#include <IIOP_SSL_Transport.h>
Overridden Template Methods | |
| Please check the documentation in "tao/Transport.h" for more details. | |
| TAO::SSLIOP::Current_var | current_ |
| Reference to the TAO::SSLIOP::Current object. | |
| virtual int | handle_input (TAO_Resume_Handle &rh, ACE_Time_Value *max_wait_time=0) |
| Reference to the TAO::SSLIOP::Current object. | |
Public Member Functions | |
| IIOP_SSL_Transport (IIOP_SSL_Connection_Handler *handler, TAO_ORB_Core *orb_core) | |
| Constructor. | |
| ~IIOP_SSL_Transport (void) | |
| Default destructor. | |
However, this class overrides the handle_input() method to invalidate the current TSS SSL state during a standard IIOP (insecure) upcall. This prevents SSL session state from a previous SSL connection from being associated with non-SSL connections processed by this connection handler. In particular, this is very important for closing a security hole in nested upcalls. For example, an SSLIOP request is made. During that secure upcall, an insecure nested upcall is made. A naive implementation would associate the TSS SSL state from the secure upcall with the insecure upcall. This implementation closes that security hole.
| TAO_BEGIN_VERSIONED_NAMESPACE_DECL TAO::IIOP_SSL_Transport::IIOP_SSL_Transport | ( | IIOP_SSL_Connection_Handler * | handler, | |
| TAO_ORB_Core * | orb_core | |||
| ) |
Constructor.
| TAO::IIOP_SSL_Transport::~IIOP_SSL_Transport | ( | void | ) |
Default destructor.
| int TAO::IIOP_SSL_Transport::handle_input | ( | TAO_Resume_Handle & | rh, | |
| ACE_Time_Value * | max_wait_time = 0 | |||
| ) | [virtual] |
TAO::SSLIOP::Current_var TAO::IIOP_SSL_Transport::current_ [protected] |
Reference to the TAO::SSLIOP::Current object.
1.5.3