26#include <openssl/ssl.h>
29#ifndef QB_IO_TCP_SSL_SOCKET_H_
30#define QB_IO_TCP_SSL_SOCKET_H_
32namespace qb::io::ssl {
80 std::filesystem::path key_path);
280 SSL_SESSION *_session_handle =
nullptr;
284 [[nodiscard]]
bool is_valid()
const {
return _session_handle !=
nullptr; }
306namespace qb::io::tcp::ssl {
321 std::unique_ptr<SSL, void (*)(SSL *)> _ssl_handle;
331 int handCheck()
noexcept;
341 int connect_in(
int af, std::string
const &host, uint16_t port)
noexcept;
352 int n_connect_in(
int af, std::string
const &host, uint16_t port)
noexcept;
356 constexpr static bool is_secure() noexcept {
return true; }
403 void init(SSL *handle =
nullptr) noexcept;
412 int connect(endpoint const &ep, std::
string const &hostname =
"") noexcept;
427 int connect_v4(std::
string const &host, uint16_t port) noexcept;
435 int connect_v6(std::
string const &host, uint16_t port) noexcept;
454 int n_connect(qb::io::endpoint const &ep, std::
string const &hostname =
"") noexcept;
513 int read(
void *data, std::
size_t size) noexcept;
524 int write(const
void *data, std::
size_t size) noexcept;
661 inline
int do_handshake() noexcept {
Class implementing TCP socket functionality for reliable, stream-oriented communication.
Definition socket.h:43
int n_connect_v6(std::string const &host, uint16_t port) noexcept
Initiate a non-blocking SSL/TLS connection to an IPv6 server.
std::string get_alpn_selected_protocol() const noexcept
Get the ALPN protocol selected by the peer (typically for clients) or by this endpoint (for servers).
bool set_verify_callback(int(*callback)(int, X509_STORE_CTX *), int verification_mode) noexcept
Set a custom X.509 certificate verification callback and mode for this SSL connection.
bool request_client_post_handshake_auth() noexcept
Request Post-Handshake Authentication from the server (client-side, TLS 1.3+).
std::string get_last_ssl_error_string() const noexcept
Get the last OpenSSL error string for the current SSL handle.
int disconnect() noexcept
Gracefully shut down the SSL/TLS connection and close the underlying socket.
int connect(endpoint const &ep, std::string const &hostname="") noexcept
Establish a blocking SSL/TLS connection to a remote endpoint.
int connected() noexcept
Finalizes a non-blocking SSL connection after the underlying TCP socket is connected.
bool set_sni_hostname(const std::string &hostname) noexcept
Set the Server Name Indication (SNI) hostname for this SSL connection.
~socket() noexcept
Destructor.
bool request_ocsp_stapling(bool enable=true) noexcept
Request OCSP stapling from the server for this connection (client-side).
int write(const void *data, std::size_t size) noexcept
Write data to be encrypted and sent over the SSL/TLS socket.
int n_connect_v4(std::string const &host, uint16_t port) noexcept
Initiate a non-blocking SSL/TLS connection to an IPv4 server.
static constexpr bool is_secure() noexcept
Indicates that this socket implementation is secure.
Definition socket.h:356
SSL * ssl_handle() const noexcept
Get the underlying OpenSSL SSL handle.
int n_connect_un(std::string const &path) noexcept
Initiate a non-blocking SSL/TLS connection over a Unix domain socket.
std::vector< qb::io::ssl::Certificate > get_peer_certificate_chain() const noexcept
Get the peer's full certificate chain.
bool disable_session_resumption() noexcept
Disable SSL/TLS session resumption for this specific connection (client-side).
int read(void *data, std::size_t size) noexcept
Read decrypted data from the secure SSL/TLS socket.
int connect_v6(std::string const &host, uint16_t port) noexcept
Establish a blocking SSL/TLS connection to an IPv6 server.
void init(SSL *handle=nullptr) noexcept
Initialize the SSL socket with an OpenSSL SSL handle.
int connect_un(std::string const &path) noexcept
Establish a blocking SSL/TLS connection over a Unix domain socket (conceptual, as SSL is typically ov...
qb::io::ssl::Certificate get_peer_certificate_details() const noexcept
Get details of the peer's certificate, if available.
int connect_v4(std::string const &host, uint16_t port) noexcept
Establish a blocking SSL/TLS connection to an IPv4 server.
qb::io::ssl::Session get_session() const noexcept
Retrieves the current SSL session from this connection.
std::string get_negotiated_cipher_suite() const noexcept
Get the negotiated cipher suite string.
int n_connect(qb::io::endpoint const &ep, std::string const &hostname="") noexcept
Initiate a non-blocking SSL/TLS connection to a remote endpoint.
socket() noexcept
Default constructor.
bool set_session(qb::io::ssl::Session &session) noexcept
Sets an SSL session to be used for resumption on this connection (client-side).
bool set_alpn_protocols(const std::vector< std::string > &protocols) noexcept
Set the ALPN protocols to offer for this specific SSL connection (client-side).
std::string get_negotiated_tls_version() const noexcept
Get the negotiated TLS protocol version string.
bool set_verify_depth(int depth) noexcept
Set the maximum verification depth for the peer certificate chain for this SSL connection.
Class for parsing, manipulating, and representing URIs.
Definition uri.h:181
bool disable_client_session_cache(SSL_CTX *ctx)
Disable client-side SSL session caching for an SSL_CTX.
SSL_CTX * create_client_context(const SSL_METHOD *method)
Create an SSL context (SSL_CTX) configured for client-side SSL/TLS operations.
bool set_ocsp_stapling_client_callback(SSL_CTX *ctx, int(*callback)(SSL *s, void *arg), void *arg)
Set a callback for the client to handle stapled OCSP responses from the server.
bool enable_post_handshake_auth_server(SSL_CTX *ctx)
Enable server-side support for TLS 1.3 Post-Handshake Authentication (PHA).
bool configure_dh_parameters_server(SSL_CTX *ctx, const std::string &dh_param_file_path)
Configure Diffie-Hellman parameters for a server SSL_CTX.
bool set_sni_hostname_selection_callback_server(SSL_CTX *ctx, int(*callback)(SSL *s, int *al, void *arg), void *arg)
Set a callback for server-side SNI (Server Name Indication) handling.
bool set_custom_verify_callback(SSL_CTX *ctx, int(*callback)(int, X509_STORE_CTX *), int verification_mode)
Set a custom callback for X.509 certificate verification.
bool configure_ecdh_curves_server(SSL_CTX *ctx, const std::string &curve_names_list)
Configure preferred ECDH curves for a server SSL_CTX.
bool set_tls_protocol_versions(SSL_CTX *ctx, int min_version, int max_version)
Set the minimum and maximum TLS protocol versions.
bool load_ca_directory(SSL_CTX *ctx, const std::string &ca_dir_path)
Load CA certificates from a directory for peer verification.
bool load_ca_certificates(SSL_CTX *ctx, const std::string &ca_file_path)
Load CA certificates from a file for peer verification.
bool set_ciphersuites_tls13(SSL_CTX *ctx, const std::string &ciphersuites)
Set the preferred cipher suites for TLS 1.3.
SSL_CTX * create_server_context(const SSL_METHOD *method, std::filesystem::path cert_path, std::filesystem::path key_path)
Create an SSL context (SSL_CTX) configured for server-side SSL/TLS operations.
bool configure_mtls_server_context(SSL_CTX *ctx, const std::string &client_ca_file_path, int verification_mode=SSL_VERIFY_PEER)
Configure client certificate authentication (mTLS) for a server SSL_CTX.
bool set_alpn_protos_client(SSL_CTX *ctx, const std::vector< std::string > &protocols)
Set the ALPN protocols for a client SSL_CTX to offer during handshake.
bool set_cipher_list(SSL_CTX *ctx, const std::string &ciphers)
Set the preferred cipher suites for TLS 1.2 and earlier.
bool configure_client_certificate(SSL_CTX *ctx, const std::string &client_cert_path, const std::string &client_key_path)
Configure a client SSL_CTX to use a specific client certificate and private key.
bool set_ocsp_stapling_responder_server(SSL_CTX *ctx, int(*callback)(SSL *s, void *arg), void *arg)
Set a callback for the server to provide an OCSP response to be stapled.
void free_session(Session &session)
Frees an SSL_SESSION object held by qb::io::ssl::Session.
bool set_alpn_selection_callback_server(SSL_CTX *ctx, SSL_CTX_alpn_select_cb_func callback, void *arg)
Set the ALPN selection callback for a server SSL_CTX.
Certificate get_certificate(SSL *ssl)
Extract certificate information from an active SSL connection.
bool set_keylog_callback(SSL_CTX *ctx, SSL_CTX_keylog_cb_func callback)
Set the SSL/TLS key log callback function.
bool enable_server_session_caching(SSL_CTX *ctx, long cache_size)
Enable and configure server-side SSL session caching.
Structure to hold essential SSL certificate information.
Definition socket.h:40
std::string subject
The subject name of the certificate.
Definition socket.h:41
int64_t version
The version number of the certificate.
Definition socket.h:43
std::string issuer
The issuer name of the certificate.
Definition socket.h:42
std::vector< std::string > subject_alternative_names
List of Subject Alternative Names (DNS, IP, etc.).
Definition socket.h:48
int64_t not_after
Certificate validity end date (Unix timestamp).
Definition socket.h:46
int64_t not_before
Certificate validity start date (Unix timestamp).
Definition socket.h:45
std::string signature_algorithm
The signature algorithm used in the certificate.
Definition socket.h:47
std::string serial_number
The serial number of the certificate as a hex string.
Definition socket.h:44
Opaque wrapper for an OpenSSL SSL_SESSION object.
Definition socket.h:279
bool is_valid() const
Checks if the session handle is valid (not null).
Definition socket.h:284
Implementation of TCP sockets for the QB IO library.
1.14.0 