From e926155c829428b0b95675a78d05fa2de9254cbd Mon Sep 17 00:00:00 2001 From: David Rose Date: Thu, 17 Oct 2002 21:25:14 +0000 Subject: [PATCH] defer reading of certificates until the first SSL connection --- panda/src/downloader/httpChannel.cxx | 5 +++-- panda/src/downloader/httpClient.cxx | 28 ++++++++++++++++++---------- panda/src/downloader/httpClient.h | 4 +++- 3 files changed, 24 insertions(+), 13 deletions(-) diff --git a/panda/src/downloader/httpChannel.cxx b/panda/src/downloader/httpChannel.cxx index 67a1fcc8d1..6de2f17153 100644 --- a/panda/src/downloader/httpChannel.cxx +++ b/panda/src/downloader/httpChannel.cxx @@ -670,7 +670,7 @@ run_proxy_reading_header() { //////////////////////////////////////////////////////////////////// bool HTTPChannel:: run_setup_ssl() { - _sbio = BIO_new_ssl(_client->_ssl_ctx, true); + _sbio = BIO_new_ssl(_client->get_ssl_ctx(), true); BIO_push(_sbio, *_bio); if (downloader_cat.is_debug()) { @@ -2120,8 +2120,9 @@ show_send(const string &message) { size_t start = 0; size_t newline = message.find('\n', start); while (newline != string::npos) { + // Assume every \n is preceded by a \r. downloader_cat.spam() - << "send: " << message.substr(start, newline - start + 1); + << "send: " << message.substr(start, newline - start - 1) << "\n"; start = newline + 1; newline = message.find('\n', start); } diff --git a/panda/src/downloader/httpClient.cxx b/panda/src/downloader/httpClient.cxx index 28c5c405fa..618fbad275 100644 --- a/panda/src/downloader/httpClient.cxx +++ b/panda/src/downloader/httpClient.cxx @@ -53,7 +53,13 @@ HTTPClient:: HTTPClient() { _http_version = HV_11; _verify_ssl = verify_ssl ? VS_normal : VS_no_verify; - make_ctx(); + _ssl_ctx = (SSL_CTX *)NULL; + + // The first time we create an HTTPClient, we must initialize the + // OpenSSL library. + if (!_ssl_initialized) { + initialize_ssl(); + } } //////////////////////////////////////////////////////////////////// @@ -67,7 +73,7 @@ HTTPClient(const HTTPClient ©) { // function will copy them in a second. _http_version = HV_11; _verify_ssl = verify_ssl ? VS_normal : VS_no_verify; - make_ctx(); + _ssl_ctx = (SSL_CTX *)NULL; (*this) = copy; } @@ -356,15 +362,15 @@ get_header(const URLSpec &url) { //////////////////////////////////////////////////////////////////// -// Function: HTTPClient::make_ctx -// Access: Private -// Description: Creates the OpenSSL context object. This is only -// called by the constructor. +// Function: HTTPClient::get_ssl_ctx +// Access: Public +// Description: Returns the OpenSSL context object, creating it first +// if needed. //////////////////////////////////////////////////////////////////// -void HTTPClient:: -make_ctx() { - if (!_ssl_initialized) { - initialize_ssl(); +SSL_CTX *HTTPClient:: +get_ssl_ctx() { + if (_ssl_ctx != (SSL_CTX *)NULL) { + return _ssl_ctx; } _ssl_ctx = SSL_CTX_new(SSLv23_client_method()); @@ -428,6 +434,8 @@ make_ctx() { } } } + + return _ssl_ctx; } //////////////////////////////////////////////////////////////////// diff --git a/panda/src/downloader/httpClient.h b/panda/src/downloader/httpClient.h index efed602a86..d819b4d012 100644 --- a/panda/src/downloader/httpClient.h +++ b/panda/src/downloader/httpClient.h @@ -95,8 +95,10 @@ PUBLISHED: const string &body = string()); PT(HTTPChannel) get_header(const URLSpec &url); +public: + SSL_CTX *get_ssl_ctx(); + private: - void make_ctx(); static void initialize_ssl(); static int load_verify_locations(SSL_CTX *ctx, const Filename &ca_file);