[pan2: 196/268] a few ssl improvements
- From: Heinrich MÃller <henmull src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [pan2: 196/268] a few ssl improvements
- Date: Mon, 2 Jan 2012 15:54:28 +0000 (UTC)
commit b2069b3c8b6807cc7963aa2e0a920992bb48dbad
Author: Heinrich MÃller <sphemuel stud informatik uni-erlangen de>
Date: Fri Nov 11 13:04:32 2011 +0100
a few ssl improvements
pan.cbp | 11 ++++++-
pan/data-impl/Makefile.am | 6 ++-
pan/data-impl/add-server.cc | 24 +++++++-------
pan/{tasks => data-impl}/cert-store.cc | 30 +++++++++++-------
pan/{tasks => data-impl}/cert-store.h | 18 ++++++++---
pan/data-impl/data-impl.h | 6 +++-
pan/data/data.h | 8 ++++-
pan/gui/gui.cc | 19 +++++++----
pan/gui/gui.h | 4 +-
pan/gui/pan.cc | 16 ++++------
pan/gui/server-ui.cc | 17 +++++++----
pan/gui/task-pane.h | 11 +------
pan/tasks/Makefile.am | 2 -
pan/tasks/nntp-pool.cc | 30 ++++++++++---------
pan/tasks/nntp-pool.h | 22 +++++++------
pan/tasks/queue.cc | 30 ++++++++++++++++++-
pan/tasks/queue.h | 11 ++----
pan/tasks/socket-impl-main.cc | 20 +++++++++++--
pan/tasks/socket-impl-main.h | 16 +++++++++-
pan/tasks/socket-impl-openssl.cc | 13 ++------
pan/tasks/socket-impl-openssl.h | 2 +-
pan/tasks/socket.h | 1 +
pan/tasks/task-groups.cc | 3 +-
pan/tasks/task-groups.h | 5 ++-
pan/tasks/task.h | 3 ++
pan/tasks/upload-queue.h | 4 --
pan/usenet-utils/ssl-utils.h | 50 +++++++++++++++++++++++++------
27 files changed, 244 insertions(+), 138 deletions(-)
---
diff --git a/pan.cbp b/pan.cbp
index 84703dc..cd009b6 100644
--- a/pan.cbp
+++ b/pan.cbp
@@ -43,6 +43,8 @@
<Unit filename="pan/data-impl/add-server.cc" />
<Unit filename="pan/data-impl/article-filter.cc" />
<Unit filename="pan/data-impl/article-filter.h" />
+ <Unit filename="pan/data-impl/cert-store.cc" />
+ <Unit filename="pan/data-impl/cert-store.h" />
<Unit filename="pan/data-impl/data-impl.cc" />
<Unit filename="pan/data-impl/data-impl.h" />
<Unit filename="pan/data-impl/data-io.cc" />
@@ -59,6 +61,8 @@
<Unit filename="pan/data-impl/rules-filter.h" />
<Unit filename="pan/data-impl/server.cc" />
<Unit filename="pan/data-impl/speed-test-load-group.cc" />
+ <Unit filename="pan/data-impl/sql-db.cc" />
+ <Unit filename="pan/data-impl/sql-db.h" />
<Unit filename="pan/data-impl/task-archive.cc" />
<Unit filename="pan/data-impl/xover.cc" />
<Unit filename="pan/data/article-cache.cc" />
@@ -146,6 +150,8 @@
<Unit filename="pan/gui/gtk_compat.h" />
<Unit filename="pan/gui/gui.cc" />
<Unit filename="pan/gui/gui.h" />
+ <Unit filename="pan/gui/header-pane-factory.cc" />
+ <Unit filename="pan/gui/header-pane-factory.h" />
<Unit filename="pan/gui/header-pane.cc" />
<Unit filename="pan/gui/header-pane.h" />
<Unit filename="pan/gui/hig.cc" />
@@ -204,8 +210,6 @@
<Unit filename="pan/tasks/adaptable-set-test.cc" />
<Unit filename="pan/tasks/adaptable-set.cc" />
<Unit filename="pan/tasks/adaptable-set.h" />
- <Unit filename="pan/tasks/cert-store.cc" />
- <Unit filename="pan/tasks/cert-store.h" />
<Unit filename="pan/tasks/decoder.cc" />
<Unit filename="pan/tasks/decoder.h" />
<Unit filename="pan/tasks/defgroup.h" />
@@ -289,6 +293,9 @@
<Unit filename="uulib/uuencode.c">
<Option compilerVar="CC" />
</Unit>
+ <Unit filename="uulib/uuencode2.c">
+ <Option compilerVar="CC" />
+ </Unit>
<Unit filename="uulib/uuint.h" />
<Unit filename="uulib/uulib.c">
<Option compilerVar="CC" />
diff --git a/pan/data-impl/Makefile.am b/pan/data-impl/Makefile.am
index deffd2b..4b817b9 100644
--- a/pan/data-impl/Makefile.am
+++ b/pan/data-impl/Makefile.am
@@ -13,7 +13,8 @@ libpandata_a_SOURCES = \
server.cc \
my-tree.cc \
task-archive.cc \
- xover.cc
+ xover.cc \
+ cert-store.cc
noinst_HEADERS = \
article-filter.h \
@@ -22,7 +23,8 @@ noinst_HEADERS = \
data-io.h \
defgroup.h \
profiles.h \
- memchunk.h
+ memchunk.h \
+ cert-store.h
noinst_PROGRAMS = \
add-server \
diff --git a/pan/data-impl/add-server.cc b/pan/data-impl/add-server.cc
index 7de7c75..adb9b6f 100644
--- a/pan/data-impl/add-server.cc
+++ b/pan/data-impl/add-server.cc
@@ -59,17 +59,17 @@ int main (int argc, char *argv[])
}
// initialize the queue
- TaskArchive null_task_archive;
- WorkerPool pool;
- CertStore cs;
- // FIXME : adapt!
- SocketCreator _socket_creator(cs);
- Queue queue (data, null_task_archive, &_socket_creator, cs, pool, true, 10);
- queue.add_task (new TaskGroups (data, servername));
-
- // start the event loop...
- main_loop = g_main_loop_new (NULL, false);
- g_timeout_add (2*1000, check_for_tasks_done, &queue);
- g_main_loop_run (main_loop);
+// TaskArchive null_task_archive;
+// WorkerPool pool;
+// CertStore cs;
+// // FIXME : adapt!
+// SocketCreator _socket_creator(cs);
+// Queue queue (data, null_task_archive, &_socket_creator, cs, pool, true, 10);
+// queue.add_task (new TaskGroups (data, servername));
+//
+// // start the event loop...
+// main_loop = g_main_loop_new (NULL, false);
+// g_timeout_add (2*1000, check_for_tasks_done, &queue);
+// g_main_loop_run (main_loop);
return 0;
}
diff --git a/pan/tasks/cert-store.cc b/pan/data-impl/cert-store.cc
similarity index 91%
rename from pan/tasks/cert-store.cc
rename to pan/data-impl/cert-store.cc
index 8baf2d2..b13cf75 100644
--- a/pan/tasks/cert-store.cc
+++ b/pan/data-impl/cert-store.cc
@@ -150,7 +150,10 @@ CertStore :: remove (const Quark& server)
_cert_to_server.erase(server);
_certs.erase(server);
remove_hard(server);
+ SSL_CTX_set_cert_store(_ctx, X509_STORE_new());
+ init_me();
}
+ verify_failed(0,server.c_str(),0);
}
CertStore :: CertStore ()
@@ -171,19 +174,22 @@ CertStore :: add(X509* cert, const Quark& server)
{
if (_certs.count(server) > 0 || !cert || server.empty()) return false;
- X509_STORE_add_cert(get_store(),cert);
- _certs.insert(server);
- _cert_to_server[server] = cert;
+ if (X509_STORE_add_cert(get_store(),cert) != 0)
+ {
+ _certs.insert(server);
+ _cert_to_server[server] = cert;
- char buf[2048];
- g_snprintf(buf,sizeof(buf),"%s%c%s.pem",_path.c_str(),G_DIR_SEPARATOR,server.c_str());
- FILE * fp = fopen(buf, "wb");
- PEM_write_X509(fp, cert);
- fclose(fp);
- chmod (buf, 0600);
-
- valid_cert_added(cert, server.c_str());
- return true;
+ char buf[2048];
+ g_snprintf(buf,sizeof(buf),"%s%c%s.pem",_path.c_str(),G_DIR_SEPARATOR,server.c_str());
+ FILE * fp = fopen(buf, "wb");
+ PEM_write_X509(fp, cert);
+ fclose(fp);
+ chmod (buf, 0600);
+
+ valid_cert_added(cert, server.c_str());
+ return true;
+ }
+ return false;
}
const X509*
diff --git a/pan/tasks/cert-store.h b/pan/data-impl/cert-store.h
similarity index 94%
rename from pan/tasks/cert-store.h
rename to pan/data-impl/cert-store.h
index 5d2149b..311c16a 100644
--- a/pan/tasks/cert-store.h
+++ b/pan/data-impl/cert-store.h
@@ -28,15 +28,13 @@
#include <openssl/rand.h>
#include <openssl/x509.h>
#endif
-
#include <pan/tasks/socket.h>
#include <pan/general/quark.h>
#include <pan/general/macros.h>
#include <pan/general/worker-pool.h>
#include <pan/general/string-view.h>
-
#include <map>
-
+#include <iostream>
namespace pan
@@ -94,6 +92,13 @@ namespace pan
_blacklist.erase(s);
}
+ void dump_blacklist()
+ {
+ std::cerr<<"#################\n";
+ std::cerr<<_blacklist.size()<<std::endl;
+ std::cerr<<"#################\n\n";
+ }
+
private:
void remove_hard(const Quark&);
@@ -113,8 +118,8 @@ namespace pan
typedef std::set<Listener*> listeners_t;
listeners_t _listeners;
- void add_listener (Listener * l) { _listeners.insert(l); }
- void remove_listener (Listener * l) { _listeners.erase(l); }
+ void add_listener (Listener * l) { _listeners.insert(l); }
+ void remove_listener (Listener * l) { _listeners.erase(l); }
/* notify functions for listener list */
void verify_failed (X509* c, std::string server, int nr)
@@ -144,7 +149,9 @@ namespace pan
CertStore* cs;
std::string server;
CertStore::Listener* l;
+
#else
+
public:
CertStore () {};
virtual ~CertStore () {};
@@ -156,6 +163,7 @@ namespace pan
{
virtual ~Listener() {}
};
+
#endif // HAVE_OPENSSL
};
diff --git a/pan/data-impl/data-impl.h b/pan/data-impl/data-impl.h
index 09549a2..012e890 100644
--- a/pan/data-impl/data-impl.h
+++ b/pan/data-impl/data-impl.h
@@ -45,7 +45,7 @@
#include <pan/data-impl/memchunk.h>
#ifdef HAVE_OPENSSL
- #include <pan/tasks/cert-store.h>
+ #include <pan/data-impl/cert-store.h>
#include <openssl/crypto.h>
#include <openssl/x509.h>
#include <openssl/x509v3.h>
@@ -87,9 +87,13 @@ namespace pan
virtual EncodeCache& get_encode_cache () { return _encode_cache; }
virtual const EncodeCache& get_encode_cache () const { return _encode_cache; }
+
+ virtual CertStore& get_certstore () { return _certstore; }
+ virtual const CertStore& get_certstore () const { return _certstore; }
private:
EncodeCache _encode_cache;
ArticleCache _cache;
+ CertStore _certstore;
private:
diff --git a/pan/data/data.h b/pan/data/data.h
index 52ccd9a..eb75cbd 100644
--- a/pan/data/data.h
+++ b/pan/data/data.h
@@ -33,6 +33,7 @@
#include <pan/data/article-cache.h>
#include <pan/data/encode-cache.h>
#include <pan/data/server-info.h>
+#include <pan/data-impl/cert-store.h>
namespace pan
{
@@ -173,9 +174,14 @@ namespace pan
public:
virtual ArticleCache& get_cache () = 0;
-
virtual const ArticleCache& get_cache () const = 0;
+ virtual EncodeCache& get_encode_cache () = 0;
+ virtual const EncodeCache& get_encode_cache () const = 0;
+
+ virtual CertStore& get_certstore () = 0;
+ virtual const CertStore& get_certstore () const = 0;
+
public:
virtual quarks_t get_servers () const = 0;
diff --git a/pan/gui/gui.cc b/pan/gui/gui.cc
index 7e02629..23c8071 100644
--- a/pan/gui/gui.cc
+++ b/pan/gui/gui.cc
@@ -184,11 +184,11 @@ namespace
// };
//}
-GUI :: GUI (Data& data, Queue& queue, ArticleCache& cache, EncodeCache& encode_cache, CertStore& cs, Prefs& prefs, GroupPrefs& group_prefs):
+GUI :: GUI (Data& data, Queue& queue, Prefs& prefs, GroupPrefs& group_prefs):
_data (data),
_queue (queue),
- _cache (cache),
- _encode_cache (encode_cache),
+ _cache (data.get_cache()),
+ _encode_cache (data.get_encode_cache()),
_prefs (prefs),
_group_prefs (group_prefs),
_root (gtk_vbox_new (FALSE, 0)),
@@ -204,7 +204,7 @@ GUI :: GUI (Data& data, Queue& queue, ArticleCache& cache, EncodeCache& encode_c
_queue_size_label (0),
_queue_size_button (0),
_taskbar (0),
- _certstore(cs)
+ _certstore(data.get_certstore())
{
char * filename = g_build_filename (file::get_pan_home().c_str(), "pan.ui", NULL);
@@ -2096,8 +2096,7 @@ GUI :: on_prefs_string_changed (const StringView& key, const StringView& value)
void
GUI :: on_verify_cert_failed(X509* cert, std::string server, int nr)
{
-// std::cerr<<"gui cert failed : "<<cert<<"\n";
-
+ if (!cert) return;
if (GUI::confirm_accept_new_cert_dialog(get_window(_root),cert,server))
if (!_certstore.add(cert, server))
Log::add_err_va("Error adding certificate of server '%s' to Certificate Store",server.c_str());
@@ -2106,7 +2105,13 @@ GUI :: on_verify_cert_failed(X509* cert, std::string server, int nr)
void
GUI :: on_valid_cert_added (X509* cert, std::string server)
-{}
+{
+ std::cerr<<"whitelist "<<server<<std::endl;
+
+ /* whitelist to make avaible for nntp-pool */
+ _certstore.whitelist(server);
+
+}
#endif
diff --git a/pan/gui/gui.h b/pan/gui/gui.h
index b2a39af..7617890 100644
--- a/pan/gui/gui.h
+++ b/pan/gui/gui.h
@@ -25,7 +25,7 @@
#include <pan/data/article-cache.h>
#include <pan/data/encode-cache.h>
#include <pan/tasks/queue.h>
-#include <pan/tasks/cert-store.h>
+#include <pan/data-impl/cert-store.h>
#include <pan/gui/action-manager.h>
#include <pan/gui/pan-ui.h>
#include <pan/gui/prefs.h>
@@ -57,7 +57,7 @@ namespace pan
{
public:
- GUI (Data& data, Queue&, ArticleCache&, EncodeCache&, CertStore&, Prefs&, GroupPrefs&);
+ GUI (Data& data, Queue&, Prefs&, GroupPrefs&);
virtual ~GUI ();
GtkWidget* root () { return _root; }
typedef std::vector<std::string> strings_t;
diff --git a/pan/gui/pan.cc b/pan/gui/pan.cc
index 1030eba..679e387 100644
--- a/pan/gui/pan.cc
+++ b/pan/gui/pan.cc
@@ -42,7 +42,7 @@ extern "C" {
#include <pan/tasks/socket-impl-openssl.h>
#endif
-#include <pan/tasks/cert-store.h>
+#include <pan/data-impl/cert-store.h>
#include <pan/tasks/socket-impl-gio.h>
#include <pan/tasks/socket-impl-main.h>
#include <pan/tasks/task-groups.h>
@@ -139,10 +139,7 @@ namespace
return true;
}
- void run_pan_in_window (ArticleCache & cache,
- EncodeCache & encode_cache,
- CertStore & certstore,
- Data & data,
+ void run_pan_in_window (Data & data,
Queue & queue,
Prefs & prefs,
GroupPrefs & group_prefs,
@@ -151,7 +148,7 @@ namespace
{
const gulong delete_cb_id = g_signal_connect (window, "delete-event", G_CALLBACK(delete_event_cb), 0);
- GUI gui (data, queue, cache, encode_cache, certstore, prefs, group_prefs);
+ GUI gui (data, queue, prefs, group_prefs);
gtk_container_add (GTK_CONTAINER(window), gui.root());
gtk_widget_show (GTK_WIDGET(window));
@@ -338,9 +335,7 @@ main (int argc, char *argv[])
DataImpl data (false, cache_megs);
ArticleCache& cache (data.get_cache ());
EncodeCache& encode_cache (data.get_encode_cache());
-
- /* init certificate store for SSL */
- CertStore certstore;
+ CertStore& certstore (data.get_certstore());
if (nzb && data.get_servers().empty()) {
std::cerr << _("Please configure Pan's news servers before using it as an nzb client.") << std::endl;
@@ -351,6 +346,7 @@ main (int argc, char *argv[])
// instantiate the queue...
WorkerPool worker_pool (4, true);
+ // init the socket creator
SocketCreator socket_creator(certstore);
Queue queue (data, data, &socket_creator, certstore, worker_pool,
@@ -415,7 +411,7 @@ main (int argc, char *argv[])
gtk_window_set_resizable (GTK_WINDOW(window), true);
gtk_window_set_default_icon (pixbuf);
g_object_unref (pixbuf);
- run_pan_in_window (cache, encode_cache, certstore, data, queue, prefs, group_prefs, GTK_WINDOW(window));
+ run_pan_in_window (data, queue, prefs, group_prefs, GTK_WINDOW(window));
}
worker_pool.cancel_all_silently ();
diff --git a/pan/gui/server-ui.cc b/pan/gui/server-ui.cc
index 8d7cb02..0310551 100644
--- a/pan/gui/server-ui.cc
+++ b/pan/gui/server-ui.cc
@@ -40,7 +40,7 @@ extern "C" {
#ifdef HAVE_OPENSSL
- #include <pan/tasks/cert-store.h>
+ #include <pan/data-impl/cert-store.h>
#include <openssl/crypto.h>
#include <openssl/x509.h>
#include <openssl/x509v3.h>
@@ -378,7 +378,7 @@ pan :: server_edit_dialog_new (Data& data, Queue& queue, GtkWindow * window, con
struct { int o; const char * str; } ssl_items[] = {
{ 0, N_("Use Plaintext (Unsecured) Connections") },
- { 1, N_("Use Secure TLS (SSL) Connections") }
+ { 1, N_("Use Secure SSL Connections") }
};
store = gtk_list_store_new (2, G_TYPE_STRING, G_TYPE_INT);
@@ -647,6 +647,7 @@ namespace
GtkWidget * list_dialog = GTK_WIDGET (user_data);
ServerListDialog * d = (ServerListDialog*) g_object_get_data (G_OBJECT(list_dialog), "dialog");
Quark selected_server (get_selected_server (d));
+ CertStore& store (d->data.get_certstore());
int port;
std::string addr;
@@ -655,7 +656,7 @@ namespace
char buf[4096] ;
if (!selected_server.empty()) {
- X509* cert = (X509*)d->queue.store().get_cert_to_server(addr);
+ X509* cert = (X509*)store.get_cert_to_server(addr);
if (cert)
{
pretty_print_x509(buf,sizeof(buf),addr, cert,false);
@@ -680,6 +681,7 @@ namespace
GtkTreeSelection * selection (gtk_tree_view_get_selection(GTK_TREE_VIEW (d->server_tree_view)));
const quarks_t servers (d->data.get_servers ());
const Quark selected_server (get_selected_server (d));
+ CertStore& store (d->data.get_certstore());
bool found_selected (false);
GtkTreeIter selected_iter;
@@ -695,7 +697,7 @@ namespace
GtkTreeIter iter;
gtk_list_store_append (d->servers_store, &iter);
gtk_list_store_set (d->servers_store, &iter,
- COL_FLAG, d->queue.store().exist(addr),
+ COL_FLAG, store.exist(addr),
COL_HOST, addr.c_str(),
COL_DATA, server.c_str(),
-1);
@@ -728,6 +730,7 @@ namespace
ServerListDialog * d = (ServerListDialog*) g_object_get_data (G_OBJECT(list_dialog), "dialog");
std::string ret = import_sec_from_disk_dialog_new (d->data, d->queue, GTK_WINDOW(list_dialog));
const Quark selected_server (get_selected_server (d));
+ CertStore& store (d->data.get_certstore());
if (!ret.empty() )
{
@@ -737,7 +740,7 @@ namespace
PEM_read_X509(fp,&x, 0, 0);
fclose(fp);
d->data.get_server_addr(selected_server, addr, port);
- d->queue.store().add(x,addr);
+ store.add(x,addr);
sec_tree_view_refresh (d);
}
}
@@ -749,6 +752,8 @@ namespace
{
ServerListDialog * d (static_cast<ServerListDialog*>(data));
Quark selected_server (get_selected_server (d));
+ CertStore& store (d->data.get_certstore());
+
if (!selected_server.empty())
{
int port;
@@ -770,7 +775,7 @@ namespace
gtk_widget_destroy (w);
d->data.get_server_addr (selected_server, addr, port);
- d->queue.store().remove(addr);
+ store.remove(addr);
if (response == GTK_RESPONSE_YES)
sec_tree_view_refresh (d);
diff --git a/pan/gui/task-pane.h b/pan/gui/task-pane.h
index caaaaec..109188d 100644
--- a/pan/gui/task-pane.h
+++ b/pan/gui/task-pane.h
@@ -93,6 +93,7 @@ namespace pan
task_list get_selected_tasks () const;
static void get_selected_tasks_foreach (GtkTreeModel*, GtkTreePath*, GtkTreeIter*, gpointer);
static void online_toggled_cb (GtkToggleButton*, Queue*);
+
public: /// FIXME, privatize this again...
static void up_clicked_cb (GtkButton*, TaskPane*);
static void down_clicked_cb (GtkButton*, TaskPane*);
@@ -102,16 +103,6 @@ namespace pan
static void delete_clicked_cb (GtkButton*, TaskPane*);
static void restart_clicked_cb (GtkButton*, TaskPane*);
static void change_dest_clicked_cb (GtkButton*, TaskPane*);
-
- private:
-// static void do_move_up (GtkAction*, gpointer p);
-// static void do_move_down (GtkAction*, gpointer p);
-// static void do_move_top (GtkAction*, gpointer p);
-// static void do_move_bottom (GtkAction*, gpointer p);
-// static void do_stop (GtkAction*, gpointer p);
-// static void do_delete (GtkAction*, gpointer p);
-// static void do_restart (GtkAction*, gpointer p);
-// static void do_change_dest (GtkAction*, gpointer p);
};
}
diff --git a/pan/tasks/Makefile.am b/pan/tasks/Makefile.am
index 3e39bb4..968692d 100644
--- a/pan/tasks/Makefile.am
+++ b/pan/tasks/Makefile.am
@@ -18,7 +18,6 @@ libtasks_a_SOURCES = \
queue.cc \
upload-queue.cc \
socket.cc \
- cert-store.cc \
socket-impl-main.cc \
socket-impl-openssl.cc \
socket-impl-gio.cc \
@@ -44,7 +43,6 @@ noinst_HEADERS = \
queue.h \
upload-queue.h \
socket.h \
- cert-store.h \
socket-impl-main.h \
socket-impl-openssl.cc \
socket-impl-gio.h \
diff --git a/pan/tasks/nntp-pool.cc b/pan/tasks/nntp-pool.cc
index 3680d23..9cdfc22 100644
--- a/pan/tasks/nntp-pool.cc
+++ b/pan/tasks/nntp-pool.cc
@@ -40,17 +40,16 @@ namespace
NNTP_Pool :: NNTP_Pool (const Quark & server,
ServerInfo & server_info,
SocketCreator * creator,
- CertStore & certstore):
+ CertStore & store):
_server_info (server_info),
_server (server),
_socket_creator (creator),
- _certstore(certstore),
_pending_connections (0),
_active_count (0),
- _time_to_allow_new_connections (0)
+ _time_to_allow_new_connections (0),
+ _certstore(store)
{
- certstore.add_listener(this);
}
NNTP_Pool :: ~NNTP_Pool ()
@@ -59,7 +58,6 @@ NNTP_Pool :: ~NNTP_Pool ()
delete it->nntp->_socket;
delete it->nntp;
}
- _certstore.remove_listener(this);
}
/***
@@ -96,6 +94,14 @@ NNTP_Pool :: abort_tasks ()
it->nntp->_socket->set_abort_flag (true);
}
+void
+NNTP_Pool :: kill_tasks ()
+{
+ foreach (pool_items_t, _pool_items, it)
+ it->nntp->_socket->set_abort_flag (true);
+}
+
+
NNTP*
NNTP_Pool :: check_out ()
{
@@ -274,9 +280,9 @@ NNTP_Pool :: request_nntp (WorkerPool& threadpool)
{
std::string address;
int port;
+
if (_server_info.get_server_addr (_server, address, port))
if (!_certstore.in_blacklist(address))
-// if (_blacklist.count(address) == 0)
{
++_pending_connections;
const bool ssl(_server_info.get_server_ssl_support(_server));
@@ -342,21 +348,17 @@ NNTP_Pool :: idle_upkeep ()
}
}
-
#ifdef HAVE_OPENSSL
void
-NNTP_Pool :: on_verify_cert_failed (X509* cert, std::string server, int nr)
+NNTP_Pool:: on_verify_cert_failed(X509* cert, std::string server, int nr)
{
-// _blacklist.erase(server);
- _certstore.blacklist(server);
-// std::cerr<<"adding "<<server<<" to blacklist ("<<cert<<", "<<nr<<")"<<std::endl;
+// abort_tasks();
}
void
NNTP_Pool :: on_valid_cert_added (X509* cert, std::string server)
{
-// _blacklist.insert(server);
- _certstore.whitelist(server);
-// std::cerr<<"removing "<<server<<" from blacklist ("<<cert<<")"<<std::endl;
+
}
#endif
+
diff --git a/pan/tasks/nntp-pool.h b/pan/tasks/nntp-pool.h
index 55d9a9e..0a256b1 100644
--- a/pan/tasks/nntp-pool.h
+++ b/pan/tasks/nntp-pool.h
@@ -29,7 +29,7 @@
#include <pan/tasks/socket-impl-main.h>
#ifdef HAVE_OPENSSL
- #include <pan/tasks/cert-store.h>
+ #include <pan/data-impl/cert-store.h>
#endif
namespace pan
@@ -52,12 +52,13 @@ namespace pan
NNTP_Pool (const Quark & server,
ServerInfo & server_info,
SocketCreator *,
- CertStore & certstore);
+ CertStore &);
virtual ~NNTP_Pool ();
virtual void check_in (NNTP*, Health);
NNTP* check_out ();
void abort_tasks ();
+ void kill_tasks ();
void idle_upkeep ();
void get_counts (int& setme_active,
@@ -81,14 +82,16 @@ namespace pan
private: // NNTP::Listener
virtual void on_nntp_done (NNTP*, Health, const StringView&);
-#ifdef HAVE_OPENSSL
- private: // CertStore::Listener
- virtual void on_verify_cert_failed (X509*, std::string, int);
- virtual void on_valid_cert_added (X509* cert, std::string server);
-#endif
+
private: // Socket::Creator::Listener
virtual void on_socket_created (const StringView& host, int port, bool ok, Socket*);
-
+ virtual void on_socket_shutdown (const StringView& host, int port, Socket*) {}
+#ifdef HAVE_OPENSSL
+ private:
+ // CertStore::Listener
+ virtual void on_verify_cert_failed (X509*, std::string, int) ;
+ virtual void on_valid_cert_added (X509*, std::string );
+#endif
private:
void fire_pool_has_nntp_available () {
@@ -104,7 +107,7 @@ namespace pan
const Quark _server;
SocketCreator * _socket_creator;
int _pending_connections;
- std::set<std::string> _blacklist;
+ CertStore& _certstore;
struct PoolItem {
NNTP * nntp;
@@ -114,7 +117,6 @@ namespace pan
typedef std::vector<PoolItem> pool_items_t;
pool_items_t _pool_items;
int _active_count;
- CertStore& _certstore;
private:
diff --git a/pan/tasks/queue.cc b/pan/tasks/queue.cc
index dcbc82f..24d7d29 100644
--- a/pan/tasks/queue.cc
+++ b/pan/tasks/queue.cc
@@ -29,12 +29,14 @@
****
***/
+// TODO Mulithreading downloads!
+
using namespace pan;
Queue :: Queue (ServerInfo & server_info,
TaskArchive & archive,
SocketCreator * socket_creator,
- CertStore & store,
+ CertStore & certstore,
WorkerPool & pool,
bool online,
int save_delay_secs):
@@ -50,8 +52,9 @@ Queue :: Queue (ServerInfo & server_info,
_needs_saving (false),
_last_time_saved (0),
_archive (archive),
+ _certstore(certstore),
_uploads_total(0),
- _certstore (store)
+ _downloads_total(0)
{
tasks_t tasks;
@@ -262,6 +265,19 @@ Queue :: give_task_an_upload_slot (TaskUpload* task)
}
void
+Queue :: give_task_a_download_slot (TaskArticle* task)
+{
+ int max (8);//DBG!!(_server_info.get_server_limits(task->_server));
+ if (_downloads.size() < max)
+ {
+ _downloads.insert(task);
+ task->wakeup();
+ fire_task_active_changed (task, true);
+ process_task(task);
+ }
+}
+
+void
Queue :: process_task (Task * task)
{
pan_return_if_fail (task != 0);
@@ -299,6 +315,11 @@ Queue :: process_task (Task * task)
TaskUpload* t = dynamic_cast<TaskUpload*>(task);
if (t)
give_task_an_upload_slot(t);
+
+ TaskArticle* t2 = dynamic_cast<TaskArticle*>(task);
+ if (t2)
+ give_task_a_download_slot(t2);
+
}
else if (state._work == Task::NEED_DECODER)
{
@@ -316,7 +337,12 @@ Queue :: process_task (Task * task)
// make the requests...
const Task::State::unique_servers_t& servers (state._servers);
foreach_const (Task::State::unique_servers_t, servers, it)
+ {
+ std::string addr; int port;
+ _server_info.get_server_addr(*it, addr, port);
+ if (_certstore.in_blacklist(addr)) continue;
get_pool(*it).request_nntp (_worker_pool);
+ }
Quark server;
if (!find_best_server (servers, server))
diff --git a/pan/tasks/queue.h b/pan/tasks/queue.h
index f390044..0aba713 100644
--- a/pan/tasks/queue.h
+++ b/pan/tasks/queue.h
@@ -37,7 +37,7 @@
#include <pan/tasks/socket-impl-main.h>
#ifdef HAVE_OPENSSL
- #include <pan/tasks/cert-store.h>
+ #include <pan/data-impl/cert-store.h>
#endif
namespace pan
@@ -196,6 +196,7 @@ namespace pan
Task* find_first_task_needing_encoder ();
void give_task_an_upload_slot (TaskUpload* task);
+ void give_task_a_download_slot (TaskArticle* task);
bool find_best_server (const Task::State::unique_servers_t& servers, Quark& setme);
bool task_is_active (const Task*) const;
@@ -204,6 +205,7 @@ namespace pan
nntp_to_task_t _nntp_to_task;
std::set<TaskUpload*> _uploads;
+ std::set<TaskArticle*> _downloads;
std::set<Task*> _removing;
std::set<Task*> _stopped;
SocketCreator * _socket_creator;
@@ -245,14 +247,9 @@ namespace pan
private:
TaskArchive& _archive;
void clean_n_save ();
- int _uploads_total;
+ int _uploads_total, _downloads_total;
CertStore& _certstore;
- /* FIXME: move all this certstore crap to data */
- public:
- const CertStore& store() const { return _certstore; }
- CertStore& store() { return _certstore; }
-
private:
typedef AdaptableSet<Task*, TaskWeakOrdering> TaskSet;
TaskSet _tasks;
diff --git a/pan/tasks/socket-impl-main.cc b/pan/tasks/socket-impl-main.cc
index 96d83cb..b41ea99 100644
--- a/pan/tasks/socket-impl-main.cc
+++ b/pan/tasks/socket-impl-main.cc
@@ -34,6 +34,8 @@
#include <cerrno>
#include <cstring>
+#include <pan/usenet-utils/ssl-utils.h>
+#include <pan/general/debug.h>
#include <pan/general/log.h>
#include <pan/general/locking.h>
#include <pan/general/macros.h>
@@ -61,10 +63,11 @@ namespace pan
std::string err;
bool use_ssl;
#ifdef HAVE_OPENSSL
+ std::multimap<std::string, Socket*>& socket_map;
SSL_CTX * context;
CertStore& store;
- ThreadWorker (const StringView& h, int p, Socket::Creator::Listener *l, bool ssl, SSL_CTX* ctx, CertStore& cs):
- host(h), port(p), listener(l), ok(false), socket(0), use_ssl(ssl), context(ctx), store(cs) {}
+ ThreadWorker (const StringView& h, int p, Socket::Creator::Listener *l, bool ssl, SSL_CTX* ctx, CertStore& cs, std::multimap<std::string, Socket*>& m):
+ host(h), port(p), listener(l), ok(false), socket(0), use_ssl(ssl), context(ctx), store(cs), socket_map(m) {}
#else
ThreadWorker (const StringView& h, int p, Socket::Creator::Listener *l):
host(h), port(p), listener(l), ok(false), socket(0), use_ssl(false) {}
@@ -74,7 +77,10 @@ namespace pan
{
#ifdef HAVE_OPENSSL
if (use_ssl)
+ {
socket = new GIOChannelSocketSSL (context, store);
+ socket_map.insert(std::pair<std::string, Socket*>(host, socket));
+ }
else
#endif
socket = new GIOChannelSocket ();
@@ -132,6 +138,8 @@ SocketCreator :: SocketCreator(CertStore& cs) : store(cs)
cs.set_ctx(ssl_ctx);
SSL_CTX_set_mode(ssl_ctx, SSL_MODE_ENABLE_PARTIAL_WRITE | SSL_MODE_AUTO_RETRY);
SSL_CTX_set_session_cache_mode(ssl_ctx, SSL_SESS_CACHE_CLIENT);
+
+ cs.add_listener(this);
#endif
}
@@ -139,6 +147,8 @@ SocketCreator :: SocketCreator(CertStore& cs) : store(cs)
SocketCreator :: ~SocketCreator()
{
#ifdef HAVE_OPENSSL
+ store.remove_listener(this);
+
ssl_thread_cleanup();
if (ssl_ctx) SSL_CTX_free(ssl_ctx);
#endif
@@ -151,9 +161,12 @@ SocketCreator :: create_socket (const StringView & host,
Socket::Creator::Listener * listener,
bool use_ssl)
{
+
+ if (store.in_blacklist(host.str)) return;
+
ensure_module_init ();
#ifdef HAVE_OPENSSL
- ThreadWorker * w = new ThreadWorker (host, port, listener, use_ssl, ssl_ctx, store);
+ ThreadWorker * w = new ThreadWorker (host, port, listener, use_ssl, ssl_ctx, store, socket_map);
#else
ThreadWorker * w = new ThreadWorker (host, port, listener);
#endif
@@ -164,6 +177,7 @@ SocketCreator :: create_socket (const StringView & host,
void
SocketCreator :: on_verify_cert_failed(X509* cert, std::string server, int nr)
{
+// delete_all_socks(socket_map, server);
}
void
diff --git a/pan/tasks/socket-impl-main.h b/pan/tasks/socket-impl-main.h
index cb5a36d..16cd43c 100644
--- a/pan/tasks/socket-impl-main.h
+++ b/pan/tasks/socket-impl-main.h
@@ -42,7 +42,7 @@
#include "socket-impl-openssl.h"
#endif
-#include "cert-store.h"
+#include <pan/data-impl/cert-store.h>
#include "socket-impl-gio.h"
namespace
@@ -117,7 +117,8 @@ namespace pan
{
class SocketCreator:
- private CertStore::Listener
+ private CertStore::Listener,
+ private Socket::Creator::Listener
{
public:
SocketCreator (CertStore&);
@@ -125,8 +126,19 @@ namespace pan
private:
+ //socket::creator::Listener
+ virtual void on_socket_created (const StringView& host, int port, bool ok, Socket*) {}
+ virtual void on_socket_shutdown (const StringView& host, int port, Socket*)
+ {
+#ifdef HAVE_OPENSSL
+
+#endif
+ }
+
#ifdef HAVE_OPENSSL
SSL_CTX* ssl_ctx;
+ std::multimap<std::string, Socket*> socket_map;
+
// CertStore::Listener
virtual void on_verify_cert_failed(X509*, std::string, int);
virtual void on_valid_cert_added (X509*, std::string );
diff --git a/pan/tasks/socket-impl-openssl.cc b/pan/tasks/socket-impl-openssl.cc
index e2ed647..9dccaaf 100644
--- a/pan/tasks/socket-impl-openssl.cc
+++ b/pan/tasks/socket-impl-openssl.cc
@@ -95,7 +95,7 @@ extern "C" {
#include <pan/usenet-utils/gnksa.h>
#include "socket-impl-openssl.h"
#include "socket-impl-main.h"
-#include "cert-store.h"
+#include <pan/data-impl/cert-store.h>
using namespace pan;
@@ -124,7 +124,6 @@ GIOChannelSocketSSL :: GIOChannelSocketSSL (SSL_CTX* ctx, CertStore& cs):
_certstore(cs),
_rehandshake(false)
{
-// std::cerr<<"GIOChannelSocketSSL ctor " << (void*)this<<std::endl;
cs.add_listener(this);
_session = cs.get_session();
}
@@ -300,9 +299,7 @@ GIOChannelSocketSSL :: ~GIOChannelSocketSSL ()
_certstore.remove_listener(this);
-// std::cerr << LINE_ID << " destroying socket " << this <<std::endl;
-
-// std::cerr<<_session<<std::endl;
+ std::cerr << LINE_ID << " destroying socket " << this <<std::endl;
remove_source (_tag_watch);
remove_source (_tag_timeout);
@@ -411,7 +408,6 @@ namespace
ret = SSL_connect(chan->ssl);
if (ret <= 0) {
-// std::cerr<<"ret handshake "<<ret<<std::endl;
err = SSL_get_error(chan->ssl, ret);
switch (err) {
case SSL_ERROR_WANT_READ:
@@ -807,9 +803,6 @@ GIOChannelSocketSSL :: ssl_get_iochannel(GIOChannel *handle, gboolean verify)
{
g_io_channel_set_flags (handle, G_IO_FLAG_NONBLOCK, 0);
return gchan;
- } else
- { ;
-// std::cerr<<"handshake ret "<<ret<<std::endl;
}
return 0;
}
@@ -817,7 +810,7 @@ GIOChannelSocketSSL :: ssl_get_iochannel(GIOChannel *handle, gboolean verify)
void
GIOChannelSocketSSL :: on_verify_cert_failed (X509* cert, std::string server, int nr)
{
-
+ if (!_certstore.in_blacklist(server)) _certstore.blacklist(server);
}
void
diff --git a/pan/tasks/socket-impl-openssl.h b/pan/tasks/socket-impl-openssl.h
index ac71638..85a3b8e 100644
--- a/pan/tasks/socket-impl-openssl.h
+++ b/pan/tasks/socket-impl-openssl.h
@@ -28,7 +28,7 @@
#include <pan/tasks/socket-impl-gio.h>
#ifdef HAVE_OPENSSL
- #include <pan/tasks/cert-store.h>
+ #include <pan/data-impl/cert-store.h>
#include <openssl/crypto.h>
#include <openssl/x509.h>
#include <openssl/x509v3.h>
diff --git a/pan/tasks/socket.h b/pan/tasks/socket.h
index bc6fd2e..6ddc9cd 100644
--- a/pan/tasks/socket.h
+++ b/pan/tasks/socket.h
@@ -93,6 +93,7 @@ namespace pan
struct Listener {
virtual ~Listener () {}
virtual void on_socket_created (const StringView& host, int port, bool ok, Socket*) = 0;
+ virtual void on_socket_shutdown (const StringView& host, int port, Socket*) = 0;
};
virtual ~Creator () { }
diff --git a/pan/tasks/task-groups.cc b/pan/tasks/task-groups.cc
index 9f42cba..ff7676e 100644
--- a/pan/tasks/task-groups.cc
+++ b/pan/tasks/task-groups.cc
@@ -53,8 +53,7 @@ TaskGroups :: TaskGroups (Data& data, const Quark& servername):
}
TaskGroups :: ~TaskGroups ()
-{
-}
+{}
/***
****
diff --git a/pan/tasks/task-groups.h b/pan/tasks/task-groups.h
index 24cb74d..860aa5e 100644
--- a/pan/tasks/task-groups.h
+++ b/pan/tasks/task-groups.h
@@ -23,6 +23,7 @@
#include <pan/general/quark.h>
#include <pan/data/data.h>
#include <pan/tasks/task.h>
+#include <pan/data-impl/cert-store.h>
#include <pan/tasks/nntp.h>
namespace pan
@@ -31,7 +32,9 @@ namespace pan
* Task for downloading the grouplist of a new server.
* @ingroup tasks
*/
- class TaskGroups: public Task, private NNTP::Listener
+ class TaskGroups:
+ public Task,
+ private NNTP::Listener
{
public: // life cycle
TaskGroups (Data& data, const Quark& server);
diff --git a/pan/tasks/task.h b/pan/tasks/task.h
index a445d68..b1a9455 100644
--- a/pan/tasks/task.h
+++ b/pan/tasks/task.h
@@ -143,6 +143,9 @@ namespace pan
/// stop a running task
virtual void stop () { }
+ /// wakeup a sleeping task
+ virtual void wakeup() {}
+
protected:
State _state;
diff --git a/pan/tasks/upload-queue.h b/pan/tasks/upload-queue.h
index fe936a6..d365a1e 100644
--- a/pan/tasks/upload-queue.h
+++ b/pan/tasks/upload-queue.h
@@ -84,10 +84,6 @@ namespace pan
virtual void on_queue_tasks_added (UploadQueue&, int index, int count) = 0;
virtual void on_queue_task_removed (UploadQueue&, Task&, int index) = 0;
virtual void on_queue_task_moved (UploadQueue&, Task&, int new_index, int old_index) = 0;
- virtual void on_queue_connection_count_changed (UploadQueue&, int count) {}
- virtual void on_queue_size_changed (UploadQueue&, int active, int total) {}
- virtual void on_queue_online_changed (UploadQueue&, bool online) {}
- virtual void on_queue_error (UploadQueue&, const StringView& message) {}
};
void add_listener (Listener *l) { _listeners.insert(l); }
diff --git a/pan/usenet-utils/ssl-utils.h b/pan/usenet-utils/ssl-utils.h
index f174796..0ceeab1 100644
--- a/pan/usenet-utils/ssl-utils.h
+++ b/pan/usenet-utils/ssl-utils.h
@@ -27,7 +27,11 @@
#ifdef HAVE_OPENSSL
+#include <pan/tasks/socket.h>
#include <pan/general/quark.h>
+#include <pan/general/macros.h>
+#include <pan/general/string-view.h>
+#include <pan/tasks/socket.h>
#include <pan/general/e-util.h>
#include <openssl/crypto.h>
#include <openssl/x509.h>
@@ -38,6 +42,9 @@
#include <map>
#include <iostream>
#include <sstream>
+extern "C" {
+ #include <glib/gi18n.h>
+}
namespace pan
{
@@ -434,9 +441,6 @@ namespace pan
void parse(std::vector<quarks_p>& i, std::vector<quarks_p>& s)
{
-
- std::cerr<<iss<<"\n\n";
-
while(idx<num_tags)
{
std::string::size_type index = iss.find(tags_idx[idx]);
@@ -460,8 +464,6 @@ namespace pan
}
idx = 0;
- std::cerr<<sub<<"\n\n";
-
while(idx<num_tags)
{
std::string::size_type index = sub.find(tags_idx[idx]);
@@ -514,9 +516,9 @@ namespace pan
return;
}
- struct CertParser* cp = new CertParser(cert);
+ struct CertParser cp(cert);
std::vector<quarks_p> p_issuer, p_subject;
- cp->parse(p_issuer, p_subject);
+ cp.parse(p_issuer, p_subject);
time_t t = getTimeFromASN1(cert->cert_info->validity->notAfter);
@@ -539,16 +541,44 @@ namespace pan
"<b>Not valid before : </b>%s\n\n"
"<b>Fingerprint (MD5) : </b>\n%s\n\n"),
on_connect ? tmp1 : tmp2,
- cp->build_complete(p_issuer).c_str(),
- cp->build_complete(p_subject).c_str(),
+ cp.build_complete(p_issuer).c_str(),
+ cp.build_complete(p_subject).c_str(),
until,
before,
get_x509_fingerpint_md5(cert).c_str());
- delete cp;
+ }
+
+
+ typedef std::multimap<std::string, Socket*> socks_m;
+ typedef std::pair<std::string, Socket*> socks_p;
+
+ static void delete_all_socks(socks_m& socket_map, std::string server)
+ {
+ for (socks_m::iterator it = socket_map.begin(); it != socket_map.end();)
+ {
+ std::cerr<<it->first<<" "<<it->second<<std::endl;
+ if (it->first == server)
+ {
+ it->second->set_abort_flag(true);
+ socket_map.erase(it++);
+ } else
+ ++it;
+ }
}
+ static void delete_sock(socks_m& socket_map, Socket* sock)
+ {
+ for (socks_m::iterator it = socket_map.begin(); it != socket_map.end();)
+ {
+ if (it->second == sock)
+ {
+ delete it->second;
+ socket_map.erase(it);
+ }
+ }
+ }
}
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
