de/d57/openssl__tls_8h_source.html

 // Copyright (C) 2021 Internet Systems Consortium, Inc. ("ISC")

 //

 // This Source Code Form is subject to the terms of the Mozilla Public

 // License, v. 2.0. If a copy of the MPL was not distributed with this

 // file, You can obtain one at http://mozilla.org/MPL/2.0/.


 // Do not include this header directly: use crypto_tls.h instead.


 #ifndef OPENSSL_TLS_H

 #define OPENSSL_TLS_H


 #ifdef WITH_OPENSSL


 #include <asiolink/asio_wrapper.h>

 #include <asiolink/io_asio_socket.h>

 #include <asiolink/io_service.h>

 #include <asiolink/common_tls.h>


 #include <boost/asio/ssl.hpp>


 namespace isc {

 namespace asiolink {


 inline boost::asio::ssl::stream_base::handshake_type roleToImpl(TlsRole role) {

     if (role == TlsRole::SERVER) {

         return (boost::asio::ssl::stream_base::server);

     } else {

         return (boost::asio::ssl::stream_base::client);

     }

 }


 class TlsContext : public TlsContextBase {

 public:


     virtual ~TlsContext() { }


     explicit TlsContext(TlsRole role);


     boost::asio::ssl::context& getContext();


     ::SSL_CTX* getNativeContext();


     virtual bool getCertRequired() const;


 protected:

     virtual void setCertRequired(bool cert_required);


     virtual void loadCaFile(const std::string& ca_file);


     virtual void loadCaPath(const std::string& ca_path);


     virtual void loadCertFile(const std::string& cert_file);


     virtual void loadKeyFile(const std::string& key_file);


     bool cert_required_;


     boost::asio::ssl::context context_;


     friend class TlsContextBase;

 };


 typedef boost::asio::ssl::stream<boost::asio::ip::tcp::socket> TlsStreamImpl;


 template <typename Callback, typename TlsStreamImpl>

 TlsStreamBase<Callback, TlsStreamImpl>::

 TlsStreamBase(IOService& service, TlsContextPtr context)

     : TlsStreamImpl(service.get_io_service(), context->getContext()),

       role_(context->getRole()) {

 }


 template <typename Callback>

 class TlsStream : public TlsStreamBase<Callback, TlsStreamImpl> {

 public:


     typedef TlsStreamBase<Callback, TlsStreamImpl> Base;


     TlsStream(IOService& service, TlsContextPtr context)

         : Base(service, context) {

     }


     virtual ~TlsStream() { }


     virtual void handshake(Callback& callback) {

         Base::async_handshake(roleToImpl(Base::getRole()), callback);

     }


     virtual void shutdown(Callback& callback) {

         Base::async_shutdown(callback);

     }


     virtual std::string getSubject() {

         ::X509* cert = ::SSL_get_peer_certificate(this->native_handle());

         if (!cert) {

             return ("");

         }

         ::X509_NAME *name = ::X509_get_subject_name(cert);

         int loc = ::X509_NAME_get_index_by_NID(name, NID_commonName, -1);

         ::X509_NAME_ENTRY* ne = ::X509_NAME_get_entry(name, loc);

         if (!ne) {

             ::X509_free(cert);

             return ("");

         }

         unsigned char* buf = 0;

         int len = ::ASN1_STRING_to_UTF8(&buf, ::X509_NAME_ENTRY_get_data(ne));

         if (len < 0) {

             ::X509_free(cert);

             return ("");

         }

         std::string ret(reinterpret_cast<char*>(buf), static_cast<size_t>(len));

         ::OPENSSL_free(buf);

         ::X509_free(cert);

         return (ret);

     }


     virtual std::string getIssuer() {

         ::X509* cert = ::SSL_get_peer_certificate(this->native_handle());

         if (!cert) {

             return ("");

         }

         ::X509_NAME *name = ::X509_get_issuer_name(cert);

         int loc = ::X509_NAME_get_index_by_NID(name, NID_commonName, -1);

         ::X509_NAME_ENTRY* ne = ::X509_NAME_get_entry(name, loc);

         if (!ne) {

             ::X509_free(cert);

             return ("");

         }

         unsigned char* buf = 0;

         int len = ::ASN1_STRING_to_UTF8(&buf, ::X509_NAME_ENTRY_get_data(ne));

         if (len < 0) {

             ::X509_free(cert);

             return ("");

         }

         std::string ret(reinterpret_cast<char*>(buf), static_cast<size_t>(len));

         ::OPENSSL_free(buf);

         ::X509_free(cert);

         return (ret);

     }

 };


 // Stream truncated error code.

 #ifdef HAVE_STREAM_TRUNCATED_ERROR

 const int STREAM_TRUNCATED = boost::asio::ssl::error::stream_truncated;

 #else

 const int STREAM_TRUNCATED = ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SHORT_READ);

 #endif


 } // namespace asiolink

 } // namespace isc


 #endif // WITH_OPENSSL


 #endif // OPENSSL_TLS_H

isc::asiolink::SERVER
Definition: common_tls.h:31

io_asio_socket.h

isc::asiolink::TlsContextPtr
boost::shared_ptr< TlsContext > TlsContextPtr
The type of shared pointers to TlsContext objects.
Definition: common_tls.h:34

io_service.h

common_tls.h
Common TLS API.

asio_wrapper.h

isc
Defines the logger used by the top-level component of kea-dhcp-ddns.
Definition: agent_parser.cc:143

isc::asiolink::TlsStreamBase::TlsStreamBase
TlsStreamBase(IOService &service, TlsContextPtr context)
Constructor.

asiolink
A wrapper interface for the ASIO library.

isc::asiolink::TlsRole
TlsRole
Client and server roles.
Definition: common_tls.h:31