SSLContext configurator class.
More...
#include <B2BITS_IPAddr.h>
|
| typedef std::vector< std::map< std::string, std::string > > | CANames |
| | Array of certificates descriptions represented as name/value pair.
|
| |
| typedef std::vector< char > | ConfigData |
| |
|
| long | decrement () const throw () |
| | Decrements counter and returns new counter value.
|
| |
| long | increment () const throw () |
| | Increments counter and returns new counter value.
|
| |
| virtual | ~ReferenceCounter () |
| | Destructor.
|
| |
SSLContext configurator class.
SSLContext uses this class instance to setup SSL configuration (certificates, private keys, cipchers and so on).
◆ CANames
◆ ConfigData
◆ SSLContextConfigurator()
| System::SSLContextConfigurator::SSLContextConfigurator |
( |
| ) |
|
◆ ~SSLContextConfigurator()
| virtual System::SSLContextConfigurator::~SSLContextConfigurator |
( |
| ) |
|
|
virtual |
◆ getCiphersList()
| virtual std::string System::SSLContextConfigurator::getCiphersList |
( |
| ) |
|
|
inlinevirtual |
◆ getClientCAsList()
Provides data to build acceptable CAs list sent to client.
The same list is set to all CAs from caFile if 'getVerifyLocations' sets 'useCAFileAsAcceptedCertificatesList' to true;
- Parameters
-
| [out] | caNames | - array of CA names to add. |
| [out] | accaptableCACertificates | - array of CA cartificates that names are extracted and than add. Returns true if acceptable CAs list has to be updated, false otherwise. |
◆ getNextCertificatePrivateKeyPair()
Provides next certificate to set.
It is called by both Client and Server contexts. Certificate matching against private key is performed for every certificate provided and exception is thrown if mismatch is detected.
- Parameters
-
| [in,out] | index | - tracking index, 0 is passed at first call after reset() to help trivial implementations track current certificate, configurator is free to use this index whatever it wants. It helps configurator to track what certificate is next. Index value on return is passed into password callback routine for returned certificate/key pair as is. |
| [out] | certificate | - certificate record decribing the certificate to set. |
| [out] | certificateChain | - additional certificate chain to set for the certificate. See https://www.openssl.org/docs/man1.0.2/ssl/SSL_CTX_add1_chain_cert.html for details. |
| [out] | privateKeyData | - private key corresponding to the certificate provided. Returns true if next certificate data is provided, false otherwise. |
◆ getProtocols()
| virtual int System::SSLContextConfigurator::getProtocols |
( |
| ) |
|
|
inlinevirtual |
Returns protocols value to use.
See Protocol_* constants. If 0 is returned value passed directly to SSLContext constructor is used.
◆ getVerifyLocations()
| virtual bool System::SSLContextConfigurator::getVerifyLocations |
( |
std::string & | caFile, |
|
|
std::string & | caPath, |
|
|
bool & | useCAFileAsAcceptedCertificatesList ) |
|
inlinevirtual |
Provides location where to search for CA certificates.
It is called by both Client and Server contexts. It is used to search for root CA certificates during peer certificate validation.
- Parameters
-
| [out] | caFile | - keeps file path containing CA certificates on routine return. |
| [out] | caPath | - keeps CA certificates path on routine return. See https://www.openssl.org/docs/man1.0.2/ssl/SSL_CTX_load_verify_locations.html for details. |
| [out] | useCAFileAsAcceptedCertificatesList | - when true certificates from caFile will be used to build list of acceptable CA certificates sent to client. Applicable to server context only. Returns true if at least one(caFile or caPath) is provided, false otherwise |
◆ isValidatePeerCertificate()
| virtual bool System::SSLContextConfigurator::isValidatePeerCertificate |
( |
| ) |
|
|
inlinevirtual |
Returns true if peer certificate has to be validated, false otherwise.
◆ lock()
| void System::SSLContextConfigurator::lock |
( |
| ) |
|
◆ passwordCallback()
| virtual std::string System::SSLContextConfigurator::passwordCallback |
( |
int | index, |
|
|
int | arrayIndex, |
|
|
int | maxPasswordSize ) |
|
inlinevirtual |
This routing is called when password for private key or certificate is required.
Certificate matching against private key set before is performed for every certificate provided.
- Parameters
-
| [in] | index | - tracking index of certificate/key pair or -1 if password for CA certificate from getClientCAsList is requested. |
| [in] | arrayIndex | - index of password requested - -1 for private key, 0 for certificate, 1,2,3,... for every certificate from certificate chain array if password is required. |
| [in] | maxPasswordSize | - maximal password length accepted. Return password should not be bigger the this value. All characted above this value will be truncated! Returns password requested or empty string if no password is provided. |
◆ reset()
| virtual void System::SSLContextConfigurator::reset |
( |
| ) |
|
|
inlinevirtual |
Resets configurator internal state if any.
This routine is called right before any other routines are called to give configurator a chance to reset its internal state if any from previous configuration rounds and prepare to new one since configurator instance can be reused accross different SSL contexts.
◆ unlock()
| void System::SSLContextConfigurator::unlock |
( |
| ) |
|
Inheritance diagram for System::SSLContextConfigurator:
1.10.0
