5 // Copyright (c) 2003-2020 Christopher M. Kohlhoff (chris at kohlhoff dot com)
7 // Distributed under the Boost Software License, Version 1.0. (See accompanying
8 // file LICENSE_1_0.txt or copy at http://www.boost.org/LICENSE_1_0.txt)
11 #ifndef BOOST_ASIO_SSL_CONTEXT_HPP
12 #define BOOST_ASIO_SSL_CONTEXT_HPP
14 #if defined(_MSC_VER) && (_MSC_VER >= 1200)
16 #endif // defined(_MSC_VER) && (_MSC_VER >= 1200)
18 #include <boost/asio/detail/config.hpp>
21 #include <boost/asio/buffer.hpp>
22 #include <boost/asio/io_context.hpp>
23 #include <boost/asio/ssl/context_base.hpp>
24 #include <boost/asio/ssl/detail/openssl_types.hpp>
25 #include <boost/asio/ssl/detail/openssl_init.hpp>
26 #include <boost/asio/ssl/detail/password_callback.hpp>
27 #include <boost/asio/ssl/detail/verify_callback.hpp>
28 #include <boost/asio/ssl/verify_mode.hpp>
30 #include <boost/asio/detail/push_options.hpp>
37 : public context_base,
41 /// The native handle type of the SSL context.
42 typedef SSL_CTX* native_handle_type;
45 BOOST_ASIO_DECL explicit context(method m);
47 /// Construct to take ownership of a native handle.
48 BOOST_ASIO_DECL explicit context(native_handle_type native_handle);
50 #if defined(BOOST_ASIO_HAS_MOVE) || defined(GENERATING_DOCUMENTATION)
51 /// Move-construct a context from another.
53 * This constructor moves an SSL context from one object to another.
55 * @param other The other context object from which the move will occur.
57 * @note Following the move, the following operations only are valid for the
60 * @li As a target for move-assignment.
62 BOOST_ASIO_DECL context(context&& other);
64 /// Move-assign a context from another.
66 * This assignment operator moves an SSL context from one object to another.
68 * @param other The other context object from which the move will occur.
70 * @note Following the move, the following operations only are valid for the
73 * @li As a target for move-assignment.
75 BOOST_ASIO_DECL context& operator=(context&& other);
76 #endif // defined(BOOST_ASIO_HAS_MOVE) || defined(GENERATING_DOCUMENTATION)
79 BOOST_ASIO_DECL ~context();
81 /// Get the underlying implementation in the native type.
83 * This function may be used to obtain the underlying implementation of the
84 * context. This is intended to allow access to context functionality that is
85 * not otherwise provided.
87 BOOST_ASIO_DECL native_handle_type native_handle();
89 /// Clear options on the context.
91 * This function may be used to configure the SSL options used by the context.
93 * @param o A bitmask of options. The available option values are defined in
94 * the context_base class. The specified options, if currently enabled on the
95 * context, are cleared.
97 * @throws boost::system::system_error Thrown on failure.
99 * @note Calls @c SSL_CTX_clear_options.
101 BOOST_ASIO_DECL void clear_options(options o);
103 /// Clear options on the context.
105 * This function may be used to configure the SSL options used by the context.
107 * @param o A bitmask of options. The available option values are defined in
108 * the context_base class. The specified options, if currently enabled on the
109 * context, are cleared.
111 * @param ec Set to indicate what error occurred, if any.
113 * @note Calls @c SSL_CTX_clear_options.
115 BOOST_ASIO_DECL BOOST_ASIO_SYNC_OP_VOID clear_options(options o,
116 boost::system::error_code& ec);
118 /// Set options on the context.
120 * This function may be used to configure the SSL options used by the context.
122 * @param o A bitmask of options. The available option values are defined in
123 * the context_base class. The options are bitwise-ored with any existing
124 * value for the options.
126 * @throws boost::system::system_error Thrown on failure.
128 * @note Calls @c SSL_CTX_set_options.
130 BOOST_ASIO_DECL void set_options(options o);
132 /// Set options on the context.
134 * This function may be used to configure the SSL options used by the context.
136 * @param o A bitmask of options. The available option values are defined in
137 * the context_base class. The options are bitwise-ored with any existing
138 * value for the options.
140 * @param ec Set to indicate what error occurred, if any.
142 * @note Calls @c SSL_CTX_set_options.
144 BOOST_ASIO_DECL BOOST_ASIO_SYNC_OP_VOID set_options(options o,
145 boost::system::error_code& ec);
147 /// Set the peer verification mode.
149 * This function may be used to configure the peer verification mode used by
152 * @param v A bitmask of peer verification modes. See @ref verify_mode for
155 * @throws boost::system::system_error Thrown on failure.
157 * @note Calls @c SSL_CTX_set_verify.
159 BOOST_ASIO_DECL void set_verify_mode(verify_mode v);
161 /// Set the peer verification mode.
163 * This function may be used to configure the peer verification mode used by
166 * @param v A bitmask of peer verification modes. See @ref verify_mode for
169 * @param ec Set to indicate what error occurred, if any.
171 * @note Calls @c SSL_CTX_set_verify.
173 BOOST_ASIO_DECL BOOST_ASIO_SYNC_OP_VOID set_verify_mode(
174 verify_mode v, boost::system::error_code& ec);
176 /// Set the peer verification depth.
178 * This function may be used to configure the maximum verification depth
179 * allowed by the context.
181 * @param depth Maximum depth for the certificate chain verification that
184 * @throws boost::system::system_error Thrown on failure.
186 * @note Calls @c SSL_CTX_set_verify_depth.
188 BOOST_ASIO_DECL void set_verify_depth(int depth);
190 /// Set the peer verification depth.
192 * This function may be used to configure the maximum verification depth
193 * allowed by the context.
195 * @param depth Maximum depth for the certificate chain verification that
198 * @param ec Set to indicate what error occurred, if any.
200 * @note Calls @c SSL_CTX_set_verify_depth.
202 BOOST_ASIO_DECL BOOST_ASIO_SYNC_OP_VOID set_verify_depth(
203 int depth, boost::system::error_code& ec);
205 /// Set the callback used to verify peer certificates.
207 * This function is used to specify a callback function that will be called
208 * by the implementation when it needs to verify a peer certificate.
210 * @param callback The function object to be used for verifying a certificate.
211 * The function signature of the handler must be:
212 * @code bool verify_callback(
213 * bool preverified, // True if the certificate passed pre-verification.
214 * verify_context& ctx // The peer certificate and other context.
216 * The return value of the callback is true if the certificate has passed
217 * verification, false otherwise.
219 * @throws boost::system::system_error Thrown on failure.
221 * @note Calls @c SSL_CTX_set_verify.
223 template <typename VerifyCallback>
224 void set_verify_callback(VerifyCallback callback);
226 /// Set the callback used to verify peer certificates.
228 * This function is used to specify a callback function that will be called
229 * by the implementation when it needs to verify a peer certificate.
231 * @param callback The function object to be used for verifying a certificate.
232 * The function signature of the handler must be:
233 * @code bool verify_callback(
234 * bool preverified, // True if the certificate passed pre-verification.
235 * verify_context& ctx // The peer certificate and other context.
237 * The return value of the callback is true if the certificate has passed
238 * verification, false otherwise.
240 * @param ec Set to indicate what error occurred, if any.
242 * @note Calls @c SSL_CTX_set_verify.
244 template <typename VerifyCallback>
245 BOOST_ASIO_SYNC_OP_VOID set_verify_callback(VerifyCallback callback,
246 boost::system::error_code& ec);
248 /// Load a certification authority file for performing verification.
250 * This function is used to load one or more trusted certification authorities
253 * @param filename The name of a file containing certification authority
254 * certificates in PEM format.
256 * @throws boost::system::system_error Thrown on failure.
258 * @note Calls @c SSL_CTX_load_verify_locations.
260 BOOST_ASIO_DECL void load_verify_file(const std::string& filename);
262 /// Load a certification authority file for performing verification.
264 * This function is used to load the certificates for one or more trusted
265 * certification authorities from a file.
267 * @param filename The name of a file containing certification authority
268 * certificates in PEM format.
270 * @param ec Set to indicate what error occurred, if any.
272 * @note Calls @c SSL_CTX_load_verify_locations.
274 BOOST_ASIO_DECL BOOST_ASIO_SYNC_OP_VOID load_verify_file(
275 const std::string& filename, boost::system::error_code& ec);
277 /// Add certification authority for performing verification.
279 * This function is used to add one trusted certification authority
280 * from a memory buffer.
282 * @param ca The buffer containing the certification authority certificate.
283 * The certificate must use the PEM format.
285 * @throws boost::system::system_error Thrown on failure.
287 * @note Calls @c SSL_CTX_get_cert_store and @c X509_STORE_add_cert.
289 BOOST_ASIO_DECL void add_certificate_authority(const const_buffer& ca);
291 /// Add certification authority for performing verification.
293 * This function is used to add one trusted certification authority
294 * from a memory buffer.
296 * @param ca The buffer containing the certification authority certificate.
297 * The certificate must use the PEM format.
299 * @param ec Set to indicate what error occurred, if any.
301 * @note Calls @c SSL_CTX_get_cert_store and @c X509_STORE_add_cert.
303 BOOST_ASIO_DECL BOOST_ASIO_SYNC_OP_VOID add_certificate_authority(
304 const const_buffer& ca, boost::system::error_code& ec);
306 /// Configures the context to use the default directories for finding
307 /// certification authority certificates.
309 * This function specifies that the context should use the default,
310 * system-dependent directories for locating certification authority
313 * @throws boost::system::system_error Thrown on failure.
315 * @note Calls @c SSL_CTX_set_default_verify_paths.
317 BOOST_ASIO_DECL void set_default_verify_paths();
319 /// Configures the context to use the default directories for finding
320 /// certification authority certificates.
322 * This function specifies that the context should use the default,
323 * system-dependent directories for locating certification authority
326 * @param ec Set to indicate what error occurred, if any.
328 * @note Calls @c SSL_CTX_set_default_verify_paths.
330 BOOST_ASIO_DECL BOOST_ASIO_SYNC_OP_VOID set_default_verify_paths(
331 boost::system::error_code& ec);
333 /// Add a directory containing certificate authority files to be used for
334 /// performing verification.
336 * This function is used to specify the name of a directory containing
337 * certification authority certificates. Each file in the directory must
338 * contain a single certificate. The files must be named using the subject
339 * name's hash and an extension of ".0".
341 * @param path The name of a directory containing the certificates.
343 * @throws boost::system::system_error Thrown on failure.
345 * @note Calls @c SSL_CTX_load_verify_locations.
347 BOOST_ASIO_DECL void add_verify_path(const std::string& path);
349 /// Add a directory containing certificate authority files to be used for
350 /// performing verification.
352 * This function is used to specify the name of a directory containing
353 * certification authority certificates. Each file in the directory must
354 * contain a single certificate. The files must be named using the subject
355 * name's hash and an extension of ".0".
357 * @param path The name of a directory containing the certificates.
359 * @param ec Set to indicate what error occurred, if any.
361 * @note Calls @c SSL_CTX_load_verify_locations.
363 BOOST_ASIO_DECL BOOST_ASIO_SYNC_OP_VOID add_verify_path(
364 const std::string& path, boost::system::error_code& ec);
366 /// Use a certificate from a memory buffer.
368 * This function is used to load a certificate into the context from a buffer.
370 * @param certificate The buffer containing the certificate.
372 * @param format The certificate format (ASN.1 or PEM).
374 * @throws boost::system::system_error Thrown on failure.
376 * @note Calls @c SSL_CTX_use_certificate or SSL_CTX_use_certificate_ASN1.
378 BOOST_ASIO_DECL void use_certificate(
379 const const_buffer& certificate, file_format format);
381 /// Use a certificate from a memory buffer.
383 * This function is used to load a certificate into the context from a buffer.
385 * @param certificate The buffer containing the certificate.
387 * @param format The certificate format (ASN.1 or PEM).
389 * @param ec Set to indicate what error occurred, if any.
391 * @note Calls @c SSL_CTX_use_certificate or SSL_CTX_use_certificate_ASN1.
393 BOOST_ASIO_DECL BOOST_ASIO_SYNC_OP_VOID use_certificate(
394 const const_buffer& certificate, file_format format,
395 boost::system::error_code& ec);
397 /// Use a certificate from a file.
399 * This function is used to load a certificate into the context from a file.
401 * @param filename The name of the file containing the certificate.
403 * @param format The file format (ASN.1 or PEM).
405 * @throws boost::system::system_error Thrown on failure.
407 * @note Calls @c SSL_CTX_use_certificate_file.
409 BOOST_ASIO_DECL void use_certificate_file(
410 const std::string& filename, file_format format);
412 /// Use a certificate from a file.
414 * This function is used to load a certificate into the context from a file.
416 * @param filename The name of the file containing the certificate.
418 * @param format The file format (ASN.1 or PEM).
420 * @param ec Set to indicate what error occurred, if any.
422 * @note Calls @c SSL_CTX_use_certificate_file.
424 BOOST_ASIO_DECL BOOST_ASIO_SYNC_OP_VOID use_certificate_file(
425 const std::string& filename, file_format format,
426 boost::system::error_code& ec);
428 /// Use a certificate chain from a memory buffer.
430 * This function is used to load a certificate chain into the context from a
433 * @param chain The buffer containing the certificate chain. The certificate
434 * chain must use the PEM format.
436 * @throws boost::system::system_error Thrown on failure.
438 * @note Calls @c SSL_CTX_use_certificate and SSL_CTX_add_extra_chain_cert.
440 BOOST_ASIO_DECL void use_certificate_chain(const const_buffer& chain);
442 /// Use a certificate chain from a memory buffer.
444 * This function is used to load a certificate chain into the context from a
447 * @param chain The buffer containing the certificate chain. The certificate
448 * chain must use the PEM format.
450 * @param ec Set to indicate what error occurred, if any.
452 * @note Calls @c SSL_CTX_use_certificate and SSL_CTX_add_extra_chain_cert.
454 BOOST_ASIO_DECL BOOST_ASIO_SYNC_OP_VOID use_certificate_chain(
455 const const_buffer& chain, boost::system::error_code& ec);
457 /// Use a certificate chain from a file.
459 * This function is used to load a certificate chain into the context from a
462 * @param filename The name of the file containing the certificate. The file
463 * must use the PEM format.
465 * @throws boost::system::system_error Thrown on failure.
467 * @note Calls @c SSL_CTX_use_certificate_chain_file.
469 BOOST_ASIO_DECL void use_certificate_chain_file(const std::string& filename);
471 /// Use a certificate chain from a file.
473 * This function is used to load a certificate chain into the context from a
476 * @param filename The name of the file containing the certificate. The file
477 * must use the PEM format.
479 * @param ec Set to indicate what error occurred, if any.
481 * @note Calls @c SSL_CTX_use_certificate_chain_file.
483 BOOST_ASIO_DECL BOOST_ASIO_SYNC_OP_VOID use_certificate_chain_file(
484 const std::string& filename, boost::system::error_code& ec);
486 /// Use a private key from a memory buffer.
488 * This function is used to load a private key into the context from a buffer.
490 * @param private_key The buffer containing the private key.
492 * @param format The private key format (ASN.1 or PEM).
494 * @throws boost::system::system_error Thrown on failure.
496 * @note Calls @c SSL_CTX_use_PrivateKey or SSL_CTX_use_PrivateKey_ASN1.
498 BOOST_ASIO_DECL void use_private_key(
499 const const_buffer& private_key, file_format format);
501 /// Use a private key from a memory buffer.
503 * This function is used to load a private key into the context from a buffer.
505 * @param private_key The buffer containing the private key.
507 * @param format The private key format (ASN.1 or PEM).
509 * @param ec Set to indicate what error occurred, if any.
511 * @note Calls @c SSL_CTX_use_PrivateKey or SSL_CTX_use_PrivateKey_ASN1.
513 BOOST_ASIO_DECL BOOST_ASIO_SYNC_OP_VOID use_private_key(
514 const const_buffer& private_key, file_format format,
515 boost::system::error_code& ec);
517 /// Use a private key from a file.
519 * This function is used to load a private key into the context from a file.
521 * @param filename The name of the file containing the private key.
523 * @param format The file format (ASN.1 or PEM).
525 * @throws boost::system::system_error Thrown on failure.
527 * @note Calls @c SSL_CTX_use_PrivateKey_file.
529 BOOST_ASIO_DECL void use_private_key_file(
530 const std::string& filename, file_format format);
532 /// Use a private key from a file.
534 * This function is used to load a private key into the context from a file.
536 * @param filename The name of the file containing the private key.
538 * @param format The file format (ASN.1 or PEM).
540 * @param ec Set to indicate what error occurred, if any.
542 * @note Calls @c SSL_CTX_use_PrivateKey_file.
544 BOOST_ASIO_DECL BOOST_ASIO_SYNC_OP_VOID use_private_key_file(
545 const std::string& filename, file_format format,
546 boost::system::error_code& ec);
548 /// Use an RSA private key from a memory buffer.
550 * This function is used to load an RSA private key into the context from a
553 * @param private_key The buffer containing the RSA private key.
555 * @param format The private key format (ASN.1 or PEM).
557 * @throws boost::system::system_error Thrown on failure.
559 * @note Calls @c SSL_CTX_use_RSAPrivateKey or SSL_CTX_use_RSAPrivateKey_ASN1.
561 BOOST_ASIO_DECL void use_rsa_private_key(
562 const const_buffer& private_key, file_format format);
564 /// Use an RSA private key from a memory buffer.
566 * This function is used to load an RSA private key into the context from a
569 * @param private_key The buffer containing the RSA private key.
571 * @param format The private key format (ASN.1 or PEM).
573 * @param ec Set to indicate what error occurred, if any.
575 * @note Calls @c SSL_CTX_use_RSAPrivateKey or SSL_CTX_use_RSAPrivateKey_ASN1.
577 BOOST_ASIO_DECL BOOST_ASIO_SYNC_OP_VOID use_rsa_private_key(
578 const const_buffer& private_key, file_format format,
579 boost::system::error_code& ec);
581 /// Use an RSA private key from a file.
583 * This function is used to load an RSA private key into the context from a
586 * @param filename The name of the file containing the RSA private key.
588 * @param format The file format (ASN.1 or PEM).
590 * @throws boost::system::system_error Thrown on failure.
592 * @note Calls @c SSL_CTX_use_RSAPrivateKey_file.
594 BOOST_ASIO_DECL void use_rsa_private_key_file(
595 const std::string& filename, file_format format);
597 /// Use an RSA private key from a file.
599 * This function is used to load an RSA private key into the context from a
602 * @param filename The name of the file containing the RSA private key.
604 * @param format The file format (ASN.1 or PEM).
606 * @param ec Set to indicate what error occurred, if any.
608 * @note Calls @c SSL_CTX_use_RSAPrivateKey_file.
610 BOOST_ASIO_DECL BOOST_ASIO_SYNC_OP_VOID use_rsa_private_key_file(
611 const std::string& filename, file_format format,
612 boost::system::error_code& ec);
614 /// Use the specified memory buffer to obtain the temporary Diffie-Hellman
617 * This function is used to load Diffie-Hellman parameters into the context
620 * @param dh The memory buffer containing the Diffie-Hellman parameters. The
621 * buffer must use the PEM format.
623 * @throws boost::system::system_error Thrown on failure.
625 * @note Calls @c SSL_CTX_set_tmp_dh.
627 BOOST_ASIO_DECL void use_tmp_dh(const const_buffer& dh);
629 /// Use the specified memory buffer to obtain the temporary Diffie-Hellman
632 * This function is used to load Diffie-Hellman parameters into the context
635 * @param dh The memory buffer containing the Diffie-Hellman parameters. The
636 * buffer must use the PEM format.
638 * @param ec Set to indicate what error occurred, if any.
640 * @note Calls @c SSL_CTX_set_tmp_dh.
642 BOOST_ASIO_DECL BOOST_ASIO_SYNC_OP_VOID use_tmp_dh(
643 const const_buffer& dh, boost::system::error_code& ec);
645 /// Use the specified file to obtain the temporary Diffie-Hellman parameters.
647 * This function is used to load Diffie-Hellman parameters into the context
650 * @param filename The name of the file containing the Diffie-Hellman
651 * parameters. The file must use the PEM format.
653 * @throws boost::system::system_error Thrown on failure.
655 * @note Calls @c SSL_CTX_set_tmp_dh.
657 BOOST_ASIO_DECL void use_tmp_dh_file(const std::string& filename);
659 /// Use the specified file to obtain the temporary Diffie-Hellman parameters.
661 * This function is used to load Diffie-Hellman parameters into the context
664 * @param filename The name of the file containing the Diffie-Hellman
665 * parameters. The file must use the PEM format.
667 * @param ec Set to indicate what error occurred, if any.
669 * @note Calls @c SSL_CTX_set_tmp_dh.
671 BOOST_ASIO_DECL BOOST_ASIO_SYNC_OP_VOID use_tmp_dh_file(
672 const std::string& filename, boost::system::error_code& ec);
674 /// Set the password callback.
676 * This function is used to specify a callback function to obtain password
677 * information about an encrypted key in PEM format.
679 * @param callback The function object to be used for obtaining the password.
680 * The function signature of the handler must be:
681 * @code std::string password_callback(
682 * std::size_t max_length, // The maximum size for a password.
683 * password_purpose purpose // Whether password is for reading or writing.
685 * The return value of the callback is a string containing the password.
687 * @throws boost::system::system_error Thrown on failure.
689 * @note Calls @c SSL_CTX_set_default_passwd_cb.
691 template <typename PasswordCallback>
692 void set_password_callback(PasswordCallback callback);
694 /// Set the password callback.
696 * This function is used to specify a callback function to obtain password
697 * information about an encrypted key in PEM format.
699 * @param callback The function object to be used for obtaining the password.
700 * The function signature of the handler must be:
701 * @code std::string password_callback(
702 * std::size_t max_length, // The maximum size for a password.
703 * password_purpose purpose // Whether password is for reading or writing.
705 * The return value of the callback is a string containing the password.
707 * @param ec Set to indicate what error occurred, if any.
709 * @note Calls @c SSL_CTX_set_default_passwd_cb.
711 template <typename PasswordCallback>
712 BOOST_ASIO_SYNC_OP_VOID set_password_callback(PasswordCallback callback,
713 boost::system::error_code& ec);
718 struct evp_pkey_cleanup;
722 // Helper function used to set a peer certificate verification callback.
723 BOOST_ASIO_DECL BOOST_ASIO_SYNC_OP_VOID do_set_verify_callback(
724 detail::verify_callback_base* callback, boost::system::error_code& ec);
726 // Callback used when the SSL implementation wants to verify a certificate.
727 BOOST_ASIO_DECL static int verify_callback_function(
728 int preverified, X509_STORE_CTX* ctx);
730 // Helper function used to set a password callback.
731 BOOST_ASIO_DECL BOOST_ASIO_SYNC_OP_VOID do_set_password_callback(
732 detail::password_callback_base* callback, boost::system::error_code& ec);
734 // Callback used when the SSL implementation wants a password.
735 BOOST_ASIO_DECL static int password_callback_function(
736 char* buf, int size, int purpose, void* data);
738 // Helper function to set the temporary Diffie-Hellman parameters from a BIO.
739 BOOST_ASIO_DECL BOOST_ASIO_SYNC_OP_VOID do_use_tmp_dh(
740 BIO* bio, boost::system::error_code& ec);
742 // Helper function to make a BIO from a memory buffer.
743 BOOST_ASIO_DECL BIO* make_buffer_bio(const const_buffer& b);
745 // The underlying native implementation.
746 native_handle_type handle_;
748 // Ensure openssl is initialised.
749 boost::asio::ssl::detail::openssl_init<> init_;
756 #include <boost/asio/detail/pop_options.hpp>
758 #include <boost/asio/ssl/impl/context.hpp>
759 #if defined(BOOST_ASIO_HEADER_ONLY)
760 # include <boost/asio/ssl/impl/context.ipp>
761 #endif // defined(BOOST_ASIO_HEADER_ONLY)
763 #endif // BOOST_ASIO_SSL_CONTEXT_HPP