21#include <boost/asio/ssl.hpp>
27inline boost::asio::ssl::stream_base::handshake_type roleToImpl(
TlsRole role) {
29 return (boost::asio::ssl::stream_base::server);
31 return (boost::asio::ssl::stream_base::client);
36class TlsContext :
public TlsContextBase {
40 virtual ~TlsContext() { }
45 explicit TlsContext(
TlsRole role);
48 boost::asio::ssl::context& getContext();
54 ::SSL_CTX* getNativeContext();
60 virtual bool getCertRequired()
const;
69 static std::string getErrMsg(boost::system::error_code ec);
76 virtual void setCertRequired(
bool cert_required);
81 virtual void loadCaFile(
const std::string& ca_file);
86 virtual void loadCaPath(
const std::string& ca_path);
91 virtual void loadCertFile(
const std::string& cert_file);
96 virtual void loadKeyFile(
const std::string& key_file);
102 boost::asio::ssl::context context_;
105 friend class TlsContextBase;
109typedef boost::asio::ssl::stream<boost::asio::ip::tcp::socket> TlsStreamImpl;
118template <
typename Callback,
typename TlsStreamImpl>
121 : TlsStreamImpl(service.get_io_service(), context->getContext()),
122 role_(context->getRole()) {
128template <
typename Callback>
129class TlsStream :
public TlsStreamBase<Callback, TlsStreamImpl> {
133 typedef TlsStreamBase<Callback, TlsStreamImpl> Base;
141 : Base(service, context) {
145 virtual ~TlsStream() { }
150 virtual void handshake(Callback& callback) {
151 Base::async_handshake(roleToImpl(Base::getRole()), callback);
157 virtual void shutdown(Callback& callback) {
158 Base::async_shutdown(callback);
171 virtual std::string getSubject() {
172 ::X509* cert = ::SSL_get_peer_certificate(this->native_handle());
176 ::X509_NAME *name = ::X509_get_subject_name(cert);
177 int loc = ::X509_NAME_get_index_by_NID(name, NID_commonName, -1);
178 ::X509_NAME_ENTRY* ne = ::X509_NAME_get_entry(name, loc);
183 unsigned char* buf = 0;
184 int len = ::ASN1_STRING_to_UTF8(&buf, ::X509_NAME_ENTRY_get_data(ne));
189 std::string ret(
reinterpret_cast<char*
>(buf),
static_cast<size_t>(len));
205 virtual std::string getIssuer() {
206 ::X509* cert = ::SSL_get_peer_certificate(this->native_handle());
210 ::X509_NAME *name = ::X509_get_issuer_name(cert);
211 int loc = ::X509_NAME_get_index_by_NID(name, NID_commonName, -1);
212 ::X509_NAME_ENTRY* ne = ::X509_NAME_get_entry(name, loc);
217 unsigned char* buf = 0;
218 int len = ::ASN1_STRING_to_UTF8(&buf, ::X509_NAME_ENTRY_get_data(ne));
223 std::string ret(
reinterpret_cast<char*
>(buf),
static_cast<size_t>(len));
231#ifdef HAVE_STREAM_TRUNCATED_ERROR
232const int STREAM_TRUNCATED = boost::asio::ssl::error::stream_truncated;
234const int STREAM_TRUNCATED = ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SHORT_READ);
TlsStreamBase(IOService &service, TlsContextPtr context)
Constructor.
A wrapper interface for the ASIO library.
boost::shared_ptr< TlsContext > TlsContextPtr
The type of shared pointers to TlsContext objects.
TlsRole
Client and server roles.
Defines the logger used by the top-level component of kea-lfc.