Apache Mesos
Main Page
Related Pages
Namespaces
Classes
Files
Examples
File List
File Members
3rdparty
libprocess
src
openssl.hpp
Go to the documentation of this file.
1
// Licensed under the Apache License, Version 2.0 (the "License");
2
// you may not use this file except in compliance with the License.
3
// You may obtain a copy of the License at
4
//
5
// http://www.apache.org/licenses/LICENSE-2.0
6
//
7
// Unless required by applicable law or agreed to in writing, software
8
// distributed under the License is distributed on an "AS IS" BASIS,
9
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
10
// See the License for the specific language governing permissions and
11
// limitations under the License
12
13
#ifndef __OPENSSL_HPP__
14
#define __OPENSSL_HPP__
15
16
#ifdef __WINDOWS__
17
// NOTE: This must be included before the OpenSSL headers as it includes
18
// `WinSock2.h` and `Windows.h` in the correct order.
19
#include <
stout/windows.hpp
>
20
#endif // __WINDOWS__
21
22
#include <openssl/ssl.h>
23
24
#include <string>
25
26
#include <
stout/ip.hpp
>
27
#include <
stout/nothing.hpp
>
28
#include <
stout/option.hpp
>
29
#include <
stout/try.hpp
>
30
31
namespace
process
{
32
namespace
network {
33
namespace
openssl {
34
35
// Initializes the _global_ OpenSSL context (SSL_CTX) as well as the
36
// crypto library in order to support multi-threading. The global
37
// context gets initialized using the environment variables:
38
//
39
// LIBPROCESS_SSL_ENABLED=(false|0,true|1)
40
// LIBPROCESS_SSL_SUPPORT_DOWNGRADE=(false|0,true|1)
41
// LIBPROCESS_SSL_CERT_FILE=(path to certificate)
42
// LIBPROCESS_SSL_KEY_FILE=(path to key)
43
// LIBPROCESS_SSL_VERIFY_CERT=(false|0,true|1)
44
// LIBPROCESS_SSL_REQUIRE_CERT=(false|0,true|1)
45
// LIBPROCESS_SSL_VERIFY_IPADD=(false|0,true|1)
46
// LIBPROCESS_SSL_VERIFY_DEPTH=(4)
47
// LIBPROCESS_SSL_CA_DIR=(path to CA directory)
48
// LIBPROCESS_SSL_CA_FILE=(path to CA file)
49
// LIBPROCESS_SSL_CIPHERS=(accepted ciphers separated by ':')
50
// LIBPROCESS_SSL_ENABLE_SSL_V3=(false|0,true|1)
51
// LIBPROCESS_SSL_ENABLE_TLS_V1_0=(false|0,true|1)
52
// LIBPROCESS_SSL_ENABLE_TLS_V1_1=(false|0,true|1)
53
// LIBPROCESS_SSL_ENABLE_TLS_V1_2=(false|0,true|1)
54
// LIBPROCESS_SSL_ECDH_CURVES=(auto|list of curves separated by ':')
55
//
56
// TODO(benh): When/If we need to support multiple contexts in the
57
// same process, for example for Server Name Indication (SNI), then
58
// we'll add other functions for initializing an SSL_CTX based on
59
// these environment variables.
60
// TODO(nneilsen): Support certification revocation.
61
void
initialize
();
62
63
// Returns the _global_ OpenSSL context.
64
SSL_CTX*
context
();
65
66
// Verify that the hostname is properly associated with the peer
67
// certificate associated with the specified SSL connection.
68
Try<Nothing>
verify
(
69
const
SSL*
const
ssl,
70
const
Option<std::string>
&
hostname
=
None
(),
71
const
Option<net::IP>
& ip =
None
());
72
73
}
// namespace openssl {
74
}
// namespace network {
75
}
// namespace process {
76
77
#endif // __OPENSSL_HPP__
Option< std::string >
Try
Definition:
try.hpp:34
ip.hpp
windows.hpp
process::network::openssl::context
SSL_CTX * context()
nothing.hpp
net::hostname
Try< std::string > hostname()
Definition:
net.hpp:154
option.hpp
os::process
Result< Process > process(pid_t pid)
Definition:
freebsd.hpp:30
None
Definition:
none.hpp:27
try.hpp
process::network::openssl::initialize
void initialize()
Definition:
net.hpp:74
process::network::openssl::verify
Try< Nothing > verify(const SSL *const ssl, const Option< std::string > &hostname=None(), const Option< net::IP > &ip=None())
Generated by
1.8.5
1.8.5