#include <SslCtx.h>
Public Methods | |
SslCtx () | |
~SslCtx () | |
SSL_CTX * | getSslCtx () |
long | setOptions (long) |
A wrapper around SSL_CTX_set_options(). More... | |
long | getOptions () |
A wrapper around SSL_CTX_get_options(). More... | |
void | setPrivateKeyPassword (string password) |
You must set this prior to calling setPrivateKeyFile(). More... | |
bool | setCertificateFile (string certificateFile) |
Set the file which contains all of your certificates. More... | |
bool | setPrivateKeyFile (string privateKeyFile) |
Set the file which contains your private key. More... | |
bool | setPrivateKeyFile (string privateKeyFile, string privateKeyPassword) |
Set the file which contains your private key and the password for that file. More... | |
bool | setCertificateAuthorityFile (string caFile, string caPath) |
Private Methods | |
long | setDefaultOptions () |
Set default options used by this application. More... | |
Static Private Methods | |
int | verify_callback (int ok, X509_STORE_CTX *ctx) |
int | getPrivateKeyPasswordCallback (char *buf, int len, int rwflag, void *user_data) |
Private Attributes | |
SSL_CTX * | m_sslCtx |
The OpenSSL object which contains the SSL context for a connection. More... | |
std::string | m_privateKeyPassword |
password to open the private key file. More... |
========== SslCtx ========== SslCtx stands for "SSL Context". It maintains global state information about all SSL connections that the application creates. ===== Usage ===== If BOTH setPrivateKeyFile() and setCertificateFile() are NOT called, SSL will not send any certificates upon connection. SSL checks if the remote host's certificates are signed with one of the CA certificates provided via setCertificateAuthorityFile(). If the check fails, establishing a connection fails. If setCertificateAuthorityFile() is NOT called, SSL doesn't verify the certificates from the remote host. ======== Examples ======== // create a context for a server SslCtx server_ctx; // Fetch a private and public key pair from "./priv.pem" with a key "testkey". server_ctx.setPrivateKeyFile("./priv.pem", "testkey"); // Fetch certificates from "./cert.pem". // Send these certificates to the client. server_ctx.setCertificateFile("./cert.pem"); // No call to setCertificateAuthorityFile(), therefore we will not // verify the client's certificates. // Create a context for a client SslCtx client_ctx; // No call to setPrivateKeyFile() and no call to setCertificateFile(), therefore // we will not send any certificates to the server. // verify server's certificates with CA certificates in "./cacert.pem". client_ctx.setCertificateAuthorityFile("./cert.pem", ""); // Create a context for a client SslCtx client_ctx; // No call to setPrivateKey(), setCertificateFile(), and setCertificateAuthorityFile(), // therefore we will not send any certificates to the server, and // we will not verify the server's certificates.
Definition at line 13 of file SslCtx.h.
|
Initialize SSL context. Definition at line 68 of file SslCtx.cpp. |
|
Definition at line 82 of file SslCtx.cpp. |
|
A wrapper around SSL_CTX_get_options().
Definition at line 235 of file SslCtx.cpp. Referenced by setDefaultOptions().
|
|
Definition at line 160 of file SslCtx.cpp. |
|
Definition at line 91 of file SslCtx.cpp. Referenced by Ssl::open().
|
|
Set the file which contains Certificate Authority Certficates. caFile must point to a file of CA certificates in PEM format. The file can contain several CA certificates identified by -----BEGIN CERTIFICATE----- ... (CA certificate in base64 encoding) ... -----END CERTIFICATE----- sequences. caPath is also used for providing CA certificates, but it is hardly used. If you don't want to use ca_path, set ca_path to "". caPath is described in SSL_CTX_load_verify_locations() manpage. Definition at line 332 of file SslCtx.cpp. |
|
Set the file which contains all of your certificates. The file must be in PEM format.
Definition at line 265 of file SslCtx.cpp. |
|
Set default options used by this application.
Definition at line 207 of file SslCtx.cpp. Referenced by SslCtx().
|
|
A wrapper around SSL_CTX_set_options().
Definition at line 226 of file SslCtx.cpp. Referenced by setDefaultOptions().
|
|
Set the file which contains your private key and the password for that file.
Definition at line 311 of file SslCtx.cpp. |
|
Set the file which contains your private key. The file must be in PEM format. If the file is password-protected, you must call setPrivateKeyPassword() first. Definition at line 287 of file SslCtx.cpp. Referenced by setPrivateKeyFile().
|
|
You must set this prior to calling setPrivateKeyFile().
Definition at line 244 of file SslCtx.cpp. Referenced by setPrivateKeyFile().
|
|
Definition at line 98 of file SslCtx.cpp. |
|
password to open the private key file.
|
|
The OpenSSL object which contains the SSL context for a connection.
|