3 * Copyright 2004--2005, Google Inc.
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions are met:
8 * 1. Redistributions of source code must retain the above copyright notice,
9 * this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright notice,
11 * this list of conditions and the following disclaimer in the documentation
12 * and/or other materials provided with the distribution.
13 * 3. The name of the author may not be used to endorse or promote products
14 * derived from this software without specific prior written permission.
16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED
17 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
18 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
19 * EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
20 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
21 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
22 * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
23 * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
24 * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
25 * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
28 #ifndef TALK_BASE_OPENSSLADAPTER_H__
29 #define TALK_BASE_OPENSSLADAPTER_H__
32 #include "talk/base/ssladapter.h"
34 typedef struct ssl_st SSL;
35 typedef struct ssl_ctx_st SSL_CTX;
36 typedef struct x509_store_ctx_st X509_STORE_CTX;
40 ///////////////////////////////////////////////////////////////////////////////
42 class OpenSSLAdapter : public SSLAdapter {
44 static bool InitializeSSL(VerificationCallback callback);
45 static bool InitializeSSLThread();
46 static bool CleanupSSL();
48 OpenSSLAdapter(AsyncSocket* socket);
49 virtual ~OpenSSLAdapter();
51 virtual int StartSSL(const char* hostname, bool restartable);
52 virtual int Send(const void* pv, size_t cb);
53 virtual int Recv(void* pv, size_t cb);
56 // Note that the socket returns ST_CONNECTING while SSL is being negotiated.
57 virtual ConnState GetState() const;
60 virtual void OnConnectEvent(AsyncSocket* socket);
61 virtual void OnReadEvent(AsyncSocket* socket);
62 virtual void OnWriteEvent(AsyncSocket* socket);
63 virtual void OnCloseEvent(AsyncSocket* socket, int err);
67 SSL_NONE, SSL_WAIT, SSL_CONNECTING, SSL_CONNECTED, SSL_ERROR
72 void Error(const char* context, int err, bool signal = true);
75 static bool VerifyServerName(SSL* ssl, const char* host,
76 bool ignore_bad_cert);
77 bool SSLPostConnectionCheck(SSL* ssl, const char* host);
79 static void SSLInfoCallback(const SSL* s, int where, int ret);
81 static int SSLVerifyCallback(int ok, X509_STORE_CTX* store);
82 static VerificationCallback custom_verify_callback_;
83 friend class OpenSSLStreamAdapter; // for custom_verify_callback_;
85 static bool ConfigureTrustedRootCertificates(SSL_CTX* ctx);
86 static SSL_CTX* SetupSSLContext();
89 bool ssl_read_needs_write_;
90 bool ssl_write_needs_read_;
91 // If true, socket will retain SSL configuration after Close.
96 std::string ssl_host_name_;
98 bool custom_verification_succeeded_;
101 /////////////////////////////////////////////////////////////////////////////
103 } // namespace talk_base
105 #endif // TALK_BASE_OPENSSLADAPTER_H__