-/*
- * Licensed to UCAID under one or more contributor license agreements.
- * See the NOTICE file distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file to you under
- * the Apache License, Version 2.0 (the "License"); you may not use this
- * file except in compliance with the License. You may obtain a copy of the
+/**
+ * Licensed to the University Corporation for Advanced Internet
+ * Development, Inc. (UCAID) under one or more contributor license
+ * agreements. See the NOTICE file distributed with this work for
+ * additional information regarding copyright ownership.
+ *
+ * UCAID licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License. You may obtain a copy of the
* License at
*
- * http://www.apache.org/licenses/LICENSE-2.0
+ * http://www.apache.org/licenses/LICENSE-2.0
*
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
+ * either express or implied. See the License for the specific
+ * language governing permissions and limitations under the License.
*/
/**
public:
CURLSOAPTransport(const Address& addr)
: m_sender(addr.m_from ? addr.m_from : ""), m_peerName(addr.m_to ? addr.m_to : ""), m_endpoint(addr.m_endpoint),
- m_handle(nullptr), m_headers(nullptr),
+ m_handle(nullptr), m_keepHandle(false), m_headers(nullptr),
#ifndef XMLTOOLING_NO_XMLSEC
m_cred(nullptr), m_trustEngine(nullptr), m_peerResolver(nullptr), m_mandatory(false),
#endif
virtual ~CURLSOAPTransport() {
curl_slist_free_all(m_headers);
- curl_easy_setopt(m_handle, CURLOPT_USERAGENT, nullptr);
- curl_easy_setopt(m_handle, CURLOPT_ERRORBUFFER, nullptr);
- curl_easy_setopt(m_handle, CURLOPT_PRIVATE, m_authenticated ? "secure" : nullptr); // Save off security "state".
- g_CURLPool->put(m_sender.c_str(), m_peerName.c_str(), m_endpoint.c_str(), m_handle);
+ if (m_keepHandle) {
+ curl_easy_setopt(m_handle, CURLOPT_USERAGENT, nullptr);
+ curl_easy_setopt(m_handle, CURLOPT_ERRORBUFFER, nullptr);
+ curl_easy_setopt(m_handle, CURLOPT_PRIVATE, m_authenticated ? "secure" : nullptr); // Save off security "state".
+ g_CURLPool->put(m_sender.c_str(), m_peerName.c_str(), m_endpoint.c_str(), m_handle);
+ }
+ else {
+ curl_easy_cleanup(m_handle);
+ }
}
bool isConfidential() const {
// per-call state
string m_sender,m_peerName,m_endpoint,m_simplecreds;
CURL* m_handle;
+ bool m_keepHandle;
stringstream m_stream;
struct curl_slist* m_headers;
string m_useragent;
}
};
-void xmltooling::registerSOAPTransports()
-{
- XMLToolingConfig& conf=XMLToolingConfig::getConfig();
- conf.SOAPTransportManager.registerFactory("http", CURLSOAPTransportFactory);
- conf.SOAPTransportManager.registerFactory("https", CURLSOAPTransportFactory);
-}
-
void xmltooling::initSOAPTransports()
{
g_CURLPool=new CURLPool();
g_CURLPool = nullptr;
}
-OpenSSLSOAPTransport::OpenSSLSOAPTransport()
-{
-}
-
-OpenSSLSOAPTransport::~OpenSSLSOAPTransport()
-{
-}
-
CURLPool::~CURLPool()
{
for (poolmap_t::iterator i=m_bindingMap.begin(); i!=m_bindingMap.end(); i++) {
curl_easy_setopt(handle,CURLOPT_NOPROGRESS,1);
curl_easy_setopt(handle,CURLOPT_NOSIGNAL,1);
curl_easy_setopt(handle,CURLOPT_FAILONERROR,1);
+ // This may (but probably won't) help with < 7.20 bug in DNS caching.
+ curl_easy_setopt(handle,CURLOPT_DNS_CACHE_TIMEOUT,120);
curl_easy_setopt(handle,CURLOPT_SSL_CIPHER_LIST,"ALL:!aNULL:!LOW:!EXPORT:!SSLv2");
// Verification of the peer is via TrustEngine only.
curl_easy_setopt(handle,CURLOPT_SSL_VERIFYPEER,0);
// Make the call.
log.debug("sending SOAP message to %s", m_endpoint.c_str());
- if (curl_easy_perform(m_handle) != CURLE_OK) {
+ CURLcode code = curl_easy_perform(m_handle);
+ if (code != CURLE_OK) {
+ if (code == CURLE_SSL_CIPHER) {
+ log.error("on Red Hat 6+, make sure libcurl used is built with OpenSSL");
+ }
throw IOException(
string("CURLSOAPTransport failed while contacting SOAP endpoint (") + m_endpoint + "): " +
(curl_errorbuf[0] ? curl_errorbuf : "no further information available"));
}
+ // This won't prevent every possible failed connection from being kept, but it's something.
+ m_keepHandle = true;
+
// Check for outgoing cache tag.
if (m_cacheTag) {
const vector<string>& tags = getResponseHeader("ETag");
if (!success) {
log.error("supplied TrustEngine failed to validate SSL/TLS server certificate");
- x509_ctx->error=X509_V_ERR_APPLICATION_VERIFICATION; // generic error, check log for plugin specifics
+ if (x509_ctx->cert) {
+ BIO* b = BIO_new(BIO_s_mem());
+ X509_print(b, x509_ctx->cert);
+ BUF_MEM* bptr = nullptr;
+ BIO_get_mem_ptr(b, &bptr);
+ if (bptr && bptr->length > 0) {
+ string s(bptr->data, bptr->length);
+ if (ctx->m_mandatory)
+ log.error(s);
+ else
+ log.debug(s);
+ }
+ BIO_free(b);
+ }
+ x509_ctx->error = X509_V_ERR_APPLICATION_VERIFICATION; // generic error, check log for plugin specifics
ctx->setAuthenticated(false);
return ctx->m_mandatory ? 0 : 1;
}