2 * @file sslproxymain.cpp
3 * @brief the main module of SSLproxy
4 * @brief SSLproxy module is terminal as for the SSL communication,
5 * @brief and it operates as reverse Proxy.
7 * Copyright (C) 2008 NTT COMWARE Corporation.
9 * This program is free software; you can redistribute it and/or
10 * modify it under the terms of the GNU Lesser General Public
11 * License as published by the Free Software Foundation; either
12 * version 2.1 of the License, or (at your option) any later version.
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
17 * Lesser General Public License for more details.
19 * You should have received a copy of the GNU Lesser General Public
20 * License along with this library; if not, write to the Free Software
21 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
24 **********************************************************************
26 * Distributed under the Boost Software Licence, Version 1.0
27 * http://www.boost.org/LICENSE_1_0.txt
29 **********************************************************************/
32 #include <sys/resource.h>
34 #include "sslproxyserver.h"
38 //! Prototype of functions.
39 static int convVerifyOption(std::string opt_string);
40 static long int convSslOption(std::string opt_string);
41 static int getParameters(std::string config_filename);
42 static int splitEndpoint(std::string endpoint_str, std::string& host, std::string& port);
43 static void sig_exit_handler(int sig);
44 static int set_sighandler(int sig, void (*handler)(int));
45 static int set_sighandlers(void);
46 static void usage(void);
49 std::string target_id;
51 //! SSLproxy parameters.
52 std::string recv_endpoint;
53 std::string target_endpoint;
58 std::string cert_chain_dir;
59 std::string cert_chain_file;
60 std::string private_key_dir;
61 std::string private_key_file;
62 boost::asio::ssl::context::file_format private_key_filetype;
63 std::string private_key_passwd_from;
64 std::string private_key_passwd_dir;
65 std::string private_key_passwd_file;
67 int verify_cert_depth;
70 std::string tmp_dh_dir;
71 std::string tmp_dh_file;
72 std::string cipher_list;
73 long session_cache_mode;
74 long session_cache_size;
75 long session_cache_timeout;
76 std::string conn_log_flag;
77 bool client_packet_edit = DEFAULT_CLIENT_EDIT;
78 bool server_packet_edit = DEFAULT_SERVER_EDIT;
79 std::list<std::pair<std::string, std::string > > http_request_header;
80 std::list<std::pair<std::string, std::string > > http_response_header;
83 * Convert verify option string to intger(#define).
85 * @param[in] opt_string option string
86 * @retval ret option value
89 static int convVerifyOption(std::string opt_string)
91 /*-------- DEBUG LOG --------*/
92 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
93 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 1,
94 "in_function : static int convVerifyOption(std::string opt_string) : "
98 /*------ DEBUG LOG END ------*/
102 * /usr/include/openssl/ssl.h
103 * #define SSL_VERIFY_NONE 0x00
104 * #define SSL_VERIFY_PEER 0x01
105 * #define SSL_VERIFY_FAIL_IF_NO_PEER_CERT 0x02
106 * #define SSL_VERIFY_CLIENT_ONCE 0x04
108 if (opt_string == "SSL_VERIFY_NONE") {
109 /*-------- DEBUG LOG --------*/
110 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
111 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 2,
112 "function : static int convVerifyOption(std::string opt_string) : "
115 /*------ DEBUG LOG END ------*/
116 ret = SSL_VERIFY_NONE;
118 if (opt_string == "SSL_VERIFY_PEER") {
119 /*-------- DEBUG LOG --------*/
120 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
121 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 3,
122 "function : static int convVerifyOption(std::string opt_string) : "
125 /*------ DEBUG LOG END ------*/
126 ret = SSL_VERIFY_PEER;
128 if (opt_string == "SSL_VERIFY_FAIL_IF_NO_PEER_CERT") {
129 /*-------- DEBUG LOG --------*/
130 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
131 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 4,
132 "function : static int convVerifyOption(std::string opt_string) : "
133 "SSL_VERIFY_FAIL_IF_NO_PEER_CERT");
135 /*------ DEBUG LOG END ------*/
136 ret = SSL_VERIFY_FAIL_IF_NO_PEER_CERT;
138 if (opt_string == "SSL_VERIFY_CLIENT_ONCE") {
139 /*-------- DEBUG LOG --------*/
140 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
141 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 5,
142 "function : static int convVerifyOption(std::string opt_string) : "
143 "SSL_VERIFY_CLIENT_ONCE");
145 /*------ DEBUG LOG END ------*/
146 ret = SSL_VERIFY_CLIENT_ONCE;
149 /*-------- DEBUG LOG --------*/
150 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
151 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 6,
152 "out_function : static int convVerifyOption(std::string opt_string) : "
156 /*------ DEBUG LOG END ------*/
157 // if ret == -1 then No match.
162 * Convert SSL option string to intger(#define).
164 * @param[in] opt_string option string
165 * @retval ret option value
166 * @retval -1 no match
168 static long int convSslOption(std::string opt_string)
170 /*-------- DEBUG LOG --------*/
171 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
172 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 7,
173 "in_function : static long int convSslOption(std::string opt_string) : "
177 /*------ DEBUG LOG END ------*/
181 * /usr/include/openssl/ssl.h
182 * #define SSL_OP_MICROSOFT_SESS_ID_BUG 0x00000001L
183 * #define SSL_OP_NETSCAPE_CHALLENGE_BUG 0x00000002L
184 * #define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG 0x00000008L
185 * #define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG 0x00000010L
186 * #define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER 0x00000020L
187 * #define SSL_OP_MSIE_SSLV2_RSA_PADDING 0x00000040L
188 * #define SSL_OP_SSLEAY_080_CLIENT_DH_BUG 0x00000080L
189 * #define SSL_OP_TLS_D5_BUG 0x00000100L
190 * #define SSL_OP_TLS_BLOCK_PADDING_BUG 0x00000200L
191 * #define SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS 0x00000800L
192 * #define SSL_OP_ALL 0x00000FF7L
193 * #define SSL_OP_NO_QUERY_MTU 0x00001000L
194 * #define SSL_OP_COOKIE_EXCHANGE 0x00002000L
195 * #define SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION 0x00010000L
196 * #define SSL_OP_SINGLE_ECDH_USE 0x00080000L
197 * #define SSL_OP_SINGLE_DH_USE 0x00100000L
198 * #define SSL_OP_EPHEMERAL_RSA 0x00200000L
199 * #define SSL_OP_CIPHER_SERVER_PREFERENCE 0x00400000L
200 * #define SSL_OP_TLS_ROLLBACK_BUG 0x00800000L
201 * #define SSL_OP_NO_SSLv2 0x01000000L
202 * #define SSL_OP_NO_SSLv3 0x02000000L
203 * #define SSL_OP_NO_TLSv1 0x04000000L
204 * #define SSL_OP_PKCS1_CHECK_1 0x08000000L
205 * #define SSL_OP_PKCS1_CHECK_2 0x10000000L
206 * #define SSL_OP_NETSCAPE_CA_DN_BUG 0x20000000L
207 * #define SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG 0x40000000L
209 if (opt_string == "SSL_OP_MICROSOFT_SESS_ID_BUG") {
210 /*-------- DEBUG LOG --------*/
211 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
212 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 8,
213 "function : static int convSslOption(std::string opt_string) : "
214 "SSL_OP_MICROSOFT_SESS_ID_BUG");
216 /*------ DEBUG LOG END ------*/
217 ret = SSL_OP_MICROSOFT_SESS_ID_BUG;
219 if (opt_string == "SSL_OP_NETSCAPE_CHALLENGE_BUG") {
220 /*-------- DEBUG LOG --------*/
221 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
222 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 9,
223 "function : static int convSslOption(std::string opt_string) : "
224 "SSL_OP_NETSCAPE_CHALLENGE_BUG");
226 /*------ DEBUG LOG END ------*/
227 ret = SSL_OP_NETSCAPE_CHALLENGE_BUG;
229 if (opt_string == "SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG") {
230 /*-------- DEBUG LOG --------*/
231 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
232 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 10,
233 "function : static int convSslOption(std::string opt_string) : "
234 "SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG");
236 /*------ DEBUG LOG END ------*/
237 ret = SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG;
239 if (opt_string == "SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG") {
240 /*-------- DEBUG LOG --------*/
241 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
242 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 11,
243 "function : static int convSslOption(std::string opt_string) : "
244 "SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG");
246 /*------ DEBUG LOG END ------*/
247 ret = SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG;
249 if (opt_string == "SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER") {
250 /*-------- DEBUG LOG --------*/
251 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
252 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 12,
253 "function : static int convSslOption(std::string opt_string) : "
254 "SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER");
256 /*------ DEBUG LOG END ------*/
257 ret = SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER;
259 if (opt_string == "SSL_OP_MSIE_SSLV2_RSA_PADDING") {
260 /*-------- DEBUG LOG --------*/
261 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
262 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 13,
263 "function : static int convSslOption(std::string opt_string) : "
264 "SSL_OP_MSIE_SSLV2_RSA_PADDING");
266 /*------ DEBUG LOG END ------*/
267 ret = SSL_OP_MSIE_SSLV2_RSA_PADDING;
269 if (opt_string == "SSL_OP_SSLEAY_080_CLIENT_DH_BUG") {
270 /*-------- DEBUG LOG --------*/
271 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
272 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 14,
273 "function : static int convSslOption(std::string opt_string) : "
274 "SSL_OP_SSLEAY_080_CLIENT_DH_BUG");
276 /*------ DEBUG LOG END ------*/
277 ret = SSL_OP_SSLEAY_080_CLIENT_DH_BUG;
279 if (opt_string == "SSL_OP_TLS_D5_BUG") {
280 /*-------- DEBUG LOG --------*/
281 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
282 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 15,
283 "function : static int convSslOption(std::string opt_string) : "
284 "SSL_OP_TLS_D5_BUG");
286 /*------ DEBUG LOG END ------*/
287 ret = SSL_OP_TLS_D5_BUG;
289 if (opt_string == "SSL_OP_TLS_BLOCK_PADDING_BUG") {
290 /*-------- DEBUG LOG --------*/
291 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
292 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 16,
293 "function : static int convSslOption(std::string opt_string) : "
294 "SSL_OP_TLS_BLOCK_PADDING_BUG");
296 /*------ DEBUG LOG END ------*/
297 ret = SSL_OP_TLS_BLOCK_PADDING_BUG;
299 if (opt_string == "SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS") {
300 /*-------- DEBUG LOG --------*/
301 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
302 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 17,
303 "function : static int convSslOption(std::string opt_string) : "
304 "SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS");
306 /*------ DEBUG LOG END ------*/
307 ret = SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS;
309 if (opt_string == "SSL_OP_ALL") {
310 /*-------- DEBUG LOG --------*/
311 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
312 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 18,
313 "function : static int convSslOption(std::string opt_string) : "
316 /*------ DEBUG LOG END ------*/
317 // boost::asio::ssl::context::default_workarounds
320 if (opt_string == "SSL_OP_NO_QUERY_MTU") {
321 /*-------- DEBUG LOG --------*/
322 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
323 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 19,
324 "function : static int convSslOption(std::string opt_string) : "
325 "SSL_OP_NO_QUERY_MTU");
327 /*------ DEBUG LOG END ------*/
328 ret = SSL_OP_NO_QUERY_MTU;
330 if (opt_string == "SSL_OP_COOKIE_EXCHANGE") {
331 /*-------- DEBUG LOG --------*/
332 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
333 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 20,
334 "function : static int convSslOption(std::string opt_string) : "
335 "SSL_OP_COOKIE_EXCHANGE");
337 /*------ DEBUG LOG END ------*/
338 ret = SSL_OP_COOKIE_EXCHANGE;
340 if (opt_string == "SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION") {
341 /*-------- DEBUG LOG --------*/
342 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
343 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 21,
344 "function : static int convSslOption(std::string opt_string) : "
345 "SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION");
347 /*------ DEBUG LOG END ------*/
348 ret = SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION;
350 if (opt_string == "SSL_OP_SINGLE_ECDH_USE") {
351 /*-------- DEBUG LOG --------*/
352 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
353 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 22,
354 "function : static int convSslOption(std::string opt_string) : "
355 "SSL_OP_SINGLE_ECDH_USE");
357 /*------ DEBUG LOG END ------*/
358 ret = SSL_OP_SINGLE_ECDH_USE;
360 if (opt_string == "SSL_OP_SINGLE_DH_USE") {
361 /*-------- DEBUG LOG --------*/
362 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
363 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 23,
364 "function : static int convSslOption(std::string opt_string) : "
365 "SSL_OP_SINGLE_DH_USE");
367 /*------ DEBUG LOG END ------*/
368 // boost::asio::ssl::context::single_dh_use
369 ret = SSL_OP_SINGLE_DH_USE;
371 if (opt_string == "SSL_OP_EPHEMERAL_RSA") {
372 /*-------- DEBUG LOG --------*/
373 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
374 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 24,
375 "function : static int convSslOption(std::string opt_string) : "
376 "SSL_OP_EPHEMERAL_RSA");
378 /*------ DEBUG LOG END ------*/
379 ret = SSL_OP_EPHEMERAL_RSA;
381 if (opt_string == "SSL_OP_CIPHER_SERVER_PREFERENCE") {
382 /*-------- DEBUG LOG --------*/
383 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
384 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 25,
385 "function : static int convSslOption(std::string opt_string) : "
386 "SSL_OP_CIPHER_SERVER_PREFERENCE");
388 /*------ DEBUG LOG END ------*/
389 ret = SSL_OP_CIPHER_SERVER_PREFERENCE;
391 if (opt_string == "SSL_OP_TLS_ROLLBACK_BUG") {
392 /*-------- DEBUG LOG --------*/
393 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
394 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 26,
395 "function : static int convSslOption(std::string opt_string) : "
396 "SSL_OP_TLS_ROLLBACK_BUG");
398 /*------ DEBUG LOG END ------*/
399 ret = SSL_OP_TLS_ROLLBACK_BUG;
401 if (opt_string == "SSL_OP_NO_SSLv2") {
402 /*-------- DEBUG LOG --------*/
403 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
404 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 27,
405 "function : static int convSslOption(std::string opt_string) : "
408 /*------ DEBUG LOG END ------*/
409 // boost::asio::ssl::context::no_sslv2
410 ret = SSL_OP_NO_SSLv2;
412 if (opt_string == "SSL_OP_NO_SSLv3") {
413 /*-------- DEBUG LOG --------*/
414 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
415 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 28,
416 "function : static int convSslOption(std::string opt_string) : "
419 /*------ DEBUG LOG END ------*/
420 // boost::asio::ssl::context::no_sslv3
421 ret = SSL_OP_NO_SSLv3;
423 if (opt_string == "SSL_OP_NO_TLSv1") {
424 /*-------- DEBUG LOG --------*/
425 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
426 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 29,
427 "function : static int convSslOption(std::string opt_string) : "
430 /*------ DEBUG LOG END ------*/
431 // boost::asio::ssl::context::no_tlsv1
432 ret = SSL_OP_NO_TLSv1;
434 if (opt_string == "SSL_OP_PKCS1_CHECK_1") {
435 /*-------- DEBUG LOG --------*/
436 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
437 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 30,
438 "function : static int convSslOption(std::string opt_string) : "
439 "SSL_OP_PKCS1_CHECK_1");
441 /*------ DEBUG LOG END ------*/
442 ret = SSL_OP_PKCS1_CHECK_1;
444 if (opt_string == "SSL_OP_PKCS1_CHECK_2") {
445 /*-------- DEBUG LOG --------*/
446 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
447 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 31,
448 "function : static int convSslOption(std::string opt_string) : "
449 "SSL_OP_PKCS1_CHECK_2");
451 /*------ DEBUG LOG END ------*/
452 ret = SSL_OP_PKCS1_CHECK_2;
454 if (opt_string == "SSL_OP_NETSCAPE_CA_DN_BUG") {
455 /*-------- DEBUG LOG --------*/
456 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
457 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 32,
458 "function : static int convSslOption(std::string opt_string) : "
459 "SSL_OP_NETSCAPE_CA_DN_BUG");
461 /*------ DEBUG LOG END ------*/
462 ret = SSL_OP_NETSCAPE_CA_DN_BUG;
464 if (opt_string == "SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG") {
465 /*-------- DEBUG LOG --------*/
466 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
467 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 33,
468 "function : static int convSslOption(std::string opt_string) : "
469 "SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG");
471 /*------ DEBUG LOG END ------*/
472 ret = SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG;
475 /*-------- DEBUG LOG --------*/
476 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
477 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 34,
478 "out_function : static long int convSslOption(std::string opt_string) : "
479 "return_value = %ld",
482 /*------ DEBUG LOG END ------*/
483 // if ret == -1 then No match.
488 * Get SSLproxy parameter from parameter file.
490 * @param[in] config_filename config filename string
494 static int getParameters(std::string config_filename)
496 /*-------- DEBUG LOG --------*/
497 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
498 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 35,
499 "in_function : static int getParameters(std::string config_filename) : "
500 "config_filename = %s",
501 config_filename.c_str());
503 /*------ DEBUG LOG END ------*/
508 // Read configuration file.
509 if (parameter_reread_file(PARAM_COMP_ALL, config_filename) == -1) {
510 LOGGER_PUT_LOG_ERROR(LOG_CAT_SSLPROXY_COMMON, 1,
511 "Config file read error.");
515 // Get parameter "recv_endpoint".
516 if (Parameter::getInstance().isStringExist(PARAM_COMP_SSLPROXY, "recv_endpoint")) {
517 recv_endpoint = Parameter::getInstance().getStringValue(PARAM_COMP_SSLPROXY,
519 /*-------- DEBUG LOG --------*/
520 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
521 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 36,
522 "function : static int getParameters("
523 "std::string config_filename) : "
524 "get recv_endpoint OK.");
526 /*------ DEBUG LOG END ------*/
528 LOGGER_PUT_LOG_ERROR(LOG_CAT_SSLPROXY_COMMON, 2,
529 "Cannot get recv_endpoint parameter.");
533 // Get parameter "target_endpoint".
534 if (Parameter::getInstance().isStringExist(PARAM_COMP_SSLPROXY, "target_endpoint")) {
535 target_endpoint = Parameter::getInstance().getStringValue(PARAM_COMP_SSLPROXY,
537 /*-------- DEBUG LOG --------*/
538 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
539 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 37,
540 "function : static int getParameters("
541 "std::string config_filename) : "
542 "get target_endpoint OK.");
544 /*------ DEBUG LOG END ------*/
546 LOGGER_PUT_LOG_ERROR(LOG_CAT_SSLPROXY_COMMON, 3,
547 "Cannot get target_endpoint parameter.");
551 // Get parameter "num_thread".
552 if (Parameter::getInstance().isIntExist(PARAM_COMP_SSLPROXY, "num_thread")) {
553 num_thread = Parameter::getInstance().getIntValue(PARAM_COMP_SSLPROXY,
555 /*-------- DEBUG LOG --------*/
556 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
557 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 38,
558 "function : static int getParameters("
559 "std::string config_filename) : "
560 "get num_thread OK.");
562 /*------ DEBUG LOG END ------*/
563 if (num_thread <= 0 || num_thread > INT_MAX) {
564 LOGGER_PUT_LOG_ERROR(LOG_CAT_SSLPROXY_COMMON, 4,
565 "Invalid num_thread parameter value.");
569 LOGGER_PUT_LOG_WARN(LOG_CAT_SSLPROXY_COMMON, 1,
570 "num_thread parameter not found. "
571 "Use default value.");
572 num_thread = DEFAULT_NUM_THREAD;
575 // Get parameter "timeout_sec".
576 if (Parameter::getInstance().isIntExist(PARAM_COMP_SSLPROXY, "timeout_sec")) {
577 timeout_sec = Parameter::getInstance().getIntValue(PARAM_COMP_SSLPROXY,
579 /*-------- DEBUG LOG --------*/
580 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
581 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 39,
582 "function : static int getParameters("
583 "std::string config_filename) : "
584 "get timeout_sec OK.");
586 /*------ DEBUG LOG END ------*/
587 if (timeout_sec <= 0 || timeout_sec > INT_MAX) {
588 LOGGER_PUT_LOG_ERROR(LOG_CAT_SSLPROXY_COMMON, 5,
589 "Invalid timeout_sec parameter value.");
593 LOGGER_PUT_LOG_WARN(LOG_CAT_SSLPROXY_COMMON, 2,
594 "timeout_sec parameter not found. "
595 "Use default value.");
596 timeout_sec = DEFAULT_TIMEOUT_SEC;
599 // Get parameter "ca_dir".
600 if (Parameter::getInstance().isStringExist(PARAM_COMP_SSLPROXY, "ca_dir")) {
601 ca_dir = Parameter::getInstance().getStringValue(PARAM_COMP_SSLPROXY,
603 /*-------- DEBUG LOG --------*/
604 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
605 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 40,
606 "function : static int getParameters("
607 "std::string config_filename) : "
610 /*------ DEBUG LOG END ------*/
612 LOGGER_PUT_LOG_WARN(LOG_CAT_SSLPROXY_COMMON, 3,
613 "ca_dir parameter is nothing. "
614 "Use default value.");
615 ca_dir = DEFAULT_CA_DIR;
618 LOGGER_PUT_LOG_WARN(LOG_CAT_SSLPROXY_COMMON, 4,
619 "ca_dir parameter not found. "
620 "Use default value.");
621 ca_dir = DEFAULT_CA_DIR;
624 // Get parameter "ca_file".
625 if (Parameter::getInstance().isStringExist(PARAM_COMP_SSLPROXY, "ca_file")) {
626 ca_file = Parameter::getInstance().getStringValue(PARAM_COMP_SSLPROXY,
628 /*-------- DEBUG LOG --------*/
629 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
630 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 41,
631 "function : static int getParameters("
632 "std::string config_filename) : "
635 /*------ DEBUG LOG END ------*/
637 LOGGER_PUT_LOG_ERROR(LOG_CAT_SSLPROXY_COMMON, 6,
638 "Cannot get ca_file parameter.");
642 // Get parameter "cert_chain_dir".
643 if (Parameter::getInstance().isStringExist(PARAM_COMP_SSLPROXY, "cert_chain_dir")) {
644 cert_chain_dir = Parameter::getInstance().getStringValue(PARAM_COMP_SSLPROXY,
646 /*-------- DEBUG LOG --------*/
647 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
648 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 42,
649 "function : static int getParameters("
650 "std::string config_filename) : "
651 "get cert_chain_dir OK.");
653 /*------ DEBUG LOG END ------*/
654 if (cert_chain_dir == "") {
655 LOGGER_PUT_LOG_WARN(LOG_CAT_SSLPROXY_COMMON, 5,
656 "cert_chain_dir parameter is nothing. "
657 "Use default value.");
658 cert_chain_dir = DEFAULT_CERT_CHAIN_DIR;
661 LOGGER_PUT_LOG_WARN(LOG_CAT_SSLPROXY_COMMON, 6,
662 "cert_chain_dir parameter not found. "
663 "Use default value.");
664 cert_chain_dir = DEFAULT_CERT_CHAIN_DIR;
667 // Get parameter "cert_chain_file".
668 if (Parameter::getInstance().isStringExist(PARAM_COMP_SSLPROXY, "cert_chain_file")) {
669 cert_chain_file = Parameter::getInstance().getStringValue(PARAM_COMP_SSLPROXY,
671 /*-------- DEBUG LOG --------*/
672 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
673 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 43,
674 "function : static int getParameters("
675 "std::string config_filename) : "
676 "get cert_chain_file OK.");
678 /*------ DEBUG LOG END ------*/
679 if (cert_chain_file == "") {
680 LOGGER_PUT_LOG_ERROR(LOG_CAT_SSLPROXY_COMMON, 7,
681 "cert_chain_file parameter is nothing.");
685 LOGGER_PUT_LOG_ERROR(LOG_CAT_SSLPROXY_COMMON, 8,
686 "Cannot get cert_chain_file parameter.");
690 // Get parameter "private_key_dir".
691 if (Parameter::getInstance().isStringExist(PARAM_COMP_SSLPROXY, "private_key_dir")) {
692 private_key_dir = Parameter::getInstance().getStringValue(PARAM_COMP_SSLPROXY,
694 /*-------- DEBUG LOG --------*/
695 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
696 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 44,
697 "function : static int getParameters("
698 "std::string config_filename) : "
699 "get private_key_dir OK.");
701 /*------ DEBUG LOG END ------*/
702 if (private_key_dir == "") {
703 LOGGER_PUT_LOG_WARN(LOG_CAT_SSLPROXY_COMMON, 7,
704 "private_key_dir parameter is nothing. "
705 "Use default value.");
706 private_key_dir = DEFAULT_PRIVATE_KEY_DIR;
709 LOGGER_PUT_LOG_WARN(LOG_CAT_SSLPROXY_COMMON, 8,
710 "private_key_dir parameter not found. Use default value.");
711 private_key_dir = DEFAULT_PRIVATE_KEY_DIR;
714 // Get parameter "private_key_file".
715 if (Parameter::getInstance().isStringExist(PARAM_COMP_SSLPROXY, "private_key_file")) {
716 private_key_file = Parameter::getInstance().getStringValue(PARAM_COMP_SSLPROXY,
718 /*-------- DEBUG LOG --------*/
719 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
720 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 45,
721 "function : static int getParameters("
722 "std::string config_filename) : "
723 "get private_key_file OK.");
725 /*------ DEBUG LOG END ------*/
726 if (private_key_file == "") {
727 LOGGER_PUT_LOG_ERROR(LOG_CAT_SSLPROXY_COMMON, 9,
728 "private_key_file parameter is nothing.");
732 LOGGER_PUT_LOG_ERROR(LOG_CAT_SSLPROXY_COMMON, 10,
733 "Cannot get private_key_file parameter.");
737 // Get parameter "private_key_filetype".
738 // Convert string to enum.
739 if (Parameter::getInstance().isStringExist(PARAM_COMP_SSLPROXY, "private_key_filetype")) {
740 std::string private_key_filetype_string =
741 Parameter::getInstance().getStringValue(PARAM_COMP_SSLPROXY,
742 "private_key_filetype");
743 /*-------- DEBUG LOG --------*/
744 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
745 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 46,
746 "function : static int getParameters("
747 "std::string config_filename) : "
748 "get private_key_filetype_string OK.");
750 /*------ DEBUG LOG END ------*/
752 * /usr/include/openssl/ssl.h
753 * #define SSL_FILETYPE_PEM X509_FILETYPE_PEM ->1
754 * #define SSL_FILETYPE_ASN1 X509_FILETYPE_ASN1 ->2
756 if (private_key_filetype_string == "SSL_FILETYPE_PEM") {
757 /*-------- DEBUG LOG --------*/
758 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
759 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 47,
760 "function : static int getParameters("
761 "std::string config_filename) : "
762 "set SSL_FILETYPE_PEM.");
764 /*------ DEBUG LOG END ------*/
765 private_key_filetype = boost::asio::ssl::context::pem;
766 } else if (private_key_filetype_string == "SSL_FILETYPE_ASN1") {
767 /*-------- DEBUG LOG --------*/
768 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
769 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 48,
770 "function : static int getParameters("
771 "std::string config_filename) : "
772 "set SSL_FILETYPE_ASN1.");
774 /*------ DEBUG LOG END ------*/
775 private_key_filetype = boost::asio::ssl::context::asn1;
777 LOGGER_PUT_LOG_ERROR(LOG_CAT_SSLPROXY_COMMON, 11,
778 "private_key_filetype convert error. [%s]",
779 private_key_filetype_string.c_str());
783 LOGGER_PUT_LOG_WARN(LOG_CAT_SSLPROXY_COMMON, 9,
784 "private_key_filetype parameter not found. "
785 "Use default value.");
786 private_key_filetype = DEFAULT_PRIVATE_KEY_FILETYPE;
789 // Get parameter "private_key_passwd_from".
790 if (Parameter::getInstance().isStringExist(PARAM_COMP_SSLPROXY, "private_key_passwd_from")) {
791 private_key_passwd_from =
792 Parameter::getInstance().getStringValue(PARAM_COMP_SSLPROXY,
793 "private_key_passwd_from");
794 /*-------- DEBUG LOG --------*/
795 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
796 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 49,
797 "function : static int getParameters("
798 "std::string config_filename) : "
799 "get private_key_passwd_from OK.");
801 /*------ DEBUG LOG END ------*/
802 if (private_key_passwd_from == "") {
803 LOGGER_PUT_LOG_WARN(LOG_CAT_SSLPROXY_COMMON, 10,
804 "private_key_passwd_from parameter is nothing. "
805 "Use default value.");
806 private_key_passwd_from = DEFAULT_PRIVATE_KEY_PASSWD_FROM;
807 } else if (private_key_passwd_from != "console" &&
808 private_key_passwd_from != "file") {
809 LOGGER_PUT_LOG_ERROR(LOG_CAT_SSLPROXY_COMMON, 12,
810 "Invalid private_key_passwd_from parameter value.");
814 LOGGER_PUT_LOG_WARN(LOG_CAT_SSLPROXY_COMMON, 11,
815 "private_key_passwd_from parameter not found. "
816 "Use default value.");
817 private_key_passwd_from = DEFAULT_PRIVATE_KEY_PASSWD_FROM;
820 if (private_key_passwd_from == "file") {
821 // Get parameter "private_key_passwd_dir".
822 if (Parameter::getInstance().isStringExist(PARAM_COMP_SSLPROXY, "private_key_passwd_dir")) {
823 private_key_passwd_dir =
824 Parameter::getInstance().getStringValue(PARAM_COMP_SSLPROXY,
825 "private_key_passwd_dir");
826 /*-------- DEBUG LOG --------*/
827 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
828 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 50,
829 "function : static int getParameters("
830 "std::string config_filename) : "
831 "get private_key_passwd_dir OK.");
833 /*------ DEBUG LOG END ------*/
834 if (private_key_passwd_dir == "") {
835 LOGGER_PUT_LOG_WARN(LOG_CAT_SSLPROXY_COMMON, 12,
836 "private_key_passwd_dir parameter is nothing. "
837 "Use default value.");
838 private_key_passwd_dir = DEFAULT_PRIVATE_KEY_DIR;
841 LOGGER_PUT_LOG_WARN(LOG_CAT_SSLPROXY_COMMON, 13,
842 "private_key_passwd_dir parameter not found. "
843 "Use default value.");
844 private_key_passwd_dir = DEFAULT_PRIVATE_KEY_PASSWD_DIR;
847 // Get parameter "private_key_passwd_file".
848 if (Parameter::getInstance().isStringExist(PARAM_COMP_SSLPROXY, "private_key_passwd_file")) {
849 private_key_passwd_file =
850 Parameter::getInstance().getStringValue(PARAM_COMP_SSLPROXY,
851 "private_key_passwd_file");
852 /*-------- DEBUG LOG --------*/
853 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
854 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 51,
855 "function : static int getParameters("
856 "std::string config_filename) : "
857 "get private_key_passwd_file OK.");
859 /*------ DEBUG LOG END ------*/
860 if (private_key_passwd_file == "") {
861 LOGGER_PUT_LOG_ERROR(LOG_CAT_SSLPROXY_COMMON, 13,
862 "private_key_passwd_file parameter is nothing.");
866 LOGGER_PUT_LOG_ERROR(LOG_CAT_SSLPROXY_COMMON, 14,
867 "Cannot get private_key_passwd_file parameter.");
872 // Get parameter "verify_options".
873 // Get map data and Convert string to integer and Make bit data.
874 if (Parameter::getInstance().isStringExist(PARAM_COMP_SSLPROXY, "verify_options")) {
875 std::multimap<std::string, std::string> vopMap;
876 Parameter::getInstance().getStringMapValue(PARAM_COMP_SSLPROXY,
879 if (vopMap.size() != 0) {
880 /*-------- DEBUG LOG --------*/
881 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
882 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 52,
883 "function : static int getParameters("
884 "std::string config_filename) : "
885 "get verify_options map OK.");
887 /*------ DEBUG LOG END ------*/
888 for(std::multimap<std::string, std::string>::iterator stritr = vopMap.begin();
889 stritr != vopMap.end();
891 /*-------- DEBUG LOG --------*/
892 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
893 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 53,
895 "static int getParameters(std::string config_filename) : "
896 "verify option map key = %s, value = %s",
897 (stritr->first).c_str(),
898 (stritr->second).c_str());
900 /*------ DEBUG LOG END ------*/
901 int retvop = convVerifyOption(stritr->second);
903 LOGGER_PUT_LOG_ERROR(LOG_CAT_SSLPROXY_COMMON, 15,
904 "verify_options convert error. [%s]",
905 stritr->second.c_str());
908 verify_options = (verify_options | retvop);
911 LOGGER_PUT_LOG_WARN(LOG_CAT_SSLPROXY_COMMON, 14,
912 "verify_options parameter is nothing. "
913 "Use default value.");
914 verify_options = DEFAULT_VERIFY_OPTIONS;
917 LOGGER_PUT_LOG_WARN(LOG_CAT_SSLPROXY_COMMON, 15,
918 "verify_options parameter not found. "
919 "Use default value.");
920 verify_options = DEFAULT_VERIFY_OPTIONS;
923 // Get parameter "verify_cert_depth".
924 if (Parameter::getInstance().isIntExist(PARAM_COMP_SSLPROXY, "verify_cert_depth")) {
925 verify_cert_depth = Parameter::getInstance().getIntValue(PARAM_COMP_SSLPROXY,
926 "verify_cert_depth");
927 /*-------- DEBUG LOG --------*/
928 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
929 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 54,
930 "function : static int getParameters("
931 "std::string config_filename) : "
932 "get verify_cert_depth OK.");
934 /*------ DEBUG LOG END ------*/
935 if (verify_cert_depth < 0 || verify_cert_depth > INT_MAX) {
936 LOGGER_PUT_LOG_ERROR(LOG_CAT_SSLPROXY_COMMON, 16,
937 "Invalid verify_cert_depth parameter value.");
941 LOGGER_PUT_LOG_WARN(LOG_CAT_SSLPROXY_COMMON, 16,
942 "verify_cert_depth parameter not found. "
943 "Use default value.");
944 verify_cert_depth = DEFAULT_VERIFY_CERT_DEPTH;
947 // Get parameter "ssl_options".
948 // Get map data and Convert string to integer and Make bit data.
949 // and Check dh parameter file use or not.
951 if (Parameter::getInstance().isStringExist(PARAM_COMP_SSLPROXY, "ssl_options")) {
952 std::multimap<std::string, std::string> sopMap;
953 Parameter::getInstance().getStringMapValue(PARAM_COMP_SSLPROXY,
956 if (sopMap.size() != 0) {
957 /*-------- DEBUG LOG --------*/
958 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
959 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 55,
960 "function : static int getParameters("
961 "std::string config_filename) : "
962 "get ssl_options map OK.");
964 /*------ DEBUG LOG END ------*/
965 for(std::multimap<std::string, std::string>::iterator stritr = sopMap.begin();
966 stritr != sopMap.end();
968 /*-------- DEBUG LOG --------*/
969 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
970 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 56,
972 "static int getParameters(std::string config_filename) : "
973 "SSL option map key = %s, value = %s",
974 (stritr->first).c_str(),
975 (stritr->second).c_str());
977 /*------ DEBUG LOG END ------*/
978 long int retsop = convSslOption(stritr->second);
980 LOGGER_PUT_LOG_ERROR(LOG_CAT_SSLPROXY_COMMON, 17,
981 "ssl_options convert error. [%s]",
982 stritr->second.c_str());
985 if (retsop == SSL_OP_SINGLE_DH_USE) {
986 /*-------- DEBUG LOG --------*/
987 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
988 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 57,
990 "static int getParameters(std::string config_filename) : "
991 "tmp_dh_use is true.");
993 /*------ DEBUG LOG END ------*/
996 ssl_options = (ssl_options | retsop);
999 LOGGER_PUT_LOG_WARN(LOG_CAT_SSLPROXY_COMMON, 17,
1000 "ssl_options parameter is nothing. "
1001 "Use default value.");
1002 ssl_options = DEFAULT_SSL_OPTIONS;
1006 LOGGER_PUT_LOG_WARN(LOG_CAT_SSLPROXY_COMMON, 18,
1007 "ssl_options parameter not found. "
1008 "Use default value.");
1009 ssl_options = DEFAULT_SSL_OPTIONS;
1013 if (tmp_dh_use == true) {
1014 // Get parameter "tmp_dh_dir".
1015 if (Parameter::getInstance().isStringExist(PARAM_COMP_SSLPROXY, "tmp_dh_dir")) {
1016 tmp_dh_dir = Parameter::getInstance().getStringValue(PARAM_COMP_SSLPROXY,
1018 /*-------- DEBUG LOG --------*/
1019 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
1020 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 58,
1021 "function : static int getParameters("
1022 "std::string config_filename) : "
1023 "get tmp_dh_dir OK.");
1025 /*------ DEBUG LOG END ------*/
1026 if (tmp_dh_dir == "") {
1027 LOGGER_PUT_LOG_WARN(LOG_CAT_SSLPROXY_COMMON, 19,
1028 "tmp_dh_dir parameter is nothing. "
1029 "Use default value.");
1030 tmp_dh_dir = DEFAULT_TMP_DH_DIR;
1033 LOGGER_PUT_LOG_WARN(LOG_CAT_SSLPROXY_COMMON, 20,
1034 "tmp_dh_dir parameter not found. "
1035 "Use default value.");
1036 tmp_dh_dir = DEFAULT_TMP_DH_DIR;
1039 // Get parameter "tmp_dh_file".
1040 if (Parameter::getInstance().isStringExist(PARAM_COMP_SSLPROXY, "tmp_dh_file")) {
1041 tmp_dh_file = Parameter::getInstance().getStringValue(PARAM_COMP_SSLPROXY,
1043 /*-------- DEBUG LOG --------*/
1044 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
1045 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 59,
1046 "function : static int getParameters("
1047 "std::string config_filename) : "
1048 "get tmp_dh_file OK.");
1050 /*------ DEBUG LOG END ------*/
1051 if (tmp_dh_file == "") {
1052 LOGGER_PUT_LOG_ERROR(LOG_CAT_SSLPROXY_COMMON, 18,
1053 "tmp_dh_file parameter is nothing.");
1057 LOGGER_PUT_LOG_ERROR(LOG_CAT_SSLPROXY_COMMON, 19,
1058 "Cannot get tmp_dh_file parameter.");
1063 // Get parameter "cipher_list".
1064 if (Parameter::getInstance().isStringExist(PARAM_COMP_SSLPROXY, "cipher_list")) {
1065 cipher_list = Parameter::getInstance().getStringValue(PARAM_COMP_SSLPROXY,
1067 /*-------- DEBUG LOG --------*/
1068 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
1069 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 60,
1070 "function : static int getParameters("
1071 "std::string config_filename) : "
1072 "get cipher_list OK.");
1074 /*------ DEBUG LOG END ------*/
1075 if (cipher_list == "") {
1076 LOGGER_PUT_LOG_WARN(LOG_CAT_SSLPROXY_COMMON, 21,
1077 "cipher_list parameter is nothing. "
1078 "Use default value.");
1079 cipher_list = DEFAULT_CIPHER_LIST;
1082 LOGGER_PUT_LOG_WARN(LOG_CAT_SSLPROXY_COMMON, 22,
1083 "cipher_list parameter not found. "
1084 "Use default value.");
1085 cipher_list = DEFAULT_CIPHER_LIST;
1088 // Get parameter "session_cache".
1089 if (Parameter::getInstance().isStringExist(PARAM_COMP_SSLPROXY, "session_cache")) {
1090 std::string session_cache = Parameter::getInstance().getStringValue(PARAM_COMP_SSLPROXY,
1092 /*-------- DEBUG LOG --------*/
1093 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
1094 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 97,
1095 "function : static int getParameters("
1096 "std::string config_filename) : "
1097 "get session_cache OK.");
1099 /*------ DEBUG LOG END ------*/
1100 if (session_cache == "") {
1101 LOGGER_PUT_LOG_WARN(LOG_CAT_SSLPROXY_COMMON, 25,
1102 "session_cache parameter is nothing. "
1103 "Use default value.");
1104 session_cache_mode = DEFAULT_SESSION_CACHE_MODE;
1105 } else if (session_cache == "on") {
1106 session_cache_mode = SSL_SESS_CACHE_SERVER;
1107 } else if (session_cache == "off") {
1108 session_cache_mode = SSL_SESS_CACHE_OFF;
1110 LOGGER_PUT_LOG_ERROR(LOG_CAT_SSLPROXY_COMMON, 47,
1111 "Invalid session_cache parameter value.");
1115 LOGGER_PUT_LOG_WARN(LOG_CAT_SSLPROXY_COMMON, 26,
1116 "session_cache parameter not found. "
1117 "Use default value.");
1118 session_cache_mode = DEFAULT_SESSION_CACHE_MODE;
1121 // Get parameter "session_cache_size".
1122 if (Parameter::getInstance().isIntExist(PARAM_COMP_SSLPROXY, "session_cache_size")) {
1123 session_cache_size = Parameter::getInstance().getIntValue(PARAM_COMP_SSLPROXY,
1124 "session_cache_size");
1125 /*-------- DEBUG LOG --------*/
1126 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
1127 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 98,
1128 "function : static int getParameters("
1129 "std::string config_filename) : "
1130 "get session_cache_size OK.");
1132 /*------ DEBUG LOG END ------*/
1133 if (session_cache_size < 0 || session_cache_size > LONG_MAX) {
1134 LOGGER_PUT_LOG_ERROR(LOG_CAT_SSLPROXY_COMMON, 48,
1135 "Invalid session_cache_size parameter value.");
1139 LOGGER_PUT_LOG_WARN(LOG_CAT_SSLPROXY_COMMON, 27,
1140 "session_cache_size parameter not found. "
1141 "Use default value.");
1142 session_cache_size = DEFAULT_SESSION_CACHE_SIZE;
1145 // Get parameter "session_cache_timeout".
1146 if (Parameter::getInstance().isIntExist(PARAM_COMP_SSLPROXY, "session_cache_timeout")) {
1147 session_cache_timeout = Parameter::getInstance().getIntValue(PARAM_COMP_SSLPROXY,
1148 "session_cache_timeout");
1149 /*-------- DEBUG LOG --------*/
1150 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
1151 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 99,
1152 "function : static int getParameters("
1153 "std::string config_filename) : "
1154 "get session_cache_timeout OK.");
1156 /*------ DEBUG LOG END ------*/
1157 if (session_cache_timeout < 0 || session_cache_timeout > LONG_MAX) {
1158 LOGGER_PUT_LOG_ERROR(LOG_CAT_SSLPROXY_COMMON, 49,
1159 "Invalid session_cache_timeout parameter value.");
1163 LOGGER_PUT_LOG_WARN(LOG_CAT_SSLPROXY_COMMON, 28,
1164 "session_cache_timeout parameter not found. "
1165 "Use default value.");
1166 session_cache_timeout = DEFAULT_SESSION_CACHE_TIMEOUT;
1169 // Get parameter "conn_log_flag".
1170 if (Parameter::getInstance().isStringExist(PARAM_COMP_LOGGER, "conn_log_flag")) {
1171 conn_log_flag = Parameter::getInstance().getStringValue(PARAM_COMP_LOGGER,
1173 /*-------- DEBUG LOG --------*/
1174 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
1175 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 61,
1176 "function : static int getParameters("
1177 "std::string config_filename) : "
1178 "get conn_log_flag OK.");
1180 /*------ DEBUG LOG END ------*/
1181 if (conn_log_flag == "") {
1182 LOGGER_PUT_LOG_WARN(LOG_CAT_SSLPROXY_COMMON, 23,
1183 "conn_log_flag parameter is nothing. "
1184 "Use default value.");
1185 conn_log_flag = DEFAULT_CONN_LOG_FLAG;
1186 } else if (conn_log_flag != "on" && conn_log_flag != "off") {
1187 LOGGER_PUT_LOG_ERROR(LOG_CAT_SSLPROXY_COMMON, 20,
1188 "Invalid conn_log_flag parameter value.");
1192 LOGGER_PUT_LOG_WARN(LOG_CAT_SSLPROXY_COMMON, 24,
1193 "conn_log_flag parameter not found. "
1194 "Use default value.");
1195 conn_log_flag = DEFAULT_CONN_LOG_FLAG;
1198 // Get parameter "http_request_header".
1199 if (Parameter::getInstance().isStringExist(PARAM_COMP_SSLPROXY, "http_request_header")) {
1200 std::multimap<std::string, std::string> request_map;
1201 Parameter::getInstance().getStringMapValue(PARAM_COMP_SSLPROXY,
1202 "http_request_header", request_map);
1203 /*-------- DEBUG LOG --------*/
1204 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
1205 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 101,
1206 "function : static int getParameters("
1207 "std::string config_filename) : "
1208 "get http_request_header OK.");
1210 /*------ DEBUG LOG END ------*/
1211 std::multimap<std::string, std::string>::iterator it = request_map.begin();
1212 std::multimap<std::string, std::string>::iterator end = request_map.end();
1214 int delimiter_pos = it->second.find(':');
1215 if (delimiter_pos == std::string::npos) {
1216 LOGGER_PUT_LOG_ERROR(LOG_CAT_SSLPROXY_COMMON, 50,
1217 "Invalid http_request_header parameter value.(no delimiter)");
1220 std::pair<std::string, std::string> header_pair(
1221 it->second.substr(0, delimiter_pos),
1222 it->second.substr(delimiter_pos + 1, it->second.size() - delimiter_pos) );
1223 if ( header_pair.first != "set"
1224 && header_pair.first != "unset"
1225 && header_pair.first != "add"
1226 && header_pair.first != "replace" ) {
1227 LOGGER_PUT_LOG_ERROR(LOG_CAT_SSLPROXY_COMMON, 51,
1228 "Invalid http_request_header parameter value.(invalid type)");
1231 ::http_request_header.push_back(header_pair);
1232 ::client_packet_edit = true;
1237 // Get parameter "http_response_header".
1238 if (Parameter::getInstance().isStringExist(PARAM_COMP_SSLPROXY, "http_response_header")) {
1239 std::multimap<std::string, std::string> response_map;
1240 Parameter::getInstance().getStringMapValue(PARAM_COMP_SSLPROXY,
1241 "http_response_header", response_map);
1242 /*-------- DEBUG LOG --------*/
1243 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
1244 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 102,
1245 "function : static int getParameters("
1246 "std::string config_filename) : "
1247 "get http_response_header OK.");
1249 /*------ DEBUG LOG END ------*/
1250 std::multimap<std::string, std::string>::iterator it = response_map.begin();
1251 std::multimap<std::string, std::string>::iterator end = response_map.end();
1253 int delimiter_pos = it->second.find(':');
1254 if (delimiter_pos == std::string::npos) {
1255 LOGGER_PUT_LOG_ERROR(LOG_CAT_SSLPROXY_COMMON, 52,
1256 "Invalid http_response_header parameter value.(no delimiter)");
1259 std::pair<std::string, std::string> header_pair(
1260 it->second.substr(0, delimiter_pos),
1261 it->second.substr(delimiter_pos + 1, it->second.size() - delimiter_pos) );
1262 if ( header_pair.first != "set"
1263 && header_pair.first != "unset"
1264 && header_pair.first != "add"
1265 && header_pair.first != "replace" ) {
1266 LOGGER_PUT_LOG_ERROR(LOG_CAT_SSLPROXY_COMMON, 53,
1267 "Invalid http_response_header parameter value.(invalid type)");
1270 ::http_response_header.push_back(header_pair);
1271 ::server_packet_edit = true;
1276 /*-------- DEBUG LOG --------*/
1277 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
1278 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 62,
1280 "static int getParameters(std::string config_filename) : "
1281 "Catch exception e = %d.",
1284 /*------ DEBUG LOG END ------*/
1287 /*-------- DEBUG LOG --------*/
1288 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
1289 std::ostringstream oss;
1291 " recv_endpoint = " << recv_endpoint <<
1292 ", target_endpoint = " << target_endpoint <<
1293 ", num_thread = " << num_thread <<
1294 ", timout_sec = " << timeout_sec <<
1295 ", ca_dir = " << ca_dir <<
1296 ", ca_file = " << ca_file <<
1297 ", cert_chain_dir = " << cert_chain_dir <<
1298 ", cert_chain_file = " << cert_chain_file <<
1299 ", private_key_dir = " << private_key_dir <<
1300 ", private_key_file = " << private_key_file <<
1301 ", private_key_filetype = " << private_key_filetype <<
1302 ", private_key_passwd_from = " << private_key_passwd_from <<
1303 ", private_key_passwd_dir = " << private_key_passwd_dir <<
1304 ", private_key_passwd_file = " << private_key_passwd_file <<
1305 ", verify_options = " << verify_options <<
1306 ", verify_cert_depth = " << verify_cert_depth <<
1307 ", ssl_options = " << ssl_options <<
1308 ", tmp_dh_dir = " << tmp_dh_dir <<
1309 ", tmp_dh_file = " << tmp_dh_file <<
1310 ", cipher_list = " << cipher_list <<
1311 ", session_cache_mode = " << session_cache_mode <<
1312 ", session_cache_size = " << session_cache_size <<
1313 ", session_cache_timeout = " << session_cache_timeout <<
1314 ", conn_log_flag = " << conn_log_flag;
1315 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 63,
1317 "static int getParameters(std::string config_filename) : "
1318 "return value = %d : "
1319 "parameter value %s",
1323 /*------ DEBUG LOG END ------*/
1328 * Split endpoint data to host and port string.
1330 * @param[in] endpoint_str endpoint string
1331 * @param[out] host host string
1332 * @param[out] port port string
1336 static int splitEndpoint(std::string endpoint_str, std::string& host, std::string& port)
1338 /*-------- DEBUG LOG --------*/
1339 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
1340 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 64,
1342 "static int splitEndpoint"
1343 "(std::string endpoint_str, std::string& host, std::string& port) : "
1344 "endpoint_str = %s",
1345 endpoint_str.c_str());
1347 /*------ DEBUG LOG END ------*/
1351 int mark = endpoint_str.find_first_of(":");
1353 LOGGER_PUT_LOG_ERROR(LOG_CAT_SSLPROXY_COMMON, 21, "Delimitation not found.");
1357 LOGGER_PUT_LOG_ERROR(LOG_CAT_SSLPROXY_COMMON, 22, "Host string not found.");
1360 host = endpoint_str.substr(0, mark);
1361 port = endpoint_str.substr(mark + 1);
1362 /*-------- DEBUG LOG --------*/
1363 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
1364 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 65,
1366 "static int splitEndpoint"
1367 "(std::string endpoint_str, std::string& host, std::string& port) : "
1368 "set host and port string");
1370 /*------ DEBUG LOG END ------*/
1371 if (port.length() <= 0) {
1372 LOGGER_PUT_LOG_ERROR(LOG_CAT_SSLPROXY_COMMON, 23, "Port string not found.");
1376 /*-------- DEBUG LOG --------*/
1377 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
1378 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 66,
1380 "static int splitEndpoint"
1381 "(std::string endpoint_str, std::string& host, std::string& port) : "
1382 "Catch exception e = %d.",
1385 /*------ DEBUG LOG END ------*/
1389 /*-------- DEBUG LOG --------*/
1390 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
1391 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 67,
1393 "static int splitEndpoint"
1394 "(std::string endpoint_str, std::string& host, std::string& port) : "
1395 "return value ret = %d : "
1402 /*------ DEBUG LOG END ------*/
1407 * exit signal handler
1409 * @param[in] sig signal
1412 static void sig_exit_handler(int sig)
1414 /*-------- DEBUG LOG --------*/
1415 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
1416 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 68,
1417 "in_function : static void sig_exit_handler(int sig) "
1421 /*------ DEBUG LOG END ------*/
1424 if (sig == SIGTERM) {
1425 LOGGER_PUT_LOG_INFO(LOG_CAT_SSLPROXY_COMMON, 1, "SIGTERM received.");
1426 retexit = EXIT_SUCCESS;
1428 LOGGER_PUT_LOG_ERROR(LOG_CAT_SSLPROXY_COMMON, 24, "Signal received. signal=%d.", sig);
1429 retexit = EXIT_FAILURE;
1435 /*-------- DEBUG LOG --------*/
1436 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
1437 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 69,
1438 "out_function : static void sig_exit_handler(int sig) : "
1442 /*------ DEBUG LOG END ------*/
1447 * setup signal handler
1449 * @param[in] sig signal
1450 * @param[in] handler signal handler
1454 static int set_sighandler(int sig, void (*handler)(int))
1456 /*-------- DEBUG LOG --------*/
1457 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
1458 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 70,
1459 "in_function : static int set_sighandler(int sig, void (*handler)(int)) "
1464 /*------ DEBUG LOG END ------*/
1466 struct sigaction act;
1469 /*-------- DEBUG LOG --------*/
1470 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
1471 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 71,
1472 "sigaction : sig = %d : act = NULL",
1475 /*------ DEBUG LOG END ------*/
1476 ret = sigaction(sig, NULL, &act);
1478 LOGGER_PUT_LOG_ERROR(LOG_CAT_SSLPROXY_COMMON, 25, "sigaction on signal %d failed", sig);
1479 /*-------- DEBUG LOG --------*/
1480 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
1481 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 72,
1482 "out_function : static int set_sighandler(int sig, void (*handler)(int)) "
1483 "return_value : %d",
1486 /*------ DEBUG LOG END ------*/
1489 act.sa_flags &= ~SA_RESETHAND;
1490 act.sa_handler = handler;
1492 /*-------- DEBUG LOG --------*/
1493 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
1494 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 73,
1495 "sigaction : sig=%d: act.sa_flags=%d, act.sa_handler=%p",
1496 sig, act.sa_flags, act.sa_handler);
1498 /*------ DEBUG LOG END ------*/
1499 ret = sigaction(sig, &act, NULL);
1501 LOGGER_PUT_LOG_ERROR(LOG_CAT_SSLPROXY_COMMON, 26, "sigaction on signal %d failed", sig);
1502 /*-------- DEBUG LOG --------*/
1503 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
1504 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 74,
1505 "out_function : static int set_sighandler(int sig, void (*handler)(int)) "
1506 "return_value : %d",
1509 /*------ DEBUG LOG END ------*/
1513 /*-------- DEBUG LOG --------*/
1514 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
1515 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 75,
1516 "out_function : static int set_sighandler(int sig, void (*handler)(int)) "
1517 "return_value : 0");
1519 /*------ DEBUG LOG END ------*/
1524 * setup all signal handlers
1530 static int set_sighandlers(void)
1532 /*-------- DEBUG LOG --------*/
1533 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
1534 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 76,
1535 "in_function : static int set_sighandlers(void) ");
1537 /*------ DEBUG LOG END ------*/
1540 #define SET_SIGHANDLER(sig, handler) \
1542 ret = set_sighandler((sig), (handler)); \
1544 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) { \
1545 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 77, \
1546 "out_function : static int set_sighandlers(void) " \
1547 "return_value : %d", \
1554 SET_SIGHANDLER(SIGHUP, sig_exit_handler);
1555 SET_SIGHANDLER(SIGINT, sig_exit_handler);
1556 SET_SIGHANDLER(SIGQUIT, sig_exit_handler);
1557 SET_SIGHANDLER(SIGTERM, sig_exit_handler);
1558 SET_SIGHANDLER(SIGUSR1, SIG_IGN);
1559 SET_SIGHANDLER(SIGUSR2, SIG_IGN);
1560 SET_SIGHANDLER(SIGALRM, SIG_IGN);
1561 SET_SIGHANDLER(SIGCHLD, SIG_IGN);
1563 #undef SET_SIGHANDLER
1565 /*-------- DEBUG LOG --------*/
1566 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
1567 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 78,
1568 "out_function : static int set_sighandlers(void) "
1569 "return_value : 0");
1571 /*------ DEBUG LOG END ------*/
1579 static void usage(void)
1581 /*-------- DEBUG LOG --------*/
1582 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
1583 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 79,
1584 "in_function : static void usage(void)");
1586 /*------ DEBUG LOG END ------*/
1588 std::cerr << "Usage : " << "sslproxy <target_id> <config_filename>" << std::endl;
1589 std::cerr << "Example : " << "sslproxy target_1 /etc/l7vs/sslproxy/sslproxy.target_1.cf" << std::endl;
1591 /*-------- DEBUG LOG --------*/
1592 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
1593 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 80,
1594 "out_function : static void usage(void) "
1595 "return_value = void");
1597 /*------ DEBUG LOG END ------*/
1601 * SSLproxy main function.
1603 * @param[in] argc number of argument
1604 * @param[in] *argv[] array of argument string
1606 void sslproxy_main(int argc, char* argv[])
1608 /*-------- DEBUG LOG --------*/
1609 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
1610 std::ostringstream oss;
1611 oss << "argc = " << argc;
1612 for (int i = 0; i < argc; i++) {
1613 oss << ", arg[" << i << "] = " << argv[i];
1615 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 81,
1616 "in_function : void sslproxy_main(int argc, char* argv[]) : "
1620 /*------ DEBUG LOG END ------*/
1622 int result = EXIT_SUCCESS;
1624 std::string function_str = "";
1627 // Set max file open num
1629 if (getrlimit( RLIMIT_NOFILE, &lim ) == 0) {
1630 if (lim.rlim_cur < DEFAULT_MAX_FILE_NUM) {
1631 lim.rlim_cur = DEFAULT_MAX_FILE_NUM;
1633 if (lim.rlim_max < DEFAULT_MAX_FILE_NUM) {
1634 lim.rlim_max = DEFAULT_MAX_FILE_NUM;
1636 if (setrlimit( RLIMIT_NOFILE, &lim ) != 0) {
1637 std::cerr << "Set max file open num error." << std::endl;
1641 std::cerr << "Get max file open num error." << std::endl;
1647 LOGGER_PUT_LOG_ERROR(LOG_CAT_SSLPROXY_COMMON, 27, "Argument argc is illegal.");
1648 std::cerr << "Argument argc is illegal." << std::endl;
1653 // Check argument 1. (target_id)
1654 if (strlen(argv[1]) > MAX_TARGET_ID_SIZE) {
1655 LOGGER_PUT_LOG_ERROR(LOG_CAT_SSLPROXY_COMMON, 28, "Target_id is too long.");
1656 std::cerr << "Target_id is too long." << std::endl;
1659 target_id = argv[1];
1661 // Check argument 2. (config file)
1662 if (argv[2][0] != '/') {
1663 LOGGER_PUT_LOG_ERROR(LOG_CAT_SSLPROXY_COMMON, 29,
1664 "Need specify config file in full path. %s", target_id.c_str());
1665 std::cerr << "Need specify config file in full path. " << target_id << std::endl;
1669 if ((fp = fopen(argv[2], "r")) == NULL) {
1670 LOGGER_PUT_LOG_ERROR(LOG_CAT_SSLPROXY_COMMON, 30,
1671 "Config file cannot open. %s", target_id.c_str());
1672 std::cerr << "Config file cannot open. " << target_id << std::endl;
1676 std::string config_filename = argv[2];
1678 /*-------- DEBUG LOG --------*/
1679 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
1680 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 82,
1681 "function : void sslproxy_main(int argc, char* argv[]) : "
1682 "Argument check END. "
1684 "config_filename = %s",
1686 config_filename.c_str());
1688 /*------ DEBUG LOG END ------*/
1690 // Get config parameters.
1691 if (getParameters(config_filename) == -1) {
1692 LOGGER_PUT_LOG_ERROR(LOG_CAT_SSLPROXY_COMMON, 31,
1693 "Get parameter error. %s", target_id.c_str());
1694 std::cerr << "Get parameter error. " << target_id << std::endl;
1698 /*-------- DEBUG LOG --------*/
1699 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
1700 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 83,
1701 "function : void sslproxy_main(int argc, char* argv[]) : "
1702 "Get parameter END.");
1704 /*------ DEBUG LOG END ------*/
1706 // Set signal handlers.
1707 if (set_sighandlers() < 0) {
1708 LOGGER_PUT_LOG_ERROR(LOG_CAT_SSLPROXY_COMMON, 32,
1709 "Set signal handler error. %s", target_id.c_str());
1710 std::cerr << "Set signal handler error. " << target_id << std::endl;
1714 /*-------- DEBUG LOG --------*/
1715 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
1716 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 84,
1717 "function : void sslproxy_main(int argc, char* argv[]) : "
1720 /*------ DEBUG LOG END ------*/
1722 // Check target endpoint id duplication.
1723 // Read all sslproxy process and target id is extracted.
1724 if ((fp = popen(TARGET_ID_CHECK_STRING, "r")) == NULL) {
1725 LOGGER_PUT_LOG_ERROR(LOG_CAT_SSLPROXY_COMMON, 33,
1726 "popen error. %s", target_id.c_str());
1727 std::cerr << "popen error. " << target_id << std::endl;
1730 char key[MAX_TARGET_ID_SIZE], buf[MAX_TARGET_ID_SIZE];
1732 while (fgets(buf, MAX_TARGET_ID_SIZE, fp) != NULL) {
1733 /*-------- DEBUG LOG --------*/
1734 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
1735 std::string buf_str = buf;
1736 buf_str.erase(buf_str.size() - 1, 1);
1737 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 85,
1738 "function : void sslproxy_main(int argc, char* argv[]) : "
1739 "Target id of executing process = %s.",
1742 /*------ DEBUG LOG END ------*/
1743 sprintf(key, "%s\n", target_id.c_str());
1744 if (strcmp(key, buf) == 0) {
1745 /*-------- DEBUG LOG --------*/
1746 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
1747 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 86,
1748 "function : void sslproxy_main(int argc, char* argv[]) : "
1749 "Same target id found.");
1751 /*------ DEBUG LOG END ------*/
1752 // Count same target id process.
1755 // Duplication error when the one the same besides oneself exists.
1756 if (match_cnt > 1) {
1757 LOGGER_PUT_LOG_ERROR(LOG_CAT_SSLPROXY_COMMON, 34,
1758 "sslproxy process is already exist. %s", target_id.c_str());
1759 std::cerr << "sslproxy process is already exist. " << target_id << std::endl;
1766 /*-------- DEBUG LOG --------*/
1767 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
1768 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 87,
1769 "function : void sslproxy_main(int argc, char* argv[]) : "
1770 "Check target id END.");
1772 /*------ DEBUG LOG END ------*/
1774 // SSLproxy server initialize and setting.
1775 // IO event dispatcher class.
1776 boost::asio::io_service ioservice;
1780 function_str = "resolver()";
1781 boost::asio::ip::tcp::resolver resolver(ioservice);
1783 std::string hoststr;
1784 std::string portstr;
1786 // Target endpoint -> hoststr:portstr
1787 if (splitEndpoint(target_endpoint, hoststr, portstr) == -1) {
1788 LOGGER_PUT_LOG_ERROR(LOG_CAT_SSLPROXY_COMMON, 35,
1789 "Invalid target_endpoint. [%s]", target_id.c_str());
1790 std::cerr << "Invalid target_endpoint. [" << target_id << "]" << std::endl;
1794 // query class for target.
1796 function_str = "target_query()";
1797 boost::asio::ip::tcp::resolver::query target_query(boost::asio::ip::tcp::v4(), hoststr, portstr);
1799 // query result for target. (iterator)
1801 function_str = "Target resolver.resolve()";
1802 boost::asio::ip::tcp::resolver::iterator target_itr = resolver.resolve(target_query);
1804 // query result for target. (endpoint_type)
1805 boost::asio::ip::tcp::resolver::endpoint_type target_entry = *target_itr;
1806 /*-------- DEBUG LOG --------*/
1807 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
1808 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 88,
1809 "function : void sslproxy_main(int argc, char* argv[]) : "
1810 "Check target_endpoint END. "
1812 target_entry.address().to_string().c_str(),
1813 target_entry.port());
1815 /*------ DEBUG LOG END ------*/
1817 // Recv endpoint -> hoststr:portstr
1818 if (splitEndpoint(recv_endpoint, hoststr, portstr) == -1) {
1819 LOGGER_PUT_LOG_ERROR(LOG_CAT_SSLPROXY_COMMON, 36,
1820 "Invalid recv_endpoint. [%s]", target_id.c_str());
1821 std::cerr << "Invalid recv_endpoint. [" << target_id << "]" << std::endl;
1825 // query class for recv.
1827 function_str = "recv_query()";
1828 boost::asio::ip::tcp::resolver::query recv_query(boost::asio::ip::tcp::v4(), hoststr, portstr);
1830 // query result for recv. (iterator)
1832 function_str = "Recv resolver.resolve()";
1833 boost::asio::ip::tcp::resolver::iterator recv_itr = resolver.resolve(recv_query);
1835 // query result for recv. (endpoint_type)
1836 boost::asio::ip::tcp::resolver::endpoint_type recv_entry = *recv_itr;
1837 /*-------- DEBUG LOG --------*/
1838 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
1839 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 89,
1840 "function : void sslproxy_main(int argc, char* argv[]) : "
1841 "Check recv_endpoint END. "
1843 recv_entry.address().to_string().c_str(),
1846 /*------ DEBUG LOG END ------*/
1848 // Create sslproxy_server and create SSLcontext.
1850 function_str = "Create sslproxy_server";
1851 sslproxy_server server(ioservice, target_itr, recv_entry);
1853 /*-------- DEBUG LOG --------*/
1854 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
1855 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 90,
1856 "function : void sslproxy_main(int argc, char* argv[]) : "
1857 "Create sslproxy_server END.");
1859 /*------ DEBUG LOG END ------*/
1862 if (daemon(1, 1) < 0) {
1863 LOGGER_PUT_LOG_ERROR(LOG_CAT_SSLPROXY_COMMON, 37,
1864 "Start daemon() error. [%s]",
1866 std::cerr << "Start daemon() error. [" << target_id << "]" << std::endl;
1869 /*-------- DEBUG LOG --------*/
1870 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
1871 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 91,
1872 "function : void sslproxy_main(int argc, char* argv[]) : "
1873 "Start daemon END.");
1875 /*------ DEBUG LOG END ------*/
1877 // Create threads for IO event dispatcher.
1878 // Threadgroup class. (thread pool)
1879 boost::thread_group threadgroup;
1881 // Create num_thread threads.
1883 function_str = "create_thread()";
1884 for (int i = 0; i < num_thread; ++i) {
1885 threadgroup.create_thread(boost::bind(&boost::asio::io_service::run, &ioservice));
1886 /*-------- DEBUG LOG --------*/
1887 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
1888 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 92,
1889 "function : void sslproxy_main(int argc, char* argv[]) : "
1890 "Thread %d create.",
1893 /*------ DEBUG LOG END ------*/
1896 /*-------- DEBUG LOG --------*/
1897 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
1898 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 93,
1899 "function : void sslproxy_main(int argc, char* argv[]) : "
1900 "Create threads END.");
1902 /*------ DEBUG LOG END ------*/
1904 LOGGER_PUT_LOG_INFO(LOG_CAT_SSLPROXY_COMMON, 2,
1905 "SSLproxy process start success. %s",
1908 // Wait for threads finish.
1910 function_str = "join_all()";
1911 threadgroup.join_all();
1913 /*-------- DEBUG LOG --------*/
1914 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
1915 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 94,
1916 "function : void sslproxy_main(int argc, char* argv[]) : "
1919 /*------ DEBUG LOG END ------*/
1921 } catch (std::exception& e) {
1922 std::cerr << function_str << " error : " << e.what() << "." << std::endl;
1923 LOGGER_PUT_LOG_ERROR(LOG_CAT_SSLPROXY_COMMON, log_msg_id,
1924 "%s error : %s.", function_str.c_str(), e.what());
1925 result = EXIT_FAILURE;
1927 /*-------- DEBUG LOG --------*/
1928 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
1929 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 95,
1930 "function : void sslproxy_main(int argc, char* argv[]) : "
1931 "Catch int exception. %d",
1934 /*------ DEBUG LOG END ------*/
1937 std::cout << "Unknown exception." << std::endl;
1938 LOGGER_PUT_LOG_ERROR(LOG_CAT_SSLPROXY_COMMON, 38, "Unknown exception.");
1939 result = EXIT_FAILURE;
1945 /*-------- DEBUG LOG --------*/
1946 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
1947 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 96,
1948 "out_function : void sslproxy_main(int argc, char* argv[]) : "
1949 "return value = %d.",
1952 /*------ DEBUG LOG END ------*/