6082d31843
Summary: A `valgrind` run of a modified client that connects multiple times to the database now shows no memory leaks, previously the context created with `SSL_CTX_new` was leaked every time. Reviewers: teon.banek, mtomic Reviewed By: teon.banek, mtomic Subscribers: pullbot Differential Revision: https://phabricator.memgraph.io/D2052
100 lines
3.3 KiB
C++
100 lines
3.3 KiB
C++
#pragma once
|
|
|
|
#include <string>
|
|
|
|
#include <openssl/ssl.h>
|
|
|
|
namespace communication {
|
|
|
|
/**
|
|
* This class represents a context that should be used with network clients. One
|
|
* context can be reused between multiple clients (note: this mainly depends on
|
|
* the underlying OpenSSL implementation [see `SSL_new` in
|
|
* `openssl/ssl/ssl_lib.c`]).
|
|
*/
|
|
class ClientContext final {
|
|
public:
|
|
/**
|
|
* This constructor constructs a ClientContext that can either not use SSL
|
|
* (`use_ssl` is `false` by default), or it constructs a ClientContext that
|
|
* doesn't use a client certificate when `use_ssl` is set to `true`.
|
|
*/
|
|
explicit ClientContext(bool use_ssl = false);
|
|
|
|
/**
|
|
* This constructor constructs a ClientContext that uses SSL and uses the
|
|
* specific client private key and certificate combination. If the parameters
|
|
* `key_file` and `cert_file` are equal to "" then the constructor falls back
|
|
* to the above constructor that uses SSL without certificates.
|
|
*/
|
|
ClientContext(const std::string &key_file, const std::string &cert_file);
|
|
|
|
// This object can't be copied because the underlying SSL implementation is
|
|
// messy and ownership can't be handled correctly.
|
|
ClientContext(const ClientContext &) = delete;
|
|
ClientContext &operator=(const ClientContext &) = delete;
|
|
|
|
// Move constructor/assignment that handle ownership change correctly.
|
|
ClientContext(ClientContext &&other) noexcept;
|
|
ClientContext &operator=(ClientContext &&other) noexcept;
|
|
|
|
// Destructor that handles ownership of the SSL object.
|
|
~ClientContext();
|
|
|
|
SSL_CTX *context();
|
|
|
|
bool use_ssl();
|
|
|
|
private:
|
|
bool use_ssl_;
|
|
SSL_CTX *ctx_;
|
|
};
|
|
|
|
/**
|
|
* This class represents a context that should be used with network servers. One
|
|
* context can be reused between multiple servers (note: this mainly depends on
|
|
* the underlying OpenSSL implementation [see `SSL_new` in
|
|
* `openssl/ssl/ssl_lib.c`]).
|
|
*/
|
|
class ServerContext final {
|
|
public:
|
|
/**
|
|
* This constructor constructs a ServerContext that doesn't use SSL.
|
|
*/
|
|
ServerContext();
|
|
|
|
/**
|
|
* This constructor constructs a ServerContext that uses SSL. The parameters
|
|
* `key_file` and `cert_file` can't be "" because when setting up a server it
|
|
* is mandatory to supply a private key and certificate. The parameter
|
|
* `ca_file` can be "" because SSL doesn't necessarily need to check that the
|
|
* client has a valid certificate. If you specify `verify_peer` to be `true`
|
|
* to check that the client certificate is valid, then you need to supply a
|
|
* valid `ca_file` as well.
|
|
*/
|
|
ServerContext(const std::string &key_file, const std::string &cert_file,
|
|
const std::string &ca_file = "", bool verify_peer = false);
|
|
|
|
// This object can't be copied because the underlying SSL implementation is
|
|
// messy and ownership can't be handled correctly.
|
|
ServerContext(const ServerContext &) = delete;
|
|
ServerContext &operator=(const ServerContext &) = delete;
|
|
|
|
// Move constructor/assignment that handle ownership change correctly.
|
|
ServerContext(ServerContext &&other) noexcept;
|
|
ServerContext &operator=(ServerContext &&other) noexcept;
|
|
|
|
// Destructor that handles ownership of the SSL object.
|
|
~ServerContext();
|
|
|
|
SSL_CTX *context();
|
|
|
|
bool use_ssl();
|
|
|
|
private:
|
|
bool use_ssl_;
|
|
SSL_CTX *ctx_;
|
|
};
|
|
|
|
} // namespace communication
|