#include <tlsbase.h>
An abstract base class for TLS implementations.
- Author
- Jakob Schröter js@ca.nosp@m.maya.nosp@m..net
- Since
- 0.9
Definition at line 31 of file tlsbase.h.
◆ TLSBase()
Constructor.
- Parameters
-
| th | The TLSHandler to handle TLS-related events. |
| server | The server to use in certificate verification. |
Definition at line 39 of file tlsbase.h.
◆ ~TLSBase()
Virtual destructor.
Definition at line 46 of file tlsbase.h.
◆ channelBinding()
| virtual const std::string channelBinding |
( |
| ) |
const |
|
inlinevirtual |
◆ channelBindingType()
| virtual const std::string channelBindingType |
( |
| ) |
const |
|
inlinevirtual |
Returns the type of channel binding to be used with SCRAM-SHA-1-PLUS.
- Returns
- The channel binding type, @default is "tls-unique".
Reimplemented in OpenSSLClient, and TLSDefault.
Definition at line 123 of file tlsbase.h.
◆ cleanup()
◆ decrypt()
| virtual int decrypt |
( |
const std::string & |
data | ) |
|
|
pure virtual |
Use this function to feed encrypted data or received handshake data to the encryption implementation. Handshake data will be eaten, unencrypted data will be pushed to the TLSHandler's handleDecryptedData() function.
- Parameters
-
- Returns
- The number of bytes used from the input.
Implemented in SChannel, OpenSSLBase, GnuTLSBase, and TLSDefault.
◆ encrypt()
| virtual bool encrypt |
( |
const std::string & |
data | ) |
|
|
pure virtual |
Use this function to feed unencrypted data to the encryption implementation. The encrypted result will be pushed to the TLSHandler's handleEncryptedData() function.
- Parameters
-
- Returns
- Whether or not the data was used successfully.
Implemented in SChannel, OpenSSLBase, GnuTLSBase, and TLSDefault.
◆ fetchTLSInfo()
| virtual const CertInfo& fetchTLSInfo |
( |
| ) |
const |
|
inlinevirtual |
This function is used to retrieve certificate and connection info of a encrypted connection.
- Returns
- Certificate information.
Reimplemented in TLSDefault.
Definition at line 136 of file tlsbase.h.
◆ handshake()
| virtual bool handshake |
( |
| ) |
|
|
pure virtual |
This functiopn performs the TLS handshake. Handshake data from the server side should be fed in using decrypt(). Handshake data that is to be sent to the other side is pushed through TLSBase's handleEncryptedData().
- Returns
- True if the handshake was successful or if more input is needed, false if the handshake failed.
Implemented in SChannel, OpenSSLBase, GnuTLSBase, and TLSDefault.
◆ hasChannelBinding()
| virtual bool hasChannelBinding |
( |
| ) |
const |
|
inlinevirtual |
This function indicates whether the underlying TLS implementation supports channel binding (used in e.g. SASL SCRAM-SHA-1-PLUS).
- Returns
- True if channel binding is supported, false otherwise.
Reimplemented in SChannel, OpenSSLClient, GnuTLSBase, and TLSDefault.
Definition at line 111 of file tlsbase.h.
◆ init()
Initializes the TLS module. This function must be called (and execute successfully) before the module can be used.
- Parameters
-
| clientKey | The absolute path to the user's private key in PEM format. |
| clientCerts | A path to a certificate bundle in PEM format. |
| cacerts | A list of absolute paths to CA root certificate files in PEM format. |
- Returns
- False if initialization failed, true otherwise.
- Since
- 1.0
Implemented in OpenSSLBase, GnuTLSServerAnon, GnuTLSServer, GnuTLSClientAnon, GnuTLSClient, TLSDefault, and SChannel.
◆ isSecure()
| virtual bool isSecure |
( |
| ) |
const |
|
inlinevirtual |
Returns the state of the encryption.
- Returns
- The state of the encryption.
Reimplemented in TLSDefault.
Definition at line 105 of file tlsbase.h.
◆ setCACerts()
| virtual void setCACerts |
( |
const StringList & |
cacerts | ) |
|
|
pure virtual |
Use this function to set a number of trusted root CA certificates which shall be used to verify a servers certificate.
- Parameters
-
| cacerts | A list of absolute paths to CA root certificate files in PEM format. |
Implemented in SChannel, OpenSSLBase, GnuTLSClient, TLSDefault, and GnuTLSBase.
◆ setClientCert()
| virtual void setClientCert |
( |
const std::string & |
clientKey, |
|
|
const std::string & |
clientCerts |
|
) |
| |
|
pure virtual |
Use this function to set the user's certificate and private key. The certificate will be presented to the server upon request and can be used for SASL EXTERNAL authentication. The user's certificate file should be a bundle of more than one certificate in PEM format. The first one in the file should be the user's certificate, each cert following that one should have signed the previous one.
- Note
- These certificates are not necessarily the same as those used to verify the server's certificate.
- Parameters
-
| clientKey | The absolute path to the user's private key in PEM format. |
| clientCerts | A path to a certificate bundle in PEM format. |
Implemented in SChannel, OpenSSLBase, GnuTLSClient, TLSDefault, and GnuTLSBase.
◆ setInitLib()
| void setInitLib |
( |
bool |
init | ) |
|
|
inline |
Enables/disables initialization of the underlying TLS library. By default, initialization is performed. You may want to switch it off if the TLS library is used elsewhere in your application as well and you have no control over the initialization.
- Parameters
-
| init | Whether or not to intialize the underlying TLS library. |
Definition at line 68 of file tlsbase.h.
The documentation for this class was generated from the following file:
