You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@apr.apache.org by dr...@apache.org on 2006/06/22 18:37:24 UTC
svn commit: r416413 - in /apr/apr-util/trunk: include/apr_ssl.h
include/private/apr_ssl_openssl_private.h include/private/apr_ssl_private.h
ssl/apr_ssl_openssl.c ssl/apr_ssl_socket.c test/testssl.c
Author: dreid
Date: Thu Jun 22 09:37:24 2006
New Revision: 416413
URL: http://svn.apache.org/viewvc?rev=416413&view=rev
Log:
- trim some long lines
- add apr_ssl_socket_raw_error
This starts adding in the api's I discussed on list to get
the *raw* error codes from the underlying library.
Modified:
apr/apr-util/trunk/include/apr_ssl.h
apr/apr-util/trunk/include/private/apr_ssl_openssl_private.h
apr/apr-util/trunk/include/private/apr_ssl_private.h
apr/apr-util/trunk/ssl/apr_ssl_openssl.c
apr/apr-util/trunk/ssl/apr_ssl_socket.c
apr/apr-util/trunk/test/testssl.c
Modified: apr/apr-util/trunk/include/apr_ssl.h
URL: http://svn.apache.org/viewvc/apr/apr-util/trunk/include/apr_ssl.h?rev=416413&r1=416412&r2=416413&view=diff
==============================================================================
--- apr/apr-util/trunk/include/apr_ssl.h (original)
+++ apr/apr-util/trunk/include/apr_ssl.h Thu Jun 22 09:37:24 2006
@@ -193,6 +193,17 @@
APU_DECLARE(apr_status_t) apr_ssl_socket_accept(apr_ssl_socket_t **,
apr_ssl_socket_t *,
apr_pool_t *);
+
+/**
+ * @fn apr_status_t apr_ssl_socket_raw_error(apr_ssl_socket_t *sock)
+ * @brief Return the error code from the underlying SSL implementation.
+ * @note This is provided for completeness. Return values are specific
+ * to the underlying implentation, so this should nt be used if
+ * platform independance is desired.
+ * @param sock The socket to report the error for.
+ */
+APU_DECLARE(apr_status_t) apr_ssl_socket_raw_error(apr_ssl_socket_t *);
+
/** @} */
#ifdef __cplusplus
}
Modified: apr/apr-util/trunk/include/private/apr_ssl_openssl_private.h
URL: http://svn.apache.org/viewvc/apr/apr-util/trunk/include/private/apr_ssl_openssl_private.h?rev=416413&r1=416412&r2=416413&view=diff
==============================================================================
--- apr/apr-util/trunk/include/private/apr_ssl_openssl_private.h (original)
+++ apr/apr-util/trunk/include/private/apr_ssl_openssl_private.h Thu Jun 22 09:37:24 2006
@@ -28,6 +28,8 @@
struct apu_ssl_socket_data {
SSL *ssl;
+ int err; /** error code returned by function call */
+ int sslErr; /** SSL_get_error() code */
};
Modified: apr/apr-util/trunk/include/private/apr_ssl_private.h
URL: http://svn.apache.org/viewvc/apr/apr-util/trunk/include/private/apr_ssl_private.h?rev=416413&r1=416412&r2=416413&view=diff
==============================================================================
--- apr/apr-util/trunk/include/private/apr_ssl_private.h (original)
+++ apr/apr-util/trunk/include/private/apr_ssl_private.h Thu Jun 22 09:37:24 2006
@@ -64,6 +64,7 @@
apr_status_t apu_ssl_send(apr_ssl_socket_t *, const char *, apr_size_t *);
apr_status_t apu_ssl_socket_recv(apr_ssl_socket_t *, char *, apr_size_t *);
apr_status_t apu_ssl_accept(apr_ssl_socket_t *, apr_ssl_socket_t *, apr_pool_t *);
+apr_status_t apu_ssl_raw_error(apr_ssl_socket_t *);
#ifdef __cplusplus
}
Modified: apr/apr-util/trunk/ssl/apr_ssl_openssl.c
URL: http://svn.apache.org/viewvc/apr/apr-util/trunk/ssl/apr_ssl_openssl.c?rev=416413&r1=416412&r2=416413&view=diff
==============================================================================
--- apr/apr-util/trunk/ssl/apr_ssl_openssl.c (original)
+++ apr/apr-util/trunk/ssl/apr_ssl_openssl.c Thu Jun 22 09:37:24 2006
@@ -44,6 +44,20 @@
return APR_SUCCESS;
}
+/* SSL_get_error() docs say that this MUST be called in the same
+ * thread as the operation that failed, and that no other
+ * SSL_ operations should be called between the error being reported
+ * and the call to get the error code made, hence this function should
+ * be called within the function that generates the error.
+ * TODO - this should be expanded to generate the correct APR_ errors
+ * when we have created the mappings :-)
+ */
+static void openssl_get_error(apr_ssl_socket_t *sock, int fncode)
+{
+ sock->sslData->err = fncode;
+ sock->sslData->sslErr = SSL_get_error(sock->sslData->ssl, fncode);
+}
+
apr_status_t apu_ssl_factory_create(apr_ssl_factory_t *asf,
const char *privateKeyFn,
const char *certFn,
@@ -57,8 +71,10 @@
if (privateKeyFn && certFn) {
sslData->ctx = SSL_CTX_new(SSLv23_server_method());
if (sslData->ctx) {
- if (!SSL_CTX_use_PrivateKey_file(sslData->ctx, privateKeyFn, SSL_FILETYPE_PEM) ||
- !SSL_CTX_use_certificate_file(sslData->ctx, certFn, SSL_FILETYPE_PEM) ||
+ if (!SSL_CTX_use_PrivateKey_file(sslData->ctx, privateKeyFn,
+ SSL_FILETYPE_PEM) ||
+ !SSL_CTX_use_certificate_file(sslData->ctx, certFn,
+ SSL_FILETYPE_PEM) ||
!SSL_CTX_check_private_key(sslData->ctx)) {
SSL_CTX_free(sslData->ctx);
return -1; /* what code shoudl we return? */
@@ -81,9 +97,11 @@
return APR_SUCCESS;
}
-apr_status_t apu_ssl_socket_create(apr_ssl_socket_t *sslSock, apr_ssl_factory_t *asf)
+apr_status_t apu_ssl_socket_create(apr_ssl_socket_t *sslSock,
+ apr_ssl_factory_t *asf)
{
- apu_ssl_socket_data_t *sslData = apr_pcalloc(sslSock->pool, sizeof(*sslData));
+ apu_ssl_socket_data_t *sslData = apr_pcalloc(sslSock->pool,
+ sizeof(*sslData));
apr_os_sock_t fd;
if (!sslData || !asf->sslData)
@@ -120,19 +138,22 @@
apr_status_t apu_ssl_connect(apr_ssl_socket_t *sock)
{
+ int sslOp;
+
if (!sock->sslData->ssl)
return APR_EINVAL;
- if (SSL_connect(sock->sslData->ssl)) {
+ if ((sslOp = SSL_connect(sock->sslData->ssl)) == 1) {
sock->connected = 1;
return APR_SUCCESS;
}
+ openssl_get_error(sock, sslOp);
return -1;
}
-apr_status_t apu_ssl_send(apr_ssl_socket_t *sock, const char *buf, apr_size_t *len)
+apr_status_t apu_ssl_send(apr_ssl_socket_t *sock, const char *buf,
+ apr_size_t *len)
{
- apr_status_t rv;
int sslOp;
sslOp = SSL_write(sock->sslData->ssl, buf, *len);
@@ -140,6 +161,7 @@
*len = sslOp;
return APR_SUCCESS;
}
+ openssl_get_error(sock, sslOp);
return -1;
}
@@ -148,11 +170,15 @@
{
int sslOp;
+ if (!sock->sslData)
+ return APR_EINVAL;
+
sslOp = SSL_read(sock->sslData->ssl, buf, *len);
if (sslOp > 0) {
*len = sslOp;
return APR_SUCCESS;
}
+ openssl_get_error(sock, sslOp);
return -1;
}
@@ -175,6 +201,17 @@
newSock->pool = pool;
newSock->sslData = sslData;
newSock->factory = oldSock->factory;
+ return APR_SUCCESS;
+}
+
+apr_status_t apu_ssl_raw_error(apr_ssl_socket_t *sock)
+{
+ if (!sock->sslData)
+ return APR_EINVAL;
+
+ if (sock->sslData->sslErr)
+ return sock->sslData->sslErr;
+
return APR_SUCCESS;
}
Modified: apr/apr-util/trunk/ssl/apr_ssl_socket.c
URL: http://svn.apache.org/viewvc/apr/apr-util/trunk/ssl/apr_ssl_socket.c?rev=416413&r1=416412&r2=416413&view=diff
==============================================================================
--- apr/apr-util/trunk/ssl/apr_ssl_socket.c (original)
+++ apr/apr-util/trunk/ssl/apr_ssl_socket.c Thu Jun 22 09:37:24 2006
@@ -156,6 +156,13 @@
return APR_SUCCESS;
}
+APU_DECLARE(apr_status_t) apr_ssl_socket_raw_error(apr_ssl_socket_t *sock)
+{
+ if (!sock)
+ return APR_EINVAL;
+ return apu_ssl_raw_error(sock);
+}
+
#else /* ! APU_HAVE_SSL */
APU_DECLARE(apr_status_t) apr_ssl_socket_create(apr_ssl_socket_t **sock,
@@ -202,9 +209,15 @@
{
return APR_ENOTIMPL;
}
+
APU_DECLARE(apr_status_t) apr_ssl_socket_accept(apr_ssl_socket_t **news,
apr_ssl_socket_t *sock,
apr_pool_t *conn)
+{
+ return APR_ENOTIMPL;
+}
+
+APU_DECLARE(apr_status_t) apr_ssl_socket_raw_error(apr_ssl_socket_t *sock)
{
return APR_ENOTIMPL;
}
Modified: apr/apr-util/trunk/test/testssl.c
URL: http://svn.apache.org/viewvc/apr/apr-util/trunk/test/testssl.c?rev=416413&r1=416412&r2=416413&view=diff
==============================================================================
--- apr/apr-util/trunk/test/testssl.c (original)
+++ apr/apr-util/trunk/test/testssl.c Thu Jun 22 09:37:24 2006
@@ -65,13 +65,14 @@
} else {
apr_ssl_socket_t *sslSock;
fprintf(stdout, "Client factory created\n");
- if (apr_ssl_socket_create(&sslSock, AF_INET, SOCK_STREAM, 0, asf, NULL) != APR_SUCCESS) {
+ if (apr_ssl_socket_create(&sslSock, AF_INET, SOCK_STREAM, 0, asf,
+ NULL) != APR_SUCCESS) {
printf("failed to create socket\n");
} else {
printf("created ssl socket\n");
- rv = apr_sockaddr_info_get(&remoteSA, "svn.apache.org", APR_UNSPEC,
- 443, 0, pool);
+ rv = apr_sockaddr_info_get(&remoteSA, "svn.apache.org",
+ APR_UNSPEC, 443, 0, pool);
if (rv == APR_SUCCESS) {
apr_size_t len = 16;
char buffer[4096];
@@ -80,18 +81,21 @@
printf("Connect = %s\n", (rv == APR_SUCCESS ? "OK" : "Failed"));
printf("send: %s\n",
- (apr_ssl_socket_send(sslSock, "GET / HTTP/1.0\n\n", &len) == APR_SUCCESS ?
+ (apr_ssl_socket_send(sslSock, "GET / HTTP/1.0\n\n",
+ &len) == APR_SUCCESS ?
"OK" : "Failed"));
len = 4096;
printf("recv: %s\n%s\n",
- (apr_ssl_socket_recv(sslSock, buffer, &len) == APR_SUCCESS ? "OK" : "Failed"),
+ (apr_ssl_socket_recv(sslSock, buffer, &len) ==
+ APR_SUCCESS ? "OK" : "Failed"),
buffer);
}
printf("close = %s\n",
- (apr_ssl_socket_close(sslSock) == APR_SUCCESS ? "OK" : "Failed"));
+ (apr_ssl_socket_close(sslSock) == APR_SUCCESS ?
+ "OK" : "Failed"));
}
}