/* * IXSocketOpenSSL.h * Author: Benjamin Sergeant, Matt DeBoer * Copyright (c) 2017-2020 Machine Zone, Inc. All rights reserved. */ #ifdef IXWEBSOCKET_USE_OPEN_SSL #pragma once #include "IXCancellationRequest.h" #include "IXSocket.h" #include "IXSocketTLSOptions.h" #include #include #include #include #include #include namespace ix { class SocketOpenSSL final : public Socket { public: SocketOpenSSL(const SocketTLSOptions& tlsOptions, int fd = -1); ~SocketOpenSSL(); virtual bool accept(std::string& errMsg) final; virtual bool connect(const std::string& host, int port, std::string& errMsg, const CancellationRequest& isCancellationRequested) final; virtual void close() final; virtual ssize_t send(char* buffer, size_t length) final; virtual ssize_t recv(void* buffer, size_t length) final; private: void openSSLInitialize(); std::string getSSLError(int ret); SSL_CTX* openSSLCreateContext(std::string& errMsg); bool openSSLAddCARootsFromString(const std::string roots); bool openSSLClientHandshake(const std::string& hostname, std::string& errMsg, const CancellationRequest& isCancellationRequested); bool openSSLCheckServerCert(SSL* ssl, const std::string& hostname, std::string& errMsg); bool checkHost(const std::string& host, const char* pattern); bool handleTLSOptions(std::string& errMsg); bool openSSLServerHandshake(std::string& errMsg); // Required for OpenSSL < 1.1 static void openSSLLockingCallback(int mode, int type, const char* /*file*/, int /*line*/); SSL* _ssl_connection; SSL_CTX* _ssl_context; const SSL_METHOD* _ssl_method; SocketTLSOptions _tlsOptions; mutable std::mutex _mutex; // OpenSSL routines are not thread-safe static std::once_flag _openSSLInitFlag; static std::atomic _openSSLInitializationSuccessful; }; } // namespace ix #endif // IXWEBSOCKET_USE_OPEN_SSL