ssl.h

Go to the documentation of this file.
00001 /* OpenSSL encapsulation.
00002  *
00003  * PegSoft sockets library (c) 2007 PegSoft
00004  * Contact us at pegsoft@pegsoft.net
00005  *
00006  * This program is free software; you can redistribute it and/or modify
00007  * it under the terms of the GNU General Public License as published by
00008  * the Free Software Foundation; either version 2 of the License, or
00009  * (at your option) any later version.
00010  *
00011  * This program is distributed in the hope that it will be useful,
00012  * but WITHOUT ANY WARRANTY; without even the implied warranty of
00013  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
00014  * GNU General Public License for more details.
00015  *
00016  * You should have received a copy of the GNU General Public License
00017  * along with this program (see the file COPYING); if not, write to the
00018  * Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
00019  */
00020 
00024 #ifndef SOCKETS_SSL_H
00025 #define SOCKETS_SSL_H
00026 
00027 /*************************************************************************/
00028 
00029 #if HAVE_OPENSSL
00030 # include <openssl/ssl.h>
00031 #endif
00032 
00033 /*************************************************************************/
00034 
00035 namespace sockets
00036 {
00037 
00038 /*************************************************************************/
00039 
00040 class SSLInfo;
00041 class TCPClient;
00042 
00043 /*************************************************************************/
00044 
00046 
00047 class X509StoreContext
00048 {
00049 #if HAVE_OPENSSL
00050     public:
00052         X509StoreContext(X509_STORE_CTX *x509_ctx) : 
00053                 m_x509_ctx(x509_ctx) { }
00054         
00056         X509_STORE_CTX *x509_ctx() const { return m_x509_ctx; }
00057         
00059         int error() const;
00060     private:
00061         X509_STORE_CTX *m_x509_ctx;
00062 #endif
00063 };
00064 
00065 /*************************************************************************/
00066 
00068 
00075 class SSLContext
00076 {
00077     public:
00078         /* Classes */
00079         
00081         friend class SSLInfo;
00082         
00084 
00086         class Events
00087         {
00088             public:
00090                 Events(SSLContext &ctx) : m_context(ctx) { }
00092                 virtual ~Events() { }
00093                 
00095 
00107                 virtual int on_getpass(char *buf, int size, int rwflag)
00108                         { return 0; }
00109                 
00111 
00122                 virtual int on_verify(int preverify_ok, SSLInfo *si,
00123                         X509StoreContext &x509_ctx) { return preverify_ok; }
00124                 
00126                 virtual void on_handshake(SSLInfo &si) { }
00127                 
00129                 virtual void on_error(SSLInfo &si, char const *error) { }
00130                 
00132                 virtual bool is_context_owner() const { return false; }
00133                 
00135                 SSLContext const &context() const { return m_context; }
00136             private:
00137                 SSLContext &m_context;
00138         };
00139         
00140         /* Constants */
00141         
00143         enum
00144         {
00146             ctServer = 1,
00148             ctClient = 2,
00149             
00151             ctMin = ctServer,
00153             ctMax = ctClient
00154         };
00155         
00157         enum
00158         {
00160             cmSSLv2 = 0x1,
00162             cmSSLv3 = 0x2,
00164             cmTLSv1 = 0x4,
00166             cmAny = (cmSSLv2 | cmSSLv2 | cmTLSv1)
00167         };
00168         
00170         enum
00171         {
00173             vmVerify = 0x0001,
00175             vmFailIfNoPeerCert = 0x0004,
00177             vmClientOnce = 0x0008
00178         };
00179             
00180         /* Functions */
00181         
00183         static void init();
00184         
00186 
00196         static SSLContext *factory(uint8_t type, uint16_t methods);
00197         
00198         /* Methods */
00199         
00201         ~SSLContext();
00202         
00204 
00206         SSLInfo *create(TCPClient &client) const;
00207         
00209 
00215         void reject_methods(uint16_t methods);
00216         
00218 
00226         void verify(uint16_t mode);
00227         
00229 
00236         bool verify_certificate_file(char const *file);
00237         
00239         Events *events() const { return m_events; }
00241 
00245         void events(Events *events) { m_events = events; }
00246         
00248 
00253         bool is_session_caching() const;
00255         void set_session_caching(bool value);
00256         
00258 
00263         bool certificate_chain(char const *file);
00264         
00266 
00271         bool private_key_file(char const *file);
00272         
00274         bool private_key_check() const;
00275         
00277         uint8_t type() const { return m_type; }
00279         uint16_t methods() const { return m_methods; }
00280         
00282         char const *error() const;
00283     private:
00284 #if HAVE_OPENSSL
00285         mutable SSL_CTX *m_ctx;
00286 #endif
00287         Events *m_events;
00288 
00289         uint8_t m_type;
00290         uint16_t m_methods;
00291 
00292         SSLContext(uint8_t type, uint16_t methods);
00293         
00294         SSLContext(SSLContext const &);
00295         SSLContext &operator=(SSLContext const &);
00296 };
00297 
00298 /*************************************************************************/
00299 
00301 
00306 class SSLInfo
00307 {
00308     public:
00310         friend class SSLContext;
00311         
00313         ~SSLInfo();
00314         
00316 
00321         bool assign(int fd);
00322         
00324 
00332         ssize_t read(void *buf, size_t len);
00333         
00335 
00342         ssize_t write(void const *buf, size_t len);
00343         
00345 
00354         int shutdown();
00355         
00357         bool got_shutdown() const;
00359         bool sent_shutdown() const;
00360         
00362         char const *version() const;
00363         
00365         char const *cipher_version() const;
00367         char const *cipher_name() const;
00369         char const *cipher_desc() const;
00370         
00372         char const *peer_cert_key() const;
00373         
00375         SSLContext &context() const { return m_context; }
00377         TCPClient &client() const { return m_client; }
00378     private:
00379         /* Constants */
00380         
00381         enum
00382         {
00383             uwfRead = 1,
00384             uwfWrite = 2,
00385             uwfShutdown = 3
00386         };
00387         
00388         /* Data */
00389 #if HAVE_OPENSSL
00390         mutable SSL *m_ssl;
00391 #endif
00392         SSLContext &m_context;
00393         TCPClient &m_client;
00394         
00395         /* Methods */       
00396         SSLInfo(SSLContext &context, TCPClient &client);
00397 
00398         SSLInfo(SSLInfo const &);
00399         SSLInfo &operator=(SSLInfo const &);
00400         
00401         void set_handshake();
00402         bool update_watch(int ret, uint8_t from);
00403 };
00404 
00405 /*************************************************************************/
00406 
00407 } /* namespace sockets */
00408 
00409 /*************************************************************************/
00410 
00411 #endif /* SOCKETS_SSL_H */

Generated on Fri Apr 18 22:03:27 2008 for Epona API by  doxygen 1.5.3