Refactored no or wrong ssl certificate error handling #4410

Conflicts:
	src/lib/net/TCPListenSocket.cpp
	src/lib/plugin/ns/SecureListenSocket.cpp
	src/lib/plugin/ns/SecureSocket.cpp
	src/lib/plugin/ns/SecureSocket.h

src/lib/mt/Thread.cpp

@@ -18,7 +18,6 @@
 
 #include "mt/Thread.h"
 
-#include "net/XSocket.h"
 #include "mt/XMT.h"
 #include "mt/XThread.h"
 #include "arch/Arch.h"
@@ -158,10 +157,6 @@ Thread::threadFunc(void* vjob)
 		job->run();
 		LOG((CLOG_DEBUG1 "thread 0x%08x exit", id));
 	}
-
-	catch (XSocket& e) {
-		LOG((CLOG_DEBUG "%s", e.what()));
-	}
 	catch (XThreadCancel&) {
 		// client called cancel()
 		LOG((CLOG_DEBUG1 "caught cancel on thread 0x%08x", id));

src/lib/net/TCPListenSocket.cpp

@@ -112,27 +112,35 @@ TCPListenSocket::accept()
 	try {
 		socket = new TCPSocket(m_events, m_socketMultiplexer, ARCH->acceptSocket(m_socket, NULL));
 		if (socket != NULL) {
-			m_socketMultiplexer->addSocket(this,
+			setListeningJob();
-							new TSocketMultiplexerMethodJob<TCPListenSocket>(
-								this, &TCPListenSocket::serviceListening,
-								m_socket, true, false));
 		}
 		return socket;
 	}
 	catch (XArchNetwork&) {
 		if (socket != NULL) {
 			delete socket;
+			setListeningJob();
 		}
 		return NULL;
 	}
 	catch (std::exception &ex) {
 		if (socket != NULL) {
 			delete socket;
+			setListeningJob();
 		}
 		throw ex;
 	}
 }
 
+void
+CTCPListenSocket::setListeningJob()
+{
+	m_socketMultiplexer->addSocket(this,
+							new TSocketMultiplexerMethodJob<CTCPListenSocket>(
+								this, &CTCPListenSocket::serviceListening,
+								m_socket, true, false));
+}
+
 ISocketMultiplexerJob*
 TCPListenSocket::serviceListening(ISocketMultiplexerJob* job,
 							bool read, bool, bool error)

src/lib/net/TCPListenSocket.h

@@ -45,6 +45,9 @@ public:
 						accept();
 	virtual void		deleteSocket(void*) { }
 
+protected:
+	void				setListeningJob();
+
 public:
 	ISocketMultiplexerJob*
 						serviceListening(ISocketMultiplexerJob*,

src/lib/plugin/ns/SecureListenSocket.cpp

@@ -55,9 +55,16 @@ SecureListenSocket::accept()
 						m_socketMultiplexer,
 						ARCH->acceptSocket(m_socket, NULL));
 
+<<<<<<< HEAD:src/lib/plugin/ns/SecureListenSocket.cpp
 		m_secureSocketSet.insert(socket);
 
 		socket->initSsl(true);
+=======
+		if (socket != NULL) {
+			setListeningJob();
+		}
+
+>>>>>>> 79b9c52... Refactored no or wrong ssl certificate error handling #30:src/lib/net/SecureListenSocket.cpp
 		// TODO: customized certificate path
 		String certificateFilename = ARCH->getProfileDirectory();
 #if SYSAPI_WIN32
@@ -67,26 +74,36 @@ SecureListenSocket::accept()
 #endif
 		certificateFilename.append(s_certificateFilename);
 
-		socket->loadCertificates(certificateFilename.c_str());
+		bool loaded = socket->loadCertificates(certificateFilename);
+		if (!loaded) {
+			delete socket;
+			return NULL;
+		}
+
 		socket->secureAccept();
 
+<<<<<<< HEAD:src/lib/plugin/ns/SecureListenSocket.cpp
 		if (socket != NULL) {
 			m_socketMultiplexer->addSocket(this,
 							new TSocketMultiplexerMethodJob<TCPListenSocket>(
 								this, &TCPListenSocket::serviceListening,
 								m_socket, true, false));
 		}
+=======
+>>>>>>> 79b9c52... Refactored no or wrong ssl certificate error handling #30:src/lib/net/SecureListenSocket.cpp
 		return dynamic_cast<IDataSocket*>(socket);
 	}
 	catch (XArchNetwork&) {
 		if (socket != NULL) {
 			delete socket;
+			setListeningJob();
 		}
 		return NULL;
 	}
 	catch (std::exception &ex) {
 		if (socket != NULL) {
 			delete socket;
+			setListeningJob();
 		}
 		throw ex;
 	}

src/lib/plugin/ns/SecureSocket.cpp

@@ -151,24 +151,46 @@ SecureSocket::initSsl(bool server)
 	initContext(server);
 }
 
-void
+bool
-SecureSocket::loadCertificates(const char* filename)
+CSecureSocket::loadCertificates(CString& filename)
 {
-	int r = 0;
+	if (filename.empty()) {
-	r = SSL_CTX_use_certificate_file(m_ssl->m_context, filename, SSL_FILETYPE_PEM);
+		showError("ssl certificate is not specified");
-	if (r <= 0) {
+		return false;
-		throwError("could not use ssl certificate");
+	}
+	else {
+		std::ifstream file(filename.c_str());
+		bool exist = file.good();
+		file.close();
+
+		if (!exist) {
+			CString errorMsg("ssl certificate doesn't exist: ");
+			errorMsg.append(filename);
+			showError(errorMsg.c_str());
+			return false;
+		}
 	}
 
-	r = SSL_CTX_use_PrivateKey_file(m_ssl->m_context, filename, SSL_FILETYPE_PEM);
+	int r = 0;
+	r = SSL_CTX_use_certificate_file(m_ssl->m_context, filename.c_str(), SSL_FILETYPE_PEM);
 	if (r <= 0) {
-		throwError("could not use ssl private key");
+		showError("could not use ssl certificate");
+		return false;
+	}
+
+	r = SSL_CTX_use_PrivateKey_file(m_ssl->m_context, filename.c_str(), SSL_FILETYPE_PEM);
+	if (r <= 0) {
+		showError("could not use ssl private key");
+		return false;
 	}
 
 	r = SSL_CTX_check_private_key(m_ssl->m_context);
 	if (!r) {
-		throwError("could not verify ssl private key");
+		showError("could not verify ssl private key");
+		return false;
 	}
+
+	return true;
 }
 
 void
@@ -258,7 +280,8 @@ SecureSocket::secureConnect(int socket)
 		// tell user and sleep so the socket isn't hammered.
 		LOG((CLOG_ERR "failed to connect secure socket"));
 		LOG((CLOG_INFO "server connection may not be secure"));
-		ARCH->sleep(1);
+		disconnect();
+		return false;
 	}
 
 	m_secureReady = !retry;
@@ -266,7 +289,9 @@ SecureSocket::secureConnect(int socket)
 	if (m_secureReady) {
 		if (verifyCertFingerprint()) {
 			LOG((CLOG_INFO "connected to secure socket"));
-			showCertificate();
+			if (!showCertificate()) {
+				disconnect();
+			}
 		}
 		else {
 			LOG((CLOG_ERR "failed to verity server certificate fingerprint"));
@@ -277,8 +302,8 @@ SecureSocket::secureConnect(int socket)
 	return retry;
 }
 
-void
+bool
-SecureSocket::showCertificate()
+CSecureSocket::showCertificate()
 {
 	X509* cert;
 	char* line;
@@ -292,8 +317,11 @@ SecureSocket::showCertificate()
 		X509_free(cert);
 	}
 	else {
-		throwError("server has no ssl certificate");
+		showError("server has no ssl certificate");
+		return false;
 	}
+
+	return true;
 }
 
 void
@@ -359,24 +387,15 @@ SecureSocket::checkResult(int n, bool& fatal, bool& retry)
 }
 
 void
-SecureSocket::showError()
+CSecureSocket::showError(const char* reason)
 {
-	String error = getError();
+	if (reason != NULL) {
-	if (!error.empty()) {
+		LOG((CLOG_ERR "%s", reason));
-		LOG((CLOG_ERR "secure socket error: %s", error.c_str()));
-	}
 	}
 
-void
+	CString error = getError();
-SecureSocket::throwError(const char* reason)
-{
-	String error = getError();
 	if (!error.empty()) {
-		throw XSocket(synergy::string::sprintf(
+		LOG((CLOG_ERR "%s", error.c_str()));
-											   "%s: %s", reason, error.c_str()));
-	}
-	else {
-		throw XSocket(reason);
 	}
 }
 

src/lib/plugin/ns/SecureSocket.h

@@ -50,7 +50,7 @@ public:
 	UInt32				secureRead(void* buffer, UInt32 n);
 	UInt32				secureWrite(const void* buffer, UInt32 n);
 	void				initSsl(bool server);
-	void				loadCertificates(const char* CertFile);
+	bool				loadCertificates(CString& CertFile);
 
 private:
 	// SSL
@@ -58,10 +58,9 @@ private:
 	void				createSSL();
 	bool				secureAccept(int s);
 	bool				secureConnect(int s);
-	void				showCertificate();
+	bool				showCertificate();
 	void				checkResult(int n, bool& fatal, bool& retry);
-	void				showError();
+	void				showError(const char* reason = NULL);
-	void				throwError(const char* reason);
 	String				getError();
 	void				disconnect();
 	bool				verifyCertFingerprint();