SNode.C
Loading...
Searching...
No Matches
ssl_utils.h
Go to the documentation of this file.
1/*
2 * SNode.C - A Slim Toolkit for Network Communication
3 * Copyright (C) Volker Christian <me@vchrist.at>
4 * 2020, 2021, 2022, 2023, 2024, 2025, 2026
5 *
6 * This program is free software: you can redistribute it and/or modify
7 * it under the terms of the GNU Lesser General Public License as published
8 * by the Free Software Foundation, either version 3 of the License, or
9 * (at your option) any later version.
10 *
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public License
17 * along with this program. If not, see <http://www.gnu.org/licenses/>.
18 */
19
20/*
21 * MIT License
22 *
23 * Permission is hereby granted, free of charge, to any person obtaining a copy
24 * of this software and associated documentation files (the "Software"), to deal
25 * in the Software without restriction, including without limitation the rights
26 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
27 * copies of the Software, and to permit persons to whom the Software is
28 * furnished to do so, subject to the following conditions:
29 *
30 * The above copyright notice and this permission notice shall be included in
31 * all copies or substantial portions of the Software.
32 *
33 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
34 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
35 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
36 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
37 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
38 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
39 * THE SOFTWARE.
40 */
41
42#ifndef CORE_SOCKET_STREAM_TLS_SSL_UTILS_H
43#define CORE_SOCKET_STREAM_TLS_SSL_UTILS_H
44
45#ifndef DOXYGEN_SHOULD_SKIP_THIS
46
47#include <cstdint>
48#include <map>
49#include <string>
50
51//
52
53#include <openssl/opensslv.h>
54
55#if OPENSSL_VERSION_NUMBER >= 0x30000000L
56#include <openssl/types.h>
57#elif OPENSSL_VERSION_NUMBER >= 0x10100000L
58#include <openssl/ossl_typ.h>
59#endif
60
61#endif /* DOXYGEN_SHOULD_SKIP_THIS */
62
63#if OPENSSL_VERSION_NUMBER >= 0x30000000L
64using ssl_option_t = uint64_t;
65
66#elif OPENSSL_VERSION_NUMBER >= 0x10100000L
67using ssl_option_t = uint32_t;
68#endif
69
70namespace core::socket::stream::tls {
71
72 struct SslConfig {
73 explicit SslConfig(bool server);
74
75 std::string instanceName;
76 std::string cert;
77 std::string certKey;
78 std::string password;
79 std::string caCert;
80 std::string caCertDir;
81 bool caCertUseDefaultDir = false;
82 bool caCertAcceptUnknown = false;
83 std::string cipherList;
84 ssl_option_t sslOptions = 0;
85 bool server = false;
86 };
87
88 SSL_CTX* ssl_ctx_new(const SslConfig& sslConfig);
89 std::map<std::string, SSL_CTX*> ssl_get_sans(SSL_CTX* sslCtx);
90
91 void ssl_set_sni(SSL* ssl, const std::string& sni);
92 SSL_CTX* ssl_set_ssl_ctx(SSL* ssl, SSL_CTX* sslCtx);
93
94 void ssl_ctx_free(SSL_CTX* ctx);
95
96 std::string ssl_get_servername_from_client_hello(SSL* ssl);
97
98 void ssl_log_error(const std::string& message);
99 void ssl_log_warning(const std::string& message);
100 void ssl_log_info(const std::string& message);
101 void ssl_log(const std::string& message, int sslErr);
102
103 // From https://www.geeksforgeeks.org/wildcard-character-matching/
104 //
105 // The main function that checks if two given strings
106 // match. The first string may contain wildcard characters
107 bool match(const char* first, const char* second);
108
109} // namespace core::socket::stream::tls
110
111#endif // CORE_SOCKET_STREAM_TLS_SSL_UTILS_H
112
113/*
114ssl.h:# define SSL_ERROR_NONE 0
115ssl.h:# define SSL_ERROR_SSL 1
116ssl.h:# define SSL_ERROR_WANT_READ 2
117ssl.h:# define SSL_ERROR_WANT_WRITE 3
118ssl.h:# define SSL_ERROR_WANT_X509_LOOKUP 4
119ssl.h:# define SSL_ERROR_SYSCALL 5 // look at error stack/return
120ssl.h:# define SSL_ERROR_ZERO_RETURN 6
121ssl.h:# define SSL_ERROR_WANT_CONNECT 7
122ssl.h:# define SSL_ERROR_WANT_ACCEPT 8
123ssl.h:# define SSL_ERROR_WANT_ASYNC 9
124ssl.h:# define SSL_ERROR_WANT_ASYNC_JOB 10
125ssl.h:# define SSL_ERROR_WANT_CLIENT_HELLO_CB 11
126*/
core::socket::stream::tls::ssl_set_sni
void ssl_set_sni(SSL *ssl, const std::string &sni)
Definition ssl_utils.cpp:249
core::socket::stream::tls::match
bool match(const char *first, const char *second)
Definition ssl_utils.cpp:371
core::socket::stream::tls::ssl_log_warning
void ssl_log_warning(const std::string &message)
Definition ssl_utils.cpp:351
core::socket::stream::tls::ssl_set_ssl_ctx
SSL_CTX * ssl_set_ssl_ctx(SSL *ssl, SSL_CTX *sslCtx)
Definition ssl_utils.cpp:255
core::socket::stream::tls::ssl_log_info
void ssl_log_info(const std::string &message)
Definition ssl_utils.cpp:361
core::socket::stream::tls::ssl_get_servername_from_client_hello
std::string ssl_get_servername_from_client_hello(SSL *ssl)
Definition ssl_utils.cpp:273
core::socket::stream::tls::ssl_log
void ssl_log(const std::string &message, int sslErr)
Definition ssl_utils.cpp:316
core::socket::stream::tls::ssl_ctx_free
void ssl_ctx_free(SSL_CTX *ctx)
Definition ssl_utils.cpp:266
core::socket::stream::tls::ssl_get_sans
std::map< std::string, SSL_CTX * > ssl_get_sans(SSL_CTX *sslCtx)
Definition ssl_utils.cpp:221
core::socket::stream::tls::ssl_ctx_new
SSL_CTX * ssl_ctx_new(const SslConfig &sslConfig)
Definition ssl_utils.cpp:114
core::socket::stream::tls::ssl_log_error
void ssl_log_error(const std::string &message)
Definition ssl_utils.cpp:341