qpid-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From g...@apache.org
Subject qpid-cpp git commit: QPID-7693: avoid creating prototype until listen() is called
Date Wed, 08 Mar 2017 13:50:08 GMT
Repository: qpid-cpp
Updated Branches:
  refs/heads/master 4e393bdfa -> a82bd5450


QPID-7693: avoid creating prototype until listen() is called


Project: http://git-wip-us.apache.org/repos/asf/qpid-cpp/repo
Commit: http://git-wip-us.apache.org/repos/asf/qpid-cpp/commit/a82bd545
Tree: http://git-wip-us.apache.org/repos/asf/qpid-cpp/tree/a82bd545
Diff: http://git-wip-us.apache.org/repos/asf/qpid-cpp/diff/a82bd545

Branch: refs/heads/master
Commit: a82bd5450e3698bd0f442ed496f8c6dfd635c7fe
Parents: 4e393bd
Author: Gordon Sim <gsim@redhat.com>
Authored: Wed Mar 8 08:59:24 2017 +0000
Committer: Gordon Sim <gsim@redhat.com>
Committed: Wed Mar 8 08:59:24 2017 +0000

----------------------------------------------------------------------
 src/qpid/sys/ssl/SslSocket.cpp | 18 +++++++++---------
 src/qpid/sys/ssl/SslSocket.h   |  1 +
 2 files changed, 10 insertions(+), 9 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/qpid-cpp/blob/a82bd545/src/qpid/sys/ssl/SslSocket.cpp
----------------------------------------------------------------------
diff --git a/src/qpid/sys/ssl/SslSocket.cpp b/src/qpid/sys/ssl/SslSocket.cpp
index 731151c..92561cd 100644
--- a/src/qpid/sys/ssl/SslSocket.cpp
+++ b/src/qpid/sys/ssl/SslSocket.cpp
@@ -118,16 +118,9 @@ std::string getAuthId(CertificateGetter certificateGetter)
 }
 }
 
-SslSocket::SslSocket(const std::string& certName, bool clientAuth) :
-    nssSocket(0), certname(certName), prototype(0), hostnameVerification(true)
+SslSocket::SslSocket(const std::string& certName, bool _clientAuth) :
+    nssSocket(0), certname(certName), clientAuth(_clientAuth), prototype(0), hostnameVerification(true)
 {
-    //configure prototype socket:
-    prototype = SSL_ImportFD(0, PR_NewTCPSocket());
-
-    if (clientAuth) {
-        NSS_CHECK(SSL_OptionSet(prototype, SSL_REQUEST_CERTIFICATE, PR_TRUE));
-        NSS_CHECK(SSL_OptionSet(prototype, SSL_REQUIRE_CERTIFICATE, PR_TRUE));
-    }
 }
 
 /**
@@ -226,6 +219,13 @@ void SslSocket::close() const
 
 int SslSocket::listen(const SocketAddress& sa, int backlog) const
 {
+    //configure prototype socket:
+    prototype = SSL_ImportFD(0, PR_NewTCPSocket());
+
+    if (clientAuth) {
+        NSS_CHECK(SSL_OptionSet(prototype, SSL_REQUEST_CERTIFICATE, PR_TRUE));
+        NSS_CHECK(SSL_OptionSet(prototype, SSL_REQUIRE_CERTIFICATE, PR_TRUE));
+    }
     //get certificate and key (is this the correct way?)
     std::string cName( (certname == "") ? "localhost.localdomain" : certname);
     CERTCertificate *cert = PK11_FindCertFromNickname(const_cast<char*>(cName.c_str()),
0);

http://git-wip-us.apache.org/repos/asf/qpid-cpp/blob/a82bd545/src/qpid/sys/ssl/SslSocket.h
----------------------------------------------------------------------
diff --git a/src/qpid/sys/ssl/SslSocket.h b/src/qpid/sys/ssl/SslSocket.h
index 733a47a..6f623ba 100644
--- a/src/qpid/sys/ssl/SslSocket.h
+++ b/src/qpid/sys/ssl/SslSocket.h
@@ -73,6 +73,7 @@ public:
 protected:
     mutable PRFileDesc* nssSocket;
     std::string certname;
+    bool clientAuth;
     mutable std::string url;
 
     /**


---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org


Mime
View raw message