]>
Commit | Line | Data |
---|---|---|
7c673cae FG |
1 | // |
2 | // ssl/context.hpp | |
3 | // ~~~~~~~~~~~~~~~ | |
4 | // | |
92f5a8d4 | 5 | // Copyright (c) 2003-2019 Christopher M. Kohlhoff (chris at kohlhoff dot com) |
7c673cae FG |
6 | // |
7 | // Distributed under the Boost Software License, Version 1.0. (See accompanying | |
8 | // file LICENSE_1_0.txt or copy at http://www.boost.org/LICENSE_1_0.txt) | |
9 | // | |
10 | ||
11 | #ifndef BOOST_ASIO_SSL_CONTEXT_HPP | |
12 | #define BOOST_ASIO_SSL_CONTEXT_HPP | |
13 | ||
14 | #if defined(_MSC_VER) && (_MSC_VER >= 1200) | |
15 | # pragma once | |
16 | #endif // defined(_MSC_VER) && (_MSC_VER >= 1200) | |
17 | ||
18 | #include <boost/asio/detail/config.hpp> | |
19 | ||
b32b8144 FG |
20 | #include <string> |
21 | #include <boost/asio/buffer.hpp> | |
22 | #include <boost/asio/io_context.hpp> | |
23 | #include <boost/asio/ssl/context_base.hpp> | |
24 | #include <boost/asio/ssl/detail/openssl_types.hpp> | |
25 | #include <boost/asio/ssl/detail/openssl_init.hpp> | |
26 | #include <boost/asio/ssl/detail/password_callback.hpp> | |
27 | #include <boost/asio/ssl/detail/verify_callback.hpp> | |
28 | #include <boost/asio/ssl/verify_mode.hpp> | |
7c673cae FG |
29 | |
30 | #include <boost/asio/detail/push_options.hpp> | |
31 | ||
32 | namespace boost { | |
33 | namespace asio { | |
34 | namespace ssl { | |
35 | ||
7c673cae FG |
36 | class context |
37 | : public context_base, | |
38 | private noncopyable | |
39 | { | |
40 | public: | |
41 | /// The native handle type of the SSL context. | |
42 | typedef SSL_CTX* native_handle_type; | |
43 | ||
7c673cae FG |
44 | /// Constructor. |
45 | BOOST_ASIO_DECL explicit context(method m); | |
46 | ||
7c673cae FG |
47 | #if defined(BOOST_ASIO_HAS_MOVE) || defined(GENERATING_DOCUMENTATION) |
48 | /// Move-construct a context from another. | |
49 | /** | |
50 | * This constructor moves an SSL context from one object to another. | |
51 | * | |
52 | * @param other The other context object from which the move will occur. | |
53 | * | |
54 | * @note Following the move, the following operations only are valid for the | |
55 | * moved-from object: | |
56 | * @li Destruction. | |
57 | * @li As a target for move-assignment. | |
58 | */ | |
59 | BOOST_ASIO_DECL context(context&& other); | |
60 | ||
61 | /// Move-assign a context from another. | |
62 | /** | |
63 | * This assignment operator moves an SSL context from one object to another. | |
64 | * | |
65 | * @param other The other context object from which the move will occur. | |
66 | * | |
67 | * @note Following the move, the following operations only are valid for the | |
68 | * moved-from object: | |
69 | * @li Destruction. | |
70 | * @li As a target for move-assignment. | |
71 | */ | |
72 | BOOST_ASIO_DECL context& operator=(context&& other); | |
73 | #endif // defined(BOOST_ASIO_HAS_MOVE) || defined(GENERATING_DOCUMENTATION) | |
74 | ||
75 | /// Destructor. | |
76 | BOOST_ASIO_DECL ~context(); | |
77 | ||
78 | /// Get the underlying implementation in the native type. | |
79 | /** | |
80 | * This function may be used to obtain the underlying implementation of the | |
81 | * context. This is intended to allow access to context functionality that is | |
82 | * not otherwise provided. | |
83 | */ | |
84 | BOOST_ASIO_DECL native_handle_type native_handle(); | |
85 | ||
7c673cae FG |
86 | /// Clear options on the context. |
87 | /** | |
88 | * This function may be used to configure the SSL options used by the context. | |
89 | * | |
90 | * @param o A bitmask of options. The available option values are defined in | |
91 | * the context_base class. The specified options, if currently enabled on the | |
92 | * context, are cleared. | |
93 | * | |
94 | * @throws boost::system::system_error Thrown on failure. | |
95 | * | |
96 | * @note Calls @c SSL_CTX_clear_options. | |
97 | */ | |
98 | BOOST_ASIO_DECL void clear_options(options o); | |
99 | ||
100 | /// Clear options on the context. | |
101 | /** | |
102 | * This function may be used to configure the SSL options used by the context. | |
103 | * | |
104 | * @param o A bitmask of options. The available option values are defined in | |
105 | * the context_base class. The specified options, if currently enabled on the | |
106 | * context, are cleared. | |
107 | * | |
108 | * @param ec Set to indicate what error occurred, if any. | |
109 | * | |
110 | * @note Calls @c SSL_CTX_clear_options. | |
111 | */ | |
b32b8144 | 112 | BOOST_ASIO_DECL BOOST_ASIO_SYNC_OP_VOID clear_options(options o, |
7c673cae FG |
113 | boost::system::error_code& ec); |
114 | ||
115 | /// Set options on the context. | |
116 | /** | |
117 | * This function may be used to configure the SSL options used by the context. | |
118 | * | |
119 | * @param o A bitmask of options. The available option values are defined in | |
120 | * the context_base class. The options are bitwise-ored with any existing | |
121 | * value for the options. | |
122 | * | |
123 | * @throws boost::system::system_error Thrown on failure. | |
124 | * | |
125 | * @note Calls @c SSL_CTX_set_options. | |
126 | */ | |
127 | BOOST_ASIO_DECL void set_options(options o); | |
128 | ||
129 | /// Set options on the context. | |
130 | /** | |
131 | * This function may be used to configure the SSL options used by the context. | |
132 | * | |
133 | * @param o A bitmask of options. The available option values are defined in | |
134 | * the context_base class. The options are bitwise-ored with any existing | |
135 | * value for the options. | |
136 | * | |
137 | * @param ec Set to indicate what error occurred, if any. | |
138 | * | |
139 | * @note Calls @c SSL_CTX_set_options. | |
140 | */ | |
b32b8144 | 141 | BOOST_ASIO_DECL BOOST_ASIO_SYNC_OP_VOID set_options(options o, |
7c673cae FG |
142 | boost::system::error_code& ec); |
143 | ||
144 | /// Set the peer verification mode. | |
145 | /** | |
146 | * This function may be used to configure the peer verification mode used by | |
147 | * the context. | |
148 | * | |
149 | * @param v A bitmask of peer verification modes. See @ref verify_mode for | |
150 | * available values. | |
151 | * | |
152 | * @throws boost::system::system_error Thrown on failure. | |
153 | * | |
154 | * @note Calls @c SSL_CTX_set_verify. | |
155 | */ | |
156 | BOOST_ASIO_DECL void set_verify_mode(verify_mode v); | |
157 | ||
158 | /// Set the peer verification mode. | |
159 | /** | |
160 | * This function may be used to configure the peer verification mode used by | |
161 | * the context. | |
162 | * | |
163 | * @param v A bitmask of peer verification modes. See @ref verify_mode for | |
164 | * available values. | |
165 | * | |
166 | * @param ec Set to indicate what error occurred, if any. | |
167 | * | |
168 | * @note Calls @c SSL_CTX_set_verify. | |
169 | */ | |
b32b8144 | 170 | BOOST_ASIO_DECL BOOST_ASIO_SYNC_OP_VOID set_verify_mode( |
7c673cae FG |
171 | verify_mode v, boost::system::error_code& ec); |
172 | ||
173 | /// Set the peer verification depth. | |
174 | /** | |
175 | * This function may be used to configure the maximum verification depth | |
176 | * allowed by the context. | |
177 | * | |
178 | * @param depth Maximum depth for the certificate chain verification that | |
179 | * shall be allowed. | |
180 | * | |
181 | * @throws boost::system::system_error Thrown on failure. | |
182 | * | |
183 | * @note Calls @c SSL_CTX_set_verify_depth. | |
184 | */ | |
185 | BOOST_ASIO_DECL void set_verify_depth(int depth); | |
186 | ||
187 | /// Set the peer verification depth. | |
188 | /** | |
189 | * This function may be used to configure the maximum verification depth | |
190 | * allowed by the context. | |
191 | * | |
192 | * @param depth Maximum depth for the certificate chain verification that | |
193 | * shall be allowed. | |
194 | * | |
195 | * @param ec Set to indicate what error occurred, if any. | |
196 | * | |
197 | * @note Calls @c SSL_CTX_set_verify_depth. | |
198 | */ | |
b32b8144 | 199 | BOOST_ASIO_DECL BOOST_ASIO_SYNC_OP_VOID set_verify_depth( |
7c673cae FG |
200 | int depth, boost::system::error_code& ec); |
201 | ||
202 | /// Set the callback used to verify peer certificates. | |
203 | /** | |
204 | * This function is used to specify a callback function that will be called | |
205 | * by the implementation when it needs to verify a peer certificate. | |
206 | * | |
207 | * @param callback The function object to be used for verifying a certificate. | |
208 | * The function signature of the handler must be: | |
209 | * @code bool verify_callback( | |
210 | * bool preverified, // True if the certificate passed pre-verification. | |
211 | * verify_context& ctx // The peer certificate and other context. | |
212 | * ); @endcode | |
213 | * The return value of the callback is true if the certificate has passed | |
214 | * verification, false otherwise. | |
215 | * | |
216 | * @throws boost::system::system_error Thrown on failure. | |
217 | * | |
218 | * @note Calls @c SSL_CTX_set_verify. | |
219 | */ | |
220 | template <typename VerifyCallback> | |
221 | void set_verify_callback(VerifyCallback callback); | |
222 | ||
223 | /// Set the callback used to verify peer certificates. | |
224 | /** | |
225 | * This function is used to specify a callback function that will be called | |
226 | * by the implementation when it needs to verify a peer certificate. | |
227 | * | |
228 | * @param callback The function object to be used for verifying a certificate. | |
229 | * The function signature of the handler must be: | |
230 | * @code bool verify_callback( | |
231 | * bool preverified, // True if the certificate passed pre-verification. | |
232 | * verify_context& ctx // The peer certificate and other context. | |
233 | * ); @endcode | |
234 | * The return value of the callback is true if the certificate has passed | |
235 | * verification, false otherwise. | |
236 | * | |
237 | * @param ec Set to indicate what error occurred, if any. | |
238 | * | |
239 | * @note Calls @c SSL_CTX_set_verify. | |
240 | */ | |
241 | template <typename VerifyCallback> | |
b32b8144 | 242 | BOOST_ASIO_SYNC_OP_VOID set_verify_callback(VerifyCallback callback, |
7c673cae FG |
243 | boost::system::error_code& ec); |
244 | ||
245 | /// Load a certification authority file for performing verification. | |
246 | /** | |
247 | * This function is used to load one or more trusted certification authorities | |
248 | * from a file. | |
249 | * | |
250 | * @param filename The name of a file containing certification authority | |
251 | * certificates in PEM format. | |
252 | * | |
253 | * @throws boost::system::system_error Thrown on failure. | |
254 | * | |
255 | * @note Calls @c SSL_CTX_load_verify_locations. | |
256 | */ | |
257 | BOOST_ASIO_DECL void load_verify_file(const std::string& filename); | |
258 | ||
259 | /// Load a certification authority file for performing verification. | |
260 | /** | |
261 | * This function is used to load the certificates for one or more trusted | |
262 | * certification authorities from a file. | |
263 | * | |
264 | * @param filename The name of a file containing certification authority | |
265 | * certificates in PEM format. | |
266 | * | |
267 | * @param ec Set to indicate what error occurred, if any. | |
268 | * | |
269 | * @note Calls @c SSL_CTX_load_verify_locations. | |
270 | */ | |
b32b8144 | 271 | BOOST_ASIO_DECL BOOST_ASIO_SYNC_OP_VOID load_verify_file( |
7c673cae FG |
272 | const std::string& filename, boost::system::error_code& ec); |
273 | ||
274 | /// Add certification authority for performing verification. | |
275 | /** | |
276 | * This function is used to add one trusted certification authority | |
277 | * from a memory buffer. | |
278 | * | |
279 | * @param ca The buffer containing the certification authority certificate. | |
280 | * The certificate must use the PEM format. | |
281 | * | |
282 | * @throws boost::system::system_error Thrown on failure. | |
283 | * | |
284 | * @note Calls @c SSL_CTX_get_cert_store and @c X509_STORE_add_cert. | |
285 | */ | |
286 | BOOST_ASIO_DECL void add_certificate_authority(const const_buffer& ca); | |
287 | ||
288 | /// Add certification authority for performing verification. | |
289 | /** | |
290 | * This function is used to add one trusted certification authority | |
291 | * from a memory buffer. | |
292 | * | |
293 | * @param ca The buffer containing the certification authority certificate. | |
294 | * The certificate must use the PEM format. | |
295 | * | |
296 | * @param ec Set to indicate what error occurred, if any. | |
297 | * | |
298 | * @note Calls @c SSL_CTX_get_cert_store and @c X509_STORE_add_cert. | |
299 | */ | |
b32b8144 | 300 | BOOST_ASIO_DECL BOOST_ASIO_SYNC_OP_VOID add_certificate_authority( |
7c673cae FG |
301 | const const_buffer& ca, boost::system::error_code& ec); |
302 | ||
303 | /// Configures the context to use the default directories for finding | |
304 | /// certification authority certificates. | |
305 | /** | |
306 | * This function specifies that the context should use the default, | |
307 | * system-dependent directories for locating certification authority | |
308 | * certificates. | |
309 | * | |
310 | * @throws boost::system::system_error Thrown on failure. | |
311 | * | |
312 | * @note Calls @c SSL_CTX_set_default_verify_paths. | |
313 | */ | |
314 | BOOST_ASIO_DECL void set_default_verify_paths(); | |
315 | ||
316 | /// Configures the context to use the default directories for finding | |
317 | /// certification authority certificates. | |
318 | /** | |
319 | * This function specifies that the context should use the default, | |
320 | * system-dependent directories for locating certification authority | |
321 | * certificates. | |
322 | * | |
323 | * @param ec Set to indicate what error occurred, if any. | |
324 | * | |
325 | * @note Calls @c SSL_CTX_set_default_verify_paths. | |
326 | */ | |
b32b8144 | 327 | BOOST_ASIO_DECL BOOST_ASIO_SYNC_OP_VOID set_default_verify_paths( |
7c673cae FG |
328 | boost::system::error_code& ec); |
329 | ||
330 | /// Add a directory containing certificate authority files to be used for | |
331 | /// performing verification. | |
332 | /** | |
333 | * This function is used to specify the name of a directory containing | |
334 | * certification authority certificates. Each file in the directory must | |
335 | * contain a single certificate. The files must be named using the subject | |
336 | * name's hash and an extension of ".0". | |
337 | * | |
338 | * @param path The name of a directory containing the certificates. | |
339 | * | |
340 | * @throws boost::system::system_error Thrown on failure. | |
341 | * | |
342 | * @note Calls @c SSL_CTX_load_verify_locations. | |
343 | */ | |
344 | BOOST_ASIO_DECL void add_verify_path(const std::string& path); | |
345 | ||
346 | /// Add a directory containing certificate authority files to be used for | |
347 | /// performing verification. | |
348 | /** | |
349 | * This function is used to specify the name of a directory containing | |
350 | * certification authority certificates. Each file in the directory must | |
351 | * contain a single certificate. The files must be named using the subject | |
352 | * name's hash and an extension of ".0". | |
353 | * | |
354 | * @param path The name of a directory containing the certificates. | |
355 | * | |
356 | * @param ec Set to indicate what error occurred, if any. | |
357 | * | |
358 | * @note Calls @c SSL_CTX_load_verify_locations. | |
359 | */ | |
b32b8144 | 360 | BOOST_ASIO_DECL BOOST_ASIO_SYNC_OP_VOID add_verify_path( |
7c673cae FG |
361 | const std::string& path, boost::system::error_code& ec); |
362 | ||
363 | /// Use a certificate from a memory buffer. | |
364 | /** | |
365 | * This function is used to load a certificate into the context from a buffer. | |
366 | * | |
367 | * @param certificate The buffer containing the certificate. | |
368 | * | |
369 | * @param format The certificate format (ASN.1 or PEM). | |
370 | * | |
371 | * @throws boost::system::system_error Thrown on failure. | |
372 | * | |
373 | * @note Calls @c SSL_CTX_use_certificate or SSL_CTX_use_certificate_ASN1. | |
374 | */ | |
375 | BOOST_ASIO_DECL void use_certificate( | |
376 | const const_buffer& certificate, file_format format); | |
377 | ||
378 | /// Use a certificate from a memory buffer. | |
379 | /** | |
380 | * This function is used to load a certificate into the context from a buffer. | |
381 | * | |
382 | * @param certificate The buffer containing the certificate. | |
383 | * | |
384 | * @param format The certificate format (ASN.1 or PEM). | |
385 | * | |
386 | * @param ec Set to indicate what error occurred, if any. | |
387 | * | |
388 | * @note Calls @c SSL_CTX_use_certificate or SSL_CTX_use_certificate_ASN1. | |
389 | */ | |
b32b8144 | 390 | BOOST_ASIO_DECL BOOST_ASIO_SYNC_OP_VOID use_certificate( |
7c673cae FG |
391 | const const_buffer& certificate, file_format format, |
392 | boost::system::error_code& ec); | |
393 | ||
394 | /// Use a certificate from a file. | |
395 | /** | |
396 | * This function is used to load a certificate into the context from a file. | |
397 | * | |
398 | * @param filename The name of the file containing the certificate. | |
399 | * | |
400 | * @param format The file format (ASN.1 or PEM). | |
401 | * | |
402 | * @throws boost::system::system_error Thrown on failure. | |
403 | * | |
404 | * @note Calls @c SSL_CTX_use_certificate_file. | |
405 | */ | |
406 | BOOST_ASIO_DECL void use_certificate_file( | |
407 | const std::string& filename, file_format format); | |
408 | ||
409 | /// Use a certificate from a file. | |
410 | /** | |
411 | * This function is used to load a certificate into the context from a file. | |
412 | * | |
413 | * @param filename The name of the file containing the certificate. | |
414 | * | |
415 | * @param format The file format (ASN.1 or PEM). | |
416 | * | |
417 | * @param ec Set to indicate what error occurred, if any. | |
418 | * | |
419 | * @note Calls @c SSL_CTX_use_certificate_file. | |
420 | */ | |
b32b8144 | 421 | BOOST_ASIO_DECL BOOST_ASIO_SYNC_OP_VOID use_certificate_file( |
7c673cae FG |
422 | const std::string& filename, file_format format, |
423 | boost::system::error_code& ec); | |
424 | ||
425 | /// Use a certificate chain from a memory buffer. | |
426 | /** | |
427 | * This function is used to load a certificate chain into the context from a | |
428 | * buffer. | |
429 | * | |
430 | * @param chain The buffer containing the certificate chain. The certificate | |
431 | * chain must use the PEM format. | |
432 | * | |
433 | * @throws boost::system::system_error Thrown on failure. | |
434 | * | |
435 | * @note Calls @c SSL_CTX_use_certificate and SSL_CTX_add_extra_chain_cert. | |
436 | */ | |
437 | BOOST_ASIO_DECL void use_certificate_chain(const const_buffer& chain); | |
438 | ||
439 | /// Use a certificate chain from a memory buffer. | |
440 | /** | |
441 | * This function is used to load a certificate chain into the context from a | |
442 | * buffer. | |
443 | * | |
444 | * @param chain The buffer containing the certificate chain. The certificate | |
445 | * chain must use the PEM format. | |
446 | * | |
447 | * @param ec Set to indicate what error occurred, if any. | |
448 | * | |
449 | * @note Calls @c SSL_CTX_use_certificate and SSL_CTX_add_extra_chain_cert. | |
450 | */ | |
b32b8144 | 451 | BOOST_ASIO_DECL BOOST_ASIO_SYNC_OP_VOID use_certificate_chain( |
7c673cae FG |
452 | const const_buffer& chain, boost::system::error_code& ec); |
453 | ||
454 | /// Use a certificate chain from a file. | |
455 | /** | |
456 | * This function is used to load a certificate chain into the context from a | |
457 | * file. | |
458 | * | |
459 | * @param filename The name of the file containing the certificate. The file | |
460 | * must use the PEM format. | |
461 | * | |
462 | * @throws boost::system::system_error Thrown on failure. | |
463 | * | |
464 | * @note Calls @c SSL_CTX_use_certificate_chain_file. | |
465 | */ | |
466 | BOOST_ASIO_DECL void use_certificate_chain_file(const std::string& filename); | |
467 | ||
468 | /// Use a certificate chain from a file. | |
469 | /** | |
470 | * This function is used to load a certificate chain into the context from a | |
471 | * file. | |
472 | * | |
473 | * @param filename The name of the file containing the certificate. The file | |
474 | * must use the PEM format. | |
475 | * | |
476 | * @param ec Set to indicate what error occurred, if any. | |
477 | * | |
478 | * @note Calls @c SSL_CTX_use_certificate_chain_file. | |
479 | */ | |
b32b8144 | 480 | BOOST_ASIO_DECL BOOST_ASIO_SYNC_OP_VOID use_certificate_chain_file( |
7c673cae FG |
481 | const std::string& filename, boost::system::error_code& ec); |
482 | ||
483 | /// Use a private key from a memory buffer. | |
484 | /** | |
485 | * This function is used to load a private key into the context from a buffer. | |
486 | * | |
487 | * @param private_key The buffer containing the private key. | |
488 | * | |
489 | * @param format The private key format (ASN.1 or PEM). | |
490 | * | |
491 | * @throws boost::system::system_error Thrown on failure. | |
492 | * | |
493 | * @note Calls @c SSL_CTX_use_PrivateKey or SSL_CTX_use_PrivateKey_ASN1. | |
494 | */ | |
495 | BOOST_ASIO_DECL void use_private_key( | |
496 | const const_buffer& private_key, file_format format); | |
497 | ||
498 | /// Use a private key from a memory buffer. | |
499 | /** | |
500 | * This function is used to load a private key into the context from a buffer. | |
501 | * | |
502 | * @param private_key The buffer containing the private key. | |
503 | * | |
504 | * @param format The private key format (ASN.1 or PEM). | |
505 | * | |
506 | * @param ec Set to indicate what error occurred, if any. | |
507 | * | |
508 | * @note Calls @c SSL_CTX_use_PrivateKey or SSL_CTX_use_PrivateKey_ASN1. | |
509 | */ | |
b32b8144 | 510 | BOOST_ASIO_DECL BOOST_ASIO_SYNC_OP_VOID use_private_key( |
7c673cae FG |
511 | const const_buffer& private_key, file_format format, |
512 | boost::system::error_code& ec); | |
513 | ||
514 | /// Use a private key from a file. | |
515 | /** | |
516 | * This function is used to load a private key into the context from a file. | |
517 | * | |
518 | * @param filename The name of the file containing the private key. | |
519 | * | |
520 | * @param format The file format (ASN.1 or PEM). | |
521 | * | |
522 | * @throws boost::system::system_error Thrown on failure. | |
523 | * | |
524 | * @note Calls @c SSL_CTX_use_PrivateKey_file. | |
525 | */ | |
526 | BOOST_ASIO_DECL void use_private_key_file( | |
527 | const std::string& filename, file_format format); | |
528 | ||
529 | /// Use a private key from a file. | |
530 | /** | |
531 | * This function is used to load a private key into the context from a file. | |
532 | * | |
533 | * @param filename The name of the file containing the private key. | |
534 | * | |
535 | * @param format The file format (ASN.1 or PEM). | |
536 | * | |
537 | * @param ec Set to indicate what error occurred, if any. | |
538 | * | |
539 | * @note Calls @c SSL_CTX_use_PrivateKey_file. | |
540 | */ | |
b32b8144 | 541 | BOOST_ASIO_DECL BOOST_ASIO_SYNC_OP_VOID use_private_key_file( |
7c673cae FG |
542 | const std::string& filename, file_format format, |
543 | boost::system::error_code& ec); | |
544 | ||
545 | /// Use an RSA private key from a memory buffer. | |
546 | /** | |
547 | * This function is used to load an RSA private key into the context from a | |
548 | * buffer. | |
549 | * | |
550 | * @param private_key The buffer containing the RSA private key. | |
551 | * | |
552 | * @param format The private key format (ASN.1 or PEM). | |
553 | * | |
554 | * @throws boost::system::system_error Thrown on failure. | |
555 | * | |
556 | * @note Calls @c SSL_CTX_use_RSAPrivateKey or SSL_CTX_use_RSAPrivateKey_ASN1. | |
557 | */ | |
558 | BOOST_ASIO_DECL void use_rsa_private_key( | |
559 | const const_buffer& private_key, file_format format); | |
560 | ||
561 | /// Use an RSA private key from a memory buffer. | |
562 | /** | |
563 | * This function is used to load an RSA private key into the context from a | |
564 | * buffer. | |
565 | * | |
566 | * @param private_key The buffer containing the RSA private key. | |
567 | * | |
568 | * @param format The private key format (ASN.1 or PEM). | |
569 | * | |
570 | * @param ec Set to indicate what error occurred, if any. | |
571 | * | |
572 | * @note Calls @c SSL_CTX_use_RSAPrivateKey or SSL_CTX_use_RSAPrivateKey_ASN1. | |
573 | */ | |
b32b8144 | 574 | BOOST_ASIO_DECL BOOST_ASIO_SYNC_OP_VOID use_rsa_private_key( |
7c673cae FG |
575 | const const_buffer& private_key, file_format format, |
576 | boost::system::error_code& ec); | |
577 | ||
578 | /// Use an RSA private key from a file. | |
579 | /** | |
580 | * This function is used to load an RSA private key into the context from a | |
581 | * file. | |
582 | * | |
583 | * @param filename The name of the file containing the RSA private key. | |
584 | * | |
585 | * @param format The file format (ASN.1 or PEM). | |
586 | * | |
587 | * @throws boost::system::system_error Thrown on failure. | |
588 | * | |
589 | * @note Calls @c SSL_CTX_use_RSAPrivateKey_file. | |
590 | */ | |
591 | BOOST_ASIO_DECL void use_rsa_private_key_file( | |
592 | const std::string& filename, file_format format); | |
593 | ||
594 | /// Use an RSA private key from a file. | |
595 | /** | |
596 | * This function is used to load an RSA private key into the context from a | |
597 | * file. | |
598 | * | |
599 | * @param filename The name of the file containing the RSA private key. | |
600 | * | |
601 | * @param format The file format (ASN.1 or PEM). | |
602 | * | |
603 | * @param ec Set to indicate what error occurred, if any. | |
604 | * | |
605 | * @note Calls @c SSL_CTX_use_RSAPrivateKey_file. | |
606 | */ | |
b32b8144 | 607 | BOOST_ASIO_DECL BOOST_ASIO_SYNC_OP_VOID use_rsa_private_key_file( |
7c673cae FG |
608 | const std::string& filename, file_format format, |
609 | boost::system::error_code& ec); | |
610 | ||
611 | /// Use the specified memory buffer to obtain the temporary Diffie-Hellman | |
612 | /// parameters. | |
613 | /** | |
614 | * This function is used to load Diffie-Hellman parameters into the context | |
615 | * from a buffer. | |
616 | * | |
617 | * @param dh The memory buffer containing the Diffie-Hellman parameters. The | |
618 | * buffer must use the PEM format. | |
619 | * | |
620 | * @throws boost::system::system_error Thrown on failure. | |
621 | * | |
622 | * @note Calls @c SSL_CTX_set_tmp_dh. | |
623 | */ | |
624 | BOOST_ASIO_DECL void use_tmp_dh(const const_buffer& dh); | |
625 | ||
626 | /// Use the specified memory buffer to obtain the temporary Diffie-Hellman | |
627 | /// parameters. | |
628 | /** | |
629 | * This function is used to load Diffie-Hellman parameters into the context | |
630 | * from a buffer. | |
631 | * | |
632 | * @param dh The memory buffer containing the Diffie-Hellman parameters. The | |
633 | * buffer must use the PEM format. | |
634 | * | |
635 | * @param ec Set to indicate what error occurred, if any. | |
636 | * | |
637 | * @note Calls @c SSL_CTX_set_tmp_dh. | |
638 | */ | |
b32b8144 | 639 | BOOST_ASIO_DECL BOOST_ASIO_SYNC_OP_VOID use_tmp_dh( |
7c673cae FG |
640 | const const_buffer& dh, boost::system::error_code& ec); |
641 | ||
642 | /// Use the specified file to obtain the temporary Diffie-Hellman parameters. | |
643 | /** | |
644 | * This function is used to load Diffie-Hellman parameters into the context | |
645 | * from a file. | |
646 | * | |
647 | * @param filename The name of the file containing the Diffie-Hellman | |
648 | * parameters. The file must use the PEM format. | |
649 | * | |
650 | * @throws boost::system::system_error Thrown on failure. | |
651 | * | |
652 | * @note Calls @c SSL_CTX_set_tmp_dh. | |
653 | */ | |
654 | BOOST_ASIO_DECL void use_tmp_dh_file(const std::string& filename); | |
655 | ||
656 | /// Use the specified file to obtain the temporary Diffie-Hellman parameters. | |
657 | /** | |
658 | * This function is used to load Diffie-Hellman parameters into the context | |
659 | * from a file. | |
660 | * | |
661 | * @param filename The name of the file containing the Diffie-Hellman | |
662 | * parameters. The file must use the PEM format. | |
663 | * | |
664 | * @param ec Set to indicate what error occurred, if any. | |
665 | * | |
666 | * @note Calls @c SSL_CTX_set_tmp_dh. | |
667 | */ | |
b32b8144 | 668 | BOOST_ASIO_DECL BOOST_ASIO_SYNC_OP_VOID use_tmp_dh_file( |
7c673cae FG |
669 | const std::string& filename, boost::system::error_code& ec); |
670 | ||
671 | /// Set the password callback. | |
672 | /** | |
673 | * This function is used to specify a callback function to obtain password | |
674 | * information about an encrypted key in PEM format. | |
675 | * | |
676 | * @param callback The function object to be used for obtaining the password. | |
677 | * The function signature of the handler must be: | |
678 | * @code std::string password_callback( | |
679 | * std::size_t max_length, // The maximum size for a password. | |
680 | * password_purpose purpose // Whether password is for reading or writing. | |
681 | * ); @endcode | |
682 | * The return value of the callback is a string containing the password. | |
683 | * | |
684 | * @throws boost::system::system_error Thrown on failure. | |
685 | * | |
686 | * @note Calls @c SSL_CTX_set_default_passwd_cb. | |
687 | */ | |
688 | template <typename PasswordCallback> | |
689 | void set_password_callback(PasswordCallback callback); | |
690 | ||
691 | /// Set the password callback. | |
692 | /** | |
693 | * This function is used to specify a callback function to obtain password | |
694 | * information about an encrypted key in PEM format. | |
695 | * | |
696 | * @param callback The function object to be used for obtaining the password. | |
697 | * The function signature of the handler must be: | |
698 | * @code std::string password_callback( | |
699 | * std::size_t max_length, // The maximum size for a password. | |
700 | * password_purpose purpose // Whether password is for reading or writing. | |
701 | * ); @endcode | |
702 | * The return value of the callback is a string containing the password. | |
703 | * | |
704 | * @param ec Set to indicate what error occurred, if any. | |
705 | * | |
706 | * @note Calls @c SSL_CTX_set_default_passwd_cb. | |
707 | */ | |
708 | template <typename PasswordCallback> | |
b32b8144 | 709 | BOOST_ASIO_SYNC_OP_VOID set_password_callback(PasswordCallback callback, |
7c673cae FG |
710 | boost::system::error_code& ec); |
711 | ||
712 | private: | |
713 | struct bio_cleanup; | |
714 | struct x509_cleanup; | |
715 | struct evp_pkey_cleanup; | |
716 | struct rsa_cleanup; | |
717 | struct dh_cleanup; | |
718 | ||
719 | // Helper function used to set a peer certificate verification callback. | |
b32b8144 | 720 | BOOST_ASIO_DECL BOOST_ASIO_SYNC_OP_VOID do_set_verify_callback( |
7c673cae FG |
721 | detail::verify_callback_base* callback, boost::system::error_code& ec); |
722 | ||
723 | // Callback used when the SSL implementation wants to verify a certificate. | |
724 | BOOST_ASIO_DECL static int verify_callback_function( | |
725 | int preverified, X509_STORE_CTX* ctx); | |
726 | ||
727 | // Helper function used to set a password callback. | |
b32b8144 | 728 | BOOST_ASIO_DECL BOOST_ASIO_SYNC_OP_VOID do_set_password_callback( |
7c673cae FG |
729 | detail::password_callback_base* callback, boost::system::error_code& ec); |
730 | ||
731 | // Callback used when the SSL implementation wants a password. | |
732 | BOOST_ASIO_DECL static int password_callback_function( | |
733 | char* buf, int size, int purpose, void* data); | |
734 | ||
735 | // Helper function to set the temporary Diffie-Hellman parameters from a BIO. | |
b32b8144 | 736 | BOOST_ASIO_DECL BOOST_ASIO_SYNC_OP_VOID do_use_tmp_dh( |
7c673cae FG |
737 | BIO* bio, boost::system::error_code& ec); |
738 | ||
739 | // Helper function to make a BIO from a memory buffer. | |
740 | BOOST_ASIO_DECL BIO* make_buffer_bio(const const_buffer& b); | |
741 | ||
742 | // The underlying native implementation. | |
743 | native_handle_type handle_; | |
744 | ||
745 | // Ensure openssl is initialised. | |
746 | boost::asio::ssl::detail::openssl_init<> init_; | |
747 | }; | |
748 | ||
7c673cae FG |
749 | } // namespace ssl |
750 | } // namespace asio | |
751 | } // namespace boost | |
752 | ||
753 | #include <boost/asio/detail/pop_options.hpp> | |
754 | ||
755 | #include <boost/asio/ssl/impl/context.hpp> | |
756 | #if defined(BOOST_ASIO_HEADER_ONLY) | |
757 | # include <boost/asio/ssl/impl/context.ipp> | |
758 | #endif // defined(BOOST_ASIO_HEADER_ONLY) | |
759 | ||
760 | #endif // BOOST_ASIO_SSL_CONTEXT_HPP |