tls Namespace Reference

Typedefs
using	SocketClient = net::in::stream::tls::SocketClient< apps::http::SimpleSocketProtocolFactory >
using	SocketAddress = SocketClient::SocketAddress
using	SocketConnection = SocketClient::SocketConnection

Functions
SocketClient	getClient ()

Typedef Documentation

SocketAddress

typedef SocketClient::SocketAddress tls::SocketAddress

private

Definition at line 145 of file httplowlevelclient.cpp.

SocketClient

typedef net::in::stream::tls::SocketClient< apps::http::SimpleSocketProtocolFactory > tls::SocketClient

private

Definition at line 144 of file httplowlevelclient.cpp.

SocketConnection

typedef SocketClient::SocketConnection tls::SocketConnection

private

Definition at line 146 of file httplowlevelclient.cpp.

Function Documentation

getClient()

SocketClient tls::getClient ( )

private

Definition at line 148 of file httplowlevelclient.cpp.

                             {
        SocketClient tlsClient(
            "tls",
            [](SocketConnection* socketConnection) { // onConnect
                VLOG(1) << "OnConnect";
 
                VLOG(1) << "\tServer: " << socketConnection->getRemoteAddress().toString();
                VLOG(1) << "\tClient: " << socketConnection->getLocalAddress().toString();
 
                /* Enable automatic hostname checks */
                // X509_VERIFY_PARAM* param = SSL_get0_param(socketConnection->getSSL());
 
                // X509_VERIFY_PARAM_set_hostflags(param, X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS);
                // if (!X509_VERIFY_PARAM_set1_host(param, "localhost", sizeof("localhost") - 1)) {
                //   // handle error
                //   socketConnection->close();
                // }
            },
            [](SocketConnection* socketConnection) { // onConnected
                VLOG(1) << "OnConnected";
 
                X509* server_cert = SSL_get_peer_certificate(socketConnection->getSSL());
                if (server_cert != nullptr) {
                    const long verifyErr = SSL_get_verify_result(socketConnection->getSSL());
 
                    VLOG(1) << "     Server certificate: " + std::string(X509_verify_cert_error_string(verifyErr));
 
                    char* str = X509_NAME_oneline(X509_get_subject_name(server_cert), nullptr, 0);
                    VLOG(1) << "        Subject: " + std::string(str);
                    OPENSSL_free(str);
 
                    str = X509_NAME_oneline(X509_get_issuer_name(server_cert), nullptr, 0);
                    VLOG(1) << "        Issuer: " + std::string(str);
                    OPENSSL_free(str);
 
                    // We could do all sorts of certificate verification stuff here before deallocating the certificate.
 
                    GENERAL_NAMES* subjectAltNames =
                        static_cast<GENERAL_NAMES*>(X509_get_ext_d2i(server_cert, NID_subject_alt_name, nullptr, nullptr));
#ifdef __GNUC__
#pragma GCC diagnostic push
#ifdef __has_warning
#if __has_warning("-Wused-but-marked-unused")
#pragma GCC diagnostic ignored "-Wused-but-marked-unused"
#endif
#endif
#endif
                    const int32_t altNameCount = sk_GENERAL_NAME_num(subjectAltNames);
#ifdef __GNUC_
#pragma GCC diagnostic pop
#endif
                    VLOG(1) << "\t   Subject alternative name count: " << altNameCount;
                    for (int32_t i = 0; i < altNameCount; ++i) {
#ifdef __GNUC__
#pragma GCC diagnostic push
#ifdef __has_warning
#if __has_warning("-Wused-but-marked-unused")
#pragma GCC diagnostic ignored "-Wused-but-marked-unused"
#endif
#endif
#endif
                        GENERAL_NAME* generalName = sk_GENERAL_NAME_value(subjectAltNames, i);
#ifdef __GNUC_
#pragma GCC diagnostic pop
#endif
                        if (generalName->type == GEN_URI) {
                            const std::string subjectAltName =
                                std::string(reinterpret_cast<const char*>(ASN1_STRING_get0_data(generalName->d.uniformResourceIdentifier)),
                                            static_cast<std::size_t>(ASN1_STRING_length(generalName->d.uniformResourceIdentifier)));
                            VLOG(1) << "\t      SAN (URI): '" + subjectAltName;
                        } else if (generalName->type == GEN_DNS) {
                            const std::string subjectAltName =
                                std::string(reinterpret_cast<const char*>(ASN1_STRING_get0_data(generalName->d.dNSName)),
                                            static_cast<std::size_t>(ASN1_STRING_length(generalName->d.dNSName)));
                            VLOG(1) << "\t      SAN (DNS): '" + subjectAltName;
                        } else {
                            VLOG(1) << "\t      SAN (Type): '" + std::to_string(generalName->type);
                        }
                    }
#ifdef __GNUC__
#pragma GCC diagnostic push
#ifdef __has_warning
#if __has_warning("-Wused-but-marked-unused")
#pragma GCC diagnostic ignored "-Wused-but-marked-unused"
#endif
#endif
#endif
                    sk_GENERAL_NAME_pop_free(subjectAltNames, GENERAL_NAME_free);
#ifdef __GNUC_
#pragma GCC diagnostic pop
#endif
                    X509_free(server_cert);
                } else {
                    VLOG(1) << "     Server certificate: no certificate";
                }
 
                socketConnection->sendToPeer("GET /index.html HTTP/1.1\r\nConnection: close\r\n\r\n"); // Connection: close\r\n\r\n");
            },
            [](SocketConnection* socketConnection) { // onDisconnect
                VLOG(1) << "OnDisconnect";
 
                VLOG(1) << "\tServer: " + socketConnection->getRemoteAddress().toString();
                VLOG(1) << "\tClient: " + socketConnection->getLocalAddress().toString();
 
            });
 
        const SocketAddress remoteAddress("localhost", 8088);
 
        tlsClient.connect(remoteAddress,
                          [instanceName = tlsClient.getConfig().getInstanceName()](
                              const SocketAddress& socketAddress,
                              const core::socket::State& state) { // example.com:81 simulate connnect timeout
                              switch (state) {
                                  case core::socket::State::OK:
                                      VLOG(1) << instanceName << ": connected to '" << socketAddress.toString() << "'";
                                      break;
                                  case core::socket::State::DISABLED:
                                      VLOG(1) << instanceName << ": disabled";
                                      break;
                                  case core::socket::State::ERROR:
                                      LOG(ERROR) << instanceName << ": " << socketAddress.toString() << ": " << state.what();
                                      break;
                                  case core::socket::State::FATAL:
                                      LOG(FATAL) << instanceName << ": " << socketAddress.toString() << ": " << state.what();
                                      break;
                              }
                          });
        return tlsClient;
    }

References core::socket::stream::SocketClient< SocketConnectorT, SocketContextFactoryT, Args >::connect(), core::socket::State::DISABLED, core::socket::State::ERROR, core::socket::State::FATAL, core::socket::Socket< ConfigT >::getConfig(), net::config::ConfigInstance::getInstanceName(), core::socket::stream::SocketConnectionT< PhysicalSocketT, SocketReaderT, SocketWriterT >::getLocalAddress(), core::socket::stream::SocketConnectionT< PhysicalSocketT, SocketReaderT, SocketWriterT >::getRemoteAddress(), core::socket::stream::tls::SocketConnection< PhysicalSocketT >::getSSL(), core::socket::State::OK, core::socket::stream::SocketConnection::sendToPeer(), net::in::SocketAddress::SocketAddress(), net::in::SocketAddress::toString(), and core::socket::State::what().

Referenced by main().

Here is the call graph for this function:

Here is the caller graph for this function: