Repository: thrift Updated Branches: refs/heads/master 431732d39 -> b79396f79
THRIFT-4108: c_glib ssl implementation fixes - remove global ssl context and more Client: glib This closes #1208 Project: http://git-wip-us.apache.org/repos/asf/thrift/repo Commit: http://git-wip-us.apache.org/repos/asf/thrift/commit/b79396f7 Tree: http://git-wip-us.apache.org/repos/asf/thrift/tree/b79396f7 Diff: http://git-wip-us.apache.org/repos/asf/thrift/diff/b79396f7 Branch: refs/heads/master Commit: b79396f799fe88d2dae48573f61257aac5b2c09b Parents: 431732d Author: Gonzalo Aguilar Delgado <gagui...@level2crm.com> Authored: Mon Mar 6 18:55:44 2017 +0100 Committer: James E. King, III <jk...@apache.org> Committed: Mon Mar 6 19:09:06 2017 -0500 ---------------------------------------------------------------------- .../thrift/c_glib/transport/thrift_ssl_socket.c | 360 +++++++++---------- .../thrift/c_glib/transport/thrift_ssl_socket.h | 50 +++ 2 files changed, 214 insertions(+), 196 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/thrift/blob/b79396f7/lib/c_glib/src/thrift/c_glib/transport/thrift_ssl_socket.c ---------------------------------------------------------------------- diff --git a/lib/c_glib/src/thrift/c_glib/transport/thrift_ssl_socket.c b/lib/c_glib/src/thrift/c_glib/transport/thrift_ssl_socket.c index f7c42cc..1de4a43 100644 --- a/lib/c_glib/src/thrift/c_glib/transport/thrift_ssl_socket.c +++ b/lib/c_glib/src/thrift/c_glib/transport/thrift_ssl_socket.c @@ -27,11 +27,15 @@ #include <openssl/ssl.h> #include <pthread.h> +#include <glib-object.h> +#include <glib.h> + #include <thrift/c_glib/thrift.h> #include <thrift/c_glib/transport/thrift_transport.h> #include <thrift/c_glib/transport/thrift_socket.h> #include <thrift/c_glib/transport/thrift_ssl_socket.h> + #if defined(WIN32) #define MUTEX_TYPE HANDLE #define MUTEX_SETUP(x) (x) = CreateMutex(NULL, FALSE, NULL) @@ -58,8 +62,6 @@ enum _ThriftSSLSocketProperties /* To hold a global state management of openssl for all instances */ static gboolean thrift_ssl_socket_openssl_initialized=FALSE; -/* Should this be keept at class level? */ -static SSL_CTX* thrift_ssl_socket_global_context=NULL; /* This array will store all of the mutexes available to OpenSSL. */ static MUTEX_TYPE *thrift_ssl_socket_global_mutex_buf=NULL; @@ -152,21 +154,21 @@ thrift_ssl_socket_peek (ThriftTransport *transport, GError **error) gboolean retval = FALSE; ThriftSSLSocket *ssl_socket = THRIFT_SSL_SOCKET (transport); if (thrift_ssl_socket_is_open (transport)) - { - int rc; - gchar byte; - rc = SSL_peek(ssl_socket->ssl, &byte, 1); - if (rc < 0) { - g_set_error (error, - THRIFT_TRANSPORT_ERROR, - THRIFT_SSL_SOCKET_ERROR_SSL, - "failed to peek at socket - id?"); - } - if (rc == 0) { - ERR_clear_error(); + { + int rc; + gchar byte; + rc = SSL_peek(ssl_socket->ssl, &byte, 1); + if (rc < 0) { + g_set_error (error, + THRIFT_TRANSPORT_ERROR, + THRIFT_SSL_SOCKET_ERROR_SSL, + "failed to peek at socket - id?"); + } + if (rc == 0) { + ERR_clear_error(); + } + retval = (rc > 0); } - retval = (rc > 0); - } return retval; } @@ -175,13 +177,13 @@ gboolean thrift_ssl_socket_open (ThriftTransport *transport, GError **error) { if (!thrift_socket_open(transport, error)) { - return FALSE; + return FALSE; } if (!THRIFT_SSL_SOCKET_GET_CLASS(transport)->handle_handshake(transport, error)) { - GError *tmperr; - thrift_socket_close(transport, &tmperr); - return FALSE; + GError *tmperr; + thrift_socket_close(transport, &tmperr); + return FALSE; } return TRUE; @@ -195,7 +197,7 @@ thrift_ssl_socket_close (ThriftTransport *transport, GError **error) if(THRIFT_SSL_SOCKET(transport)->ssl) { int rc = SSL_shutdown(THRIFT_SSL_SOCKET(transport)->ssl); if (rc < 0) { - int errno_copy = THRIFT_SSL_SOCKET_ERROR_SSL; + int errno_copy = THRIFT_SSL_SOCKET_ERROR_SSL; } SSL_free(THRIFT_SSL_SOCKET(transport)->ssl); THRIFT_SSL_SOCKET(transport)->ssl = NULL; @@ -207,26 +209,26 @@ thrift_ssl_socket_close (ThriftTransport *transport, GError **error) /* implements thrift_transport_read */ gint32 thrift_ssl_socket_read (ThriftTransport *transport, gpointer buf, - guint32 len, GError **error) + guint32 len, GError **error) { guint maxRecvRetries_ = 10; ThriftSSLSocket *ssl_socket = THRIFT_SSL_SOCKET (transport); guint bytes = 0; guint retries = 0; for (retries=0; retries < maxRecvRetries_; retries++) { - bytes = SSL_read(ssl_socket->ssl, buf, len); - if (bytes >= 0) - break; - int errno_copy = THRIFT_GET_SOCKET_ERROR; - if (SSL_get_error(ssl_socket->ssl, bytes) == SSL_ERROR_SYSCALL) { - if (ERR_get_error() == 0 && errno_copy == THRIFT_EINTR) { - continue; - } - } - g_set_error (error, THRIFT_TRANSPORT_ERROR, - THRIFT_TRANSPORT_ERROR_RECEIVE, - "failed to read %d bytes - %s", len, strerror(errno)); - return -1; + bytes = SSL_read(ssl_socket->ssl, buf, len); + if (bytes >= 0) + break; + int errno_copy = THRIFT_GET_SOCKET_ERROR; + if (SSL_get_error(ssl_socket->ssl, bytes) == SSL_ERROR_SYSCALL) { + if (ERR_get_error() == 0 && errno_copy == THRIFT_EINTR) { + continue; + } + } + g_set_error (error, THRIFT_TRANSPORT_ERROR, + THRIFT_TRANSPORT_ERROR_RECEIVE, + "failed to read %d bytes - %s", len, strerror(errno)); + return -1; } return bytes; } @@ -245,7 +247,7 @@ thrift_ssl_socket_read_end (ThriftTransport *transport, GError **error) /* implements thrift_transport_write */ gboolean thrift_ssl_socket_write (ThriftTransport *transport, const gpointer buf, - const guint32 len, GError **error) + const guint32 len, GError **error) { ThriftSSLSocket *ssl_socket = THRIFT_SSL_SOCKET (transport); gint ret = 0; @@ -254,17 +256,17 @@ thrift_ssl_socket_write (ThriftTransport *transport, const gpointer buf, g_return_val_if_fail (socket->sd != THRIFT_INVALID_SOCKET, FALSE); while (sent < len) - { - ret = SSL_write (ssl_socket->ssl, (guint8 *)buf + sent, len - sent); - if (ret < 0) - { - g_set_error (error, THRIFT_TRANSPORT_ERROR, - THRIFT_TRANSPORT_ERROR_SEND, - "failed to send %d bytes - %s", len, strerror(errno)); - return FALSE; - } - sent += ret; - } + { + ret = SSL_write (ssl_socket->ssl, (guint8 *)buf + sent, len - sent); + if (ret < 0) + { + g_set_error (error, THRIFT_TRANSPORT_ERROR, + THRIFT_TRANSPORT_ERROR_SEND, + "failed to send %d bytes - %s", len, strerror(errno)); + return FALSE; + } + sent += ret; + } return sent==len; } @@ -290,16 +292,16 @@ thrift_ssl_socket_flush (ThriftTransport *transport, GError **error) guint sent = 0; BIO* bio = SSL_get_wbio(ssl_socket->ssl); if (bio == NULL) { - g_set_error (error, THRIFT_TRANSPORT_ERROR, - THRIFT_TRANSPORT_ERROR_SEND, - "failed to flush, wbio returned null"); - return FALSE; - } - if (BIO_flush(bio) != 1) { - g_set_error (error, THRIFT_TRANSPORT_ERROR, - THRIFT_TRANSPORT_ERROR_SEND, - "failed to flush it returned error"); - return FALSE; + g_set_error (error, THRIFT_TRANSPORT_ERROR, + THRIFT_TRANSPORT_ERROR_SEND, + "failed to flush, wbio returned null"); + return FALSE; + } + if (BIO_flush(bio) != 1) { + g_set_error (error, THRIFT_TRANSPORT_ERROR, + THRIFT_TRANSPORT_ERROR_SEND, + "failed to flush it returned error"); + return FALSE; } return TRUE; } @@ -317,14 +319,14 @@ thrift_ssl_socket_handle_handshake(ThriftTransport * transport, GError **error) SSL_set_fd(ssl_socket->ssl, socket->sd); int rc; if(ssl_socket->server){ - rc = SSL_accept(ssl_socket->ssl); + rc = SSL_accept(ssl_socket->ssl); }else{ - rc = SSL_connect(ssl_socket->ssl); + rc = SSL_connect(ssl_socket->ssl); } if (rc <= 0) { - fprintf(stderr,"The error returned was %d\n", SSL_get_error(ssl_socket->ssl, rc)); - thrift_ssl_socket_get_error(error, "Not possible to connect", THRIFT_SSL_SOCKET_ERROR_CIPHER_NOT_AVAILABLE); - return FALSE; + fprintf(stderr,"The error returned was %d\n", SSL_get_error(ssl_socket->ssl, rc)); + thrift_ssl_socket_get_error(error, "Not possible to connect", THRIFT_SSL_SOCKET_ERROR_CIPHER_NOT_AVAILABLE); + return FALSE; } }else return FALSE; @@ -339,27 +341,22 @@ thrift_ssl_socket_create_ssl_context(ThriftTransport * transport, GError **error if(socket->ctx!=NULL){ if(socket->ssl!=NULL) { - return TRUE; + return TRUE; } socket->ssl = SSL_new(socket->ctx); if (socket->ssl == NULL) { - g_set_error (error, THRIFT_TRANSPORT_ERROR, - THRIFT_SSL_SOCKET_ERROR_TRANSPORT, - "Unable to create SSL context"); - return FALSE; + g_set_error (error, THRIFT_TRANSPORT_ERROR, + THRIFT_SSL_SOCKET_ERROR_TRANSPORT, + "Unable to create default SSL context"); + return FALSE; } } return TRUE; } -/** - * - * @param ssl_socket The ssl socket - * @param file_name The file name of the PEM certificate chain - * @return - */ + gboolean thrift_ssl_load_cert_from_file(ThriftSSLSocket *ssl_socket, const char *file_name) { char error_buffer[255]; @@ -376,12 +373,7 @@ gboolean thrift_ssl_load_cert_from_file(ThriftSSLSocket *ssl_socket, const char return TRUE; } -/** - * Load a certificate chain from memory - * @param ssl_socket the ssl socket - * @param chain_certs the buffer to load PEM from - * @return - */ + gboolean thrift_ssl_load_cert_from_buffer(ThriftSSLSocket *ssl_socket, const char chain_certs[]) { gboolean retval = FALSE; @@ -393,13 +385,13 @@ gboolean thrift_ssl_load_cert_from_buffer(ThriftSSLSocket *ssl_socket, const cha if(cert_store!=NULL){ int index = 0; while ((cacert = PEM_read_bio_X509(mem, NULL, 0, NULL))!=NULL) { - if(cacert) { - g_debug("Our certificate name is %s", cacert->name); - X509_STORE_add_cert(cert_store, cacert); - X509_free(cacert); - cacert=NULL; - } /* Free immediately */ - index++; + if(cacert) { + g_debug("Our certificate name is %s", cacert->name); + X509_STORE_add_cert(cert_store, cacert); + X509_free(cacert); + cacert=NULL; + } /* Free immediately */ + index++; } retval=TRUE; } @@ -416,47 +408,47 @@ thrift_ssl_socket_authorize(ThriftTransport * transport, GError **error) gboolean authorization_result = FALSE; if(cls!=NULL && ssl_socket->ssl!=NULL){ - int rc = SSL_get_verify_result(ssl_socket->ssl); - if (rc != X509_V_OK) { /* verify authentication result */ - if (rc == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT && ssl_socket->allow_selfsigned) { - g_debug("The certificate is a self-signed certificate and configuration allows it"); - } else { - g_error("The certificate verification failed: %s (%d)", X509_verify_cert_error_string(rc), rc); - return FALSE; + int rc = SSL_get_verify_result(ssl_socket->ssl); + if (rc != X509_V_OK) { /* verify authentication result */ + if (rc == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT && ssl_socket->allow_selfsigned) { + g_debug("The certificate is a self-signed certificate and configuration allows it"); + } else { + g_error("The certificate verification failed: %s (%d)", X509_verify_cert_error_string(rc), rc); + return FALSE; + } } - } - X509* cert = SSL_get_peer_certificate(ssl_socket->ssl); - if (cert == NULL) { - if (SSL_get_verify_mode(ssl_socket->ssl) & SSL_VERIFY_FAIL_IF_NO_PEER_CERT) { - g_error("No certificate present"); - return FALSE; + X509* cert = SSL_get_peer_certificate(ssl_socket->ssl); + if (cert == NULL) { + if (SSL_get_verify_mode(ssl_socket->ssl) & SSL_VERIFY_FAIL_IF_NO_PEER_CERT) { + g_error("No certificate present"); + return FALSE; + } + + g_debug("No certificate required"); + return TRUE; } - g_debug("No certificate required"); - return TRUE; - } + /* certificate is present, since we don't support access manager we are done */ + if (cls->authorize_peer == NULL) { + X509_free(cert); + g_debug("Certificate presented but we're not checking it"); + return TRUE; + } else { + /* both certificate and access manager are present */ + struct sockaddr_storage sa; + socklen_t saLength = sizeof(struct sockaddr_storage); - /* certificate is present, since we don't support access manager we are done */ - if (cls->authorize_peer == NULL) { - X509_free(cert); - g_debug("Certificate presented but we're not checking it"); - return TRUE; - } else { - /* both certificate and access manager are present */ - struct sockaddr_storage sa; - socklen_t saLength = sizeof(struct sockaddr_storage); + if (getpeername(socket->sd, (struct sockaddr*)&sa, &saLength) != 0) { + sa.ss_family = AF_UNSPEC; + } - if (getpeername(socket->sd, (struct sockaddr*)&sa, &saLength) != 0) { - sa.ss_family = AF_UNSPEC; + authorization_result = cls->authorize_peer(transport, cert, &sa, error); } - authorization_result = cls->authorize_peer(transport, cert, &sa, error); - } - - if(cert != NULL) { - X509_free(cert); - } + if(cert != NULL) { + X509_free(cert); + } } return authorization_result; @@ -473,8 +465,8 @@ thrift_ssl_socket_init (ThriftSSLSocket *socket) if(socket->ctx == NULL) { g_info("The SSL context was not automatically initialized with protocol %d", SSLTLS); if(error!=NULL){ - g_info("Reported reason %s", error->message); - g_error_free (error); + g_info("Reported reason %s", error->message); + g_error_free (error); } } socket->server = FALSE; @@ -488,19 +480,20 @@ thrift_ssl_socket_finalize (GObject *object) { ThriftSSLSocket *socket = THRIFT_SSL_SOCKET (object); GError *error=NULL; - g_debug("Instance %p destroyed",object); - if(socket->ssl != NULL) - { - thrift_ssl_socket_close(THRIFT_TRANSPORT(object), &error); - socket->ssl=NULL; - } + if(socket!=NULL){ + g_debug("Instance %p destroyed", (void *)socket); + if(socket->ssl != NULL) + { + thrift_ssl_socket_close(THRIFT_TRANSPORT(object), &error); + socket->ssl=NULL; + } - if(socket->ctx!=NULL){ - g_debug("Freeing the context for the instance"); - SSL_CTX_free(socket->ctx); + if(socket->ctx!=NULL){ + g_debug("Freeing the context for the instance"); + SSL_CTX_free(socket->ctx); + } + socket->ctx=NULL; } - socket->ctx=NULL; - if (G_OBJECT_CLASS (thrift_ssl_socket_parent_class)->finalize) (*G_OBJECT_CLASS (thrift_ssl_socket_parent_class)->finalize) (object); @@ -509,7 +502,7 @@ thrift_ssl_socket_finalize (GObject *object) /* property accessor */ void thrift_ssl_socket_get_property (GObject *object, guint property_id, - GValue *value, GParamSpec *pspec) + GValue *value, GParamSpec *pspec) { ThriftSSLSocket *socket = THRIFT_SSL_SOCKET (object); THRIFT_UNUSED_VAR (pspec); @@ -525,7 +518,7 @@ thrift_ssl_socket_get_property (GObject *object, guint property_id, /* property mutator */ void thrift_ssl_socket_set_property (GObject *object, guint property_id, - const GValue *value, GParamSpec *pspec) + const GValue *value, GParamSpec *pspec) { ThriftSSLSocket *socket = THRIFT_SSL_SOCKET (object); @@ -534,8 +527,8 @@ thrift_ssl_socket_set_property (GObject *object, guint property_id, { case PROP_THRIFT_SSL_SOCKET_CONTEXT: if(socket->ctx!=NULL){ - g_debug("Freeing the context since we are setting a new one"); - SSL_CTX_free(socket->ctx); + g_debug("Freeing the context since we are setting a new one"); + SSL_CTX_free(socket->ctx); } socket->ctx = g_value_get_pointer(value); // We copy the context break; @@ -575,13 +568,6 @@ thrift_ssl_socket_initialize_openssl(void) void thrift_ssl_socket_finalize_openssl(void) { - - /* FIXME This should not be here */ - if (thrift_ssl_socket_global_context != NULL) { - SSL_CTX_free(thrift_ssl_socket_global_context); - thrift_ssl_socket_global_context = NULL; - } - if (!thrift_ssl_socket_openssl_initialized) { return; } @@ -614,33 +600,18 @@ thrift_ssl_socket_class_init (ThriftSSLSocketClass *cls) gobject_class->get_property = thrift_ssl_socket_get_property; gobject_class->set_property = thrift_ssl_socket_set_property; param_spec = g_param_spec_pointer ("ssl_context", - "SSLContext", - "Set the SSL context for handshake with the remote host", - G_PARAM_READWRITE); + "SSLContext", + "Set the SSL context for handshake with the remote host", + G_PARAM_READWRITE); g_object_class_install_property (gobject_class, PROP_THRIFT_SSL_SOCKET_CONTEXT, - param_spec); + param_spec); param_spec = g_param_spec_boolean ("ssl_accept_selfsigned", - "Accept Self Signed", - "Whether or not accept self signed certificate", - FALSE, - G_PARAM_READWRITE); + "Accept Self Signed", + "Whether or not accept self signed certificate", + FALSE, + G_PARAM_READWRITE); g_object_class_install_property (gobject_class, PROP_THRIFT_SSL_SELF_SIGNED, - param_spec); - - // This must be supported in future - // param_spec = g_param_spec_uint ("port", - // "port (construct)", - // "Set the port of the remote host", - // 0, /* min */ - // 65534, /* max */ - // 9090, /* default by convention */ - // G_PARAM_CONSTRUCT_ONLY | - // G_PARAM_READWRITE); - // g_object_class_install_property (gobject_class, PROP_THRIFT_SSL_SOCKET_PORT, - // param_spec); - - - + param_spec); /* Class methods */ cls->handle_handshake = thrift_ssl_socket_handle_handshake; cls->create_ssl_context = thrift_ssl_socket_create_ssl_context; @@ -666,44 +637,41 @@ ThriftSSLSocket* thrift_ssl_socket_new(ThriftSSLSocketProtocol ssl_protocol, GError **error) { ThriftSSLSocket *thriftSSLSocket = NULL; + SSL_CTX *ssl_context = NULL; /* Create the context */ - if(thrift_ssl_socket_global_context==NULL){ - if((thrift_ssl_socket_global_context=thrift_ssl_socket_context_initialize(ssl_protocol, error))==NULL){ - // FIXME Do error control - return thriftSSLSocket; - } + if((ssl_context=thrift_ssl_socket_context_initialize(ssl_protocol, error))==NULL){ + g_warning("We cannot initialize context for protocol %d", ssl_protocol); + return thriftSSLSocket; } /* FIXME if the protocol is different? */ - thriftSSLSocket = g_object_new (THRIFT_TYPE_SSL_SOCKET, "ssl_context", thrift_ssl_socket_global_context, NULL); + thriftSSLSocket = g_object_new (THRIFT_TYPE_SSL_SOCKET, "ssl_context", ssl_context, NULL); return thriftSSLSocket; } -void thrift_ssl_socket_set_manager(ThriftSSLSocket *ssl_socket, AUTHORIZATION_MANAGER_CALLBACK callback) -{ - ThriftSSLSocketClass *sslSocketClass = THRIFT_SSL_SOCKET_GET_CLASS (ssl_socket); - if(sslSocketClass){ - sslSocketClass->authorize_peer = callback; - } -} - - ThriftSSLSocket* thrift_ssl_socket_new_with_host(ThriftSSLSocketProtocol ssl_protocol, gchar *hostname, guint port, GError **error) { ThriftSSLSocket *thriftSSLSocket = NULL; + SSL_CTX *ssl_context = NULL; /* Create the context */ - if(thrift_ssl_socket_global_context==NULL){ - if((thrift_ssl_socket_global_context=thrift_ssl_socket_context_initialize(ssl_protocol, error))==NULL){ - // FIXME Do error control - return thriftSSLSocket; - } + if((ssl_context=thrift_ssl_socket_context_initialize(ssl_protocol, error))==NULL){ + // FIXME Do error control + return thriftSSLSocket; } /* FIXME if the protocol is different? */ - thriftSSLSocket = g_object_new (THRIFT_TYPE_SSL_SOCKET, "ssl_context", thrift_ssl_socket_global_context, "hostname", hostname, "port", port, NULL); + thriftSSLSocket = g_object_new (THRIFT_TYPE_SSL_SOCKET, "ssl_context", ssl_context, "hostname", hostname, "port", port, NULL); return thriftSSLSocket; } +void thrift_ssl_socket_set_manager(ThriftSSLSocket *ssl_socket, AUTHORIZATION_MANAGER_CALLBACK callback) +{ + ThriftSSLSocketClass *sslSocketClass = THRIFT_SSL_SOCKET_GET_CLASS (ssl_socket); + if(sslSocketClass){ + sslSocketClass->authorize_peer = callback; + } +} + SSL_CTX* thrift_ssl_socket_context_initialize(ThriftSSLSocketProtocol ssl_protocol, GError **error) @@ -729,8 +697,8 @@ thrift_ssl_socket_context_initialize(ThriftSSLSocketProtocol ssl_protocol, GErro break; default: g_set_error (error, THRIFT_TRANSPORT_ERROR, - THRIFT_SSL_SOCKET_ERROR_CIPHER_NOT_AVAILABLE, - "The SSL protocol is unknown for %d", ssl_protocol); + THRIFT_SSL_SOCKET_ERROR_CIPHER_NOT_AVAILABLE, + "The SSL protocol is unknown for %d", ssl_protocol); return NULL; break; } @@ -757,13 +725,13 @@ void thrift_ssl_socket_get_error(GError **error, const guchar *error_msg, guint while ((error_code = ERR_get_error()) != 0) { const char* reason = ERR_reason_error_string(error_code); if (reason == NULL) { - g_set_error (error, THRIFT_TRANSPORT_ERROR, - thrift_error_no, - "SSL error %lX: %s", error_code, error_msg); + g_set_error (error, THRIFT_TRANSPORT_ERROR, + thrift_error_no, + "SSL error %lX: %s", error_code, error_msg); }else{ - g_set_error (error, THRIFT_TRANSPORT_ERROR, - thrift_error_no, - "SSL error %lX %s: %s", error_code,reason, error_msg); + g_set_error (error, THRIFT_TRANSPORT_ERROR, + thrift_error_no, + "SSL error %lX %s: %s", error_code,reason, error_msg); } } } http://git-wip-us.apache.org/repos/asf/thrift/blob/b79396f7/lib/c_glib/src/thrift/c_glib/transport/thrift_ssl_socket.h ---------------------------------------------------------------------- diff --git a/lib/c_glib/src/thrift/c_glib/transport/thrift_ssl_socket.h b/lib/c_glib/src/thrift/c_glib/transport/thrift_ssl_socket.h index 0153495..0d415b2 100644 --- a/lib/c_glib/src/thrift/c_glib/transport/thrift_ssl_socket.h +++ b/lib/c_glib/src/thrift/c_glib/transport/thrift_ssl_socket.h @@ -143,16 +143,66 @@ void thrift_ssl_socket_get_error(GError **error, const guchar *error_msg, guint void thrift_ssl_socket_set_manager(ThriftSSLSocket *ssl_socket, AUTHORIZATION_MANAGER_CALLBACK callback); /* This is the SSL API */ +/** + * Convenience function to create a new SSL context with the protocol specified + * and assign this new context to the created ThriftSSLSocket with specified host:port. + * @param ssl_protocol + * @param hostname + * @param port + * @param error + * @return + */ ThriftSSLSocket* thrift_ssl_socket_new_with_host(ThriftSSLSocketProtocol ssl_protocol, gchar *hostname, guint port, GError **error); + +/** + * Convenience function to create a new SSL context with the protocol specified + * and assign this new context to the created ThriftSSLSocket. + * @param ssl_protocol + * @param error + * @return + */ ThriftSSLSocket* thrift_ssl_socket_new(ThriftSSLSocketProtocol ssl_protocol, GError **error); + +/** + * Load a certificate chain from a PEM file. + * @param ssl_socket The ssl socket + * @param file_name The file name of the PEM certificate chain + * @return + */ gboolean thrift_ssl_load_cert_from_file(ThriftSSLSocket *ssl_socket, const char *file_name); + +/** + * Load a certificate chain from memory + * @param ssl_socket the ssl socket + * @param chain_certs the buffer to load PEM from + * @return + */ gboolean thrift_ssl_load_cert_from_buffer(ThriftSSLSocket *ssl_socket, const char chain_certs[]); /** + * Check if the ssl socket is open and ready to send and receive + * @param transport + * @return true if open + */ +gboolean +thrift_ssl_socket_is_open (ThriftTransport *transport); + + +/** + * Open connection if required and set the socket to be ready to send and receive + * @param transport + * @param error + * @return true if operation was correct + */ +gboolean +thrift_ssl_socket_open (ThriftTransport *transport, GError **error); + + +/** * @brief Initialization function * * It will initialize OpenSSL function. This initialization will be done app