You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@apr.apache.org by dr...@apache.org on 2006/06/20 15:41:52 UTC
svn commit: r415639 - in /apr/apr-util/trunk: build.conf include/apr_ssl.h
include/private/apr_ssl_openssl_private.h include/private/apr_ssl_private.h
ssl/ ssl/apr_ssl.c ssl/apr_ssl_openssl.c ssl/apr_ssl_socket.c test/
test/Makefile.in test/testssl.c
Author: dreid
Date: Tue Jun 20 06:41:51 2006
New Revision: 415639
URL: http://svn.apache.org/viewvc?rev=415639&view=rev
Log:
First dump of some ssl sockets code. This follows the methodology of the
patch, but attempts to break out everything that is specific to OpenSSL
into a seperate file. The rationale shouldn't be hard to follow.
This does makes things slightly moer complex and adds another layer of
indirection, but there shouldn't be much of a hit because of it. Hopefully
this will be generic enough that some windows person can add win32 support?
The test app runs, but is about as basic a test as you could write :-) Should
add a "server" test to handle bind/listen/accept cases as these are presently
untested.
Error handling needs to be beefed up, especially on the read/write, but this is
just a first dump to get the code out there and into the public arena.
Added:
apr/apr-util/trunk/include/apr_ssl.h
apr/apr-util/trunk/include/private/apr_ssl_openssl_private.h
apr/apr-util/trunk/include/private/apr_ssl_private.h
apr/apr-util/trunk/ssl/ (with props)
apr/apr-util/trunk/ssl/apr_ssl.c
apr/apr-util/trunk/ssl/apr_ssl_openssl.c
apr/apr-util/trunk/ssl/apr_ssl_socket.c
apr/apr-util/trunk/test/testssl.c
Modified:
apr/apr-util/trunk/build.conf
apr/apr-util/trunk/test/ (props changed)
apr/apr-util/trunk/test/Makefile.in
Modified: apr/apr-util/trunk/build.conf
URL: http://svn.apache.org/viewvc/apr/apr-util/trunk/build.conf?rev=415639&r1=415638&r2=415639&view=diff
==============================================================================
--- apr/apr-util/trunk/build.conf (original)
+++ apr/apr-util/trunk/build.conf Tue Jun 20 06:41:51 2006
@@ -20,6 +20,7 @@
strmatch/*.c
xlate/*.c
dbd/*.c
+ ssl/*.c
# we have no platform-specific subdirs
platform_dirs =
Added: apr/apr-util/trunk/include/apr_ssl.h
URL: http://svn.apache.org/viewvc/apr/apr-util/trunk/include/apr_ssl.h?rev=415639&view=auto
==============================================================================
--- apr/apr-util/trunk/include/apr_ssl.h (added)
+++ apr/apr-util/trunk/include/apr_ssl.h Tue Jun 20 06:41:51 2006
@@ -0,0 +1,78 @@
+/* Copyright 2000-2006 The Apache Software Foundation or its licensors, as
+ * applicable.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef APR_SSL_H
+#define APR_SSL_H
+
+#include "apu.h"
+#include "apr.h"
+#include "apr_errno.h"
+#include "apr_pools.h"
+#include "apr_network_io.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * @file apr_ssl.h
+ * @brief APR-UTIL SSL socket functions
+ */
+/**
+ * @defgroup APR_Util_SSL SSL socket routines
+ * @ingroup APR_Util
+ * @{
+ */
+/**
+ * Structure for referencing an ssl "factory"
+ */
+typedef struct apr_ssl_factory apr_ssl_factory_t;
+typedef struct apr_ssl_socket apr_ssl_socket_t;
+
+APU_DECLARE(apr_status_t) apr_ssl_factory_create(apr_ssl_factory_t **,
+ const char *, const char *, const char *, apr_pool_t *);
+
+
+
+APU_DECLARE(apr_status_t) apr_ssl_socket_create(apr_ssl_socket_t **,
+ int, int, int,
+ apr_ssl_factory_t *,
+ apr_pool_t *);
+
+APU_DECLARE(apr_status_t) apr_ssl_socket_close(apr_ssl_socket_t *);
+
+APU_DECLARE(apr_status_t) apr_ssl_socket_connect(apr_ssl_socket_t *, apr_sockaddr_t *);
+
+APU_DECLARE(apr_status_t) apr_ssl_socket_send(apr_ssl_socket_t *,
+ const char *,
+ apr_size_t *);
+
+APU_DECLARE(apr_status_t) apr_ssl_socket_recv(apr_ssl_socket_t *,
+ char *, apr_size_t *);
+
+APU_DECLARE(apr_status_t) apr_ssl_socket_bind(apr_ssl_socket_t *, apr_sockaddr_t *);
+
+APU_DECLARE(apr_status_t) apr_ssl_socket_listen(apr_ssl_socket_t *, apr_int32_t);
+
+APU_DECLARE(apr_status_t) apr_ssl_socket_accept(apr_ssl_socket_t **,
+ apr_ssl_socket_t *,
+ apr_pool_t *);
+/** @} */
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* !APR_DBM_H */
Added: apr/apr-util/trunk/include/private/apr_ssl_openssl_private.h
URL: http://svn.apache.org/viewvc/apr/apr-util/trunk/include/private/apr_ssl_openssl_private.h?rev=415639&view=auto
==============================================================================
--- apr/apr-util/trunk/include/private/apr_ssl_openssl_private.h (added)
+++ apr/apr-util/trunk/include/private/apr_ssl_openssl_private.h Tue Jun 20 06:41:51 2006
@@ -0,0 +1,36 @@
+/* Copyright 2000-2006 The Apache Software Foundation or its licensors, as
+ * applicable.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef APR_SSL_OPENSSL_PRIVATE_H
+#define APR_SSL_OPENSSL_PRIVATE_H
+
+#ifdef APU_HAVE_OPENSSL
+
+#include <openssl/ssl.h>
+
+struct _apu_ssl_data {
+ SSL_CTX *ctx;
+ const EVP_MD *md;
+};
+
+struct _apu_ssl_socket_data {
+ SSL *ssl;
+};
+
+
+#endif /* APU_HAVE_OPENSSL */
+
+#endif /* ! APR_SSL_OPENSSL_PRIVATE_H */
Added: apr/apr-util/trunk/include/private/apr_ssl_private.h
URL: http://svn.apache.org/viewvc/apr/apr-util/trunk/include/private/apr_ssl_private.h?rev=415639&view=auto
==============================================================================
--- apr/apr-util/trunk/include/private/apr_ssl_private.h (added)
+++ apr/apr-util/trunk/include/private/apr_ssl_private.h Tue Jun 20 06:41:51 2006
@@ -0,0 +1,71 @@
+/* Copyright 2000-2006 The Apache Software Foundation or its licensors, as
+ * applicable.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef APR_SSL_PRIVATE_H
+#define APR_SSL_PRIVATE_H
+
+#include "apr.h"
+#include "apr_errno.h"
+#include "apr_pools.h"
+#include "apr_ssl.h"
+
+#include "apu.h"
+#include "apr_network_io.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/** @internal */
+
+typedef struct _apu_ssl_data _apu_ssl_data_t;
+typedef struct _apu_ssl_socket_data _apu_ssl_socket_data_t;
+
+/**
+ * SSL factory structure
+ */
+struct apr_ssl_factory {
+ apr_pool_t *pool;
+ _apu_ssl_data_t *sslData;
+};
+
+struct apr_ssl_socket {
+ apr_pool_t *pool;
+ apr_socket_t *plain;
+ apr_ssl_factory_t *factory;
+ int connected;
+ _apu_ssl_socket_data_t *sslData;
+};
+
+/**
+ * The following functions are provided by the implementations of
+ * SSL libraries.
+ */
+
+apr_status_t _ssl_init(void);
+apr_status_t _ssl_factory_create(apr_ssl_factory_t *, const char *, const char *, const char *);
+apr_status_t _ssl_socket_create(apr_ssl_socket_t *sslSock, apr_ssl_factory_t *asf);
+apr_status_t _ssl_socket_close(apr_ssl_socket_t *);
+apr_status_t _ssl_connect(apr_ssl_socket_t *);
+apr_status_t _ssl_send(apr_ssl_socket_t *, const char *, apr_size_t *);
+apr_status_t _ssl_socket_recv(apr_ssl_socket_t *, char *, apr_size_t *);
+apr_status_t _ssl_accept(apr_ssl_socket_t *, apr_ssl_socket_t *, apr_pool_t *);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* APR_SSL_PRIVATE_H */
Propchange: apr/apr-util/trunk/ssl/
------------------------------------------------------------------------------
--- svn:ignore (added)
+++ svn:ignore Tue Jun 20 06:41:51 2006
@@ -0,0 +1,2 @@
+.libs
+
Added: apr/apr-util/trunk/ssl/apr_ssl.c
URL: http://svn.apache.org/viewvc/apr/apr-util/trunk/ssl/apr_ssl.c?rev=415639&view=auto
==============================================================================
--- apr/apr-util/trunk/ssl/apr_ssl.c (added)
+++ apr/apr-util/trunk/ssl/apr_ssl.c Tue Jun 20 06:41:51 2006
@@ -0,0 +1,71 @@
+/* Copyright 2000-2006 The Apache Software Foundation or its licensors, as
+ * applicable.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "apr.h"
+#include "apr_errno.h"
+#include "apr_pools.h"
+#include "apr_strings.h"
+#define APR_WANT_MEMFUNC
+#define APR_WANT_STRFUNC
+#include "apr_want.h"
+#include "apr_general.h"
+
+#include "apu_config.h"
+
+#ifdef APU_HAVE_SSL
+
+#include "apu.h"
+#include "apr_ssl.h"
+#include "apr_ssl_private.h"
+
+#include <stdio.h>
+
+static int sslInit = 0;
+
+APU_DECLARE(apr_status_t) apr_ssl_factory_create(apr_ssl_factory_t **fact,
+ const char *privateKeyFn,
+ const char *certFn,
+ const char *digestType,
+ apr_pool_t *p)
+
+{
+ apr_ssl_factory_t *asf;
+
+ if (!p)
+ return APR_ENOPOOL;
+
+ asf = apr_pcalloc(p, sizeof(*asf));
+ if (!asf)
+ return ENOMEM;
+
+ if (! sslInit) {
+ if (_ssl_init() != APR_SUCCESS)
+ return APR_EGENERAL; /* ?? error code ?? */
+ sslInit = 1;
+ }
+
+ *fact = NULL;
+ asf->pool = p;
+ if (_ssl_factory_create(asf, privateKeyFn, certFn, digestType) != APR_SUCCESS)
+ return -1;
+
+ // should register a cleanup here
+ *fact = asf;
+ return APR_SUCCESS;
+}
+
+
+#endif /* APU_HAVE_SSL */
Added: apr/apr-util/trunk/ssl/apr_ssl_openssl.c
URL: http://svn.apache.org/viewvc/apr/apr-util/trunk/ssl/apr_ssl_openssl.c?rev=415639&view=auto
==============================================================================
--- apr/apr-util/trunk/ssl/apr_ssl_openssl.c (added)
+++ apr/apr-util/trunk/ssl/apr_ssl_openssl.c Tue Jun 20 06:41:51 2006
@@ -0,0 +1,181 @@
+/* Copyright 2000-2006 The Apache Software Foundation or its licensors, as
+ * applicable.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "apr.h"
+#include "apr_errno.h"
+#include "apr_pools.h"
+#include "apr_strings.h"
+#define APR_WANT_MEMFUNC
+#define APR_WANT_STRFUNC
+#include "apr_want.h"
+#include "apr_general.h"
+
+#include "apu_config.h"
+
+#ifdef APU_HAVE_OPENSSL
+
+#include "apu.h"
+#include "apr_portable.h"
+
+
+#include "apr_ssl.h"
+#include "apr_ssl_private.h"
+#include "apr_ssl_openssl_private.h"
+
+apr_status_t _ssl_init(void)
+{
+ CRYPTO_malloc_init();
+ SSL_load_error_strings();
+ SSL_library_init();
+ OpenSSL_add_all_algorithms();
+ return APR_SUCCESS;
+}
+
+apr_status_t _ssl_factory_create(apr_ssl_factory_t *asf,
+ const char *privateKeyFn,
+ const char *certFn,
+ const char *digestType)
+{
+ _apu_ssl_data_t *sslData = apr_pcalloc(asf->pool, sizeof(*sslData));
+ if (!sslData) {
+ return -1;
+ }
+
+ if (privateKeyFn && certFn) {
+ sslData->ctx = SSL_CTX_new(SSLv23_server_method());
+ if (sslData->ctx) {
+ if (!SSL_CTX_use_PrivateKey_file(sslData->ctx, privateKeyFn, SSL_FILETYPE_PEM) ||
+ !SSL_CTX_use_certificate_file(sslData->ctx, certFn, SSL_FILETYPE_PEM) ||
+ !SSL_CTX_check_private_key(sslData->ctx)) {
+ SSL_CTX_free(sslData->ctx);
+ return -1; // code?
+ }
+ }
+ } else {
+ sslData->ctx = SSL_CTX_new(SSLv23_client_method());
+ }
+
+ if (digestType) {
+ sslData->md = EVP_get_digestbyname(digestType);
+ // we don't care if this fails...
+ }
+
+ if (!sslData->ctx)
+ return APR_EGENERAL; // what code?
+
+ asf->sslData = sslData;
+
+ return APR_SUCCESS;
+}
+
+apr_status_t _ssl_socket_create(apr_ssl_socket_t *sslSock, apr_ssl_factory_t *asf)
+{
+ _apu_ssl_socket_data_t *sslData = apr_pcalloc(sslSock->pool, sizeof(*sslData));
+ apr_os_sock_t fd;
+
+ if (!sslData || !asf->sslData)
+ return -1;
+ sslData->ssl = SSL_new(asf->sslData->ctx);
+ if (!sslData->ssl)
+ return -1;
+
+ if (apr_os_sock_get(&fd, sslSock->plain) != APR_SUCCESS)
+ return -1;
+
+ SSL_set_fd(sslData->ssl, fd);
+ sslSock->sslData = sslData;
+ return APR_SUCCESS;
+}
+
+apr_status_t _ssl_socket_close(apr_ssl_socket_t *sock)
+{
+ int sslRv;
+ apr_status_t rv;
+
+ if (!sock->sslData->ssl)
+ return APR_SUCCESS;
+ if (sock->connected) {
+ if ((sslRv = SSL_shutdown(sock->sslData->ssl)) == 0)
+ sslRv = SSL_shutdown(sock->sslData->ssl);
+ if (sslRv == -1)
+ return -1;
+ }
+ SSL_free(sock->sslData->ssl);
+ sock->sslData->ssl = NULL;
+ return APR_SUCCESS;
+}
+
+apr_status_t _ssl_connect(apr_ssl_socket_t *sock)
+{
+ if (!sock->sslData->ssl)
+ return APR_EINVAL;
+
+ if (SSL_connect(sock->sslData->ssl)) {
+ sock->connected = 1;
+ return APR_SUCCESS;
+ }
+ return -1;
+}
+
+apr_status_t _ssl_send(apr_ssl_socket_t *sock, const char *buf, apr_size_t *len)
+{
+ apr_status_t rv;
+ int sslOp;
+
+ sslOp = SSL_write(sock->sslData->ssl, buf, *len);
+ if (sslOp > 0) {
+ *len = sslOp;
+ return APR_SUCCESS;
+ }
+ return -1;
+}
+
+apr_status_t _ssl_recv(apr_ssl_socket_t * sock,
+ char *buf, apr_size_t *len)
+{
+ int sslOp;
+
+ sslOp = SSL_read(sock->sslData->ssl, buf, *len);
+ if (sslOp > 0) {
+ *len = sslOp;
+ return APR_SUCCESS;
+ }
+ return -1;
+}
+
+apr_status_t _ssl_accept(apr_ssl_socket_t *newSock, apr_ssl_socket_t *oldSock, apr_pool_t *pool)
+{
+ _apu_ssl_socket_data_t *sslData = apr_pcalloc(pool, sizeof(*sslData));
+ apr_os_sock_t fd;
+
+ if (!sslData || !oldSock->factory)
+ return -1;
+
+ sslData->ssl = SSL_new(oldSock->factory->sslData->ctx);
+ if (!sslData->ssl)
+ return -1;
+
+ if (apr_os_sock_get(&fd, newSock->plain) != APR_SUCCESS)
+ return -1;
+ SSL_set_fd(sslData->ssl, fd);
+
+ newSock->pool = pool;
+ newSock->sslData = sslData;
+ newSock->factory = oldSock->factory;
+ return APR_SUCCESS;
+}
+
+#endif
Added: apr/apr-util/trunk/ssl/apr_ssl_socket.c
URL: http://svn.apache.org/viewvc/apr/apr-util/trunk/ssl/apr_ssl_socket.c?rev=415639&view=auto
==============================================================================
--- apr/apr-util/trunk/ssl/apr_ssl_socket.c (added)
+++ apr/apr-util/trunk/ssl/apr_ssl_socket.c Tue Jun 20 06:41:51 2006
@@ -0,0 +1,159 @@
+/* Copyright 2000-2006 The Apache Software Foundation or its licensors, as
+ * applicable.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "apr.h"
+#include "apr_errno.h"
+#include "apr_pools.h"
+#include "apr_strings.h"
+#define APR_WANT_MEMFUNC
+#define APR_WANT_STRFUNC
+#include "apr_want.h"
+#include "apr_general.h"
+
+#include "apu_config.h"
+
+#ifdef APU_HAVE_SSL
+
+#include "apu.h"
+#include "apr_ssl.h"
+#include "apr_ssl_private.h"
+
+#include "apr_network_io.h"
+#include "apr_portable.h"
+
+#include <stdio.h>
+
+
+APU_DECLARE(apr_status_t) apr_ssl_socket_create(apr_ssl_socket_t **sock,
+ int family, int type, int protocol,
+ apr_ssl_factory_t *asf,
+ apr_pool_t *p)
+{
+ apr_ssl_socket_t *sslSock;
+ apr_socket_t *plainSock;
+ apr_pool_t *thepool;
+
+ if (!asf)
+ return -1;
+
+ thepool = p ? p : asf->pool;
+ if (!thepool)
+ return APR_ENOPOOL;
+
+ sslSock = apr_pcalloc(thepool, sizeof(*sslSock));
+ if (!sslSock)
+ return ENOMEM;
+
+ if (apr_socket_create(&sslSock->plain, family, type, protocol, thepool) != APR_SUCCESS) {
+ return -1;
+ }
+ sslSock->pool = thepool;
+ sslSock->factory = asf;
+ if (_ssl_socket_create(sslSock, asf) != APR_SUCCESS) {
+ apr_socket_close(plainSock);
+ return -1;
+ }
+
+ *sock = sslSock;
+ return APR_SUCCESS;
+}
+
+APU_DECLARE(apr_status_t) apr_ssl_socket_close(apr_ssl_socket_t *sock)
+{
+ apr_status_t rv;
+ if (!sock || !sock->sslData)
+ return APR_EINVAL;
+
+ if ((rv = _ssl_socket_close(sock)) != APR_SUCCESS)
+ return rv;
+ return apr_socket_close(sock->plain);
+}
+
+APU_DECLARE(apr_status_t) apr_ssl_socket_connect(apr_ssl_socket_t *sock,
+ apr_sockaddr_t *sa)
+{
+ apr_status_t rv;
+ int sslErr;
+
+ if (!sock || !sock->sslData || !sock->plain)
+ return APR_EINVAL;
+
+ if ((rv = apr_socket_connect(sock->plain, sa)) != APR_SUCCESS)
+ return rv;
+ return _ssl_connect(sock);
+}
+
+APU_DECLARE(apr_status_t) apr_ssl_socket_send(apr_ssl_socket_t *sock,
+ const char *buf,
+ apr_size_t *len)
+{
+ return _ssl_send(sock, buf, len);
+}
+
+APU_DECLARE(apr_status_t) apr_ssl_socket_recv(apr_ssl_socket_t * sock,
+ char *buf, apr_size_t *len)
+{
+ return _ssl_recv(sock, buf, len);
+}
+
+APU_DECLARE(apr_status_t) apr_ssl_socket_bind(apr_ssl_socket_t *sock,
+ apr_sockaddr_t *sa)
+{
+ return apr_socket_bind(sock->plain, sa);
+}
+
+APU_DECLARE(apr_status_t) apr_ssl_socket_listen(apr_ssl_socket_t *sock,
+ apr_int32_t backlog)
+{
+ return apr_socket_listen(sock->plain, backlog);
+}
+
+APU_DECLARE(apr_status_t) apr_ssl_socket_accept(apr_ssl_socket_t **news,
+ apr_ssl_socket_t *sock,
+ apr_pool_t *conn)
+{
+ apr_status_t rv;
+ apr_socket_t *newSock;
+ apr_ssl_socket_t *newSSLSock;
+ apr_pool_t *thepool;
+
+ if (!sock || !sock->sslData)
+ return APR_EINVAL;
+
+ thepool = (conn ? conn : sock->pool);
+ if (!thepool)
+ return APR_ENOPOOL;
+
+ rv = apr_socket_accept(&newSock, sock->plain, thepool);
+ if (rv != APR_SUCCESS)
+ return rv;
+
+ newSSLSock = apr_pcalloc(thepool, sizeof(*newSSLSock));
+ if (!newSSLSock) {
+ apr_socket_close(newSock);
+ return ENOMEM;
+ }
+ newSSLSock->plain = newSock;
+ if (_ssl_accept(newSSLSock, sock, thepool) != APR_SUCCESS) {
+ apr_socket_close(newSock);
+ return APR_EGENERAL;
+ }
+ *news = newSSLSock;
+ return APR_SUCCESS;
+}
+
+
+#endif /* APU_HAVE_SSL */
Propchange: apr/apr-util/trunk/test/
------------------------------------------------------------------------------
--- svn:ignore (original)
+++ svn:ignore Tue Jun 20 06:41:51 2006
@@ -22,3 +22,4 @@
testxlate
testdbd
dbd
+testssl
Modified: apr/apr-util/trunk/test/Makefile.in
URL: http://svn.apache.org/viewvc/apr/apr-util/trunk/test/Makefile.in?rev=415639&r1=415638&r2=415639&view=diff
==============================================================================
--- apr/apr-util/trunk/test/Makefile.in (original)
+++ apr/apr-util/trunk/test/Makefile.in Tue Jun 20 06:41:51 2006
@@ -3,7 +3,7 @@
INCLUDES = @APRUTIL_PRIV_INCLUDES@ @APR_INCLUDES@ @APRUTIL_INCLUDES@
PROGRAMS = testall testdbm testdate testxml testrmm \
- testreslist testqueue testxlate dbd
+ testreslist testqueue testxlate dbd testssl
TARGETS = $(PROGRAMS)
APRUTIL_DOTTED_VERSION=@APRUTIL_DOTTED_VERSION@
@@ -72,6 +72,11 @@
testxlate_LDADD = $(TARGET_LIB_PATH)
testxlate: $(testxlate_OBJECTS) $(testxlate_LDADD)
$(LINK) $(APRUTIL_LDFLAGS) $(testxlate_OBJECTS) $(testxlate_LDADD) $(PROGRAM_DEPENDENCIES)
+
+testssl_OBJECTS = testssl.lo
+testssl_LDADD = $(TARGET_LIB_PATH)
+testssl: $(testssl_OBJECTS) $(testssl_LDADD)
+ $(LINK) $(APRUTIL_LDFLAGS) $(testssl_OBJECTS) $(testssl_LDADD) $(PROGRAM_DEPENDENCIES)
testall_OBJECTS = teststrmatch.lo testuri.lo testuuid.lo abts.lo testutil.lo \
testbuckets.lo testpass.lo testmd4.lo testmd5.lo testldap.lo \
Added: apr/apr-util/trunk/test/testssl.c
URL: http://svn.apache.org/viewvc/apr/apr-util/trunk/test/testssl.c?rev=415639&view=auto
==============================================================================
--- apr/apr-util/trunk/test/testssl.c (added)
+++ apr/apr-util/trunk/test/testssl.c Tue Jun 20 06:41:51 2006
@@ -0,0 +1,98 @@
+/* Copyright 2000-2006 The Apache Software Foundation or its licensors, as
+ * applicable.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/* This file came from the SDBM package (written by oz@nexus.yorku.ca).
+ * That package was under public domain. This file has been ported to
+ * APR, updated to ANSI C and other, newer idioms, and added to the Apache
+ * codebase under the above copyright and license.
+ */
+
+/*
+ * testssl: Simple APR SSL sockets test.
+ */
+
+#include "apr.h"
+#include "apr_general.h"
+#include "apr_pools.h"
+#include "apr_errno.h"
+#include "apr_getopt.h"
+#include "apr_time.h"
+#define APR_WANT_STRFUNC
+#include "apr_want.h"
+
+#include "apr_ssl.h"
+#include "apr_network_io.h"
+
+#if APR_HAVE_STDIO_H
+#include <stdio.h>
+#endif
+#if APR_HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+#include <stdlib.h> /* for atexit(), malloc() */
+#include <string.h>
+
+int main(int argc, const char * const * argv)
+{
+ apr_pool_t *pool;
+ apr_ssl_factory_t *asf = NULL;
+ apr_sockaddr_t *remoteSA;
+ apr_status_t rv;
+
+ (void) apr_initialize();
+ apr_pool_create(&pool, NULL);
+ atexit(apr_terminate);
+
+ if (apr_ssl_factory_create(&asf, NULL, NULL, NULL, pool) != APR_SUCCESS) {
+ fprintf(stderr, "Unable to create client factory\n");
+
+ } else {
+ apr_ssl_socket_t *sslSock;
+ fprintf(stdout, "Client factory created\n");
+ if (apr_ssl_socket_create(&sslSock, AF_INET, SOCK_STREAM, 0, asf, NULL) != APR_SUCCESS) {
+ printf("failed to create socket\n");
+ } else {
+ printf("created ssl socket\n");
+
+ rv = apr_sockaddr_info_get(&remoteSA, "svn.apache.org", APR_UNSPEC,
+ 443, 0, pool);
+ if (rv == APR_SUCCESS) {
+ apr_size_t len = 16;
+ char buffer[4096];
+
+ rv = apr_ssl_socket_connect(sslSock, remoteSA);
+ printf("Connect = %s\n", (rv == APR_SUCCESS ? "OK" : "Failed"));
+
+ printf("send: %s\n",
+ (apr_ssl_socket_send(sslSock, "GET / HTTP/1.0\n\n", &len) == APR_SUCCESS ?
+ "OK" : "Failed"));
+
+ len = 4096;
+ printf("recv: %s\n%s\n",
+ (apr_ssl_socket_recv(sslSock, buffer, &len) == APR_SUCCESS ? "OK" : "Failed"),
+ buffer);
+
+ }
+
+ printf("close = %s\n",
+ (apr_ssl_socket_close(sslSock) == APR_SUCCESS ? "OK" : "Failed"));
+
+ }
+ }
+
+ apr_pool_destroy(pool);
+
+ return 0;
+}
Re: svn commit: r415639 - in /apr/apr-util/trunk: build.conf include/apr_ssl.h
include/private/apr_ssl_openssl_private.h include/private/apr_ssl_private.h
ssl/ ssl/apr_ssl.c ssl/apr_ssl_openssl.c ssl/apr_ssl_socket.c test/ test/Makefile.in
test/testssl.c
Posted by "William A. Rowe, Jr." <wr...@rowe-clan.net>.
Joe Orton wrote:
> On Tue, Jun 20, 2006 at 01:41:52PM -0000, David Reid wrote:
>> Author: dreid
>> Date: Tue Jun 20 06:41:51 2006
>> New Revision: 415639
>>
>> URL: http://svn.apache.org/viewvc?rev=415639&view=rev
>> Log:
>> First dump of some ssl sockets code. This follows the methodology of the
>> patch, but attempts to break out everything that is specific to OpenSSL
>> into a seperate file. The rationale shouldn't be hard to follow.
>>
>> This does makes things slightly moer complex and adds another layer of
>> indirection, but there shouldn't be much of a hit because of it. Hopefully
>> this will be generic enough that some windows person can add win32 support?
>
> This looks quite a long way from being ready. Good intentions
> notwithstanding (but certainly appreciated) I'd rather see this develop
> in a branch before hitting the trunk, I don't want to end up with
> another "apr/random affair".
Well, first win32 support is reasonably trivial and I'll add it in Dublin.
I'll also propose the code to replace 'apr hashing' with OpenSSL hashing,
and some of the other silly wheels we reinvent. Of course we can fall back
on our own implementations when the user doesn't build against APR.
This actually means, if the user builds in a FIPS mode, that md4 and md5 both
return ENOTIMPL because they go against FIPS policy, while if it isn't against
a FIPS build we can use DES_crypt instead of machine 8-char-silly crypt. (This
means real htpasswd support on win32, and portable htpasswd crypt if the user
so chooses - hmmm, aught to think of a way to toggle that explicitly.)
But I'm not expecting many would build apr against openssl-fips validated
crypto, until httpd is also ready (which it is, Ben started the work, I finished
it for RSA, now to bring this effort back to the party.) Don't worry about the
app you have which calls apr_md5 right now breaking in the next release. (Oh,
but consider using a better hash like sha1 or sha2 family :-)
I'd suggest that if you want to prepare to release a 1.3 without these features,
that we simply branch from prior to David's last commit. I'm neutral, and would
frankly invest more in this 'current branch' than some offshoot of yesterday's
trunk. But I don't see a reason to stop progress, either by a prospective RM
"right now" or by committers working on new things.
> - header files need documentation not just function stubs
> - global symbols must use ap[ru] prefix even if they are project-internal
> - no symbols must start with an underscore
> - C++-style comments bad
All good points.
Re: svn commit: r415639 - in /apr/apr-util/trunk: build.conf include/apr_ssl.h include/private/apr_ssl_openssl_private.h include/private/apr_ssl_private.h ssl/ ssl/apr_ssl.c ssl/apr_ssl_openssl.c ssl/apr_ssl_socket.c test/ test/Makefile.in test/testssl.c
Posted by Joe Orton <jo...@redhat.com>.
On Tue, Jun 20, 2006 at 01:41:52PM -0000, David Reid wrote:
> Author: dreid
> Date: Tue Jun 20 06:41:51 2006
> New Revision: 415639
>
> URL: http://svn.apache.org/viewvc?rev=415639&view=rev
> Log:
> First dump of some ssl sockets code. This follows the methodology of the
> patch, but attempts to break out everything that is specific to OpenSSL
> into a seperate file. The rationale shouldn't be hard to follow.
>
> This does makes things slightly moer complex and adds another layer of
> indirection, but there shouldn't be much of a hit because of it. Hopefully
> this will be generic enough that some windows person can add win32 support?
This looks quite a long way from being ready. Good intentions
notwithstanding (but certainly appreciated) I'd rather see this develop
in a branch before hitting the trunk, I don't want to end up with
another "apr/random affair".
- header files need documentation not just function stubs
- global symbols must use ap[ru] prefix even if they are project-internal
- no symbols must start with an underscore
- C++-style comments bad
...
joe