1/*
2 *  Copyright 2004 The WebRTC Project Authors. All rights reserved.
3 *
4 *  Use of this source code is governed by a BSD-style license
5 *  that can be found in the LICENSE file in the root of the source
6 *  tree. An additional intellectual property rights grant can be found
7 *  in the file PATENTS.  All contributing project authors may
8 *  be found in the AUTHORS file in the root of the source tree.
9 */
10
11#ifndef WEBRTC_BASE_OPENSSLADAPTER_H__
12#define WEBRTC_BASE_OPENSSLADAPTER_H__
13
14#include <string>
15#include "webrtc/base/ssladapter.h"
16
17typedef struct ssl_st SSL;
18typedef struct ssl_ctx_st SSL_CTX;
19typedef struct x509_store_ctx_st X509_STORE_CTX;
20
21namespace rtc {
22
23///////////////////////////////////////////////////////////////////////////////
24
25class OpenSSLAdapter : public SSLAdapter {
26public:
27  static bool InitializeSSL(VerificationCallback callback);
28  static bool InitializeSSLThread();
29  static bool CleanupSSL();
30
31  OpenSSLAdapter(AsyncSocket* socket);
32  virtual ~OpenSSLAdapter();
33
34  virtual int StartSSL(const char* hostname, bool restartable);
35  virtual int Send(const void* pv, size_t cb);
36  virtual int Recv(void* pv, size_t cb);
37  virtual int Close();
38
39  // Note that the socket returns ST_CONNECTING while SSL is being negotiated.
40  virtual ConnState GetState() const;
41
42protected:
43  virtual void OnConnectEvent(AsyncSocket* socket);
44  virtual void OnReadEvent(AsyncSocket* socket);
45  virtual void OnWriteEvent(AsyncSocket* socket);
46  virtual void OnCloseEvent(AsyncSocket* socket, int err);
47
48private:
49  enum SSLState {
50    SSL_NONE, SSL_WAIT, SSL_CONNECTING, SSL_CONNECTED, SSL_ERROR
51  };
52
53  int BeginSSL();
54  int ContinueSSL();
55  void Error(const char* context, int err, bool signal = true);
56  void Cleanup();
57
58  static bool VerifyServerName(SSL* ssl, const char* host,
59                               bool ignore_bad_cert);
60  bool SSLPostConnectionCheck(SSL* ssl, const char* host);
61#if _DEBUG
62  static void SSLInfoCallback(const SSL* s, int where, int ret);
63#endif  // !_DEBUG
64  static int SSLVerifyCallback(int ok, X509_STORE_CTX* store);
65  static VerificationCallback custom_verify_callback_;
66  friend class OpenSSLStreamAdapter;  // for custom_verify_callback_;
67
68  static bool ConfigureTrustedRootCertificates(SSL_CTX* ctx);
69  static SSL_CTX* SetupSSLContext();
70
71  SSLState state_;
72  bool ssl_read_needs_write_;
73  bool ssl_write_needs_read_;
74  // If true, socket will retain SSL configuration after Close.
75  bool restartable_;
76
77  SSL* ssl_;
78  SSL_CTX* ssl_ctx_;
79  std::string ssl_host_name_;
80
81  bool custom_verification_succeeded_;
82};
83
84/////////////////////////////////////////////////////////////////////////////
85
86} // namespace rtc
87
88#endif // WEBRTC_BASE_OPENSSLADAPTER_H__
89