summaryrefslogtreecommitdiff
path: root/src/mongo
diff options
context:
space:
mode:
authorMark Benvenuto <mark.benvenuto@mongodb.com>2018-02-13 14:07:53 -0500
committerMark Benvenuto <mark.benvenuto@mongodb.com>2018-02-13 14:07:53 -0500
commit7f074daf0ad102b6f32abdd1b28cc9c73b46b52f (patch)
tree3436c8a330371e9383a21e7a24e039b6f14c2946 /src/mongo
parent3924664a0d09741671a08c9507d440ae79384cb6 (diff)
downloadmongo-7f074daf0ad102b6f32abdd1b28cc9c73b46b52f.tar.gz
SERVER-33267 Strip unused ssl code
Diffstat (limited to 'src/mongo')
-rw-r--r--src/mongo/util/net/ssl.hpp3
-rw-r--r--src/mongo/util/net/ssl/context.hpp664
-rw-r--r--src/mongo/util/net/ssl/context_base.hpp32
-rw-r--r--src/mongo/util/net/ssl/detail/engine.hpp18
-rw-r--r--src/mongo/util/net/ssl/detail/impl/engine.ipp58
-rw-r--r--src/mongo/util/net/ssl/detail/impl/openssl_init.ipp163
-rw-r--r--src/mongo/util/net/ssl/detail/openssl_init.hpp101
-rw-r--r--src/mongo/util/net/ssl/detail/password_callback.hpp66
-rw-r--r--src/mongo/util/net/ssl/detail/verify_callback.hpp62
-rw-r--r--src/mongo/util/net/ssl/impl/context.hpp67
-rw-r--r--src/mongo/util/net/ssl/impl/context.ipp825
-rw-r--r--src/mongo/util/net/ssl/impl/error.ipp1
-rw-r--r--src/mongo/util/net/ssl/impl/rfc2818_verification.ipp160
-rw-r--r--src/mongo/util/net/ssl/impl/src.hpp2
-rw-r--r--src/mongo/util/net/ssl/rfc2818_verification.hpp94
-rw-r--r--src/mongo/util/net/ssl/stream.hpp135
-rw-r--r--src/mongo/util/net/ssl/verify_context.hpp67
-rw-r--r--src/mongo/util/net/ssl/verify_mode.hpp63
18 files changed, 0 insertions, 2581 deletions
diff --git a/src/mongo/util/net/ssl.hpp b/src/mongo/util/net/ssl.hpp
index 8a7c3487a17..f3644745e79 100644
--- a/src/mongo/util/net/ssl.hpp
+++ b/src/mongo/util/net/ssl.hpp
@@ -18,10 +18,7 @@
#include "mongo/util/net/ssl/context.hpp"
#include "mongo/util/net/ssl/context_base.hpp"
#include "mongo/util/net/ssl/error.hpp"
-#include "mongo/util/net/ssl/rfc2818_verification.hpp"
#include "mongo/util/net/ssl/stream.hpp"
#include "mongo/util/net/ssl/stream_base.hpp"
-#include "mongo/util/net/ssl/verify_context.hpp"
-#include "mongo/util/net/ssl/verify_mode.hpp"
#endif // ASIO_SSL_HPP
diff --git a/src/mongo/util/net/ssl/context.hpp b/src/mongo/util/net/ssl/context.hpp
index 1f146ad7e8e..bf2f464f1f4 100644
--- a/src/mongo/util/net/ssl/context.hpp
+++ b/src/mongo/util/net/ssl/context.hpp
@@ -22,10 +22,6 @@
#include "asio/io_context.hpp"
#include "mongo/util/net/ssl/context_base.hpp"
#include "mongo/util/net/ssl/detail/openssl_types.hpp"
-#include "mongo/util/net/ssl/detail/openssl_init.hpp"
-#include "mongo/util/net/ssl/detail/password_callback.hpp"
-#include "mongo/util/net/ssl/detail/verify_callback.hpp"
-#include "mongo/util/net/ssl/verify_mode.hpp"
#include "asio/detail/push_options.hpp"
@@ -82,668 +78,9 @@ public:
*/
ASIO_DECL native_handle_type native_handle();
- /// Clear options on the context.
- /**
- * This function may be used to configure the SSL options used by the context.
- *
- * @param o A bitmask of options. The available option values are defined in
- * the context_base class. The specified options, if currently enabled on the
- * context, are cleared.
- *
- * @throws asio::system_error Thrown on failure.
- *
- * @note Calls @c SSL_CTX_clear_options.
- */
- ASIO_DECL void clear_options(options o);
-
- /// Clear options on the context.
- /**
- * This function may be used to configure the SSL options used by the context.
- *
- * @param o A bitmask of options. The available option values are defined in
- * the context_base class. The specified options, if currently enabled on the
- * context, are cleared.
- *
- * @param ec Set to indicate what error occurred, if any.
- *
- * @note Calls @c SSL_CTX_clear_options.
- */
- ASIO_DECL ASIO_SYNC_OP_VOID clear_options(options o,
- asio::error_code& ec);
-
- /// Set options on the context.
- /**
- * This function may be used to configure the SSL options used by the context.
- *
- * @param o A bitmask of options. The available option values are defined in
- * the context_base class. The options are bitwise-ored with any existing
- * value for the options.
- *
- * @throws asio::system_error Thrown on failure.
- *
- * @note Calls @c SSL_CTX_set_options.
- */
- ASIO_DECL void set_options(options o);
-
- /// Set options on the context.
- /**
- * This function may be used to configure the SSL options used by the context.
- *
- * @param o A bitmask of options. The available option values are defined in
- * the context_base class. The options are bitwise-ored with any existing
- * value for the options.
- *
- * @param ec Set to indicate what error occurred, if any.
- *
- * @note Calls @c SSL_CTX_set_options.
- */
- ASIO_DECL ASIO_SYNC_OP_VOID set_options(options o,
- asio::error_code& ec);
-
- /// Set the peer verification mode.
- /**
- * This function may be used to configure the peer verification mode used by
- * the context.
- *
- * @param v A bitmask of peer verification modes. See @ref verify_mode for
- * available values.
- *
- * @throws asio::system_error Thrown on failure.
- *
- * @note Calls @c SSL_CTX_set_verify.
- */
- ASIO_DECL void set_verify_mode(verify_mode v);
-
- /// Set the peer verification mode.
- /**
- * This function may be used to configure the peer verification mode used by
- * the context.
- *
- * @param v A bitmask of peer verification modes. See @ref verify_mode for
- * available values.
- *
- * @param ec Set to indicate what error occurred, if any.
- *
- * @note Calls @c SSL_CTX_set_verify.
- */
- ASIO_DECL ASIO_SYNC_OP_VOID set_verify_mode(
- verify_mode v, asio::error_code& ec);
-
- /// Set the peer verification depth.
- /**
- * This function may be used to configure the maximum verification depth
- * allowed by the context.
- *
- * @param depth Maximum depth for the certificate chain verification that
- * shall be allowed.
- *
- * @throws asio::system_error Thrown on failure.
- *
- * @note Calls @c SSL_CTX_set_verify_depth.
- */
- ASIO_DECL void set_verify_depth(int depth);
-
- /// Set the peer verification depth.
- /**
- * This function may be used to configure the maximum verification depth
- * allowed by the context.
- *
- * @param depth Maximum depth for the certificate chain verification that
- * shall be allowed.
- *
- * @param ec Set to indicate what error occurred, if any.
- *
- * @note Calls @c SSL_CTX_set_verify_depth.
- */
- ASIO_DECL ASIO_SYNC_OP_VOID set_verify_depth(
- int depth, asio::error_code& ec);
-
- /// Set the callback used to verify peer certificates.
- /**
- * This function is used to specify a callback function that will be called
- * by the implementation when it needs to verify a peer certificate.
- *
- * @param callback The function object to be used for verifying a certificate.
- * The function signature of the handler must be:
- * @code bool verify_callback(
- * bool preverified, // True if the certificate passed pre-verification.
- * verify_context& ctx // The peer certificate and other context.
- * ); @endcode
- * The return value of the callback is true if the certificate has passed
- * verification, false otherwise.
- *
- * @throws asio::system_error Thrown on failure.
- *
- * @note Calls @c SSL_CTX_set_verify.
- */
- template <typename VerifyCallback>
- void set_verify_callback(VerifyCallback callback);
-
- /// Set the callback used to verify peer certificates.
- /**
- * This function is used to specify a callback function that will be called
- * by the implementation when it needs to verify a peer certificate.
- *
- * @param callback The function object to be used for verifying a certificate.
- * The function signature of the handler must be:
- * @code bool verify_callback(
- * bool preverified, // True if the certificate passed pre-verification.
- * verify_context& ctx // The peer certificate and other context.
- * ); @endcode
- * The return value of the callback is true if the certificate has passed
- * verification, false otherwise.
- *
- * @param ec Set to indicate what error occurred, if any.
- *
- * @note Calls @c SSL_CTX_set_verify.
- */
- template <typename VerifyCallback>
- ASIO_SYNC_OP_VOID set_verify_callback(VerifyCallback callback,
- asio::error_code& ec);
-
- /// Load a certification authority file for performing verification.
- /**
- * This function is used to load one or more trusted certification authorities
- * from a file.
- *
- * @param filename The name of a file containing certification authority
- * certificates in PEM format.
- *
- * @throws asio::system_error Thrown on failure.
- *
- * @note Calls @c SSL_CTX_load_verify_locations.
- */
- ASIO_DECL void load_verify_file(const std::string& filename);
-
- /// Load a certification authority file for performing verification.
- /**
- * This function is used to load the certificates for one or more trusted
- * certification authorities from a file.
- *
- * @param filename The name of a file containing certification authority
- * certificates in PEM format.
- *
- * @param ec Set to indicate what error occurred, if any.
- *
- * @note Calls @c SSL_CTX_load_verify_locations.
- */
- ASIO_DECL ASIO_SYNC_OP_VOID load_verify_file(
- const std::string& filename, asio::error_code& ec);
-
- /// Add certification authority for performing verification.
- /**
- * This function is used to add one trusted certification authority
- * from a memory buffer.
- *
- * @param ca The buffer containing the certification authority certificate.
- * The certificate must use the PEM format.
- *
- * @throws asio::system_error Thrown on failure.
- *
- * @note Calls @c SSL_CTX_get_cert_store and @c X509_STORE_add_cert.
- */
- ASIO_DECL void add_certificate_authority(const const_buffer& ca);
-
- /// Add certification authority for performing verification.
- /**
- * This function is used to add one trusted certification authority
- * from a memory buffer.
- *
- * @param ca The buffer containing the certification authority certificate.
- * The certificate must use the PEM format.
- *
- * @param ec Set to indicate what error occurred, if any.
- *
- * @note Calls @c SSL_CTX_get_cert_store and @c X509_STORE_add_cert.
- */
- ASIO_DECL ASIO_SYNC_OP_VOID add_certificate_authority(
- const const_buffer& ca, asio::error_code& ec);
-
- /// Configures the context to use the default directories for finding
- /// certification authority certificates.
- /**
- * This function specifies that the context should use the default,
- * system-dependent directories for locating certification authority
- * certificates.
- *
- * @throws asio::system_error Thrown on failure.
- *
- * @note Calls @c SSL_CTX_set_default_verify_paths.
- */
- ASIO_DECL void set_default_verify_paths();
-
- /// Configures the context to use the default directories for finding
- /// certification authority certificates.
- /**
- * This function specifies that the context should use the default,
- * system-dependent directories for locating certification authority
- * certificates.
- *
- * @param ec Set to indicate what error occurred, if any.
- *
- * @note Calls @c SSL_CTX_set_default_verify_paths.
- */
- ASIO_DECL ASIO_SYNC_OP_VOID set_default_verify_paths(
- asio::error_code& ec);
-
- /// Add a directory containing certificate authority files to be used for
- /// performing verification.
- /**
- * This function is used to specify the name of a directory containing
- * certification authority certificates. Each file in the directory must
- * contain a single certificate. The files must be named using the subject
- * name's hash and an extension of ".0".
- *
- * @param path The name of a directory containing the certificates.
- *
- * @throws asio::system_error Thrown on failure.
- *
- * @note Calls @c SSL_CTX_load_verify_locations.
- */
- ASIO_DECL void add_verify_path(const std::string& path);
-
- /// Add a directory containing certificate authority files to be used for
- /// performing verification.
- /**
- * This function is used to specify the name of a directory containing
- * certification authority certificates. Each file in the directory must
- * contain a single certificate. The files must be named using the subject
- * name's hash and an extension of ".0".
- *
- * @param path The name of a directory containing the certificates.
- *
- * @param ec Set to indicate what error occurred, if any.
- *
- * @note Calls @c SSL_CTX_load_verify_locations.
- */
- ASIO_DECL ASIO_SYNC_OP_VOID add_verify_path(
- const std::string& path, asio::error_code& ec);
-
- /// Use a certificate from a memory buffer.
- /**
- * This function is used to load a certificate into the context from a buffer.
- *
- * @param certificate The buffer containing the certificate.
- *
- * @param format The certificate format (ASN.1 or PEM).
- *
- * @throws asio::system_error Thrown on failure.
- *
- * @note Calls @c SSL_CTX_use_certificate or SSL_CTX_use_certificate_ASN1.
- */
- ASIO_DECL void use_certificate(
- const const_buffer& certificate, file_format format);
-
- /// Use a certificate from a memory buffer.
- /**
- * This function is used to load a certificate into the context from a buffer.
- *
- * @param certificate The buffer containing the certificate.
- *
- * @param format The certificate format (ASN.1 or PEM).
- *
- * @param ec Set to indicate what error occurred, if any.
- *
- * @note Calls @c SSL_CTX_use_certificate or SSL_CTX_use_certificate_ASN1.
- */
- ASIO_DECL ASIO_SYNC_OP_VOID use_certificate(
- const const_buffer& certificate, file_format format,
- asio::error_code& ec);
-
- /// Use a certificate from a file.
- /**
- * This function is used to load a certificate into the context from a file.
- *
- * @param filename The name of the file containing the certificate.
- *
- * @param format The file format (ASN.1 or PEM).
- *
- * @throws asio::system_error Thrown on failure.
- *
- * @note Calls @c SSL_CTX_use_certificate_file.
- */
- ASIO_DECL void use_certificate_file(
- const std::string& filename, file_format format);
-
- /// Use a certificate from a file.
- /**
- * This function is used to load a certificate into the context from a file.
- *
- * @param filename The name of the file containing the certificate.
- *
- * @param format The file format (ASN.1 or PEM).
- *
- * @param ec Set to indicate what error occurred, if any.
- *
- * @note Calls @c SSL_CTX_use_certificate_file.
- */
- ASIO_DECL ASIO_SYNC_OP_VOID use_certificate_file(
- const std::string& filename, file_format format,
- asio::error_code& ec);
-
- /// Use a certificate chain from a memory buffer.
- /**
- * This function is used to load a certificate chain into the context from a
- * buffer.
- *
- * @param chain The buffer containing the certificate chain. The certificate
- * chain must use the PEM format.
- *
- * @throws asio::system_error Thrown on failure.
- *
- * @note Calls @c SSL_CTX_use_certificate and SSL_CTX_add_extra_chain_cert.
- */
- ASIO_DECL void use_certificate_chain(const const_buffer& chain);
-
- /// Use a certificate chain from a memory buffer.
- /**
- * This function is used to load a certificate chain into the context from a
- * buffer.
- *
- * @param chain The buffer containing the certificate chain. The certificate
- * chain must use the PEM format.
- *
- * @param ec Set to indicate what error occurred, if any.
- *
- * @note Calls @c SSL_CTX_use_certificate and SSL_CTX_add_extra_chain_cert.
- */
- ASIO_DECL ASIO_SYNC_OP_VOID use_certificate_chain(
- const const_buffer& chain, asio::error_code& ec);
-
- /// Use a certificate chain from a file.
- /**
- * This function is used to load a certificate chain into the context from a
- * file.
- *
- * @param filename The name of the file containing the certificate. The file
- * must use the PEM format.
- *
- * @throws asio::system_error Thrown on failure.
- *
- * @note Calls @c SSL_CTX_use_certificate_chain_file.
- */
- ASIO_DECL void use_certificate_chain_file(const std::string& filename);
-
- /// Use a certificate chain from a file.
- /**
- * This function is used to load a certificate chain into the context from a
- * file.
- *
- * @param filename The name of the file containing the certificate. The file
- * must use the PEM format.
- *
- * @param ec Set to indicate what error occurred, if any.
- *
- * @note Calls @c SSL_CTX_use_certificate_chain_file.
- */
- ASIO_DECL ASIO_SYNC_OP_VOID use_certificate_chain_file(
- const std::string& filename, asio::error_code& ec);
-
- /// Use a private key from a memory buffer.
- /**
- * This function is used to load a private key into the context from a buffer.
- *
- * @param private_key The buffer containing the private key.
- *
- * @param format The private key format (ASN.1 or PEM).
- *
- * @throws asio::system_error Thrown on failure.
- *
- * @note Calls @c SSL_CTX_use_PrivateKey or SSL_CTX_use_PrivateKey_ASN1.
- */
- ASIO_DECL void use_private_key(
- const const_buffer& private_key, file_format format);
-
- /// Use a private key from a memory buffer.
- /**
- * This function is used to load a private key into the context from a buffer.
- *
- * @param private_key The buffer containing the private key.
- *
- * @param format The private key format (ASN.1 or PEM).
- *
- * @param ec Set to indicate what error occurred, if any.
- *
- * @note Calls @c SSL_CTX_use_PrivateKey or SSL_CTX_use_PrivateKey_ASN1.
- */
- ASIO_DECL ASIO_SYNC_OP_VOID use_private_key(
- const const_buffer& private_key, file_format format,
- asio::error_code& ec);
-
- /// Use a private key from a file.
- /**
- * This function is used to load a private key into the context from a file.
- *
- * @param filename The name of the file containing the private key.
- *
- * @param format The file format (ASN.1 or PEM).
- *
- * @throws asio::system_error Thrown on failure.
- *
- * @note Calls @c SSL_CTX_use_PrivateKey_file.
- */
- ASIO_DECL void use_private_key_file(
- const std::string& filename, file_format format);
-
- /// Use a private key from a file.
- /**
- * This function is used to load a private key into the context from a file.
- *
- * @param filename The name of the file containing the private key.
- *
- * @param format The file format (ASN.1 or PEM).
- *
- * @param ec Set to indicate what error occurred, if any.
- *
- * @note Calls @c SSL_CTX_use_PrivateKey_file.
- */
- ASIO_DECL ASIO_SYNC_OP_VOID use_private_key_file(
- const std::string& filename, file_format format,
- asio::error_code& ec);
-
- /// Use an RSA private key from a memory buffer.
- /**
- * This function is used to load an RSA private key into the context from a
- * buffer.
- *
- * @param private_key The buffer containing the RSA private key.
- *
- * @param format The private key format (ASN.1 or PEM).
- *
- * @throws asio::system_error Thrown on failure.
- *
- * @note Calls @c SSL_CTX_use_RSAPrivateKey or SSL_CTX_use_RSAPrivateKey_ASN1.
- */
- ASIO_DECL void use_rsa_private_key(
- const const_buffer& private_key, file_format format);
-
- /// Use an RSA private key from a memory buffer.
- /**
- * This function is used to load an RSA private key into the context from a
- * buffer.
- *
- * @param private_key The buffer containing the RSA private key.
- *
- * @param format The private key format (ASN.1 or PEM).
- *
- * @param ec Set to indicate what error occurred, if any.
- *
- * @note Calls @c SSL_CTX_use_RSAPrivateKey or SSL_CTX_use_RSAPrivateKey_ASN1.
- */
- ASIO_DECL ASIO_SYNC_OP_VOID use_rsa_private_key(
- const const_buffer& private_key, file_format format,
- asio::error_code& ec);
-
- /// Use an RSA private key from a file.
- /**
- * This function is used to load an RSA private key into the context from a
- * file.
- *
- * @param filename The name of the file containing the RSA private key.
- *
- * @param format The file format (ASN.1 or PEM).
- *
- * @throws asio::system_error Thrown on failure.
- *
- * @note Calls @c SSL_CTX_use_RSAPrivateKey_file.
- */
- ASIO_DECL void use_rsa_private_key_file(
- const std::string& filename, file_format format);
-
- /// Use an RSA private key from a file.
- /**
- * This function is used to load an RSA private key into the context from a
- * file.
- *
- * @param filename The name of the file containing the RSA private key.
- *
- * @param format The file format (ASN.1 or PEM).
- *
- * @param ec Set to indicate what error occurred, if any.
- *
- * @note Calls @c SSL_CTX_use_RSAPrivateKey_file.
- */
- ASIO_DECL ASIO_SYNC_OP_VOID use_rsa_private_key_file(
- const std::string& filename, file_format format,
- asio::error_code& ec);
-
- /// Use the specified memory buffer to obtain the temporary Diffie-Hellman
- /// parameters.
- /**
- * This function is used to load Diffie-Hellman parameters into the context
- * from a buffer.
- *
- * @param dh The memory buffer containing the Diffie-Hellman parameters. The
- * buffer must use the PEM format.
- *
- * @throws asio::system_error Thrown on failure.
- *
- * @note Calls @c SSL_CTX_set_tmp_dh.
- */
- ASIO_DECL void use_tmp_dh(const const_buffer& dh);
-
- /// Use the specified memory buffer to obtain the temporary Diffie-Hellman
- /// parameters.
- /**
- * This function is used to load Diffie-Hellman parameters into the context
- * from a buffer.
- *
- * @param dh The memory buffer containing the Diffie-Hellman parameters. The
- * buffer must use the PEM format.
- *
- * @param ec Set to indicate what error occurred, if any.
- *
- * @note Calls @c SSL_CTX_set_tmp_dh.
- */
- ASIO_DECL ASIO_SYNC_OP_VOID use_tmp_dh(
- const const_buffer& dh, asio::error_code& ec);
-
- /// Use the specified file to obtain the temporary Diffie-Hellman parameters.
- /**
- * This function is used to load Diffie-Hellman parameters into the context
- * from a file.
- *
- * @param filename The name of the file containing the Diffie-Hellman
- * parameters. The file must use the PEM format.
- *
- * @throws asio::system_error Thrown on failure.
- *
- * @note Calls @c SSL_CTX_set_tmp_dh.
- */
- ASIO_DECL void use_tmp_dh_file(const std::string& filename);
-
- /// Use the specified file to obtain the temporary Diffie-Hellman parameters.
- /**
- * This function is used to load Diffie-Hellman parameters into the context
- * from a file.
- *
- * @param filename The name of the file containing the Diffie-Hellman
- * parameters. The file must use the PEM format.
- *
- * @param ec Set to indicate what error occurred, if any.
- *
- * @note Calls @c SSL_CTX_set_tmp_dh.
- */
- ASIO_DECL ASIO_SYNC_OP_VOID use_tmp_dh_file(
- const std::string& filename, asio::error_code& ec);
-
- /// Set the password callback.
- /**
- * This function is used to specify a callback function to obtain password
- * information about an encrypted key in PEM format.
- *
- * @param callback The function object to be used for obtaining the password.
- * The function signature of the handler must be:
- * @code std::string password_callback(
- * std::size_t max_length, // The maximum size for a password.
- * password_purpose purpose // Whether password is for reading or writing.
- * ); @endcode
- * The return value of the callback is a string containing the password.
- *
- * @throws asio::system_error Thrown on failure.
- *
- * @note Calls @c SSL_CTX_set_default_passwd_cb.
- */
- template <typename PasswordCallback>
- void set_password_callback(PasswordCallback callback);
-
- /// Set the password callback.
- /**
- * This function is used to specify a callback function to obtain password
- * information about an encrypted key in PEM format.
- *
- * @param callback The function object to be used for obtaining the password.
- * The function signature of the handler must be:
- * @code std::string password_callback(
- * std::size_t max_length, // The maximum size for a password.
- * password_purpose purpose // Whether password is for reading or writing.
- * ); @endcode
- * The return value of the callback is a string containing the password.
- *
- * @param ec Set to indicate what error occurred, if any.
- *
- * @note Calls @c SSL_CTX_set_default_passwd_cb.
- */
- template <typename PasswordCallback>
- ASIO_SYNC_OP_VOID set_password_callback(PasswordCallback callback,
- asio::error_code& ec);
-
private:
- struct bio_cleanup;
- struct x509_cleanup;
- struct evp_pkey_cleanup;
- struct rsa_cleanup;
- struct dh_cleanup;
-
- // Helper function used to set a peer certificate verification callback.
- ASIO_DECL ASIO_SYNC_OP_VOID do_set_verify_callback(
- detail::verify_callback_base* callback, asio::error_code& ec);
-
- // Callback used when the SSL implementation wants to verify a certificate.
- ASIO_DECL static int verify_callback_function(
- int preverified, X509_STORE_CTX* ctx);
-
- // Helper function used to set a password callback.
- ASIO_DECL ASIO_SYNC_OP_VOID do_set_password_callback(
- detail::password_callback_base* callback, asio::error_code& ec);
-
- // Callback used when the SSL implementation wants a password.
- ASIO_DECL static int password_callback_function(
- char* buf, int size, int purpose, void* data);
-
- // Helper function to set the temporary Diffie-Hellman parameters from a BIO.
- ASIO_DECL ASIO_SYNC_OP_VOID do_use_tmp_dh(
- BIO* bio, asio::error_code& ec);
-
- // Helper function to make a BIO from a memory buffer.
- ASIO_DECL BIO* make_buffer_bio(const const_buffer& b);
-
// The underlying native implementation.
native_handle_type handle_;
-
- // MONGO HACK - prevent ASIO from initializing OpenSSL
- // Ensure openssl is initialised.
- //asio::ssl::detail::openssl_init<> init_;
};
} // namespace ssl
@@ -751,7 +88,6 @@ private:
#include "asio/detail/pop_options.hpp"
-#include "mongo/util/net/ssl/impl/context.hpp"
#if defined(ASIO_HEADER_ONLY)
# include "mongo/util/net/ssl/impl/context.ipp"
#endif // defined(ASIO_HEADER_ONLY)
diff --git a/src/mongo/util/net/ssl/context_base.hpp b/src/mongo/util/net/ssl/context_base.hpp
index f3993411221..0b3351ebeae 100644
--- a/src/mongo/util/net/ssl/context_base.hpp
+++ b/src/mongo/util/net/ssl/context_base.hpp
@@ -145,38 +145,6 @@ public:
# endif // defined(SSL_OP_NO_COMPRESSION)
#endif
- /// File format types.
- enum file_format
- {
- /// ASN.1 file.
- asn1,
-
- /// PEM file.
- pem
- };
-
-#if !defined(GENERATING_DOCUMENTATION)
- // The following types and constants are preserved for backward compatibility.
- // New programs should use the equivalents of the same names that are defined
- // in the asio::ssl namespace.
- typedef int verify_mode;
- ASIO_STATIC_CONSTANT(int, verify_none = SSL_VERIFY_NONE);
- ASIO_STATIC_CONSTANT(int, verify_peer = SSL_VERIFY_PEER);
- ASIO_STATIC_CONSTANT(int,
- verify_fail_if_no_peer_cert = SSL_VERIFY_FAIL_IF_NO_PEER_CERT);
- ASIO_STATIC_CONSTANT(int, verify_client_once = SSL_VERIFY_CLIENT_ONCE);
-#endif
-
- /// Purpose of PEM password.
- enum password_purpose
- {
- /// The password is needed for reading/decryption.
- for_reading,
-
- /// The password is needed for writing/encryption.
- for_writing
- };
-
protected:
/// Protected destructor to prevent deletion through this type.
~context_base()
diff --git a/src/mongo/util/net/ssl/detail/engine.hpp b/src/mongo/util/net/ssl/detail/engine.hpp
index 498b314d98e..e49332d59b6 100644
--- a/src/mongo/util/net/ssl/detail/engine.hpp
+++ b/src/mongo/util/net/ssl/detail/engine.hpp
@@ -20,9 +20,7 @@
#include "asio/buffer.hpp"
#include "asio/detail/static_mutex.hpp"
#include "mongo/util/net/ssl/detail/openssl_types.hpp"
-#include "mongo/util/net/ssl/detail/verify_callback.hpp"
#include "mongo/util/net/ssl/stream_base.hpp"
-#include "mongo/util/net/ssl/verify_mode.hpp"
#include "asio/detail/push_options.hpp"
@@ -64,18 +62,6 @@ public:
// Get the underlying implementation in the native type.
ASIO_DECL SSL* native_handle();
- // Set the peer verification mode.
- ASIO_DECL asio::error_code set_verify_mode(
- verify_mode v, asio::error_code& ec);
-
- // Set the peer verification depth.
- ASIO_DECL asio::error_code set_verify_depth(
- int depth, asio::error_code& ec);
-
- // Set a peer certificate verification callback.
- ASIO_DECL asio::error_code set_verify_callback(
- verify_callback_base* callback, asio::error_code& ec);
-
// Perform an SSL handshake using either SSL_connect (client-side) or
// SSL_accept (server-side).
ASIO_DECL want handshake(
@@ -111,10 +97,6 @@ private:
engine(const engine&);
engine& operator=(const engine&);
- // Callback used when the SSL implementation wants to verify a certificate.
- ASIO_DECL static int verify_callback_function(
- int preverified, X509_STORE_CTX* ctx);
-
#if (OPENSSL_VERSION_NUMBER < 0x10000000L)
// The SSL_accept function may not be thread safe. This mutex is used to
// protect all calls to the SSL_accept function.
diff --git a/src/mongo/util/net/ssl/detail/impl/engine.ipp b/src/mongo/util/net/ssl/detail/impl/engine.ipp
index 7b0ced9af8d..6f29cc2d478 100644
--- a/src/mongo/util/net/ssl/detail/impl/engine.ipp
+++ b/src/mongo/util/net/ssl/detail/impl/engine.ipp
@@ -21,7 +21,6 @@
#include "asio/error.hpp"
#include "mongo/util/net/ssl/detail/engine.hpp"
#include "mongo/util/net/ssl/error.hpp"
-#include "mongo/util/net/ssl/verify_context.hpp"
#include "asio/detail/push_options.hpp"
@@ -59,7 +58,6 @@ engine::~engine()
{
if (SSL_get_app_data(ssl_))
{
- delete static_cast<verify_callback_base*>(SSL_get_app_data(ssl_));
SSL_set_app_data(ssl_, 0);
}
@@ -72,62 +70,6 @@ SSL* engine::native_handle()
return ssl_;
}
-asio::error_code engine::set_verify_mode(
- verify_mode v, asio::error_code& ec)
-{
- ::SSL_set_verify(ssl_, v, ::SSL_get_verify_callback(ssl_));
-
- ec = asio::error_code();
- return ec;
-}
-
-asio::error_code engine::set_verify_depth(
- int depth, asio::error_code& ec)
-{
- ::SSL_set_verify_depth(ssl_, depth);
-
- ec = asio::error_code();
- return ec;
-}
-
-asio::error_code engine::set_verify_callback(
- verify_callback_base* callback, asio::error_code& ec)
-{
- if (SSL_get_app_data(ssl_))
- delete static_cast<verify_callback_base*>(SSL_get_app_data(ssl_));
-
- SSL_set_app_data(ssl_, callback);
-
- ::SSL_set_verify(ssl_, ::SSL_get_verify_mode(ssl_),
- &engine::verify_callback_function);
-
- ec = asio::error_code();
- return ec;
-}
-
-int engine::verify_callback_function(int preverified, X509_STORE_CTX* ctx)
-{
- if (ctx)
- {
- if (SSL* ssl = static_cast<SSL*>(
- ::X509_STORE_CTX_get_ex_data(
- ctx, ::SSL_get_ex_data_X509_STORE_CTX_idx())))
- {
- if (SSL_get_app_data(ssl))
- {
- verify_callback_base* callback =
- static_cast<verify_callback_base*>(
- SSL_get_app_data(ssl));
-
- verify_context verify_ctx(ctx);
- return callback->call(preverified != 0, verify_ctx) ? 1 : 0;
- }
- }
- }
-
- return 0;
-}
-
engine::want engine::handshake(
stream_base::handshake_type type, asio::error_code& ec)
{
diff --git a/src/mongo/util/net/ssl/detail/impl/openssl_init.ipp b/src/mongo/util/net/ssl/detail/impl/openssl_init.ipp
deleted file mode 100644
index ec9d1e2bded..00000000000
--- a/src/mongo/util/net/ssl/detail/impl/openssl_init.ipp
+++ /dev/null
@@ -1,163 +0,0 @@
-//
-// ssl/detail/impl/openssl_init.ipp
-// ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-//
-// Copyright (c) 2005 Voipster / Indrek dot Juhani at voipster dot com
-// Copyright (c) 2005-2017 Christopher M. Kohlhoff (chris at kohlhoff dot com)
-//
-// Distributed under the Boost Software License, Version 1.0. (See accompanying
-// file LICENSE_1_0.txt or copy at http://www.boost.org/LICENSE_1_0.txt)
-//
-
-#ifndef ASIO_SSL_DETAIL_IMPL_OPENSSL_INIT_IPP
-#define ASIO_SSL_DETAIL_IMPL_OPENSSL_INIT_IPP
-
-#if defined(_MSC_VER) && (_MSC_VER >= 1200)
-# pragma once
-#endif // defined(_MSC_VER) && (_MSC_VER >= 1200)
-
-#include "asio/detail/config.hpp"
-#include <vector>
-#include "asio/detail/assert.hpp"
-#include "asio/detail/mutex.hpp"
-#include "asio/detail/tss_ptr.hpp"
-#include "mongo/util/net/ssl/detail/openssl_init.hpp"
-#include "mongo/util/net/ssl/detail/openssl_types.hpp"
-
-#include "asio/detail/push_options.hpp"
-
-namespace asio {
-namespace ssl {
-namespace detail {
-
-class openssl_init_base::do_init
-{
-public:
- do_init()
- {
-#if (OPENSSL_VERSION_NUMBER < 0x10100000L)
- ::SSL_library_init();
- ::SSL_load_error_strings();
- ::OpenSSL_add_all_algorithms();
-
- mutexes_.resize(::CRYPTO_num_locks());
- for (size_t i = 0; i < mutexes_.size(); ++i)
- mutexes_[i].reset(new asio::detail::mutex);
- ::CRYPTO_set_locking_callback(&do_init::openssl_locking_func);
-#endif // (OPENSSL_VERSION_NUMBER < 0x10100000L)
-#if (OPENSSL_VERSION_NUMBER < 0x10000000L)
- ::CRYPTO_set_id_callback(&do_init::openssl_id_func);
-#endif // (OPENSSL_VERSION_NUMBER < 0x10000000L)
-
-#if !defined(SSL_OP_NO_COMPRESSION) \
- && (OPENSSL_VERSION_NUMBER >= 0x00908000L)
- null_compression_methods_ = sk_SSL_COMP_new_null();
-#endif // !defined(SSL_OP_NO_COMPRESSION)
- // && (OPENSSL_VERSION_NUMBER >= 0x00908000L)
- }
-
- ~do_init()
- {
-#if !defined(SSL_OP_NO_COMPRESSION) \
- && (OPENSSL_VERSION_NUMBER >= 0x00908000L)
- sk_SSL_COMP_free(null_compression_methods_);
-#endif // !defined(SSL_OP_NO_COMPRESSION)
- // && (OPENSSL_VERSION_NUMBER >= 0x00908000L)
-
-#if (OPENSSL_VERSION_NUMBER < 0x10000000L)
- ::CRYPTO_set_id_callback(0);
-#endif // (OPENSSL_VERSION_NUMBER < 0x10000000L)
-#if (OPENSSL_VERSION_NUMBER < 0x10100000L)
- ::CRYPTO_set_locking_callback(0);
- ::ERR_free_strings();
- ::EVP_cleanup();
- ::CRYPTO_cleanup_all_ex_data();
-#endif // (OPENSSL_VERSION_NUMBER < 0x10100000L)
-#if (OPENSSL_VERSION_NUMBER < 0x10000000L)
- ::ERR_remove_state(0);
-#elif (OPENSSL_VERSION_NUMBER < 0x10100000L)
- ::ERR_remove_thread_state(NULL);
-#endif // (OPENSSL_VERSION_NUMBER < 0x10000000L)
-#if (OPENSSL_VERSION_NUMBER >= 0x10002000L) \
- && (OPENSSL_VERSION_NUMBER < 0x10100000L)
- ::SSL_COMP_free_compression_methods();
-#endif // (OPENSSL_VERSION_NUMBER >= 0x10002000L)
- // && (OPENSSL_VERSION_NUMBER < 0x10100000L)
-#if !defined(OPENSSL_IS_BORINGSSL)
- ::CONF_modules_unload(1);
-#endif // !defined(OPENSSL_IS_BORINGSSL)
-#if !defined(OPENSSL_NO_ENGINE) \
- && (OPENSSL_VERSION_NUMBER < 0x10100000L)
- ::ENGINE_cleanup();
-#endif // !defined(OPENSSL_NO_ENGINE)
- // && (OPENSSL_VERSION_NUMBER < 0x10100000L)
- }
-
-#if !defined(SSL_OP_NO_COMPRESSION) \
- && (OPENSSL_VERSION_NUMBER >= 0x00908000L)
- STACK_OF(SSL_COMP)* get_null_compression_methods() const
- {
- return null_compression_methods_;
- }
-#endif // !defined(SSL_OP_NO_COMPRESSION)
- // && (OPENSSL_VERSION_NUMBER >= 0x00908000L)
-
-private:
-#if (OPENSSL_VERSION_NUMBER < 0x10000000L)
- static unsigned long openssl_id_func()
- {
-#if defined(ASIO_WINDOWS) || defined(__CYGWIN__)
- return ::GetCurrentThreadId();
-#else // defined(ASIO_WINDOWS) || defined(__CYGWIN__)
- void* id = &errno;
- ASIO_ASSERT(sizeof(unsigned long) >= sizeof(void*));
- return reinterpret_cast<unsigned long>(id);
-#endif // defined(ASIO_WINDOWS) || defined(__CYGWIN__)
- }
-#endif // (OPENSSL_VERSION_NUMBER < 0x10000000L)
-
-#if (OPENSSL_VERSION_NUMBER < 0x10100000L)
- static void openssl_locking_func(int mode, int n,
- const char* /*file*/, int /*line*/)
- {
- if (mode & CRYPTO_LOCK)
- instance()->mutexes_[n]->lock();
- else
- instance()->mutexes_[n]->unlock();
- }
-
- // Mutexes to be used in locking callbacks.
- std::vector<asio::detail::shared_ptr<
- asio::detail::mutex> > mutexes_;
-#endif // (OPENSSL_VERSION_NUMBER < 0x10100000L)
-
-#if !defined(SSL_OP_NO_COMPRESSION) \
- && (OPENSSL_VERSION_NUMBER >= 0x00908000L)
- STACK_OF(SSL_COMP)* null_compression_methods_;
-#endif // !defined(SSL_OP_NO_COMPRESSION)
- // && (OPENSSL_VERSION_NUMBER >= 0x00908000L)
-};
-
-asio::detail::shared_ptr<openssl_init_base::do_init>
-openssl_init_base::instance()
-{
- static asio::detail::shared_ptr<do_init> init(new do_init);
- return init;
-}
-
-#if !defined(SSL_OP_NO_COMPRESSION) \
- && (OPENSSL_VERSION_NUMBER >= 0x00908000L)
-STACK_OF(SSL_COMP)* openssl_init_base::get_null_compression_methods()
-{
- return instance()->get_null_compression_methods();
-}
-#endif // !defined(SSL_OP_NO_COMPRESSION)
- // && (OPENSSL_VERSION_NUMBER >= 0x00908000L)
-
-} // namespace detail
-} // namespace ssl
-} // namespace asio
-
-#include "asio/detail/pop_options.hpp"
-
-#endif // ASIO_SSL_DETAIL_IMPL_OPENSSL_INIT_IPP
diff --git a/src/mongo/util/net/ssl/detail/openssl_init.hpp b/src/mongo/util/net/ssl/detail/openssl_init.hpp
deleted file mode 100644
index 00df9afe099..00000000000
--- a/src/mongo/util/net/ssl/detail/openssl_init.hpp
+++ /dev/null
@@ -1,101 +0,0 @@
-//
-// ssl/detail/openssl_init.hpp
-// ~~~~~~~~~~~~~~~~~~~~~~~~~~~
-//
-// Copyright (c) 2003-2017 Christopher M. Kohlhoff (chris at kohlhoff dot com)
-//
-// Distributed under the Boost Software License, Version 1.0. (See accompanying
-// file LICENSE_1_0.txt or copy at http://www.boost.org/LICENSE_1_0.txt)
-//
-
-#ifndef ASIO_SSL_DETAIL_OPENSSL_INIT_HPP
-#define ASIO_SSL_DETAIL_OPENSSL_INIT_HPP
-
-#if defined(_MSC_VER) && (_MSC_VER >= 1200)
-# pragma once
-#endif // defined(_MSC_VER) && (_MSC_VER >= 1200)
-
-#include "asio/detail/config.hpp"
-#include <cstring>
-#include "asio/detail/memory.hpp"
-#include "asio/detail/noncopyable.hpp"
-#include "mongo/util/net/ssl/detail/openssl_types.hpp"
-
-#include "asio/detail/push_options.hpp"
-
-namespace asio {
-namespace ssl {
-namespace detail {
-
-class openssl_init_base
- : private noncopyable
-{
-protected:
- // Class that performs the actual initialisation.
- class do_init;
-
- // Helper function to manage a do_init singleton. The static instance of the
- // openssl_init object ensures that this function is always called before
- // main, and therefore before any other threads can get started. The do_init
- // instance must be static in this function to ensure that it gets
- // initialised before any other global objects try to use it.
- ASIO_DECL static asio::detail::shared_ptr<do_init> instance();
-
-#if !defined(SSL_OP_NO_COMPRESSION) \
- && (OPENSSL_VERSION_NUMBER >= 0x00908000L)
- // Get an empty stack of compression methods, to be used when disabling
- // compression.
- ASIO_DECL static STACK_OF(SSL_COMP)* get_null_compression_methods();
-#endif // !defined(SSL_OP_NO_COMPRESSION)
- // && (OPENSSL_VERSION_NUMBER >= 0x00908000L)
-};
-
-template <bool Do_Init = true>
-class openssl_init : private openssl_init_base
-{
-public:
- // Constructor.
- openssl_init()
- : ref_(instance())
- {
- using namespace std; // For memmove.
-
- // Ensure openssl_init::instance_ is linked in.
- openssl_init* tmp = &instance_;
- memmove(&tmp, &tmp, sizeof(openssl_init*));
- }
-
- // Destructor.
- ~openssl_init()
- {
- }
-
-#if !defined(SSL_OP_NO_COMPRESSION) \
- && (OPENSSL_VERSION_NUMBER >= 0x00908000L)
- using openssl_init_base::get_null_compression_methods;
-#endif // !defined(SSL_OP_NO_COMPRESSION)
- // && (OPENSSL_VERSION_NUMBER >= 0x00908000L)
-
-private:
- // Instance to force initialisation of openssl at global scope.
- static openssl_init instance_;
-
- // Reference to singleton do_init object to ensure that openssl does not get
- // cleaned up until the last user has finished with it.
- asio::detail::shared_ptr<do_init> ref_;
-};
-
-template <bool Do_Init>
-openssl_init<Do_Init> openssl_init<Do_Init>::instance_;
-
-} // namespace detail
-} // namespace ssl
-} // namespace asio
-
-#include "asio/detail/pop_options.hpp"
-
-#if defined(ASIO_HEADER_ONLY)
-# include "mongo/util/net/ssl/detail/impl/openssl_init.ipp"
-#endif // defined(ASIO_HEADER_ONLY)
-
-#endif // ASIO_SSL_DETAIL_OPENSSL_INIT_HPP
diff --git a/src/mongo/util/net/ssl/detail/password_callback.hpp b/src/mongo/util/net/ssl/detail/password_callback.hpp
deleted file mode 100644
index 01bebf8b8c6..00000000000
--- a/src/mongo/util/net/ssl/detail/password_callback.hpp
+++ /dev/null
@@ -1,66 +0,0 @@
-//
-// ssl/detail/password_callback.hpp
-// ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-//
-// Copyright (c) 2003-2017 Christopher M. Kohlhoff (chris at kohlhoff dot com)
-//
-// Distributed under the Boost Software License, Version 1.0. (See accompanying
-// file LICENSE_1_0.txt or copy at http://www.boost.org/LICENSE_1_0.txt)
-//
-
-#ifndef ASIO_SSL_DETAIL_PASSWORD_CALLBACK_HPP
-#define ASIO_SSL_DETAIL_PASSWORD_CALLBACK_HPP
-
-#if defined(_MSC_VER) && (_MSC_VER >= 1200)
-# pragma once
-#endif // defined(_MSC_VER) && (_MSC_VER >= 1200)
-
-#include "asio/detail/config.hpp"
-
-#include <cstddef>
-#include <string>
-#include "mongo/util/net/ssl/context_base.hpp"
-
-#include "asio/detail/push_options.hpp"
-
-namespace asio {
-namespace ssl {
-namespace detail {
-
-class password_callback_base
-{
-public:
- virtual ~password_callback_base()
- {
- }
-
- virtual std::string call(std::size_t size,
- context_base::password_purpose purpose) = 0;
-};
-
-template <typename PasswordCallback>
-class password_callback : public password_callback_base
-{
-public:
- explicit password_callback(PasswordCallback callback)
- : callback_(callback)
- {
- }
-
- virtual std::string call(std::size_t size,
- context_base::password_purpose purpose)
- {
- return callback_(size, purpose);
- }
-
-private:
- PasswordCallback callback_;
-};
-
-} // namespace detail
-} // namespace ssl
-} // namespace asio
-
-#include "asio/detail/pop_options.hpp"
-
-#endif // ASIO_SSL_DETAIL_PASSWORD_CALLBACK_HPP
diff --git a/src/mongo/util/net/ssl/detail/verify_callback.hpp b/src/mongo/util/net/ssl/detail/verify_callback.hpp
deleted file mode 100644
index 002eef3504f..00000000000
--- a/src/mongo/util/net/ssl/detail/verify_callback.hpp
+++ /dev/null
@@ -1,62 +0,0 @@
-//
-// ssl/detail/verify_callback.hpp
-// ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-//
-// Copyright (c) 2003-2017 Christopher M. Kohlhoff (chris at kohlhoff dot com)
-//
-// Distributed under the Boost Software License, Version 1.0. (See accompanying
-// file LICENSE_1_0.txt or copy at http://www.boost.org/LICENSE_1_0.txt)
-//
-
-#ifndef ASIO_SSL_DETAIL_VERIFY_CALLBACK_HPP
-#define ASIO_SSL_DETAIL_VERIFY_CALLBACK_HPP
-
-#if defined(_MSC_VER) && (_MSC_VER >= 1200)
-# pragma once
-#endif // defined(_MSC_VER) && (_MSC_VER >= 1200)
-
-#include "asio/detail/config.hpp"
-
-#include "mongo/util/net/ssl/verify_context.hpp"
-
-#include "asio/detail/push_options.hpp"
-
-namespace asio {
-namespace ssl {
-namespace detail {
-
-class verify_callback_base
-{
-public:
- virtual ~verify_callback_base()
- {
- }
-
- virtual bool call(bool preverified, verify_context& ctx) = 0;
-};
-
-template <typename VerifyCallback>
-class verify_callback : public verify_callback_base
-{
-public:
- explicit verify_callback(VerifyCallback callback)
- : callback_(callback)
- {
- }
-
- virtual bool call(bool preverified, verify_context& ctx)
- {
- return callback_(preverified, ctx);
- }
-
-private:
- VerifyCallback callback_;
-};
-
-} // namespace detail
-} // namespace ssl
-} // namespace asio
-
-#include "asio/detail/pop_options.hpp"
-
-#endif // ASIO_SSL_DETAIL_VERIFY_CALLBACK_HPP
diff --git a/src/mongo/util/net/ssl/impl/context.hpp b/src/mongo/util/net/ssl/impl/context.hpp
deleted file mode 100644
index 95808e0f89b..00000000000
--- a/src/mongo/util/net/ssl/impl/context.hpp
+++ /dev/null
@@ -1,67 +0,0 @@
-//
-// ssl/impl/context.hpp
-// ~~~~~~~~~~~~~~~~~~~~
-//
-// Copyright (c) 2005 Voipster / Indrek dot Juhani at voipster dot com
-// Copyright (c) 2005-2017 Christopher M. Kohlhoff (chris at kohlhoff dot com)
-//
-// Distributed under the Boost Software License, Version 1.0. (See accompanying
-// file LICENSE_1_0.txt or copy at http://www.boost.org/LICENSE_1_0.txt)
-//
-
-#ifndef ASIO_SSL_IMPL_CONTEXT_HPP
-#define ASIO_SSL_IMPL_CONTEXT_HPP
-
-#if defined(_MSC_VER) && (_MSC_VER >= 1200)
-# pragma once
-#endif // defined(_MSC_VER) && (_MSC_VER >= 1200)
-
-#include "asio/detail/config.hpp"
-
-#include "asio/detail/throw_error.hpp"
-
-#include "asio/detail/push_options.hpp"
-
-namespace asio {
-namespace ssl {
-
-template <typename VerifyCallback>
-void context::set_verify_callback(VerifyCallback callback)
-{
- asio::error_code ec;
- this->set_verify_callback(callback, ec);
- asio::detail::throw_error(ec, "set_verify_callback");
-}
-
-template <typename VerifyCallback>
-ASIO_SYNC_OP_VOID context::set_verify_callback(
- VerifyCallback callback, asio::error_code& ec)
-{
- do_set_verify_callback(
- new detail::verify_callback<VerifyCallback>(callback), ec);
- ASIO_SYNC_OP_VOID_RETURN(ec);
-}
-
-template <typename PasswordCallback>
-void context::set_password_callback(PasswordCallback callback)
-{
- asio::error_code ec;
- this->set_password_callback(callback, ec);
- asio::detail::throw_error(ec, "set_password_callback");
-}
-
-template <typename PasswordCallback>
-ASIO_SYNC_OP_VOID context::set_password_callback(
- PasswordCallback callback, asio::error_code& ec)
-{
- do_set_password_callback(
- new detail::password_callback<PasswordCallback>(callback), ec);
- ASIO_SYNC_OP_VOID_RETURN(ec);
-}
-
-} // namespace ssl
-} // namespace asio
-
-#include "asio/detail/pop_options.hpp"
-
-#endif // ASIO_SSL_IMPL_CONTEXT_HPP
diff --git a/src/mongo/util/net/ssl/impl/context.ipp b/src/mongo/util/net/ssl/impl/context.ipp
index 7d4979c0de3..52ce75c1e52 100644
--- a/src/mongo/util/net/ssl/impl/context.ipp
+++ b/src/mongo/util/net/ssl/impl/context.ipp
@@ -29,36 +29,6 @@
namespace asio {
namespace ssl {
-struct context::bio_cleanup
-{
- BIO* p;
- ~bio_cleanup() { if (p) ::BIO_free(p); }
-};
-
-struct context::x509_cleanup
-{
- X509* p;
- ~x509_cleanup() { if (p) ::X509_free(p); }
-};
-
-struct context::evp_pkey_cleanup
-{
- EVP_PKEY* p;
- ~evp_pkey_cleanup() { if (p) ::EVP_PKEY_free(p); }
-};
-
-struct context::rsa_cleanup
-{
- RSA* p;
- ~rsa_cleanup() { if (p) ::RSA_free(p); }
-};
-
-struct context::dh_cleanup
-{
- DH* p;
- ~dh_cleanup() { if (p) ::DH_free(p); }
-};
-
context::context(context::method m)
: handle_(0)
{
@@ -317,8 +287,6 @@ context::context(context::method m)
asio::error::get_ssl_category());
asio::detail::throw_error(ec, "context");
}
-
- set_options(no_compression);
}
#if defined(ASIO_HAS_MOVE) || defined(GENERATING_DOCUMENTATION)
@@ -341,30 +309,8 @@ context::~context()
{
if (handle_)
{
-#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) && !defined(LIBRESSL_VERSION_NUMBER)
- void* cb_userdata = ::SSL_CTX_get_default_passwd_cb_userdata(handle_);
-#else // (OPENSSL_VERSION_NUMBER >= 0x10100000L)
- void* cb_userdata = handle_->default_passwd_callback_userdata;
-#endif // (OPENSSL_VERSION_NUMBER >= 0x10100000L)
- if (cb_userdata)
- {
- detail::password_callback_base* callback =
- static_cast<detail::password_callback_base*>(
- cb_userdata);
- delete callback;
-#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) && !defined(LIBRESSL_VERSION_NUMBER)
- ::SSL_CTX_set_default_passwd_cb_userdata(handle_, 0);
-#else // (OPENSSL_VERSION_NUMBER >= 0x10100000L)
- handle_->default_passwd_callback_userdata = 0;
-#endif // (OPENSSL_VERSION_NUMBER >= 0x10100000L)
- }
-
if (SSL_CTX_get_app_data(handle_))
{
- detail::verify_callback_base* callback =
- static_cast<detail::verify_callback_base*>(
- SSL_CTX_get_app_data(handle_));
- delete callback;
SSL_CTX_set_app_data(handle_, 0);
}
@@ -377,777 +323,6 @@ context::native_handle_type context::native_handle()
return handle_;
}
-void context::clear_options(context::options o)
-{
- asio::error_code ec;
- clear_options(o, ec);
- asio::detail::throw_error(ec, "clear_options");
-}
-
-ASIO_SYNC_OP_VOID context::clear_options(
- context::options o, asio::error_code& ec)
-{
-#if (OPENSSL_VERSION_NUMBER >= 0x009080DFL) \
- && (OPENSSL_VERSION_NUMBER != 0x00909000L)
-# if !defined(SSL_OP_NO_COMPRESSION)
- if ((o & context::no_compression) != 0)
- {
-# if (OPENSSL_VERSION_NUMBER >= 0x00908000L)
- handle_->comp_methods = SSL_COMP_get_compression_methods();
-# endif // (OPENSSL_VERSION_NUMBER >= 0x00908000L)
- o ^= context::no_compression;
- }
-# endif // !defined(SSL_OP_NO_COMPRESSION)
-
- ::SSL_CTX_clear_options(handle_, o);
-
- ec = asio::error_code();
-#else // (OPENSSL_VERSION_NUMBER >= 0x009080DFL)
- // && (OPENSSL_VERSION_NUMBER != 0x00909000L)
- (void)o;
- ec = asio::error::operation_not_supported;
-#endif // (OPENSSL_VERSION_NUMBER >= 0x009080DFL)
- // && (OPENSSL_VERSION_NUMBER != 0x00909000L)
- ASIO_SYNC_OP_VOID_RETURN(ec);
-}
-
-void context::set_options(context::options o)
-{
- asio::error_code ec;
- set_options(o, ec);
- asio::detail::throw_error(ec, "set_options");
-}
-
-ASIO_SYNC_OP_VOID context::set_options(
- context::options o, asio::error_code& ec)
-{
-#if !defined(SSL_OP_NO_COMPRESSION)
- if ((o & context::no_compression) != 0)
- {
-#if (OPENSSL_VERSION_NUMBER >= 0x00908000L)
- handle_->comp_methods =
- asio::ssl::detail::openssl_init<>::get_null_compression_methods();
-#endif // (OPENSSL_VERSION_NUMBER >= 0x00908000L)
- o ^= context::no_compression;
- }
-#endif // !defined(SSL_OP_NO_COMPRESSION)
-
- ::SSL_CTX_set_options(handle_, o);
-
- ec = asio::error_code();
- ASIO_SYNC_OP_VOID_RETURN(ec);
-}
-
-void context::set_verify_mode(verify_mode v)
-{
- asio::error_code ec;
- set_verify_mode(v, ec);
- asio::detail::throw_error(ec, "set_verify_mode");
-}
-
-ASIO_SYNC_OP_VOID context::set_verify_mode(
- verify_mode v, asio::error_code& ec)
-{
- ::SSL_CTX_set_verify(handle_, v, ::SSL_CTX_get_verify_callback(handle_));
-
- ec = asio::error_code();
- ASIO_SYNC_OP_VOID_RETURN(ec);
-}
-
-void context::set_verify_depth(int depth)
-{
- asio::error_code ec;
- set_verify_depth(depth, ec);
- asio::detail::throw_error(ec, "set_verify_depth");
-}
-
-ASIO_SYNC_OP_VOID context::set_verify_depth(
- int depth, asio::error_code& ec)
-{
- ::SSL_CTX_set_verify_depth(handle_, depth);
-
- ec = asio::error_code();
- ASIO_SYNC_OP_VOID_RETURN(ec);
-}
-
-void context::load_verify_file(const std::string& filename)
-{
- asio::error_code ec;
- load_verify_file(filename, ec);
- asio::detail::throw_error(ec, "load_verify_file");
-}
-
-ASIO_SYNC_OP_VOID context::load_verify_file(
- const std::string& filename, asio::error_code& ec)
-{
- ::ERR_clear_error();
-
- if (::SSL_CTX_load_verify_locations(handle_, filename.c_str(), 0) != 1)
- {
- ec = asio::error_code(
- static_cast<int>(::ERR_get_error()),
- asio::error::get_ssl_category());
- ASIO_SYNC_OP_VOID_RETURN(ec);
- }
-
- ec = asio::error_code();
- ASIO_SYNC_OP_VOID_RETURN(ec);
-}
-
-void context::add_certificate_authority(const const_buffer& ca)
-{
- asio::error_code ec;
- add_certificate_authority(ca, ec);
- asio::detail::throw_error(ec, "add_certificate_authority");
-}
-
-ASIO_SYNC_OP_VOID context::add_certificate_authority(
- const const_buffer& ca, asio::error_code& ec)
-{
- ::ERR_clear_error();
-
- bio_cleanup bio = { make_buffer_bio(ca) };
- if (bio.p)
- {
- x509_cleanup cert = { ::PEM_read_bio_X509(bio.p, 0, 0, 0) };
- if (cert.p)
- {
- if (X509_STORE* store = ::SSL_CTX_get_cert_store(handle_))
- {
- if (::X509_STORE_add_cert(store, cert.p) == 1)
- {
- ec = asio::error_code();
- ASIO_SYNC_OP_VOID_RETURN(ec);
- }
- }
- }
- }
-
- ec = asio::error_code(
- static_cast<int>(::ERR_get_error()),
- asio::error::get_ssl_category());
- ASIO_SYNC_OP_VOID_RETURN(ec);
-}
-
-void context::set_default_verify_paths()
-{
- asio::error_code ec;
- set_default_verify_paths(ec);
- asio::detail::throw_error(ec, "set_default_verify_paths");
-}
-
-ASIO_SYNC_OP_VOID context::set_default_verify_paths(
- asio::error_code& ec)
-{
- ::ERR_clear_error();
-
- if (::SSL_CTX_set_default_verify_paths(handle_) != 1)
- {
- ec = asio::error_code(
- static_cast<int>(::ERR_get_error()),
- asio::error::get_ssl_category());
- ASIO_SYNC_OP_VOID_RETURN(ec);
- }
-
- ec = asio::error_code();
- ASIO_SYNC_OP_VOID_RETURN(ec);
-}
-
-void context::add_verify_path(const std::string& path)
-{
- asio::error_code ec;
- add_verify_path(path, ec);
- asio::detail::throw_error(ec, "add_verify_path");
-}
-
-ASIO_SYNC_OP_VOID context::add_verify_path(
- const std::string& path, asio::error_code& ec)
-{
- ::ERR_clear_error();
-
- if (::SSL_CTX_load_verify_locations(handle_, 0, path.c_str()) != 1)
- {
- ec = asio::error_code(
- static_cast<int>(::ERR_get_error()),
- asio::error::get_ssl_category());
- ASIO_SYNC_OP_VOID_RETURN(ec);
- }
-
- ec = asio::error_code();
- ASIO_SYNC_OP_VOID_RETURN(ec);
-}
-
-void context::use_certificate(
- const const_buffer& certificate, file_format format)
-{
- asio::error_code ec;
- use_certificate(certificate, format, ec);
- asio::detail::throw_error(ec, "use_certificate");
-}
-
-ASIO_SYNC_OP_VOID context::use_certificate(
- const const_buffer& certificate, file_format format,
- asio::error_code& ec)
-{
- ::ERR_clear_error();
-
- if (format == context_base::asn1)
- {
- if (::SSL_CTX_use_certificate_ASN1(handle_,
- static_cast<int>(certificate.size()),
- static_cast<const unsigned char*>(certificate.data())) == 1)
- {
- ec = asio::error_code();
- ASIO_SYNC_OP_VOID_RETURN(ec);
- }
- }
- else if (format == context_base::pem)
- {
- bio_cleanup bio = { make_buffer_bio(certificate) };
- if (bio.p)
- {
- x509_cleanup cert = { ::PEM_read_bio_X509(bio.p, 0, 0, 0) };
- if (cert.p)
- {
- if (::SSL_CTX_use_certificate(handle_, cert.p) == 1)
- {
- ec = asio::error_code();
- ASIO_SYNC_OP_VOID_RETURN(ec);
- }
- }
- }
- }
- else
- {
- ec = asio::error::invalid_argument;
- ASIO_SYNC_OP_VOID_RETURN(ec);
- }
-
- ec = asio::error_code(
- static_cast<int>(::ERR_get_error()),
- asio::error::get_ssl_category());
- ASIO_SYNC_OP_VOID_RETURN(ec);
-}
-
-void context::use_certificate_file(
- const std::string& filename, file_format format)
-{
- asio::error_code ec;
- use_certificate_file(filename, format, ec);
- asio::detail::throw_error(ec, "use_certificate_file");
-}
-
-ASIO_SYNC_OP_VOID context::use_certificate_file(
- const std::string& filename, file_format format,
- asio::error_code& ec)
-{
- int file_type;
- switch (format)
- {
- case context_base::asn1:
- file_type = SSL_FILETYPE_ASN1;
- break;
- case context_base::pem:
- file_type = SSL_FILETYPE_PEM;
- break;
- default:
- {
- ec = asio::error::invalid_argument;
- ASIO_SYNC_OP_VOID_RETURN(ec);
- }
- }
-
- ::ERR_clear_error();
-
- if (::SSL_CTX_use_certificate_file(handle_, filename.c_str(), file_type) != 1)
- {
- ec = asio::error_code(
- static_cast<int>(::ERR_get_error()),
- asio::error::get_ssl_category());
- ASIO_SYNC_OP_VOID_RETURN(ec);
- }
-
- ec = asio::error_code();
- ASIO_SYNC_OP_VOID_RETURN(ec);
-}
-
-void context::use_certificate_chain(const const_buffer& chain)
-{
- asio::error_code ec;
- use_certificate_chain(chain, ec);
- asio::detail::throw_error(ec, "use_certificate_chain");
-}
-
-ASIO_SYNC_OP_VOID context::use_certificate_chain(
- const const_buffer& chain, asio::error_code& ec)
-{
- ::ERR_clear_error();
-
- bio_cleanup bio = { make_buffer_bio(chain) };
- if (bio.p)
- {
-#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) && !defined(LIBRESSL_VERSION_NUMBER)
- pem_password_cb* callback = ::SSL_CTX_get_default_passwd_cb(handle_);
- void* cb_userdata = ::SSL_CTX_get_default_passwd_cb_userdata(handle_);
-#else // (OPENSSL_VERSION_NUMBER >= 0x10100000L)
- pem_password_cb* callback = handle_->default_passwd_callback;
- void* cb_userdata = handle_->default_passwd_callback_userdata;
-#endif // (OPENSSL_VERSION_NUMBER >= 0x10100000L)
- x509_cleanup cert = {
- ::PEM_read_bio_X509_AUX(bio.p, 0,
- callback,
- cb_userdata) };
- if (!cert.p)
- {
- ec = asio::error_code(ERR_R_PEM_LIB,
- asio::error::get_ssl_category());
- ASIO_SYNC_OP_VOID_RETURN(ec);
- }
-
- int result = ::SSL_CTX_use_certificate(handle_, cert.p);
- if (result == 0 || ::ERR_peek_error() != 0)
- {
- ec = asio::error_code(
- static_cast<int>(::ERR_get_error()),
- asio::error::get_ssl_category());
- ASIO_SYNC_OP_VOID_RETURN(ec);
- }
-
-#if (OPENSSL_VERSION_NUMBER >= 0x10002000L) && !defined(LIBRESSL_VERSION_NUMBER)
- ::SSL_CTX_clear_chain_certs(handle_);
-#else
- if (handle_->extra_certs)
- {
- ::sk_X509_pop_free(handle_->extra_certs, X509_free);
- handle_->extra_certs = 0;
- }
-#endif // (OPENSSL_VERSION_NUMBER >= 0x10002000L)
-
- while (X509* cacert = ::PEM_read_bio_X509(bio.p, 0,
- callback,
- cb_userdata))
- {
- if (!::SSL_CTX_add_extra_chain_cert(handle_, cacert))
- {
- ec = asio::error_code(
- static_cast<int>(::ERR_get_error()),
- asio::error::get_ssl_category());
- ASIO_SYNC_OP_VOID_RETURN(ec);
- }
- }
-
- result = ::ERR_peek_last_error();
- if ((ERR_GET_LIB(result) == ERR_LIB_PEM)
- && (ERR_GET_REASON(result) == PEM_R_NO_START_LINE))
- {
- ::ERR_clear_error();
- ec = asio::error_code();
- ASIO_SYNC_OP_VOID_RETURN(ec);
- }
- }
-
- ec = asio::error_code(
- static_cast<int>(::ERR_get_error()),
- asio::error::get_ssl_category());
- ASIO_SYNC_OP_VOID_RETURN(ec);
-}
-
-void context::use_certificate_chain_file(const std::string& filename)
-{
- asio::error_code ec;
- use_certificate_chain_file(filename, ec);
- asio::detail::throw_error(ec, "use_certificate_chain_file");
-}
-
-ASIO_SYNC_OP_VOID context::use_certificate_chain_file(
- const std::string& filename, asio::error_code& ec)
-{
- ::ERR_clear_error();
-
- if (::SSL_CTX_use_certificate_chain_file(handle_, filename.c_str()) != 1)
- {
- ec = asio::error_code(
- static_cast<int>(::ERR_get_error()),
- asio::error::get_ssl_category());
- ASIO_SYNC_OP_VOID_RETURN(ec);
- }
-
- ec = asio::error_code();
- ASIO_SYNC_OP_VOID_RETURN(ec);
-}
-
-void context::use_private_key(
- const const_buffer& private_key, context::file_format format)
-{
- asio::error_code ec;
- use_private_key(private_key, format, ec);
- asio::detail::throw_error(ec, "use_private_key");
-}
-
-ASIO_SYNC_OP_VOID context::use_private_key(
- const const_buffer& private_key, context::file_format format,
- asio::error_code& ec)
-{
- ::ERR_clear_error();
-
-#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) && !defined(LIBRESSL_VERSION_NUMBER)
- pem_password_cb* callback = ::SSL_CTX_get_default_passwd_cb(handle_);
- void* cb_userdata = ::SSL_CTX_get_default_passwd_cb_userdata(handle_);
-#else // (OPENSSL_VERSION_NUMBER >= 0x10100000L)
- pem_password_cb* callback = handle_->default_passwd_callback;
- void* cb_userdata = handle_->default_passwd_callback_userdata;
-#endif // (OPENSSL_VERSION_NUMBER >= 0x10100000L)
-
- bio_cleanup bio = { make_buffer_bio(private_key) };
- if (bio.p)
- {
- evp_pkey_cleanup evp_private_key = { 0 };
- switch (format)
- {
- case context_base::asn1:
- evp_private_key.p = ::d2i_PrivateKey_bio(bio.p, 0);
- break;
- case context_base::pem:
- evp_private_key.p = ::PEM_read_bio_PrivateKey(
- bio.p, 0, callback,
- cb_userdata);
- break;
- default:
- {
- ec = asio::error::invalid_argument;
- ASIO_SYNC_OP_VOID_RETURN(ec);
- }
- }
-
- if (evp_private_key.p)
- {
- if (::SSL_CTX_use_PrivateKey(handle_, evp_private_key.p) == 1)
- {
- ec = asio::error_code();
- ASIO_SYNC_OP_VOID_RETURN(ec);
- }
- }
- }
-
- ec = asio::error_code(
- static_cast<int>(::ERR_get_error()),
- asio::error::get_ssl_category());
- ASIO_SYNC_OP_VOID_RETURN(ec);
-}
-
-void context::use_private_key_file(
- const std::string& filename, context::file_format format)
-{
- asio::error_code ec;
- use_private_key_file(filename, format, ec);
- asio::detail::throw_error(ec, "use_private_key_file");
-}
-
-void context::use_rsa_private_key(
- const const_buffer& private_key, context::file_format format)
-{
- asio::error_code ec;
- use_rsa_private_key(private_key, format, ec);
- asio::detail::throw_error(ec, "use_rsa_private_key");
-}
-
-ASIO_SYNC_OP_VOID context::use_rsa_private_key(
- const const_buffer& private_key, context::file_format format,
- asio::error_code& ec)
-{
- ::ERR_clear_error();
-
-#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) && !defined(LIBRESSL_VERSION_NUMBER)
- pem_password_cb* callback = ::SSL_CTX_get_default_passwd_cb(handle_);
- void* cb_userdata = ::SSL_CTX_get_default_passwd_cb_userdata(handle_);
-#else // (OPENSSL_VERSION_NUMBER >= 0x10100000L)
- pem_password_cb* callback = handle_->default_passwd_callback;
- void* cb_userdata = handle_->default_passwd_callback_userdata;
-#endif // (OPENSSL_VERSION_NUMBER >= 0x10100000L)
-
- bio_cleanup bio = { make_buffer_bio(private_key) };
- if (bio.p)
- {
- rsa_cleanup rsa_private_key = { 0 };
- switch (format)
- {
- case context_base::asn1:
- rsa_private_key.p = ::d2i_RSAPrivateKey_bio(bio.p, 0);
- break;
- case context_base::pem:
- rsa_private_key.p = ::PEM_read_bio_RSAPrivateKey(
- bio.p, 0, callback,
- cb_userdata);
- break;
- default:
- {
- ec = asio::error::invalid_argument;
- ASIO_SYNC_OP_VOID_RETURN(ec);
- }
- }
-
- if (rsa_private_key.p)
- {
- if (::SSL_CTX_use_RSAPrivateKey(handle_, rsa_private_key.p) == 1)
- {
- ec = asio::error_code();
- ASIO_SYNC_OP_VOID_RETURN(ec);
- }
- }
- }
-
- ec = asio::error_code(
- static_cast<int>(::ERR_get_error()),
- asio::error::get_ssl_category());
- ASIO_SYNC_OP_VOID_RETURN(ec);
-}
-
-ASIO_SYNC_OP_VOID context::use_private_key_file(
- const std::string& filename, context::file_format format,
- asio::error_code& ec)
-{
- int file_type;
- switch (format)
- {
- case context_base::asn1:
- file_type = SSL_FILETYPE_ASN1;
- break;
- case context_base::pem:
- file_type = SSL_FILETYPE_PEM;
- break;
- default:
- {
- ec = asio::error::invalid_argument;
- ASIO_SYNC_OP_VOID_RETURN(ec);
- }
- }
-
- ::ERR_clear_error();
-
- if (::SSL_CTX_use_PrivateKey_file(handle_, filename.c_str(), file_type) != 1)
- {
- ec = asio::error_code(
- static_cast<int>(::ERR_get_error()),
- asio::error::get_ssl_category());
- ASIO_SYNC_OP_VOID_RETURN(ec);
- }
-
- ec = asio::error_code();
- ASIO_SYNC_OP_VOID_RETURN(ec);
-}
-
-void context::use_rsa_private_key_file(
- const std::string& filename, context::file_format format)
-{
- asio::error_code ec;
- use_rsa_private_key_file(filename, format, ec);
- asio::detail::throw_error(ec, "use_rsa_private_key_file");
-}
-
-ASIO_SYNC_OP_VOID context::use_rsa_private_key_file(
- const std::string& filename, context::file_format format,
- asio::error_code& ec)
-{
- int file_type;
- switch (format)
- {
- case context_base::asn1:
- file_type = SSL_FILETYPE_ASN1;
- break;
- case context_base::pem:
- file_type = SSL_FILETYPE_PEM;
- break;
- default:
- {
- ec = asio::error::invalid_argument;
- ASIO_SYNC_OP_VOID_RETURN(ec);
- }
- }
-
- ::ERR_clear_error();
-
- if (::SSL_CTX_use_RSAPrivateKey_file(
- handle_, filename.c_str(), file_type) != 1)
- {
- ec = asio::error_code(
- static_cast<int>(::ERR_get_error()),
- asio::error::get_ssl_category());
- ASIO_SYNC_OP_VOID_RETURN(ec);
- }
-
- ec = asio::error_code();
- ASIO_SYNC_OP_VOID_RETURN(ec);
-}
-
-void context::use_tmp_dh(const const_buffer& dh)
-{
- asio::error_code ec;
- use_tmp_dh(dh, ec);
- asio::detail::throw_error(ec, "use_tmp_dh");
-}
-
-ASIO_SYNC_OP_VOID context::use_tmp_dh(
- const const_buffer& dh, asio::error_code& ec)
-{
- ::ERR_clear_error();
-
- bio_cleanup bio = { make_buffer_bio(dh) };
- if (bio.p)
- {
- return do_use_tmp_dh(bio.p, ec);
- }
-
- ec = asio::error_code(
- static_cast<int>(::ERR_get_error()),
- asio::error::get_ssl_category());
- ASIO_SYNC_OP_VOID_RETURN(ec);
-}
-
-void context::use_tmp_dh_file(const std::string& filename)
-{
- asio::error_code ec;
- use_tmp_dh_file(filename, ec);
- asio::detail::throw_error(ec, "use_tmp_dh_file");
-}
-
-ASIO_SYNC_OP_VOID context::use_tmp_dh_file(
- const std::string& filename, asio::error_code& ec)
-{
- ::ERR_clear_error();
-
- bio_cleanup bio = { ::BIO_new_file(filename.c_str(), "r") };
- if (bio.p)
- {
- return do_use_tmp_dh(bio.p, ec);
- }
-
- ec = asio::error_code(
- static_cast<int>(::ERR_get_error()),
- asio::error::get_ssl_category());
- ASIO_SYNC_OP_VOID_RETURN(ec);
-}
-
-ASIO_SYNC_OP_VOID context::do_use_tmp_dh(
- BIO* bio, asio::error_code& ec)
-{
- ::ERR_clear_error();
-
- dh_cleanup dh = { ::PEM_read_bio_DHparams(bio, 0, 0, 0) };
- if (dh.p)
- {
- if (::SSL_CTX_set_tmp_dh(handle_, dh.p) == 1)
- {
- ec = asio::error_code();
- ASIO_SYNC_OP_VOID_RETURN(ec);
- }
- }
-
- ec = asio::error_code(
- static_cast<int>(::ERR_get_error()),
- asio::error::get_ssl_category());
- ASIO_SYNC_OP_VOID_RETURN(ec);
-}
-
-ASIO_SYNC_OP_VOID context::do_set_verify_callback(
- detail::verify_callback_base* callback, asio::error_code& ec)
-{
- if (SSL_CTX_get_app_data(handle_))
- {
- delete static_cast<detail::verify_callback_base*>(
- SSL_CTX_get_app_data(handle_));
- }
-
- SSL_CTX_set_app_data(handle_, callback);
-
- ::SSL_CTX_set_verify(handle_,
- ::SSL_CTX_get_verify_mode(handle_),
- &context::verify_callback_function);
-
- ec = asio::error_code();
- ASIO_SYNC_OP_VOID_RETURN(ec);
-}
-
-int context::verify_callback_function(int preverified, X509_STORE_CTX* ctx)
-{
- if (ctx)
- {
- if (SSL* ssl = static_cast<SSL*>(
- ::X509_STORE_CTX_get_ex_data(
- ctx, ::SSL_get_ex_data_X509_STORE_CTX_idx())))
- {
- if (SSL_CTX* handle = ::SSL_get_SSL_CTX(ssl))
- {
- if (SSL_CTX_get_app_data(handle))
- {
- detail::verify_callback_base* callback =
- static_cast<detail::verify_callback_base*>(
- SSL_CTX_get_app_data(handle));
-
- verify_context verify_ctx(ctx);
- return callback->call(preverified != 0, verify_ctx) ? 1 : 0;
- }
- }
- }
- }
-
- return 0;
-}
-
-ASIO_SYNC_OP_VOID context::do_set_password_callback(
- detail::password_callback_base* callback, asio::error_code& ec)
-{
-#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) && !defined(LIBRESSL_VERSION_NUMBER)
- void* old_callback = ::SSL_CTX_get_default_passwd_cb_userdata(handle_);
- ::SSL_CTX_set_default_passwd_cb_userdata(handle_, callback);
-#else // (OPENSSL_VERSION_NUMBER >= 0x10100000L)
- void* old_callback = handle_->default_passwd_callback_userdata;
- handle_->default_passwd_callback_userdata = callback;
-#endif // (OPENSSL_VERSION_NUMBER >= 0x10100000L)
-
- if (old_callback)
- delete static_cast<detail::password_callback_base*>(
- old_callback);
-
- SSL_CTX_set_default_passwd_cb(handle_, &context::password_callback_function);
-
- ec = asio::error_code();
- ASIO_SYNC_OP_VOID_RETURN(ec);
-}
-
-int context::password_callback_function(
- char* buf, int size, int purpose, void* data)
-{
- using namespace std; // For strncat and strlen.
-
- if (data)
- {
- detail::password_callback_base* callback =
- static_cast<detail::password_callback_base*>(data);
-
- std::string passwd = callback->call(static_cast<std::size_t>(size),
- purpose ? context_base::for_writing : context_base::for_reading);
-
-#if defined(ASIO_HAS_SECURE_RTL)
- strcpy_s(buf, size, passwd.c_str());
-#else // defined(ASIO_HAS_SECURE_RTL)
- *buf = '\0';
- if (size > 0)
- strncat(buf, passwd.c_str(), size - 1);
-#endif // defined(ASIO_HAS_SECURE_RTL)
-
- return static_cast<int>(strlen(buf));
- }
-
- return 0;
-}
-
-BIO* context::make_buffer_bio(const const_buffer& b)
-{
- return ::BIO_new_mem_buf(
- const_cast<void*>(b.data()),
- static_cast<int>(b.size()));
-}
-
} // namespace ssl
} // namespace asio
diff --git a/src/mongo/util/net/ssl/impl/error.ipp b/src/mongo/util/net/ssl/impl/error.ipp
index 033b184447b..76ef5bdadda 100644
--- a/src/mongo/util/net/ssl/impl/error.ipp
+++ b/src/mongo/util/net/ssl/impl/error.ipp
@@ -17,7 +17,6 @@
#include "asio/detail/config.hpp"
#include "mongo/util/net/ssl/error.hpp"
-#include "mongo/util/net/ssl/detail/openssl_init.hpp"
#include "asio/detail/push_options.hpp"
diff --git a/src/mongo/util/net/ssl/impl/rfc2818_verification.ipp b/src/mongo/util/net/ssl/impl/rfc2818_verification.ipp
deleted file mode 100644
index 269e22a7808..00000000000
--- a/src/mongo/util/net/ssl/impl/rfc2818_verification.ipp
+++ /dev/null
@@ -1,160 +0,0 @@
-//
-// ssl/impl/rfc2818_verification.ipp
-// ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-//
-// Copyright (c) 2003-2017 Christopher M. Kohlhoff (chris at kohlhoff dot com)
-//
-// Distributed under the Boost Software License, Version 1.0. (See accompanying
-// file LICENSE_1_0.txt or copy at http://www.boost.org/LICENSE_1_0.txt)
-//
-
-#ifndef ASIO_SSL_IMPL_RFC2818_VERIFICATION_IPP
-#define ASIO_SSL_IMPL_RFC2818_VERIFICATION_IPP
-
-#if defined(_MSC_VER) && (_MSC_VER >= 1200)
-# pragma once
-#endif // defined(_MSC_VER) && (_MSC_VER >= 1200)
-
-#include "asio/detail/config.hpp"
-
-#include <cctype>
-#include <cstring>
-#include "asio/ip/address.hpp"
-#include "mongo/util/net/ssl/rfc2818_verification.hpp"
-#include "mongo/util/net/ssl/detail/openssl_types.hpp"
-
-#include "asio/detail/push_options.hpp"
-
-namespace asio {
-namespace ssl {
-
-bool rfc2818_verification::operator()(
- bool preverified, verify_context& ctx) const
-{
- using namespace std; // For memcmp.
-
- // Don't bother looking at certificates that have failed pre-verification.
- if (!preverified)
- return false;
-
- // We're only interested in checking the certificate at the end of the chain.
- int depth = X509_STORE_CTX_get_error_depth(ctx.native_handle());
- if (depth > 0)
- return true;
-
- // Try converting the host name to an address. If it is an address then we
- // need to look for an IP address in the certificate rather than a host name.
- asio::error_code ec;
- ip::address address = ip::make_address(host_, ec);
- bool is_address = !ec;
-
- X509* cert = X509_STORE_CTX_get_current_cert(ctx.native_handle());
-
- // Go through the alternate names in the certificate looking for matching DNS
- // or IP address entries.
- GENERAL_NAMES* gens = static_cast<GENERAL_NAMES*>(
- X509_get_ext_d2i(cert, NID_subject_alt_name, 0, 0));
- for (int i = 0; i < sk_GENERAL_NAME_num(gens); ++i)
- {
- GENERAL_NAME* gen = sk_GENERAL_NAME_value(gens, i);
- if (gen->type == GEN_DNS && !is_address)
- {
- ASN1_IA5STRING* domain = gen->d.dNSName;
- if (domain->type == V_ASN1_IA5STRING && domain->data && domain->length)
- {
- const char* pattern = reinterpret_cast<const char*>(domain->data);
- std::size_t pattern_length = domain->length;
- if (match_pattern(pattern, pattern_length, host_.c_str()))
- {
- GENERAL_NAMES_free(gens);
- return true;
- }
- }
- }
- else if (gen->type == GEN_IPADD && is_address)
- {
- ASN1_OCTET_STRING* ip_address = gen->d.iPAddress;
- if (ip_address->type == V_ASN1_OCTET_STRING && ip_address->data)
- {
- if (address.is_v4() && ip_address->length == 4)
- {
- ip::address_v4::bytes_type bytes = address.to_v4().to_bytes();
- if (memcmp(bytes.data(), ip_address->data, 4) == 0)
- {
- GENERAL_NAMES_free(gens);
- return true;
- }
- }
- else if (address.is_v6() && ip_address->length == 16)
- {
- ip::address_v6::bytes_type bytes = address.to_v6().to_bytes();
- if (memcmp(bytes.data(), ip_address->data, 16) == 0)
- {
- GENERAL_NAMES_free(gens);
- return true;
- }
- }
- }
- }
- }
- GENERAL_NAMES_free(gens);
-
- // No match in the alternate names, so try the common names. We should only
- // use the "most specific" common name, which is the last one in the list.
- X509_NAME* name = X509_get_subject_name(cert);
- int i = -1;
- ASN1_STRING* common_name = 0;
- while ((i = X509_NAME_get_index_by_NID(name, NID_commonName, i)) >= 0)
- {
- X509_NAME_ENTRY* name_entry = X509_NAME_get_entry(name, i);
- common_name = X509_NAME_ENTRY_get_data(name_entry);
- }
- if (common_name && common_name->data && common_name->length)
- {
- const char* pattern = reinterpret_cast<const char*>(common_name->data);
- std::size_t pattern_length = common_name->length;
- if (match_pattern(pattern, pattern_length, host_.c_str()))
- return true;
- }
-
- return false;
-}
-
-bool rfc2818_verification::match_pattern(const char* pattern,
- std::size_t pattern_length, const char* host)
-{
- using namespace std; // For tolower.
-
- const char* p = pattern;
- const char* p_end = p + pattern_length;
- const char* h = host;
-
- while (p != p_end && *h)
- {
- if (*p == '*')
- {
- ++p;
- while (*h && *h != '.')
- if (match_pattern(p, p_end - p, h++))
- return true;
- }
- else if (tolower(*p) == tolower(*h))
- {
- ++p;
- ++h;
- }
- else
- {
- return false;
- }
- }
-
- return p == p_end && !*h;
-}
-
-} // namespace ssl
-} // namespace asio
-
-#include "asio/detail/pop_options.hpp"
-
-#endif // ASIO_SSL_IMPL_RFC2818_VERIFICATION_IPP
diff --git a/src/mongo/util/net/ssl/impl/src.hpp b/src/mongo/util/net/ssl/impl/src.hpp
index 009121676e7..45b5b3533d1 100644
--- a/src/mongo/util/net/ssl/impl/src.hpp
+++ b/src/mongo/util/net/ssl/impl/src.hpp
@@ -22,7 +22,5 @@
#include "mongo/util/net/ssl/impl/context.ipp"
#include "mongo/util/net/ssl/impl/error.ipp"
#include "mongo/util/net/ssl/detail/impl/engine.ipp"
-#include "mongo/util/net/ssl/detail/impl/openssl_init.ipp"
-#include "mongo/util/net/ssl/impl/rfc2818_verification.ipp"
#endif // ASIO_SSL_IMPL_SRC_HPP
diff --git a/src/mongo/util/net/ssl/rfc2818_verification.hpp b/src/mongo/util/net/ssl/rfc2818_verification.hpp
deleted file mode 100644
index 4b2774c98a4..00000000000
--- a/src/mongo/util/net/ssl/rfc2818_verification.hpp
+++ /dev/null
@@ -1,94 +0,0 @@
-//
-// ssl/rfc2818_verification.hpp
-// ~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-//
-// Copyright (c) 2003-2017 Christopher M. Kohlhoff (chris at kohlhoff dot com)
-//
-// Distributed under the Boost Software License, Version 1.0. (See accompanying
-// file LICENSE_1_0.txt or copy at http://www.boost.org/LICENSE_1_0.txt)
-//
-
-#ifndef ASIO_SSL_RFC2818_VERIFICATION_HPP
-#define ASIO_SSL_RFC2818_VERIFICATION_HPP
-
-#if defined(_MSC_VER) && (_MSC_VER >= 1200)
-# pragma once
-#endif // defined(_MSC_VER) && (_MSC_VER >= 1200)
-
-#include "asio/detail/config.hpp"
-
-#include <string>
-#include "mongo/util/net/ssl/detail/openssl_types.hpp"
-#include "mongo/util/net/ssl/verify_context.hpp"
-
-#include "asio/detail/push_options.hpp"
-
-namespace asio {
-namespace ssl {
-
-/// Verifies a certificate against a hostname according to the rules described
-/// in RFC 2818.
-/**
- * @par Example
- * The following example shows how to synchronously open a secure connection to
- * a given host name:
- * @code
- * using asio::ip::tcp;
- * namespace ssl = asio::ssl;
- * typedef ssl::stream<tcp::socket> ssl_socket;
- *
- * // Create a context that uses the default paths for finding CA certificates.
- * ssl::context ctx(ssl::context::sslv23);
- * ctx.set_default_verify_paths();
- *
- * // Open a socket and connect it to the remote host.
- * asio::io_context io_context;
- * ssl_socket sock(io_context, ctx);
- * tcp::resolver resolver(io_context);
- * tcp::resolver::query query("host.name", "https");
- * asio::connect(sock.lowest_layer(), resolver.resolve(query));
- * sock.lowest_layer().set_option(tcp::no_delay(true));
- *
- * // Perform SSL handshake and verify the remote host's certificate.
- * sock.set_verify_mode(ssl::verify_peer);
- * sock.set_verify_callback(ssl::rfc2818_verification("host.name"));
- * sock.handshake(ssl_socket::client);
- *
- * // ... read and write as normal ...
- * @endcode
- */
-class rfc2818_verification
-{
-public:
- /// The type of the function object's result.
- typedef bool result_type;
-
- /// Constructor.
- explicit rfc2818_verification(const std::string& host)
- : host_(host)
- {
- }
-
- /// Perform certificate verification.
- ASIO_DECL bool operator()(bool preverified, verify_context& ctx) const;
-
-private:
- // Helper function to check a host name against a pattern.
- ASIO_DECL static bool match_pattern(const char* pattern,
- std::size_t pattern_length, const char* host);
-
- // Helper function to check a host name against an IPv4 address
- // The host name to be checked.
- std::string host_;
-};
-
-} // namespace ssl
-} // namespace asio
-
-#include "asio/detail/pop_options.hpp"
-
-#if defined(ASIO_HEADER_ONLY)
-# include "mongo/util/net/ssl/impl/rfc2818_verification.ipp"
-#endif // defined(ASIO_HEADER_ONLY)
-
-#endif // ASIO_SSL_RFC2818_VERIFICATION_HPP
diff --git a/src/mongo/util/net/ssl/stream.hpp b/src/mongo/util/net/ssl/stream.hpp
index 7680c5c247e..6677493fa80 100644
--- a/src/mongo/util/net/ssl/stream.hpp
+++ b/src/mongo/util/net/ssl/stream.hpp
@@ -68,12 +68,6 @@ public:
/// The native handle type of the SSL stream.
typedef SSL* native_handle_type;
- /// Structure for use with deprecated impl_type.
- struct impl_struct
- {
- SSL* ssl;
- };
-
/// The type of the next layer.
typedef typename remove_reference<Stream>::type next_layer_type;
@@ -228,135 +222,6 @@ public:
return next_layer_.lowest_layer();
}
- /// Set the peer verification mode.
- /**
- * This function may be used to configure the peer verification mode used by
- * the stream. The new mode will override the mode inherited from the context.
- *
- * @param v A bitmask of peer verification modes. See @ref verify_mode for
- * available values.
- *
- * @throws asio::system_error Thrown on failure.
- *
- * @note Calls @c SSL_set_verify.
- */
- void set_verify_mode(verify_mode v)
- {
- asio::error_code ec;
- set_verify_mode(v, ec);
- asio::detail::throw_error(ec, "set_verify_mode");
- }
-
- /// Set the peer verification mode.
- /**
- * This function may be used to configure the peer verification mode used by
- * the stream. The new mode will override the mode inherited from the context.
- *
- * @param v A bitmask of peer verification modes. See @ref verify_mode for
- * available values.
- *
- * @param ec Set to indicate what error occurred, if any.
- *
- * @note Calls @c SSL_set_verify.
- */
- ASIO_SYNC_OP_VOID set_verify_mode(
- verify_mode v, asio::error_code& ec)
- {
- core_.engine_.set_verify_mode(v, ec);
- ASIO_SYNC_OP_VOID_RETURN(ec);
- }
-
- /// Set the peer verification depth.
- /**
- * This function may be used to configure the maximum verification depth
- * allowed by the stream.
- *
- * @param depth Maximum depth for the certificate chain verification that
- * shall be allowed.
- *
- * @throws asio::system_error Thrown on failure.
- *
- * @note Calls @c SSL_set_verify_depth.
- */
- void set_verify_depth(int depth)
- {
- asio::error_code ec;
- set_verify_depth(depth, ec);
- asio::detail::throw_error(ec, "set_verify_depth");
- }
-
- /// Set the peer verification depth.
- /**
- * This function may be used to configure the maximum verification depth
- * allowed by the stream.
- *
- * @param depth Maximum depth for the certificate chain verification that
- * shall be allowed.
- *
- * @param ec Set to indicate what error occurred, if any.
- *
- * @note Calls @c SSL_set_verify_depth.
- */
- ASIO_SYNC_OP_VOID set_verify_depth(
- int depth, asio::error_code& ec)
- {
- core_.engine_.set_verify_depth(depth, ec);
- ASIO_SYNC_OP_VOID_RETURN(ec);
- }
-
- /// Set the callback used to verify peer certificates.
- /**
- * This function is used to specify a callback function that will be called
- * by the implementation when it needs to verify a peer certificate.
- *
- * @param callback The function object to be used for verifying a certificate.
- * The function signature of the handler must be:
- * @code bool verify_callback(
- * bool preverified, // True if the certificate passed pre-verification.
- * verify_context& ctx // The peer certificate and other context.
- * ); @endcode
- * The return value of the callback is true if the certificate has passed
- * verification, false otherwise.
- *
- * @throws asio::system_error Thrown on failure.
- *
- * @note Calls @c SSL_set_verify.
- */
- template <typename VerifyCallback>
- void set_verify_callback(VerifyCallback callback)
- {
- asio::error_code ec;
- this->set_verify_callback(callback, ec);
- asio::detail::throw_error(ec, "set_verify_callback");
- }
-
- /// Set the callback used to verify peer certificates.
- /**
- * This function is used to specify a callback function that will be called
- * by the implementation when it needs to verify a peer certificate.
- *
- * @param callback The function object to be used for verifying a certificate.
- * The function signature of the handler must be:
- * @code bool verify_callback(
- * bool preverified, // True if the certificate passed pre-verification.
- * verify_context& ctx // The peer certificate and other context.
- * ); @endcode
- * The return value of the callback is true if the certificate has passed
- * verification, false otherwise.
- *
- * @param ec Set to indicate what error occurred, if any.
- *
- * @note Calls @c SSL_set_verify.
- */
- template <typename VerifyCallback>
- ASIO_SYNC_OP_VOID set_verify_callback(VerifyCallback callback,
- asio::error_code& ec)
- {
- core_.engine_.set_verify_callback(
- new detail::verify_callback<VerifyCallback>(callback), ec);
- ASIO_SYNC_OP_VOID_RETURN(ec);
- }
-
/// Perform SSL handshaking.
/**
* This function is used to perform SSL handshaking on the stream. The
diff --git a/src/mongo/util/net/ssl/verify_context.hpp b/src/mongo/util/net/ssl/verify_context.hpp
deleted file mode 100644
index 3db47e9eb57..00000000000
--- a/src/mongo/util/net/ssl/verify_context.hpp
+++ /dev/null
@@ -1,67 +0,0 @@
-//
-// ssl/verify_context.hpp
-// ~~~~~~~~~~~~~~~~~~~~~~
-//
-// Copyright (c) 2003-2017 Christopher M. Kohlhoff (chris at kohlhoff dot com)
-//
-// Distributed under the Boost Software License, Version 1.0. (See accompanying
-// file LICENSE_1_0.txt or copy at http://www.boost.org/LICENSE_1_0.txt)
-//
-
-#ifndef ASIO_SSL_VERIFY_CONTEXT_HPP
-#define ASIO_SSL_VERIFY_CONTEXT_HPP
-
-#if defined(_MSC_VER) && (_MSC_VER >= 1200)
-# pragma once
-#endif // defined(_MSC_VER) && (_MSC_VER >= 1200)
-
-#include "asio/detail/config.hpp"
-
-#include "asio/detail/noncopyable.hpp"
-#include "mongo/util/net/ssl/detail/openssl_types.hpp"
-
-#include "asio/detail/push_options.hpp"
-
-namespace asio {
-namespace ssl {
-
-/// A simple wrapper around the X509_STORE_CTX type, used during verification of
-/// a peer certificate.
-/**
- * @note The verify_context does not own the underlying X509_STORE_CTX object.
- */
-class verify_context
- : private noncopyable
-{
-public:
- /// The native handle type of the verification context.
- typedef X509_STORE_CTX* native_handle_type;
-
- /// Constructor.
- explicit verify_context(native_handle_type handle)
- : handle_(handle)
- {
- }
-
- /// Get the underlying implementation in the native type.
- /**
- * This function may be used to obtain the underlying implementation of the
- * context. This is intended to allow access to context functionality that is
- * not otherwise provided.
- */
- native_handle_type native_handle()
- {
- return handle_;
- }
-
-private:
- // The underlying native implementation.
- native_handle_type handle_;
-};
-
-} // namespace ssl
-} // namespace asio
-
-#include "asio/detail/pop_options.hpp"
-
-#endif // ASIO_SSL_VERIFY_CONTEXT_HPP
diff --git a/src/mongo/util/net/ssl/verify_mode.hpp b/src/mongo/util/net/ssl/verify_mode.hpp
deleted file mode 100644
index b0400abc686..00000000000
--- a/src/mongo/util/net/ssl/verify_mode.hpp
+++ /dev/null
@@ -1,63 +0,0 @@
-//
-// ssl/verify_mode.hpp
-// ~~~~~~~~~~~~~~~~~~~
-//
-// Copyright (c) 2003-2017 Christopher M. Kohlhoff (chris at kohlhoff dot com)
-//
-// Distributed under the Boost Software License, Version 1.0. (See accompanying
-// file LICENSE_1_0.txt or copy at http://www.boost.org/LICENSE_1_0.txt)
-//
-
-#ifndef ASIO_SSL_VERIFY_MODE_HPP
-#define ASIO_SSL_VERIFY_MODE_HPP
-
-#if defined(_MSC_VER) && (_MSC_VER >= 1200)
-# pragma once
-#endif // defined(_MSC_VER) && (_MSC_VER >= 1200)
-
-#include "asio/detail/config.hpp"
-#include "mongo/util/net/ssl/detail/openssl_types.hpp"
-
-#include "asio/detail/push_options.hpp"
-
-namespace asio {
-namespace ssl {
-
-/// Bitmask type for peer verification.
-/**
- * Possible values are:
- *
- * @li @ref verify_none
- * @li @ref verify_peer
- * @li @ref verify_fail_if_no_peer_cert
- * @li @ref verify_client_once
- */
-typedef int verify_mode;
-
-#if defined(GENERATING_DOCUMENTATION)
-/// No verification.
-const int verify_none = implementation_defined;
-
-/// Verify the peer.
-const int verify_peer = implementation_defined;
-
-/// Fail verification if the peer has no certificate. Ignored unless
-/// @ref verify_peer is set.
-const int verify_fail_if_no_peer_cert = implementation_defined;
-
-/// Do not request client certificate on renegotiation. Ignored unless
-/// @ref verify_peer is set.
-const int verify_client_once = implementation_defined;
-#else
-const int verify_none = SSL_VERIFY_NONE;
-const int verify_peer = SSL_VERIFY_PEER;
-const int verify_fail_if_no_peer_cert = SSL_VERIFY_FAIL_IF_NO_PEER_CERT;
-const int verify_client_once = SSL_VERIFY_CLIENT_ONCE;
-#endif
-
-} // namespace ssl
-} // namespace asio
-
-#include "asio/detail/pop_options.hpp"
-
-#endif // ASIO_SSL_VERIFY_MODE_HPP
View Lorry Controller Status