37#ifndef BLOCXX_SSLCtxMgr_HPP_INCLUDE_GUARD_
38#define BLOCXX_SSLCtxMgr_HPP_INCLUDE_GUARD_
39#include "blocxx/BLOCXX_config.h"
45#ifdef BLOCXX_HAVE_OPENSSL
47#include <openssl/crypto.h>
48#include <openssl/ssl.h>
49#include <openssl/bio.h>
50#define BLOCXX_SSLCTX_MAX_CN_LEN 256
51#define BLOCXX_SSL_RETRY_LIMIT 20
62typedef int (*certVerifyFuncPtr_t)(X509* cert,
const String& hostName);
65class BLOCXX_COMMON_API SSLCtxMgr
71 static int pem_passwd_cb(
char* buf,
int size,
int rwflag,
void *userData);
79 static bool checkClientCert(SSL* ssl,
const String& hostName);
87 static bool checkServerCert(SSL* ssl,
const String& hostName);
95 static void initClient(
const String& certFile = String(),
const String& keyFile = String());
103 static void initServer(
const String& certFile,
const String& keyFile = String());
108 static SSL_CTX* getSSLCtxServer()
116 static SSL_CTX* getSSLCtxClient()
128 static int sslRead(SSL* ssl,
char* buf,
int len);
137 static int sslWrite(SSL* ssl,
const char* buf,
int len);
142 static bool isClient() {
return m_ctxClient != NULL; }
147 static bool isServer() {
return m_ctxServer != NULL; }
153 static void setClientCertVerifyCallback(certVerifyFuncPtr_t cbfunc)
154 { m_clientCertVerifyCB = cbfunc; }
160 static void setServerCertVerifyCallback(certVerifyFuncPtr_t cbfunc)
161 { m_serverCertVerifyCB = cbfunc; }
163 static void uninit();
167 static void generateEphRSAKey(SSL_CTX* ctx);
169 static String getOpenSSLErrorDescription();
180 static void disableSSLInit();
189 static void disableLocks();
191 static Bool getSSLInitDisabled();
192 static Bool getSSLLocksDisabled();
196 friend class SSLCtxBase;
198 static SSL_CTX* m_ctxClient;
199 static SSL_CTX* m_ctxServer;
200 static certVerifyFuncPtr_t m_clientCertVerifyCB;
201 static certVerifyFuncPtr_t m_serverCertVerifyCB;
206 static SSL_CTX* initCtx(
const String& certfile,
const String& keyfile,
211 static void loadDHParams(SSL_CTX* ctx,
const String& file);
212 static void uninitServer();
213 static void uninitClient();
217 SSLCtxMgr(
const SSLCtxMgr&);
218 SSLCtxMgr& operator=(
const SSLCtxMgr&);
223 static bool checkCert(SSL* ssl,
const String& hostName, certVerifyFuncPtr_t cbFunc);
227struct BLOCXX_COMMON_API SSLOpts
241 VerifyMode_t verifyMode;
247class BLOCXX_COMMON_API SSLCtxBase
250 SSL_CTX* getSSLCtx()
const;
253 SSLCtxBase(
const SSLOpts& opts);
254 virtual ~SSLCtxBase();
262 SSLServerCtx(
const SSLOpts& opts);
263 static const int SSL_DATA_INDEX = 0;
270 SSLClientCtx(
const SSLOpts& opts = SSLOpts());
277 SSLTrustStore(
const String& storeLocation);
278 void addCertificate(X509* cert,
const String& user,
const String& uid);
279 bool getUser(
const String& certhash, String& user, String& uid);
281 static String getCertMD5Fingerprint(X509* cert);
292#pragma warning (push)
293#pragma warning (disable: 4251)
296 Map<String, UserInfo> m_map;
309struct BLOCXX_COMMON_API OWSSLContext
311 enum CertVerifyState_t
319 CertVerifyState_t peerCertPassedVerify;
327namespace BLOCXX_NAMESPACE
This String class is an abstract data type that represents as NULL terminated string of characters.