OpenVPN 3 Core Library
Loading...
Searching...
No Matches
Classes | Public Types | Public Member Functions | Static Public Member Functions | Private Types | Private Member Functions | Static Private Member Functions | Private Attributes | List of all members
openvpn::OpenSSLContext Class Reference

#include <sslctx.hpp>

Inheritance diagram for openvpn::OpenSSLContext:
[legend]
Collaboration diagram for openvpn::OpenSSLContext:
[legend]

Classes

class  Config
 
class  SSL
 

Public Types

enum  { MAX_CIPHERTEXT_IN = 64 }
 
typedef RCPtr< OpenSSLContextPtr
 
typedef CertCRLListTemplate< OpenSSLPKI::X509List, OpenSSLPKI::CRLListCertCRLList
 
- Public Types inherited from openvpn::SSLFactoryAPI
typedef RCPtr< SSLFactoryAPIPtr
 
- Public Types inherited from openvpn::RC< thread_unsafe_refcount >
typedef RCPtr< RCPtr
 

Public Member Functions

SSLAPI::Ptr ssl () override
 
SSLAPI::Ptr ssl (const std::string *hostname, const std::string *cache_key) override
 
SSLLib::Ctx libctx () override
 
void update_trust (const CertCRLList &cc)
 
 ~OpenSSLContext ()=default
 
const Modemode () const override
 
- Public Member Functions inherited from openvpn::SSLFactoryAPI
 OPENVPN_EXCEPTION (ssl_options_error)
 
 OPENVPN_EXCEPTION (ssl_context_error)
 
 OPENVPN_EXCEPTION (ssl_external_pki)
 
 OPENVPN_SIMPLE_EXCEPTION (ssl_ciphertext_in_overflow)
 
- Public Member Functions inherited from openvpn::RC< thread_unsafe_refcount >
 RC () noexcept=default
 
 RC (const RC &)=delete
 
virtual ~RC ()=default
 
RCoperator= (const RC &)=delete
 
olong use_count () const noexcept
 Delegates call to RCImpl and returns the result.
 

Static Public Member Functions

static std::string translate_cipher_list (std::string cipherlist)
 
static constexpr bool support_key_material_export ()
 
- Static Public Member Functions inherited from openvpn::RC< thread_unsafe_refcount >
static constexpr bool is_thread_safe ()
 Delegates call to RCImpl and returns the result.
 
- Static Public Member Functions inherited from openvpn::logging::LoggingMixin< logging::LOG_LEVEL_VERB, logging::LOG_LEVEL_TRACE, SSLFactoryAPI >
static int log_level ()
 return the current logging level for all logging
 
static void set_log_level (int level)
 set the log level for all loggigng
 

Private Types

using SSL_CTX_unique_ptr = std::unique_ptr<::SSL_CTX, decltype(&::SSL_CTX_free)>
 

Private Member Functions

void setup_server_ticket_callback () const
 
 OpenSSLContext (Config *config_arg)
 
bool ns_cert_type_defined () const
 
bool verify_ns_cert_type (::X509 *cert) const
 
void set_openssl_tls_groups (const std::string &tls_groups)
 
bool x509_cert_ku_defined () const
 
bool verify_x509_cert_ku (::X509 *cert) const
 
bool x509_cert_eku_defined () const
 
bool verify_x509_cert_eku (::X509 *cert) const
 
bool deferred_cert_verify_failsafe (const SSL &ssl) const
 

Static Private Member Functions

static void x509_track_extract_nid (const X509Track::Type xt_type, const int nid, ::X509 *cert, const int depth, X509Track::Set &xts)
 
static void x509_track_extract_from_cert (::X509 *cert, const int depth, const X509Track::ConfigSet &cs, X509Track::Set &xts)
 
static void load_serial_number_into_authcert (AuthCert &authcert, ::X509 *cert)
 
static std::string cert_status_line (int preverify_ok, int depth, int err, const std::string &signature, const std::string &subject)
 
static AuthCert::Fail::Type cert_fail_code (const int openssl_err)
 
static int check_cert_warnings (const X509 *cert)
 
static int verify_callback_client (int preverify_ok, X509_STORE_CTX *ctx)
 
static int verify_callback_server (int preverify_ok, X509_STORE_CTX *ctx)
 
static void info_callback (const ::SSL *s, int where, int ret)
 
static int tls_ticket_key_callback (::SSL *ssl, unsigned char key_name[16], unsigned char iv[EVP_MAX_IV_LENGTH], ::EVP_CIPHER_CTX *ctx, ssl_mac_ctx *hctx, int enc)
 
static bool tls_ticket_init_cipher_hmac (const TLSSessionTicketBase::Key &key, unsigned char iv[EVP_MAX_IV_LENGTH], ::EVP_CIPHER_CTX *ctx, ssl_mac_ctx *mctx, const int enc)
 
static bool randomize_name_key (TLSSessionTicketBase::Name &name, TLSSessionTicketBase::Key &key)
 
static int client_hello_callback (::SSL *s, int *al, void *)
 
static int sni_error (std::string err, const int ssl_ad_error, OpenSSLContext *self, SSL *self_ssl, int *al)
 
static size_t sni_get_len (ConstBuffer &buf)
 
static std::string client_hello_get_sni (::SSL *s)
 

Private Attributes

std::shared_ptr< ExternalPKIImplepki = nullptr
 
Config::Ptr config
 
SSL_CTX_unique_ptr ctx {nullptr, &SSL_CTX_free}
 
OpenSSLSessionCache::Ptr sess_cache
 

Additional Inherited Members

- Static Public Attributes inherited from openvpn::logging::LoggingMixin< logging::LOG_LEVEL_VERB, logging::LOG_LEVEL_TRACE, SSLFactoryAPI >
static constexpr int max_log_level
 
static constexpr int default_log_level
 
- Static Protected Attributes inherited from openvpn::logging::LoggingMixin< logging::LOG_LEVEL_VERB, logging::LOG_LEVEL_TRACE, SSLFactoryAPI >
static logging::Logger< DEFAULT_LOG_LEVEL, MAX_LEVEL > log_
 

Detailed Description

Definition at line 103 of file sslctx.hpp.

Member Typedef Documentation

◆ CertCRLList

typedef CertCRLListTemplate<OpenSSLPKI::X509List, OpenSSLPKI::CRLList> openvpn::OpenSSLContext::CertCRLList

Definition at line 109 of file sslctx.hpp.

◆ Ptr

typedef RCPtr<OpenSSLContext> openvpn::OpenSSLContext::Ptr

Definition at line 108 of file sslctx.hpp.

◆ SSL_CTX_unique_ptr

using openvpn::OpenSSLContext::SSL_CTX_unique_ptr = std::unique_ptr<::SSL_CTX, decltype(&::SSL_CTX_free)>
private

Definition at line 105 of file sslctx.hpp.

Member Enumeration Documentation

◆ anonymous enum

anonymous enum
Enumerator
MAX_CIPHERTEXT_IN 

Definition at line 111 of file sslctx.hpp.

Constructor & Destructor Documentation

◆ OpenSSLContext()

openvpn::OpenSSLContext::OpenSSLContext ( Config config_arg)
inlineprivate

Definition at line 1232 of file sslctx.hpp.

◆ ~OpenSSLContext()

openvpn::OpenSSLContext::~OpenSSLContext ( )
default

Member Function Documentation

◆ cert_fail_code()

static AuthCert::Fail::Type openvpn::OpenSSLContext::cert_fail_code ( const int  openssl_err)
inlinestaticprivate

Definition at line 1849 of file sslctx.hpp.

Here is the caller graph for this function:

◆ cert_status_line()

static std::string openvpn::OpenSSLContext::cert_status_line ( int  preverify_ok,
int  depth,
int  err,
const std::string &  signature,
const std::string &  subject 
)
inlinestaticprivate

Definition at line 1819 of file sslctx.hpp.

Here is the caller graph for this function:

◆ check_cert_warnings()

static int openvpn::OpenSSLContext::check_cert_warnings ( const X509 *  cert)
inlinestaticprivate

Definition at line 1862 of file sslctx.hpp.

Here is the caller graph for this function:

◆ client_hello_callback()

static int openvpn::OpenSSLContext::client_hello_callback ( ::SSL *  s,
int *  al,
void *   
)
inlinestaticprivate

Definition at line 2272 of file sslctx.hpp.

Here is the caller graph for this function:

◆ client_hello_get_sni()

static std::string openvpn::OpenSSLContext::client_hello_get_sni ( ::SSL *  s)
inlinestaticprivate

Definition at line 2358 of file sslctx.hpp.

Here is the caller graph for this function:

◆ deferred_cert_verify_failsafe()

bool openvpn::OpenSSLContext::deferred_cert_verify_failsafe ( const SSL ssl) const
inlineprivate

Definition at line 2397 of file sslctx.hpp.

Here is the caller graph for this function:

◆ info_callback()

static void openvpn::OpenSSLContext::info_callback ( const ::SSL *  s,
int  where,
int  ret 
)
inlinestaticprivate

Definition at line 2143 of file sslctx.hpp.

Here is the caller graph for this function:

◆ libctx()

SSLLib::Ctx openvpn::OpenSSLContext::libctx ( )
inlineoverridevirtual

Implements openvpn::SSLFactoryAPI.

Definition at line 1537 of file sslctx.hpp.

Here is the caller graph for this function:

◆ load_serial_number_into_authcert()

static void openvpn::OpenSSLContext::load_serial_number_into_authcert ( AuthCert authcert,
::X509 *  cert 
)
inlinestaticprivate

Definition at line 1802 of file sslctx.hpp.

Here is the caller graph for this function:

◆ mode()

const Mode & openvpn::OpenSSLContext::mode ( ) const
inlineoverridevirtual

Implements openvpn::SSLFactoryAPI.

Definition at line 1556 of file sslctx.hpp.

◆ ns_cert_type_defined()

bool openvpn::OpenSSLContext::ns_cert_type_defined ( ) const
inlineprivate

Definition at line 1590 of file sslctx.hpp.

Here is the caller graph for this function:

◆ randomize_name_key()

static bool openvpn::OpenSSLContext::randomize_name_key ( TLSSessionTicketBase::Name name,
TLSSessionTicketBase::Key key 
)
inlinestaticprivate

Definition at line 2260 of file sslctx.hpp.

◆ set_openssl_tls_groups()

void openvpn::OpenSSLContext::set_openssl_tls_groups ( const std::string &  tls_groups)
inlineprivate

Definition at line 1606 of file sslctx.hpp.

Here is the caller graph for this function:

◆ setup_server_ticket_callback()

void openvpn::OpenSSLContext::setup_server_ticket_callback ( ) const
inlineprivate

Definition at line 1216 of file sslctx.hpp.

Here is the caller graph for this function:

◆ sni_error()

static int openvpn::OpenSSLContext::sni_error ( std::string  err,
const int  ssl_ad_error,
OpenSSLContext self,
SSL self_ssl,
int *  al 
)
inlinestaticprivate

Definition at line 2337 of file sslctx.hpp.

Here is the caller graph for this function:

◆ sni_get_len()

static size_t openvpn::OpenSSLContext::sni_get_len ( ConstBuffer buf)
inlinestaticprivate

Definition at line 2351 of file sslctx.hpp.

Here is the caller graph for this function:

◆ ssl() [1/2]

SSLAPI::Ptr openvpn::OpenSSLContext::ssl ( )
inlineoverridevirtual

Implements openvpn::SSLFactoryAPI.

Definition at line 1526 of file sslctx.hpp.

Here is the caller graph for this function:

◆ ssl() [2/2]

SSLAPI::Ptr openvpn::OpenSSLContext::ssl ( const std::string *  hostname,
const std::string *  cache_key 
)
inlineoverridevirtual

Implements openvpn::SSLFactoryAPI.

Definition at line 1532 of file sslctx.hpp.

◆ support_key_material_export()

static constexpr bool openvpn::OpenSSLContext::support_key_material_export ( )
inlinestaticconstexpr

Definition at line 1561 of file sslctx.hpp.

◆ tls_ticket_init_cipher_hmac()

static bool openvpn::OpenSSLContext::tls_ticket_init_cipher_hmac ( const TLSSessionTicketBase::Key key,
unsigned char  iv[EVP_MAX_IV_LENGTH],
::EVP_CIPHER_CTX *  ctx,
ssl_mac_ctx mctx,
const int  enc 
)
inlinestaticprivate

Definition at line 2235 of file sslctx.hpp.

Here is the caller graph for this function:

◆ tls_ticket_key_callback()

static int openvpn::OpenSSLContext::tls_ticket_key_callback ( ::SSL *  ssl,
unsigned char  key_name[16],
unsigned char  iv[EVP_MAX_IV_LENGTH],
::EVP_CIPHER_CTX *  ctx,
ssl_mac_ctx hctx,
int  enc 
)
inlinestaticprivate

Definition at line 2164 of file sslctx.hpp.

Here is the caller graph for this function:

◆ translate_cipher_list()

static std::string openvpn::OpenSSLContext::translate_cipher_list ( std::string  cipherlist)
inlinestatic

Definition at line 1178 of file sslctx.hpp.

Here is the caller graph for this function:

◆ update_trust()

void openvpn::OpenSSLContext::update_trust ( const CertCRLList cc)
inline

Definition at line 1548 of file sslctx.hpp.

Here is the caller graph for this function:

◆ verify_callback_client()

static int openvpn::OpenSSLContext::verify_callback_client ( int  preverify_ok,
X509_STORE_CTX *  ctx 
)
inlinestaticprivate

Definition at line 1881 of file sslctx.hpp.

Here is the caller graph for this function:

◆ verify_callback_server()

static int openvpn::OpenSSLContext::verify_callback_server ( int  preverify_ok,
X509_STORE_CTX *  ctx 
)
inlinestaticprivate

Definition at line 1991 of file sslctx.hpp.

Here is the caller graph for this function:

◆ verify_ns_cert_type()

bool openvpn::OpenSSLContext::verify_ns_cert_type ( ::X509 *  cert) const
inlineprivate

Definition at line 1595 of file sslctx.hpp.

Here is the caller graph for this function:

◆ verify_x509_cert_eku()

bool openvpn::OpenSSLContext::verify_x509_cert_eku ( ::X509 *  cert) const
inlineprivate

Definition at line 1695 of file sslctx.hpp.

Here is the caller graph for this function:

◆ verify_x509_cert_ku()

bool openvpn::OpenSSLContext::verify_x509_cert_ku ( ::X509 *  cert) const
inlineprivate

Definition at line 1650 of file sslctx.hpp.

Here is the caller graph for this function:

◆ x509_cert_eku_defined()

bool openvpn::OpenSSLContext::x509_cert_eku_defined ( ) const
inlineprivate

Definition at line 1690 of file sslctx.hpp.

Here is the caller graph for this function:

◆ x509_cert_ku_defined()

bool openvpn::OpenSSLContext::x509_cert_ku_defined ( ) const
inlineprivate

Definition at line 1645 of file sslctx.hpp.

Here is the caller graph for this function:

◆ x509_track_extract_from_cert()

static void openvpn::OpenSSLContext::x509_track_extract_from_cert ( ::X509 *  cert,
const int  depth,
const X509Track::ConfigSet cs,
X509Track::Set xts 
)
inlinestaticprivate

Definition at line 1739 of file sslctx.hpp.

Here is the caller graph for this function:

◆ x509_track_extract_nid()

static void openvpn::OpenSSLContext::x509_track_extract_nid ( const X509Track::Type  xt_type,
const int  nid,
::X509 *  cert,
const int  depth,
X509Track::Set xts 
)
inlinestaticprivate

Definition at line 1728 of file sslctx.hpp.

Here is the caller graph for this function:

Member Data Documentation

◆ config

Config::Ptr openvpn::OpenSSLContext::config
private

Definition at line 2410 of file sslctx.hpp.

◆ ctx

SSL_CTX_unique_ptr openvpn::OpenSSLContext::ctx {nullptr, &SSL_CTX_free}
private

Definition at line 2412 of file sslctx.hpp.

◆ epki

std::shared_ptr<ExternalPKIImpl> openvpn::OpenSSLContext::epki = nullptr
private

Definition at line 2409 of file sslctx.hpp.

◆ sess_cache

OpenSSLSessionCache::Ptr openvpn::OpenSSLContext::sess_cache
private

Definition at line 2413 of file sslctx.hpp.

The documentation for this class was generated from the following file: