thijn/SqMod
1
0
Fork 0
mirror of https://github.com/VCMP-SqMod/SqMod.git synced 2025-08-08 00:51:47 +02:00
Code Releases Activity

Update POCO to 1.11.0

Browse Source
This commit is contained in:
Sandu Liviu Catalin
2021-08-22 18:07:06 +03:00
parent 151077c799
commit 7a3d92d1d1
450 changed files with 25219 additions and 6528 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
vendor/POCO/NetSSL_OpenSSL/include/Poco/Net/AcceptCertificateHandler.h vendored
View File

@@ -27,7 +27,7 @@ namespace Net {
class NetSSL_API AcceptCertificateHandler: public InvalidCertificateHandler
/// A AcceptCertificateHandler is invoked whenever an error
/// A AcceptCertificateHandler is invoked whenever an error
/// occurs verifying the certificate. It always accepts
/// the certificate.
///

37
vendor/POCO/NetSSL_OpenSSL/include/Poco/Net/Context.h vendored
View File

@@ -20,10 +20,12 @@
#include "Poco/Net/NetSSL.h"
#include "Poco/Net/SocketDefs.h"
#include "Poco/Net/InvalidCertificateHandler.h"
#include "Poco/Crypto/X509Certificate.h"
#include "Poco/Crypto/EVPPKey.h"
#include "Poco/Crypto/RSAKey.h"
#include "Poco/RefCountedObject.h"
#include "Poco/SharedPtr.h"
#include "Poco/AutoPtr.h"
#include <openssl/ssl.h>
#include <cstdlib>
@@ -135,6 +137,7 @@ public:
std::string certificateFile;
/// Path to the certificate file (in PEM format).
///
/// If the private key and the certificate are stored in the same file, this
/// can be empty if privateKeyFile is given.
@@ -156,6 +159,10 @@ public:
/// Specifies whether the builtin CA certificates from OpenSSL are used.
/// Defaults to false.
bool ocspStaplingVerification;
/// Specifies whether Client should verify OCSP Response
/// Defaults to false.
std::string cipherList;
/// Specifies the supported ciphers in OpenSSL notation.
/// Defaults to "ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH".
@@ -188,6 +195,8 @@ public:
/// "X448:X25519:ffdhe4096:ffdhe3072:ffdhe2048:ffdhe6144:ffdhe8192:P-521:P-384:P-256"
};
using InvalidCertificateHandlerPtr = Poco::SharedPtr<InvalidCertificateHandler>;
Context(Usage usage, const Params& params);
/// Creates a Context using the given parameters.
///
@@ -397,6 +406,20 @@ public:
/// preferences. When called, the SSL/TLS server will choose following its own
/// preferences.
bool ocspStaplingResponseVerificationEnabled() const;
/// Returns true if automatic OCSP response
/// reception and verification is enabled for client connections
void setInvalidCertificateHandler(InvalidCertificateHandlerPtr pInvalidCertificageHandler);
/// Sets a Context-specific InvalidCertificateHandler.
///
/// If specified, this InvalidCertificateHandler will be used instead of the
/// one globally set in the SSLManager.
InvalidCertificateHandlerPtr getInvalidCertificateHandler() const;
/// Returns the InvalidCertificateHandler set for this Context,
/// or a null pointer if none has been set.
private:
void init(const Params& params);
/// Initializes the Context with the given parameters.
@@ -415,6 +438,8 @@ private:
VerificationMode _mode;
SSL_CTX* _pSSLContext;
bool _extendedCertificateVerification;
bool _ocspStaplingResponseVerification;
InvalidCertificateHandlerPtr _pInvalidCertificateHandler;
};
@@ -456,6 +481,18 @@ inline bool Context::extendedCertificateVerificationEnabled() const
}
inline bool Context::ocspStaplingResponseVerificationEnabled() const
{
return _ocspStaplingResponseVerification;
}
inline Context::InvalidCertificateHandlerPtr Context::getInvalidCertificateHandler() const
{
return _pInvalidCertificateHandler;
}
} } // namespace Poco::Net

12
vendor/POCO/NetSSL_OpenSSL/include/Poco/Net/InvalidCertificateHandler.h vendored
View File

@@ -19,20 +19,22 @@
#include "Poco/Net/NetSSL.h"
#include "Poco/Net/VerificationErrorArgs.h"
namespace Poco {
namespace Net {
class VerificationErrorArgs;
class NetSSL_API InvalidCertificateHandler
/// A InvalidCertificateHandler is invoked whenever an error occurs verifying the certificate. It allows the user
/// to inspect and accept/reject the certificate.
/// One can install one's own InvalidCertificateHandler by implementing this interface. Note that
/// in the implementation file of the subclass the following code must be present (assuming you use the namespace My_API
/// in the implementation file of the subclass the following code must be present (assuming you use the namespace My_API
/// and the name of your handler class is MyGuiHandler):
///
///
/// #include "Poco/Net/CertificateHandlerFactory.h"
/// ...
/// POCO_REGISTER_CHFACTORY(My_API, MyGuiHandler)
@@ -43,7 +45,7 @@ class NetSSL_API InvalidCertificateHandler
///
/// or in case one uses Poco::Util::Application one can rely on an XML configuration and put the following entry
/// under the path openSSL.invalidCertificateHandler:
///
///
/// <invalidCertificateHandler>
/// <name>MyGuiHandler<name>
/// <options>
@@ -56,7 +58,7 @@ class NetSSL_API InvalidCertificateHandler
public:
InvalidCertificateHandler(bool handleErrorsOnServerSide);
/// Creates the InvalidCertificateHandler.
///
///
/// Set handleErrorsOnServerSide to true if the certificate handler is used on the server side.
/// Automatically registers at one of the SSLManager::VerificationError events.

16
vendor/POCO/NetSSL_OpenSSL/include/Poco/Net/SSLManager.h vendored
View File

@@ -272,12 +272,21 @@ protected:
/// The request is delegated to the PrivatekeyPassword event. This method returns the
/// length of the password.
static int verifyOCSPResponseCallback(SSL* pSSL, void* arg);
/// The return value of this method defines how errors in
/// verification are handled. Return 0 to terminate the handshake,
/// or 1 to continue despite the error.
static Poco::Util::AbstractConfiguration& appConfig();
/// Returns the application configuration.
///
/// Throws a InvalidStateException if not application instance
/// is available.
int contextIndex() const;
/// Returns the index for SSL_CTX_set_ex_data() and SSL_CTX_get_ex_data() to
/// store the Context* in the underlying SSL_CTX.
private:
SSLManager();
/// Creates the SSLManager.
@@ -310,6 +319,7 @@ private:
Context::Ptr _ptrDefaultClientContext;
PrivateKeyPassphraseHandlerPtr _ptrClientPassphraseHandler;
InvalidCertificateHandlerPtr _ptrClientCertificateHandler;
int _contextIndex;
Poco::FastMutex _mutex;
static const std::string CFG_PRIV_KEY_FILE;
@@ -389,6 +399,12 @@ inline int SSLManager::verifyClientCallback(int ok, X509_STORE_CTX* pStore)
}
inline int SSLManager::contextIndex() const
{
return _contextIndex;
}
} } // namespace Poco::Net

66
vendor/POCO/NetSSL_OpenSSL/include/Poco/Net/SecureServerSocketImpl.h vendored
View File

@@ -47,7 +47,7 @@ public:
/// with the client.
///
/// The client socket's address is returned in clientAddr.
void connect(const SocketAddress& address);
/// Not supported by this kind of socket.
///
@@ -62,8 +62,18 @@ public:
/// Not supported by this kind of socket.
///
/// Throws a Poco::InvalidAccessException.
void bind(const SocketAddress& address, bool reuseAddress = false, bool reusePort = false);
void bind(const SocketAddress& address, bool reuseAddress = false);
/// Bind a local address to the socket.
///
/// This is usually only done when establishing a server
/// socket. TCP clients should not bind a socket to a
/// specific address.
///
/// If reuseAddress is true, sets the SO_REUSEADDR
/// socket option.
void bind(const SocketAddress& address, bool reuseAddress, bool reusePort);
/// Bind a local address to the socket.
///
/// This is usually only done when establishing a server
@@ -76,7 +86,43 @@ public:
/// If reusePort is true, sets the SO_REUSEPORT
/// socket option.
void bind6(const SocketAddress& address, bool reuseAddress = false, bool ipV6Only = false);
/// Bind a local IPv6 address to the socket.
///
/// This is usually only done when establishing a server
/// socket. TCP clients should not bind a socket to a
/// specific address.
///
/// If reuseAddress is true, sets the SO_REUSEADDR
/// socket option.
///
/// The given address must be an IPv6 address. The
/// IPPROTO_IPV6/IPV6_V6ONLY option is set on the socket
/// according to the ipV6Only parameter.
///
/// If the library has not been built with IPv6 support,
/// a Poco::NotImplementedException will be thrown.
void bind6(const SocketAddress& address, bool reuseAddress, bool reusePort, bool ipV6Only);
/// Bind a local IPv6 address to the socket.
///
/// This is usually only done when establishing a server
/// socket. TCP clients should not bind a socket to a
/// specific address.
///
/// If reuseAddress is true, sets the SO_REUSEADDR
/// socket option.
///
/// If reusePort is true, sets the SO_REUSEPORT
/// socket option.
///
/// The given address must be an IPv6 address. The
/// IPPROTO_IPV6/IPV6_V6ONLY option is set on the socket
/// according to the ipV6Only parameter.
///
/// If the library has not been built with IPv6 support,
/// a Poco::NotImplementedException will be thrown.
void listen(int backlog = 64);
/// Puts the socket into listening state.
///
@@ -89,27 +135,27 @@ public:
void close();
/// Close the socket.
int sendBytes(const void* buffer, int length, int flags = 0);
/// Not supported by this kind of socket.
///
/// Throws a Poco::InvalidAccessException.
int receiveBytes(void* buffer, int length, int flags = 0);
/// Not supported by this kind of socket.
///
/// Throws a Poco::InvalidAccessException.
int sendTo(const void* buffer, int length, const SocketAddress& address, int flags = 0);
/// Not supported by this kind of socket.
///
/// Throws a Poco::InvalidAccessException.
int receiveFrom(void* buffer, int length, SocketAddress& address, int flags = 0);
/// Not supported by this kind of socket.
///
/// Throws a Poco::InvalidAccessException.
void sendUrgent(unsigned char data);
/// Not supported by this kind of socket.
///
@@ -118,7 +164,7 @@ public:
bool secure() const;
/// Returns true iff the socket's connection is secure
/// (using SSL or TLS).
Context::Ptr context() const;
/// Returns the SSL context used by this socket.

105
vendor/POCO/NetSSL_OpenSSL/include/Poco/Net/SecureSocketImpl.h vendored
View File

@@ -56,29 +56,39 @@ public:
/// with the client.
///
/// The client socket's address is returned in clientAddr.
void connect(const SocketAddress& address, bool performHandshake);
/// Initializes the socket and establishes a secure connection to
/// Initializes the socket and establishes a secure connection to
/// the TCP server at the given address.
///
/// If performHandshake is true, the SSL handshake is performed immediately
/// If performHandshake is true, the SSL handshake is performed immediately
/// after establishing the connection. Otherwise, the handshake is performed
/// the first time sendBytes(), receiveBytes() or completeHandshake() is called.
void connect(const SocketAddress& address, const Poco::Timespan& timeout, bool performHandshake);
/// Initializes the socket, sets the socket timeout and
/// Initializes the socket, sets the socket timeout and
/// establishes a secure connection to the TCP server at the given address.
///
/// If performHandshake is true, the SSL handshake is performed immediately
/// If performHandshake is true, the SSL handshake is performed immediately
/// after establishing the connection. Otherwise, the handshake is performed
/// the first time sendBytes(), receiveBytes() or completeHandshake() is called.
void connectNB(const SocketAddress& address);
/// Initializes the socket and establishes a secure connection to
/// Initializes the socket and establishes a secure connection to
/// the TCP server at the given address. Prior to opening the
/// connection the socket is set to nonblocking mode.
void bind(const SocketAddress& address, bool reuseAddress = false, bool reusePort = false);
void bind(const SocketAddress& address, bool reuseAddress = false);
/// Bind a local address to the socket.
///
/// This is usually only done when establishing a server
/// socket. TCP clients should not bind a socket to a
/// specific address.
///
/// If reuseAddress is true, sets the SO_REUSEADDR
/// socket option.
void bind(const SocketAddress& address, bool reuseAddress, bool reusePort);
/// Bind a local address to the socket.
///
/// This is usually only done when establishing a server
@@ -90,7 +100,44 @@ public:
///
/// If reusePort is true, sets the SO_REUSEPORT
/// socket option.
void bind6(const SocketAddress& address, bool reuseAddress = false, bool ipV6Only = false);
/// Bind a local IPv6 address to the socket.
///
/// This is usually only done when establishing a server
/// socket. TCP clients should not bind a socket to a
/// specific address.
///
/// If reuseAddress is true, sets the SO_REUSEADDR
/// socket option.
///
/// The given address must be an IPv6 address. The
/// IPPROTO_IPV6/IPV6_V6ONLY option is set on the socket
/// according to the ipV6Only parameter.
///
/// If the library has not been built with IPv6 support,
/// a Poco::NotImplementedException will be thrown.
void bind6(const SocketAddress& address, bool reuseAddress, bool reusePort, bool ipV6Only);
/// Bind a local IPv6 address to the socket.
///
/// This is usually only done when establishing a server
/// socket. TCP clients should not bind a socket to a
/// specific address.
///
/// If reuseAddress is true, sets the SO_REUSEADDR
/// socket option.
///
/// If reusePort is true, sets the SO_REUSEPORT
/// socket option.
///
/// The given address must be an IPv6 address. The
/// IPPROTO_IPV6/IPV6_V6ONLY option is set on the socket
/// according to the ipV6Only parameter.
///
/// If the library has not been built with IPv6 support,
/// a Poco::NotImplementedException will be thrown.
void listen(int backlog = 64);
/// Puts the socket into listening state.
///
@@ -108,42 +155,42 @@ public:
void close();
/// Close the socket.
void abort();
/// Aborts the connection by closing the
/// underlying TCP connection. No orderly SSL shutdown
/// is performed.
int sendBytes(const void* buffer, int length, int flags = 0);
/// Sends the contents of the given buffer through
/// the socket. Any specified flags are ignored.
///
/// Returns the number of bytes sent, which may be
/// less than the number of bytes specified.
int receiveBytes(void* buffer, int length, int flags = 0);
/// Receives data from the socket and stores it
/// in buffer. Up to length bytes are received.
///
/// Returns the number of bytes received.
int available() const;
/// Returns the number of bytes available from the
/// SSL buffer for immediate reading.
int completeHandshake();
/// Completes the SSL handshake.
///
/// If the SSL connection was the result of an accept(),
/// the server-side handshake is completed, otherwise
/// a client-side handshake is performed.
/// a client-side handshake is performed.
poco_socket_t sockfd();
/// Returns the underlying socket descriptor.
X509* peerCertificate() const;
/// Returns the peer's certificate.
Context::Ptr context() const;
/// Returns the SSL context used for this socket.
@@ -158,17 +205,17 @@ public:
void setPeerHostName(const std::string& hostName);
/// Sets the peer host name for certificate validation purposes.
const std::string& getPeerHostName() const;
/// Returns the peer host name.
Session::Ptr currentSession();
/// Returns the SSL session of the current connection,
/// for reuse in a future connection (if session caching
/// is enabled).
///
/// If no connection is established, returns null.
void useSession(Session::Ptr pSession);
/// Sets the SSL session to use for the next
/// connection. Setting a previously saved Session
@@ -178,31 +225,31 @@ public:
/// can be given.
///
/// Must be called before connect() to be effective.
bool sessionWasReused();
/// Returns true iff a reused session was negotiated during
/// the handshake.
protected:
void acceptSSL();
/// Performs a server-side SSL handshake and certificate verification.
void connectSSL(bool performHandshake);
/// Performs a client-side SSL handshake and establishes a secure
/// Performs a client-side SSL handshake and establishes a secure
/// connection over an already existing TCP connection.
long verifyPeerCertificateImpl(const std::string& hostName);
/// Performs post-connect (or post-accept) peer certificate validation.
static bool isLocalHost(const std::string& hostName);
/// Returns true iff the given host name is the local host
/// Returns true iff the given host name is the local host
/// (either "localhost" or "127.0.0.1").
bool mustRetry(int rc);
/// Returns true if the last operation should be retried,
/// otherwise false.
///
/// In case of an SSL_ERROR_WANT_READ error, and if the socket is
/// In case of an SSL_ERROR_WANT_READ error, and if the socket is
/// blocking, waits for the underlying socket to become readable.
///
/// In case of an SSL_ERROR_WANT_WRITE error, and if the socket is
@@ -216,7 +263,7 @@ protected:
/// Handles an SSL error by throwing an appropriate exception.
void reset();
/// Prepares the socket for re-use.
/// Prepares the socket for re-use.
///
/// After closing and resetting a socket, the socket can
/// be used for a new connection.
@@ -224,7 +271,7 @@ protected:
/// Note that simply closing a socket is not sufficient
/// to be able to re-use it again.
private:
private:
SecureSocketImpl(const SecureSocketImpl&);
SecureSocketImpl& operator = (const SecureSocketImpl&);
@@ -234,7 +281,7 @@ private:
bool _needHandshake;
std::string _peerHostName;
Session::Ptr _pSession;
friend class SecureStreamSocketImpl;
};

13
vendor/POCO/NetSSL_OpenSSL/include/Poco/Net/VerificationErrorArgs.h vendored
View File

@@ -20,6 +20,7 @@
#include "Poco/Net/NetSSL.h"
#include "Poco/Net/X509Certificate.h"
#include "Poco/Net/Context.h"
namespace Poco {
@@ -30,12 +31,15 @@ class NetSSL_API VerificationErrorArgs
/// A utility class for certificate error handling.
{
public:
VerificationErrorArgs(const X509Certificate& cert, int errDepth, int errNum, const std::string& errMsg);
VerificationErrorArgs(Poco::Net::Context::Ptr pContext, const X509Certificate& cert, int errDepth, int errNum, const std::string& errMsg);
/// Creates the VerificationErrorArgs. _ignoreError is per default set to false.
~VerificationErrorArgs();
/// Destroys the VerificationErrorArgs.
Poco::Net::Context::Ptr context() const;
/// Returns the Context of the underlying connection causing the error.
const X509Certificate& certificate() const;
/// Returns the certificate that caused the error.
@@ -55,6 +59,7 @@ public:
/// returns the value of _ignoreError
private:
Poco::Net::Context::Ptr _pContext;
X509Certificate _cert;
int _errorDepth;
int _errorNumber;
@@ -66,6 +71,12 @@ private:
//
// inlines
//
inline Poco::Net::Context::Ptr VerificationErrorArgs::context() const
{
return _pContext;
}
inline const X509Certificate& VerificationErrorArgs::certificate() const
{
return _cert;