jessequ
/
AMQP-CPP
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

prevent ssl errors or reference count errors when copying around ssl objects

This commit is contained in:
Emiel Bruijntjes 2018-03-08 11:04:39 +01:00
parent cea5a54487
commit 25df834e74
6 changed files with 24 additions and 42 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
src/linux_tcp/openssl.h
View File

@ -43,7 +43,6 @@ int SSL_shutdown(SSL *ssl);
int SSL_set_fd(SSL *ssl, int fd); int SSL_set_fd(SSL *ssl, int fd);
int SSL_get_shutdown(const SSL *ssl); int SSL_get_shutdown(const SSL *ssl);
int SSL_get_error(const SSL *ssl, int ret); int SSL_get_error(const SSL *ssl, int ret);
int SSL_up_ref(SSL *ssl);
void SSL_set_connect_state(SSL *ssl); void SSL_set_connect_state(SSL *ssl);
void SSL_CTX_free(SSL_CTX *ctx); void SSL_CTX_free(SSL_CTX *ctx);
void SSL_free(SSL *ssl); void SSL_free(SSL *ssl);

6
src/linux_tcp/sslconnected.h
View File

@ -125,7 +125,7 @@ private:
_handler = nullptr; _handler = nullptr;
// start the state that closes the connection // start the state that closes the connection
return new SslShutdown(_connection, _socket, _ssl, _handler); return new SslShutdown(_connection, _socket, std::move(_ssl), _handler);
} }
else else
{ {
@ -245,9 +245,9 @@ public:
* @param buffer The buffer that was already built * @param buffer The buffer that was already built
* @param handler User-supplied handler object * @param handler User-supplied handler object
*/ */
SslConnected(TcpConnection *connection, int socket, const SslWrapper &ssl, TcpOutBuffer &&buffer, TcpHandler *handler) : SslConnected(TcpConnection *connection, int socket, SslWrapper &&ssl, TcpOutBuffer &&buffer, TcpHandler *handler) :
TcpState(connection, handler), TcpState(connection, handler),
_ssl(ssl), _ssl(std::move(ssl)),
_socket(socket), _socket(socket),
_out(std::move(buffer)), _out(std::move(buffer)),
_in(4096), _in(4096),

21
src/linux_tcp/sslcontext.h
View File

@ -42,26 +42,11 @@ public:
} }
/** /**
* Constructor that wraps around an existing context * Copy constructor is delete because the object is refcounted,
* @param context * and we do not have a decent way to update the refcount in openssl 1.0
*/
SslContext(SSL_CTX *context) : _ctx(context)
{
// increment refcount
// @todo fix this
//SSL_ctx_up_ref(context);
}
/**
* Copy constructor
* @param that * @param that
*/ */
SslContext(SslContext &that) : _ctx(that._ctx) SslContext(SslContext &that) = delete;
{
// increment refcount
// @todo fix this
//SSL_ctx_up_ref(context);
}
/** /**
* Destructor * Destructor

4
src/linux_tcp/sslhandshake.h
View File

@ -162,7 +162,7 @@ public:
int result = OpenSSL::SSL_do_handshake(_ssl); int result = OpenSSL::SSL_do_handshake(_ssl);
// if the connection succeeds, we can move to the ssl-connected state // if the connection succeeds, we can move to the ssl-connected state
if (result == 1) return nextstate(new SslConnected(_connection, _socket, _ssl, std::move(_out), _handler)); if (result == 1) return nextstate(new SslConnected(_connection, _socket, std::move(_ssl), std::move(_out), _handler));
// error was returned, so we must investigate what is going on // error was returned, so we must investigate what is going on
auto error = OpenSSL::SSL_get_error(_ssl, result); auto error = OpenSSL::SSL_get_error(_ssl, result);
@ -203,7 +203,7 @@ public:
int result = OpenSSL::SSL_do_handshake(_ssl); int result = OpenSSL::SSL_do_handshake(_ssl);
// if the connection succeeds, we can move to the ssl-connected state // if the connection succeeds, we can move to the ssl-connected state
if (result == 1) return nextstate(new SslConnected(_connection, _socket, _ssl, std::move(_out), _handler)); if (result == 1) return nextstate(new SslConnected(_connection, _socket, std::move(_ssl), std::move(_out), _handler));
// error was returned, so we must investigate what is going on // error was returned, so we must investigate what is going on
auto error = OpenSSL::SSL_get_error(_ssl, result); auto error = OpenSSL::SSL_get_error(_ssl, result);

4
src/linux_tcp/sslshutdown.h
View File

@ -100,9 +100,9 @@ public:
* @param ssl The SSL structure * @param ssl The SSL structure
* @param handler User-supplied handler object * @param handler User-supplied handler object
*/ */
SslShutdown(TcpConnection *connection, int socket, const SslWrapper &ssl, TcpHandler *handler) : SslShutdown(TcpConnection *connection, int socket, SslWrapper &&ssl, TcpHandler *handler) :
TcpState(connection, handler), TcpState(connection, handler),
_ssl(ssl), _ssl(std::move(ssl)),
_socket(socket) _socket(socket)
{ {
// tell the handler to monitor the socket if there is an out // tell the handler to monitor the socket if there is an out

30
src/linux_tcp/sslwrapper.h
View File

@ -41,25 +41,20 @@ public:
} }
/** /**
* Wrapper constructor * Copy constructor is removed because openssl 1.0 has no way to up refcount
* @param ssl * (otherwise we could be safely copying objects around)
*/
SslWrapper(SSL *ssl) : _ssl(ssl)
{
// one more reference
// @todo fix this
//CRYPTO_add(_ssl);
}
/**
* Copy constructor
* @param that * @param that
*/ */
SslWrapper(const SslWrapper &that) : _ssl(that._ssl) SslWrapper(const SslWrapper &that) = delete;
/**
* Move constructor
* @param that
*/
SslWrapper(SslWrapper &&that) : _ssl(that._ssl)
{ {
// one more reference // invalidate other object
// @todo fix this that._ssl = nullptr;
//SSL_up_ref(_ssl);
} }
/** /**
@ -67,6 +62,9 @@ public:
*/ */
virtual ~SslWrapper() virtual ~SslWrapper()
{ {
// do nothing if already moved away
if (_ssl == nullptr) return;
// destruct object // destruct object
OpenSSL::SSL_free(_ssl); OpenSSL::SSL_free(_ssl);
} }