[Libreoffice-commits] online.git: Branch 'distro/collabora/collabora-online-2-1' - wsd/Storage.cpp

Tue May 2 12:53:58 UTC 2017

wsd/Storage.cpp |   26 ++++++++++++++++++++++++++
 1 file changed, 26 insertions(+)

New commits:
commit 9e621dce1c9a47b5ebb4c4946d1f037551c47167
Author: Michael Meeks <michael.meeks at collabora.com>
Date:   Thu Apr 27 18:47:35 2017 +0100

    Initialize Poco's SSL-ness; the WOPI Storage code still uses it.
    
    Change-Id: I4c4ee7847159abb3de2656244ddec27b3d282f45
    Reviewed-on: https://gerrit.libreoffice.org/37039
    Reviewed-by: Ashod Nakashian <ashnakash at gmail.com>
    Tested-by: Ashod Nakashian <ashnakash at gmail.com>
    Reviewed-by: Jan Holesovsky <kendy at collabora.com>

diff --git a/wsd/Storage.cpp b/wsd/Storage.cpp
index a125c1d7..f0f525eb 100644
--- a/wsd/Storage.cpp
+++ b/wsd/Storage.cpp
@@ -31,6 +31,12 @@
 #include <Poco/StreamCopier.h>
 #include <Poco/Timestamp.h>
 
+// For residual Poco SSL usage.
+#include <Poco/Net/Context.h>
+#include <Poco/Net/SSLManager.h>
+#include <Poco/Net/AcceptCertificateHandler.h>
+#include <Poco/Net/KeyConsoleHandler.h>
+
 #include "Auth.hpp"
 #include "Common.hpp"
 #include "Exceptions.hpp"
@@ -98,6 +104,24 @@ void StorageBase::initialize()
             }
         }
     }
+
+#if ENABLE_SSL
+    // FIXME: should use our own SSL socket implementation here.
+    Poco::Crypto::initializeCrypto();
+    Poco::Net::initializeSSL();
+
+    // Init client
+    Poco::Net::Context::Params sslClientParams;
+
+    // TODO: Be more strict and setup SSL key/certs for remove server and us
+    sslClientParams.verificationMode = Poco::Net::Context::VERIFY_NONE;
+
+    Poco::SharedPtr<Poco::Net::PrivateKeyPassphraseHandler> consoleClientHandler = new Poco::Net::KeyConsoleHandler(false);
+    Poco::SharedPtr<Poco::Net::InvalidCertificateHandler> invalidClientCertHandler = new Poco::Net::AcceptCertificateHandler(false);
+
+    Poco::Net::Context::Ptr sslClientContext = new Poco::Net::Context(Poco::Net::Context::CLIENT_USE, sslClientParams);
+    Poco::Net::SSLManager::instance().initializeClient(consoleClientHandler, invalidClientCertHandler, sslClientContext);
+#endif
 }
 
 bool isLocalhost(const std::string& targetHost)
@@ -283,6 +307,8 @@ namespace {
 inline
 Poco::Net::HTTPClientSession* getHTTPClientSession(const Poco::URI& uri)
 {
+    // FIXME: if we're configured for http - we can still use an https:// wopi
+    // host surely; of course - the converse is not true / sensible.
     return (LOOLWSD::isSSLEnabled() || LOOLWSD::isSSLTermination())
         ? new Poco::Net::HTTPSClientSession(uri.getHost(), uri.getPort(),
                                             Poco::Net::SSLManager::instance().defaultClientContext())
