summaryrefslogtreecommitdiffstats
path: root/src/PolarSSL++/BlockingSslClientSocket.h
diff options
context:
space:
mode:
authorMattes D <github@xoft.cz>2014-04-30 17:05:13 +0200
committerMattes D <github@xoft.cz>2014-04-30 17:05:13 +0200
commit014fab58e6eafce87a092aa859c5008dbdaa5c7b (patch)
treeac4ea8515e0461483714e18cef7bbb961f0fbec3 /src/PolarSSL++/BlockingSslClientSocket.h
parentDelayed sending the KeepAlive packet for 3 seconds after login. (diff)
parentRemoved unneeded #includes. (diff)
downloadcuberite-014fab58e6eafce87a092aa859c5008dbdaa5c7b.tar
cuberite-014fab58e6eafce87a092aa859c5008dbdaa5c7b.tar.gz
cuberite-014fab58e6eafce87a092aa859c5008dbdaa5c7b.tar.bz2
cuberite-014fab58e6eafce87a092aa859c5008dbdaa5c7b.tar.lz
cuberite-014fab58e6eafce87a092aa859c5008dbdaa5c7b.tar.xz
cuberite-014fab58e6eafce87a092aa859c5008dbdaa5c7b.tar.zst
cuberite-014fab58e6eafce87a092aa859c5008dbdaa5c7b.zip
Diffstat (limited to 'src/PolarSSL++/BlockingSslClientSocket.h')
-rw-r--r--src/PolarSSL++/BlockingSslClientSocket.h80
1 files changed, 80 insertions, 0 deletions
diff --git a/src/PolarSSL++/BlockingSslClientSocket.h b/src/PolarSSL++/BlockingSslClientSocket.h
new file mode 100644
index 000000000..7af897582
--- /dev/null
+++ b/src/PolarSSL++/BlockingSslClientSocket.h
@@ -0,0 +1,80 @@
+
+// BlockingSslClientSocket.h
+
+// Declares the cBlockingSslClientSocket class representing a blocking TCP socket with client SSL encryption over it
+
+
+
+
+
+#pragma once
+
+#include "CallbackSslContext.h"
+#include "../OSSupport/Socket.h"
+
+
+
+
+
+class cBlockingSslClientSocket :
+ protected cCallbackSslContext::cDataCallbacks
+{
+public:
+ cBlockingSslClientSocket(void);
+
+ /** Connects to the specified server and performs SSL handshake.
+ Returns true if successful, false on failure. Sets internal error text on failure. */
+ bool Connect(const AString & a_ServerName, UInt16 a_Port);
+
+ /** Sends the specified data over the connection.
+ Returns true if successful, false on failure. Sets the internal error text on failure. */
+ bool Send(const void * a_Data, size_t a_NumBytes);
+
+ /** Receives data from the connection.
+ Blocks until there is any data available, then returns as much as possible.
+ Returns the number of bytes actually received, negative number on failure.
+ Sets the internal error text on failure. */
+ int Receive(void * a_Data, size_t a_MaxBytes);
+
+ /** Disconnects the connection gracefully, if possible.
+ Note that this also frees the internal SSL context, so all the certificates etc. are lost. */
+ void Disconnect(void);
+
+ /** Sets the root certificates that are to be trusted. Forces the connection to use strict cert
+ verification. Needs to be used before calling Connect().
+ a_ExpectedPeerName is the name that we expect to receive in the SSL peer's cert; verification will fail if
+ the presented name is different (possible MITM).
+ Returns true on success, false on failure. Sets internal error text on failure. */
+ bool SetTrustedRootCertsFromString(const AString & a_CACerts, const AString & a_ExpectedPeerName);
+
+ /** Returns the text of the last error that has occurred in this instance. */
+ const AString & GetLastErrorText(void) const { return m_LastErrorText; }
+
+protected:
+ /** The SSL context used for the socket */
+ cCallbackSslContext m_Ssl;
+
+ /** The underlying socket to the SSL server */
+ cSocket m_Socket;
+
+ /** The trusted CA root cert store, if we are to verify the cert strictly. Set by SetTrustedRootCertsFromString(). */
+ cX509CertPtr m_CACerts;
+
+ /** The expected SSL peer's name, if we are to verify the cert strictly. Set by SetTrustedRootCertsFromString(). */
+ AString m_ExpectedPeerName;
+
+ /** Text of the last error that has occurred. */
+ AString m_LastErrorText;
+
+ /** Set to true if the connection established successfully. */
+ bool m_IsConnected;
+
+
+ // cCallbackSslContext::cDataCallbacks overrides:
+ virtual int ReceiveEncrypted(unsigned char * a_Buffer, size_t a_NumBytes) override;
+ virtual int SendEncrypted(const unsigned char * a_Buffer, size_t a_NumBytes) override;
+} ;
+
+
+
+