Qore Programming Language  0.9.4.6
SSLSocketHelper.h
1 /* -*- mode: c++; indent-tabs-mode: nil -*- */
2 /*
3  SSLSocketHelper.h
4 
5  Qore Programming Language
6 
7  Copyright (C) 2003 - 2020 Qore Technologies, s.r.o.
8 
9  will unlink (delete) UNIX domain socket files when closed
10 
11  Permission is hereby granted, free of charge, to any person obtaining a
12  copy of this software and associated documentation files (the "Software"),
13  to deal in the Software without restriction, including without limitation
14  the rights to use, copy, modify, merge, publish, distribute, sublicense,
15  and/or sell copies of the Software, and to permit persons to whom the
16  Software is furnished to do so, subject to the following conditions:
17 
18  The above copyright notice and this permission notice shall be included in
19  all copies or substantial portions of the Software.
20 
21  THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
22  IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
23  FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
24  AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
25  LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
26  FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
27  DEALINGS IN THE SOFTWARE.
28 
29  Note that the Qore library is released under a choice of three open-source
30  licenses: MIT (as above), LGPL 2+, or GPL 2+; see README-LICENSE for more
31  information.
32 */
33 
34 #ifndef _QORE_SSLSOCKETHELPER_H
35 
36 #define _QORE_SSLSOCKETHELPER_H
37 
38 #ifdef NEED_SSL_CTX_NEW_CONST
39 #define SSL_METHOD_CONST const
40 #else
41 #define SSL_METHOD_CONST
42 #endif
43 
44 hashdecl qore_socket_private;
45 
46 typedef enum {
47  READ,
48  WRITE,
49  PEEK,
50 } SslAction;
51 
52 static inline const char* get_action_method(SslAction action) {
53  switch (action) {
54  case READ: return "SSL_read";
55  case WRITE: return "SSL_write";
56  case PEEK: return "SSL_peek";
57  }
58  assert(false);
59  return "<unknown>";
60 }
61 
62 class SSLSocketHelper {
63 private:
64  qore_socket_private& qs;
65  SSL_METHOD_CONST SSL_METHOD* meth = nullptr;
66  SSL_CTX* ctx = nullptr;
67  SSL* ssl = nullptr;
68  unsigned refs = 1;
69 
70  DLLLOCAL int setIntern(const char* meth, int sd, X509* cert, EVP_PKEY* pk, ExceptionSink* xsink);
71 
72  // non-blocking I/O helper
73  DLLLOCAL int doSSLUpgradeNonBlockingIO(int rc, const char* mname, int timeout_ms, const char* ssl_func, ExceptionSink* xsink);
74 
75  DLLLOCAL ~SSLSocketHelper();
76 
77  // must be called with refs > 1
78  DLLLOCAL bool sslError(ExceptionSink* xsink, const char* meth, const char* msg, bool always_error = true);
79 
80 public:
81  DLLLOCAL SSLSocketHelper(qore_socket_private& qs) : qs(qs) {
82  }
83 
84  // we do not need atomic dereferences here, all operations must be already locked
85  DLLLOCAL bool deref() {
86  if (!--refs) {
87  delete this;
88  return true;
89  }
90  return false;
91  }
92 
93  // we do not need atomic dereferences here, all operations must be already locked
94  DLLLOCAL void ref() {
95  ++refs;
96  }
97 
98  // do blocking or non-blocking SSL I/O and handle SSL_ERROR_WANT_READ and SSL_ERROR_WANT_WRITE properly
99  DLLLOCAL int doSSLRW(ExceptionSink* xsink, const char* mname, void* buf, int num, int timeout_ms, SslAction action, bool do_timeout = true);
100 
101  DLLLOCAL int setClient(const char* mname, const char* sni_target_host, int sd, X509* cert, EVP_PKEY* pk, ExceptionSink* xsink);
102  DLLLOCAL int setServer(const char* mname, int sd, X509* cert, EVP_PKEY* pk, ExceptionSink* xsink);
103  // returns 0 for success
104  DLLLOCAL int connect(const char* mname, int timeout_ms, ExceptionSink* xsink);
105  // returns 0 for success
106  DLLLOCAL int accept(const char* mname, int timeout_ms, ExceptionSink* xsink);
107  // returns 0 for success
108  DLLLOCAL int shutdown();
109  // returns 0 for success
110  DLLLOCAL int shutdown(ExceptionSink* xsink);
111  // read with optional timeout in milliseconds
112  DLLLOCAL int read(const char* mname, char* buf, int size, int timeout_ms, ExceptionSink* xsink);
113  // returns 0 for success
114  DLLLOCAL int write(const char* mname, const void* buf, int size, int timeout_ms, ExceptionSink* xsink);
115  DLLLOCAL const char* getCipherName() const;
116  DLLLOCAL const char* getCipherVersion() const;
117  DLLLOCAL X509* getPeerCertificate() const;
118  DLLLOCAL long verifyPeerCertificate() const;
119 
120  DLLLOCAL void setVerifyMode(int mode, bool accept_all_certs, const std::string& target);
121 
122  DLLLOCAL bool captureRemoteCert() const;
123  DLLLOCAL void clearRemoteCertContext() const;
124 };
125 
126 class SSLSocketReferenceHelper {
127 public:
128  DLLLOCAL SSLSocketReferenceHelper(SSLSocketHelper* s, bool set_thread_context = false);
129 
130  DLLLOCAL ~SSLSocketReferenceHelper();
131 
132 protected:
133  SSLSocketHelper* s;
134  bool context_saved = false;
135 };
136 
137 #endif
ExceptionSink
container for holding Qore-language exception information and also for registering a "thread_exit" ca...
Definition: ExceptionSink.h:46