Author: kgiusti
Date: Fri Aug 10 18:14:25 2012
New Revision: 1371795
URL: http://svn.apache.org/viewvc?rev=1371795&view=rev
Log:
checkpoint
Modified:
qpid/proton/branches/driver_abstraction/proton-c/CMakeLists.txt
qpid/proton/branches/driver_abstraction/proton-c/include/proton/driver.h
qpid/proton/branches/driver_abstraction/proton-c/pn_config.h.in
qpid/proton/branches/driver_abstraction/proton-c/src/driver_impl.h
qpid/proton/branches/driver_abstraction/proton-c/src/drivers/driver_select.c
Modified: qpid/proton/branches/driver_abstraction/proton-c/CMakeLists.txt
URL:
http://svn.apache.org/viewvc/qpid/proton/branches/driver_abstraction/proton-c/CMakeLists.txt?rev=1371795&r1=1371794&r2=1371795&view=diff
==============================================================================
--- qpid/proton/branches/driver_abstraction/proton-c/CMakeLists.txt (original)
+++ qpid/proton/branches/driver_abstraction/proton-c/CMakeLists.txt Fri Aug 10
18:14:25 2012
@@ -10,6 +10,7 @@ include(CheckIncludeFile)
CHECK_INCLUDE_FILE(poll.h HAVE_POLL_H)
CHECK_INCLUDE_FILE(sys/select.h HAVE_SYS_SELECT_H)
+CHECK_INCLUDE_FILE(openssl/ssl.h HAVE_OPENSSL_H)
# Set default poller implementation (check from general to specific to allow
overriding)
if (HAVE_SYS_SELECT_H)
Modified:
qpid/proton/branches/driver_abstraction/proton-c/include/proton/driver.h
URL:
http://svn.apache.org/viewvc/qpid/proton/branches/driver_abstraction/proton-c/include/proton/driver.h?rev=1371795&r1=1371794&r2=1371795&view=diff
==============================================================================
--- qpid/proton/branches/driver_abstraction/proton-c/include/proton/driver.h
(original)
+++ qpid/proton/branches/driver_abstraction/proton-c/include/proton/driver.h
Fri Aug 10 18:14:25 2012
@@ -159,6 +159,36 @@ void pn_listener_close(pn_listener_t *li
*/
void pn_listener_free(pn_listener_t *listener);
+/** Set the identifying certificate for the listener. This certificate will
set the
+ * identity for all connectors created from this listener. Setting these
parameters
+ * configures the pn_listener_t to use SSL/TLS on all connectors created from
this
+ * listener (see ::pn_listener_accept). The certificate will be used for
authenticating
+ * this server to connecting clients and encrypting the data stream.
+ *
+ * @param[in] listener the listener that will provide this certificate.
+ * @param[in] certificate_file path to file containing the certificate.
+ * @param[in] private_key_file path to file the private key used to sign the
certificate
+ * @param[in] password the password used to sign the key, else NULL if key is
not protected.
+ * @return 0 on success
+ */
+int pn_listener_ssl_set_certificate(pn_listener_t *listener,
+ const char *certificate_file,
+ const char *private_key_file,
+ const char *password);
+
+
+/** Permit a listener that has been configured to use SSL/TLS to accept
connection
+ * requests from clients that are not using SSL/TLS. This configures the
listener to
+ * "sniff" the incoming client data stream, and dynamically determine whether
SSL/TLS is
+ * being used on a per-client basis. This option is disabled by default: only
clients
+ * using SSL/TLS are accepted. See ::pn_listener_ssl_set_certificate.
+ *
+ * @param[in] listener the listener that will accept client connections.
+ * @return 0 on success
+ */
+int pn_listener_ssl_allow_unsecured_clients(pn_listener_t *listener);
+
+
/** pn_connector - the client API **/
@@ -273,4 +303,50 @@ bool pn_connector_closed(pn_connector_t
*/
void pn_connector_free(pn_connector_t *connector);
+
+/** Configure the set of trusted server certificates for this connector. This
causes the
+ * connector to use SSL/TLS to authenticate the peer. It is intended to be
used by a
+ * client that is attempting to connecto to a trusted server. See
::pn_driver_connector
+ * ::pn_connector ::pn_connector_fd
+ *
+ * @param[in] listener the listener that will use the certificates.
+ * @param[in] certificates path to file containing certificates for trusted
servers.
+ * @return 0 on success
+ *
+ * @brief For connectors that have been created directly from the driver
(client
+ * connections), rather than from the listener. See
+ * ::pn_listener_ssl_set_trusted_certificates.
+ */
+int pn_connector_ssl_set_trusted_certificates(pn_connector_t *connector,
+ const char *certificates);
+
+
+
+/** Configure the identifying certificate for the connector. Used for client
connections
+ * that will have to authenticate with the remote server.
+ *
+ * @param[in] connector the connector that will provide this certificate.
+ * @param[in] certificate_file path to file containing the certificate.
+ * @param[in] private_key_file path to file the private key used to sign the
certificate
+ * @param[in] password the password used to sign the key, else NULL if key is
not protected.
+ * @return 0 on success
+ */
+int pn_connector_ssl_set_certificate(pn_connector_t *connector,
+ const char *certificate,
+ const char *private_key,
+ const char *private_key_password);
+
+
+/** Force the peer to authenticate. This is intended to be used on those
connectors that
+ * have been created by a listener - it permits the server to force
authentication of the
+ * connected client. See ::pn_listener_ssl_set_certificate.
+ *
+ * @param[in] connector the connector that will require authentication from
its peer.
+ * @param[in] certificates if set, a restricted set of allowable certificates
(subset of
+ * trusted certificates configured).
+ * @return 0 on success
+ */
+int pn_connector_ssl_authenticate_peer(pn_connector_t *connector,
+ const char *certificates);
+
#endif /* driver.h */
Modified: qpid/proton/branches/driver_abstraction/proton-c/pn_config.h.in
URL:
http://svn.apache.org/viewvc/qpid/proton/branches/driver_abstraction/proton-c/pn_config.h.in?rev=1371795&r1=1371794&r2=1371795&view=diff
==============================================================================
--- qpid/proton/branches/driver_abstraction/proton-c/pn_config.h.in (original)
+++ qpid/proton/branches/driver_abstraction/proton-c/pn_config.h.in Fri Aug 10
18:14:25 2012
@@ -28,5 +28,6 @@
#cmakedefine HAVE_POLL_H 1
#cmakedefine HAVE_SYS_SELECT_H 1
+#cmakedefine HAVE_OPENSSL_H 1
#endif /* pn_config.h */
Modified: qpid/proton/branches/driver_abstraction/proton-c/src/driver_impl.h
URL:
http://svn.apache.org/viewvc/qpid/proton/branches/driver_abstraction/proton-c/src/driver_impl.h?rev=1371795&r1=1371794&r2=1371795&view=diff
==============================================================================
--- qpid/proton/branches/driver_abstraction/proton-c/src/driver_impl.h
(original)
+++ qpid/proton/branches/driver_abstraction/proton-c/src/driver_impl.h Fri Aug
10 18:14:25 2012
@@ -43,6 +43,7 @@ struct pn_driver_t {
int pn_driver_impl_init( struct pn_driver_t * );
void pn_driver_impl_destroy( struct pn_driver_t * );
+struct pn_listener_ssl_impl_t;
struct pn_listener_t {
pn_driver_t *driver;
@@ -53,6 +54,7 @@ struct pn_listener_t {
void *context;
struct pn_listener_impl_t *impl;
+ struct pn_listener_ssl_impl_t *ssl;
};
int pn_listener_impl_init( struct pn_listener_t *);
Modified:
qpid/proton/branches/driver_abstraction/proton-c/src/drivers/driver_select.c
URL:
http://svn.apache.org/viewvc/qpid/proton/branches/driver_abstraction/proton-c/src/drivers/driver_select.c?rev=1371795&r1=1371794&r2=1371795&view=diff
==============================================================================
---
qpid/proton/branches/driver_abstraction/proton-c/src/drivers/driver_select.c
(original)
+++
qpid/proton/branches/driver_abstraction/proton-c/src/drivers/driver_select.c
Fri Aug 10 18:14:25 2012
@@ -84,12 +84,11 @@ void pn_driver_impl_wait(pn_driver_t *d,
pn_driver_impl_t *impl = d->impl;
// setup the select
- impl->max_fds = -1;
FD_ZERO(&impl->readfds);
FD_ZERO(&impl->writefds);
FD_SET(d->ctrl[0], &impl->readfds);
- if (d->ctrl[0] > impl->max_fds) impl->max_fds = d->ctrl[0];
+ impl->max_fds = d->ctrl[0];
pn_listener_t *l = d->listener_head;
for (int i = 0; i < d->listener_count; i++) {
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
