SNode.C
Loading...
Searching...
No Matches
SocketAcceptor.hpp
Go to the documentation of this file.
1/*
2 * SNode.C - A Slim Toolkit for Network Communication
3 * Copyright (C) Volker Christian <me@vchrist.at>
4 * 2020, 2021, 2022, 2023, 2024, 2025, 2026
5 *
6 * This program is free software: you can redistribute it and/or modify
7 * it under the terms of the GNU Lesser General Public License as published
8 * by the Free Software Foundation, either version 3 of the License, or
9 * (at your option) any later version.
10 *
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public License
17 * along with this program. If not, see <http://www.gnu.org/licenses/>.
18 */
19
20/*
21 * MIT License
22 *
23 * Permission is hereby granted, free of charge, to any person obtaining a copy
24 * of this software and associated documentation files (the "Software"), to deal
25 * in the Software without restriction, including without limitation the rights
26 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
27 * copies of the Software, and to permit persons to whom the Software is
28 * furnished to do so, subject to the following conditions:
29 *
30 * The above copyright notice and this permission notice shall be included in
31 * all copies or substantial portions of the Software.
32 *
33 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
34 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
35 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
36 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
37 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
38 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
39 * THE SOFTWARE.
40 */
41
42#include "core/socket/stream/SocketAcceptor.hpp"
43#include "core/socket/stream/tls/SocketAcceptor.h"
44
45#ifndef DOXYGEN_SHOULD_SKIP_THIS
46
47#include "core/socket/stream/tls/ssl_utils.h"
48#include "log/Logger.h"
49
50#include <algorithm>
51#include <openssl/ssl.h>
52#include <string>
53
54#endif /* DOXYGEN_SHOULD_SKIP_THIS */
55
56namespace core::socket::stream::tls {
57
58 template <typename PhysicalServerSocket, typename Config>
59 SocketAcceptor<PhysicalServerSocket, Config>::SocketAcceptor(
60 const std::shared_ptr<SocketContextFactory>& socketContextFactory,
61 const std::function<void(SocketConnection*)>& onConnect,
62 const std::function<void(SocketConnection*)>& onConnected,
63 const std::function<void(SocketConnection*)>& onDisconnect,
64 const std::function<void(core::eventreceiver::AcceptEventReceiver*)>& onInitState,
65 const std::function<void(const SocketAddress&, core::socket::State)>& onStatus,
66 const std::shared_ptr<Config>& config)
67 : Super(
68 [onConnect, this](SocketConnection* socketConnection) { // onConnect
69 onConnect(socketConnection);
70
71 SSL* ssl = socketConnection->startSSL(socketConnection->getFd(), Super::config->getSslCtx());
72 if (ssl != nullptr) {
73 SSL_set_accept_state(ssl);
74 SSL_set_ex_data(ssl, 1, Super::config.get());
75 }
76 },
77 [socketContextFactory, onConnected](SocketConnection* socketConnection) { // on Connected
78 LOG(TRACE) << socketConnection->getConnectionName() << " SSL/TLS: Start handshake";
79 if (!socketConnection->doSSLHandshake(
80 [socketContextFactory,
81 onConnected,
82 socketConnection]() { // onSuccess
83 LOG(DEBUG) << socketConnection->getConnectionName() << " SSL/TLS: Handshake success";
84
85 onConnected(socketConnection);
86
87 socketConnection->setSocketContext(socketContextFactory);
88 },
89 [socketConnection]() { // onTimeout
90 LOG(ERROR) << socketConnection->getConnectionName() << "SSL/TLS: Handshake timed out";
91
92 socketConnection->close();
93 },
94 [socketConnection](int sslErr) { //
95 ssl_log(socketConnection->getConnectionName() + " SSL/TLS: Handshake failed", sslErr);
96
97 socketConnection->close();
98 })) {
99 LOG(ERROR) << socketConnection->getConnectionName() + " SSL/TLS: Handshake failed";
100
101 socketConnection->close();
102 }
103 },
104 [onDisconnect, instanceName = config->getInstanceName()](SocketConnection* socketConnection) { // onDisconnect
105 socketConnection->stopSSL();
106 onDisconnect(socketConnection);
107 },
108 onInitState,
109 onStatus,
110 config) {
111 if (core::eventLoopState() == core::State::RUNNING) {
112 init();
113 } else {
114 Super::destruct();
115 }
116 }
117
118 template <typename PhysicalSocketServer, typename Config>
119 SocketAcceptor<PhysicalSocketServer, Config>::SocketAcceptor(const SocketAcceptor& socketAcceptor)
120 : Super(socketAcceptor) {
121 if (core::eventLoopState() == core::State::RUNNING) {
122 init();
123 } else {
124 Super::destruct();
125 }
126 }
127
128 template <typename PhysicalClientSocket, typename Config>
129 void SocketAcceptor<PhysicalClientSocket, Config>::useNextSocketAddress() {
130 new SocketAcceptor(*this);
131 }
132
133 template <typename PhysicalSocketServer, typename Config>
134 void SocketAcceptor<PhysicalSocketServer, Config>::init() {
135 if (core::eventLoopState() == core::State::RUNNING && !config->getDisabled()) {
136 LOG(TRACE) << config->getInstanceName() << " SSL/TLS: SSL_CTX creating ...";
137 SSL_CTX* sslCtx = config->getSslCtx();
138
139 if (sslCtx != nullptr) {
140 LOG(DEBUG) << config->getInstanceName() << " SSL/TLS: SSL_CTX created";
141
142 SSL_CTX_set_client_hello_cb(sslCtx, clientHelloCallback, nullptr);
143
144 Super::init();
145 } else {
146 LOG(ERROR) << config->getInstanceName() << " SSL/TLS: SSL/TLS creation failed";
147
148 Super::onStatus(Super::config->Local::getSocketAddress(), core::socket::STATE_ERROR);
149 Super::destruct();
150 }
151 } else {
152 Super::init();
153 }
154 }
155
156 template <typename PhysicalSocketServer, typename Config>
157 int SocketAcceptor<PhysicalSocketServer, Config>::clientHelloCallback(SSL* ssl, int* al, [[maybe_unused]] void* arg) {
158 int ret = SSL_CLIENT_HELLO_SUCCESS;
159
160 const std::string connectionName = *static_cast<std::string*>(SSL_get_ex_data(ssl, 0));
161 Config* config = static_cast<Config*>(SSL_get_ex_data(ssl, 1));
162
163 std::string serverNameIndication = core::socket::stream::tls::ssl_get_servername_from_client_hello(ssl);
164
165 if (!serverNameIndication.empty()) {
166 SSL_CTX* sniSslCtx = config->getSniCtx(serverNameIndication);
167
168 if (sniSslCtx != nullptr) {
169 LOG(DEBUG) << connectionName << " SSL/TLS: Setting sni certificate for '" << serverNameIndication << "'";
170 core::socket::stream::tls::ssl_set_ssl_ctx(ssl, sniSslCtx);
171 } else if (config->getForceSni()) {
172 LOG(ERROR) << connectionName << " SSL/TLS: No sni certificate found for '" << serverNameIndication
173 << "' but forceSni set - terminating";
174 ret = SSL_CLIENT_HELLO_ERROR;
175 *al = SSL_AD_UNRECOGNIZED_NAME;
176 } else {
177 LOG(WARNING) << connectionName << " SSL/TLS: No sni certificate found for '" << serverNameIndication
178 << "'. Still using master certificate";
179 }
180 } else {
181 LOG(DEBUG) << connectionName << " SSL/TLS: No sni certificate requested from client. Still using master certificate";
182 }
183
184 return ret;
185 }
186
187} // namespace core::socket::stream::tls
core::socket::stream::tls::SocketAcceptor::SocketAddress
typename Super::SocketAddress SocketAddress
Definition SocketAcceptor.h:68
core::socket::stream::tls::SocketAcceptor::SocketAcceptor
SocketAcceptor(const std::shared_ptr< core::socket::stream::SocketContextFactory > &socketContextFactory, const std::function< void(SocketConnection *)> &onConnect, const std::function< void(SocketConnection *)> &onConnected, const std::function< void(SocketConnection *)> &onDisconnect, const std::function< void(core::eventreceiver::AcceptEventReceiver *)> &onInitState, const std::function< void(const SocketAddress &, core::socket::State)> &onStatus, const std::shared_ptr< Config > &config)
Definition SocketAcceptor.hpp:59
core::socket::stream::tls::SocketAcceptor::clientHelloCallback
static int clientHelloCallback(SSL *ssl, int *al, void *arg)
Definition SocketAcceptor.hpp:157
core::socket::stream::tls::SocketAcceptor::SocketConnection
typename Super::SocketConnection SocketConnection
Definition SocketAcceptor.h:70
core::socket::stream::tls::SocketAcceptor::SocketAcceptor
SocketAcceptor(const SocketAcceptor &socketAcceptor)
Definition SocketAcceptor.hpp:119
core::socket::stream::tls::SocketAcceptor::Super
core::socket::stream::SocketAcceptor< PhysicalSocketServerT, ConfigT, core::socket::stream::tls::SocketConnection > Super
Definition SocketAcceptor.h:65
core::socket::stream::tls::ssl_set_ssl_ctx
SSL_CTX * ssl_set_ssl_ctx(SSL *ssl, SSL_CTX *sslCtx)
Definition ssl_utils.cpp:255
core::socket::stream::tls::ssl_get_servername_from_client_hello
std::string ssl_get_servername_from_client_hello(SSL *ssl)
Definition ssl_utils.cpp:273
core::State
State
Definition State.h:51
core::State::RUNNING
@ RUNNING
Definition State.h:51
core::eventLoopState
State eventLoopState()
Definition State.cpp:52