Mercurial > trustbridge
annotate ui/sslconnection.cpp @ 633:6c090638b2b4
Use static buffer for module file name.
According to the msdn examle the return value of getmodulefilename
should be used to indicate success and not the size. And according
to comments on that function on Windows 8.1 it does not return
the needed size. So better be more robust and just use max_path
as a limit.
| author | Andre Heinecke <andre.heinecke@intevation.de> |
|---|---|
| date | Mon, 23 Jun 2014 15:29:48 +0200 |
| parents | e32ae933391f |
| children |
| rev | line source |
|---|---|
| 404 | 1 /* Copyright (C) 2014 by Bundesamt für Sicherheit in der Informationstechnik |
| 2 * Software engineering by Intevation GmbH | |
| 3 * | |
| 4 * This file is Free Software under the GNU GPL (v>=2) | |
| 5 * and comes with ABSOLUTELY NO WARRANTY! | |
| 6 * See LICENSE.txt for details. | |
| 7 */ | |
|
45
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
8 /* TODO: Wrap ssl_session in a class for reuse. |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
9 * see programs/ssl/ssl_client2.c for example of session reuse */ |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
10 #include "sslconnection.h" |
|
452
f8b480b08532
Factor out polarssl error handling and start new sslhelp file
Andre Heinecke <aheinecke@intevation.de>
parents:
409
diff
changeset
|
11 #include "sslhelp.h" |
|
45
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
12 |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
13 #include <QFile> |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
14 #include <QUuid> |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
15 #include <QApplication> |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
16 |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
17 #define MAX_IO_TRIES 10 |
|
46
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
18 #define MAX_RESETS 10 |
|
45
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
19 |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
20 #ifdef CONNECTION_DEBUG |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
21 static void my_debug(void *ctx, int level, const char *str) |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
22 { |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
23 fprintf((FILE *) ctx, "%s", str); |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
24 fflush((FILE *) ctx); |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
25 } |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
26 #endif |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
27 |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
28 SSLConnection::SSLConnection(const QString& url, |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
29 const QByteArray& certificate): |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
30 mUrl(url), |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
31 mPinnedCert(certificate), |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
32 mInitialized(false), |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
33 mConnected(false), |
|
574
e32ae933391f
Initialised private member variable mNeedsReset for SSLConnection in constructor (cppcheck-1.65 warning).
Bernhard Reiter <bernhard@intevation.de>
parents:
452
diff
changeset
|
34 mNeedsReset(false), |
|
45
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
35 mServerFD(-1), |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
36 mErrorState(NoError) |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
37 { |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
38 int ret = -1; |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
39 |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
40 memset(&mSSL, 0, sizeof(ssl_context)); |
|
46
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
41 memset(&mSavedSession, 0, sizeof( ssl_session ) ); |
|
45
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
42 |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
43 if (certificate.isEmpty()) { |
|
409
09bb19e5e369
Remove m13 mentions and change test certificate to intevation.de
Andre Heinecke <aheinecke@intevation.de>
parents:
404
diff
changeset
|
44 QFile certResource(":certs/intevation.de"); |
|
45
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
45 certResource.open(QFile::ReadOnly); |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
46 mPinnedCert = certResource.readAll(); |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
47 certResource.close(); |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
48 } |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
49 |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
50 ret = init(); |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
51 if (ret == 0) { |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
52 mInitialized = true; |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
53 } else { |
|
452
f8b480b08532
Factor out polarssl error handling and start new sslhelp file
Andre Heinecke <aheinecke@intevation.de>
parents:
409
diff
changeset
|
54 qDebug() << "Initialization error: " + getPolarSSLErrorMsg(ret); |
|
45
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
55 } |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
56 } |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
57 |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
58 int SSLConnection::init() |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
59 { |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
60 int ret = -1; |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
61 QUuid uuid = QUuid::createUuid(); |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
62 QString personalString = QApplication::applicationName() + uuid.toString(); |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
63 QByteArray personalBa = personalString.toLocal8Bit(); |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
64 |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
65 x509_crt_init(&mX509PinnedCert); |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
66 entropy_init(&mEntropy); |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
67 |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
68 ret = ssl_init(&mSSL); |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
69 if (ret != 0) { |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
70 /* The only documented error is malloc failed */ |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
71 mErrorState = ErrUnknown; |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
72 return ret; |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
73 } |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
74 |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
75 /* |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
76 * Initialize random generator. |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
77 * Personalisation string, does not need to be random but |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
78 * should be unique according to documentation. |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
79 * |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
80 * the ctr_drbg structure does not need to be freed explicitly. |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
81 */ |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
82 ret = ctr_drbg_init(&mCtr_drbg, entropy_func, &mEntropy, |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
83 (const unsigned char*) personalBa.constData(), |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
84 personalBa.size()); |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
85 if (ret != 0) { |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
86 ssl_free(&mSSL); |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
87 mErrorState = ErrUnknown; |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
88 return ret; |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
89 } |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
90 |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
91 ret = x509_crt_parse(&mX509PinnedCert, |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
92 (const unsigned char*) mPinnedCert.constData(), |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
93 mPinnedCert.size()); |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
94 if (ret != 0){ |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
95 ssl_free(&mSSL); |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
96 mErrorState = InvalidPinnedCertificate; |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
97 return ret; |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
98 } |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
99 |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
100 ssl_set_endpoint(&mSSL, SSL_IS_CLIENT); |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
101 ssl_set_authmode(&mSSL, SSL_VERIFY_OPTIONAL); |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
102 ssl_set_ca_chain(&mSSL, &mX509PinnedCert, NULL, NULL); |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
103 ssl_set_renegotiation(&mSSL, SSL_RENEGOTIATION_DISABLED); |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
104 ssl_set_rng(&mSSL, ctr_drbg_random, &mCtr_drbg); |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
105 #ifdef RELEASE_BUILD |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
106 ssl_set_min_version(&mSSL, SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3); |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
107 #endif |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
108 |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
109 #ifdef CONNECTION_DEBUG |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
110 ssl_set_dbg(&mSSL, my_debug, stdout); |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
111 #endif |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
112 |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
113 return 0; |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
114 } |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
115 |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
116 SSLConnection::~SSLConnection() { |
|
46
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
117 disconnect(); |
|
45
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
118 x509_crt_free(&mX509PinnedCert); |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
119 entropy_free(&mEntropy); |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
120 if (mInitialized) { |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
121 ssl_free(&mSSL); |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
122 } |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
123 } |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
124 |
|
46
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
125 void SSLConnection::disconnect() { |
|
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
126 if (mConnected) { |
|
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
127 ssl_close_notify(&mSSL); |
|
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
128 if (mServerFD != -1) { |
|
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
129 net_close(mServerFD); |
|
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
130 mServerFD = -1; |
|
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
131 } |
|
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
132 ssl_session_free(&mSavedSession); |
|
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
133 mConnected = false; |
|
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
134 } |
|
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
135 } |
|
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
136 |
|
45
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
137 int SSLConnection::connect() { |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
138 int ret = -1; |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
139 |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
140 if (!mInitialized) { |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
141 mErrorState = ErrUnknown; |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
142 return -1; |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
143 } |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
144 |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
145 ret = net_connect(&mServerFD, mUrl.host().toLatin1().constData(), |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
146 mUrl.port(443)); |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
147 |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
148 if (ret != 0) { |
|
452
f8b480b08532
Factor out polarssl error handling and start new sslhelp file
Andre Heinecke <aheinecke@intevation.de>
parents:
409
diff
changeset
|
149 qDebug() << "Connect failed: " << getPolarSSLErrorMsg(ret); |
|
45
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
150 mErrorState = NoConnection; |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
151 return ret; |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
152 } |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
153 |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
154 ssl_set_bio(&mSSL, net_recv, &mServerFD, |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
155 net_send, &mServerFD); |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
156 |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
157 while ((ret = ssl_handshake(&mSSL)) != 0) { |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
158 if (ret != POLARSSL_ERR_NET_WANT_READ && |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
159 ret != POLARSSL_ERR_NET_WANT_WRITE) { |
|
452
f8b480b08532
Factor out polarssl error handling and start new sslhelp file
Andre Heinecke <aheinecke@intevation.de>
parents:
409
diff
changeset
|
160 qDebug() << "SSL Handshake failed: " << getPolarSSLErrorMsg(ret); |
|
45
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
161 mErrorState = SSLHandshakeFailed; |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
162 return ret; |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
163 } |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
164 } |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
165 |
|
46
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
166 ret = ssl_get_session(&mSSL, &mSavedSession); |
|
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
167 if (ret != 0) { |
|
452
f8b480b08532
Factor out polarssl error handling and start new sslhelp file
Andre Heinecke <aheinecke@intevation.de>
parents:
409
diff
changeset
|
168 qDebug() << "SSL get session failed: " << getPolarSSLErrorMsg(ret); |
|
46
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
169 |
|
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
170 mErrorState = NoConnection; |
|
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
171 return ret; |
|
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
172 } |
|
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
173 printf( " ok\n [ Ciphersuite is %s ]\n", |
|
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
174 ssl_get_ciphersuite( &mSSL) ); |
|
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
175 ret = validateCertificate(); |
|
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
176 |
|
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
177 if (ret == 0) { |
|
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
178 mConnected = true; |
|
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
179 } |
|
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
180 return ret; |
|
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
181 } |
|
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
182 |
|
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
183 int SSLConnection::validateCertificate() |
|
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
184 { |
|
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
185 int ret = -1; |
|
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
186 const x509_crt *peerCert = NULL; |
|
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
187 |
|
45
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
188 /* we might want to set the verify function |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
189 * with ssl_set_verify before to archive the |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
190 * certificate pinning. */ |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
191 |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
192 ret = ssl_get_verify_result(&mSSL); |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
193 |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
194 if (ret != 0 ) { |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
195 if((ret & BADCERT_EXPIRED) != 0) |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
196 qDebug() << "server certificate has expired"; |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
197 if((ret & BADCERT_REVOKED) != 0) |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
198 qDebug() << "server certificate has been revoked"; |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
199 if((ret & BADCERT_CN_MISMATCH) != 0) |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
200 qDebug() << "CN mismatch"; |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
201 if((ret & BADCERT_NOT_TRUSTED) != 0) |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
202 qDebug() << "self-signed or not signed by a trusted CA"; |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
203 ret = -1; |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
204 #ifdef RELEASE_BUILD |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
205 mErrorState = InvalidCertificate; |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
206 return -1; |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
207 #endif |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
208 } |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
209 |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
210 peerCert = ssl_get_peer_cert(&mSSL); |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
211 |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
212 if (!peerCert) { |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
213 mErrorState = InvalidCertificate; |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
214 qDebug() << "Failed to get peer cert"; |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
215 return -1; |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
216 } |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
217 |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
218 if (peerCert->raw.len == 0 || |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
219 peerCert->raw.len != mX509PinnedCert.raw.len) { |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
220 mErrorState = InvalidCertificate; |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
221 qDebug() << "Certificate length mismatch"; |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
222 return -1; |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
223 } |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
224 |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
225 /* You can never be sure what those c++ operators do.. |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
226 if (mPinnedCert != QByteArray::fromRawData( |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
227 (const char*) peerCert->raw.p, |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
228 peerCert->raw.len)) { |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
229 qDebug() << "Certificate content mismatch"; |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
230 } |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
231 */ |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
232 |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
233 for (unsigned int i = 0; i < peerCert->raw.len; i++) { |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
234 if (peerCert->raw.p[i] != mX509PinnedCert.raw.p[i]) { |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
235 qDebug() << "Certificate content mismatch"; |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
236 mErrorState = InvalidCertificate; |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
237 return -1; |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
238 } |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
239 } |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
240 return 0; |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
241 } |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
242 |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
243 int SSLConnection::write (const QByteArray& request) |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
244 { |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
245 unsigned int tries = 0; |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
246 int ret = -1; |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
247 |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
248 const unsigned char *buf = (const unsigned char *) request.constData(); |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
249 size_t len = (size_t) request.size(); |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
250 |
|
46
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
251 if (mNeedsReset) { |
|
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
252 ret = reset(); |
|
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
253 if (ret != 0) { |
|
452
f8b480b08532
Factor out polarssl error handling and start new sslhelp file
Andre Heinecke <aheinecke@intevation.de>
parents:
409
diff
changeset
|
254 qDebug() << "Reset failed: " << getPolarSSLErrorMsg(ret); |
|
46
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
255 return ret; |
|
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
256 } |
|
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
257 } |
|
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
258 |
|
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
259 qDebug() << "Sending request: " << request; |
|
45
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
260 /* According to doc for ssl_write: |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
261 * |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
262 * When this function returns POLARSSL_ERR_NET_WANT_WRITE, |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
263 * it must be called later with the same arguments, |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
264 * until it returns a positive value. |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
265 */ |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
266 do { |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
267 ret = ssl_write(&mSSL, buf, len); |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
268 if (ret >= 0) { |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
269 if ((unsigned int) ret == len) { |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
270 return 0; |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
271 } else { |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
272 qDebug() << "Write failed to write everything"; |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
273 return -1; |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
274 } |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
275 } |
|
46
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
276 if (ret != POLARSSL_ERR_NET_WANT_WRITE && |
|
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
277 ret != POLARSSL_ERR_NET_WANT_READ) { |
|
45
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
278 return ret; |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
279 } |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
280 tries++; |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
281 net_usleep(100000); /* sleep 100ms to give the socket a chance |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
282 to clean up. */ |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
283 } while (tries < MAX_IO_TRIES); |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
284 |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
285 return ret; |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
286 } |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
287 |
|
46
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
288 |
|
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
289 int SSLConnection::reset() |
|
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
290 { |
|
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
291 int ret = -1; |
|
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
292 ssl_close_notify(&mSSL); |
|
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
293 |
|
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
294 ret = ssl_session_reset(&mSSL); |
|
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
295 if (ret != 0) |
|
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
296 { |
|
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
297 qDebug() << "SSL Connection reset failed: " |
|
452
f8b480b08532
Factor out polarssl error handling and start new sslhelp file
Andre Heinecke <aheinecke@intevation.de>
parents:
409
diff
changeset
|
298 << getPolarSSLErrorMsg(ret); |
|
46
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
299 return ret; |
|
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
300 } |
|
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
301 |
|
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
302 ssl_set_session(&mSSL, &mSavedSession); |
|
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
303 |
|
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
304 ret = net_connect(&mServerFD, mUrl.host().toLatin1().constData(), |
|
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
305 mUrl.port(443)); |
|
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
306 |
|
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
307 if (ret != 0) { |
|
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
308 mErrorState = NoConnection; |
|
452
f8b480b08532
Factor out polarssl error handling and start new sslhelp file
Andre Heinecke <aheinecke@intevation.de>
parents:
409
diff
changeset
|
309 qDebug() << "Connection failed." << getPolarSSLErrorMsg(ret); |
|
46
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
310 return ret; |
|
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
311 } |
|
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
312 |
|
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
313 while ((ret = ssl_handshake(&mSSL)) != 0) { |
|
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
314 if (ret != POLARSSL_ERR_NET_WANT_READ && |
|
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
315 ret != POLARSSL_ERR_NET_WANT_WRITE) { |
|
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
316 qDebug() << "SSL Handshake failed: " |
|
452
f8b480b08532
Factor out polarssl error handling and start new sslhelp file
Andre Heinecke <aheinecke@intevation.de>
parents:
409
diff
changeset
|
317 << getPolarSSLErrorMsg(ret); |
|
46
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
318 mErrorState = SSLHandshakeFailed; |
|
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
319 return ret; |
|
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
320 } |
|
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
321 } |
|
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
322 |
|
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
323 qDebug() << "Reset connection. "; |
|
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
324 /* Validation should not be necessary as we reused a saved |
|
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
325 * session. But just to be sure. */ |
|
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
326 return validateCertificate(); |
|
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
327 } |
|
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
328 |
|
45
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
329 QByteArray SSLConnection::read(size_t len) |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
330 { |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
331 unsigned char buf[len]; |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
332 QByteArray retval(""); |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
333 int ret = -1; |
|
46
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
334 unsigned int tries = 0; |
|
45
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
335 |
|
46
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
336 mNeedsReset = true; |
|
45
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
337 do { |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
338 memset (buf, 0, sizeof(buf)); |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
339 ret = ssl_read(&mSSL, buf, len); |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
340 if (ret == 0 || |
|
46
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
341 ret == POLARSSL_ERR_SSL_CONN_EOF || |
|
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
342 ret == POLARSSL_ERR_SSL_PEER_CLOSE_NOTIFY) { |
|
45
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
343 /* EOF */ |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
344 return retval; |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
345 } |
|
46
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
346 if (ret == POLARSSL_ERR_NET_WANT_WRITE || |
|
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
347 ret == POLARSSL_ERR_NET_WANT_READ) { |
|
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
348 net_usleep(100000); /* sleep 100ms to give the socket a chance |
|
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
349 to recover */ |
|
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
350 tries++; |
|
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
351 } |
|
45
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
352 if (ret <= 0) { |
|
452
f8b480b08532
Factor out polarssl error handling and start new sslhelp file
Andre Heinecke <aheinecke@intevation.de>
parents:
409
diff
changeset
|
353 qDebug() << "Read failed: " << getPolarSSLErrorMsg(ret); |
|
45
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
354 return QByteArray(); |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
355 } |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
356 if (len < (len - (unsigned int) ret)) { |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
357 /* Should never happen if ssl_read behaves */ |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
358 qDebug() << "integer overflow in polarSSLRead"; |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
359 return QByteArray(); |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
360 } |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
361 len -= (unsigned int) ret; |
|
46
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
362 retval.append((const char *)buf, ret); |
|
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
363 } while (len > 0 && tries < MAX_IO_TRIES); |
|
45
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
364 |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
365 return retval; |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
366 } |
|
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
367 |