activemq-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From tab...@apache.org
Subject svn commit: r1511451 - in /activemq/activemq-cpp/trunk/activemq-cpp/src/main: activemq/transport/tcp/ decaf/internal/net/ssl/openssl/ decaf/net/ssl/
Date Wed, 07 Aug 2013 19:34:50 GMT
Author: tabish
Date: Wed Aug  7 19:34:50 2013
New Revision: 1511451

URL: http://svn.apache.org/r1511451
Log:
fix for: https://issues.apache.org/jira/browse/AMQCPP-505

SSL transport will set the Server Name field based on the connection URI.

Modified:
    activemq/activemq-cpp/trunk/activemq-cpp/src/main/activemq/transport/tcp/SslTransport.cpp
    activemq/activemq-cpp/trunk/activemq-cpp/src/main/activemq/transport/tcp/TcpTransport.cpp
    activemq/activemq-cpp/trunk/activemq-cpp/src/main/activemq/transport/tcp/TcpTransport.h
    activemq/activemq-cpp/trunk/activemq-cpp/src/main/decaf/internal/net/ssl/openssl/OpenSSLParameters.cpp
    activemq/activemq-cpp/trunk/activemq-cpp/src/main/decaf/internal/net/ssl/openssl/OpenSSLParameters.h
    activemq/activemq-cpp/trunk/activemq-cpp/src/main/decaf/internal/net/ssl/openssl/OpenSSLSocket.cpp
    activemq/activemq-cpp/trunk/activemq-cpp/src/main/decaf/internal/net/ssl/openssl/OpenSSLSocket.h
    activemq/activemq-cpp/trunk/activemq-cpp/src/main/decaf/net/ssl/SSLParameters.cpp
    activemq/activemq-cpp/trunk/activemq-cpp/src/main/decaf/net/ssl/SSLParameters.h
    activemq/activemq-cpp/trunk/activemq-cpp/src/main/decaf/net/ssl/SSLSocket.cpp
    activemq/activemq-cpp/trunk/activemq-cpp/src/main/decaf/net/ssl/SSLSocket.h

Modified: activemq/activemq-cpp/trunk/activemq-cpp/src/main/activemq/transport/tcp/SslTransport.cpp
URL: http://svn.apache.org/viewvc/activemq/activemq-cpp/trunk/activemq-cpp/src/main/activemq/transport/tcp/SslTransport.cpp?rev=1511451&r1=1511450&r2=1511451&view=diff
==============================================================================
--- activemq/activemq-cpp/trunk/activemq-cpp/src/main/activemq/transport/tcp/SslTransport.cpp (original)
+++ activemq/activemq-cpp/trunk/activemq-cpp/src/main/activemq/transport/tcp/SslTransport.cpp Wed Aug  7 19:34:50 2013
@@ -74,6 +74,14 @@ void SslTransport::configureSocket(Socke
                 "Socket passed was not an SSLSocket instance.");
         }
 
+        SSLParameters params = sslSocket->getSSLParameters();
+
+        std::vector<std::string> serverNames;
+        serverNames.push_back(this->getLocation().getHost());
+        params.setServerNames(serverNames);
+
+        sslSocket->setSSLParameters(params);
+
         TcpTransport::configureSocket(socket);
     }
     DECAF_CATCH_RETHROW(NullPointerException)

Modified: activemq/activemq-cpp/trunk/activemq-cpp/src/main/activemq/transport/tcp/TcpTransport.cpp
URL: http://svn.apache.org/viewvc/activemq/activemq-cpp/trunk/activemq-cpp/src/main/activemq/transport/tcp/TcpTransport.cpp?rev=1511451&r1=1511450&r2=1511451&view=diff
==============================================================================
--- activemq/activemq-cpp/trunk/activemq-cpp/src/main/activemq/transport/tcp/TcpTransport.cpp (original)
+++ activemq/activemq-cpp/trunk/activemq-cpp/src/main/activemq/transport/tcp/TcpTransport.cpp Wed Aug  7 19:34:50 2013
@@ -362,3 +362,8 @@ void TcpTransport::setTcpNoDelay(bool tc
 bool TcpTransport::isTcpNoDelay() const {
     return this->impl->tcpNoDelay;
 }
+
+////////////////////////////////////////////////////////////////////////////////
+decaf::net::URI TcpTransport::getLocation() const {
+    return this->impl->location;
+}

Modified: activemq/activemq-cpp/trunk/activemq-cpp/src/main/activemq/transport/tcp/TcpTransport.h
URL: http://svn.apache.org/viewvc/activemq/activemq-cpp/trunk/activemq-cpp/src/main/activemq/transport/tcp/TcpTransport.h?rev=1511451&r1=1511450&r2=1511451&view=diff
==============================================================================
--- activemq/activemq-cpp/trunk/activemq-cpp/src/main/activemq/transport/tcp/TcpTransport.h (original)
+++ activemq/activemq-cpp/trunk/activemq-cpp/src/main/activemq/transport/tcp/TcpTransport.h Wed Aug  7 19:34:50 2013
@@ -107,6 +107,8 @@ namespace tcp {
 
     protected:
 
+        decaf::net::URI getLocation() const;
+
         virtual void beforeNextIsStarted();
 
         virtual void afterNextIsStopped();

Modified: activemq/activemq-cpp/trunk/activemq-cpp/src/main/decaf/internal/net/ssl/openssl/OpenSSLParameters.cpp
URL: http://svn.apache.org/viewvc/activemq/activemq-cpp/trunk/activemq-cpp/src/main/decaf/internal/net/ssl/openssl/OpenSSLParameters.cpp?rev=1511451&r1=1511450&r2=1511451&view=diff
==============================================================================
--- activemq/activemq-cpp/trunk/activemq-cpp/src/main/decaf/internal/net/ssl/openssl/OpenSSLParameters.cpp (original)
+++ activemq/activemq-cpp/trunk/activemq-cpp/src/main/decaf/internal/net/ssl/openssl/OpenSSLParameters.cpp Wed Aug  7 19:34:50 2013
@@ -36,20 +36,21 @@ using namespace decaf::internal::net::ss
 #ifdef HAVE_OPENSSL
 
 ////////////////////////////////////////////////////////////////////////////////
-OpenSSLParameters::OpenSSLParameters( SSL_CTX* context ) : needClientAuth( false ),
-                                                           wantClientAuth( false ),
-                                                           useClientMode( true ),
-                                                           context( context ),
-                                                           ssl( NULL ),
-                                                           enabledCipherSuites(),
-                                                           enabledProtocols() {
+OpenSSLParameters::OpenSSLParameters(SSL_CTX* context) : needClientAuth(false),
+                                                         wantClientAuth(false),
+                                                         useClientMode(true),
+                                                         context(context),
+                                                         ssl(NULL),
+                                                         enabledCipherSuites(),
+                                                         enabledProtocols(),
+                                                         serverNames() {
 
-    if( context == NULL ) {
-        throw NullPointerException( __FILE__, __LINE__, "SSL Context was NULL" );
+    if (context == NULL) {
+        throw NullPointerException(__FILE__, __LINE__, "SSL Context was NULL");
     }
 
     // Create a new SSL instance for this Parameters object, each one needs its own.
-    this->ssl = SSL_new( context );
+    this->ssl = SSL_new(context);
 }
 
 #endif
@@ -59,12 +60,10 @@ OpenSSLParameters::~OpenSSLParameters() 
 
     try {
 #ifdef HAVE_OPENSSL
-
-    SSL_free( this->ssl );
-
+        SSL_free(this->ssl);
 #endif
     }
-    DECAF_CATCH_NOTHROW( Exception )
+    DECAF_CATCH_NOTHROW(Exception)
     DECAF_CATCHALL_NOTHROW()
 }
 
@@ -84,8 +83,7 @@ std::vector<std::string> OpenSSLParamete
 }
 
 ////////////////////////////////////////////////////////////////////////////////
-void OpenSSLParameters::setEnabledCipherSuites( const std::vector<std::string>& suites ) {
-
+void OpenSSLParameters::setEnabledCipherSuites(const std::vector<std::string>& suites) {
     // Cache the setting for quicker retrieval
     this->enabledCipherSuites = suites;
 }
@@ -96,13 +94,23 @@ std::vector<std::string> OpenSSLParamete
 }
 
 ////////////////////////////////////////////////////////////////////////////////
-void OpenSSLParameters::setEnabledProtocols( const std::vector<std::string>& protocols ) {
-
+void OpenSSLParameters::setEnabledProtocols(const std::vector<std::string>& protocols) {
     // Cache the setting for quicker retrieval
     this->enabledProtocols = protocols;
 }
 
 ////////////////////////////////////////////////////////////////////////////////
+std::vector<std::string> OpenSSLParameters::getServerNames() const {
+    return this->serverNames;
+}
+
+////////////////////////////////////////////////////////////////////////////////
+void OpenSSLParameters::setServerNames(const std::vector<std::string>& serverNames) {
+    // Cache the setting for quicker retrieval
+    this->serverNames = serverNames;
+}
+
+////////////////////////////////////////////////////////////////////////////////
 OpenSSLParameters* OpenSSLParameters::clone() const {
 
 #ifdef HAVE_OPENSSL
@@ -111,6 +119,7 @@ OpenSSLParameters* OpenSSLParameters::cl
 
     cloned->enabledProtocols = this->enabledProtocols;
     cloned->enabledCipherSuites = this->enabledCipherSuites;
+    cloned->serverNames = this->serverNames;
     cloned->needClientAuth = this->needClientAuth;
     cloned->wantClientAuth = this->wantClientAuth;
     cloned->useClientMode = this->useClientMode;

Modified: activemq/activemq-cpp/trunk/activemq-cpp/src/main/decaf/internal/net/ssl/openssl/OpenSSLParameters.h
URL: http://svn.apache.org/viewvc/activemq/activemq-cpp/trunk/activemq-cpp/src/main/decaf/internal/net/ssl/openssl/OpenSSLParameters.h?rev=1511451&r1=1511450&r2=1511451&view=diff
==============================================================================
--- activemq/activemq-cpp/trunk/activemq-cpp/src/main/decaf/internal/net/ssl/openssl/OpenSSLParameters.h (original)
+++ activemq/activemq-cpp/trunk/activemq-cpp/src/main/decaf/internal/net/ssl/openssl/OpenSSLParameters.h Wed Aug  7 19:34:50 2013
@@ -52,16 +52,17 @@ namespace openssl {
 
         std::vector<std::string> enabledCipherSuites;
         std::vector<std::string> enabledProtocols;
+        std::vector<std::string> serverNames;
 
     private:
 
-        OpenSSLParameters( const OpenSSLParameters& );
-        OpenSSLParameters& operator= ( const OpenSSLParameters& );
+        OpenSSLParameters(const OpenSSLParameters&);
+        OpenSSLParameters& operator=(const OpenSSLParameters&);
 
     public:
 
 #ifdef HAVE_OPENSSL
-        OpenSSLParameters( SSL_CTX* context );
+        OpenSSLParameters(SSL_CTX* context);
 #endif
 
         virtual ~OpenSSLParameters();
@@ -98,11 +99,15 @@ namespace openssl {
 
         std::vector<std::string> getEnabledCipherSuites() const;
 
-        void setEnabledCipherSuites( const std::vector<std::string>& suites );
+        void setEnabledCipherSuites(const std::vector<std::string>& suites);
 
         std::vector<std::string> getEnabledProtocols() const;
 
-        void setEnabledProtocols( const std::vector<std::string>& protocols );
+        void setEnabledProtocols(const std::vector<std::string>& protocols);
+
+        std::vector<std::string> getServerNames() const;
+
+        void setServerNames(const std::vector<std::string>& serverNames);
 
 #ifdef HAVE_OPENSSL
 

Modified: activemq/activemq-cpp/trunk/activemq-cpp/src/main/decaf/internal/net/ssl/openssl/OpenSSLSocket.cpp
URL: http://svn.apache.org/viewvc/activemq/activemq-cpp/trunk/activemq-cpp/src/main/decaf/internal/net/ssl/openssl/OpenSSLSocket.cpp?rev=1511451&r1=1511450&r2=1511451&view=diff
==============================================================================
--- activemq/activemq-cpp/trunk/activemq-cpp/src/main/decaf/internal/net/ssl/openssl/OpenSSLSocket.cpp (original)
+++ activemq/activemq-cpp/trunk/activemq-cpp/src/main/decaf/internal/net/ssl/openssl/OpenSSLSocket.cpp Wed Aug  7 19:34:50 2013
@@ -69,20 +69,17 @@ namespace openssl {
 
     public:
 
-        SocketData() : handshakeStarted( false ),
-                       handshakeCompleted( false ),
+        SocketData() : handshakeStarted(false),
+                       handshakeCompleted(false),
                        commonName(),
                        handshakeLock() {
         }
 
-        ~SocketData() {
-        }
+        ~SocketData() {}
 
 #ifdef HAVE_OPENSSL
-        static int verifyCallback( int verified, X509_STORE_CTX* store DECAF_UNUSED ) {
-
-            if( !verified ) {
-
+        static int verifyCallback(int verified, X509_STORE_CTX* store DECAF_UNUSED) {
+            if (!verified) {
                 // Trap debug info here about why the Certificate failed to validate.
             }
 
@@ -95,70 +92,61 @@ namespace openssl {
 }}}}}
 
 ////////////////////////////////////////////////////////////////////////////////
-OpenSSLSocket::OpenSSLSocket( OpenSSLParameters* parameters ) :
-    SSLSocket(), data( new SocketData() ), parameters( parameters ), input( NULL ), output( NULL ) {
+OpenSSLSocket::OpenSSLSocket(OpenSSLParameters* parameters) :
+    SSLSocket(), data(new SocketData()), parameters(parameters), input(NULL), output(NULL) {
 
-    if( parameters == NULL ) {
-        throw NullPointerException(
-            __FILE__, __LINE__, "The OpenSSL Parameters object instance passed was NULL." );
+    if (parameters == NULL) {
+        throw NullPointerException(__FILE__, __LINE__,
+            "The OpenSSL Parameters object instance passed was NULL.");
     }
 }
 
 ////////////////////////////////////////////////////////////////////////////////
-OpenSSLSocket::OpenSSLSocket( OpenSSLParameters* parameters, const InetAddress* address, int port )  :
-    SSLSocket( address, port ), data( new SocketData() ), parameters( parameters ), input( NULL ), output( NULL ) {
+OpenSSLSocket::OpenSSLSocket(OpenSSLParameters* parameters, const InetAddress* address, int port) :
+    SSLSocket(address, port), data(new SocketData()), parameters(parameters), input(NULL), output(NULL) {
 
-    if( parameters == NULL ) {
-        throw NullPointerException(
-            __FILE__, __LINE__, "The OpenSSL Parameters object instance passed was NULL." );
+    if (parameters == NULL) {
+        throw NullPointerException(__FILE__, __LINE__, "The OpenSSL Parameters object instance passed was NULL.");
     }
 }
 
 ////////////////////////////////////////////////////////////////////////////////
-OpenSSLSocket::OpenSSLSocket( OpenSSLParameters* parameters, const InetAddress* address, int port,
-                              const InetAddress* localAddress, int localPort ) :
-    SSLSocket( address, port, localAddress, localPort ),
-    data( new SocketData() ), parameters( parameters ), input( NULL ), output( NULL ) {
+OpenSSLSocket::OpenSSLSocket(OpenSSLParameters* parameters, const InetAddress* address, int port, const InetAddress* localAddress, int localPort) :
+    SSLSocket(address, port, localAddress, localPort), data(new SocketData()), parameters(parameters), input(NULL), output(NULL) {
 
-    if( parameters == NULL ) {
-        throw NullPointerException(
-            __FILE__, __LINE__, "The OpenSSL Parameters object instance passed was NULL." );
+    if (parameters == NULL) {
+        throw NullPointerException(__FILE__, __LINE__, "The OpenSSL Parameters object instance passed was NULL.");
     }
 }
 
 ////////////////////////////////////////////////////////////////////////////////
-OpenSSLSocket::OpenSSLSocket( OpenSSLParameters* parameters, const std::string& host, int port ) :
-    SSLSocket( host, port ),
-    data( new SocketData() ), parameters( parameters ), input( NULL ), output( NULL ) {
+OpenSSLSocket::OpenSSLSocket(OpenSSLParameters* parameters, const std::string& host, int port) :
+    SSLSocket(host, port), data(new SocketData()), parameters(parameters), input(NULL), output(NULL) {
 
-    if( parameters == NULL ) {
-        throw NullPointerException(
-            __FILE__, __LINE__, "The OpenSSL Parameters object instance passed was NULL." );
+    if (parameters == NULL) {
+        throw NullPointerException(__FILE__, __LINE__, "The OpenSSL Parameters object instance passed was NULL.");
     }
 }
 
 ////////////////////////////////////////////////////////////////////////////////
-OpenSSLSocket::OpenSSLSocket( OpenSSLParameters* parameters, const std::string& host, int port,
-                              const InetAddress* localAddress, int localPort ) :
-    SSLSocket( host, port, localAddress, localPort ),
-    data( new SocketData() ), parameters( parameters ), input( NULL ), output( NULL ) {
+OpenSSLSocket::OpenSSLSocket(OpenSSLParameters* parameters, const std::string& host, int port, const InetAddress* localAddress, int localPort) :
+    SSLSocket(host, port, localAddress, localPort), data(new SocketData()), parameters(parameters), input(NULL), output(NULL) {
 
-    if( parameters == NULL ) {
-        throw NullPointerException(
-            __FILE__, __LINE__, "The OpenSSL Parameters object instance passed was NULL." );
+    if (parameters == NULL) {
+        throw NullPointerException(__FILE__, __LINE__, "The OpenSSL Parameters object instance passed was NULL.");
     }
 }
 
 ////////////////////////////////////////////////////////////////////////////////
 OpenSSLSocket::~OpenSSLSocket() {
-    try{
+    try {
 
         SSLSocket::close();
 
 #ifdef HAVE_OPENSSL
-        if( this->parameters->getSSL() ) {
-            SSL_set_shutdown( this->parameters->getSSL(), SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN );
-            SSL_shutdown( this->parameters->getSSL() );
+        if (this->parameters->getSSL()) {
+            SSL_set_shutdown(this->parameters->getSSL(), SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN);
+            SSL_shutdown(this->parameters->getSSL());
         }
 #endif
 
@@ -167,40 +155,36 @@ OpenSSLSocket::~OpenSSLSocket() {
         delete input;
         delete output;
     }
-    DECAF_CATCH_NOTHROW( Exception )
-    DECAF_CATCHALL_NOTHROW()
-}
+    DECAF_CATCH_NOTHROW(Exception)
+    DECAF_CATCHALL_NOTHROW()}
 
 ////////////////////////////////////////////////////////////////////////////////
-void OpenSSLSocket::connect( const std::string& host, int port, int timeout ) {
+void OpenSSLSocket::connect(const std::string& host, int port, int timeout) {
 
-    try{
+    try {
 
 #ifdef HAVE_OPENSSL
 
         // Perform the actual Socket connection work
-        SSLSocket::connect( host, port, timeout );
+        SSLSocket::connect(host, port, timeout);
 
         // If we actually connected then we can connect the Socket to an OpenSSL
         // BIO filter so that we can use it in OpenSSL APIs.
-        if( isConnected() ) {
+        if (isConnected()) {
 
-            BIO* bio = BIO_new( BIO_s_socket() );
-            if( !bio ) {
-                throw SocketException(
-                    __FILE__, __LINE__, "Failed to create SSL IO Bindings");
+            BIO* bio = BIO_new(BIO_s_socket());
+            if (!bio) {
+                throw SocketException(__FILE__, __LINE__, "Failed to create SSL IO Bindings");
             }
 
-            const SocketFileDescriptor* fd =
-                dynamic_cast<const SocketFileDescriptor*>( this->impl->getFileDescriptor() );
+            const SocketFileDescriptor* fd = dynamic_cast<const SocketFileDescriptor*>(this->impl->getFileDescriptor());
 
-            if( fd == NULL ) {
-                throw SocketException(
-                    __FILE__, __LINE__, "Invalid File Descriptor returned from Socket" );
+            if (fd == NULL) {
+                throw SocketException(__FILE__, __LINE__, "Invalid File Descriptor returned from Socket");
             }
 
-            BIO_set_fd( bio, (int)fd->getValue(), BIO_NOCLOSE );
-            SSL_set_bio( this->parameters->getSSL(), bio, bio );
+            BIO_set_fd(bio, (int )fd->getValue(), BIO_NOCLOSE);
+            SSL_set_bio(this->parameters->getSSL(), bio, bio);
 
             // Later when startHandshake is called we will check for this common name
             // in the provided certificate
@@ -210,33 +194,33 @@ void OpenSSLSocket::connect( const std::
         throw SocketException( __FILE__, __LINE__, "Not Supported" );
 #endif
     }
-    DECAF_CATCH_RETHROW( IOException )
-    DECAF_CATCH_RETHROW( IllegalArgumentException )
-    DECAF_CATCH_EXCEPTION_CONVERT( Exception, IOException )
-    DECAF_CATCHALL_THROW( IOException )
+    DECAF_CATCH_RETHROW(IOException)
+    DECAF_CATCH_RETHROW(IllegalArgumentException)
+    DECAF_CATCH_EXCEPTION_CONVERT(Exception, IOException)
+    DECAF_CATCHALL_THROW(IOException)
 }
 
 ////////////////////////////////////////////////////////////////////////////////
 void OpenSSLSocket::close() {
 
-    try{
+    try {
 
-        if( isClosed() ) {
+        if (isClosed()) {
             return;
         }
 
         SSLSocket::close();
 
-        if( this->input != NULL ) {
+        if (this->input != NULL) {
             this->input->close();
         }
-        if( this->output != NULL ) {
+        if (this->output != NULL) {
             this->output->close();
         }
     }
-    DECAF_CATCH_RETHROW( IOException )
-    DECAF_CATCH_EXCEPTION_CONVERT( Exception, IOException )
-    DECAF_CATCHALL_THROW( IOException )
+    DECAF_CATCH_RETHROW(IOException)
+    DECAF_CATCH_EXCEPTION_CONVERT(Exception, IOException)
+    DECAF_CATCHALL_THROW(IOException)
 }
 
 ////////////////////////////////////////////////////////////////////////////////
@@ -244,16 +228,16 @@ decaf::io::InputStream* OpenSSLSocket::g
 
     checkClosed();
 
-    try{
-        if( this->input == NULL ) {
-            this->input = new OpenSSLSocketInputStream( this );
+    try {
+        if (this->input == NULL) {
+            this->input = new OpenSSLSocketInputStream(this);
         }
 
         return this->input;
     }
-    DECAF_CATCH_RETHROW( IOException )
-    DECAF_CATCH_EXCEPTION_CONVERT( Exception, IOException )
-    DECAF_CATCHALL_THROW( IOException )
+    DECAF_CATCH_RETHROW(IOException)
+    DECAF_CATCH_EXCEPTION_CONVERT(Exception, IOException)
+    DECAF_CATCHALL_THROW(IOException)
 }
 
 ////////////////////////////////////////////////////////////////////////////////
@@ -261,44 +245,55 @@ decaf::io::OutputStream* OpenSSLSocket::
 
     checkClosed();
 
-    try{
-        if( this->output == NULL ) {
-            this->output = new OpenSSLSocketOutputStream( this );
+    try {
+        if (this->output == NULL) {
+            this->output = new OpenSSLSocketOutputStream(this);
         }
 
         return this->output;
     }
-    DECAF_CATCH_RETHROW( IOException )
-    DECAF_CATCH_EXCEPTION_CONVERT( Exception, IOException )
-    DECAF_CATCHALL_THROW( IOException )
+    DECAF_CATCH_RETHROW(IOException)
+    DECAF_CATCH_EXCEPTION_CONVERT(Exception, IOException)
+    DECAF_CATCHALL_THROW(IOException)
 }
 
 ////////////////////////////////////////////////////////////////////////////////
 void OpenSSLSocket::shutdownInput() {
-
-    throw SocketException(
-        __FILE__, __LINE__, "Not supported for SSL Sockets" );
+    throw SocketException(__FILE__, __LINE__, "Not supported for SSL Sockets");
 }
 
 ////////////////////////////////////////////////////////////////////////////////
 void OpenSSLSocket::shutdownOutput() {
-
-    throw SocketException(
-        __FILE__, __LINE__, "Not supported for SSL Sockets" );
+    throw SocketException(__FILE__, __LINE__, "Not supported for SSL Sockets");
 }
 
 ////////////////////////////////////////////////////////////////////////////////
-void OpenSSLSocket::setOOBInline( bool value DECAF_UNUSED ) {
+void OpenSSLSocket::setOOBInline(bool value DECAF_UNUSED) {
+    throw SocketException(__FILE__, __LINE__, "Not supported for SSL Sockets");
+}
 
-    throw SocketException(
-        __FILE__, __LINE__, "Not supported for SSL Sockets" );
+////////////////////////////////////////////////////////////////////////////////
+void OpenSSLSocket::sendUrgentData(int data DECAF_UNUSED) {
+    throw SocketException(__FILE__, __LINE__, "Not supported for SSL Sockets");
 }
 
 ////////////////////////////////////////////////////////////////////////////////
-void OpenSSLSocket::sendUrgentData( int data DECAF_UNUSED ) {
+decaf::net::ssl::SSLParameters OpenSSLSocket::getSSLParameters() const {
+
+    SSLParameters params(this->getEnabledCipherSuites(), this->getEnabledProtocols());
 
-    throw SocketException(
-        __FILE__, __LINE__, "Not supported for SSL Sockets" );
+    params.setServerNames(this->parameters->getServerNames());
+    params.setNeedClientAuth(this->parameters->getNeedClientAuth());
+    params.setWantClientAuth(this->parameters->getWantClientAuth());
+
+    return params;
+}
+
+////////////////////////////////////////////////////////////////////////////////
+void OpenSSLSocket::setSSLParameters(const decaf::net::ssl::SSLParameters& value) {
+    this->parameters->setEnabledCipherSuites(value.getCipherSuites());
+    this->parameters->setEnabledProtocols(value.getProtocols());
+    this->parameters->setServerNames(value.getServerNames());
 }
 
 ////////////////////////////////////////////////////////////////////////////////
@@ -317,8 +312,8 @@ std::vector<std::string> OpenSSLSocket::
 }
 
 ////////////////////////////////////////////////////////////////////////////////
-void OpenSSLSocket::setEnabledCipherSuites( const std::vector<std::string>& suites ) {
-    this->parameters->setEnabledCipherSuites( suites );
+void OpenSSLSocket::setEnabledCipherSuites(const std::vector<std::string>& suites) {
+    this->parameters->setEnabledCipherSuites(suites);
 }
 
 ////////////////////////////////////////////////////////////////////////////////
@@ -327,19 +322,19 @@ std::vector<std::string> OpenSSLSocket::
 }
 
 ////////////////////////////////////////////////////////////////////////////////
-void OpenSSLSocket::setEnabledProtocols( const std::vector<std::string>& protocols ) {
-    this->parameters->setEnabledProtocols( protocols );
+void OpenSSLSocket::setEnabledProtocols(const std::vector<std::string>& protocols) {
+    this->parameters->setEnabledProtocols(protocols);
 }
 
 ////////////////////////////////////////////////////////////////////////////////
 void OpenSSLSocket::startHandshake() {
 
-    if( !this->isConnected() ) {
-        throw IOException( __FILE__, __LINE__, "Socket is not connected." );
+    if (!this->isConnected()) {
+        throw IOException(__FILE__, __LINE__, "Socket is not connected.");
     }
 
-    if( this->isClosed() ) {
-        throw IOException( __FILE__, __LINE__, "Socket already closed." );
+    if (this->isClosed()) {
+        throw IOException(__FILE__, __LINE__, "Socket already closed.");
     }
 
     try {
@@ -347,68 +342,73 @@ void OpenSSLSocket::startHandshake() {
 #ifdef HAVE_OPENSSL
         synchronized( &(this->data->handshakeLock ) ) {
 
-            if( this->data->handshakeStarted ) {
+            if (this->data->handshakeStarted) {
                 return;
             }
 
             this->data->handshakeStarted = true;
 
-            bool peerVerifyDisabled =
-                Boolean::parseBoolean( System::getProperty( "decaf.net.ssl.disablePeerVerification", "false" ) );
+            bool peerVerifyDisabled = Boolean::parseBoolean(System::getProperty("decaf.net.ssl.disablePeerVerification", "false"));
 
-            if( this->parameters->getUseClientMode() ) {
+            if (this->parameters->getUseClientMode()) {
 
                 // Since we are a client we want to enforce peer verification, we set a
                 // callback so we can collect data on why a verify failed for debugging.
-                if(!peerVerifyDisabled) {
-                    SSL_set_verify( this->parameters->getSSL(), SSL_VERIFY_PEER, SocketData::verifyCallback );
+                if (!peerVerifyDisabled) {
+                    SSL_set_verify(this->parameters->getSSL(), SSL_VERIFY_PEER, SocketData::verifyCallback);
                 } else {
-                    SSL_set_verify( this->parameters->getSSL(), SSL_VERIFY_NONE, NULL );
+                    SSL_set_verify(this->parameters->getSSL(), SSL_VERIFY_NONE, NULL);
+                }
+
+                std::vector<std::string> serverNames = this->parameters->getServerNames();
+                if (!serverNames.empty()) {
+                    std::string serverName = serverNames.at(0);
+                    SSL_set_tlsext_host_name(this->parameters->getSSL(), serverName.c_str());
                 }
 
-                int result = SSL_connect( this->parameters->getSSL() );
+                int result = SSL_connect(this->parameters->getSSL());
 
                 // Checks the error status, when things go right we still perform a deeper
                 // check on the provided certificate to ensure that it matches the host name
                 // that we connected to, this prevents someone from using any certificate
                 // signed by a signing authority that we trust.
-                switch( SSL_get_error( this->parameters->getSSL(), result ) ) {
-                    case SSL_ERROR_NONE:
-                        if(!peerVerifyDisabled) {
-                            verifyServerCert( this->data->commonName );
-                        }
-                        break;
-                    case SSL_ERROR_SSL:
-                    case SSL_ERROR_ZERO_RETURN:
-                    case SSL_ERROR_SYSCALL:
-                        SSLSocket::close();
-                        throw OpenSSLSocketException( __FILE__, __LINE__ );
+                switch (SSL_get_error(this->parameters->getSSL(), result)) {
+                case SSL_ERROR_NONE:
+                    if (!peerVerifyDisabled) {
+                        verifyServerCert(this->data->commonName);
+                    }
+                    break;
+                case SSL_ERROR_SSL:
+                case SSL_ERROR_ZERO_RETURN:
+                case SSL_ERROR_SYSCALL:
+                    SSLSocket::close();
+                    throw OpenSSLSocketException(__FILE__, __LINE__);
                 }
 
-            } else {  // We are in Server Mode.
+            } else { // We are in Server Mode.
 
                 int mode = SSL_VERIFY_NONE;
 
-                if(!peerVerifyDisabled) {
+                if (!peerVerifyDisabled) {
 
-                    if( this->parameters->getWantClientAuth() ) {
+                    if (this->parameters->getWantClientAuth()) {
                         mode = SSL_VERIFY_PEER;
                     }
 
-                    if( this->parameters->getNeedClientAuth() ) {
+                    if (this->parameters->getNeedClientAuth()) {
                         mode = SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT;
                     }
                 }
 
-                // Since we are a client we want to enforce peer verification, we set a
+                // Since we are a server we want to enforce peer verification, we set a
                 // callback so we can collect data on why a verify failed for debugging.
-                SSL_set_verify( this->parameters->getSSL(), mode, SocketData::verifyCallback );
+                SSL_set_verify(this->parameters->getSSL(), mode, SocketData::verifyCallback);
 
-                int result = SSL_accept( this->parameters->getSSL() );
+                int result = SSL_accept(this->parameters->getSSL());
 
-                if( result != SSL_ERROR_NONE ) {
+                if (result != SSL_ERROR_NONE) {
                     SSLSocket::close();
-                    throw OpenSSLSocketException( __FILE__, __LINE__ );
+                    throw OpenSSLSocketException(__FILE__, __LINE__);
                 }
             }
 
@@ -418,20 +418,20 @@ void OpenSSLSocket::startHandshake() {
         throw IOException( __FILE__, __LINE__, "SSL Not Supported." );
 #endif
     }
-    DECAF_CATCH_RETHROW( IOException )
-    DECAF_CATCHALL_THROW( IOException )
+    DECAF_CATCH_RETHROW(IOException)
+    DECAF_CATCHALL_THROW(IOException)
 }
 
 ////////////////////////////////////////////////////////////////////////////////
-void OpenSSLSocket::setUseClientMode( bool value ) {
+void OpenSSLSocket::setUseClientMode(bool value) {
 
     synchronized( &( this->data->handshakeLock ) ) {
-        if( this->data->handshakeStarted ) {
-            throw IllegalArgumentException(
-                __FILE__, __LINE__, "Handshake has already been started cannot change mode." );
+        if (this->data->handshakeStarted) {
+            throw IllegalArgumentException(__FILE__, __LINE__,
+                "Handshake has already been started cannot change mode.");
         }
 
-        this->parameters->setUseClientMode( value );
+        this->parameters->setUseClientMode(value);
     }
 }
 
@@ -441,8 +441,8 @@ bool OpenSSLSocket::getUseClientMode() c
 }
 
 ////////////////////////////////////////////////////////////////////////////////
-void OpenSSLSocket::setNeedClientAuth( bool value ) {
-    this->parameters->setNeedClientAuth( value );
+void OpenSSLSocket::setNeedClientAuth(bool value) {
+    this->parameters->setNeedClientAuth(value);
 }
 
 ////////////////////////////////////////////////////////////////////////////////
@@ -451,8 +451,8 @@ bool OpenSSLSocket::getNeedClientAuth() 
 }
 
 ////////////////////////////////////////////////////////////////////////////////
-void OpenSSLSocket::setWantClientAuth( bool value ) {
-    this->parameters->setWantClientAuth( value );
+void OpenSSLSocket::setWantClientAuth(bool value) {
+    this->parameters->setWantClientAuth(value);
 }
 
 ////////////////////////////////////////////////////////////////////////////////
@@ -461,151 +461,145 @@ bool OpenSSLSocket::getWantClientAuth() 
 }
 
 ////////////////////////////////////////////////////////////////////////////////
-int OpenSSLSocket::read( unsigned char* buffer, int size, int offset, int length ) {
+int OpenSSLSocket::read(unsigned char* buffer, int size, int offset, int length) {
 
-    try{
-        if( this->isClosed() ){
-            throw IOException(
-                __FILE__, __LINE__, "The Stream has been closed" );
+    try {
+        if (this->isClosed()) {
+            throw IOException(__FILE__, __LINE__, "The Stream has been closed");
         }
 
-        if( this->isInputShutdown() == true ) {
+        if (this->isInputShutdown() == true) {
             return -1;
         }
 
-        if( length == 0 ) {
+        if (length == 0) {
             return 0;
         }
 
-        if( buffer == NULL ) {
-            throw NullPointerException(
-                __FILE__, __LINE__, "Buffer passed is Null" );
+        if (buffer == NULL) {
+            throw NullPointerException(__FILE__, __LINE__, "Buffer passed is Null");
         }
 
-        if( size < 0 ) {
-            throw IndexOutOfBoundsException(
-                __FILE__, __LINE__, "size parameter out of Bounds: %d.", size );
+        if (size < 0) {
+            throw IndexOutOfBoundsException(__FILE__, __LINE__,
+                "size parameter out of Bounds: %d.", size);
         }
 
-        if( offset > size || offset < 0 ) {
-            throw IndexOutOfBoundsException(
-                __FILE__, __LINE__, "offset parameter out of Bounds: %d.", offset );
+        if (offset > size || offset < 0) {
+            throw IndexOutOfBoundsException(__FILE__, __LINE__,
+                "offset parameter out of Bounds: %d.", offset);
         }
 
-        if( length < 0 || length > size - offset ) {
-            throw IndexOutOfBoundsException(
-                __FILE__, __LINE__, "length parameter out of Bounds: %d.", length );
+        if (length < 0 || length > size - offset) {
+            throw IndexOutOfBoundsException(__FILE__, __LINE__,
+                "length parameter out of Bounds: %d.", length);
         }
 
 #ifdef HAVE_OPENSSL
 
-        if( !this->data->handshakeCompleted ) {
+        if (!this->data->handshakeCompleted) {
             this->startHandshake();
         }
 
         // Read data from the socket.
-        int result = SSL_read( this->parameters->getSSL(), buffer + offset, length );
+        int result = SSL_read(this->parameters->getSSL(), buffer + offset, length);
 
-        switch( SSL_get_error( this->parameters->getSSL(), result ) ) {
-            case SSL_ERROR_NONE:
-                return result;
-            case SSL_ERROR_ZERO_RETURN:
-                if( !isClosed() ) {
-                    this->shutdownInput();
-                    return -1;
-                }
-            default:
-                throw OpenSSLSocketException( __FILE__, __LINE__ );
+        switch (SSL_get_error(this->parameters->getSSL(), result)) {
+        case SSL_ERROR_NONE:
+            return result;
+        case SSL_ERROR_ZERO_RETURN:
+            if (!isClosed()) {
+                this->shutdownInput();
+                return -1;
+            }
+        default:
+            throw OpenSSLSocketException(__FILE__, __LINE__);
         }
 #else
         throw SocketException( __FILE__, __LINE__, "Not Supported" );
 #endif
     }
-    DECAF_CATCH_RETHROW( IOException )
-    DECAF_CATCH_RETHROW( NullPointerException )
-    DECAF_CATCH_RETHROW( IndexOutOfBoundsException )
-    DECAF_CATCHALL_THROW( IOException )
+    DECAF_CATCH_RETHROW(IOException)
+    DECAF_CATCH_RETHROW(NullPointerException)
+    DECAF_CATCH_RETHROW(IndexOutOfBoundsException)
+    DECAF_CATCHALL_THROW(IOException)
 }
 
 ////////////////////////////////////////////////////////////////////////////////
-void OpenSSLSocket::write( const unsigned char* buffer, int size, int offset, int length ) {
+void OpenSSLSocket::write(const unsigned char* buffer, int size, int offset, int length) {
 
-    try{
+    try {
 
-        if( length == 0 ) {
+        if (length == 0) {
             return;
         }
 
-        if( buffer == NULL ) {
-            throw NullPointerException(
-                __FILE__, __LINE__,
-                "TcpSocketOutputStream::write - passed buffer is null" );
+        if (buffer == NULL) {
+            throw NullPointerException(__FILE__, __LINE__,
+                "TcpSocketOutputStream::write - passed buffer is null");
         }
 
-        if( isClosed() ) {
-            throw IOException(
-                __FILE__, __LINE__,
-                "TcpSocketOutputStream::write - This Stream has been closed." );
+        if (isClosed()) {
+            throw IOException(__FILE__, __LINE__,
+                "TcpSocketOutputStream::write - This Stream has been closed.");
         }
 
-        if( size < 0 ) {
-            throw IndexOutOfBoundsException(
-                __FILE__, __LINE__, "size parameter out of Bounds: %d.", size );
+        if (size < 0) {
+            throw IndexOutOfBoundsException(__FILE__, __LINE__,
+                "size parameter out of Bounds: %d.", size);
         }
 
-        if( offset > size || offset < 0 ) {
-            throw IndexOutOfBoundsException(
-                __FILE__, __LINE__, "offset parameter out of Bounds: %d.", offset );
+        if (offset > size || offset < 0) {
+            throw IndexOutOfBoundsException(__FILE__, __LINE__,
+                "offset parameter out of Bounds: %d.", offset);
         }
 
-        if( length < 0 || length > size - offset ) {
-            throw IndexOutOfBoundsException(
-                __FILE__, __LINE__, "length parameter out of Bounds: %d.", length );
+        if (length < 0 || length > size - offset) {
+            throw IndexOutOfBoundsException(__FILE__, __LINE__,
+                "length parameter out of Bounds: %d.", length);
         }
 
 #ifdef HAVE_OPENSSL
 
-        if( !this->data->handshakeCompleted ) {
+        if (!this->data->handshakeCompleted) {
             this->startHandshake();
         }
 
         int remaining = length;
 
-        while( remaining > 0 && !isClosed() ) {
+        while (remaining > 0 && !isClosed()) {
 
-            int written = SSL_write( this->parameters->getSSL(), buffer + offset, remaining );
+            int written = SSL_write(this->parameters->getSSL(), buffer + offset, remaining);
 
-            switch( SSL_get_error( this->parameters->getSSL(), written ) ) {
-                case SSL_ERROR_NONE:
-                    offset += written;
-                    remaining -= written;
-                    break;
-                case SSL_ERROR_ZERO_RETURN:
-                    throw SocketException(
-                        __FILE__, __LINE__,
-                        "The connection was broken unexpectedly." );
-                default:
-                    throw OpenSSLSocketException( __FILE__, __LINE__ );
+            switch (SSL_get_error(this->parameters->getSSL(), written)) {
+            case SSL_ERROR_NONE:
+                offset += written;
+                remaining -= written;
+                break;
+            case SSL_ERROR_ZERO_RETURN:
+                throw SocketException(__FILE__, __LINE__, "The connection was broken unexpectedly.");
+            default:
+                throw OpenSSLSocketException(__FILE__, __LINE__);
             }
         }
 #else
         throw SocketException( __FILE__, __LINE__, "Not Supported" );
 #endif
     }
-    DECAF_CATCH_RETHROW( IOException )
-    DECAF_CATCH_RETHROW( NullPointerException )
-    DECAF_CATCH_RETHROW( IndexOutOfBoundsException )
-    DECAF_CATCHALL_THROW( IOException )
+    DECAF_CATCH_RETHROW(IOException)
+    DECAF_CATCH_RETHROW(NullPointerException)
+    DECAF_CATCH_RETHROW(IndexOutOfBoundsException)
+    DECAF_CATCHALL_THROW(IOException)
 }
 
 ////////////////////////////////////////////////////////////////////////////////
 int OpenSSLSocket::available() {
 
-    try{
+    try {
 
 #ifdef HAVE_OPENSSL
-        if( !isClosed() ) {
-            return SSL_pending( this->parameters->getSSL() );
+        if (!isClosed()) {
+            return SSL_pending(this->parameters->getSSL());
         }
 #else
         throw SocketException( __FILE__, __LINE__, "Not Supported" );
@@ -613,28 +607,26 @@ int OpenSSLSocket::available() {
 
         return -1;
     }
-    DECAF_CATCH_RETHROW( IOException )
-    DECAF_CATCHALL_THROW( IOException )
+    DECAF_CATCH_RETHROW(IOException)
+    DECAF_CATCHALL_THROW(IOException)
 }
 
 ////////////////////////////////////////////////////////////////////////////////
-void OpenSSLSocket::verifyServerCert( const std::string& serverName ) {
+void OpenSSLSocket::verifyServerCert(const std::string& serverName) {
 
 #ifdef HAVE_OPENSSL
-    X509* cert = SSL_get_peer_certificate( this->parameters->getSSL() );
+    X509* cert = SSL_get_peer_certificate(this->parameters->getSSL());
 
-    if( cert == NULL ) {
+    if (cert == NULL) {
         this->close();
-        throw OpenSSLSocketException(
-            __FILE__, __LINE__,
-            "No server certificate for verify for host: %s", serverName.c_str() );
+        throw OpenSSLSocketException(__FILE__, __LINE__, "No server certificate for verify for host: %s", serverName.c_str());
     }
 
     class Finalizer {
     private:
 
-        Finalizer( const Finalizer& );
-        Finalizer& operator= ( const Finalizer& );
+        Finalizer(const Finalizer&);
+        Finalizer& operator=(const Finalizer&);
 
     private:
 
@@ -642,49 +634,46 @@ void OpenSSLSocket::verifyServerCert( co
 
     public:
 
-        Finalizer( X509* cert ) : cert( cert ) {
-        }
-
+        Finalizer(X509* cert) : cert(cert) {}
         ~Finalizer() {
-            if( cert != NULL ) {
-                X509_free( cert );
+            if (cert != NULL) {
+                X509_free(cert);
             }
         }
     };
 
     // Store the Certificate to be cleaned up when the method returns
-    Finalizer final( cert );
+    Finalizer final(cert);
 
     // We check the extensions first since newer x509v3 Certificates are recommended
     // to store the FQDN in the dsnName field of the subjectAltName extension.  If we
     // don't find it there then we can check the commonName field which is where older
     // Certificates placed the FQDN.
-    int extensions = X509_get_ext_count( cert );
+    int extensions = X509_get_ext_count(cert);
 
-    for( int ix = 0; ix < extensions; ix++ ) {
+    for (int ix = 0; ix < extensions; ix++) {
 
-        X509_EXTENSION* extension = X509_get_ext( cert, ix );
-        const char* extensionName = OBJ_nid2sn( OBJ_obj2nid( X509_EXTENSION_get_object( extension ) ) );
+        X509_EXTENSION* extension = X509_get_ext(cert, ix);
+        const char* extensionName = OBJ_nid2sn(OBJ_obj2nid(X509_EXTENSION_get_object(extension)));
 
-        if( StringUtils::compare( "subjectAltName", extensionName ) == 0 ) {
+        if (StringUtils::compare("subjectAltName", extensionName) == 0) {
 
-            X509V3_EXT_METHOD* method = (X509V3_EXT_METHOD*)X509V3_EXT_get( extension );
-            if( method == NULL ) {
+            X509V3_EXT_METHOD* method = (X509V3_EXT_METHOD*) X509V3_EXT_get(extension);
+            if (method == NULL) {
                 break;
             }
 
             const unsigned char* data = extension->value->data;
-            STACK_OF(CONF_VALUE)* confValue =
-                method->i2v( method, method->it ?
-                             ASN1_item_d2i(NULL, &data, extension->value->length, ASN1_ITEM_ptr(method->it)) :
-                             method->d2i( NULL, &data, extension->value->length ), NULL );
+            STACK_OF(CONF_VALUE)* confValue = method->i2v(method,
+                    method->it ?
+                            ASN1_item_d2i(NULL, &data, extension->value->length, ASN1_ITEM_ptr(method->it)) :
+                            method->d2i(NULL, &data, extension->value->length), NULL);
 
             CONF_VALUE* value = NULL;
 
-            for( int iy = 0; iy < sk_CONF_VALUE_num( confValue ); iy++ ) {
+            for (int iy = 0; iy < sk_CONF_VALUE_num( confValue ); iy++) {
                 value = sk_CONF_VALUE_value( confValue, iy );
-                if( ( StringUtils::compare( value->name, "DNS" ) == 0 ) &&
-                      StringUtils::compare( value->value, serverName.c_str() ) == 0 ) {
+                if ((StringUtils::compare(value->name, "DNS") == 0) && StringUtils::compare(value->value, serverName.c_str()) == 0) {
 
                     // Found it.
                     return;
@@ -693,18 +682,18 @@ void OpenSSLSocket::verifyServerCert( co
         }
     }
 
-    X509_NAME* subject = X509_get_subject_name( cert );
+    X509_NAME* subject = X509_get_subject_name(cert);
     char buffer[256];
 
-    if( subject != NULL && X509_NAME_get_text_by_NID( subject, NID_commonName, buffer, 256 ) > 0 ) {
+    if (subject != NULL && X509_NAME_get_text_by_NID(subject, NID_commonName, buffer, 256) > 0) {
         buffer[255] = 0;
-        if( StringUtils::compare( buffer, serverName.c_str() ) == 0 ) {
+        if (StringUtils::compare(buffer, serverName.c_str()) == 0) {
             return;
         }
     }
 
     // We got here so no match to serverName in the Certificate
-    throw OpenSSLSocketException(
-        __FILE__, __LINE__, "Server Certificate Name doesn't match the URI Host Name value." );
+    throw OpenSSLSocketException(__FILE__, __LINE__,
+        "Server Certificate Name doesn't match the URI Host Name value.");
 #endif
 }

Modified: activemq/activemq-cpp/trunk/activemq-cpp/src/main/decaf/internal/net/ssl/openssl/OpenSSLSocket.h
URL: http://svn.apache.org/viewvc/activemq/activemq-cpp/trunk/activemq-cpp/src/main/decaf/internal/net/ssl/openssl/OpenSSLSocket.h?rev=1511451&r1=1511450&r2=1511451&view=diff
==============================================================================
--- activemq/activemq-cpp/trunk/activemq-cpp/src/main/decaf/internal/net/ssl/openssl/OpenSSLSocket.h (original)
+++ activemq/activemq-cpp/trunk/activemq-cpp/src/main/decaf/internal/net/ssl/openssl/OpenSSLSocket.h Wed Aug  7 19:34:50 2013
@@ -40,7 +40,7 @@ namespace openssl {
      *
      * @since 1.0
      */
-    class DECAF_API OpenSSLSocket : public decaf::net::ssl::SSLSocket {
+    class DECAF_API OpenSSLSocket: public decaf::net::ssl::SSLSocket {
     private:
 
         // Private data related to the OpenSSL Socket impl.
@@ -57,31 +57,30 @@ namespace openssl {
 
     private:
 
-        OpenSSLSocket( const OpenSSLSocket& );
-        OpenSSLSocket& operator= ( const OpenSSLSocket& );
+        OpenSSLSocket(const OpenSSLSocket&);
+        OpenSSLSocket& operator=(const OpenSSLSocket&);
 
     public:
 
-        OpenSSLSocket( OpenSSLParameters* parameters );
+        OpenSSLSocket(OpenSSLParameters* parameters);
 
-        OpenSSLSocket( OpenSSLParameters* parameters, const decaf::net::InetAddress* address, int port );
+        OpenSSLSocket(OpenSSLParameters* parameters, const decaf::net::InetAddress* address, int port);
 
-        OpenSSLSocket( OpenSSLParameters* parameters, const decaf::net::InetAddress* address, int port,
-                       const decaf::net::InetAddress* localAddress, int localPort );
+        OpenSSLSocket(OpenSSLParameters* parameters, const decaf::net::InetAddress* address, int port, const decaf::net::InetAddress* localAddress, int localPort);
 
-        OpenSSLSocket( OpenSSLParameters* parameters, const std::string& host, int port );
+        OpenSSLSocket(OpenSSLParameters* parameters, const std::string& host, int port);
 
-        OpenSSLSocket( OpenSSLParameters* parameters, const std::string& host, int port,
-                       const decaf::net::InetAddress* localAddress, int localPort );
+        OpenSSLSocket(OpenSSLParameters* parameters, const std::string& host, int port, const decaf::net::InetAddress* localAddress, int localPort);
 
         virtual ~OpenSSLSocket();
 
-    public:  // Socket Overrides.
+    public:
+        // Socket Overrides.
 
         /**
          * {@inheritDoc}
          */
-        virtual void connect( const std::string& host, int port, int timeout );
+        virtual void connect(const std::string& host, int port, int timeout);
 
         /**
          * {@inheritDoc}
@@ -111,14 +110,24 @@ namespace openssl {
         /**
          * {@inheritDoc}
          */
-        virtual void setOOBInline( bool value );
+        virtual void setOOBInline(bool value);
 
         /**
          * {@inheritDoc}
          */
-        virtual void sendUrgentData( int data );
+        virtual void sendUrgentData(int data);
+
+    public: // SSLSocket Overrides
 
-    public:  // SSLSocket Overrides
+        /**
+         * {@inheritDoc}
+         */
+        virtual decaf::net::ssl::SSLParameters getSSLParameters() const;
+
+        /**
+         * {@inheritDoc}
+         */
+        virtual void setSSLParameters(const decaf::net::ssl::SSLParameters& value);
 
         /**
          * {@inheritDoc}
@@ -138,7 +147,7 @@ namespace openssl {
         /**
          * {@inheritDoc}
          */
-        virtual void setEnabledCipherSuites( const std::vector<std::string>& suites );
+        virtual void setEnabledCipherSuites(const std::vector<std::string>& suites);
 
         /**
          * {@inheritDoc}
@@ -148,7 +157,7 @@ namespace openssl {
         /**
          * {@inheritDoc}
          */
-        virtual void setEnabledProtocols( const std::vector<std::string>& protocols );
+        virtual void setEnabledProtocols(const std::vector<std::string>& protocols);
 
         /**
          * {@inheritDoc}
@@ -158,7 +167,7 @@ namespace openssl {
         /**
          * {@inheritDoc}
          */
-        virtual void setUseClientMode( bool value );
+        virtual void setUseClientMode(bool value);
 
         /**
          * {@inheritDoc}
@@ -168,7 +177,7 @@ namespace openssl {
         /**
          * {@inheritDoc}
          */
-        virtual void setNeedClientAuth( bool value );
+        virtual void setNeedClientAuth(bool value);
 
         /**
          * {@inheritDoc}
@@ -178,7 +187,7 @@ namespace openssl {
         /**
          * {@inheritDoc}
          */
-        virtual void setWantClientAuth( bool value );
+        virtual void setWantClientAuth(bool value);
 
         /**
          * {@inheritDoc}
@@ -205,7 +214,7 @@ namespace openssl {
          * @throw NullPointerException if buffer is Null.
          * @throw IndexOutOfBoundsException if offset + length is greater than buffer size.
          */
-        int read( unsigned char* buffer, int size, int offset, int length );
+        int read(unsigned char* buffer, int size, int offset, int length);
 
         /**
          * Writes the specified data in the passed in buffer to the Socket.
@@ -223,7 +232,7 @@ namespace openssl {
          * @throw NullPointerException if buffer is Null.
          * @throw IndexOutOfBoundsException if offset + length is greater than buffer size.
          */
-        void write( const unsigned char* buffer, int size, int offset, int length );
+        void write(const unsigned char* buffer, int size, int offset, int length);
 
         /**
          * Gets the number of bytes in the Socket buffer that can be read without blocking.
@@ -238,7 +247,7 @@ namespace openssl {
 
         // Perform some additional checks on the Server's Certificate to ensure that
         // its really valid.
-        void verifyServerCert( const std::string& serverName );
+        void verifyServerCert(const std::string& serverName);
 
     };
 

Modified: activemq/activemq-cpp/trunk/activemq-cpp/src/main/decaf/net/ssl/SSLParameters.cpp
URL: http://svn.apache.org/viewvc/activemq/activemq-cpp/trunk/activemq-cpp/src/main/decaf/net/ssl/SSLParameters.cpp?rev=1511451&r1=1511450&r2=1511451&view=diff
==============================================================================
--- activemq/activemq-cpp/trunk/activemq-cpp/src/main/decaf/net/ssl/SSLParameters.cpp (original)
+++ activemq/activemq-cpp/trunk/activemq-cpp/src/main/decaf/net/ssl/SSLParameters.cpp Wed Aug  7 19:34:50 2013
@@ -22,18 +22,18 @@ using namespace decaf::net;
 using namespace decaf::net::ssl;
 
 ////////////////////////////////////////////////////////////////////////////////
-SSLParameters::SSLParameters() : cipherSuites(), protocols(), needClientAuth( false ), wantClientAuth( false ) {
+SSLParameters::SSLParameters() :
+    cipherSuites(), protocols(), serverNames(), needClientAuth(false), wantClientAuth(false) {
 }
 
 ////////////////////////////////////////////////////////////////////////////////
-SSLParameters::SSLParameters( const std::vector<std::string>& cipherSuites ) :
-    cipherSuites( cipherSuites ), protocols(), needClientAuth( false ), wantClientAuth( false ) {
+SSLParameters::SSLParameters(const std::vector<std::string>& cipherSuites) :
+    cipherSuites(cipherSuites), protocols(), serverNames(), needClientAuth(false), wantClientAuth(false) {
 }
 
 ////////////////////////////////////////////////////////////////////////////////
-SSLParameters::SSLParameters( const std::vector<std::string>& cipherSuites,
-                              const std::vector<std::string>& protocols ) :
-    cipherSuites( cipherSuites ), protocols( protocols ), needClientAuth( false ), wantClientAuth( false ) {
+SSLParameters::SSLParameters(const std::vector<std::string>& cipherSuites, const std::vector<std::string>& protocols) :
+    cipherSuites(cipherSuites), protocols(protocols), serverNames(), needClientAuth(false), wantClientAuth(false) {
 }
 
 ////////////////////////////////////////////////////////////////////////////////

Modified: activemq/activemq-cpp/trunk/activemq-cpp/src/main/decaf/net/ssl/SSLParameters.h
URL: http://svn.apache.org/viewvc/activemq/activemq-cpp/trunk/activemq-cpp/src/main/decaf/net/ssl/SSLParameters.h?rev=1511451&r1=1511450&r2=1511451&view=diff
==============================================================================
--- activemq/activemq-cpp/trunk/activemq-cpp/src/main/decaf/net/ssl/SSLParameters.h (original)
+++ activemq/activemq-cpp/trunk/activemq-cpp/src/main/decaf/net/ssl/SSLParameters.h Wed Aug  7 19:34:50 2013
@@ -32,6 +32,7 @@ namespace ssl {
 
         std::vector<std::string> cipherSuites;
         std::vector<std::string> protocols;
+        std::vector<std::string> serverNames;
         bool needClientAuth;
         bool wantClientAuth;
 
@@ -50,7 +51,7 @@ namespace ssl {
          * @param cipherSuites
          *      The vector of cipherSuites for this SSLParameters instance (can be empty).
          */
-        SSLParameters( const std::vector<std::string>& cipherSuites );
+        SSLParameters(const std::vector<std::string>& cipherSuites);
 
         /**
          * Creates a new SSLParameters instance with the given cipherSuites value and protocols
@@ -61,8 +62,7 @@ namespace ssl {
          * @param protocols
          *      The vector of protocols for this SSLParameters instance (can be empty).
          */
-        SSLParameters( const std::vector<std::string>& cipherSuites,
-                       const std::vector<std::string>& protocols );
+        SSLParameters(const std::vector<std::string>& cipherSuites, const std::vector<std::string>& protocols);
 
         virtual ~SSLParameters();
 
@@ -79,7 +79,7 @@ namespace ssl {
          * @param cipherSuites
          *      The vector of cipherSuites (can be an empty vector).
          */
-        void setCipherSuites( const std::vector<std::string>& cipherSuites ) {
+        void setCipherSuites(const std::vector<std::string>& cipherSuites) {
             this->cipherSuites = cipherSuites;
         }
 
@@ -96,7 +96,7 @@ namespace ssl {
          * @param protocols
          *      the vector of protocols (or an empty vector)
          */
-        void setProtocols( const std::vector<std::string>& protocols ) {
+        void setProtocols(const std::vector<std::string>& protocols) {
             this->protocols = protocols;
         }
 
@@ -113,7 +113,7 @@ namespace ssl {
          *
          * @param whether client authentication should be requested.
          */
-        void setWantClientAuth( bool wantClientAuth ) {
+        void setWantClientAuth(bool wantClientAuth) {
             this->wantClientAuth = wantClientAuth;
             this->needClientAuth = false;
         }
@@ -132,11 +132,34 @@ namespace ssl {
          * @param needClientAuth
          *      whether client authentication should be required.
          */
-        void setNeedClientAuth( bool needClientAuth ) {
+        void setNeedClientAuth(bool needClientAuth) {
             this->needClientAuth = needClientAuth;
             this->wantClientAuth = false;
         }
 
+        /**
+         * Sets the Server Names that this client wants to encode for use during the
+         * SSL Handshaking phase.  The list is copied so the values cannot be changed
+         * later.
+         *
+         * @param serverNames
+         *      The server name to encode into the SSL handshake.
+         */
+        void setServerNames(const std::vector<std::string>& serverNames) {
+            this->serverNames = serverNames;
+        }
+
+        /**
+         * Gets the currently set list of server names used.  This method returns a copy
+         * of the list so that it cannot be modified.  If updates are needed a new list
+         * must be set via {#setServerNames}.
+         *
+         * @returns a list of server names if any were previously configured.
+         */
+        std::vector<std::string> getServerNames() const {
+            return this->serverNames;
+        }
+
     };
 
 }}}

Modified: activemq/activemq-cpp/trunk/activemq-cpp/src/main/decaf/net/ssl/SSLSocket.cpp
URL: http://svn.apache.org/viewvc/activemq/activemq-cpp/trunk/activemq-cpp/src/main/decaf/net/ssl/SSLSocket.cpp?rev=1511451&r1=1511450&r2=1511451&view=diff
==============================================================================
--- activemq/activemq-cpp/trunk/activemq-cpp/src/main/decaf/net/ssl/SSLSocket.cpp (original)
+++ activemq/activemq-cpp/trunk/activemq-cpp/src/main/decaf/net/ssl/SSLSocket.cpp Wed Aug  7 19:34:50 2013
@@ -30,21 +30,19 @@ SSLSocket::SSLSocket() : Socket() {
 }
 
 ////////////////////////////////////////////////////////////////////////////////
-SSLSocket::SSLSocket( const InetAddress* address, int port ) : Socket( address, port ) {
+SSLSocket::SSLSocket(const InetAddress* address, int port) : Socket(address, port) {
 }
 
 ////////////////////////////////////////////////////////////////////////////////
-SSLSocket::SSLSocket( const InetAddress* address, int port, const InetAddress* localAddress, int localPort ) :
-    Socket( address, port, localAddress, localPort ) {
+SSLSocket::SSLSocket(const InetAddress* address, int port, const InetAddress* localAddress, int localPort) : Socket(address, port, localAddress, localPort) {
 }
 
 ////////////////////////////////////////////////////////////////////////////////
-SSLSocket::SSLSocket( const std::string& host, int port ) : Socket( host, port ) {
+SSLSocket::SSLSocket(const std::string& host, int port) : Socket(host, port) {
 }
 
 ////////////////////////////////////////////////////////////////////////////////
-SSLSocket::SSLSocket( const std::string& host, int port, const InetAddress* localAddress, int localPort ) :
-    Socket( host, port, localAddress, localPort ) {
+SSLSocket::SSLSocket(const std::string& host, int port, const InetAddress* localAddress, int localPort) : Socket(host, port, localAddress, localPort) {
 }
 
 ////////////////////////////////////////////////////////////////////////////////
@@ -54,26 +52,25 @@ SSLSocket::~SSLSocket() {
 ////////////////////////////////////////////////////////////////////////////////
 SSLParameters SSLSocket::getSSLParameters() const {
 
-    SSLParameters params( this->getEnabledCipherSuites(),
-                          this->getEnabledProtocols() );
+    SSLParameters params(this->getEnabledCipherSuites(), this->getEnabledProtocols());
 
     return params;
 }
 
 ////////////////////////////////////////////////////////////////////////////////
-void SSLSocket::setSSLParameters( const SSLParameters& value ) {
+void SSLSocket::setSSLParameters(const SSLParameters& value) {
 
-    try{
+    try {
 
-        if( !value.getCipherSuites().empty() ) {
-            this->setEnabledCipherSuites( value.getCipherSuites() );
+        if (!value.getCipherSuites().empty()) {
+            this->setEnabledCipherSuites(value.getCipherSuites());
         }
 
-        if( !value.getProtocols().empty() ) {
-            this->setEnabledProtocols( value.getProtocols() );
+        if (!value.getProtocols().empty()) {
+            this->setEnabledProtocols(value.getProtocols());
         }
     }
-    DECAF_CATCH_RETHROW( IllegalArgumentException )
-    DECAF_CATCH_EXCEPTION_CONVERT( Exception, IllegalArgumentException )
-    DECAF_CATCHALL_THROW( IllegalArgumentException )
+    DECAF_CATCH_RETHROW(IllegalArgumentException)
+    DECAF_CATCH_EXCEPTION_CONVERT(Exception, IllegalArgumentException)
+    DECAF_CATCHALL_THROW(IllegalArgumentException)
 }

Modified: activemq/activemq-cpp/trunk/activemq-cpp/src/main/decaf/net/ssl/SSLSocket.h
URL: http://svn.apache.org/viewvc/activemq/activemq-cpp/trunk/activemq-cpp/src/main/decaf/net/ssl/SSLSocket.h?rev=1511451&r1=1511450&r2=1511451&view=diff
==============================================================================
--- activemq/activemq-cpp/trunk/activemq-cpp/src/main/decaf/net/ssl/SSLSocket.h (original)
+++ activemq/activemq-cpp/trunk/activemq-cpp/src/main/decaf/net/ssl/SSLSocket.h Wed Aug  7 19:34:50 2013
@@ -51,7 +51,7 @@ namespace ssl {
          * @throws NullPointerException if the InetAddress instance in NULL.
          * @throws IllegalArgumentException if the port if not in range [0...65535]
          */
-        SSLSocket( const InetAddress* address, int port );
+        SSLSocket(const InetAddress* address, int port);
 
         /**
          * Creates a new SSLSocket instance and connects it to the given address and port.
@@ -71,7 +71,7 @@ namespace ssl {
          * @throws NullPointerException if the InetAddress instance in NULL.
          * @throws IllegalArgumentException if the port if not in range [0...65535]
          */
-        SSLSocket( const InetAddress* address, int port, const InetAddress* localAddress, int localPort );
+        SSLSocket(const InetAddress* address, int port, const InetAddress* localAddress, int localPort);
 
         /**
          * Creates a new SSLSocket instance and connects it to the given host and port.
@@ -87,7 +87,7 @@ namespace ssl {
          * @throws IOException if an I/O error occurs while connecting the Socket.
          * @throws IllegalArgumentException if the port if not in range [0...65535]
          */
-        SSLSocket( const std::string& host, int port );
+        SSLSocket(const std::string& host, int port);
 
         /**
          * Creates a new SSLSocket instance and connects it to the given host and port.
@@ -107,7 +107,7 @@ namespace ssl {
          * @throws IOException if an I/O error occurs while connecting the Socket.
          * @throws IllegalArgumentException if the port if not in range [0...65535]
          */
-        SSLSocket( const std::string& host, int port, const InetAddress* localAddress, int localPort );
+        SSLSocket(const std::string& host, int port, const InetAddress* localAddress, int localPort);
 
         virtual ~SSLSocket();
 
@@ -147,7 +147,7 @@ namespace ssl {
          *
          * @throws IllegalArgumentException if the vector is empty or one of the names is invalid.
          */
-        virtual void setEnabledCipherSuites( const std::vector<std::string>& suites ) = 0;
+        virtual void setEnabledCipherSuites(const std::vector<std::string>& suites) = 0;
 
         /**
          * Returns a vector containing the names of all the currently enabled Protocols for
@@ -167,7 +167,7 @@ namespace ssl {
          *
          * @throws IllegalArgumentException if the vector is empty or one of the names is invalid.
          */
-        virtual void setEnabledProtocols( const std::vector<std::string>& protocols ) = 0;
+        virtual void setEnabledProtocols(const std::vector<std::string>& protocols) = 0;
 
         /**
          * Returns an SSLParameters object for this SSLSocket instance.
@@ -195,7 +195,7 @@ namespace ssl {
          * @throws IllegalArgumentException if an error occurs while calling setEnabledCipherSuites
          *         or setEnabledProtocols.
          */
-        virtual void setSSLParameters( const SSLParameters& value );
+        virtual void setSSLParameters(const SSLParameters& value);
 
         /**
          * Initiates a handshake for this SSL Connection, this can be necessary for several reasons such
@@ -221,7 +221,7 @@ namespace ssl {
          *
          * @throw IllegalArguementException if the handshake process has begun and mode is lcoked.
          */
-        virtual void setUseClientMode( bool value ) = 0;
+        virtual void setUseClientMode(bool value) = 0;
 
         /**
          * Gets whether this Socket is in Client or Server mode, true indicates that the mode is
@@ -242,7 +242,7 @@ namespace ssl {
          * @param value
          *      The value indicating if a client is required to authenticate itself or not.
          */
-        virtual void setNeedClientAuth( bool value ) = 0;
+        virtual void setNeedClientAuth(bool value) = 0;
 
         /**
          * Returns if this socket is configured to require client authentication, true means that is has
@@ -265,7 +265,7 @@ namespace ssl {
          * @param value
          *      The value indicating if a client is requested to authenticate itself or not.
          */
-        virtual void setWantClientAuth( bool value ) = 0;
+        virtual void setWantClientAuth(bool value) = 0;
 
         /**
          * Returns if this socket is configured to request client authentication, true means that is has



Mime
View raw message