2 * @file sslproxymain.cpp
3 * @brief the main module of SSLproxy
4 * @brief SSLproxy module is terminal as for the SSL communication,
5 * @brief and it operates as reverse Proxy.
7 * Copyright (C) 2008 NTT COMWARE Corporation.
9 * This program is free software; you can redistribute it and/or
10 * modify it under the terms of the GNU Lesser General Public
11 * License as published by the Free Software Foundation; either
12 * version 2.1 of the License, or (at your option) any later version.
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
17 * Lesser General Public License for more details.
19 * You should have received a copy of the GNU Lesser General Public
20 * License along with this library; if not, write to the Free Software
21 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
24 **********************************************************************
26 * Distributed under the Boost Software Licence, Version 1.0
27 * http://www.boost.org/LICENSE_1_0.txt
29 **********************************************************************/
32 #include <sys/resource.h>
34 #include "sslproxyserver.h"
38 //! Prototype of functions.
39 static int convVerifyOption(std::string opt_string);
40 static long int convSslOption(std::string opt_string);
41 static int getParameters(std::string config_filename);
42 static int splitEndpoint(std::string endpoint_str, std::string& host, std::string& port);
43 static void sig_exit_handler(int sig);
44 static int set_sighandler(int sig, void (*handler)(int));
45 static int set_sighandlers(void);
46 static void usage(void);
49 std::string target_id;
51 //! SSLproxy parameters.
52 std::string recv_endpoint;
53 std::string target_endpoint;
58 std::string cert_chain_dir;
59 std::string cert_chain_file;
60 std::string private_key_dir;
61 std::string private_key_file;
62 boost::asio::ssl::context::file_format private_key_filetype;
63 std::string private_key_passwd_from;
64 std::string private_key_passwd_dir;
65 std::string private_key_passwd_file;
67 int verify_cert_depth;
70 std::string tmp_dh_dir;
71 std::string tmp_dh_file;
72 std::string cipher_list;
73 long session_cache_mode;
74 long session_cache_size;
75 long session_cache_timeout;
76 std::string conn_log_flag;
79 * Convert verify option string to intger(#define).
81 * @param[in] opt_string option string
82 * @retval ret option value
85 static int convVerifyOption(std::string opt_string)
87 /*-------- DEBUG LOG --------*/
88 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
89 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 1,
90 "in_function : static int convVerifyOption(std::string opt_string) : "
94 /*------ DEBUG LOG END ------*/
98 * /usr/include/openssl/ssl.h
99 * #define SSL_VERIFY_NONE 0x00
100 * #define SSL_VERIFY_PEER 0x01
101 * #define SSL_VERIFY_FAIL_IF_NO_PEER_CERT 0x02
102 * #define SSL_VERIFY_CLIENT_ONCE 0x04
104 if (opt_string == "SSL_VERIFY_NONE") {
105 /*-------- DEBUG LOG --------*/
106 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
107 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 2,
108 "function : static int convVerifyOption(std::string opt_string) : "
111 /*------ DEBUG LOG END ------*/
112 ret = SSL_VERIFY_NONE;
114 if (opt_string == "SSL_VERIFY_PEER") {
115 /*-------- DEBUG LOG --------*/
116 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
117 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 3,
118 "function : static int convVerifyOption(std::string opt_string) : "
121 /*------ DEBUG LOG END ------*/
122 ret = SSL_VERIFY_PEER;
124 if (opt_string == "SSL_VERIFY_FAIL_IF_NO_PEER_CERT") {
125 /*-------- DEBUG LOG --------*/
126 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
127 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 4,
128 "function : static int convVerifyOption(std::string opt_string) : "
129 "SSL_VERIFY_FAIL_IF_NO_PEER_CERT");
131 /*------ DEBUG LOG END ------*/
132 ret = SSL_VERIFY_FAIL_IF_NO_PEER_CERT;
134 if (opt_string == "SSL_VERIFY_CLIENT_ONCE") {
135 /*-------- DEBUG LOG --------*/
136 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
137 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 5,
138 "function : static int convVerifyOption(std::string opt_string) : "
139 "SSL_VERIFY_CLIENT_ONCE");
141 /*------ DEBUG LOG END ------*/
142 ret = SSL_VERIFY_CLIENT_ONCE;
145 /*-------- DEBUG LOG --------*/
146 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
147 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 6,
148 "out_function : static int convVerifyOption(std::string opt_string) : "
152 /*------ DEBUG LOG END ------*/
153 // if ret == -1 then No match.
158 * Convert SSL option string to intger(#define).
160 * @param[in] opt_string option string
161 * @retval ret option value
162 * @retval -1 no match
164 static long int convSslOption(std::string opt_string)
166 /*-------- DEBUG LOG --------*/
167 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
168 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 7,
169 "in_function : static long int convSslOption(std::string opt_string) : "
173 /*------ DEBUG LOG END ------*/
177 * /usr/include/openssl/ssl.h
178 * #define SSL_OP_MICROSOFT_SESS_ID_BUG 0x00000001L
179 * #define SSL_OP_NETSCAPE_CHALLENGE_BUG 0x00000002L
180 * #define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG 0x00000008L
181 * #define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG 0x00000010L
182 * #define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER 0x00000020L
183 * #define SSL_OP_MSIE_SSLV2_RSA_PADDING 0x00000040L
184 * #define SSL_OP_SSLEAY_080_CLIENT_DH_BUG 0x00000080L
185 * #define SSL_OP_TLS_D5_BUG 0x00000100L
186 * #define SSL_OP_TLS_BLOCK_PADDING_BUG 0x00000200L
187 * #define SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS 0x00000800L
188 * #define SSL_OP_ALL 0x00000FF7L
189 * #define SSL_OP_NO_QUERY_MTU 0x00001000L
190 * #define SSL_OP_COOKIE_EXCHANGE 0x00002000L
191 * #define SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION 0x00010000L
192 * #define SSL_OP_SINGLE_ECDH_USE 0x00080000L
193 * #define SSL_OP_SINGLE_DH_USE 0x00100000L
194 * #define SSL_OP_EPHEMERAL_RSA 0x00200000L
195 * #define SSL_OP_CIPHER_SERVER_PREFERENCE 0x00400000L
196 * #define SSL_OP_TLS_ROLLBACK_BUG 0x00800000L
197 * #define SSL_OP_NO_SSLv2 0x01000000L
198 * #define SSL_OP_NO_SSLv3 0x02000000L
199 * #define SSL_OP_NO_TLSv1 0x04000000L
200 * #define SSL_OP_PKCS1_CHECK_1 0x08000000L
201 * #define SSL_OP_PKCS1_CHECK_2 0x10000000L
202 * #define SSL_OP_NETSCAPE_CA_DN_BUG 0x20000000L
203 * #define SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG 0x40000000L
205 if (opt_string == "SSL_OP_MICROSOFT_SESS_ID_BUG") {
206 /*-------- DEBUG LOG --------*/
207 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
208 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 8,
209 "function : static int convSslOption(std::string opt_string) : "
210 "SSL_OP_MICROSOFT_SESS_ID_BUG");
212 /*------ DEBUG LOG END ------*/
213 ret = SSL_OP_MICROSOFT_SESS_ID_BUG;
215 if (opt_string == "SSL_OP_NETSCAPE_CHALLENGE_BUG") {
216 /*-------- DEBUG LOG --------*/
217 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
218 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 9,
219 "function : static int convSslOption(std::string opt_string) : "
220 "SSL_OP_NETSCAPE_CHALLENGE_BUG");
222 /*------ DEBUG LOG END ------*/
223 ret = SSL_OP_NETSCAPE_CHALLENGE_BUG;
225 if (opt_string == "SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG") {
226 /*-------- DEBUG LOG --------*/
227 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
228 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 10,
229 "function : static int convSslOption(std::string opt_string) : "
230 "SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG");
232 /*------ DEBUG LOG END ------*/
233 ret = SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG;
235 if (opt_string == "SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG") {
236 /*-------- DEBUG LOG --------*/
237 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
238 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 11,
239 "function : static int convSslOption(std::string opt_string) : "
240 "SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG");
242 /*------ DEBUG LOG END ------*/
243 ret = SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG;
245 if (opt_string == "SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER") {
246 /*-------- DEBUG LOG --------*/
247 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
248 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 12,
249 "function : static int convSslOption(std::string opt_string) : "
250 "SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER");
252 /*------ DEBUG LOG END ------*/
253 ret = SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER;
255 if (opt_string == "SSL_OP_MSIE_SSLV2_RSA_PADDING") {
256 /*-------- DEBUG LOG --------*/
257 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
258 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 13,
259 "function : static int convSslOption(std::string opt_string) : "
260 "SSL_OP_MSIE_SSLV2_RSA_PADDING");
262 /*------ DEBUG LOG END ------*/
263 ret = SSL_OP_MSIE_SSLV2_RSA_PADDING;
265 if (opt_string == "SSL_OP_SSLEAY_080_CLIENT_DH_BUG") {
266 /*-------- DEBUG LOG --------*/
267 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
268 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 14,
269 "function : static int convSslOption(std::string opt_string) : "
270 "SSL_OP_SSLEAY_080_CLIENT_DH_BUG");
272 /*------ DEBUG LOG END ------*/
273 ret = SSL_OP_SSLEAY_080_CLIENT_DH_BUG;
275 if (opt_string == "SSL_OP_TLS_D5_BUG") {
276 /*-------- DEBUG LOG --------*/
277 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
278 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 15,
279 "function : static int convSslOption(std::string opt_string) : "
280 "SSL_OP_TLS_D5_BUG");
282 /*------ DEBUG LOG END ------*/
283 ret = SSL_OP_TLS_D5_BUG;
285 if (opt_string == "SSL_OP_TLS_BLOCK_PADDING_BUG") {
286 /*-------- DEBUG LOG --------*/
287 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
288 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 16,
289 "function : static int convSslOption(std::string opt_string) : "
290 "SSL_OP_TLS_BLOCK_PADDING_BUG");
292 /*------ DEBUG LOG END ------*/
293 ret = SSL_OP_TLS_BLOCK_PADDING_BUG;
295 if (opt_string == "SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS") {
296 /*-------- DEBUG LOG --------*/
297 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
298 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 17,
299 "function : static int convSslOption(std::string opt_string) : "
300 "SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS");
302 /*------ DEBUG LOG END ------*/
303 ret = SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS;
305 if (opt_string == "SSL_OP_ALL") {
306 /*-------- DEBUG LOG --------*/
307 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
308 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 18,
309 "function : static int convSslOption(std::string opt_string) : "
312 /*------ DEBUG LOG END ------*/
313 // boost::asio::ssl::context::default_workarounds
316 if (opt_string == "SSL_OP_NO_QUERY_MTU") {
317 /*-------- DEBUG LOG --------*/
318 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
319 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 19,
320 "function : static int convSslOption(std::string opt_string) : "
321 "SSL_OP_NO_QUERY_MTU");
323 /*------ DEBUG LOG END ------*/
324 ret = SSL_OP_NO_QUERY_MTU;
326 if (opt_string == "SSL_OP_COOKIE_EXCHANGE") {
327 /*-------- DEBUG LOG --------*/
328 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
329 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 20,
330 "function : static int convSslOption(std::string opt_string) : "
331 "SSL_OP_COOKIE_EXCHANGE");
333 /*------ DEBUG LOG END ------*/
334 ret = SSL_OP_COOKIE_EXCHANGE;
336 if (opt_string == "SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION") {
337 /*-------- DEBUG LOG --------*/
338 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
339 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 21,
340 "function : static int convSslOption(std::string opt_string) : "
341 "SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION");
343 /*------ DEBUG LOG END ------*/
344 ret = SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION;
346 if (opt_string == "SSL_OP_SINGLE_ECDH_USE") {
347 /*-------- DEBUG LOG --------*/
348 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
349 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 22,
350 "function : static int convSslOption(std::string opt_string) : "
351 "SSL_OP_SINGLE_ECDH_USE");
353 /*------ DEBUG LOG END ------*/
354 ret = SSL_OP_SINGLE_ECDH_USE;
356 if (opt_string == "SSL_OP_SINGLE_DH_USE") {
357 /*-------- DEBUG LOG --------*/
358 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
359 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 23,
360 "function : static int convSslOption(std::string opt_string) : "
361 "SSL_OP_SINGLE_DH_USE");
363 /*------ DEBUG LOG END ------*/
364 // boost::asio::ssl::context::single_dh_use
365 ret = SSL_OP_SINGLE_DH_USE;
367 if (opt_string == "SSL_OP_EPHEMERAL_RSA") {
368 /*-------- DEBUG LOG --------*/
369 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
370 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 24,
371 "function : static int convSslOption(std::string opt_string) : "
372 "SSL_OP_EPHEMERAL_RSA");
374 /*------ DEBUG LOG END ------*/
375 ret = SSL_OP_EPHEMERAL_RSA;
377 if (opt_string == "SSL_OP_CIPHER_SERVER_PREFERENCE") {
378 /*-------- DEBUG LOG --------*/
379 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
380 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 25,
381 "function : static int convSslOption(std::string opt_string) : "
382 "SSL_OP_CIPHER_SERVER_PREFERENCE");
384 /*------ DEBUG LOG END ------*/
385 ret = SSL_OP_CIPHER_SERVER_PREFERENCE;
387 if (opt_string == "SSL_OP_TLS_ROLLBACK_BUG") {
388 /*-------- DEBUG LOG --------*/
389 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
390 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 26,
391 "function : static int convSslOption(std::string opt_string) : "
392 "SSL_OP_TLS_ROLLBACK_BUG");
394 /*------ DEBUG LOG END ------*/
395 ret = SSL_OP_TLS_ROLLBACK_BUG;
397 if (opt_string == "SSL_OP_NO_SSLv2") {
398 /*-------- DEBUG LOG --------*/
399 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
400 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 27,
401 "function : static int convSslOption(std::string opt_string) : "
404 /*------ DEBUG LOG END ------*/
405 // boost::asio::ssl::context::no_sslv2
406 ret = SSL_OP_NO_SSLv2;
408 if (opt_string == "SSL_OP_NO_SSLv3") {
409 /*-------- DEBUG LOG --------*/
410 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
411 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 28,
412 "function : static int convSslOption(std::string opt_string) : "
415 /*------ DEBUG LOG END ------*/
416 // boost::asio::ssl::context::no_sslv3
417 ret = SSL_OP_NO_SSLv3;
419 if (opt_string == "SSL_OP_NO_TLSv1") {
420 /*-------- DEBUG LOG --------*/
421 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
422 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 29,
423 "function : static int convSslOption(std::string opt_string) : "
426 /*------ DEBUG LOG END ------*/
427 // boost::asio::ssl::context::no_tlsv1
428 ret = SSL_OP_NO_TLSv1;
430 if (opt_string == "SSL_OP_PKCS1_CHECK_1") {
431 /*-------- DEBUG LOG --------*/
432 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
433 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 30,
434 "function : static int convSslOption(std::string opt_string) : "
435 "SSL_OP_PKCS1_CHECK_1");
437 /*------ DEBUG LOG END ------*/
438 ret = SSL_OP_PKCS1_CHECK_1;
440 if (opt_string == "SSL_OP_PKCS1_CHECK_2") {
441 /*-------- DEBUG LOG --------*/
442 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
443 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 31,
444 "function : static int convSslOption(std::string opt_string) : "
445 "SSL_OP_PKCS1_CHECK_2");
447 /*------ DEBUG LOG END ------*/
448 ret = SSL_OP_PKCS1_CHECK_2;
450 if (opt_string == "SSL_OP_NETSCAPE_CA_DN_BUG") {
451 /*-------- DEBUG LOG --------*/
452 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
453 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 32,
454 "function : static int convSslOption(std::string opt_string) : "
455 "SSL_OP_NETSCAPE_CA_DN_BUG");
457 /*------ DEBUG LOG END ------*/
458 ret = SSL_OP_NETSCAPE_CA_DN_BUG;
460 if (opt_string == "SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG") {
461 /*-------- DEBUG LOG --------*/
462 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
463 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 33,
464 "function : static int convSslOption(std::string opt_string) : "
465 "SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG");
467 /*------ DEBUG LOG END ------*/
468 ret = SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG;
471 /*-------- DEBUG LOG --------*/
472 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
473 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 34,
474 "out_function : static long int convSslOption(std::string opt_string) : "
475 "return_value = %ld",
478 /*------ DEBUG LOG END ------*/
479 // if ret == -1 then No match.
484 * Get SSLproxy parameter from parameter file.
486 * @param[in] config_filename config filename string
490 static int getParameters(std::string config_filename)
492 /*-------- DEBUG LOG --------*/
493 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
494 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 35,
495 "in_function : static int getParameters(std::string config_filename) : "
496 "config_filename = %s",
497 config_filename.c_str());
499 /*------ DEBUG LOG END ------*/
504 // Read configuration file.
505 if (parameter_reread_file(PARAM_COMP_ALL, config_filename) == -1) {
506 LOGGER_PUT_LOG_ERROR(LOG_CAT_SSLPROXY_COMMON, 1,
507 "Config file read error.");
511 // Get parameter "recv_endpoint".
512 if (Parameter::getInstance().isStringExist(PARAM_COMP_SSLPROXY, "recv_endpoint")) {
513 recv_endpoint = Parameter::getInstance().getStringValue(PARAM_COMP_SSLPROXY,
515 /*-------- DEBUG LOG --------*/
516 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
517 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 36,
518 "function : static int getParameters("
519 "std::string config_filename) : "
520 "get recv_endpoint OK.");
522 /*------ DEBUG LOG END ------*/
524 LOGGER_PUT_LOG_ERROR(LOG_CAT_SSLPROXY_COMMON, 2,
525 "Cannot get recv_endpoint parameter.");
529 // Get parameter "target_endpoint".
530 if (Parameter::getInstance().isStringExist(PARAM_COMP_SSLPROXY, "target_endpoint")) {
531 target_endpoint = Parameter::getInstance().getStringValue(PARAM_COMP_SSLPROXY,
533 /*-------- DEBUG LOG --------*/
534 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
535 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 37,
536 "function : static int getParameters("
537 "std::string config_filename) : "
538 "get target_endpoint OK.");
540 /*------ DEBUG LOG END ------*/
542 LOGGER_PUT_LOG_ERROR(LOG_CAT_SSLPROXY_COMMON, 3,
543 "Cannot get target_endpoint parameter.");
547 // Get parameter "num_thread".
548 if (Parameter::getInstance().isIntExist(PARAM_COMP_SSLPROXY, "num_thread")) {
549 num_thread = Parameter::getInstance().getIntValue(PARAM_COMP_SSLPROXY,
551 /*-------- DEBUG LOG --------*/
552 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
553 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 38,
554 "function : static int getParameters("
555 "std::string config_filename) : "
556 "get num_thread OK.");
558 /*------ DEBUG LOG END ------*/
559 if (num_thread <= 0 || num_thread > INT_MAX) {
560 LOGGER_PUT_LOG_ERROR(LOG_CAT_SSLPROXY_COMMON, 4,
561 "Invalid num_thread parameter value.");
565 LOGGER_PUT_LOG_WARN(LOG_CAT_SSLPROXY_COMMON, 1,
566 "num_thread parameter not found. "
567 "Use default value.");
568 num_thread = DEFAULT_NUM_THREAD;
571 // Get parameter "timeout_sec".
572 if (Parameter::getInstance().isIntExist(PARAM_COMP_SSLPROXY, "timeout_sec")) {
573 timeout_sec = Parameter::getInstance().getIntValue(PARAM_COMP_SSLPROXY,
575 /*-------- DEBUG LOG --------*/
576 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
577 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 39,
578 "function : static int getParameters("
579 "std::string config_filename) : "
580 "get timeout_sec OK.");
582 /*------ DEBUG LOG END ------*/
583 if (timeout_sec <= 0 || timeout_sec > INT_MAX) {
584 LOGGER_PUT_LOG_ERROR(LOG_CAT_SSLPROXY_COMMON, 5,
585 "Invalid timeout_sec parameter value.");
589 LOGGER_PUT_LOG_WARN(LOG_CAT_SSLPROXY_COMMON, 2,
590 "timeout_sec parameter not found. "
591 "Use default value.");
592 timeout_sec = DEFAULT_TIMEOUT_SEC;
595 // Get parameter "ca_dir".
596 if (Parameter::getInstance().isStringExist(PARAM_COMP_SSLPROXY, "ca_dir")) {
597 ca_dir = Parameter::getInstance().getStringValue(PARAM_COMP_SSLPROXY,
599 /*-------- DEBUG LOG --------*/
600 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
601 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 40,
602 "function : static int getParameters("
603 "std::string config_filename) : "
606 /*------ DEBUG LOG END ------*/
608 LOGGER_PUT_LOG_WARN(LOG_CAT_SSLPROXY_COMMON, 3,
609 "ca_dir parameter is nothing. "
610 "Use default value.");
611 ca_dir = DEFAULT_CA_DIR;
614 LOGGER_PUT_LOG_WARN(LOG_CAT_SSLPROXY_COMMON, 4,
615 "ca_dir parameter not found. "
616 "Use default value.");
617 ca_dir = DEFAULT_CA_DIR;
620 // Get parameter "ca_file".
621 if (Parameter::getInstance().isStringExist(PARAM_COMP_SSLPROXY, "ca_file")) {
622 ca_file = Parameter::getInstance().getStringValue(PARAM_COMP_SSLPROXY,
624 /*-------- DEBUG LOG --------*/
625 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
626 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 41,
627 "function : static int getParameters("
628 "std::string config_filename) : "
631 /*------ DEBUG LOG END ------*/
633 LOGGER_PUT_LOG_ERROR(LOG_CAT_SSLPROXY_COMMON, 6,
634 "Cannot get ca_file parameter.");
638 // Get parameter "cert_chain_dir".
639 if (Parameter::getInstance().isStringExist(PARAM_COMP_SSLPROXY, "cert_chain_dir")) {
640 cert_chain_dir = Parameter::getInstance().getStringValue(PARAM_COMP_SSLPROXY,
642 /*-------- DEBUG LOG --------*/
643 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
644 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 42,
645 "function : static int getParameters("
646 "std::string config_filename) : "
647 "get cert_chain_dir OK.");
649 /*------ DEBUG LOG END ------*/
650 if (cert_chain_dir == "") {
651 LOGGER_PUT_LOG_WARN(LOG_CAT_SSLPROXY_COMMON, 5,
652 "cert_chain_dir parameter is nothing. "
653 "Use default value.");
654 cert_chain_dir = DEFAULT_CERT_CHAIN_DIR;
657 LOGGER_PUT_LOG_WARN(LOG_CAT_SSLPROXY_COMMON, 6,
658 "cert_chain_dir parameter not found. "
659 "Use default value.");
660 cert_chain_dir = DEFAULT_CERT_CHAIN_DIR;
663 // Get parameter "cert_chain_file".
664 if (Parameter::getInstance().isStringExist(PARAM_COMP_SSLPROXY, "cert_chain_file")) {
665 cert_chain_file = Parameter::getInstance().getStringValue(PARAM_COMP_SSLPROXY,
667 /*-------- DEBUG LOG --------*/
668 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
669 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 43,
670 "function : static int getParameters("
671 "std::string config_filename) : "
672 "get cert_chain_file OK.");
674 /*------ DEBUG LOG END ------*/
675 if (cert_chain_file == "") {
676 LOGGER_PUT_LOG_ERROR(LOG_CAT_SSLPROXY_COMMON, 7,
677 "cert_chain_file parameter is nothing.");
681 LOGGER_PUT_LOG_ERROR(LOG_CAT_SSLPROXY_COMMON, 8,
682 "Cannot get cert_chain_file parameter.");
686 // Get parameter "private_key_dir".
687 if (Parameter::getInstance().isStringExist(PARAM_COMP_SSLPROXY, "private_key_dir")) {
688 private_key_dir = Parameter::getInstance().getStringValue(PARAM_COMP_SSLPROXY,
690 /*-------- DEBUG LOG --------*/
691 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
692 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 44,
693 "function : static int getParameters("
694 "std::string config_filename) : "
695 "get private_key_dir OK.");
697 /*------ DEBUG LOG END ------*/
698 if (private_key_dir == "") {
699 LOGGER_PUT_LOG_WARN(LOG_CAT_SSLPROXY_COMMON, 7,
700 "private_key_dir parameter is nothing. "
701 "Use default value.");
702 private_key_dir = DEFAULT_PRIVATE_KEY_DIR;
705 LOGGER_PUT_LOG_WARN(LOG_CAT_SSLPROXY_COMMON, 8,
706 "private_key_dir parameter not found. Use default value.");
707 private_key_dir = DEFAULT_PRIVATE_KEY_DIR;
710 // Get parameter "private_key_file".
711 if (Parameter::getInstance().isStringExist(PARAM_COMP_SSLPROXY, "private_key_file")) {
712 private_key_file = Parameter::getInstance().getStringValue(PARAM_COMP_SSLPROXY,
714 /*-------- DEBUG LOG --------*/
715 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
716 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 45,
717 "function : static int getParameters("
718 "std::string config_filename) : "
719 "get private_key_file OK.");
721 /*------ DEBUG LOG END ------*/
722 if (private_key_file == "") {
723 LOGGER_PUT_LOG_ERROR(LOG_CAT_SSLPROXY_COMMON, 9,
724 "private_key_file parameter is nothing.");
728 LOGGER_PUT_LOG_ERROR(LOG_CAT_SSLPROXY_COMMON, 10,
729 "Cannot get private_key_file parameter.");
733 // Get parameter "private_key_filetype".
734 // Convert string to enum.
735 if (Parameter::getInstance().isStringExist(PARAM_COMP_SSLPROXY, "private_key_filetype")) {
736 std::string private_key_filetype_string =
737 Parameter::getInstance().getStringValue(PARAM_COMP_SSLPROXY,
738 "private_key_filetype");
739 /*-------- DEBUG LOG --------*/
740 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
741 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 46,
742 "function : static int getParameters("
743 "std::string config_filename) : "
744 "get private_key_filetype_string OK.");
746 /*------ DEBUG LOG END ------*/
748 * /usr/include/openssl/ssl.h
749 * #define SSL_FILETYPE_PEM X509_FILETYPE_PEM ->1
750 * #define SSL_FILETYPE_ASN1 X509_FILETYPE_ASN1 ->2
752 if (private_key_filetype_string == "SSL_FILETYPE_PEM") {
753 /*-------- DEBUG LOG --------*/
754 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
755 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 47,
756 "function : static int getParameters("
757 "std::string config_filename) : "
758 "set SSL_FILETYPE_PEM.");
760 /*------ DEBUG LOG END ------*/
761 private_key_filetype = boost::asio::ssl::context::pem;
762 } else if (private_key_filetype_string == "SSL_FILETYPE_ASN1") {
763 /*-------- DEBUG LOG --------*/
764 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
765 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 48,
766 "function : static int getParameters("
767 "std::string config_filename) : "
768 "set SSL_FILETYPE_ASN1.");
770 /*------ DEBUG LOG END ------*/
771 private_key_filetype = boost::asio::ssl::context::asn1;
773 LOGGER_PUT_LOG_ERROR(LOG_CAT_SSLPROXY_COMMON, 11,
774 "private_key_filetype convert error. [%s]",
775 private_key_filetype_string.c_str());
779 LOGGER_PUT_LOG_WARN(LOG_CAT_SSLPROXY_COMMON, 9,
780 "private_key_filetype parameter not found. "
781 "Use default value.");
782 private_key_filetype = DEFAULT_PRIVATE_KEY_FILETYPE;
785 // Get parameter "private_key_passwd_from".
786 if (Parameter::getInstance().isStringExist(PARAM_COMP_SSLPROXY, "private_key_passwd_from")) {
787 private_key_passwd_from =
788 Parameter::getInstance().getStringValue(PARAM_COMP_SSLPROXY,
789 "private_key_passwd_from");
790 /*-------- DEBUG LOG --------*/
791 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
792 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 49,
793 "function : static int getParameters("
794 "std::string config_filename) : "
795 "get private_key_passwd_from OK.");
797 /*------ DEBUG LOG END ------*/
798 if (private_key_passwd_from == "") {
799 LOGGER_PUT_LOG_WARN(LOG_CAT_SSLPROXY_COMMON, 10,
800 "private_key_passwd_from parameter is nothing. "
801 "Use default value.");
802 private_key_passwd_from = DEFAULT_PRIVATE_KEY_PASSWD_FROM;
803 } else if (private_key_passwd_from != "console" &&
804 private_key_passwd_from != "file") {
805 LOGGER_PUT_LOG_ERROR(LOG_CAT_SSLPROXY_COMMON, 12,
806 "Invalid private_key_passwd_from parameter value.");
810 LOGGER_PUT_LOG_WARN(LOG_CAT_SSLPROXY_COMMON, 11,
811 "private_key_passwd_from parameter not found. "
812 "Use default value.");
813 private_key_passwd_from = DEFAULT_PRIVATE_KEY_PASSWD_FROM;
816 if (private_key_passwd_from == "file") {
817 // Get parameter "private_key_passwd_dir".
818 if (Parameter::getInstance().isStringExist(PARAM_COMP_SSLPROXY, "private_key_passwd_dir")) {
819 private_key_passwd_dir =
820 Parameter::getInstance().getStringValue(PARAM_COMP_SSLPROXY,
821 "private_key_passwd_dir");
822 /*-------- DEBUG LOG --------*/
823 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
824 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 50,
825 "function : static int getParameters("
826 "std::string config_filename) : "
827 "get private_key_passwd_dir OK.");
829 /*------ DEBUG LOG END ------*/
830 if (private_key_passwd_dir == "") {
831 LOGGER_PUT_LOG_WARN(LOG_CAT_SSLPROXY_COMMON, 12,
832 "private_key_passwd_dir parameter is nothing. "
833 "Use default value.");
834 private_key_passwd_dir = DEFAULT_PRIVATE_KEY_DIR;
837 LOGGER_PUT_LOG_WARN(LOG_CAT_SSLPROXY_COMMON, 13,
838 "private_key_passwd_dir parameter not found. "
839 "Use default value.");
840 private_key_passwd_dir = DEFAULT_PRIVATE_KEY_PASSWD_DIR;
843 // Get parameter "private_key_passwd_file".
844 if (Parameter::getInstance().isStringExist(PARAM_COMP_SSLPROXY, "private_key_passwd_file")) {
845 private_key_passwd_file =
846 Parameter::getInstance().getStringValue(PARAM_COMP_SSLPROXY,
847 "private_key_passwd_file");
848 /*-------- DEBUG LOG --------*/
849 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
850 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 51,
851 "function : static int getParameters("
852 "std::string config_filename) : "
853 "get private_key_passwd_file OK.");
855 /*------ DEBUG LOG END ------*/
856 if (private_key_passwd_file == "") {
857 LOGGER_PUT_LOG_ERROR(LOG_CAT_SSLPROXY_COMMON, 13,
858 "private_key_passwd_file parameter is nothing.");
862 LOGGER_PUT_LOG_ERROR(LOG_CAT_SSLPROXY_COMMON, 14,
863 "Cannot get private_key_passwd_file parameter.");
868 // Get parameter "verify_options".
869 // Get map data and Convert string to integer and Make bit data.
870 if (Parameter::getInstance().isStringExist(PARAM_COMP_SSLPROXY, "verify_options")) {
871 std::multimap<std::string, std::string> vopMap;
872 Parameter::getInstance().getStringMapValue(PARAM_COMP_SSLPROXY,
875 if (vopMap.size() != 0) {
876 /*-------- DEBUG LOG --------*/
877 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
878 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 52,
879 "function : static int getParameters("
880 "std::string config_filename) : "
881 "get verify_options map OK.");
883 /*------ DEBUG LOG END ------*/
884 for(std::multimap<std::string, std::string>::iterator stritr = vopMap.begin();
885 stritr != vopMap.end();
887 /*-------- DEBUG LOG --------*/
888 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
889 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 53,
891 "static int getParameters(std::string config_filename) : "
892 "verify option map key = %s, value = %s",
893 (stritr->first).c_str(),
894 (stritr->second).c_str());
896 /*------ DEBUG LOG END ------*/
897 int retvop = convVerifyOption(stritr->second);
899 LOGGER_PUT_LOG_ERROR(LOG_CAT_SSLPROXY_COMMON, 15,
900 "verify_options convert error. [%s]",
901 stritr->second.c_str());
904 verify_options = (verify_options | retvop);
907 LOGGER_PUT_LOG_WARN(LOG_CAT_SSLPROXY_COMMON, 14,
908 "verify_options parameter is nothing. "
909 "Use default value.");
910 verify_options = DEFAULT_VERIFY_OPTIONS;
913 LOGGER_PUT_LOG_WARN(LOG_CAT_SSLPROXY_COMMON, 15,
914 "verify_options parameter not found. "
915 "Use default value.");
916 verify_options = DEFAULT_VERIFY_OPTIONS;
919 // Get parameter "verify_cert_depth".
920 if (Parameter::getInstance().isIntExist(PARAM_COMP_SSLPROXY, "verify_cert_depth")) {
921 verify_cert_depth = Parameter::getInstance().getIntValue(PARAM_COMP_SSLPROXY,
922 "verify_cert_depth");
923 /*-------- DEBUG LOG --------*/
924 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
925 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 54,
926 "function : static int getParameters("
927 "std::string config_filename) : "
928 "get verify_cert_depth OK.");
930 /*------ DEBUG LOG END ------*/
931 if (verify_cert_depth < 0 || verify_cert_depth > INT_MAX) {
932 LOGGER_PUT_LOG_ERROR(LOG_CAT_SSLPROXY_COMMON, 16,
933 "Invalid verify_cert_depth parameter value.");
937 LOGGER_PUT_LOG_WARN(LOG_CAT_SSLPROXY_COMMON, 16,
938 "verify_cert_depth parameter not found. "
939 "Use default value.");
940 verify_cert_depth = DEFAULT_VERIFY_CERT_DEPTH;
943 // Get parameter "ssl_options".
944 // Get map data and Convert string to integer and Make bit data.
945 // and Check dh parameter file use or not.
947 if (Parameter::getInstance().isStringExist(PARAM_COMP_SSLPROXY, "ssl_options")) {
948 std::multimap<std::string, std::string> sopMap;
949 Parameter::getInstance().getStringMapValue(PARAM_COMP_SSLPROXY,
952 if (sopMap.size() != 0) {
953 /*-------- DEBUG LOG --------*/
954 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
955 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 55,
956 "function : static int getParameters("
957 "std::string config_filename) : "
958 "get ssl_options map OK.");
960 /*------ DEBUG LOG END ------*/
961 for(std::multimap<std::string, std::string>::iterator stritr = sopMap.begin();
962 stritr != sopMap.end();
964 /*-------- DEBUG LOG --------*/
965 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
966 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 56,
968 "static int getParameters(std::string config_filename) : "
969 "SSL option map key = %s, value = %s",
970 (stritr->first).c_str(),
971 (stritr->second).c_str());
973 /*------ DEBUG LOG END ------*/
974 long int retsop = convSslOption(stritr->second);
976 LOGGER_PUT_LOG_ERROR(LOG_CAT_SSLPROXY_COMMON, 17,
977 "ssl_options convert error. [%s]",
978 stritr->second.c_str());
981 if (retsop == SSL_OP_SINGLE_DH_USE) {
982 /*-------- DEBUG LOG --------*/
983 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
984 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 57,
986 "static int getParameters(std::string config_filename) : "
987 "tmp_dh_use is true.");
989 /*------ DEBUG LOG END ------*/
992 ssl_options = (ssl_options | retsop);
995 LOGGER_PUT_LOG_WARN(LOG_CAT_SSLPROXY_COMMON, 17,
996 "ssl_options parameter is nothing. "
997 "Use default value.");
998 ssl_options = DEFAULT_SSL_OPTIONS;
1002 LOGGER_PUT_LOG_WARN(LOG_CAT_SSLPROXY_COMMON, 18,
1003 "ssl_options parameter not found. "
1004 "Use default value.");
1005 ssl_options = DEFAULT_SSL_OPTIONS;
1009 if (tmp_dh_use == true) {
1010 // Get parameter "tmp_dh_dir".
1011 if (Parameter::getInstance().isStringExist(PARAM_COMP_SSLPROXY, "tmp_dh_dir")) {
1012 tmp_dh_dir = Parameter::getInstance().getStringValue(PARAM_COMP_SSLPROXY,
1014 /*-------- DEBUG LOG --------*/
1015 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
1016 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 58,
1017 "function : static int getParameters("
1018 "std::string config_filename) : "
1019 "get tmp_dh_dir OK.");
1021 /*------ DEBUG LOG END ------*/
1022 if (tmp_dh_dir == "") {
1023 LOGGER_PUT_LOG_WARN(LOG_CAT_SSLPROXY_COMMON, 19,
1024 "tmp_dh_dir parameter is nothing. "
1025 "Use default value.");
1026 tmp_dh_dir = DEFAULT_TMP_DH_DIR;
1029 LOGGER_PUT_LOG_WARN(LOG_CAT_SSLPROXY_COMMON, 20,
1030 "tmp_dh_dir parameter not found. "
1031 "Use default value.");
1032 tmp_dh_dir = DEFAULT_TMP_DH_DIR;
1035 // Get parameter "tmp_dh_file".
1036 if (Parameter::getInstance().isStringExist(PARAM_COMP_SSLPROXY, "tmp_dh_file")) {
1037 tmp_dh_file = Parameter::getInstance().getStringValue(PARAM_COMP_SSLPROXY,
1039 /*-------- DEBUG LOG --------*/
1040 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
1041 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 59,
1042 "function : static int getParameters("
1043 "std::string config_filename) : "
1044 "get tmp_dh_file OK.");
1046 /*------ DEBUG LOG END ------*/
1047 if (tmp_dh_file == "") {
1048 LOGGER_PUT_LOG_ERROR(LOG_CAT_SSLPROXY_COMMON, 18,
1049 "tmp_dh_file parameter is nothing.");
1053 LOGGER_PUT_LOG_ERROR(LOG_CAT_SSLPROXY_COMMON, 19,
1054 "Cannot get tmp_dh_file parameter.");
1059 // Get parameter "cipher_list".
1060 if (Parameter::getInstance().isStringExist(PARAM_COMP_SSLPROXY, "cipher_list")) {
1061 cipher_list = Parameter::getInstance().getStringValue(PARAM_COMP_SSLPROXY,
1063 /*-------- DEBUG LOG --------*/
1064 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
1065 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 60,
1066 "function : static int getParameters("
1067 "std::string config_filename) : "
1068 "get cipher_list OK.");
1070 /*------ DEBUG LOG END ------*/
1071 if (cipher_list == "") {
1072 LOGGER_PUT_LOG_WARN(LOG_CAT_SSLPROXY_COMMON, 21,
1073 "cipher_list parameter is nothing. "
1074 "Use default value.");
1075 cipher_list = DEFAULT_CIPHER_LIST;
1078 LOGGER_PUT_LOG_WARN(LOG_CAT_SSLPROXY_COMMON, 22,
1079 "cipher_list parameter not found. "
1080 "Use default value.");
1081 cipher_list = DEFAULT_CIPHER_LIST;
1084 // Get parameter "session_cache".
1085 if (Parameter::getInstance().isStringExist(PARAM_COMP_SSLPROXY, "session_cache")) {
1086 std::string session_cache = Parameter::getInstance().getStringValue(PARAM_COMP_SSLPROXY,
1088 /*-------- DEBUG LOG --------*/
1089 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
1090 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 97,
1091 "function : static int getParameters("
1092 "std::string config_filename) : "
1093 "get session_cache OK.");
1095 /*------ DEBUG LOG END ------*/
1096 if (session_cache == "") {
1097 LOGGER_PUT_LOG_WARN(LOG_CAT_SSLPROXY_COMMON, 25,
1098 "session_cache parameter is nothing. "
1099 "Use default value.");
1100 session_cache_mode = DEFAULT_SESSION_CACHE_MODE;
1101 } else if (session_cache == "on") {
1102 session_cache_mode = SSL_SESS_CACHE_SERVER;
1103 } else if (session_cache == "off") {
1104 session_cache_mode = SSL_SESS_CACHE_OFF;
1106 LOGGER_PUT_LOG_ERROR(LOG_CAT_SSLPROXY_COMMON, 47,
1107 "Invalid session_cache parameter value.");
1111 LOGGER_PUT_LOG_WARN(LOG_CAT_SSLPROXY_COMMON, 26,
1112 "session_cache parameter not found. "
1113 "Use default value.");
1114 session_cache_mode = DEFAULT_SESSION_CACHE_MODE;
1117 // Get parameter "session_cache_size".
1118 if (Parameter::getInstance().isIntExist(PARAM_COMP_SSLPROXY, "session_cache_size")) {
1119 session_cache_size = Parameter::getInstance().getIntValue(PARAM_COMP_SSLPROXY,
1120 "session_cache_size");
1121 /*-------- DEBUG LOG --------*/
1122 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
1123 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 98,
1124 "function : static int getParameters("
1125 "std::string config_filename) : "
1126 "get session_cache_size OK.");
1128 /*------ DEBUG LOG END ------*/
1129 if (session_cache_size < 0 || session_cache_size > LONG_MAX) {
1130 LOGGER_PUT_LOG_ERROR(LOG_CAT_SSLPROXY_COMMON, 48,
1131 "Invalid session_cache_size parameter value.");
1135 LOGGER_PUT_LOG_WARN(LOG_CAT_SSLPROXY_COMMON, 27,
1136 "session_cache_size parameter not found. "
1137 "Use default value.");
1138 session_cache_size = DEFAULT_SESSION_CACHE_SIZE;
1141 // Get parameter "session_cache_timeout".
1142 if (Parameter::getInstance().isIntExist(PARAM_COMP_SSLPROXY, "session_cache_timeout")) {
1143 session_cache_timeout = Parameter::getInstance().getIntValue(PARAM_COMP_SSLPROXY,
1144 "session_cache_timeout");
1145 /*-------- DEBUG LOG --------*/
1146 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
1147 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 99,
1148 "function : static int getParameters("
1149 "std::string config_filename) : "
1150 "get session_cache_timeout OK.");
1152 /*------ DEBUG LOG END ------*/
1153 if (session_cache_timeout < 0 || session_cache_timeout > LONG_MAX) {
1154 LOGGER_PUT_LOG_ERROR(LOG_CAT_SSLPROXY_COMMON, 49,
1155 "Invalid session_cache_timeout parameter value.");
1159 LOGGER_PUT_LOG_WARN(LOG_CAT_SSLPROXY_COMMON, 28,
1160 "session_cache_timeout parameter not found. "
1161 "Use default value.");
1162 session_cache_timeout = DEFAULT_SESSION_CACHE_TIMEOUT;
1165 // Get parameter "conn_log_flag".
1166 if (Parameter::getInstance().isStringExist(PARAM_COMP_LOGGER, "conn_log_flag")) {
1167 conn_log_flag = Parameter::getInstance().getStringValue(PARAM_COMP_LOGGER,
1169 /*-------- DEBUG LOG --------*/
1170 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
1171 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 61,
1172 "function : static int getParameters("
1173 "std::string config_filename) : "
1174 "get conn_log_flag OK.");
1176 /*------ DEBUG LOG END ------*/
1177 if (conn_log_flag == "") {
1178 LOGGER_PUT_LOG_WARN(LOG_CAT_SSLPROXY_COMMON, 23,
1179 "conn_log_flag parameter is nothing. "
1180 "Use default value.");
1181 conn_log_flag = DEFAULT_CONN_LOG_FLAG;
1182 } else if (conn_log_flag != "on" && conn_log_flag != "off") {
1183 LOGGER_PUT_LOG_ERROR(LOG_CAT_SSLPROXY_COMMON, 20,
1184 "Invalid conn_log_flag parameter value.");
1188 LOGGER_PUT_LOG_WARN(LOG_CAT_SSLPROXY_COMMON, 24,
1189 "conn_log_flag parameter not found. "
1190 "Use default value.");
1191 conn_log_flag = DEFAULT_CONN_LOG_FLAG;
1194 /*-------- DEBUG LOG --------*/
1195 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
1196 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 62,
1198 "static int getParameters(std::string config_filename) : "
1199 "Catch exception e = %d.",
1202 /*------ DEBUG LOG END ------*/
1205 /*-------- DEBUG LOG --------*/
1206 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
1207 std::ostringstream oss;
1209 " recv_endpoint = " << recv_endpoint <<
1210 ", target_endpoint = " << target_endpoint <<
1211 ", num_thread = " << num_thread <<
1212 ", timout_sec = " << timeout_sec <<
1213 ", ca_dir = " << ca_dir <<
1214 ", ca_file = " << ca_file <<
1215 ", cert_chain_dir = " << cert_chain_dir <<
1216 ", cert_chain_file = " << cert_chain_file <<
1217 ", private_key_dir = " << private_key_dir <<
1218 ", private_key_file = " << private_key_file <<
1219 ", private_key_filetype = " << private_key_filetype <<
1220 ", private_key_passwd_from = " << private_key_passwd_from <<
1221 ", private_key_passwd_dir = " << private_key_passwd_dir <<
1222 ", private_key_passwd_file = " << private_key_passwd_file <<
1223 ", verify_options = " << verify_options <<
1224 ", verify_cert_depth = " << verify_cert_depth <<
1225 ", ssl_options = " << ssl_options <<
1226 ", tmp_dh_dir = " << tmp_dh_dir <<
1227 ", tmp_dh_file = " << tmp_dh_file <<
1228 ", cipher_list = " << cipher_list <<
1229 ", session_cache_mode = " << session_cache_mode <<
1230 ", session_cache_size = " << session_cache_size <<
1231 ", session_cache_timeout = " << session_cache_timeout <<
1232 ", conn_log_flag = " << conn_log_flag;
1233 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 63,
1235 "static int getParameters(std::string config_filename) : "
1236 "return value = %d : "
1237 "parameter value %s",
1241 /*------ DEBUG LOG END ------*/
1246 * Split endpoint data to host and port string.
1248 * @param[in] endpoint_str endpoint string
1249 * @param[out] host host string
1250 * @param[out] port port string
1254 static int splitEndpoint(std::string endpoint_str, std::string& host, std::string& port)
1256 /*-------- DEBUG LOG --------*/
1257 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
1258 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 64,
1260 "static int splitEndpoint"
1261 "(std::string endpoint_str, std::string& host, std::string& port) : "
1262 "endpoint_str = %s",
1263 endpoint_str.c_str());
1265 /*------ DEBUG LOG END ------*/
1269 int mark = endpoint_str.find_first_of(":");
1271 LOGGER_PUT_LOG_ERROR(LOG_CAT_SSLPROXY_COMMON, 21, "Delimitation not found.");
1275 LOGGER_PUT_LOG_ERROR(LOG_CAT_SSLPROXY_COMMON, 22, "Host string not found.");
1278 host = endpoint_str.substr(0, mark);
1279 port = endpoint_str.substr(mark + 1);
1280 /*-------- DEBUG LOG --------*/
1281 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
1282 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 65,
1284 "static int splitEndpoint"
1285 "(std::string endpoint_str, std::string& host, std::string& port) : "
1286 "set host and port string");
1288 /*------ DEBUG LOG END ------*/
1289 if (port.length() <= 0) {
1290 LOGGER_PUT_LOG_ERROR(LOG_CAT_SSLPROXY_COMMON, 23, "Port string not found.");
1294 /*-------- DEBUG LOG --------*/
1295 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
1296 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 66,
1298 "static int splitEndpoint"
1299 "(std::string endpoint_str, std::string& host, std::string& port) : "
1300 "Catch exception e = %d.",
1303 /*------ DEBUG LOG END ------*/
1307 /*-------- DEBUG LOG --------*/
1308 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
1309 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 67,
1311 "static int splitEndpoint"
1312 "(std::string endpoint_str, std::string& host, std::string& port) : "
1313 "return value ret = %d : "
1320 /*------ DEBUG LOG END ------*/
1325 * exit signal handler
1327 * @param[in] sig signal
1330 static void sig_exit_handler(int sig)
1332 /*-------- DEBUG LOG --------*/
1333 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
1334 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 68,
1335 "in_function : static void sig_exit_handler(int sig) "
1339 /*------ DEBUG LOG END ------*/
1342 if (sig == SIGTERM) {
1343 LOGGER_PUT_LOG_INFO(LOG_CAT_SSLPROXY_COMMON, 1, "SIGTERM received.");
1344 retexit = EXIT_SUCCESS;
1346 LOGGER_PUT_LOG_ERROR(LOG_CAT_SSLPROXY_COMMON, 24, "Signal received. signal=%d.", sig);
1347 retexit = EXIT_FAILURE;
1353 /*-------- DEBUG LOG --------*/
1354 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
1355 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 69,
1356 "out_function : static void sig_exit_handler(int sig) : "
1360 /*------ DEBUG LOG END ------*/
1365 * setup signal handler
1367 * @param[in] sig signal
1368 * @param[in] handler signal handler
1372 static int set_sighandler(int sig, void (*handler)(int))
1374 /*-------- DEBUG LOG --------*/
1375 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
1376 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 70,
1377 "in_function : static int set_sighandler(int sig, void (*handler)(int)) "
1382 /*------ DEBUG LOG END ------*/
1384 struct sigaction act;
1387 /*-------- DEBUG LOG --------*/
1388 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
1389 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 71,
1390 "sigaction : sig = %d : act = NULL",
1393 /*------ DEBUG LOG END ------*/
1394 ret = sigaction(sig, NULL, &act);
1396 LOGGER_PUT_LOG_ERROR(LOG_CAT_SSLPROXY_COMMON, 25, "sigaction on signal %d failed", sig);
1397 /*-------- DEBUG LOG --------*/
1398 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
1399 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 72,
1400 "out_function : static int set_sighandler(int sig, void (*handler)(int)) "
1401 "return_value : %d",
1404 /*------ DEBUG LOG END ------*/
1407 act.sa_flags &= ~SA_RESETHAND;
1408 act.sa_handler = handler;
1410 /*-------- DEBUG LOG --------*/
1411 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
1412 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 73,
1413 "sigaction : sig=%d: act.sa_flags=%d, act.sa_handler=%p",
1414 sig, act.sa_flags, act.sa_handler);
1416 /*------ DEBUG LOG END ------*/
1417 ret = sigaction(sig, &act, NULL);
1419 LOGGER_PUT_LOG_ERROR(LOG_CAT_SSLPROXY_COMMON, 26, "sigaction on signal %d failed", sig);
1420 /*-------- DEBUG LOG --------*/
1421 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
1422 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 74,
1423 "out_function : static int set_sighandler(int sig, void (*handler)(int)) "
1424 "return_value : %d",
1427 /*------ DEBUG LOG END ------*/
1431 /*-------- DEBUG LOG --------*/
1432 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
1433 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 75,
1434 "out_function : static int set_sighandler(int sig, void (*handler)(int)) "
1435 "return_value : 0");
1437 /*------ DEBUG LOG END ------*/
1442 * setup all signal handlers
1448 static int set_sighandlers(void)
1450 /*-------- DEBUG LOG --------*/
1451 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
1452 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 76,
1453 "in_function : static int set_sighandlers(void) ");
1455 /*------ DEBUG LOG END ------*/
1458 #define SET_SIGHANDLER(sig, handler) \
1460 ret = set_sighandler((sig), (handler)); \
1462 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) { \
1463 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 77, \
1464 "out_function : static int set_sighandlers(void) " \
1465 "return_value : %d", \
1472 SET_SIGHANDLER(SIGHUP, sig_exit_handler);
1473 SET_SIGHANDLER(SIGINT, sig_exit_handler);
1474 SET_SIGHANDLER(SIGQUIT, sig_exit_handler);
1475 SET_SIGHANDLER(SIGTERM, sig_exit_handler);
1476 SET_SIGHANDLER(SIGUSR1, SIG_IGN);
1477 SET_SIGHANDLER(SIGUSR2, SIG_IGN);
1478 SET_SIGHANDLER(SIGALRM, SIG_IGN);
1479 SET_SIGHANDLER(SIGCHLD, SIG_IGN);
1481 #undef SET_SIGHANDLER
1483 /*-------- DEBUG LOG --------*/
1484 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
1485 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 78,
1486 "out_function : static int set_sighandlers(void) "
1487 "return_value : 0");
1489 /*------ DEBUG LOG END ------*/
1497 static void usage(void)
1499 /*-------- DEBUG LOG --------*/
1500 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
1501 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 79,
1502 "in_function : static void usage(void)");
1504 /*------ DEBUG LOG END ------*/
1506 std::cerr << "Usage : " << "sslproxy <target_id> <config_filename>" << std::endl;
1507 std::cerr << "Example : " << "sslproxy target_1 /etc/l7vs/sslproxy/sslproxy.target_1.cf" << std::endl;
1509 /*-------- DEBUG LOG --------*/
1510 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
1511 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 80,
1512 "out_function : static void usage(void) "
1513 "return_value = void");
1515 /*------ DEBUG LOG END ------*/
1519 * SSLproxy main function.
1521 * @param[in] argc number of argument
1522 * @param[in] *argv[] array of argument string
1524 void sslproxy_main(int argc, char* argv[])
1526 /*-------- DEBUG LOG --------*/
1527 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
1528 std::ostringstream oss;
1529 oss << "argc = " << argc;
1530 for (int i = 0; i < argc; i++) {
1531 oss << ", arg[" << i << "] = " << argv[i];
1533 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 81,
1534 "in_function : void sslproxy_main(int argc, char* argv[]) : "
1538 /*------ DEBUG LOG END ------*/
1540 int result = EXIT_SUCCESS;
1542 std::string function_str = "";
1545 // Set max file open num
1547 if (getrlimit( RLIMIT_NOFILE, &lim ) == 0) {
1548 if (lim.rlim_cur < DEFAULT_MAX_FILE_NUM) {
1549 lim.rlim_cur = DEFAULT_MAX_FILE_NUM;
1551 if (lim.rlim_max < DEFAULT_MAX_FILE_NUM) {
1552 lim.rlim_max = DEFAULT_MAX_FILE_NUM;
1554 if (setrlimit( RLIMIT_NOFILE, &lim ) != 0) {
1555 std::cerr << "Set max file open num error." << std::endl;
1559 std::cerr << "Get max file open num error." << std::endl;
1565 LOGGER_PUT_LOG_ERROR(LOG_CAT_SSLPROXY_COMMON, 27, "Argument argc is illegal.");
1566 std::cerr << "Argument argc is illegal." << std::endl;
1571 // Check argument 1. (target_id)
1572 if (strlen(argv[1]) > MAX_TARGET_ID_SIZE) {
1573 LOGGER_PUT_LOG_ERROR(LOG_CAT_SSLPROXY_COMMON, 28, "Target_id is too long.");
1574 std::cerr << "Target_id is too long." << std::endl;
1577 target_id = argv[1];
1579 // Check argument 2. (config file)
1580 if (argv[2][0] != '/') {
1581 LOGGER_PUT_LOG_ERROR(LOG_CAT_SSLPROXY_COMMON, 29,
1582 "Need specify config file in full path. %s", target_id.c_str());
1583 std::cerr << "Need specify config file in full path. " << target_id << std::endl;
1587 if ((fp = fopen(argv[2], "r")) == NULL) {
1588 LOGGER_PUT_LOG_ERROR(LOG_CAT_SSLPROXY_COMMON, 30,
1589 "Config file cannot open. %s", target_id.c_str());
1590 std::cerr << "Config file cannot open. " << target_id << std::endl;
1594 std::string config_filename = argv[2];
1596 /*-------- DEBUG LOG --------*/
1597 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
1598 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 82,
1599 "function : void sslproxy_main(int argc, char* argv[]) : "
1600 "Argument check END. "
1602 "config_filename = %s",
1604 config_filename.c_str());
1606 /*------ DEBUG LOG END ------*/
1608 // Get config parameters.
1609 if (getParameters(config_filename) == -1) {
1610 LOGGER_PUT_LOG_ERROR(LOG_CAT_SSLPROXY_COMMON, 31,
1611 "Get parameter error. %s", target_id.c_str());
1612 std::cerr << "Get parameter error. " << target_id << std::endl;
1616 /*-------- DEBUG LOG --------*/
1617 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
1618 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 83,
1619 "function : void sslproxy_main(int argc, char* argv[]) : "
1620 "Get parameter END.");
1622 /*------ DEBUG LOG END ------*/
1624 // Set signal handlers.
1625 if (set_sighandlers() < 0) {
1626 LOGGER_PUT_LOG_ERROR(LOG_CAT_SSLPROXY_COMMON, 32,
1627 "Set signal handler error. %s", target_id.c_str());
1628 std::cerr << "Set signal handler error. " << target_id << std::endl;
1632 /*-------- DEBUG LOG --------*/
1633 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
1634 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 84,
1635 "function : void sslproxy_main(int argc, char* argv[]) : "
1638 /*------ DEBUG LOG END ------*/
1640 // Check target endpoint id duplication.
1641 // Read all sslproxy process and target id is extracted.
1642 if ((fp = popen(TARGET_ID_CHECK_STRING, "r")) == NULL) {
1643 LOGGER_PUT_LOG_ERROR(LOG_CAT_SSLPROXY_COMMON, 33,
1644 "popen error. %s", target_id.c_str());
1645 std::cerr << "popen error. " << target_id << std::endl;
1648 char key[MAX_TARGET_ID_SIZE], buf[MAX_TARGET_ID_SIZE];
1650 while (fgets(buf, MAX_TARGET_ID_SIZE, fp) != NULL) {
1651 /*-------- DEBUG LOG --------*/
1652 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
1653 std::string buf_str = buf;
1654 buf_str.erase(buf_str.size() - 1, 1);
1655 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 85,
1656 "function : void sslproxy_main(int argc, char* argv[]) : "
1657 "Target id of executing process = %s.",
1660 /*------ DEBUG LOG END ------*/
1661 sprintf(key, "%s\n", target_id.c_str());
1662 if (strcmp(key, buf) == 0) {
1663 /*-------- DEBUG LOG --------*/
1664 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
1665 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 86,
1666 "function : void sslproxy_main(int argc, char* argv[]) : "
1667 "Same target id found.");
1669 /*------ DEBUG LOG END ------*/
1670 // Count same target id process.
1673 // Duplication error when the one the same besides oneself exists.
1674 if (match_cnt > 1) {
1675 LOGGER_PUT_LOG_ERROR(LOG_CAT_SSLPROXY_COMMON, 34,
1676 "sslproxy process is already exist. %s", target_id.c_str());
1677 std::cerr << "sslproxy process is already exist. " << target_id << std::endl;
1684 /*-------- DEBUG LOG --------*/
1685 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
1686 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 87,
1687 "function : void sslproxy_main(int argc, char* argv[]) : "
1688 "Check target id END.");
1690 /*------ DEBUG LOG END ------*/
1692 // SSLproxy server initialize and setting.
1693 // IO event dispatcher class.
1694 boost::asio::io_service ioservice;
1698 function_str = "resolver()";
1699 boost::asio::ip::tcp::resolver resolver(ioservice);
1701 std::string hoststr;
1702 std::string portstr;
1704 // Target endpoint -> hoststr:portstr
1705 if (splitEndpoint(target_endpoint, hoststr, portstr) == -1) {
1706 LOGGER_PUT_LOG_ERROR(LOG_CAT_SSLPROXY_COMMON, 35,
1707 "Invalid target_endpoint. [%s]", target_id.c_str());
1708 std::cerr << "Invalid target_endpoint. [" << target_id << "]" << std::endl;
1712 // query class for target.
1714 function_str = "target_query()";
1715 boost::asio::ip::tcp::resolver::query target_query(boost::asio::ip::tcp::v4(), hoststr, portstr);
1717 // query result for target. (iterator)
1719 function_str = "Target resolver.resolve()";
1720 boost::asio::ip::tcp::resolver::iterator target_itr = resolver.resolve(target_query);
1722 // query result for target. (endpoint_type)
1723 boost::asio::ip::tcp::resolver::endpoint_type target_entry = *target_itr;
1724 /*-------- DEBUG LOG --------*/
1725 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
1726 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 88,
1727 "function : void sslproxy_main(int argc, char* argv[]) : "
1728 "Check target_endpoint END. "
1730 target_entry.address().to_string().c_str(),
1731 target_entry.port());
1733 /*------ DEBUG LOG END ------*/
1735 // Recv endpoint -> hoststr:portstr
1736 if (splitEndpoint(recv_endpoint, hoststr, portstr) == -1) {
1737 LOGGER_PUT_LOG_ERROR(LOG_CAT_SSLPROXY_COMMON, 36,
1738 "Invalid recv_endpoint. [%s]", target_id.c_str());
1739 std::cerr << "Invalid recv_endpoint. [" << target_id << "]" << std::endl;
1743 // query class for recv.
1745 function_str = "recv_query()";
1746 boost::asio::ip::tcp::resolver::query recv_query(boost::asio::ip::tcp::v4(), hoststr, portstr);
1748 // query result for recv. (iterator)
1750 function_str = "Recv resolver.resolve()";
1751 boost::asio::ip::tcp::resolver::iterator recv_itr = resolver.resolve(recv_query);
1753 // query result for recv. (endpoint_type)
1754 boost::asio::ip::tcp::resolver::endpoint_type recv_entry = *recv_itr;
1755 /*-------- DEBUG LOG --------*/
1756 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
1757 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 89,
1758 "function : void sslproxy_main(int argc, char* argv[]) : "
1759 "Check recv_endpoint END. "
1761 recv_entry.address().to_string().c_str(),
1764 /*------ DEBUG LOG END ------*/
1766 // Create sslproxy_server and create SSLcontext.
1768 function_str = "Create sslproxy_server";
1769 sslproxy_server server(ioservice, target_itr, recv_entry);
1771 /*-------- DEBUG LOG --------*/
1772 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
1773 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 90,
1774 "function : void sslproxy_main(int argc, char* argv[]) : "
1775 "Create sslproxy_server END.");
1777 /*------ DEBUG LOG END ------*/
1780 if (daemon(1, 1) < 0) {
1781 LOGGER_PUT_LOG_ERROR(LOG_CAT_SSLPROXY_COMMON, 37,
1782 "Start daemon() error. [%s]",
1784 std::cerr << "Start daemon() error. [" << target_id << "]" << std::endl;
1787 /*-------- DEBUG LOG --------*/
1788 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
1789 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 91,
1790 "function : void sslproxy_main(int argc, char* argv[]) : "
1791 "Start daemon END.");
1793 /*------ DEBUG LOG END ------*/
1795 // Create threads for IO event dispatcher.
1796 // Threadgroup class. (thread pool)
1797 boost::thread_group threadgroup;
1799 // Create num_thread threads.
1801 function_str = "create_thread()";
1802 for (int i = 0; i < num_thread; ++i) {
1803 threadgroup.create_thread(boost::bind(&boost::asio::io_service::run, &ioservice));
1804 /*-------- DEBUG LOG --------*/
1805 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
1806 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 92,
1807 "function : void sslproxy_main(int argc, char* argv[]) : "
1808 "Thread %d create.",
1811 /*------ DEBUG LOG END ------*/
1814 /*-------- DEBUG LOG --------*/
1815 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
1816 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 93,
1817 "function : void sslproxy_main(int argc, char* argv[]) : "
1818 "Create threads END.");
1820 /*------ DEBUG LOG END ------*/
1822 LOGGER_PUT_LOG_INFO(LOG_CAT_SSLPROXY_COMMON, 2,
1823 "SSLproxy process start success. %s",
1826 // Wait for threads finish.
1828 function_str = "join_all()";
1829 threadgroup.join_all();
1831 /*-------- DEBUG LOG --------*/
1832 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
1833 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 94,
1834 "function : void sslproxy_main(int argc, char* argv[]) : "
1837 /*------ DEBUG LOG END ------*/
1839 } catch (std::exception& e) {
1840 std::cerr << function_str << " error : " << e.what() << "." << std::endl;
1841 LOGGER_PUT_LOG_ERROR(LOG_CAT_SSLPROXY_COMMON, log_msg_id,
1842 "%s error : %s.", function_str.c_str(), e.what());
1843 result = EXIT_FAILURE;
1845 /*-------- DEBUG LOG --------*/
1846 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
1847 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 95,
1848 "function : void sslproxy_main(int argc, char* argv[]) : "
1849 "Catch int exception. %d",
1852 /*------ DEBUG LOG END ------*/
1855 std::cout << "Unknown exception." << std::endl;
1856 LOGGER_PUT_LOG_ERROR(LOG_CAT_SSLPROXY_COMMON, 38, "Unknown exception.");
1857 result = EXIT_FAILURE;
1863 /*-------- DEBUG LOG --------*/
1864 if (LOG_LV_DEBUG == logger_get_log_level(LOG_CAT_SSLPROXY_COMMON)) {
1865 LOGGER_PUT_LOG_DEBUG(LOG_CAT_SSLPROXY_COMMON, 96,
1866 "out_function : void sslproxy_main(int argc, char* argv[]) : "
1867 "return value = %d.",
1870 /*------ DEBUG LOG END ------*/
OSDN Git Service
