TheCloud/panda3d
1
0
Fork 0
mirror of https://github.com/panda3d/panda3d.git synced 2025-10-02 09:52:27 -04:00
Code Issues Packages Projects Releases Wiki Activity

better solution to multiple certificate problem

Browse Source
This commit is contained in:
David Rose 2002-10-01 20:49:54 +00:00
parent 7c3cdd08a0
commit 92a763eee1
2 changed files with 43 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

53
panda/src/downloader/httpClient.cxx
View File

@ -31,7 +31,9 @@
#endif #endif
bool HTTPClient::_ssl_initialized = false; bool HTTPClient::_ssl_initialized = false;
SSL_CTX *HTTPClient::_ssl_ctx = NULL;
// Never freed.
X509_STORE *HTTPClient::_x509_store = NULL;
//////////////////////////////////////////////////////////////////// ////////////////////////////////////////////////////////////////////
@ -41,8 +43,12 @@ SSL_CTX *HTTPClient::_ssl_ctx = NULL;
//////////////////////////////////////////////////////////////////// ////////////////////////////////////////////////////////////////////
HTTPClient:: HTTPClient::
~HTTPClient() { ~HTTPClient() {
// Since the context is temporarily shared among all clients. // Before we can free the context, we must remove the X509_STORE
// SSL_CTX_free(_ssl_ctx); // pointer from it, so it won't be destroyed along with it (this
// object is shared among all contexts).
nassertv(_ssl_ctx->cert_store == _x509_store);
_ssl_ctx->cert_store = NULL;
SSL_CTX_free(_ssl_ctx);
} }
//////////////////////////////////////////////////////////////////// ////////////////////////////////////////////////////////////////////
@ -126,11 +132,6 @@ make_ctx() {
initialize_ssl(); initialize_ssl();
} }
if (_ssl_ctx != (SSL_CTX *)NULL) {
// Since the context is temporarily shared among all clients.
return;
}
_ssl_ctx = SSL_CTX_new(SSLv23_client_method()); _ssl_ctx = SSL_CTX_new(SSLv23_client_method());
#if defined(SSL_097) && !defined(NDEBUG) #if defined(SSL_097) && !defined(NDEBUG)
@ -144,20 +145,32 @@ make_ctx() {
// Insist on verifying servers if we are configured to. // Insist on verifying servers if we are configured to.
set_verify_ssl(verify_ssl); set_verify_ssl(verify_ssl);
// Load in any default certificates listed in the Configrc file. if (_x509_store != (X509_STORE *)NULL) {
Config::ConfigTable::Symbol cert_files; // If we've already created an x509 store object, use it for this
config_express.GetAll("ssl-certificates", cert_files); // context.
SSL_CTX_set_cert_store(_ssl_ctx, _x509_store);
// When we use GetAll(), we might inadvertently read duplicate } else {
// lines. Filter them out with a set. // Create the first x509 store object, and fill it up with our
pset<string> already_read; // certificates.
_x509_store = X509_STORE_new();
SSL_CTX_set_cert_store(_ssl_ctx, _x509_store);
Config::ConfigTable::Symbol::iterator si; // Load in any default certificates listed in the Configrc file.
for (si = cert_files.begin(); si != cert_files.end(); ++si) { Config::ConfigTable::Symbol cert_files;
string cert_file = (*si).Val(); config_express.GetAll("ssl-certificates", cert_files);
if (already_read.insert(cert_file).second) {
Filename filename = Filename::from_os_specific(ExecutionEnvironment::expand_string(cert_file)); // When we use GetAll(), we might inadvertently read duplicate
load_certificates(filename); // lines. Filter them out with a set.
pset<string> already_read;
Config::ConfigTable::Symbol::iterator si;
for (si = cert_files.begin(); si != cert_files.end(); ++si) {
string cert_file = (*si).Val();
if (already_read.insert(cert_file).second) {
Filename filename = Filename::from_os_specific(ExecutionEnvironment::expand_string(cert_file));
load_certificates(filename);
}
} }
} }
} }

14
panda/src/downloader/httpClient.h
View File

@ -39,14 +39,18 @@ class Filename;
//////////////////////////////////////////////////////////////////// ////////////////////////////////////////////////////////////////////
// Class : HTTPClient // Class : HTTPClient
// Description : Handles contacting an HTTP server and retrieving a // Description : Handles contacting an HTTP server and retrieving a
// document. // document. Each HTTPClient object represents a
// separate context; it is up to the programmer whether
// one HTTPClient should be used to retrieve all
// documents, or a separate one should be created each
// time.
//////////////////////////////////////////////////////////////////// ////////////////////////////////////////////////////////////////////
class EXPCL_PANDAEXPRESS HTTPClient { class EXPCL_PANDAEXPRESS HTTPClient {
PUBLISHED: PUBLISHED:
INLINE HTTPClient(); INLINE HTTPClient();
INLINE HTTPClient(const HTTPClient &copy); INLINE HTTPClient(const HTTPClient &copy);
INLINE void operator = (const HTTPClient &copy); INLINE void operator = (const HTTPClient &copy);
INLINE ~HTTPClient(); ~HTTPClient();
INLINE void set_proxy(const URLSpec &proxy); INLINE void set_proxy(const URLSpec &proxy);
INLINE const URLSpec &get_proxy() const; INLINE const URLSpec &get_proxy() const;
@ -85,12 +89,10 @@ private:
URLSpec _proxy; URLSpec _proxy;
bool _verify_ssl; bool _verify_ssl;
SSL_CTX *_ssl_ctx;
static bool _ssl_initialized; static bool _ssl_initialized;
static X509_STORE *_x509_store;
// This is temporarily static, shared among all clients, to work
// around the loading certificates problem.
static SSL_CTX *_ssl_ctx;
}; };
#include "httpClient.I" #include "httpClient.I"