Mercurial > trustbridge
annotate ui/sslconnection.cpp @ 502:e551de11d8b6
Properly handle the case that the file does not exist.
TRUNCATE makes create file fail if the file does not exist
but we need TRUNCATE in the case that the file already exists
author | Andre Heinecke <aheinecke@intevation.de> |
---|---|
date | Mon, 28 Apr 2014 09:18:07 +0000 |
parents | f8b480b08532 |
children | e32ae933391f |
rev | line source |
---|---|
404 | 1 /* Copyright (C) 2014 by Bundesamt für Sicherheit in der Informationstechnik |
2 * Software engineering by Intevation GmbH | |
3 * | |
4 * This file is Free Software under the GNU GPL (v>=2) | |
5 * and comes with ABSOLUTELY NO WARRANTY! | |
6 * See LICENSE.txt for details. | |
7 */ | |
45
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
8 /* TODO: Wrap ssl_session in a class for reuse. |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
9 * see programs/ssl/ssl_client2.c for example of session reuse */ |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
10 #include "sslconnection.h" |
452
f8b480b08532
Factor out polarssl error handling and start new sslhelp file
Andre Heinecke <aheinecke@intevation.de>
parents:
409
diff
changeset
|
11 #include "sslhelp.h" |
45
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
12 |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
13 #include <QFile> |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
14 #include <QUuid> |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
15 #include <QApplication> |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
16 |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
17 #define MAX_IO_TRIES 10 |
46
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
18 #define MAX_RESETS 10 |
45
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
19 |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
20 #ifdef CONNECTION_DEBUG |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
21 static void my_debug(void *ctx, int level, const char *str) |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
22 { |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
23 fprintf((FILE *) ctx, "%s", str); |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
24 fflush((FILE *) ctx); |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
25 } |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
26 #endif |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
27 |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
28 SSLConnection::SSLConnection(const QString& url, |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
29 const QByteArray& certificate): |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
30 mUrl(url), |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
31 mPinnedCert(certificate), |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
32 mInitialized(false), |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
33 mConnected(false), |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
34 mServerFD(-1), |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
35 mErrorState(NoError) |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
36 { |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
37 int ret = -1; |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
38 |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
39 memset(&mSSL, 0, sizeof(ssl_context)); |
46
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
40 memset(&mSavedSession, 0, sizeof( ssl_session ) ); |
45
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
41 |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
42 if (certificate.isEmpty()) { |
409
09bb19e5e369
Remove m13 mentions and change test certificate to intevation.de
Andre Heinecke <aheinecke@intevation.de>
parents:
404
diff
changeset
|
43 QFile certResource(":certs/intevation.de"); |
45
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
44 certResource.open(QFile::ReadOnly); |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
45 mPinnedCert = certResource.readAll(); |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
46 certResource.close(); |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
47 } |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
48 |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
49 ret = init(); |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
50 if (ret == 0) { |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
51 mInitialized = true; |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
52 } else { |
452
f8b480b08532
Factor out polarssl error handling and start new sslhelp file
Andre Heinecke <aheinecke@intevation.de>
parents:
409
diff
changeset
|
53 qDebug() << "Initialization error: " + getPolarSSLErrorMsg(ret); |
45
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
54 } |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
55 } |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
56 |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
57 int SSLConnection::init() |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
58 { |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
59 int ret = -1; |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
60 QUuid uuid = QUuid::createUuid(); |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
61 QString personalString = QApplication::applicationName() + uuid.toString(); |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
62 QByteArray personalBa = personalString.toLocal8Bit(); |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
63 |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
64 x509_crt_init(&mX509PinnedCert); |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
65 entropy_init(&mEntropy); |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
66 |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
67 ret = ssl_init(&mSSL); |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
68 if (ret != 0) { |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
69 /* The only documented error is malloc failed */ |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
70 mErrorState = ErrUnknown; |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
71 return ret; |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
72 } |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
73 |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
74 /* |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
75 * Initialize random generator. |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
76 * Personalisation string, does not need to be random but |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
77 * should be unique according to documentation. |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
78 * |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
79 * the ctr_drbg structure does not need to be freed explicitly. |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
80 */ |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
81 ret = ctr_drbg_init(&mCtr_drbg, entropy_func, &mEntropy, |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
82 (const unsigned char*) personalBa.constData(), |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
83 personalBa.size()); |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
84 if (ret != 0) { |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
85 ssl_free(&mSSL); |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
86 mErrorState = ErrUnknown; |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
87 return ret; |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
88 } |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
89 |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
90 ret = x509_crt_parse(&mX509PinnedCert, |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
91 (const unsigned char*) mPinnedCert.constData(), |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
92 mPinnedCert.size()); |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
93 if (ret != 0){ |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
94 ssl_free(&mSSL); |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
95 mErrorState = InvalidPinnedCertificate; |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
96 return ret; |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
97 } |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
98 |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
99 ssl_set_endpoint(&mSSL, SSL_IS_CLIENT); |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
100 ssl_set_authmode(&mSSL, SSL_VERIFY_OPTIONAL); |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
101 ssl_set_ca_chain(&mSSL, &mX509PinnedCert, NULL, NULL); |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
102 ssl_set_renegotiation(&mSSL, SSL_RENEGOTIATION_DISABLED); |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
103 ssl_set_rng(&mSSL, ctr_drbg_random, &mCtr_drbg); |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
104 #ifdef RELEASE_BUILD |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
105 ssl_set_min_version(&mSSL, SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3); |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
106 #endif |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
107 |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
108 #ifdef CONNECTION_DEBUG |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
109 ssl_set_dbg(&mSSL, my_debug, stdout); |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
110 #endif |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
111 |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
112 return 0; |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
113 } |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
114 |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
115 SSLConnection::~SSLConnection() { |
46
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
116 disconnect(); |
45
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
117 x509_crt_free(&mX509PinnedCert); |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
118 entropy_free(&mEntropy); |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
119 if (mInitialized) { |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
120 ssl_free(&mSSL); |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
121 } |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
122 } |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
123 |
46
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
124 void SSLConnection::disconnect() { |
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
125 if (mConnected) { |
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
126 ssl_close_notify(&mSSL); |
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
127 if (mServerFD != -1) { |
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
128 net_close(mServerFD); |
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
129 mServerFD = -1; |
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
130 } |
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
131 ssl_session_free(&mSavedSession); |
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
132 mConnected = false; |
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
133 } |
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
134 } |
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
135 |
45
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
136 int SSLConnection::connect() { |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
137 int ret = -1; |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
138 |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
139 if (!mInitialized) { |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
140 mErrorState = ErrUnknown; |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
141 return -1; |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
142 } |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
143 |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
144 ret = net_connect(&mServerFD, mUrl.host().toLatin1().constData(), |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
145 mUrl.port(443)); |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
146 |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
147 if (ret != 0) { |
452
f8b480b08532
Factor out polarssl error handling and start new sslhelp file
Andre Heinecke <aheinecke@intevation.de>
parents:
409
diff
changeset
|
148 qDebug() << "Connect failed: " << getPolarSSLErrorMsg(ret); |
45
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
149 mErrorState = NoConnection; |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
150 return ret; |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
151 } |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
152 |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
153 ssl_set_bio(&mSSL, net_recv, &mServerFD, |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
154 net_send, &mServerFD); |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
155 |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
156 while ((ret = ssl_handshake(&mSSL)) != 0) { |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
157 if (ret != POLARSSL_ERR_NET_WANT_READ && |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
158 ret != POLARSSL_ERR_NET_WANT_WRITE) { |
452
f8b480b08532
Factor out polarssl error handling and start new sslhelp file
Andre Heinecke <aheinecke@intevation.de>
parents:
409
diff
changeset
|
159 qDebug() << "SSL Handshake failed: " << getPolarSSLErrorMsg(ret); |
45
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
160 mErrorState = SSLHandshakeFailed; |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
161 return ret; |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
162 } |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
163 } |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
164 |
46
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
165 ret = ssl_get_session(&mSSL, &mSavedSession); |
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
166 if (ret != 0) { |
452
f8b480b08532
Factor out polarssl error handling and start new sslhelp file
Andre Heinecke <aheinecke@intevation.de>
parents:
409
diff
changeset
|
167 qDebug() << "SSL get session failed: " << getPolarSSLErrorMsg(ret); |
46
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
168 |
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
169 mErrorState = NoConnection; |
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
170 return ret; |
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
171 } |
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
172 printf( " ok\n [ Ciphersuite is %s ]\n", |
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
173 ssl_get_ciphersuite( &mSSL) ); |
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
174 ret = validateCertificate(); |
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
175 |
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
176 if (ret == 0) { |
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
177 mConnected = true; |
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
178 } |
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
179 return ret; |
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
180 } |
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
181 |
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
182 int SSLConnection::validateCertificate() |
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
183 { |
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
184 int ret = -1; |
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
185 const x509_crt *peerCert = NULL; |
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
186 |
45
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
187 /* we might want to set the verify function |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
188 * with ssl_set_verify before to archive the |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
189 * certificate pinning. */ |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
190 |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
191 ret = ssl_get_verify_result(&mSSL); |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
192 |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
193 if (ret != 0 ) { |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
194 if((ret & BADCERT_EXPIRED) != 0) |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
195 qDebug() << "server certificate has expired"; |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
196 if((ret & BADCERT_REVOKED) != 0) |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
197 qDebug() << "server certificate has been revoked"; |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
198 if((ret & BADCERT_CN_MISMATCH) != 0) |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
199 qDebug() << "CN mismatch"; |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
200 if((ret & BADCERT_NOT_TRUSTED) != 0) |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
201 qDebug() << "self-signed or not signed by a trusted CA"; |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
202 ret = -1; |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
203 #ifdef RELEASE_BUILD |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
204 mErrorState = InvalidCertificate; |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
205 return -1; |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
206 #endif |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
207 } |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
208 |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
209 peerCert = ssl_get_peer_cert(&mSSL); |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
210 |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
211 if (!peerCert) { |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
212 mErrorState = InvalidCertificate; |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
213 qDebug() << "Failed to get peer cert"; |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
214 return -1; |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
215 } |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
216 |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
217 if (peerCert->raw.len == 0 || |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
218 peerCert->raw.len != mX509PinnedCert.raw.len) { |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
219 mErrorState = InvalidCertificate; |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
220 qDebug() << "Certificate length mismatch"; |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
221 return -1; |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
222 } |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
223 |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
224 /* You can never be sure what those c++ operators do.. |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
225 if (mPinnedCert != QByteArray::fromRawData( |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
226 (const char*) peerCert->raw.p, |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
227 peerCert->raw.len)) { |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
228 qDebug() << "Certificate content mismatch"; |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
229 } |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
230 */ |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
231 |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
232 for (unsigned int i = 0; i < peerCert->raw.len; i++) { |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
233 if (peerCert->raw.p[i] != mX509PinnedCert.raw.p[i]) { |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
234 qDebug() << "Certificate content mismatch"; |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
235 mErrorState = InvalidCertificate; |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
236 return -1; |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
237 } |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
238 } |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
239 return 0; |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
240 } |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
241 |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
242 int SSLConnection::write (const QByteArray& request) |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
243 { |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
244 unsigned int tries = 0; |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
245 int ret = -1; |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
246 |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
247 const unsigned char *buf = (const unsigned char *) request.constData(); |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
248 size_t len = (size_t) request.size(); |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
249 |
46
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
250 if (mNeedsReset) { |
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
251 ret = reset(); |
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
252 if (ret != 0) { |
452
f8b480b08532
Factor out polarssl error handling and start new sslhelp file
Andre Heinecke <aheinecke@intevation.de>
parents:
409
diff
changeset
|
253 qDebug() << "Reset failed: " << getPolarSSLErrorMsg(ret); |
46
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
254 return ret; |
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
255 } |
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
256 } |
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
257 |
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
258 qDebug() << "Sending request: " << request; |
45
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
259 /* According to doc for ssl_write: |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
260 * |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
261 * When this function returns POLARSSL_ERR_NET_WANT_WRITE, |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
262 * it must be called later with the same arguments, |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
263 * until it returns a positive value. |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
264 */ |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
265 do { |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
266 ret = ssl_write(&mSSL, buf, len); |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
267 if (ret >= 0) { |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
268 if ((unsigned int) ret == len) { |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
269 return 0; |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
270 } else { |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
271 qDebug() << "Write failed to write everything"; |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
272 return -1; |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
273 } |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
274 } |
46
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
275 if (ret != POLARSSL_ERR_NET_WANT_WRITE && |
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
276 ret != POLARSSL_ERR_NET_WANT_READ) { |
45
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
277 return ret; |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
278 } |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
279 tries++; |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
280 net_usleep(100000); /* sleep 100ms to give the socket a chance |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
281 to clean up. */ |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
282 } while (tries < MAX_IO_TRIES); |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
283 |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
284 return ret; |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
285 } |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
286 |
46
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
287 |
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
288 int SSLConnection::reset() |
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
289 { |
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
290 int ret = -1; |
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
291 ssl_close_notify(&mSSL); |
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
292 |
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
293 ret = ssl_session_reset(&mSSL); |
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
294 if (ret != 0) |
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
295 { |
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
296 qDebug() << "SSL Connection reset failed: " |
452
f8b480b08532
Factor out polarssl error handling and start new sslhelp file
Andre Heinecke <aheinecke@intevation.de>
parents:
409
diff
changeset
|
297 << getPolarSSLErrorMsg(ret); |
46
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
298 return ret; |
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
299 } |
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
300 |
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
301 ssl_set_session(&mSSL, &mSavedSession); |
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
302 |
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
303 ret = net_connect(&mServerFD, mUrl.host().toLatin1().constData(), |
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
304 mUrl.port(443)); |
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
305 |
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
306 if (ret != 0) { |
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
307 mErrorState = NoConnection; |
452
f8b480b08532
Factor out polarssl error handling and start new sslhelp file
Andre Heinecke <aheinecke@intevation.de>
parents:
409
diff
changeset
|
308 qDebug() << "Connection failed." << getPolarSSLErrorMsg(ret); |
46
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
309 return ret; |
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
310 } |
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
311 |
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
312 while ((ret = ssl_handshake(&mSSL)) != 0) { |
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
313 if (ret != POLARSSL_ERR_NET_WANT_READ && |
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
314 ret != POLARSSL_ERR_NET_WANT_WRITE) { |
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
315 qDebug() << "SSL Handshake failed: " |
452
f8b480b08532
Factor out polarssl error handling and start new sslhelp file
Andre Heinecke <aheinecke@intevation.de>
parents:
409
diff
changeset
|
316 << getPolarSSLErrorMsg(ret); |
46
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
317 mErrorState = SSLHandshakeFailed; |
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
318 return ret; |
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
319 } |
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
320 } |
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
321 |
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
322 qDebug() << "Reset connection. "; |
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
323 /* Validation should not be necessary as we reused a saved |
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
324 * session. But just to be sure. */ |
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
325 return validateCertificate(); |
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
326 } |
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
327 |
45
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
328 QByteArray SSLConnection::read(size_t len) |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
329 { |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
330 unsigned char buf[len]; |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
331 QByteArray retval(""); |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
332 int ret = -1; |
46
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
333 unsigned int tries = 0; |
45
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
334 |
46
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
335 mNeedsReset = true; |
45
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
336 do { |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
337 memset (buf, 0, sizeof(buf)); |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
338 ret = ssl_read(&mSSL, buf, len); |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
339 if (ret == 0 || |
46
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
340 ret == POLARSSL_ERR_SSL_CONN_EOF || |
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
341 ret == POLARSSL_ERR_SSL_PEER_CLOSE_NOTIFY) { |
45
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
342 /* EOF */ |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
343 return retval; |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
344 } |
46
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
345 if (ret == POLARSSL_ERR_NET_WANT_WRITE || |
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
346 ret == POLARSSL_ERR_NET_WANT_READ) { |
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
347 net_usleep(100000); /* sleep 100ms to give the socket a chance |
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
348 to recover */ |
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
349 tries++; |
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
350 } |
45
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
351 if (ret <= 0) { |
452
f8b480b08532
Factor out polarssl error handling and start new sslhelp file
Andre Heinecke <aheinecke@intevation.de>
parents:
409
diff
changeset
|
352 qDebug() << "Read failed: " << getPolarSSLErrorMsg(ret); |
45
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
353 return QByteArray(); |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
354 } |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
355 if (len < (len - (unsigned int) ret)) { |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
356 /* Should never happen if ssl_read behaves */ |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
357 qDebug() << "integer overflow in polarSSLRead"; |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
358 return QByteArray(); |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
359 } |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
360 len -= (unsigned int) ret; |
46
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
361 retval.append((const char *)buf, ret); |
d28e2624c1d5
Reset connection before the next request.
Andre Heinecke <aheinecke@intevation.de>
parents:
45
diff
changeset
|
362 } while (len > 0 && tries < MAX_IO_TRIES); |
45
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
363 |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
364 return retval; |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
365 } |
c6125d73faf4
Move SSLConnection into it's own class
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
366 |