![]() |
XRootD
|
Socket wrapper for TLS I/O. More...
#include <XrdTlsSocket.hh>
Public Types | |
enum | HS_Mode { TLS_HS_BLOCK = true , TLS_HS_NOBLK = false } |
enum | RW_Mode { TLS_RNB_WNB , TLS_RNB_WBL , TLS_RBL_WNB , TLS_RBL_WBL } |
enum | SDType { sdForce = 1 , sdImmed = 2 , sdWait = 3 } |
Public Member Functions | |
XrdTlsSocket () | |
XrdTlsSocket (XrdTlsContext &ctx, int sfd, RW_Mode rwm, HS_Mode hsm, bool isClient, bool serial=true) | |
~XrdTlsSocket () | |
Destructor. More... | |
XrdTls::RC | Accept (std::string *eMsg=0) |
XrdTls::RC | Connect (const char *thehost=0, std::string *eWhy=0) |
XrdTlsContext * | Context () |
XrdTlsPeerCerts * | getCerts (bool ver=true) |
const char * | Init (XrdTlsContext &ctx, int sfd, RW_Mode rwm, HS_Mode hsm, bool isClient, bool serial=true, const char *tid="") |
bool | NeedHandShake () |
XrdTls::RC | Peek (char *buffer, size_t size, int &bytesPeek) |
int | Pending (bool any=true) |
XrdTls::RC | Read (char *buffer, size_t size, int &bytesRead) |
Read from the TLS connection. If necessary, a handshake will be done. More... | |
void | SetTraceID (const char *tid) |
void | Shutdown (SDType=sdImmed) |
const char * | Version () |
XrdTls::RC | Write (const char *buffer, size_t size, int &bytesOut) |
Socket wrapper for TLS I/O.
Definition at line 39 of file XrdTlsSocket.hh.
Enumerator | |
---|---|
TLS_HS_BLOCK | Always block during handshake. |
TLS_HS_NOBLK | Do not block during handshake. |
Definition at line 51 of file XrdTlsSocket.hh.
Enumerator | |
---|---|
TLS_RNB_WNB | Non-blocking read non-blocking write. |
TLS_RNB_WBL | Non-blocking read blocking write. |
TLS_RBL_WNB | blocking read non-blocking write |
TLS_RBL_WBL | blocking read blocking write |
Definition at line 43 of file XrdTlsSocket.hh.
enum XrdTlsSocket::SDType |
Tear down a TLS connection
One | of the following enums: sdForce - Forced shutdown (violates TLS standard). sdImmed - Immediate shutdown (don't wait for ack); the default. sdWait - Wait for peer acknowledgement (may be slow). |
Enumerator | |
---|---|
sdForce | |
sdImmed | |
sdWait |
Definition at line 225 of file XrdTlsSocket.hh.
XrdTlsSocket::XrdTlsSocket | ( | XrdTlsContext & | ctx, |
int | sfd, | ||
XrdTlsSocket::RW_Mode | rwm, | ||
XrdTlsSocket::HS_Mode | hsm, | ||
bool | isClient, | ||
bool | serial = true |
||
) |
Constructor - creates specified mode TLS I/O wrapper for given socket file descriptor. Note this constructor throws an exception should any error be encountered. Use the parameterless constructor if you wish to avoid handling exceptions. When an exception is thrown, you should print all associated errors by calling GetErrs() or PrintErrs().
ctx | - the context for the connection. Be aware that a context can be associated wity multiple connections. |
sfd | - the file descriptor associated with the connection. |
rwm | - One of the above enums describing how connection I/O should be handled. |
hsm | - One of the above enums describing how handshakes during read/write calls should be handled. |
isClient | - When true initialize for client use. Otherwise, initialize for server use. |
serial | - When true, only allows one thread to use the socket at a time to prevent SSL errors (default). When false does not add this protection, assuming caller does so. |
Definition at line 134 of file XrdTlsSocket.cc.
XrdTlsSocket::XrdTlsSocket | ( | ) |
Constructor - reserves space for a TLS I/O wrapper. Use the Init() method to fully initialize this object.
Definition at line 125 of file XrdTlsSocket.cc.
XrdTlsSocket::~XrdTlsSocket | ( | ) |
Destructor.
Definition at line 151 of file XrdTlsSocket.cc.
References sdForce, Shutdown(), and XrdTlsSocketImpl::ssl.
XrdTls::RC XrdTlsSocket::Accept | ( | std::string * | eMsg = 0 | ) |
Accept an incoming TLS connection
eMsg | - If not nil, receives the associated error message. |
Definition at line 161 of file XrdTlsSocket.cc.
References XrdTlsSocketImpl::cAttr, XrdTlsSocketImpl::cOpts, DBG_SOK, XrdTls::dbgSOK, EPNAME, fcntl(), XrdTlsSocketImpl::hsNoBlock, XrdTlsSocketImpl::sFD, Shutdown(), XrdTlsSocketImpl::ssl, XrdTls::ssl2RC(), XrdTls::TLS_AOK, XrdTls::TLS_CRT_Missing, XrdTls::TLS_CTX_Missing, XrdTls::TLS_SYS_Error, XrdTls::TLS_VER_Error, and XrdSysE2T().
Referenced by XrdLinkXeq::setTLS().
XrdTls::RC XrdTlsSocket::Connect | ( | const char * | thehost = 0 , |
std::string * | eWhy = 0 |
||
) |
Establish a TLS connection
thehost | - The expected hostname. If nil the peername is not verified. |
eWhy | - If not nil, receives the associated error message. |
Definition at line 258 of file XrdTlsSocket.cc.
References XrdTlsSocketImpl::cOpts, DBG_SOK, XrdTls::dbgSOK, EPNAME, XrdTlsSocketImpl::hsDone, XrdTlsSocketImpl::hsNoBlock, XrdTlsSocketImpl::ssl, XrdTls::ssl2RC(), XrdTls::TLS_AOK, XrdTls::TLS_HNV_Error, XrdTls::TLS_SYS_Error, XrdTlsNotary::Validate(), and XrdSysE2T().
XrdTlsContext * XrdTlsSocket::Context | ( | ) |
Obtain context associated with this connection.
Definition at line 336 of file XrdTlsSocket.cc.
References XrdTlsSocketImpl::tlsctx.
XrdTlsPeerCerts * XrdTlsSocket::getCerts | ( | bool | ver = true | ) |
Get peer certificates associated with the socket.
ver | - When true, only return verified certificates. |
Definition at line 402 of file XrdTlsSocket.cc.
References XrdTlsSocketImpl::isSerial, XrdSysMutexHelper::Lock(), XrdTlsSocketImpl::ssl, and XrdTlsSocketImpl::sslMutex.
Referenced by XrdLinkXeq::getPeerCerts().
const char * XrdTlsSocket::Init | ( | XrdTlsContext & | ctx, |
int | sfd, | ||
XrdTlsSocket::RW_Mode | rwm, | ||
XrdTlsSocket::HS_Mode | hsm, | ||
bool | isClient, | ||
bool | serial = true , |
||
const char * | tid = "" |
||
) |
Initialize this object to handle the specified TLS I/O mode for the given file descriptor. Should an error occur, messages are automatically routed to the context message callback before returning.
ctx | - the context for the connection. Be aware that a context can be associated wity multiple connections. |
sfd | - the file descriptor associated with the connection. |
rwm | - One of the above enums describing how connection I/O should be handled. |
hsm | - One of the above enums describing how handshakes during read/write calls should be handled. |
isClient | - When true initialize for client use. Otherwise, initialize for server use. |
serial | - When true, only allows one thread to use the socket at a time to prevent SSL errors (default). When false does not add this protection, assuming caller does so. |
tid | - Trace identifier to appear in messages. The value must have the same lifetime as this object. |
Definition at line 425 of file XrdTlsSocket.cc.
References XrdTlsSocketImpl::cAttr, XrdTlsSocketImpl::cOpts, XrdTlsContext::dnsok, XrdTlsSocketImpl::fatal, fcntl(), XrdTlsContext::GetParams(), XrdTlsSocketImpl::hsDone, XrdTlsSocketImpl::hsNoBlock, XrdTlsContext::hsto, XrdTlsSocketImpl::hsWait, if(), XrdTlsSocketImpl::isClient, XrdTlsSocketImpl::isSerial, XrdTlsContext::CTX_Params::opts, XrdTlsContext::Session(), XrdTlsSocketImpl::sFD, XrdTlsSocketImpl::ssl, TLS_RBL_WBL, TLS_RBL_WNB, TLS_RNB_WBL, TLS_RNB_WNB, XrdTlsSocketImpl::tlsctx, XrdTlsSocketImpl::traceID, and XrdTlsContext::x509Verify().
Referenced by XrdTlsSocket(), and XrdLinkXeq::setTLS().
bool XrdTlsSocket::NeedHandShake | ( | ) |
Definition at line 853 of file XrdTlsSocket.cc.
References XrdTlsSocketImpl::fatal, XrdTlsSocketImpl::hsDone, XrdTlsSocketImpl::isSerial, XrdSysMutexHelper::Lock(), XrdTlsSocketImpl::ssl, and XrdTlsSocketImpl::sslMutex.
XrdTls::RC XrdTlsSocket::Peek | ( | char * | buffer, |
size_t | size, | ||
int & | bytesPeek | ||
) |
Peek at the TLS connection data. If necessary, a handshake will be done.
buffer | - Pointer to buffer to hold the data. |
size | - The size of the buffer in bytes. |
bytesPeek | - Number of bytes placed in the buffer, if successful. |
Definition at line 542 of file XrdTlsSocket.cc.
References XrdTlsSocketImpl::cAttr, DBG_SIO, XrdTls::dbgSIO, EPNAME, XrdTlsSocketImpl::fatal, XrdTlsSocketImpl::hsDone, XrdTlsSocketImpl::hsNoBlock, XrdTlsSocketImpl::isSerial, XrdSysMutexHelper::Lock(), XrdTlsSocketImpl::ssl, XrdTls::ssl2RC(), XrdTlsSocketImpl::sslMutex, XrdTls::TLS_AOK, and XrdTls::TLS_SYS_Error.
Referenced by XrdLinkXeq::TLS_Peek().
int XrdTlsSocket::Pending | ( | bool | any = true | ) |
Check if data is pending or readable.
any | True to return in any data is in the queue. False to return the number of processed bytes. |
Definition at line 606 of file XrdTlsSocket.cc.
References XrdTlsSocketImpl::fatal, XrdTlsSocketImpl::isSerial, XrdSysMutexHelper::Lock(), XrdTlsSocketImpl::ssl, and XrdTlsSocketImpl::sslMutex.
Referenced by XrdLinkXeq::TLS_Recv(), and XrdLinkXeq::TLS_RecvAll().
XrdTls::RC XrdTlsSocket::Read | ( | char * | buffer, |
size_t | size, | ||
int & | bytesRead | ||
) |
Read from the TLS connection. If necessary, a handshake will be done.
buffer | - Pointer to buffer to hold the data. |
size | - The size of the buffer in bytes. |
bytesRead | - Number of bytes placed in the buffer, if successful. |
Definition at line 635 of file XrdTlsSocket.cc.
References XrdTlsSocketImpl::cAttr, DBG_SIO, XrdTls::dbgSIO, EPNAME, XrdTlsSocketImpl::fatal, XrdTlsSocketImpl::hsNoBlock, XrdTlsSocketImpl::isSerial, XrdSysMutexHelper::Lock(), XrdTlsSocketImpl::ssl, XrdTls::ssl2RC(), XrdTlsSocketImpl::sslMutex, XrdTls::TLS_AOK, and XrdTls::TLS_SYS_Error.
Referenced by XrdLinkXeq::TLS_Recv().
void XrdTlsSocket::SetTraceID | ( | const char * | tid | ) |
Set the trace identifier (used when it's updated).
tid | - Pointer to trace identifier. |
Definition at line 705 of file XrdTlsSocket.cc.
References XrdTlsSocketImpl::traceID.
Referenced by XrdLinkXeq::setID().
void XrdTlsSocket::Shutdown | ( | XrdTlsSocket::SDType | sdType = sdImmed | ) |
Definition at line 714 of file XrdTlsSocket.cc.
References DBG_SOK, XrdTls::Emsg(), eMsg, EPNAME, XrdTlsSocketImpl::fatal, XrdTlsSocketImpl::isSerial, XrdSysMutexHelper::Lock(), sdForce, sdWait, XrdTlsSocketImpl::sFD, XrdTlsSocketImpl::ssl, XrdTlsSocketImpl::sslMutex, and XrdTlsSocketImpl::traceID.
Referenced by ~XrdTlsSocket(), Accept(), XrdLinkXeq::Close(), and XrdLinkXeq::setTLS().
const char * XrdTlsSocket::Version | ( | ) |
Definition at line 892 of file XrdTlsSocket.cc.
References XrdTlsSocketImpl::ssl.
Referenced by XrdLinkXeq::verTLS().
XrdTls::RC XrdTlsSocket::Write | ( | const char * | buffer, |
size_t | size, | ||
int & | bytesOut | ||
) |
Write to the TLS connection. If necessary, a handshake will be done.
buffer | - Pointer to buffer holding the data. |
size | - The size of the data to write. |
bytesOut | - Number of bytes actually written, if successful. |
Definition at line 782 of file XrdTlsSocket.cc.
References XrdTlsSocketImpl::cAttr, DBG_SIO, XrdTls::dbgSIO, EPNAME, XrdTlsSocketImpl::fatal, XrdTlsSocketImpl::hsNoBlock, XrdTlsSocketImpl::isSerial, XrdSysMutexHelper::Lock(), XrdTlsSocketImpl::ssl, XrdTls::ssl2RC(), XrdTlsSocketImpl::sslMutex, XrdTls::TLS_AOK, and XrdTls::TLS_SYS_Error.
Referenced by XrdLinkXeq::TLS_Send(), and XrdLinkXeq::TLS_Write().