From 8ad9f2bee9ca779988aa5634906751b30b07156e Mon Sep 17 00:00:00 2001 From: Lars Thorsen Date: Fri, 2 Dec 2011 15:27:35 +0100 Subject: [orber] Change the option handling for ssl --- lib/orber/src/orber_iiop_net.erl | 137 +++++++++++++++++++++++++++------------ 1 file changed, 95 insertions(+), 42 deletions(-) (limited to 'lib/orber/src/orber_iiop_net.erl') diff --git a/lib/orber/src/orber_iiop_net.erl b/lib/orber/src/orber_iiop_net.erl index 58eba9f039..5620b5d94f 100644 --- a/lib/orber/src/orber_iiop_net.erl +++ b/lib/orber/src/orber_iiop_net.erl @@ -161,31 +161,51 @@ terminate(_Reason, _State) -> %%----------------------------------------------------------------- get_options(normal, _Options) -> []; -get_options(ssl, Options) -> - Verify = orber_tb:keysearch(ssl_server_verify, Options, - orber_env:ssl_server_verify()), - Depth = orber_tb:keysearch(ssl_server_depth, Options, - orber_env:ssl_server_depth()), - Cert = orber_tb:keysearch(ssl_server_certfile, Options, - orber_env:ssl_server_certfile()), - CaCert = orber_tb:keysearch(ssl_server_cacertfile, Options, - orber_env:ssl_server_cacertfile()), - Pwd = orber_tb:keysearch(ssl_server_password, Options, - orber_env:ssl_server_password()), - Key = orber_tb:keysearch(ssl_server_keyfile, Options, - orber_env:ssl_server_keyfile()), - Ciphers = orber_tb:keysearch(ssl_server_ciphers, Options, - orber_env:ssl_server_ciphers()), - Timeout = orber_tb:keysearch(ssl_server_cachetimeout, Options, - orber_env:ssl_server_cachetimeout()), - [{verify, Verify}, - {depth, Depth} | - ssl_server_extra_options([{certfile, Cert}, - {cacertfile, CaCert}, - {password, Pwd}, - {keyfile, Key}, - {ciphers, Ciphers}, - {cachetimeout, Timeout}], [])]. +get_options(ssl, Options) -> + SSLOpts = + case orber_tb:keysearch(ssl_server_opts, Options, + orber_env:ssl_server_opts()) of + [] -> + Verify = orber_tb:keysearch(ssl_server_verify, Options, + orber_env:ssl_server_verify()), + Depth = orber_tb:keysearch(ssl_server_depth, Options, + orber_env:ssl_server_depth()), + Cert = orber_tb:keysearch(ssl_server_certfile, Options, + orber_env:ssl_server_certfile()), + CaCert = orber_tb:keysearch(ssl_server_cacertfile, Options, + orber_env:ssl_server_cacertfile()), + Pwd = orber_tb:keysearch(ssl_server_password, Options, + orber_env:ssl_server_password()), + Key = orber_tb:keysearch(ssl_server_keyfile, Options, + orber_env:ssl_server_keyfile()), + Ciphers = orber_tb:keysearch(ssl_server_ciphers, Options, + orber_env:ssl_server_ciphers()), + Timeout = orber_tb:keysearch(ssl_server_cachetimeout, Options, + orber_env:ssl_server_cachetimeout()), + KeepAlive = orber_tb:keysearch(ssl_server_cachetimeout, Options, + orber_env:iiop_ssl_in_keepalive()), + [{verify, Verify}, + {depth, Depth}, + {certfile, Cert}, + {cacertfile, CaCert}, + {password, Pwd}, + {keyfile, Key}, + {ciphers, Ciphers}, + {cachetimeout, Timeout}, + {keepalive, KeepAlive}]; + Opts -> + case orber_tb:check_illegal_tcp_options(Opts) of + ok -> + check_old_ssl_server_options(Options), + Opts; + {error, IllegalOpts} -> + error_logger:error_report([{application, orber}, + "TCP options not allowed to set on a connection", + IllegalOpts]), + error("Illegal TCP option") + end + end, + ssl_server_extra_options(SSLOpts, []). %%----------------------------------------------------------------- %% Func: parse_options/2 @@ -266,23 +286,28 @@ handle_call({add, IP, Type, Port, AllOptions}, _From, State) -> Family = orber_env:ip_version(), case inet:getaddr(IP, Family) of {ok, IPTuple} -> - Options = [{ip, IPTuple}|get_options(Type, AllOptions)], - Ref = make_ref(), - ProxyOptions = filter_options(AllOptions, []), - case orber_socket:listen(Type, Port, Options, false) of - {ok, Listen, NewPort} -> - {ok, Pid} = orber_iiop_socketsup:start_accept(Type, Listen, Ref, - ProxyOptions), - link(Pid), - ets:insert(?CONNECTION_DB, #listen{pid = Pid, - socket = Listen, - port = NewPort, - type = Type, ref = Ref, - options = Options, - proxy_options = ProxyOptions}), - {reply, {ok, Ref}, State}; - Error -> - {reply, Error, State} + try [{ip, IPTuple} |get_options(Type, AllOptions)] of + Options -> + Ref = make_ref(), + ProxyOptions = filter_options(AllOptions, []), + case orber_socket:listen(Type, Port, Options, false) of + {ok, Listen, NewPort} -> + {ok, Pid} = orber_iiop_socketsup:start_accept(Type, Listen, Ref, + ProxyOptions), + link(Pid), + ets:insert(?CONNECTION_DB, #listen{pid = Pid, + socket = Listen, + port = NewPort, + type = Type, ref = Ref, + options = Options, + proxy_options = ProxyOptions}), + {reply, {ok, Ref}, State}; + Error -> + {reply, Error, State} + end + catch + error:Reason -> + {reply, {error, Reason}, State} end; Other -> {reply, Other, State} @@ -461,3 +486,31 @@ update_counter(#state{max_connections = infinity} = State, _) -> update_counter(State, Value) -> State#state{counter = State#state.counter + Value}. + +check_old_ssl_server_options(Options) -> + try + 0 = orber_tb:keysearch(ssl_server_verify, Options, + orber_env:ssl_server_verify()), + 1 = orber_tb:keysearch(ssl_server_depth, Options, + orber_env:ssl_server_depth()), + [] = orber_tb:keysearch(ssl_server_certfile, Options, + orber_env:ssl_server_certfile()), + [] = orber_tb:keysearch(ssl_server_cacertfile, Options, + orber_env:ssl_server_cacertfile()), + [] = orber_tb:keysearch(ssl_server_password, Options, + orber_env:ssl_server_password()), + [] = orber_tb:keysearch(ssl_server_keyfile, Options, + orber_env:ssl_server_keyfile()), + [] = orber_tb:keysearch(ssl_server_ciphers, Options, + orber_env:ssl_server_ciphers()), + infinity = orber_tb:keysearch(ssl_server_cachetimeout, Options, + orber_env:ssl_server_cachetimeout()), + false = orber_tb:keysearch(iiop_ssl_in_keepalive, Options, + orber_env:iiop_ssl_in_keepalive()) + catch + _:_ -> + io:format("hej\n",[]), + error_logger:warning_report([{application, orber}, + "Ignoring deprecated ssl server options used together with the ssl_server_opts"]) + end. + -- cgit v1.2.3