You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@qpid.apache.org by rh...@apache.org on 2014/09/23 13:42:57 UTC
svn commit: r1626980 - in /qpid/proton/trunk/proton-c:
include/proton/messenger.h src/messenger/messenger.c
Author: rhs
Date: Tue Sep 23 11:42:57 2014
New Revision: 1626980
URL: http://svn.apache.org/r1626980
Log:
PROTON-676: patch from dominic for setter for SSL peer authentication mode
Modified:
qpid/proton/trunk/proton-c/include/proton/messenger.h
qpid/proton/trunk/proton-c/src/messenger/messenger.c
Modified: qpid/proton/trunk/proton-c/include/proton/messenger.h
URL: http://svn.apache.org/viewvc/qpid/proton/trunk/proton-c/include/proton/messenger.h?rev=1626980&r1=1626979&r2=1626980&view=diff
==============================================================================
--- qpid/proton/trunk/proton-c/include/proton/messenger.h (original)
+++ qpid/proton/trunk/proton-c/include/proton/messenger.h Tue Sep 23 11:42:57 2014
@@ -29,6 +29,7 @@
#include <proton/terminus.h>
#include <proton/link.h>
#include <proton/transport.h>
+#include <proton/ssl.h>
#ifdef __cplusplus
extern "C" {
@@ -988,6 +989,19 @@ PN_EXTERN pn_millis_t
pn_messenger_get_remote_idle_timeout(pn_messenger_t *messenger,
const char *address);
+/**
+ * Sets the SSL peer authentiacation mode required when a trust
+ * certificate is used.
+ *
+ * @param[in] messenger a messenger object
+ * @param[in] mode the mode required (see pn_ssl_verify_mode_t
+ * enum for valid values)
+ * @return 0 if successful or -1 if an error occurs
+ */
+PN_EXTERN int
+pn_messenger_set_ssl_peer_authentication_mode(pn_messenger_t *messenger,
+ const pn_ssl_verify_mode_t mode);
+
#ifdef __cplusplus
}
#endif
Modified: qpid/proton/trunk/proton-c/src/messenger/messenger.c
URL: http://svn.apache.org/viewvc/qpid/proton/trunk/proton-c/src/messenger/messenger.c?rev=1626980&r1=1626979&r2=1626980&view=diff
==============================================================================
--- qpid/proton/trunk/proton-c/src/messenger/messenger.c (original)
+++ qpid/proton/trunk/proton-c/src/messenger/messenger.c Tue Sep 23 11:42:57 2014
@@ -104,6 +104,7 @@ struct pn_messenger_t {
pn_snd_settle_mode_t snd_settle_mode;
pn_rcv_settle_mode_t rcv_settle_mode;
pn_tracer_t tracer;
+ pn_ssl_verify_mode_t ssl_peer_authentication_mode;
bool blocking;
bool passive;
bool interrupted;
@@ -651,6 +652,7 @@ pn_messenger_t *pn_messenger(const char
m->snd_settle_mode = PN_SND_SETTLED;
m->rcv_settle_mode = PN_RCV_FIRST;
m->tracer = NULL;
+ m->ssl_peer_authentication_mode = PN_SSL_VERIFY_PEER_NAME;
}
return m;
@@ -927,7 +929,8 @@ static int pn_transport_config(pn_messen
pn_error_report("CONNECTION", "invalid certificate db");
return err;
}
- err = pn_ssl_domain_set_peer_authentication(d, PN_SSL_VERIFY_PEER_NAME, NULL);
+ err = pn_ssl_domain_set_peer_authentication(
+ d, messenger->ssl_peer_authentication_mode, NULL);
if (err) {
pn_error_report("CONNECTION", "error configuring ssl to verify peer");
}
@@ -2342,3 +2345,13 @@ pn_millis_t pn_messenger_get_remote_idle
}
return timeout;
}
+
+int
+pn_messenger_set_ssl_peer_authentication_mode(pn_messenger_t *messenger,
+ const pn_ssl_verify_mode_t mode)
+{
+ if (!messenger)
+ return PN_ARG_ERR;
+ messenger->ssl_peer_authentication_mode = mode;
+ return 0;
+}
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org