SSLSocket¶
#include <lthread_cpp/ssl.h>
using namespace lthread_cpp::net;
- class SSLSocket¶
Turns a Socket() to SSLSocket()
Attention
You must call lthread_cpp::net::SSLSocket::init() once before any SSLSocket connection is received or established.
Member Functions¶
- static void Init(const std::string& server_pem_filename, const std::string& server_key_filename, const std::string& ca_cert_filename, const std::string& ca_path)¶
Initializes SSL settings.
Throws: SSLException if it failed to initialize SSL context with any of the values provided.
- SSLSocket(Socket&& s)¶
Initializes/wraps a new SSLSocket from an existing established Socket. Requires calling either SSLSocket::Accept() or SSLSocket::Connect() afterwards depending on whether the underlying TCP connection was accepted by the listener using Accept() or established via TcpConnect().
- SSLSocket()
Initializes n new SSLSocket ready to connect to peer using SSLSocket::Connect().
- void Accept(int timeout_ms=5000)¶
Initiates an SSL Accept with the assumption that the TCP connection was accept(2)-ed and not established via connect(2).
Throws: SSLException if ssl accept failed.
- void Connect(const std::string& host_or_ip, short int port, int timeout_ms)¶
Establishes a TCP connection to host/ip:port and initiates an SSL Connect afterwards.
Throws: SSLException if SSL connect failed Throws: SocketException on socket failure.
- void RequirePeerVerification()¶
Will set SSL peer verification flag on.
- std::string GetCertCommonName()¶
Returns common name in certificate received.
- size_t Send(const char* buf, int timeout_ms=5000)¶
Sends a C style string over SSL socket.
Parameters const char* buf: NULL-terminated buffer. Throws: SSLException on socket failure.
- size_t Send(const char* buf, size_t length, int timeout_ms=5000)¶
Sends length bytes of buf over SSL socket.
Parameters: - const char* buf – Ptr to buffer containing data to send.
- size_t length – Number of bytes to send from buf.
- timeout_ms(optional, default=5000) – Milliseconds to wait before timing out.
Throws: SSLException on socket failure.
- size_t Recv(char* buf, size_t length, int timeout_ms=5000)¶
Receives up to length bytes and place them into buf.
Parameters: - char* buf – Buffer to read data into.
- size_t length – Buffer size to fill.
- timeout_ms(optional, default=5000) – Milliseconds to wait before timing out.
Throws: SSLException on socket failure.
- void Close()¶
Cleanly closes SSL socket and its underlying TCP connection.
Note
SSL objects are movable but not copyable.
Exceptions¶
SSLException¶
- class SSLException¶
Inherits SocketException, raised on SSL errors.
Examples¶
using namespace lthread;
using namespace lthread::net;
void Proxy::HandleConnection(Socket& tcp_conn)
{
SSLSocket client;
std::string common_name;
// do an SSL handshake over the new tcp connection we just received and grab
// the required customer certificate after it has been verified against
// CA certificates provided to SSLSocket::Init
try {
SSLSocket ssl_socket(std::move(tcp_conn));
ssl_socket.RequirePeerVerification();
ssl_socket.Accept();
common_name = ssl_socket.GetCertCommonName();
client = std::move(ssl_socket);
} catch (SocketException& e) {
LOG(ERROR) << "SSL handshake failed from "
<< tcp_conn.Desc() << ". (" << e.what() << ")";
return;
}
// At this point, client can send/recv bytes over established SSL
client.Send("hello world!\n");
}