Qore Programming Language  1.12.0
SSLSocketHelper.h
1 /* -*- mode: c++; indent-tabs-mode: nil -*- */
2 /*
3  SSLSocketHelper.h
4 
5  Qore Programming Language
6 
7  Copyright (C) 2003 - 2022 Qore Technologies, s.r.o.
8 
9  Permission is hereby granted, free of charge, to any person obtaining a
10  copy of this software and associated documentation files (the "Software"),
11  to deal in the Software without restriction, including without limitation
12  the rights to use, copy, modify, merge, publish, distribute, sublicense,
13  and/or sell copies of the Software, and to permit persons to whom the
14  Software is furnished to do so, subject to the following conditions:
15 
16  The above copyright notice and this permission notice shall be included in
17  all copies or substantial portions of the Software.
18 
19  THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
20  IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
21  FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
22  AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
23  LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
24  FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
25  DEALINGS IN THE SOFTWARE.
26 
27  Note that the Qore library is released under a choice of three open-source
28  licenses: MIT (as above), LGPL 2+, or GPL 2+; see README-LICENSE for more
29  information.
30 */
31 
32 #ifndef _QORE_SSLSOCKETHELPER_H
33 
34 #define _QORE_SSLSOCKETHELPER_H
35 
36 #include <openssl/ssl.h>
37 
38 #ifdef NEED_SSL_CTX_NEW_CONST
39 #define SSL_METHOD_CONST const
40 #else
41 #define SSL_METHOD_CONST
42 #endif
43 
44 hashdecl qore_socket_private;
45 
46 typedef enum {
47  READ,
48  WRITE,
49  PEEK,
50 } SslAction;
51 
52 static inline const char* get_action_method(SslAction action) {
53  switch (action) {
54  case READ: return "SSL_read";
55  case WRITE: return "SSL_write";
56  case PEEK: return "SSL_peek";
57  }
58  assert(false);
59  return "<unknown>";
60 }
61 
62 class SSLSocketHelper {
63 public:
64  DLLLOCAL SSLSocketHelper(qore_socket_private& qs) : qs(qs) {
65  }
66 
67  // we do not need atomic dereferences here, all operations must be already locked
68  DLLLOCAL bool deref() {
69  if (!--refs) {
70  delete this;
71  return true;
72  }
73  return false;
74  }
75 
76  // we do not need atomic dereferences here, all operations must be already locked
77  DLLLOCAL void ref() {
78  ++refs;
79  }
80 
81  // do blocking or non-blocking SSL I/O and handle SSL_ERROR_WANT_READ and SSL_ERROR_WANT_WRITE properly
82  DLLLOCAL int doSSLRW(ExceptionSink* xsink, const char* mname, void* buf, int num, int timeout_ms,
83  SslAction action, bool do_timeout = true);
84 
85  // do nonblocking I/O for polling
92  DLLLOCAL int doNonBlockingIo(ExceptionSink* xsink, const char* mname, void* buf, size_t size, SslAction action,
93  size_t& real_io);
94 
95  DLLLOCAL int setClient(const char* mname, const char* sni_target_host, int sd, X509* cert, EVP_PKEY* pk,
96  ExceptionSink* xsink);
97  DLLLOCAL int setServer(const char* mname, int sd, X509* cert, EVP_PKEY* pk, ExceptionSink* xsink);
98  // returns 0 for success
99  DLLLOCAL int connect(const char* mname, int timeout_ms, ExceptionSink* xsink);
100  // returns 0 for success
101  DLLLOCAL int accept(const char* mname, int timeout_ms, ExceptionSink* xsink);
102  // returns 0 for success
103  DLLLOCAL int shutdown();
104  // returns 0 for success
105  DLLLOCAL int shutdown(ExceptionSink* xsink);
106  // read with optional timeout in milliseconds
107  DLLLOCAL int read(const char* mname, char* buf, int size, int timeout_ms, ExceptionSink* xsink);
108  // returns 0 for success
109  DLLLOCAL int write(const char* mname, const void* buf, int size, int timeout_ms, ExceptionSink* xsink);
110 
112  DLLLOCAL int startConnect(ExceptionSink* xsink);
113 
115  DLLLOCAL int startAccept(ExceptionSink* xsink);
116 
117  DLLLOCAL const char* getCipherName() const;
118  DLLLOCAL const char* getCipherVersion() const;
119  DLLLOCAL X509* getPeerCertificate() const;
120  DLLLOCAL long verifyPeerCertificate() const;
121 
122  DLLLOCAL void setVerifyMode(int mode, bool accept_all_certs, const std::string& target);
123 
124  DLLLOCAL bool captureRemoteCert() const;
125  DLLLOCAL void clearRemoteCertContext() const;
126 
127 private:
128  qore_socket_private& qs;
129  SSL_METHOD_CONST SSL_METHOD* meth = nullptr;
130  SSL_CTX* ctx = nullptr;
131  SSL* ssl = nullptr;
132  unsigned refs = 1;
133 
134  DLLLOCAL int setIntern(const char* meth, int sd, X509* cert, EVP_PKEY* pk, ExceptionSink* xsink);
135 
136  // non-blocking I/O helper
137  DLLLOCAL int doSSLUpgradeNonBlockingIO(int rc, const char* mname, int timeout_ms, const char* ssl_func,
138  ExceptionSink* xsink);
139 
140  DLLLOCAL ~SSLSocketHelper();
141 
142  // must be called with refs > 1
143  DLLLOCAL bool sslError(ExceptionSink* xsink, const char* meth, const char* msg, bool always_error = true);
144 
145  // must be called with refs > 1
146  DLLLOCAL int sysCallError(ExceptionSink* xsink, int rc, const char* mname, const char* ssl_func);
147 
148  DLLLOCAL void handleErrorIntern(ExceptionSink* xsink, int e, const char* mname, const char* func,
149  bool always_error);
150 };
151 
152 class SSLSocketReferenceHelper {
153 public:
154  DLLLOCAL SSLSocketReferenceHelper(SSLSocketHelper* s, bool set_thread_context = false);
155 
156  DLLLOCAL ~SSLSocketReferenceHelper();
157 
158 protected:
159  SSLSocketHelper* s;
160  bool context_saved = false;
161 };
162 
163 #endif
ExceptionSink
container for holding Qore-language exception information and also for registering a "thread_exit" ca...
Definition: ExceptionSink.h:48