src/corosio/src/tls/detail/context_impl.hpp
0.0% Lines (0/6)
0.0% Functions (0/1)
src/corosio/src/tls/detail/context_impl.hpp
| Line | Hits | Source Code |
|---|---|---|
| 1 | // | |
| 2 | // Copyright (c) 2025 Vinnie Falco (vinnie.falco@gmail.com) | |
| 3 | // | |
| 4 | // Distributed under the Boost Software License, Version 1.0. (See accompanying | |
| 5 | // file LICENSE_1_0.txt or copy at http://www.boost.org/LICENSE_1_0.txt) | |
| 6 | // | |
| 7 | // Official repository: https://github.com/cppalliance/corosio | |
| 8 | // | |
| 9 | ||
| 10 | #ifndef SRC_TLS_DETAIL_CONTEXT_IMPL_HPP | |
| 11 | #define SRC_TLS_DETAIL_CONTEXT_IMPL_HPP | |
| 12 | ||
| 13 | #include <boost/corosio/tls_context.hpp> | |
| 14 | ||
| 15 | #include <functional> | |
| 16 | #include <mutex> | |
| 17 | #include <string> | |
| 18 | #include <vector> | |
| 19 | ||
| 20 | namespace boost::corosio { | |
| 21 | ||
| 22 | namespace detail { | |
| 23 | ||
| 24 | /** Abstract base for cached native SSL contexts. | |
| 25 | ||
| 26 | Stored in context::impl as an intrusive linked list. | |
| 27 | Each TLS backend derives from this to cache its native | |
| 28 | context handle ( WOLFSSL_CTX*, SSL_CTX*, etc. ). | |
| 29 | */ | |
| 30 | class native_context_base | |
| 31 | { | |
| 32 | public: | |
| 33 | native_context_base* next_ = nullptr; | |
| 34 | void const* service_ = nullptr; | |
| 35 | ||
| 36 | virtual ~native_context_base() = default; | |
| 37 | }; | |
| 38 | ||
| 39 | struct tls_context_data | |
| 40 | { | |
| 41 | // Credentials | |
| 42 | ||
| 43 | std::string entity_certificate; | |
| 44 | tls_file_format entity_cert_format = tls_file_format::pem; | |
| 45 | std::string certificate_chain; | |
| 46 | std::string private_key; | |
| 47 | tls_file_format private_key_format = tls_file_format::pem; | |
| 48 | ||
| 49 | // Trust anchors | |
| 50 | ||
| 51 | std::vector<std::string> ca_certificates; | |
| 52 | std::vector<std::string> verify_paths; | |
| 53 | bool use_default_verify_paths = false; | |
| 54 | ||
| 55 | // Protocol settings | |
| 56 | ||
| 57 | tls_version min_version = tls_version::tls_1_2; | |
| 58 | tls_version max_version = tls_version::tls_1_3; | |
| 59 | std::string ciphersuites; | |
| 60 | std::vector<std::string> alpn_protocols; | |
| 61 | ||
| 62 | // Verification | |
| 63 | ||
| 64 | tls_verify_mode verification_mode = tls_verify_mode::none; | |
| 65 | int verify_depth = 100; | |
| 66 | std::string hostname; | |
| 67 | std::function<bool(bool, void*)> verify_callback; | |
| 68 | ||
| 69 | // SNI (Server Name Indication) | |
| 70 | ||
| 71 | std::function<bool(std::string_view)> servername_callback; | |
| 72 | ||
| 73 | // Revocation | |
| 74 | ||
| 75 | std::vector<std::string> crls; | |
| 76 | std::string ocsp_staple; | |
| 77 | bool require_ocsp_staple = false; | |
| 78 | tls_revocation_policy revocation = tls_revocation_policy::disabled; | |
| 79 | ||
| 80 | // Password | |
| 81 | ||
| 82 | std::function<std::string(std::size_t, tls_password_purpose)> | |
| 83 | password_callback; | |
| 84 | ||
| 85 | // Cached native contexts (intrusive list) | |
| 86 | ||
| 87 | mutable std::mutex native_contexts_mutex_; | |
| 88 | mutable native_context_base* native_contexts_ = nullptr; | |
| 89 | ||
| 90 | /** Find or insert a cached native context. | |
| 91 | ||
| 92 | @param service The unique key for the backend. | |
| 93 | @param create Factory function called if not found. | |
| 94 | ||
| 95 | @return Pointer to the cached native context. | |
| 96 | */ | |
| 97 | template<typename Factory> | |
| 98 | native_context_base* find(void const* service, Factory&& create) const | |
| 99 | { | |
| 100 | std::lock_guard<std::mutex> lock(native_contexts_mutex_); | |
| 101 | ||
| 102 | for (auto* p = native_contexts_; p; p = p->next_) | |
| 103 | if (p->service_ == service) | |
| 104 | return p; | |
| 105 | ||
| 106 | // Not found - create and prepend | |
| 107 | auto* ctx = create(); | |
| 108 | ctx->service_ = service; | |
| 109 | ctx->next_ = native_contexts_; | |
| 110 | native_contexts_ = ctx; | |
| 111 | return ctx; | |
| 112 | } | |
| 113 | ||
| 114 | ✗ | ~tls_context_data() |
| 115 | { | |
| 116 | // Clean up cached native contexts (no lock needed - destructor) | |
| 117 | ✗ | while (native_contexts_) |
| 118 | { | |
| 119 | ✗ | auto* next = native_contexts_->next_; |
| 120 | ✗ | delete native_contexts_; |
| 121 | ✗ | native_contexts_ = next; |
| 122 | } | |
| 123 | ✗ | } |
| 124 | }; | |
| 125 | ||
| 126 | } // namespace detail | |
| 127 | ||
| 128 | ||
| 129 | /** Implementation of tls_context. | |
| 130 | ||
| 131 | Contains all portable TLS configuration data plus | |
| 132 | cached native SSL contexts as an intrusive list. | |
| 133 | */ | |
| 134 | struct tls_context::impl : detail::tls_context_data | |
| 135 | {}; | |
| 136 | ||
| 137 | ||
| 138 | namespace detail { | |
| 139 | ||
| 140 | /** Return the TLS context data. | |
| 141 | ||
| 142 | Provides read-only access to the portable configuration | |
| 143 | stored in the context. | |
| 144 | ||
| 145 | @param ctx The TLS context. | |
| 146 | ||
| 147 | @return Reference to the context implementation. | |
| 148 | */ | |
| 149 | inline tls_context_data const& | |
| 150 | get_tls_context_data(tls_context const& ctx) noexcept | |
| 151 | { | |
| 152 | return *ctx.impl_; | |
| 153 | } | |
| 154 | ||
| 155 | } // namespace detail | |
| 156 | ||
| 157 | } // namespace boost::corosio | |
| 158 | ||
| 159 | #endif | |
| 160 |