diff --git a/src/communication/context.cpp b/src/communication/context.cpp index affb4dd6b..dee0ea519 100644 --- a/src/communication/context.cpp +++ b/src/communication/context.cpp @@ -74,28 +74,26 @@ SSL_CTX *ClientContext::context() { return ctx_; } bool ClientContext::use_ssl() { return use_ssl_; } ServerContext::ServerContext(const std::string &key_file, const std::string &cert_file, const std::string &ca_file, - bool verify_peer) - : + bool verify_peer) { #if OPENSSL_VERSION_NUMBER < 0x10100000L - ctx_(SSL_CTX_new(SSLv23_server_method())) + auto *ctx = SSL_CTX_new(SSLv23_server_method()); #else - ctx_(SSL_CTX_new(TLS_server_method())) + auto *ctx = SSL_CTX_new(TLS_server_method()); #endif -{ // TODO (mferencevic): add support for encrypted private keys // TODO (mferencevic): add certificate revocation list (CRL) - MG_ASSERT(SSL_CTX_use_certificate_file(ctx_, cert_file.c_str(), SSL_FILETYPE_PEM) == 1, + MG_ASSERT(SSL_CTX_use_certificate_file(ctx, cert_file.c_str(), SSL_FILETYPE_PEM) == 1, "Couldn't load server certificate from file: {}", cert_file); - MG_ASSERT(SSL_CTX_use_PrivateKey_file(ctx_, key_file.c_str(), SSL_FILETYPE_PEM) == 1, + MG_ASSERT(SSL_CTX_use_PrivateKey_file(ctx, key_file.c_str(), SSL_FILETYPE_PEM) == 1, "Couldn't load server private key from file: {}", key_file); // Disable legacy SSL support. Other options can be seen here: // https://www.openssl.org/docs/man1.0.2/ssl/SSL_CTX_set_options.html - SSL_CTX_set_options(ctx_, SSL_OP_NO_SSLv3); + SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv3); if (ca_file != "") { // Load the certificate authority file. - MG_ASSERT(SSL_CTX_load_verify_locations(ctx_, ca_file.c_str(), nullptr) == 1, + MG_ASSERT(SSL_CTX_load_verify_locations(ctx, ca_file.c_str(), nullptr) == 1, "Couldn't load certificate authority from file: {}", ca_file); if (verify_peer) { @@ -105,11 +103,11 @@ ServerContext::ServerContext(const std::string &key_file, const std::string &cer // `ca_names` doesn' need to be free'd because we pass it to // `SSL_CTX_set_client_CA_list`: // https://mta.openssl.org/pipermail/openssl-users/2015-May/001363.html - SSL_CTX_set_client_CA_list(ctx_, ca_names); + SSL_CTX_set_client_CA_list(ctx, ca_names); // Enable verification of the client certificate. // NOLINTNEXTLINE(hicpp-signed-bitwise) - SSL_CTX_set_verify(ctx_, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, nullptr); + SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, nullptr); } } } @@ -119,36 +117,27 @@ ServerContext::ServerContext(ServerContext &&other) noexcept { std::swap(ctx_, o ServerContext &ServerContext::operator=(ServerContext &&other) noexcept { if (this == &other) return *this; - // destroy my objects - if (ctx_) { - SSL_CTX_free(ctx_); - } - // move other objects to self - ctx_ = other.ctx_; + ctx_ = std::move(other.ctx_); // reset other objects - other.ctx_ = nullptr; + other.ctx_.reset(); return *this; } -ServerContext::~ServerContext() { - if (ctx_) { - SSL_CTX_free(ctx_); - } -} +ServerContext::~ServerContext() {} SSL_CTX *ServerContext::context() { MG_ASSERT(ctx_); - return ctx_; -} -SSL_CTX *ServerContext::context_clone() { - MG_ASSERT(ctx_); - SSL_CTX_up_ref(ctx_); - return ctx_; + return ctx_->native_handle(); } -bool ServerContext::use_ssl() const { return ctx_ != nullptr; } +boost::asio::ssl::context &ServerContext::context_clone() { + MG_ASSERT(ctx_); + return *ctx_; +} + +bool ServerContext::use_ssl() const { return ctx_.has_value(); } } // namespace communication diff --git a/src/communication/context.hpp b/src/communication/context.hpp index 72676ec53..aa1e0ac89 100644 --- a/src/communication/context.hpp +++ b/src/communication/context.hpp @@ -11,9 +11,11 @@ #pragma once +#include #include #include +#include namespace communication { @@ -94,12 +96,12 @@ class ServerContext final { ~ServerContext(); SSL_CTX *context(); - SSL_CTX *context_clone(); + boost::asio::ssl::context &context_clone(); bool use_ssl() const; private: - SSL_CTX *ctx_{nullptr}; + std::optional ctx_; }; } // namespace communication