Bond's TCP Library  1.0
Bond's TCP Client/Server Library
tcpssl.h
Go to the documentation of this file.
1 
11 #ifndef TCP_SSL_H
12 #define TCP_SSL_H
13 
14 #include <string>
15 #include <openssl/ssl.h>
16 #include "tcpsocket.h"
17 
18 namespace tcp {
19 
20 using namespace std;
21 
26 void initSSLLibrary();
27 
31 void freeSSLLibrary();
32 
34 void printSSLErrors();
35 
36 class DataSocket;
37 
38 enum class SSLMode { CLIENT, SERVER };
39 
41 class SSLContext {
42  public:
43 
46  SSLContext(SSLMode mode);
47 
49  virtual ~SSLContext();
50 
57  void setOptions(bool verifypeer = false, bool compression = true, bool tlsonly = false);
58 
62  bool useDefaultVerifyPaths() { return setVerifyPaths(NULL,NULL); }
63 
70  bool setVerifyPaths(const char *cafile = NULL, const char *capath = NULL);
71  bool setVerifyPaths(string &cafile, string &capath);
72 
85  bool setCertificateAndKey(const char *certfile, const char *keyfile);
86 
88  void setPrivateKeyPassword(string value) { keypass_ = value; }
89 
98  virtual int passwordCallback(char *buf, int size, int rwflag);
99 
100  protected:
101  SSL_CTX *ctx_;
102  SSLMode mode_;
103  friend class SSL;
104  private:
105  string keypass_;
106 };
107 
109 class SSL {
110  public:
115  SSL(DataSocket &owner, SSLContext &context);
116 
118  virtual ~SSL();
119 
125  void setOptions(bool verifypeer = false);
126 
137  bool setCertificateAndKey(const char *certfile, const char *keyfile);
138 
140  void setPrivateKeyPassword(string value) { keypass_ = value; }
141 
150  virtual int passwordCallback(char *buf, int size, int rwflag);
151 
156  bool setfd(int socket);
157 
159  string &getSubjectName();
160 
162  bool verifyResult();
163 
165  bool connect();
166 
168  bool accept();
169 
176  size_t read(void *buffer, size_t size);
177 
184  size_t write(const void *buffer, size_t size);
185 
189  void clear();
190 
192  void shutdown();
193 
195  bool requiresCertPostValidation { false };
196 
198  void setHostname(const string value) { hostname_ = value; }
199 
200  protected:
201 
207  bool performCertPostValidation();
208 
214  virtual bool validateSubjectName(const string &subjectName, const string &hostName);
215 
216  DataSocket &owner_;
217  SSLMode mode_;
218  ::SSL *ssl_;
219  friend class SSLContext;
220  private:
221  void wantsRead();
222  void wantsWrite();
223  string subjectName_;
224  string hostname_;
225  string keypass_;
226 };
227 
233 int wildcmp(const char *wild, const char *string);
234 
235 } // namespace
236 
237 #endif
tcp::freeSSLLibrary
void freeSSLLibrary()
Free up resources created by the openSSL library.
Definition: tcpssl.cpp:32
tcp::printSSLErrors
void printSSLErrors()
This method logs openSSL errors to cerr.
Definition: tcpssl.cpp:56
tcp::SSLContext::mode_
SSLMode mode_
The mode of the context object is passed to SSL objects created from this context.
Definition: tcpssl.h:102
tcpsocket.h
Shared base classes for tcpclient.h and tcpserver.h.
tcp::DataSocket
Represents a buffered socket that can send and receive data using optional SSL encryption.
Definition: tcpsocket.h:159
tcp::SSL
Encapsulates an SSL connection data structure.
Definition: tcpssl.h:109
tcp::SSLContext::setPrivateKeyPassword
void setPrivateKeyPassword(string value)
Sets the value of the private key password.
Definition: tcpssl.h:88
tcp::initSSLLibrary
void initSSLLibrary()
Initialize the openSSL library.
Definition: tcpssl.cpp:19
tcp::SSL::setHostname
void setHostname(const string value)
A client/server may store the internal hostname property for certificate post validation.
Definition: tcpssl.h:198
tcp::SSLContext
Encapsulates an openSSL SSL_CTX record.
Definition: tcpssl.h:41
tcp::SSLContext::useDefaultVerifyPaths
bool useDefaultVerifyPaths()
Use the default operating system certificate store for validation.
Definition: tcpssl.h:62
tcp::SSL::ssl_
::SSL * ssl_
The openSSL handle for API calls.
Definition: tcpssl.h:218
tcp::wildcmp
int wildcmp(const char *wild, const char *string)
Wildcard compare function.
Definition: tcpssl.cpp:62
tcp::SSL::setPrivateKeyPassword
void setPrivateKeyPassword(string value)
Sets the value of the private key password.
Definition: tcpssl.h:140
tcp::SSL::owner_
DataSocket & owner_
A reference to the socket
Definition: tcpssl.h:216
tcp::SSL::mode_
SSLMode mode_
Either SERVER or CLIENT
Definition: tcpssl.h:217
tcp::SSLContext::ctx_
SSL_CTX * ctx_
The openSSL context object.
Definition: tcpssl.h:101
tcp
A tcp client/server library for linux that supports openSSL and EPoll.
Definition: tcpclient.cpp:5