trustbridge: ui/sslconnection.cpp comparison

comparison ui/sslconnection.cpp @ 46:d28e2624c1d5

Reset connection before the next request. This makes the downloader work for the first simple test.

author	Andre Heinecke <aheinecke@intevation.de>
date	Mon, 17 Mar 2014 10:51:47 +0000
parents	c6125d73faf4
children	0aacc291c04b

comparison

equal deleted inserted replaced

-:c6125d73faf4
+:d28e2624c1d5
 #include <QFile>
 #include <QUuid>
 #include <QApplication>
 #define MAX_IO_TRIES 10
+#define MAX_RESETS 10
 #ifdef CONNECTION_DEBUG
 static void my_debug(void *ctx, int level, const char *str)
 {
 fprintf((FILE *) ctx, "%s", str);
 mErrorState(NoError)
 {
 int ret = -1;
 memset(&mSSL, 0, sizeof(ssl_context));
+memset(&mSavedSession, 0, sizeof( ssl_session ) );
 if (certificate.isEmpty()) {
 QFile certResource(":certs/kolab.org");
 certResource.open(QFile::ReadOnly);
 mPinnedCert = certResource.readAll();
 return 0;
 }
 SSLConnection::~SSLConnection() {
-if (mConnected) {
+disconnect();
-ssl_close_notify (&mSSL);
-if (mServerFD != -1) {
-net_close(mServerFD);
-mServerFD = -1;
-}
-}
 x509_crt_free(&mX509PinnedCert);
 entropy_free(&mEntropy);
 if (mInitialized) {
 ssl_free(&mSSL);
 }
 }
+void SSLConnection::disconnect() {
+if (mConnected) {
+ssl_close_notify(&mSSL);
+if (mServerFD != -1) {
+net_close(mServerFD);
+mServerFD = -1;
+}
+ssl_session_free(&mSavedSession);
+mConnected = false;
+}
+}
 int SSLConnection::connect() {
 int ret = -1;
-const x509_crt *peerCert;
 if (!mInitialized) {
 mErrorState = ErrUnknown;
 return -1;
 }
 ret = net_connect(&mServerFD, mUrl.host().toLatin1().constData(),
 mUrl.port(443));
 if (ret != 0) {
+qDebug() << "Connect failed: " << getErrorMsg(ret);
 mErrorState = NoConnection;
 return ret;
 }
 ssl_set_bio(&mSSL, net_recv, &mServerFD,
 net_send, &mServerFD);
 while ((ret = ssl_handshake(&mSSL)) != 0) {
 if (ret != POLARSSL_ERR_NET_WANT_READ &&
 ret != POLARSSL_ERR_NET_WANT_WRITE) {
-qDebug() << "SSL Handshake failed: "
+qDebug() << "SSL Handshake failed: " << getErrorMsg(ret);
-<< getErrorMsg(ret);
 mErrorState = SSLHandshakeFailed;
 return ret;
 }
 }
+ret = ssl_get_session(&mSSL, &mSavedSession);
+if (ret != 0) {
+qDebug() << "SSL get session failed: " << getErrorMsg(ret);
+mErrorState = NoConnection;
+return ret;
+}
+printf( " ok\n    [ Ciphersuite is %s ]\n",
+ssl_get_ciphersuite( &mSSL) );
+ret = validateCertificate();
+if (ret == 0) {
+mConnected = true;
+}
+return ret;
+}
+int SSLConnection::validateCertificate()
+{
+int ret = -1;
+const x509_crt *peerCert = NULL;
 /* we might want to set the verify function
 * with ssl_set_verify before to archive the
 * certificate pinning. */
 int ret = -1;
 const unsigned char *buf = (const unsigned char *) request.constData();
 size_t len = (size_t) request.size();
-qDebug() << "Seinding request: " << request;
+if (mNeedsReset) {
+ret = reset();
+if (ret != 0) {
+qDebug() << "Reset failed: " << getErrorMsg(ret);
+return ret;
+}
+}
+qDebug() << "Sending request: " << request;
 /* According to doc for ssl_write:
 *
 * When this function returns POLARSSL_ERR_NET_WANT_WRITE,
 * it must be called later with the same arguments,
 * until it returns a positive value.
 } else {
 qDebug() << "Write failed to write everything";
 return -1;
 }
 }
+if (ret != POLARSSL_ERR_NET_WANT_WRITE &&
-if (ret != POLARSSL_ERR_NET_WANT_WRITE) {
+ret != POLARSSL_ERR_NET_WANT_READ) {
 return ret;
 }
 tries++;
 net_usleep(100000); /* sleep 100ms to give the socket a chance
 to clean up. */
 } while (tries < MAX_IO_TRIES);
 return ret;
 }
+int SSLConnection::reset()
+{
+int ret = -1;
+ssl_close_notify(&mSSL);
+ret = ssl_session_reset(&mSSL);
+if (ret != 0)
+{
+qDebug() << "SSL Connection reset failed: "
+<< getErrorMsg(ret);
+return ret;
+}
+ssl_set_session(&mSSL, &mSavedSession);
+ret = net_connect(&mServerFD, mUrl.host().toLatin1().constData(),
+mUrl.port(443));
+if (ret != 0) {
+mErrorState = NoConnection;
+qDebug() << "Connection failed." << getErrorMsg(ret);
+return ret;
+}
+while ((ret = ssl_handshake(&mSSL)) != 0) {
+if (ret != POLARSSL_ERR_NET_WANT_READ &&
+ret != POLARSSL_ERR_NET_WANT_WRITE) {
+qDebug() << "SSL Handshake failed: "
+<< getErrorMsg(ret);
+mErrorState = SSLHandshakeFailed;
+return ret;
+}
+}
+qDebug() << "Reset connection. ";
+/* Validation should not be necessary as we reused a saved
+* session. But just to be sure. */
+return validateCertificate();
+}
 QByteArray SSLConnection::read(size_t len)
 {
 unsigned char buf[len];
 QByteArray retval("");
 int ret = -1;
+unsigned int tries = 0;
+mNeedsReset = true;
 do {
 memset (buf, 0, sizeof(buf));
 ret = ssl_read(&mSSL, buf, len);
+qDebug() << "Read retval : " << ret;
+qDebug() << "Len is: " << len;
 if (ret == 0 ||
-ret == POLARSSL_ERR_SSL_CONN_EOF) {
+ret == POLARSSL_ERR_SSL_CONN_EOF ||
+ret == POLARSSL_ERR_SSL_PEER_CLOSE_NOTIFY) {
 /* EOF */
 return retval;
+}
+if (ret == POLARSSL_ERR_NET_WANT_WRITE ||
+ret == POLARSSL_ERR_NET_WANT_READ) {
+net_usleep(100000); /* sleep 100ms to give the socket a chance
+to recover */
+tries++;
 }
 if (ret <= 0) {
 qDebug() << "Read failed: " << getErrorMsg(ret);
 return QByteArray();
 }
 /* Should never happen if ssl_read behaves */
 qDebug() << "integer overflow in polarSSLRead";
 return QByteArray();
 }
 len -= (unsigned int) ret;
-retval.append((const char *)buf, len);
+retval.append((const char *)buf, ret);
-} while (len > 0);
+} while (len > 0 && tries < MAX_IO_TRIES);
 return retval;
 }

Mercurial > trustbridge

comparison ui/sslconnection.cpp @ 46:d28e2624c1d5