svn commit: r1655837 - in /qpid/trunk/qpid/cpp/src/qpid: client/windows/SslConnector.cpp messaging/amqp/windows/SslTransport.cpp sys/windows/SslCredential.cpp sys/windows/SslCredential.h

Thu, 29 Jan 2015 11:48:01 -0800 

Author: cliffjansen
Date: Thu Jan 29 19:47:37 2015
New Revision: 1655837

URL: http://svn.apache.org/r1655837
Log:
QPID-5842: Allow SSL hostname verification to be disabled on windows client.  
Windows related changes for QPID-5841 and https://reviews.apache.org/r/22890

Modified:
    qpid/trunk/qpid/cpp/src/qpid/client/windows/SslConnector.cpp
    qpid/trunk/qpid/cpp/src/qpid/messaging/amqp/windows/SslTransport.cpp
    qpid/trunk/qpid/cpp/src/qpid/sys/windows/SslCredential.cpp
    qpid/trunk/qpid/cpp/src/qpid/sys/windows/SslCredential.h

Modified: qpid/trunk/qpid/cpp/src/qpid/client/windows/SslConnector.cpp
URL: 
http://svn.apache.org/viewvc/qpid/trunk/qpid/cpp/src/qpid/client/windows/SslConnector.cpp?rev=1655837&r1=1655836&r2=1655837&view=diff
==============================================================================
--- qpid/trunk/qpid/cpp/src/qpid/client/windows/SslConnector.cpp (original)
+++ qpid/trunk/qpid/cpp/src/qpid/client/windows/SslConnector.cpp Thu Jan 29 
19:47:37 2015
@@ -115,7 +115,9 @@ SslConnector::SslConnector(boost::shared
                            ConnectionImpl* cimpl)
     : TCPConnector(p, ver, settings, cimpl), shim(0), poller(p)
 {
-
+    if (settings.sslIgnoreHostnameVerificationFailure) {
+        sslCredential.ignoreHostnameVerificationFailure();
+    }
     const std::string& name = (settings.sslCertName != "") ?
         settings.sslCertName : qpid::sys::ssl::SslOptions::global.certName;
     certLoaded = sslCredential.load(name);

Modified: qpid/trunk/qpid/cpp/src/qpid/messaging/amqp/windows/SslTransport.cpp
URL: 
http://svn.apache.org/viewvc/qpid/trunk/qpid/cpp/src/qpid/messaging/amqp/windows/SslTransport.cpp?rev=1655837&r1=1655836&r2=1655837&view=diff
==============================================================================
--- qpid/trunk/qpid/cpp/src/qpid/messaging/amqp/windows/SslTransport.cpp 
(original)
+++ qpid/trunk/qpid/cpp/src/qpid/messaging/amqp/windows/SslTransport.cpp Thu 
Jan 29 19:47:37 2015
@@ -94,6 +94,9 @@ void SslTransport::negotiationDone(SECUR
 SslTransport::SslTransport(TransportContext& c, boost::shared_ptr<Poller> p) : 
TcpTransport(c, p)
 {
     const ConnectionOptions* options = context.getOptions();
+    if (options->sslIgnoreHostnameVerificationFailure) {
+        sslCredential.ignoreHostnameVerificationFailure();
+    }
     const std::string& name = (options->sslCertName != "") ?
         options->sslCertName : qpid::sys::ssl::SslOptions::global.certName;
     certLoaded = sslCredential.load(name);

Modified: qpid/trunk/qpid/cpp/src/qpid/sys/windows/SslCredential.cpp
URL: 
http://svn.apache.org/viewvc/qpid/trunk/qpid/cpp/src/qpid/sys/windows/SslCredential.cpp?rev=1655837&r1=1655836&r2=1655837&view=diff
==============================================================================
--- qpid/trunk/qpid/cpp/src/qpid/sys/windows/SslCredential.cpp (original)
+++ qpid/trunk/qpid/cpp/src/qpid/sys/windows/SslCredential.cpp Thu Jan 29 
19:47:37 2015
@@ -34,7 +34,7 @@ namespace sys {
 namespace windows {
 
 
-SslCredential::SslCredential() : certStore(0), cert(0)
+SslCredential::SslCredential() : certStore(0), cert(0), 
hostnameVerification(true)
 {
     SecInvalidateHandle(&credHandle);
     memset(&cred, 0, sizeof(cred));
@@ -60,6 +60,8 @@ bool SslCredential::load(const std::stri
         cred.paCred = &cert;
         cred.cCreds = 1;
     }
+    if (!hostnameVerification)
+        cred.dwFlags |= SCH_CRED_NO_SERVERNAME_CHECK;
 
     SECURITY_STATUS status = ::AcquireCredentialsHandle(NULL,
                                                         UNISP_NAME,
@@ -89,6 +91,10 @@ std::string SslCredential::error()
     return loadError.error;
 }
 
+void SslCredential::ignoreHostnameVerificationFailure(){
+    hostnameVerification = false;
+}
+
 void SslCredential::loadPrivCertStore()
 {
     //  Get a handle to the system store or pkcs#12 file

Modified: qpid/trunk/qpid/cpp/src/qpid/sys/windows/SslCredential.h
URL: 
http://svn.apache.org/viewvc/qpid/trunk/qpid/cpp/src/qpid/sys/windows/SslCredential.h?rev=1655837&r1=1655836&r2=1655837&view=diff
==============================================================================
--- qpid/trunk/qpid/cpp/src/qpid/sys/windows/SslCredential.h (original)
+++ qpid/trunk/qpid/cpp/src/qpid/sys/windows/SslCredential.h Thu Jan 29 
19:47:37 2015
@@ -53,6 +53,8 @@ public:
     QPID_COMMON_EXTERN bool load(const std::string& certName);
     QPID_COMMON_EXTERN CredHandle handle();
     QPID_COMMON_EXTERN std::string error();
+    /** Proceed with connect inspite of hostname verifcation failures*/
+    QPID_COMMON_EXTERN void ignoreHostnameVerificationFailure();
 
 private:
     struct SavedError {
@@ -70,6 +72,7 @@ private:
     CredHandle credHandle;
     TimeStamp credExpiry;
     SavedError loadError;
+    bool hostnameVerification;
 
     PCCERT_CONTEXT findCertificate(const std::string& name);
     void loadPrivCertStore();



---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to