const int STREAM_TRUNCATED = ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SHORT_READ);
#endif
+/// @brief The type of underlying TLS streams.
+typedef boost::asio::ssl::stream<boost::asio::ip::tcp::socket> TlsStreamImpl;
+
+/// @brief The type of X509 certificates.
+typedef ::X509 TlsCertificate;
+
+/// @brief OpenSSL TLS stream.
+///
+/// @param callback The callback.
+template <typename Callback>
+class TlsStream : public TlsStreamImpl {
+public:
+
+ /// @brief Constructor.
+ ///
+ /// @param service I/O Service object used to manage the stream.
+ /// @param context Pointer to the TLS context.
+ TlsStream(IOService& service, TlsContextPtr context)
+ : TlsStreamImpl(service.get_io_service(), context->getContext()),
+ role_(context->role_) {
+ }
+
+ /// @brief Destructor.
+ virtual ~TlsStream() { }
+
+ /// @brief Handshake.
+ ///
+ virtual void handshake(Callback& callback) {
+ using namespace boost::asio::ssl;
+ if (role_ == SERVER) {
+ async_handshake(stream_base::server, callback);
+ } else {
+ async_handshake(stream_base::client, callback);
+ }
+ }
+
+ /// @brief Clear the SSL object.
+ virtual void clear() {
+ static_cast<void>(::SSL_clear(this->native_handle()));
+ }
+
+ /// @brief Return the peer certificate.
+ ///
+ /// @note The native_handle() method is used so it can't be made const.
+ virtual TlsCertificate* getPeerCert() {
+ return (::SSL_get_peer_certificate(this->native_handle()));
+ }
+
+ /// @brief The role i.e. client or server.
+ TlsRole role_;
+};
+
} // namespace asiolink
} // namespace isc
projects / thirdparty / kea.git / commitdiff
