| /* |
| * libjingle |
| * Copyright 2004--2005, Google Inc. |
| * |
| * Redistribution and use in source and binary forms, with or without |
| * modification, are permitted provided that the following conditions are met: |
| * |
| * 1. Redistributions of source code must retain the above copyright notice, |
| * this list of conditions and the following disclaimer. |
| * 2. Redistributions in binary form must reproduce the above copyright notice, |
| * this list of conditions and the following disclaimer in the documentation |
| * and/or other materials provided with the distribution. |
| * 3. The name of the author may not be used to endorse or promote products |
| * derived from this software without specific prior written permission. |
| * |
| * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED |
| * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF |
| * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO |
| * EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, |
| * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, |
| * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; |
| * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, |
| * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR |
| * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF |
| * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
| */ |
| |
| #ifndef TALK_BASE_OPENSSLADAPTER_H__ |
| #define TALK_BASE_OPENSSLADAPTER_H__ |
| |
| #include <string> |
| #include "talk/base/ssladapter.h" |
| |
| typedef struct ssl_st SSL; |
| typedef struct ssl_ctx_st SSL_CTX; |
| typedef struct x509_store_ctx_st X509_STORE_CTX; |
| |
| namespace talk_base { |
| |
| /////////////////////////////////////////////////////////////////////////////// |
| |
| class OpenSSLAdapter : public SSLAdapter { |
| public: |
| static bool InitializeSSL(VerificationCallback callback); |
| static bool InitializeSSLThread(); |
| static bool CleanupSSL(); |
| |
| OpenSSLAdapter(AsyncSocket* socket); |
| virtual ~OpenSSLAdapter(); |
| |
| virtual int StartSSL(const char* hostname, bool restartable); |
| virtual int Send(const void* pv, size_t cb); |
| virtual int Recv(void* pv, size_t cb); |
| virtual int Close(); |
| |
| // Note that the socket returns ST_CONNECTING while SSL is being negotiated. |
| virtual ConnState GetState() const; |
| |
| protected: |
| virtual void OnConnectEvent(AsyncSocket* socket); |
| virtual void OnReadEvent(AsyncSocket* socket); |
| virtual void OnWriteEvent(AsyncSocket* socket); |
| virtual void OnCloseEvent(AsyncSocket* socket, int err); |
| |
| private: |
| enum SSLState { |
| SSL_NONE, SSL_WAIT, SSL_CONNECTING, SSL_CONNECTED, SSL_ERROR |
| }; |
| |
| int BeginSSL(); |
| int ContinueSSL(); |
| void Error(const char* context, int err, bool signal = true); |
| void Cleanup(); |
| |
| static bool VerifyServerName(SSL* ssl, const char* host, |
| bool ignore_bad_cert); |
| bool SSLPostConnectionCheck(SSL* ssl, const char* host); |
| #if _DEBUG |
| static void SSLInfoCallback(const SSL* s, int where, int ret); |
| #endif // !_DEBUG |
| static int SSLVerifyCallback(int ok, X509_STORE_CTX* store); |
| static VerificationCallback custom_verify_callback_; |
| friend class OpenSSLStreamAdapter; // for custom_verify_callback_; |
| |
| static bool ConfigureTrustedRootCertificates(SSL_CTX* ctx); |
| static SSL_CTX* SetupSSLContext(); |
| |
| SSLState state_; |
| bool ssl_read_needs_write_; |
| bool ssl_write_needs_read_; |
| // If true, socket will retain SSL configuration after Close. |
| bool restartable_; |
| |
| SSL* ssl_; |
| SSL_CTX* ssl_ctx_; |
| std::string ssl_host_name_; |
| |
| bool custom_verification_succeeded_; |
| }; |
| |
| ///////////////////////////////////////////////////////////////////////////// |
| |
| } // namespace talk_base |
| |
| #endif // TALK_BASE_OPENSSLADAPTER_H__ |
