Qore Programming Language  0.9.16
SSLSocketHelper.h
1 /* -*- mode: c++; indent-tabs-mode: nil -*- */
2 /*
3  SSLSocketHelper.h
4 
5  Qore Programming Language
6 
7  Copyright (C) 2003 - 2021 Qore Technologies, s.r.o.
8 
9  Permission is hereby granted, free of charge, to any person obtaining a
10  copy of this software and associated documentation files (the "Software"),
11  to deal in the Software without restriction, including without limitation
12  the rights to use, copy, modify, merge, publish, distribute, sublicense,
13  and/or sell copies of the Software, and to permit persons to whom the
14  Software is furnished to do so, subject to the following conditions:
15 
16  The above copyright notice and this permission notice shall be included in
17  all copies or substantial portions of the Software.
18 
19  THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
20  IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
21  FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
22  AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
23  LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
24  FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
25  DEALINGS IN THE SOFTWARE.
26 
27  Note that the Qore library is released under a choice of three open-source
28  licenses: MIT (as above), LGPL 2+, or GPL 2+; see README-LICENSE for more
29  information.
30 */
31 
32 #ifndef _QORE_SSLSOCKETHELPER_H
33 
34 #define _QORE_SSLSOCKETHELPER_H
35 
36 #ifdef NEED_SSL_CTX_NEW_CONST
37 #define SSL_METHOD_CONST const
38 #else
39 #define SSL_METHOD_CONST
40 #endif
41 
42 hashdecl qore_socket_private;
43 
44 typedef enum {
45  READ,
46  WRITE,
47  PEEK,
48 } SslAction;
49 
50 static inline const char* get_action_method(SslAction action) {
51  switch (action) {
52  case READ: return "SSL_read";
53  case WRITE: return "SSL_write";
54  case PEEK: return "SSL_peek";
55  }
56  assert(false);
57  return "<unknown>";
58 }
59 
60 class SSLSocketHelper {
61 public:
62  DLLLOCAL SSLSocketHelper(qore_socket_private& qs) : qs(qs) {
63  }
64 
65  // we do not need atomic dereferences here, all operations must be already locked
66  DLLLOCAL bool deref() {
67  if (!--refs) {
68  delete this;
69  return true;
70  }
71  return false;
72  }
73 
74  // we do not need atomic dereferences here, all operations must be already locked
75  DLLLOCAL void ref() {
76  ++refs;
77  }
78 
79  // do blocking or non-blocking SSL I/O and handle SSL_ERROR_WANT_READ and SSL_ERROR_WANT_WRITE properly
80  DLLLOCAL int doSSLRW(ExceptionSink* xsink, const char* mname, void* buf, int num, int timeout_ms,
81  SslAction action, bool do_timeout = true);
82 
83  DLLLOCAL int setClient(const char* mname, const char* sni_target_host, int sd, X509* cert, EVP_PKEY* pk,
84  ExceptionSink* xsink);
85  DLLLOCAL int setServer(const char* mname, int sd, X509* cert, EVP_PKEY* pk, ExceptionSink* xsink);
86  // returns 0 for success
87  DLLLOCAL int connect(const char* mname, int timeout_ms, ExceptionSink* xsink);
88  // returns 0 for success
89  DLLLOCAL int accept(const char* mname, int timeout_ms, ExceptionSink* xsink);
90  // returns 0 for success
91  DLLLOCAL int shutdown();
92  // returns 0 for success
93  DLLLOCAL int shutdown(ExceptionSink* xsink);
94  // read with optional timeout in milliseconds
95  DLLLOCAL int read(const char* mname, char* buf, int size, int timeout_ms, ExceptionSink* xsink);
96  // returns 0 for success
97  DLLLOCAL int write(const char* mname, const void* buf, int size, int timeout_ms, ExceptionSink* xsink);
98  DLLLOCAL const char* getCipherName() const;
99  DLLLOCAL const char* getCipherVersion() const;
100  DLLLOCAL X509* getPeerCertificate() const;
101  DLLLOCAL long verifyPeerCertificate() const;
102 
103  DLLLOCAL void setVerifyMode(int mode, bool accept_all_certs, const std::string& target);
104 
105  DLLLOCAL bool captureRemoteCert() const;
106  DLLLOCAL void clearRemoteCertContext() const;
107 
108 private:
109  qore_socket_private& qs;
110  SSL_METHOD_CONST SSL_METHOD* meth = nullptr;
111  SSL_CTX* ctx = nullptr;
112  SSL* ssl = nullptr;
113  unsigned refs = 1;
114 
115  DLLLOCAL int setIntern(const char* meth, int sd, X509* cert, EVP_PKEY* pk, ExceptionSink* xsink);
116 
117  // non-blocking I/O helper
118  DLLLOCAL int doSSLUpgradeNonBlockingIO(int rc, const char* mname, int timeout_ms, const char* ssl_func,
119  ExceptionSink* xsink);
120 
121  DLLLOCAL ~SSLSocketHelper();
122 
123  // must be called with refs > 1
124  DLLLOCAL bool sslError(ExceptionSink* xsink, const char* meth, const char* msg, bool always_error = true);
125 
126  DLLLOCAL void handleErrorIntern(ExceptionSink* xsink, int e, const char* mname, const char* func,
127  bool always_error);
128 };
129 
130 class SSLSocketReferenceHelper {
131 public:
132  DLLLOCAL SSLSocketReferenceHelper(SSLSocketHelper* s, bool set_thread_context = false);
133 
134  DLLLOCAL ~SSLSocketReferenceHelper();
135 
136 protected:
137  SSLSocketHelper* s;
138  bool context_saved = false;
139 };
140 
141 #endif
ExceptionSink
container for holding Qore-language exception information and also for registering a "thread_exit" ca...
Definition: ExceptionSink.h:48