#include <net_ssl.h>
- Note
- verification != disabled && support == disabled is currently "allowed" via public interface but obviously invalid configuation.
◆ ssl_options_t() [1/4]
| epee::net_utils::ssl_options_t::ssl_options_t |
( |
ssl_support_t | support | ) |
|
|
inline |
Verification is set to system ca unless SSL is disabled.
◆ ssl_options_t() [2/4]
| epee::net_utils::ssl_options_t::ssl_options_t |
( |
std::vector< std::vector< std::uint8_t > > | fingerprints, |
|
|
std::string | ca_path ) |
Provide user fingerprints and/or ca path. Enables SSL and user_certificate verification.
◆ ssl_options_t() [3/4]
| epee::net_utils::ssl_options_t::ssl_options_t |
( |
const ssl_options_t & | | ) |
|
|
default |
◆ ssl_options_t() [4/4]
| epee::net_utils::ssl_options_t::ssl_options_t |
( |
ssl_options_t && | | ) |
|
|
default |
◆ configure()
| void epee::net_utils::ssl_options_t::configure |
( |
boost::asio::ssl::stream< boost::asio::ip::tcp::socket > & | socket, |
|
|
boost::asio::ssl::stream_base::handshake_type | type, |
|
|
const std::string & | host = {} ) const |
configure ssl_stream handshake verification
◆ create_context()
| boost::asio::ssl::context epee::net_utils::ssl_options_t::create_context |
( |
| ) |
const |
◆ handshake()
| bool epee::net_utils::ssl_options_t::handshake |
( |
boost::asio::io_context & | io_context, |
|
|
boost::asio::ssl::stream< boost::asio::ip::tcp::socket > & | socket, |
|
|
boost::asio::ssl::stream_base::handshake_type | type, |
|
|
boost::asio::const_buffer | buffer = {}, |
|
|
const std::string & | host = {}, |
|
|
std::chrono::milliseconds | timeout = std::chrono::seconds(15) ) const |
- Note
- If this->support == autodetect && this->verification != none, then the handshake will not fail when peer verification fails. The assumption is that a re-connect will be attempted, so a warning is logged instead of failure.
-
It is strongly encouraged that clients using system_ca verification provide a non-empty host for rfc2818 verification.
- Parameters
-
| io_context | associated with socket. |
| socket | Used in SSL handshake and verification |
| type | Client or server |
| host | This parameter is only used when type == client && !host.empty(). The value is sent to the server for situations where multiple hostnames are being handled by a server. If verification == system_ca the client also does a rfc2818 check to ensure that the server certificate is to the provided hostname. |
- Returns
- True if the SSL handshake completes with peer verification settings.
◆ has_fingerprint()
| bool epee::net_utils::ssl_options_t::has_fingerprint |
( |
boost::asio::ssl::verify_context & | ctx | ) |
const |
Search against internal fingerprints. Always false if behavior() != user_certificate_check.
◆ has_strong_verification()
| bool epee::net_utils::ssl_options_t::has_strong_verification |
( |
boost::string_ref | host | ) |
const |
|
noexcept |
- Returns
- True if host can be verified using this configuration WITHOUT system "root" CAs.
◆ operator bool()
| epee::net_utils::ssl_options_t::operator bool |
( |
| ) |
const |
|
inlineexplicitnoexcept |
- Returns
- False iff ssl is disabled, otherwise true.
◆ operator=() [1/2]
◆ operator=() [2/2]
◆ auth
◆ ca_path
| std::string epee::net_utils::ssl_options_t::ca_path |
◆ fingerprints_
| std::vector<std::vector<std::uint8_t> > epee::net_utils::ssl_options_t::fingerprints_ |
|
private |
◆ support
◆ verification
The documentation for this class was generated from the following files:
1.16.1