]> git.proxmox.com Git - ceph.git/blob - ceph/src/boost/libs/asio/include/boost/asio/ssl/impl/context.ipp
projects / ceph.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
bump version to 12.2.2-pve1
[ceph.git] / ceph / src / boost / libs / asio / include / boost / asio / ssl / impl / context.ipp
1 //
2 // ssl/impl/context.ipp
3 // ~~~~~~~~~~~~~~~~~~~~
4 //
5 // Copyright (c) 2005 Voipster / Indrek dot Juhani at voipster dot com
6 // Copyright (c) 2005-2016 Christopher M. Kohlhoff (chris at kohlhoff dot com)
7 //
8 // Distributed under the Boost Software License, Version 1.0. (See accompanying
9 // file LICENSE_1_0.txt or copy at http://www.boost.org/LICENSE_1_0.txt)
10 //
11
12 #ifndef BOOST_ASIO_SSL_IMPL_CONTEXT_IPP
13 #define BOOST_ASIO_SSL_IMPL_CONTEXT_IPP
14
15 #if defined(_MSC_VER) && (_MSC_VER >= 1200)
16 # pragma once
17 #endif // defined(_MSC_VER) && (_MSC_VER >= 1200)
18
19 #include <boost/asio/detail/config.hpp>
20
21 #if !defined(BOOST_ASIO_ENABLE_OLD_SSL)
22 # include <cstring>
23 # include <boost/asio/detail/throw_error.hpp>
24 # include <boost/asio/error.hpp>
25 # include <boost/asio/ssl/context.hpp>
26 # include <boost/asio/ssl/error.hpp>
27 #endif // !defined(BOOST_ASIO_ENABLE_OLD_SSL)
28
29 #include <boost/asio/detail/push_options.hpp>
30
31 namespace boost {
32 namespace asio {
33 namespace ssl {
34
35 #if !defined(BOOST_ASIO_ENABLE_OLD_SSL)
36
37 struct context::bio_cleanup
38 {
39 BIO* p;
40 ~bio_cleanup() { if (p) ::BIO_free(p); }
41 };
42
43 struct context::x509_cleanup
44 {
45 X509* p;
46 ~x509_cleanup() { if (p) ::X509_free(p); }
47 };
48
49 struct context::evp_pkey_cleanup
50 {
51 EVP_PKEY* p;
52 ~evp_pkey_cleanup() { if (p) ::EVP_PKEY_free(p); }
53 };
54
55 struct context::rsa_cleanup
56 {
57 RSA* p;
58 ~rsa_cleanup() { if (p) ::RSA_free(p); }
59 };
60
61 struct context::dh_cleanup
62 {
63 DH* p;
64 ~dh_cleanup() { if (p) ::DH_free(p); }
65 };
66
67 context::context(context::method m)
68 : handle_(0)
69 {
70 ::ERR_clear_error();
71
72 switch (m)
73 {
74 #if defined(OPENSSL_NO_SSL2) \
75 || (OPENSSL_VERSION_NUMBER >= 0x10100000L)
76 case context::sslv2:
77 case context::sslv2_client:
78 case context::sslv2_server:
79 boost::asio::detail::throw_error(
80 boost::asio::error::invalid_argument, "context");
81 break;
82 #else // defined(OPENSSL_NO_SSL2)
83 // || (OPENSSL_VERSION_NUMBER >= 0x10100000L)
84 case context::sslv2:
85 handle_ = ::SSL_CTX_new(::SSLv2_method());
86 break;
87 case context::sslv2_client:
88 handle_ = ::SSL_CTX_new(::SSLv2_client_method());
89 break;
90 case context::sslv2_server:
91 handle_ = ::SSL_CTX_new(::SSLv2_server_method());
92 break;
93 #endif // defined(OPENSSL_NO_SSL2)
94 // || (OPENSSL_VERSION_NUMBER >= 0x10100000L)
95 #if defined(OPENSSL_NO_SSL3)
96 case context::sslv3:
97 case context::sslv3_client:
98 case context::sslv3_server:
99 boost::asio::detail::throw_error(
100 boost::asio::error::invalid_argument, "context");
101 break;
102 #else // defined(OPENSSL_NO_SSL3)
103 case context::sslv3:
104 handle_ = ::SSL_CTX_new(::SSLv3_method());
105 break;
106 case context::sslv3_client:
107 handle_ = ::SSL_CTX_new(::SSLv3_client_method());
108 break;
109 case context::sslv3_server:
110 handle_ = ::SSL_CTX_new(::SSLv3_server_method());
111 break;
112 #endif // defined(OPENSSL_NO_SSL3)
113 #if (OPENSSL_VERSION_NUMBER < 0x10100000L)
114 case context::tlsv1:
115 handle_ = ::SSL_CTX_new(::TLSv1_method());
116 break;
117 case context::tlsv1_client:
118 handle_ = ::SSL_CTX_new(::TLSv1_client_method());
119 break;
120 case context::tlsv1_server:
121 handle_ = ::SSL_CTX_new(::TLSv1_server_method());
122 break;
123 #endif // (OPENSSL_VERSION_NUMBER < 0x10100000L)
124 case context::sslv23:
125 handle_ = ::SSL_CTX_new(::SSLv23_method());
126 break;
127 case context::sslv23_client:
128 handle_ = ::SSL_CTX_new(::SSLv23_client_method());
129 break;
130 case context::sslv23_server:
131 handle_ = ::SSL_CTX_new(::SSLv23_server_method());
132 break;
133 #if (OPENSSL_VERSION_NUMBER < 0x10100000L)
134 #if defined(SSL_TXT_TLSV1_1)
135 case context::tlsv11:
136 handle_ = ::SSL_CTX_new(::TLSv1_1_method());
137 break;
138 case context::tlsv11_client:
139 handle_ = ::SSL_CTX_new(::TLSv1_1_client_method());
140 break;
141 case context::tlsv11_server:
142 handle_ = ::SSL_CTX_new(::TLSv1_1_server_method());
143 break;
144 #else // defined(SSL_TXT_TLSV1_1)
145 case context::tlsv11:
146 case context::tlsv11_client:
147 case context::tlsv11_server:
148 boost::asio::detail::throw_error(
149 boost::asio::error::invalid_argument, "context");
150 break;
151 #endif // defined(SSL_TXT_TLSV1_1)
152 #if defined(SSL_TXT_TLSV1_2)
153 case context::tlsv12:
154 handle_ = ::SSL_CTX_new(::TLSv1_2_method());
155 break;
156 case context::tlsv12_client:
157 handle_ = ::SSL_CTX_new(::TLSv1_2_client_method());
158 break;
159 case context::tlsv12_server:
160 handle_ = ::SSL_CTX_new(::TLSv1_2_server_method());
161 break;
162 #else // defined(SSL_TXT_TLSV1_2)
163 case context::tlsv12:
164 case context::tlsv12_client:
165 case context::tlsv12_server:
166 boost::asio::detail::throw_error(
167 boost::asio::error::invalid_argument, "context");
168 break;
169 #endif // defined(SSL_TXT_TLSV1_2)
170 #else // (OPENSSL_VERSION_NUMBER < 0x10100000L)
171 case context::tlsv1:
172 case context::tlsv11:
173 case context::tlsv12:
174 handle_ = ::SSL_CTX_new(::TLS_method());
175 break;
176 case context::tlsv1_client:
177 case context::tlsv11_client:
178 case context::tlsv12_client:
179 handle_ = ::SSL_CTX_new(::TLS_client_method());
180 break;
181 case context::tlsv1_server:
182 case context::tlsv11_server:
183 case context::tlsv12_server:
184 handle_ = ::SSL_CTX_new(::TLS_server_method());
185 break;
186 #endif // (OPENSSL_VERSION_NUMBER < 0x10100000L)
187 default:
188 handle_ = ::SSL_CTX_new(0);
189 break;
190 }
191
192 if (handle_ == 0)
193 {
194 boost::system::error_code ec(
195 static_cast<int>(::ERR_get_error()),
196 boost::asio::error::get_ssl_category());
197 boost::asio::detail::throw_error(ec, "context");
198 }
199
200 set_options(no_compression);
201 }
202
203 context::context(boost::asio::io_service&, context::method m)
204 : handle_(0)
205 {
206 context tmp(m);
207 handle_ = tmp.handle_;
208 tmp.handle_ = 0;
209 }
210
211 #if defined(BOOST_ASIO_HAS_MOVE) || defined(GENERATING_DOCUMENTATION)
212 context::context(context&& other)
213 {
214 handle_ = other.handle_;
215 other.handle_ = 0;
216 }
217
218 context& context::operator=(context&& other)
219 {
220 context tmp(BOOST_ASIO_MOVE_CAST(context)(*this));
221 handle_ = other.handle_;
222 other.handle_ = 0;
223 return *this;
224 }
225 #endif // defined(BOOST_ASIO_HAS_MOVE) || defined(GENERATING_DOCUMENTATION)
226
227 context::~context()
228 {
229 if (handle_)
230 {
231 #if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
232 void* cb_userdata = ::SSL_CTX_get_default_passwd_cb_userdata(handle_);
233 #else // (OPENSSL_VERSION_NUMBER >= 0x10100000L)
234 void* cb_userdata = handle_->default_passwd_callback_userdata;
235 #endif // (OPENSSL_VERSION_NUMBER >= 0x10100000L)
236 if (cb_userdata)
237 {
238 detail::password_callback_base* callback =
239 static_cast<detail::password_callback_base*>(
240 cb_userdata);
241 delete callback;
242 #if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
243 ::SSL_CTX_set_default_passwd_cb_userdata(handle_, 0);
244 #else // (OPENSSL_VERSION_NUMBER >= 0x10100000L)
245 handle_->default_passwd_callback_userdata = 0;
246 #endif // (OPENSSL_VERSION_NUMBER >= 0x10100000L)
247 }
248
249 if (SSL_CTX_get_app_data(handle_))
250 {
251 detail::verify_callback_base* callback =
252 static_cast<detail::verify_callback_base*>(
253 SSL_CTX_get_app_data(handle_));
254 delete callback;
255 SSL_CTX_set_app_data(handle_, 0);
256 }
257
258 ::SSL_CTX_free(handle_);
259 }
260 }
261
262 context::native_handle_type context::native_handle()
263 {
264 return handle_;
265 }
266
267 context::impl_type context::impl()
268 {
269 return handle_;
270 }
271
272 void context::clear_options(context::options o)
273 {
274 boost::system::error_code ec;
275 clear_options(o, ec);
276 boost::asio::detail::throw_error(ec, "clear_options");
277 }
278
279 boost::system::error_code context::clear_options(
280 context::options o, boost::system::error_code& ec)
281 {
282 #if (OPENSSL_VERSION_NUMBER >= 0x009080DFL) \
283 && (OPENSSL_VERSION_NUMBER != 0x00909000L)
284 # if !defined(SSL_OP_NO_COMPRESSION)
285 if ((o & context::no_compression) != 0)
286 {
287 # if (OPENSSL_VERSION_NUMBER >= 0x00908000L)
288 handle_->comp_methods = SSL_COMP_get_compression_methods();
289 # endif // (OPENSSL_VERSION_NUMBER >= 0x00908000L)
290 o ^= context::no_compression;
291 }
292 # endif // !defined(SSL_OP_NO_COMPRESSION)
293
294 ::SSL_CTX_clear_options(handle_, o);
295
296 ec = boost::system::error_code();
297 #else // (OPENSSL_VERSION_NUMBER >= 0x009080DFL)
298 // && (OPENSSL_VERSION_NUMBER != 0x00909000L)
299 (void)o;
300 ec = boost::asio::error::operation_not_supported;
301 #endif // (OPENSSL_VERSION_NUMBER >= 0x009080DFL)
302 // && (OPENSSL_VERSION_NUMBER != 0x00909000L)
303 return ec;
304 }
305
306 void context::set_options(context::options o)
307 {
308 boost::system::error_code ec;
309 set_options(o, ec);
310 boost::asio::detail::throw_error(ec, "set_options");
311 }
312
313 boost::system::error_code context::set_options(
314 context::options o, boost::system::error_code& ec)
315 {
316 #if !defined(SSL_OP_NO_COMPRESSION)
317 if ((o & context::no_compression) != 0)
318 {
319 #if (OPENSSL_VERSION_NUMBER >= 0x00908000L)
320 handle_->comp_methods =
321 boost::asio::ssl::detail::openssl_init<>::get_null_compression_methods();
322 #endif // (OPENSSL_VERSION_NUMBER >= 0x00908000L)
323 o ^= context::no_compression;
324 }
325 #endif // !defined(SSL_OP_NO_COMPRESSION)
326
327 ::SSL_CTX_set_options(handle_, o);
328
329 ec = boost::system::error_code();
330 return ec;
331 }
332
333 void context::set_verify_mode(verify_mode v)
334 {
335 boost::system::error_code ec;
336 set_verify_mode(v, ec);
337 boost::asio::detail::throw_error(ec, "set_verify_mode");
338 }
339
340 boost::system::error_code context::set_verify_mode(
341 verify_mode v, boost::system::error_code& ec)
342 {
343 ::SSL_CTX_set_verify(handle_, v, ::SSL_CTX_get_verify_callback(handle_));
344
345 ec = boost::system::error_code();
346 return ec;
347 }
348
349 void context::set_verify_depth(int depth)
350 {
351 boost::system::error_code ec;
352 set_verify_depth(depth, ec);
353 boost::asio::detail::throw_error(ec, "set_verify_depth");
354 }
355
356 boost::system::error_code context::set_verify_depth(
357 int depth, boost::system::error_code& ec)
358 {
359 ::SSL_CTX_set_verify_depth(handle_, depth);
360
361 ec = boost::system::error_code();
362 return ec;
363 }
364
365 void context::load_verify_file(const std::string& filename)
366 {
367 boost::system::error_code ec;
368 load_verify_file(filename, ec);
369 boost::asio::detail::throw_error(ec, "load_verify_file");
370 }
371
372 boost::system::error_code context::load_verify_file(
373 const std::string& filename, boost::system::error_code& ec)
374 {
375 ::ERR_clear_error();
376
377 if (::SSL_CTX_load_verify_locations(handle_, filename.c_str(), 0) != 1)
378 {
379 ec = boost::system::error_code(
380 static_cast<int>(::ERR_get_error()),
381 boost::asio::error::get_ssl_category());
382 return ec;
383 }
384
385 ec = boost::system::error_code();
386 return ec;
387 }
388
389 void context::add_certificate_authority(const const_buffer& ca)
390 {
391 boost::system::error_code ec;
392 add_certificate_authority(ca, ec);
393 boost::asio::detail::throw_error(ec, "add_certificate_authority");
394 }
395
396 boost::system::error_code context::add_certificate_authority(
397 const const_buffer& ca, boost::system::error_code& ec)
398 {
399 ::ERR_clear_error();
400
401 bio_cleanup bio = { make_buffer_bio(ca) };
402 if (bio.p)
403 {
404 x509_cleanup cert = { ::PEM_read_bio_X509(bio.p, 0, 0, 0) };
405 if (cert.p)
406 {
407 if (X509_STORE* store = ::SSL_CTX_get_cert_store(handle_))
408 {
409 if (::X509_STORE_add_cert(store, cert.p) == 1)
410 {
411 ec = boost::system::error_code();
412 return ec;
413 }
414 }
415 }
416 }
417
418 ec = boost::system::error_code(
419 static_cast<int>(::ERR_get_error()),
420 boost::asio::error::get_ssl_category());
421 return ec;
422 }
423
424 void context::set_default_verify_paths()
425 {
426 boost::system::error_code ec;
427 set_default_verify_paths(ec);
428 boost::asio::detail::throw_error(ec, "set_default_verify_paths");
429 }
430
431 boost::system::error_code context::set_default_verify_paths(
432 boost::system::error_code& ec)
433 {
434 ::ERR_clear_error();
435
436 if (::SSL_CTX_set_default_verify_paths(handle_) != 1)
437 {
438 ec = boost::system::error_code(
439 static_cast<int>(::ERR_get_error()),
440 boost::asio::error::get_ssl_category());
441 return ec;
442 }
443
444 ec = boost::system::error_code();
445 return ec;
446 }
447
448 void context::add_verify_path(const std::string& path)
449 {
450 boost::system::error_code ec;
451 add_verify_path(path, ec);
452 boost::asio::detail::throw_error(ec, "add_verify_path");
453 }
454
455 boost::system::error_code context::add_verify_path(
456 const std::string& path, boost::system::error_code& ec)
457 {
458 ::ERR_clear_error();
459
460 if (::SSL_CTX_load_verify_locations(handle_, 0, path.c_str()) != 1)
461 {
462 ec = boost::system::error_code(
463 static_cast<int>(::ERR_get_error()),
464 boost::asio::error::get_ssl_category());
465 return ec;
466 }
467
468 ec = boost::system::error_code();
469 return ec;
470 }
471
472 void context::use_certificate(
473 const const_buffer& certificate, file_format format)
474 {
475 boost::system::error_code ec;
476 use_certificate(certificate, format, ec);
477 boost::asio::detail::throw_error(ec, "use_certificate");
478 }
479
480 boost::system::error_code context::use_certificate(
481 const const_buffer& certificate, file_format format,
482 boost::system::error_code& ec)
483 {
484 ::ERR_clear_error();
485
486 if (format == context_base::asn1)
487 {
488 if (::SSL_CTX_use_certificate_ASN1(handle_,
489 static_cast<int>(buffer_size(certificate)),
490 buffer_cast<const unsigned char*>(certificate)) == 1)
491 {
492 ec = boost::system::error_code();
493 return ec;
494 }
495 }
496 else if (format == context_base::pem)
497 {
498 bio_cleanup bio = { make_buffer_bio(certificate) };
499 if (bio.p)
500 {
501 x509_cleanup cert = { ::PEM_read_bio_X509(bio.p, 0, 0, 0) };
502 if (cert.p)
503 {
504 if (::SSL_CTX_use_certificate(handle_, cert.p) == 1)
505 {
506 ec = boost::system::error_code();
507 return ec;
508 }
509 }
510 }
511 }
512 else
513 {
514 ec = boost::asio::error::invalid_argument;
515 return ec;
516 }
517
518 ec = boost::system::error_code(
519 static_cast<int>(::ERR_get_error()),
520 boost::asio::error::get_ssl_category());
521 return ec;
522 }
523
524 void context::use_certificate_file(
525 const std::string& filename, file_format format)
526 {
527 boost::system::error_code ec;
528 use_certificate_file(filename, format, ec);
529 boost::asio::detail::throw_error(ec, "use_certificate_file");
530 }
531
532 boost::system::error_code context::use_certificate_file(
533 const std::string& filename, file_format format,
534 boost::system::error_code& ec)
535 {
536 int file_type;
537 switch (format)
538 {
539 case context_base::asn1:
540 file_type = SSL_FILETYPE_ASN1;
541 break;
542 case context_base::pem:
543 file_type = SSL_FILETYPE_PEM;
544 break;
545 default:
546 {
547 ec = boost::asio::error::invalid_argument;
548 return ec;
549 }
550 }
551
552 ::ERR_clear_error();
553
554 if (::SSL_CTX_use_certificate_file(handle_, filename.c_str(), file_type) != 1)
555 {
556 ec = boost::system::error_code(
557 static_cast<int>(::ERR_get_error()),
558 boost::asio::error::get_ssl_category());
559 return ec;
560 }
561
562 ec = boost::system::error_code();
563 return ec;
564 }
565
566 void context::use_certificate_chain(const const_buffer& chain)
567 {
568 boost::system::error_code ec;
569 use_certificate_chain(chain, ec);
570 boost::asio::detail::throw_error(ec, "use_certificate_chain");
571 }
572
573 boost::system::error_code context::use_certificate_chain(
574 const const_buffer& chain, boost::system::error_code& ec)
575 {
576 ::ERR_clear_error();
577
578 bio_cleanup bio = { make_buffer_bio(chain) };
579 if (bio.p)
580 {
581 #if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
582 pem_password_cb* callback = ::SSL_CTX_get_default_passwd_cb(handle_);
583 void* cb_userdata = ::SSL_CTX_get_default_passwd_cb_userdata(handle_);
584 #else // (OPENSSL_VERSION_NUMBER >= 0x10100000L)
585 pem_password_cb* callback = handle_->default_passwd_callback;
586 void* cb_userdata = handle_->default_passwd_callback_userdata;
587 #endif // (OPENSSL_VERSION_NUMBER >= 0x10100000L)
588 x509_cleanup cert = {
589 ::PEM_read_bio_X509_AUX(bio.p, 0,
590 callback,
591 cb_userdata) };
592 if (!cert.p)
593 {
594 ec = boost::system::error_code(ERR_R_PEM_LIB,
595 boost::asio::error::get_ssl_category());
596 return ec;
597 }
598
599 int result = ::SSL_CTX_use_certificate(handle_, cert.p);
600 if (result == 0 || ::ERR_peek_error() != 0)
601 {
602 ec = boost::system::error_code(
603 static_cast<int>(::ERR_get_error()),
604 boost::asio::error::get_ssl_category());
605 return ec;
606 }
607
608 #if (OPENSSL_VERSION_NUMBER >= 0x10002000L) && !defined(LIBRESSL_VERSION_NUMBER)
609 ::SSL_CTX_clear_chain_certs(handle_);
610 #else
611 if (handle_->extra_certs)
612 {
613 ::sk_X509_pop_free(handle_->extra_certs, X509_free);
614 handle_->extra_certs = 0;
615 }
616 #endif // (OPENSSL_VERSION_NUMBER >= 0x10002000L)
617
618 while (X509* cacert = ::PEM_read_bio_X509(bio.p, 0,
619 callback,
620 cb_userdata))
621 {
622 if (!::SSL_CTX_add_extra_chain_cert(handle_, cacert))
623 {
624 ec = boost::system::error_code(
625 static_cast<int>(::ERR_get_error()),
626 boost::asio::error::get_ssl_category());
627 return ec;
628 }
629 }
630
631 result = ::ERR_peek_last_error();
632 if ((ERR_GET_LIB(result) == ERR_LIB_PEM)
633 && (ERR_GET_REASON(result) == PEM_R_NO_START_LINE))
634 {
635 ::ERR_clear_error();
636 ec = boost::system::error_code();
637 return ec;
638 }
639 }
640
641 ec = boost::system::error_code(
642 static_cast<int>(::ERR_get_error()),
643 boost::asio::error::get_ssl_category());
644 return ec;
645 }
646
647 void context::use_certificate_chain_file(const std::string& filename)
648 {
649 boost::system::error_code ec;
650 use_certificate_chain_file(filename, ec);
651 boost::asio::detail::throw_error(ec, "use_certificate_chain_file");
652 }
653
654 boost::system::error_code context::use_certificate_chain_file(
655 const std::string& filename, boost::system::error_code& ec)
656 {
657 ::ERR_clear_error();
658
659 if (::SSL_CTX_use_certificate_chain_file(handle_, filename.c_str()) != 1)
660 {
661 ec = boost::system::error_code(
662 static_cast<int>(::ERR_get_error()),
663 boost::asio::error::get_ssl_category());
664 return ec;
665 }
666
667 ec = boost::system::error_code();
668 return ec;
669 }
670
671 void context::use_private_key(
672 const const_buffer& private_key, context::file_format format)
673 {
674 boost::system::error_code ec;
675 use_private_key(private_key, format, ec);
676 boost::asio::detail::throw_error(ec, "use_private_key");
677 }
678
679 boost::system::error_code context::use_private_key(
680 const const_buffer& private_key, context::file_format format,
681 boost::system::error_code& ec)
682 {
683 ::ERR_clear_error();
684
685 #if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
686 pem_password_cb* callback = ::SSL_CTX_get_default_passwd_cb(handle_);
687 void* cb_userdata = ::SSL_CTX_get_default_passwd_cb_userdata(handle_);
688 #else // (OPENSSL_VERSION_NUMBER >= 0x10100000L)
689 pem_password_cb* callback = handle_->default_passwd_callback;
690 void* cb_userdata = handle_->default_passwd_callback_userdata;
691 #endif // (OPENSSL_VERSION_NUMBER >= 0x10100000L)
692
693 bio_cleanup bio = { make_buffer_bio(private_key) };
694 if (bio.p)
695 {
696 evp_pkey_cleanup evp_private_key = { 0 };
697 switch (format)
698 {
699 case context_base::asn1:
700 evp_private_key.p = ::d2i_PrivateKey_bio(bio.p, 0);
701 break;
702 case context_base::pem:
703 evp_private_key.p = ::PEM_read_bio_PrivateKey(
704 bio.p, 0, callback,
705 cb_userdata);
706 break;
707 default:
708 {
709 ec = boost::asio::error::invalid_argument;
710 return ec;
711 }
712 }
713
714 if (evp_private_key.p)
715 {
716 if (::SSL_CTX_use_PrivateKey(handle_, evp_private_key.p) == 1)
717 {
718 ec = boost::system::error_code();
719 return ec;
720 }
721 }
722 }
723
724 ec = boost::system::error_code(
725 static_cast<int>(::ERR_get_error()),
726 boost::asio::error::get_ssl_category());
727 return ec;
728 }
729
730 void context::use_private_key_file(
731 const std::string& filename, context::file_format format)
732 {
733 boost::system::error_code ec;
734 use_private_key_file(filename, format, ec);
735 boost::asio::detail::throw_error(ec, "use_private_key_file");
736 }
737
738 void context::use_rsa_private_key(
739 const const_buffer& private_key, context::file_format format)
740 {
741 boost::system::error_code ec;
742 use_rsa_private_key(private_key, format, ec);
743 boost::asio::detail::throw_error(ec, "use_rsa_private_key");
744 }
745
746 boost::system::error_code context::use_rsa_private_key(
747 const const_buffer& private_key, context::file_format format,
748 boost::system::error_code& ec)
749 {
750 ::ERR_clear_error();
751
752 #if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
753 pem_password_cb* callback = ::SSL_CTX_get_default_passwd_cb(handle_);
754 void* cb_userdata = ::SSL_CTX_get_default_passwd_cb_userdata(handle_);
755 #else // (OPENSSL_VERSION_NUMBER >= 0x10100000L)
756 pem_password_cb* callback = handle_->default_passwd_callback;
757 void* cb_userdata = handle_->default_passwd_callback_userdata;
758 #endif // (OPENSSL_VERSION_NUMBER >= 0x10100000L)
759
760 bio_cleanup bio = { make_buffer_bio(private_key) };
761 if (bio.p)
762 {
763 rsa_cleanup rsa_private_key = { 0 };
764 switch (format)
765 {
766 case context_base::asn1:
767 rsa_private_key.p = ::d2i_RSAPrivateKey_bio(bio.p, 0);
768 break;
769 case context_base::pem:
770 rsa_private_key.p = ::PEM_read_bio_RSAPrivateKey(
771 bio.p, 0, callback,
772 cb_userdata);
773 break;
774 default:
775 {
776 ec = boost::asio::error::invalid_argument;
777 return ec;
778 }
779 }
780
781 if (rsa_private_key.p)
782 {
783 if (::SSL_CTX_use_RSAPrivateKey(handle_, rsa_private_key.p) == 1)
784 {
785 ec = boost::system::error_code();
786 return ec;
787 }
788 }
789 }
790
791 ec = boost::system::error_code(
792 static_cast<int>(::ERR_get_error()),
793 boost::asio::error::get_ssl_category());
794 return ec;
795 }
796
797 boost::system::error_code context::use_private_key_file(
798 const std::string& filename, context::file_format format,
799 boost::system::error_code& ec)
800 {
801 int file_type;
802 switch (format)
803 {
804 case context_base::asn1:
805 file_type = SSL_FILETYPE_ASN1;
806 break;
807 case context_base::pem:
808 file_type = SSL_FILETYPE_PEM;
809 break;
810 default:
811 {
812 ec = boost::asio::error::invalid_argument;
813 return ec;
814 }
815 }
816
817 ::ERR_clear_error();
818
819 if (::SSL_CTX_use_PrivateKey_file(handle_, filename.c_str(), file_type) != 1)
820 {
821 ec = boost::system::error_code(
822 static_cast<int>(::ERR_get_error()),
823 boost::asio::error::get_ssl_category());
824 return ec;
825 }
826
827 ec = boost::system::error_code();
828 return ec;
829 }
830
831 void context::use_rsa_private_key_file(
832 const std::string& filename, context::file_format format)
833 {
834 boost::system::error_code ec;
835 use_rsa_private_key_file(filename, format, ec);
836 boost::asio::detail::throw_error(ec, "use_rsa_private_key_file");
837 }
838
839 boost::system::error_code context::use_rsa_private_key_file(
840 const std::string& filename, context::file_format format,
841 boost::system::error_code& ec)
842 {
843 int file_type;
844 switch (format)
845 {
846 case context_base::asn1:
847 file_type = SSL_FILETYPE_ASN1;
848 break;
849 case context_base::pem:
850 file_type = SSL_FILETYPE_PEM;
851 break;
852 default:
853 {
854 ec = boost::asio::error::invalid_argument;
855 return ec;
856 }
857 }
858
859 ::ERR_clear_error();
860
861 if (::SSL_CTX_use_RSAPrivateKey_file(
862 handle_, filename.c_str(), file_type) != 1)
863 {
864 ec = boost::system::error_code(
865 static_cast<int>(::ERR_get_error()),
866 boost::asio::error::get_ssl_category());
867 return ec;
868 }
869
870 ec = boost::system::error_code();
871 return ec;
872 }
873
874 void context::use_tmp_dh(const const_buffer& dh)
875 {
876 boost::system::error_code ec;
877 use_tmp_dh(dh, ec);
878 boost::asio::detail::throw_error(ec, "use_tmp_dh");
879 }
880
881 boost::system::error_code context::use_tmp_dh(
882 const const_buffer& dh, boost::system::error_code& ec)
883 {
884 ::ERR_clear_error();
885
886 bio_cleanup bio = { make_buffer_bio(dh) };
887 if (bio.p)
888 {
889 return do_use_tmp_dh(bio.p, ec);
890 }
891
892 ec = boost::system::error_code(
893 static_cast<int>(::ERR_get_error()),
894 boost::asio::error::get_ssl_category());
895 return ec;
896 }
897
898 void context::use_tmp_dh_file(const std::string& filename)
899 {
900 boost::system::error_code ec;
901 use_tmp_dh_file(filename, ec);
902 boost::asio::detail::throw_error(ec, "use_tmp_dh_file");
903 }
904
905 boost::system::error_code context::use_tmp_dh_file(
906 const std::string& filename, boost::system::error_code& ec)
907 {
908 ::ERR_clear_error();
909
910 bio_cleanup bio = { ::BIO_new_file(filename.c_str(), "r") };
911 if (bio.p)
912 {
913 return do_use_tmp_dh(bio.p, ec);
914 }
915
916 ec = boost::system::error_code(
917 static_cast<int>(::ERR_get_error()),
918 boost::asio::error::get_ssl_category());
919 return ec;
920 }
921
922 boost::system::error_code context::do_use_tmp_dh(
923 BIO* bio, boost::system::error_code& ec)
924 {
925 ::ERR_clear_error();
926
927 dh_cleanup dh = { ::PEM_read_bio_DHparams(bio, 0, 0, 0) };
928 if (dh.p)
929 {
930 if (::SSL_CTX_set_tmp_dh(handle_, dh.p) == 1)
931 {
932 ec = boost::system::error_code();
933 return ec;
934 }
935 }
936
937 ec = boost::system::error_code(
938 static_cast<int>(::ERR_get_error()),
939 boost::asio::error::get_ssl_category());
940 return ec;
941 }
942
943 boost::system::error_code context::do_set_verify_callback(
944 detail::verify_callback_base* callback, boost::system::error_code& ec)
945 {
946 if (SSL_CTX_get_app_data(handle_))
947 {
948 delete static_cast<detail::verify_callback_base*>(
949 SSL_CTX_get_app_data(handle_));
950 }
951
952 SSL_CTX_set_app_data(handle_, callback);
953
954 ::SSL_CTX_set_verify(handle_,
955 ::SSL_CTX_get_verify_mode(handle_),
956 &context::verify_callback_function);
957
958 ec = boost::system::error_code();
959 return ec;
960 }
961
962 int context::verify_callback_function(int preverified, X509_STORE_CTX* ctx)
963 {
964 if (ctx)
965 {
966 if (SSL* ssl = static_cast<SSL*>(
967 ::X509_STORE_CTX_get_ex_data(
968 ctx, ::SSL_get_ex_data_X509_STORE_CTX_idx())))
969 {
970 if (SSL_CTX* handle = ::SSL_get_SSL_CTX(ssl))
971 {
972 if (SSL_CTX_get_app_data(handle))
973 {
974 detail::verify_callback_base* callback =
975 static_cast<detail::verify_callback_base*>(
976 SSL_CTX_get_app_data(handle));
977
978 verify_context verify_ctx(ctx);
979 return callback->call(preverified != 0, verify_ctx) ? 1 : 0;
980 }
981 }
982 }
983 }
984
985 return 0;
986 }
987
988 boost::system::error_code context::do_set_password_callback(
989 detail::password_callback_base* callback, boost::system::error_code& ec)
990 {
991 #if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
992 void* old_callback = ::SSL_CTX_get_default_passwd_cb_userdata(handle_);
993 ::SSL_CTX_set_default_passwd_cb_userdata(handle_, callback);
994 #else // (OPENSSL_VERSION_NUMBER >= 0x10100000L)
995 void* old_callback = handle_->default_passwd_callback_userdata;
996 handle_->default_passwd_callback_userdata = callback;
997 #endif // (OPENSSL_VERSION_NUMBER >= 0x10100000L)
998
999 if (old_callback)
1000 delete static_cast<detail::password_callback_base*>(
1001 old_callback);
1002
1003 SSL_CTX_set_default_passwd_cb(handle_, &context::password_callback_function);
1004
1005 ec = boost::system::error_code();
1006 return ec;
1007 }
1008
1009 int context::password_callback_function(
1010 char* buf, int size, int purpose, void* data)
1011 {
1012 using namespace std; // For strncat and strlen.
1013
1014 if (data)
1015 {
1016 detail::password_callback_base* callback =
1017 static_cast<detail::password_callback_base*>(data);
1018
1019 std::string passwd = callback->call(static_cast<std::size_t>(size),
1020 purpose ? context_base::for_writing : context_base::for_reading);
1021
1022 #if defined(BOOST_ASIO_HAS_SECURE_RTL)
1023 strcpy_s(buf, size, passwd.c_str());
1024 #else // defined(BOOST_ASIO_HAS_SECURE_RTL)
1025 *buf = '\0';
1026 if (size > 0)
1027 strncat(buf, passwd.c_str(), size - 1);
1028 #endif // defined(BOOST_ASIO_HAS_SECURE_RTL)
1029
1030 return static_cast<int>(strlen(buf));
1031 }
1032
1033 return 0;
1034 }
1035
1036 BIO* context::make_buffer_bio(const const_buffer& b)
1037 {
1038 return ::BIO_new_mem_buf(
1039 const_cast<void*>(buffer_cast<const void*>(b)),
1040 static_cast<int>(buffer_size(b)));
1041 }
1042
1043 #endif // !defined(BOOST_ASIO_ENABLE_OLD_SSL)
1044
1045 } // namespace ssl
1046 } // namespace asio
1047 } // namespace boost
1048
1049 #include <boost/asio/detail/pop_options.hpp>
1050
1051 #endif // BOOST_ASIO_SSL_IMPL_CONTEXT_IPP
Ceph