You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@qpid.apache.org by kg...@apache.org on 2012/08/10 20:14:26 UTC
svn commit: r1371795 - in /qpid/proton/branches/driver_abstraction/proton-c:
CMakeLists.txt include/proton/driver.h pn_config.h.in src/driver_impl.h
src/drivers/driver_select.c
Author: kgiusti
Date: Fri Aug 10 18:14:25 2012
New Revision: 1371795
URL: http://svn.apache.org/viewvc?rev=1371795&view=rev
Log:
checkpoint
Modified:
qpid/proton/branches/driver_abstraction/proton-c/CMakeLists.txt
qpid/proton/branches/driver_abstraction/proton-c/include/proton/driver.h
qpid/proton/branches/driver_abstraction/proton-c/pn_config.h.in
qpid/proton/branches/driver_abstraction/proton-c/src/driver_impl.h
qpid/proton/branches/driver_abstraction/proton-c/src/drivers/driver_select.c
Modified: qpid/proton/branches/driver_abstraction/proton-c/CMakeLists.txt
URL: http://svn.apache.org/viewvc/qpid/proton/branches/driver_abstraction/proton-c/CMakeLists.txt?rev=1371795&r1=1371794&r2=1371795&view=diff
==============================================================================
--- qpid/proton/branches/driver_abstraction/proton-c/CMakeLists.txt (original)
+++ qpid/proton/branches/driver_abstraction/proton-c/CMakeLists.txt Fri Aug 10 18:14:25 2012
@@ -10,6 +10,7 @@ include(CheckIncludeFile)
CHECK_INCLUDE_FILE(poll.h HAVE_POLL_H)
CHECK_INCLUDE_FILE(sys/select.h HAVE_SYS_SELECT_H)
+CHECK_INCLUDE_FILE(openssl/ssl.h HAVE_OPENSSL_H)
# Set default poller implementation (check from general to specific to allow overriding)
if (HAVE_SYS_SELECT_H)
Modified: qpid/proton/branches/driver_abstraction/proton-c/include/proton/driver.h
URL: http://svn.apache.org/viewvc/qpid/proton/branches/driver_abstraction/proton-c/include/proton/driver.h?rev=1371795&r1=1371794&r2=1371795&view=diff
==============================================================================
--- qpid/proton/branches/driver_abstraction/proton-c/include/proton/driver.h (original)
+++ qpid/proton/branches/driver_abstraction/proton-c/include/proton/driver.h Fri Aug 10 18:14:25 2012
@@ -159,6 +159,36 @@ void pn_listener_close(pn_listener_t *li
*/
void pn_listener_free(pn_listener_t *listener);
+/** Set the identifying certificate for the listener. This certificate will set the
+ * identity for all connectors created from this listener. Setting these parameters
+ * configures the pn_listener_t to use SSL/TLS on all connectors created from this
+ * listener (see ::pn_listener_accept). The certificate will be used for authenticating
+ * this server to connecting clients and encrypting the data stream.
+ *
+ * @param[in] listener the listener that will provide this certificate.
+ * @param[in] certificate_file path to file containing the certificate.
+ * @param[in] private_key_file path to file the private key used to sign the certificate
+ * @param[in] password the password used to sign the key, else NULL if key is not protected.
+ * @return 0 on success
+ */
+int pn_listener_ssl_set_certificate(pn_listener_t *listener,
+ const char *certificate_file,
+ const char *private_key_file,
+ const char *password);
+
+
+/** Permit a listener that has been configured to use SSL/TLS to accept connection
+ * requests from clients that are not using SSL/TLS. This configures the listener to
+ * "sniff" the incoming client data stream, and dynamically determine whether SSL/TLS is
+ * being used on a per-client basis. This option is disabled by default: only clients
+ * using SSL/TLS are accepted. See ::pn_listener_ssl_set_certificate.
+ *
+ * @param[in] listener the listener that will accept client connections.
+ * @return 0 on success
+ */
+int pn_listener_ssl_allow_unsecured_clients(pn_listener_t *listener);
+
+
/** pn_connector - the client API **/
@@ -273,4 +303,50 @@ bool pn_connector_closed(pn_connector_t
*/
void pn_connector_free(pn_connector_t *connector);
+
+/** Configure the set of trusted server certificates for this connector. This causes the
+ * connector to use SSL/TLS to authenticate the peer. It is intended to be used by a
+ * client that is attempting to connecto to a trusted server. See ::pn_driver_connector
+ * ::pn_connector ::pn_connector_fd
+ *
+ * @param[in] listener the listener that will use the certificates.
+ * @param[in] certificates path to file containing certificates for trusted servers.
+ * @return 0 on success
+ *
+ * @brief For connectors that have been created directly from the driver (client
+ * connections), rather than from the listener. See
+ * ::pn_listener_ssl_set_trusted_certificates.
+ */
+int pn_connector_ssl_set_trusted_certificates(pn_connector_t *connector,
+ const char *certificates);
+
+
+
+/** Configure the identifying certificate for the connector. Used for client connections
+ * that will have to authenticate with the remote server.
+ *
+ * @param[in] connector the connector that will provide this certificate.
+ * @param[in] certificate_file path to file containing the certificate.
+ * @param[in] private_key_file path to file the private key used to sign the certificate
+ * @param[in] password the password used to sign the key, else NULL if key is not protected.
+ * @return 0 on success
+ */
+int pn_connector_ssl_set_certificate(pn_connector_t *connector,
+ const char *certificate,
+ const char *private_key,
+ const char *private_key_password);
+
+
+/** Force the peer to authenticate. This is intended to be used on those connectors that
+ * have been created by a listener - it permits the server to force authentication of the
+ * connected client. See ::pn_listener_ssl_set_certificate.
+ *
+ * @param[in] connector the connector that will require authentication from its peer.
+ * @param[in] certificates if set, a restricted set of allowable certificates (subset of
+ * trusted certificates configured).
+ * @return 0 on success
+ */
+int pn_connector_ssl_authenticate_peer(pn_connector_t *connector,
+ const char *certificates);
+
#endif /* driver.h */
Modified: qpid/proton/branches/driver_abstraction/proton-c/pn_config.h.in
URL: http://svn.apache.org/viewvc/qpid/proton/branches/driver_abstraction/proton-c/pn_config.h.in?rev=1371795&r1=1371794&r2=1371795&view=diff
==============================================================================
--- qpid/proton/branches/driver_abstraction/proton-c/pn_config.h.in (original)
+++ qpid/proton/branches/driver_abstraction/proton-c/pn_config.h.in Fri Aug 10 18:14:25 2012
@@ -28,5 +28,6 @@
#cmakedefine HAVE_POLL_H 1
#cmakedefine HAVE_SYS_SELECT_H 1
+#cmakedefine HAVE_OPENSSL_H 1
#endif /* pn_config.h */
Modified: qpid/proton/branches/driver_abstraction/proton-c/src/driver_impl.h
URL: http://svn.apache.org/viewvc/qpid/proton/branches/driver_abstraction/proton-c/src/driver_impl.h?rev=1371795&r1=1371794&r2=1371795&view=diff
==============================================================================
--- qpid/proton/branches/driver_abstraction/proton-c/src/driver_impl.h (original)
+++ qpid/proton/branches/driver_abstraction/proton-c/src/driver_impl.h Fri Aug 10 18:14:25 2012
@@ -43,6 +43,7 @@ struct pn_driver_t {
int pn_driver_impl_init( struct pn_driver_t * );
void pn_driver_impl_destroy( struct pn_driver_t * );
+struct pn_listener_ssl_impl_t;
struct pn_listener_t {
pn_driver_t *driver;
@@ -53,6 +54,7 @@ struct pn_listener_t {
void *context;
struct pn_listener_impl_t *impl;
+ struct pn_listener_ssl_impl_t *ssl;
};
int pn_listener_impl_init( struct pn_listener_t *);
Modified: qpid/proton/branches/driver_abstraction/proton-c/src/drivers/driver_select.c
URL: http://svn.apache.org/viewvc/qpid/proton/branches/driver_abstraction/proton-c/src/drivers/driver_select.c?rev=1371795&r1=1371794&r2=1371795&view=diff
==============================================================================
--- qpid/proton/branches/driver_abstraction/proton-c/src/drivers/driver_select.c (original)
+++ qpid/proton/branches/driver_abstraction/proton-c/src/drivers/driver_select.c Fri Aug 10 18:14:25 2012
@@ -84,12 +84,11 @@ void pn_driver_impl_wait(pn_driver_t *d,
pn_driver_impl_t *impl = d->impl;
// setup the select
- impl->max_fds = -1;
FD_ZERO(&impl->readfds);
FD_ZERO(&impl->writefds);
FD_SET(d->ctrl[0], &impl->readfds);
- if (d->ctrl[0] > impl->max_fds) impl->max_fds = d->ctrl[0];
+ impl->max_fds = d->ctrl[0];
pn_listener_t *l = d->listener_head;
for (int i = 0; i < d->listener_count; i++) {
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org