You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@qpid.apache.org by kg...@apache.org on 2012/08/10 20:14:26 UTC

svn commit: r1371795 - in /qpid/proton/branches/driver_abstraction/proton-c: CMakeLists.txt include/proton/driver.h pn_config.h.in src/driver_impl.h src/drivers/driver_select.c

Author: kgiusti
Date: Fri Aug 10 18:14:25 2012
New Revision: 1371795

URL: http://svn.apache.org/viewvc?rev=1371795&view=rev
Log:
checkpoint

Modified:
    qpid/proton/branches/driver_abstraction/proton-c/CMakeLists.txt
    qpid/proton/branches/driver_abstraction/proton-c/include/proton/driver.h
    qpid/proton/branches/driver_abstraction/proton-c/pn_config.h.in
    qpid/proton/branches/driver_abstraction/proton-c/src/driver_impl.h
    qpid/proton/branches/driver_abstraction/proton-c/src/drivers/driver_select.c

Modified: qpid/proton/branches/driver_abstraction/proton-c/CMakeLists.txt
URL: http://svn.apache.org/viewvc/qpid/proton/branches/driver_abstraction/proton-c/CMakeLists.txt?rev=1371795&r1=1371794&r2=1371795&view=diff
==============================================================================
--- qpid/proton/branches/driver_abstraction/proton-c/CMakeLists.txt (original)
+++ qpid/proton/branches/driver_abstraction/proton-c/CMakeLists.txt Fri Aug 10 18:14:25 2012
@@ -10,6 +10,7 @@ include(CheckIncludeFile)
 
 CHECK_INCLUDE_FILE(poll.h HAVE_POLL_H)
 CHECK_INCLUDE_FILE(sys/select.h HAVE_SYS_SELECT_H)
+CHECK_INCLUDE_FILE(openssl/ssl.h HAVE_OPENSSL_H)
 
 # Set default poller implementation (check from general to specific to allow overriding)
 if (HAVE_SYS_SELECT_H)

Modified: qpid/proton/branches/driver_abstraction/proton-c/include/proton/driver.h
URL: http://svn.apache.org/viewvc/qpid/proton/branches/driver_abstraction/proton-c/include/proton/driver.h?rev=1371795&r1=1371794&r2=1371795&view=diff
==============================================================================
--- qpid/proton/branches/driver_abstraction/proton-c/include/proton/driver.h (original)
+++ qpid/proton/branches/driver_abstraction/proton-c/include/proton/driver.h Fri Aug 10 18:14:25 2012
@@ -159,6 +159,36 @@ void pn_listener_close(pn_listener_t *li
  */
 void pn_listener_free(pn_listener_t *listener);
 
+/** Set the identifying certificate for the listener.  This certificate will set the
+ * identity for all connectors created from this listener.  Setting these parameters
+ * configures the pn_listener_t to use SSL/TLS on all connectors created from this
+ * listener (see ::pn_listener_accept).  The certificate will be used for authenticating
+ * this server to connecting clients and encrypting the data stream.
+ *
+ * @param[in] listener the listener that will provide this certificate.
+ * @param[in] certificate_file path to file containing the certificate.
+ * @param[in] private_key_file path to file the private key used to sign the certificate
+ * @param[in] password the password used to sign the key, else NULL if key is not protected.
+ * @return 0 on success
+ */
+int pn_listener_ssl_set_certificate(pn_listener_t *listener,
+                                    const char *certificate_file,
+                                    const char *private_key_file,
+                                    const char *password);
+
+
+/** Permit a listener that has been configured to use SSL/TLS to accept connection
+ * requests from clients that are not using SSL/TLS.  This configures the listener to
+ * "sniff" the incoming client data stream, and dynamically determine whether SSL/TLS is
+ * being used on a per-client basis.  This option is disabled by default: only clients
+ * using SSL/TLS are accepted.  See ::pn_listener_ssl_set_certificate.
+ *
+ * @param[in] listener the listener that will accept client connections.
+ * @return 0 on success
+ */
+int pn_listener_ssl_allow_unsecured_clients(pn_listener_t *listener);
+
+
 
 /** pn_connector - the client API **/
 
@@ -273,4 +303,50 @@ bool pn_connector_closed(pn_connector_t 
  */
 void pn_connector_free(pn_connector_t *connector);
 
+
+/** Configure the set of trusted server certificates for this connector.  This causes the
+ * connector to use SSL/TLS to authenticate the peer.  It is intended to be used by a
+ * client that is attempting to connecto to a trusted server.  See ::pn_driver_connector
+ * ::pn_connector ::pn_connector_fd
+ *
+ * @param[in] listener the listener that will use the certificates.
+ * @param[in] certificates path to file containing certificates for trusted servers.
+ * @return 0 on success
+ *
+ * @brief For connectors that have been created directly from the driver (client
+ * connections), rather than from the listener.  See
+ * ::pn_listener_ssl_set_trusted_certificates.
+ */
+int pn_connector_ssl_set_trusted_certificates(pn_connector_t *connector,
+                                              const char *certificates);
+
+
+
+/** Configure the identifying certificate for the connector.  Used for client connections
+ * that will have to authenticate with the remote server.
+ *
+ * @param[in] connector the connector that will provide this certificate.
+ * @param[in] certificate_file path to file containing the certificate.
+ * @param[in] private_key_file path to file the private key used to sign the certificate
+ * @param[in] password the password used to sign the key, else NULL if key is not protected.
+ * @return 0 on success
+ */
+int pn_connector_ssl_set_certificate(pn_connector_t *connector,
+                                     const char *certificate,
+                                     const char *private_key,
+                                     const char *private_key_password);
+
+
+/** Force the peer to authenticate.  This is intended to be used on those connectors that
+ * have been created by a listener - it permits the server to force authentication of the
+ * connected client.  See ::pn_listener_ssl_set_certificate.
+ *
+ * @param[in] connector the connector that will require authentication from its peer.
+ * @param[in] certificates if set, a restricted set of allowable certificates (subset of
+ *     trusted certificates configured).
+ * @return 0 on success
+ */
+int pn_connector_ssl_authenticate_peer(pn_connector_t *connector,
+                                       const char *certificates);
+
 #endif /* driver.h */

Modified: qpid/proton/branches/driver_abstraction/proton-c/pn_config.h.in
URL: http://svn.apache.org/viewvc/qpid/proton/branches/driver_abstraction/proton-c/pn_config.h.in?rev=1371795&r1=1371794&r2=1371795&view=diff
==============================================================================
--- qpid/proton/branches/driver_abstraction/proton-c/pn_config.h.in (original)
+++ qpid/proton/branches/driver_abstraction/proton-c/pn_config.h.in Fri Aug 10 18:14:25 2012
@@ -28,5 +28,6 @@
 
 #cmakedefine HAVE_POLL_H 1
 #cmakedefine HAVE_SYS_SELECT_H 1
+#cmakedefine HAVE_OPENSSL_H 1
 
 #endif /* pn_config.h */

Modified: qpid/proton/branches/driver_abstraction/proton-c/src/driver_impl.h
URL: http://svn.apache.org/viewvc/qpid/proton/branches/driver_abstraction/proton-c/src/driver_impl.h?rev=1371795&r1=1371794&r2=1371795&view=diff
==============================================================================
--- qpid/proton/branches/driver_abstraction/proton-c/src/driver_impl.h (original)
+++ qpid/proton/branches/driver_abstraction/proton-c/src/driver_impl.h Fri Aug 10 18:14:25 2012
@@ -43,6 +43,7 @@ struct pn_driver_t {
 int pn_driver_impl_init( struct pn_driver_t * );
 void pn_driver_impl_destroy( struct pn_driver_t * );
 
+struct pn_listener_ssl_impl_t;
 
 struct pn_listener_t {
   pn_driver_t *driver;
@@ -53,6 +54,7 @@ struct pn_listener_t {
   void *context;
 
   struct pn_listener_impl_t *impl;
+  struct pn_listener_ssl_impl_t *ssl;
 };
 
 int pn_listener_impl_init( struct pn_listener_t *);

Modified: qpid/proton/branches/driver_abstraction/proton-c/src/drivers/driver_select.c
URL: http://svn.apache.org/viewvc/qpid/proton/branches/driver_abstraction/proton-c/src/drivers/driver_select.c?rev=1371795&r1=1371794&r2=1371795&view=diff
==============================================================================
--- qpid/proton/branches/driver_abstraction/proton-c/src/drivers/driver_select.c (original)
+++ qpid/proton/branches/driver_abstraction/proton-c/src/drivers/driver_select.c Fri Aug 10 18:14:25 2012
@@ -84,12 +84,11 @@ void pn_driver_impl_wait(pn_driver_t *d,
   pn_driver_impl_t *impl = d->impl;
 
   // setup the select
-  impl->max_fds = -1;
   FD_ZERO(&impl->readfds);
   FD_ZERO(&impl->writefds);
 
   FD_SET(d->ctrl[0], &impl->readfds);
-  if (d->ctrl[0] > impl->max_fds) impl->max_fds = d->ctrl[0];
+  impl->max_fds = d->ctrl[0];
 
   pn_listener_t *l = d->listener_head;
   for (int i = 0; i < d->listener_count; i++) {



---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org