_set_min_version(&mSSL, SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3); |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
107 #endif |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
108 |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
109 #ifdef CONNECTION_DEBUG |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
110 ssl_set_dbg(&mSSL, my_debug, stdout); |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
111 #endif |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
112 |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
113 return 0; |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
114 } |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
115 |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
116 SSLConnection::~SSLConnection() { |
46
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
117 disconnect(); |
45
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
118 x509_crt_free(&mX509PinnedCert); |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
119 entropy_free(&mEntropy); |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
120 if (mInitialized) { |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
121 ssl_free(&mSSL); |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
122 } |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
123 } |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
124 |
46
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
125 void SSLConnection::disconnect() { |
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
126 if (mConnected) { |
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
127 ssl_close_notify(&mSSL); |
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
128 if (mServerFD != -1) { |
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
129 net_close(mServerFD); |
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
130 mServerFD = -1; |
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
131 } |
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
132 ssl_session_free(&mSavedSession); |
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
133 mConnected = false; |
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
134 } |
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
135 } |
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
136 |
45
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
137 int SSLConnection::connect() { |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
138 int ret = -1; |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
139 |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
140 if (!mInitialized) { |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
141 mErrorState = ErrUnknown; |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
142 return -1; |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
143 } |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
144 |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
145 ret = net_connect(&mServerFD, mUrl.host().toLatin1().constData(), |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
146 mUrl.port(443)); |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
147 |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
148 if (ret != 0) { |
452
f8b480b08532
Factor out polarssl error handling and start new sslhelp file
Andre Heinecke <aheinecke@intevation.de>
parents:
409
diff
changeset
|
149 qDebug() << "Connect failed: " << getPolarSSLErrorMsg(ret); |
45
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
150 mErrorState = NoConnection; |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
151 return ret; |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
152 } |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
153 |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
154 ssl_set_bio(&mSSL, net_recv, &mServerFD, |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
155 net_send, &mServerFD); |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
156 |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
157 while ((ret = ssl_handshake(&mSSL)) != 0) { |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
158 if (ret != POLARSSL_ERR_NET_WANT_READ && |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
159 ret != POLARSSL_ERR_NET_WANT_WRITE) { |
452
f8b480b08532
Factor out polarssl error handling and start new sslhelp file
Andre Heinecke <aheinecke@intevation.de>
parents:
409
diff
changeset
|
160 qDebug() << "SSL Handshake failed: " << getPolarSSLErrorMsg(ret); |
45
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
161 mErrorState = SSLHandshakeFailed; |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
162 return ret; |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
163 } |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
164 } |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
165 |
46
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
166 ret = ssl_get_session(&mSSL, &mSavedSession); |
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
167 if (ret != 0) { |
452
f8b480b08532
Factor out polarssl error handling and start new sslhelp file
Andre Heinecke <aheinecke@intevation.de>
parents:
409
diff
changeset
|
168 qDebug() << "SSL get session failed: " << getPolarSSLErrorMsg(ret); |
46
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
169 |
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
170 mErrorState = NoConnection; |
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
171 return ret; |
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
172 } |
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
173 printf( " ok\n [ Ciphersuite is %s ]\n", |
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
174 ssl_get_ciphersuite( &mSSL) ); |
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
175 ret = validateCertificate(); |
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
176 |
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
177 if (ret == 0) { |
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
178 mConnected = true; |
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
179 } |
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
180 return ret; |
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
181 } |
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
182 |
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
183 int SSLConnection::validateCertificate() |
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
184 { |
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
185 int ret = -1; |
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
186 const x509_crt *peerCert = NULL; |
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
187 |
45
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
188 /* we might want to set the verify function |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
189 * with ssl_set_verify before to archive the |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
190 * certificate pinning. */ |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
191 |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
192 ret = ssl_get_verify_result(&mSSL); |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
193 |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
194 if (ret != 0 ) { |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
195 if((ret & BADCERT_EXPIRED) != 0) |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
196 qDebug() << "server certificate has expired"; |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
197 if((ret & BADCERT_REVOKED) != 0) |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
198 qDebug() << "server certificate has been revoked"; |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
199 if((ret & BADCERT_CN_MISMATCH) != 0) |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
200 qDebug() << "CN mismatch"; |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
201 if((ret & BADCERT_NOT_TRUSTED) != 0) |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
202 qDebug() << "self-signed or not signed by a trusted CA"; |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
203 ret = -1; |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
204 #ifdef RELEASE_BUILD |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
205 mErrorState = InvalidCertificate; |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
206 return -1; |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
207 #endif |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
208 } |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
209 |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
210 peerCert = ssl_get_peer_cert(&mSSL); |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
211 |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
212 if (!peerCert) { |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
213 mErrorState = InvalidCertificate; |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
214 qDebug() << "Failed to get peer cert"; |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
215 return -1; |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
216 } |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
217 |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
218 if (peerCert->raw.len == 0 || |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
219 peerCert->raw.len != mX509PinnedCert.raw.len) { |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
220 mErrorState = InvalidCertificate; |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
221 qDebug() << "Certificate length mismatch"; |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
222 return -1; |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
223 } |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
224 |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
225 /* You can never be sure what those c++ operators do.. |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
226 if (mPinnedCert != QByteArray::fromRawData( |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
227 (const char*) peerCert->raw.p, |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
228 peerCert->raw.len)) { |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
229 qDebug() << "Certificate content mismatch"; |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
230 } |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
231 */ |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
232 |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
233 for (unsigned int i = 0; i < peerCert->raw.len; i++) { |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
234 if (peerCert->raw.p[i] != mX509PinnedCert.raw.p[i]) { |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
235 qDebug() << "Certificate content mismatch"; |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
236 mErrorState = InvalidCertificate; |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
237 return -1; |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
238 } |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
239 } |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
240 return 0; |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
241 } |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
242 |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
243 int SSLConnection::write (const QByteArray& request) |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
244 { |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
245 unsigned int tries = 0; |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
246 int ret = -1; |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
247 |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
248 const unsigned char *buf = (const unsigned char *) request.constData(); |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
249 size_t len = (size_t) request.size(); |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
250 |
46
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
251 if (mNeedsReset) { |
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
252 ret = reset(); |
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
253 if (ret != 0) { |
452
f8b480b08532
Factor out polarssl error handling and start new sslhelp file
Andre Heinecke <aheinecke@intevation.de>
parents:
409
diff
changeset
|
254 qDebug() << "Reset failed: " << getPolarSSLErrorMsg(ret); |
46
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
255 return ret; |
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
256 } |
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
257 } |
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
258 |
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
259 qDebug() << "Sending request: " << request; |
45
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
260 /* According to doc for ssl_write: |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
261 * |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
262 * When this function returns POLARSSL_ERR_NET_WANT_WRITE, |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
263 * it must be called later with the same arguments, |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
264 * until it returns a positive value. |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
265 */ |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
266 do { |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
267 ret = ssl_write(&mSSL, buf, len); |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
268 if (ret >= 0) { |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
269 if ((unsigned int) ret == len) { |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
270 return 0; |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
271 } else { |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
272 qDebug() << "Write failed to write everything"; |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
273 return -1; |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
274 } |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
275 } |
46
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
276 if (ret != POLARSSL_ERR_NET_WANT_WRITE && |
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
277 ret != POLARSSL_ERR_NET_WANT_READ) { |
45
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
278 return ret; |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
279 } |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
280 tries++; |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
281 net_usleep(100000); /* sleep 100ms to give the socket a chance |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
282 to clean up. */ |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
283 } while (tries < MAX_IO_TRIES); |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
284 |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
285 return ret; |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
286 } |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
287 |
46
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
288 |
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
289 int SSLConnection::reset() |
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
290 { |
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
291 int ret = -1; |
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
292 ssl_close_notify(&mSSL); |
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
293 |
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
294 ret = ssl_session_reset(&mSSL); |
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
295 if (ret != 0) |
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
296 { |
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
297 qDebug() << "SSL Connection reset failed: " |
452
f8b480b08532
Factor out polarssl error handling and start new sslhelp file
Andre Heinecke <aheinecke@intevation.de>
parents:
409
diff
changeset
|
298 << getPolarSSLErrorMsg(ret); |
46
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
299 return ret; |
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
300 } |
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
301 |
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
302 ssl_set_session(&mSSL, &mSavedSession); |
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
303 |
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
304 ret = net_connect(&mServerFD, mUrl.host().toLatin1().constData(), |
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
305 mUrl.port(443)); |
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
306 |
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
307 if (ret != 0) { |
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
308 mErrorState = NoConnection; |
452
f8b480b08532
Factor out polarssl error handling and start new sslhelp file
Andre Heinecke <aheinecke@intevation.de>
parents:
409
diff
changeset
|
309 qDebug() << "Connection failed." << getPolarSSLErrorMsg(ret); |
46
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
310 return ret; |
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
311 } |
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
312 |
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
313 while ((ret = ssl_handshake(&mSSL)) != 0) { |
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
314 if (ret != POLARSSL_ERR_NET_WANT_READ && |
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
315 ret != POLARSSL_ERR_NET_WANT_WRITE) { |
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
316 qDebug() << "SSL Handshake failed: " |
452
f8b480b08532
Factor out polarssl error handling and start new sslhelp file
Andre Heinecke <aheinecke@intevation.de>
parents:
409
diff
changeset
|
317 << getPolarSSLErrorMsg(ret); |
46
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
318 mErrorState = SSLHandshakeFailed; |
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
319 return ret; |
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
320 } |
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
321 } |
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
322 |
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
323 qDebug() << "Reset connection. "; |
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
324 /* Validation should not be necessary as we reused a saved |
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
325 * session. But just to be sure. */ |
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
326 return validateCertificate(); |
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
327 } |
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
328 |
45
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
329 QByteArray SSLConnection::read(size_t len) |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
330 { |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
331 unsigned char buf[len]; |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
332 QByteArray retval(""); |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
333 int ret = -1; |
46
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
334 unsigned int tries = 0; |
45
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
335 |
46
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
336 mNeedsReset = true; |
45
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
337 do { |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
338 memset (buf, 0, sizeof(buf)); |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
339 ret = ssl_read(&mSSL, buf, len); |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
340 if (ret == 0 || |
46
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
341 ret == POLARSSL_ERR_SSL_CONN_EOF || |
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
342 ret == POLARSSL_ERR_SSL_PEER_CLOSE_NOTIFY) { |
45
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
343 /* EOF */ |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
344 return retval; |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
345 } |
46
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
346 if (ret == POLARSSL_ERR_NET_WANT_WRITE || |
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
347 ret == POLARSSL_ERR_NET_WANT_READ) { |
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
348 net_usleep(100000); /* sleep 100ms to give the socket a chance |
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
349 to recover */ |
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
350 tries++; |
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
351 } |
45
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
352 if (ret <= 0) { |
452
f8b480b08532
Factor out polarssl error handling and start new sslhelp file
Andre Heinecke <aheinecke@intevation.de>
parents:
409
diff
changeset
|
353 qDebug() << "Read failed: " << getPolarSSLErrorMsg(ret); |
45
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
354 return QByteArray(); |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
355 } |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
356 if (len < (len - (unsigned int) ret)) { |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
357 /* Should never happen if ssl_read behaves */ |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
358 qDebug() << "integer overflow in polarSSLRead"; |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
359 return QByteArray(); |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
360 } |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
361 len -= (unsigned int) ret; |
46
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
362 retval.append((const char *)buf, ret); |
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
363 } while (len > 0 && tries < MAX_IO_TRIES); |
45
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
364 |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
365 return retval; |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
366 } |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
367 |