Home

C-Bits Package Documentation

Project Page

---

           

---

cbits::SSLContext Class Reference

#include <SSLContext.h>

List of all members.

Public Types
typedef int(*	VERIFY_CALLBACK )(int ok, X509_STORE_CTX *store)
	\typedef Define a type for describing a verification callback. More...
typedef DH *(*	DHPARM_CALLBACK )(SSL *ssl, int is_export, int keylen)
	Define a type for describing a DH-parm generation callback. More...
typedef SSL_CTX *	SSL_CTX_PTR
	Define a type for use in the cbits::SSLContext-to-SSL_CTX conversion operatir. More...
enum	PEER_AUTH_LEVEL { NONE = 1, PRESENT, REQUIRED }
	Authentication levels to which a peer may be required to comply. More...
Public Methods
	SSLContext (const char *cert_chain_path, const char *private_key_path, const char *trusted_path, PEER_AUTH_LEVEL level, const char *pk_passwd=0, const bool export_only=false, const void *random=0, const int ran_len=0) throw ( SSLContextException )
	Create a SSL context to be used in establishing future SSL connections. More...
virtual	~SSLContext ()
	Destructor. More...
void	setDHParmCallback (DHPARM_CALLBACK cb) throw ( SSLContextException )
	Provide user-specified callback that will provide Diffie-Hellman parameters upon demand. More...
	operator SSL_CTX_PTR ()
	Type conversion operator to convert a SSLContext into an OpenSSL SSL_CTX pointer. More...
Static Public Methods
void *	setVerifyCallback (VERIFY_CALLBACK cback) throw ( SSLContextException )
	Set a user-provided function to be called during peer certificate validation. More...
Static Protected Methods
const bool	init_lib (const void *buffer=0, const int buflen=0)
	Initialize the OpenSSL library. More...
int	verify_callback (int ok, X509_STORE_CTX *store)
	Default verify callback. More...
Static Private Methods
void	mt_setup (void)
	Setup the mutexes for use by the OpenSSL library. More...
void	mt_cleanup (void)
	Cleanup the mutexes used by the OpenSSL library before shutting down. More...
void	mt_lock_n (int mode, int n, const char *file, int line)
	Callback used by OpenSSL library to 'lock mutext "n"'. More...
unsigned long	mt_get_tid (void)
	Callback used by OpenSSL library to determine the ID of the current thread. More...
int	passwd_cb (char *buf, int sz, int flg, void *userdata)
	OpenSSL Callback used to get password for private key file. More...
Private Attributes
std::string	_cert_path
	Path to this principal's certificate chain in PEM format. More...
std::string	_pkey_path
	Path to this principal's private key in PEM format. More...
std::string	_trusted_path
	Path to PEM encoded file of trusted (CA) certificates used to validate peer certificates during SSL handshake. More...
SSL_CTX *	_ssl_ctx
	The underlying OpenSSL library security context. More...
int	_verify_level
	Level of peer authentication. More...
bool	_export_only
	State flag indicating, if true, that only export-level ciphers will be used. More...
std::string	_passphrase
	Passphrase for private key. More...
Static Private Attributes
bool	_is_lib_inited = false
	State flag indicating whether or not the OpenSSL library has been initialized. More...
std::vector< MUTEX_TYPE >	_mutex
	List of mutexes provided for OpenSSL library use. More...
CriticalSection	_csect
	critical section used to prevent concurrent initialization of the OpenSSL library. More...
VERIFY_CALLBACK	_client_verify_cb = 0
	Client peer certificat verification callback, if set. More...
long int	_num_contexts = 0
	the number of cbits::SSLContext instances that have been created. More...

---

Member Typedef Documentation

typedef DH*(* cbits::SSLContext::DHPARM_CALLBACK)(SSL* ssl, int is_export, int keylen)

Define a type for describing a DH-parm generation callback.

typedef SSL_CTX* cbits::SSLContext::SSL_CTX_PTR

Define a type for use in the cbits::SSLContext-to-SSL_CTX conversion operatir.

typedef int(* cbits::SSLContext::VERIFY_CALLBACK)(int ok, X509_STORE_CTX* store)

\typedef Define a type for describing a verification callback.

---

Member Enumeration Documentation

enum cbits::SSLContext::PEER_AUTH_LEVEL

Authentication levels to which a peer may be required to comply. Enumeration values: NONE  certificates are not required and verification failures will be ignored. PRESENT  Certificates are not required, but if one is presented, it will be verfied. An invalid certificate will cause a termination. REQUIRED  certificates are required and must be validated. Failure to send a certificate or sending an invalid certificate will cause a termination.

---

Constructor & Destructor Documentation

SSLContext::SSLContext (  const char *    cert_chain_path, const char *    private_key_path, const char *    trusted_path, PEER_AUTH_LEVEL    level, const char *    pk_passwd = 0, const bool    export_only = false, const void *    random = 0, const int    ran_len = 0 )  throw ( SSLContextException )

Create a SSL context to be used in establishing future SSL connections. Exceptions: SSLException  if the specified paths are invalid or contain invalid data. Parameters: cert_path  path to the PEM encoded file containing the public digital certificates that will be presented to the peer. pkey_path  path to the PEM encoded private key corresponding to cert_chain_path trusted_path  path to the file holding the trusted, public CA certificates used to verify peer certificate chains. level  authentication level. pk_passphrase  passphrase for private key export_only  if true, only export-level ciphers will be allowed. buffer  buffer of random data to seed PRNG with. buflen  length of random data buffer

SSLContext::~SSLContext (    )  [virtual]

Destructor.

---

Member Function Documentation

const bool SSLContext::init_lib (  const void *    buffer = 0, const int    buflen = 0 )  [static, protected]

Initialize the OpenSSL library.

void SSLContext::mt_cleanup (  void    )  [static, private]

Cleanup the mutexes used by the OpenSSL library before shutting down.

unsigned long SSLContext::mt_get_tid (  void    )  [static, private]

Callback used by OpenSSL library to determine the ID of the current thread.

void SSLContext::mt_lock_n (  int    mode, int    n, const char *    file, int    line )  [static, private]

Callback used by OpenSSL library to 'lock mutext "n"'. Parameters: mode  'lock' if 1 n  mutex number lineno  __FILE__ of invoker __LINE__ of invoker

void SSLContext::mt_setup (  void    )  [static, private]

Setup the mutexes for use by the OpenSSL library.

cbits::SSLContext::operator SSL_CTX_PTR (    )  [inline]

Type conversion operator to convert a SSLContext into an OpenSSL SSL_CTX pointer.

int SSLContext::passwd_cb (  char *    buf, int    sz, int    flg, void *    userdata )  [static, private]

OpenSSL Callback used to get password for private key file.

void SSLContext::setDHParmCallback (  DHPARM_CALLBACK    cb )  throw ( SSLContextException )

Provide user-specified callback that will provide Diffie-Hellman parameters upon demand. This method is not very useful in this class version. Exceptions: SSLContextException  if a null function pointer is provided. Parameters: cb  callback

void * SSLContext::setVerifyCallback (  VERIFY_CALLBACK    cback )  throw ( SSLContextException ) [static]

Set a user-provided function to be called during peer certificate validation. Returns: The old callback, if any. Exceptions: SSLContextException  if an invalid function pointer is passed as the value of the callback. Note: See the OpenSSL documentation for the semantics and use of the 'verify callback'. An improper verify callback can undermine your security. Parameters: cback  user callback

int SSLContext::verify_callback (  int    ok, X509_STORE_CTX *    store )  [static, protected]

Default verify callback. cbits::SSLContxt::setVerifyCallback is used to override this. See the OpenSSL documentation for details.

---

Member Data Documentation

std::string cbits::SSLContext::_cert_path [private]

Path to this principal's certificate chain in PEM format.

SSLContext::VERIFY_CALLBACK SSLContext::_client_verify_cb = 0 [static, private]

Client peer certificat verification callback, if set.

CriticalSection SSLContext::_csect [static, private]

critical section used to prevent concurrent initialization of the OpenSSL library.

bool cbits::SSLContext::_export_only [private]

State flag indicating, if true, that only export-level ciphers will be used.

bool SSLContext::_is_lib_inited = false [static, private]

State flag indicating whether or not the OpenSSL library has been initialized.

std::vector< MUTEX_TYPE > SSLContext::_mutex [static, private]

List of mutexes provided for OpenSSL library use.

long int SSLContext::_num_contexts = 0 [static, private]

the number of cbits::SSLContext instances that have been created.

std::string cbits::SSLContext::_passphrase [private]

Passphrase for private key.

std::string cbits::SSLContext::_pkey_path [private]

Path to this principal's private key in PEM format.

SSL_CTX* cbits::SSLContext::_ssl_ctx [private]

The underlying OpenSSL library security context.

std::string cbits::SSLContext::_trusted_path [private]

Path to PEM encoded file of trusted (CA) certificates used to validate peer certificates during SSL handshake.

int cbits::SSLContext::_verify_level [private]

Level of peer authentication.

---

The documentation for this class was generated from the following files:

• SSLContext.h
• SSLContext.cpp

---

Generated by

Hosted by