Remove support for IceSSL.Ciphers (#2052)

config/PropertyNames.xml

@@ -564,7 +564,6 @@ generated from the section label.
         <property name="CertFile" />
         <property name="CheckCertName" />
         <property name="CheckCRL" />
-        <property name="Ciphers" />
         <property name="CertificateRevocationListFiles" />
         <property name="DefaultDir" />
         <property name="FindCert" />

cpp/include/IceSSL/Certificate.h → cpp/include/Ice/Certificate.h

@@ -2,13 +2,13 @@
 // Copyright (c) ZeroC, Inc. All rights reserved.
 //
 
-#ifndef ICESSL_PLUGIN_H
-#define ICESSL_PLUGIN_H
+#ifndef ICE_CERTIFICATE_H
+#define ICE_CERTIFICATE_H
 
-#include "ConnectionInfoF.h"
-#include "Ice/Config.h"
-#include "Ice/Exception.h"
-#include "Ice/Plugin.h"
+#include "Config.h"
+#include "Exception.h"
+#include "Plugin.h"
+#include "SSLConnectionInfoF.h"
 
 #include <chrono>
 #include <cstdint>

cpp/include/Ice/Ice.h

@@ -19,6 +19,7 @@
 
 // We don't need to see the following headers when building the generated code.
 
+#    include "Certificate.h"
 #    include "Communicator.h"
 #    include "Connection.h"
 #    include "IconvStringConverter.h"
@@ -34,6 +35,8 @@
 #    include "Properties.h"
 #    include "ProxyFunctions.h"
 #    include "RegisterPlugins.h"
+#    include "SSLConnectionInfo.h"
+#    include "SSLEndpointInfo.h"
 #    include "ServantLocator.h"
 #    include "SlicedData.h"
 #    include "StringConverter.h"

cpp/include/IceSSL/OpenSSL.h → cpp/include/Ice/OpenSSL.h

@@ -2,8 +2,8 @@
 // Copyright (c) ZeroC, Inc. All rights reserved.
 //
 
-#ifndef ICESSL_OPENSSL_H
-#define ICESSL_OPENSSL_H
+#ifndef ICE_OPENSSL_H
+#define ICE_OPENSSL_H
 
 #include "Certificate.h"
 

cpp/include/IceSSL/SChannel.h → cpp/include/Ice/SChannel.h

@@ -2,8 +2,8 @@
 // Copyright (c) ZeroC, Inc. All rights reserved.
 //
 
-#ifndef ICESSL_SCHANNEL_H
-#define ICESSL_SCHANNEL_H
+#ifndef ICE_SCHANNEL_H
+#define ICE_SCHANNEL_H
 
 #ifdef _WIN32
 #    include "Certificate.h"

cpp/include/IceSSL/ConnectionInfo.h → cpp/include/Ice/SSLConnectionInfo.h

@@ -2,12 +2,12 @@
 // Copyright (c) ZeroC, Inc. All rights reserved.
 //
 
-#ifndef ICESSL_CONNECTION_INFO_H
-#define ICESSL_CONNECTION_INFO_H
+#ifndef ICE_SSL_CONNECTION_INFO_H
+#define ICE_SSL_CONNECTION_INFO_H
 
 #include "Certificate.h"
-#include "ConnectionInfoF.h"
 #include "Ice/Connection.h"
+#include "SSLConnectionInfoF.h"
 
 #if defined(__clang__)
 #    pragma clang diagnostic push

cpp/include/IceSSL/EndpointInfo.h → cpp/include/Ice/SSLEndpointInfo.h

@@ -2,10 +2,10 @@
 // Copyright (c) ZeroC, Inc. All rights reserved.
 //
 
-#ifndef ICESSL_ENDPOINT_INFO_H
-#define ICESSL_ENDPOINT_INFO_H
+#ifndef ICE_SSL_ENDPOINT_INFO_H
+#define ICE_SSL_ENDPOINT_INFO_H
 
-#include "Ice/Endpoint.h"
+#include "Endpoint.h"
 
 #if defined(__clang__)
 #    pragma clang diagnostic push

cpp/include/IceSSL/SecureTransport.h → cpp/include/Ice/SecureTransport.h

@@ -2,8 +2,8 @@
 // Copyright (c) ZeroC, Inc. All rights reserved.
 //
 
-#ifndef ICESSL_SECURE_TRANSPORT_H
-#define ICESSL_SECURE_TRANSPORT_H
+#ifndef ICE_SECURE_TRANSPORT_H
+#define ICE_SECURE_TRANSPORT_H
 
 #ifdef __APPLE__
 

cpp/msbuild/ice.nuget.targets

@@ -7,15 +7,11 @@
     <!-- Dynamic libraries and import libraries -->
     <ItemGroup>
         <Libraries Include="$(IceSrcRootDir)bin\$(Platform)\$(Configuration)\*.dll"
-                   Exclude="$(IceSrcRootDir)bin\$(Platform)\$(Configuration)\glacier2cryptpermissionsverifier*d.dll;
-                            $(IceSrcRootDir)bin\$(Platform)\$(Configuration)\icesslopenssl*.dll;
-                            $(IceSrcRootDir)bin\$(Platform)\$(Configuration)\libeay32.dll;
-                            $(IceSrcRootDir)bin\$(Platform)\$(Configuration)\ssleay32.dll"/>
+                   Exclude="$(IceSrcRootDir)bin\$(Platform)\$(Configuration)\glacier2cryptpermissionsverifier*d.dll"/>
 
         <ImportLibraries Include="$(IceSrcRootDir)lib\$(Platform)\$(Configuration)\*.lib"
                          Exclude="$(IceSrcRootDir)lib\$(Platform)\$(Configuration)\glacier2cryptpermissionsverifier*.lib;
                                   $(IceSrcRootDir)lib\$(Platform)\$(Configuration)\icedb*.lib;
-                                  $(IceSrcRootDir)lib\$(Platform)\$(Configuration)\icesslopenssl*.lib;
                                   $(IceSrcRootDir)lib\$(Platform)\$(Configuration)\icestormservice*.lib;
                                   $(IceSrcRootDir)lib\$(Platform)\$(Configuration)\iceutil*.lib;
                                   $(IceSrcRootDir)lib\$(Platform)\$(Configuration)\icexml*.lib;

cpp/src/Glacier2/SessionRouterI.cpp

@@ -6,9 +6,7 @@
 #include "SessionRouterI.h"
 #include "FilterManager.h"
 #include "Glacier2/PermissionsVerifier.h"
-#include "Ice/UUID.h"
-#include "IceSSL/Certificate.h"
-#include "IceSSL/ConnectionInfo.h"
+#include "Ice/Ice.h"
 #include "RouterI.h"
 
 using namespace std;

cpp/src/Ice/PropertyNames.cpp

@@ -1143,7 +1143,6 @@ const IceInternal::Property IceSSLPropsData[] = {
     IceInternal::Property("IceSSL.CertFile", false, 0),
     IceInternal::Property("IceSSL.CheckCertName", false, 0),
     IceInternal::Property("IceSSL.CheckCRL", false, 0),
-    IceInternal::Property("IceSSL.Ciphers", false, 0),
     IceInternal::Property("IceSSL.CertificateRevocationListFiles", false, 0),
     IceInternal::Property("IceSSL.DefaultDir", false, 0),
     IceInternal::Property("IceSSL.FindCert", false, 0),

cpp/src/Ice/msbuild/ice/ice.vcxproj

@@ -163,7 +163,6 @@
     </CustomBuild>
   </ItemGroup>
   <ItemGroup>
-    <ClCompile Include="..\..\..\IceSSL\PluginI.cpp" />
     <ClCompile Include="..\..\..\IceSSL\SSLAcceptorI.cpp" />
     <ClCompile Include="..\..\..\IceSSL\CertificateI.cpp" />
     <ClCompile Include="..\..\..\IceSSL\SSLConnectorI.cpp" />
@@ -1006,4 +1005,4 @@
     <Error Condition="!Exists('..\..\..\..\msbuild\packages\zeroc.icebuilder.msbuild.5.0.9\build\zeroc.icebuilder.msbuild.props')" Text="$([System.String]::Format('$(ErrorText)', '..\..\..\..\msbuild\packages\zeroc.icebuilder.msbuild.5.0.9\build\zeroc.icebuilder.msbuild.props'))" />
     <Error Condition="!Exists('..\..\..\..\msbuild\packages\zeroc.icebuilder.msbuild.5.0.9\build\zeroc.icebuilder.msbuild.targets')" Text="$([System.String]::Format('$(ErrorText)', '..\..\..\..\msbuild\packages\zeroc.icebuilder.msbuild.5.0.9\build\zeroc.icebuilder.msbuild.targets'))" />
   </Target>
-</Project>
+</Project>

cpp/src/Ice/msbuild/ice/ice.vcxproj.filters

@@ -615,9 +615,6 @@
     <ClCompile Include="..\..\..\IceSSL\SSLUtil.cpp">
       <Filter>Source Files\IceSSL</Filter>
     </ClCompile>
-    <ClCompile Include="..\..\..\IceSSL\PluginI.cpp">
-      <Filter>Source Files\IceSSL</Filter>
-    </ClCompile>
     <ClCompile Include="..\..\IdleTimeoutTransceiverDecorator.cpp">
       <Filter>Source Files</Filter>
     </ClCompile>

cpp/src/IceGrid/AdminSessionI.cpp

@@ -6,8 +6,6 @@
 #include "AdminI.h"
 #include "Database.h"
 #include "Ice/Ice.h"
-#include "Ice/UUID.h"
-#include "IceSSL/Certificate.h"
 #include "RegistryI.h"
 #include "SynchronizationException.h"
 

cpp/src/IceGrid/InternalRegistryI.cpp

@@ -2,14 +2,12 @@
 // Copyright (c) ZeroC, Inc. All rights reserved.
 //
 
-#include "Ice/Ice.h"
 #include "IceUtil/DisableWarnings.h"
 
 #include "../IceSSL/RFC2253.h"
 #include "Database.h"
 #include "FileCache.h"
-#include "IceSSL/Certificate.h"
-#include "IceSSL/ConnectionInfo.h"
+#include "Ice/Ice.h"
 #include "InternalRegistryI.h"
 #include "NodeSessionI.h"
 #include "ReapThread.h"

cpp/src/IceGrid/RegistryI.cpp

@@ -17,8 +17,6 @@
 #include "Ice/Ice.h"
 #include "Ice/UUID.h"
 #include "IceLocatorDiscovery.h"
-#include "IceSSL/Certificate.h"
-#include "IceSSL/ConnectionInfo.h"
 #include "IceUtil/FileUtil.h"
 #include "InternalRegistryI.h"
 #include "LocatorI.h"

cpp/src/IceGrid/SessionI.cpp

@@ -5,9 +5,7 @@
 #include "SessionI.h"
 #include "Database.h"
 #include "Ice/Ice.h"
-#include "Ice/UUID.h"
 #include "IceGrid/Admin.h"
-#include "IceSSL/Certificate.h"
 #include "LocatorI.h"
 #include "QueryI.h"
 

cpp/src/IceSSL/CertificateI.cpp

@@ -212,3 +212,99 @@ CertificateI::toString() const
     os << "subject: " << string(getSubjectDN()) << "\n";
     return os.str();
 }
+
+std::string
+IceSSL::getTrustErrorDescription(TrustError error)
+{
+    switch (error)
+    {
+        case IceSSL::TrustError::NoError:
+        {
+            return "no error";
+        }
+        case IceSSL::TrustError::ChainTooLong:
+        {
+            return "the certificate chain length is greater than the specified maximum depth";
+        }
+        case IceSSL::TrustError::HasExcludedNameConstraint:
+        {
+            return "the X509 chain is invalid because a certificate has excluded a name constraint";
+        }
+        case IceSSL::TrustError::HasNonDefinedNameConstraint:
+        {
+            return "the certificate has an undefined name constraint";
+        }
+        case IceSSL::TrustError::HasNonPermittedNameConstraint:
+        {
+            return "the certificate has a non permitted name constrain";
+        }
+        case IceSSL::TrustError::HasNonSupportedCriticalExtension:
+        {
+            return "the certificate does not support a critical extension";
+        }
+        case IceSSL::TrustError::HasNonSupportedNameConstraint:
+        {
+            return "the certificate does not have a supported name constraint or has a name constraint that "
+                   "is unsupported";
+        }
+        case IceSSL::TrustError::HostNameMismatch:
+        {
+            return "a host name mismatch has occurred";
+        }
+        case IceSSL::TrustError::InvalidBasicConstraints:
+        {
+            return "the X509 chain is invalid due to invalid basic constraints";
+        }
+        case IceSSL::TrustError::InvalidExtension:
+        {
+            return "the X509 chain is invalid due to an invalid extension";
+        }
+        case IceSSL::TrustError::InvalidNameConstraints:
+        {
+            return "the X509 chain is invalid due to invalid name constraints";
+        }
+        case IceSSL::TrustError::InvalidPolicyConstraints:
+        {
+            return "the X509 chain is invalid due to invalid policy constraints";
+        }
+        case IceSSL::TrustError::InvalidPurpose:
+        {
+            return "the supplied certificate cannot be used for the specified purpose";
+        }
+        case IceSSL::TrustError::InvalidSignature:
+        {
+            return "the X509 chain is invalid due to an invalid certificate signature";
+        }
+        case IceSSL::TrustError::InvalidTime:
+        {
+            return "the X509 chain is not valid due to an invalid time value, such as a value that indicates an "
+                   "expired certificate";
+        }
+        case IceSSL::TrustError::NotTrusted:
+        {
+            return "the certificate is explicitly distrusted";
+        }
+        case IceSSL::TrustError::PartialChain:
+        {
+            return "the X509 chain could not be built up to the root certificate";
+        }
+        case IceSSL::TrustError::RevocationStatusUnknown:
+        {
+            return "it is not possible to determine whether the certificate has been revoked";
+        }
+        case IceSSL::TrustError::Revoked:
+        {
+            return "the X509 chain is invalid due to a revoked certificate";
+        }
+        case IceSSL::TrustError::UntrustedRoot:
+        {
+            return "the X509 chain is invalid due to an untrusted root certificate";
+        }
+        case IceSSL::TrustError::UnknownTrustFailure:
+        {
+            return "unknown failure";
+        }
+    }
+    assert(false);
+    return "unknown failure";
+}

cpp/src/IceSSL/CertificateI.h

@@ -5,7 +5,7 @@
 #ifndef ICESSL_CERTIFICATE_I_H
 #define ICESSL_CERTIFICATE_I_H
 
-#include "IceSSL/Certificate.h"
+#include "Ice/Certificate.h"
 
 #include <string>
 #include <vector>