Async 1.8.0
AsyncSslContext.h
Go to the documentation of this file.
1
27#ifndef ASYNC_SSL_CONTEXT
28#define ASYNC_SSL_CONTEXT
29
30
31/****************************************************************************
32 *
33 * System Includes
34 *
35 ****************************************************************************/
36
37#include <openssl/err.h>
38#include <openssl/pem.h>
39#include <openssl/ssl.h>
40
41#include <iostream>
42#include <cassert>
43
44
45/****************************************************************************
46 *
47 * Project Includes
48 *
49 ****************************************************************************/
50
51
52
53/****************************************************************************
54 *
55 * Local Includes
56 *
57 ****************************************************************************/
58
59
60
61/****************************************************************************
62 *
63 * Forward declarations
64 *
65 ****************************************************************************/
66
67
68
69/****************************************************************************
70 *
71 * Namespace
72 *
73 ****************************************************************************/
74
75namespace Async
76{
77
78
79/****************************************************************************
80 *
81 * Forward declarations of classes inside of the declared namespace
82 *
83 ****************************************************************************/
84
85
86
87/****************************************************************************
88 *
89 * Defines & typedefs
90 *
91 ****************************************************************************/
92
93
94
95/****************************************************************************
96 *
97 * Exported Global Variables
98 *
99 ****************************************************************************/
100
101
102
103/****************************************************************************
104 *
105 * Class definitions
106 *
107 ****************************************************************************/
108
116class SslContext
117{
118 public:
123 static void sslPrintErrors(const std::string& fname)
124 {
125 std::cerr << "*** ERROR: OpenSSL '" << fname << "' failed: ";
126 ERR_print_errors_fp(stderr);
127 std::cerr << std::endl;
128 } /* sslPrintErrors */
129
133 SslContext(void)
134 {
135 initializeGlobals();
136
137 // Create the SSL server context
138 //m_ctx = SSL_CTX_new(SSLv23_method());
139 m_ctx = SSL_CTX_new(TLS_method());
140 assert(m_ctx != nullptr);
141
142 // Recommended to avoid SSLv2 & SSLv3
143 //SSL_CTX_set_options(m_ctx, SSL_OP_ALL|SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3);
144 SSL_CTX_set_options(m_ctx, SSL_OP_ALL);
145 SSL_CTX_set_min_proto_version(m_ctx, TLS1_2_VERSION);
146
147 SSL_CTX_set_verify(m_ctx, SSL_VERIFY_PEER, NULL);
148
149 // Set up OpenSSL to look for CA certs in the default locations
150 SSL_CTX_set_default_verify_paths(m_ctx);
151 //int SSL_CTX_set_default_verify_dir(SSL_CTX *ctx);
152 //int SSL_CTX_set_default_verify_file(SSL_CTX *ctx);
153 } /* SslContext */
154
159 SslContext(SSL_CTX* ctx) : m_ctx(ctx) {}
160
164 SslContext(const SslContext&) = delete;
165
169 SslContext& operator=(const SslContext&) = delete;
170
174 ~SslContext(void)
175 {
176 SSL_CTX_free(m_ctx);
177 m_ctx = nullptr;
178 }
179
186 bool setCertificateFiles(const std::string& keyfile,
187 const std::string& crtfile)
188 {
189 if (crtfile.empty() || keyfile.empty()) return false;
190
191 // Load certificate chain and private key files, and check consistency
192 //if (SSL_CTX_use_certificate_file(
193 // m_ctx, crtfile.c_str(), SSL_FILETYPE_PEM) != 1)
194 if (SSL_CTX_use_certificate_chain_file(m_ctx, crtfile.c_str()) != 1)
195 {
196 sslPrintErrors("SSL_CTX_use_certificate_chain_file");
197 return false;
198 }
199
200 if (SSL_CTX_use_PrivateKey_file(
201 m_ctx, keyfile.c_str(), SSL_FILETYPE_PEM) != 1)
202 {
203 sslPrintErrors("SSL_CTX_use_PrivateKey_file");
204 return false;
205 }
206
207 // Make sure that the key and certificate files match
208 if (SSL_CTX_check_private_key(m_ctx) != 1)
209 {
210 sslPrintErrors("SSL_CTX_check_private_key");
211 return false;
212 }
213 //std::cout << "### SslContext::setCertificateFiles: "
214 // "Certificate and private key loaded and verified"
215 // << std::endl;
216
217 return true;
218 } /* setCertificateFiles */
219
224 bool caCertificateFileIsSet(void) const { return m_cafile_set; }
225
231 bool setCaCertificateFile(const std::string& cafile)
232 {
233 int ret = SSL_CTX_load_verify_locations(m_ctx, cafile.c_str(), NULL);
234 m_cafile_set = (ret == 1);
235 return m_cafile_set;
236 }
237
242 operator SSL_CTX*(void) { return m_ctx; }
243 operator const SSL_CTX*(void) const { return m_ctx; }
244
245 protected:
246
247 private:
248 SSL_CTX* m_ctx = nullptr;
249 bool m_cafile_set = false;
250
251 static void initializeGlobals(void)
252 {
253 static bool is_initialized = false;
254 if (!is_initialized)
255 {
256 SSL_library_init();
257#if OPENSSL_VERSION_NUMBER < 0x10100000L
258 OpenSSL_add_all_algorithms();
259 SSL_load_error_strings();
260#if OPENSSL_VERSION_MAJOR < 3
261 ERR_load_BIO_strings();
262#endif
263 ERR_load_crypto_strings();
264#endif
265 is_initialized = true;
266 }
267 }
268
269}; /* class SslContext */
270
271
272} /* namespace */
273
274#endif /* ASYNC_SSL_CONTEXT */
275
276/*
277 * This file has not been truncated
278 */
Async::SslContext
SSL context meant to be used with TcpConnection and friends.
Definition AsyncSslContext.h:117
Async::SslContext::~SslContext
~SslContext(void)
Destructor.
Definition AsyncSslContext.h:174
Async::SslContext::SslContext
SslContext(const SslContext &)=delete
Do not allow copy construction.
Async::SslContext::operator=
SslContext & operator=(const SslContext &)=delete
Do not allow assignment.
Async::SslContext::sslPrintErrors
static void sslPrintErrors(const std::string &fname)
Print the latest SSL errors.
Definition AsyncSslContext.h:123
Async::SslContext::setCertificateFiles
bool setCertificateFiles(const std::string &keyfile, const std::string &crtfile)
Set which key and certificate file to use for connections.
Definition AsyncSslContext.h:186
Async::SslContext::setCaCertificateFile
bool setCaCertificateFile(const std::string &cafile)
Set which CA certificate file to use for verifying certificates.
Definition AsyncSslContext.h:231
Async::SslContext::SslContext
SslContext(SSL_CTX *ctx)
Constructor.
Definition AsyncSslContext.h:159
Async::SslContext::SslContext
SslContext(void)
Default constructor.
Definition AsyncSslContext.h:133
Async::SslContext::caCertificateFileIsSet
bool caCertificateFileIsSet(void) const
Find out if the CA certificate file is set.
Definition AsyncSslContext.h:224
Async
Namespace for the asynchronous programming classes.
Definition AsyncApplication.h:76
Generated on Sun May 4 2025 14:24:10 for Async by doxygen 1.12.0