1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
|
#pragma once
#include "mbedtls/ssl.h"
// fwd:
class cCryptoKey;
class cCtrDrbgContext;
class cX509Cert;
using cCryptoKeyPtr = std::shared_ptr<cCryptoKey>;
using cCtrDrbgContextPtr = std::shared_ptr<cCtrDrbgContext>;
using cX509CertPtr = std::shared_ptr<cX509Cert>;
enum class eSslAuthMode
{
None = 0, // MBEDTLS_SSL_VERIFY_NONE
Optional = 1, // MBEDTLS_SSL_VERIFY_OPTIONAL
Required = 2, // MBEDTLS_SSL_VERIFY_REQUIRED
Unset = 3, // MBEDTLS_SSL_VERIFY_UNSET
};
class cSslConfig
{
friend class cSslContext;
public:
/** Type of the SSL debug callback.
Parameters are:
void * Opaque context for the callback
int Debug level
const char * File name
int Line number
const char * Message */
using cDebugCallback = void(*)(void *, int, const char *, int, const char *);
/** Type of the SSL certificate verify callback.
Parameters are:
void * Opaque context for the callback
mbedtls_x509_crt * Current cert
int Cert chain depth
uint32_t * Verification flags */
using cVerifyCallback = int(*)(void *, mbedtls_x509_crt *, int, uint32_t *);
cSslConfig();
~cSslConfig();
/** Initialize with mbedTLS default settings. */
int InitDefaults(bool a_IsClient);
/** Set the authorization mode. */
void SetAuthMode(eSslAuthMode a_AuthMode);
/** Set the random number generator. */
void SetRng(cCtrDrbgContextPtr a_CtrDrbg);
/** Set the debug callback. */
void SetDebugCallback(cDebugCallback a_CallbackFun, void * a_CallbackData);
/** Set the certificate verify callback. */
void SetVerifyCallback(cVerifyCallback a_CallbackFun, void * a_CallbackData);
/** Set the enabled cipher suites. */
void SetCipherSuites(std::vector<int> a_CipherSuites);
/** Set the certificate to use for connections. */
void SetOwnCert(cX509CertPtr a_OwnCert, cCryptoKeyPtr a_OwnCertPrivKey);
/** Set the trusted certificate authority chain. */
void SetCACerts(cX509CertPtr a_CACert);
/** Creates a new config with some sensible defaults on top of mbedTLS basic settings. */
static std::shared_ptr<cSslConfig> MakeDefaultConfig(bool a_IsClient);
/** Returns the default config for client connections. */
static std::shared_ptr<const cSslConfig> GetDefaultClientConfig();
/** Returns the default config for server connections. */
static std::shared_ptr<const cSslConfig> GetDefaultServerConfig();
private:
/** Returns a pointer to the wrapped mbedtls representation. */
const mbedtls_ssl_config * GetInternal() const { return &m_Config; }
mbedtls_ssl_config m_Config;
cCtrDrbgContextPtr m_CtrDrbg;
cX509CertPtr m_OwnCert;
cCryptoKeyPtr m_OwnCertPrivKey;
cX509CertPtr m_CACerts;
std::vector<int> m_CipherSuites;
};
|
