Home C-Bits Package Documentation Project Page

Main Page   Namespace List   Compound List   File List   Compound Members   File Members  

cbits::SSLContext Class Reference

#include <SSLContext.h>

List of all members.

Public Types

typedef int(* VERIFY_CALLBACK )(int ok, X509_STORE_CTX *store)
 \typedef Define a type for describing a verification callback. More...

typedef DH *(* DHPARM_CALLBACK )(SSL *ssl, int is_export, int keylen)
 Define a type for describing a DH-parm generation callback. More...

typedef SSL_CTX * SSL_CTX_PTR
 Define a type for use in the cbits::SSLContext-to-SSL_CTX conversion operatir. More...

enum  PEER_AUTH_LEVEL { NONE = 1, PRESENT, REQUIRED }
 Authentication levels to which a peer may be required to comply. More...


Public Methods

 SSLContext (const char *cert_chain_path, const char *private_key_path, const char *trusted_path, PEER_AUTH_LEVEL level, const char *pk_passwd=0, const bool export_only=false, const void *random=0, const int ran_len=0) throw ( SSLContextException )
 Create a SSL context to be used in establishing future SSL connections. More...

virtual ~SSLContext ()
 Destructor. More...

void setDHParmCallback (DHPARM_CALLBACK cb) throw ( SSLContextException )
 Provide user-specified callback that will provide Diffie-Hellman parameters upon demand. More...

 operator SSL_CTX_PTR ()
 Type conversion operator to convert a SSLContext into an OpenSSL SSL_CTX pointer. More...


Static Public Methods

void * setVerifyCallback (VERIFY_CALLBACK cback) throw ( SSLContextException )
 Set a user-provided function to be called during peer certificate validation. More...


Static Protected Methods

const bool init_lib (const void *buffer=0, const int buflen=0)
 Initialize the OpenSSL library. More...

int verify_callback (int ok, X509_STORE_CTX *store)
 Default verify callback. More...


Static Private Methods

void mt_setup (void)
 Setup the mutexes for use by the OpenSSL library. More...

void mt_cleanup (void)
 Cleanup the mutexes used by the OpenSSL library before shutting down. More...

void mt_lock_n (int mode, int n, const char *file, int line)
 Callback used by OpenSSL library to 'lock mutext "n"'. More...

unsigned long mt_get_tid (void)
 Callback used by OpenSSL library to determine the ID of the current thread. More...

int passwd_cb (char *buf, int sz, int flg, void *userdata)
 OpenSSL Callback used to get password for private key file. More...


Private Attributes

std::string _cert_path
 Path to this principal's certificate chain in PEM format. More...

std::string _pkey_path
 Path to this principal's private key in PEM format. More...

std::string _trusted_path
 Path to PEM encoded file of trusted (CA) certificates used to validate peer certificates during SSL handshake. More...

SSL_CTX * _ssl_ctx
 The underlying OpenSSL library security context. More...

int _verify_level
 Level of peer authentication. More...

bool _export_only
 State flag indicating, if true, that only export-level ciphers will be used. More...

std::string _passphrase
 Passphrase for private key. More...


Static Private Attributes

bool _is_lib_inited = false
 State flag indicating whether or not the OpenSSL library has been initialized. More...

std::vector< MUTEX_TYPE > _mutex
 List of mutexes provided for OpenSSL library use. More...

CriticalSection _csect
 critical section used to prevent concurrent initialization of the OpenSSL library. More...

VERIFY_CALLBACK _client_verify_cb = 0
 Client peer certificat verification callback, if set. More...

long int _num_contexts = 0
 the number of cbits::SSLContext instances that have been created. More...


Member Typedef Documentation

typedef DH*(* cbits::SSLContext::DHPARM_CALLBACK)(SSL* ssl, int is_export, int keylen)
 

Define a type for describing a DH-parm generation callback.

typedef SSL_CTX* cbits::SSLContext::SSL_CTX_PTR
 

Define a type for use in the cbits::SSLContext-to-SSL_CTX conversion operatir.

typedef int(* cbits::SSLContext::VERIFY_CALLBACK)(int ok, X509_STORE_CTX* store)
 

\typedef Define a type for describing a verification callback.


Member Enumeration Documentation

enum cbits::SSLContext::PEER_AUTH_LEVEL
 

Authentication levels to which a peer may be required to comply.

Enumeration values:
NONE  certificates are not required and verification failures will be ignored.
PRESENT  Certificates are not required, but if one is presented, it will be verfied.

An invalid certificate will cause a termination.

REQUIRED  certificates are required and must be validated.

Failure to send a certificate or sending an invalid certificate will cause a termination.


Constructor & Destructor Documentation

SSLContext::SSLContext const char *    cert_chain_path,
const char *    private_key_path,
const char *    trusted_path,
PEER_AUTH_LEVEL    level,
const char *    pk_passwd = 0,
const bool    export_only = false,
const void *    random = 0,
const int    ran_len = 0
throw ( SSLContextException )
 

Create a SSL context to be used in establishing future SSL connections.

Exceptions:
SSLException  if the specified paths are invalid or contain invalid data.
Parameters:
cert_path  path to the PEM encoded file containing the public digital certificates that will be presented to the peer.
pkey_path  path to the PEM encoded private key corresponding to cert_chain_path
trusted_path  path to the file holding the trusted, public CA certificates used to verify peer certificate chains.
level  authentication level.
pk_passphrase  passphrase for private key
export_only  if true, only export-level ciphers will be allowed.
buffer  buffer of random data to seed PRNG with.
buflen  length of random data buffer

SSLContext::~SSLContext   [virtual]
 

Destructor.


Member Function Documentation

const bool SSLContext::init_lib const void *    buffer = 0,
const int    buflen = 0
[static, protected]
 

Initialize the OpenSSL library.

void SSLContext::mt_cleanup void    [static, private]
 

Cleanup the mutexes used by the OpenSSL library before shutting down.

unsigned long SSLContext::mt_get_tid void    [static, private]
 

Callback used by OpenSSL library to determine the ID of the current thread.

void SSLContext::mt_lock_n int    mode,
int    n,
const char *    file,
int    line
[static, private]
 

Callback used by OpenSSL library to 'lock mutext "n"'.

Parameters:
mode  'lock' if 1
n  mutex number
lineno  __FILE__ of invoker __LINE__ of invoker

void SSLContext::mt_setup void    [static, private]
 

Setup the mutexes for use by the OpenSSL library.

cbits::SSLContext::operator SSL_CTX_PTR   [inline]
 

Type conversion operator to convert a SSLContext into an OpenSSL SSL_CTX pointer.

int SSLContext::passwd_cb char *    buf,
int    sz,
int    flg,
void *    userdata
[static, private]
 

OpenSSL Callback used to get password for private key file.

void SSLContext::setDHParmCallback DHPARM_CALLBACK    cb throw ( SSLContextException )
 

Provide user-specified callback that will provide Diffie-Hellman parameters upon demand.

This method is not very useful in this class version.

Exceptions:
SSLContextException  if a null function pointer is provided.
Parameters:
cb  callback

void * SSLContext::setVerifyCallback VERIFY_CALLBACK    cback throw ( SSLContextException ) [static]
 

Set a user-provided function to be called during peer certificate validation.

Returns:
The old callback, if any.
Exceptions:
SSLContextException  if an invalid function pointer is passed as the value of the callback.
Note: See the OpenSSL documentation for the semantics and use of the 'verify callback'. An improper verify callback can undermine your security.
Parameters:
cback  user callback

int SSLContext::verify_callback int    ok,
X509_STORE_CTX *    store
[static, protected]
 

Default verify callback.

cbits::SSLContxt::setVerifyCallback is used to override this. See the OpenSSL documentation for details.


Member Data Documentation

std::string cbits::SSLContext::_cert_path [private]
 

Path to this principal's certificate chain in PEM format.

SSLContext::VERIFY_CALLBACK SSLContext::_client_verify_cb = 0 [static, private]
 

Client peer certificat verification callback, if set.

CriticalSection SSLContext::_csect [static, private]
 

critical section used to prevent concurrent initialization of the OpenSSL library.

bool cbits::SSLContext::_export_only [private]
 

State flag indicating, if true, that only export-level ciphers will be used.

bool SSLContext::_is_lib_inited = false [static, private]
 

State flag indicating whether or not the OpenSSL library has been initialized.

std::vector< MUTEX_TYPE > SSLContext::_mutex [static, private]
 

List of mutexes provided for OpenSSL library use.

long int SSLContext::_num_contexts = 0 [static, private]
 

the number of cbits::SSLContext instances that have been created.

std::string cbits::SSLContext::_passphrase [private]
 

Passphrase for private key.

std::string cbits::SSLContext::_pkey_path [private]
 

Path to this principal's private key in PEM format.

SSL_CTX* cbits::SSLContext::_ssl_ctx [private]
 

The underlying OpenSSL library security context.

std::string cbits::SSLContext::_trusted_path [private]
 

Path to PEM encoded file of trusted (CA) certificates used to validate peer certificates during SSL handshake.

int cbits::SSLContext::_verify_level [private]
 

Level of peer authentication.


The documentation for this class was generated from the following files:
Generated by
doxygen
Hosted by
SourceForge