2022-08-20 19:31:37 +08:00
|
|
|
|
#pragma once
|
|
|
|
|
#include "../acl_cpp_define.hpp"
|
|
|
|
|
#include <vector>
|
2023-02-14 09:57:42 +08:00
|
|
|
|
#include <set>
|
2022-08-21 17:34:05 +08:00
|
|
|
|
#include "../stdlib/string.hpp"
|
2023-02-13 19:09:17 +08:00
|
|
|
|
#include "../stdlib/token_tree.hpp"
|
2022-08-20 19:31:37 +08:00
|
|
|
|
#include "sslbase_conf.hpp"
|
|
|
|
|
|
2023-02-09 19:02:30 +08:00
|
|
|
|
typedef struct ssl_st SSL;
|
|
|
|
|
typedef struct ssl_ctx_st SSL_CTX;
|
|
|
|
|
|
2022-08-20 19:31:37 +08:00
|
|
|
|
namespace acl {
|
|
|
|
|
|
2023-02-10 23:57:02 +08:00
|
|
|
|
class token_tree;
|
2022-08-20 19:31:37 +08:00
|
|
|
|
class openssl_io;
|
|
|
|
|
|
|
|
|
|
class ACL_CPP_API openssl_conf : public sslbase_conf {
|
|
|
|
|
public:
|
2022-08-29 18:40:15 +08:00
|
|
|
|
openssl_conf(bool server_side = false, int timeout = 30);
|
2022-08-20 19:31:37 +08:00
|
|
|
|
~openssl_conf(void);
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @override
|
|
|
|
|
*/
|
|
|
|
|
bool load_ca(const char* ca_file, const char* ca_path);
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @override
|
|
|
|
|
*/
|
2022-08-20 21:32:08 +08:00
|
|
|
|
bool add_cert(const char* crt_file, const char* key_file,
|
2022-08-20 19:31:37 +08:00
|
|
|
|
const char* key_pass = NULL);
|
|
|
|
|
|
2022-08-21 17:34:05 +08:00
|
|
|
|
/**
|
|
|
|
|
* @override
|
|
|
|
|
* @deprecate use add_cert(const char*, const char*, const char*)
|
|
|
|
|
*/
|
|
|
|
|
bool add_cert(const char* crt_file);
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @override
|
|
|
|
|
* @deprecate use add_cert(const char*, const char*, const char*)
|
|
|
|
|
*/
|
|
|
|
|
bool set_key(const char* key_file, const char* key_pass);
|
|
|
|
|
|
2022-08-20 19:31:37 +08:00
|
|
|
|
/**
|
|
|
|
|
* @override
|
|
|
|
|
*/
|
|
|
|
|
void enable_cache(bool on);
|
|
|
|
|
|
2022-08-22 17:13:39 +08:00
|
|
|
|
public:
|
|
|
|
|
/**
|
2022-08-22 22:32:23 +08:00
|
|
|
|
* <EFBFBD><EFBFBD><EFBFBD>ñ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>һ<EFBFBD><EFBFBD><EFBFBD><EFBFBD>̬<EFBFBD><EFBFBD><EFBFBD><EFBFBD>ȫ·<EFBFBD><EFBFBD>
|
|
|
|
|
* @param libcrypto {const char*} libcrypto.so <EFBFBD><EFBFBD>̬<EFBFBD><EFBFBD><EFBFBD><EFBFBD>ȫ·<EFBFBD><EFBFBD>
|
|
|
|
|
* @param libssl {const char*} libssl.so <EFBFBD><EFBFBD>̬<EFBFBD><EFBFBD><EFBFBD><EFBFBD>ȫ·<EFBFBD><EFBFBD>
|
2022-08-22 17:13:39 +08:00
|
|
|
|
*/
|
2022-08-22 22:03:38 +08:00
|
|
|
|
static void set_libpath(const char* libcrypto, const char* libssl);
|
2022-08-22 17:13:39 +08:00
|
|
|
|
|
|
|
|
|
/**
|
2022-08-22 22:32:23 +08:00
|
|
|
|
* <EFBFBD><EFBFBD>ʽ<EFBFBD><EFBFBD><EFBFBD>ñ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>̬<EFBFBD><EFBFBD><EFBFBD><EFBFBD> libssl.so <EFBFBD><EFBFBD>̬<EFBFBD><EFBFBD>
|
|
|
|
|
* @return {bool} <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ƿ<EFBFBD><EFBFBD>ɹ<EFBFBD>
|
2022-08-22 17:13:39 +08:00
|
|
|
|
*/
|
|
|
|
|
static bool load(void);
|
|
|
|
|
|
2023-02-13 15:47:37 +08:00
|
|
|
|
/**
|
|
|
|
|
* <EFBFBD><EFBFBD><EFBFBD><EFBFBD> load() <EFBFBD>ɹ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> OpenSSL <EFBFBD><EFBFBD>̬<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ñ<EFBFBD><EFBFBD><EFBFBD>̬<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> libssl
|
|
|
|
|
* <EFBFBD><EFBFBD>̬<EFBFBD><EFBFBD><EFBFBD>ؿ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ӷ<EFBFBD><EFBFBD><EFBFBD><EFBFBD>ԴӸþ<EFBFBD><EFBFBD><EFBFBD><EFBFBD>л<EFBFBD><EFBFBD><EFBFBD>ָ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ָ<EFBFBD><EFBFBD>
|
|
|
|
|
* @return {void*} <EFBFBD><EFBFBD><EFBFBD><EFBFBD> NULL <EFBFBD><EFBFBD>ʾ<EFBFBD><EFBFBD>δ<EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
|
|
|
|
*/
|
|
|
|
|
static void* get_libssl_handle(void);
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* <EFBFBD><EFBFBD><EFBFBD><EFBFBD> libcrypto <EFBFBD><EFBFBD>̬<EFBFBD><EFBFBD><EFBFBD>ؿ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
|
|
|
|
* @return {void*} <EFBFBD><EFBFBD><EFBFBD><EFBFBD> NULL <EFBFBD><EFBFBD>ʾ<EFBFBD><EFBFBD>δ<EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
|
|
|
|
*/
|
|
|
|
|
static void* get_libcrypto_handle(void);
|
|
|
|
|
|
2022-08-20 19:31:37 +08:00
|
|
|
|
public:
|
|
|
|
|
// @override sslbase_conf
|
|
|
|
|
sslbase_io* create(bool nblock);
|
|
|
|
|
|
|
|
|
|
public:
|
2023-02-10 23:57:02 +08:00
|
|
|
|
/**
|
|
|
|
|
* <EFBFBD>Ƿ<EFBFBD>Ϊ SSL <EFBFBD><EFBFBD><EFBFBD><EFBFBD>ģʽ
|
|
|
|
|
* @return {bool}
|
|
|
|
|
*/
|
2023-02-11 10:45:44 +08:00
|
|
|
|
bool is_server_side(void) const {
|
2022-08-20 19:31:37 +08:00
|
|
|
|
return server_side_;
|
|
|
|
|
}
|
|
|
|
|
|
2023-02-10 23:57:02 +08:00
|
|
|
|
/**
|
2023-02-11 10:45:44 +08:00
|
|
|
|
* <EFBFBD><EFBFBD><EFBFBD><EFBFBD>ȱʡ<EFBFBD><EFBFBD>SSL_CTX<EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
2023-02-10 23:57:02 +08:00
|
|
|
|
* @return {SSL_CTX*}
|
|
|
|
|
*/
|
2023-02-09 19:02:30 +08:00
|
|
|
|
SSL_CTX* get_ssl_ctx(void) const;
|
2022-08-20 19:31:37 +08:00
|
|
|
|
|
2023-02-13 14:33:13 +08:00
|
|
|
|
/**
|
|
|
|
|
* <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>е<EFBFBD><EFBFBD>Ѿ<EFBFBD><EFBFBD><EFBFBD>ʼ<EFBFBD><EFBFBD><EFBFBD>ɵ<EFBFBD> SSL_CTX <EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
|
|
|
|
* @param out {std::vector<SSL_CTX*>&}
|
|
|
|
|
*/
|
|
|
|
|
void get_ssl_ctxes(std::vector<SSL_CTX*>& out);
|
|
|
|
|
|
2023-02-10 23:57:02 +08:00
|
|
|
|
/**
|
2023-02-11 10:45:44 +08:00
|
|
|
|
* <EFBFBD><EFBFBD><EFBFBD><EFBFBD>ģʽ<EFBFBD><EFBFBD>,<EFBFBD><EFBFBD><EFBFBD><EFBFBD> SSL_CTX <EFBFBD><EFBFBD><EFBFBD><EFBFBD>,<EFBFBD>ڲ<EFBFBD><EFBFBD>Զ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> SNI <EFBFBD>ص<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>,<EFBFBD><EFBFBD>Ȼ<EFBFBD>ڲ<EFBFBD>Ҳ<EFBFBD><EFBFBD>
|
|
|
|
|
* ͨ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> SSL_CTX_new() API <EFBFBD><EFBFBD><EFBFBD><EFBFBD> SSL_CTX <EFBFBD><EFBFBD><EFBFBD><EFBFBD>,<EFBFBD><EFBFBD><EFBFBD>ڲ<EFBFBD><EFBFBD><EFBFBD><EFBFBD>Զ<EFBFBD><EFBFBD><EFBFBD><EFBFBD>ֶ<EFBFBD>̬
|
|
|
|
|
* <EFBFBD><EFBFBD><EFBFBD>ػ<EFBFBD><EFBFBD><EFBFBD>̬<EFBFBD><EFBFBD><EFBFBD>ص<EFBFBD> SSL_CTX_new() API.
|
|
|
|
|
* @return {SSL_CTX*} <EFBFBD><EFBFBD><EFBFBD><EFBFBD> NULL <EFBFBD><EFBFBD>ʾδ<EFBFBD><EFBFBD><EFBFBD><EFBFBD> OpenSSL <EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
|
|
|
|
*/
|
|
|
|
|
SSL_CTX* create_ssl_ctx(void);
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* <EFBFBD><EFBFBD><EFBFBD><EFBFBD>ģʽ<EFBFBD><EFBFBD>, <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ⲿ<EFBFBD>Ѿ<EFBFBD><EFBFBD><EFBFBD>ʼ<EFBFBD><EFBFBD><EFBFBD>ϵ<EFBFBD> SSL_CTX, <EFBFBD>ö<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
|
|
|
|
* create_ssl_ctx() <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>,<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>䶯̬<EFBFBD><EFBFBD><EFBFBD><EFBFBD>̬<EFBFBD><EFBFBD><EFBFBD><EFBFBD> OpenSSL <EFBFBD>IJ<EFBFBD>ͬ<EFBFBD><EFBFBD>ʽ.
|
2023-02-10 23:57:02 +08:00
|
|
|
|
* @param {SSL_CTX*} <EFBFBD><EFBFBD><EFBFBD>û<EFBFBD><EFBFBD><EFBFBD><EFBFBD>Լ<EFBFBD><EFBFBD><EFBFBD>ʼ<EFBFBD><EFBFBD><EFBFBD>õ<EFBFBD> SSL_CTX <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
|
|
|
|
* Ȩ<EFBFBD><EFBFBD><EFBFBD><EFBFBD> openssl_conf <EFBFBD>ڲ<EFBFBD>ͳһ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ͷ<EFBFBD>
|
2023-02-14 16:33:35 +08:00
|
|
|
|
* @return {bool} <EFBFBD><EFBFBD><EFBFBD><EFBFBD> false <EFBFBD><EFBFBD>ʾ<EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʧ<EFBFBD>ܣ<EFBFBD>ԭ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> ctx Ϊ NULL<EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
|
|
|
|
* <EFBFBD><EFBFBD>ǰ openssl_conf <EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ϊ<EFBFBD>ͻ<EFBFBD><EFBFBD><EFBFBD>ģʽ
|
2023-02-10 23:57:02 +08:00
|
|
|
|
*/
|
2023-02-14 16:33:35 +08:00
|
|
|
|
bool push_ssl_ctx(SSL_CTX* ctx);
|
2023-02-10 23:57:02 +08:00
|
|
|
|
|
2022-08-20 19:31:37 +08:00
|
|
|
|
private:
|
2023-02-10 23:57:02 +08:00
|
|
|
|
bool server_side_;
|
|
|
|
|
SSL_CTX* ssl_ctx_; // The default SSL_CTX.
|
|
|
|
|
token_tree* ssl_ctx_table_; // Holding the map of host/SSL_CTX.
|
|
|
|
|
int ssl_ctx_count_;
|
2023-02-14 09:57:42 +08:00
|
|
|
|
std::set<SSL_CTX*> ssl_ctxes_; // Holding all ctx just for freeing.
|
2023-02-10 23:57:02 +08:00
|
|
|
|
int timeout_;
|
|
|
|
|
string crt_file_;
|
2023-02-14 16:33:35 +08:00
|
|
|
|
unsigned status_;
|
2022-08-22 17:13:39 +08:00
|
|
|
|
|
2023-02-14 16:33:35 +08:00
|
|
|
|
static void once(void);
|
2023-02-10 23:57:02 +08:00
|
|
|
|
|
2023-02-14 16:33:35 +08:00
|
|
|
|
void map_ssl_ctx(SSL_CTX* ctx);
|
2023-02-10 23:57:02 +08:00
|
|
|
|
SSL_CTX* find_ssl_ctx(const char* host);
|
|
|
|
|
|
|
|
|
|
void get_hosts(const SSL_CTX* ctx, std::vector<string>& hosts);
|
2023-02-13 19:09:17 +08:00
|
|
|
|
size_t bind_host(SSL_CTX* ctx, string& host);
|
2023-02-10 23:57:02 +08:00
|
|
|
|
bool create_host_key(string& host, string& key, size_t skip = 0);
|
2023-02-09 19:02:30 +08:00
|
|
|
|
|
2023-02-13 19:09:17 +08:00
|
|
|
|
int on_sni_callback(SSL* ssl, const char*host);
|
|
|
|
|
static int sni_callback(SSL *ssl, int *ad, void *arg);
|
2022-08-20 19:31:37 +08:00
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
} // namespace acl
|