diff options
author | Mark Benvenuto <mark.benvenuto@mongodb.com> | 2018-02-13 14:07:53 -0500 |
---|---|---|
committer | Mark Benvenuto <mark.benvenuto@mongodb.com> | 2018-02-13 14:07:53 -0500 |
commit | 7f074daf0ad102b6f32abdd1b28cc9c73b46b52f (patch) | |
tree | 3436c8a330371e9383a21e7a24e039b6f14c2946 /src/mongo | |
parent | 3924664a0d09741671a08c9507d440ae79384cb6 (diff) | |
download | mongo-7f074daf0ad102b6f32abdd1b28cc9c73b46b52f.tar.gz |
SERVER-33267 Strip unused ssl code
Diffstat (limited to 'src/mongo')
-rw-r--r-- | src/mongo/util/net/ssl.hpp | 3 | ||||
-rw-r--r-- | src/mongo/util/net/ssl/context.hpp | 664 | ||||
-rw-r--r-- | src/mongo/util/net/ssl/context_base.hpp | 32 | ||||
-rw-r--r-- | src/mongo/util/net/ssl/detail/engine.hpp | 18 | ||||
-rw-r--r-- | src/mongo/util/net/ssl/detail/impl/engine.ipp | 58 | ||||
-rw-r--r-- | src/mongo/util/net/ssl/detail/impl/openssl_init.ipp | 163 | ||||
-rw-r--r-- | src/mongo/util/net/ssl/detail/openssl_init.hpp | 101 | ||||
-rw-r--r-- | src/mongo/util/net/ssl/detail/password_callback.hpp | 66 | ||||
-rw-r--r-- | src/mongo/util/net/ssl/detail/verify_callback.hpp | 62 | ||||
-rw-r--r-- | src/mongo/util/net/ssl/impl/context.hpp | 67 | ||||
-rw-r--r-- | src/mongo/util/net/ssl/impl/context.ipp | 825 | ||||
-rw-r--r-- | src/mongo/util/net/ssl/impl/error.ipp | 1 | ||||
-rw-r--r-- | src/mongo/util/net/ssl/impl/rfc2818_verification.ipp | 160 | ||||
-rw-r--r-- | src/mongo/util/net/ssl/impl/src.hpp | 2 | ||||
-rw-r--r-- | src/mongo/util/net/ssl/rfc2818_verification.hpp | 94 | ||||
-rw-r--r-- | src/mongo/util/net/ssl/stream.hpp | 135 | ||||
-rw-r--r-- | src/mongo/util/net/ssl/verify_context.hpp | 67 | ||||
-rw-r--r-- | src/mongo/util/net/ssl/verify_mode.hpp | 63 |
18 files changed, 0 insertions, 2581 deletions
diff --git a/src/mongo/util/net/ssl.hpp b/src/mongo/util/net/ssl.hpp index 8a7c3487a17..f3644745e79 100644 --- a/src/mongo/util/net/ssl.hpp +++ b/src/mongo/util/net/ssl.hpp @@ -18,10 +18,7 @@ #include "mongo/util/net/ssl/context.hpp" #include "mongo/util/net/ssl/context_base.hpp" #include "mongo/util/net/ssl/error.hpp" -#include "mongo/util/net/ssl/rfc2818_verification.hpp" #include "mongo/util/net/ssl/stream.hpp" #include "mongo/util/net/ssl/stream_base.hpp" -#include "mongo/util/net/ssl/verify_context.hpp" -#include "mongo/util/net/ssl/verify_mode.hpp" #endif // ASIO_SSL_HPP diff --git a/src/mongo/util/net/ssl/context.hpp b/src/mongo/util/net/ssl/context.hpp index 1f146ad7e8e..bf2f464f1f4 100644 --- a/src/mongo/util/net/ssl/context.hpp +++ b/src/mongo/util/net/ssl/context.hpp @@ -22,10 +22,6 @@ #include "asio/io_context.hpp" #include "mongo/util/net/ssl/context_base.hpp" #include "mongo/util/net/ssl/detail/openssl_types.hpp" -#include "mongo/util/net/ssl/detail/openssl_init.hpp" -#include "mongo/util/net/ssl/detail/password_callback.hpp" -#include "mongo/util/net/ssl/detail/verify_callback.hpp" -#include "mongo/util/net/ssl/verify_mode.hpp" #include "asio/detail/push_options.hpp" @@ -82,668 +78,9 @@ public: */ ASIO_DECL native_handle_type native_handle(); - /// Clear options on the context. - /** - * This function may be used to configure the SSL options used by the context. - * - * @param o A bitmask of options. The available option values are defined in - * the context_base class. The specified options, if currently enabled on the - * context, are cleared. - * - * @throws asio::system_error Thrown on failure. - * - * @note Calls @c SSL_CTX_clear_options. - */ - ASIO_DECL void clear_options(options o); - - /// Clear options on the context. - /** - * This function may be used to configure the SSL options used by the context. - * - * @param o A bitmask of options. The available option values are defined in - * the context_base class. The specified options, if currently enabled on the - * context, are cleared. - * - * @param ec Set to indicate what error occurred, if any. - * - * @note Calls @c SSL_CTX_clear_options. - */ - ASIO_DECL ASIO_SYNC_OP_VOID clear_options(options o, - asio::error_code& ec); - - /// Set options on the context. - /** - * This function may be used to configure the SSL options used by the context. - * - * @param o A bitmask of options. The available option values are defined in - * the context_base class. The options are bitwise-ored with any existing - * value for the options. - * - * @throws asio::system_error Thrown on failure. - * - * @note Calls @c SSL_CTX_set_options. - */ - ASIO_DECL void set_options(options o); - - /// Set options on the context. - /** - * This function may be used to configure the SSL options used by the context. - * - * @param o A bitmask of options. The available option values are defined in - * the context_base class. The options are bitwise-ored with any existing - * value for the options. - * - * @param ec Set to indicate what error occurred, if any. - * - * @note Calls @c SSL_CTX_set_options. - */ - ASIO_DECL ASIO_SYNC_OP_VOID set_options(options o, - asio::error_code& ec); - - /// Set the peer verification mode. - /** - * This function may be used to configure the peer verification mode used by - * the context. - * - * @param v A bitmask of peer verification modes. See @ref verify_mode for - * available values. - * - * @throws asio::system_error Thrown on failure. - * - * @note Calls @c SSL_CTX_set_verify. - */ - ASIO_DECL void set_verify_mode(verify_mode v); - - /// Set the peer verification mode. - /** - * This function may be used to configure the peer verification mode used by - * the context. - * - * @param v A bitmask of peer verification modes. See @ref verify_mode for - * available values. - * - * @param ec Set to indicate what error occurred, if any. - * - * @note Calls @c SSL_CTX_set_verify. - */ - ASIO_DECL ASIO_SYNC_OP_VOID set_verify_mode( - verify_mode v, asio::error_code& ec); - - /// Set the peer verification depth. - /** - * This function may be used to configure the maximum verification depth - * allowed by the context. - * - * @param depth Maximum depth for the certificate chain verification that - * shall be allowed. - * - * @throws asio::system_error Thrown on failure. - * - * @note Calls @c SSL_CTX_set_verify_depth. - */ - ASIO_DECL void set_verify_depth(int depth); - - /// Set the peer verification depth. - /** - * This function may be used to configure the maximum verification depth - * allowed by the context. - * - * @param depth Maximum depth for the certificate chain verification that - * shall be allowed. - * - * @param ec Set to indicate what error occurred, if any. - * - * @note Calls @c SSL_CTX_set_verify_depth. - */ - ASIO_DECL ASIO_SYNC_OP_VOID set_verify_depth( - int depth, asio::error_code& ec); - - /// Set the callback used to verify peer certificates. - /** - * This function is used to specify a callback function that will be called - * by the implementation when it needs to verify a peer certificate. - * - * @param callback The function object to be used for verifying a certificate. - * The function signature of the handler must be: - * @code bool verify_callback( - * bool preverified, // True if the certificate passed pre-verification. - * verify_context& ctx // The peer certificate and other context. - * ); @endcode - * The return value of the callback is true if the certificate has passed - * verification, false otherwise. - * - * @throws asio::system_error Thrown on failure. - * - * @note Calls @c SSL_CTX_set_verify. - */ - template <typename VerifyCallback> - void set_verify_callback(VerifyCallback callback); - - /// Set the callback used to verify peer certificates. - /** - * This function is used to specify a callback function that will be called - * by the implementation when it needs to verify a peer certificate. - * - * @param callback The function object to be used for verifying a certificate. - * The function signature of the handler must be: - * @code bool verify_callback( - * bool preverified, // True if the certificate passed pre-verification. - * verify_context& ctx // The peer certificate and other context. - * ); @endcode - * The return value of the callback is true if the certificate has passed - * verification, false otherwise. - * - * @param ec Set to indicate what error occurred, if any. - * - * @note Calls @c SSL_CTX_set_verify. - */ - template <typename VerifyCallback> - ASIO_SYNC_OP_VOID set_verify_callback(VerifyCallback callback, - asio::error_code& ec); - - /// Load a certification authority file for performing verification. - /** - * This function is used to load one or more trusted certification authorities - * from a file. - * - * @param filename The name of a file containing certification authority - * certificates in PEM format. - * - * @throws asio::system_error Thrown on failure. - * - * @note Calls @c SSL_CTX_load_verify_locations. - */ - ASIO_DECL void load_verify_file(const std::string& filename); - - /// Load a certification authority file for performing verification. - /** - * This function is used to load the certificates for one or more trusted - * certification authorities from a file. - * - * @param filename The name of a file containing certification authority - * certificates in PEM format. - * - * @param ec Set to indicate what error occurred, if any. - * - * @note Calls @c SSL_CTX_load_verify_locations. - */ - ASIO_DECL ASIO_SYNC_OP_VOID load_verify_file( - const std::string& filename, asio::error_code& ec); - - /// Add certification authority for performing verification. - /** - * This function is used to add one trusted certification authority - * from a memory buffer. - * - * @param ca The buffer containing the certification authority certificate. - * The certificate must use the PEM format. - * - * @throws asio::system_error Thrown on failure. - * - * @note Calls @c SSL_CTX_get_cert_store and @c X509_STORE_add_cert. - */ - ASIO_DECL void add_certificate_authority(const const_buffer& ca); - - /// Add certification authority for performing verification. - /** - * This function is used to add one trusted certification authority - * from a memory buffer. - * - * @param ca The buffer containing the certification authority certificate. - * The certificate must use the PEM format. - * - * @param ec Set to indicate what error occurred, if any. - * - * @note Calls @c SSL_CTX_get_cert_store and @c X509_STORE_add_cert. - */ - ASIO_DECL ASIO_SYNC_OP_VOID add_certificate_authority( - const const_buffer& ca, asio::error_code& ec); - - /// Configures the context to use the default directories for finding - /// certification authority certificates. - /** - * This function specifies that the context should use the default, - * system-dependent directories for locating certification authority - * certificates. - * - * @throws asio::system_error Thrown on failure. - * - * @note Calls @c SSL_CTX_set_default_verify_paths. - */ - ASIO_DECL void set_default_verify_paths(); - - /// Configures the context to use the default directories for finding - /// certification authority certificates. - /** - * This function specifies that the context should use the default, - * system-dependent directories for locating certification authority - * certificates. - * - * @param ec Set to indicate what error occurred, if any. - * - * @note Calls @c SSL_CTX_set_default_verify_paths. - */ - ASIO_DECL ASIO_SYNC_OP_VOID set_default_verify_paths( - asio::error_code& ec); - - /// Add a directory containing certificate authority files to be used for - /// performing verification. - /** - * This function is used to specify the name of a directory containing - * certification authority certificates. Each file in the directory must - * contain a single certificate. The files must be named using the subject - * name's hash and an extension of ".0". - * - * @param path The name of a directory containing the certificates. - * - * @throws asio::system_error Thrown on failure. - * - * @note Calls @c SSL_CTX_load_verify_locations. - */ - ASIO_DECL void add_verify_path(const std::string& path); - - /// Add a directory containing certificate authority files to be used for - /// performing verification. - /** - * This function is used to specify the name of a directory containing - * certification authority certificates. Each file in the directory must - * contain a single certificate. The files must be named using the subject - * name's hash and an extension of ".0". - * - * @param path The name of a directory containing the certificates. - * - * @param ec Set to indicate what error occurred, if any. - * - * @note Calls @c SSL_CTX_load_verify_locations. - */ - ASIO_DECL ASIO_SYNC_OP_VOID add_verify_path( - const std::string& path, asio::error_code& ec); - - /// Use a certificate from a memory buffer. - /** - * This function is used to load a certificate into the context from a buffer. - * - * @param certificate The buffer containing the certificate. - * - * @param format The certificate format (ASN.1 or PEM). - * - * @throws asio::system_error Thrown on failure. - * - * @note Calls @c SSL_CTX_use_certificate or SSL_CTX_use_certificate_ASN1. - */ - ASIO_DECL void use_certificate( - const const_buffer& certificate, file_format format); - - /// Use a certificate from a memory buffer. - /** - * This function is used to load a certificate into the context from a buffer. - * - * @param certificate The buffer containing the certificate. - * - * @param format The certificate format (ASN.1 or PEM). - * - * @param ec Set to indicate what error occurred, if any. - * - * @note Calls @c SSL_CTX_use_certificate or SSL_CTX_use_certificate_ASN1. - */ - ASIO_DECL ASIO_SYNC_OP_VOID use_certificate( - const const_buffer& certificate, file_format format, - asio::error_code& ec); - - /// Use a certificate from a file. - /** - * This function is used to load a certificate into the context from a file. - * - * @param filename The name of the file containing the certificate. - * - * @param format The file format (ASN.1 or PEM). - * - * @throws asio::system_error Thrown on failure. - * - * @note Calls @c SSL_CTX_use_certificate_file. - */ - ASIO_DECL void use_certificate_file( - const std::string& filename, file_format format); - - /// Use a certificate from a file. - /** - * This function is used to load a certificate into the context from a file. - * - * @param filename The name of the file containing the certificate. - * - * @param format The file format (ASN.1 or PEM). - * - * @param ec Set to indicate what error occurred, if any. - * - * @note Calls @c SSL_CTX_use_certificate_file. - */ - ASIO_DECL ASIO_SYNC_OP_VOID use_certificate_file( - const std::string& filename, file_format format, - asio::error_code& ec); - - /// Use a certificate chain from a memory buffer. - /** - * This function is used to load a certificate chain into the context from a - * buffer. - * - * @param chain The buffer containing the certificate chain. The certificate - * chain must use the PEM format. - * - * @throws asio::system_error Thrown on failure. - * - * @note Calls @c SSL_CTX_use_certificate and SSL_CTX_add_extra_chain_cert. - */ - ASIO_DECL void use_certificate_chain(const const_buffer& chain); - - /// Use a certificate chain from a memory buffer. - /** - * This function is used to load a certificate chain into the context from a - * buffer. - * - * @param chain The buffer containing the certificate chain. The certificate - * chain must use the PEM format. - * - * @param ec Set to indicate what error occurred, if any. - * - * @note Calls @c SSL_CTX_use_certificate and SSL_CTX_add_extra_chain_cert. - */ - ASIO_DECL ASIO_SYNC_OP_VOID use_certificate_chain( - const const_buffer& chain, asio::error_code& ec); - - /// Use a certificate chain from a file. - /** - * This function is used to load a certificate chain into the context from a - * file. - * - * @param filename The name of the file containing the certificate. The file - * must use the PEM format. - * - * @throws asio::system_error Thrown on failure. - * - * @note Calls @c SSL_CTX_use_certificate_chain_file. - */ - ASIO_DECL void use_certificate_chain_file(const std::string& filename); - - /// Use a certificate chain from a file. - /** - * This function is used to load a certificate chain into the context from a - * file. - * - * @param filename The name of the file containing the certificate. The file - * must use the PEM format. - * - * @param ec Set to indicate what error occurred, if any. - * - * @note Calls @c SSL_CTX_use_certificate_chain_file. - */ - ASIO_DECL ASIO_SYNC_OP_VOID use_certificate_chain_file( - const std::string& filename, asio::error_code& ec); - - /// Use a private key from a memory buffer. - /** - * This function is used to load a private key into the context from a buffer. - * - * @param private_key The buffer containing the private key. - * - * @param format The private key format (ASN.1 or PEM). - * - * @throws asio::system_error Thrown on failure. - * - * @note Calls @c SSL_CTX_use_PrivateKey or SSL_CTX_use_PrivateKey_ASN1. - */ - ASIO_DECL void use_private_key( - const const_buffer& private_key, file_format format); - - /// Use a private key from a memory buffer. - /** - * This function is used to load a private key into the context from a buffer. - * - * @param private_key The buffer containing the private key. - * - * @param format The private key format (ASN.1 or PEM). - * - * @param ec Set to indicate what error occurred, if any. - * - * @note Calls @c SSL_CTX_use_PrivateKey or SSL_CTX_use_PrivateKey_ASN1. - */ - ASIO_DECL ASIO_SYNC_OP_VOID use_private_key( - const const_buffer& private_key, file_format format, - asio::error_code& ec); - - /// Use a private key from a file. - /** - * This function is used to load a private key into the context from a file. - * - * @param filename The name of the file containing the private key. - * - * @param format The file format (ASN.1 or PEM). - * - * @throws asio::system_error Thrown on failure. - * - * @note Calls @c SSL_CTX_use_PrivateKey_file. - */ - ASIO_DECL void use_private_key_file( - const std::string& filename, file_format format); - - /// Use a private key from a file. - /** - * This function is used to load a private key into the context from a file. - * - * @param filename The name of the file containing the private key. - * - * @param format The file format (ASN.1 or PEM). - * - * @param ec Set to indicate what error occurred, if any. - * - * @note Calls @c SSL_CTX_use_PrivateKey_file. - */ - ASIO_DECL ASIO_SYNC_OP_VOID use_private_key_file( - const std::string& filename, file_format format, - asio::error_code& ec); - - /// Use an RSA private key from a memory buffer. - /** - * This function is used to load an RSA private key into the context from a - * buffer. - * - * @param private_key The buffer containing the RSA private key. - * - * @param format The private key format (ASN.1 or PEM). - * - * @throws asio::system_error Thrown on failure. - * - * @note Calls @c SSL_CTX_use_RSAPrivateKey or SSL_CTX_use_RSAPrivateKey_ASN1. - */ - ASIO_DECL void use_rsa_private_key( - const const_buffer& private_key, file_format format); - - /// Use an RSA private key from a memory buffer. - /** - * This function is used to load an RSA private key into the context from a - * buffer. - * - * @param private_key The buffer containing the RSA private key. - * - * @param format The private key format (ASN.1 or PEM). - * - * @param ec Set to indicate what error occurred, if any. - * - * @note Calls @c SSL_CTX_use_RSAPrivateKey or SSL_CTX_use_RSAPrivateKey_ASN1. - */ - ASIO_DECL ASIO_SYNC_OP_VOID use_rsa_private_key( - const const_buffer& private_key, file_format format, - asio::error_code& ec); - - /// Use an RSA private key from a file. - /** - * This function is used to load an RSA private key into the context from a - * file. - * - * @param filename The name of the file containing the RSA private key. - * - * @param format The file format (ASN.1 or PEM). - * - * @throws asio::system_error Thrown on failure. - * - * @note Calls @c SSL_CTX_use_RSAPrivateKey_file. - */ - ASIO_DECL void use_rsa_private_key_file( - const std::string& filename, file_format format); - - /// Use an RSA private key from a file. - /** - * This function is used to load an RSA private key into the context from a - * file. - * - * @param filename The name of the file containing the RSA private key. - * - * @param format The file format (ASN.1 or PEM). - * - * @param ec Set to indicate what error occurred, if any. - * - * @note Calls @c SSL_CTX_use_RSAPrivateKey_file. - */ - ASIO_DECL ASIO_SYNC_OP_VOID use_rsa_private_key_file( - const std::string& filename, file_format format, - asio::error_code& ec); - - /// Use the specified memory buffer to obtain the temporary Diffie-Hellman - /// parameters. - /** - * This function is used to load Diffie-Hellman parameters into the context - * from a buffer. - * - * @param dh The memory buffer containing the Diffie-Hellman parameters. The - * buffer must use the PEM format. - * - * @throws asio::system_error Thrown on failure. - * - * @note Calls @c SSL_CTX_set_tmp_dh. - */ - ASIO_DECL void use_tmp_dh(const const_buffer& dh); - - /// Use the specified memory buffer to obtain the temporary Diffie-Hellman - /// parameters. - /** - * This function is used to load Diffie-Hellman parameters into the context - * from a buffer. - * - * @param dh The memory buffer containing the Diffie-Hellman parameters. The - * buffer must use the PEM format. - * - * @param ec Set to indicate what error occurred, if any. - * - * @note Calls @c SSL_CTX_set_tmp_dh. - */ - ASIO_DECL ASIO_SYNC_OP_VOID use_tmp_dh( - const const_buffer& dh, asio::error_code& ec); - - /// Use the specified file to obtain the temporary Diffie-Hellman parameters. - /** - * This function is used to load Diffie-Hellman parameters into the context - * from a file. - * - * @param filename The name of the file containing the Diffie-Hellman - * parameters. The file must use the PEM format. - * - * @throws asio::system_error Thrown on failure. - * - * @note Calls @c SSL_CTX_set_tmp_dh. - */ - ASIO_DECL void use_tmp_dh_file(const std::string& filename); - - /// Use the specified file to obtain the temporary Diffie-Hellman parameters. - /** - * This function is used to load Diffie-Hellman parameters into the context - * from a file. - * - * @param filename The name of the file containing the Diffie-Hellman - * parameters. The file must use the PEM format. - * - * @param ec Set to indicate what error occurred, if any. - * - * @note Calls @c SSL_CTX_set_tmp_dh. - */ - ASIO_DECL ASIO_SYNC_OP_VOID use_tmp_dh_file( - const std::string& filename, asio::error_code& ec); - - /// Set the password callback. - /** - * This function is used to specify a callback function to obtain password - * information about an encrypted key in PEM format. - * - * @param callback The function object to be used for obtaining the password. - * The function signature of the handler must be: - * @code std::string password_callback( - * std::size_t max_length, // The maximum size for a password. - * password_purpose purpose // Whether password is for reading or writing. - * ); @endcode - * The return value of the callback is a string containing the password. - * - * @throws asio::system_error Thrown on failure. - * - * @note Calls @c SSL_CTX_set_default_passwd_cb. - */ - template <typename PasswordCallback> - void set_password_callback(PasswordCallback callback); - - /// Set the password callback. - /** - * This function is used to specify a callback function to obtain password - * information about an encrypted key in PEM format. - * - * @param callback The function object to be used for obtaining the password. - * The function signature of the handler must be: - * @code std::string password_callback( - * std::size_t max_length, // The maximum size for a password. - * password_purpose purpose // Whether password is for reading or writing. - * ); @endcode - * The return value of the callback is a string containing the password. - * - * @param ec Set to indicate what error occurred, if any. - * - * @note Calls @c SSL_CTX_set_default_passwd_cb. - */ - template <typename PasswordCallback> - ASIO_SYNC_OP_VOID set_password_callback(PasswordCallback callback, - asio::error_code& ec); - private: - struct bio_cleanup; - struct x509_cleanup; - struct evp_pkey_cleanup; - struct rsa_cleanup; - struct dh_cleanup; - - // Helper function used to set a peer certificate verification callback. - ASIO_DECL ASIO_SYNC_OP_VOID do_set_verify_callback( - detail::verify_callback_base* callback, asio::error_code& ec); - - // Callback used when the SSL implementation wants to verify a certificate. - ASIO_DECL static int verify_callback_function( - int preverified, X509_STORE_CTX* ctx); - - // Helper function used to set a password callback. - ASIO_DECL ASIO_SYNC_OP_VOID do_set_password_callback( - detail::password_callback_base* callback, asio::error_code& ec); - - // Callback used when the SSL implementation wants a password. - ASIO_DECL static int password_callback_function( - char* buf, int size, int purpose, void* data); - - // Helper function to set the temporary Diffie-Hellman parameters from a BIO. - ASIO_DECL ASIO_SYNC_OP_VOID do_use_tmp_dh( - BIO* bio, asio::error_code& ec); - - // Helper function to make a BIO from a memory buffer. - ASIO_DECL BIO* make_buffer_bio(const const_buffer& b); - // The underlying native implementation. native_handle_type handle_; - - // MONGO HACK - prevent ASIO from initializing OpenSSL - // Ensure openssl is initialised. - //asio::ssl::detail::openssl_init<> init_; }; } // namespace ssl @@ -751,7 +88,6 @@ private: #include "asio/detail/pop_options.hpp" -#include "mongo/util/net/ssl/impl/context.hpp" #if defined(ASIO_HEADER_ONLY) # include "mongo/util/net/ssl/impl/context.ipp" #endif // defined(ASIO_HEADER_ONLY) diff --git a/src/mongo/util/net/ssl/context_base.hpp b/src/mongo/util/net/ssl/context_base.hpp index f3993411221..0b3351ebeae 100644 --- a/src/mongo/util/net/ssl/context_base.hpp +++ b/src/mongo/util/net/ssl/context_base.hpp @@ -145,38 +145,6 @@ public: # endif // defined(SSL_OP_NO_COMPRESSION) #endif - /// File format types. - enum file_format - { - /// ASN.1 file. - asn1, - - /// PEM file. - pem - }; - -#if !defined(GENERATING_DOCUMENTATION) - // The following types and constants are preserved for backward compatibility. - // New programs should use the equivalents of the same names that are defined - // in the asio::ssl namespace. - typedef int verify_mode; - ASIO_STATIC_CONSTANT(int, verify_none = SSL_VERIFY_NONE); - ASIO_STATIC_CONSTANT(int, verify_peer = SSL_VERIFY_PEER); - ASIO_STATIC_CONSTANT(int, - verify_fail_if_no_peer_cert = SSL_VERIFY_FAIL_IF_NO_PEER_CERT); - ASIO_STATIC_CONSTANT(int, verify_client_once = SSL_VERIFY_CLIENT_ONCE); -#endif - - /// Purpose of PEM password. - enum password_purpose - { - /// The password is needed for reading/decryption. - for_reading, - - /// The password is needed for writing/encryption. - for_writing - }; - protected: /// Protected destructor to prevent deletion through this type. ~context_base() diff --git a/src/mongo/util/net/ssl/detail/engine.hpp b/src/mongo/util/net/ssl/detail/engine.hpp index 498b314d98e..e49332d59b6 100644 --- a/src/mongo/util/net/ssl/detail/engine.hpp +++ b/src/mongo/util/net/ssl/detail/engine.hpp @@ -20,9 +20,7 @@ #include "asio/buffer.hpp" #include "asio/detail/static_mutex.hpp" #include "mongo/util/net/ssl/detail/openssl_types.hpp" -#include "mongo/util/net/ssl/detail/verify_callback.hpp" #include "mongo/util/net/ssl/stream_base.hpp" -#include "mongo/util/net/ssl/verify_mode.hpp" #include "asio/detail/push_options.hpp" @@ -64,18 +62,6 @@ public: // Get the underlying implementation in the native type. ASIO_DECL SSL* native_handle(); - // Set the peer verification mode. - ASIO_DECL asio::error_code set_verify_mode( - verify_mode v, asio::error_code& ec); - - // Set the peer verification depth. - ASIO_DECL asio::error_code set_verify_depth( - int depth, asio::error_code& ec); - - // Set a peer certificate verification callback. - ASIO_DECL asio::error_code set_verify_callback( - verify_callback_base* callback, asio::error_code& ec); - // Perform an SSL handshake using either SSL_connect (client-side) or // SSL_accept (server-side). ASIO_DECL want handshake( @@ -111,10 +97,6 @@ private: engine(const engine&); engine& operator=(const engine&); - // Callback used when the SSL implementation wants to verify a certificate. - ASIO_DECL static int verify_callback_function( - int preverified, X509_STORE_CTX* ctx); - #if (OPENSSL_VERSION_NUMBER < 0x10000000L) // The SSL_accept function may not be thread safe. This mutex is used to // protect all calls to the SSL_accept function. diff --git a/src/mongo/util/net/ssl/detail/impl/engine.ipp b/src/mongo/util/net/ssl/detail/impl/engine.ipp index 7b0ced9af8d..6f29cc2d478 100644 --- a/src/mongo/util/net/ssl/detail/impl/engine.ipp +++ b/src/mongo/util/net/ssl/detail/impl/engine.ipp @@ -21,7 +21,6 @@ #include "asio/error.hpp" #include "mongo/util/net/ssl/detail/engine.hpp" #include "mongo/util/net/ssl/error.hpp" -#include "mongo/util/net/ssl/verify_context.hpp" #include "asio/detail/push_options.hpp" @@ -59,7 +58,6 @@ engine::~engine() { if (SSL_get_app_data(ssl_)) { - delete static_cast<verify_callback_base*>(SSL_get_app_data(ssl_)); SSL_set_app_data(ssl_, 0); } @@ -72,62 +70,6 @@ SSL* engine::native_handle() return ssl_; } -asio::error_code engine::set_verify_mode( - verify_mode v, asio::error_code& ec) -{ - ::SSL_set_verify(ssl_, v, ::SSL_get_verify_callback(ssl_)); - - ec = asio::error_code(); - return ec; -} - -asio::error_code engine::set_verify_depth( - int depth, asio::error_code& ec) -{ - ::SSL_set_verify_depth(ssl_, depth); - - ec = asio::error_code(); - return ec; -} - -asio::error_code engine::set_verify_callback( - verify_callback_base* callback, asio::error_code& ec) -{ - if (SSL_get_app_data(ssl_)) - delete static_cast<verify_callback_base*>(SSL_get_app_data(ssl_)); - - SSL_set_app_data(ssl_, callback); - - ::SSL_set_verify(ssl_, ::SSL_get_verify_mode(ssl_), - &engine::verify_callback_function); - - ec = asio::error_code(); - return ec; -} - -int engine::verify_callback_function(int preverified, X509_STORE_CTX* ctx) -{ - if (ctx) - { - if (SSL* ssl = static_cast<SSL*>( - ::X509_STORE_CTX_get_ex_data( - ctx, ::SSL_get_ex_data_X509_STORE_CTX_idx()))) - { - if (SSL_get_app_data(ssl)) - { - verify_callback_base* callback = - static_cast<verify_callback_base*>( - SSL_get_app_data(ssl)); - - verify_context verify_ctx(ctx); - return callback->call(preverified != 0, verify_ctx) ? 1 : 0; - } - } - } - - return 0; -} - engine::want engine::handshake( stream_base::handshake_type type, asio::error_code& ec) { diff --git a/src/mongo/util/net/ssl/detail/impl/openssl_init.ipp b/src/mongo/util/net/ssl/detail/impl/openssl_init.ipp deleted file mode 100644 index ec9d1e2bded..00000000000 --- a/src/mongo/util/net/ssl/detail/impl/openssl_init.ipp +++ /dev/null @@ -1,163 +0,0 @@ -// -// ssl/detail/impl/openssl_init.ipp -// ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -// -// Copyright (c) 2005 Voipster / Indrek dot Juhani at voipster dot com -// Copyright (c) 2005-2017 Christopher M. Kohlhoff (chris at kohlhoff dot com) -// -// Distributed under the Boost Software License, Version 1.0. (See accompanying -// file LICENSE_1_0.txt or copy at http://www.boost.org/LICENSE_1_0.txt) -// - -#ifndef ASIO_SSL_DETAIL_IMPL_OPENSSL_INIT_IPP -#define ASIO_SSL_DETAIL_IMPL_OPENSSL_INIT_IPP - -#if defined(_MSC_VER) && (_MSC_VER >= 1200) -# pragma once -#endif // defined(_MSC_VER) && (_MSC_VER >= 1200) - -#include "asio/detail/config.hpp" -#include <vector> -#include "asio/detail/assert.hpp" -#include "asio/detail/mutex.hpp" -#include "asio/detail/tss_ptr.hpp" -#include "mongo/util/net/ssl/detail/openssl_init.hpp" -#include "mongo/util/net/ssl/detail/openssl_types.hpp" - -#include "asio/detail/push_options.hpp" - -namespace asio { -namespace ssl { -namespace detail { - -class openssl_init_base::do_init -{ -public: - do_init() - { -#if (OPENSSL_VERSION_NUMBER < 0x10100000L) - ::SSL_library_init(); - ::SSL_load_error_strings(); - ::OpenSSL_add_all_algorithms(); - - mutexes_.resize(::CRYPTO_num_locks()); - for (size_t i = 0; i < mutexes_.size(); ++i) - mutexes_[i].reset(new asio::detail::mutex); - ::CRYPTO_set_locking_callback(&do_init::openssl_locking_func); -#endif // (OPENSSL_VERSION_NUMBER < 0x10100000L) -#if (OPENSSL_VERSION_NUMBER < 0x10000000L) - ::CRYPTO_set_id_callback(&do_init::openssl_id_func); -#endif // (OPENSSL_VERSION_NUMBER < 0x10000000L) - -#if !defined(SSL_OP_NO_COMPRESSION) \ - && (OPENSSL_VERSION_NUMBER >= 0x00908000L) - null_compression_methods_ = sk_SSL_COMP_new_null(); -#endif // !defined(SSL_OP_NO_COMPRESSION) - // && (OPENSSL_VERSION_NUMBER >= 0x00908000L) - } - - ~do_init() - { -#if !defined(SSL_OP_NO_COMPRESSION) \ - && (OPENSSL_VERSION_NUMBER >= 0x00908000L) - sk_SSL_COMP_free(null_compression_methods_); -#endif // !defined(SSL_OP_NO_COMPRESSION) - // && (OPENSSL_VERSION_NUMBER >= 0x00908000L) - -#if (OPENSSL_VERSION_NUMBER < 0x10000000L) - ::CRYPTO_set_id_callback(0); -#endif // (OPENSSL_VERSION_NUMBER < 0x10000000L) -#if (OPENSSL_VERSION_NUMBER < 0x10100000L) - ::CRYPTO_set_locking_callback(0); - ::ERR_free_strings(); - ::EVP_cleanup(); - ::CRYPTO_cleanup_all_ex_data(); -#endif // (OPENSSL_VERSION_NUMBER < 0x10100000L) -#if (OPENSSL_VERSION_NUMBER < 0x10000000L) - ::ERR_remove_state(0); -#elif (OPENSSL_VERSION_NUMBER < 0x10100000L) - ::ERR_remove_thread_state(NULL); -#endif // (OPENSSL_VERSION_NUMBER < 0x10000000L) -#if (OPENSSL_VERSION_NUMBER >= 0x10002000L) \ - && (OPENSSL_VERSION_NUMBER < 0x10100000L) - ::SSL_COMP_free_compression_methods(); -#endif // (OPENSSL_VERSION_NUMBER >= 0x10002000L) - // && (OPENSSL_VERSION_NUMBER < 0x10100000L) -#if !defined(OPENSSL_IS_BORINGSSL) - ::CONF_modules_unload(1); -#endif // !defined(OPENSSL_IS_BORINGSSL) -#if !defined(OPENSSL_NO_ENGINE) \ - && (OPENSSL_VERSION_NUMBER < 0x10100000L) - ::ENGINE_cleanup(); -#endif // !defined(OPENSSL_NO_ENGINE) - // && (OPENSSL_VERSION_NUMBER < 0x10100000L) - } - -#if !defined(SSL_OP_NO_COMPRESSION) \ - && (OPENSSL_VERSION_NUMBER >= 0x00908000L) - STACK_OF(SSL_COMP)* get_null_compression_methods() const - { - return null_compression_methods_; - } -#endif // !defined(SSL_OP_NO_COMPRESSION) - // && (OPENSSL_VERSION_NUMBER >= 0x00908000L) - -private: -#if (OPENSSL_VERSION_NUMBER < 0x10000000L) - static unsigned long openssl_id_func() - { -#if defined(ASIO_WINDOWS) || defined(__CYGWIN__) - return ::GetCurrentThreadId(); -#else // defined(ASIO_WINDOWS) || defined(__CYGWIN__) - void* id = &errno; - ASIO_ASSERT(sizeof(unsigned long) >= sizeof(void*)); - return reinterpret_cast<unsigned long>(id); -#endif // defined(ASIO_WINDOWS) || defined(__CYGWIN__) - } -#endif // (OPENSSL_VERSION_NUMBER < 0x10000000L) - -#if (OPENSSL_VERSION_NUMBER < 0x10100000L) - static void openssl_locking_func(int mode, int n, - const char* /*file*/, int /*line*/) - { - if (mode & CRYPTO_LOCK) - instance()->mutexes_[n]->lock(); - else - instance()->mutexes_[n]->unlock(); - } - - // Mutexes to be used in locking callbacks. - std::vector<asio::detail::shared_ptr< - asio::detail::mutex> > mutexes_; -#endif // (OPENSSL_VERSION_NUMBER < 0x10100000L) - -#if !defined(SSL_OP_NO_COMPRESSION) \ - && (OPENSSL_VERSION_NUMBER >= 0x00908000L) - STACK_OF(SSL_COMP)* null_compression_methods_; -#endif // !defined(SSL_OP_NO_COMPRESSION) - // && (OPENSSL_VERSION_NUMBER >= 0x00908000L) -}; - -asio::detail::shared_ptr<openssl_init_base::do_init> -openssl_init_base::instance() -{ - static asio::detail::shared_ptr<do_init> init(new do_init); - return init; -} - -#if !defined(SSL_OP_NO_COMPRESSION) \ - && (OPENSSL_VERSION_NUMBER >= 0x00908000L) -STACK_OF(SSL_COMP)* openssl_init_base::get_null_compression_methods() -{ - return instance()->get_null_compression_methods(); -} -#endif // !defined(SSL_OP_NO_COMPRESSION) - // && (OPENSSL_VERSION_NUMBER >= 0x00908000L) - -} // namespace detail -} // namespace ssl -} // namespace asio - -#include "asio/detail/pop_options.hpp" - -#endif // ASIO_SSL_DETAIL_IMPL_OPENSSL_INIT_IPP diff --git a/src/mongo/util/net/ssl/detail/openssl_init.hpp b/src/mongo/util/net/ssl/detail/openssl_init.hpp deleted file mode 100644 index 00df9afe099..00000000000 --- a/src/mongo/util/net/ssl/detail/openssl_init.hpp +++ /dev/null @@ -1,101 +0,0 @@ -// -// ssl/detail/openssl_init.hpp -// ~~~~~~~~~~~~~~~~~~~~~~~~~~~ -// -// Copyright (c) 2003-2017 Christopher M. Kohlhoff (chris at kohlhoff dot com) -// -// Distributed under the Boost Software License, Version 1.0. (See accompanying -// file LICENSE_1_0.txt or copy at http://www.boost.org/LICENSE_1_0.txt) -// - -#ifndef ASIO_SSL_DETAIL_OPENSSL_INIT_HPP -#define ASIO_SSL_DETAIL_OPENSSL_INIT_HPP - -#if defined(_MSC_VER) && (_MSC_VER >= 1200) -# pragma once -#endif // defined(_MSC_VER) && (_MSC_VER >= 1200) - -#include "asio/detail/config.hpp" -#include <cstring> -#include "asio/detail/memory.hpp" -#include "asio/detail/noncopyable.hpp" -#include "mongo/util/net/ssl/detail/openssl_types.hpp" - -#include "asio/detail/push_options.hpp" - -namespace asio { -namespace ssl { -namespace detail { - -class openssl_init_base - : private noncopyable -{ -protected: - // Class that performs the actual initialisation. - class do_init; - - // Helper function to manage a do_init singleton. The static instance of the - // openssl_init object ensures that this function is always called before - // main, and therefore before any other threads can get started. The do_init - // instance must be static in this function to ensure that it gets - // initialised before any other global objects try to use it. - ASIO_DECL static asio::detail::shared_ptr<do_init> instance(); - -#if !defined(SSL_OP_NO_COMPRESSION) \ - && (OPENSSL_VERSION_NUMBER >= 0x00908000L) - // Get an empty stack of compression methods, to be used when disabling - // compression. - ASIO_DECL static STACK_OF(SSL_COMP)* get_null_compression_methods(); -#endif // !defined(SSL_OP_NO_COMPRESSION) - // && (OPENSSL_VERSION_NUMBER >= 0x00908000L) -}; - -template <bool Do_Init = true> -class openssl_init : private openssl_init_base -{ -public: - // Constructor. - openssl_init() - : ref_(instance()) - { - using namespace std; // For memmove. - - // Ensure openssl_init::instance_ is linked in. - openssl_init* tmp = &instance_; - memmove(&tmp, &tmp, sizeof(openssl_init*)); - } - - // Destructor. - ~openssl_init() - { - } - -#if !defined(SSL_OP_NO_COMPRESSION) \ - && (OPENSSL_VERSION_NUMBER >= 0x00908000L) - using openssl_init_base::get_null_compression_methods; -#endif // !defined(SSL_OP_NO_COMPRESSION) - // && (OPENSSL_VERSION_NUMBER >= 0x00908000L) - -private: - // Instance to force initialisation of openssl at global scope. - static openssl_init instance_; - - // Reference to singleton do_init object to ensure that openssl does not get - // cleaned up until the last user has finished with it. - asio::detail::shared_ptr<do_init> ref_; -}; - -template <bool Do_Init> -openssl_init<Do_Init> openssl_init<Do_Init>::instance_; - -} // namespace detail -} // namespace ssl -} // namespace asio - -#include "asio/detail/pop_options.hpp" - -#if defined(ASIO_HEADER_ONLY) -# include "mongo/util/net/ssl/detail/impl/openssl_init.ipp" -#endif // defined(ASIO_HEADER_ONLY) - -#endif // ASIO_SSL_DETAIL_OPENSSL_INIT_HPP diff --git a/src/mongo/util/net/ssl/detail/password_callback.hpp b/src/mongo/util/net/ssl/detail/password_callback.hpp deleted file mode 100644 index 01bebf8b8c6..00000000000 --- a/src/mongo/util/net/ssl/detail/password_callback.hpp +++ /dev/null @@ -1,66 +0,0 @@ -// -// ssl/detail/password_callback.hpp -// ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -// -// Copyright (c) 2003-2017 Christopher M. Kohlhoff (chris at kohlhoff dot com) -// -// Distributed under the Boost Software License, Version 1.0. (See accompanying -// file LICENSE_1_0.txt or copy at http://www.boost.org/LICENSE_1_0.txt) -// - -#ifndef ASIO_SSL_DETAIL_PASSWORD_CALLBACK_HPP -#define ASIO_SSL_DETAIL_PASSWORD_CALLBACK_HPP - -#if defined(_MSC_VER) && (_MSC_VER >= 1200) -# pragma once -#endif // defined(_MSC_VER) && (_MSC_VER >= 1200) - -#include "asio/detail/config.hpp" - -#include <cstddef> -#include <string> -#include "mongo/util/net/ssl/context_base.hpp" - -#include "asio/detail/push_options.hpp" - -namespace asio { -namespace ssl { -namespace detail { - -class password_callback_base -{ -public: - virtual ~password_callback_base() - { - } - - virtual std::string call(std::size_t size, - context_base::password_purpose purpose) = 0; -}; - -template <typename PasswordCallback> -class password_callback : public password_callback_base -{ -public: - explicit password_callback(PasswordCallback callback) - : callback_(callback) - { - } - - virtual std::string call(std::size_t size, - context_base::password_purpose purpose) - { - return callback_(size, purpose); - } - -private: - PasswordCallback callback_; -}; - -} // namespace detail -} // namespace ssl -} // namespace asio - -#include "asio/detail/pop_options.hpp" - -#endif // ASIO_SSL_DETAIL_PASSWORD_CALLBACK_HPP diff --git a/src/mongo/util/net/ssl/detail/verify_callback.hpp b/src/mongo/util/net/ssl/detail/verify_callback.hpp deleted file mode 100644 index 002eef3504f..00000000000 --- a/src/mongo/util/net/ssl/detail/verify_callback.hpp +++ /dev/null @@ -1,62 +0,0 @@ -// -// ssl/detail/verify_callback.hpp -// ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -// -// Copyright (c) 2003-2017 Christopher M. Kohlhoff (chris at kohlhoff dot com) -// -// Distributed under the Boost Software License, Version 1.0. (See accompanying -// file LICENSE_1_0.txt or copy at http://www.boost.org/LICENSE_1_0.txt) -// - -#ifndef ASIO_SSL_DETAIL_VERIFY_CALLBACK_HPP -#define ASIO_SSL_DETAIL_VERIFY_CALLBACK_HPP - -#if defined(_MSC_VER) && (_MSC_VER >= 1200) -# pragma once -#endif // defined(_MSC_VER) && (_MSC_VER >= 1200) - -#include "asio/detail/config.hpp" - -#include "mongo/util/net/ssl/verify_context.hpp" - -#include "asio/detail/push_options.hpp" - -namespace asio { -namespace ssl { -namespace detail { - -class verify_callback_base -{ -public: - virtual ~verify_callback_base() - { - } - - virtual bool call(bool preverified, verify_context& ctx) = 0; -}; - -template <typename VerifyCallback> -class verify_callback : public verify_callback_base -{ -public: - explicit verify_callback(VerifyCallback callback) - : callback_(callback) - { - } - - virtual bool call(bool preverified, verify_context& ctx) - { - return callback_(preverified, ctx); - } - -private: - VerifyCallback callback_; -}; - -} // namespace detail -} // namespace ssl -} // namespace asio - -#include "asio/detail/pop_options.hpp" - -#endif // ASIO_SSL_DETAIL_VERIFY_CALLBACK_HPP diff --git a/src/mongo/util/net/ssl/impl/context.hpp b/src/mongo/util/net/ssl/impl/context.hpp deleted file mode 100644 index 95808e0f89b..00000000000 --- a/src/mongo/util/net/ssl/impl/context.hpp +++ /dev/null @@ -1,67 +0,0 @@ -// -// ssl/impl/context.hpp -// ~~~~~~~~~~~~~~~~~~~~ -// -// Copyright (c) 2005 Voipster / Indrek dot Juhani at voipster dot com -// Copyright (c) 2005-2017 Christopher M. Kohlhoff (chris at kohlhoff dot com) -// -// Distributed under the Boost Software License, Version 1.0. (See accompanying -// file LICENSE_1_0.txt or copy at http://www.boost.org/LICENSE_1_0.txt) -// - -#ifndef ASIO_SSL_IMPL_CONTEXT_HPP -#define ASIO_SSL_IMPL_CONTEXT_HPP - -#if defined(_MSC_VER) && (_MSC_VER >= 1200) -# pragma once -#endif // defined(_MSC_VER) && (_MSC_VER >= 1200) - -#include "asio/detail/config.hpp" - -#include "asio/detail/throw_error.hpp" - -#include "asio/detail/push_options.hpp" - -namespace asio { -namespace ssl { - -template <typename VerifyCallback> -void context::set_verify_callback(VerifyCallback callback) -{ - asio::error_code ec; - this->set_verify_callback(callback, ec); - asio::detail::throw_error(ec, "set_verify_callback"); -} - -template <typename VerifyCallback> -ASIO_SYNC_OP_VOID context::set_verify_callback( - VerifyCallback callback, asio::error_code& ec) -{ - do_set_verify_callback( - new detail::verify_callback<VerifyCallback>(callback), ec); - ASIO_SYNC_OP_VOID_RETURN(ec); -} - -template <typename PasswordCallback> -void context::set_password_callback(PasswordCallback callback) -{ - asio::error_code ec; - this->set_password_callback(callback, ec); - asio::detail::throw_error(ec, "set_password_callback"); -} - -template <typename PasswordCallback> -ASIO_SYNC_OP_VOID context::set_password_callback( - PasswordCallback callback, asio::error_code& ec) -{ - do_set_password_callback( - new detail::password_callback<PasswordCallback>(callback), ec); - ASIO_SYNC_OP_VOID_RETURN(ec); -} - -} // namespace ssl -} // namespace asio - -#include "asio/detail/pop_options.hpp" - -#endif // ASIO_SSL_IMPL_CONTEXT_HPP diff --git a/src/mongo/util/net/ssl/impl/context.ipp b/src/mongo/util/net/ssl/impl/context.ipp index 7d4979c0de3..52ce75c1e52 100644 --- a/src/mongo/util/net/ssl/impl/context.ipp +++ b/src/mongo/util/net/ssl/impl/context.ipp @@ -29,36 +29,6 @@ namespace asio { namespace ssl { -struct context::bio_cleanup -{ - BIO* p; - ~bio_cleanup() { if (p) ::BIO_free(p); } -}; - -struct context::x509_cleanup -{ - X509* p; - ~x509_cleanup() { if (p) ::X509_free(p); } -}; - -struct context::evp_pkey_cleanup -{ - EVP_PKEY* p; - ~evp_pkey_cleanup() { if (p) ::EVP_PKEY_free(p); } -}; - -struct context::rsa_cleanup -{ - RSA* p; - ~rsa_cleanup() { if (p) ::RSA_free(p); } -}; - -struct context::dh_cleanup -{ - DH* p; - ~dh_cleanup() { if (p) ::DH_free(p); } -}; - context::context(context::method m) : handle_(0) { @@ -317,8 +287,6 @@ context::context(context::method m) asio::error::get_ssl_category()); asio::detail::throw_error(ec, "context"); } - - set_options(no_compression); } #if defined(ASIO_HAS_MOVE) || defined(GENERATING_DOCUMENTATION) @@ -341,30 +309,8 @@ context::~context() { if (handle_) { -#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) && !defined(LIBRESSL_VERSION_NUMBER) - void* cb_userdata = ::SSL_CTX_get_default_passwd_cb_userdata(handle_); -#else // (OPENSSL_VERSION_NUMBER >= 0x10100000L) - void* cb_userdata = handle_->default_passwd_callback_userdata; -#endif // (OPENSSL_VERSION_NUMBER >= 0x10100000L) - if (cb_userdata) - { - detail::password_callback_base* callback = - static_cast<detail::password_callback_base*>( - cb_userdata); - delete callback; -#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) && !defined(LIBRESSL_VERSION_NUMBER) - ::SSL_CTX_set_default_passwd_cb_userdata(handle_, 0); -#else // (OPENSSL_VERSION_NUMBER >= 0x10100000L) - handle_->default_passwd_callback_userdata = 0; -#endif // (OPENSSL_VERSION_NUMBER >= 0x10100000L) - } - if (SSL_CTX_get_app_data(handle_)) { - detail::verify_callback_base* callback = - static_cast<detail::verify_callback_base*>( - SSL_CTX_get_app_data(handle_)); - delete callback; SSL_CTX_set_app_data(handle_, 0); } @@ -377,777 +323,6 @@ context::native_handle_type context::native_handle() return handle_; } -void context::clear_options(context::options o) -{ - asio::error_code ec; - clear_options(o, ec); - asio::detail::throw_error(ec, "clear_options"); -} - -ASIO_SYNC_OP_VOID context::clear_options( - context::options o, asio::error_code& ec) -{ -#if (OPENSSL_VERSION_NUMBER >= 0x009080DFL) \ - && (OPENSSL_VERSION_NUMBER != 0x00909000L) -# if !defined(SSL_OP_NO_COMPRESSION) - if ((o & context::no_compression) != 0) - { -# if (OPENSSL_VERSION_NUMBER >= 0x00908000L) - handle_->comp_methods = SSL_COMP_get_compression_methods(); -# endif // (OPENSSL_VERSION_NUMBER >= 0x00908000L) - o ^= context::no_compression; - } -# endif // !defined(SSL_OP_NO_COMPRESSION) - - ::SSL_CTX_clear_options(handle_, o); - - ec = asio::error_code(); -#else // (OPENSSL_VERSION_NUMBER >= 0x009080DFL) - // && (OPENSSL_VERSION_NUMBER != 0x00909000L) - (void)o; - ec = asio::error::operation_not_supported; -#endif // (OPENSSL_VERSION_NUMBER >= 0x009080DFL) - // && (OPENSSL_VERSION_NUMBER != 0x00909000L) - ASIO_SYNC_OP_VOID_RETURN(ec); -} - -void context::set_options(context::options o) -{ - asio::error_code ec; - set_options(o, ec); - asio::detail::throw_error(ec, "set_options"); -} - -ASIO_SYNC_OP_VOID context::set_options( - context::options o, asio::error_code& ec) -{ -#if !defined(SSL_OP_NO_COMPRESSION) - if ((o & context::no_compression) != 0) - { -#if (OPENSSL_VERSION_NUMBER >= 0x00908000L) - handle_->comp_methods = - asio::ssl::detail::openssl_init<>::get_null_compression_methods(); -#endif // (OPENSSL_VERSION_NUMBER >= 0x00908000L) - o ^= context::no_compression; - } -#endif // !defined(SSL_OP_NO_COMPRESSION) - - ::SSL_CTX_set_options(handle_, o); - - ec = asio::error_code(); - ASIO_SYNC_OP_VOID_RETURN(ec); -} - -void context::set_verify_mode(verify_mode v) -{ - asio::error_code ec; - set_verify_mode(v, ec); - asio::detail::throw_error(ec, "set_verify_mode"); -} - -ASIO_SYNC_OP_VOID context::set_verify_mode( - verify_mode v, asio::error_code& ec) -{ - ::SSL_CTX_set_verify(handle_, v, ::SSL_CTX_get_verify_callback(handle_)); - - ec = asio::error_code(); - ASIO_SYNC_OP_VOID_RETURN(ec); -} - -void context::set_verify_depth(int depth) -{ - asio::error_code ec; - set_verify_depth(depth, ec); - asio::detail::throw_error(ec, "set_verify_depth"); -} - -ASIO_SYNC_OP_VOID context::set_verify_depth( - int depth, asio::error_code& ec) -{ - ::SSL_CTX_set_verify_depth(handle_, depth); - - ec = asio::error_code(); - ASIO_SYNC_OP_VOID_RETURN(ec); -} - -void context::load_verify_file(const std::string& filename) -{ - asio::error_code ec; - load_verify_file(filename, ec); - asio::detail::throw_error(ec, "load_verify_file"); -} - -ASIO_SYNC_OP_VOID context::load_verify_file( - const std::string& filename, asio::error_code& ec) -{ - ::ERR_clear_error(); - - if (::SSL_CTX_load_verify_locations(handle_, filename.c_str(), 0) != 1) - { - ec = asio::error_code( - static_cast<int>(::ERR_get_error()), - asio::error::get_ssl_category()); - ASIO_SYNC_OP_VOID_RETURN(ec); - } - - ec = asio::error_code(); - ASIO_SYNC_OP_VOID_RETURN(ec); -} - -void context::add_certificate_authority(const const_buffer& ca) -{ - asio::error_code ec; - add_certificate_authority(ca, ec); - asio::detail::throw_error(ec, "add_certificate_authority"); -} - -ASIO_SYNC_OP_VOID context::add_certificate_authority( - const const_buffer& ca, asio::error_code& ec) -{ - ::ERR_clear_error(); - - bio_cleanup bio = { make_buffer_bio(ca) }; - if (bio.p) - { - x509_cleanup cert = { ::PEM_read_bio_X509(bio.p, 0, 0, 0) }; - if (cert.p) - { - if (X509_STORE* store = ::SSL_CTX_get_cert_store(handle_)) - { - if (::X509_STORE_add_cert(store, cert.p) == 1) - { - ec = asio::error_code(); - ASIO_SYNC_OP_VOID_RETURN(ec); - } - } - } - } - - ec = asio::error_code( - static_cast<int>(::ERR_get_error()), - asio::error::get_ssl_category()); - ASIO_SYNC_OP_VOID_RETURN(ec); -} - -void context::set_default_verify_paths() -{ - asio::error_code ec; - set_default_verify_paths(ec); - asio::detail::throw_error(ec, "set_default_verify_paths"); -} - -ASIO_SYNC_OP_VOID context::set_default_verify_paths( - asio::error_code& ec) -{ - ::ERR_clear_error(); - - if (::SSL_CTX_set_default_verify_paths(handle_) != 1) - { - ec = asio::error_code( - static_cast<int>(::ERR_get_error()), - asio::error::get_ssl_category()); - ASIO_SYNC_OP_VOID_RETURN(ec); - } - - ec = asio::error_code(); - ASIO_SYNC_OP_VOID_RETURN(ec); -} - -void context::add_verify_path(const std::string& path) -{ - asio::error_code ec; - add_verify_path(path, ec); - asio::detail::throw_error(ec, "add_verify_path"); -} - -ASIO_SYNC_OP_VOID context::add_verify_path( - const std::string& path, asio::error_code& ec) -{ - ::ERR_clear_error(); - - if (::SSL_CTX_load_verify_locations(handle_, 0, path.c_str()) != 1) - { - ec = asio::error_code( - static_cast<int>(::ERR_get_error()), - asio::error::get_ssl_category()); - ASIO_SYNC_OP_VOID_RETURN(ec); - } - - ec = asio::error_code(); - ASIO_SYNC_OP_VOID_RETURN(ec); -} - -void context::use_certificate( - const const_buffer& certificate, file_format format) -{ - asio::error_code ec; - use_certificate(certificate, format, ec); - asio::detail::throw_error(ec, "use_certificate"); -} - -ASIO_SYNC_OP_VOID context::use_certificate( - const const_buffer& certificate, file_format format, - asio::error_code& ec) -{ - ::ERR_clear_error(); - - if (format == context_base::asn1) - { - if (::SSL_CTX_use_certificate_ASN1(handle_, - static_cast<int>(certificate.size()), - static_cast<const unsigned char*>(certificate.data())) == 1) - { - ec = asio::error_code(); - ASIO_SYNC_OP_VOID_RETURN(ec); - } - } - else if (format == context_base::pem) - { - bio_cleanup bio = { make_buffer_bio(certificate) }; - if (bio.p) - { - x509_cleanup cert = { ::PEM_read_bio_X509(bio.p, 0, 0, 0) }; - if (cert.p) - { - if (::SSL_CTX_use_certificate(handle_, cert.p) == 1) - { - ec = asio::error_code(); - ASIO_SYNC_OP_VOID_RETURN(ec); - } - } - } - } - else - { - ec = asio::error::invalid_argument; - ASIO_SYNC_OP_VOID_RETURN(ec); - } - - ec = asio::error_code( - static_cast<int>(::ERR_get_error()), - asio::error::get_ssl_category()); - ASIO_SYNC_OP_VOID_RETURN(ec); -} - -void context::use_certificate_file( - const std::string& filename, file_format format) -{ - asio::error_code ec; - use_certificate_file(filename, format, ec); - asio::detail::throw_error(ec, "use_certificate_file"); -} - -ASIO_SYNC_OP_VOID context::use_certificate_file( - const std::string& filename, file_format format, - asio::error_code& ec) -{ - int file_type; - switch (format) - { - case context_base::asn1: - file_type = SSL_FILETYPE_ASN1; - break; - case context_base::pem: - file_type = SSL_FILETYPE_PEM; - break; - default: - { - ec = asio::error::invalid_argument; - ASIO_SYNC_OP_VOID_RETURN(ec); - } - } - - ::ERR_clear_error(); - - if (::SSL_CTX_use_certificate_file(handle_, filename.c_str(), file_type) != 1) - { - ec = asio::error_code( - static_cast<int>(::ERR_get_error()), - asio::error::get_ssl_category()); - ASIO_SYNC_OP_VOID_RETURN(ec); - } - - ec = asio::error_code(); - ASIO_SYNC_OP_VOID_RETURN(ec); -} - -void context::use_certificate_chain(const const_buffer& chain) -{ - asio::error_code ec; - use_certificate_chain(chain, ec); - asio::detail::throw_error(ec, "use_certificate_chain"); -} - -ASIO_SYNC_OP_VOID context::use_certificate_chain( - const const_buffer& chain, asio::error_code& ec) -{ - ::ERR_clear_error(); - - bio_cleanup bio = { make_buffer_bio(chain) }; - if (bio.p) - { -#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) && !defined(LIBRESSL_VERSION_NUMBER) - pem_password_cb* callback = ::SSL_CTX_get_default_passwd_cb(handle_); - void* cb_userdata = ::SSL_CTX_get_default_passwd_cb_userdata(handle_); -#else // (OPENSSL_VERSION_NUMBER >= 0x10100000L) - pem_password_cb* callback = handle_->default_passwd_callback; - void* cb_userdata = handle_->default_passwd_callback_userdata; -#endif // (OPENSSL_VERSION_NUMBER >= 0x10100000L) - x509_cleanup cert = { - ::PEM_read_bio_X509_AUX(bio.p, 0, - callback, - cb_userdata) }; - if (!cert.p) - { - ec = asio::error_code(ERR_R_PEM_LIB, - asio::error::get_ssl_category()); - ASIO_SYNC_OP_VOID_RETURN(ec); - } - - int result = ::SSL_CTX_use_certificate(handle_, cert.p); - if (result == 0 || ::ERR_peek_error() != 0) - { - ec = asio::error_code( - static_cast<int>(::ERR_get_error()), - asio::error::get_ssl_category()); - ASIO_SYNC_OP_VOID_RETURN(ec); - } - -#if (OPENSSL_VERSION_NUMBER >= 0x10002000L) && !defined(LIBRESSL_VERSION_NUMBER) - ::SSL_CTX_clear_chain_certs(handle_); -#else - if (handle_->extra_certs) - { - ::sk_X509_pop_free(handle_->extra_certs, X509_free); - handle_->extra_certs = 0; - } -#endif // (OPENSSL_VERSION_NUMBER >= 0x10002000L) - - while (X509* cacert = ::PEM_read_bio_X509(bio.p, 0, - callback, - cb_userdata)) - { - if (!::SSL_CTX_add_extra_chain_cert(handle_, cacert)) - { - ec = asio::error_code( - static_cast<int>(::ERR_get_error()), - asio::error::get_ssl_category()); - ASIO_SYNC_OP_VOID_RETURN(ec); - } - } - - result = ::ERR_peek_last_error(); - if ((ERR_GET_LIB(result) == ERR_LIB_PEM) - && (ERR_GET_REASON(result) == PEM_R_NO_START_LINE)) - { - ::ERR_clear_error(); - ec = asio::error_code(); - ASIO_SYNC_OP_VOID_RETURN(ec); - } - } - - ec = asio::error_code( - static_cast<int>(::ERR_get_error()), - asio::error::get_ssl_category()); - ASIO_SYNC_OP_VOID_RETURN(ec); -} - -void context::use_certificate_chain_file(const std::string& filename) -{ - asio::error_code ec; - use_certificate_chain_file(filename, ec); - asio::detail::throw_error(ec, "use_certificate_chain_file"); -} - -ASIO_SYNC_OP_VOID context::use_certificate_chain_file( - const std::string& filename, asio::error_code& ec) -{ - ::ERR_clear_error(); - - if (::SSL_CTX_use_certificate_chain_file(handle_, filename.c_str()) != 1) - { - ec = asio::error_code( - static_cast<int>(::ERR_get_error()), - asio::error::get_ssl_category()); - ASIO_SYNC_OP_VOID_RETURN(ec); - } - - ec = asio::error_code(); - ASIO_SYNC_OP_VOID_RETURN(ec); -} - -void context::use_private_key( - const const_buffer& private_key, context::file_format format) -{ - asio::error_code ec; - use_private_key(private_key, format, ec); - asio::detail::throw_error(ec, "use_private_key"); -} - -ASIO_SYNC_OP_VOID context::use_private_key( - const const_buffer& private_key, context::file_format format, - asio::error_code& ec) -{ - ::ERR_clear_error(); - -#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) && !defined(LIBRESSL_VERSION_NUMBER) - pem_password_cb* callback = ::SSL_CTX_get_default_passwd_cb(handle_); - void* cb_userdata = ::SSL_CTX_get_default_passwd_cb_userdata(handle_); -#else // (OPENSSL_VERSION_NUMBER >= 0x10100000L) - pem_password_cb* callback = handle_->default_passwd_callback; - void* cb_userdata = handle_->default_passwd_callback_userdata; -#endif // (OPENSSL_VERSION_NUMBER >= 0x10100000L) - - bio_cleanup bio = { make_buffer_bio(private_key) }; - if (bio.p) - { - evp_pkey_cleanup evp_private_key = { 0 }; - switch (format) - { - case context_base::asn1: - evp_private_key.p = ::d2i_PrivateKey_bio(bio.p, 0); - break; - case context_base::pem: - evp_private_key.p = ::PEM_read_bio_PrivateKey( - bio.p, 0, callback, - cb_userdata); - break; - default: - { - ec = asio::error::invalid_argument; - ASIO_SYNC_OP_VOID_RETURN(ec); - } - } - - if (evp_private_key.p) - { - if (::SSL_CTX_use_PrivateKey(handle_, evp_private_key.p) == 1) - { - ec = asio::error_code(); - ASIO_SYNC_OP_VOID_RETURN(ec); - } - } - } - - ec = asio::error_code( - static_cast<int>(::ERR_get_error()), - asio::error::get_ssl_category()); - ASIO_SYNC_OP_VOID_RETURN(ec); -} - -void context::use_private_key_file( - const std::string& filename, context::file_format format) -{ - asio::error_code ec; - use_private_key_file(filename, format, ec); - asio::detail::throw_error(ec, "use_private_key_file"); -} - -void context::use_rsa_private_key( - const const_buffer& private_key, context::file_format format) -{ - asio::error_code ec; - use_rsa_private_key(private_key, format, ec); - asio::detail::throw_error(ec, "use_rsa_private_key"); -} - -ASIO_SYNC_OP_VOID context::use_rsa_private_key( - const const_buffer& private_key, context::file_format format, - asio::error_code& ec) -{ - ::ERR_clear_error(); - -#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) && !defined(LIBRESSL_VERSION_NUMBER) - pem_password_cb* callback = ::SSL_CTX_get_default_passwd_cb(handle_); - void* cb_userdata = ::SSL_CTX_get_default_passwd_cb_userdata(handle_); -#else // (OPENSSL_VERSION_NUMBER >= 0x10100000L) - pem_password_cb* callback = handle_->default_passwd_callback; - void* cb_userdata = handle_->default_passwd_callback_userdata; -#endif // (OPENSSL_VERSION_NUMBER >= 0x10100000L) - - bio_cleanup bio = { make_buffer_bio(private_key) }; - if (bio.p) - { - rsa_cleanup rsa_private_key = { 0 }; - switch (format) - { - case context_base::asn1: - rsa_private_key.p = ::d2i_RSAPrivateKey_bio(bio.p, 0); - break; - case context_base::pem: - rsa_private_key.p = ::PEM_read_bio_RSAPrivateKey( - bio.p, 0, callback, - cb_userdata); - break; - default: - { - ec = asio::error::invalid_argument; - ASIO_SYNC_OP_VOID_RETURN(ec); - } - } - - if (rsa_private_key.p) - { - if (::SSL_CTX_use_RSAPrivateKey(handle_, rsa_private_key.p) == 1) - { - ec = asio::error_code(); - ASIO_SYNC_OP_VOID_RETURN(ec); - } - } - } - - ec = asio::error_code( - static_cast<int>(::ERR_get_error()), - asio::error::get_ssl_category()); - ASIO_SYNC_OP_VOID_RETURN(ec); -} - -ASIO_SYNC_OP_VOID context::use_private_key_file( - const std::string& filename, context::file_format format, - asio::error_code& ec) -{ - int file_type; - switch (format) - { - case context_base::asn1: - file_type = SSL_FILETYPE_ASN1; - break; - case context_base::pem: - file_type = SSL_FILETYPE_PEM; - break; - default: - { - ec = asio::error::invalid_argument; - ASIO_SYNC_OP_VOID_RETURN(ec); - } - } - - ::ERR_clear_error(); - - if (::SSL_CTX_use_PrivateKey_file(handle_, filename.c_str(), file_type) != 1) - { - ec = asio::error_code( - static_cast<int>(::ERR_get_error()), - asio::error::get_ssl_category()); - ASIO_SYNC_OP_VOID_RETURN(ec); - } - - ec = asio::error_code(); - ASIO_SYNC_OP_VOID_RETURN(ec); -} - -void context::use_rsa_private_key_file( - const std::string& filename, context::file_format format) -{ - asio::error_code ec; - use_rsa_private_key_file(filename, format, ec); - asio::detail::throw_error(ec, "use_rsa_private_key_file"); -} - -ASIO_SYNC_OP_VOID context::use_rsa_private_key_file( - const std::string& filename, context::file_format format, - asio::error_code& ec) -{ - int file_type; - switch (format) - { - case context_base::asn1: - file_type = SSL_FILETYPE_ASN1; - break; - case context_base::pem: - file_type = SSL_FILETYPE_PEM; - break; - default: - { - ec = asio::error::invalid_argument; - ASIO_SYNC_OP_VOID_RETURN(ec); - } - } - - ::ERR_clear_error(); - - if (::SSL_CTX_use_RSAPrivateKey_file( - handle_, filename.c_str(), file_type) != 1) - { - ec = asio::error_code( - static_cast<int>(::ERR_get_error()), - asio::error::get_ssl_category()); - ASIO_SYNC_OP_VOID_RETURN(ec); - } - - ec = asio::error_code(); - ASIO_SYNC_OP_VOID_RETURN(ec); -} - -void context::use_tmp_dh(const const_buffer& dh) -{ - asio::error_code ec; - use_tmp_dh(dh, ec); - asio::detail::throw_error(ec, "use_tmp_dh"); -} - -ASIO_SYNC_OP_VOID context::use_tmp_dh( - const const_buffer& dh, asio::error_code& ec) -{ - ::ERR_clear_error(); - - bio_cleanup bio = { make_buffer_bio(dh) }; - if (bio.p) - { - return do_use_tmp_dh(bio.p, ec); - } - - ec = asio::error_code( - static_cast<int>(::ERR_get_error()), - asio::error::get_ssl_category()); - ASIO_SYNC_OP_VOID_RETURN(ec); -} - -void context::use_tmp_dh_file(const std::string& filename) -{ - asio::error_code ec; - use_tmp_dh_file(filename, ec); - asio::detail::throw_error(ec, "use_tmp_dh_file"); -} - -ASIO_SYNC_OP_VOID context::use_tmp_dh_file( - const std::string& filename, asio::error_code& ec) -{ - ::ERR_clear_error(); - - bio_cleanup bio = { ::BIO_new_file(filename.c_str(), "r") }; - if (bio.p) - { - return do_use_tmp_dh(bio.p, ec); - } - - ec = asio::error_code( - static_cast<int>(::ERR_get_error()), - asio::error::get_ssl_category()); - ASIO_SYNC_OP_VOID_RETURN(ec); -} - -ASIO_SYNC_OP_VOID context::do_use_tmp_dh( - BIO* bio, asio::error_code& ec) -{ - ::ERR_clear_error(); - - dh_cleanup dh = { ::PEM_read_bio_DHparams(bio, 0, 0, 0) }; - if (dh.p) - { - if (::SSL_CTX_set_tmp_dh(handle_, dh.p) == 1) - { - ec = asio::error_code(); - ASIO_SYNC_OP_VOID_RETURN(ec); - } - } - - ec = asio::error_code( - static_cast<int>(::ERR_get_error()), - asio::error::get_ssl_category()); - ASIO_SYNC_OP_VOID_RETURN(ec); -} - -ASIO_SYNC_OP_VOID context::do_set_verify_callback( - detail::verify_callback_base* callback, asio::error_code& ec) -{ - if (SSL_CTX_get_app_data(handle_)) - { - delete static_cast<detail::verify_callback_base*>( - SSL_CTX_get_app_data(handle_)); - } - - SSL_CTX_set_app_data(handle_, callback); - - ::SSL_CTX_set_verify(handle_, - ::SSL_CTX_get_verify_mode(handle_), - &context::verify_callback_function); - - ec = asio::error_code(); - ASIO_SYNC_OP_VOID_RETURN(ec); -} - -int context::verify_callback_function(int preverified, X509_STORE_CTX* ctx) -{ - if (ctx) - { - if (SSL* ssl = static_cast<SSL*>( - ::X509_STORE_CTX_get_ex_data( - ctx, ::SSL_get_ex_data_X509_STORE_CTX_idx()))) - { - if (SSL_CTX* handle = ::SSL_get_SSL_CTX(ssl)) - { - if (SSL_CTX_get_app_data(handle)) - { - detail::verify_callback_base* callback = - static_cast<detail::verify_callback_base*>( - SSL_CTX_get_app_data(handle)); - - verify_context verify_ctx(ctx); - return callback->call(preverified != 0, verify_ctx) ? 1 : 0; - } - } - } - } - - return 0; -} - -ASIO_SYNC_OP_VOID context::do_set_password_callback( - detail::password_callback_base* callback, asio::error_code& ec) -{ -#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) && !defined(LIBRESSL_VERSION_NUMBER) - void* old_callback = ::SSL_CTX_get_default_passwd_cb_userdata(handle_); - ::SSL_CTX_set_default_passwd_cb_userdata(handle_, callback); -#else // (OPENSSL_VERSION_NUMBER >= 0x10100000L) - void* old_callback = handle_->default_passwd_callback_userdata; - handle_->default_passwd_callback_userdata = callback; -#endif // (OPENSSL_VERSION_NUMBER >= 0x10100000L) - - if (old_callback) - delete static_cast<detail::password_callback_base*>( - old_callback); - - SSL_CTX_set_default_passwd_cb(handle_, &context::password_callback_function); - - ec = asio::error_code(); - ASIO_SYNC_OP_VOID_RETURN(ec); -} - -int context::password_callback_function( - char* buf, int size, int purpose, void* data) -{ - using namespace std; // For strncat and strlen. - - if (data) - { - detail::password_callback_base* callback = - static_cast<detail::password_callback_base*>(data); - - std::string passwd = callback->call(static_cast<std::size_t>(size), - purpose ? context_base::for_writing : context_base::for_reading); - -#if defined(ASIO_HAS_SECURE_RTL) - strcpy_s(buf, size, passwd.c_str()); -#else // defined(ASIO_HAS_SECURE_RTL) - *buf = '\0'; - if (size > 0) - strncat(buf, passwd.c_str(), size - 1); -#endif // defined(ASIO_HAS_SECURE_RTL) - - return static_cast<int>(strlen(buf)); - } - - return 0; -} - -BIO* context::make_buffer_bio(const const_buffer& b) -{ - return ::BIO_new_mem_buf( - const_cast<void*>(b.data()), - static_cast<int>(b.size())); -} - } // namespace ssl } // namespace asio diff --git a/src/mongo/util/net/ssl/impl/error.ipp b/src/mongo/util/net/ssl/impl/error.ipp index 033b184447b..76ef5bdadda 100644 --- a/src/mongo/util/net/ssl/impl/error.ipp +++ b/src/mongo/util/net/ssl/impl/error.ipp @@ -17,7 +17,6 @@ #include "asio/detail/config.hpp" #include "mongo/util/net/ssl/error.hpp" -#include "mongo/util/net/ssl/detail/openssl_init.hpp" #include "asio/detail/push_options.hpp" diff --git a/src/mongo/util/net/ssl/impl/rfc2818_verification.ipp b/src/mongo/util/net/ssl/impl/rfc2818_verification.ipp deleted file mode 100644 index 269e22a7808..00000000000 --- a/src/mongo/util/net/ssl/impl/rfc2818_verification.ipp +++ /dev/null @@ -1,160 +0,0 @@ -// -// ssl/impl/rfc2818_verification.ipp -// ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -// -// Copyright (c) 2003-2017 Christopher M. Kohlhoff (chris at kohlhoff dot com) -// -// Distributed under the Boost Software License, Version 1.0. (See accompanying -// file LICENSE_1_0.txt or copy at http://www.boost.org/LICENSE_1_0.txt) -// - -#ifndef ASIO_SSL_IMPL_RFC2818_VERIFICATION_IPP -#define ASIO_SSL_IMPL_RFC2818_VERIFICATION_IPP - -#if defined(_MSC_VER) && (_MSC_VER >= 1200) -# pragma once -#endif // defined(_MSC_VER) && (_MSC_VER >= 1200) - -#include "asio/detail/config.hpp" - -#include <cctype> -#include <cstring> -#include "asio/ip/address.hpp" -#include "mongo/util/net/ssl/rfc2818_verification.hpp" -#include "mongo/util/net/ssl/detail/openssl_types.hpp" - -#include "asio/detail/push_options.hpp" - -namespace asio { -namespace ssl { - -bool rfc2818_verification::operator()( - bool preverified, verify_context& ctx) const -{ - using namespace std; // For memcmp. - - // Don't bother looking at certificates that have failed pre-verification. - if (!preverified) - return false; - - // We're only interested in checking the certificate at the end of the chain. - int depth = X509_STORE_CTX_get_error_depth(ctx.native_handle()); - if (depth > 0) - return true; - - // Try converting the host name to an address. If it is an address then we - // need to look for an IP address in the certificate rather than a host name. - asio::error_code ec; - ip::address address = ip::make_address(host_, ec); - bool is_address = !ec; - - X509* cert = X509_STORE_CTX_get_current_cert(ctx.native_handle()); - - // Go through the alternate names in the certificate looking for matching DNS - // or IP address entries. - GENERAL_NAMES* gens = static_cast<GENERAL_NAMES*>( - X509_get_ext_d2i(cert, NID_subject_alt_name, 0, 0)); - for (int i = 0; i < sk_GENERAL_NAME_num(gens); ++i) - { - GENERAL_NAME* gen = sk_GENERAL_NAME_value(gens, i); - if (gen->type == GEN_DNS && !is_address) - { - ASN1_IA5STRING* domain = gen->d.dNSName; - if (domain->type == V_ASN1_IA5STRING && domain->data && domain->length) - { - const char* pattern = reinterpret_cast<const char*>(domain->data); - std::size_t pattern_length = domain->length; - if (match_pattern(pattern, pattern_length, host_.c_str())) - { - GENERAL_NAMES_free(gens); - return true; - } - } - } - else if (gen->type == GEN_IPADD && is_address) - { - ASN1_OCTET_STRING* ip_address = gen->d.iPAddress; - if (ip_address->type == V_ASN1_OCTET_STRING && ip_address->data) - { - if (address.is_v4() && ip_address->length == 4) - { - ip::address_v4::bytes_type bytes = address.to_v4().to_bytes(); - if (memcmp(bytes.data(), ip_address->data, 4) == 0) - { - GENERAL_NAMES_free(gens); - return true; - } - } - else if (address.is_v6() && ip_address->length == 16) - { - ip::address_v6::bytes_type bytes = address.to_v6().to_bytes(); - if (memcmp(bytes.data(), ip_address->data, 16) == 0) - { - GENERAL_NAMES_free(gens); - return true; - } - } - } - } - } - GENERAL_NAMES_free(gens); - - // No match in the alternate names, so try the common names. We should only - // use the "most specific" common name, which is the last one in the list. - X509_NAME* name = X509_get_subject_name(cert); - int i = -1; - ASN1_STRING* common_name = 0; - while ((i = X509_NAME_get_index_by_NID(name, NID_commonName, i)) >= 0) - { - X509_NAME_ENTRY* name_entry = X509_NAME_get_entry(name, i); - common_name = X509_NAME_ENTRY_get_data(name_entry); - } - if (common_name && common_name->data && common_name->length) - { - const char* pattern = reinterpret_cast<const char*>(common_name->data); - std::size_t pattern_length = common_name->length; - if (match_pattern(pattern, pattern_length, host_.c_str())) - return true; - } - - return false; -} - -bool rfc2818_verification::match_pattern(const char* pattern, - std::size_t pattern_length, const char* host) -{ - using namespace std; // For tolower. - - const char* p = pattern; - const char* p_end = p + pattern_length; - const char* h = host; - - while (p != p_end && *h) - { - if (*p == '*') - { - ++p; - while (*h && *h != '.') - if (match_pattern(p, p_end - p, h++)) - return true; - } - else if (tolower(*p) == tolower(*h)) - { - ++p; - ++h; - } - else - { - return false; - } - } - - return p == p_end && !*h; -} - -} // namespace ssl -} // namespace asio - -#include "asio/detail/pop_options.hpp" - -#endif // ASIO_SSL_IMPL_RFC2818_VERIFICATION_IPP diff --git a/src/mongo/util/net/ssl/impl/src.hpp b/src/mongo/util/net/ssl/impl/src.hpp index 009121676e7..45b5b3533d1 100644 --- a/src/mongo/util/net/ssl/impl/src.hpp +++ b/src/mongo/util/net/ssl/impl/src.hpp @@ -22,7 +22,5 @@ #include "mongo/util/net/ssl/impl/context.ipp" #include "mongo/util/net/ssl/impl/error.ipp" #include "mongo/util/net/ssl/detail/impl/engine.ipp" -#include "mongo/util/net/ssl/detail/impl/openssl_init.ipp" -#include "mongo/util/net/ssl/impl/rfc2818_verification.ipp" #endif // ASIO_SSL_IMPL_SRC_HPP diff --git a/src/mongo/util/net/ssl/rfc2818_verification.hpp b/src/mongo/util/net/ssl/rfc2818_verification.hpp deleted file mode 100644 index 4b2774c98a4..00000000000 --- a/src/mongo/util/net/ssl/rfc2818_verification.hpp +++ /dev/null @@ -1,94 +0,0 @@ -// -// ssl/rfc2818_verification.hpp -// ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -// -// Copyright (c) 2003-2017 Christopher M. Kohlhoff (chris at kohlhoff dot com) -// -// Distributed under the Boost Software License, Version 1.0. (See accompanying -// file LICENSE_1_0.txt or copy at http://www.boost.org/LICENSE_1_0.txt) -// - -#ifndef ASIO_SSL_RFC2818_VERIFICATION_HPP -#define ASIO_SSL_RFC2818_VERIFICATION_HPP - -#if defined(_MSC_VER) && (_MSC_VER >= 1200) -# pragma once -#endif // defined(_MSC_VER) && (_MSC_VER >= 1200) - -#include "asio/detail/config.hpp" - -#include <string> -#include "mongo/util/net/ssl/detail/openssl_types.hpp" -#include "mongo/util/net/ssl/verify_context.hpp" - -#include "asio/detail/push_options.hpp" - -namespace asio { -namespace ssl { - -/// Verifies a certificate against a hostname according to the rules described -/// in RFC 2818. -/** - * @par Example - * The following example shows how to synchronously open a secure connection to - * a given host name: - * @code - * using asio::ip::tcp; - * namespace ssl = asio::ssl; - * typedef ssl::stream<tcp::socket> ssl_socket; - * - * // Create a context that uses the default paths for finding CA certificates. - * ssl::context ctx(ssl::context::sslv23); - * ctx.set_default_verify_paths(); - * - * // Open a socket and connect it to the remote host. - * asio::io_context io_context; - * ssl_socket sock(io_context, ctx); - * tcp::resolver resolver(io_context); - * tcp::resolver::query query("host.name", "https"); - * asio::connect(sock.lowest_layer(), resolver.resolve(query)); - * sock.lowest_layer().set_option(tcp::no_delay(true)); - * - * // Perform SSL handshake and verify the remote host's certificate. - * sock.set_verify_mode(ssl::verify_peer); - * sock.set_verify_callback(ssl::rfc2818_verification("host.name")); - * sock.handshake(ssl_socket::client); - * - * // ... read and write as normal ... - * @endcode - */ -class rfc2818_verification -{ -public: - /// The type of the function object's result. - typedef bool result_type; - - /// Constructor. - explicit rfc2818_verification(const std::string& host) - : host_(host) - { - } - - /// Perform certificate verification. - ASIO_DECL bool operator()(bool preverified, verify_context& ctx) const; - -private: - // Helper function to check a host name against a pattern. - ASIO_DECL static bool match_pattern(const char* pattern, - std::size_t pattern_length, const char* host); - - // Helper function to check a host name against an IPv4 address - // The host name to be checked. - std::string host_; -}; - -} // namespace ssl -} // namespace asio - -#include "asio/detail/pop_options.hpp" - -#if defined(ASIO_HEADER_ONLY) -# include "mongo/util/net/ssl/impl/rfc2818_verification.ipp" -#endif // defined(ASIO_HEADER_ONLY) - -#endif // ASIO_SSL_RFC2818_VERIFICATION_HPP diff --git a/src/mongo/util/net/ssl/stream.hpp b/src/mongo/util/net/ssl/stream.hpp index 7680c5c247e..6677493fa80 100644 --- a/src/mongo/util/net/ssl/stream.hpp +++ b/src/mongo/util/net/ssl/stream.hpp @@ -68,12 +68,6 @@ public: /// The native handle type of the SSL stream. typedef SSL* native_handle_type; - /// Structure for use with deprecated impl_type. - struct impl_struct - { - SSL* ssl; - }; - /// The type of the next layer. typedef typename remove_reference<Stream>::type next_layer_type; @@ -228,135 +222,6 @@ public: return next_layer_.lowest_layer(); } - /// Set the peer verification mode. - /** - * This function may be used to configure the peer verification mode used by - * the stream. The new mode will override the mode inherited from the context. - * - * @param v A bitmask of peer verification modes. See @ref verify_mode for - * available values. - * - * @throws asio::system_error Thrown on failure. - * - * @note Calls @c SSL_set_verify. - */ - void set_verify_mode(verify_mode v) - { - asio::error_code ec; - set_verify_mode(v, ec); - asio::detail::throw_error(ec, "set_verify_mode"); - } - - /// Set the peer verification mode. - /** - * This function may be used to configure the peer verification mode used by - * the stream. The new mode will override the mode inherited from the context. - * - * @param v A bitmask of peer verification modes. See @ref verify_mode for - * available values. - * - * @param ec Set to indicate what error occurred, if any. - * - * @note Calls @c SSL_set_verify. - */ - ASIO_SYNC_OP_VOID set_verify_mode( - verify_mode v, asio::error_code& ec) - { - core_.engine_.set_verify_mode(v, ec); - ASIO_SYNC_OP_VOID_RETURN(ec); - } - - /// Set the peer verification depth. - /** - * This function may be used to configure the maximum verification depth - * allowed by the stream. - * - * @param depth Maximum depth for the certificate chain verification that - * shall be allowed. - * - * @throws asio::system_error Thrown on failure. - * - * @note Calls @c SSL_set_verify_depth. - */ - void set_verify_depth(int depth) - { - asio::error_code ec; - set_verify_depth(depth, ec); - asio::detail::throw_error(ec, "set_verify_depth"); - } - - /// Set the peer verification depth. - /** - * This function may be used to configure the maximum verification depth - * allowed by the stream. - * - * @param depth Maximum depth for the certificate chain verification that - * shall be allowed. - * - * @param ec Set to indicate what error occurred, if any. - * - * @note Calls @c SSL_set_verify_depth. - */ - ASIO_SYNC_OP_VOID set_verify_depth( - int depth, asio::error_code& ec) - { - core_.engine_.set_verify_depth(depth, ec); - ASIO_SYNC_OP_VOID_RETURN(ec); - } - - /// Set the callback used to verify peer certificates. - /** - * This function is used to specify a callback function that will be called - * by the implementation when it needs to verify a peer certificate. - * - * @param callback The function object to be used for verifying a certificate. - * The function signature of the handler must be: - * @code bool verify_callback( - * bool preverified, // True if the certificate passed pre-verification. - * verify_context& ctx // The peer certificate and other context. - * ); @endcode - * The return value of the callback is true if the certificate has passed - * verification, false otherwise. - * - * @throws asio::system_error Thrown on failure. - * - * @note Calls @c SSL_set_verify. - */ - template <typename VerifyCallback> - void set_verify_callback(VerifyCallback callback) - { - asio::error_code ec; - this->set_verify_callback(callback, ec); - asio::detail::throw_error(ec, "set_verify_callback"); - } - - /// Set the callback used to verify peer certificates. - /** - * This function is used to specify a callback function that will be called - * by the implementation when it needs to verify a peer certificate. - * - * @param callback The function object to be used for verifying a certificate. - * The function signature of the handler must be: - * @code bool verify_callback( - * bool preverified, // True if the certificate passed pre-verification. - * verify_context& ctx // The peer certificate and other context. - * ); @endcode - * The return value of the callback is true if the certificate has passed - * verification, false otherwise. - * - * @param ec Set to indicate what error occurred, if any. - * - * @note Calls @c SSL_set_verify. - */ - template <typename VerifyCallback> - ASIO_SYNC_OP_VOID set_verify_callback(VerifyCallback callback, - asio::error_code& ec) - { - core_.engine_.set_verify_callback( - new detail::verify_callback<VerifyCallback>(callback), ec); - ASIO_SYNC_OP_VOID_RETURN(ec); - } - /// Perform SSL handshaking. /** * This function is used to perform SSL handshaking on the stream. The diff --git a/src/mongo/util/net/ssl/verify_context.hpp b/src/mongo/util/net/ssl/verify_context.hpp deleted file mode 100644 index 3db47e9eb57..00000000000 --- a/src/mongo/util/net/ssl/verify_context.hpp +++ /dev/null @@ -1,67 +0,0 @@ -// -// ssl/verify_context.hpp -// ~~~~~~~~~~~~~~~~~~~~~~ -// -// Copyright (c) 2003-2017 Christopher M. Kohlhoff (chris at kohlhoff dot com) -// -// Distributed under the Boost Software License, Version 1.0. (See accompanying -// file LICENSE_1_0.txt or copy at http://www.boost.org/LICENSE_1_0.txt) -// - -#ifndef ASIO_SSL_VERIFY_CONTEXT_HPP -#define ASIO_SSL_VERIFY_CONTEXT_HPP - -#if defined(_MSC_VER) && (_MSC_VER >= 1200) -# pragma once -#endif // defined(_MSC_VER) && (_MSC_VER >= 1200) - -#include "asio/detail/config.hpp" - -#include "asio/detail/noncopyable.hpp" -#include "mongo/util/net/ssl/detail/openssl_types.hpp" - -#include "asio/detail/push_options.hpp" - -namespace asio { -namespace ssl { - -/// A simple wrapper around the X509_STORE_CTX type, used during verification of -/// a peer certificate. -/** - * @note The verify_context does not own the underlying X509_STORE_CTX object. - */ -class verify_context - : private noncopyable -{ -public: - /// The native handle type of the verification context. - typedef X509_STORE_CTX* native_handle_type; - - /// Constructor. - explicit verify_context(native_handle_type handle) - : handle_(handle) - { - } - - /// Get the underlying implementation in the native type. - /** - * This function may be used to obtain the underlying implementation of the - * context. This is intended to allow access to context functionality that is - * not otherwise provided. - */ - native_handle_type native_handle() - { - return handle_; - } - -private: - // The underlying native implementation. - native_handle_type handle_; -}; - -} // namespace ssl -} // namespace asio - -#include "asio/detail/pop_options.hpp" - -#endif // ASIO_SSL_VERIFY_CONTEXT_HPP diff --git a/src/mongo/util/net/ssl/verify_mode.hpp b/src/mongo/util/net/ssl/verify_mode.hpp deleted file mode 100644 index b0400abc686..00000000000 --- a/src/mongo/util/net/ssl/verify_mode.hpp +++ /dev/null @@ -1,63 +0,0 @@ -// -// ssl/verify_mode.hpp -// ~~~~~~~~~~~~~~~~~~~ -// -// Copyright (c) 2003-2017 Christopher M. Kohlhoff (chris at kohlhoff dot com) -// -// Distributed under the Boost Software License, Version 1.0. (See accompanying -// file LICENSE_1_0.txt or copy at http://www.boost.org/LICENSE_1_0.txt) -// - -#ifndef ASIO_SSL_VERIFY_MODE_HPP -#define ASIO_SSL_VERIFY_MODE_HPP - -#if defined(_MSC_VER) && (_MSC_VER >= 1200) -# pragma once -#endif // defined(_MSC_VER) && (_MSC_VER >= 1200) - -#include "asio/detail/config.hpp" -#include "mongo/util/net/ssl/detail/openssl_types.hpp" - -#include "asio/detail/push_options.hpp" - -namespace asio { -namespace ssl { - -/// Bitmask type for peer verification. -/** - * Possible values are: - * - * @li @ref verify_none - * @li @ref verify_peer - * @li @ref verify_fail_if_no_peer_cert - * @li @ref verify_client_once - */ -typedef int verify_mode; - -#if defined(GENERATING_DOCUMENTATION) -/// No verification. -const int verify_none = implementation_defined; - -/// Verify the peer. -const int verify_peer = implementation_defined; - -/// Fail verification if the peer has no certificate. Ignored unless -/// @ref verify_peer is set. -const int verify_fail_if_no_peer_cert = implementation_defined; - -/// Do not request client certificate on renegotiation. Ignored unless -/// @ref verify_peer is set. -const int verify_client_once = implementation_defined; -#else -const int verify_none = SSL_VERIFY_NONE; -const int verify_peer = SSL_VERIFY_PEER; -const int verify_fail_if_no_peer_cert = SSL_VERIFY_FAIL_IF_NO_PEER_CERT; -const int verify_client_once = SSL_VERIFY_CLIENT_ONCE; -#endif - -} // namespace ssl -} // namespace asio - -#include "asio/detail/pop_options.hpp" - -#endif // ASIO_SSL_VERIFY_MODE_HPP |