You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@qpid.apache.org by kg...@apache.org on 2012/09/19 23:57:08 UTC
svn commit: r1387789 - in /qpid/proton/trunk: ./ examples/mailbox/ proton-c/
proton-c/bindings/php/ proton-c/bindings/python/ proton-c/bindings/ruby/
proton-c/include/proton/ proton-c/src/ proton-c/src/engine/ proton-c/src/ssl/
Author: kgiusti
Date: Wed Sep 19 21:57:07 2012
New Revision: 1387789
URL: http://svn.apache.org/viewvc?rev=1387789&view=rev
Log:
PROTON-2: openssl support.
Added:
qpid/proton/trunk/examples/mailbox/ssl-setup.sh
- copied unchanged from r1387788, qpid/proton/branches/openssl/examples/mailbox/ssl-setup.sh
qpid/proton/trunk/proton-c/include/proton/ssl.h
- copied unchanged from r1387788, qpid/proton/branches/openssl/proton-c/include/proton/ssl.h
qpid/proton/trunk/proton-c/src/ssl/
- copied from r1387788, qpid/proton/branches/openssl/proton-c/src/ssl/
Modified:
qpid/proton/trunk/ (props changed)
qpid/proton/trunk/examples/mailbox/README.txt
qpid/proton/trunk/examples/mailbox/fetch
qpid/proton/trunk/examples/mailbox/post
qpid/proton/trunk/examples/mailbox/server
qpid/proton/trunk/proton-c/CMakeLists.txt
qpid/proton/trunk/proton-c/bindings/php/php.i
qpid/proton/trunk/proton-c/bindings/python/python.i
qpid/proton/trunk/proton-c/bindings/ruby/ruby.i
qpid/proton/trunk/proton-c/include/proton/cproton.i
qpid/proton/trunk/proton-c/include/proton/driver.h
qpid/proton/trunk/proton-c/pn_config.h.in
qpid/proton/trunk/proton-c/src/driver.c
qpid/proton/trunk/proton-c/src/engine/engine-internal.h
qpid/proton/trunk/proton-c/src/engine/engine.c
Propchange: qpid/proton/trunk/
------------------------------------------------------------------------------
svn:mergeinfo = /qpid/proton/branches/openssl:1387623-1387788
Modified: qpid/proton/trunk/examples/mailbox/README.txt
URL: http://svn.apache.org/viewvc/qpid/proton/trunk/examples/mailbox/README.txt?rev=1387789&r1=1387788&r2=1387789&view=diff
==============================================================================
--- qpid/proton/trunk/examples/mailbox/README.txt (original)
+++ qpid/proton/trunk/examples/mailbox/README.txt Wed Sep 19 21:57:07 2012
@@ -39,3 +39,31 @@ To run the example:
use the --help option for additional details.
Once you are done running the example, you may stop the server application.
+
+
+Optional - using SSL to encrypt the data connections between the server and the clients:
+
+ The Proton driver library has support for SSL/TLS [1]. The mailbox example can be
+ configured to use SSL to encypt the connections between the server and the post/fetch
+ clients.
+
+ Use the ssl-setup.sh script to create the trusted certificates database, and an
+ identifying certificate for the server [2].
+
+ Once ssl-setup.sh has created all the necessary certificates, you supply the server
+ with these parameters:
+
+ $ server --ssl-cert-file ./server-certificate.pem --ssl-key-file ./server-private-key.pem --require-encryption --ssl-cert-db ./trusted_db --ssl-key-pw "trustno1"
+
+ And give the fetch/post clients the path to the database containing the trusted
+ certificates:
+
+ $ post -m myMailbox --ssl-cert-db ./trusted_db "Here is a message"
+ $ fetch --ssl-cert-db ./trusted_db myMailbox
+
+
+[1] At the time of this writing SSL/TLS is implemented using OpenSSL, and is only
+available on those platforms that support the OpenSSL libraries.
+
+[2] Running ssl-setup.sh will require you have the "openssl" and "c_rehash" tools
+installed and available on your $PATH. See http://www.openssl.org.
Modified: qpid/proton/trunk/examples/mailbox/fetch
URL: http://svn.apache.org/viewvc/qpid/proton/trunk/examples/mailbox/fetch?rev=1387789&r1=1387788&r2=1387789&view=diff
==============================================================================
--- qpid/proton/trunk/examples/mailbox/fetch (original)
+++ qpid/proton/trunk/examples/mailbox/fetch Wed Sep 19 21:57:07 2012
@@ -35,12 +35,23 @@ class Options(object):
parser.add_option("-v", "--verbose", action="store_true",
help="Turn on extra trace messages.")
+ # SSL configuration
+ parser.add_option("--ssl-cert-db", type="str", metavar="<dir>",
+ help="database of trusted certificates. Enables use of SSL.")
+
+ # if server wants authentication:
+ #parser.add_option("--ssl-cert-file")
+ #parser.add_option("--ssl-key-file")
+ #parser.add_option("--ssl-key-pw")
+
opts, mailboxes = parser.parse_args() # uses sys.argv[1:]
self.mailbox = None
if len(mailboxes) == 1:
self.mailbox = str(mailboxes[0])
self.server = opts.server
+ self.ca_database = opts.ssl_cert_db
+
addr = opts.server.rsplit(":", 1)
self.host = addr[0]
if len(addr) == 2:
@@ -52,7 +63,7 @@ class Options(object):
class FetchClient(object):
- def __init__(self, host, port, mailbox):
+ def __init__(self, host, port, mailbox, ca_database=None):
""" Initialize the client by supplying the address of the server, and
the name of the mailbox to fetch from.
"""
@@ -60,6 +71,8 @@ class FetchClient(object):
self.port = port
self.mailbox = mailbox
self.logging = False
+ self.ca_database = ca_database
+ self.ssl_client = None
def setup(self):
""" Setup and configure the connection to the server.
@@ -70,6 +83,20 @@ class FetchClient(object):
self.driver = pn_driver();
self.cxtr = pn_connector(self.driver, self.host, self.port, None)
+ # Enable SSL if database of trusted CAs given
+ if self.ca_database:
+ self.log("Using SSL, CA database = %s" % self.ca_database)
+
+ transport = pn_connector_transport(self.cxtr);
+ assert(transport);
+ ssl_client = pn_ssl(transport)
+ assert(ssl_client)
+ rc = pn_ssl_set_trusted_ca_db(ssl_client, self.ca_database)
+ assert(rc == 0)
+ # we want to fail if the server's certificate is invalid:
+ rc = pn_ssl_set_peer_authentication(ssl_client, PN_SSL_VERIFY_PEER, None)
+ assert(rc == 0)
+
# configure SASL
self.sasl = pn_connector_sasl(self.cxtr)
pn_sasl_mechanisms(self.sasl, "ANONYMOUS")
@@ -91,6 +118,25 @@ class FetchClient(object):
pn_link_open(self.link)
+ def teardown(self):
+ """ Perform a clean disconnect from the server, and release the
+ resources created in setup()
+ """
+ self.log("Shutting down the connection cleanly...")
+ pn_connection_close(self.conn)
+
+ # now wait for the connector to close
+ while not (pn_connector_closed(self.cxtr)):
+ self.wait()
+
+ #pn_sasl_free(self.sasl);
+ pn_link_free(self.link);
+ pn_session_free(self.ssn);
+ pn_connection_free(self.conn);
+ pn_connector_free(self.cxtr);
+ self.log("...Shutdown complete!")
+
+
def wait(self):
""" Wait for an event to process.
"""
@@ -123,6 +169,10 @@ class FetchClient(object):
d = _next
+ def closed(self):
+ return self.cxtr == None or pn_connector_closed(self.cxtr)
+
+
def enableLogging(self):
self.logging = True
@@ -146,7 +196,8 @@ def main():
receiver = FetchClient(options.host,
options.port,
- options.mailbox)
+ options.mailbox,
+ options.ca_database)
if options.verbose:
receiver.enableLogging()
@@ -155,6 +206,9 @@ def main():
# wait until we authenticate with the server
while pn_sasl_state(receiver.sasl) not in (PN_SASL_PASS, PN_SASL_FAIL):
receiver.wait()
+ if receiver.closed():
+ receiver.log("connection failed")
+ return -1;
if pn_sasl_state(receiver.sasl) == PN_SASL_FAIL:
print("Error: Authentication failure")
@@ -163,6 +217,9 @@ def main():
# wait until the server has opened the connection
while not (pn_link_state(receiver.link) & PN_REMOTE_ACTIVE):
receiver.wait()
+ if receiver.closed():
+ receiver.log("connection failed")
+ return -1;
# check if the server recognizes the mailbox, fail if it does not
if pn_remote_source(receiver.link) != options.mailbox:
@@ -176,7 +233,7 @@ def main():
# main loop: continue fetching messages until 'count' messages have been
# retrieved
- while pn_credit(receiver.link) > 0: # while all msgs have not arrived
+ while pn_credit(receiver.link) > 0 and not receiver.closed(): # while all msgs have not arrived
if pn_queued(receiver.link) == 0: # wait for some to arrive
receiver.wait()
@@ -198,14 +255,13 @@ def main():
receiver.settle()
# block until any leftover deliveries are settled
- while pn_unsettled(receiver.link) > 0:
+ while pn_unsettled(receiver.link) > 0 and not receiver.closed():
receiver.wait()
receiver.settle()
- # we're done, close and wait for the remote to close also
- pn_connection_close(receiver.conn)
- while not (pn_connection_state(receiver.conn) & PN_REMOTE_CLOSED):
- receiver.wait()
+ # we're done, now clean up the connection:
+ receiver.teardown()
+
return 0
Modified: qpid/proton/trunk/examples/mailbox/post
URL: http://svn.apache.org/viewvc/qpid/proton/trunk/examples/mailbox/post?rev=1387789&r1=1387788&r2=1387789&view=diff
==============================================================================
--- qpid/proton/trunk/examples/mailbox/post (original)
+++ qpid/proton/trunk/examples/mailbox/post Wed Sep 19 21:57:07 2012
@@ -36,10 +36,21 @@ class Options(object):
parser.add_option("-v", "--verbose", action="store_true",
help="Turn on extra trace messages.")
+ # SSL configuration
+ parser.add_option("--ssl-cert-db", type="str", metavar="<dir>",
+ help="database of trusted certificates. Enables use of SSL.")
+
+ # if server wants client authentication:
+ #parser.add_option("--ssl-cert-file")
+ #parser.add_option("--ssl-key-file")
+ #parser.add_option("--ssl-key-pw")
+
+
opts, self.messages = parser.parse_args() # uses sys.argv[1:]
self.server = opts.server
self.mailbox = opts.mailbox
+ self.ca_database = opts.ssl_cert_db
addr = opts.server.rsplit(":", 1)
self.host = addr[0]
@@ -51,7 +62,7 @@ class Options(object):
class PostClient(object):
- def __init__(self, host, port, mailbox):
+ def __init__(self, host, port, mailbox, ca_database=None):
""" Initialize the client by supplying the address of the server, and
the name of the mailbox to post to.
"""
@@ -59,6 +70,9 @@ class PostClient(object):
self.port = port
self.mailbox = mailbox
self.logging = False
+ self.ca_database = ca_database
+ self.ssl_client = None
+
def setup(self):
""" Setup and configure the connection to the server.
@@ -68,6 +82,21 @@ class PostClient(object):
self.log("Connecting to server host = %s:%s" % (self.host, self.port))
self.driver = pn_driver();
self.cxtr = pn_connector(self.driver, self.host, self.port, None)
+ assert(self.cxtr)
+
+ # Enable SSL if database of trusted CAs given
+ if self.ca_database:
+ self.log("Using SSL, CA database = %s" % self.ca_database)
+
+ transport = pn_connector_transport(self.cxtr);
+ assert(transport);
+ ssl_client = pn_ssl(transport)
+ assert(ssl_client)
+ rc = pn_ssl_set_trusted_ca_db(ssl_client, self.ca_database)
+ assert(rc == 0)
+ # we want to fail if the server's certificate is invalid:
+ rc = pn_ssl_set_peer_authentication(ssl_client, PN_SSL_VERIFY_PEER, None)
+ assert(rc == 0)
# configure SASL
self.sasl = pn_connector_sasl(self.cxtr)
@@ -90,6 +119,25 @@ class PostClient(object):
pn_link_open(self.link)
+ def teardown(self):
+ """ Perform a clean disconnect from the server, and release the
+ resources created in setup()
+ """
+ self.log("Shutting down the connection cleanly...")
+ pn_connection_close(self.conn)
+
+ # now wait for the connector to close
+ while not pn_connector_closed(self.cxtr):
+ self.wait()
+
+ #pn_sasl_free(self.sasl);
+ pn_link_free(self.link);
+ pn_session_free(self.ssn);
+ pn_connection_free(self.conn);
+ pn_connector_free(self.cxtr);
+ self.log("...Shutdown complete!")
+
+
def wait(self):
""" Wait for an event to process.
"""
@@ -125,6 +173,10 @@ class PostClient(object):
d = _next
+ def closed(self):
+ return self.cxtr == None or pn_connector_closed(self.cxtr)
+
+
def enableLogging(self):
self.logging = True
@@ -148,7 +200,8 @@ def main():
sender = PostClient(options.host,
options.port,
- options.mailbox)
+ options.mailbox,
+ options.ca_database)
if options.verbose:
sender.enableLogging()
@@ -157,6 +210,9 @@ def main():
# wait until we authenticate with the server
while pn_sasl_state(sender.sasl) not in (PN_SASL_PASS, PN_SASL_FAIL):
sender.wait()
+ if sender.closed():
+ sender.log("connection failed")
+ return -1;
if pn_sasl_state(sender.sasl) == PN_SASL_FAIL:
print("Error: Authentication failure")
@@ -166,12 +222,12 @@ def main():
pendingSends = list(options.messages)
while pendingSends:
- # wait until the server grands us some send credit
+ # wait until the server grants us some send credit
if pn_credit(sender.link) == 0:
sender.log("wait for credit")
sender.wait()
- while pn_credit(sender.link) > 0:
+ while pn_credit(sender.link) > 0 and not sender.closed():
msg = pendingSends.pop(0)
sender.log("sending %s" % msg)
d = pn_delivery(sender.link, "post-delivery-%s" % len(pendingSends))
@@ -186,14 +242,14 @@ def main():
sender.settle()
# done sending, now block until any pending deliveries are settled
- while pn_unsettled(sender.link) > 0:
+ sender.log("Done sending messages, waiting for deliveries to settle...");
+ while pn_unsettled(sender.link) > 0 and not sender.closed():
sender.wait()
sender.settle()
- # we're done, close and wait for the remote to close also
- pn_connection_close(sender.conn)
- while not (pn_connection_state(sender.conn) & PN_REMOTE_CLOSED):
- sender.wait()
+ # We're done - now clean up the connection:
+ sender.teardown()
+
return 0
Modified: qpid/proton/trunk/examples/mailbox/server
URL: http://svn.apache.org/viewvc/qpid/proton/trunk/examples/mailbox/server?rev=1387789&r1=1387788&r2=1387789&view=diff
==============================================================================
--- qpid/proton/trunk/examples/mailbox/server (original)
+++ qpid/proton/trunk/examples/mailbox/server Wed Sep 19 21:57:07 2012
@@ -36,12 +36,37 @@ class Options(object):
def __init__(self):
parser = OptionParser(usage="usage: %prog [options] <server-address>")
parser.add_option("-v", "--verbose",
- action="store_false", dest="verbose", default=True,
+ action="store_true", dest="verbose",
help="print status messages to stdout")
+ # SSL configuration
+ parser.add_option("--ssl-cert-file", type="str", metavar="<file>",
+ help="PEM file containing identifying certificate.")
+ parser.add_option("--ssl-key-file", type="str", metavar="<file>",
+ help="PEM file containing private key of certificate.")
+ parser.add_option("--ssl-key-pw", type="str", metavar='"password"',
+ help="key file password (if key encrypted).")
+ parser.add_option("--require-encryption", action="store_true",
+ help="Do not accept connections from clients that do not use encryption.")
+ parser.add_option("--ssl-cert-db", type="str", metavar="<dir>",
+ help="database of trusted certificates. Used to authenticate clients.")
+
+ # For client authentication using SSL:
+ #parser.add_option("-c", "--ssl-require-client-authentication", action="store_true", help="force client to authenticate itself.")
+ #parser.add_option("-t", "--ssl-trusted-CA-file", type="str", metavar="<file>", help="file holding certificates of CAs to advertise")
opts, self.server = parser.parse_args() # uses sys.argv[1:]
self.verbose = opts.verbose
+ if opts.ssl_cert_file:
+ if not opts.ssl_key_file:
+ print("Error: if --ssl-cert-file given, --ssl-key-file must be supplied!");
+ sys.exit(-1)
+ self.certificate_file = opts.ssl_cert_file
+ self.certificate_key_file = opts.ssl_key_file
+ self.key_file_password = opts.ssl_key_pw
+ self.require_encryption = opts.require_encryption
+ self.ca_database = opts.ssl_cert_db
+
if self.server:
addr = self.server[0].rsplit(":", 1)
self.host = addr[0]
@@ -55,14 +80,22 @@ class Options(object):
class MailboxServer(object):
- def __init__(self, host, port):
+ def __init__(self, host, port, require_encryption=False, certificate_file=None,
+ certificate_key_file=None, key_file_password=None,
+ ca_database=None):
""" Initialize the server to wait on the given address for inbound
connection requests.
"""
self.host = host
self.port = port
+ self.certificate_file = certificate_file
+ self.certificate_key_file = certificate_key_file
+ self.key_file_password = key_file_password
+ self.ca_database = ca_database
+ self.require_encryption = require_encryption
+
self.mailboxes = {}
- self.verbose = False
+ self.logging = False
self.counter = 0
@@ -75,6 +108,13 @@ class MailboxServer(object):
if self.listener is None:
print("Error: could not listen on %s:%s" % (self.host, self.port))
return False
+ # if self.certificate_file:
+ # self.log("Setting SSL certificate %s" % self.certificate_file)
+ # if not self.require_encryption:
+ # self.log("Allowing both encrypted AND unencrypted connections!")
+ if self.certificate_file:
+ if not self.require_encryption:
+ self.log("Allowing both encrypted AND unencrypted connections!")
return True
@@ -95,6 +135,30 @@ class MailboxServer(object):
self.log("Accepting Connection.")
cxtr = pn_listener_accept(l)
pn_connector_set_context(cxtr, AUTHENTICATING)
+
+ # configure SSL
+ if self.certificate_file:
+ transport = pn_connector_transport(cxtr);
+ assert(transport);
+ ssl_server = pn_ssl(transport)
+ assert(ssl_server)
+ rc = pn_ssl_init(ssl_server, PN_SSL_MODE_SERVER);
+ assert(rc == 0)
+ rc = pn_ssl_set_credentials(ssl_server,
+ self.certificate_file,
+ self.certificate_key_file,
+ self.key_file_password)
+ assert(rc == 0)
+ if not self.require_encryption:
+ rc = pn_ssl_allow_unsecured_client(ssl_server)
+ assert(rc == 0)
+
+ # TODO: client authentication incomplete, for now skip peer verification
+ rc = pn_ssl_set_peer_authentication(ssl_server,
+ PN_SSL_NO_VERIFY_PEER,
+ None)
+ assert(rc == 0)
+
l = pn_driver_listener(self.driver)
@@ -345,7 +409,12 @@ class MailboxServer(object):
def main():
options = Options()
- server = MailboxServer(options.host, options.port)
+ server = MailboxServer(options.host, options.port,
+ options.require_encryption,
+ options.certificate_file,
+ options.certificate_key_file,
+ options.key_file_password,
+ options.ca_database)
if (options.verbose):
server.enableLogging()
Modified: qpid/proton/trunk/proton-c/CMakeLists.txt
URL: http://svn.apache.org/viewvc/qpid/proton/trunk/proton-c/CMakeLists.txt?rev=1387789&r1=1387788&r2=1387789&view=diff
==============================================================================
--- qpid/proton/trunk/proton-c/CMakeLists.txt (original)
+++ qpid/proton/trunk/proton-c/CMakeLists.txt Wed Sep 19 21:57:07 2012
@@ -5,6 +5,16 @@ project (Proton C)
set (PN_VERSION_MAJOR 0)
set (PN_VERSION_MINOR 1)
+include(CheckIncludeFile)
+CHECK_INCLUDE_FILE(openssl/ssl.h HAVE_OPENSSL_H)
+
+# Set the default SSL/TLS implementation
+set(ssl_impl, NONE)
+if (HAVE_OPENSSL_H)
+ set(ssl_impl openssl)
+endif(HAVE_OPENSSL_H)
+set(SSL_IMPL ${ssl_impl} CACHE STRING "Library to use for SSL/TLS support. Valid values: 'none','openssl'")
+
configure_file (
"${PROJECT_SOURCE_DIR}/pn_config.h.in"
"${PROJECT_BINARY_DIR}/pn_config.h"
@@ -25,6 +35,14 @@ add_custom_command (
DEPENDS ${PROJECT_SOURCE_DIR}/src/protocol.h.py
)
+# Link in openssl if present
+if (SSL_IMPL STREQUAL openssl)
+ set (pn_driver_ssl_impl src/ssl/openssl.c)
+ set (SSL_LIB ssl crypto)
+else (SSL_IMPL STREQUAL openssl)
+ set (pn_driver_ssl_impl src/ssl/ssl_stub.c)
+endif (SSL_IMPL STREQUAL openssl)
+
find_package(SWIG)
if (SWIG_FOUND)
add_subdirectory(bindings)
@@ -38,6 +56,7 @@ set (UUID_LIB uuid)
set (qpid-proton-platform
src/driver.c
+ ${pn_driver_ssl_impl}
)
add_library (
@@ -66,7 +85,7 @@ add_library (
${PROJECT_BINARY_DIR}/encodings.h
${PROJECT_BINARY_DIR}/protocol.h
)
-target_link_libraries (qpid-proton ${UUID_LIB})
+target_link_libraries (qpid-proton ${UUID_LIB} ${SSL_LIB})
add_executable (proton src/proton.c)
target_link_libraries (proton qpid-proton)
Modified: qpid/proton/trunk/proton-c/bindings/php/php.i
URL: http://svn.apache.org/viewvc/qpid/proton/trunk/proton-c/bindings/php/php.i?rev=1387789&r1=1387788&r2=1387789&view=diff
==============================================================================
--- qpid/proton/trunk/proton-c/bindings/php/php.i (original)
+++ qpid/proton/trunk/proton-c/bindings/php/php.i Wed Sep 19 21:57:07 2012
@@ -10,6 +10,7 @@
#include <proton/message.h>
#include <proton/driver.h>
#include <proton/messenger.h>
+#include <proton/ssl.h>
#define zend_error_noreturn zend_error
%}
Modified: qpid/proton/trunk/proton-c/bindings/python/python.i
URL: http://svn.apache.org/viewvc/qpid/proton/trunk/proton-c/bindings/python/python.i?rev=1387789&r1=1387788&r2=1387789&view=diff
==============================================================================
--- qpid/proton/trunk/proton-c/bindings/python/python.i (original)
+++ qpid/proton/trunk/proton-c/bindings/python/python.i Wed Sep 19 21:57:07 2012
@@ -6,6 +6,7 @@
#include <proton/sasl.h>
#include <proton/driver.h>
#include <proton/messenger.h>
+#include <proton/ssl.h>
%}
typedef unsigned int size_t;
Modified: qpid/proton/trunk/proton-c/bindings/ruby/ruby.i
URL: http://svn.apache.org/viewvc/qpid/proton/trunk/proton-c/bindings/ruby/ruby.i?rev=1387789&r1=1387788&r2=1387789&view=diff
==============================================================================
--- qpid/proton/trunk/proton-c/bindings/ruby/ruby.i (original)
+++ qpid/proton/trunk/proton-c/bindings/ruby/ruby.i Wed Sep 19 21:57:07 2012
@@ -6,6 +6,7 @@
#include <proton/sasl.h>
#include <proton/driver.h>
#include <proton/messenger.h>
+#include <proton/ssl.h>
%}
typedef unsigned int size_t;
Modified: qpid/proton/trunk/proton-c/include/proton/cproton.i
URL: http://svn.apache.org/viewvc/qpid/proton/trunk/proton-c/include/proton/cproton.i?rev=1387789&r1=1387788&r2=1387789&view=diff
==============================================================================
--- qpid/proton/trunk/proton-c/include/proton/cproton.i (original)
+++ qpid/proton/trunk/proton-c/include/proton/cproton.i Wed Sep 19 21:57:07 2012
@@ -1281,3 +1281,8 @@
%include "proton/messenger.h"
+
+
+
+%include "proton/ssl.h"
+
Modified: qpid/proton/trunk/proton-c/include/proton/driver.h
URL: http://svn.apache.org/viewvc/qpid/proton/trunk/proton-c/include/proton/driver.h?rev=1387789&r1=1387788&r2=1387789&view=diff
==============================================================================
--- qpid/proton/trunk/proton-c/include/proton/driver.h (original)
+++ qpid/proton/trunk/proton-c/include/proton/driver.h Wed Sep 19 21:57:07 2012
@@ -25,6 +25,7 @@
#include <proton/error.h>
#include <proton/engine.h>
#include <proton/sasl.h>
+#include <proton/ssl.h>
#ifdef __cplusplus
extern "C" {
@@ -197,6 +198,8 @@ void pn_listener_close(pn_listener_t *li
void pn_listener_free(pn_listener_t *listener);
+
+
/** pn_connector - the client API **/
/** Construct a connector to the given remote address.
@@ -265,7 +268,7 @@ pn_listener_t *pn_connector_listener(pn_
/** Access the Authentication and Security context of the connector.
*
- * @param[in] connector connector whose securty context will be
+ * @param[in] connector connector whose security context will be
* returned
* @return the Authentication and Security context for the connector,
* or NULL if none
@@ -306,6 +309,13 @@ void *pn_connector_context(pn_connector_
*/
void pn_connector_set_context(pn_connector_t *connector, void *context);
+/** Access the transport used by this connector.
+ *
+ * @param[in] connector connector whose transport will be returned
+ * @return the transport, or NULL if none
+ */
+pn_transport_t *pn_connector_transport(pn_connector_t *connector);
+
/** Close the socket used by the connector.
*
* @param[in] connector the connector whose socket will be closed
@@ -327,6 +337,7 @@ bool pn_connector_closed(pn_connector_t
*/
void pn_connector_free(pn_connector_t *connector);
+
#ifdef __cplusplus
}
#endif
Modified: qpid/proton/trunk/proton-c/pn_config.h.in
URL: http://svn.apache.org/viewvc/qpid/proton/trunk/proton-c/pn_config.h.in?rev=1387789&r1=1387788&r2=1387789&view=diff
==============================================================================
--- qpid/proton/trunk/proton-c/pn_config.h.in (original)
+++ qpid/proton/trunk/proton-c/pn_config.h.in Wed Sep 19 21:57:07 2012
@@ -25,4 +25,6 @@
#define PN_VERSION_MAJOR @PN_VERSION_MAJOR@
#define PN_VERSION_MINOR @PN_VERSION_MINOR@
+#cmakedefine HAVE_OPENSSL_H 1
+
#endif /* pn_config.h */
Modified: qpid/proton/trunk/proton-c/src/driver.c
URL: http://svn.apache.org/viewvc/qpid/proton/trunk/proton-c/src/driver.c?rev=1387789&r1=1387788&r2=1387789&view=diff
==============================================================================
--- qpid/proton/trunk/proton-c/src/driver.c (original)
+++ qpid/proton/trunk/proton-c/src/driver.c Wed Sep 19 21:57:07 2012
@@ -33,8 +33,9 @@
#include <proton/driver.h>
#include <proton/error.h>
#include <proton/sasl.h>
+#include <proton/ssl.h>
#include "util.h"
-
+#include "ssl/ssl-internal.h"
/* Decls */
@@ -391,6 +392,11 @@ pn_sasl_t *pn_connector_sasl(pn_connecto
return ctor ? ctor->sasl : NULL;
}
+pn_transport_t *pn_connector_transport(pn_connector_t *ctor)
+{
+ return ctor ? ctor->transport : NULL;
+}
+
void pn_connector_set_connection(pn_connector_t *ctor, pn_connection_t *connection)
{
if (!ctor) return;
Modified: qpid/proton/trunk/proton-c/src/engine/engine-internal.h
URL: http://svn.apache.org/viewvc/qpid/proton/trunk/proton-c/src/engine/engine-internal.h?rev=1387789&r1=1387788&r2=1387789&view=diff
==============================================================================
--- qpid/proton/trunk/proton-c/src/engine/engine-internal.h (original)
+++ qpid/proton/trunk/proton-c/src/engine/engine-internal.h Wed Sep 19 21:57:07 2012
@@ -87,12 +87,14 @@ typedef struct {
#define SCRATCH (1024)
#include <proton/sasl.h>
+#include <proton/ssl.h>
struct pn_transport_t {
ssize_t (*process_input)(pn_transport_t *, char *, size_t);
ssize_t (*process_output)(pn_transport_t *, char *, size_t);
size_t header_count;
pn_sasl_t *sasl;
+ pn_ssl_t *ssl;
pn_connection_t *connection;
pn_dispatcher_t *disp;
bool open_sent;
Modified: qpid/proton/trunk/proton-c/src/engine/engine.c
URL: http://svn.apache.org/viewvc/qpid/proton/trunk/proton-c/src/engine/engine.c?rev=1387789&r1=1387788&r2=1387789&view=diff
==============================================================================
--- qpid/proton/trunk/proton-c/src/engine/engine.c (original)
+++ qpid/proton/trunk/proton-c/src/engine/engine.c Wed Sep 19 21:57:07 2012
@@ -30,6 +30,7 @@
#include <stdio.h>
#include "../sasl/sasl-internal.h"
+#include "../ssl/ssl-internal.h"
// delivery buffers
@@ -229,6 +230,7 @@ void pn_transport_free(pn_transport_t *t
{
if (!transport) return;
+ pn_ssl_free(transport->ssl);
pn_sasl_free(transport->sasl);
pn_dispatcher_free(transport->disp);
for (int i = 0; i < transport->session_capacity; i++) {
@@ -702,6 +704,7 @@ void pn_transport_init(pn_transport_t *t
transport->process_output = pn_output_write_amqp_header;
transport->header_count = 0;
transport->sasl = NULL;
+ transport->ssl = NULL;
transport->disp = pn_dispatcher(0, transport);
pn_dispatcher_action(transport->disp, OPEN, "OPEN", pn_do_open);
@@ -1463,8 +1466,13 @@ ssize_t pn_input(pn_transport_t *transpo
size_t consumed = 0;
+ const bool use_ssl = transport->ssl != NULL;
while (true) {
- ssize_t n = transport->process_input(transport, bytes + consumed, available - consumed);
+ ssize_t n;
+ if (use_ssl)
+ n = pn_ssl_input( transport->ssl, bytes + consumed, available - consumed);
+ else
+ n = transport->process_input(transport, bytes + consumed, available - consumed);
if (n > 0) {
consumed += n;
if (consumed >= available) {
@@ -2025,8 +2033,14 @@ ssize_t pn_output(pn_transport_t *transp
size_t total = 0;
+ const bool use_ssl = transport->ssl != NULL;
+
while (size - total > 0) {
- ssize_t n = transport->process_output(transport, bytes + total, size - total);
+ ssize_t n;
+ if (use_ssl)
+ n = pn_ssl_output( transport->ssl, bytes + total, size - total);
+ else
+ n = transport->process_output(transport, bytes + total, size - total);
if (n > 0) {
total += n;
} else if (n == 0) {
@@ -2053,6 +2067,7 @@ ssize_t pn_output(pn_transport_t *transp
void pn_trace(pn_transport_t *transport, pn_trace_t trace)
{
if (transport->sasl) pn_sasl_trace(transport->sasl, trace);
+ if (transport->ssl) pn_ssl_trace(transport->ssl, trace);
transport->disp->trace = trace;
}
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org