Async::SslContext Class Reference
SSL context meant to be used with TcpConnection and friends. More...
#include <AsyncSslContext.h>
Public Member Functions | |
| SslContext (void) | |
| Default constructor. | |
| SslContext (SSL_CTX *ctx) | |
| Constructor. | |
| SslContext (const SslContext &)=delete | |
| Do not allow copy construction. | |
| SslContext & | operator= (const SslContext &)=delete |
| Do not allow assignment. | |
| ~SslContext (void) | |
| Destructor. | |
| bool | setCertificateFiles (const std::string &keyfile, const std::string &crtfile) |
| Set which key and certificate file to use for connections. | |
| bool | caCertificateFileIsSet (void) const |
| Find out if the CA certificate file is set. | |
| bool | setCaCertificateFile (const std::string &cafile) |
| Set which CA certificate file to use for verifying certificates. | |
| operator SSL_CTX * (void) | |
| Cast to pointer to SSL_CTX. | |
| operator const SSL_CTX * (void) const | |
Static Public Member Functions | |
| static void | sslPrintErrors (const std::string &fname) |
| Print the latest SSL errors. | |
Detailed Description
SSL context meant to be used with TcpConnection and friends.
- Date
- 2020-08-01
#include <AsyncSslContext.h>
#include <AsyncSslKeypair.h>
#include <AsyncSslCertSigningReq.h>
#include <AsyncSslX509.h>
int main(void)
{
// Create a key pair for the CA
Async::SslKeypair ca_pkey;
if (!ca_pkey.generate(2048))
{
std::cout << "*** ERROR: Failed to generate CA key" << std::endl;
return 1;
}
{
std::cout << "*** WARNING: Failed to write CA key file" << std::endl;
}
// Create a CA certificate and sign it with the key above
Async::SslX509 ca_cert;
ca_cert.setSerialNumber(1);
ca_cert.setVersion(Async::SslX509::VERSION_3);
ca_cert.setSubjectName(ca_cert.issuerName());
Async::SslX509Extensions ca_exts;
ca_exts.addBasicConstraints("critical, CA:TRUE");
ca_exts.addKeyUsage("critical, cRLSign, digitalSignature, keyCertSign");
ca_exts.addSubjectAltNames("email:ca@example.org");
ca_cert.addExtensions(ca_exts);
time_t t = time(nullptr);
ca_cert.setNotBefore(t);
ca_cert.setNotAfter(t + 24*3600);
ca_cert.setPublicKey(ca_pkey);
ca_cert.sign(ca_pkey);
std::cout << "--------------- CA Certificate ----------------" << std::endl;
ca_cert.print();
std::cout << "-----------------------------------------------" << std::endl;
{
std::cout << "*** WARNING: Failed to write CA certificate file"
<< std::endl;
}
// Create a key pair for the server certificate
Async::SslKeypair cert_pkey;
if (!cert_pkey.generate(2048))
{
std::cout << "*** ERROR: Failed to generate server certificate key"
<< std::endl;
return 1;
}
{
std::cout << "*** WARNING: Failed to write CA key file" << std::endl;
}
// Create a Certificate Signing Request
Async::SslX509Extensions csr_exts;
csr_exts.addSubjectAltNames(
"DNS:hostname.example.org"
", DNS:alias.example.org"
", DNS:localhost"
", IP:127.0.0.1"
", email:admin@example.org"
", URI:https://www.example.org"
", otherName:msUPN;UTF8:sb@sb.local");
csr.addExtensions(csr_exts);
csr.setPublicKey(cert_pkey);
csr.sign(cert_pkey);
std::cout << "--------- Certificate Signing Request ---------" << std::endl;
csr.print();
std::cout << "-----------------------------------------------" << std::endl;
{
std::cout << "*** WARNING: Failed to write CSR file" << std::endl;
}
std::cout << "The CSR verification "
<< std::endl;
// Create the certificate using the CSR then sign it using the CA cert
Async::SslX509 cert;
cert.setSerialNumber(2);
cert.setIssuerName(ca_cert.subjectName());
cert.setSubjectName(csr.subjectName());
cert.setNotBefore(t);
cert.setNotAfter(t + 3600);
Async::SslX509Extensions cert_exts;
cert_exts.addBasicConstraints("critical, CA:FALSE");
cert_exts.addKeyUsage("critical, nonRepudiation, digitalSignature, keyEncipherment, keyAgreement");
cert_exts.addExtKeyUsage("serverAuth");
Async::SslX509ExtSubjectAltName san(exts.subjectAltName());
cert_exts.addExtension(san);
cert.addExtensions(cert_exts);
Async::SslKeypair csr_pkey(csr.publicKey());
cert.setPublicKey(csr_pkey);
cert.sign(ca_pkey);
std::cout << "------------- Server Certificate --------------" << std::endl;
cert.print();
std::cout << "-----------------------------------------------" << std::endl;
{
std::cout << "*** WARNING: Failed to write certificate file"
<< std::endl;
}
std::cout << "The certificate verification "
<< std::endl;
return 0;
}
SSL context meant to be used with TcpConnection and friends.
Represent private and public keys.
Implements a representation of a X.509 certificate.
A class representing a certificate signing request.
Definition AsyncSslCertSigningReq.h:124
void addExtensions(SslX509Extensions &exts)
Add extensions to this CSR.
Definition AsyncSslCertSigningReq.h:418
const X509_NAME * subjectName(void) const
Return the subject name as a X509_NAME pointer.
Definition AsyncSslCertSigningReq.h:324
void print(const std::string &prefix="") const
Print the info in this CSR to std::cout.
Definition AsyncSslCertSigningReq.h:616
SslX509Extensions extensions(void) const
Get the extensions in this CSR.
Definition AsyncSslCertSigningReq.h:434
bool verify(SslKeypair &pubkey) const
Verify the signature of this CSR.
Definition AsyncSslCertSigningReq.h:482
bool sign(SslKeypair &privkey)
Sign the CSR using the given private key.
Definition AsyncSslCertSigningReq.h:466
bool addSubjectName(const std::string &field, const std::string &value)
Add a subject name component.
Definition AsyncSslCertSigningReq.h:292
bool writePrivateKeyFile(const std::string &filename)
Write key data to file on PEM format.
Definition AsyncSslKeypair.h:330
A class representing the X.509 Subject Alternative Name extension.
Definition AsyncSslX509ExtSubjectAltName.h:116
A class representing X.509 extensions.
Definition AsyncSslX509Extensions.h:120
bool addExtKeyUsage(const std::string &eku)
Add extended key usage.
Definition AsyncSslX509Extensions.h:213
bool addSubjectAltNames(const std::string &san)
Add subject alternative names.
Definition AsyncSslX509Extensions.h:225
bool addExtension(const SslX509ExtSubjectAltName &san)
Add a subject alternative names object.
Definition AsyncSslX509Extensions.h:249
bool addBasicConstraints(const std::string &bc)
Add basic constraints extension.
Definition AsyncSslX509Extensions.h:187
void addIssuerName(const std::string &field, const std::string &value)
Add a name to the issuer distinguished name.
Definition AsyncSslX509.h:711
void print(const std::string &prefix="") const
Print this certificate to std::cout.
Definition AsyncSslX509.h:910
void setSerialNumber(long serial_number=-1)
Set the serial number of the certificate.
Definition AsyncSslX509.h:657
bool setPublicKey(SslKeypair &pkey)
Set the public key for this certificate.
Definition AsyncSslX509.h:838
bool verify(SslKeypair &keypair)
Verify that this certificate is signed by the given key.
Definition AsyncSslX509.h:369
const X509_NAME * subjectName(void) const
Get the subject distinguished name.
Definition AsyncSslX509.h:321
bool setSubjectName(const X509_NAME *name)
Set the subject distinguished name.
Definition AsyncSslX509.h:304
bool writePemFile(FILE *f)
Write this certificate to file in PEM format.
Definition AsyncSslX509.h:438
bool setIssuerName(const X509_NAME *name)
Set the issuer distinguished name.
Definition AsyncSslX509.h:276
void addExtensions(const SslX509Extensions &exts)
Add v3 extensions to this certificate.
Definition AsyncSslX509.h:814
const X509_NAME * issuerName(void) const
Get the issuer distinguished name.
Definition AsyncSslX509.h:293
void setNotBefore(std::time_t in_time)
Set the date and time from which this certificate is valid.
Definition AsyncSslX509.h:494
void setNotAfter(std::time_t in_time)
Set the date and time up to which this certificate is valid.
Definition AsyncSslX509.h:545
- Examples
- AsyncHttpServer_demo.cpp.
Definition at line 116 of file AsyncSslContext.h.
Constructor & Destructor Documentation
◆ SslContext() [1/3]
|
inline |
Default constructor.
Definition at line 133 of file AsyncSslContext.h.
◆ SslContext() [2/3]
|
inline |
Constructor.
- Parameters
-
ctx Use this existing context
Definition at line 159 of file AsyncSslContext.h.
◆ SslContext() [3/3]
|
delete |
Do not allow copy construction.
◆ ~SslContext()
|
inline |
Destructor.
Definition at line 174 of file AsyncSslContext.h.
Member Function Documentation
◆ caCertificateFileIsSet()
|
inline |
Find out if the CA certificate file is set.
- Returns
- Returns true if the CA certificate has been set
Definition at line 224 of file AsyncSslContext.h.
◆ operator const SSL_CTX *()
|
inline |
Definition at line 243 of file AsyncSslContext.h.
◆ operator SSL_CTX *()
|
inline |
Cast to pointer to SSL_CTX.
- Returns
- Returns a pointer to the internal SSL_CTX
Definition at line 242 of file AsyncSslContext.h.
◆ operator=()
|
delete |
Do not allow assignment.
◆ setCaCertificateFile()
|
inline |
Set which CA certificate file to use for verifying certificates.
- Parameters
-
cafile The path to the CA file
- Returns
- Returns true on success
Definition at line 231 of file AsyncSslContext.h.
◆ setCertificateFiles()
|
inline |
Set which key and certificate file to use for connections.
- Parameters
-
keyfile The path to the key file crtfile The path to the certificate file
- Returns
- Returns true on success
- Examples
- AsyncHttpServer_demo.cpp.
Definition at line 186 of file AsyncSslContext.h.
References sslPrintErrors().
◆ sslPrintErrors()
|
inlinestatic |
Print the latest SSL errors.
- Parameters
-
fname The name of the last called function
Definition at line 123 of file AsyncSslContext.h.
Referenced by setCertificateFiles().
The documentation for this class was generated from the following file:
Generated on Sun May 4 2025 14:24:10 for Async by
1.12.0