E-MailRelay
gssl.h
Go to the documentation of this file.
1//
2// Copyright (C) 2001-2021 Graeme Walker <graeme_walker@users.sourceforge.net>
3//
4// This program is free software: you can redistribute it and/or modify
5// it under the terms of the GNU General Public License as published by
6// the Free Software Foundation, either version 3 of the License, or
7// (at your option) any later version.
8//
9// This program is distributed in the hope that it will be useful,
10// but WITHOUT ANY WARRANTY; without even the implied warranty of
11// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12// GNU General Public License for more details.
13//
14// You should have received a copy of the GNU General Public License
15// along with this program. If not, see <http://www.gnu.org/licenses/>.
16// ===
17///
18/// \file gssl.h
19///
20/// An interface to an underlying TLS library.
21///
22
23#ifndef G_SSL_H
24#define G_SSL_H
25
26#include "gdef.h"
27#include "gstrings.h"
28#include "greadwrite.h"
29#include <string>
30#include <utility>
31#include <memory>
32
33namespace GSsl
34{
35 class Library ;
36 class Profile ;
37 class Protocol ;
38 class Digester ;
39 class LibraryImpBase ;
40 class ProtocolImpBase ;
41 class DigesterImpBase ;
42}
43
44//| \class GSsl::Protocol
45/// A TLS protocol class. A protocol object should be constructed for each
46/// secure socket. The Protocol::connect() and Protocol::accept() methods
47/// are used to link the connection's i/o methods with the Protocol object.
48/// Event handling for the connection is performed by the client code
49/// according to the result codes from read(), write(), connect() and
50/// accept().
51///
52/// Client code will generally need separate states to reflect an incomplete
53/// read(), write(), connect(), accept() or shutdown() in order that they can
54/// be retried. The distinction between a return code of Result::read or
55/// Result::write should dictate whether the connection is put into the event
56/// loop's read list or write list but it should not influence the resulting
57/// state; in each state socket read events and write events can be handled
58/// identically, by retrying the incomplete function call.
59///
60/// The protocol is half-duplex in the sense that it is not possible to read()
61/// data while a write() is incomplete or write() data while a read() is
62/// incomplete. (Nor is it allowed to issue a second call while the first is
63/// still incomplete.)
64///
66{
67public:
68 enum class Result // Result enumeration for GSsl::Protocol i/o methods.
69 {
70 ok ,
71 read ,
72 write ,
73 error ,
74 more
75 } ;
76
77 explicit Protocol( const Profile & , const std::string & peer_certificate_name = std::string() ,
78 const std::string & peer_host_name = std::string() ) ;
79 ///< Constructor.
80 ///<
81 ///< The optional "peer-certificate-name" parameter is used as an
82 ///< additional check on the peer certificate. In the simplest case
83 ///< a client passes the server's domain name and this is checked for
84 ///< an exact match against the certificate's subject CNAME (eg.
85 ///< "CN=*.example.com"). A valid CA database is required. If the
86 ///< peer-certificate-name parameter is empty then a default value
87 ///< is taken from the profile (see Library::addProfile()).
88 ///<
89 ///< The optional "peer-host-name" parameter is included in the
90 ///< TLS handshake to indicate the required peer hostname. This
91 ///< is typcially used by clients for server-name-identification
92 ///< (SNI) when connecting to virtual hosts, allowing servers to
93 ///< assume the appropriate identity. If the peer-host-name
94 ///< parameter is empty then a default value is taken from the
95 ///< profile (see Library::addProfile()).
96 ///<
97 ///< Some underlying libraries treat peer-certificate-name and
98 ///< peer-host-name to be the same, using wildcard matching of
99 ///< the certificate CNAME against the peer-host-name.
100
102 ///< Destructor.
103
104 Result connect( G::ReadWrite & io ) ;
105 ///< Starts the protocol actively (as a client).
106
107 Result accept( G::ReadWrite & io ) ;
108 ///< Starts the protocol passively (as a server).
109
110 Result shutdown() ;
111 ///< Initiates the protocol shutdown by sending a "close notify
112 ///< shutdown alert" and does a socket shutdown once the alert
113 ///< is fully sent.
114
115 Result read( char * buffer , std::size_t buffer_size_in , ssize_t & data_size_out ) ;
116 ///< Reads user data into the supplied buffer.
117 ///<
118 ///< Returns Result::read if there is not enough transport data to
119 ///< complete the internal TLS data packet. In this case the file
120 ///< descriptor should remain in the select() read list and the
121 ///< Protocol::read() should be retried using the same parameters
122 ///< once the file descriptor is ready to be read.
123 ///<
124 ///< Returns Result::write if the TLS layer tried to write to the
125 ///< file descriptor and had flow control asserted. In this case
126 ///< the file descriptor should be added to the select() write
127 ///< list and the Protocol::read() should be retried using the
128 ///< same parameters once the file descriptor is ready to be
129 ///< written.
130 ///<
131 ///< Returns Result::ok if the internal TLS data packet is complete
132 ///< and it has been completely deposited in the supplied buffer.
133 ///<
134 ///< Returns Result::more if the internal TLS data packet is complete
135 ///< and the supplied buffer was too small to take it all. In this
136 ///< case there will be no read event to trigger more read()s so
137 ///< call read() again imediately.
138 ///<
139 ///< Returns Result::error if the transport connnection was lost
140 ///< or if the TLS session was shut down by the peer or if there
141 ///< was an error.
142
143 Result write( const char * buffer , std::size_t data_size_in , ssize_t & data_size_out ) ;
144 ///< Writes user data.
145 ///<
146 ///< Returns Result::ok if fully sent.
147 ///<
148 ///< Returns Result::read if the TLS layer needs more transport
149 ///< data (eg. for a renegotiation). The write() should be repeated
150 ///< using the same parameters on the file descriptor's next
151 ///< readable event.
152 ///<
153 ///< Returns Result::write if the TLS layer was blocked in
154 ///< writing transport data. The write() should be repeated
155 ///< using the same parameters on the file descriptor's next
156 ///< writable event.
157 ///<
158 ///< Never returns Result::more.
159 ///<
160 ///< Returns Result::error if the transport connnection was lost
161 ///< or if the TLS session was shut down by the peer or on error.
162
163 static std::string str( Result result ) ;
164 ///< Converts a result enumeration into a printable string.
165 ///< Used in logging and diagnostics.
166
167 std::string peerCertificate() const ;
168 ///< Returns the peer certificate in PEM format. This can be
169 ///< interpreted using "openssl x509 -in ... -noout -text".
170
171 std::string cipher() const ;
172 ///< Returns the cipher name, or the empty string if not
173 ///< yet available.
174
175 std::string protocol() const ;
176 ///< Returns the protocol version like "TLSv1.2" or the empty
177 ///< string.
178
179 bool verified() const ;
180 ///< Returns true if the peer certificate has been verified.
181
182 std::string peerCertificateChain() const ;
183 ///< Returns the peer certificate chain in PEM format, starting
184 ///< with the peer certificate and progressing towards the
185 ///< root CA.
186 ///<
187 ///< This is not supported by all underlying TLS libraries; the
188 ///< returned string may be just the peerCertificate().
189
190public:
191 Protocol( const Protocol & ) = delete ;
192 Protocol( Protocol && ) = delete ;
193 void operator=( const Protocol & ) = delete ;
194 void operator=( Protocol && ) = delete ;
195
196private:
197 std::unique_ptr<ProtocolImpBase> m_imp ;
198} ;
199
200//| \class GSsl::Digester
201/// A class for objects that can perform a cryptographic hash.
202/// Instances are created by the Library::digester() factory
203/// method and can then be copied around.
204///
205/// Use add() one or more times, then call either state() or
206/// value() and discard. The state() string can be passed in
207/// to the Library factory method to get the digest to start
208/// from the intermediate state. However, the statesize() method
209/// returns zero if intermediate state is not supported
210/// by the underlying library.
211///
213{
214public:
215 explicit Digester( std::unique_ptr<DigesterImpBase> ) ;
216 ///< Constructor, used by the Library class.
217
218 std::size_t blocksize() const ;
219 ///< Returns the hash function's block size in bytes.
220
221 std::size_t valuesize() const ;
222 ///< Returns the hash function's value size in bytes.
223
224 std::size_t statesize() const ;
225 ///< Returns the size of the state() string in bytes,
226 ///< or zero if state() is not implemented.
227
228 void add( const std::string & ) ;
229 ///< Adds data of arbitrary size.
230
231 std::string state() ;
232 ///< Returns the intermediate state. The state string can be
233 ///< persisted and reused across different implementations, so
234 ///< it is standardised as some number of 32-bit little-endian
235 ///< values making up valuesize() bytes, followed by one
236 ///< 32-bit little-endian value holding the total add()ed
237 ///< size.
238
239 std::string value() ;
240 ///< Returns the hash value.
241
242private:
243 std::shared_ptr<DigesterImpBase> m_imp ;
244} ;
245
246//| \class GSsl::Library
247/// A singleton class for initialising the underlying TLS library.
248/// The library is configured with one or more named "profiles", and
249/// Protocol objects are constructed with reference to a particular
250/// profile. Typical profile names are "server" and "client".
251///
253{
254public:
255 using LogFn = void (*)(int, const std::string &) ;
256
257 explicit Library( bool active = true , const std::string & library_config = std::string() ,
258 LogFn = Library::log , bool verbose = true ) ;
259 ///< Constructor.
260 ///<
261 ///< The 'active' parameter can be set to false as an optimisation if the
262 ///< library is not going to be used; calls to addProfile() will do
263 ///< nothing, calls to hasProfile() will return false, and calls to
264 ///< profile() will throw.
265 ///<
266 ///< The library-config parameter should be empty by default; the format
267 ///< and interpretation are undefined at this interface.
268
269 ~Library() ;
270 ///< Destructor. Cleans up the underlying TLS library.
271
272 static void log( int level , const std::string & line ) ;
273 ///< The default logging callback function, where the level is 1 for
274 ///< debug, 2 for info, 3 for warnings, and 4 for errors. There
275 ///< will be no level 1 logging if the constructor's 'verbose'
276 ///< flag was false.
277
278 static Library * instance() ;
279 ///< Returns a pointer to a library object, if any.
280
281 void addProfile( const std::string & profile_name , bool is_server_profile ,
282 const std::string & key_file = std::string() , const std::string & cert_file = std::string() ,
283 const std::string & ca_path = std::string() ,
284 const std::string & default_peer_certificate_name = std::string() ,
285 const std::string & default_peer_host_name = std::string() ,
286 const std::string & profile_config = std::string() ) ;
287 ///< Creates a named Profile object that can be retrieved by profile().
288 ///<
289 ///< A typical application will have two profiles named "client" and "server".
290 ///< The "is-server-profile" flag indicates whether Protocol::connect()
291 ///< or Protocol::accept() will be used.
292 ///<
293 ///< The "key-file" and "cert-file" parameters point to a PEM files containing
294 ///< our own key and certificate, and this can be the same file if it contains
295 ///< both. These are required if acting as a server, but if not supplied
296 ///< this method will succeed with the failures occuring in any subsequent
297 ///< server-side session setup.
298 ///<
299 ///< The "ca-path" parameter points to a file or directory containing a
300 ///< database of CA certificates used for peer certificate verification.
301 ///< If this is "<none>" then a server will not ask its client for a
302 ///< certificate; if it is empty then the peer certificate will be requested,
303 ///< but the server will not require a certificate from the client, and
304 ///< any certificate received will not be not verified; if it is a file
305 ///< system path or "<default>" then a peer certificate will be required
306 ///< and it will be verified against the CA database.
307 ///<
308 ///< The "default-peer-certificate-name" parameter is used by Protocol
309 ///< objects created from this Profile in cases when the Protocol does not
310 ///< get a more specific peer-certificate-name passed in its constructor.
311 ///<
312 ///< Similarly the "default-peer-host-name" is used by Protocol objects
313 ///< if they do not get a more specific peer-host-name in their constructor.
314 ///<
315 ///< The "profile-config" parameter is used for any additional configuration
316 ///< items; the format and interpretation are undefined at this interface.
317
318 bool hasProfile( const std::string & profile_name ) const ;
319 ///< Returns true if the named profile has been add()ed.
320
321 const Profile & profile( const std::string & profile_name ) const ;
322 ///< Returns an opaque reference to the named profile. The profile
323 ///< can be used to construct a protocol instance.
324
325 bool enabled() const ;
326 ///< Returns true if this is a real TLS library and the constructor's active
327 ///< parameter was set.
328
329 std::string id() const ;
330 ///< Returns the TLS library name and version.
331
332 bool generateKeyAvailable() const ;
333 ///< Returns true if generateKey() is implemented.
334
335 std::string generateKey( const std::string & name ) const ;
336 ///< Generates a test certificate as a PEM string with embedded newlines,
337 ///< also containing the private-key. Returns the empty string if not
338 ///< implemented. Throws on error. The implementation will
339 ///< normally be slow and blocking.
340
341 static LibraryImpBase & impstance() ;
342 ///< Returns a reference to the pimple object when enabled(). Used in
343 ///< implementations. Throws if none.
344
345 static bool real() ;
346 ///< Returns true if this is a real TLS library.
347
348 static std::string credit( const std::string & prefix , const std::string & eol , const std::string & eot ) ;
349 ///< Returns a multi-line library credit for all available TLS libraries.
350
351 static std::string ids() ;
352 ///< Returns a concatenation of all available TLS library names and versions.
353
354 static bool enabledAs( const std::string & profile_name ) ;
355 ///< A static convenience function that returns true if there is an
356 ///< enabled() Library instance() that has the named profile.
357
358 static G::StringArray digesters( bool need_state = false ) ;
359 ///< Returns a list of hash function names (such as "MD5") that the TLS
360 ///< library can do, ordered roughly from strongest to weakest. Returns
361 ///< the empty list if there is no Library instance. If the boolean
362 ///< parameter is true then the returned list is limited to those
363 ///< hash functions that can generate and be initialised with an
364 ///< intermediate state.
365
366 Digester digester( const std::string & name , const std::string & state = std::string() , bool need_state = false ) const ;
367 ///< Returns a digester object.
368
369public:
370 Library( const Library & ) = delete ;
371 Library( Library && ) = delete ;
372 void operator=( const Library & ) = delete ;
373 void operator=( Library && ) = delete ;
374
375private:
376 const LibraryImpBase & imp() const ;
377 LibraryImpBase & imp() ;
378 static std::unique_ptr<LibraryImpBase> newLibraryImp( G::StringArray & , Library::LogFn , bool ) ;
379
380private:
381 static Library * m_this ;
382 std::unique_ptr<LibraryImpBase> m_imp ;
383} ;
384
385//| \class GSsl::LibraryImpBase
386/// A base interface for GSsl::Library pimple classes. A common base allows
387/// for multiple TLS libraries to be built in and then selected at run-time.
388///
390{
391public:
392 virtual ~LibraryImpBase() = default ;
393 ///< Destructor.
394
395 virtual std::string id() const = 0 ;
396 ///< Implements Library::id().
397
398 virtual void addProfile( const std::string & , bool , const std::string & , const std::string & ,
399 const std::string & , const std::string & , const std::string & , const std::string & ) = 0 ;
400 ///< Implements Library::addProfile().
401
402 virtual bool hasProfile( const std::string & profile_name ) const = 0 ;
403 ///< Implements Library::hasProfile().
404
405 virtual const Profile & profile( const std::string & profile_name ) const = 0 ;
406 ///< Implements Library::profile().
407
408 virtual G::StringArray digesters( bool ) const = 0 ;
409 ///< Implements Library::digesters().
410
411 virtual Digester digester( const std::string & , const std::string & , bool ) const = 0 ;
412 ///< Implements Library::digester().
413
414 virtual bool generateKeyAvailable() const = 0 ;
415 ///< Implements Library::generateKeyAvailable().
416
417 virtual std::string generateKey( const std::string & ) const = 0 ;
418 ///< Implements Library::generateKey().
419
420 static bool consume( G::StringArray & list , const std::string & item ) ;
421 ///< A convenience function that removes the item from
422 ///< the list and returns true iff is was removed.
423} ;
424
425//| \class GSsl::Profile
426/// A base interface for profile classes that work with concrete classes
427/// derived from GSsl::LibraryImpBase and GSsl::ProtocolImpBase.
428///
430{
431public:
432 virtual ~Profile() = default ;
433 ///< Destructor.
434
435 virtual std::unique_ptr<ProtocolImpBase> newProtocol( const std::string & , const std::string & ) const = 0 ;
436 ///< Factory method for a new Protocol object on the heap.
437} ;
438
439//| \class GSsl::ProtocolImpBase
440/// A base interface for GSsl::Protocol pimple classes.
441///
443{
444public:
445 virtual ~ProtocolImpBase() = default ;
446 ///< Destructor.
447
448 virtual Protocol::Result connect( G::ReadWrite & ) = 0 ;
449 ///< Implements Protocol::connect().
450
451 virtual Protocol::Result accept( G::ReadWrite & ) = 0 ;
452 ///< Implements Protocol::accept().
453
454 virtual Protocol::Result shutdown() = 0 ;
455 ///< Implements Protocol::shutdown().
456
457 virtual Protocol::Result read( char * , std::size_t , ssize_t & ) = 0 ;
458 ///< Implements Protocol::read().
459
460 virtual Protocol::Result write( const char * , std::size_t , ssize_t & ) = 0 ;
461 ///< Implements Protocol::write().
462
463 virtual std::string peerCertificate() const = 0 ;
464 ///< Implements Protocol::peerCertificate().
465
466 virtual std::string peerCertificateChain() const = 0 ;
467 ///< Implements Protocol::peerCertificateChain().
468
469 virtual std::string cipher() const = 0 ;
470 ///< Implements Protocol::cipher().
471
472 virtual std::string protocol() const = 0 ;
473 ///< Implements Protocol::protocol().
474
475 virtual bool verified() const = 0 ;
476 ///< Implements Protocol::verified().
477} ;
478
479//| \class GSsl::DigesterImpBase
480/// A base interface for GSsl::Digester pimple classes.
481///
483{
484public:
485 virtual ~DigesterImpBase() = default ;
486 ///< Destructor.
487
488 virtual void add( const std::string & ) = 0 ;
489 ///< Implements Digester::add().
490
491 virtual std::string value() = 0 ;
492 ///< Implements Digester::value().
493
494 virtual std::string state() = 0 ;
495 ///< Implements Digester::state().
496
497 virtual std::size_t blocksize() const = 0 ;
498 ///< Implements Digester::blocksize().
499
500 virtual std::size_t valuesize() const = 0 ;
501 ///< Implements Digester::valuesize().
502
503 virtual std::size_t statesize() const = 0 ;
504 ///< Implements Digester::statesize().
505} ;
506
507#endif
A base interface for GSsl::Digester pimple classes.
Definition: gssl.h:483
virtual std::string state()=0
Implements Digester::state().
virtual std::size_t blocksize() const =0
Implements Digester::blocksize().
virtual ~DigesterImpBase()=default
Destructor.
virtual std::size_t valuesize() const =0
Implements Digester::valuesize().
virtual std::string value()=0
Implements Digester::value().
virtual std::size_t statesize() const =0
Implements Digester::statesize().
virtual void add(const std::string &)=0
Implements Digester::add().
A class for objects that can perform a cryptographic hash.
Definition: gssl.h:213
std::size_t valuesize() const
Returns the hash function's value size in bytes.
Definition: gssl.cpp:245
std::size_t statesize() const
Returns the size of the state() string in bytes, or zero if state() is not implemented.
Definition: gssl.cpp:250
std::string value()
Returns the hash value.
Definition: gssl.cpp:230
void add(const std::string &)
Adds data of arbitrary size.
Definition: gssl.cpp:225
std::size_t blocksize() const
Returns the hash function's block size in bytes.
Definition: gssl.cpp:240
std::string state()
Returns the intermediate state.
Definition: gssl.cpp:235
Digester(std::unique_ptr< DigesterImpBase >)
Constructor, used by the Library class.
Definition: gssl.cpp:220
A base interface for GSsl::Library pimple classes.
Definition: gssl.h:390
virtual ~LibraryImpBase()=default
Destructor.
virtual bool hasProfile(const std::string &profile_name) const =0
Implements Library::hasProfile().
virtual const Profile & profile(const std::string &profile_name) const =0
Implements Library::profile().
virtual Digester digester(const std::string &, const std::string &, bool) const =0
Implements Library::digester().
virtual std::string id() const =0
Implements Library::id().
virtual G::StringArray digesters(bool) const =0
Implements Library::digesters().
virtual bool generateKeyAvailable() const =0
Implements Library::generateKeyAvailable().
static bool consume(G::StringArray &list, const std::string &item)
A convenience function that removes the item from the list and returns true iff is was removed.
Definition: gssl.cpp:257
virtual std::string generateKey(const std::string &) const =0
Implements Library::generateKey().
virtual void addProfile(const std::string &, bool, const std::string &, const std::string &, const std::string &, const std::string &, const std::string &, const std::string &)=0
Implements Library::addProfile().
A singleton class for initialising the underlying TLS library.
Definition: gssl.h:253
static bool enabledAs(const std::string &profile_name)
A static convenience function that returns true if there is an enabled() Library instance() that has ...
Definition: gssl.cpp:103
Digester digester(const std::string &name, const std::string &state=std::string(), bool need_state=false) const
Returns a digester object.
Definition: gssl.cpp:144
bool hasProfile(const std::string &profile_name) const
Returns true if the named profile has been add()ed.
Definition: gssl.cpp:91
Library(bool active=true, const std::string &library_config=std::string(), LogFn=Library::log, bool verbose=true)
Constructor.
Definition: gssl.cpp:30
bool generateKeyAvailable() const
Returns true if generateKey() is implemented.
Definition: gssl.cpp:71
static Library * instance()
Returns a pointer to a library object, if any.
Definition: gssl.cpp:56
std::string id() const
Returns the TLS library name and version.
Definition: gssl.cpp:66
static LibraryImpBase & impstance()
Returns a reference to the pimple object when enabled().
Definition: gssl.cpp:108
static std::string credit(const std::string &prefix, const std::string &eol, const std::string &eot)
Returns a multi-line library credit for all available TLS libraries.
static bool real()
Returns true if this is a real TLS library.
Definition: gssl.cpp:51
static std::string ids()
Returns a concatenation of all available TLS library names and versions.
void addProfile(const std::string &profile_name, bool is_server_profile, const std::string &key_file=std::string(), const std::string &cert_file=std::string(), const std::string &ca_path=std::string(), const std::string &default_peer_certificate_name=std::string(), const std::string &default_peer_host_name=std::string(), const std::string &profile_config=std::string())
Creates a named Profile object that can be retrieved by profile().
Definition: gssl.cpp:81
const Profile & profile(const std::string &profile_name) const
Returns an opaque reference to the named profile.
Definition: gssl.cpp:96
bool enabled() const
Returns true if this is a real TLS library and the constructor's active parameter was set.
Definition: gssl.cpp:61
static G::StringArray digesters(bool need_state=false)
Returns a list of hash function names (such as "MD5") that the TLS library can do,...
Definition: gssl.cpp:139
~Library()
Destructor. Cleans up the underlying TLS library.
Definition: gssl.cpp:45
static void log(int level, const std::string &line)
The default logging callback function, where the level is 1 for debug, 2 for info,...
Definition: gssl.cpp:129
std::string generateKey(const std::string &name) const
Generates a test certificate as a PEM string with embedded newlines, also containing the private-key.
Definition: gssl.cpp:76
A base interface for profile classes that work with concrete classes derived from GSsl::LibraryImpBas...
Definition: gssl.h:430
virtual std::unique_ptr< ProtocolImpBase > newProtocol(const std::string &, const std::string &) const =0
Factory method for a new Protocol object on the heap.
virtual ~Profile()=default
Destructor.
A base interface for GSsl::Protocol pimple classes.
Definition: gssl.h:443
virtual bool verified() const =0
Implements Protocol::verified().
virtual std::string peerCertificate() const =0
Implements Protocol::peerCertificate().
virtual Protocol::Result connect(G::ReadWrite &)=0
Implements Protocol::connect().
virtual std::string cipher() const =0
Implements Protocol::cipher().
virtual ~ProtocolImpBase()=default
Destructor.
virtual Protocol::Result write(const char *, std::size_t, ssize_t &)=0
Implements Protocol::write().
virtual std::string protocol() const =0
Implements Protocol::protocol().
virtual Protocol::Result read(char *, std::size_t, ssize_t &)=0
Implements Protocol::read().
virtual std::string peerCertificateChain() const =0
Implements Protocol::peerCertificateChain().
virtual Protocol::Result accept(G::ReadWrite &)=0
Implements Protocol::accept().
virtual Protocol::Result shutdown()=0
Implements Protocol::shutdown().
A TLS protocol class.
Definition: gssl.h:66
Protocol(const Profile &, const std::string &peer_certificate_name=std::string(), const std::string &peer_host_name=std::string())
Constructor.
Definition: gssl.cpp:151
~Protocol()
Destructor.
Result shutdown()
Initiates the protocol shutdown by sending a "close notify shutdown alert" and does a socket shutdown...
Definition: gssl.cpp:213
Result read(char *buffer, std::size_t buffer_size_in, ssize_t &data_size_out)
Reads user data into the supplied buffer.
Definition: gssl.cpp:203
std::string cipher() const
Returns the cipher name, or the empty string if not yet available.
Definition: gssl.cpp:174
bool verified() const
Returns true if the peer certificate has been verified.
Definition: gssl.cpp:179
static std::string str(Result result)
Converts a result enumeration into a printable string.
Definition: gssl.cpp:184
std::string peerCertificateChain() const
Returns the peer certificate chain in PEM format, starting with the peer certificate and progressing ...
Definition: gssl.cpp:164
std::string protocol() const
Returns the protocol version like "TLSv1.2" or the empty string.
Definition: gssl.cpp:169
Result write(const char *buffer, std::size_t data_size_in, ssize_t &data_size_out)
Writes user data.
Definition: gssl.cpp:208
Result connect(G::ReadWrite &io)
Starts the protocol actively (as a client).
Definition: gssl.cpp:193
Result accept(G::ReadWrite &io)
Starts the protocol passively (as a server).
Definition: gssl.cpp:198
std::string peerCertificate() const
Returns the peer certificate in PEM format.
Definition: gssl.cpp:159
An abstract interface for reading and writing from a non-blocking i/o channel.
Definition: greadwrite.h:50
TLS/SSL transport layer security classes.
Definition: gssl.h:34
std::vector< std::string > StringArray
A std::vector of std::strings.
Definition: gstrings.h:31