/* * libjingle * Copyright 2004--2005, Google Inc. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: * * 1. Redistributions of source code must retain the above copyright notice, * this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright notice, * this list of conditions and the following disclaimer in the documentation * and/or other materials provided with the distribution. * 3. The name of the author may not be used to endorse or promote products * derived from this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO * EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #ifndef TALK_BASE_OPENSSLADAPTER_H__ #define TALK_BASE_OPENSSLADAPTER_H__ #include #include "talk/base/ssladapter.h" typedef struct ssl_st SSL; typedef struct ssl_ctx_st SSL_CTX; typedef struct x509_store_ctx_st X509_STORE_CTX; namespace talk_base { /////////////////////////////////////////////////////////////////////////////// class OpenSSLAdapter : public SSLAdapter { public: static bool InitializeSSL(VerificationCallback callback); static bool InitializeSSLThread(); static bool CleanupSSL(); OpenSSLAdapter(AsyncSocket* socket); virtual ~OpenSSLAdapter(); virtual int StartSSL(const char* hostname, bool restartable); virtual int Send(const void* pv, size_t cb); virtual int Recv(void* pv, size_t cb); virtual int Close(); // Note that the socket returns ST_CONNECTING while SSL is being negotiated. virtual ConnState GetState() const; protected: virtual void OnConnectEvent(AsyncSocket* socket); virtual void OnReadEvent(AsyncSocket* socket); virtual void OnWriteEvent(AsyncSocket* socket); virtual void OnCloseEvent(AsyncSocket* socket, int err); private: enum SSLState { SSL_NONE, SSL_WAIT, SSL_CONNECTING, SSL_CONNECTED, SSL_ERROR }; int BeginSSL(); int ContinueSSL(); void Error(const char* context, int err, bool signal = true); void Cleanup(); static bool VerifyServerName(SSL* ssl, const char* host, bool ignore_bad_cert); bool SSLPostConnectionCheck(SSL* ssl, const char* host); #if _DEBUG static void SSLInfoCallback(const SSL* s, int where, int ret); #endif // !_DEBUG static int SSLVerifyCallback(int ok, X509_STORE_CTX* store); static VerificationCallback custom_verify_callback_; friend class OpenSSLStreamAdapter; // for custom_verify_callback_; static bool ConfigureTrustedRootCertificates(SSL_CTX* ctx); static SSL_CTX* SetupSSLContext(); SSLState state_; bool ssl_read_needs_write_; bool ssl_write_needs_read_; // If true, socket will retain SSL configuration after Close. bool restartable_; SSL* ssl_; SSL_CTX* ssl_ctx_; std::string ssl_host_name_; bool custom_verification_succeeded_; }; ///////////////////////////////////////////////////////////////////////////// } // namespace talk_base #endif // TALK_BASE_OPENSSLADAPTER_H__