Author: kgiusti
Date: Tue Sep 18 13:08:06 2012
New Revision: 1387125
URL: http://svn.apache.org/viewvc?rev=1387125&view=rev
Log:
PROTON-2: checkpoint current work - does not compile
Added:
qpid/proton/branches/driver_abstraction/proton-c/include/proton/ssl.h
(with props)
qpid/proton/branches/driver_abstraction/proton-c/src/pollers/
qpid/proton/branches/driver_abstraction/proton-c/src/pollers/openssl.c
(contents, props changed)
- copied, changed from r1383921,
qpid/proton/branches/driver_abstraction/proton-c/src/drivers/openssl.c
qpid/proton/branches/driver_abstraction/proton-c/src/pollers/poll.c
(contents, props changed)
- copied, changed from r1383921,
qpid/proton/branches/driver_abstraction/proton-c/src/drivers/poll.c
qpid/proton/branches/driver_abstraction/proton-c/src/pollers/select.c
(contents, props changed)
- copied, changed from r1383921,
qpid/proton/branches/driver_abstraction/proton-c/src/drivers/select.c
qpid/proton/branches/driver_abstraction/proton-c/src/pollers/ssl.h
(contents, props changed)
- copied, changed from r1383921,
qpid/proton/branches/driver_abstraction/proton-c/src/drivers/ssl.h
qpid/proton/branches/driver_abstraction/proton-c/src/pollers/ssl_stub.c
(with props)
Removed:
qpid/proton/branches/driver_abstraction/proton-c/src/drivers/openssl.c
qpid/proton/branches/driver_abstraction/proton-c/src/drivers/poll.c
qpid/proton/branches/driver_abstraction/proton-c/src/drivers/select.c
qpid/proton/branches/driver_abstraction/proton-c/src/drivers/ssl.h
qpid/proton/branches/driver_abstraction/proton-c/src/drivers/ssl_stub.c
Modified:
qpid/proton/branches/driver_abstraction/examples/mailbox/fetch
qpid/proton/branches/driver_abstraction/examples/mailbox/post
qpid/proton/branches/driver_abstraction/examples/mailbox/server
qpid/proton/branches/driver_abstraction/proton-c/include/proton/driver.h
qpid/proton/branches/driver_abstraction/proton-c/src/driver.c
Modified: qpid/proton/branches/driver_abstraction/examples/mailbox/fetch
URL:
http://svn.apache.org/viewvc/qpid/proton/branches/driver_abstraction/examples/mailbox/fetch?rev=1387125&r1=1387124&r2=1387125&view=diff
==============================================================================
--- qpid/proton/branches/driver_abstraction/examples/mailbox/fetch (original)
+++ qpid/proton/branches/driver_abstraction/examples/mailbox/fetch Tue Sep 18
13:08:06 2012
@@ -37,7 +37,7 @@ class Options(object):
# SSL configuration
parser.add_option("--ssl-cert-db", type="str", metavar="<dir>",
- help="database of trusted certificates")
+ help="database of trusted certificates. Enables use
of SSL.")
# if server wants authentication:
#parser.add_option("--ssl-cert-file")
@@ -72,6 +72,7 @@ class FetchClient(object):
self.mailbox = mailbox
self.logging = False
self.ca_database = ca_database
+ self.ssl_client = None
def setup(self):
""" Setup and configure the connection to the server.
@@ -82,10 +83,15 @@ class FetchClient(object):
self.driver = pn_driver();
self.cxtr = pn_connector(self.driver, self.host, self.port, None)
- # configure database of trusted CA's
+ # Enable SSL if database of trusted CAs given
if self.ca_database:
- self.log("Using CA database = %s" % self.ca_database)
- rc = pn_connector_ssl_client_init(self.cxtr, self.ca_database)
+ self.log("Using SSL, CA database = %s" % self.ca_database)
+
+ ssl_client = pn_ssl(self.cxtr)
+ rc = pn_ssl_set_trusted_ca_db(ssl_client, self.ca_database)
+ assert(rc == 0)
+ # we want to fail if the server's certificate is invalid:
+ rc = pn_ssl_set_peer_authentication(ssl_client,
PN_SSL_VERIFY_PEER, None)
assert(rc == 0)
# configure SASL
Modified: qpid/proton/branches/driver_abstraction/examples/mailbox/post
URL:
http://svn.apache.org/viewvc/qpid/proton/branches/driver_abstraction/examples/mailbox/post?rev=1387125&r1=1387124&r2=1387125&view=diff
==============================================================================
--- qpid/proton/branches/driver_abstraction/examples/mailbox/post (original)
+++ qpid/proton/branches/driver_abstraction/examples/mailbox/post Tue Sep 18
13:08:06 2012
@@ -38,9 +38,9 @@ class Options(object):
# SSL configuration
parser.add_option("--ssl-cert-db", type="str", metavar="<dir>",
- help="database of trusted certificates")
+ help="database of trusted certificates. Enables use
of SSL.")
- # if server wants authentication:
+ # if server wants client authentication:
#parser.add_option("--ssl-cert-file")
#parser.add_option("--ssl-key-file")
#parser.add_option("--ssl-key-pw")
@@ -71,6 +71,7 @@ class PostClient(object):
self.mailbox = mailbox
self.logging = False
self.ca_database = ca_database
+ self.ssl_client = None
def setup(self):
@@ -83,10 +84,16 @@ class PostClient(object):
self.cxtr = pn_connector(self.driver, self.host, self.port, None)
assert(self.cxtr)
- # configure database of trusted CA's
+ # Enable SSL if database of trusted CAs given
if self.ca_database:
- self.log("Using CA database = %s" % self.ca_database)
- rc = pn_connector_ssl_client_init(self.cxtr, self.ca_database);
+ self.log("Using SSL, CA database = %s" % self.ca_database)
+
+ ssl_client = pn_ssl_client(self.cxtr)
+ assert(ssl_client)
+ rc = pn_ssl_set_trusted_ca_db(ssl_client, self.ca_database)
+ assert(rc == 0)
+ # we want to fail if the server's certificate is invalid:
+ rc = pn_ssl_set_peer_authentication(ssl_client,
PN_SSL_VERIFY_PEER, None)
assert(rc == 0)
# configure SASL
Modified: qpid/proton/branches/driver_abstraction/examples/mailbox/server
URL:
http://svn.apache.org/viewvc/qpid/proton/branches/driver_abstraction/examples/mailbox/server?rev=1387125&r1=1387124&r2=1387125&view=diff
==============================================================================
--- qpid/proton/branches/driver_abstraction/examples/mailbox/server (original)
+++ qpid/proton/branches/driver_abstraction/examples/mailbox/server Tue Sep 18
13:08:06 2012
@@ -48,7 +48,7 @@ class Options(object):
parser.add_option("--require-encryption", action="store_true",
help="Do not accept connections from clients that do
not use encryption.")
parser.add_option("--ssl-cert-db", type="str", metavar="<dir>",
- help="database of trusted certificates")
+ help="database of trusted certificates. Used to
authenticate clients.")
# For client authentication using SSL:
#parser.add_option("-c", "--ssl-require-client-authentication",
action="store_true", help="force client to authenticate itself.")
@@ -110,15 +110,8 @@ class MailboxServer(object):
return False
if self.certificate_file:
self.log("Setting SSL certificate %s" % self.certificate_file)
- rc = pn_listener_ssl_server_init(self.listener,
self.certificate_file,
- self.certificate_key_file,
- self.key_file_password,
- self.ca_database);
- assert(rc == 0)
if not self.require_encryption:
self.log("Allowing both encrypted AND unencrypted
connections!")
- rc = pn_listener_ssl_allow_unsecured_clients(self.listener)
- assert(rc == 0)
return True
@@ -139,6 +132,26 @@ class MailboxServer(object):
self.log("Accepting Connection.")
cxtr = pn_listener_accept(l)
pn_connector_set_context(cxtr, AUTHENTICATING)
+
+ # configure SSL
+ if self.certificate_file:
+ ssl_server = pn_ssl(cxtr)
+ assert(ssl_server)
+ rc = pn_ssl_set_credentials(ssl_server,
+ self.certificate_file,
+ self.certificate_key_file,
+ self.key_file_password)
+ assert(rc == 0)
+ if not self.require_encryption:
+ rc = pn_ssl_allow_unsecured_client(ssl_server)
+ assert(rc == 0)
+
+ # TODO: client authentication incomplete, for now skip peer
verification
+ rc = pn_ssl_set_peer_authentication(ssl_server,
+ PN_SSL_NO_VERIFY_PEER,
+ None)
+ assert(rc == 0)
+
l = pn_driver_listener(self.driver)
Modified:
qpid/proton/branches/driver_abstraction/proton-c/include/proton/driver.h
URL:
http://svn.apache.org/viewvc/qpid/proton/branches/driver_abstraction/proton-c/include/proton/driver.h?rev=1387125&r1=1387124&r2=1387125&view=diff
==============================================================================
--- qpid/proton/branches/driver_abstraction/proton-c/include/proton/driver.h
(original)
+++ qpid/proton/branches/driver_abstraction/proton-c/include/proton/driver.h
Tue Sep 18 13:08:06 2012
@@ -25,6 +25,7 @@
#include <proton/error.h>
#include <proton/engine.h>
#include <proton/sasl.h>
+#include <proton/ssl.h>
#ifdef __cplusplus
extern "C" {
@@ -196,39 +197,6 @@ void pn_listener_close(pn_listener_t *li
*/
void pn_listener_free(pn_listener_t *listener);
-/** Configure the listener as an SSL server by setting the identifying
certificate for the
- * server.
- *
- * This certificate will set the identity for all connectors created from this
listener.
- * Setting these parameters configures the pn_listener_t to use SSL/TLS on all
connectors
- * created from this listener (see ::pn_listener_accept). The certificate
will be used
- * for authenticating this server to connecting clients and encrypting the
data stream.
- *
- * @param[in] listener the listener that will provide this certificate.
- * @param[in] certificate_file path to file containing the identifying
certificate.
- * @param[in] private_key_file path to file the private key used to sign the
certificate
- * @param[in] password the password used to sign the key, else NULL if key is
not protected.
- * @param[in] certificate_db (optional) database of trusted CAs. Required if
client authentication used, or the certificate chain is incomplete.
- *
- * @return 0 on success
- */
-int pn_listener_ssl_server_init(pn_listener_t *listener,
- const char *certificate_file,
- const char *private_key_file,
- const char *password,
- const char *certificate_db);
-
-
-/** Permit a listener that has been configured to use SSL/TLS to accept
connection
- * requests from clients that are not using SSL/TLS. This configures the
listener to
- * "sniff" the incoming client data stream, and dynamically determine whether
SSL/TLS is
- * being used on a per-client basis. This option is disabled by default: only
clients
- * using SSL/TLS are accepted. See ::pn_listener_ssl_server_init.
- *
- * @param[in] listener the listener that will accept client connections.
- * @return 0 on success
- */
-int pn_listener_ssl_allow_unsecured_clients(pn_listener_t *listener);
@@ -300,7 +268,7 @@ pn_listener_t *pn_connector_listener(pn_
/** Access the Authentication and Security context of the connector.
*
- * @param[in] connector connector whose securty context will be
+ * @param[in] connector connector whose security context will be
* returned
* @return the Authentication and Security context for the connector,
* or NULL if none
@@ -341,6 +309,13 @@ void *pn_connector_context(pn_connector_
*/
void pn_connector_set_context(pn_connector_t *connector, void *context);
+/** Access the SSL/TLS context of the connector.
+ *
+ * @param[in] connector connector whose SSL/TLS context will be returned
+ * @return the SSL/TLS context for the connector, or NULL if none
+ */
+pn_ssl_t *pn_connector_ssl(pn_connector_t *connector);
+
/** Close the socket used by the connector.
*
* @param[in] connector the connector whose socket will be closed
@@ -362,47 +337,6 @@ bool pn_connector_closed(pn_connector_t
*/
void pn_connector_free(pn_connector_t *connector);
-/** Configure the set of trusted certificates for this client. This causes
the connector
- * to use SSL/TLS to authenticate the server and encrypt traffic. It is
intended to be
- * used by a client that is attempting to connect to a trusted server. See
- * ::pn_driver_connector ::pn_connector ::pn_connector_fd
- *
- * @param[in] connector the connector that will use SSL/TLS
- * @param[in] certificate_db database of trusted CAs, used to authenticate the
server.
- *
- * @return 0 on success
- */
-int pn_connector_ssl_client_init(pn_connector_t *connector,
- const char *certificate_db);
-
-/** Configure the identifying certificate for the connector. Used for those
client
- * connections that will have to authenticate -to- the remote server.
- *
- * @param[in] connector the connector that will advertise the certificate.
- * @param[in] certificate_file path to file containing the certificate.
- * @param[in] private_key_file path to file the private key used to sign the
certificate
- * @param[in] password the password used to sign the key, else NULL if key is
not protected.
- *
- * @return 0 on success
- */
-int pn_connector_ssl_set_client_auth(pn_connector_t *connector,
- const char *certificate_file,
- const char *private_key_file,
- const char *password);
-
-/** Force the peer (client) to authenticate. This is intended to be used on
those
- * connectors that have been created by a listener - it permits the server to
force
- * authentication of the connected client. See
::pn_listener_ssl_set_client_auth
- *
- * @param[in] connector the connector that will require authentication from
its peer.
- * @param[in] trusted_CAs_file a file containing certificates of those CA that
will be
- * advertised to the client as trusted CAs.
- *
- * @return 0 on success
- */
-int pn_connector_ssl_authenticate_client(pn_connector_t *connector,
- const char *trusted_CAs_file);
-
#ifdef __cplusplus
}
Added: qpid/proton/branches/driver_abstraction/proton-c/include/proton/ssl.h
URL:
http://svn.apache.org/viewvc/qpid/proton/branches/driver_abstraction/proton-c/include/proton/ssl.h?rev=1387125&view=auto
==============================================================================
--- qpid/proton/branches/driver_abstraction/proton-c/include/proton/ssl.h
(added)
+++ qpid/proton/branches/driver_abstraction/proton-c/include/proton/ssl.h Tue
Sep 18 13:08:06 2012
@@ -0,0 +1,174 @@
+#ifndef PROTON_SSL_H
+#define PROTON_SSL_H 1
+
+/*
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+
+#include <sys/types.h>
+#include <stdbool.h>
+#include <proton/engine.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/** @file
+ * API for using SSL with the Transport Layer.
+ *
+ * A Transport may be configured to use SSL for encryption and/or
authentication. A
+ * Transport can be configured as either an "SSL client" or an "SSL server".
An SSL
+ * client is the party that proactively establishes a connection to an SSL
server. An SSL
+ * server is the party that accepts a connection request from a remote SSL
client.
+ *
+ * If either an SSL server or client needs to identify itself with the remote
node, it
+ * must have its SSL certificate configured (see ::pn_ssl_set_credentials()).
+ *
+ * If either an SSL server or client needs to verify the identity of the
remote node, it
+ * must have its database of trusted CAs configured (see
::pn_ssl_set_trusted_ca_db()).
+ *
+ * An SSL server may allow peers to connect without SSL (eg. "in the clear"),
see
+ * ::pn_ssl_allow_unsecured_client().
+ *
+ * The level of verification required of the remote may be configured (see
+ * ::pn_ssl_set_peer_authentication, ::pn_ssl_get_peer_authentication).
+ */
+
+typedef struct pn_ssl_t pn_ssl_t;
+
+/** Get the SSL server object associated with a transport.
+ *
+ * A transport may be configured to be either an SSL server or an SSL client.
Those
+ * transports that will be used to accept incoming connections must be
configured as an
+ * SSL server.
+ *
+ * @return a pointer to the SSL server object configured for this transport.
Returns NULL
+ * if the server cannot be configured, which would occur if no SSL support is
available,
+ * or the transport has already been configured as an SSL client.
+ */
+pn_ssl_t *pn_ssl_server(pn_transport_t *transport);
+
+/** Get the SSL client object associated with a transport.
+ *
+ * A transport may be configured to be either an SSL server or an SSL client.
Those
+ * transports that will be used to initiate outbound connections must be
configured as an
+ * SSL client.
+ *
+ * @return a pointer to the SSL client object configured for this transport.
Returns NULL
+ * if the client cannot be configured, which would occur if no SSL support is
available,
+ * or the transport has already been configured as an SSL server.
+ */
+pn_ssl_t *pn_ssl_client(pn_transport_t *transport);
+
+
+/** Set the certificate that identifies the local node to the remote.
+ *
+ * This certificate establishes the identity for the local node. It will be
sent to the
+ * remote if the remote needs to verify the identity of this node. This may
be used for
+ * both SSL servers and SSL clients (if client authentication is required by
the server).
+ *
+ * @param[in] ssl the ssl server/client will provide this certificate.
+ * @param[in] certificate_path path to file/database containing the identifying
+ * certificate.
+ * @param[in] private_key_path path to file/database containing the private
key used to
+ * sign the certificate
+ * @param[in] password the password used to sign the key, else NULL if key is
not
+ * protected.
+ * @return 0 on success
+ */
+ int pn_ssl_set_credentials( pn_ssl_t *ssl,
+ const char *certificate_file,
+ const char *private_key_file,
+ const char *password);
+
+/** Configure the set of trusted CA certificates used by this node to verify
peers.
+ *
+ * If the local SSL client/server needs to verify the identity of the remote,
it must
+ * validate the signature of the remote's certificate. This function sets the
database of
+ * trusted CAs that will be used to verify the signature of the remote's
certificate.
+ *
+ * @param[in] ssl the ssl server/client that will use the database.
+ * @param[in] certificate_db database of trusted CAs, used to authenticate the
peer.
+ * @return 0 on success
+ */
+
+int pn_ssl_set_trusted_ca_db(pn_ssl_t *ssl,
+ const char *certificate_db);
+
+/** Permit a server to accept connection requests from non-SSL clients.
+ *
+ * This configures the server to "sniff" the incoming client data stream, and
dynamically
+ * determine whether SSL/TLS is being used. This option is disabled by
default: only
+ * clients using SSL/TLS are accepted.
+ *
+ * @param[in] ssl the SSL server that will accept the client connection.
+ * @return 0 on success
+ */
+int pn_ssl_allow_unsecured_client(pn_ssl_t *ssl);
+
+
+/** Determines the level of peer certificate validation. */
+typedef enum {
+ PN_SSL_VERIFY_PEER, /**< require peer to provide a valid identifying
certificate */
+ PN_SSL_NO_VERIFY_PEER, /**< do not require peer to provide an identifying
certificate */
+} pn_ssl_verify_mode_t;
+
+
+/** Configure the level of verification used on the peer certificate.
+ *
+ * This method controls how the peer's certificate is validated, if at all.
By default,
+ * SSL servers do not attempt to verify their peers (PN_SSL_NO_VERIFY), and
SSL clients
+ * require the remote to provide a valid certificate (PN_SSL_VERIFY_PEER).
+ *
+ * @param[in] ssl the ssl client/server to configure.
+ * @param[in] mode the level of validation to apply to the peer's certificate.
+ * @param[in] trusted_CAs path to a database of trusted CAs that the server
will advertise
+ * to the peer client if the server has been configured to verify its peer.
+ * @return 0 on success
+ */
+int pn_ssl_set_peer_authentication(pn_ssl_t *ssl,
+ const pn_ssl_verify_mode_t mode,
+ const char *trusted_CAs);
+
+/** Get the level of verification to be used on the peer certificate.
+ *
+ * Access the current peer certificate validation level. See
+ * ::pn_ssl_set_peer_authentication().
+ *
+ *
+ * @param[in] ssl the ssl client/server to query.
+ * @param[out] mode the level of validation that will be applied to the peer's
certificate.
+ * @param[out] trusted_CAs set to a buffer to hold the path to the database of
trusted CAs
+ * that the server will advertise to the peer client. If NULL, the path will
not be
+ * returned.
+ * @param[in,out] trusted_CAs_size on input, set to the number of octets in
trusted_CAs,
+ * on output, set to the number of octets needed to hold the value of
trusted_CAs plus a
+ * null byte. @return 0 on success
+ */
+int pn_ssl_get_peer_authentication(pn_ssl_t *ssl,
+ pn_ssl_verify_mode_t *mode,
+ char *trusted_CAs, size_t
*trusted_CAs_size);
+
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* ssl.h */
Propchange:
qpid/proton/branches/driver_abstraction/proton-c/include/proton/ssl.h
------------------------------------------------------------------------------
svn:eol-style = native
Modified: qpid/proton/branches/driver_abstraction/proton-c/src/driver.c
URL:
http://svn.apache.org/viewvc/qpid/proton/branches/driver_abstraction/proton-c/src/driver.c?rev=1387125&r1=1387124&r2=1387125&view=diff
==============================================================================
--- qpid/proton/branches/driver_abstraction/proton-c/src/driver.c (original)
+++ qpid/proton/branches/driver_abstraction/proton-c/src/driver.c Tue Sep 18
13:08:06 2012
@@ -23,6 +23,7 @@
#include <proton/driver.h>
#include <proton/sasl.h>
+#include <proton/ssl.h>
#include "util.h"
#include "driver-internal.h"
#include "drivers/ssl.h"
@@ -332,6 +333,17 @@ pn_sasl_t *pn_connector_sasl(pn_connecto
return ctor ? ctor->sasl : NULL;
}
+pn_ssl_t *pn_connector_ssl(pn_connector_t *ctor)
+{
+ if (ctor) {
+ // use server mode SSL if this connector was created by a listener
+ if (ctor->listener)
+ return pn_ssl_server(ctor->transport);
+ return pn_ssl_client(ctor->transport);
+ }
+ return NULL;
+}
+
void pn_connector_set_connection(pn_connector_t *ctor, pn_connection_t
*connection)
{
if (!ctor) return;
Copied: qpid/proton/branches/driver_abstraction/proton-c/src/pollers/openssl.c
(from r1383921,
qpid/proton/branches/driver_abstraction/proton-c/src/drivers/openssl.c)
URL:
http://svn.apache.org/viewvc/qpid/proton/branches/driver_abstraction/proton-c/src/pollers/openssl.c?p2=qpid/proton/branches/driver_abstraction/proton-c/src/pollers/openssl.c&p1=qpid/proton/branches/driver_abstraction/proton-c/src/drivers/openssl.c&r1=1383921&r2=1387125&rev=1387125&view=diff
==============================================================================
(empty)
Propchange:
qpid/proton/branches/driver_abstraction/proton-c/src/pollers/openssl.c
------------------------------------------------------------------------------
svn:eol-style = native
Copied: qpid/proton/branches/driver_abstraction/proton-c/src/pollers/poll.c
(from r1383921,
qpid/proton/branches/driver_abstraction/proton-c/src/drivers/poll.c)
URL:
http://svn.apache.org/viewvc/qpid/proton/branches/driver_abstraction/proton-c/src/pollers/poll.c?p2=qpid/proton/branches/driver_abstraction/proton-c/src/pollers/poll.c&p1=qpid/proton/branches/driver_abstraction/proton-c/src/drivers/poll.c&r1=1383921&r2=1387125&rev=1387125&view=diff
==============================================================================
(empty)
Propchange: qpid/proton/branches/driver_abstraction/proton-c/src/pollers/poll.c
------------------------------------------------------------------------------
svn:eol-style = native
Copied: qpid/proton/branches/driver_abstraction/proton-c/src/pollers/select.c
(from r1383921,
qpid/proton/branches/driver_abstraction/proton-c/src/drivers/select.c)
URL:
http://svn.apache.org/viewvc/qpid/proton/branches/driver_abstraction/proton-c/src/pollers/select.c?p2=qpid/proton/branches/driver_abstraction/proton-c/src/pollers/select.c&p1=qpid/proton/branches/driver_abstraction/proton-c/src/drivers/select.c&r1=1383921&r2=1387125&rev=1387125&view=diff
==============================================================================
(empty)
Propchange:
qpid/proton/branches/driver_abstraction/proton-c/src/pollers/select.c
------------------------------------------------------------------------------
svn:eol-style = native
Copied: qpid/proton/branches/driver_abstraction/proton-c/src/pollers/ssl.h
(from r1383921,
qpid/proton/branches/driver_abstraction/proton-c/src/drivers/ssl.h)
URL:
http://svn.apache.org/viewvc/qpid/proton/branches/driver_abstraction/proton-c/src/pollers/ssl.h?p2=qpid/proton/branches/driver_abstraction/proton-c/src/pollers/ssl.h&p1=qpid/proton/branches/driver_abstraction/proton-c/src/drivers/ssl.h&r1=1383921&r2=1387125&rev=1387125&view=diff
==============================================================================
--- qpid/proton/branches/driver_abstraction/proton-c/src/drivers/ssl.h
(original)
+++ qpid/proton/branches/driver_abstraction/proton-c/src/pollers/ssl.h Tue Sep
18 13:08:06 2012
@@ -23,6 +23,8 @@
#define _POSIX_C_SOURCE 1
+#include <proton/driver.h>
+
/** @file
* Internal API for SSL/TLS support in the Driver Layer.
*
@@ -37,8 +39,7 @@
* @param[in,out] c the connector that will be configured for SSL/TLS (client
mode).
* @return 0 on success, else an error code if SSL/TLS cannot be configured.
*/
-int pn_listener_init_ssl_client( pn_listener_t *l, pn_connector_t *c);
-
+int pn_ssl_client_init( pn_ssl_t *ssl);
/** Start the SSL/TLS shutdown handshake.
*
@@ -49,21 +50,13 @@ int pn_listener_init_ssl_client( pn_list
*
* @param[in,out] c the connector to shutdown.
*/
-void pn_connector_shutdown_ssl( pn_connector_t *c);
-
+void pn_ssl_shutdown( pn_ssl_t *ssl);
/** Release any SSL/TLS related resources used by the listener.
*
* @param[in,out] l the listener to clean up.
*/
-void pn_listener_free_ssl( pn_listener_t *l);
-
-
-/** Release any SSL/TLS related resources used by the connector.
- *
- * @param[in,out] c the connector to clean up.
- */
-void pn_connector_free_ssl( pn_connector_t *c);
+void pn_ssl_free( pn_ssl_t *ssl);
/** Check if the SSL/TLS layer has data ready for reading or writing
*
Propchange: qpid/proton/branches/driver_abstraction/proton-c/src/pollers/ssl.h
------------------------------------------------------------------------------
svn:eol-style = native
Added: qpid/proton/branches/driver_abstraction/proton-c/src/pollers/ssl_stub.c
URL:
http://svn.apache.org/viewvc/qpid/proton/branches/driver_abstraction/proton-c/src/pollers/ssl_stub.c?rev=1387125&view=auto
==============================================================================
--- qpid/proton/branches/driver_abstraction/proton-c/src/pollers/ssl_stub.c
(added)
+++ qpid/proton/branches/driver_abstraction/proton-c/src/pollers/ssl_stub.c Tue
Sep 18 13:08:06 2012
@@ -0,0 +1,81 @@
+/*
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+
+#define _POSIX_C_SOURCE 1
+
+#include <proton/ssl.h>
+#include "ssl.h"
+
+
+/** @file
+ * SSL/TLS support API.
+ *
+ * This file contains stub implementations of the SSL/TLS API. This
implementation is
+ * used if there is no SSL/TLS support in the system's environment.
+ */
+
+pn_ssl_t *pn_ssl_server(pn_transport_t *transport)
+{
+ return NULL;
+}
+
+pn_ssl_t *pn_ssl_client(pn_transport_t *transport)
+{
+ return NULL;
+}
+
+
+int pn_ssl_set_credentials(pn_ssl_t *ssl,
+ const char *certificate_file,
+ const char *private_key_file,
+ const char *password)
+{
+ return -1;
+}
+
+int pn_ssl_set_trusted_ca_db(pn_ssl_t *ssl,
+ const char *certificate_db)
+{
+ return -1;
+}
+
+int pn_ssl_allow_unsecured_client(pn_ssl_t *ssl)
+{
+ return -1;
+}
+
+
+int pn_ssl_set_peer_authentication(pn_ssl_t *ssl,
+ const pn_ssl_verify_mode_t mode,
+ const char *trusted_CAs)
+{
+ return -1;
+}
+
+
+int pn_ssl_get_peer_authentication(pn_ssl_t *ssl,
+ pn_ssl_verify_mode_t *mode,
+ char *trusted_CAs, size_t *trusted_CAs_size)
+{
+ return -1;
+}
+
+
Propchange:
qpid/proton/branches/driver_abstraction/proton-c/src/pollers/ssl_stub.c
------------------------------------------------------------------------------
svn:eol-style = native
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
