Skip to content

Commit

Permalink
Merge pull request #708 from mitza-oci/ssliop-ecname
Browse files Browse the repository at this point in the history 
Updated SSLECName option (see PR #683) for compatibility with OpenSSL…
  • Loading branch information
@mitza-oci
mitza-oci authored Sep 14, 2018
2 parents cf17fe5 + 07537d1 commit 06f7c45
Showing 1 changed file with 45 additions and 43 deletions.
88 changes: 45 additions & 43 deletions TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Factory.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -548,16 +548,15 @@ TAO::SSLIOP::Protocol_Factory::init (int argc, ACE_TCHAR* argv[])
{
this->check_host_ = true;
}
else if (ACE_OS::strcasecmp(argv[curarg],
ACE_TEXT("-SSLEcName")) == 0)
{
curarg++;
else if (ACE_OS::strcasecmp (argv[curarg],
ACE_TEXT ("-SSLEcName")) == 0)
{
++curarg;
if (curarg < argc)
{
{
ec_name = static_cast<const char *>(ACE_TEXT_ALWAYS_CHAR(argv[curarg]));
}
}

}
}
}

if (pem_passwd_.length() > 0)
Expand Down Expand Up @@ -740,50 +739,53 @@ TAO::SSLIOP::Protocol_Factory::init (int argc, ACE_TCHAR* argv[])
}
}

if (ec_name.in() != 0)
{
int ec_nid = OBJ_sn2nid(ec_name.in());
if (ec_name.in ())
{
#ifdef OPENSSL_NO_EC
ORBSVCS_ERROR ((LM_ERROR,
ACE_TEXT ("TAO (%P|%t) - Unable to apply -SSLEcName ")
ACE_TEXT ("due to lack of EC support in OpenSSL\n")));
return -1;
#else
int const ec_nid = OBJ_sn2nid (ec_name.in ());

if (ec_nid == NID_undef)
{
ORBSVCS_ERROR((LM_ERROR,
ACE_TEXT("TAO (%P|%t) - Unable to obtain ")
ACE_TEXT("EC NID for <%C> ")
ACE_TEXT("in SSLIOP factory.\n"),
ec_name.in()));
{
ORBSVCS_ERROR ((LM_ERROR,
ACE_TEXT ("TAO (%P|%t) - Unable to obtain ")
ACE_TEXT ("EC NID for <%C> in SSLIOP factory.\n"),
ec_name.in ()));
return -1;
}
}

EC_KEY *ecdh = EC_KEY_new_by_curve_name(ec_nid);
EC_KEY *const ecdh = EC_KEY_new_by_curve_name (ec_nid);
if (!ecdh)
{
ORBSVCS_ERROR((LM_ERROR,
ACE_TEXT("TAO (%P|%t) - Unable to set ")
ACE_TEXT("Curve Name ")
ACE_TEXT("<%C> in SSLIOP factory.\n"),
ec_name.in()));
{
ORBSVCS_ERROR ((LM_ERROR,
ACE_TEXT ("TAO (%P|%t) - Unable to set Curve Name ")
ACE_TEXT ("<%C> in SSLIOP factory.\n"),
ec_name.in ()));
return -1;
}
}

if (1 != ::SSL_CTX_set_tmp_ecdh(ssl_ctx->context(), ecdh))
{
ORBSVCS_ERROR((LM_ERROR,
ACE_TEXT("TAO (%P|%t) - Unable to set ")
ACE_TEXT("temp ECDH ")
ACE_TEXT("<%C> in SSLIOP factory.\n"),
ec_name.in()));
if (1 != ::SSL_CTX_set_tmp_ecdh (ssl_ctx->context (), ecdh))
{
ORBSVCS_ERROR ((LM_ERROR,
ACE_TEXT ("TAO (%P|%t) - Unable to set temp ECDH ")
ACE_TEXT ("<%C> in SSLIOP factory.\n"),
ec_name.in ()));
return -1;
}
}

if (TAO_debug_level > 0)
{
ORBSVCS_DEBUG((LM_INFO,
ACE_TEXT("TAO (%P|%t) - SSLIOP set ")
ACE_TEXT("EC Curve Name ")
ACE_TEXT("to <%C>\n"),
ec_name.in()));
}
}
if (TAO_debug_level)
{
ORBSVCS_DEBUG ((LM_INFO,
ACE_TEXT ("TAO (%P|%t) - SSLIOP set EC Curve Name ")
ACE_TEXT ("to <%C>\n"),
ec_name.in ()));
}
#endif
}

if (this->register_orb_initializer () != 0)
return -1;
Expand Down

0 comments on commit 06f7c45

Please sign in to comment.