Apache Mesos
openssl.hpp
Go to the documentation of this file.
1 // Licensed under the Apache License, Version 2.0 (the "License");
2 // you may not use this file except in compliance with the License.
3 // You may obtain a copy of the License at
4 //
5 // http://www.apache.org/licenses/LICENSE-2.0
6 //
7 // Unless required by applicable law or agreed to in writing, software
8 // distributed under the License is distributed on an "AS IS" BASIS,
9 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
10 // See the License for the specific language governing permissions and
11 // limitations under the License
12 
13 #ifndef __OPENSSL_HPP__
14 #define __OPENSSL_HPP__
15 
16 #ifdef __WINDOWS__
17 // NOTE: This must be included before the OpenSSL headers as it includes
18 // `WinSock2.h` and `Windows.h` in the correct order.
19 #include <stout/windows.hpp>
20 #endif // __WINDOWS__
21 
22 #include <openssl/ssl.h>
23 
24 #include <string>
25 
26 #include <stout/ip.hpp>
27 #include <stout/nothing.hpp>
28 #include <stout/option.hpp>
29 #include <stout/try.hpp>
30 
31 namespace process {
32 namespace network {
33 namespace openssl {
34 
35 // Initializes the _global_ OpenSSL context (SSL_CTX) as well as the
36 // crypto library in order to support multi-threading. The global
37 // context gets initialized using the environment variables:
38 //
39 // LIBPROCESS_SSL_ENABLED=(false|0,true|1)
40 // LIBPROCESS_SSL_SUPPORT_DOWNGRADE=(false|0,true|1)
41 // LIBPROCESS_SSL_CERT_FILE=(path to certificate)
42 // LIBPROCESS_SSL_KEY_FILE=(path to key)
43 // LIBPROCESS_SSL_VERIFY_CERT=(false|0,true|1)
44 // LIBPROCESS_SSL_REQUIRE_CERT=(false|0,true|1)
45 // LIBPROCESS_SSL_VERIFY_IPADD=(false|0,true|1)
46 // LIBPROCESS_SSL_VERIFY_DEPTH=(4)
47 // LIBPROCESS_SSL_CA_DIR=(path to CA directory)
48 // LIBPROCESS_SSL_CA_FILE=(path to CA file)
49 // LIBPROCESS_SSL_CIPHERS=(accepted ciphers separated by ':')
50 // LIBPROCESS_SSL_ENABLE_SSL_V3=(false|0,true|1)
51 // LIBPROCESS_SSL_ENABLE_TLS_V1_0=(false|0,true|1)
52 // LIBPROCESS_SSL_ENABLE_TLS_V1_1=(false|0,true|1)
53 // LIBPROCESS_SSL_ENABLE_TLS_V1_2=(false|0,true|1)
54 // LIBPROCESS_SSL_ECDH_CURVES=(auto|list of curves separated by ':')
55 //
56 // TODO(benh): When/If we need to support multiple contexts in the
57 // same process, for example for Server Name Indication (SNI), then
58 // we'll add other functions for initializing an SSL_CTX based on
59 // these environment variables.
60 // TODO(nneilsen): Support certification revocation.
61 void initialize();
62 
63 // Returns the _global_ OpenSSL context.
64 SSL_CTX* context();
65 
66 // Verify that the hostname is properly associated with the peer
67 // certificate associated with the specified SSL connection.
69  const SSL* const ssl,
71  const Option<net::IP>& ip = None());
72 
73 } // namespace openssl {
74 } // namespace network {
75 } // namespace process {
76 
77 #endif // __OPENSSL_HPP__
Definition: check.hpp:33
Try< std::string > hostname()
Definition: net.hpp:154
Definition: none.hpp:27
Definition: executor.hpp:48
void initialize()
Definition: net.hpp:76
Try< Nothing > verify(const SSL *const ssl, const Option< std::string > &hostname=None(), const Option< net::IP > &ip=None())