#include <SSL_Context.h>
Collaboration diagram for ACE_SSL_Context:
Public Types | |
enum | { INVALID_METHOD = -1, SSLv2_client = 1, SSLv2_server, SSLv2, SSLv3_client, SSLv3_server, SSLv3, SSLv23_client, SSLv23_server, SSLv23, TLSv1_client, TLSv1_server, TLSv1 } |
Public Member Functions | |
ACE_SSL_Context (void) | |
Constructor. | |
~ACE_SSL_Context (void) | |
Destructor. | |
int | set_mode (int mode=ACE_SSL_Context::SSLv23) |
int | get_mode (void) const |
SSL_CTX * | context (void) |
Get the SSL context. | |
int | private_key_type (void) const |
Get the file name and file format used for the private key. | |
const char * | private_key_file_name (void) const |
int | private_key (const char *file_name, int type=SSL_FILETYPE_PEM) |
Set the private key file. | |
int | verify_private_key (void) |
Verify that the private key is valid. | |
int | certificate_type (void) const |
Get the file name and file format used for the certificate file. | |
const char * | certificate_file_name (void) const |
int | certificate (const char *file_name, int type=SSL_FILETYPE_PEM) |
Set the certificate file. | |
int | load_trusted_ca (const char *ca_file=0, const char *ca_dir=0) |
int | have_trusted_ca (void) const |
void | set_verify_peer (int strict=0, int once=1, int depth=0) |
void | default_verify_mode (int mode) |
int | default_verify_mode (void) const |
OpenSSL Random Number Generator Seed Related Methods | |
These are methods that can be used to seed OpenSSL's pseudo-random number generator. These methods can be called more than once. | |
int | random_seed (const char *seed) |
int | egd_file (const char *socket_file) |
int | seed_file (const char *seed_file, long bytes=-1) |
Diffie-Hellman (DH) Parameters | |
When using DSS-based certificates, Diffie-Hellman keys need to be exchanged. These must be provided in the form of DH key generation parameters loaded in, or as fixed keys hardcoded into the code itself. ACE_SSL supports loaded parameters. | |
int | dh_params (const char *file_name, int type=SSL_FILETYPE_PEM) |
const char * | dh_params_file_name () const |
int | dh_params_file_type () const |
Static Public Member Functions | |
ACE_SSL_Context * | instance (void) |
void | report_error (unsigned long error_code) |
Print SSL error corresponding to the given error code. | |
void | report_error (void) |
Print the last SSL error for the current thread. | |
Private Member Functions | |
void | check_context (void) |
Verify if the context has been initialized or not. | |
void | ssl_library_init () |
More to document. | |
void | ssl_library_fini () |
ACE_SSL_Context (const ACE_SSL_Context &) | |
ACE_SSL_Context & | operator= (const ACE_SSL_Context &) |
Private Attributes | |
SSL_CTX * | context_ |
The SSL_CTX structure. | |
int | mode_ |
Cache the mode so we can answer fast. | |
ACE_SSL_Data_File | private_key_ |
The private key, certificate, and Diffie-Hellman paramters files. | |
ACE_SSL_Data_File | certificate_ |
ACE_SSL_Data_File | dh_params_ |
int | default_verify_mode_ |
The default verify mode. | |
int | have_ca_ |
count of successful CA load attempts |
This class provides a wrapper for the SSL_CTX data structure. Since most applications have a single SSL_CTX structure, this class can be used as a singleton.
|
|
|
Constructor.
|
|
Destructor.
|
|
|
|
Set the certificate file.
|
|
|
|
Get the file name and file format used for the certificate file.
|
|
Verify if the context has been initialized or not.
|
|
Get the SSL context.
|
|
|
|
Set and query the default verify mode for this context, it is inherited by all the ACE_SSL objects created using the context. It can be overriden on a per-ACE_SSL object. |
|
Load Diffie-Hellman parameters from file_name. The specified file can be a standalone file containing only DH parameters (e.g., as created by |
|
Load Diffie-Hellman parameters from file_name. The specified file can be a standalone file containing only DH parameters (e.g., as created by |
|
Load Diffie-Hellman parameters from file_name. The specified file can be a standalone file containing only DH parameters (e.g., as created by |
|
Set the Entropy Gathering Daemon (EGD) UNIX domain socket file to read random seed values from. |
|
|
|
Test whether any CA locations have been successfully loaded and return the number of successful attempts.
|
|
The Singleton context, the SSL components use the singleton if nothing else is available. |
|
Load the location of the trusted certification authority certificates. Note that CA certificates are stored in PEM format as a sequence of certificates in <ca_file> or as a set of individual certificates in <ca_dir> (or both). Note this method is called by set_mode() to load the default environment settings for <ca_file> and <ca_dir>, if any. This allows for automatic service configuration (and backward compatibility with previous versions. Note that the underlying SSL function will add valid file and directory names to the load location lists maintained as part of the SSL_CTX table. (... It therefore dosn't make sense to keep a copy of the file and path name of the most recently added <ca_file> or <ca_path>.
|
|
|
|
Set the private key file.
|
|
|
|
Get the file name and file format used for the private key.
|
|
Seed the underlying random number generator. This value should have at least 128 bits of entropy. |
|
Print the last SSL error for the current thread.
|
|
Print SSL error corresponding to the given error code.
|
|
Set the file that contains the random seed value state, and the amount of bytes to read. "-1" bytes causes the entire file to be read. |
|
Set the CTX mode. The mode can be set only once, afterwards the function has no effect and returns -1. Once the mode is set the underlying SSL_CTX is initialized and the class can be used. If the mode is not set, then the class automatically initializes itself to the default mode. |
|
Note for verification to work correctly there should be a valid CA name list set using load_trusted_ca().
|
|
|
|
More to document. @ |
|
Verify that the private key is valid.
|
|
|
|
The SSL_CTX structure.
|
|
The default verify mode.
|
|
|
|
count of successful CA load attempts
|
|
Cache the mode so we can answer fast.
|
|
The private key, certificate, and Diffie-Hellman paramters files.
|