ObjOpenSSL  Check-in [54c783b25f]

Overview
Comment:Register helpers for thread-safety with OpenSSL.
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA3-256: 54c783b25f4c7f294d9e691e7393f6453e6a7de8acf572b1ed3505536e9149e9
User & Date: jos@kuijpersvof.nl on 2011-10-22 16:36:08
Other Links: manifest | tags
Context
2011-10-23
23:39
Add methods enabling certificate verification check-in: 7fa9a01744 user: florob@babelmonkeys.de tags: trunk
2011-10-22
16:36
Register helpers for thread-safety with OpenSSL. check-in: 54c783b25f user: jos@kuijpersvof.nl tags: trunk
16:33
Only call SSL_shutdown if we have an SSL context.
This would otherwise cause trouble for listening sockets.
check-in: 5695c6cedc user: js tags: trunk
Changes

Modified src/SSLSocket.m from [caea951286] to [c5200f606f].

23
24
25
26
27
28
29


30
31
32
33
34
35
36
37
38
39
40

41
42
43
44
45
46















47
48
49
50
51
52
53
54
55


56
57
58










59
60
61
62
63
64
65
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95







+
+











+






+
+
+
+
+
+
+
+
+
+
+
+
+
+
+









+
+



+
+
+
+
+
+
+
+
+
+







#include <unistd.h>
#include <errno.h>
#include <assert.h>

#import <ObjFW/OFHTTPRequest.h>
#import <ObjFW/OFDataArray.h>

#include <openssl/crypto.h>

#import "SSLSocket.h"

#import <ObjFW/OFAcceptFailedException.h>
#import <ObjFW/OFConnectionFailedException.h>
#import <ObjFW/OFInitializationFailedException.h>
#import <ObjFW/OFInvalidArgumentException.h>
#import <ObjFW/OFNotConnectedException.h>
#import <ObjFW/OFOutOfRangeException.h>
#import <ObjFW/OFReadFailedException.h>
#import <ObjFW/OFWriteFailedException.h>
#import <ObjFW/macros.h>
#import <ObjFW/threading.h>

#ifndef INVALID_SOCKET
# define INVALID_SOCKET -1
#endif

static SSL_CTX *ctx;
static of_mutex_t *ssl_mutexes;

static void
ssl_locking_callback(int mode, int n, const char *file, int line)
{
	/*
	 * This function must handle up to CRYPTO_num_locks() mutexes.
	 * It must set the n-th lock if mode & CRYPTO_LOCK,
	 * release it otherwise.
	 */
	if (mode & CRYPTO_LOCK)
		of_mutex_lock(&ssl_mutexes[n]);
	else
		of_mutex_unlock(&ssl_mutexes[n]);
}

@implementation SSLSocket
+ (void)load
{
	of_http_request_tls_socket_class = self;
}

+ (void)initialize
{
	int m;

	if (self != [SSLSocket class])
		return;

	CRYPTO_set_id_callback(&of_thread_current);

	/* Generate number of mutexes needed */
	m = CRYPTO_num_locks();
	ssl_mutexes = malloc(m * sizeof(of_mutex_t));
	for (m--; m >= 0; m--)
		of_mutex_new(&ssl_mutexes[m]);

	CRYPTO_set_locking_callback(&ssl_locking_callback);

	SSL_library_init();

	if ((ctx = SSL_CTX_new(SSLv23_method())) == NULL)
		@throw [OFInitializationFailedException
		    exceptionWithClass: self];

	if ((SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2) & SSL_OP_NO_SSLv2) == 0)