dd/d94/net__ssl_8h_source.html

 // Copyright (c) 2006-2013, Andrey N. Sabelnikov, www.sabelnikov.net
 // All rights reserved.
 //
 // Redistribution and use in source and binary forms, with or without
 // modification, are permitted provided that the following conditions are met:
 // * Redistributions of source code must retain the above copyright
 // notice, this list of conditions and the following disclaimer.
 // * Redistributions in binary form must reproduce the above copyright
 // notice, this list of conditions and the following disclaimer in the
 // documentation and/or other materials provided with the distribution.
 // * Neither the name of the Andrey N. Sabelnikov nor the
 // names of its contributors may be used to endorse or promote products
 // derived from this software without specific prior written permission.
 //
 // THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
 // ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
 // WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
 // DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER  BE LIABLE FOR ANY
 // DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
 // (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
 // LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
 // ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 // (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
 // SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 //


 #ifndef _NET_SSL_H
 #define _NET_SSL_H

 #include <chrono>
 #include <stdint.h>
 #include <string>
 #include <vector>
 #include <boost/utility/string_ref.hpp>
 #include <boost/asio/io_context.hpp>
 #include <boost/asio/ip/tcp.hpp>
 #include <boost/asio/ssl.hpp>
 #include <boost/filesystem/path.hpp>
 #include <boost/system/error_code.hpp>

 #define SSL_FINGERPRINT_SIZE 32

 namespace epee
 {
 namespace net_utils
 {
     enum class ssl_support_t: uint8_t {
         e_ssl_support_disabled,
         e_ssl_support_enabled,
         e_ssl_support_autodetect,
     };

   enum class ssl_verification_t : uint8_t
   {
     none = 0,
     system_ca,
     user_certificates,
     user_ca
   };

   struct ssl_authentication_t
   {
     std::string private_key_path;
     std::string certificate_path;

     void use_ssl_certificate(boost::asio::ssl::context &ssl_context) const;
   };

   class ssl_options_t
   {
     // force sorted behavior in private
     std::vector<std::vector<std::uint8_t>> fingerprints_;

   public:
     std::string ca_path;
     ssl_authentication_t auth;
     ssl_support_t support;
     ssl_verification_t verification;

     ssl_options_t(ssl_support_t support)
       : fingerprints_(),
         ca_path(),
         auth(),
         support(support),
         verification(support == ssl_support_t::e_ssl_support_disabled ? ssl_verification_t::none : ssl_verification_t::system_ca)
     {}

     ssl_options_t(std::vector<std::vector<std::uint8_t>> fingerprints, std::string ca_path);

     ssl_options_t(const ssl_options_t&) = default;
     ssl_options_t(ssl_options_t&&) = default;

     ssl_options_t& operator=(const ssl_options_t&) = default;
     ssl_options_t& operator=(ssl_options_t&&) = default;

     explicit operator bool() const noexcept { return support != ssl_support_t::e_ssl_support_disabled; }

     bool has_strong_verification(boost::string_ref host) const noexcept;

     bool has_fingerprint(boost::asio::ssl::verify_context &ctx) const;

     void configure(
       boost::asio::ssl::stream<boost::asio::ip::tcp::socket> &socket,
       boost::asio::ssl::stream_base::handshake_type type,
       const std::string& host = {}) const;
     boost::asio::ssl::context create_context() const;

     bool handshake(
       boost::asio::io_context& io_context,
       boost::asio::ssl::stream<boost::asio::ip::tcp::socket> &socket,
       boost::asio::ssl::stream_base::handshake_type type,
       boost::asio::const_buffer buffer = {},
       const std::string& host = {},
       std::chrono::milliseconds timeout = std::chrono::seconds(15)) const;
   };

         // https://security.stackexchange.com/questions/34780/checking-client-hello-for-https-classification
     constexpr size_t get_ssl_magic_size() { return 9; }
     bool is_ssl(const unsigned char *data, size_t len);
     bool ssl_support_from_string(ssl_support_t &ssl, boost::string_ref s);

     bool create_ec_ssl_certificate(EVP_PKEY *&pkey, X509 *&cert);
     bool create_rsa_ssl_certificate(EVP_PKEY *&pkey, X509 *&cert);

   boost::system::error_code store_ssl_keys(boost::asio::ssl::context& ssl, const boost::filesystem::path& base);
 }
 }

 #endif //_NET_SSL_H
epee::net_utils::ssl_options_t::fingerprints_
std::vector< std::vector< std::uint8_t > > fingerprints_
Definition: net_ssl.h:79

epee::net_utils::ssl_options_t
Definition: net_ssl.h:76

epee::net_utils::ssl_support_from_string
bool ssl_support_from_string(ssl_support_t &ssl, boost::string_ref s)
Definition: net_ssl.cpp:654

epee::net_utils::get_ssl_magic_size
constexpr size_t get_ssl_magic_size()
Definition: net_ssl.h:150

epee::net_utils::ssl_options_t::ssl_options_t
ssl_options_t(ssl_support_t support)
Verification is set to system ca unless SSL is disabled.
Definition: net_ssl.h:88

epee::net_utils::ssl_options_t::has_fingerprint
bool has_fingerprint(boost::asio::ssl::verify_context &ctx) const
Search against internal fingerprints. Always false if behavior() != user_certificate_check.
Definition: net_ssl.cpp:463

testing::internal::string
::std::string string
Definition: gtest-port.h:1097

epee::net_utils::create_rsa_ssl_certificate
bool create_rsa_ssl_certificate(EVP_PKEY *&pkey, X509 *&cert)
Definition: net_ssl.cpp:143

console.host
host
Definition: console.py:27

data
std::string data
Definition: base58.cpp:37

randomx::ExecutionPort::type
int type
Definition: superscalar.cpp:50

net::zmq::socket
std::unique_ptr< void, close > socket
Unique ZMQ socket handle, calls zmq_close on destruction.
Definition: zmq.h:108

s
const char * s
Definition: minissdp.c:596

epee::net_utils::ssl_authentication_t::use_ssl_certificate
void use_ssl_certificate(boost::asio::ssl::context &ssl_context) const
Load private_key_path and certificate_path into ssl_context.
Definition: net_ssl.cpp:413

epee::net_utils::ssl_support_t
ssl_support_t
Definition: net_ssl.h:49

uint8_t
unsigned char uint8_t
Definition: stdint.h:124

epee::net_utils::ssl_authentication_t::certificate_path
std::string certificate_path
Certificate used for authentication to peer.
Definition: net_ssl.h:66

epee::net_utils::ssl_authentication_t
Definition: net_ssl.h:63

epee::net_utils::ssl_support_t::e_ssl_support_disabled

epee::net_utils::ssl_verification_t::system_ca
Verify peer via system ca only (do not inspect user certificates)

epee::net_utils::ssl_support_t::e_ssl_support_autodetect

epee::net_utils::is_ssl
bool is_ssl(const unsigned char *data, size_t len)
Definition: net_ssl.cpp:424

buffer
const T buffer
Definition: byte_slice.cpp:83

support
Definition: support.py:1

epee::net_utils::ssl_verification_t::user_ca
Verify peer via specific (possibly chain) certificate(s) only.

epee::net_utils::ssl_options_t::auth
ssl_authentication_t auth
Definition: net_ssl.h:83

epee::net_utils::ssl_options_t::support
ssl_support_t support
Definition: net_ssl.h:84

net::zmq::context
std::unique_ptr< void, terminate > context
Unique ZMQ context handle, calls zmq_term on destruction.
Definition: zmq.h:105

epee::net_utils::ssl_verification_t::user_certificates
Verify peer via specific (non-chain) certificate(s) only.

epee::net_utils::ssl_options_t::configure
void configure(boost::asio::ssl::stream< boost::asio::ip::tcp::socket > &socket, boost::asio::ssl::stream_base::handshake_type type, const std::string &host={}) const
configure ssl_stream handshake verification
Definition: net_ssl.cpp:501

epee::net_utils::create_ec_ssl_certificate
bool create_ec_ssl_certificate(EVP_PKEY *&pkey, X509 *&cert)

epee::net_utils::store_ssl_keys
boost::system::error_code store_ssl_keys(boost::asio::ssl::context &ssl, const boost::filesystem::path &base)
Store private key for ssl at base + ".key" unencrypted and certificate for ssl at base + "...
Definition: net_ssl.cpp:667

base
Definition: base.py:1

epee
TODO: (mj-xmr) This will be reduced in an another PR.
Definition: byte_slice.h:39

stdint.h

epee::net_utils::ssl_verification_t
ssl_verification_t
Definition: net_ssl.h:55

epee::net_utils::ssl_verification_t::none
Do not verify peer.

epee::net_utils::ssl_options_t::ca_path
std::string ca_path
Definition: net_ssl.h:82

epee::net_utils::ssl_support_t::e_ssl_support_enabled

bool
int bool
Definition: stdbool.h:35

epee::net_utils::ssl_options_t::verification
ssl_verification_t verification
Definition: net_ssl.h:85

epee::net_utils::ssl_options_t::has_strong_verification
bool has_strong_verification(boost::string_ref host) const noexcept
Definition: net_ssl.cpp:444

epee::net_utils::ssl_authentication_t::private_key_path
std::string private_key_path
Private key used for authentication.
Definition: net_ssl.h:65

epee::net_utils::ssl_options_t::create_context
boost::asio::ssl::context create_context() const
Definition: net_ssl.cpp:304

epee::net_utils::ssl_options_t::operator=
ssl_options_t & operator=(const ssl_options_t &)=default

epee::net_utils::ssl_options_t::handshake
bool handshake(boost::asio::io_context &io_context, boost::asio::ssl::stream< boost::asio::ip::tcp::socket > &socket, boost::asio::ssl::stream_base::handshake_type type, boost::asio::const_buffer buffer={}, const std::string &host={}, std::chrono::milliseconds timeout=std::chrono::seconds(15)) const
Definition: net_ssl.cpp:554

const
#define const
Definition: ipfrdr.c:80