00001
00002
00003
00004
00005
00006
00007
00008
00009
00010
00011
00012
00013
00014
00015
00016
00017
00018
00019
00020
00024 #ifndef SOCKETS_SSL_H
00025 #define SOCKETS_SSL_H
00026
00027
00028
00029 #if HAVE_OPENSSL
00030 # include <openssl/ssl.h>
00031 #endif
00032
00033
00034
00035 namespace sockets
00036 {
00037
00038
00039
00040 class SSLInfo;
00041 class TCPClient;
00042
00043
00044
00046
00047 class X509StoreContext
00048 {
00049 #if HAVE_OPENSSL
00050 public:
00052 X509StoreContext(X509_STORE_CTX *x509_ctx) :
00053 m_x509_ctx(x509_ctx) { }
00054
00056 X509_STORE_CTX *x509_ctx() const { return m_x509_ctx; }
00057
00059 int error() const;
00060 private:
00061 X509_STORE_CTX *m_x509_ctx;
00062 #endif
00063 };
00064
00065
00066
00068
00075 class SSLContext
00076 {
00077 public:
00078
00079
00081 friend class SSLInfo;
00082
00084
00086 class Events
00087 {
00088 public:
00090 Events(SSLContext &ctx) : m_context(ctx) { }
00092 virtual ~Events() { }
00093
00095
00107 virtual int on_getpass(char *buf, int size, int rwflag)
00108 { return 0; }
00109
00111
00122 virtual int on_verify(int preverify_ok, SSLInfo *si,
00123 X509StoreContext &x509_ctx) { return preverify_ok; }
00124
00126 virtual void on_handshake(SSLInfo &si) { }
00127
00129 virtual void on_error(SSLInfo &si, char const *error) { }
00130
00132 virtual bool is_context_owner() const { return false; }
00133
00135 SSLContext const &context() const { return m_context; }
00136 private:
00137 SSLContext &m_context;
00138 };
00139
00140
00141
00143 enum
00144 {
00146 ctServer = 1,
00148 ctClient = 2,
00149
00151 ctMin = ctServer,
00153 ctMax = ctClient
00154 };
00155
00157 enum
00158 {
00160 cmSSLv2 = 0x1,
00162 cmSSLv3 = 0x2,
00164 cmTLSv1 = 0x4,
00166 cmAny = (cmSSLv2 | cmSSLv2 | cmTLSv1)
00167 };
00168
00170 enum
00171 {
00173 vmVerify = 0x0001,
00175 vmFailIfNoPeerCert = 0x0004,
00177 vmClientOnce = 0x0008
00178 };
00179
00180
00181
00183 static void init();
00184
00186
00196 static SSLContext *factory(uint8_t type, uint16_t methods);
00197
00198
00199
00201 ~SSLContext();
00202
00204
00206 SSLInfo *create(TCPClient &client) const;
00207
00209
00215 void reject_methods(uint16_t methods);
00216
00218
00226 void verify(uint16_t mode);
00227
00229
00236 bool verify_certificate_file(char const *file);
00237
00239 Events *events() const { return m_events; }
00241
00245 void events(Events *events) { m_events = events; }
00246
00248
00253 bool is_session_caching() const;
00255 void set_session_caching(bool value);
00256
00258
00263 bool certificate_chain(char const *file);
00264
00266
00271 bool private_key_file(char const *file);
00272
00274 bool private_key_check() const;
00275
00277 uint8_t type() const { return m_type; }
00279 uint16_t methods() const { return m_methods; }
00280
00282 char const *error() const;
00283 private:
00284 #if HAVE_OPENSSL
00285 mutable SSL_CTX *m_ctx;
00286 #endif
00287 Events *m_events;
00288
00289 uint8_t m_type;
00290 uint16_t m_methods;
00291
00292 SSLContext(uint8_t type, uint16_t methods);
00293
00294 SSLContext(SSLContext const &);
00295 SSLContext &operator=(SSLContext const &);
00296 };
00297
00298
00299
00301
00306 class SSLInfo
00307 {
00308 public:
00310 friend class SSLContext;
00311
00313 ~SSLInfo();
00314
00316
00321 bool assign(int fd);
00322
00324
00332 ssize_t read(void *buf, size_t len);
00333
00335
00342 ssize_t write(void const *buf, size_t len);
00343
00345
00354 int shutdown();
00355
00357 bool got_shutdown() const;
00359 bool sent_shutdown() const;
00360
00362 char const *version() const;
00363
00365 char const *cipher_version() const;
00367 char const *cipher_name() const;
00369 char const *cipher_desc() const;
00370
00372 char const *peer_cert_key() const;
00373
00375 SSLContext &context() const { return m_context; }
00377 TCPClient &client() const { return m_client; }
00378 private:
00379
00380
00381 enum
00382 {
00383 uwfRead = 1,
00384 uwfWrite = 2,
00385 uwfShutdown = 3
00386 };
00387
00388
00389 #if HAVE_OPENSSL
00390 mutable SSL *m_ssl;
00391 #endif
00392 SSLContext &m_context;
00393 TCPClient &m_client;
00394
00395
00396 SSLInfo(SSLContext &context, TCPClient &client);
00397
00398 SSLInfo(SSLInfo const &);
00399 SSLInfo &operator=(SSLInfo const &);
00400
00401 void set_handshake();
00402 bool update_watch(int ret, uint8_t from);
00403 };
00404
00405
00406
00407 }
00408
00409
00410
00411 #endif