Socket for TLS encrypted traffic between trusted endpoints. More...
#include <tlssocket.hpp>
Public Member Functions | |
| TLSSocket (bool blocking, SocketParams params, TLSContext &tlscontext, const X509Common::SAN &peer_name) | |
| Construct from scratch. More... | |
| TLSSocket (int socket, TLSContext &tlscontext, const X509Common::SAN &peer_name) | |
| Construct from existing socket file descriptor. More... | |
| virtual | ~TLSSocket () |
| Destructor. More... | |
| virtual TLSSocket * | accept () |
| Accept a connection. More... | |
| virtual common::SystemError | connect (const Address &address) |
| Connect to the Address. More... | |
| X509 * | getPeerCertificate () const |
| Get the peer's certificate. More... | |
| std::string | getTLSCurrentCipherName () const |
| Return the negotiated cipher name. More... | |
| int | getTLSProtocolVersion () const |
| return the negotiated TLS (SSL) protocol version. More... | |
| std::string | getTLSProtocolVersionString () const |
| Return the negotiated TLS (SSL) protocol version. More... | |
| bool | operator< (const TLSSocket &socket) const |
| Ordering. More... | |
| bool | operator== (const TLSSocket &socket) const |
| Identity. More... | |
| virtual common::SystemError | receive (void *buf, ssize_t request, ssize_t &received) |
| Receive data. More... | |
| virtual common::SystemError | send (const void *buf, ssize_t len, bool more=false) |
| Send data. More... | |
 Public Member Functions inherited from dodo::network::BaseSocket | |
| BaseSocket () | |
| Default constructor creates an invalid socket. More... | |
| BaseSocket (bool blocking, SocketParams params) | |
| Construct from SocketParams. More... | |
| BaseSocket (int socket) | |
| Construct from a socket descriptor. More... | |
| virtual | ~BaseSocket () |
| Destructs this Socket, but does not call close(). More... | |
| common::SystemError | bind (const Address &address) |
| Bind the socket to the Address. More... | |
| virtual void | close () |
| Closes the socket, causing the connection, if it exists, to be terminated. More... | |
| virtual std::string | debugDetail () const |
| Return debug object state as a string. More... | |
| Address | getAddress () const |
| Get the local address for this socket. More... | |
| SocketParams::AddressFamily | getAddressFamily () const |
| Get the SocketParams::AddressFamily of the socket. More... | |
| virtual bool | getBlocking () const |
| Rerurn true if the socket is operating in blocking mode. More... | |
| int | getFD () const |
| Return the socket file descriptor. More... | |
| Address | getPeerAddress () const |
| Get the peer (remote) address for this socket. More... | |
| SocketParams::ProtocolNumber | getProtocolNumber () const |
| Get the SocketParams::ProtocolNumber of the socket. More... | |
| virtual socklen_t | getReceiveBufSize () const |
| Get the maximum buffer length for receive. More... | |
| socklen_t | getSendBufSize () const |
| Get the maximum buffer length for send. More... | |
| SocketParams | getSocketParams () const |
| Return the SocketParams. More... | |
| SocketParams::SocketType | getSocketType () const |
| Get the SocketParams::SocketType of the socket. More... | |
| int | getTTL () const |
| Get the Socket TTL (time to live) or the max number of packet hops. More... | |
| bool | isValid () const |
| Return true when the socket descriptor is a valid, hence 'possible' descriptor. More... | |
| common::SystemError | listen (const Address &address, int backlog) |
| Sets up a listening socket on Address. More... | |
| bool | operator< (const BaseSocket &socket) const |
| Add ordering. More... | |
| BaseSocket & | operator= (const BaseSocket &socket) |
| Assign from Socket. More... | |
| BaseSocket & | operator= (int socket) |
| Assign from existing socket descriptor (int). More... | |
| bool | operator== (const BaseSocket &socket) const |
| Add identity. More... | |
| common::SystemError | receiveInt16 (int16_t &value) |
| receive an int16_t More... | |
| common::SystemError | receiveInt32 (int32_t &value) |
| receive an int32_t More... | |
| common::SystemError | receiveInt64 (int64_t &value) |
| receive an int64_t More... | |
| common::SystemError | receiveInt8 (int8_t &value) |
| receive an int8_t More... | |
| common::SystemError | receiveLine (std::string &s) |
| receive a stream of characters until a ' ' is read (consumed from the socket read buffer but not added to s). More... | |
| common::SystemError | receiveString (std::string &s) |
| Receive a std::string as sent by sendString( const std::string& ). More... | |
| common::SystemError | receiveUInt16 (uint16_t &value) |
| receive an uint16_t More... | |
| common::SystemError | receiveUInt32 (uint32_t &value) |
| receive an uint32_t More... | |
| common::SystemError | receiveUInt64 (uint64_t &value) |
| receive an uint64_t More... | |
| common::SystemError | receiveUInt8 (uint8_t &value) |
| receive an uint8_t More... | |
| common::SystemError | sendInt16 (int16_t value, bool more=false) |
| Send an int16_t. More... | |
| common::SystemError | sendInt32 (int32_t value, bool more=false) |
| Send an int32_t. More... | |
| common::SystemError | sendInt64 (int64_t value, bool more=false) |
| Send an int64_t. More... | |
| common::SystemError | sendInt8 (int8_t value, bool more=false) |
| Send an int8_t. More... | |
| common::SystemError | sendLine (const std::string &s, bool more) |
| Sends the std::string terminated by a ' '. More... | |
| common::SystemError | sendString (const std::string &s, bool more=false) |
| Sends the std::string as understood by receiveString(). More... | |
| common::SystemError | sendUInt16 (uint16_t value, bool more=false) |
| Send an uint16_t. More... | |
| common::SystemError | sendUInt32 (uint32_t value, bool more=false) |
| Send an uint32_t. More... | |
| common::SystemError | sendUInt64 (uint64_t value, bool more=false) |
| Send an sendUInt64. More... | |
| common::SystemError | sendUInt8 (uint8_t value, bool more=false) |
| Send an uint8_t. More... | |
| void | setBlocking (bool blocking) |
| Set the Socket blocking mode. More... | |
| void | setReceiveBufSize (socklen_t size) |
| Set the size of the receive buffer. More... | |
| void | setReceiveTimeout (double sec) |
| Set the receive timeout - a receive will fail if there is no data received before the timeout expires. More... | |
| void | setReUseAddress () |
| Enable the socket to re-use an address when listen/bind is called. More... | |
| void | setReUsePort () |
| Make the socket re-use a port when listen is called. More... | |
| void | setSendBufSize (socklen_t size) |
| Set the size of the send buffer. More... | |
| void | setSendTimeout (double sec) |
| Set the send timeout - a send will fail if there is no data send before the timeout expires. More... | |
| void | setTCPKeepAlive (bool enable) |
| Enable or disable TCP keep-alive on the socket. More... | |
| void | setTCPNoDelay (bool set) |
| Set TCP_NODELAY. More... | |
| void | setTTL (int ttl) |
| Set the Socket TTL (Time to Live). More... | |
| Public Member Functions inherited from dodo::common::DebugObject | |
| DebugObject () | |
| Default constructor does nothing. More... | |
| virtual | ~DebugObject () |
| Destructor does nothing. More... | |
| std::string | debugString () const |
| Return the object dump to string. More... | |
Protected Attributes | |
| X509Common::SAN | peer_name_ |
| The peer name connected to, for TLS CN and SubjectAltName matching. More... | |
| SSL * | ssl_ |
| The SSL object. More... | |
| TLSContext & | tlscontext_ |
| The TLSContext. More... | |
| Protected Attributes inherited from dodo::network::BaseSocket | |
| int | socket_ |
| The socket file decsriptor. More... | |
Additional Inherited Members | |
| Protected Member Functions inherited from dodo::common::DebugObject | |
| std::string | debugHeader () const |
| Generates a debug header (address of this object and a demangled class name. More... | |
Detailed Description
Socket for TLS encrypted traffic between trusted endpoints.
Definition at line 40 of file tlssocket.hpp.
Constructor & Destructor Documentation
◆ TLSSocket() [1/2]
| dodo::network::TLSSocket::TLSSocket | ( | int | socket, |
| TLSContext & | tlscontext, | ||
| const X509Common::SAN & | peer_name | ||
| ) |
Construct from existing socket file descriptor.
- Parameters
-
socket The socket file descriptor. tlscontext The TLSContext to apply. peer_name The peer name to validate against the peer certificate CN and SubjectAltNames. Only used when the tlscontext has pvVerifyFQDN set (and possibly when pvCustom is set).
Definition at line 32 of file tlssocket.cpp.
References ssl_.
Referenced by accept().
◆ TLSSocket() [2/2]
| dodo::network::TLSSocket::TLSSocket | ( | bool | blocking, |
| SocketParams | params, | ||
| TLSContext & | tlscontext, | ||
| const X509Common::SAN & | peer_name | ||
| ) |
Construct from scratch.
- Parameters
-
blocking If true, operate in blocking mode. params The SocketParams to apply. tlscontext The TLSContext to apply. peer_name The peer name to validate against the peer certificate CN and SubjectAltNames. Only used when the tlscontext has pvVerifyFQDN set (and possibly when pvCustom is set).
Definition at line 40 of file tlssocket.cpp.
References dodo::common::getSSLErrors(), dodo::network::TLSContext::isSNIEnabled(), peer_name_, dodo::network::X509Common::SAN::san_name, dodo::network::BaseSocket::socket_, ssl_, and throw_Exception.
◆ ~TLSSocket()
|
virtual |
Member Function Documentation
◆ accept()
|
virtual |
Accept a connection.
- Returns
- The SystemError.
Implements dodo::network::BaseSocket.
Definition at line 88 of file tlssocket.cpp.
References dodo::common::getSSLErrors(), log_Error, ssl_, dodo::network::X509Common::stDNS, tlscontext_, and TLSSocket().
◆ connect()
|
virtual |
Connect to the Address.
- Parameters
-
address The address to connect to.
- Returns
- The SystemError code.
Reimplemented from dodo::network::BaseSocket.
Definition at line 57 of file tlssocket.cpp.
References dodo::network::BaseSocket::connect(), dodo::common::SystemError::ecOK, dodo::common::SystemError::ecSSL_ERROR_NONE, dodo::common::SystemError::ecSSL_ERROR_PEERVERIFICATION, dodo::common::SystemError::ecSSL_ERROR_WANT_ACCEPT, dodo::common::SystemError::ecSSL_ERROR_WANT_CONNECT, dodo::common::SystemError::ecSSL_ERROR_WANT_READ, dodo::common::SystemError::ecSSL_ERROR_WANT_WRITE, dodo::common::SystemError::ecSSL_ERROR_WANT_X509_LOOKUP, dodo::common::SystemError::ecSSL_ERROR_ZERO_RETURN, getPeerCertificate(), dodo::network::TLSContext::getPeerVerification(), dodo::common::getSSLErrors(), dodo::network::TLSContext::isAllowSANWildcards(), peer_name_, dodo::network::TLSContext::pvVerifyFQDN, dodo::network::X509Common::SAN::san_name, dodo::network::BaseSocket::socket_, ssl_, dodo::network::X509Common::stDNS, throw_Exception, tlscontext_, and dodo::network::X509Certificate::verifySAN().
◆ getPeerCertificate()
| X509 * dodo::network::TLSSocket::getPeerCertificate | ( | ) | const |
Get the peer's certificate.
- Returns
- A pointer to the peer certificate (must not be freed).
Definition at line 101 of file tlssocket.cpp.
References ssl_.
Referenced by connect().
◆ getTLSCurrentCipherName()
|
inline |
Return the negotiated cipher name.
This is only meaningful after a connect returned SystemError::ecOK.
- Returns
- the TLS (SSL) protocol version.
Definition at line 145 of file tlssocket.hpp.
References ssl_.
◆ getTLSProtocolVersion()
|
inline |
return the negotiated TLS (SSL) protocol version.
This is only meaningfull after a connect returned SystemError::ecOK.
- Returns
- the TLS (SSL) protocol version.
Definition at line 127 of file tlssocket.hpp.
References ssl_.
◆ getTLSProtocolVersionString()
|
inline |
Return the negotiated TLS (SSL) protocol version.
This is only meaningful after a connect returned SystemError::ecOK.
- Returns
- the TLS (SSL) protocol version.
Definition at line 136 of file tlssocket.hpp.
References ssl_.
◆ operator<()
|
inline |
Ordering.
- Parameters
-
socket The socket to compare to.
- Returns
- True if this Socket has a smaller socket descriptor than socket.
Definition at line 120 of file tlssocket.hpp.
References dodo::network::BaseSocket::socket_.
◆ operator==()
|
inline |
Identity.
- Parameters
-
socket The socket to compare to.
- Returns
- True if both sockets are equal and have the same value in socket_.
Definition at line 113 of file tlssocket.hpp.
References dodo::network::BaseSocket::socket_.
◆ receive()
|
virtual |
Receive data.
- Parameters
-
buf Buffer to receive in request Max bytes to receive in buf received Actual received bytes
- Returns
- The SystemError code.
Implements dodo::network::BaseSocket.
Definition at line 123 of file tlssocket.cpp.
References dodo::common::SystemError::ecOK, dodo::common::SystemError::ecSSL_ERROR_NONE, dodo::common::SystemError::ecSSL_ERROR_SYSCALL, dodo::common::SystemError::ecSSL_ERROR_WANT_ACCEPT, dodo::common::SystemError::ecSSL_ERROR_WANT_CONNECT, dodo::common::SystemError::ecSSL_ERROR_WANT_READ, dodo::common::SystemError::ecSSL_ERROR_WANT_WRITE, dodo::common::SystemError::ecSSL_ERROR_WANT_X509_LOOKUP, dodo::common::SystemError::ecSSL_ERROR_ZERO_RETURN, dodo::common::getSSLErrors(), ssl_, and throw_Exception.
◆ send()
|
virtual |
Send data.
- Parameters
-
buf Data to send len Size of data in buf more If true, do not force a send buffer flush, more data will follow
- Returns
- The SystemError code.
Implements dodo::network::BaseSocket.
Definition at line 105 of file tlssocket.cpp.
References dodo::common::SystemError::ecOK, dodo::common::SystemError::ecSSL_ERROR_NONE, dodo::common::SystemError::ecSSL_ERROR_WANT_ACCEPT, dodo::common::SystemError::ecSSL_ERROR_WANT_CONNECT, dodo::common::SystemError::ecSSL_ERROR_WANT_READ, dodo::common::SystemError::ecSSL_ERROR_WANT_WRITE, dodo::common::SystemError::ecSSL_ERROR_WANT_X509_LOOKUP, dodo::common::SystemError::ecSSL_ERROR_ZERO_RETURN, dodo::common::getSSLErrors(), ssl_, and throw_Exception.
Field Documentation
◆ peer_name_
|
protected |
The peer name connected to, for TLS CN and SubjectAltName matching.
Definition at line 164 of file tlssocket.hpp.
Referenced by connect(), and TLSSocket().
◆ ssl_
|
protected |
The SSL object.
Definition at line 154 of file tlssocket.hpp.
Referenced by accept(), connect(), getPeerCertificate(), getTLSCurrentCipherName(), getTLSProtocolVersion(), getTLSProtocolVersionString(), receive(), send(), TLSSocket(), and ~TLSSocket().
◆ tlscontext_
|
protected |
The TLSContext.
Definition at line 159 of file tlssocket.hpp.
The documentation for this class was generated from the following files:
- src/include/network/tlssocket.hpp
- src/lib/network/tlssocket.cpp
