WIP: support configurable certificates/keys, and root trust CAs (#114)

* wip: tls options implemented in openssl * update naming, remove #define guard * assert compiled with USE_TLS for tls options * apply autoformatter * include tls options impl * style cleanup; auto ssl_err * ssl_err -> sslErr * be explicit about SSL_VERIFY_NONE
2019-09-22 18:06:15 -07:00
parent ed4be773a2
commit 408ee41990
11 changed files with 222 additions and 70 deletions
--- a/ixwebsocket/IXSocketTLSOptions.h
+++ b/ixwebsocket/IXSocketTLSOptions.h
@ -0,0 +1,32 @@
+/*
+ *  IXSocketTLSOptions.h
+ *  Author: Benjamin Sergeant
+ *  Copyright (c) 2017-2018 Machine Zone, Inc. All rights reserved.
+ */
+
+#pragma once
+
+#include <string>
+
+namespace ix
+{
+    struct SocketTLSOptions
+    {
+        SocketTLSOptions();
+
+        // the certificate presented to peers
+        std::string certFile;
+        // the key used for signing/encryption
+        std::string keyFile;
+        // the ca certificate (or certificate bundle) file containing 
+        // certificates to be trusted by peers; use 'SYSTEM' to
+        // leverage the system defaults, use 'NONE' to disable peer verification
+        std::string caFile = "SYSTEM";
+
+        bool isUsingClientCert() const;
+
+        bool isUsingSystemDefaults() const;
+
+        bool isPeerVerifyDisabled() const;
+    };
+} // namespace ix