Line data Source code
1 : // Copyright (c) 2012-2021 Made to Order Software Corp. All Rights Reserved
2 : //
3 : // https://snapwebsites.org/project/eventdispatcher
4 : // contact@m2osw.com
5 : //
6 : // This program is free software; you can redistribute it and/or modify
7 : // it under the terms of the GNU General Public License as published by
8 : // the Free Software Foundation; either version 2 of the License, or
9 : // (at your option) any later version.
10 : //
11 : // This program is distributed in the hope that it will be useful,
12 : // but WITHOUT ANY WARRANTY; without even the implied warranty of
13 : // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 : // GNU General Public License for more details.
15 : //
16 : // You should have received a copy of the GNU General Public License along
17 : // with this program; if not, write to the Free Software Foundation, Inc.,
18 : // 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
19 : #pragma once
20 :
21 : /** \file
22 : * \brief Options used to create a TCP client object with TLS.
23 : *
24 : * This class is used to define details of what the TCP client needs to
25 : * do to create a valid TLS connection with a server.
26 : *
27 : * The options include two important parameters:
28 : *
29 : * * Host -- the host used to verify the certificate
30 : * * SNI -- whether to include the Server Name In the SSL Hello message
31 : */
32 :
33 : // make sure we use OpenSSL with multi-thread support
34 : // (TODO: move to .cpp once we have the SSL flags worked on!)
35 : #define OPENSSL_THREAD_DEFINES
36 :
37 :
38 : // C++ lib
39 : //
40 : #include <string>
41 :
42 :
43 : // OpenSSL lib
44 : //
45 : // TODO: create our own set of flags to avoid this header in the .h
46 : #include <openssl/ssl.h>
47 :
48 :
49 :
50 : namespace ed
51 : {
52 :
53 :
54 :
55 0 : class tcp_bio_options
56 : {
57 : public:
58 : typedef std::uint32_t ssl_options_t;
59 : typedef size_t verification_depth_t;
60 :
61 : static constexpr verification_depth_t MAX_VERIFICATION_DEPTH = 100;
62 : static constexpr ssl_options_t DEFAULT_SSL_OPTIONS = SSL_OP_NO_SSLv2
63 : | SSL_OP_NO_SSLv3
64 : | SSL_OP_NO_TLSv1
65 : | SSL_OP_NO_COMPRESSION;
66 :
67 : tcp_bio_options();
68 :
69 : void set_verification_depth(verification_depth_t depth);
70 : verification_depth_t get_verification_depth() const;
71 :
72 : void set_ssl_options(ssl_options_t ssl_options);
73 : ssl_options_t get_ssl_options() const;
74 :
75 : void set_ssl_certificate_path(std::string const path);
76 : std::string const & get_ssl_certificate_path() const;
77 : void set_keepalive(bool keepalive = true);
78 : bool get_keepalive() const;
79 :
80 : void set_sni(bool sni = true);
81 : bool get_sni() const;
82 :
83 : void set_host(std::string const & host);
84 : std::string const & get_host() const;
85 :
86 : private:
87 : verification_depth_t f_verification_depth = 4;
88 : ssl_options_t f_ssl_options = DEFAULT_SSL_OPTIONS;
89 : std::string f_ssl_certificate_path = std::string("/etc/ssl/certs");
90 : bool f_keepalive = true;
91 : bool f_sni = true;
92 : std::string f_host = std::string();
93 : };
94 :
95 :
96 :
97 : } // namespace ed
98 : // vim: ts=4 sw=4 et
|