Back to index

nordugrid-arc-nox  1.1.0~rc6
GlobusWorkarounds.cpp
Go to the documentation of this file.
00001 #ifdef HAVE_CONFIG_H
00002 #include <config.h>
00003 #endif
00004 
00005 #include <iostream>
00006 
00007 #include <openssl/objects.h>
00008 #include <openssl/x509v3.h>
00009 
00010 #include <arc/Utils.h>
00011 
00012 #include "GlobusWorkarounds.h"
00013 
00014 namespace Arc {
00015 
00016   bool GlobusRecoverProxyOpenSSL(void) {
00017 #ifdef HAVE_OPENSSL_PROXY
00018     // No harm even if not needed - shall trun proxies on for code 
00019     // which was written with no proxies in mind
00020     SetEnv("OPENSSL_ALLOW_PROXY_CERTS","1");
00021 #if OPENSSL_VERSION_NUMBER > 0x0090804f
00022 #  warning *********************************************************
00023 #  warning ** Since OpenSSL 0.9.8e proxy extension is const.      **
00024 #  warning ** Hence we can not manipulate it. That means combining**
00025 #  warning ** it with Globus Toolkit libraries may cause problems **
00026 #  warning ** during runtime. Problematic behavior was observed   **
00027 #  warning ** at least for Globus Toolkit version 4.0. But it was **
00028 #  warning ** tested and worked for Globus Toolkit 4.2.1.         **
00029 #  warning *********************************************************
00030     return true;
00031 #else
00032     // OBJ_create(OBJ_proxyCertInfo,SN_proxyCertInfo,LN_proxyCertInfo);
00033     // Use OpenSSL hack to make proxies work with Globus disabled
00034     const char* sn = "proxyCertInfo";
00035     const char* gsn = "PROXYCERTINFO";
00036     int nid = OBJ_sn2nid(sn);
00037     int gnid = OBJ_sn2nid(gsn);
00038     // If Globus proxy extension is present
00039     // And if OpenSSL proxy extension is present
00040     // And if they are not equal
00041     if((gnid > 0) && (nid > 0) && (gnid != nid)) { 
00042       ASN1_OBJECT* obj = NULL;
00043       X509V3_EXT_METHOD* ext = X509V3_EXT_get_nid(nid);
00044       X509V3_EXT_METHOD* gext = X509V3_EXT_get_nid(gnid);
00045       // Globus object with OpenSSL NID
00046       unsigned char tmpbuf[512];
00047       int i = a2d_ASN1_OBJECT(tmpbuf,sizeof(tmpbuf),"1.3.6.1.5.5.7.1.14",-1);
00048       if(i > 0) {
00049         obj = ASN1_OBJECT_create(nid,tmpbuf,i,gsn,"Proxy Certificate Info Extension");
00050         if(obj != NULL) {
00051           gnid = OBJ_add_object(obj);
00052           // Merging Globus and OpenSSL extensions - probably dangerous
00053           if((ext != NULL) && (gext != NULL)) {
00054             gext->ext_nid = gnid;
00055             if(ext->d2i == NULL) ext->d2i=gext->d2i;
00056             if(ext->i2d == NULL) ext->i2d=gext->i2d;
00057             return true;
00058           }
00059         }
00060       }
00061     }
00062     return false;
00063 #endif // OPENSSL_VERSION_NUMBER > 0x0090804f
00064 #else  // HAVE_OPENSSL_PROXY
00065     return true;
00066 #endif // HAVE_OPENSSL_PROXY
00067   }
00068 
00069 }
00070