#include <net_ssl.h>

Collaboration diagram for epee::net_utils::ssl_options_t:

Public Member Functions
	ssl_options_t (ssl_support_t support)
	Verification is set to system ca unless SSL is disabled.
	ssl_options_t (std::vector< std::vector< std::uint8_t > > fingerprints, std::string ca_path)
	Provide user fingerprints and/or ca path. Enables SSL and user_certificate verification.
	ssl_options_t (const ssl_options_t &)=default
	ssl_options_t (ssl_options_t &&)=default
ssl_options_t &	operator= (const ssl_options_t &)=default
ssl_options_t &	operator= (ssl_options_t &&)=default
	operator bool () const noexcept
bool	has_strong_verification (boost::string_ref host) const noexcept
bool	has_fingerprint (boost::asio::ssl::verify_context &ctx) const
	Search against internal fingerprints. Always false if behavior() != user_certificate_check.
void	configure (boost::asio::ssl::stream< boost::asio::ip::tcp::socket > &socket, boost::asio::ssl::stream_base::handshake_type type, const std::string &host={}) const
	configure ssl_stream handshake verification
boost::asio::ssl::context	create_context () const
bool	handshake (boost::asio::io_context &io_context, boost::asio::ssl::stream< boost::asio::ip::tcp::socket > &socket, boost::asio::ssl::stream_base::handshake_type type, boost::asio::const_buffer buffer={}, const std::string &host={}, std::chrono::milliseconds timeout=std::chrono::seconds(15)) const

Public Attributes
std::string	ca_path
ssl_authentication_t	auth
ssl_support_t	support
ssl_verification_t	verification

Private Attributes
std::vector< std::vector< std::uint8_t > >	fingerprints_

Detailed Description

Note: verification != disabled && support == disabled is currently "allowed" via public interface but obviously invalid configuation.

Constructor & Destructor Documentation

◆ ssl_options_t() [1/4]

epee::net_utils::ssl_options_t::ssl_options_t ( ssl_support_t support )

inline

Verification is set to system ca unless SSL is disabled.

◆ ssl_options_t() [2/4]

epee::net_utils::ssl_options_t::ssl_options_t	(	std::vector< std::vector< std::uint8_t > >	fingerprints,
		std::string	ca_path )

Provide user fingerprints and/or ca path. Enables SSL and user_certificate verification.

◆ ssl_options_t() [3/4]

epee::net_utils::ssl_options_t::ssl_options_t ( const ssl_options_t & )

default

◆ ssl_options_t() [4/4]

epee::net_utils::ssl_options_t::ssl_options_t ( ssl_options_t && )

default

Member Function Documentation

◆ configure()

void epee::net_utils::ssl_options_t::configure	(	boost::asio::ssl::stream< boost::asio::ip::tcp::socket > &	socket,
		boost::asio::ssl::stream_base::handshake_type	type,
		const std::string &	host = {} ) const

configure ssl_stream handshake verification

◆ create_context()

boost::asio::ssl::context epee::net_utils::ssl_options_t::create_context ( ) const

◆ handshake()

bool epee::net_utils::ssl_options_t::handshake	(	boost::asio::io_context &	io_context,
		boost::asio::ssl::stream< boost::asio::ip::tcp::socket > &	socket,
		boost::asio::ssl::stream_base::handshake_type	type,
		boost::asio::const_buffer	buffer = {},
		const std::string &	host = {},
		std::chrono::milliseconds	timeout = std::chrono::seconds(15) ) const

Note: If this->support == autodetect && this->verification != none, then the handshake will not fail when peer verification fails. The assumption is that a re-connect will be attempted, so a warning is logged instead of failure.; It is strongly encouraged that clients using system_ca verification provide a non-empty host for rfc2818 verification.

Parameters

io_context	associated with socket.
socket	Used in SSL handshake and verification
type	Client or server
host	This parameter is only used when type == client && !host.empty(). The value is sent to the server for situations where multiple hostnames are being handled by a server. If verification == system_ca the client also does a rfc2818 check to ensure that the server certificate is to the provided hostname.

Returns: True if the SSL handshake completes with peer verification settings.

◆ has_fingerprint()

bool epee::net_utils::ssl_options_t::has_fingerprint ( boost::asio::ssl::verify_context & ctx ) const

Search against internal fingerprints. Always false if behavior() != user_certificate_check.

◆ has_strong_verification()

bool epee::net_utils::ssl_options_t::has_strong_verification ( boost::string_ref host ) const

noexcept

Returns: True if host can be verified using this configuration WITHOUT system "root" CAs.

◆ operator bool()

epee::net_utils::ssl_options_t::operator bool ( ) const

inlineexplicitnoexcept

Returns: False iff ssl is disabled, otherwise true.

◆ operator=() [1/2]

ssl_options_t & epee::net_utils::ssl_options_t::operator= ( const ssl_options_t & )

default

◆ operator=() [2/2]

ssl_options_t & epee::net_utils::ssl_options_t::operator= ( ssl_options_t && )

default

Member Data Documentation

◆ auth

ssl_authentication_t epee::net_utils::ssl_options_t::auth

◆ ca_path

std::string epee::net_utils::ssl_options_t::ca_path

◆ fingerprints_

std::vector<std::vector<std::uint8_t> > epee::net_utils::ssl_options_t::fingerprints_

private

◆ support

ssl_support_t epee::net_utils::ssl_options_t::support

◆ verification

ssl_verification_t epee::net_utils::ssl_options_t::verification

The documentation for this class was generated from the following files:

contrib/epee/include/net/net_ssl.h
contrib/epee/src/net_ssl.cpp

Public Member Functions

Public Attributes

Private Attributes

Detailed Description

Constructor & Destructor Documentation

◆ ssl_options_t() [1/4]

◆ ssl_options_t() [2/4]

◆ ssl_options_t() [3/4]

◆ ssl_options_t() [4/4]

Member Function Documentation

◆ configure()

◆ create_context()

◆ handshake()

◆ has_fingerprint()

◆ has_strong_verification()

◆ operator bool()

◆ operator=() [1/2]

◆ operator=() [2/2]

Member Data Documentation

◆ auth

◆ ca_path

◆ fingerprints_

◆ support

◆ verification