Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

XOP-229: The stunnel_cache key uses also the verify_cert bool.

Signed-off-by: Jerome Maloberti <jerome.maloberti@citrix.com>
  • Loading branch information...
commit 23fd9922f660466452dbe1587e5b37a6721c6249 1 parent ce684f7
@jeromemaloberti jeromemaloberti authored
View
9 http-svr/xmlrpc_client.ml
@@ -96,14 +96,14 @@ let get_new_stunnel_id =
(** Returns an stunnel, either from the persistent cache or a fresh one which
has been checked out and guaranteed to work. *)
-let get_reusable_stunnel ?use_fork_exec_helper ?write_to_log host port =
+let get_reusable_stunnel ?use_fork_exec_helper ?write_to_log host port verify_cert =
let start_time = Unix.gettimeofday () in
let found = ref None in
(* 1. First check if there is a suitable stunnel in the cache. *)
begin
try
while !found = None do
- let (x: Stunnel.t) = Stunnel_cache.remove host port in
+ let (x: Stunnel.t) = Stunnel_cache.remove host port verify_cert in
if check_reusable x.Stunnel.fd
then found := Some x
else begin
@@ -129,7 +129,7 @@ let get_reusable_stunnel ?use_fork_exec_helper ?write_to_log host port =
incr attempt_number;
try
let unique_id = get_new_stunnel_id () in
- let (x: Stunnel.t) = Stunnel.connect ~unique_id ?use_fork_exec_helper ?write_to_log host port in
+ let (x: Stunnel.t) = Stunnel.connect ~unique_id ?use_fork_exec_helper ?write_to_log ~verify_cert host port in
if check_reusable x.Stunnel.fd
then found := Some x
else begin
@@ -211,10 +211,9 @@ let with_transport transport f = match transport with
use_stunnel_cache = use_stunnel_cache;
verify_cert = verify_cert;
task_id = task_id}, host, port) ->
- assert (not (verify_cert && use_stunnel_cache));
let st_proc =
if use_stunnel_cache
- then get_reusable_stunnel ~use_fork_exec_helper ~write_to_log host port
+ then get_reusable_stunnel ~use_fork_exec_helper ~write_to_log host port verify_cert
else
let unique_id = get_new_stunnel_id () in
Stunnel.connect ~use_fork_exec_helper ~write_to_log ~unique_id ~verify_cert ~extended_diagnosis:true host port in
View
14 stunnel/stunnel_cache.ml
@@ -23,7 +23,7 @@
module D=Debug.Debugger(struct let name="stunnel_cache" end)
open D
-type endpoint = { host: string; port: int }
+type endpoint = { host: string; port: int; verified: bool }
(* Need to limit the absolute number of stunnels as well as the maximum age *)
let max_stunnel = 22
@@ -127,7 +127,7 @@ let add (x: Stunnel.t) =
incr counter;
Hashtbl.add !times idx now;
Hashtbl.add !stunnels idx x;
- let ep = { host = x.Stunnel.host; port = x.Stunnel.port } in
+ let ep = { host = x.Stunnel.host; port = x.Stunnel.port; verified = x.Stunnel.verified } in
let existing =
if Hashtbl.mem !index ep
then Hashtbl.find !index ep
@@ -140,8 +140,8 @@ let add (x: Stunnel.t) =
(** Returns an Stunnel.t for this endpoint (oldest first), raising Not_found
if none can be found *)
-let remove host port =
- let ep = { host = host; port = port } in
+let remove host port verified =
+ let ep = { host = host; port = port; verified = verified } in
Mutex.execute m
(fun () ->
unlocked_gc ();
@@ -174,10 +174,10 @@ let flush () =
info "Flushed!")
-let connect ?use_fork_exec_helper ?write_to_log host port =
+let connect ?use_fork_exec_helper ?write_to_log host port verify_cert =
try
- remove host port
+ remove host port verify_cert
with Not_found ->
error "Failed to find stunnel in cache for endpoint %s:%d" host port;
- Stunnel.connect ?use_fork_exec_helper ?write_to_log host port
+ Stunnel.connect ?use_fork_exec_helper ?write_to_log ~verify_cert host port
View
4 stunnel/stunnel_cache.mli
@@ -26,13 +26,13 @@
will be used, otherwise we make a fresh one. *)
val connect :
?use_fork_exec_helper:bool ->
- ?write_to_log:(string -> unit) -> string -> int -> Stunnel.t
+ ?write_to_log:(string -> unit) -> string -> int -> bool -> Stunnel.t
(** Adds a reusable stunnel to the cache *)
val add : Stunnel.t -> unit
(** Given a host and port return a cached stunnel, or throw Not_found *)
-val remove : string -> int -> Stunnel.t
+val remove : string -> int -> bool -> Stunnel.t
(** Empty the cache of all stunnels *)
val flush : unit -> unit
Please sign in to comment.
Something went wrong with that request. Please try again.