Skip to content

Commit de1518b

Browse files
author
Peter Schojer
committed
exceptions instead of assertions
1 parent 14a4c61 commit de1518b

1 file changed

Lines changed: 30 additions & 7 deletions

File tree

NetSSL_OpenSSL/src/SecureSocketImpl.cpp

Lines changed: 30 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
//
22
// SecureSocketImpl.cpp
33
//
4-
// $Id: //poco/svn/NetSSL_OpenSSL/src/SecureSocketImpl.cpp#1 $
4+
// $Id: //poco/Main/NetSSL_OpenSSL/src/SecureSocketImpl.cpp#25 $
55
//
66
// Library: NetSSL_OpenSSL
77
// Package: SSLSockets
@@ -290,7 +290,8 @@ void SecureSocketImpl::close()
290290
int SecureSocketImpl::sendBytes(const void* buffer, int length, int flags)
291291
{
292292
poco_assert (sockfd() != POCO_INVALID_SOCKET);
293-
poco_check_ptr (_pSSL);
293+
if (!_pSSL)
294+
throw SSLException("Cannot write to closed/uninitialized socket");
294295

295296
int rc;
296297
do
@@ -309,8 +310,8 @@ int SecureSocketImpl::sendBytes(const void* buffer, int length, int flags)
309310

310311
int SecureSocketImpl::receiveBytes(void* buffer, int length, int flags)
311312
{
312-
poco_assert (sockfd() != POCO_INVALID_SOCKET);
313-
poco_check_ptr (_pSSL);
313+
if (sockfd() == POCO_INVALID_SOCKET || !_pSSL)
314+
throw SSLException("Cannot read from closed/uninitialized socket");
314315

315316
int rc;
316317
bool renegotiating = false;
@@ -371,12 +372,36 @@ long SecureSocketImpl::postConnectionCheck(bool server, SSL* pSSL, const std::st
371372
static std::string locHost("127.0.0.1");
372373

373374
SSLManager& mgr = SSLManager::instance();
374-
Context::VerificationMode mode = server? mgr.defaultServerContext()->verificationMode() : mgr.defaultClientContext()->verificationMode();
375+
SSLManager::ContextPtr pContext = server? mgr.defaultServerContext(): mgr.defaultClientContext();
376+
Context::VerificationMode mode = pContext->verificationMode();
375377
if (hostName == locHost && mode != Context::VERIFY_STRICT)
376378
return X509_V_OK;
377379

378380
X509* cert = 0;
379381
X509_NAME* subj = 0;
382+
383+
if (mode == Context::VERIFY_NONE) // should we allow none on the client side?
384+
{
385+
return X509_V_OK;
386+
}
387+
388+
cert = SSL_get_peer_certificate(pSSL);
389+
return postConnectionCheck(pContext, cert, hostName);
390+
}
391+
392+
393+
long SecureSocketImpl::postConnectionCheck(SSLManager::ContextPtr pContext, X509* pCert, const std::string& hostName)
394+
{
395+
static std::string locHost("127.0.0.1");
396+
397+
SSLManager& mgr = SSLManager::instance();
398+
bool server = pContext->serverContext();
399+
Context::VerificationMode mode = pContext->verificationMode();
400+
if (hostName == locHost && mode != Context::VERIFY_STRICT)
401+
return X509_V_OK;
402+
403+
X509* cert = pCert;
404+
X509_NAME* subj = 0;
380405
char* host = const_cast<char*>(hostName.c_str());
381406

382407
int extcount=0;
@@ -385,8 +410,6 @@ long SecureSocketImpl::postConnectionCheck(bool server, SSL* pSSL, const std::st
385410
{
386411
return X509_V_OK;
387412
}
388-
389-
cert = SSL_get_peer_certificate(pSSL);
390413

391414
// note: the check is used by the client, so as long we don't set None at the client we reject
392415
// cases where no certificate/incomplete info is presented by the server

0 commit comments

Comments
 (0)