annotate ui/sslconnection.cpp @ 502:e551de11d8b6

Properly handle the case that the file does not exist. TRUNCATE makes create file fail if the file does not exist but we need TRUNCATE in the case that the file already exists
author Andre Heinecke <aheinecke@intevation.de>
date Mon, 28 Apr 2014 09:18:07 +0000
parents f8b480b08532
children e32ae933391f
rev   line source
404
17e1c8f37d72 Add License
Andre Heinecke <aheinecke@intevation.de>
parents: 53
diff changeset
1 /* Copyright (C) 2014 by Bundesamt für Sicherheit in der Informationstechnik
17e1c8f37d72 Add License
Andre Heinecke <aheinecke@intevation.de>
parents: 53
diff changeset
2 * Software engineering by Intevation GmbH
17e1c8f37d72 Add License
Andre Heinecke <aheinecke@intevation.de>
parents: 53
diff changeset
3 *
17e1c8f37d72 Add License
Andre Heinecke <aheinecke@intevation.de>
parents: 53
diff changeset
4 * This file is Free Software under the GNU GPL (v>=2)
17e1c8f37d72 Add License
Andre Heinecke <aheinecke@intevation.de>
parents: 53
diff changeset
5 * and comes with ABSOLUTELY NO WARRANTY!
17e1c8f37d72 Add License
Andre Heinecke <aheinecke@intevation.de>
parents: 53
diff changeset
6 * See LICENSE.txt for details.
17e1c8f37d72 Add License
Andre Heinecke <aheinecke@intevation.de>
parents: 53
diff changeset
7 */
45
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
8 /* TODO: Wrap ssl_session in a class for reuse.
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
9 * see programs/ssl/ssl_client2.c for example of session reuse */
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
10 #include "sslconnection.h"
452
f8b480b08532 Factor out polarssl error handling and start new sslhelp file
Andre Heinecke <aheinecke@intevation.de>
parents: 409
diff changeset
11 #include "sslhelp.h"
45
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
12
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
13 #include <QFile>
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
14 #include <QUuid>
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
15 #include <QApplication>
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
16
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
17 #define MAX_IO_TRIES 10
46
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
18 #define MAX_RESETS 10
45
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
19
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
20 #ifdef CONNECTION_DEBUG
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
21 static void my_debug(void *ctx, int level, const char *str)
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
22 {
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
23 fprintf((FILE *) ctx, "%s", str);
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
24 fflush((FILE *) ctx);
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
25 }
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
26 #endif
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
27
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
28 SSLConnection::SSLConnection(const QString& url,
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
29 const QByteArray& certificate):
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
30 mUrl(url),
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
31 mPinnedCert(certificate),
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
32 mInitialized(false),
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
33 mConnected(false),
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
34 mServerFD(-1),
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
35 mErrorState(NoError)
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
36 {
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
37 int ret = -1;
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
38
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
39 memset(&mSSL, 0, sizeof(ssl_context));
46
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
40 memset(&mSavedSession, 0, sizeof( ssl_session ) );
45
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
41
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
42 if (certificate.isEmpty()) {
409
09bb19e5e369 Remove m13 mentions and change test certificate to intevation.de
Andre Heinecke <aheinecke@intevation.de>
parents: 404
diff changeset
43 QFile certResource(":certs/intevation.de");
45
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
44 certResource.open(QFile::ReadOnly);
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
45 mPinnedCert = certResource.readAll();
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
46 certResource.close();
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
47 }
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
48
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
49 ret = init();
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
50 if (ret == 0) {
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
51 mInitialized = true;
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
52 } else {
452
f8b480b08532 Factor out polarssl error handling and start new sslhelp file
Andre Heinecke <aheinecke@intevation.de>
parents: 409
diff changeset
53 qDebug() << "Initialization error: " + getPolarSSLErrorMsg(ret);
45
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
54 }
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
55 }
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
56
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
57 int SSLConnection::init()
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
58 {
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
59 int ret = -1;
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
60 QUuid uuid = QUuid::createUuid();
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
61 QString personalString = QApplication::applicationName() + uuid.toString();
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
62 QByteArray personalBa = personalString.toLocal8Bit();
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
63
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
64 x509_crt_init(&mX509PinnedCert);
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
65 entropy_init(&mEntropy);
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
66
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
67 ret = ssl_init(&mSSL);
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
68 if (ret != 0) {
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
69 /* The only documented error is malloc failed */
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
70 mErrorState = ErrUnknown;
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
71 return ret;
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
72 }
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
73
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
74 /*
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
75 * Initialize random generator.
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
76 * Personalisation string, does not need to be random but
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
77 * should be unique according to documentation.
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
78 *
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
79 * the ctr_drbg structure does not need to be freed explicitly.
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
80 */
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
81 ret = ctr_drbg_init(&mCtr_drbg, entropy_func, &mEntropy,
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
82 (const unsigned char*) personalBa.constData(),
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
83 personalBa.size());
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
84 if (ret != 0) {
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
85 ssl_free(&mSSL);
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
86 mErrorState = ErrUnknown;
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
87 return ret;
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
88 }
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
89
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
90 ret = x509_crt_parse(&mX509PinnedCert,
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
91 (const unsigned char*) mPinnedCert.constData(),
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
92 mPinnedCert.size());
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
93 if (ret != 0){
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
94 ssl_free(&mSSL);
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
95 mErrorState = InvalidPinnedCertificate;
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
96 return ret;
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
97 }
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
98
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
99 ssl_set_endpoint(&mSSL, SSL_IS_CLIENT);
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
100 ssl_set_authmode(&mSSL, SSL_VERIFY_OPTIONAL);
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
101 ssl_set_ca_chain(&mSSL, &mX509PinnedCert, NULL, NULL);
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
102 ssl_set_renegotiation(&mSSL, SSL_RENEGOTIATION_DISABLED);
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
103 ssl_set_rng(&mSSL, ctr_drbg_random, &mCtr_drbg);
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
104 #ifdef RELEASE_BUILD
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
105 ssl_set_min_version(&mSSL, SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3);
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
106 #endif
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
107
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
108 #ifdef CONNECTION_DEBUG
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
109 ssl_set_dbg(&mSSL, my_debug, stdout);
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
110 #endif
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
111
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
112 return 0;
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
113 }
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
114
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
115 SSLConnection::~SSLConnection() {
46
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
116 disconnect();
45
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
117 x509_crt_free(&mX509PinnedCert);
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
118 entropy_free(&mEntropy);
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
119 if (mInitialized) {
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
120 ssl_free(&mSSL);
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
121 }
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
122 }
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
123
46
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
124 void SSLConnection::disconnect() {
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
125 if (mConnected) {
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
126 ssl_close_notify(&mSSL);
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
127 if (mServerFD != -1) {
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
128 net_close(mServerFD);
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
129 mServerFD = -1;
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
130 }
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
131 ssl_session_free(&mSavedSession);
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
132 mConnected = false;
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
133 }
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
134 }
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
135
45
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
136 int SSLConnection::connect() {
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
137 int ret = -1;
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
138
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
139 if (!mInitialized) {
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
140 mErrorState = ErrUnknown;
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
141 return -1;
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
142 }
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
143
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
144 ret = net_connect(&mServerFD, mUrl.host().toLatin1().constData(),
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
145 mUrl.port(443));
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
146
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
147 if (ret != 0) {
452
f8b480b08532 Factor out polarssl error handling and start new sslhelp file
Andre Heinecke <aheinecke@intevation.de>
parents: 409
diff changeset
148 qDebug() << "Connect failed: " << getPolarSSLErrorMsg(ret);
45
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
149 mErrorState = NoConnection;
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
150 return ret;
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
151 }
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
152
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
153 ssl_set_bio(&mSSL, net_recv, &mServerFD,
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
154 net_send, &mServerFD);
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
155
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
156 while ((ret = ssl_handshake(&mSSL)) != 0) {
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
157 if (ret != POLARSSL_ERR_NET_WANT_READ &&
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
158 ret != POLARSSL_ERR_NET_WANT_WRITE) {
452
f8b480b08532 Factor out polarssl error handling and start new sslhelp file
Andre Heinecke <aheinecke@intevation.de>
parents: 409
diff changeset
159 qDebug() << "SSL Handshake failed: " << getPolarSSLErrorMsg(ret);
45
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
160 mErrorState = SSLHandshakeFailed;
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
161 return ret;
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
162 }
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
163 }
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
164
46
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
165 ret = ssl_get_session(&mSSL, &mSavedSession);
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
166 if (ret != 0) {
452
f8b480b08532 Factor out polarssl error handling and start new sslhelp file
Andre Heinecke <aheinecke@intevation.de>
parents: 409
diff changeset
167 qDebug() << "SSL get session failed: " << getPolarSSLErrorMsg(ret);
46
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
168
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
169 mErrorState = NoConnection;
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
170 return ret;
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
171 }
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
172 printf( " ok\n [ Ciphersuite is %s ]\n",
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
173 ssl_get_ciphersuite( &mSSL) );
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
174 ret = validateCertificate();
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
175
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
176 if (ret == 0) {
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
177 mConnected = true;
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
178 }
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
179 return ret;
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
180 }
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
181
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
182 int SSLConnection::validateCertificate()
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
183 {
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
184 int ret = -1;
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
185 const x509_crt *peerCert = NULL;
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
186
45
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
187 /* we might want to set the verify function
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
188 * with ssl_set_verify before to archive the
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
189 * certificate pinning. */
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
190
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
191 ret = ssl_get_verify_result(&mSSL);
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
192
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
193 if (ret != 0 ) {
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
194 if((ret & BADCERT_EXPIRED) != 0)
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
195 qDebug() << "server certificate has expired";
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
196 if((ret & BADCERT_REVOKED) != 0)
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
197 qDebug() << "server certificate has been revoked";
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
198 if((ret & BADCERT_CN_MISMATCH) != 0)
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
199 qDebug() << "CN mismatch";
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
200 if((ret & BADCERT_NOT_TRUSTED) != 0)
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
201 qDebug() << "self-signed or not signed by a trusted CA";
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
202 ret = -1;
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
203 #ifdef RELEASE_BUILD
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
204 mErrorState = InvalidCertificate;
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
205 return -1;
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
206 #endif
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
207 }
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
208
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
209 peerCert = ssl_get_peer_cert(&mSSL);
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
210
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
211 if (!peerCert) {
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
212 mErrorState = InvalidCertificate;
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
213 qDebug() << "Failed to get peer cert";
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
214 return -1;
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
215 }
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
216
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
217 if (peerCert->raw.len == 0 ||
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
218 peerCert->raw.len != mX509PinnedCert.raw.len) {
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
219 mErrorState = InvalidCertificate;
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
220 qDebug() << "Certificate length mismatch";
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
221 return -1;
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
222 }
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
223
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
224 /* You can never be sure what those c++ operators do..
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
225 if (mPinnedCert != QByteArray::fromRawData(
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
226 (const char*) peerCert->raw.p,
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
227 peerCert->raw.len)) {
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
228 qDebug() << "Certificate content mismatch";
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
229 }
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
230 */
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
231
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
232 for (unsigned int i = 0; i < peerCert->raw.len; i++) {
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
233 if (peerCert->raw.p[i] != mX509PinnedCert.raw.p[i]) {
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
234 qDebug() << "Certificate content mismatch";
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
235 mErrorState = InvalidCertificate;
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
236 return -1;
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
237 }
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
238 }
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
239 return 0;
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
240 }
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
241
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
242 int SSLConnection::write (const QByteArray& request)
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
243 {
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
244 unsigned int tries = 0;
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
245 int ret = -1;
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
246
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
247 const unsigned char *buf = (const unsigned char *) request.constData();
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
248 size_t len = (size_t) request.size();
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
249
46
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
250 if (mNeedsReset) {
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
251 ret = reset();
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
252 if (ret != 0) {
452
f8b480b08532 Factor out polarssl error handling and start new sslhelp file
Andre Heinecke <aheinecke@intevation.de>
parents: 409
diff changeset
253 qDebug() << "Reset failed: " << getPolarSSLErrorMsg(ret);
46
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
254 return ret;
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
255 }
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
256 }
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
257
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
258 qDebug() << "Sending request: " << request;
45
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
259 /* According to doc for ssl_write:
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
260 *
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
261 * When this function returns POLARSSL_ERR_NET_WANT_WRITE,
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
262 * it must be called later with the same arguments,
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
263 * until it returns a positive value.
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
264 */
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
265 do {
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
266 ret = ssl_write(&mSSL, buf, len);
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
267 if (ret >= 0) {
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
268 if ((unsigned int) ret == len) {
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
269 return 0;
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
270 } else {
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
271 qDebug() << "Write failed to write everything";
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
272 return -1;
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
273 }
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
274 }
46
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
275 if (ret != POLARSSL_ERR_NET_WANT_WRITE &&
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
276 ret != POLARSSL_ERR_NET_WANT_READ) {
45
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
277 return ret;
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
278 }
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
279 tries++;
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
280 net_usleep(100000); /* sleep 100ms to give the socket a chance
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
281 to clean up. */
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
282 } while (tries < MAX_IO_TRIES);
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
283
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
284 return ret;
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
285 }
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
286
46
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
287
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
288 int SSLConnection::reset()
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
289 {
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
290 int ret = -1;
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
291 ssl_close_notify(&mSSL);
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
292
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
293 ret = ssl_session_reset(&mSSL);
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
294 if (ret != 0)
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
295 {
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
296 qDebug() << "SSL Connection reset failed: "
452
f8b480b08532 Factor out polarssl error handling and start new sslhelp file
Andre Heinecke <aheinecke@intevation.de>
parents: 409
diff changeset
297 << getPolarSSLErrorMsg(ret);
46
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
298 return ret;
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
299 }
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
300
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
301 ssl_set_session(&mSSL, &mSavedSession);
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
302
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
303 ret = net_connect(&mServerFD, mUrl.host().toLatin1().constData(),
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
304 mUrl.port(443));
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
305
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
306 if (ret != 0) {
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
307 mErrorState = NoConnection;
452
f8b480b08532 Factor out polarssl error handling and start new sslhelp file
Andre Heinecke <aheinecke@intevation.de>
parents: 409
diff changeset
308 qDebug() << "Connection failed." << getPolarSSLErrorMsg(ret);
46
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
309 return ret;
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
310 }
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
311
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
312 while ((ret = ssl_handshake(&mSSL)) != 0) {
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
313 if (ret != POLARSSL_ERR_NET_WANT_READ &&
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
314 ret != POLARSSL_ERR_NET_WANT_WRITE) {
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
315 qDebug() << "SSL Handshake failed: "
452
f8b480b08532 Factor out polarssl error handling and start new sslhelp file
Andre Heinecke <aheinecke@intevation.de>
parents: 409
diff changeset
316 << getPolarSSLErrorMsg(ret);
46
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
317 mErrorState = SSLHandshakeFailed;
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
318 return ret;
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
319 }
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
320 }
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
321
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
322 qDebug() << "Reset connection. ";
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
323 /* Validation should not be necessary as we reused a saved
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
324 * session. But just to be sure. */
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
325 return validateCertificate();
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
326 }
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
327
45
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
328 QByteArray SSLConnection::read(size_t len)
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
329 {
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
330 unsigned char buf[len];
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
331 QByteArray retval("");
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
332 int ret = -1;
46
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
333 unsigned int tries = 0;
45
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
334
46
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
335 mNeedsReset = true;
45
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
336 do {
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
337 memset (buf, 0, sizeof(buf));
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
338 ret = ssl_read(&mSSL, buf, len);
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
339 if (ret == 0 ||
46
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
340 ret == POLARSSL_ERR_SSL_CONN_EOF ||
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
341 ret == POLARSSL_ERR_SSL_PEER_CLOSE_NOTIFY) {
45
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
342 /* EOF */
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
343 return retval;
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
344 }
46
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
345 if (ret == POLARSSL_ERR_NET_WANT_WRITE ||
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
346 ret == POLARSSL_ERR_NET_WANT_READ) {
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
347 net_usleep(100000); /* sleep 100ms to give the socket a chance
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
348 to recover */
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
349 tries++;
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
350 }
45
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
351 if (ret <= 0) {
452
f8b480b08532 Factor out polarssl error handling and start new sslhelp file
Andre Heinecke <aheinecke@intevation.de>
parents: 409
diff changeset
352 qDebug() << "Read failed: " << getPolarSSLErrorMsg(ret);
45
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
353 return QByteArray();
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
354 }
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
355 if (len < (len - (unsigned int) ret)) {
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
356 /* Should never happen if ssl_read behaves */
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
357 qDebug() << "integer overflow in polarSSLRead";
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
358 return QByteArray();
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
359 }
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
360 len -= (unsigned int) ret;
46
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
361 retval.append((const char *)buf, ret);
d28e2624c1d5 Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents: 45
diff changeset
362 } while (len > 0 && tries < MAX_IO_TRIES);
45
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
363
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
364 return retval;
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
365 }
c6125d73faf4 Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
366

http://wald.intevation.org/projects/trustbridge/