use boost ssl
This commit is contained in:
Antonio Andelic
János Benjamin Antal
parent
477acad1f6
commit
b33d2c3940
@ -74,28 +74,26 @@ SSL_CTX *ClientContext::context() { return ctx_; }
|
||||
bool ClientContext::use_ssl() { return use_ssl_; }
|
||||
|
||||
ServerContext::ServerContext(const std::string &key_file, const std::string &cert_file, const std::string &ca_file,
|
||||
bool verify_peer)
|
||||
:
|
||||
bool verify_peer) {
|
||||
#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
||||
ctx_(SSL_CTX_new(SSLv23_server_method()))
|
||||
auto *ctx = SSL_CTX_new(SSLv23_server_method());
|
||||
#else
|
||||
ctx_(SSL_CTX_new(TLS_server_method()))
|
||||
auto *ctx = SSL_CTX_new(TLS_server_method());
|
||||
#endif
|
||||
{
|
||||
// TODO (mferencevic): add support for encrypted private keys
|
||||
// TODO (mferencevic): add certificate revocation list (CRL)
|
||||
MG_ASSERT(SSL_CTX_use_certificate_file(ctx_, cert_file.c_str(), SSL_FILETYPE_PEM) == 1,
|
||||
MG_ASSERT(SSL_CTX_use_certificate_file(ctx, cert_file.c_str(), SSL_FILETYPE_PEM) == 1,
|
||||
"Couldn't load server certificate from file: {}", cert_file);
|
||||
MG_ASSERT(SSL_CTX_use_PrivateKey_file(ctx_, key_file.c_str(), SSL_FILETYPE_PEM) == 1,
|
||||
MG_ASSERT(SSL_CTX_use_PrivateKey_file(ctx, key_file.c_str(), SSL_FILETYPE_PEM) == 1,
|
||||
"Couldn't load server private key from file: {}", key_file);
|
||||
|
||||
// Disable legacy SSL support. Other options can be seen here:
|
||||
// https://www.openssl.org/docs/man1.0.2/ssl/SSL_CTX_set_options.html
|
||||
SSL_CTX_set_options(ctx_, SSL_OP_NO_SSLv3);
|
||||
SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv3);
|
||||
|
||||
if (ca_file != "") {
|
||||
// Load the certificate authority file.
|
||||
MG_ASSERT(SSL_CTX_load_verify_locations(ctx_, ca_file.c_str(), nullptr) == 1,
|
||||
MG_ASSERT(SSL_CTX_load_verify_locations(ctx, ca_file.c_str(), nullptr) == 1,
|
||||
"Couldn't load certificate authority from file: {}", ca_file);
|
||||
|
||||
if (verify_peer) {
|
||||
@ -105,11 +103,11 @@ ServerContext::ServerContext(const std::string &key_file, const std::string &cer
|
||||
// `ca_names` doesn' need to be free'd because we pass it to
|
||||
// `SSL_CTX_set_client_CA_list`:
|
||||
// https://mta.openssl.org/pipermail/openssl-users/2015-May/001363.html
|
||||
SSL_CTX_set_client_CA_list(ctx_, ca_names);
|
||||
SSL_CTX_set_client_CA_list(ctx, ca_names);
|
||||
|
||||
// Enable verification of the client certificate.
|
||||
// NOLINTNEXTLINE(hicpp-signed-bitwise)
|
||||
SSL_CTX_set_verify(ctx_, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, nullptr);
|
||||
SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, nullptr);
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -119,36 +117,27 @@ ServerContext::ServerContext(ServerContext &&other) noexcept { std::swap(ctx_, o
|
||||
ServerContext &ServerContext::operator=(ServerContext &&other) noexcept {
|
||||
if (this == &other) return *this;
|
||||
|
||||
// destroy my objects
|
||||
if (ctx_) {
|
||||
SSL_CTX_free(ctx_);
|
||||
}
|
||||
|
||||
// move other objects to self
|
||||
ctx_ = other.ctx_;
|
||||
ctx_ = std::move(other.ctx_);
|
||||
|
||||
// reset other objects
|
||||
other.ctx_ = nullptr;
|
||||
other.ctx_.reset();
|
||||
|
||||
return *this;
|
||||
}
|
||||
|
||||
ServerContext::~ServerContext() {
|
||||
if (ctx_) {
|
||||
SSL_CTX_free(ctx_);
|
||||
}
|
||||
}
|
||||
ServerContext::~ServerContext() {}
|
||||
|
||||
SSL_CTX *ServerContext::context() {
|
||||
MG_ASSERT(ctx_);
|
||||
return ctx_;
|
||||
}
|
||||
SSL_CTX *ServerContext::context_clone() {
|
||||
MG_ASSERT(ctx_);
|
||||
SSL_CTX_up_ref(ctx_);
|
||||
return ctx_;
|
||||
return ctx_->native_handle();
|
||||
}
|
||||
|
||||
bool ServerContext::use_ssl() const { return ctx_ != nullptr; }
|
||||
boost::asio::ssl::context &ServerContext::context_clone() {
|
||||
MG_ASSERT(ctx_);
|
||||
return *ctx_;
|
||||
}
|
||||
|
||||
bool ServerContext::use_ssl() const { return ctx_.has_value(); }
|
||||
|
||||
} // namespace communication
|
||||
|
||||
@ -11,9 +11,11 @@
|
||||
|
||||
#pragma once
|
||||
|
||||
#include <optional>
|
||||
#include <string>
|
||||
|
||||
#include <openssl/ssl.h>
|
||||
#include <boost/asio/ssl/context.hpp>
|
||||
|
||||
namespace communication {
|
||||
|
||||
@ -94,12 +96,12 @@ class ServerContext final {
|
||||
~ServerContext();
|
||||
|
||||
SSL_CTX *context();
|
||||
SSL_CTX *context_clone();
|
||||
boost::asio::ssl::context &context_clone();
|
||||
|
||||
bool use_ssl() const;
|
||||
|
||||
private:
|
||||
SSL_CTX *ctx_{nullptr};
|
||||
std::optional<boost::asio::ssl::context> ctx_;
|
||||
};
|
||||
|
||||
} // namespace communication
|
||||
|
||||
Loading…
Reference in New Issue
Block a user