icinga2/base/tlsclient.h

88 lines
3.0 KiB
C
Raw Normal View History

/******************************************************************************
* Icinga 2 *
* Copyright (C) 2012 Icinga Development Team (http://www.icinga.org/) *
* *
* This program is free software; you can redistribute it and/or *
* modify it under the terms of the GNU General Public License *
* as published by the Free Software Foundation; either version 2 *
* of the License, or (at your option) any later version. *
* *
* This program is distributed in the hope that it will be useful, *
* but WITHOUT ANY WARRANTY; without even the implied warranty of *
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
* GNU General Public License for more details. *
* *
* You should have received a copy of the GNU General Public License *
* along with this program; if not, write to the Free Software Foundation *
2012-05-11 13:33:57 +02:00
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA. *
******************************************************************************/
2012-04-24 14:02:15 +02:00
#ifndef TLSCLIENT_H
#define TLSCLIENT_H
namespace icinga
{
/**
* Event arguments for the "SSL certificate verification" event.
2012-05-18 22:21:28 +02:00
*
* @ingroup base
*/
2012-04-24 14:02:15 +02:00
struct I2_BASE_API VerifyCertificateEventArgs : public EventArgs
{
bool ValidCertificate; /**< Whether the certificate is valid, can be
changed by the event handler. */
X509_STORE_CTX *Context; /**< The X509 store context. */
shared_ptr<X509> Certificate; /**< The X509 certificate that should
ve verified. */
2012-04-24 14:02:15 +02:00
};
/**
* A TLS client connection.
2012-05-18 22:21:28 +02:00
*
* @ingroup base
*/
class I2_BASE_API TlsClient : public TcpClient
2012-04-24 14:02:15 +02:00
{
public:
TlsClient(TcpClientRole role, shared_ptr<SSL_CTX> sslContext);
shared_ptr<X509> GetClientCertificate(void) const;
shared_ptr<X509> GetPeerCertificate(void) const;
virtual void Start(void);
virtual bool WantsToRead(void) const;
virtual bool WantsToWrite(void) const;
boost::signal<void (const VerifyCertificateEventArgs&)> OnVerifyCertificate;
protected:
void HandleSSLError(void);
2012-04-24 14:02:15 +02:00
private:
shared_ptr<SSL_CTX> m_SSLContext;
shared_ptr<SSL> m_SSL;
bool m_BlockRead;
bool m_BlockWrite;
static int m_SSLIndex;
static bool m_SSLIndexInitialized;
2012-04-24 14:02:15 +02:00
virtual int ReadableEventHandler(const EventArgs& ea);
virtual int WritableEventHandler(const EventArgs& ea);
virtual void CloseInternal(bool from_dtor);
static void NullCertificateDeleter(X509 *certificate);
static int SSLVerifyCertificate(int ok, X509_STORE_CTX *x509Context);
2012-04-24 14:02:15 +02:00
};
TcpClient::Ptr TlsClientFactory(TcpClientRole role, shared_ptr<SSL_CTX> sslContext);
2012-04-24 14:02:15 +02:00
}
#endif /* TLSCLIENT_H */