diff options
| author | Francis Dupont <fdupont@isc.org> | 2021-02-14 18:45:26 +0100 |
|---|---|---|
| committer | Francis Dupont <fdupont@isc.org> | 2021-03-24 09:09:02 +0100 |
| commit | f011be7b87c99600407c25fe0697b9498c04be9d (patch) | |
| tree | 5a2162a7105b7408e93a26174647aa0a9c624f9f /src/lib/asiolink | |
| parent | [#1661] Checkpoint: crypto context (diff) | |
| download | kea-f011be7b87c99600407c25fe0697b9498c04be9d.tar.xz kea-f011be7b87c99600407c25fe0697b9498c04be9d.zip | |
[#1661] Checkpoint: did asiolink (but need more UTs)
Diffstat (limited to 'src/lib/asiolink')
| -rw-r--r-- | src/lib/asiolink/openssl_tls.cc | 1 | ||||
| -rw-r--r-- | src/lib/asiolink/openssl_tls.h | 52 |
2 files changed, 53 insertions, 0 deletions
diff --git a/src/lib/asiolink/openssl_tls.cc b/src/lib/asiolink/openssl_tls.cc index 0ee5e8bcc7..407b3a7d36 100644 --- a/src/lib/asiolink/openssl_tls.cc +++ b/src/lib/asiolink/openssl_tls.cc @@ -45,6 +45,7 @@ TlsContext::TlsContext(TlsRole role) boost::asio::ssl::context& TlsContext::getContext() { + ::SSL_CTX_up_ref(context_.native_handle()); return (context_); } diff --git a/src/lib/asiolink/openssl_tls.h b/src/lib/asiolink/openssl_tls.h index 9c224afcfa..7171dbe8c0 100644 --- a/src/lib/asiolink/openssl_tls.h +++ b/src/lib/asiolink/openssl_tls.h @@ -230,6 +230,58 @@ const int STREAM_TRUNCATED = boost::asio::ssl::error::stream_truncated; const int STREAM_TRUNCATED = ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SHORT_READ); #endif +/// @brief The type of underlying TLS streams. +typedef boost::asio::ssl::stream<boost::asio::ip::tcp::socket> TlsStreamImpl; + +/// @brief The type of X509 certificates. +typedef ::X509 TlsCertificate; + +/// @brief OpenSSL TLS stream. +/// +/// @param callback The callback. +template <typename Callback> +class TlsStream : public TlsStreamImpl { +public: + + /// @brief Constructor. + /// + /// @param service I/O Service object used to manage the stream. + /// @param context Pointer to the TLS context. + TlsStream(IOService& service, TlsContextPtr context) + : TlsStreamImpl(service.get_io_service(), context->getContext()), + role_(context->role_) { + } + + /// @brief Destructor. + virtual ~TlsStream() { } + + /// @brief Handshake. + /// + virtual void handshake(Callback& callback) { + using namespace boost::asio::ssl; + if (role_ == SERVER) { + async_handshake(stream_base::server, callback); + } else { + async_handshake(stream_base::client, callback); + } + } + + /// @brief Clear the SSL object. + virtual void clear() { + static_cast<void>(::SSL_clear(this->native_handle())); + } + + /// @brief Return the peer certificate. + /// + /// @note The native_handle() method is used so it can't be made const. + virtual TlsCertificate* getPeerCert() { + return (::SSL_get_peer_certificate(this->native_handle())); + } + + /// @brief The role i.e. client or server. + TlsRole role_; +}; + } // namespace asiolink } // namespace isc |