You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@qpid.apache.org by cl...@apache.org on 2016/03/01 16:12:16 UTC
qpid-proton git commit: PROTON-1138: clearer naming of SASL options;
make private various implementation details
Repository: qpid-proton
Updated Branches:
refs/heads/master cd58e7774 -> af64ead9d
PROTON-1138: clearer naming of SASL options; make private various implementation details
Project: http://git-wip-us.apache.org/repos/asf/qpid-proton/repo
Commit: http://git-wip-us.apache.org/repos/asf/qpid-proton/commit/af64ead9
Tree: http://git-wip-us.apache.org/repos/asf/qpid-proton/tree/af64ead9
Diff: http://git-wip-us.apache.org/repos/asf/qpid-proton/diff/af64ead9
Branch: refs/heads/master
Commit: af64ead9dde90a47c3c3d93ed52c8885fc51e0e7
Parents: cd58e77
Author: Clifford Jansen <cl...@apache.org>
Authored: Tue Mar 1 10:11:45 2016 -0500
Committer: Clifford Jansen <cl...@apache.org>
Committed: Tue Mar 1 10:11:45 2016 -0500
----------------------------------------------------------------------
examples/cpp/ssl.cpp | 7 +++--
examples/cpp/ssl_client_cert.cpp | 10 +++---
.../bindings/cpp/include/proton/connection.hpp | 8 ++---
.../cpp/include/proton/connection_options.hpp | 24 +++++----------
proton-c/bindings/cpp/include/proton/link.hpp | 23 ++++++--------
proton-c/bindings/cpp/include/proton/ssl.hpp | 9 ++----
.../bindings/cpp/src/connection_options.cpp | 32 +++++++-------------
7 files changed, 42 insertions(+), 71 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/qpid-proton/blob/af64ead9/examples/cpp/ssl.cpp
----------------------------------------------------------------------
diff --git a/examples/cpp/ssl.cpp b/examples/cpp/ssl.cpp
index e2fc54e..209a766 100644
--- a/examples/cpp/ssl.cpp
+++ b/examples/cpp/ssl.cpp
@@ -74,10 +74,11 @@ class hello_world_direct : public proton::handler {
e.container().server_connection_options(server_opts);
// Configure client with a Certificate Authority database populated with the server's self signed certificate.
+ // Since the test certifcate's credentials are unlikely to match this host's name, downgrade the verification
+ // from VERIFY_PEER_NAME to VERIFY_PEER.
connection_options client_opts;
- client_opts.ssl_client_options(platform_CA("tserver"));
- // Validate the server certificate against the known name in the certificate.
- client_opts.peer_hostname("test_server");
+ ssl_client_options ssl_cli(platform_CA("tserver"), proton::ssl::VERIFY_PEER);
+ client_opts.ssl_client_options(ssl_cli);
e.container().client_connection_options(client_opts);
s_handler.acceptor = e.container().listen(url);
http://git-wip-us.apache.org/repos/asf/qpid-proton/blob/af64ead9/examples/cpp/ssl_client_cert.cpp
----------------------------------------------------------------------
diff --git a/examples/cpp/ssl_client_cert.cpp b/examples/cpp/ssl_client_cert.cpp
index de1a0d7..c49957a 100644
--- a/examples/cpp/ssl_client_cert.cpp
+++ b/examples/cpp/ssl_client_cert.cpp
@@ -83,17 +83,17 @@ class hello_world_direct : public proton::handler {
ssl_server_options srv_ssl(server_cert, client_CA);
connection_options server_opts;
server_opts.ssl_server_options(srv_ssl).handler(&s_handler);
- server_opts.allowed_mechs("EXTERNAL");
+ server_opts.sasl_allowed_mechs("EXTERNAL");
e.container().server_connection_options(server_opts);
// Configure client.
ssl_certificate client_cert = platform_certificate("tclient", "tclientpw");
std::string server_CA = platform_CA("tserver");
- ssl_client_options ssl_cli(client_cert, server_CA);
+ // Since the test certifcate's credentials are unlikely to match this host's name, downgrade the verification
+ // from VERIFY_PEER_NAME to VERIFY_PEER.
+ ssl_client_options ssl_cli(client_cert, server_CA, proton::ssl::VERIFY_PEER);
connection_options client_opts;
- client_opts.ssl_client_options(ssl_cli).allowed_mechs("EXTERNAL");
- // Validate the server certificate against this name:
- client_opts.peer_hostname("test_server");
+ client_opts.ssl_client_options(ssl_cli).sasl_allowed_mechs("EXTERNAL");
e.container().client_connection_options(client_opts);
s_handler.inbound_listener = e.container().listen(url);
http://git-wip-us.apache.org/repos/asf/qpid-proton/blob/af64ead9/proton-c/bindings/cpp/include/proton/connection.hpp
----------------------------------------------------------------------
diff --git a/proton-c/bindings/cpp/include/proton/connection.hpp b/proton-c/bindings/cpp/include/proton/connection.hpp
index e841748..8761176 100644
--- a/proton-c/bindings/cpp/include/proton/connection.hpp
+++ b/proton-c/bindings/cpp/include/proton/connection.hpp
@@ -63,12 +63,6 @@ PN_CPP_CLASS_EXTERN connection : public object<pn_connection_t>, public endpoint
/// Return the AMQP host name for the connection.
PN_CPP_EXTERN std::string host() const;
- /// @cond INTERNAL
- /// XXX this should be a connection option, right? - make private
- /// Set the AMQP host name for the connection
- PN_CPP_EXTERN void host(const std::string& h);
- /// @endcond
-
/// Return the container ID for the connection.
PN_CPP_EXTERN std::string container_id() const;
@@ -123,6 +117,7 @@ PN_CPP_CLASS_EXTERN connection : public object<pn_connection_t>, public endpoint
private:
PN_CPP_EXTERN void user(const std::string &);
PN_CPP_EXTERN void password(const std::string &);
+ PN_CPP_EXTERN void host(const std::string& h);
/// @cond INTERNAL
friend class connection_context;
@@ -131,6 +126,7 @@ PN_CPP_CLASS_EXTERN connection : public object<pn_connection_t>, public endpoint
friend class connector;
friend class transport;
friend class container_impl;
+ friend class session;
/// @endcond
};
http://git-wip-us.apache.org/repos/asf/qpid-proton/blob/af64ead9/proton-c/bindings/cpp/include/proton/connection_options.hpp
----------------------------------------------------------------------
diff --git a/proton-c/bindings/cpp/include/proton/connection_options.hpp b/proton-c/bindings/cpp/include/proton/connection_options.hpp
index ae437a2..473da0e 100644
--- a/proton-c/bindings/cpp/include/proton/connection_options.hpp
+++ b/proton-c/bindings/cpp/include/proton/connection_options.hpp
@@ -114,24 +114,16 @@ class connection_options {
/// Set SSL server options.
PN_CPP_EXTERN connection_options& ssl_server_options(const class ssl_server_options &);
- /// @cond INTERNAL
-
- /// XXX remove - confirmed
- PN_CPP_EXTERN connection_options& peer_hostname(const std::string &name);
-
- /// XXX remove - confirmed
- PN_CPP_EXTERN connection_options& resume_id(const std::string &id);
-
- /// @endcond
-
/// Enable or disable SASL.
PN_CPP_EXTERN connection_options& sasl_enabled(bool);
-
- /// @cond INTERNAL
- /// XXX sasl_ prefix - confirmed
- PN_CPP_EXTERN connection_options& allow_insecure_mechs(bool);
- PN_CPP_EXTERN connection_options& allowed_mechs(const std::string &);
- /// @endcond
+
+ /// Force the enabling of SASL mechanisms that disclose clear text
+ /// passwords over the connection. By default, such mechanisms
+ /// are disabled.
+ PN_CPP_EXTERN connection_options& sasl_allow_insecure_mechs(bool);
+
+ /// Specify the allowed mechanisms for use on the connection.
+ PN_CPP_EXTERN connection_options& sasl_allowed_mechs(const std::string &);
/// Set the SASL configuration name.
PN_CPP_EXTERN connection_options& sasl_config_name(const std::string &);
http://git-wip-us.apache.org/repos/asf/qpid-proton/blob/af64ead9/proton-c/bindings/cpp/include/proton/link.hpp
----------------------------------------------------------------------
diff --git a/proton-c/bindings/cpp/include/proton/link.hpp b/proton-c/bindings/cpp/include/proton/link.hpp
index 90cb2f9..07c1ebf 100644
--- a/proton-c/bindings/cpp/include/proton/link.hpp
+++ b/proton-c/bindings/cpp/include/proton/link.hpp
@@ -129,20 +129,6 @@ PN_CPP_CLASS_EXTERN link : public object<pn_link_t> , public endpoint {
/// Unset any custom handler.
PN_CPP_EXTERN void detach_handler();
- /// @cond INTERNAL
-
- /// XXX ask about use case, revisit names - make private
- /// Get message data from current delivery on link.
- PN_CPP_EXTERN ssize_t recv(char* buffer, size_t size);
-
- /// XXX ask about use case, revisit names - make private
- /// Advance the link one delivery.
- PN_CPP_EXTERN bool advance();
-
- /// XXX make private
- /// Navigate the links in a connection - get next link with state.
- PN_CPP_EXTERN link next(endpoint::state) const;
-
/// XXX local versus remote, mutability
/// XXX - remove setters
/// XXX - local_sender_settle_mode and local_receiver_settle_mode
@@ -154,6 +140,15 @@ PN_CPP_CLASS_EXTERN link : public object<pn_link_t> , public endpoint {
PN_CPP_EXTERN link_options::receiver_settle_mode remote_receiver_settle_mode();
/// @endcond
+ private:
+ PN_CPP_EXTERN ssize_t recv(char* buffer, size_t size);
+ PN_CPP_EXTERN bool advance();
+ PN_CPP_EXTERN link next(endpoint::state) const;
+
+ /// @cond INTERNAL
+ friend class message;
+ friend class link_iterator;
+ /// @endcond
};
/// @cond INTERNAL
http://git-wip-us.apache.org/repos/asf/qpid-proton/blob/af64ead9/proton-c/bindings/cpp/include/proton/ssl.hpp
----------------------------------------------------------------------
diff --git a/proton-c/bindings/cpp/include/proton/ssl.hpp b/proton-c/bindings/cpp/include/proton/ssl.hpp
index 7cfdc69..b14ad95 100644
--- a/proton-c/bindings/cpp/include/proton/ssl.hpp
+++ b/proton-c/bindings/cpp/include/proton/ssl.hpp
@@ -161,18 +161,15 @@ class ssl_server_options : private internal::ssl_domain {
/// SSL configuration for outbound connections.
class ssl_client_options : private internal::ssl_domain {
public:
- /// Create SSL client options.
+ /// Create SSL client options (no client certificate).
PN_CPP_EXTERN ssl_client_options(const std::string &trust_db,
enum ssl::verify_mode = ssl::VERIFY_PEER_NAME);
- /// Create SSL client options.
- ///
- /// @internal
- /// XXX how is this distinct?
+ /// Create SSL client options with a client certificate.
PN_CPP_EXTERN ssl_client_options(ssl_certificate&, const std::string &trust_db,
enum ssl::verify_mode = ssl::VERIFY_PEER_NAME);
- /// Server SSL options restricted to available anonymous cipher
+ /// SSL connections restricted to available anonymous cipher
/// suites on the platform.
PN_CPP_EXTERN ssl_client_options();
http://git-wip-us.apache.org/repos/asf/qpid-proton/blob/af64ead9/proton-c/bindings/cpp/src/connection_options.cpp
----------------------------------------------------------------------
diff --git a/proton-c/bindings/cpp/src/connection_options.cpp b/proton-c/bindings/cpp/src/connection_options.cpp
index 5bc35aa..a5ee99e 100644
--- a/proton-c/bindings/cpp/src/connection_options.cpp
+++ b/proton-c/bindings/cpp/src/connection_options.cpp
@@ -56,11 +56,9 @@ class connection_options::impl {
option<reconnect_timer> reconnect;
option<class ssl_client_options> ssl_client_options;
option<class ssl_server_options> ssl_server_options;
- option<std::string> peer_hostname;
- option<std::string> resume_id;
option<bool> sasl_enabled;
- option<std::string> allowed_mechs;
- option<bool> allow_insecure_mechs;
+ option<std::string> sasl_allowed_mechs;
+ option<bool> sasl_allow_insecure_mechs;
option<std::string> sasl_config_name;
option<std::string> sasl_config_path;
@@ -78,13 +76,9 @@ class connection_options::impl {
{
// SSL
if (outbound && outbound->address().scheme() == url::AMQPS) {
- const char* id = resume_id.value.empty() ? NULL : resume_id.value.c_str();
pn_ssl_t *ssl = pn_ssl(pnt);
- if (pn_ssl_init(ssl, ssl_client_options.value.pn_domain(), id))
+ if (pn_ssl_init(ssl, ssl_client_options.value.pn_domain(), NULL))
throw error(MSG("client SSL/TLS initialization error"));
- if (peer_hostname.set && !peer_hostname.value.empty())
- if (pn_ssl_set_peer_hostname(ssl, peer_hostname.value.c_str()))
- throw error(MSG("error in SSL/TLS peer hostname \"") << peer_hostname.value << '"');
} else if (!outbound) {
pn_acceptor_t *pnp = pn_connection_acceptor(pnc);
if (pnp) {
@@ -102,10 +96,10 @@ class connection_options::impl {
if (!sasl_enabled.set || sasl_enabled.value) {
if (sasl_enabled.set) // Explicitly set, not just default behaviour.
t.sasl(); // Force a sasl instance. Lazily create one otherwise.
- if (allow_insecure_mechs.set)
- t.sasl().allow_insecure_mechs(allow_insecure_mechs.value);
- if (allowed_mechs.set)
- t.sasl().allowed_mechs(allowed_mechs.value);
+ if (sasl_allow_insecure_mechs.set)
+ t.sasl().allow_insecure_mechs(sasl_allow_insecure_mechs.value);
+ if (sasl_allowed_mechs.set)
+ t.sasl().allowed_mechs(sasl_allowed_mechs.value);
if (sasl_config_name.set)
t.sasl().config_name(sasl_config_name.value);
if (sasl_config_path.set)
@@ -141,11 +135,9 @@ class connection_options::impl {
reconnect.override(x.reconnect);
ssl_client_options.override(x.ssl_client_options);
ssl_server_options.override(x.ssl_server_options);
- resume_id.override(x.resume_id);
- peer_hostname.override(x.peer_hostname);
sasl_enabled.override(x.sasl_enabled);
- allow_insecure_mechs.override(x.allow_insecure_mechs);
- allowed_mechs.override(x.allowed_mechs);
+ sasl_allow_insecure_mechs.override(x.sasl_allow_insecure_mechs);
+ sasl_allowed_mechs.override(x.sasl_allowed_mechs);
sasl_config_name.override(x.sasl_config_name);
sasl_config_path.override(x.sasl_config_path);
}
@@ -175,11 +167,9 @@ connection_options& connection_options::link_prefix(const std::string &id) { imp
connection_options& connection_options::reconnect(const reconnect_timer &rc) { impl_->reconnect = rc; return *this; }
connection_options& connection_options::ssl_client_options(const class ssl_client_options &c) { impl_->ssl_client_options = c; return *this; }
connection_options& connection_options::ssl_server_options(const class ssl_server_options &c) { impl_->ssl_server_options = c; return *this; }
-connection_options& connection_options::resume_id(const std::string &id) { impl_->resume_id = id; return *this; }
-connection_options& connection_options::peer_hostname(const std::string &name) { impl_->peer_hostname = name; return *this; }
connection_options& connection_options::sasl_enabled(bool b) { impl_->sasl_enabled = b; return *this; }
-connection_options& connection_options::allow_insecure_mechs(bool b) { impl_->allow_insecure_mechs = b; return *this; }
-connection_options& connection_options::allowed_mechs(const std::string &s) { impl_->allowed_mechs = s; return *this; }
+connection_options& connection_options::sasl_allow_insecure_mechs(bool b) { impl_->sasl_allow_insecure_mechs = b; return *this; }
+connection_options& connection_options::sasl_allowed_mechs(const std::string &s) { impl_->sasl_allowed_mechs = s; return *this; }
connection_options& connection_options::sasl_config_name(const std::string &n) { impl_->sasl_config_name = n; return *this; }
connection_options& connection_options::sasl_config_path(const std::string &p) { impl_->sasl_config_path = p; return *this; }
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org