Mercurial > trustbridge > trustbridge
comparison ui/sslconnection.cpp @ 452:f8b480b08532
Factor out polarssl error handling and start new sslhelp file
| author | Andre Heinecke <aheinecke@intevation.de> |
|---|---|
| date | Wed, 23 Apr 2014 10:33:40 +0000 |
| parents | 09bb19e5e369 |
| children | e32ae933391f |
comparison
equal
deleted
inserted
replaced
| 451:94613c91a3d4 | 452:f8b480b08532 |
|---|---|
| 6 * See LICENSE.txt for details. | 6 * See LICENSE.txt for details. |
| 7 */ | 7 */ |
| 8 /* TODO: Wrap ssl_session in a class for reuse. | 8 /* TODO: Wrap ssl_session in a class for reuse. |
| 9 * see programs/ssl/ssl_client2.c for example of session reuse */ | 9 * see programs/ssl/ssl_client2.c for example of session reuse */ |
| 10 #include "sslconnection.h" | 10 #include "sslconnection.h" |
| 11 #include "sslhelp.h" | |
| 11 | 12 |
| 12 #include <QFile> | 13 #include <QFile> |
| 13 #include <QUuid> | 14 #include <QUuid> |
| 14 #include <QApplication> | 15 #include <QApplication> |
| 15 | 16 |
| 21 { | 22 { |
| 22 fprintf((FILE *) ctx, "%s", str); | 23 fprintf((FILE *) ctx, "%s", str); |
| 23 fflush((FILE *) ctx); | 24 fflush((FILE *) ctx); |
| 24 } | 25 } |
| 25 #endif | 26 #endif |
| 26 | |
| 27 QString getErrorMsg(int ret) | |
| 28 { | |
| 29 char errbuf[255]; | |
| 30 polarssl_strerror(ret, errbuf, 255); | |
| 31 errbuf[254] = '\0'; /* Just to be sure */ | |
| 32 return QString::fromLatin1(errbuf); | |
| 33 } | |
| 34 | 27 |
| 35 SSLConnection::SSLConnection(const QString& url, | 28 SSLConnection::SSLConnection(const QString& url, |
| 36 const QByteArray& certificate): | 29 const QByteArray& certificate): |
| 37 mUrl(url), | 30 mUrl(url), |
| 38 mPinnedCert(certificate), | 31 mPinnedCert(certificate), |
| 55 | 48 |
| 56 ret = init(); | 49 ret = init(); |
| 57 if (ret == 0) { | 50 if (ret == 0) { |
| 58 mInitialized = true; | 51 mInitialized = true; |
| 59 } else { | 52 } else { |
| 60 qDebug() << "Initialization error: " + getErrorMsg(ret); | 53 qDebug() << "Initialization error: " + getPolarSSLErrorMsg(ret); |
| 61 } | 54 } |
| 62 } | 55 } |
| 63 | 56 |
| 64 int SSLConnection::init() | 57 int SSLConnection::init() |
| 65 { | 58 { |
| 150 | 143 |
| 151 ret = net_connect(&mServerFD, mUrl.host().toLatin1().constData(), | 144 ret = net_connect(&mServerFD, mUrl.host().toLatin1().constData(), |
| 152 mUrl.port(443)); | 145 mUrl.port(443)); |
| 153 | 146 |
| 154 if (ret != 0) { | 147 if (ret != 0) { |
| 155 qDebug() << "Connect failed: " << getErrorMsg(ret); | 148 qDebug() << "Connect failed: " << getPolarSSLErrorMsg(ret); |
| 156 mErrorState = NoConnection; | 149 mErrorState = NoConnection; |
| 157 return ret; | 150 return ret; |
| 158 } | 151 } |
| 159 | 152 |
| 160 ssl_set_bio(&mSSL, net_recv, &mServerFD, | 153 ssl_set_bio(&mSSL, net_recv, &mServerFD, |
| 161 net_send, &mServerFD); | 154 net_send, &mServerFD); |
| 162 | 155 |
| 163 while ((ret = ssl_handshake(&mSSL)) != 0) { | 156 while ((ret = ssl_handshake(&mSSL)) != 0) { |
| 164 if (ret != POLARSSL_ERR_NET_WANT_READ && | 157 if (ret != POLARSSL_ERR_NET_WANT_READ && |
| 165 ret != POLARSSL_ERR_NET_WANT_WRITE) { | 158 ret != POLARSSL_ERR_NET_WANT_WRITE) { |
| 166 qDebug() << "SSL Handshake failed: " << getErrorMsg(ret); | 159 qDebug() << "SSL Handshake failed: " << getPolarSSLErrorMsg(ret); |
| 167 mErrorState = SSLHandshakeFailed; | 160 mErrorState = SSLHandshakeFailed; |
| 168 return ret; | 161 return ret; |
| 169 } | 162 } |
| 170 } | 163 } |
| 171 | 164 |
| 172 ret = ssl_get_session(&mSSL, &mSavedSession); | 165 ret = ssl_get_session(&mSSL, &mSavedSession); |
| 173 if (ret != 0) { | 166 if (ret != 0) { |
| 174 qDebug() << "SSL get session failed: " << getErrorMsg(ret); | 167 qDebug() << "SSL get session failed: " << getPolarSSLErrorMsg(ret); |
| 175 | 168 |
| 176 mErrorState = NoConnection; | 169 mErrorState = NoConnection; |
| 177 return ret; | 170 return ret; |
| 178 } | 171 } |
| 179 printf( " ok\n [ Ciphersuite is %s ]\n", | 172 printf( " ok\n [ Ciphersuite is %s ]\n", |
| 255 size_t len = (size_t) request.size(); | 248 size_t len = (size_t) request.size(); |
| 256 | 249 |
| 257 if (mNeedsReset) { | 250 if (mNeedsReset) { |
| 258 ret = reset(); | 251 ret = reset(); |
| 259 if (ret != 0) { | 252 if (ret != 0) { |
| 260 qDebug() << "Reset failed: " << getErrorMsg(ret); | 253 qDebug() << "Reset failed: " << getPolarSSLErrorMsg(ret); |
| 261 return ret; | 254 return ret; |
| 262 } | 255 } |
| 263 } | 256 } |
| 264 | 257 |
| 265 qDebug() << "Sending request: " << request; | 258 qDebug() << "Sending request: " << request; |
| 299 | 292 |
| 300 ret = ssl_session_reset(&mSSL); | 293 ret = ssl_session_reset(&mSSL); |
| 301 if (ret != 0) | 294 if (ret != 0) |
| 302 { | 295 { |
| 303 qDebug() << "SSL Connection reset failed: " | 296 qDebug() << "SSL Connection reset failed: " |
| 304 << getErrorMsg(ret); | 297 << getPolarSSLErrorMsg(ret); |
| 305 return ret; | 298 return ret; |
| 306 } | 299 } |
| 307 | 300 |
| 308 ssl_set_session(&mSSL, &mSavedSession); | 301 ssl_set_session(&mSSL, &mSavedSession); |
| 309 | 302 |
| 310 ret = net_connect(&mServerFD, mUrl.host().toLatin1().constData(), | 303 ret = net_connect(&mServerFD, mUrl.host().toLatin1().constData(), |
| 311 mUrl.port(443)); | 304 mUrl.port(443)); |
| 312 | 305 |
| 313 if (ret != 0) { | 306 if (ret != 0) { |
| 314 mErrorState = NoConnection; | 307 mErrorState = NoConnection; |
| 315 qDebug() << "Connection failed." << getErrorMsg(ret); | 308 qDebug() << "Connection failed." << getPolarSSLErrorMsg(ret); |
| 316 return ret; | 309 return ret; |
| 317 } | 310 } |
| 318 | 311 |
| 319 while ((ret = ssl_handshake(&mSSL)) != 0) { | 312 while ((ret = ssl_handshake(&mSSL)) != 0) { |
| 320 if (ret != POLARSSL_ERR_NET_WANT_READ && | 313 if (ret != POLARSSL_ERR_NET_WANT_READ && |
| 321 ret != POLARSSL_ERR_NET_WANT_WRITE) { | 314 ret != POLARSSL_ERR_NET_WANT_WRITE) { |
| 322 qDebug() << "SSL Handshake failed: " | 315 qDebug() << "SSL Handshake failed: " |
| 323 << getErrorMsg(ret); | 316 << getPolarSSLErrorMsg(ret); |
| 324 mErrorState = SSLHandshakeFailed; | 317 mErrorState = SSLHandshakeFailed; |
| 325 return ret; | 318 return ret; |
| 326 } | 319 } |
| 327 } | 320 } |
| 328 | 321 |
| 354 net_usleep(100000); /* sleep 100ms to give the socket a chance | 347 net_usleep(100000); /* sleep 100ms to give the socket a chance |
| 355 to recover */ | 348 to recover */ |
| 356 tries++; | 349 tries++; |
| 357 } | 350 } |
| 358 if (ret <= 0) { | 351 if (ret <= 0) { |
| 359 qDebug() << "Read failed: " << getErrorMsg(ret); | 352 qDebug() << "Read failed: " << getPolarSSLErrorMsg(ret); |
| 360 return QByteArray(); | 353 return QByteArray(); |
| 361 } | 354 } |
| 362 if (len < (len - (unsigned int) ret)) { | 355 if (len < (len - (unsigned int) ret)) { |
| 363 /* Should never happen if ssl_read behaves */ | 356 /* Should never happen if ssl_read behaves */ |
| 364 qDebug() << "integer overflow in polarSSLRead"; | 357 qDebug() << "integer overflow in polarSSLRead"; |