summaryrefslogtreecommitdiffstats
path: root/src/mbedTLS++/SslConfig.h
diff options
context:
space:
mode:
authorpeterbell10 <peterbell10@live.co.uk>2017-08-30 16:00:06 +0200
committerTiger Wang <ziwei.tiger@outlook.com>2017-08-30 16:00:06 +0200
commit84941bcc9f25cbe3fd3b2604080d0a1cfd8fbaa7 (patch)
treeaa1648c2ba260b8576673677435481d371eec7b0 /src/mbedTLS++/SslConfig.h
parentUpdate core plugins to latest version (#3951) (diff)
downloadcuberite-84941bcc9f25cbe3fd3b2604080d0a1cfd8fbaa7.tar
cuberite-84941bcc9f25cbe3fd3b2604080d0a1cfd8fbaa7.tar.gz
cuberite-84941bcc9f25cbe3fd3b2604080d0a1cfd8fbaa7.tar.bz2
cuberite-84941bcc9f25cbe3fd3b2604080d0a1cfd8fbaa7.tar.lz
cuberite-84941bcc9f25cbe3fd3b2604080d0a1cfd8fbaa7.tar.xz
cuberite-84941bcc9f25cbe3fd3b2604080d0a1cfd8fbaa7.tar.zst
cuberite-84941bcc9f25cbe3fd3b2604080d0a1cfd8fbaa7.zip
Diffstat (limited to '')
-rw-r--r--src/mbedTLS++/SslConfig.h93
1 files changed, 93 insertions, 0 deletions
diff --git a/src/mbedTLS++/SslConfig.h b/src/mbedTLS++/SslConfig.h
new file mode 100644
index 000000000..47a4f7b59
--- /dev/null
+++ b/src/mbedTLS++/SslConfig.h
@@ -0,0 +1,93 @@
+
+#pragma once
+
+#include "mbedtls/ssl.h"
+
+// fwd:
+class cCryptoKey;
+class cCtrDrbgContext;
+class cX509Cert;
+
+using cCryptoKeyPtr = std::shared_ptr<cCryptoKey>;
+using cCtrDrbgContextPtr = std::shared_ptr<cCtrDrbgContext>;
+using cX509CertPtr = std::shared_ptr<cX509Cert>;
+
+enum class eSslAuthMode
+{
+ None = 0, // MBEDTLS_SSL_VERIFY_NONE
+ Optional = 1, // MBEDTLS_SSL_VERIFY_OPTIONAL
+ Required = 2, // MBEDTLS_SSL_VERIFY_REQUIRED
+ Unset = 3, // MBEDTLS_SSL_VERIFY_UNSET
+};
+
+
+
+class cSslConfig
+{
+ friend class cSslContext;
+public:
+ /** Type of the SSL debug callback.
+ Parameters are:
+ void * Opaque context for the callback
+ int Debug level
+ const char * File name
+ int Line number
+ const char * Message */
+ using cDebugCallback = void(*)(void *, int, const char *, int, const char *);
+
+ /** Type of the SSL certificate verify callback.
+ Parameters are:
+ void * Opaque context for the callback
+ mbedtls_x509_crt * Current cert
+ int Cert chain depth
+ uint32_t * Verification flags */
+ using cVerifyCallback = int(*)(void *, mbedtls_x509_crt *, int, uint32_t *);
+
+ cSslConfig();
+ ~cSslConfig();
+
+ /** Initialize with mbedTLS default settings. */
+ int InitDefaults(bool a_IsClient);
+
+ /** Set the authorization mode. */
+ void SetAuthMode(eSslAuthMode a_AuthMode);
+
+ /** Set the random number generator. */
+ void SetRng(cCtrDrbgContextPtr a_CtrDrbg);
+
+ /** Set the debug callback. */
+ void SetDebugCallback(cDebugCallback a_CallbackFun, void * a_CallbackData);
+
+ /** Set the certificate verify callback. */
+ void SetVerifyCallback(cVerifyCallback a_CallbackFun, void * a_CallbackData);
+
+ /** Set the enabled cipher suites. */
+ void SetCipherSuites(std::vector<int> a_CipherSuites);
+
+ /** Set the certificate to use for connections. */
+ void SetOwnCert(cX509CertPtr a_OwnCert, cCryptoKeyPtr a_OwnCertPrivKey);
+
+ /** Set the trusted certificate authority chain. */
+ void SetCACerts(cX509CertPtr a_CACert);
+
+ /** Creates a new config with some sensible defaults on top of mbedTLS basic settings. */
+ static std::shared_ptr<cSslConfig> MakeDefaultConfig(bool a_IsClient);
+
+ /** Returns the default config for client connections. */
+ static std::shared_ptr<const cSslConfig> GetDefaultClientConfig();
+
+ /** Returns the default config for server connections. */
+ static std::shared_ptr<const cSslConfig> GetDefaultServerConfig();
+
+private:
+
+ /** Returns a pointer to the wrapped mbedtls representation. */
+ const mbedtls_ssl_config * GetInternal() const { return &m_Config; }
+
+ mbedtls_ssl_config m_Config;
+ cCtrDrbgContextPtr m_CtrDrbg;
+ cX509CertPtr m_OwnCert;
+ cCryptoKeyPtr m_OwnCertPrivKey;
+ cX509CertPtr m_CACerts;
+ std::vector<int> m_CipherSuites;
+};