[389-commits] esc/src/lib/NssHttpClient engine.cpp, 1.4, 1.5 engine.h, 1.1.1.1, 1.2 manifest.mn, 1.4, 1.5
Jack Magne
jmagne at fedoraproject.org
Fri Jun 19 21:03:42 UTC 2009
- Previous message (by thread): [389-commits] esc/src/lib/coolkey CoolKey.cpp, 1.10, 1.11 CoolKey.h, 1.8, 1.9 Makefile, 1.2, 1.3 manifest.mn, 1.5, 1.6
- Next message (by thread): [389-commits] esc/src/app/xul/esc/chrome/content/esc certManager.xul, 1.4, 1.5
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: jmagne
Update of /cvs/dirsec/esc/src/lib/NssHttpClient
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv27580/lib/NssHttpClient
Modified Files:
engine.cpp engine.h manifest.mn
Log Message:
Bugzilla#479722 ESC to TPS SSL communication problem with renewed TPS cert.
Index: engine.cpp
===================================================================
RCS file: /cvs/dirsec/esc/src/lib/NssHttpClient/engine.cpp,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- engine.cpp 24 Feb 2007 02:10:45 -0000 1.4
+++ engine.cpp 19 Jun 2009 21:03:40 -0000 1.5
@@ -16,6 +16,8 @@
* All rights reserved.
* END COPYRIGHT BLOCK **/
+#define FORCE_PR_LOG 1
+
#include <nspr.h>
#include "sslproto.h"
#include <prerror.h>
@@ -27,7 +29,7 @@
#include "certt.h"
#include "sslerr.h"
#include "secerr.h"
-
+#include "CoolKey.h"
#include "engine.h"
#include "http.h"
@@ -39,6 +41,9 @@
int cipherCount = 0;
int _doVerifyServerCert = 1;
+PRLogModuleInfo *httpEngineLog = PR_NewLogModule("coolKeyHttpEngine");
+
+
PRIntervalTime Engine::globaltimeout = PR_TicksPerSecond()*30;
/**
@@ -56,13 +61,26 @@
SECStatus secStatus = SECFailure;
PRErrorCode err;
+ char tBuff[56];
+
+ PR_LOG(httpEngineLog, PR_LOG_DEBUG,
+ ("%s myBadCertHandler enter. \n",GetTStamp(tBuff,56)));
+
/* log invalid cert here */
if ( !arg ) {
return secStatus;
}
- *(PRErrorCode *)arg = err = PORT_GetError();
+ err = PORT_GetError();
+
+ BadCertData *data = (BadCertData *) arg;
+ if(data) {
+ data->error = err;
+ }
+
+ PR_LOG(httpEngineLog, PR_LOG_DEBUG,
+ ("%s myBadCertHandler err: %d . \n",GetTStamp(tBuff,56),err));
/* If any of the cases in the switch are met, then we will proceed */
/* with the processing of the request anyway. Otherwise, the default */
@@ -91,6 +109,10 @@
break;
}
+ PR_LOG(httpEngineLog, PR_LOG_DEBUG,
+ ("%s myBadCertHandler status: %d . \n",GetTStamp(tBuff,56),secStatus));
+
+
return secStatus;
}
@@ -416,7 +438,6 @@
return;
}
-
void Engine::CloseConnection()
{
connectionClosed = true;
@@ -426,7 +447,14 @@
PR_Close(_sock);
_sock = NULL;
}
+
+ if(_certData)
+ {
+ delete _certData;
+ _certData = NULL;
+ }
}
+
/**
* Returns a file descriptor for I/O if the HTTP connection is successful
* @param addr PRnetAddr structure which points to the server to connect to
@@ -442,21 +470,19 @@
PRFileDesc *tcpsock = NULL;
PRFileDesc *sock = NULL;
connectionClosed = false;
+ _certData = new BadCertData();
tcpsock = PR_OpenTCPSocket(addr->raw.family);
-
if (!tcpsock) {
-
return NULL;
}
nodelay(tcpsock);
if (PR_TRUE == SSLOn) {
- sock=SSL_ImportFD(NULL, tcpsock);
-
+ sock=SSL_ImportFD(NULL, tcpsock);
if (!sock) {
//xxx log
if( tcpsock != NULL ) {
@@ -516,9 +542,23 @@
PRErrorCode errCode = 0;
- rv = SSL_BadCertHook( sock,
+ if(_certData) {
+ _certData->error = errCode;
+ _certData->port = PR_ntohs(PR_NetAddrInetPort(addr));
+ }
+
+ CoolKeyBadCertHandler overriddenHandler = CoolKeyGetBadCertHandler();
+
+ if(overriddenHandler) {
+ rv = SSL_BadCertHook( sock,
+ (SSLBadCertHandler)overriddenHandler,
+ (void *)_certData);
+ } else {
+ rv = SSL_BadCertHook( sock,
(SSLBadCertHandler)myBadCertHandler,
- &errCode );
+ (void *)_certData);
+ }
+
rv = SSL_SetURL( sock, serverName );
if (rv != SECSuccess ) {
@@ -536,8 +576,6 @@
sock = tcpsock;
}
-
-
if ( PR_Connect(sock, addr, timeout) == PR_FAILURE ) {
if( sock != NULL ) {
@@ -563,11 +601,17 @@
const PSHttpServer& server,
int timeout, PRBool expectChunked ,PRBool processStreamed) {
PRNetAddr addr;
- PRFileDesc *sock = NULL;
PSHttpResponse *resp = NULL;
PRBool response_code = 0;
+ char tBuff[56];
+
+ PR_LOG(httpEngineLog, PR_LOG_DEBUG,
+ ("%s HttpEngine::makeRequest enter. \n",GetTStamp(tBuff,56)));
+
+
+
server.getAddr(&addr);
char *nickName = request.getCertNickName();
@@ -575,8 +619,17 @@
char *serverName = (char *)server.getAddr();
_sock = _doConnect( &addr, request.isSSL(), 0, 0,nickName, 0, serverName );
+ PR_LOG(httpEngineLog, PR_LOG_DEBUG,
+ ("%s HttpEngine::makeRequest past doConnect sock: %p. \n",
+ GetTStamp(tBuff,56),_sock));
+
if ( _sock != NULL) {
PRBool status = request.send( _sock );
+
+ PR_LOG(httpEngineLog, PR_LOG_DEBUG,
+ ("%s HttpEngine::makeRequest past request.send status: %d. \n",
+ GetTStamp(tBuff,56),status));
+
if ( status ) {
resp = new PSHttpResponse( _sock, &request, timeout, expectChunked ,this);
response_code = resp->processResponse(processStreamed);
Index: engine.h
===================================================================
RCS file: /cvs/dirsec/esc/src/lib/NssHttpClient/engine.h,v
retrieving revision 1.1.1.1
retrieving revision 1.2
diff -u -r1.1.1.1 -r1.2
--- engine.h 12 Jun 2006 23:39:52 -0000 1.1.1.1
+++ engine.h 19 Jun 2009 21:03:40 -0000 1.2
@@ -22,9 +22,17 @@
#include "response.h"
#include "request.h"
+struct BadCertData {
+ PRErrorCode error;
+ PRInt32 port;
+};
+
+typedef struct BadCertData BadCertData;
+
+
class __EXPORT Engine {
public:
- Engine() {};
+ Engine() { _certData = NULL; _sock=NULL;};
~Engine() {};
PRFileDesc *_doConnect(PRNetAddr *addr, PRBool SSLOn = PR_FALSE,
@@ -37,7 +45,8 @@
static PRIntervalTime globaltimeout;
PRFileDesc *_sock;
-
+ BadCertData *_certData;
+ BadCertData *getBadCertData() { return _certData;}
PRFileDesc *getSocket() { return _sock;}
bool connectionClosed ;
Index: manifest.mn
===================================================================
RCS file: /cvs/dirsec/esc/src/lib/NssHttpClient/manifest.mn,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- manifest.mn 4 Feb 2009 01:43:47 -0000 1.4
+++ manifest.mn 19 Jun 2009 21:03:40 -0000 1.5
@@ -24,7 +24,7 @@
MODULE = httpchunked
LIBRARY_NAME = $(MODULE)
SHARED_NAME = $(MODULE)
-REQUIRES = nss nspr
+REQUIRES = nss nspr ckymanager
ifndef MOZ_OFFSET
MOZ_OFFSET = mozilla-1.7.13
endif
- Previous message (by thread): [389-commits] esc/src/lib/coolkey CoolKey.cpp, 1.10, 1.11 CoolKey.h, 1.8, 1.9 Makefile, 1.2, 1.3 manifest.mn, 1.5, 1.6
- Next message (by thread): [389-commits] esc/src/app/xul/esc/chrome/content/esc certManager.xul, 1.4, 1.5
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the Fedora-directory-commits
mailing list