diff options
Diffstat (limited to 'client/red_peer.h')
-rw-r--r-- | client/red_peer.h | 41 |
1 files changed, 37 insertions, 4 deletions
diff --git a/client/red_peer.h b/client/red_peer.h index 2a53eae8..8a4060df 100644 --- a/client/red_peer.h +++ b/client/red_peer.h @@ -37,6 +37,30 @@ public: class OutMessage; class DisconnectedException {}; + class HostAuthOptions { + public: + + enum Type { + HOST_AUTH_OP_PUBKEY = 1, + HOST_AUTH_OP_NAME = (1 << 1), + HOST_AUTH_OP_SUBJECT = (1 << 2), + }; + + typedef std::vector<uint8_t> PublicKey; + typedef std::pair<std::string, std::string> CertFieldValuePair; + typedef std::list<CertFieldValuePair> CertFieldValueList; + + HostAuthOptions() : type_flags(0) {} + + public: + + int type_flags; + + PublicKey host_pubkey; + CertFieldValueList host_subject; + std::string CA_file; + }; + class ConnectionOptions { public: @@ -47,10 +71,12 @@ public: CON_OP_BOTH, }; - ConnectionOptions(Type in_type, int in_port, int in_sport) + ConnectionOptions(Type in_type, int in_port, int in_sport, + const HostAuthOptions& in_host_auth) : type (in_type) , unsecure_port (in_port) , secure_port (in_sport) + , host_auth (in_host_auth) { } @@ -70,12 +96,10 @@ public: Type type; int unsecure_port; int secure_port; + HostAuthOptions host_auth; // for secure connection }; - void connect_unsecure(uint32_t ip, int port); void connect_unsecure(const char* host, int port); - - void connect_secure(const ConnectionOptions& options, uint32_t ip); void connect_secure(const ConnectionOptions& options, const char* host); void disconnect(); @@ -95,6 +119,15 @@ protected: virtual void on_event() {} virtual int get_socket() { return _peer;} + static bool x509_cert_host_name_compare(const char *cert_name, int cert_name_size, + const char *host_name); + + static bool verify_pubkey(X509* cert, const HostAuthOptions::PublicKey& key); + static bool verify_host_name(X509* cert, const char* host_name); + static bool verify_subject(X509* cert, const HostAuthOptions::CertFieldValueList& subject); + + static int ssl_verify_callback(int preverify_ok, X509_STORE_CTX *ctx); + private: void shutdown(); void cleanup(); |