summaryrefslogtreecommitdiffstats
path: root/src/PolarSSL++/BlockingSslClientSocket.h
blob: 7af8975826ced7b4a0d5c83f23e3b1d892400560 (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80

// BlockingSslClientSocket.h

// Declares the cBlockingSslClientSocket class representing a blocking TCP socket with client SSL encryption over it





#pragma once

#include "CallbackSslContext.h"
#include "../OSSupport/Socket.h"





class cBlockingSslClientSocket :
	protected cCallbackSslContext::cDataCallbacks
{
public:
	cBlockingSslClientSocket(void);
	
	/** Connects to the specified server and performs SSL handshake.
	Returns true if successful, false on failure. Sets internal error text on failure. */
	bool Connect(const AString & a_ServerName, UInt16 a_Port);
	
	/** Sends the specified data over the connection.
	Returns true if successful, false on failure. Sets the internal error text on failure. */
	bool Send(const void * a_Data, size_t a_NumBytes);
	
	/** Receives data from the connection.
	Blocks until there is any data available, then returns as much as possible.
	Returns the number of bytes actually received, negative number on failure.
	Sets the internal error text on failure. */
	int Receive(void * a_Data, size_t a_MaxBytes);
	
	/** Disconnects the connection gracefully, if possible.
	Note that this also frees the internal SSL context, so all the certificates etc. are lost. */
	void Disconnect(void);
	
	/** Sets the root certificates that are to be trusted. Forces the connection to use strict cert
	verification. Needs to be used before calling Connect().
	a_ExpectedPeerName is the name that we expect to receive in the SSL peer's cert; verification will fail if
	the presented name is different (possible MITM).
	Returns true on success, false on failure. Sets internal error text on failure. */
	bool SetTrustedRootCertsFromString(const AString & a_CACerts, const AString & a_ExpectedPeerName);
	
	/** Returns the text of the last error that has occurred in this instance. */
	const AString & GetLastErrorText(void) const { return m_LastErrorText; }
	
protected:
	/** The SSL context used for the socket */
	cCallbackSslContext m_Ssl;
	
	/** The underlying socket to the SSL server */
	cSocket m_Socket;
	
	/** The trusted CA root cert store, if we are to verify the cert strictly. Set by SetTrustedRootCertsFromString(). */
	cX509CertPtr m_CACerts;
	
	/** The expected SSL peer's name, if we are to verify the cert strictly. Set by SetTrustedRootCertsFromString(). */
	AString m_ExpectedPeerName;
	
	/** Text of the last error that has occurred. */
	AString m_LastErrorText;
	
	/** Set to true if the connection established successfully. */
	bool m_IsConnected;
	
	
	// cCallbackSslContext::cDataCallbacks overrides:
	virtual int ReceiveEncrypted(unsigned char * a_Buffer, size_t a_NumBytes) override;
	virtual int SendEncrypted(const unsigned char * a_Buffer, size_t a_NumBytes) override;
} ;