2014-11-19 00:06:40 +08:00
|
|
|
|
#pragma once
|
|
|
|
|
#include "acl_cpp/acl_cpp_define.hpp"
|
|
|
|
|
#include <vector>
|
|
|
|
|
|
|
|
|
|
namespace acl
|
|
|
|
|
{
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* SSL ֤<EFBFBD><EFBFBD>У<EFBFBD>鼶<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ͷ<EFBFBD><EFBFBD><EFBFBD>
|
|
|
|
|
*/
|
|
|
|
|
typedef enum
|
|
|
|
|
{
|
|
|
|
|
POLARSSL_VERIFY_NONE, // <20><>У<EFBFBD><D0A3>֤<EFBFBD><D6A4>
|
|
|
|
|
POLARSSL_VERIFY_OPT, // ѡ<><D1A1><EFBFBD><EFBFBD>У<EFBFBD>飬<EFBFBD><E9A3AC><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʱ<EFBFBD><CAB1><EFBFBD><EFBFBD><EFBFBD>ֺ<EFBFBD>У<EFBFBD><D0A3>
|
|
|
|
|
POLARSSL_VERIFY_REQ // Ҫ<><D2AA><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʱУ<CAB1><D0A3>
|
|
|
|
|
} polarssl_verify_t;
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* SSL <EFBFBD><EFBFBD><EFBFBD>Ӷ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>࣬<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>һ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ϊȫ<EFBFBD>ֶ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ÿһ<EFBFBD><EFBFBD> SSL
|
|
|
|
|
* <EFBFBD><EFBFBD><EFBFBD>Ӷ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>֤<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ã<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ȫ<EFBFBD><EFBFBD><EFBFBD>Ե<EFBFBD>֤<EFBFBD>顢<EFBFBD><EFBFBD>Կ<EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ϣ<EFBFBD><EFBFBD>ÿһ<EFBFBD><EFBFBD> SSL <EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
|
|
|
|
* (polarssl_io) <EFBFBD><EFBFBD><EFBFBD>ñ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>setup_certs <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʼ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>֤<EFBFBD>顢<EFBFBD><EFBFBD>Կ<EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ϣ
|
|
|
|
|
*/
|
|
|
|
|
class ACL_CPP_API polarssl_conf
|
|
|
|
|
{
|
|
|
|
|
public:
|
|
|
|
|
polarssl_conf();
|
|
|
|
|
~polarssl_conf();
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* <EFBFBD><EFBFBD><EFBFBD><EFBFBD> CA <EFBFBD><EFBFBD>֤<EFBFBD><EFBFBD>(ÿ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʵ<EFBFBD><EFBFBD>ֻ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>һ<EFBFBD>α<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>)
|
|
|
|
|
* @param ca_file {const char*} CA ֤<EFBFBD><EFBFBD><EFBFBD>ļ<EFBFBD>ȫ·<EFBFBD><EFBFBD>
|
|
|
|
|
* @param ca_path {const char*} <EFBFBD><EFBFBD><EFBFBD><EFBFBD> CA ֤<EFBFBD><EFBFBD><EFBFBD>ļ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ŀ¼
|
|
|
|
|
* @return {bool} <EFBFBD><EFBFBD><EFBFBD><EFBFBD> CA <EFBFBD><EFBFBD>֤<EFBFBD><EFBFBD><EFBFBD>Ƿ<EFBFBD><EFBFBD>ɹ<EFBFBD>
|
|
|
|
|
* ע<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> ca_file<EFBFBD><EFBFBD>ca_path <EFBFBD><EFBFBD><EFBFBD>ǿգ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>μ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>֤<EFBFBD><EFBFBD>
|
|
|
|
|
*/
|
|
|
|
|
bool load_ca(const char* ca_file, const char* ca_path);
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* <EFBFBD><EFBFBD><EFBFBD><EFBFBD>һ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>/<EFBFBD>ͻ<EFBFBD><EFBFBD><EFBFBD><EFBFBD>Լ<EFBFBD><EFBFBD><EFBFBD>֤<EFBFBD>飬<EFBFBD><EFBFBD><EFBFBD>Զ<EFBFBD><EFBFBD>ε<EFBFBD><EFBFBD>ñ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ض<EFBFBD><EFBFBD><EFBFBD>֤<EFBFBD><EFBFBD>
|
|
|
|
|
* @param crt_file {const char*} ֤<EFBFBD><EFBFBD><EFBFBD>ļ<EFBFBD>ȫ·<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ǿ<EFBFBD>
|
|
|
|
|
* @return {bool} <EFBFBD><EFBFBD><EFBFBD><EFBFBD>֤<EFBFBD><EFBFBD><EFBFBD>Ƿ<EFBFBD><EFBFBD>ɹ<EFBFBD>
|
|
|
|
|
*/
|
|
|
|
|
bool add_cert(const char* crt_file);
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* <EFBFBD><EFBFBD><EFBFBD>ӷ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>/<EFBFBD>ͻ<EFBFBD><EFBFBD>˵<EFBFBD><EFBFBD><EFBFBD>Կ(ÿ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʵ<EFBFBD><EFBFBD>ֻ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>һ<EFBFBD>α<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>)
|
|
|
|
|
* @param key_file {const char*} <EFBFBD><EFBFBD>Կ<EFBFBD>ļ<EFBFBD>ȫ·<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ǿ<EFBFBD>
|
|
|
|
|
* @param key_pass {const char*} <EFBFBD><EFBFBD>Կ<EFBFBD>ļ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>룬û<EFBFBD><EFBFBD><EFBFBD><EFBFBD>Կ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>д NULL
|
|
|
|
|
* @return {bool} <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ƿ<EFBFBD><EFBFBD>ɹ<EFBFBD>
|
|
|
|
|
*/
|
|
|
|
|
bool set_key(const char* key_file, const char* key_pass = NULL);
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* <EFBFBD><EFBFBD><EFBFBD><EFBFBD> SSL ֤<EFBFBD><EFBFBD>У<EFBFBD>鷽ʽ<EFBFBD><EFBFBD><EFBFBD>ڲ<EFBFBD>ȱʡΪ<EFBFBD><EFBFBD>У<EFBFBD><EFBFBD>֤<EFBFBD><EFBFBD>
|
|
|
|
|
* @param verify_mode {polarssl_verify_t}
|
|
|
|
|
*/
|
|
|
|
|
void set_authmode(polarssl_verify_t verify_mode);
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* <EFBFBD><EFBFBD>Ϊ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ģʽʱ<EFBFBD>Ƿ<EFBFBD><EFBFBD><EFBFBD><EFBFBD>ûỰ<EFBFBD><EFBFBD><EFBFBD>湦<EFBFBD>ܣ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> SSL <EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ч<EFBFBD><EFBFBD>
|
|
|
|
|
* @param on {bool}
|
|
|
|
|
* ע<EFBFBD><EFBFBD><EFBFBD>ú<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Է<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ģʽ<EFBFBD><EFBFBD>Ч
|
|
|
|
|
*/
|
|
|
|
|
void enable_cache(bool on);
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ض<EFBFBD><EFBFBD><EFBFBD>
|
|
|
|
|
* @return {void*}<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ֵΪ entropy_context <EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
|
|
|
|
*/
|
|
|
|
|
void* get_entropy()
|
|
|
|
|
{
|
|
|
|
|
return entropy_;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* polarssl_io::open <EFBFBD>ڲ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ñ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>װ<EFBFBD><EFBFBD>ǰ SSL <EFBFBD><EFBFBD><EFBFBD>Ӷ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>֤<EFBFBD><EFBFBD>
|
|
|
|
|
* @param ssl {void*} SSL <EFBFBD><EFBFBD><EFBFBD>Ӷ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ϊ ssl_context <EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
|
|
|
|
* @param server_side {bool} <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ӷ<EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ƿ<EFBFBD>Ϊ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
|
|
|
|
* @return {bool} <EFBFBD><EFBFBD><EFBFBD><EFBFBD> SSL <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ƿ<EFBFBD><EFBFBD>ɹ<EFBFBD>
|
|
|
|
|
*/
|
|
|
|
|
bool setup_certs(void* ssl, bool server_side);
|
|
|
|
|
|
|
|
|
|
private:
|
|
|
|
|
void* entropy_;
|
|
|
|
|
void* cacert_;
|
|
|
|
|
void* pkey_;
|
|
|
|
|
void* cert_chain_;
|
|
|
|
|
void* cache_;
|
|
|
|
|
polarssl_verify_t verify_mode_;
|
|
|
|
|
|
|
|
|
|
void free_ca();
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
} // namespace acl
|