context.hpp 26 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764
  1. //
  2. // ssl/context.hpp
  3. // ~~~~~~~~~~~~~~~
  4. //
  5. // Copyright (c) 2003-2024 Christopher M. Kohlhoff (chris at kohlhoff dot com)
  6. //
  7. // Distributed under the Boost Software License, Version 1.0. (See accompanying
  8. // file LICENSE_1_0.txt or copy at http://www.boost.org/LICENSE_1_0.txt)
  9. //
  10. #ifndef BOOST_ASIO_SSL_CONTEXT_HPP
  11. #define BOOST_ASIO_SSL_CONTEXT_HPP
  12. #if defined(_MSC_VER) && (_MSC_VER >= 1200)
  13. # pragma once
  14. #endif // defined(_MSC_VER) && (_MSC_VER >= 1200)
  15. #include <boost/asio/detail/config.hpp>
  16. #include <string>
  17. #include <boost/asio/buffer.hpp>
  18. #include <boost/asio/io_context.hpp>
  19. #include <boost/asio/ssl/context_base.hpp>
  20. #include <boost/asio/ssl/detail/openssl_types.hpp>
  21. #include <boost/asio/ssl/detail/openssl_init.hpp>
  22. #include <boost/asio/ssl/detail/password_callback.hpp>
  23. #include <boost/asio/ssl/detail/verify_callback.hpp>
  24. #include <boost/asio/ssl/verify_mode.hpp>
  25. #include <boost/asio/detail/push_options.hpp>
  26. namespace boost {
  27. namespace asio {
  28. namespace ssl {
  29. class context
  30. : public context_base,
  31. private noncopyable
  32. {
  33. public:
  34. /// The native handle type of the SSL context.
  35. typedef SSL_CTX* native_handle_type;
  36. /// Constructor.
  37. BOOST_ASIO_DECL explicit context(method m);
  38. /// Construct to take ownership of a native handle.
  39. BOOST_ASIO_DECL explicit context(native_handle_type native_handle);
  40. /// Move-construct a context from another.
  41. /**
  42. * This constructor moves an SSL context from one object to another.
  43. *
  44. * @param other The other context object from which the move will occur.
  45. *
  46. * @note Following the move, the following operations only are valid for the
  47. * moved-from object:
  48. * @li Destruction.
  49. * @li As a target for move-assignment.
  50. */
  51. BOOST_ASIO_DECL context(context&& other);
  52. /// Move-assign a context from another.
  53. /**
  54. * This assignment operator moves an SSL context from one object to another.
  55. *
  56. * @param other The other context object from which the move will occur.
  57. *
  58. * @note Following the move, the following operations only are valid for the
  59. * moved-from object:
  60. * @li Destruction.
  61. * @li As a target for move-assignment.
  62. */
  63. BOOST_ASIO_DECL context& operator=(context&& other);
  64. /// Destructor.
  65. BOOST_ASIO_DECL ~context();
  66. /// Get the underlying implementation in the native type.
  67. /**
  68. * This function may be used to obtain the underlying implementation of the
  69. * context. This is intended to allow access to context functionality that is
  70. * not otherwise provided.
  71. */
  72. BOOST_ASIO_DECL native_handle_type native_handle();
  73. /// Clear options on the context.
  74. /**
  75. * This function may be used to configure the SSL options used by the context.
  76. *
  77. * @param o A bitmask of options. The available option values are defined in
  78. * the context_base class. The specified options, if currently enabled on the
  79. * context, are cleared.
  80. *
  81. * @throws boost::system::system_error Thrown on failure.
  82. *
  83. * @note Calls @c SSL_CTX_clear_options.
  84. */
  85. BOOST_ASIO_DECL void clear_options(options o);
  86. /// Clear options on the context.
  87. /**
  88. * This function may be used to configure the SSL options used by the context.
  89. *
  90. * @param o A bitmask of options. The available option values are defined in
  91. * the context_base class. The specified options, if currently enabled on the
  92. * context, are cleared.
  93. *
  94. * @param ec Set to indicate what error occurred, if any.
  95. *
  96. * @note Calls @c SSL_CTX_clear_options.
  97. */
  98. BOOST_ASIO_DECL BOOST_ASIO_SYNC_OP_VOID clear_options(options o,
  99. boost::system::error_code& ec);
  100. /// Set options on the context.
  101. /**
  102. * This function may be used to configure the SSL options used by the context.
  103. *
  104. * @param o A bitmask of options. The available option values are defined in
  105. * the context_base class. The options are bitwise-ored with any existing
  106. * value for the options.
  107. *
  108. * @throws boost::system::system_error Thrown on failure.
  109. *
  110. * @note Calls @c SSL_CTX_set_options.
  111. */
  112. BOOST_ASIO_DECL void set_options(options o);
  113. /// Set options on the context.
  114. /**
  115. * This function may be used to configure the SSL options used by the context.
  116. *
  117. * @param o A bitmask of options. The available option values are defined in
  118. * the context_base class. The options are bitwise-ored with any existing
  119. * value for the options.
  120. *
  121. * @param ec Set to indicate what error occurred, if any.
  122. *
  123. * @note Calls @c SSL_CTX_set_options.
  124. */
  125. BOOST_ASIO_DECL BOOST_ASIO_SYNC_OP_VOID set_options(options o,
  126. boost::system::error_code& ec);
  127. /// Set the peer verification mode.
  128. /**
  129. * This function may be used to configure the peer verification mode used by
  130. * the context.
  131. *
  132. * @param v A bitmask of peer verification modes. See @ref verify_mode for
  133. * available values.
  134. *
  135. * @throws boost::system::system_error Thrown on failure.
  136. *
  137. * @note Calls @c SSL_CTX_set_verify.
  138. */
  139. BOOST_ASIO_DECL void set_verify_mode(verify_mode v);
  140. /// Set the peer verification mode.
  141. /**
  142. * This function may be used to configure the peer verification mode used by
  143. * the context.
  144. *
  145. * @param v A bitmask of peer verification modes. See @ref verify_mode for
  146. * available values.
  147. *
  148. * @param ec Set to indicate what error occurred, if any.
  149. *
  150. * @note Calls @c SSL_CTX_set_verify.
  151. */
  152. BOOST_ASIO_DECL BOOST_ASIO_SYNC_OP_VOID set_verify_mode(
  153. verify_mode v, boost::system::error_code& ec);
  154. /// Set the peer verification depth.
  155. /**
  156. * This function may be used to configure the maximum verification depth
  157. * allowed by the context.
  158. *
  159. * @param depth Maximum depth for the certificate chain verification that
  160. * shall be allowed.
  161. *
  162. * @throws boost::system::system_error Thrown on failure.
  163. *
  164. * @note Calls @c SSL_CTX_set_verify_depth.
  165. */
  166. BOOST_ASIO_DECL void set_verify_depth(int depth);
  167. /// Set the peer verification depth.
  168. /**
  169. * This function may be used to configure the maximum verification depth
  170. * allowed by the context.
  171. *
  172. * @param depth Maximum depth for the certificate chain verification that
  173. * shall be allowed.
  174. *
  175. * @param ec Set to indicate what error occurred, if any.
  176. *
  177. * @note Calls @c SSL_CTX_set_verify_depth.
  178. */
  179. BOOST_ASIO_DECL BOOST_ASIO_SYNC_OP_VOID set_verify_depth(
  180. int depth, boost::system::error_code& ec);
  181. /// Set the callback used to verify peer certificates.
  182. /**
  183. * This function is used to specify a callback function that will be called
  184. * by the implementation when it needs to verify a peer certificate.
  185. *
  186. * @param callback The function object to be used for verifying a certificate.
  187. * The function signature of the handler must be:
  188. * @code bool verify_callback(
  189. * bool preverified, // True if the certificate passed pre-verification.
  190. * verify_context& ctx // The peer certificate and other context.
  191. * ); @endcode
  192. * The return value of the callback is true if the certificate has passed
  193. * verification, false otherwise.
  194. *
  195. * @throws boost::system::system_error Thrown on failure.
  196. *
  197. * @note Calls @c SSL_CTX_set_verify.
  198. */
  199. template <typename VerifyCallback>
  200. void set_verify_callback(VerifyCallback callback);
  201. /// Set the callback used to verify peer certificates.
  202. /**
  203. * This function is used to specify a callback function that will be called
  204. * by the implementation when it needs to verify a peer certificate.
  205. *
  206. * @param callback The function object to be used for verifying a certificate.
  207. * The function signature of the handler must be:
  208. * @code bool verify_callback(
  209. * bool preverified, // True if the certificate passed pre-verification.
  210. * verify_context& ctx // The peer certificate and other context.
  211. * ); @endcode
  212. * The return value of the callback is true if the certificate has passed
  213. * verification, false otherwise.
  214. *
  215. * @param ec Set to indicate what error occurred, if any.
  216. *
  217. * @note Calls @c SSL_CTX_set_verify.
  218. */
  219. template <typename VerifyCallback>
  220. BOOST_ASIO_SYNC_OP_VOID set_verify_callback(VerifyCallback callback,
  221. boost::system::error_code& ec);
  222. /// Load a certification authority file for performing verification.
  223. /**
  224. * This function is used to load one or more trusted certification authorities
  225. * from a file.
  226. *
  227. * @param filename The name of a file containing certification authority
  228. * certificates in PEM format.
  229. *
  230. * @throws boost::system::system_error Thrown on failure.
  231. *
  232. * @note Calls @c SSL_CTX_load_verify_locations.
  233. */
  234. BOOST_ASIO_DECL void load_verify_file(const std::string& filename);
  235. /// Load a certification authority file for performing verification.
  236. /**
  237. * This function is used to load the certificates for one or more trusted
  238. * certification authorities from a file.
  239. *
  240. * @param filename The name of a file containing certification authority
  241. * certificates in PEM format.
  242. *
  243. * @param ec Set to indicate what error occurred, if any.
  244. *
  245. * @note Calls @c SSL_CTX_load_verify_locations.
  246. */
  247. BOOST_ASIO_DECL BOOST_ASIO_SYNC_OP_VOID load_verify_file(
  248. const std::string& filename, boost::system::error_code& ec);
  249. /// Add certification authority for performing verification.
  250. /**
  251. * This function is used to add one trusted certification authority
  252. * from a memory buffer.
  253. *
  254. * @param ca The buffer containing the certification authority certificate.
  255. * The certificate must use the PEM format.
  256. *
  257. * @throws boost::system::system_error Thrown on failure.
  258. *
  259. * @note Calls @c SSL_CTX_get_cert_store and @c X509_STORE_add_cert.
  260. */
  261. BOOST_ASIO_DECL void add_certificate_authority(const const_buffer& ca);
  262. /// Add certification authority for performing verification.
  263. /**
  264. * This function is used to add one trusted certification authority
  265. * from a memory buffer.
  266. *
  267. * @param ca The buffer containing the certification authority certificate.
  268. * The certificate must use the PEM format.
  269. *
  270. * @param ec Set to indicate what error occurred, if any.
  271. *
  272. * @note Calls @c SSL_CTX_get_cert_store and @c X509_STORE_add_cert.
  273. */
  274. BOOST_ASIO_DECL BOOST_ASIO_SYNC_OP_VOID add_certificate_authority(
  275. const const_buffer& ca, boost::system::error_code& ec);
  276. /// Configures the context to use the default directories for finding
  277. /// certification authority certificates.
  278. /**
  279. * This function specifies that the context should use the default,
  280. * system-dependent directories for locating certification authority
  281. * certificates.
  282. *
  283. * @throws boost::system::system_error Thrown on failure.
  284. *
  285. * @note Calls @c SSL_CTX_set_default_verify_paths.
  286. */
  287. BOOST_ASIO_DECL void set_default_verify_paths();
  288. /// Configures the context to use the default directories for finding
  289. /// certification authority certificates.
  290. /**
  291. * This function specifies that the context should use the default,
  292. * system-dependent directories for locating certification authority
  293. * certificates.
  294. *
  295. * @param ec Set to indicate what error occurred, if any.
  296. *
  297. * @note Calls @c SSL_CTX_set_default_verify_paths.
  298. */
  299. BOOST_ASIO_DECL BOOST_ASIO_SYNC_OP_VOID set_default_verify_paths(
  300. boost::system::error_code& ec);
  301. /// Add a directory containing certificate authority files to be used for
  302. /// performing verification.
  303. /**
  304. * This function is used to specify the name of a directory containing
  305. * certification authority certificates. Each file in the directory must
  306. * contain a single certificate. The files must be named using the subject
  307. * name's hash and an extension of ".0".
  308. *
  309. * @param path The name of a directory containing the certificates.
  310. *
  311. * @throws boost::system::system_error Thrown on failure.
  312. *
  313. * @note Calls @c SSL_CTX_load_verify_locations.
  314. */
  315. BOOST_ASIO_DECL void add_verify_path(const std::string& path);
  316. /// Add a directory containing certificate authority files to be used for
  317. /// performing verification.
  318. /**
  319. * This function is used to specify the name of a directory containing
  320. * certification authority certificates. Each file in the directory must
  321. * contain a single certificate. The files must be named using the subject
  322. * name's hash and an extension of ".0".
  323. *
  324. * @param path The name of a directory containing the certificates.
  325. *
  326. * @param ec Set to indicate what error occurred, if any.
  327. *
  328. * @note Calls @c SSL_CTX_load_verify_locations.
  329. */
  330. BOOST_ASIO_DECL BOOST_ASIO_SYNC_OP_VOID add_verify_path(
  331. const std::string& path, boost::system::error_code& ec);
  332. /// Use a certificate from a memory buffer.
  333. /**
  334. * This function is used to load a certificate into the context from a buffer.
  335. *
  336. * @param certificate The buffer containing the certificate.
  337. *
  338. * @param format The certificate format (ASN.1 or PEM).
  339. *
  340. * @throws boost::system::system_error Thrown on failure.
  341. *
  342. * @note Calls @c SSL_CTX_use_certificate or SSL_CTX_use_certificate_ASN1.
  343. */
  344. BOOST_ASIO_DECL void use_certificate(
  345. const const_buffer& certificate, file_format format);
  346. /// Use a certificate from a memory buffer.
  347. /**
  348. * This function is used to load a certificate into the context from a buffer.
  349. *
  350. * @param certificate The buffer containing the certificate.
  351. *
  352. * @param format The certificate format (ASN.1 or PEM).
  353. *
  354. * @param ec Set to indicate what error occurred, if any.
  355. *
  356. * @note Calls @c SSL_CTX_use_certificate or SSL_CTX_use_certificate_ASN1.
  357. */
  358. BOOST_ASIO_DECL BOOST_ASIO_SYNC_OP_VOID use_certificate(
  359. const const_buffer& certificate, file_format format,
  360. boost::system::error_code& ec);
  361. /// Use a certificate from a file.
  362. /**
  363. * This function is used to load a certificate into the context from a file.
  364. *
  365. * @param filename The name of the file containing the certificate.
  366. *
  367. * @param format The file format (ASN.1 or PEM).
  368. *
  369. * @throws boost::system::system_error Thrown on failure.
  370. *
  371. * @note Calls @c SSL_CTX_use_certificate_file.
  372. */
  373. BOOST_ASIO_DECL void use_certificate_file(
  374. const std::string& filename, file_format format);
  375. /// Use a certificate from a file.
  376. /**
  377. * This function is used to load a certificate into the context from a file.
  378. *
  379. * @param filename The name of the file containing the certificate.
  380. *
  381. * @param format The file format (ASN.1 or PEM).
  382. *
  383. * @param ec Set to indicate what error occurred, if any.
  384. *
  385. * @note Calls @c SSL_CTX_use_certificate_file.
  386. */
  387. BOOST_ASIO_DECL BOOST_ASIO_SYNC_OP_VOID use_certificate_file(
  388. const std::string& filename, file_format format,
  389. boost::system::error_code& ec);
  390. /// Use a certificate chain from a memory buffer.
  391. /**
  392. * This function is used to load a certificate chain into the context from a
  393. * buffer.
  394. *
  395. * @param chain The buffer containing the certificate chain. The certificate
  396. * chain must use the PEM format.
  397. *
  398. * @throws boost::system::system_error Thrown on failure.
  399. *
  400. * @note Calls @c SSL_CTX_use_certificate and SSL_CTX_add_extra_chain_cert.
  401. */
  402. BOOST_ASIO_DECL void use_certificate_chain(const const_buffer& chain);
  403. /// Use a certificate chain from a memory buffer.
  404. /**
  405. * This function is used to load a certificate chain into the context from a
  406. * buffer.
  407. *
  408. * @param chain The buffer containing the certificate chain. The certificate
  409. * chain must use the PEM format.
  410. *
  411. * @param ec Set to indicate what error occurred, if any.
  412. *
  413. * @note Calls @c SSL_CTX_use_certificate and SSL_CTX_add_extra_chain_cert.
  414. */
  415. BOOST_ASIO_DECL BOOST_ASIO_SYNC_OP_VOID use_certificate_chain(
  416. const const_buffer& chain, boost::system::error_code& ec);
  417. /// Use a certificate chain from a file.
  418. /**
  419. * This function is used to load a certificate chain into the context from a
  420. * file.
  421. *
  422. * @param filename The name of the file containing the certificate. The file
  423. * must use the PEM format.
  424. *
  425. * @throws boost::system::system_error Thrown on failure.
  426. *
  427. * @note Calls @c SSL_CTX_use_certificate_chain_file.
  428. */
  429. BOOST_ASIO_DECL void use_certificate_chain_file(const std::string& filename);
  430. /// Use a certificate chain from a file.
  431. /**
  432. * This function is used to load a certificate chain into the context from a
  433. * file.
  434. *
  435. * @param filename The name of the file containing the certificate. The file
  436. * must use the PEM format.
  437. *
  438. * @param ec Set to indicate what error occurred, if any.
  439. *
  440. * @note Calls @c SSL_CTX_use_certificate_chain_file.
  441. */
  442. BOOST_ASIO_DECL BOOST_ASIO_SYNC_OP_VOID use_certificate_chain_file(
  443. const std::string& filename, boost::system::error_code& ec);
  444. /// Use a private key from a memory buffer.
  445. /**
  446. * This function is used to load a private key into the context from a buffer.
  447. *
  448. * @param private_key The buffer containing the private key.
  449. *
  450. * @param format The private key format (ASN.1 or PEM).
  451. *
  452. * @throws boost::system::system_error Thrown on failure.
  453. *
  454. * @note Calls @c SSL_CTX_use_PrivateKey or SSL_CTX_use_PrivateKey_ASN1.
  455. */
  456. BOOST_ASIO_DECL void use_private_key(
  457. const const_buffer& private_key, file_format format);
  458. /// Use a private key from a memory buffer.
  459. /**
  460. * This function is used to load a private key into the context from a buffer.
  461. *
  462. * @param private_key The buffer containing the private key.
  463. *
  464. * @param format The private key format (ASN.1 or PEM).
  465. *
  466. * @param ec Set to indicate what error occurred, if any.
  467. *
  468. * @note Calls @c SSL_CTX_use_PrivateKey or SSL_CTX_use_PrivateKey_ASN1.
  469. */
  470. BOOST_ASIO_DECL BOOST_ASIO_SYNC_OP_VOID use_private_key(
  471. const const_buffer& private_key, file_format format,
  472. boost::system::error_code& ec);
  473. /// Use a private key from a file.
  474. /**
  475. * This function is used to load a private key into the context from a file.
  476. *
  477. * @param filename The name of the file containing the private key.
  478. *
  479. * @param format The file format (ASN.1 or PEM).
  480. *
  481. * @throws boost::system::system_error Thrown on failure.
  482. *
  483. * @note Calls @c SSL_CTX_use_PrivateKey_file.
  484. */
  485. BOOST_ASIO_DECL void use_private_key_file(
  486. const std::string& filename, file_format format);
  487. /// Use a private key from a file.
  488. /**
  489. * This function is used to load a private key into the context from a file.
  490. *
  491. * @param filename The name of the file containing the private key.
  492. *
  493. * @param format The file format (ASN.1 or PEM).
  494. *
  495. * @param ec Set to indicate what error occurred, if any.
  496. *
  497. * @note Calls @c SSL_CTX_use_PrivateKey_file.
  498. */
  499. BOOST_ASIO_DECL BOOST_ASIO_SYNC_OP_VOID use_private_key_file(
  500. const std::string& filename, file_format format,
  501. boost::system::error_code& ec);
  502. /// Use an RSA private key from a memory buffer.
  503. /**
  504. * This function is used to load an RSA private key into the context from a
  505. * buffer.
  506. *
  507. * @param private_key The buffer containing the RSA private key.
  508. *
  509. * @param format The private key format (ASN.1 or PEM).
  510. *
  511. * @throws boost::system::system_error Thrown on failure.
  512. *
  513. * @note Calls @c SSL_CTX_use_RSAPrivateKey or SSL_CTX_use_RSAPrivateKey_ASN1.
  514. */
  515. BOOST_ASIO_DECL void use_rsa_private_key(
  516. const const_buffer& private_key, file_format format);
  517. /// Use an RSA private key from a memory buffer.
  518. /**
  519. * This function is used to load an RSA private key into the context from a
  520. * buffer.
  521. *
  522. * @param private_key The buffer containing the RSA private key.
  523. *
  524. * @param format The private key format (ASN.1 or PEM).
  525. *
  526. * @param ec Set to indicate what error occurred, if any.
  527. *
  528. * @note Calls @c SSL_CTX_use_RSAPrivateKey or SSL_CTX_use_RSAPrivateKey_ASN1.
  529. */
  530. BOOST_ASIO_DECL BOOST_ASIO_SYNC_OP_VOID use_rsa_private_key(
  531. const const_buffer& private_key, file_format format,
  532. boost::system::error_code& ec);
  533. /// Use an RSA private key from a file.
  534. /**
  535. * This function is used to load an RSA private key into the context from a
  536. * file.
  537. *
  538. * @param filename The name of the file containing the RSA private key.
  539. *
  540. * @param format The file format (ASN.1 or PEM).
  541. *
  542. * @throws boost::system::system_error Thrown on failure.
  543. *
  544. * @note Calls @c SSL_CTX_use_RSAPrivateKey_file.
  545. */
  546. BOOST_ASIO_DECL void use_rsa_private_key_file(
  547. const std::string& filename, file_format format);
  548. /// Use an RSA private key from a file.
  549. /**
  550. * This function is used to load an RSA private key into the context from a
  551. * file.
  552. *
  553. * @param filename The name of the file containing the RSA private key.
  554. *
  555. * @param format The file format (ASN.1 or PEM).
  556. *
  557. * @param ec Set to indicate what error occurred, if any.
  558. *
  559. * @note Calls @c SSL_CTX_use_RSAPrivateKey_file.
  560. */
  561. BOOST_ASIO_DECL BOOST_ASIO_SYNC_OP_VOID use_rsa_private_key_file(
  562. const std::string& filename, file_format format,
  563. boost::system::error_code& ec);
  564. /// Use the specified memory buffer to obtain the temporary Diffie-Hellman
  565. /// parameters.
  566. /**
  567. * This function is used to load Diffie-Hellman parameters into the context
  568. * from a buffer.
  569. *
  570. * @param dh The memory buffer containing the Diffie-Hellman parameters. The
  571. * buffer must use the PEM format.
  572. *
  573. * @throws boost::system::system_error Thrown on failure.
  574. *
  575. * @note Calls @c SSL_CTX_set_tmp_dh.
  576. */
  577. BOOST_ASIO_DECL void use_tmp_dh(const const_buffer& dh);
  578. /// Use the specified memory buffer to obtain the temporary Diffie-Hellman
  579. /// parameters.
  580. /**
  581. * This function is used to load Diffie-Hellman parameters into the context
  582. * from a buffer.
  583. *
  584. * @param dh The memory buffer containing the Diffie-Hellman parameters. The
  585. * buffer must use the PEM format.
  586. *
  587. * @param ec Set to indicate what error occurred, if any.
  588. *
  589. * @note Calls @c SSL_CTX_set_tmp_dh.
  590. */
  591. BOOST_ASIO_DECL BOOST_ASIO_SYNC_OP_VOID use_tmp_dh(
  592. const const_buffer& dh, boost::system::error_code& ec);
  593. /// Use the specified file to obtain the temporary Diffie-Hellman parameters.
  594. /**
  595. * This function is used to load Diffie-Hellman parameters into the context
  596. * from a file.
  597. *
  598. * @param filename The name of the file containing the Diffie-Hellman
  599. * parameters. The file must use the PEM format.
  600. *
  601. * @throws boost::system::system_error Thrown on failure.
  602. *
  603. * @note Calls @c SSL_CTX_set_tmp_dh.
  604. */
  605. BOOST_ASIO_DECL void use_tmp_dh_file(const std::string& filename);
  606. /// Use the specified file to obtain the temporary Diffie-Hellman parameters.
  607. /**
  608. * This function is used to load Diffie-Hellman parameters into the context
  609. * from a file.
  610. *
  611. * @param filename The name of the file containing the Diffie-Hellman
  612. * parameters. The file must use the PEM format.
  613. *
  614. * @param ec Set to indicate what error occurred, if any.
  615. *
  616. * @note Calls @c SSL_CTX_set_tmp_dh.
  617. */
  618. BOOST_ASIO_DECL BOOST_ASIO_SYNC_OP_VOID use_tmp_dh_file(
  619. const std::string& filename, boost::system::error_code& ec);
  620. /// Set the password callback.
  621. /**
  622. * This function is used to specify a callback function to obtain password
  623. * information about an encrypted key in PEM format.
  624. *
  625. * @param callback The function object to be used for obtaining the password.
  626. * The function signature of the handler must be:
  627. * @code std::string password_callback(
  628. * std::size_t max_length, // The maximum size for a password.
  629. * password_purpose purpose // Whether password is for reading or writing.
  630. * ); @endcode
  631. * The return value of the callback is a string containing the password.
  632. *
  633. * @throws boost::system::system_error Thrown on failure.
  634. *
  635. * @note Calls @c SSL_CTX_set_default_passwd_cb.
  636. */
  637. template <typename PasswordCallback>
  638. void set_password_callback(PasswordCallback callback);
  639. /// Set the password callback.
  640. /**
  641. * This function is used to specify a callback function to obtain password
  642. * information about an encrypted key in PEM format.
  643. *
  644. * @param callback The function object to be used for obtaining the password.
  645. * The function signature of the handler must be:
  646. * @code std::string password_callback(
  647. * std::size_t max_length, // The maximum size for a password.
  648. * password_purpose purpose // Whether password is for reading or writing.
  649. * ); @endcode
  650. * The return value of the callback is a string containing the password.
  651. *
  652. * @param ec Set to indicate what error occurred, if any.
  653. *
  654. * @note Calls @c SSL_CTX_set_default_passwd_cb.
  655. */
  656. template <typename PasswordCallback>
  657. BOOST_ASIO_SYNC_OP_VOID set_password_callback(PasswordCallback callback,
  658. boost::system::error_code& ec);
  659. private:
  660. struct bio_cleanup;
  661. struct x509_cleanup;
  662. struct evp_pkey_cleanup;
  663. struct rsa_cleanup;
  664. struct dh_cleanup;
  665. // Helper function used to set a peer certificate verification callback.
  666. BOOST_ASIO_DECL BOOST_ASIO_SYNC_OP_VOID do_set_verify_callback(
  667. detail::verify_callback_base* callback, boost::system::error_code& ec);
  668. // Callback used when the SSL implementation wants to verify a certificate.
  669. BOOST_ASIO_DECL static int verify_callback_function(
  670. int preverified, X509_STORE_CTX* ctx);
  671. // Helper function used to set a password callback.
  672. BOOST_ASIO_DECL BOOST_ASIO_SYNC_OP_VOID do_set_password_callback(
  673. detail::password_callback_base* callback, boost::system::error_code& ec);
  674. // Callback used when the SSL implementation wants a password.
  675. BOOST_ASIO_DECL static int password_callback_function(
  676. char* buf, int size, int purpose, void* data);
  677. // Helper function to set the temporary Diffie-Hellman parameters from a BIO.
  678. BOOST_ASIO_DECL BOOST_ASIO_SYNC_OP_VOID do_use_tmp_dh(
  679. BIO* bio, boost::system::error_code& ec);
  680. // Helper function to make a BIO from a memory buffer.
  681. BOOST_ASIO_DECL BIO* make_buffer_bio(const const_buffer& b);
  682. // Translate an SSL error into an error code.
  683. BOOST_ASIO_DECL static boost::system::error_code translate_error(long error);
  684. // The underlying native implementation.
  685. native_handle_type handle_;
  686. // Ensure openssl is initialised.
  687. boost::asio::ssl::detail::openssl_init<> init_;
  688. };
  689. } // namespace ssl
  690. } // namespace asio
  691. } // namespace boost
  692. #include <boost/asio/detail/pop_options.hpp>
  693. #include <boost/asio/ssl/impl/context.hpp>
  694. #if defined(BOOST_ASIO_HEADER_ONLY)
  695. # include <boost/asio/ssl/impl/context.ipp>
  696. #endif // defined(BOOST_ASIO_HEADER_ONLY)
  697. #endif // BOOST_ASIO_SSL_CONTEXT_HPP