SSLSocket¶

#include <lthread_cpp/ssl.h>
using namespace lthread_cpp::net;

class SSLSocket¶

Turns a Socket() to SSLSocket()

Attention

You must call lthread_cpp::net::SSLSocket::init() once before any SSLSocket connection is received or established.

Member Functions¶

static void Init(const std::string& server_pem_filename, const std::string& server_key_filename, const std::string& ca_cert_filename, const std::string& ca_path)¶

Initializes SSL settings.

Throws:	`SSLException` if it failed to initialize SSL context with any of the values provided.

SSLSocket(Socket&& s)¶: Initializes/wraps a new SSLSocket from an existing established Socket. Requires calling either SSLSocket::Accept() or SSLSocket::Connect() afterwards depending on whether the underlying TCP connection was accepted by the listener using Accept() or established via TcpConnect().

SSLSocket(): Initializes n new SSLSocket ready to connect to peer using SSLSocket::Connect().

void Accept(int timeout_ms=5000)¶

Initiates an SSL Accept with the assumption that the TCP connection was accept(2)-ed and not established via connect(2).

Throws:	`SSLException` if ssl accept failed.

void Connect(const std::string& host_or_ip, short int port, int timeout_ms)¶

Establishes a TCP connection to host/ip:port and initiates an SSL Connect afterwards.

Throws:	`SSLException` if SSL connect failed
Throws:	`SocketException` on socket failure.

void RequirePeerVerification()¶: Will set SSL peer verification flag on.

std::string GetCertCommonName()¶: Returns common name in certificate received.

size_t Send(const char* buf, int timeout_ms=5000)¶

Sends a C style string over SSL socket.

Parameters const char* buf:
	NULL-terminated buffer.
Throws:	`SSLException` on socket failure.

size_t Send(const char* buf, size_t length, int timeout_ms=5000)¶

Sends length bytes of buf over SSL socket.

Parameters:	*const char buf – Ptr to buffer containing data to send. size_t length – Number of bytes to send from buf. timeout_ms(optional, default=5000)** – Milliseconds to wait before timing out.
Throws:	`SSLException` on socket failure.

size_t Recv(char* buf, size_t length, int timeout_ms=5000)¶

Receives up to length bytes and place them into buf.

Parameters:	*char buf – Buffer to read data into. size_t length – Buffer size to fill. timeout_ms(optional, default=5000)** – Milliseconds to wait before timing out.
Throws:	`SSLException` on socket failure.

void Close()¶: Cleanly closes SSL socket and its underlying TCP connection.

Note

SSL objects are movable but not copyable.

Exceptions¶

SSLException¶

class SSLException¶: Inherits SocketException, raised on SSL errors.

Examples¶

using namespace lthread;
using namespace lthread::net;

void Proxy::HandleConnection(Socket& tcp_conn)
{

  SSLSocket client;
  std::string common_name;

  // do an SSL handshake over the new tcp connection we just received and grab
  // the required customer certificate after it has been verified against
  // CA certificates provided to SSLSocket::Init
  try {
    SSLSocket ssl_socket(std::move(tcp_conn));
    ssl_socket.RequirePeerVerification();
    ssl_socket.Accept();
    common_name = ssl_socket.GetCertCommonName();
    client = std::move(ssl_socket);
  } catch (SocketException& e) {
    LOG(ERROR) << "SSL handshake failed from "
        << tcp_conn.Desc() << ". (" << e.what() << ")";
    return;
  }

  // At this point, client can send/recv bytes over established SSL
      client.Send("hello world!\n");
}