Swiftdiff options
| -rw-r--r-- | Swiften/QA/TLSTest/CertificateTest.cpp | 19 | ||||
| -rw-r--r-- | Swiften/QA/TLSTest/certificateChain.pem | 49 | ||||
| -rw-r--r-- | Swiften/TLS/CertificateFactory.cpp | 4 | ||||
| -rw-r--r-- | Swiften/TLS/CertificateFactory.h | 2 | ||||
| -rw-r--r-- | Swiften/TLS/OpenSSL/OpenSSLCertificate.cpp | 8 | ||||
| -rw-r--r-- | Swiften/TLS/OpenSSL/OpenSSLCertificate.h | 2 | ||||
| -rw-r--r-- | Swiften/TLS/OpenSSL/OpenSSLCertificateFactory.cpp | 8 | ||||
| -rw-r--r-- | Swiften/TLS/OpenSSL/OpenSSLCertificateFactory.h | 2 | ||||
| -rw-r--r-- | Swiften/TLS/OpenSSL/OpenSSLContext.cpp | 9 | ||||
| -rw-r--r-- | Swiften/TLS/OpenSSL/OpenSSLContext.h | 2 | ||||
| -rw-r--r-- | Swiften/TLS/TLSContext.cpp | 2 | ||||
| -rw-r--r-- | Swiften/TLS/TLSContext.h | 2 |
12 files changed, 96 insertions, 13 deletions
diff --git a/Swiften/QA/TLSTest/CertificateTest.cpp b/Swiften/QA/TLSTest/CertificateTest.cpp index 02ec0f8..21f749c 100644 --- a/Swiften/QA/TLSTest/CertificateTest.cpp +++ b/Swiften/QA/TLSTest/CertificateTest.cpp @@ -24,24 +24,26 @@ template<typename CERTIFICATE_FACTORY> class CertificateTest : public CppUnit::TestFixture { CPPUNIT_TEST_SUITE(CertificateTest); CPPUNIT_TEST(testConstructFromDER); CPPUNIT_TEST(testToDER); //CPPUNIT_TEST(testGetSubjectName); CPPUNIT_TEST(testGetCommonNames); CPPUNIT_TEST(testGetSRVNames); CPPUNIT_TEST(testGetDNSNames); CPPUNIT_TEST(testGetXMPPAddresses); + CPPUNIT_TEST(testCreateCertificateChain); CPPUNIT_TEST_SUITE_END(); public: void setUp() { pathProvider = std::make_unique<PlatformApplicationPathProvider>("FileReadBytestreamTest"); readByteArrayFromFile(certificateData, (pathProvider->getExecutableDir() / "jabber_org.crt")); + readByteArrayFromFile(chainData, (pathProvider->getExecutableDir() / "certificateChain.pem")); certificateFactory = std::unique_ptr<CertificateFactory>(new CERTIFICATE_FACTORY()); } void testConstructFromDER() { Certificate::ref testling = Certificate::ref(certificateFactory->createCertificateFromDER(certificateData)); CPPUNIT_ASSERT_EQUAL(std::string("*.jabber.org"), testling->getCommonNames()[0]); } @@ -82,19 +84,36 @@ class CertificateTest : public CppUnit::TestFixture { } void testGetXMPPAddresses() { Certificate::ref testling = Certificate::ref(certificateFactory->createCertificateFromDER(certificateData)); CPPUNIT_ASSERT_EQUAL(1, static_cast<int>(testling->getXMPPAddresses().size())); CPPUNIT_ASSERT_EQUAL(std::string("*.jabber.org"), testling->getXMPPAddresses()[0]); } + void testCreateCertificateChain() { + // The input chain contains a 2-certificate chain: + // the first certificate has: + // a subject of "O=messaging,CN=Mixer Messaging Configuration,CN=badger.isode.net" + // an issuer of "O=messaging, CN=New Messaging CA" + // the second certificate has: + // a subject of "O=messaging, CN=New Messaging CA" + // an issuer of "O=messaging, CN=New Messaging CA" + // i.e. it is a self-signed certificate + std::vector<std::shared_ptr<Certificate>> chain = certificateFactory->createCertificateChain(chainData); + CPPUNIT_ASSERT_EQUAL(2,static_cast<int>(chain.size())); + CPPUNIT_ASSERT_EQUAL(std::string("Mixer Messaging Configuration"), chain[0]->getCommonNames()[0]); + CPPUNIT_ASSERT_EQUAL(std::string("badger.isode.net"), chain[0]->getCommonNames()[1]); + CPPUNIT_ASSERT_EQUAL(std::string("New Messaging CA"), chain[1]->getCommonNames()[0]); + } + private: std::unique_ptr<PlatformApplicationPathProvider> pathProvider; ByteArray certificateData; + ByteArray chainData; std::unique_ptr<CertificateFactory> certificateFactory; }; #ifdef HAVE_OPENSSL #include <Swiften/TLS/OpenSSL/OpenSSLCertificateFactory.h> CPPUNIT_TEST_SUITE_REGISTRATION(CertificateTest<OpenSSLCertificateFactory>); #endif diff --git a/Swiften/QA/TLSTest/certificateChain.pem b/Swiften/QA/TLSTest/certificateChain.pem new file mode 100644 index 0000000..cb3c0fb --- /dev/null +++ b/Swiften/QA/TLSTest/certificateChain.pem @@ -0,0 +1,49 @@ +-----BEGIN CERTIFICATE----- +MIIFFTCCA/2gAwIBAgIKXmMION+1bnZpIzANBgkqhkiG9w0BAQsFADAvMRIwEAYD +VQQKEwltZXNzYWdpbmcxGTAXBgNVBAMTEE5ldyBNZXNzYWdpbmcgQ0EwHhcNMTkw +NzI5MTAxMjMxWhcNMjAwNzI5MTAxMjMxWjBXMRIwEAYDVQQKEwltZXNzYWdpbmcx +JjAkBgNVBAMTHU1peGVyIE1lc3NhZ2luZyBDb25maWd1cmF0aW9uMRkwFwYDVQQD +ExBiYWRnZXIuaXNvZGUubmV0MIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKC +AYEAt42TMYe9oO4K6XmvST4kiy4cG+nmVDCtZRfAfF/A+1GQXTZ8OfLbPF5noLIF +f1Jj6fBDA2HiKoLQWfNnIklNEzgPbOREuAuCe660sW1JzJFr5O5qYyf6bHKkYmRr +CGHJ3G5kkXZOW3MhczPNHrTIUSL7lYLMZAcyWStkhgBy7lBuYtgDEXbdRH8OGgly +XC39AAU93y7ynw6W3SorU6h9cwvS0Ho8KVemCXoE38WLeSrIw1ks+Kf1YQopg9O3 +2SkXp6Z9elG5Wk5Rh0L0H2XHnAvmodr9TW6rtrPkJZfLL+NfcnGtI6QKnvL8EhYG +d+XiPOV8jyGAFRC1Be72wlF29Rw20zdoD3kAdeqBLWfL8H9mnQpebEIDj8Lmahub ++W4uuUqCG8NuY43lGJzJni9CFWvhD7ss1yVGz84zqRHu5iXNDncWH2luJT1gXvFW +6mxcfe+AwSiZ8PrhDQZBfTyx7ob4Ozdc1d59XTPyckj2msnCo2ayg+jKaViDd4vz +nNwhAgMBAAGjggGJMIIBhTAbBgNVHREEFDASghBiYWRnZXIuaXNvZGUubmV0MA4G +A1UdDwEB/wQEAwIF4DAMBgNVHRMBAf8EAjAAMHQGA1UdHwRtMGswaaBnoGWGY2xk +YXA6Ly9kaWFib2xvLmlzb2RlLm5ldDoxOTM4OS9jbj1OZXclMjBNZXNzYWdpbmcl +MjBDQSxvPW1lc3NhZ2luZz9jZXJ0aWZpY2F0ZVJldm9jYXRpb25MaXN0O2JpbmFy +eTCBkQYIKwYBBQUHAQEEgYQwgYEwfwYIKwYBBQUHMAKGc2xkYXA6Ly9kaWFib2xv +Lmlzb2RlLm5ldDoxOTM4OS9jbj1OZXclMjBNZXNzYWdpbmclMjBDQSxvPW1lc3Nh +Z2luZz9jQUNlcnRpZmljYXRlO2JpbmFyeSxjcm9zc0NlcnRpZmljYXRlUGFpcjti +aW5hcnkwHQYDVR0OBBYEFFjf69BczlDoKiSBSvxCr9sy0OJ2MB8GA1UdIwQYMBaA +FJvoU0Lwg8vVCEmEMoKy29zFo/Y7MA0GCSqGSIb3DQEBCwUAA4IBAQCS4zLVH98S +Cl4gsmTkxM+lBsdzQ18ymA6p9ZRXGmJ405C9rN7um9XnbWwOHO6ach7zie2GxWLp +KOYKjX/5Pjt7mPwG8eKepPAxDenzKw5TocjscR9VxBsym0oEkWHPQG+xSqySQGUw +/5QoGy6v06yE8CZ7BKHPh91Jy7IjIDBxWaEtTAPyuH4i4DnsmA0/xSrJ7ez6g399 +YgqDnBInC63bYv5IDD1CmEr/0boBWpsOf50OC6JVhaPLAldwTAxLSOMBJ4q4onXC +ZqDHY3EMRtwYEffNg9ZorXJwLmU3Lq/R3B9lC22XNPDFj/bZ5RpwVFtuN5HfeZzO +aPbNoa0Nf+QB +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDJDCCAgygAwIBAgIKSm7KkUZOigMk9zANBgkqhkiG9w0BAQsFADAvMRIwEAYD +VQQKEwltZXNzYWdpbmcxGTAXBgNVBAMTEE5ldyBNZXNzYWdpbmcgQ0EwHhcNMTYw +MTI2MTU1MTU2WhcNMjYwMTI2MTU1MTU2WjAvMRIwEAYDVQQKEwltZXNzYWdpbmcx +GTAXBgNVBAMTEE5ldyBNZXNzYWdpbmcgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IB +DwAwggEKAoIBAQDgcuX1s8EvO8GDHx7vSW9oeDnLUBx5E48Vb2qcJVc34ik1j6ZV +d8/+tzmyy/BskFbaOJ0KD5XYOoI8TJtu28lASWZj1vAEZkfrDdBbKeb1BQhShMt2 +ICgzp7l4ubwd6rqCGHpD/f12RVhSlU3y6TniaK62a9RwJOpL/wvnCcJLPjaTw8om +EY62EyUP+FymUbo3Rb3aWLM7avHl1/32pyzUgRzvZR63hlMHnlE5Sgc84j9KMwJH +k+mCyXIGPc+yhL33ljR63Eoiqynyk0HPU6pWai1WKuSv6zMDPwnNaJA3VpLNUHsd +eVe1GyOmPFePnhRPZYfC+Dk8lxDUmZfNFKZlAgMBAAGjQjBAMA4GA1UdDwEB/wQE +AwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBSb6FNC8IPL1QhJhDKCstvc +xaP2OzANBgkqhkiG9w0BAQsFAAOCAQEApgA5oupwTS2Ylt9mhS/TDX9wzR0DqnC5 +t9skgU9B/1MnzgqEMKGmuhRBiqDyr0jsPegBFI/CpTdIpakpSUrIvBTZADzkrkI+ +3k2jnpEv0vodaFIHQonDysq5h4bXsCSdSprdhiUa1GKFtnJ92Ro/2Uaw5UcqFPCg +7kj7RmRVlAIynUAT81cefQww0HBFPN9SdBEpp6YP4P1u1x8GV0Bfq93r4G5jkiHN +dA6xejk7RZK4mTH+K2aFpWoHCqMr7RAzV5UiXis4cFAmtv+5K/G7eazNx0Y+ODo4 +fweh+xW+dOXuP1lzW4DzwhEf/8tgFgI0jIvscPgdgHY7t9SQRJPYQQ== +-----END CERTIFICATE----- diff --git a/Swiften/TLS/CertificateFactory.cpp b/Swiften/TLS/CertificateFactory.cpp index aaf27d9..d4db3f4 100644 --- a/Swiften/TLS/CertificateFactory.cpp +++ b/Swiften/TLS/CertificateFactory.cpp @@ -17,19 +17,19 @@ #include <Swiften/Base/Log.h> #include <Swiften/StringCodecs/Base64.h> #include <Swiften/TLS/PrivateKey.h> namespace Swift { CertificateFactory::~CertificateFactory() { } -std::vector<std::unique_ptr<Certificate>> CertificateFactory::createCertificateChain(const ByteArray& /* data */) { +std::vector<std::shared_ptr<Certificate>> CertificateFactory::createCertificateChain(const ByteArray& /* data */) { assert(false); - return std::vector<std::unique_ptr<Certificate>>(); + return std::vector<std::shared_ptr<Certificate>>(); } PrivateKey::ref CertificateFactory::createPrivateKey(const SafeByteArray& data, boost::optional<SafeByteArray> password) { return std::make_shared<PrivateKey>(data, password); } } diff --git a/Swiften/TLS/CertificateFactory.h b/Swiften/TLS/CertificateFactory.h index 619031c..873c36b 100644 --- a/Swiften/TLS/CertificateFactory.h +++ b/Swiften/TLS/CertificateFactory.h @@ -13,13 +13,13 @@ #include <Swiften/TLS/Certificate.h> #include <Swiften/TLS/PrivateKey.h> namespace Swift { class SWIFTEN_API CertificateFactory { public: virtual ~CertificateFactory(); virtual Certificate* createCertificateFromDER(const ByteArray& der) = 0; - virtual std::vector<std::unique_ptr<Certificate>> createCertificateChain(const ByteArray& data); + virtual std::vector<std::shared_ptr<Certificate>> createCertificateChain(const ByteArray& data); PrivateKey::ref createPrivateKey(const SafeByteArray& data, boost::optional<SafeByteArray> password = boost::optional<SafeByteArray>()); }; } diff --git a/Swiften/TLS/OpenSSL/OpenSSLCertificate.cpp b/Swiften/TLS/OpenSSL/OpenSSLCertificate.cpp index 8d2d965..bb51428 100644 --- a/Swiften/TLS/OpenSSL/OpenSSLCertificate.cpp +++ b/Swiften/TLS/OpenSSL/OpenSSLCertificate.cpp @@ -31,18 +31,26 @@ OpenSSLCertificate::OpenSSLCertificate(const ByteArray& der) { const unsigned char* p = vecptr(der); #endif cert = std::shared_ptr<X509>(d2i_X509(nullptr, &p, der.size()), X509_free); if (!cert) { SWIFT_LOG(warning) << "Error creating certificate from DER data" << std::endl; } parse(); } +void OpenSSLCertificate::incrementReferenceCount() const { +#if OPENSSL_VERSION_NUMBER >= 0x10100000L + X509_up_ref(cert.get()); +#else + CRYPTO_add(&(cert.get()->references), 1, CRYPTO_LOCK_EVP_PKEY); +#endif +} + ByteArray OpenSSLCertificate::toDER() const { ByteArray result; if (!cert) { return result; } result.resize(i2d_X509(cert.get(), nullptr)); unsigned char* p = vecptr(result); i2d_X509(cert.get(), &p); return result; diff --git a/Swiften/TLS/OpenSSL/OpenSSLCertificate.h b/Swiften/TLS/OpenSSL/OpenSSLCertificate.h index 186caea..64da82a 100644 --- a/Swiften/TLS/OpenSSL/OpenSSLCertificate.h +++ b/Swiften/TLS/OpenSSL/OpenSSLCertificate.h @@ -39,18 +39,20 @@ namespace Swift { return xmppAddresses; } ByteArray toDER() const; std::shared_ptr<X509> getInternalX509() const { return cert; } + void incrementReferenceCount() const; + private: void parse(); void addSRVName(const std::string& name) { srvNames.push_back(name); } void addDNSName(const std::string& name) { dnsNames.push_back(name); diff --git a/Swiften/TLS/OpenSSL/OpenSSLCertificateFactory.cpp b/Swiften/TLS/OpenSSL/OpenSSLCertificateFactory.cpp index 5eb626b..fd94ec8 100644 --- a/Swiften/TLS/OpenSSL/OpenSSLCertificateFactory.cpp +++ b/Swiften/TLS/OpenSSL/OpenSSLCertificateFactory.cpp @@ -14,37 +14,37 @@ OpenSSLCertificateFactory::OpenSSLCertificateFactory() { } OpenSSLCertificateFactory::~OpenSSLCertificateFactory() { } Certificate* OpenSSLCertificateFactory::createCertificateFromDER(const ByteArray& der) { return new OpenSSLCertificate(der); } -std::vector<std::unique_ptr<Certificate>> OpenSSLCertificateFactory::createCertificateChain(const ByteArray& data) { - std::vector<std::unique_ptr<Certificate>> certificateChain; +std::vector<std::shared_ptr<Certificate>> OpenSSLCertificateFactory::createCertificateChain(const ByteArray& data) { + std::vector<std::shared_ptr<Certificate>> certificateChain; if (data.size() > std::numeric_limits<int>::max()) { return certificateChain; } auto bio = std::shared_ptr<BIO>(BIO_new(BIO_s_mem()), BIO_free); BIO_write(bio.get(), vecptr(data), int(data.size())); // Attempt parsing data as PEM X509* openSSLCert = nullptr; auto x509certFromPEM = PEM_read_bio_X509(bio.get(), &openSSLCert, nullptr, nullptr); if (x509certFromPEM && openSSLCert) { std::shared_ptr<X509> x509Cert(openSSLCert, X509_free); - certificateChain.emplace_back(std::make_unique<OpenSSLCertificate>(x509Cert)); + certificateChain.emplace_back(std::make_shared<OpenSSLCertificate>(x509Cert)); openSSLCert = nullptr; while ((x509certFromPEM = PEM_read_bio_X509(bio.get(), &openSSLCert, nullptr, nullptr)) != nullptr) { std::shared_ptr<X509> x509Cert(openSSLCert, X509_free); - certificateChain.emplace_back(std::make_unique<OpenSSLCertificate>(x509Cert)); + certificateChain.emplace_back(std::make_shared<OpenSSLCertificate>(x509Cert)); openSSLCert = nullptr; } } return certificateChain; } } diff --git a/Swiften/TLS/OpenSSL/OpenSSLCertificateFactory.h b/Swiften/TLS/OpenSSL/OpenSSLCertificateFactory.h index 48e9b2c..a6974c8 100644 --- a/Swiften/TLS/OpenSSL/OpenSSLCertificateFactory.h +++ b/Swiften/TLS/OpenSSL/OpenSSLCertificateFactory.h @@ -10,12 +10,12 @@ #include <Swiften/TLS/OpenSSL/OpenSSLCertificate.h> namespace Swift { class OpenSSLCertificateFactory : public CertificateFactory { public: OpenSSLCertificateFactory(); virtual ~OpenSSLCertificateFactory() override final; virtual Certificate* createCertificateFromDER(const ByteArray& der) override final; - virtual std::vector<std::unique_ptr<Certificate>> createCertificateChain(const ByteArray& data) override final; + virtual std::vector<std::shared_ptr<Certificate>> createCertificateChain(const ByteArray& data) override final; }; } diff --git a/Swiften/TLS/OpenSSL/OpenSSLContext.cpp b/Swiften/TLS/OpenSSL/OpenSSLContext.cpp index 5c80976..32d6470 100644 --- a/Swiften/TLS/OpenSSL/OpenSSLContext.cpp +++ b/Swiften/TLS/OpenSSL/OpenSSLContext.cpp @@ -561,45 +561,50 @@ void OpenSSLContext::sendPendingDataToApplication() { data.resize(SSL_READ_BUFFERSIZE); ret = SSL_read(handle_.get(), vecptr(data), data.size()); } if (ret < 0 && SSL_get_error(handle_.get(), ret) != SSL_ERROR_WANT_READ) { state_ = State::Error; onError(std::make_shared<TLSError>(TLSError::UnknownError, openSSLInternalErrorToString())); } } -bool OpenSSLContext::setCertificateChain(std::vector<std::unique_ptr<Certificate>>&& certificateChain) { +bool OpenSSLContext::setCertificateChain(const std::vector<std::shared_ptr<Certificate>>& certificateChain) { if (certificateChain.size() == 0) { SWIFT_LOG(warning) << "Trying to load empty certificate chain." << std::endl; return false; } // load endpoint certificate auto openSSLCert = dynamic_cast<OpenSSLCertificate*>(certificateChain[0].get()); if (!openSSLCert) { return false; } if (SSL_CTX_use_certificate(context_.get(), openSSLCert->getInternalX509().get()) != 1) { return false; } + // Increment reference count on certificate so that it does not get freed when the SSL context is destroyed + openSSLCert->incrementReferenceCount(); + if (certificateChain.size() > 1) { for (auto certificate = certificateChain.begin() + 1; certificate != certificateChain.end(); ++certificate) { auto openSSLCert = dynamic_cast<OpenSSLCertificate*>(certificate->get()); if (!openSSLCert) { return false; } + if (SSL_CTX_add_extra_chain_cert(context_.get(), openSSLCert->getInternalX509().get()) != 1) { SWIFT_LOG(warning) << "Trying to load empty certificate chain." << std::endl; return false; } - certificate->release(); + + openSSLCert->incrementReferenceCount(); } } if (handle_) { // This workaround is needed as OpenSSL has a shortcut to not do anything // if you set the SSL_CTX to the existing SSL_CTX and not reloading the // certificates from the SSL_CTX. auto dummyContext = createSSL_CTX(mode_); SSL_set_SSL_CTX(handle_.get(), dummyContext.get()); diff --git a/Swiften/TLS/OpenSSL/OpenSSLContext.h b/Swiften/TLS/OpenSSL/OpenSSLContext.h index 885b1fe..8eb5758 100644 --- a/Swiften/TLS/OpenSSL/OpenSSLContext.h +++ b/Swiften/TLS/OpenSSL/OpenSSLContext.h @@ -40,19 +40,19 @@ namespace Swift { class OpenSSLContext : public TLSContext, boost::noncopyable { public: OpenSSLContext(const TLSOptions& options, Mode mode); virtual ~OpenSSLContext() override final; void accept() override final; void connect() override final; void connect(const std::string& requestHostname) override final; - bool setCertificateChain(std::vector<std::unique_ptr<Certificate>>&& certificateChain) override final; + bool setCertificateChain(const std::vector<std::shared_ptr<Certificate>>& certificateChain) override final; bool setPrivateKey(const PrivateKey::ref& privateKey) override final; bool setClientCertificate(CertificateWithKey::ref cert) override final; void setAbortTLSHandshake(bool abort) override final; bool setDiffieHellmanParameters(const ByteArray& parametersInOpenSslDer) override final; void handleDataFromNetwork(const SafeByteArray&) override final; void handleDataFromApplication(const SafeByteArray&) override final; std::vector<Certificate::ref> getPeerCertificateChain() const override final; diff --git a/Swiften/TLS/TLSContext.cpp b/Swiften/TLS/TLSContext.cpp index 666ea7f..fd31c2d 100644 --- a/Swiften/TLS/TLSContext.cpp +++ b/Swiften/TLS/TLSContext.cpp @@ -15,19 +15,19 @@ TLSContext::~TLSContext() { void TLSContext::accept() { assert(false); } void TLSContext::connect(const std::string& /* serverName */) { assert(false); } -bool TLSContext::setCertificateChain(std::vector<std::unique_ptr<Certificate>>&& /* certificateChain */) { +bool TLSContext::setCertificateChain(const std::vector<std::shared_ptr<Certificate>>& /* certificateChain */) { assert(false); return false; } bool TLSContext::setPrivateKey(const PrivateKey::ref& /* privateKey */) { assert(false); return false; } diff --git a/Swiften/TLS/TLSContext.h b/Swiften/TLS/TLSContext.h index 85776d8..f2dbdce 100644 --- a/Swiften/TLS/TLSContext.h +++ b/Swiften/TLS/TLSContext.h @@ -22,19 +22,19 @@ namespace Swift { class SWIFTEN_API TLSContext { public: virtual ~TLSContext(); virtual void accept(); virtual void connect() = 0; virtual void connect(const std::string& serverName); - virtual bool setCertificateChain(std::vector<std::unique_ptr<Certificate>>&& /* certificateChain */); + virtual bool setCertificateChain(const std::vector<std::shared_ptr<Certificate>>& /* certificateChain */); virtual bool setPrivateKey(const PrivateKey::ref& /* privateKey */); virtual bool setClientCertificate(CertificateWithKey::ref cert) = 0; virtual bool setDiffieHellmanParameters(const ByteArray& parametersInOpenSslDer); /** * This method can be used during the \ref onServerNameRequested signal, * to report an error about an unknown host back to the requesting client. */ |