THRIFT-4108: c_glib ssl implementation fixes - remove global ssl context and more
Client: glib
This closes #1208
diff --git a/lib/c_glib/src/thrift/c_glib/transport/thrift_ssl_socket.c b/lib/c_glib/src/thrift/c_glib/transport/thrift_ssl_socket.c
index f7c42cc..1de4a43 100644
--- a/lib/c_glib/src/thrift/c_glib/transport/thrift_ssl_socket.c
+++ b/lib/c_glib/src/thrift/c_glib/transport/thrift_ssl_socket.c
@@ -27,11 +27,15 @@
#include <openssl/ssl.h>
#include <pthread.h>
+#include <glib-object.h>
+#include <glib.h>
+
#include <thrift/c_glib/thrift.h>
#include <thrift/c_glib/transport/thrift_transport.h>
#include <thrift/c_glib/transport/thrift_socket.h>
#include <thrift/c_glib/transport/thrift_ssl_socket.h>
+
#if defined(WIN32)
#define MUTEX_TYPE HANDLE
#define MUTEX_SETUP(x) (x) = CreateMutex(NULL, FALSE, NULL)
@@ -58,8 +62,6 @@
/* To hold a global state management of openssl for all instances */
static gboolean thrift_ssl_socket_openssl_initialized=FALSE;
-/* Should this be keept at class level? */
-static SSL_CTX* thrift_ssl_socket_global_context=NULL;
/* This array will store all of the mutexes available to OpenSSL. */
static MUTEX_TYPE *thrift_ssl_socket_global_mutex_buf=NULL;
@@ -152,21 +154,21 @@
gboolean retval = FALSE;
ThriftSSLSocket *ssl_socket = THRIFT_SSL_SOCKET (transport);
if (thrift_ssl_socket_is_open (transport))
- {
- int rc;
- gchar byte;
- rc = SSL_peek(ssl_socket->ssl, &byte, 1);
- if (rc < 0) {
- g_set_error (error,
- THRIFT_TRANSPORT_ERROR,
- THRIFT_SSL_SOCKET_ERROR_SSL,
- "failed to peek at socket - id?");
+ {
+ int rc;
+ gchar byte;
+ rc = SSL_peek(ssl_socket->ssl, &byte, 1);
+ if (rc < 0) {
+ g_set_error (error,
+ THRIFT_TRANSPORT_ERROR,
+ THRIFT_SSL_SOCKET_ERROR_SSL,
+ "failed to peek at socket - id?");
+ }
+ if (rc == 0) {
+ ERR_clear_error();
+ }
+ retval = (rc > 0);
}
- if (rc == 0) {
- ERR_clear_error();
- }
- retval = (rc > 0);
- }
return retval;
}
@@ -175,13 +177,13 @@
thrift_ssl_socket_open (ThriftTransport *transport, GError **error)
{
if (!thrift_socket_open(transport, error)) {
- return FALSE;
+ return FALSE;
}
if (!THRIFT_SSL_SOCKET_GET_CLASS(transport)->handle_handshake(transport, error)) {
- GError *tmperr;
- thrift_socket_close(transport, &tmperr);
- return FALSE;
+ GError *tmperr;
+ thrift_socket_close(transport, &tmperr);
+ return FALSE;
}
return TRUE;
@@ -195,7 +197,7 @@
if(THRIFT_SSL_SOCKET(transport)->ssl) {
int rc = SSL_shutdown(THRIFT_SSL_SOCKET(transport)->ssl);
if (rc < 0) {
- int errno_copy = THRIFT_SSL_SOCKET_ERROR_SSL;
+ int errno_copy = THRIFT_SSL_SOCKET_ERROR_SSL;
}
SSL_free(THRIFT_SSL_SOCKET(transport)->ssl);
THRIFT_SSL_SOCKET(transport)->ssl = NULL;
@@ -207,26 +209,26 @@
/* implements thrift_transport_read */
gint32
thrift_ssl_socket_read (ThriftTransport *transport, gpointer buf,
- guint32 len, GError **error)
+ guint32 len, GError **error)
{
guint maxRecvRetries_ = 10;
ThriftSSLSocket *ssl_socket = THRIFT_SSL_SOCKET (transport);
guint bytes = 0;
guint retries = 0;
for (retries=0; retries < maxRecvRetries_; retries++) {
- bytes = SSL_read(ssl_socket->ssl, buf, len);
- if (bytes >= 0)
- break;
- int errno_copy = THRIFT_GET_SOCKET_ERROR;
- if (SSL_get_error(ssl_socket->ssl, bytes) == SSL_ERROR_SYSCALL) {
- if (ERR_get_error() == 0 && errno_copy == THRIFT_EINTR) {
- continue;
- }
- }
- g_set_error (error, THRIFT_TRANSPORT_ERROR,
- THRIFT_TRANSPORT_ERROR_RECEIVE,
- "failed to read %d bytes - %s", len, strerror(errno));
- return -1;
+ bytes = SSL_read(ssl_socket->ssl, buf, len);
+ if (bytes >= 0)
+ break;
+ int errno_copy = THRIFT_GET_SOCKET_ERROR;
+ if (SSL_get_error(ssl_socket->ssl, bytes) == SSL_ERROR_SYSCALL) {
+ if (ERR_get_error() == 0 && errno_copy == THRIFT_EINTR) {
+ continue;
+ }
+ }
+ g_set_error (error, THRIFT_TRANSPORT_ERROR,
+ THRIFT_TRANSPORT_ERROR_RECEIVE,
+ "failed to read %d bytes - %s", len, strerror(errno));
+ return -1;
}
return bytes;
}
@@ -245,7 +247,7 @@
/* implements thrift_transport_write */
gboolean
thrift_ssl_socket_write (ThriftTransport *transport, const gpointer buf,
- const guint32 len, GError **error)
+ const guint32 len, GError **error)
{
ThriftSSLSocket *ssl_socket = THRIFT_SSL_SOCKET (transport);
gint ret = 0;
@@ -254,17 +256,17 @@
g_return_val_if_fail (socket->sd != THRIFT_INVALID_SOCKET, FALSE);
while (sent < len)
- {
- ret = SSL_write (ssl_socket->ssl, (guint8 *)buf + sent, len - sent);
- if (ret < 0)
- {
- g_set_error (error, THRIFT_TRANSPORT_ERROR,
- THRIFT_TRANSPORT_ERROR_SEND,
- "failed to send %d bytes - %s", len, strerror(errno));
- return FALSE;
- }
- sent += ret;
- }
+ {
+ ret = SSL_write (ssl_socket->ssl, (guint8 *)buf + sent, len - sent);
+ if (ret < 0)
+ {
+ g_set_error (error, THRIFT_TRANSPORT_ERROR,
+ THRIFT_TRANSPORT_ERROR_SEND,
+ "failed to send %d bytes - %s", len, strerror(errno));
+ return FALSE;
+ }
+ sent += ret;
+ }
return sent==len;
}
@@ -290,16 +292,16 @@
guint sent = 0;
BIO* bio = SSL_get_wbio(ssl_socket->ssl);
if (bio == NULL) {
- g_set_error (error, THRIFT_TRANSPORT_ERROR,
- THRIFT_TRANSPORT_ERROR_SEND,
- "failed to flush, wbio returned null");
- return FALSE;
- }
- if (BIO_flush(bio) != 1) {
- g_set_error (error, THRIFT_TRANSPORT_ERROR,
- THRIFT_TRANSPORT_ERROR_SEND,
- "failed to flush it returned error");
- return FALSE;
+ g_set_error (error, THRIFT_TRANSPORT_ERROR,
+ THRIFT_TRANSPORT_ERROR_SEND,
+ "failed to flush, wbio returned null");
+ return FALSE;
+ }
+ if (BIO_flush(bio) != 1) {
+ g_set_error (error, THRIFT_TRANSPORT_ERROR,
+ THRIFT_TRANSPORT_ERROR_SEND,
+ "failed to flush it returned error");
+ return FALSE;
}
return TRUE;
}
@@ -317,14 +319,14 @@
SSL_set_fd(ssl_socket->ssl, socket->sd);
int rc;
if(ssl_socket->server){
- rc = SSL_accept(ssl_socket->ssl);
+ rc = SSL_accept(ssl_socket->ssl);
}else{
- rc = SSL_connect(ssl_socket->ssl);
+ rc = SSL_connect(ssl_socket->ssl);
}
if (rc <= 0) {
- fprintf(stderr,"The error returned was %d\n", SSL_get_error(ssl_socket->ssl, rc));
- thrift_ssl_socket_get_error(error, "Not possible to connect", THRIFT_SSL_SOCKET_ERROR_CIPHER_NOT_AVAILABLE);
- return FALSE;
+ fprintf(stderr,"The error returned was %d\n", SSL_get_error(ssl_socket->ssl, rc));
+ thrift_ssl_socket_get_error(error, "Not possible to connect", THRIFT_SSL_SOCKET_ERROR_CIPHER_NOT_AVAILABLE);
+ return FALSE;
}
}else
return FALSE;
@@ -339,27 +341,22 @@
if(socket->ctx!=NULL){
if(socket->ssl!=NULL) {
- return TRUE;
+ return TRUE;
}
socket->ssl = SSL_new(socket->ctx);
if (socket->ssl == NULL) {
- g_set_error (error, THRIFT_TRANSPORT_ERROR,
- THRIFT_SSL_SOCKET_ERROR_TRANSPORT,
- "Unable to create SSL context");
- return FALSE;
+ g_set_error (error, THRIFT_TRANSPORT_ERROR,
+ THRIFT_SSL_SOCKET_ERROR_TRANSPORT,
+ "Unable to create default SSL context");
+ return FALSE;
}
}
return TRUE;
}
-/**
- *
- * @param ssl_socket The ssl socket
- * @param file_name The file name of the PEM certificate chain
- * @return
- */
+
gboolean thrift_ssl_load_cert_from_file(ThriftSSLSocket *ssl_socket, const char *file_name)
{
char error_buffer[255];
@@ -376,12 +373,7 @@
return TRUE;
}
-/**
- * Load a certificate chain from memory
- * @param ssl_socket the ssl socket
- * @param chain_certs the buffer to load PEM from
- * @return
- */
+
gboolean thrift_ssl_load_cert_from_buffer(ThriftSSLSocket *ssl_socket, const char chain_certs[])
{
gboolean retval = FALSE;
@@ -393,13 +385,13 @@
if(cert_store!=NULL){
int index = 0;
while ((cacert = PEM_read_bio_X509(mem, NULL, 0, NULL))!=NULL) {
- if(cacert) {
- g_debug("Our certificate name is %s", cacert->name);
- X509_STORE_add_cert(cert_store, cacert);
- X509_free(cacert);
- cacert=NULL;
- } /* Free immediately */
- index++;
+ if(cacert) {
+ g_debug("Our certificate name is %s", cacert->name);
+ X509_STORE_add_cert(cert_store, cacert);
+ X509_free(cacert);
+ cacert=NULL;
+ } /* Free immediately */
+ index++;
}
retval=TRUE;
}
@@ -416,47 +408,47 @@
gboolean authorization_result = FALSE;
if(cls!=NULL && ssl_socket->ssl!=NULL){
- int rc = SSL_get_verify_result(ssl_socket->ssl);
- if (rc != X509_V_OK) { /* verify authentication result */
- if (rc == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT && ssl_socket->allow_selfsigned) {
- g_debug("The certificate is a self-signed certificate and configuration allows it");
+ int rc = SSL_get_verify_result(ssl_socket->ssl);
+ if (rc != X509_V_OK) { /* verify authentication result */
+ if (rc == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT && ssl_socket->allow_selfsigned) {
+ g_debug("The certificate is a self-signed certificate and configuration allows it");
+ } else {
+ g_error("The certificate verification failed: %s (%d)", X509_verify_cert_error_string(rc), rc);
+ return FALSE;
+ }
+ }
+
+ X509* cert = SSL_get_peer_certificate(ssl_socket->ssl);
+ if (cert == NULL) {
+ if (SSL_get_verify_mode(ssl_socket->ssl) & SSL_VERIFY_FAIL_IF_NO_PEER_CERT) {
+ g_error("No certificate present");
+ return FALSE;
+ }
+
+ g_debug("No certificate required");
+ return TRUE;
+ }
+
+ /* certificate is present, since we don't support access manager we are done */
+ if (cls->authorize_peer == NULL) {
+ X509_free(cert);
+ g_debug("Certificate presented but we're not checking it");
+ return TRUE;
} else {
- g_error("The certificate verification failed: %s (%d)", X509_verify_cert_error_string(rc), rc);
- return FALSE;
- }
- }
+ /* both certificate and access manager are present */
+ struct sockaddr_storage sa;
+ socklen_t saLength = sizeof(struct sockaddr_storage);
- X509* cert = SSL_get_peer_certificate(ssl_socket->ssl);
- if (cert == NULL) {
- if (SSL_get_verify_mode(ssl_socket->ssl) & SSL_VERIFY_FAIL_IF_NO_PEER_CERT) {
- g_error("No certificate present");
- return FALSE;
+ if (getpeername(socket->sd, (struct sockaddr*)&sa, &saLength) != 0) {
+ sa.ss_family = AF_UNSPEC;
+ }
+
+ authorization_result = cls->authorize_peer(transport, cert, &sa, error);
}
- g_debug("No certificate required");
- return TRUE;
- }
-
- /* certificate is present, since we don't support access manager we are done */
- if (cls->authorize_peer == NULL) {
- X509_free(cert);
- g_debug("Certificate presented but we're not checking it");
- return TRUE;
- } else {
- /* both certificate and access manager are present */
- struct sockaddr_storage sa;
- socklen_t saLength = sizeof(struct sockaddr_storage);
-
- if (getpeername(socket->sd, (struct sockaddr*)&sa, &saLength) != 0) {
- sa.ss_family = AF_UNSPEC;
+ if(cert != NULL) {
+ X509_free(cert);
}
-
- authorization_result = cls->authorize_peer(transport, cert, &sa, error);
- }
-
- if(cert != NULL) {
- X509_free(cert);
- }
}
return authorization_result;
@@ -473,8 +465,8 @@
if(socket->ctx == NULL) {
g_info("The SSL context was not automatically initialized with protocol %d", SSLTLS);
if(error!=NULL){
- g_info("Reported reason %s", error->message);
- g_error_free (error);
+ g_info("Reported reason %s", error->message);
+ g_error_free (error);
}
}
socket->server = FALSE;
@@ -488,19 +480,20 @@
{
ThriftSSLSocket *socket = THRIFT_SSL_SOCKET (object);
GError *error=NULL;
- g_debug("Instance %p destroyed",object);
- if(socket->ssl != NULL)
- {
- thrift_ssl_socket_close(THRIFT_TRANSPORT(object), &error);
- socket->ssl=NULL;
- }
+ if(socket!=NULL){
+ g_debug("Instance %p destroyed", (void *)socket);
+ if(socket->ssl != NULL)
+ {
+ thrift_ssl_socket_close(THRIFT_TRANSPORT(object), &error);
+ socket->ssl=NULL;
+ }
- if(socket->ctx!=NULL){
- g_debug("Freeing the context for the instance");
- SSL_CTX_free(socket->ctx);
+ if(socket->ctx!=NULL){
+ g_debug("Freeing the context for the instance");
+ SSL_CTX_free(socket->ctx);
+ }
+ socket->ctx=NULL;
}
- socket->ctx=NULL;
-
if (G_OBJECT_CLASS (thrift_ssl_socket_parent_class)->finalize)
(*G_OBJECT_CLASS (thrift_ssl_socket_parent_class)->finalize) (object);
@@ -509,7 +502,7 @@
/* property accessor */
void
thrift_ssl_socket_get_property (GObject *object, guint property_id,
- GValue *value, GParamSpec *pspec)
+ GValue *value, GParamSpec *pspec)
{
ThriftSSLSocket *socket = THRIFT_SSL_SOCKET (object);
THRIFT_UNUSED_VAR (pspec);
@@ -525,7 +518,7 @@
/* property mutator */
void
thrift_ssl_socket_set_property (GObject *object, guint property_id,
- const GValue *value, GParamSpec *pspec)
+ const GValue *value, GParamSpec *pspec)
{
ThriftSSLSocket *socket = THRIFT_SSL_SOCKET (object);
@@ -534,8 +527,8 @@
{
case PROP_THRIFT_SSL_SOCKET_CONTEXT:
if(socket->ctx!=NULL){
- g_debug("Freeing the context since we are setting a new one");
- SSL_CTX_free(socket->ctx);
+ g_debug("Freeing the context since we are setting a new one");
+ SSL_CTX_free(socket->ctx);
}
socket->ctx = g_value_get_pointer(value); // We copy the context
break;
@@ -575,13 +568,6 @@
void thrift_ssl_socket_finalize_openssl(void)
{
-
- /* FIXME This should not be here */
- if (thrift_ssl_socket_global_context != NULL) {
- SSL_CTX_free(thrift_ssl_socket_global_context);
- thrift_ssl_socket_global_context = NULL;
- }
-
if (!thrift_ssl_socket_openssl_initialized) {
return;
}
@@ -614,33 +600,18 @@
gobject_class->get_property = thrift_ssl_socket_get_property;
gobject_class->set_property = thrift_ssl_socket_set_property;
param_spec = g_param_spec_pointer ("ssl_context",
- "SSLContext",
- "Set the SSL context for handshake with the remote host",
- G_PARAM_READWRITE);
+ "SSLContext",
+ "Set the SSL context for handshake with the remote host",
+ G_PARAM_READWRITE);
g_object_class_install_property (gobject_class, PROP_THRIFT_SSL_SOCKET_CONTEXT,
- param_spec);
+ param_spec);
param_spec = g_param_spec_boolean ("ssl_accept_selfsigned",
- "Accept Self Signed",
- "Whether or not accept self signed certificate",
- FALSE,
- G_PARAM_READWRITE);
+ "Accept Self Signed",
+ "Whether or not accept self signed certificate",
+ FALSE,
+ G_PARAM_READWRITE);
g_object_class_install_property (gobject_class, PROP_THRIFT_SSL_SELF_SIGNED,
- param_spec);
-
- // This must be supported in future
- // param_spec = g_param_spec_uint ("port",
- // "port (construct)",
- // "Set the port of the remote host",
- // 0, /* min */
- // 65534, /* max */
- // 9090, /* default by convention */
- // G_PARAM_CONSTRUCT_ONLY |
- // G_PARAM_READWRITE);
- // g_object_class_install_property (gobject_class, PROP_THRIFT_SSL_SOCKET_PORT,
- // param_spec);
-
-
-
+ param_spec);
/* Class methods */
cls->handle_handshake = thrift_ssl_socket_handle_handshake;
cls->create_ssl_context = thrift_ssl_socket_create_ssl_context;
@@ -666,16 +637,30 @@
thrift_ssl_socket_new(ThriftSSLSocketProtocol ssl_protocol, GError **error)
{
ThriftSSLSocket *thriftSSLSocket = NULL;
+ SSL_CTX *ssl_context = NULL;
/* Create the context */
- if(thrift_ssl_socket_global_context==NULL){
- if((thrift_ssl_socket_global_context=thrift_ssl_socket_context_initialize(ssl_protocol, error))==NULL){
- // FIXME Do error control
- return thriftSSLSocket;
- }
+ if((ssl_context=thrift_ssl_socket_context_initialize(ssl_protocol, error))==NULL){
+ g_warning("We cannot initialize context for protocol %d", ssl_protocol);
+ return thriftSSLSocket;
}
/* FIXME if the protocol is different? */
- thriftSSLSocket = g_object_new (THRIFT_TYPE_SSL_SOCKET, "ssl_context", thrift_ssl_socket_global_context, NULL);
+ thriftSSLSocket = g_object_new (THRIFT_TYPE_SSL_SOCKET, "ssl_context", ssl_context, NULL);
+ return thriftSSLSocket;
+}
+
+ThriftSSLSocket*
+thrift_ssl_socket_new_with_host(ThriftSSLSocketProtocol ssl_protocol, gchar *hostname, guint port, GError **error)
+{
+ ThriftSSLSocket *thriftSSLSocket = NULL;
+ SSL_CTX *ssl_context = NULL;
+ /* Create the context */
+ if((ssl_context=thrift_ssl_socket_context_initialize(ssl_protocol, error))==NULL){
+ // FIXME Do error control
+ return thriftSSLSocket;
+ }
+ /* FIXME if the protocol is different? */
+ thriftSSLSocket = g_object_new (THRIFT_TYPE_SSL_SOCKET, "ssl_context", ssl_context, "hostname", hostname, "port", port, NULL);
return thriftSSLSocket;
}
@@ -688,23 +673,6 @@
}
-ThriftSSLSocket*
-thrift_ssl_socket_new_with_host(ThriftSSLSocketProtocol ssl_protocol, gchar *hostname, guint port, GError **error)
-{
- ThriftSSLSocket *thriftSSLSocket = NULL;
- /* Create the context */
- if(thrift_ssl_socket_global_context==NULL){
- if((thrift_ssl_socket_global_context=thrift_ssl_socket_context_initialize(ssl_protocol, error))==NULL){
- // FIXME Do error control
- return thriftSSLSocket;
- }
- }
- /* FIXME if the protocol is different? */
- thriftSSLSocket = g_object_new (THRIFT_TYPE_SSL_SOCKET, "ssl_context", thrift_ssl_socket_global_context, "hostname", hostname, "port", port, NULL);
- return thriftSSLSocket;
-}
-
-
SSL_CTX*
thrift_ssl_socket_context_initialize(ThriftSSLSocketProtocol ssl_protocol, GError **error)
{
@@ -729,8 +697,8 @@
break;
default:
g_set_error (error, THRIFT_TRANSPORT_ERROR,
- THRIFT_SSL_SOCKET_ERROR_CIPHER_NOT_AVAILABLE,
- "The SSL protocol is unknown for %d", ssl_protocol);
+ THRIFT_SSL_SOCKET_ERROR_CIPHER_NOT_AVAILABLE,
+ "The SSL protocol is unknown for %d", ssl_protocol);
return NULL;
break;
}
@@ -757,13 +725,13 @@
while ((error_code = ERR_get_error()) != 0) {
const char* reason = ERR_reason_error_string(error_code);
if (reason == NULL) {
- g_set_error (error, THRIFT_TRANSPORT_ERROR,
- thrift_error_no,
- "SSL error %lX: %s", error_code, error_msg);
+ g_set_error (error, THRIFT_TRANSPORT_ERROR,
+ thrift_error_no,
+ "SSL error %lX: %s", error_code, error_msg);
}else{
- g_set_error (error, THRIFT_TRANSPORT_ERROR,
- thrift_error_no,
- "SSL error %lX %s: %s", error_code,reason, error_msg);
+ g_set_error (error, THRIFT_TRANSPORT_ERROR,
+ thrift_error_no,
+ "SSL error %lX %s: %s", error_code,reason, error_msg);
}
}
}
diff --git a/lib/c_glib/src/thrift/c_glib/transport/thrift_ssl_socket.h b/lib/c_glib/src/thrift/c_glib/transport/thrift_ssl_socket.h
index 0153495..0d415b2 100644
--- a/lib/c_glib/src/thrift/c_glib/transport/thrift_ssl_socket.h
+++ b/lib/c_glib/src/thrift/c_glib/transport/thrift_ssl_socket.h
@@ -143,16 +143,66 @@
void thrift_ssl_socket_set_manager(ThriftSSLSocket *ssl_socket, AUTHORIZATION_MANAGER_CALLBACK callback);
/* This is the SSL API */
+/**
+ * Convenience function to create a new SSL context with the protocol specified
+ * and assign this new context to the created ThriftSSLSocket with specified host:port.
+ * @param ssl_protocol
+ * @param hostname
+ * @param port
+ * @param error
+ * @return
+ */
ThriftSSLSocket*
thrift_ssl_socket_new_with_host(ThriftSSLSocketProtocol ssl_protocol, gchar *hostname, guint port, GError **error);
+
+/**
+ * Convenience function to create a new SSL context with the protocol specified
+ * and assign this new context to the created ThriftSSLSocket.
+ * @param ssl_protocol
+ * @param error
+ * @return
+ */
ThriftSSLSocket*
thrift_ssl_socket_new(ThriftSSLSocketProtocol ssl_protocol, GError **error);
+
+/**
+ * Load a certificate chain from a PEM file.
+ * @param ssl_socket The ssl socket
+ * @param file_name The file name of the PEM certificate chain
+ * @return
+ */
gboolean
thrift_ssl_load_cert_from_file(ThriftSSLSocket *ssl_socket, const char *file_name);
+
+/**
+ * Load a certificate chain from memory
+ * @param ssl_socket the ssl socket
+ * @param chain_certs the buffer to load PEM from
+ * @return
+ */
gboolean
thrift_ssl_load_cert_from_buffer(ThriftSSLSocket *ssl_socket, const char chain_certs[]);
/**
+ * Check if the ssl socket is open and ready to send and receive
+ * @param transport
+ * @return true if open
+ */
+gboolean
+thrift_ssl_socket_is_open (ThriftTransport *transport);
+
+
+/**
+ * Open connection if required and set the socket to be ready to send and receive
+ * @param transport
+ * @param error
+ * @return true if operation was correct
+ */
+gboolean
+thrift_ssl_socket_open (ThriftTransport *transport, GError **error);
+
+
+/**
* @brief Initialization function
*
* It will initialize OpenSSL function. This initialization will be done app