[pan2/testing: 249/279] pre-choose the most probable port for ssl/plain connections

[Heinrich MÃller <henmull src gnome org>]

commit 288452b984b87a6baac8471c77571f65eb82c538
Author: Heinrich MÃller <sphemuel stud informatik uni-erlangen de>
Date:   Tue Nov 22 12:50:16 2011 +0100

    pre-choose the most probable port for ssl/plain connections
    
    changed cert routines to employ the server quark instead of the
    host address

 pan/data-impl/server.cc          |    2 +-
 pan/data/cert-store.cc           |   12 ++++--------
 pan/data/data.h                  |    2 +-
 pan/general/macros.h             |    3 +++
 pan/gui/gui.cc                   |   20 ++++++--------------
 pan/gui/gui.h                    |    2 +-
 pan/gui/pan.cc                   |    2 +-
 pan/gui/server-ui.cc             |   15 ++++++++++++++-
 pan/tasks/nntp-pool.cc           |   17 +++++++----------
 pan/tasks/queue.cc               |    4 +---
 pan/tasks/socket-impl-main.cc    |   29 +++++++++++++++--------------
 pan/tasks/socket-impl-main.h     |    3 ++-
 pan/tasks/socket-impl-openssl.cc |   17 ++++++++++-------
 pan/tasks/socket-impl-openssl.h  |    3 ++-
 14 files changed, 68 insertions(+), 63 deletions(-)
---
diff --git a/pan/data-impl/server.cc b/pan/data-impl/server.cc
index 10af926..be95549 100644
--- a/pan/data-impl/server.cc
+++ b/pan/data-impl/server.cc
@@ -377,7 +377,7 @@ DataImpl :: load_server_properties (const DataIO& source)
     s.host = kv["host"];
     s.username = kv["username"];
     s.password = kv["password"];
-    s.port = to_int (kv["port"], 119);
+    s.port = to_int (kv["port"], STD_NNTP_PORT);
     s.max_connections = to_int (kv["connection-limit"], 2);
     s.article_expiration_age = to_int(kv["expire-articles-n-days-old"], 31);
     s.rank = to_int(kv["rank"], 1);
diff --git a/pan/data/cert-store.cc b/pan/data/cert-store.cc
index d1fd50b..672b4ac 100644
--- a/pan/data/cert-store.cc
+++ b/pan/data/cert-store.cc
@@ -69,7 +69,6 @@ namespace pan
       /* accept user-override on self-signed certificates */
       if (err == X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN ||
           err == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT ||
-          err == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT ||
           err == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY)
         mydata->cs->verify_failed(cert, mydata->server, mydata->cert_name, err);
       else
@@ -139,12 +138,9 @@ namespace pan
       _cert_to_server.erase(server);
       _certs.erase(server);
       remove_hard(server);
-//      SSL_CTX_set_cert_store(_ctx, X509_STORE_new());
       Quark setme;
-      _data.find_server_by_hn(server, setme);
-      _data.set_server_cert(setme, "");
-      _data.save_server_info(setme);
-//      init_me();
+      _data.set_server_cert(server, "");
+      _data.save_server_info(server);
     }
 
   }
@@ -175,8 +171,8 @@ namespace pan
 
     std::string addr; int port;
     _data.get_server_addr(server, addr, port);
-    _certs.insert(addr);
-    _cert_to_server[addr] = cert;
+    _certs.insert(server);
+    _cert_to_server[server] = cert;
 
     const char* buf(build_cert_name(addr.c_str()).c_str());
 
diff --git a/pan/data/data.h b/pan/data/data.h
index fda34ed..aea5eaa 100644
--- a/pan/data/data.h
+++ b/pan/data/data.h
@@ -180,7 +180,7 @@ namespace pan
          typedef sorted_vector<Quark,true,AlphabeticalQuarkOrdering> groups_t;
          groups_t groups;
 
-         Server(): port(119), article_expiration_age(31), max_connections(2), rank(1), ssl_support(0) {}
+         Server(): port(STD_NNTP_PORT), article_expiration_age(31), max_connections(2), rank(1), ssl_support(0) {}
       };
 
     protected:
diff --git a/pan/general/macros.h b/pan/general/macros.h
index 6d4a293..84b7df6 100644
--- a/pan/general/macros.h
+++ b/pan/general/macros.h
@@ -20,6 +20,9 @@
 #ifndef __Pan_Macros_h__
 #define __Pan_Macros_h__
 
+#define STD_SSL_PORT 563
+#define STD_NNTP_PORT 119
+
 /**
 ***  foreach
 **/
diff --git a/pan/gui/gui.cc b/pan/gui/gui.cc
index fede36f..628ee9a 100644
--- a/pan/gui/gui.cc
+++ b/pan/gui/gui.cc
@@ -1312,7 +1312,9 @@ bool GUI :: confirm_accept_new_cert_dialog(GtkWindow * parent, X509* cert, const
   bool ret(false);
 
   char buf[4096];
-  pretty_print_x509(buf,sizeof(buf), server, cert,true);
+  std::string host; int port;
+  _data.get_server_addr(server,host,port);
+  pretty_print_x509(buf,sizeof(buf), host, cert,true);
   gdk_threads_enter();
     GtkWidget * d = gtk_message_dialog_new (
       parent,
@@ -2098,25 +2100,15 @@ GUI :: on_prefs_string_changed (const StringView& key, const StringView& value)
 void
 GUI :: on_verify_cert_failed(X509* cert, std::string server, std::string cert_name, int nr)
 {
-  std::cerr<<"on verify failed gui ("<<server<<") ("<<cert_name<<")\n";
   if (!cert || cert_name.empty() || server.empty()) return;
 
-  Quark setme;
-  bool found(_data.find_server_by_hn(server, setme));
-
   if (GUI::confirm_accept_new_cert_dialog(get_window(_root),cert,server))
-    if (!_certstore.add(cert, setme))
+    if (!_certstore.add(cert, server))
       Log::add_urgent_va("Error adding certificate of server '%s' to Certificate Store",server.c_str());
     else
     {
-      std::cerr<<"added cert "<<cert<<" to server "<<server<<std::endl;
-
-      if (found)
-      {
-        std::cerr<<"on verify failed gui ("<<server<<") ("<<cert_name<<")\n";
-        _data.set_server_cert(setme, cert_name);
-        _data.save_server_info(setme);
-      }
+      _data.set_server_cert(server, cert_name);
+      _data.save_server_info(server);
     }
 }
 
diff --git a/pan/gui/gui.h b/pan/gui/gui.h
index 3dec2fd..d81ed31 100644
--- a/pan/gui/gui.h
+++ b/pan/gui/gui.h
@@ -129,7 +129,7 @@ namespace pan
       virtual void do_delete_article ();
       virtual bool deletion_confirmation_dialog();
 #ifdef HAVE_OPENSSL
-      static bool confirm_accept_new_cert_dialog(GtkWindow*, X509*, const Quark&);
+      bool confirm_accept_new_cert_dialog(GtkWindow*, X509*, const Quark&);
 #endif
       virtual void do_clear_article_cache ();
       virtual void do_mark_article_read ();
diff --git a/pan/gui/pan.cc b/pan/gui/pan.cc
index 3d3f5c8..6d1b1c0 100644
--- a/pan/gui/pan.cc
+++ b/pan/gui/pan.cc
@@ -347,7 +347,7 @@ main (int argc, char *argv[])
     WorkerPool worker_pool (4, true);
 
     // init the socket creator
-    SocketCreator socket_creator(certstore);
+    SocketCreator socket_creator(data, certstore);
 
     Queue queue (data, data, &socket_creator, certstore, worker_pool,
                  prefs.get_flag ("work-online", true),
diff --git a/pan/gui/server-ui.cc b/pan/gui/server-ui.cc
index 48e81d9..a4e5d8e 100644
--- a/pan/gui/server-ui.cc
+++ b/pan/gui/server-ui.cc
@@ -55,6 +55,7 @@ using namespace pan;
 *************  EDIT DIALOG
 ************/
 
+
 namespace
 {
   struct ServerEditDialog
@@ -99,6 +100,17 @@ namespace
     gtk_adjustment_set_value (a, i);
   }
 
+  void ssl_changed_cb(GtkComboBox* w, ServerEditDialog* d)
+  {
+    int ssl(0);
+#ifdef HAVE_OPENSSL
+    GtkTreeIter iter;
+    if (gtk_combo_box_get_active_iter (w, &iter))
+      gtk_tree_model_get (gtk_combo_box_get_model(w), &iter, 1, &ssl, -1);
+    pan_spin_button_set (d->port_spin, ssl==0 ? STD_NNTP_PORT : STD_SSL_PORT);
+#endif
+  }
+
   void
   edit_dialog_populate (Data&, const Quark& server, ServerEditDialog * d)
   {
@@ -108,7 +120,7 @@ namespace
 
     d->server = server;
 
-    int port(119), max_conn(4), age(31*3), rank(1), ssl(0);
+    int port(STD_NNTP_PORT), max_conn(4), age(31*3), rank(1), ssl(0);
     std::string addr, user, pass, cert;
     if (!server.empty()) {
       d->data.get_server_addr (server, addr, port);
@@ -394,6 +406,7 @@ pan :: server_edit_dialog_new (Data& data, Queue& queue, GtkWindow * window, con
     }
 
     d->ssl_combo = w = gtk_combo_box_new_with_model (GTK_TREE_MODEL(store));
+    g_signal_connect(w, "changed", G_CALLBACK(ssl_changed_cb), d);
     g_object_unref (G_OBJECT(store));
     gtk_cell_layout_pack_start (GTK_CELL_LAYOUT (w), renderer, true);
     gtk_cell_layout_set_attributes (GTK_CELL_LAYOUT (w), renderer, "text", 0, NULL);
diff --git a/pan/tasks/nntp-pool.cc b/pan/tasks/nntp-pool.cc
index ff0abde..f928a4a 100644
--- a/pan/tasks/nntp-pool.cc
+++ b/pan/tasks/nntp-pool.cc
@@ -280,14 +280,13 @@ NNTP_Pool :: request_nntp (WorkerPool& threadpool)
   {
     std::string address;
     int port;
-
-    if (_server_info.get_server_addr (_server, address, port))
-      if (!_certstore.in_blacklist(address))
-      {
-        ++_pending_connections;
-        const bool ssl(_server_info.get_server_ssl_support(_server));
-        _socket_creator->create_socket (address, port, threadpool, this, ssl);
-      }
+    _server_info.get_server_addr (_server, address, port);
+    if (!_certstore.in_blacklist(_server))
+    {
+      ++_pending_connections;
+      const bool ssl(_server_info.get_server_ssl_support(_server));
+      _socket_creator->create_socket (address, port, threadpool, this, ssl);
+    }
   }
 }
 
@@ -352,13 +351,11 @@ NNTP_Pool :: idle_upkeep ()
 void
 NNTP_Pool:: on_verify_cert_failed(X509* cert, std::string server, std::string cert_name, int nr)
 {
-//  abort_tasks();
 }
 
 void
 NNTP_Pool :: on_valid_cert_added (X509* cert, std::string server)
 {
-
 }
 #endif
 
diff --git a/pan/tasks/queue.cc b/pan/tasks/queue.cc
index 24d7d29..5717439 100644
--- a/pan/tasks/queue.cc
+++ b/pan/tasks/queue.cc
@@ -338,9 +338,7 @@ Queue :: process_task (Task * task)
     const Task::State::unique_servers_t& servers (state._servers);
     foreach_const (Task::State::unique_servers_t, servers, it)
     {
-      std::string addr; int port;
-      _server_info.get_server_addr(*it, addr, port);
-      if (_certstore.in_blacklist(addr)) continue;
+      if (_certstore.in_blacklist(*it)) continue;
       get_pool(*it).request_nntp (_worker_pool);
     }
 
diff --git a/pan/tasks/socket-impl-main.cc b/pan/tasks/socket-impl-main.cc
index 2889bc7..a0a7c92 100644
--- a/pan/tasks/socket-impl-main.cc
+++ b/pan/tasks/socket-impl-main.cc
@@ -66,11 +66,13 @@ namespace pan
     std::multimap<std::string, Socket*>& socket_map;
     SSL_CTX * context;
     CertStore& store;
-    ThreadWorker (const StringView& h, int p, Socket::Creator::Listener *l, bool ssl, SSL_CTX* ctx, CertStore& cs, std::multimap<std::string, Socket*>& m):
-      host(h), port(p), listener(l), ok(false), socket(0), use_ssl(ssl), context(ctx), store(cs), socket_map(m) {}
+    const Quark server;
+    ThreadWorker (const Quark& s, const StringView& h, int p, Socket::Creator::Listener *l,
+                  bool ssl, SSL_CTX* ctx, CertStore& cs, std::multimap<std::string, Socket*>& m):
+      server(s), host(h), port(p), listener(l), ok(false), socket(0), use_ssl(ssl), context(ctx), store(cs), socket_map(m) {}
 #else
-    ThreadWorker (const StringView& h, int p, Socket::Creator::Listener *l):
-      host(h), port(p), listener(l), ok(false), socket(0), use_ssl(false) {}
+    ThreadWorker (const Quark& s, const StringView& h, int p, Socket::Creator::Listener *l):
+      server(s), host(h), port(p), listener(l), ok(false), socket(0), use_ssl(false) {}
 #endif
 
     void do_work ()
@@ -78,7 +80,7 @@ namespace pan
       #ifdef HAVE_OPENSSL
         if (use_ssl)
         {
-          socket = new GIOChannelSocketSSL (context, store);
+          socket = new GIOChannelSocketSSL (server, context, store);
           socket_map.insert(std::pair<std::string, Socket*>(host, socket));
         }
         else
@@ -124,8 +126,9 @@ namespace
 }
 #endif
 
-SocketCreator :: SocketCreator(CertStore& cs) : store(cs)
+SocketCreator :: SocketCreator(Data& d, CertStore& cs) : data(d), store(cs)
 {
+
 #ifdef HAVE_OPENSSL
   SSL_library_init();
   SSL_load_error_strings();
@@ -161,14 +164,14 @@ SocketCreator :: create_socket (const StringView & host,
                                 Socket::Creator::Listener * listener,
                                 bool               use_ssl)
 {
-
-    if (store.in_blacklist(host.str)) return;
-
+    Quark server;
+    data.find_server_by_hn(host, server);
+    if (store.in_blacklist(server)) return;
     ensure_module_init ();
 #ifdef HAVE_OPENSSL
-    ThreadWorker * w = new ThreadWorker (host, port, listener, use_ssl, ssl_ctx, store, socket_map);
+    ThreadWorker * w = new ThreadWorker (server, host, port, listener, use_ssl, ssl_ctx, store, socket_map);
 #else
-    ThreadWorker * w = new ThreadWorker (host, port, listener);
+    ThreadWorker * w = new ThreadWorker (server, host, port, listener);
 #endif
     threadpool.push_work (w, w, true);
 }
@@ -176,9 +179,7 @@ SocketCreator :: create_socket (const StringView & host,
 #ifdef HAVE_OPENSSL
 void
 SocketCreator :: on_verify_cert_failed(X509* cert, std::string server, std::string cert_name, int nr)
-{
-//    delete_all_socks(socket_map, server);
-}
+{}
 
 void
 SocketCreator :: on_valid_cert_added (X509* cert, std::string server)
diff --git a/pan/tasks/socket-impl-main.h b/pan/tasks/socket-impl-main.h
index a8ff82b..315cc72 100644
--- a/pan/tasks/socket-impl-main.h
+++ b/pan/tasks/socket-impl-main.h
@@ -121,7 +121,7 @@ namespace pan
     private Socket::Creator::Listener
   {
     public:
-      SocketCreator (CertStore&);
+      SocketCreator (Data&, CertStore&);
       virtual ~SocketCreator ();
 
 
@@ -144,6 +144,7 @@ namespace pan
       virtual void on_valid_cert_added (X509*, std::string );
 #endif
       CertStore & store;
+      Data& data;
 
     public:
       virtual void create_socket (const StringView & host,
diff --git a/pan/tasks/socket-impl-openssl.cc b/pan/tasks/socket-impl-openssl.cc
index d550c99..1ca194f 100644
--- a/pan/tasks/socket-impl-openssl.cc
+++ b/pan/tasks/socket-impl-openssl.cc
@@ -112,7 +112,7 @@ extern void* p_freeaddrinfo;
 
 #ifdef HAVE_OPENSSL // without libssl this class is just a stub....
 
-GIOChannelSocketSSL :: GIOChannelSocketSSL (SSL_CTX* ctx, CertStore& cs):
+GIOChannelSocketSSL :: GIOChannelSocketSSL (const Quark& server, SSL_CTX* ctx, CertStore& cs):
    _channel (0),
    _tag_watch (0),
    _tag_timeout (0),
@@ -122,7 +122,8 @@ GIOChannelSocketSSL :: GIOChannelSocketSSL (SSL_CTX* ctx, CertStore& cs):
    _io_performed (false),
    _ctx(ctx),
    _certstore(cs),
-   _rehandshake(false)
+   _rehandshake(false),
+   _server(server)
 {
    cs.add_listener(this);
    _session = cs.get_session();
@@ -299,7 +300,7 @@ GIOChannelSocketSSL :: ~GIOChannelSocketSSL ()
 
   _certstore.remove_listener(this);
 
-  std::cerr << LINE_ID << " destroying socket " << this <<std::endl;
+//  std::cerr << LINE_ID << " destroying socket " << this <<std::endl;
 
   remove_source (_tag_watch);
   remove_source (_tag_timeout);
@@ -372,7 +373,7 @@ namespace
   }
 
 
-  int ssl_handshake(GIOChannel *handle, CertStore::Listener* listener,
+  int ssl_handshake(const Quark& server, GIOChannel *handle, CertStore::Listener* listener,
                     CertStore* cs, std::string host, SSL_SESSION* session, bool rehandshake)
   {
 
@@ -390,7 +391,7 @@ namespace
     mydata.l = listener;
     /* build cert name from scratch or from Server* */
     mydata.cert_name = CertStore::build_cert_name(host);
-    mydata.server = host;
+    mydata.server = server;
     SSL_set_ex_data(chan->ssl, SSL_get_fd(chan->ssl), &mydata);
 
     if (session) ret = SSL_set_session(chan->ssl, session);
@@ -802,7 +803,8 @@ GIOChannelSocketSSL :: ssl_get_iochannel(GIOChannel *handle, gboolean verify)
   gchan->read_buf = g_string_sized_new(4096*128);
 
   int ret;
-  if ((ret = ssl_handshake(gchan, this, &_certstore, _host, _session, _rehandshake)) == 0)
+  if ((ret = ssl_handshake(_server, gchan, this, &_certstore,
+                           _host, _session, _rehandshake)) == 0)
   {
     g_io_channel_set_flags (handle, G_IO_FLAG_NONBLOCK, 0);
     return gchan;
@@ -811,7 +813,8 @@ GIOChannelSocketSSL :: ssl_get_iochannel(GIOChannel *handle, gboolean verify)
 }
 
 void
-GIOChannelSocketSSL :: on_verify_cert_failed (X509* cert, std::string server, std::string cert_name, int nr)
+GIOChannelSocketSSL :: on_verify_cert_failed (X509* cert, std::string server,
+                                              std::string cert_name, int nr)
 {
   if (!_certstore.in_blacklist(server)) _certstore.blacklist(server);
 }
diff --git a/pan/tasks/socket-impl-openssl.h b/pan/tasks/socket-impl-openssl.h
index 38ef501..bfb5485 100644
--- a/pan/tasks/socket-impl-openssl.h
+++ b/pan/tasks/socket-impl-openssl.h
@@ -52,7 +52,7 @@ namespace pan
   {
     public:
       virtual ~GIOChannelSocketSSL ();
-      GIOChannelSocketSSL (SSL_CTX* ctx, CertStore& cs);
+      GIOChannelSocketSSL (const Quark&, SSL_CTX* ctx, CertStore& cs);
 
       virtual bool open (const StringView& address, int port, std::string& setme_err);
       virtual void write_command (const StringView& chars, Socket::Listener *);
@@ -72,6 +72,7 @@ namespace pan
       CertStore& _certstore;
       SSL_SESSION* _session;
       bool _rehandshake;
+      Quark _server;
 
     public:
       void set_rehandshake (bool setme) { _rehandshake = setme; }