2 * @file sslproxymain.cpp
3 * @brief the main module of SSLproxy
4 * @brief SSLproxy module is terminal as for the SSL communication,
5 * @brief and it operates as reverse Proxy.
7 * Copyright (C) 2008 NTT COMWARE Corporation.
9 * This program is free software; you can redistribute it and/or
10 * modify it under the terms of the GNU Lesser General Public
11 * License as published by the Free Software Foundation; either
12 * version 2.1 of the License, or (at your option) any later version.
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
17 * Lesser General Public License for more details.
19 * You should have received a copy of the GNU Lesser General Public
20 * License along with this library; if not, write to the Free Software
21 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
24 **********************************************************************
26 * Distributed under the Boost Software Licence, Version 1.0
27 * http://www.boost.org/LICENSE_1_0.txt
29 **********************************************************************/
32 #include <sys/resource.h>
34 #include "sslproxyserver.h"
38 //! Prototype of functions.
39 static int convVerifyOption(std::string opt_string);
40 static long int convSslOption(std::string opt_string);
41 static int getParameters(std::string config_filename);
42 static int splitEndpoint(std::string endpoint_str, std::string& host, std::string& port);
43 static void sig_exit_handler(int sig);
44 static int set_sighandler(int sig, void (*handler)(int));
45 static int set_sighandlers(void);
46 static void usage(void);
49 std::string target_id;
51 //! SSLproxy parameters.
52 std::string recv_endpoint;
53 std::string target_endpoint;
58 std::string cert_chain_dir;
59 std::string cert_chain_file;
60 std::string private_key_dir;
61 std::string private_key_file;
62 boost::asio::ssl::context::file_format private_key_filetype;
63 std::string private_key_passwd_from;
64 std::string private_key_passwd_dir;
65 std::string private_key_passwd_file;
67 int verify_cert_depth;
70 std::string tmp_dh_dir;
71 std::string tmp_dh_file;
72 std::string cipher_list;
73 long session_cache_mode;
74 long session_cache_size;
75 long session_cache_timeout;
76 std::string conn_log_flag;
79 int x_forwarded_for_mode;
80 std::string custom_field;
84 * Convert verify option string to intger(#define).
86 * @param[in] opt_string option string
87 * @retval ret option value
90 static int convVerifyOption(std::string opt_string)
92 /*-------- DEBUG LOG --------*/
93 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
94 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 1,
95 "in_function : static int convVerifyOption(std::string opt_string) : "
99 /*------ DEBUG LOG END ------*/
103 * /usr/include/openssl/ssl.h
104 * #define SSL_VERIFY_NONE 0x00
105 * #define SSL_VERIFY_PEER 0x01
106 * #define SSL_VERIFY_FAIL_IF_NO_PEER_CERT 0x02
107 * #define SSL_VERIFY_CLIENT_ONCE 0x04
109 if (opt_string == "SSL_VERIFY_NONE") {
110 /*-------- DEBUG LOG --------*/
111 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
112 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 2,
113 "function : static int convVerifyOption(std::string opt_string) : "
116 /*------ DEBUG LOG END ------*/
117 ret = SSL_VERIFY_NONE;
119 if (opt_string == "SSL_VERIFY_PEER") {
120 /*-------- DEBUG LOG --------*/
121 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
122 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 3,
123 "function : static int convVerifyOption(std::string opt_string) : "
126 /*------ DEBUG LOG END ------*/
127 ret = SSL_VERIFY_PEER;
129 if (opt_string == "SSL_VERIFY_FAIL_IF_NO_PEER_CERT") {
130 /*-------- DEBUG LOG --------*/
131 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
132 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 4,
133 "function : static int convVerifyOption(std::string opt_string) : "
134 "SSL_VERIFY_FAIL_IF_NO_PEER_CERT");
136 /*------ DEBUG LOG END ------*/
137 ret = SSL_VERIFY_FAIL_IF_NO_PEER_CERT;
139 if (opt_string == "SSL_VERIFY_CLIENT_ONCE") {
140 /*-------- DEBUG LOG --------*/
141 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
142 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 5,
143 "function : static int convVerifyOption(std::string opt_string) : "
144 "SSL_VERIFY_CLIENT_ONCE");
146 /*------ DEBUG LOG END ------*/
147 ret = SSL_VERIFY_CLIENT_ONCE;
150 /*-------- DEBUG LOG --------*/
151 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
152 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 6,
153 "out_function : static int convVerifyOption(std::string opt_string) : "
157 /*------ DEBUG LOG END ------*/
158 // if ret == -1 then No match.
163 * Convert SSL option string to intger(#define).
165 * @param[in] opt_string option string
166 * @retval ret option value
167 * @retval -1 no match
169 static long int convSslOption(std::string opt_string)
171 /*-------- DEBUG LOG --------*/
172 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
173 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 7,
174 "in_function : static long int convSslOption(std::string opt_string) : "
178 /*------ DEBUG LOG END ------*/
182 * /usr/include/openssl/ssl.h
183 * #define SSL_OP_MICROSOFT_SESS_ID_BUG 0x00000001L
184 * #define SSL_OP_NETSCAPE_CHALLENGE_BUG 0x00000002L
185 * #define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG 0x00000008L
186 * #define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG 0x00000010L
187 * #define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER 0x00000020L
188 * #define SSL_OP_MSIE_SSLV2_RSA_PADDING 0x00000040L
189 * #define SSL_OP_SSLEAY_080_CLIENT_DH_BUG 0x00000080L
190 * #define SSL_OP_TLS_D5_BUG 0x00000100L
191 * #define SSL_OP_TLS_BLOCK_PADDING_BUG 0x00000200L
192 * #define SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS 0x00000800L
193 * #define SSL_OP_ALL 0x00000FF7L
194 * #define SSL_OP_NO_QUERY_MTU 0x00001000L
195 * #define SSL_OP_COOKIE_EXCHANGE 0x00002000L
196 * #define SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION 0x00010000L
197 * #define SSL_OP_SINGLE_ECDH_USE 0x00080000L
198 * #define SSL_OP_SINGLE_DH_USE 0x00100000L
199 * #define SSL_OP_EPHEMERAL_RSA 0x00200000L
200 * #define SSL_OP_CIPHER_SERVER_PREFERENCE 0x00400000L
201 * #define SSL_OP_TLS_ROLLBACK_BUG 0x00800000L
202 * #define SSL_OP_NO_SSLv2 0x01000000L
203 * #define SSL_OP_NO_SSLv3 0x02000000L
204 * #define SSL_OP_NO_TLSv1 0x04000000L
205 * #define SSL_OP_PKCS1_CHECK_1 0x08000000L
206 * #define SSL_OP_PKCS1_CHECK_2 0x10000000L
207 * #define SSL_OP_NETSCAPE_CA_DN_BUG 0x20000000L
208 * #define SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG 0x40000000L
210 if (opt_string == "SSL_OP_MICROSOFT_SESS_ID_BUG") {
211 /*-------- DEBUG LOG --------*/
212 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
213 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 8,
214 "function : static int convSslOption(std::string opt_string) : "
215 "SSL_OP_MICROSOFT_SESS_ID_BUG");
217 /*------ DEBUG LOG END ------*/
218 ret = SSL_OP_MICROSOFT_SESS_ID_BUG;
220 if (opt_string == "SSL_OP_NETSCAPE_CHALLENGE_BUG") {
221 /*-------- DEBUG LOG --------*/
222 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
223 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 9,
224 "function : static int convSslOption(std::string opt_string) : "
225 "SSL_OP_NETSCAPE_CHALLENGE_BUG");
227 /*------ DEBUG LOG END ------*/
228 ret = SSL_OP_NETSCAPE_CHALLENGE_BUG;
230 if (opt_string == "SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG") {
231 /*-------- DEBUG LOG --------*/
232 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
233 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 10,
234 "function : static int convSslOption(std::string opt_string) : "
235 "SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG");
237 /*------ DEBUG LOG END ------*/
238 ret = SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG;
240 if (opt_string == "SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG") {
241 /*-------- DEBUG LOG --------*/
242 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
243 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 11,
244 "function : static int convSslOption(std::string opt_string) : "
245 "SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG");
247 /*------ DEBUG LOG END ------*/
248 ret = SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG;
250 if (opt_string == "SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER") {
251 /*-------- DEBUG LOG --------*/
252 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
253 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 12,
254 "function : static int convSslOption(std::string opt_string) : "
255 "SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER");
257 /*------ DEBUG LOG END ------*/
258 ret = SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER;
260 if (opt_string == "SSL_OP_MSIE_SSLV2_RSA_PADDING") {
261 /*-------- DEBUG LOG --------*/
262 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
263 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 13,
264 "function : static int convSslOption(std::string opt_string) : "
265 "SSL_OP_MSIE_SSLV2_RSA_PADDING");
267 /*------ DEBUG LOG END ------*/
268 ret = SSL_OP_MSIE_SSLV2_RSA_PADDING;
270 if (opt_string == "SSL_OP_SSLEAY_080_CLIENT_DH_BUG") {
271 /*-------- DEBUG LOG --------*/
272 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
273 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 14,
274 "function : static int convSslOption(std::string opt_string) : "
275 "SSL_OP_SSLEAY_080_CLIENT_DH_BUG");
277 /*------ DEBUG LOG END ------*/
278 ret = SSL_OP_SSLEAY_080_CLIENT_DH_BUG;
280 if (opt_string == "SSL_OP_TLS_D5_BUG") {
281 /*-------- DEBUG LOG --------*/
282 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
283 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 15,
284 "function : static int convSslOption(std::string opt_string) : "
285 "SSL_OP_TLS_D5_BUG");
287 /*------ DEBUG LOG END ------*/
288 ret = SSL_OP_TLS_D5_BUG;
290 if (opt_string == "SSL_OP_TLS_BLOCK_PADDING_BUG") {
291 /*-------- DEBUG LOG --------*/
292 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
293 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 16,
294 "function : static int convSslOption(std::string opt_string) : "
295 "SSL_OP_TLS_BLOCK_PADDING_BUG");
297 /*------ DEBUG LOG END ------*/
298 ret = SSL_OP_TLS_BLOCK_PADDING_BUG;
300 if (opt_string == "SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS") {
301 /*-------- DEBUG LOG --------*/
302 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
303 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 17,
304 "function : static int convSslOption(std::string opt_string) : "
305 "SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS");
307 /*------ DEBUG LOG END ------*/
308 ret = SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS;
310 if (opt_string == "SSL_OP_ALL") {
311 /*-------- DEBUG LOG --------*/
312 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
313 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 18,
314 "function : static int convSslOption(std::string opt_string) : "
317 /*------ DEBUG LOG END ------*/
318 // boost::asio::ssl::context::default_workarounds
321 if (opt_string == "SSL_OP_NO_QUERY_MTU") {
322 /*-------- DEBUG LOG --------*/
323 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
324 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 19,
325 "function : static int convSslOption(std::string opt_string) : "
326 "SSL_OP_NO_QUERY_MTU");
328 /*------ DEBUG LOG END ------*/
329 ret = SSL_OP_NO_QUERY_MTU;
331 if (opt_string == "SSL_OP_COOKIE_EXCHANGE") {
332 /*-------- DEBUG LOG --------*/
333 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
334 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 20,
335 "function : static int convSslOption(std::string opt_string) : "
336 "SSL_OP_COOKIE_EXCHANGE");
338 /*------ DEBUG LOG END ------*/
339 ret = SSL_OP_COOKIE_EXCHANGE;
341 if (opt_string == "SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION") {
342 /*-------- DEBUG LOG --------*/
343 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
344 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 21,
345 "function : static int convSslOption(std::string opt_string) : "
346 "SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION");
348 /*------ DEBUG LOG END ------*/
349 ret = SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION;
351 if (opt_string == "SSL_OP_SINGLE_ECDH_USE") {
352 /*-------- DEBUG LOG --------*/
353 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
354 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 22,
355 "function : static int convSslOption(std::string opt_string) : "
356 "SSL_OP_SINGLE_ECDH_USE");
358 /*------ DEBUG LOG END ------*/
359 ret = SSL_OP_SINGLE_ECDH_USE;
361 if (opt_string == "SSL_OP_SINGLE_DH_USE") {
362 /*-------- DEBUG LOG --------*/
363 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
364 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 23,
365 "function : static int convSslOption(std::string opt_string) : "
366 "SSL_OP_SINGLE_DH_USE");
368 /*------ DEBUG LOG END ------*/
369 // boost::asio::ssl::context::single_dh_use
370 ret = SSL_OP_SINGLE_DH_USE;
372 if (opt_string == "SSL_OP_EPHEMERAL_RSA") {
373 /*-------- DEBUG LOG --------*/
374 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
375 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 24,
376 "function : static int convSslOption(std::string opt_string) : "
377 "SSL_OP_EPHEMERAL_RSA");
379 /*------ DEBUG LOG END ------*/
380 ret = SSL_OP_EPHEMERAL_RSA;
382 if (opt_string == "SSL_OP_CIPHER_SERVER_PREFERENCE") {
383 /*-------- DEBUG LOG --------*/
384 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
385 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 25,
386 "function : static int convSslOption(std::string opt_string) : "
387 "SSL_OP_CIPHER_SERVER_PREFERENCE");
389 /*------ DEBUG LOG END ------*/
390 ret = SSL_OP_CIPHER_SERVER_PREFERENCE;
392 if (opt_string == "SSL_OP_TLS_ROLLBACK_BUG") {
393 /*-------- DEBUG LOG --------*/
394 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
395 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 26,
396 "function : static int convSslOption(std::string opt_string) : "
397 "SSL_OP_TLS_ROLLBACK_BUG");
399 /*------ DEBUG LOG END ------*/
400 ret = SSL_OP_TLS_ROLLBACK_BUG;
402 if (opt_string == "SSL_OP_NO_SSLv2") {
403 /*-------- DEBUG LOG --------*/
404 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
405 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 27,
406 "function : static int convSslOption(std::string opt_string) : "
409 /*------ DEBUG LOG END ------*/
410 // boost::asio::ssl::context::no_sslv2
411 ret = SSL_OP_NO_SSLv2;
413 if (opt_string == "SSL_OP_NO_SSLv3") {
414 /*-------- DEBUG LOG --------*/
415 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
416 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 28,
417 "function : static int convSslOption(std::string opt_string) : "
420 /*------ DEBUG LOG END ------*/
421 // boost::asio::ssl::context::no_sslv3
422 ret = SSL_OP_NO_SSLv3;
424 if (opt_string == "SSL_OP_NO_TLSv1") {
425 /*-------- DEBUG LOG --------*/
426 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
427 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 29,
428 "function : static int convSslOption(std::string opt_string) : "
431 /*------ DEBUG LOG END ------*/
432 // boost::asio::ssl::context::no_tlsv1
433 ret = SSL_OP_NO_TLSv1;
435 if (opt_string == "SSL_OP_PKCS1_CHECK_1") {
436 /*-------- DEBUG LOG --------*/
437 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
438 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 30,
439 "function : static int convSslOption(std::string opt_string) : "
440 "SSL_OP_PKCS1_CHECK_1");
442 /*------ DEBUG LOG END ------*/
443 ret = SSL_OP_PKCS1_CHECK_1;
445 if (opt_string == "SSL_OP_PKCS1_CHECK_2") {
446 /*-------- DEBUG LOG --------*/
447 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
448 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 31,
449 "function : static int convSslOption(std::string opt_string) : "
450 "SSL_OP_PKCS1_CHECK_2");
452 /*------ DEBUG LOG END ------*/
453 ret = SSL_OP_PKCS1_CHECK_2;
455 if (opt_string == "SSL_OP_NETSCAPE_CA_DN_BUG") {
456 /*-------- DEBUG LOG --------*/
457 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
458 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 32,
459 "function : static int convSslOption(std::string opt_string) : "
460 "SSL_OP_NETSCAPE_CA_DN_BUG");
462 /*------ DEBUG LOG END ------*/
463 ret = SSL_OP_NETSCAPE_CA_DN_BUG;
465 if (opt_string == "SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG") {
466 /*-------- DEBUG LOG --------*/
467 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
468 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 33,
469 "function : static int convSslOption(std::string opt_string) : "
470 "SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG");
472 /*------ DEBUG LOG END ------*/
473 ret = SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG;
476 /*-------- DEBUG LOG --------*/
477 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
478 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 34,
479 "out_function : static long int convSslOption(std::string opt_string) : "
480 "return_value = %ld",
483 /*------ DEBUG LOG END ------*/
484 // if ret == -1 then No match.
489 * Get SSLproxy parameter from parameter file.
491 * @param[in] config_filename config filename string
495 static int getParameters(std::string config_filename)
497 /*-------- DEBUG LOG --------*/
498 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
499 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 35,
500 "in_function : static int getParameters(std::string config_filename) : "
501 "config_filename = %s",
502 config_filename.c_str());
504 /*------ DEBUG LOG END ------*/
509 // Read configuration file.
510 if (parameter_reread_file(PARAM_COMP_ALL, config_filename) == -1) {
511 LOGGER_PUT_LOG_ERROR(LOG_CAT_SSLPROXY_COMMON, 1,
512 "Config file read error.");
516 // Get parameter "recv_endpoint".
517 if (Parameter::getInstance().isStringExist(PARAM_COMP_SSLPROXY, "recv_endpoint")) {
518 recv_endpoint = Parameter::getInstance().getStringValue(PARAM_COMP_SSLPROXY,
520 /*-------- DEBUG LOG --------*/
521 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
522 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 36,
523 "function : static int getParameters("
524 "std::string config_filename) : "
525 "get recv_endpoint OK.");
527 /*------ DEBUG LOG END ------*/
529 LOGGER_PUT_LOG_ERROR(LOG_CAT_SSLPROXY_COMMON, 2,
530 "Cannot get recv_endpoint parameter.");
534 // Get parameter "target_endpoint".
535 if (Parameter::getInstance().isStringExist(PARAM_COMP_SSLPROXY, "target_endpoint")) {
536 target_endpoint = Parameter::getInstance().getStringValue(PARAM_COMP_SSLPROXY,
538 /*-------- DEBUG LOG --------*/
539 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
540 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 37,
541 "function : static int getParameters("
542 "std::string config_filename) : "
543 "get target_endpoint OK.");
545 /*------ DEBUG LOG END ------*/
547 LOGGER_PUT_LOG_ERROR(LOG_CAT_SSLPROXY_COMMON, 3,
548 "Cannot get target_endpoint parameter.");
552 // Get parameter "num_thread".
553 if (Parameter::getInstance().isIntExist(PARAM_COMP_SSLPROXY, "num_thread")) {
554 num_thread = Parameter::getInstance().getIntValue(PARAM_COMP_SSLPROXY,
556 /*-------- DEBUG LOG --------*/
557 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
558 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 38,
559 "function : static int getParameters("
560 "std::string config_filename) : "
561 "get num_thread OK.");
563 /*------ DEBUG LOG END ------*/
564 if (num_thread <= 0 || num_thread > INT_MAX) {
565 LOGGER_PUT_LOG_ERROR(LOG_CAT_SSLPROXY_COMMON, 4,
566 "Invalid num_thread parameter value.");
570 LOGGER_PUT_LOG_WARN(LOG_CAT_SSLPROXY_COMMON, 1,
571 "num_thread parameter not found. "
572 "Use default value.");
573 num_thread = DEFAULT_NUM_THREAD;
576 // Get parameter "timeout_sec".
577 if (Parameter::getInstance().isIntExist(PARAM_COMP_SSLPROXY, "timeout_sec")) {
578 timeout_sec = Parameter::getInstance().getIntValue(PARAM_COMP_SSLPROXY,
580 /*-------- DEBUG LOG --------*/
581 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
582 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 39,
583 "function : static int getParameters("
584 "std::string config_filename) : "
585 "get timeout_sec OK.");
587 /*------ DEBUG LOG END ------*/
588 if (timeout_sec <= 0 || timeout_sec > INT_MAX) {
589 LOGGER_PUT_LOG_ERROR(LOG_CAT_SSLPROXY_COMMON, 5,
590 "Invalid timeout_sec parameter value.");
594 LOGGER_PUT_LOG_WARN(LOG_CAT_SSLPROXY_COMMON, 2,
595 "timeout_sec parameter not found. "
596 "Use default value.");
597 timeout_sec = DEFAULT_TIMEOUT_SEC;
600 // Get parameter "ca_dir".
601 if (Parameter::getInstance().isStringExist(PARAM_COMP_SSLPROXY, "ca_dir")) {
602 ca_dir = Parameter::getInstance().getStringValue(PARAM_COMP_SSLPROXY,
604 /*-------- DEBUG LOG --------*/
605 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
606 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 40,
607 "function : static int getParameters("
608 "std::string config_filename) : "
611 /*------ DEBUG LOG END ------*/
613 LOGGER_PUT_LOG_WARN(LOG_CAT_SSLPROXY_COMMON, 3,
614 "ca_dir parameter is nothing. "
615 "Use default value.");
616 ca_dir = DEFAULT_CA_DIR;
619 LOGGER_PUT_LOG_WARN(LOG_CAT_SSLPROXY_COMMON, 4,
620 "ca_dir parameter not found. "
621 "Use default value.");
622 ca_dir = DEFAULT_CA_DIR;
625 // Get parameter "ca_file".
626 if (Parameter::getInstance().isStringExist(PARAM_COMP_SSLPROXY, "ca_file")) {
627 ca_file = Parameter::getInstance().getStringValue(PARAM_COMP_SSLPROXY,
629 /*-------- DEBUG LOG --------*/
630 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
631 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 41,
632 "function : static int getParameters("
633 "std::string config_filename) : "
636 /*------ DEBUG LOG END ------*/
638 LOGGER_PUT_LOG_ERROR(LOG_CAT_SSLPROXY_COMMON, 6,
639 "Cannot get ca_file parameter.");
643 // Get parameter "cert_chain_dir".
644 if (Parameter::getInstance().isStringExist(PARAM_COMP_SSLPROXY, "cert_chain_dir")) {
645 cert_chain_dir = Parameter::getInstance().getStringValue(PARAM_COMP_SSLPROXY,
647 /*-------- DEBUG LOG --------*/
648 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
649 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 42,
650 "function : static int getParameters("
651 "std::string config_filename) : "
652 "get cert_chain_dir OK.");
654 /*------ DEBUG LOG END ------*/
655 if (cert_chain_dir == "") {
656 LOGGER_PUT_LOG_WARN(LOG_CAT_SSLPROXY_COMMON, 5,
657 "cert_chain_dir parameter is nothing. "
658 "Use default value.");
659 cert_chain_dir = DEFAULT_CERT_CHAIN_DIR;
662 LOGGER_PUT_LOG_WARN(LOG_CAT_SSLPROXY_COMMON, 6,
663 "cert_chain_dir parameter not found. "
664 "Use default value.");
665 cert_chain_dir = DEFAULT_CERT_CHAIN_DIR;
668 // Get parameter "cert_chain_file".
669 if (Parameter::getInstance().isStringExist(PARAM_COMP_SSLPROXY, "cert_chain_file")) {
670 cert_chain_file = Parameter::getInstance().getStringValue(PARAM_COMP_SSLPROXY,
672 /*-------- DEBUG LOG --------*/
673 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
674 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 43,
675 "function : static int getParameters("
676 "std::string config_filename) : "
677 "get cert_chain_file OK.");
679 /*------ DEBUG LOG END ------*/
680 if (cert_chain_file == "") {
681 LOGGER_PUT_LOG_ERROR(LOG_CAT_SSLPROXY_COMMON, 7,
682 "cert_chain_file parameter is nothing.");
686 LOGGER_PUT_LOG_ERROR(LOG_CAT_SSLPROXY_COMMON, 8,
687 "Cannot get cert_chain_file parameter.");
691 // Get parameter "private_key_dir".
692 if (Parameter::getInstance().isStringExist(PARAM_COMP_SSLPROXY, "private_key_dir")) {
693 private_key_dir = Parameter::getInstance().getStringValue(PARAM_COMP_SSLPROXY,
695 /*-------- DEBUG LOG --------*/
696 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
697 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 44,
698 "function : static int getParameters("
699 "std::string config_filename) : "
700 "get private_key_dir OK.");
702 /*------ DEBUG LOG END ------*/
703 if (private_key_dir == "") {
704 LOGGER_PUT_LOG_WARN(LOG_CAT_SSLPROXY_COMMON, 7,
705 "private_key_dir parameter is nothing. "
706 "Use default value.");
707 private_key_dir = DEFAULT_PRIVATE_KEY_DIR;
710 LOGGER_PUT_LOG_WARN(LOG_CAT_SSLPROXY_COMMON, 8,
711 "private_key_dir parameter not found. Use default value.");
712 private_key_dir = DEFAULT_PRIVATE_KEY_DIR;
715 // Get parameter "private_key_file".
716 if (Parameter::getInstance().isStringExist(PARAM_COMP_SSLPROXY, "private_key_file")) {
717 private_key_file = Parameter::getInstance().getStringValue(PARAM_COMP_SSLPROXY,
719 /*-------- DEBUG LOG --------*/
720 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
721 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 45,
722 "function : static int getParameters("
723 "std::string config_filename) : "
724 "get private_key_file OK.");
726 /*------ DEBUG LOG END ------*/
727 if (private_key_file == "") {
728 LOGGER_PUT_LOG_ERROR(LOG_CAT_SSLPROXY_COMMON, 9,
729 "private_key_file parameter is nothing.");
733 LOGGER_PUT_LOG_ERROR(LOG_CAT_SSLPROXY_COMMON, 10,
734 "Cannot get private_key_file parameter.");
738 // Get parameter "private_key_filetype".
739 // Convert string to enum.
740 if (Parameter::getInstance().isStringExist(PARAM_COMP_SSLPROXY, "private_key_filetype")) {
741 std::string private_key_filetype_string =
742 Parameter::getInstance().getStringValue(PARAM_COMP_SSLPROXY,
743 "private_key_filetype");
744 /*-------- DEBUG LOG --------*/
745 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
746 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 46,
747 "function : static int getParameters("
748 "std::string config_filename) : "
749 "get private_key_filetype_string OK.");
751 /*------ DEBUG LOG END ------*/
753 * /usr/include/openssl/ssl.h
754 * #define SSL_FILETYPE_PEM X509_FILETYPE_PEM ->1
755 * #define SSL_FILETYPE_ASN1 X509_FILETYPE_ASN1 ->2
757 if (private_key_filetype_string == "SSL_FILETYPE_PEM") {
758 /*-------- DEBUG LOG --------*/
759 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
760 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 47,
761 "function : static int getParameters("
762 "std::string config_filename) : "
763 "set SSL_FILETYPE_PEM.");
765 /*------ DEBUG LOG END ------*/
766 private_key_filetype = boost::asio::ssl::context::pem;
767 } else if (private_key_filetype_string == "SSL_FILETYPE_ASN1") {
768 /*-------- DEBUG LOG --------*/
769 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
770 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 48,
771 "function : static int getParameters("
772 "std::string config_filename) : "
773 "set SSL_FILETYPE_ASN1.");
775 /*------ DEBUG LOG END ------*/
776 private_key_filetype = boost::asio::ssl::context::asn1;
778 LOGGER_PUT_LOG_ERROR(LOG_CAT_SSLPROXY_COMMON, 11,
779 "private_key_filetype convert error. [%s]",
780 private_key_filetype_string.c_str());
784 LOGGER_PUT_LOG_WARN(LOG_CAT_SSLPROXY_COMMON, 9,
785 "private_key_filetype parameter not found. "
786 "Use default value.");
787 private_key_filetype = DEFAULT_PRIVATE_KEY_FILETYPE;
790 // Get parameter "private_key_passwd_from".
791 if (Parameter::getInstance().isStringExist(PARAM_COMP_SSLPROXY, "private_key_passwd_from")) {
792 private_key_passwd_from =
793 Parameter::getInstance().getStringValue(PARAM_COMP_SSLPROXY,
794 "private_key_passwd_from");
795 /*-------- DEBUG LOG --------*/
796 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
797 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 49,
798 "function : static int getParameters("
799 "std::string config_filename) : "
800 "get private_key_passwd_from OK.");
802 /*------ DEBUG LOG END ------*/
803 if (private_key_passwd_from == "") {
804 LOGGER_PUT_LOG_WARN(LOG_CAT_SSLPROXY_COMMON, 10,
805 "private_key_passwd_from parameter is nothing. "
806 "Use default value.");
807 private_key_passwd_from = DEFAULT_PRIVATE_KEY_PASSWD_FROM;
808 } else if (private_key_passwd_from != "console" &&
809 private_key_passwd_from != "file") {
810 LOGGER_PUT_LOG_ERROR(LOG_CAT_SSLPROXY_COMMON, 12,
811 "Invalid private_key_passwd_from parameter value.");
815 LOGGER_PUT_LOG_WARN(LOG_CAT_SSLPROXY_COMMON, 11,
816 "private_key_passwd_from parameter not found. "
817 "Use default value.");
818 private_key_passwd_from = DEFAULT_PRIVATE_KEY_PASSWD_FROM;
821 if (private_key_passwd_from == "file") {
822 // Get parameter "private_key_passwd_dir".
823 if (Parameter::getInstance().isStringExist(PARAM_COMP_SSLPROXY, "private_key_passwd_dir")) {
824 private_key_passwd_dir =
825 Parameter::getInstance().getStringValue(PARAM_COMP_SSLPROXY,
826 "private_key_passwd_dir");
827 /*-------- DEBUG LOG --------*/
828 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
829 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 50,
830 "function : static int getParameters("
831 "std::string config_filename) : "
832 "get private_key_passwd_dir OK.");
834 /*------ DEBUG LOG END ------*/
835 if (private_key_passwd_dir == "") {
836 LOGGER_PUT_LOG_WARN(LOG_CAT_SSLPROXY_COMMON, 12,
837 "private_key_passwd_dir parameter is nothing. "
838 "Use default value.");
839 private_key_passwd_dir = DEFAULT_PRIVATE_KEY_DIR;
842 LOGGER_PUT_LOG_WARN(LOG_CAT_SSLPROXY_COMMON, 13,
843 "private_key_passwd_dir parameter not found. "
844 "Use default value.");
845 private_key_passwd_dir = DEFAULT_PRIVATE_KEY_PASSWD_DIR;
848 // Get parameter "private_key_passwd_file".
849 if (Parameter::getInstance().isStringExist(PARAM_COMP_SSLPROXY, "private_key_passwd_file")) {
850 private_key_passwd_file =
851 Parameter::getInstance().getStringValue(PARAM_COMP_SSLPROXY,
852 "private_key_passwd_file");
853 /*-------- DEBUG LOG --------*/
854 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
855 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 51,
856 "function : static int getParameters("
857 "std::string config_filename) : "
858 "get private_key_passwd_file OK.");
860 /*------ DEBUG LOG END ------*/
861 if (private_key_passwd_file == "") {
862 LOGGER_PUT_LOG_ERROR(LOG_CAT_SSLPROXY_COMMON, 13,
863 "private_key_passwd_file parameter is nothing.");
867 LOGGER_PUT_LOG_ERROR(LOG_CAT_SSLPROXY_COMMON, 14,
868 "Cannot get private_key_passwd_file parameter.");
873 // Get parameter "verify_options".
874 // Get map data and Convert string to integer and Make bit data.
875 if (Parameter::getInstance().isStringExist(PARAM_COMP_SSLPROXY, "verify_options")) {
876 std::multimap<std::string, std::string> vopMap;
877 Parameter::getInstance().getStringMapValue(PARAM_COMP_SSLPROXY,
880 if (vopMap.size() != 0) {
881 /*-------- DEBUG LOG --------*/
882 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
883 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 52,
884 "function : static int getParameters("
885 "std::string config_filename) : "
886 "get verify_options map OK.");
888 /*------ DEBUG LOG END ------*/
889 for(std::multimap<std::string, std::string>::iterator stritr = vopMap.begin();
890 stritr != vopMap.end();
892 /*-------- DEBUG LOG --------*/
893 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
894 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 53,
896 "static int getParameters(std::string config_filename) : "
897 "verify option map key = %s, value = %s",
898 (stritr->first).c_str(),
899 (stritr->second).c_str());
901 /*------ DEBUG LOG END ------*/
902 int retvop = convVerifyOption(stritr->second);
904 LOGGER_PUT_LOG_ERROR(LOG_CAT_SSLPROXY_COMMON, 15,
905 "verify_options convert error. [%s]",
906 stritr->second.c_str());
909 verify_options = (verify_options | retvop);
912 LOGGER_PUT_LOG_WARN(LOG_CAT_SSLPROXY_COMMON, 14,
913 "verify_options parameter is nothing. "
914 "Use default value.");
915 verify_options = DEFAULT_VERIFY_OPTIONS;
918 LOGGER_PUT_LOG_WARN(LOG_CAT_SSLPROXY_COMMON, 15,
919 "verify_options parameter not found. "
920 "Use default value.");
921 verify_options = DEFAULT_VERIFY_OPTIONS;
924 // Get parameter "verify_cert_depth".
925 if (Parameter::getInstance().isIntExist(PARAM_COMP_SSLPROXY, "verify_cert_depth")) {
926 verify_cert_depth = Parameter::getInstance().getIntValue(PARAM_COMP_SSLPROXY,
927 "verify_cert_depth");
928 /*-------- DEBUG LOG --------*/
929 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
930 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 54,
931 "function : static int getParameters("
932 "std::string config_filename) : "
933 "get verify_cert_depth OK.");
935 /*------ DEBUG LOG END ------*/
936 if (verify_cert_depth < 0 || verify_cert_depth > INT_MAX) {
937 LOGGER_PUT_LOG_ERROR(LOG_CAT_SSLPROXY_COMMON, 16,
938 "Invalid verify_cert_depth parameter value.");
942 LOGGER_PUT_LOG_WARN(LOG_CAT_SSLPROXY_COMMON, 16,
943 "verify_cert_depth parameter not found. "
944 "Use default value.");
945 verify_cert_depth = DEFAULT_VERIFY_CERT_DEPTH;
948 // Get parameter "ssl_options".
949 // Get map data and Convert string to integer and Make bit data.
950 // and Check dh parameter file use or not.
952 if (Parameter::getInstance().isStringExist(PARAM_COMP_SSLPROXY, "ssl_options")) {
953 std::multimap<std::string, std::string> sopMap;
954 Parameter::getInstance().getStringMapValue(PARAM_COMP_SSLPROXY,
957 if (sopMap.size() != 0) {
958 /*-------- DEBUG LOG --------*/
959 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
960 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 55,
961 "function : static int getParameters("
962 "std::string config_filename) : "
963 "get ssl_options map OK.");
965 /*------ DEBUG LOG END ------*/
966 for(std::multimap<std::string, std::string>::iterator stritr = sopMap.begin();
967 stritr != sopMap.end();
969 /*-------- DEBUG LOG --------*/
970 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
971 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 56,
973 "static int getParameters(std::string config_filename) : "
974 "SSL option map key = %s, value = %s",
975 (stritr->first).c_str(),
976 (stritr->second).c_str());
978 /*------ DEBUG LOG END ------*/
979 long int retsop = convSslOption(stritr->second);
981 LOGGER_PUT_LOG_ERROR(LOG_CAT_SSLPROXY_COMMON, 17,
982 "ssl_options convert error. [%s]",
983 stritr->second.c_str());
986 if (retsop == SSL_OP_SINGLE_DH_USE) {
987 /*-------- DEBUG LOG --------*/
988 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
989 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 57,
991 "static int getParameters(std::string config_filename) : "
992 "tmp_dh_use is true.");
994 /*------ DEBUG LOG END ------*/
997 ssl_options = (ssl_options | retsop);
1000 LOGGER_PUT_LOG_WARN(LOG_CAT_SSLPROXY_COMMON, 17,
1001 "ssl_options parameter is nothing. "
1002 "Use default value.");
1003 ssl_options = DEFAULT_SSL_OPTIONS;
1007 LOGGER_PUT_LOG_WARN(LOG_CAT_SSLPROXY_COMMON, 18,
1008 "ssl_options parameter not found. "
1009 "Use default value.");
1010 ssl_options = DEFAULT_SSL_OPTIONS;
1014 if (tmp_dh_use == true) {
1015 // Get parameter "tmp_dh_dir".
1016 if (Parameter::getInstance().isStringExist(PARAM_COMP_SSLPROXY, "tmp_dh_dir")) {
1017 tmp_dh_dir = Parameter::getInstance().getStringValue(PARAM_COMP_SSLPROXY,
1019 /*-------- DEBUG LOG --------*/
1020 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
1021 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 58,
1022 "function : static int getParameters("
1023 "std::string config_filename) : "
1024 "get tmp_dh_dir OK.");
1026 /*------ DEBUG LOG END ------*/
1027 if (tmp_dh_dir == "") {
1028 LOGGER_PUT_LOG_WARN(LOG_CAT_SSLPROXY_COMMON, 19,
1029 "tmp_dh_dir parameter is nothing. "
1030 "Use default value.");
1031 tmp_dh_dir = DEFAULT_TMP_DH_DIR;
1034 LOGGER_PUT_LOG_WARN(LOG_CAT_SSLPROXY_COMMON, 20,
1035 "tmp_dh_dir parameter not found. "
1036 "Use default value.");
1037 tmp_dh_dir = DEFAULT_TMP_DH_DIR;
1040 // Get parameter "tmp_dh_file".
1041 if (Parameter::getInstance().isStringExist(PARAM_COMP_SSLPROXY, "tmp_dh_file")) {
1042 tmp_dh_file = Parameter::getInstance().getStringValue(PARAM_COMP_SSLPROXY,
1044 /*-------- DEBUG LOG --------*/
1045 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
1046 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 59,
1047 "function : static int getParameters("
1048 "std::string config_filename) : "
1049 "get tmp_dh_file OK.");
1051 /*------ DEBUG LOG END ------*/
1052 if (tmp_dh_file == "") {
1053 LOGGER_PUT_LOG_ERROR(LOG_CAT_SSLPROXY_COMMON, 18,
1054 "tmp_dh_file parameter is nothing.");
1058 LOGGER_PUT_LOG_ERROR(LOG_CAT_SSLPROXY_COMMON, 19,
1059 "Cannot get tmp_dh_file parameter.");
1064 // Get parameter "cipher_list".
1065 if (Parameter::getInstance().isStringExist(PARAM_COMP_SSLPROXY, "cipher_list")) {
1066 cipher_list = Parameter::getInstance().getStringValue(PARAM_COMP_SSLPROXY,
1068 /*-------- DEBUG LOG --------*/
1069 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
1070 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 60,
1071 "function : static int getParameters("
1072 "std::string config_filename) : "
1073 "get cipher_list OK.");
1075 /*------ DEBUG LOG END ------*/
1076 if (cipher_list == "") {
1077 LOGGER_PUT_LOG_WARN(LOG_CAT_SSLPROXY_COMMON, 21,
1078 "cipher_list parameter is nothing. "
1079 "Use default value.");
1080 cipher_list = DEFAULT_CIPHER_LIST;
1083 LOGGER_PUT_LOG_WARN(LOG_CAT_SSLPROXY_COMMON, 22,
1084 "cipher_list parameter not found. "
1085 "Use default value.");
1086 cipher_list = DEFAULT_CIPHER_LIST;
1089 // Get parameter "session_cache".
1090 if (Parameter::getInstance().isStringExist(PARAM_COMP_SSLPROXY, "session_cache")) {
1091 std::string session_cache = Parameter::getInstance().getStringValue(PARAM_COMP_SSLPROXY,
1093 /*-------- DEBUG LOG --------*/
1094 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
1095 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 97,
1096 "function : static int getParameters("
1097 "std::string config_filename) : "
1098 "get session_cache OK.");
1100 /*------ DEBUG LOG END ------*/
1101 if (session_cache == "") {
1102 LOGGER_PUT_LOG_WARN(LOG_CAT_SSLPROXY_COMMON, 25,
1103 "session_cache parameter is nothing. "
1104 "Use default value.");
1105 session_cache_mode = DEFAULT_SESSION_CACHE_MODE;
1106 } else if (session_cache == "on") {
1107 session_cache_mode = SSL_SESS_CACHE_SERVER;
1108 } else if (session_cache == "off") {
1109 session_cache_mode = SSL_SESS_CACHE_OFF;
1111 LOGGER_PUT_LOG_ERROR(LOG_CAT_SSLPROXY_COMMON, 47,
1112 "Invalid session_cache parameter value.");
1116 LOGGER_PUT_LOG_WARN(LOG_CAT_SSLPROXY_COMMON, 26,
1117 "session_cache parameter not found. "
1118 "Use default value.");
1119 session_cache_mode = DEFAULT_SESSION_CACHE_MODE;
1122 // Get parameter "session_cache_size".
1123 if (Parameter::getInstance().isIntExist(PARAM_COMP_SSLPROXY, "session_cache_size")) {
1124 session_cache_size = Parameter::getInstance().getIntValue(PARAM_COMP_SSLPROXY,
1125 "session_cache_size");
1126 /*-------- DEBUG LOG --------*/
1127 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
1128 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 98,
1129 "function : static int getParameters("
1130 "std::string config_filename) : "
1131 "get session_cache_size OK.");
1133 /*------ DEBUG LOG END ------*/
1134 if (session_cache_size < 0 || session_cache_size > LONG_MAX) {
1135 LOGGER_PUT_LOG_ERROR(LOG_CAT_SSLPROXY_COMMON, 48,
1136 "Invalid session_cache_size parameter value.");
1140 LOGGER_PUT_LOG_WARN(LOG_CAT_SSLPROXY_COMMON, 27,
1141 "session_cache_size parameter not found. "
1142 "Use default value.");
1143 session_cache_size = DEFAULT_SESSION_CACHE_SIZE;
1146 // Get parameter "session_cache_timeout".
1147 if (Parameter::getInstance().isIntExist(PARAM_COMP_SSLPROXY, "session_cache_timeout")) {
1148 session_cache_timeout = Parameter::getInstance().getIntValue(PARAM_COMP_SSLPROXY,
1149 "session_cache_timeout");
1150 /*-------- DEBUG LOG --------*/
1151 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
1152 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 99,
1153 "function : static int getParameters("
1154 "std::string config_filename) : "
1155 "get session_cache_timeout OK.");
1157 /*------ DEBUG LOG END ------*/
1158 if (session_cache_timeout < 0 || session_cache_timeout > LONG_MAX) {
1159 LOGGER_PUT_LOG_ERROR(LOG_CAT_SSLPROXY_COMMON, 49,
1160 "Invalid session_cache_timeout parameter value.");
1164 LOGGER_PUT_LOG_WARN(LOG_CAT_SSLPROXY_COMMON, 28,
1165 "session_cache_timeout parameter not found. "
1166 "Use default value.");
1167 session_cache_timeout = DEFAULT_SESSION_CACHE_TIMEOUT;
1170 // Get parameter "conn_log_flag".
1171 if (Parameter::getInstance().isStringExist(PARAM_COMP_LOGGER, "conn_log_flag")) {
1172 conn_log_flag = Parameter::getInstance().getStringValue(PARAM_COMP_LOGGER,
1174 /*-------- DEBUG LOG --------*/
1175 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
1176 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 61,
1177 "function : static int getParameters("
1178 "std::string config_filename) : "
1179 "get conn_log_flag OK.");
1181 /*------ DEBUG LOG END ------*/
1182 if (conn_log_flag == "") {
1183 LOGGER_PUT_LOG_WARN(LOG_CAT_SSLPROXY_COMMON, 23,
1184 "conn_log_flag parameter is nothing. "
1185 "Use default value.");
1186 conn_log_flag = DEFAULT_CONN_LOG_FLAG;
1187 } else if (conn_log_flag != "on" && conn_log_flag != "off") {
1188 LOGGER_PUT_LOG_ERROR(LOG_CAT_SSLPROXY_COMMON, 20,
1189 "Invalid conn_log_flag parameter value.");
1193 LOGGER_PUT_LOG_WARN(LOG_CAT_SSLPROXY_COMMON, 24,
1194 "conn_log_flag parameter not found. "
1195 "Use default value.");
1196 conn_log_flag = DEFAULT_CONN_LOG_FLAG;
1199 // Get parameter "edit_client_msg".
1200 if (Parameter::getInstance().isStringExist(PARAM_COMP_SSLPROXY, "edit_client_msg")) {
1201 std::string edit_client = Parameter::getInstance().getStringValue(PARAM_COMP_SSLPROXY,
1203 /*-------- DEBUG LOG --------*/
1204 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
1205 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 40, // XXX fix log
1206 "function : static int getParameters("
1207 "std::string config_filename) : "
1208 "get edit_client_msg OK.");
1210 /*------ DEBUG LOG END ------*/
1211 if (edit_client == "") {
1212 LOGGER_PUT_LOG_WARN(LOG_CAT_SSLPROXY_COMMON, 23, // XXX fix log
1213 "edit_client_msg parameter is nothing. "
1214 "Use default value.");
1215 edit_client_msg = DEFAULT_EDIT_CLIENT_MSG;
1216 } else if (edit_client != "on" && edit_client != "off") {
1217 LOGGER_PUT_LOG_ERROR(LOG_CAT_SSLPROXY_COMMON, 20, // XXX fix log
1218 "Invalid edit_client_msg parameter value.");
1221 if (edit_client == "on")
1222 edit_client_msg = true;
1224 edit_client_msg = false;
1226 LOGGER_PUT_LOG_WARN(LOG_CAT_SSLPROXY_COMMON, 999, // XXX fix log
1227 "edit_client_msg parameter not found. "
1228 "Use default value.");
1229 edit_client_msg = DEFAULT_EDIT_CLIENT_MSG;
1232 // Get parameter "edit_server_msg".
1233 if (Parameter::getInstance().isStringExist(PARAM_COMP_SSLPROXY, "edit_server_msg")) {
1234 std::string edit_server = Parameter::getInstance().getStringValue(PARAM_COMP_SSLPROXY,
1236 /*-------- DEBUG LOG --------*/
1237 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
1238 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 40, // XXX fix log
1239 "function : static int getParameters("
1240 "std::string config_filename) : "
1241 "get edit_server_msg OK.");
1243 /*------ DEBUG LOG END ------*/
1244 if (edit_server == "") {
1245 LOGGER_PUT_LOG_WARN(LOG_CAT_SSLPROXY_COMMON, 23, // XXX fix log
1246 "edit_server_msg parameter is nothing. "
1247 "Use default value.");
1248 edit_server_msg = DEFAULT_EDIT_SERVER_MSG;
1249 } else if (edit_server != "on" && edit_server != "off") {
1250 LOGGER_PUT_LOG_ERROR(LOG_CAT_SSLPROXY_COMMON, 20, // XXX fix log
1251 "Invalid edit_server_msg parameter value.");
1254 if (edit_server == "on")
1255 edit_server_msg = true;
1257 edit_server_msg = false;
1259 LOGGER_PUT_LOG_WARN(LOG_CAT_SSLPROXY_COMMON, 999, // XXX fix log
1260 "edit_server_msg parameter not found. "
1261 "Use default value.");
1262 edit_server_msg = DEFAULT_EDIT_SERVER_MSG;
1265 // Get parameter "x_forwarded_for_mode".
1266 if (Parameter::getInstance().isStringExist(PARAM_COMP_SSLPROXY, "x_forwarded_for_mode")) {
1267 std::string x_forwarded = Parameter::getInstance().getStringValue(PARAM_COMP_SSLPROXY,
1268 "x_forwarded_for_mode");
1269 /*-------- DEBUG LOG --------*/
1270 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
1271 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 61, // XXX fix log
1272 "function : static int getParameters("
1273 "std::string config_filename) : "
1274 "get x_forwarded_for_mode OK.");
1276 /*------ DEBUG LOG END ------*/
1277 if (x_forwarded == "") {
1278 LOGGER_PUT_LOG_WARN(LOG_CAT_SSLPROXY_COMMON, 23, // XXX fix log
1279 "x_forwarded_for_mode parameter is nothing. "
1280 "Use default value.");
1281 x_forwarded_for_mode = DEFAULT_X_FORWARDED_FOR_MODE;
1282 } else if (x_forwarded != "add") {
1283 x_forwarded_for_mode = ADD_X_FORWARDED_FOR;
1284 } else if (x_forwarded != "set") {
1285 x_forwarded_for_mode = SET_X_FORWARDED_FOR;
1286 } else if (x_forwarded != "delete") {
1287 x_forwarded_for_mode = DELETE_X_FORWARDED_FOR;
1288 } else if (x_forwarded != "none") {
1289 x_forwarded_for_mode = NONE_X_FORWARDED_FOR;
1291 LOGGER_PUT_LOG_ERROR(LOG_CAT_SSLPROXY_COMMON, 20, // XXX fix log
1292 "Invalid x_forwarded_for_mode parameter value.");
1296 x_forwarded_for_mode = DEFAULT_X_FORWARDED_FOR_MODE;
1299 /*-------- DEBUG LOG --------*/
1300 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
1301 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 62,
1303 "static int getParameters(std::string config_filename) : "
1304 "Catch exception e = %d.",
1307 /*------ DEBUG LOG END ------*/
1310 /*-------- DEBUG LOG --------*/
1311 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
1312 std::ostringstream oss;
1314 " recv_endpoint = " << recv_endpoint <<
1315 ", target_endpoint = " << target_endpoint <<
1316 ", num_thread = " << num_thread <<
1317 ", timout_sec = " << timeout_sec <<
1318 ", ca_dir = " << ca_dir <<
1319 ", ca_file = " << ca_file <<
1320 ", cert_chain_dir = " << cert_chain_dir <<
1321 ", cert_chain_file = " << cert_chain_file <<
1322 ", private_key_dir = " << private_key_dir <<
1323 ", private_key_file = " << private_key_file <<
1324 ", private_key_filetype = " << private_key_filetype <<
1325 ", private_key_passwd_from = " << private_key_passwd_from <<
1326 ", private_key_passwd_dir = " << private_key_passwd_dir <<
1327 ", private_key_passwd_file = " << private_key_passwd_file <<
1328 ", verify_options = " << verify_options <<
1329 ", verify_cert_depth = " << verify_cert_depth <<
1330 ", ssl_options = " << ssl_options <<
1331 ", tmp_dh_dir = " << tmp_dh_dir <<
1332 ", tmp_dh_file = " << tmp_dh_file <<
1333 ", cipher_list = " << cipher_list <<
1334 ", session_cache_mode = " << session_cache_mode <<
1335 ", session_cache_size = " << session_cache_size <<
1336 ", session_cache_timeout = " << session_cache_timeout <<
1337 ", conn_log_flag = " << conn_log_flag;
1338 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 63,
1340 "static int getParameters(std::string config_filename) : "
1341 "return value = %d : "
1342 "parameter value %s",
1346 /*------ DEBUG LOG END ------*/
1351 * Split endpoint data to host and port string.
1353 * @param[in] endpoint_str endpoint string
1354 * @param[out] host host string
1355 * @param[out] port port string
1359 static int splitEndpoint(std::string endpoint_str, std::string& host, std::string& port)
1361 /*-------- DEBUG LOG --------*/
1362 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
1363 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 64,
1365 "static int splitEndpoint"
1366 "(std::string endpoint_str, std::string& host, std::string& port) : "
1367 "endpoint_str = %s",
1368 endpoint_str.c_str());
1370 /*------ DEBUG LOG END ------*/
1374 int mark = endpoint_str.find_first_of(":");
1376 LOGGER_PUT_LOG_ERROR(LOG_CAT_SSLPROXY_COMMON, 21, "Delimitation not found.");
1380 LOGGER_PUT_LOG_ERROR(LOG_CAT_SSLPROXY_COMMON, 22, "Host string not found.");
1383 host = endpoint_str.substr(0, mark);
1384 port = endpoint_str.substr(mark + 1);
1385 /*-------- DEBUG LOG --------*/
1386 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
1387 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 65,
1389 "static int splitEndpoint"
1390 "(std::string endpoint_str, std::string& host, std::string& port) : "
1391 "set host and port string");
1393 /*------ DEBUG LOG END ------*/
1394 if (port.length() <= 0) {
1395 LOGGER_PUT_LOG_ERROR(LOG_CAT_SSLPROXY_COMMON, 23, "Port string not found.");
1399 /*-------- DEBUG LOG --------*/
1400 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
1401 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 66,
1403 "static int splitEndpoint"
1404 "(std::string endpoint_str, std::string& host, std::string& port) : "
1405 "Catch exception e = %d.",
1408 /*------ DEBUG LOG END ------*/
1412 /*-------- DEBUG LOG --------*/
1413 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
1414 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 67,
1416 "static int splitEndpoint"
1417 "(std::string endpoint_str, std::string& host, std::string& port) : "
1418 "return value ret = %d : "
1425 /*------ DEBUG LOG END ------*/
1430 * exit signal handler
1432 * @param[in] sig signal
1435 static void sig_exit_handler(int sig)
1437 /*-------- DEBUG LOG --------*/
1438 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
1439 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 68,
1440 "in_function : static void sig_exit_handler(int sig) "
1444 /*------ DEBUG LOG END ------*/
1447 if (sig == SIGTERM) {
1448 LOGGER_PUT_LOG_INFO(LOG_CAT_SSLPROXY_COMMON, 1, "SIGTERM received.");
1449 retexit = EXIT_SUCCESS;
1451 LOGGER_PUT_LOG_ERROR(LOG_CAT_SSLPROXY_COMMON, 24, "Signal received. signal=%d.", sig);
1452 retexit = EXIT_FAILURE;
1458 /*-------- DEBUG LOG --------*/
1459 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
1460 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 69,
1461 "out_function : static void sig_exit_handler(int sig) : "
1465 /*------ DEBUG LOG END ------*/
1470 * setup signal handler
1472 * @param[in] sig signal
1473 * @param[in] handler signal handler
1477 static int set_sighandler(int sig, void (*handler)(int))
1479 /*-------- DEBUG LOG --------*/
1480 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
1481 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 70,
1482 "in_function : static int set_sighandler(int sig, void (*handler)(int)) "
1487 /*------ DEBUG LOG END ------*/
1489 struct sigaction act;
1492 /*-------- DEBUG LOG --------*/
1493 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
1494 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 71,
1495 "sigaction : sig = %d : act = NULL",
1498 /*------ DEBUG LOG END ------*/
1499 ret = sigaction(sig, NULL, &act);
1501 LOGGER_PUT_LOG_ERROR(LOG_CAT_SSLPROXY_COMMON, 25, "sigaction on signal %d failed", sig);
1502 /*-------- DEBUG LOG --------*/
1503 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
1504 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 72,
1505 "out_function : static int set_sighandler(int sig, void (*handler)(int)) "
1506 "return_value : %d",
1509 /*------ DEBUG LOG END ------*/
1512 act.sa_flags &= ~SA_RESETHAND;
1513 act.sa_handler = handler;
1515 /*-------- DEBUG LOG --------*/
1516 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
1517 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 73,
1518 "sigaction : sig=%d: act.sa_flags=%d, act.sa_handler=%p",
1519 sig, act.sa_flags, act.sa_handler);
1521 /*------ DEBUG LOG END ------*/
1522 ret = sigaction(sig, &act, NULL);
1524 LOGGER_PUT_LOG_ERROR(LOG_CAT_SSLPROXY_COMMON, 26, "sigaction on signal %d failed", sig);
1525 /*-------- DEBUG LOG --------*/
1526 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
1527 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 74,
1528 "out_function : static int set_sighandler(int sig, void (*handler)(int)) "
1529 "return_value : %d",
1532 /*------ DEBUG LOG END ------*/
1536 /*-------- DEBUG LOG --------*/
1537 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
1538 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 75,
1539 "out_function : static int set_sighandler(int sig, void (*handler)(int)) "
1540 "return_value : 0");
1542 /*------ DEBUG LOG END ------*/
1547 * setup all signal handlers
1553 static int set_sighandlers(void)
1555 /*-------- DEBUG LOG --------*/
1556 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
1557 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 76,
1558 "in_function : static int set_sighandlers(void) ");
1560 /*------ DEBUG LOG END ------*/
1563 #define SET_SIGHANDLER(sig, handler) \
1565 ret = set_sighandler((sig), (handler)); \
1567 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) { \
1568 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 77, \
1569 "out_function : static int set_sighandlers(void) " \
1570 "return_value : %d", \
1577 SET_SIGHANDLER(SIGHUP, sig_exit_handler);
1578 SET_SIGHANDLER(SIGINT, sig_exit_handler);
1579 SET_SIGHANDLER(SIGQUIT, sig_exit_handler);
1580 SET_SIGHANDLER(SIGTERM, sig_exit_handler);
1581 SET_SIGHANDLER(SIGUSR1, SIG_IGN);
1582 SET_SIGHANDLER(SIGUSR2, SIG_IGN);
1583 SET_SIGHANDLER(SIGALRM, SIG_IGN);
1584 SET_SIGHANDLER(SIGCHLD, SIG_IGN);
1586 #undef SET_SIGHANDLER
1588 /*-------- DEBUG LOG --------*/
1589 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
1590 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 78,
1591 "out_function : static int set_sighandlers(void) "
1592 "return_value : 0");
1594 /*------ DEBUG LOG END ------*/
1602 static void usage(void)
1604 /*-------- DEBUG LOG --------*/
1605 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
1606 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 79,
1607 "in_function : static void usage(void)");
1609 /*------ DEBUG LOG END ------*/
1611 std::cerr << "Usage : " << "sslproxy <target_id> <config_filename>" << std::endl;
1612 std::cerr << "Example : " << "sslproxy target_1 /etc/l7vs/sslproxy/sslproxy.target_1.cf" << std::endl;
1614 /*-------- DEBUG LOG --------*/
1615 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
1616 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 80,
1617 "out_function : static void usage(void) "
1618 "return_value = void");
1620 /*------ DEBUG LOG END ------*/
1624 * SSLproxy main function.
1626 * @param[in] argc number of argument
1627 * @param[in] *argv[] array of argument string
1629 void sslproxy_main(int argc, char* argv[])
1631 /*-------- DEBUG LOG --------*/
1632 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
1633 std::ostringstream oss;
1634 oss << "argc = " << argc;
1635 for (int i = 0; i < argc; i++) {
1636 oss << ", arg[" << i << "] = " << argv[i];
1638 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 81,
1639 "in_function : void sslproxy_main(int argc, char* argv[]) : "
1643 /*------ DEBUG LOG END ------*/
1645 int result = EXIT_SUCCESS;
1647 std::string function_str = "";
1650 // Set max file open num
1652 if (getrlimit( RLIMIT_NOFILE, &lim ) == 0) {
1653 if (lim.rlim_cur < DEFAULT_MAX_FILE_NUM) {
1654 lim.rlim_cur = DEFAULT_MAX_FILE_NUM;
1656 if (lim.rlim_max < DEFAULT_MAX_FILE_NUM) {
1657 lim.rlim_max = DEFAULT_MAX_FILE_NUM;
1659 if (setrlimit( RLIMIT_NOFILE, &lim ) != 0) {
1660 std::cerr << "Set max file open num error." << std::endl;
1664 std::cerr << "Get max file open num error." << std::endl;
1670 LOGGER_PUT_LOG_ERROR(LOG_CAT_SSLPROXY_COMMON, 27, "Argument argc is illegal.");
1671 std::cerr << "Argument argc is illegal." << std::endl;
1676 // Check argument 1. (target_id)
1677 if (strlen(argv[1]) > MAX_TARGET_ID_SIZE) {
1678 LOGGER_PUT_LOG_ERROR(LOG_CAT_SSLPROXY_COMMON, 28, "Target_id is too long.");
1679 std::cerr << "Target_id is too long." << std::endl;
1682 target_id = argv[1];
1684 // Check argument 2. (config file)
1685 if (argv[2][0] != '/') {
1686 LOGGER_PUT_LOG_ERROR(LOG_CAT_SSLPROXY_COMMON, 29,
1687 "Need specify config file in full path. %s", target_id.c_str());
1688 std::cerr << "Need specify config file in full path. " << target_id << std::endl;
1692 if ((fp = fopen(argv[2], "r")) == NULL) {
1693 LOGGER_PUT_LOG_ERROR(LOG_CAT_SSLPROXY_COMMON, 30,
1694 "Config file cannot open. %s", target_id.c_str());
1695 std::cerr << "Config file cannot open. " << target_id << std::endl;
1699 std::string config_filename = argv[2];
1701 /*-------- DEBUG LOG --------*/
1702 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
1703 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 82,
1704 "function : void sslproxy_main(int argc, char* argv[]) : "
1705 "Argument check END. "
1707 "config_filename = %s",
1709 config_filename.c_str());
1711 /*------ DEBUG LOG END ------*/
1713 // Get config parameters.
1714 if (getParameters(config_filename) == -1) {
1715 LOGGER_PUT_LOG_ERROR(LOG_CAT_SSLPROXY_COMMON, 31,
1716 "Get parameter error. %s", target_id.c_str());
1717 std::cerr << "Get parameter error. " << target_id << std::endl;
1721 /*-------- DEBUG LOG --------*/
1722 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
1723 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 83,
1724 "function : void sslproxy_main(int argc, char* argv[]) : "
1725 "Get parameter END.");
1727 /*------ DEBUG LOG END ------*/
1729 // Set signal handlers.
1730 if (set_sighandlers() < 0) {
1731 LOGGER_PUT_LOG_ERROR(LOG_CAT_SSLPROXY_COMMON, 32,
1732 "Set signal handler error. %s", target_id.c_str());
1733 std::cerr << "Set signal handler error. " << target_id << std::endl;
1737 /*-------- DEBUG LOG --------*/
1738 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
1739 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 84,
1740 "function : void sslproxy_main(int argc, char* argv[]) : "
1743 /*------ DEBUG LOG END ------*/
1745 // Check target endpoint id duplication.
1746 // Read all sslproxy process and target id is extracted.
1747 if ((fp = popen(TARGET_ID_CHECK_STRING, "r")) == NULL) {
1748 LOGGER_PUT_LOG_ERROR(LOG_CAT_SSLPROXY_COMMON, 33,
1749 "popen error. %s", target_id.c_str());
1750 std::cerr << "popen error. " << target_id << std::endl;
1753 char key[MAX_TARGET_ID_SIZE], buf[MAX_TARGET_ID_SIZE];
1755 while (fgets(buf, MAX_TARGET_ID_SIZE, fp) != NULL) {
1756 /*-------- DEBUG LOG --------*/
1757 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
1758 std::string buf_str = buf;
1759 buf_str.erase(buf_str.size() - 1, 1);
1760 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 85,
1761 "function : void sslproxy_main(int argc, char* argv[]) : "
1762 "Target id of executing process = %s.",
1765 /*------ DEBUG LOG END ------*/
1766 sprintf(key, "%s\n", target_id.c_str());
1767 if (strcmp(key, buf) == 0) {
1768 /*-------- DEBUG LOG --------*/
1769 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
1770 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 86,
1771 "function : void sslproxy_main(int argc, char* argv[]) : "
1772 "Same target id found.");
1774 /*------ DEBUG LOG END ------*/
1775 // Count same target id process.
1778 // Duplication error when the one the same besides oneself exists.
1779 if (match_cnt > 1) {
1780 LOGGER_PUT_LOG_ERROR(LOG_CAT_SSLPROXY_COMMON, 34,
1781 "sslproxy process is already exist. %s", target_id.c_str());
1782 std::cerr << "sslproxy process is already exist. " << target_id << std::endl;
1789 /*-------- DEBUG LOG --------*/
1790 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
1791 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 87,
1792 "function : void sslproxy_main(int argc, char* argv[]) : "
1793 "Check target id END.");
1795 /*------ DEBUG LOG END ------*/
1797 // SSLproxy server initialize and setting.
1798 // IO event dispatcher class.
1799 boost::asio::io_service ioservice;
1803 function_str = "resolver()";
1804 boost::asio::ip::tcp::resolver resolver(ioservice);
1806 std::string hoststr;
1807 std::string portstr;
1809 // Target endpoint -> hoststr:portstr
1810 if (splitEndpoint(target_endpoint, hoststr, portstr) == -1) {
1811 LOGGER_PUT_LOG_ERROR(LOG_CAT_SSLPROXY_COMMON, 35,
1812 "Invalid target_endpoint. [%s]", target_id.c_str());
1813 std::cerr << "Invalid target_endpoint. [" << target_id << "]" << std::endl;
1817 // query class for target.
1819 function_str = "target_query()";
1820 boost::asio::ip::tcp::resolver::query target_query(boost::asio::ip::tcp::v4(), hoststr, portstr);
1822 // query result for target. (iterator)
1824 function_str = "Target resolver.resolve()";
1825 boost::asio::ip::tcp::resolver::iterator target_itr = resolver.resolve(target_query);
1827 // query result for target. (endpoint_type)
1828 boost::asio::ip::tcp::resolver::endpoint_type target_entry = *target_itr;
1829 /*-------- DEBUG LOG --------*/
1830 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
1831 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 88,
1832 "function : void sslproxy_main(int argc, char* argv[]) : "
1833 "Check target_endpoint END. "
1835 target_entry.address().to_string().c_str(),
1836 target_entry.port());
1838 /*------ DEBUG LOG END ------*/
1840 // Recv endpoint -> hoststr:portstr
1841 if (splitEndpoint(recv_endpoint, hoststr, portstr) == -1) {
1842 LOGGER_PUT_LOG_ERROR(LOG_CAT_SSLPROXY_COMMON, 36,
1843 "Invalid recv_endpoint. [%s]", target_id.c_str());
1844 std::cerr << "Invalid recv_endpoint. [" << target_id << "]" << std::endl;
1848 // query class for recv.
1850 function_str = "recv_query()";
1851 boost::asio::ip::tcp::resolver::query recv_query(boost::asio::ip::tcp::v4(), hoststr, portstr);
1853 // query result for recv. (iterator)
1855 function_str = "Recv resolver.resolve()";
1856 boost::asio::ip::tcp::resolver::iterator recv_itr = resolver.resolve(recv_query);
1858 // query result for recv. (endpoint_type)
1859 boost::asio::ip::tcp::resolver::endpoint_type recv_entry = *recv_itr;
1860 /*-------- DEBUG LOG --------*/
1861 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
1862 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 89,
1863 "function : void sslproxy_main(int argc, char* argv[]) : "
1864 "Check recv_endpoint END. "
1866 recv_entry.address().to_string().c_str(),
1869 /*------ DEBUG LOG END ------*/
1871 // Create sslproxy_server and create SSLcontext.
1873 function_str = "Create sslproxy_server";
1874 sslproxy_server server(ioservice, target_itr, recv_entry);
1876 /*-------- DEBUG LOG --------*/
1877 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
1878 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 90,
1879 "function : void sslproxy_main(int argc, char* argv[]) : "
1880 "Create sslproxy_server END.");
1882 /*------ DEBUG LOG END ------*/
1885 if (daemon(1, 1) < 0) {
1886 LOGGER_PUT_LOG_ERROR(LOG_CAT_SSLPROXY_COMMON, 37,
1887 "Start daemon() error. [%s]",
1889 std::cerr << "Start daemon() error. [" << target_id << "]" << std::endl;
1892 /*-------- DEBUG LOG --------*/
1893 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
1894 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 91,
1895 "function : void sslproxy_main(int argc, char* argv[]) : "
1896 "Start daemon END.");
1898 /*------ DEBUG LOG END ------*/
1900 // Create threads for IO event dispatcher.
1901 // Threadgroup class. (thread pool)
1902 boost::thread_group threadgroup;
1904 // Create num_thread threads.
1906 function_str = "create_thread()";
1907 for (int i = 0; i < num_thread; ++i) {
1908 threadgroup.create_thread(boost::bind(&boost::asio::io_service::run, &ioservice));
1909 /*-------- DEBUG LOG --------*/
1910 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
1911 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 92,
1912 "function : void sslproxy_main(int argc, char* argv[]) : "
1913 "Thread %d create.",
1916 /*------ DEBUG LOG END ------*/
1919 /*-------- DEBUG LOG --------*/
1920 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
1921 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 93,
1922 "function : void sslproxy_main(int argc, char* argv[]) : "
1923 "Create threads END.");
1925 /*------ DEBUG LOG END ------*/
1927 LOGGER_PUT_LOG_INFO(LOG_CAT_SSLPROXY_COMMON, 2,
1928 "SSLproxy process start success. %s",
1931 // Wait for threads finish.
1933 function_str = "join_all()";
1934 threadgroup.join_all();
1936 /*-------- DEBUG LOG --------*/
1937 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
1938 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 94,
1939 "function : void sslproxy_main(int argc, char* argv[]) : "
1942 /*------ DEBUG LOG END ------*/
1944 } catch (std::exception& e) {
1945 std::cerr << function_str << " error : " << e.what() << "." << std::endl;
1946 LOGGER_PUT_LOG_ERROR(LOG_CAT_SSLPROXY_COMMON, log_msg_id,
1947 "%s error : %s.", function_str.c_str(), e.what());
1948 result = EXIT_FAILURE;
1950 /*-------- DEBUG LOG --------*/
1951 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
1952 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 95,
1953 "function : void sslproxy_main(int argc, char* argv[]) : "
1954 "Catch int exception. %d",
1957 /*------ DEBUG LOG END ------*/
1960 std::cout << "Unknown exception." << std::endl;
1961 LOGGER_PUT_LOG_ERROR(LOG_CAT_SSLPROXY_COMMON, 38, "Unknown exception.");
1962 result = EXIT_FAILURE;
1968 /*-------- DEBUG LOG --------*/
1969 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
1970 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 96,
1971 "out_function : void sslproxy_main(int argc, char* argv[]) : "
1972 "return value = %d.",
1975 /*------ DEBUG LOG END ------*/