henrike@webrtc.org | f7795df | 2014-05-13 18:00:26 +0000 | [diff] [blame^] | 1 | /* |
| 2 | * Copyright 2004 The WebRTC Project Authors. All rights reserved. |
| 3 | * |
| 4 | * Use of this source code is governed by a BSD-style license |
| 5 | * that can be found in the LICENSE file in the root of the source |
| 6 | * tree. An additional intellectual property rights grant can be found |
| 7 | * in the file PATENTS. All contributing project authors may |
| 8 | * be found in the AUTHORS file in the root of the source tree. |
| 9 | */ |
| 10 | |
| 11 | #ifndef WEBRTC_BASE_OPENSSLADAPTER_H__ |
| 12 | #define WEBRTC_BASE_OPENSSLADAPTER_H__ |
| 13 | |
| 14 | #include <string> |
| 15 | #include "webrtc/base/ssladapter.h" |
| 16 | |
| 17 | typedef struct ssl_st SSL; |
| 18 | typedef struct ssl_ctx_st SSL_CTX; |
| 19 | typedef struct x509_store_ctx_st X509_STORE_CTX; |
| 20 | |
| 21 | namespace rtc { |
| 22 | |
| 23 | /////////////////////////////////////////////////////////////////////////////// |
| 24 | |
| 25 | class OpenSSLAdapter : public SSLAdapter { |
| 26 | public: |
| 27 | static bool InitializeSSL(VerificationCallback callback); |
| 28 | static bool InitializeSSLThread(); |
| 29 | static bool CleanupSSL(); |
| 30 | |
| 31 | OpenSSLAdapter(AsyncSocket* socket); |
| 32 | virtual ~OpenSSLAdapter(); |
| 33 | |
| 34 | virtual int StartSSL(const char* hostname, bool restartable); |
| 35 | virtual int Send(const void* pv, size_t cb); |
| 36 | virtual int Recv(void* pv, size_t cb); |
| 37 | virtual int Close(); |
| 38 | |
| 39 | // Note that the socket returns ST_CONNECTING while SSL is being negotiated. |
| 40 | virtual ConnState GetState() const; |
| 41 | |
| 42 | protected: |
| 43 | virtual void OnConnectEvent(AsyncSocket* socket); |
| 44 | virtual void OnReadEvent(AsyncSocket* socket); |
| 45 | virtual void OnWriteEvent(AsyncSocket* socket); |
| 46 | virtual void OnCloseEvent(AsyncSocket* socket, int err); |
| 47 | |
| 48 | private: |
| 49 | enum SSLState { |
| 50 | SSL_NONE, SSL_WAIT, SSL_CONNECTING, SSL_CONNECTED, SSL_ERROR |
| 51 | }; |
| 52 | |
| 53 | int BeginSSL(); |
| 54 | int ContinueSSL(); |
| 55 | void Error(const char* context, int err, bool signal = true); |
| 56 | void Cleanup(); |
| 57 | |
| 58 | static bool VerifyServerName(SSL* ssl, const char* host, |
| 59 | bool ignore_bad_cert); |
| 60 | bool SSLPostConnectionCheck(SSL* ssl, const char* host); |
| 61 | #if _DEBUG |
| 62 | static void SSLInfoCallback(const SSL* s, int where, int ret); |
| 63 | #endif // !_DEBUG |
| 64 | static int SSLVerifyCallback(int ok, X509_STORE_CTX* store); |
| 65 | static VerificationCallback custom_verify_callback_; |
| 66 | friend class OpenSSLStreamAdapter; // for custom_verify_callback_; |
| 67 | |
| 68 | static bool ConfigureTrustedRootCertificates(SSL_CTX* ctx); |
| 69 | static SSL_CTX* SetupSSLContext(); |
| 70 | |
| 71 | SSLState state_; |
| 72 | bool ssl_read_needs_write_; |
| 73 | bool ssl_write_needs_read_; |
| 74 | // If true, socket will retain SSL configuration after Close. |
| 75 | bool restartable_; |
| 76 | |
| 77 | SSL* ssl_; |
| 78 | SSL_CTX* ssl_ctx_; |
| 79 | std::string ssl_host_name_; |
| 80 | |
| 81 | bool custom_verification_succeeded_; |
| 82 | }; |
| 83 | |
| 84 | ///////////////////////////////////////////////////////////////////////////// |
| 85 | |
| 86 | } // namespace rtc |
| 87 | |
| 88 | #endif // WEBRTC_BASE_OPENSSLADAPTER_H__ |