[pan2: 200/268] pre-choose the most probable port for ssl/plain connections
- From: Heinrich MÃller <henmull src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [pan2: 200/268] pre-choose the most probable port for ssl/plain connections
- Date: Mon, 2 Jan 2012 15:54:49 +0000 (UTC)
commit 288452b984b87a6baac8471c77571f65eb82c538
Author: Heinrich MÃller <sphemuel stud informatik uni-erlangen de>
Date: Tue Nov 22 12:50:16 2011 +0100
pre-choose the most probable port for ssl/plain connections
changed cert routines to employ the server quark instead of the
host address
pan/data-impl/server.cc | 2 +-
pan/data/cert-store.cc | 12 ++++--------
pan/data/data.h | 2 +-
pan/general/macros.h | 3 +++
pan/gui/gui.cc | 20 ++++++--------------
pan/gui/gui.h | 2 +-
pan/gui/pan.cc | 2 +-
pan/gui/server-ui.cc | 15 ++++++++++++++-
pan/tasks/nntp-pool.cc | 17 +++++++----------
pan/tasks/queue.cc | 4 +---
pan/tasks/socket-impl-main.cc | 29 +++++++++++++++--------------
pan/tasks/socket-impl-main.h | 3 ++-
pan/tasks/socket-impl-openssl.cc | 17 ++++++++++-------
pan/tasks/socket-impl-openssl.h | 3 ++-
14 files changed, 68 insertions(+), 63 deletions(-)
---
diff --git a/pan/data-impl/server.cc b/pan/data-impl/server.cc
index 10af926..be95549 100644
--- a/pan/data-impl/server.cc
+++ b/pan/data-impl/server.cc
@@ -377,7 +377,7 @@ DataImpl :: load_server_properties (const DataIO& source)
s.host = kv["host"];
s.username = kv["username"];
s.password = kv["password"];
- s.port = to_int (kv["port"], 119);
+ s.port = to_int (kv["port"], STD_NNTP_PORT);
s.max_connections = to_int (kv["connection-limit"], 2);
s.article_expiration_age = to_int(kv["expire-articles-n-days-old"], 31);
s.rank = to_int(kv["rank"], 1);
diff --git a/pan/data/cert-store.cc b/pan/data/cert-store.cc
index d1fd50b..672b4ac 100644
--- a/pan/data/cert-store.cc
+++ b/pan/data/cert-store.cc
@@ -69,7 +69,6 @@ namespace pan
/* accept user-override on self-signed certificates */
if (err == X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN ||
err == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT ||
- err == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT ||
err == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY)
mydata->cs->verify_failed(cert, mydata->server, mydata->cert_name, err);
else
@@ -139,12 +138,9 @@ namespace pan
_cert_to_server.erase(server);
_certs.erase(server);
remove_hard(server);
-// SSL_CTX_set_cert_store(_ctx, X509_STORE_new());
Quark setme;
- _data.find_server_by_hn(server, setme);
- _data.set_server_cert(setme, "");
- _data.save_server_info(setme);
-// init_me();
+ _data.set_server_cert(server, "");
+ _data.save_server_info(server);
}
}
@@ -175,8 +171,8 @@ namespace pan
std::string addr; int port;
_data.get_server_addr(server, addr, port);
- _certs.insert(addr);
- _cert_to_server[addr] = cert;
+ _certs.insert(server);
+ _cert_to_server[server] = cert;
const char* buf(build_cert_name(addr.c_str()).c_str());
diff --git a/pan/data/data.h b/pan/data/data.h
index fda34ed..aea5eaa 100644
--- a/pan/data/data.h
+++ b/pan/data/data.h
@@ -180,7 +180,7 @@ namespace pan
typedef sorted_vector<Quark,true,AlphabeticalQuarkOrdering> groups_t;
groups_t groups;
- Server(): port(119), article_expiration_age(31), max_connections(2), rank(1), ssl_support(0) {}
+ Server(): port(STD_NNTP_PORT), article_expiration_age(31), max_connections(2), rank(1), ssl_support(0) {}
};
protected:
diff --git a/pan/general/macros.h b/pan/general/macros.h
index 6d4a293..84b7df6 100644
--- a/pan/general/macros.h
+++ b/pan/general/macros.h
@@ -20,6 +20,9 @@
#ifndef __Pan_Macros_h__
#define __Pan_Macros_h__
+#define STD_SSL_PORT 563
+#define STD_NNTP_PORT 119
+
/**
*** foreach
**/
diff --git a/pan/gui/gui.cc b/pan/gui/gui.cc
index fede36f..628ee9a 100644
--- a/pan/gui/gui.cc
+++ b/pan/gui/gui.cc
@@ -1312,7 +1312,9 @@ bool GUI :: confirm_accept_new_cert_dialog(GtkWindow * parent, X509* cert, const
bool ret(false);
char buf[4096];
- pretty_print_x509(buf,sizeof(buf), server, cert,true);
+ std::string host; int port;
+ _data.get_server_addr(server,host,port);
+ pretty_print_x509(buf,sizeof(buf), host, cert,true);
gdk_threads_enter();
GtkWidget * d = gtk_message_dialog_new (
parent,
@@ -2098,25 +2100,15 @@ GUI :: on_prefs_string_changed (const StringView& key, const StringView& value)
void
GUI :: on_verify_cert_failed(X509* cert, std::string server, std::string cert_name, int nr)
{
- std::cerr<<"on verify failed gui ("<<server<<") ("<<cert_name<<")\n";
if (!cert || cert_name.empty() || server.empty()) return;
- Quark setme;
- bool found(_data.find_server_by_hn(server, setme));
-
if (GUI::confirm_accept_new_cert_dialog(get_window(_root),cert,server))
- if (!_certstore.add(cert, setme))
+ if (!_certstore.add(cert, server))
Log::add_urgent_va("Error adding certificate of server '%s' to Certificate Store",server.c_str());
else
{
- std::cerr<<"added cert "<<cert<<" to server "<<server<<std::endl;
-
- if (found)
- {
- std::cerr<<"on verify failed gui ("<<server<<") ("<<cert_name<<")\n";
- _data.set_server_cert(setme, cert_name);
- _data.save_server_info(setme);
- }
+ _data.set_server_cert(server, cert_name);
+ _data.save_server_info(server);
}
}
diff --git a/pan/gui/gui.h b/pan/gui/gui.h
index 3dec2fd..d81ed31 100644
--- a/pan/gui/gui.h
+++ b/pan/gui/gui.h
@@ -129,7 +129,7 @@ namespace pan
virtual void do_delete_article ();
virtual bool deletion_confirmation_dialog();
#ifdef HAVE_OPENSSL
- static bool confirm_accept_new_cert_dialog(GtkWindow*, X509*, const Quark&);
+ bool confirm_accept_new_cert_dialog(GtkWindow*, X509*, const Quark&);
#endif
virtual void do_clear_article_cache ();
virtual void do_mark_article_read ();
diff --git a/pan/gui/pan.cc b/pan/gui/pan.cc
index 3d3f5c8..6d1b1c0 100644
--- a/pan/gui/pan.cc
+++ b/pan/gui/pan.cc
@@ -347,7 +347,7 @@ main (int argc, char *argv[])
WorkerPool worker_pool (4, true);
// init the socket creator
- SocketCreator socket_creator(certstore);
+ SocketCreator socket_creator(data, certstore);
Queue queue (data, data, &socket_creator, certstore, worker_pool,
prefs.get_flag ("work-online", true),
diff --git a/pan/gui/server-ui.cc b/pan/gui/server-ui.cc
index 48e81d9..a4e5d8e 100644
--- a/pan/gui/server-ui.cc
+++ b/pan/gui/server-ui.cc
@@ -55,6 +55,7 @@ using namespace pan;
************* EDIT DIALOG
************/
+
namespace
{
struct ServerEditDialog
@@ -99,6 +100,17 @@ namespace
gtk_adjustment_set_value (a, i);
}
+ void ssl_changed_cb(GtkComboBox* w, ServerEditDialog* d)
+ {
+ int ssl(0);
+#ifdef HAVE_OPENSSL
+ GtkTreeIter iter;
+ if (gtk_combo_box_get_active_iter (w, &iter))
+ gtk_tree_model_get (gtk_combo_box_get_model(w), &iter, 1, &ssl, -1);
+ pan_spin_button_set (d->port_spin, ssl==0 ? STD_NNTP_PORT : STD_SSL_PORT);
+#endif
+ }
+
void
edit_dialog_populate (Data&, const Quark& server, ServerEditDialog * d)
{
@@ -108,7 +120,7 @@ namespace
d->server = server;
- int port(119), max_conn(4), age(31*3), rank(1), ssl(0);
+ int port(STD_NNTP_PORT), max_conn(4), age(31*3), rank(1), ssl(0);
std::string addr, user, pass, cert;
if (!server.empty()) {
d->data.get_server_addr (server, addr, port);
@@ -394,6 +406,7 @@ pan :: server_edit_dialog_new (Data& data, Queue& queue, GtkWindow * window, con
}
d->ssl_combo = w = gtk_combo_box_new_with_model (GTK_TREE_MODEL(store));
+ g_signal_connect(w, "changed", G_CALLBACK(ssl_changed_cb), d);
g_object_unref (G_OBJECT(store));
gtk_cell_layout_pack_start (GTK_CELL_LAYOUT (w), renderer, true);
gtk_cell_layout_set_attributes (GTK_CELL_LAYOUT (w), renderer, "text", 0, NULL);
diff --git a/pan/tasks/nntp-pool.cc b/pan/tasks/nntp-pool.cc
index ff0abde..f928a4a 100644
--- a/pan/tasks/nntp-pool.cc
+++ b/pan/tasks/nntp-pool.cc
@@ -280,14 +280,13 @@ NNTP_Pool :: request_nntp (WorkerPool& threadpool)
{
std::string address;
int port;
-
- if (_server_info.get_server_addr (_server, address, port))
- if (!_certstore.in_blacklist(address))
- {
- ++_pending_connections;
- const bool ssl(_server_info.get_server_ssl_support(_server));
- _socket_creator->create_socket (address, port, threadpool, this, ssl);
- }
+ _server_info.get_server_addr (_server, address, port);
+ if (!_certstore.in_blacklist(_server))
+ {
+ ++_pending_connections;
+ const bool ssl(_server_info.get_server_ssl_support(_server));
+ _socket_creator->create_socket (address, port, threadpool, this, ssl);
+ }
}
}
@@ -352,13 +351,11 @@ NNTP_Pool :: idle_upkeep ()
void
NNTP_Pool:: on_verify_cert_failed(X509* cert, std::string server, std::string cert_name, int nr)
{
-// abort_tasks();
}
void
NNTP_Pool :: on_valid_cert_added (X509* cert, std::string server)
{
-
}
#endif
diff --git a/pan/tasks/queue.cc b/pan/tasks/queue.cc
index 24d7d29..5717439 100644
--- a/pan/tasks/queue.cc
+++ b/pan/tasks/queue.cc
@@ -338,9 +338,7 @@ Queue :: process_task (Task * task)
const Task::State::unique_servers_t& servers (state._servers);
foreach_const (Task::State::unique_servers_t, servers, it)
{
- std::string addr; int port;
- _server_info.get_server_addr(*it, addr, port);
- if (_certstore.in_blacklist(addr)) continue;
+ if (_certstore.in_blacklist(*it)) continue;
get_pool(*it).request_nntp (_worker_pool);
}
diff --git a/pan/tasks/socket-impl-main.cc b/pan/tasks/socket-impl-main.cc
index 2889bc7..a0a7c92 100644
--- a/pan/tasks/socket-impl-main.cc
+++ b/pan/tasks/socket-impl-main.cc
@@ -66,11 +66,13 @@ namespace pan
std::multimap<std::string, Socket*>& socket_map;
SSL_CTX * context;
CertStore& store;
- ThreadWorker (const StringView& h, int p, Socket::Creator::Listener *l, bool ssl, SSL_CTX* ctx, CertStore& cs, std::multimap<std::string, Socket*>& m):
- host(h), port(p), listener(l), ok(false), socket(0), use_ssl(ssl), context(ctx), store(cs), socket_map(m) {}
+ const Quark server;
+ ThreadWorker (const Quark& s, const StringView& h, int p, Socket::Creator::Listener *l,
+ bool ssl, SSL_CTX* ctx, CertStore& cs, std::multimap<std::string, Socket*>& m):
+ server(s), host(h), port(p), listener(l), ok(false), socket(0), use_ssl(ssl), context(ctx), store(cs), socket_map(m) {}
#else
- ThreadWorker (const StringView& h, int p, Socket::Creator::Listener *l):
- host(h), port(p), listener(l), ok(false), socket(0), use_ssl(false) {}
+ ThreadWorker (const Quark& s, const StringView& h, int p, Socket::Creator::Listener *l):
+ server(s), host(h), port(p), listener(l), ok(false), socket(0), use_ssl(false) {}
#endif
void do_work ()
@@ -78,7 +80,7 @@ namespace pan
#ifdef HAVE_OPENSSL
if (use_ssl)
{
- socket = new GIOChannelSocketSSL (context, store);
+ socket = new GIOChannelSocketSSL (server, context, store);
socket_map.insert(std::pair<std::string, Socket*>(host, socket));
}
else
@@ -124,8 +126,9 @@ namespace
}
#endif
-SocketCreator :: SocketCreator(CertStore& cs) : store(cs)
+SocketCreator :: SocketCreator(Data& d, CertStore& cs) : data(d), store(cs)
{
+
#ifdef HAVE_OPENSSL
SSL_library_init();
SSL_load_error_strings();
@@ -161,14 +164,14 @@ SocketCreator :: create_socket (const StringView & host,
Socket::Creator::Listener * listener,
bool use_ssl)
{
-
- if (store.in_blacklist(host.str)) return;
-
+ Quark server;
+ data.find_server_by_hn(host, server);
+ if (store.in_blacklist(server)) return;
ensure_module_init ();
#ifdef HAVE_OPENSSL
- ThreadWorker * w = new ThreadWorker (host, port, listener, use_ssl, ssl_ctx, store, socket_map);
+ ThreadWorker * w = new ThreadWorker (server, host, port, listener, use_ssl, ssl_ctx, store, socket_map);
#else
- ThreadWorker * w = new ThreadWorker (host, port, listener);
+ ThreadWorker * w = new ThreadWorker (server, host, port, listener);
#endif
threadpool.push_work (w, w, true);
}
@@ -176,9 +179,7 @@ SocketCreator :: create_socket (const StringView & host,
#ifdef HAVE_OPENSSL
void
SocketCreator :: on_verify_cert_failed(X509* cert, std::string server, std::string cert_name, int nr)
-{
-// delete_all_socks(socket_map, server);
-}
+{}
void
SocketCreator :: on_valid_cert_added (X509* cert, std::string server)
diff --git a/pan/tasks/socket-impl-main.h b/pan/tasks/socket-impl-main.h
index a8ff82b..315cc72 100644
--- a/pan/tasks/socket-impl-main.h
+++ b/pan/tasks/socket-impl-main.h
@@ -121,7 +121,7 @@ namespace pan
private Socket::Creator::Listener
{
public:
- SocketCreator (CertStore&);
+ SocketCreator (Data&, CertStore&);
virtual ~SocketCreator ();
@@ -144,6 +144,7 @@ namespace pan
virtual void on_valid_cert_added (X509*, std::string );
#endif
CertStore & store;
+ Data& data;
public:
virtual void create_socket (const StringView & host,
diff --git a/pan/tasks/socket-impl-openssl.cc b/pan/tasks/socket-impl-openssl.cc
index d550c99..1ca194f 100644
--- a/pan/tasks/socket-impl-openssl.cc
+++ b/pan/tasks/socket-impl-openssl.cc
@@ -112,7 +112,7 @@ extern void* p_freeaddrinfo;
#ifdef HAVE_OPENSSL // without libssl this class is just a stub....
-GIOChannelSocketSSL :: GIOChannelSocketSSL (SSL_CTX* ctx, CertStore& cs):
+GIOChannelSocketSSL :: GIOChannelSocketSSL (const Quark& server, SSL_CTX* ctx, CertStore& cs):
_channel (0),
_tag_watch (0),
_tag_timeout (0),
@@ -122,7 +122,8 @@ GIOChannelSocketSSL :: GIOChannelSocketSSL (SSL_CTX* ctx, CertStore& cs):
_io_performed (false),
_ctx(ctx),
_certstore(cs),
- _rehandshake(false)
+ _rehandshake(false),
+ _server(server)
{
cs.add_listener(this);
_session = cs.get_session();
@@ -299,7 +300,7 @@ GIOChannelSocketSSL :: ~GIOChannelSocketSSL ()
_certstore.remove_listener(this);
- std::cerr << LINE_ID << " destroying socket " << this <<std::endl;
+// std::cerr << LINE_ID << " destroying socket " << this <<std::endl;
remove_source (_tag_watch);
remove_source (_tag_timeout);
@@ -372,7 +373,7 @@ namespace
}
- int ssl_handshake(GIOChannel *handle, CertStore::Listener* listener,
+ int ssl_handshake(const Quark& server, GIOChannel *handle, CertStore::Listener* listener,
CertStore* cs, std::string host, SSL_SESSION* session, bool rehandshake)
{
@@ -390,7 +391,7 @@ namespace
mydata.l = listener;
/* build cert name from scratch or from Server* */
mydata.cert_name = CertStore::build_cert_name(host);
- mydata.server = host;
+ mydata.server = server;
SSL_set_ex_data(chan->ssl, SSL_get_fd(chan->ssl), &mydata);
if (session) ret = SSL_set_session(chan->ssl, session);
@@ -802,7 +803,8 @@ GIOChannelSocketSSL :: ssl_get_iochannel(GIOChannel *handle, gboolean verify)
gchan->read_buf = g_string_sized_new(4096*128);
int ret;
- if ((ret = ssl_handshake(gchan, this, &_certstore, _host, _session, _rehandshake)) == 0)
+ if ((ret = ssl_handshake(_server, gchan, this, &_certstore,
+ _host, _session, _rehandshake)) == 0)
{
g_io_channel_set_flags (handle, G_IO_FLAG_NONBLOCK, 0);
return gchan;
@@ -811,7 +813,8 @@ GIOChannelSocketSSL :: ssl_get_iochannel(GIOChannel *handle, gboolean verify)
}
void
-GIOChannelSocketSSL :: on_verify_cert_failed (X509* cert, std::string server, std::string cert_name, int nr)
+GIOChannelSocketSSL :: on_verify_cert_failed (X509* cert, std::string server,
+ std::string cert_name, int nr)
{
if (!_certstore.in_blacklist(server)) _certstore.blacklist(server);
}
diff --git a/pan/tasks/socket-impl-openssl.h b/pan/tasks/socket-impl-openssl.h
index 38ef501..bfb5485 100644
--- a/pan/tasks/socket-impl-openssl.h
+++ b/pan/tasks/socket-impl-openssl.h
@@ -52,7 +52,7 @@ namespace pan
{
public:
virtual ~GIOChannelSocketSSL ();
- GIOChannelSocketSSL (SSL_CTX* ctx, CertStore& cs);
+ GIOChannelSocketSSL (const Quark&, SSL_CTX* ctx, CertStore& cs);
virtual bool open (const StringView& address, int port, std::string& setme_err);
virtual void write_command (const StringView& chars, Socket::Listener *);
@@ -72,6 +72,7 @@ namespace pan
CertStore& _certstore;
SSL_SESSION* _session;
bool _rehandshake;
+ Quark _server;
public:
void set_rehandshake (bool setme) { _rehandshake = setme; }
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
