annotate ui/sslconnection.cpp @ 60:6acb1dae6185

Use strn functions and improve error handling. Even if we know the strings are NULL terminated we use length terminated string functions after a first strlen this makes it easier to assert that at one point we know the string is terminated and afterwards use the length of that.
author Andre Heinecke <aheinecke@intevation.de>
date Tue, 18 Mar 2014 11:28:02 +0000
parents 0aacc291c04b
children 17e1c8f37d72
rev   line source
45
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
1 /* TODO: Wrap ssl_session in a class for reuse.
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
2 * see programs/ssl/ssl_client2.c for example of session reuse */
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
3 #include "sslconnection.h"
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
4
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
5 #include <QFile>
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
6 #include <QUuid>
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
7 #include <QApplication>
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
8
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
9 #define MAX_IO_TRIES 10
46
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
10 #define MAX_RESETS 10
45
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
11
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
12 #ifdef CONNECTION_DEBUG
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
13 static void my_debug(void *ctx, int level, const char *str)
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
14 {
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
15 fprintf((FILE *) ctx, "%s", str);
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
16 fflush((FILE *) ctx);
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
17 }
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
18 #endif
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
19
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
20 QString getErrorMsg(int ret)
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
21 {
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
22 char errbuf[255];
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
23 polarssl_strerror(ret, errbuf, 255);
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
24 errbuf[254] = '\0'; /* Just to be sure */
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
25 return QString::fromLatin1(errbuf);
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
26 }
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
27
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
28 SSLConnection::SSLConnection(const QString& url,
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
29 const QByteArray& certificate):
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
30 mUrl(url),
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
31 mPinnedCert(certificate),
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
32 mInitialized(false),
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
33 mConnected(false),
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
34 mServerFD(-1),
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
35 mErrorState(NoError)
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
36 {
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
37 int ret = -1;
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
38
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
39 memset(&mSSL, 0, sizeof(ssl_context));
46
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
40 memset(&mSavedSession, 0, sizeof( ssl_session ) );
45
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
41
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
42 if (certificate.isEmpty()) {
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
43 QFile certResource(":certs/kolab.org");
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
44 certResource.open(QFile::ReadOnly);
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
45 mPinnedCert = certResource.readAll();
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
46 certResource.close();
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
47 }
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
48
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
49 ret = init();
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
50 if (ret == 0) {
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
51 mInitialized = true;
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
52 } else {
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
53 qDebug() << "Initialization error: " + getErrorMsg(ret);
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
54 }
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
55 }
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
56
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
57 int SSLConnection::init()
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
58 {
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
59 int ret = -1;
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
60 QUuid uuid = QUuid::createUuid();
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
61 QString personalString = QApplication::applicationName() + uuid.toString();
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
62 QByteArray personalBa = personalString.toLocal8Bit();
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
63
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
64 x509_crt_init(&mX509PinnedCert);
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
65 entropy_init(&mEntropy);
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
66
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
67 ret = ssl_init(&mSSL);
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
68 if (ret != 0) {
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
69 /* The only documented error is malloc failed */
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
70 mErrorState = ErrUnknown;
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
71 return ret;
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
72 }
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
73
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
74 /*
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
75 * Initialize random generator.
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
76 * Personalisation string, does not need to be random but
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
77 * should be unique according to documentation.
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
78 *
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
79 * the ctr_drbg structure does not need to be freed explicitly.
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
80 */
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
81 ret = ctr_drbg_init(&mCtr_drbg, entropy_func, &mEntropy,
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
82 (const unsigned char*) personalBa.constData(),
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
83 personalBa.size());
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
84 if (ret != 0) {
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
85 ssl_free(&mSSL);
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
86 mErrorState = ErrUnknown;
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
87 return ret;
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
88 }
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
89
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
90 ret = x509_crt_parse(&mX509PinnedCert,
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
91 (const unsigned char*) mPinnedCert.constData(),
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
92 mPinnedCert.size());
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
93 if (ret != 0){
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
94 ssl_free(&mSSL);
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
95 mErrorState = InvalidPinnedCertificate;
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
96 return ret;
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
97 }
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
98
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
99 ssl_set_endpoint(&mSSL, SSL_IS_CLIENT);
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
100 ssl_set_authmode(&mSSL, SSL_VERIFY_OPTIONAL);
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
101 ssl_set_ca_chain(&mSSL, &mX509PinnedCert, NULL, NULL);
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
102 ssl_set_renegotiation(&mSSL, SSL_RENEGOTIATION_DISABLED);
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
103 ssl_set_rng(&mSSL, ctr_drbg_random, &mCtr_drbg);
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
104 #ifdef RELEASE_BUILD
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
105 ssl_set_min_version(&mSSL, SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3);
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
106 #endif
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
107
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
108 #ifdef CONNECTION_DEBUG
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
109 ssl_set_dbg(&mSSL, my_debug, stdout);
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
110 #endif
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
111
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
112 return 0;
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
113 }
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
114
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
115 SSLConnection::~SSLConnection() {
46
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
116 disconnect();
45
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
117 x509_crt_free(&mX509PinnedCert);
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
118 entropy_free(&mEntropy);
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
119 if (mInitialized) {
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
120 ssl_free(&mSSL);
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
121 }
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
122 }
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
123
46
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
124 void SSLConnection::disconnect() {
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
125 if (mConnected) {
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
126 ssl_close_notify(&mSSL);
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
127 if (mServerFD != -1) {
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
128 net_close(mServerFD);
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
129 mServerFD = -1;
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
130 }
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
131 ssl_session_free(&mSavedSession);
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
132 mConnected = false;
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
133 }
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
134 }
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
135
45
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
136 int SSLConnection::connect() {
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
137 int ret = -1;
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
138
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
139 if (!mInitialized) {
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
140 mErrorState = ErrUnknown;
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
141 return -1;
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
142 }
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
143
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
144 ret = net_connect(&mServerFD, mUrl.host().toLatin1().constData(),
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
145 mUrl.port(443));
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
146
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
147 if (ret != 0) {
46
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
148 qDebug() << "Connect failed: " << getErrorMsg(ret);
45
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
149 mErrorState = NoConnection;
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
150 return ret;
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
151 }
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
152
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
153 ssl_set_bio(&mSSL, net_recv, &mServerFD,
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
154 net_send, &mServerFD);
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
155
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
156 while ((ret = ssl_handshake(&mSSL)) != 0) {
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
157 if (ret != POLARSSL_ERR_NET_WANT_READ &&
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
158 ret != POLARSSL_ERR_NET_WANT_WRITE) {
46
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
159 qDebug() << "SSL Handshake failed: " << getErrorMsg(ret);
45
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
160 mErrorState = SSLHandshakeFailed;
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
161 return ret;
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
162 }
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
163 }
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
164
46
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
165 ret = ssl_get_session(&mSSL, &mSavedSession);
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
166 if (ret != 0) {
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
167 qDebug() << "SSL get session failed: " << getErrorMsg(ret);
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
168
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
169 mErrorState = NoConnection;
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
170 return ret;
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
171 }
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
172 printf( " ok\n [ Ciphersuite is %s ]\n",
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
173 ssl_get_ciphersuite( &mSSL) );
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
174 ret = validateCertificate();
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
175
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
176 if (ret == 0) {
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
177 mConnected = true;
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
178 }
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
179 return ret;
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
180 }
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
181
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
182 int SSLConnection::validateCertificate()
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
183 {
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
184 int ret = -1;
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
185 const x509_crt *peerCert = NULL;
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
186
45
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
187 /* we might want to set the verify function
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
188 * with ssl_set_verify before to archive the
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
189 * certificate pinning. */
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
190
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
191 ret = ssl_get_verify_result(&mSSL);
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
192
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
193 if (ret != 0 ) {
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
194 if((ret & BADCERT_EXPIRED) != 0)
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
195 qDebug() << "server certificate has expired";
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
196 if((ret & BADCERT_REVOKED) != 0)
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
197 qDebug() << "server certificate has been revoked";
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
198 if((ret & BADCERT_CN_MISMATCH) != 0)
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
199 qDebug() << "CN mismatch";
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
200 if((ret & BADCERT_NOT_TRUSTED) != 0)
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
201 qDebug() << "self-signed or not signed by a trusted CA";
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
202 ret = -1;
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
203 #ifdef RELEASE_BUILD
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
204 mErrorState = InvalidCertificate;
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
205 return -1;
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
206 #endif
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
207 }
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
208
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
209 peerCert = ssl_get_peer_cert(&mSSL);
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
210
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
211 if (!peerCert) {
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
212 mErrorState = InvalidCertificate;
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
213 qDebug() << "Failed to get peer cert";
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
214 return -1;
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
215 }
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
216
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
217 if (peerCert->raw.len == 0 ||
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
218 peerCert->raw.len != mX509PinnedCert.raw.len) {
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
219 mErrorState = InvalidCertificate;
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
220 qDebug() << "Certificate length mismatch";
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
221 return -1;
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
222 }
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
223
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
224 /* You can never be sure what those c++ operators do..
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
225 if (mPinnedCert != QByteArray::fromRawData(
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
226 (const char*) peerCert->raw.p,
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
227 peerCert->raw.len)) {
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
228 qDebug() << "Certificate content mismatch";
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
229 }
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
230 */
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
231
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
232 for (unsigned int i = 0; i < peerCert->raw.len; i++) {
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
233 if (peerCert->raw.p[i] != mX509PinnedCert.raw.p[i]) {
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
234 qDebug() << "Certificate content mismatch";
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
235 mErrorState = InvalidCertificate;
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
236 return -1;
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
237 }
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
238 }
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
239 return 0;
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
240 }
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
241
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
242 int SSLConnection::write (const QByteArray& request)
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
243 {
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
244 unsigned int tries = 0;
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
245 int ret = -1;
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
246
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
247 const unsigned char *buf = (const unsigned char *) request.constData();
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
248 size_t len = (size_t) request.size();
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
249
46
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
250 if (mNeedsReset) {
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
251 ret = reset();
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
252 if (ret != 0) {
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
253 qDebug() << "Reset failed: " << getErrorMsg(ret);
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
254 return ret;
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
255 }
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
256 }
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
257
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
258 qDebug() << "Sending request: " << request;
45
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
259 /* According to doc for ssl_write:
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
260 *
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
261 * When this function returns POLARSSL_ERR_NET_WANT_WRITE,
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
262 * it must be called later with the same arguments,
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
263 * until it returns a positive value.
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
264 */
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
265 do {
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
266 ret = ssl_write(&mSSL, buf, len);
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
267 if (ret >= 0) {
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
268 if ((unsigned int) ret == len) {
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
269 return 0;
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
270 } else {
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
271 qDebug() << "Write failed to write everything";
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
272 return -1;
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
273 }
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
274 }
46
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
275 if (ret != POLARSSL_ERR_NET_WANT_WRITE &&
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
276 ret != POLARSSL_ERR_NET_WANT_READ) {
45
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
277 return ret;
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
278 }
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
279 tries++;
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
280 net_usleep(100000); /* sleep 100ms to give the socket a chance
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
281 to clean up. */
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
282 } while (tries < MAX_IO_TRIES);
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
283
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
284 return ret;
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
285 }
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
286
46
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
287
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
288 int SSLConnection::reset()
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
289 {
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
290 int ret = -1;
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
291 ssl_close_notify(&mSSL);
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
292
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
293 ret = ssl_session_reset(&mSSL);
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
294 if (ret != 0)
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
295 {
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
296 qDebug() << "SSL Connection reset failed: "
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
297 << getErrorMsg(ret);
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
298 return ret;
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
299 }
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
300
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
301 ssl_set_session(&mSSL, &mSavedSession);
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
302
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
303 ret = net_connect(&mServerFD, mUrl.host().toLatin1().constData(),
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
304 mUrl.port(443));
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
305
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
306 if (ret != 0) {
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
307 mErrorState = NoConnection;
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
308 qDebug() << "Connection failed." << getErrorMsg(ret);
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
309 return ret;
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
310 }
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
311
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
312 while ((ret = ssl_handshake(&mSSL)) != 0) {
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
313 if (ret != POLARSSL_ERR_NET_WANT_READ &&
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
314 ret != POLARSSL_ERR_NET_WANT_WRITE) {
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
315 qDebug() << "SSL Handshake failed: "
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
316 << getErrorMsg(ret);
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
317 mErrorState = SSLHandshakeFailed;
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
318 return ret;
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
319 }
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
320 }
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
321
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
322 qDebug() << "Reset connection. ";
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
323 /* Validation should not be necessary as we reused a saved
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
324 * session. But just to be sure. */
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
325 return validateCertificate();
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
326 }
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
327
45
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
328 QByteArray SSLConnection::read(size_t len)
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
329 {
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
330 unsigned char buf[len];
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
331 QByteArray retval("");
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
332 int ret = -1;
46
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
333 unsigned int tries = 0;
45
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
334
46
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
335 mNeedsReset = true;
45
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
336 do {
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
337 memset (buf, 0, sizeof(buf));
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
338 ret = ssl_read(&mSSL, buf, len);
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
339 if (ret == 0 ||
46
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
340 ret == POLARSSL_ERR_SSL_CONN_EOF ||
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
341 ret == POLARSSL_ERR_SSL_PEER_CLOSE_NOTIFY) {
45
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
342 /* EOF */
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
343 return retval;
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
344 }
46
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
345 if (ret == POLARSSL_ERR_NET_WANT_WRITE ||
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
346 ret == POLARSSL_ERR_NET_WANT_READ) {
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
347 net_usleep(100000); /* sleep 100ms to give the socket a chance
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
348 to recover */
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
349 tries++;
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
350 }
45
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
351 if (ret <= 0) {
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
352 qDebug() << "Read failed: " << getErrorMsg(ret);
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
353 return QByteArray();
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
354 }
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
355 if (len < (len - (unsigned int) ret)) {
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
356 /* Should never happen if ssl_read behaves */
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
357 qDebug() << "integer overflow in polarSSLRead";
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
358 return QByteArray();
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
359 }
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
360 len -= (unsigned int) ret;
46
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
361 retval.append((const char *)buf, ret);
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
362 } while (len > 0 && tries < MAX_IO_TRIES);
45
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
363
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
364 return retval;
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
365 }
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
366

http://wald.intevation.org/projects/trustbridge/