UtilitySSL.h
Go to the documentation of this file.
1 /* Licensed to the Apache Software Foundation (ASF) under one or more
2  * contributor license agreements. See the NOTICE file distributed with
3  * this work for additional information regarding copyright ownership.
4  * The ASF licenses this file to You under the Apache License, Version 2.0
5  * (the "License"); you may not use this file except in compliance with
6  * the License. You may obtain a copy of the License at
7  *
8  * http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 /* ====================================================================
18  * Copyright (c) 1998-2006 Ralf S. Engelschall. All rights reserved.
19  *
20  * Redistribution and use in source and binary forms, with or without
21  * modification, are permitted provided that the following conditions
22  * are met:
23  *
24  * 1. Redistributions of source code must retain the above copyright
25  * notice, this list of conditions and the following disclaimer.
26  *
27  * 2. Redistributions in binary form must reproduce the above copyright
28  * notice, this list of conditions and the following
29  * disclaimer in the documentation and/or other materials
30  * provided with the distribution.
31  *
32  * 3. All advertising materials mentioning features or use of this
33  * software must display the following acknowledgment:
34  * "This product includes software developed by
35  * Ralf S. Engelschall <rse@engelschall.com> for use in the
36  * mod_ssl project (http://www.modssl.org/)."
37  *
38  * 4. The names "mod_ssl" must not be used to endorse or promote
39  * products derived from this software without prior written
40  * permission. For written permission, please contact
41  * rse@engelschall.com.
42  *
43  * 5. Products derived from this software may not be called "mod_ssl"
44  * nor may "mod_ssl" appear in their names without prior
45  * written permission of Ralf S. Engelschall.
46  *
47  * 6. Redistributions of any form whatsoever must retain the following
48  * acknowledgment:
49  * "This product includes software developed by
50  * Ralf S. Engelschall <rse@engelschall.com> for use in the
51  * mod_ssl project (http://www.modssl.org/)."
52  *
53  * THIS SOFTWARE IS PROVIDED BY RALF S. ENGELSCHALL ``AS IS'' AND ANY
54  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
55  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
56  * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL RALF S. ENGELSCHALL OR
57  * HIS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
58  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
59  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
60  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
61  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
62  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
63  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
64  * OF THE POSSIBILITY OF SUCH DAMAGE.
65  * ====================================================================
66  */
67 
68 /* ====================================================================
69  * Copyright (c) 1995-1999 Ben Laurie. All rights reserved.
70  *
71  * Redistribution and use in source and binary forms, with or without
72  * modification, are permitted provided that the following conditions
73  * are met:
74  *
75  * 1. Redistributions of source code must retain the above copyright
76  * notice, this list of conditions and the following disclaimer.
77  *
78  * 2. Redistributions in binary form must reproduce the above copyright
79  * notice, this list of conditions and the following disclaimer in
80  * the documentation and/or other materials provided with the
81  * distribution.
82  *
83  * 3. All advertising materials mentioning features or use of this
84  * software must display the following acknowledgment:
85  * "This product includes software developed by Ben Laurie
86  * for use in the Apache-SSL HTTP server project."
87  *
88  * 4. The name "Apache-SSL Server" must not be used to
89  * endorse or promote products derived from this software without
90  * prior written permission.
91  *
92  * 5. Redistributions of any form whatsoever must retain the following
93  * acknowledgment:
94  * "This product includes software developed by Ben Laurie
95  * for use in the Apache-SSL HTTP server project."
96  *
97  * THIS SOFTWARE IS PROVIDED BY BEN LAURIE ``AS IS'' AND ANY
98  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
99  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
100  * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL BEN LAURIE OR
101  * HIS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
102  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
103  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
104  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
105  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
106  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
107  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
108  * OF THE POSSIBILITY OF SUCH DAMAGE.
109  * ====================================================================
110  */
111 
112 #ifndef FIX_UTILITY_SSL_H
113 #define FIX_UTILITY_SSL_H
114 
115 #if (HAVE_SSL > 0)
116 
117 #include "Log.h"
118 #include "SessionSettings.h"
119 #include "Utility.h"
120 
121 #ifndef _MSC_VER
122 #include <dirent.h>
123 #else
124 #ifndef HAVE_ACE_DIRENT
125 #include "dirent_windows.h"
126 #else
127 #include "ace/OS_NS_dirent.h"
128 #endif
129 #endif
130 
131 #include "openssl/err.h"
132 #include "openssl/ssl.h" // SSL and SSL_CTX for SSL connections
133 
134 namespace FIX
135 {
136 
137 #if defined(_MSC_VER)
138 
139 #define snprintf _snprintf
140 
141 static const char *WSAErrString(int code)
142 /********************************************************************************
143 * Translate WSA error code to message string (abreviated)
144 * Returns: pointer to static string.
145 */
146 {
147 #define expand(x) \
148  { \
149  x, #x \
150  }
151  static struct
152  {
153  int code;
154  const char *s;
155  } tab[] = {expand(WSAEINTR), expand(WSAEBADF),
156  expand(WSAEACCES), expand(WSAEFAULT),
157  expand(WSAEINVAL), expand(WSAEMFILE),
158  expand(WSAEWOULDBLOCK), expand(WSAEINPROGRESS),
159  expand(WSAEALREADY), expand(WSAENOTSOCK),
160  expand(WSAEDESTADDRREQ), expand(WSAEMSGSIZE),
161  expand(WSAEPROTOTYPE), expand(WSAENOPROTOOPT),
162  expand(WSAEPROTONOSUPPORT), expand(WSAESOCKTNOSUPPORT),
163  expand(WSAEOPNOTSUPP), expand(WSAEPFNOSUPPORT),
164  expand(WSAEAFNOSUPPORT), expand(WSAEADDRINUSE),
165  expand(WSAEADDRNOTAVAIL), expand(WSAENETDOWN),
166  expand(WSAENETUNREACH), expand(WSAENETRESET),
167  expand(WSAECONNABORTED), expand(WSAECONNRESET),
168  expand(WSAENOBUFS), expand(WSAEISCONN),
169  expand(WSAENOTCONN), expand(WSAESHUTDOWN),
170  expand(WSAETOOMANYREFS), expand(WSAETIMEDOUT),
171  expand(WSAECONNREFUSED), expand(WSAELOOP),
172  expand(WSAENAMETOOLONG), expand(WSAEHOSTDOWN),
173  expand(WSAEHOSTUNREACH), expand(WSAENOTEMPTY),
174  expand(WSAEPROCLIM), expand(WSAEUSERS),
175  expand(WSAEDQUOT), expand(WSAESTALE),
176  expand(WSAEREMOTE), {-1, ""}};
177  int i;
178 
179  for (i = 0; tab[i].code > 0; i++)
180  if (code == tab[i].code)
181  return tab[i].s;
182 
183  return "Unknown error code";
184 }
185 
186 #define SLASH "\\"
187 #define SUFFIX "*"
188 
189 #else
190 
191 #define SLASH "/"
192 
193 #endif
194 
195 // Callback functions
196 extern "C" {
197 typedef int (*passPhraseHandleCallbackType)(char *, int, int, void *);
198 
199 int caListX509NameCmp(const X509_NAME *const *a, const X509_NAME *const *b);
200 STACK_OF(X509_NAME) * findCAList(const char *cpCAfile, const char *cpCApath);
201 int lookupX509Store(X509_STORE *pStore, int nType, X509_NAME *pName,
202  X509_OBJECT *pObj);
203 int callbackVerify(int ok, X509_STORE_CTX *ctx);
204 int callbackVerifyCRL(int ok, X509_STORE_CTX *ctx, X509_STORE *revStore);
205 X509_STORE *createX509Store(const char *cpFile, const char *cpPath);
206 X509 *readX509(FILE *fp, X509 **x509, passPhraseHandleCallbackType cb);
207 EVP_PKEY *readPrivateKey(FILE *fp, EVP_PKEY **key,
208  passPhraseHandleCallbackType cb);
209 
210 char *strCat(const char *a, ...);
211 }
212 
213 int setSocketNonBlocking(int pSocket);
214 
215 // define certificate algorithm type
216 #define SSL_ALGO_UNKNOWN 0
217 #define SSL_ALGO_RSA 1
218 #define SSL_ALGO_DSA 2
219 #define SSL_ALGO_ALL (SSL_ALGO_RSA | SSL_ALGO_DSA)
220 
221 /*
222  * Define the SSL Protocol options
223  */
224 #define SSL_PROTOCOL_NONE (0)
225 #define SSL_PROTOCOL_SSLV2 (1 << 0)
226 #define SSL_PROTOCOL_SSLV3 (1 << 1)
227 #define SSL_PROTOCOL_TLSV1 (1 << 2)
228 #define SSL_PROTOCOL_TLSV1_1 (1 << 3)
229 #define SSL_PROTOCOL_TLSV1_2 (1 << 4)
230 #define SSL_PROTOCOL_ALL \
231  (SSL_PROTOCOL_SSLV2 | SSL_PROTOCOL_SSLV3 | SSL_PROTOCOL_TLSV1 | \
232  SSL_PROTOCOL_TLSV1_1 | SSL_PROTOCOL_TLSV1_2)
233 
234 typedef enum {
235  SSL_CLIENT_VERIFY_NONE = 0,
236  SSL_CLIENT_VERIFY_REQUIRE = 1,
237  SSL_CLIENT_VERIFY_OPTIONAL = 2,
238  SSL_CLIENT_VERIFY_NOTSET = 3
239 } SSLVerifyClient;
240 
241 // Should always call ssl_init/ssl_term.
242 
243 void ssl_init();
244 
245 void ssl_term();
246 
247 void ssl_socket_close(int socket, SSL *ssl);
248 
249 const char *socket_error(char *tempbuf, int buflen);
250 
251 int typeofSSLAlgo(X509 *pCert, EVP_PKEY *pKey);
252 
253 long protocolOptions(const char *opt);
254 
255 void setCtxOptions(SSL_CTX *ctx, long options);
256 
257 int enable_DH_ECDH(SSL_CTX *ctx, const char *certFile);
258 
259 SSL_CTX *createSSLContext(bool server, const SessionSettings &settings,
260  std::string &errStr);
261 
262 bool loadSSLCert(SSL_CTX *ctx, bool server, const SessionSettings &settings,
263  Log *log, passPhraseHandleCallbackType cb,
264  std::string &errStr);
265 
266 bool loadCAInfo(SSL_CTX *ctx, bool server, const SessionSettings &settings,
267  Log *log, std::string &errStr, int &verifyLevel);
268 
269 X509_STORE *loadCRLInfo(SSL_CTX *ctx, const SessionSettings &settings, Log *log,
270  std::string &errStr);
271 
272 int acceptSSLConnection(int socket, SSL * ssl, Log * log, int verify);
273 }
274 
275 #endif
276 
277 #endif
SessionSettings.h
FIX
Definition: Acceptor.cpp:34
dirent_windows.h
Utility.h
Log.h

Generated on Wed Apr 29 2020 19:41:30 for QuickFIX by doxygen 1.8.17 written by Dimitri van Heesch, © 1997-2001