#include <ConfigSocketServer.h>

Inheritance diagram for net::config::stream::tls::ConfigSocketServer< ConfigSocketServerBaseT >:

Collaboration diagram for net::config::stream::tls::ConfigSocketServer< ConfigSocketServerBaseT >:

Public Member Functions
SSL_CTX *	getSslCtx ()
SSL_CTX *	getSniCtx (const std::string &serverNameIndication)
Public Member Functions inherited from net::config::ConfigInstance
	ConfigInstance (ConfigInstance &)=delete
	ConfigInstance (ConfigInstance &&)=delete
ConfigInstance &	operator= (ConfigInstance &)=delete
ConfigInstance &	operator= (ConfigInstance &&)=delete
Role	getRole ()
const std::string &	getInstanceName () const
void	setInstanceName (const std::string &instanceName)
bool	getDisabled () const
void	setDisabled (bool disabled=true)
CLI::App *	newSection (std::shared_ptr< CLI::App > appWithPtr, const std::string &group)
net::config::ConfigSection *	addSection (std::shared_ptr< net::config::ConfigSection > &&configSection)
template<typename ConcreteConfigSection, typename... Args>
ConcreteConfigSection *	addSection (Args &&... args)
template<typename SectionTypeT>
SectionTypeT *	getSection () const
bool	gotSection (const std::string &name, bool recursive=false) const
void	required (bool required=true)
void	required (CLI::App *section, bool req=true)
bool	getRequired () const
CLI::App *	get () const
void	configurable (bool configurable=true)
template<typename SectionType>
SectionType *	getSection () const
Public Member Functions inherited from net::config::ConfigTlsServer
ConfigTlsServer &	setForceSni (bool forceSni=true)
bool	getForceSni () const
ConfigTlsServer &	addSniCerts (const std::map< std::string, std::map< std::string, std::variant< std::string, bool, ssl_option_t > > > &sniCerts)
ConfigTlsServer &	addSniCert (const std::string &domain, const std::map< std::string, std::variant< std::string, bool, ssl_option_t > > &sniCert)
const std::map< std::string, std::map< std::string, std::variant< std::string, bool, ssl_option_t > > > &	getSniCerts ()
Public Member Functions inherited from net::config::ConfigTls
ConfigTls &	setInitTimeout (const utils::Timeval &newInitTimeout)
utils::Timeval	getInitTimeout () const
ConfigTls &	setShutdownTimeout (const utils::Timeval &newShutdownTimeout)
utils::Timeval	getShutdownTimeout () const
ConfigTls &	setCert (const std::string &cert)
std::string	getCert () const
ConfigTls &	setCertKey (const std::string &certKey)
std::string	getCertKey () const
ConfigTls &	setCertKeyPassword (const std::string &certKeyPassword)
std::string	getCertKeyPassword () const
ConfigTls &	setCaCert (const std::string &caCert)
std::string	getCaCert () const
ConfigTls &	setCaCertDir (const std::string &caCertDir)
std::string	getCaCertDir () const
ConfigTls &	setCaCertUseDefaultDir (bool set=true)
bool	getCaCertUseDefaultDir () const
ConfigTls &	setCaCertAcceptUnknown (bool set=true)
bool	getCaCertAcceptUnknown () const
ConfigTls &	setCipherList (const std::string &cipherList)
std::string	getCipherList () const
ConfigTls &	setSslOptions (ssl_option_t sslOptions)
ssl_option_t	getSslOptions () const
ConfigTls &	setNoCloseNotifyIsEOF (bool noCloseNotifyIsEOF=true)
bool	getNoCloseNotifyIsEOF () const

Protected Member Functions
	ConfigSocketServer (const std::string &name)
	~ConfigSocketServer () override
Protected Member Functions inherited from net::config::ConfigInstance
	ConfigInstance (const std::string &instanceName, Role role)
virtual	~ConfigInstance ()
Protected Member Functions inherited from net::config::ConfigTlsServer
	ConfigTlsServer (ConfigInstance *instance)
	~ConfigTlsServer () override
Protected Member Functions inherited from net::config::ConfigTls
	ConfigTls (net::config::ConfigSection *section)

Static Private Member Functions
static int	clientHelloCallback (SSL ssl, int al, void *arg)

Private Attributes
SSL_CTX *	sslCtx = nullptr
std::list< SSL_CTX * >	sniCtxs
std::map< std::string, SSL_CTX * >	sniCtxMap

Additional Inherited Members
Public Types inherited from net::config::ConfigInstance
enum class	Role { SERVER , CLIENT }
Public Types inherited from net::config::ConfigTlsServer
using	Tls = ConfigTlsServer
Static Public Attributes inherited from net::config::ConfigTls
static constexpr std::string_view	name {"tls"}
static constexpr std::string_view	description {"Configuration of SSL/TLS behavior"}

Detailed Description

template<typename ConfigSocketServerBaseT>
class net::config::stream::tls::ConfigSocketServer< ConfigSocketServerBaseT >

Definition at line 59 of file ConfigSocketServer.h.

Constructor & Destructor Documentation

◆ ConfigSocketServer()

template<typename ConfigSocketServerBase>

net::config::stream::tls::ConfigSocketServer< ConfigSocketServerBase >::ConfigSocketServer ( const std::string & name )

explicitprotected

Definition at line 58 of file ConfigSocketServer.hpp.

        : net::config::ConfigInstance(name, net::config::ConfigInstance::Role::SERVER)
        , ConfigSocketServerBase(this)
        , net::config::ConfigTlsServer(this) {
    }

References net::config::ConfigInstance::SERVER.

Referenced by net::in6::stream::tls::config::ConfigSocketServer::ConfigSocketServer(), net::in::stream::tls::config::ConfigSocketServer::ConfigSocketServer(), net::l2::stream::tls::config::ConfigSocketServer::ConfigSocketServer(), net::rc::stream::tls::config::ConfigSocketServer::ConfigSocketServer(), and net::un::stream::tls::config::ConfigSocketServer::ConfigSocketServer().

Here is the caller graph for this function:

◆ ~ConfigSocketServer()

template<typename ConfigSocketServerBase>

net::config::stream::tls::ConfigSocketServer< ConfigSocketServerBase >::~ConfigSocketServer ( )

overrideprotected

Definition at line 65 of file ConfigSocketServer.hpp.

                                                                    {
        if (sslCtx != nullptr) {
            core::socket::stream::tls::ssl_ctx_free(sslCtx);
        }
 
        for (SSL_CTX* sniCtx : sniCtxs) {
            if (sniCtx != nullptr) {
                core::socket::stream::tls::ssl_ctx_free(sniCtx);
            }
        }
    }

Member Function Documentation

◆ clientHelloCallback()

template<typename ConfigSocketServerBaseT>

int net::config::stream::tls::ConfigSocketServer< ConfigSocketServerBaseT >::clientHelloCallback	(	SSL *	ssl,
		int *	al,
		void *	arg )

staticprivate

◆ getSniCtx()

template<typename ConfigSocketServerBase>

SSL_CTX * net::config::stream::tls::ConfigSocketServer< ConfigSocketServerBase >::getSniCtx ( const std::string & serverNameIndication )

Definition at line 162 of file ConfigSocketServer.hpp.

                                                                                                        {
        LOG(TRACE) << getInstanceName() << " SSL/TLS SNI: Lookup for sni='" << serverNameIndication << "' in sni certificates";
 
        SSL_CTX* sniCtx = nullptr;
 
        std::map<std::string, SSL_CTX*>::iterator sniPairIt = std::find_if(
            sniCtxMap.begin(), sniCtxMap.end(), [&serverNameIndication, this](const std::pair<std::string, SSL_CTX*>& sniPair) -> bool {
                LOG(TRACE) << getInstanceName() << " SSL/TLS SNI:  .. " << sniPair.first.c_str();
                return core::socket::stream::tls::match(sniPair.first.c_str(), serverNameIndication.c_str());
            });
 
        if (sniPairIt != sniCtxMap.end()) {
            LOG(TRACE) << getInstanceName() << " SSL/TLS SNI: found for " << serverNameIndication << " -> '" << sniPairIt->first << "'";
            sniCtx = sniPairIt->second;
        } else {
            LOG(WARNING) << getInstanceName() << " SSL/TL SNI: not found for " << serverNameIndication;
        }
 
        return sniCtx;
    }

References net::config::ConfigInstance::getInstanceName(), core::socket::stream::tls::match(), and sniCtxMap.

Here is the call graph for this function:

◆ getSslCtx()

template<typename ConfigSocketServerBase>

SSL_CTX * net::config::stream::tls::ConfigSocketServer< ConfigSocketServerBase >::getSslCtx ( )

Definition at line 78 of file ConfigSocketServer.hpp.

                                                                   {
        if (sslCtx == nullptr) {
            core::socket::stream::tls::SslConfig sslConfig(true);
 
            sslConfig.instanceName = getInstanceName();
 
            sslConfig.cert = getCert();
            sslConfig.certKey = getCertKey();
            sslConfig.password = getCertKeyPassword();
            sslConfig.caCert = getCaCert();
            sslConfig.caCertDir = getCaCertDir();
            sslConfig.cipherList = getCipherList();
            sslConfig.sslOptions = getSslOptions();
            sslConfig.caCertUseDefaultDir = getCaCertUseDefaultDir();
            sslConfig.caCertAcceptUnknown = getCaCertAcceptUnknown();
 
            sslCtx = core::socket::stream::tls::ssl_ctx_new(sslConfig);
        }
 
        if (sniCtxMap.empty()) {
            std::map<std::string, SSL_CTX*> sslSans = core::socket::stream::tls::ssl_get_sans(sslCtx);
 
            sniCtxMap.insert(sslSans.begin(), sslSans.end());
 
            for (const auto& [sni, ctx] : sniCtxMap) {
                LOG(TRACE) << getInstanceName() << " SSL/TLS: SSL_CTX (M) sni for '" << sni << "' from master certificate installed";
            }
 
            for (const auto& [domain, sniCertConf] : getSniCerts()) {
                if (!domain.empty()) {
                    core::socket::stream::tls::SslConfig sslConfig(true);
 
                    sslConfig.instanceName = getInstanceName();
 
                    for (const auto& [key, value] : sniCertConf) {
                        if (key == "Cert") {
                            sslConfig.cert = std::get<std::string>(value);
                        } else if (key == "CertKey") {
                            sslConfig.certKey = std::get<std::string>(value);
                        } else if (key == "CertKeyPassword") {
                            sslConfig.password = std::get<std::string>(value);
                        } else if (key == "CaCert") {
                            sslConfig.caCert = std::get<std::string>(value);
                        } else if (key == "CaCertDir") {
                            sslConfig.caCertDir = std::get<std::string>(value);
                        } else if (key == "CaCertUseDefaultDir") {
                            sslConfig.caCertUseDefaultDir = std::get<bool>(value);
                        } else if (key == "CaCertAcceptUnknown") {
                            sslConfig.caCertAcceptUnknown = std::get<bool>(value);
                        } else if (key == "CipherList") {
                            sslConfig.cipherList = std::get<std::string>(value);
                        } else if (key == "SslOptions") {
                            sslConfig.sslOptions = std::get<ssl_option_t>(value);
                        }
                    }
 
                    SSL_CTX* newCtx = core::socket::stream::tls::ssl_ctx_new(sslConfig);
 
                    if (newCtx != nullptr) {
                        sniCtxs.push_back(newCtx);
                        sniCtxMap.insert_or_assign(domain, newCtx);
 
                        LOG(TRACE) << getInstanceName() << " SSL/TLS: SSL_CTX (E) sni for '" << domain << "' explicitly installed";
 
                        for (const auto& [san, ctx] : core::socket::stream::tls::ssl_get_sans(newCtx)) {
                            sniCtxMap.insert_or_assign(san, ctx);
 
                            LOG(TRACE) << getInstanceName() << " SSL/TLS: SSL_CTX (S) sni for '" << san << "' from SAN installed";
                        }
                    } else {
                        LOG(WARNING) << getInstanceName() << " SSL/TLS: Can not create SNI_SSL_CTX for domain '" << domain << "'";
                    }
                }
            }
            LOG(TRACE) << getInstanceName() << " SSL/TLS: SNI list result:";
            for (const auto& [sni, ctx] : sniCtxMap) {
                LOG(TRACE) << "  " << sni;
            }
        }
 
        return sslCtx;
    }

Here is the call graph for this function:

Member Data Documentation

◆ sniCtxMap

template<typename ConfigSocketServerBaseT>

std::map<std::string, SSL_CTX*> net::config::stream::tls::ConfigSocketServer< ConfigSocketServerBaseT >::sniCtxMap

private

Definition at line 77 of file ConfigSocketServer.h.

Referenced by getSniCtx(), and getSslCtx().

◆ sniCtxs

template<typename ConfigSocketServerBaseT>

std::list<SSL_CTX*> net::config::stream::tls::ConfigSocketServer< ConfigSocketServerBaseT >::sniCtxs

private

Definition at line 76 of file ConfigSocketServer.h.

Referenced by net::config::stream::tls::ConfigSocketServer< net::in6::stream::config::ConfigSocketServer >::getSniCtx(), and getSslCtx().

◆ sslCtx

template<typename ConfigSocketServerBaseT>

SSL_CTX* net::config::stream::tls::ConfigSocketServer< ConfigSocketServerBaseT >::sslCtx = nullptr

private

Definition at line 75 of file ConfigSocketServer.h.

Referenced by getSslCtx(), and net::config::stream::tls::ConfigSocketServer< net::in6::stream::config::ConfigSocketServer >::~ConfigSocketServer().

The documentation for this class was generated from the following files:

net/config/stream/tls/ConfigSocketServer.h
net/config/stream/tls/ConfigSocketServer.hpp

SNode.C

Public Member Functions

Protected Member Functions

Static Private Member Functions

Private Attributes

Additional Inherited Members

Detailed Description

Constructor & Destructor Documentation

◆ ConfigSocketServer()

◆ ~ConfigSocketServer()

Member Function Documentation

◆ clientHelloCallback()

◆ getSniCtx()

◆ getSslCtx()

Member Data Documentation

◆ sniCtxMap

◆ sniCtxs

◆ sslCtx