408ee41990
* wip: tls options implemented in openssl * update naming, remove #define guard * assert compiled with USE_TLS for tls options * apply autoformatter * include tls options impl * style cleanup; auto ssl_err * ssl_err -> sslErr * be explicit about SSL_VERIFY_NONE
57 lines
1.7 KiB
C++
57 lines
1.7 KiB
C++
/*
|
|
* IXSocketOpenSSL.h
|
|
* Author: Benjamin Sergeant
|
|
* Copyright (c) 2017-2018 Machine Zone, Inc. All rights reserved.
|
|
*/
|
|
|
|
#pragma once
|
|
|
|
#include "IXCancellationRequest.h"
|
|
#include "IXSocket.h"
|
|
#include "IXSocketTLSOptions.h"
|
|
#include <mutex>
|
|
#include <openssl/bio.h>
|
|
#include <openssl/conf.h>
|
|
#include <openssl/err.h>
|
|
#include <openssl/hmac.h>
|
|
#include <openssl/ssl.h>
|
|
|
|
namespace ix
|
|
{
|
|
class SocketOpenSSL final : public Socket
|
|
{
|
|
public:
|
|
SocketOpenSSL(const SocketTLSOptions& tlsOptions, int fd = -1);
|
|
~SocketOpenSSL();
|
|
|
|
virtual bool connect(const std::string& host,
|
|
int port,
|
|
std::string& errMsg,
|
|
const CancellationRequest& isCancellationRequested) final;
|
|
virtual void close() final;
|
|
|
|
virtual ssize_t send(char* buffer, size_t length) final;
|
|
virtual ssize_t send(const std::string& buffer) final;
|
|
virtual ssize_t recv(void* buffer, size_t length) final;
|
|
|
|
private:
|
|
void openSSLInitialize();
|
|
std::string getSSLError(int ret);
|
|
SSL_CTX* openSSLCreateContext(std::string& errMsg);
|
|
bool openSSLHandshake(const std::string& hostname, std::string& errMsg);
|
|
bool openSSLCheckServerCert(SSL* ssl, const std::string& hostname, std::string& errMsg);
|
|
bool checkHost(const std::string& host, const char* pattern);
|
|
|
|
SSL* _ssl_connection;
|
|
SSL_CTX* _ssl_context;
|
|
const SSL_METHOD* _ssl_method;
|
|
SocketTLSOptions _tlsOptions;
|
|
|
|
mutable std::mutex _mutex; // OpenSSL routines are not thread-safe
|
|
|
|
static std::once_flag _openSSLInitFlag;
|
|
static std::atomic<bool> _openSSLInitializationSuccessful;
|
|
};
|
|
|
|
} // namespace ix
|