Common secure socket support.
More...
#include <secure.h>
|
typedef void * | bufio_t |
| Convenience type to represent a secure socket buf i/o stream.
|
|
typedef void * | cert_t |
| Convenience type to represent a ssl certificate object.
|
|
typedef secure * | client_t |
| Convenience type to represent a security context.
|
|
enum | error_t {
OK =0
, INVALID
, MISSING_CERTIFICATE
, MISSING_PRIVATEKEY
,
INVALID_CERTIFICATE
, INVALID_AUTHORITY
, INVALID_PEERNAME
, INVALID_CIPHER
} |
| Different error states of the security context. More...
|
|
typedef byteref< secure_release > | keybytes |
|
typedef secure * | server_t |
|
typedef void * | session_t |
| Convenience type to represent a secure socket session.
|
|
typedef stringref< secure_release > | string |
|
enum | verify_t { NONE
, SIGNED
, VERIFIED
} |
|
|
error_t | err (void) const |
| Get last error code associated with the security context.
|
|
bool | is_valid (void) const |
| Determine if the current security context is valid.
|
|
| operator bool () const |
|
bool | operator! () const |
|
virtual | ~secure () |
| This is derived in different back-end libraries, and will be used to clear certificate credentials.
|
|
|
static void | cipher (secure *context, const char *ciphers) |
| Assign a non-default cipher to the context.
|
|
static client_t | client (const char *authority=NULL, const char *paths=NULL) |
| Create an anonymous client context with an optional authority to validate.
|
|
static bool | fips (void) |
| Initialize secure stack with fips support.
|
|
static bool | init (void) |
| Initialize secure stack for first use, and report if SSL support is compiled in.
|
|
static int | oscerts (const char *path) |
| Copy system certificates to a local path.
|
|
static const char * | oscerts (void) |
| Get path to system certificates.
|
|
static secure::string | pass (const char *prompt, size_t size) |
|
static server_t | server (const char *keyfile=NULL, const char *authority=NULL) |
| Create a sever context.
|
|
static client_t | user (const char *authority) |
| Create a peer user client context.
|
|
static void | uuid (char *string) |
| Create 36 character traditional version 1 uuid.
|
|
static secure::string | uuid (void) |
|
Common secure socket support.
This offers common routines needed for secure/ssl socket support code.
- Author
- David Sugar dyfet.nosp@m.@gnu.nosp@m.telep.nosp@m.hony.nosp@m..org
Definition at line 128 of file secure.h.
◆ bufio_t
Convenience type to represent a secure socket buf i/o stream.
Definition at line 180 of file secure.h.
◆ cert_t
Convenience type to represent a ssl certificate object.
Definition at line 175 of file secure.h.
◆ client_t
Convenience type to represent a security context.
Definition at line 163 of file secure.h.
◆ keybytes
typedef byteref<secure_release> ucommon::secure::keybytes |
◆ server_t
◆ session_t
Convenience type to represent a secure socket session.
Definition at line 170 of file secure.h.
◆ string
typedef stringref<secure_release> ucommon::secure::string |
◆ error_t
Different error states of the security context.
Definition at line 134 of file secure.h.
◆ verify_t
enum ucommon::secure::verify_t |
◆ secure()
ucommon::secure::secure |
( |
| ) |
|
|
inlineprotected |
◆ cipher()
static void ucommon::secure::cipher |
( |
secure * | context, |
|
|
const char * | ciphers ) |
|
static |
Assign a non-default cipher to the context.
- Parameters
-
context | to set cipher for. |
ciphers | to set. |
◆ client()
static client_t ucommon::secure::client |
( |
const char * | authority = NULL, |
|
|
const char * | paths = NULL ) |
|
static |
Create an anonymous client context with an optional authority to validate.
- Parameters
-
authority | path to use or NULL if none. |
paths | of certificates to use. |
- Returns
- a basic client security context.
◆ err()
error_t ucommon::secure::err |
( |
void | | ) |
const |
|
inline |
Get last error code associated with the security context.
- Returns
- last error code or 0/OK if none.
Definition at line 257 of file secure.h.
◆ fips()
static bool ucommon::secure::fips |
( |
void | | ) |
|
|
static |
Initialize secure stack with fips support.
If fips support is not successfully enabled, the secure stack is also not initialized. Hence init() can be used for non-fips certified operation if fips fails.
- Returns
- true if fips support enabled and stack initialized.
◆ init()
static bool ucommon::secure::init |
( |
void | | ) |
|
|
static |
Initialize secure stack for first use, and report if SSL support is compiled in.
- Returns
- true if ssl support is available, false if not.
◆ is_valid()
bool ucommon::secure::is_valid |
( |
void | | ) |
const |
|
inline |
Determine if the current security context is valid.
- Returns
- true if valid, -1 if not.
Definition at line 249 of file secure.h.
◆ operator bool()
ucommon::secure::operator bool |
( |
| ) |
const |
|
inline |
◆ operator!()
bool ucommon::secure::operator! |
( |
| ) |
const |
|
inline |
◆ oscerts() [1/2]
static int ucommon::secure::oscerts |
( |
const char * | path | ) |
|
|
static |
Copy system certificates to a local path.
- Parameters
-
- Returns
- 0 or error number on failure.
◆ oscerts() [2/2]
static const char * ucommon::secure::oscerts |
( |
void | | ) |
|
|
static |
Get path to system certificates.
- Returns
- path to system certificates.
◆ server()
static server_t ucommon::secure::server |
( |
const char * | keyfile = NULL, |
|
|
const char * | authority = NULL ) |
|
static |
Create a sever context.
The certificate file used will be based on the init() method name. This may often be /etc/ssl/certs/initname.pem. Similarly, a matching private key certificate will also be loaded. An optional certificate authority document can be used when we are establishing a service which ssl clients have their own certificates.
- Parameters
-
authority | path to use or NULL if none. |
- Returns
- a security context that is cast from derived library.
◆ user()
static client_t ucommon::secure::user |
( |
const char * | authority | ) |
|
|
static |
Create a peer user client context.
This assumes a user certificate in ~/.ssl/certs and the user private key in ~/.ssl/private. The path to an authority is also sent.
- Parameters
-
◆ uuid()
static void ucommon::secure::uuid |
( |
char * | string | ) |
|
|
static |
Create 36 character traditional version 1 uuid.
- Parameters
-
string | to write uuid into, must be 37 bytes or more. |
◆ error
Last error flagged for this context.
Definition at line 149 of file secure.h.
The documentation for this class was generated from the following file:
- /builddir/build/BUILD/ucommon-7.0.0-build/ucommon-7.0.0/inc/ucommon/secure.h