Line data Source code
1 : //
2 : // Copyright (c) 2025 Vinnie Falco (vinnie dot falco at gmail dot com)
3 : //
4 : // Distributed under the Boost Software License, Version 1.0. (See accompanying
5 : // file LICENSE_1_0.txt or copy at http://www.boost.org/LICENSE_1_0.txt)
6 : //
7 : // Official repository: https://github.com/cppalliance/corosio
8 : //
9 :
10 : #ifndef SRC_TLS_DETAIL_CONTEXT_IMPL_HPP
11 : #define SRC_TLS_DETAIL_CONTEXT_IMPL_HPP
12 :
13 : #include <boost/corosio/tls_context.hpp>
14 :
15 : #include <functional>
16 : #include <mutex>
17 : #include <string>
18 : #include <vector>
19 :
20 : namespace boost::corosio {
21 :
22 : namespace detail {
23 :
24 : /** Abstract base for cached native SSL contexts.
25 :
26 : Stored in context::impl as an intrusive linked list.
27 : Each TLS backend derives from this to cache its native
28 : context handle ( WOLFSSL_CTX*, SSL_CTX*, etc. ).
29 : */
30 : class native_context_base
31 : {
32 : public:
33 : native_context_base* next_ = nullptr;
34 : void const* service_ = nullptr;
35 :
36 : virtual ~native_context_base() = default;
37 : };
38 :
39 : struct tls_context_data
40 : {
41 : //--------------------------------------------
42 : // Credentials
43 :
44 : std::string entity_certificate;
45 : tls_file_format entity_cert_format = tls_file_format::pem;
46 : std::string certificate_chain;
47 : std::string private_key;
48 : tls_file_format private_key_format = tls_file_format::pem;
49 :
50 : //--------------------------------------------
51 : // Trust anchors
52 :
53 : std::vector<std::string> ca_certificates;
54 : std::vector<std::string> verify_paths;
55 : bool use_default_verify_paths = false;
56 :
57 : //--------------------------------------------
58 : // Protocol settings
59 :
60 : tls_version min_version = tls_version::tls_1_2;
61 : tls_version max_version = tls_version::tls_1_3;
62 : std::string ciphersuites;
63 : std::vector<std::string> alpn_protocols;
64 :
65 : //--------------------------------------------
66 : // Verification
67 :
68 : tls_verify_mode verification_mode = tls_verify_mode::none;
69 : int verify_depth = 100;
70 : std::string hostname;
71 : std::function<bool( bool, void* )> verify_callback;
72 :
73 : //--------------------------------------------
74 : // SNI (Server Name Indication)
75 :
76 : std::function<bool( std::string_view )> servername_callback;
77 :
78 : //--------------------------------------------
79 : // Revocation
80 :
81 : std::vector<std::string> crls;
82 : std::string ocsp_staple;
83 : bool require_ocsp_staple = false;
84 : tls_revocation_policy revocation = tls_revocation_policy::disabled;
85 :
86 : //--------------------------------------------
87 : // Password
88 :
89 : std::function<std::string( std::size_t, tls_password_purpose )> password_callback;
90 :
91 : //--------------------------------------------
92 : // Cached native contexts (intrusive list)
93 :
94 : mutable std::mutex native_contexts_mutex_;
95 : mutable native_context_base* native_contexts_ = nullptr;
96 :
97 : /** Find or insert a cached native context.
98 :
99 : @param service The unique key for the backend.
100 : @param create Factory function called if not found.
101 :
102 : @return Pointer to the cached native context.
103 : */
104 : template<typename Factory>
105 : native_context_base*
106 : find( void const* service, Factory&& create ) const
107 : {
108 : std::lock_guard<std::mutex> lock( native_contexts_mutex_ );
109 :
110 : for( auto* p = native_contexts_; p; p = p->next_ )
111 : if( p->service_ == service )
112 : return p;
113 :
114 : // Not found - create and prepend
115 : auto* ctx = create();
116 : ctx->service_ = service;
117 : ctx->next_ = native_contexts_;
118 : native_contexts_ = ctx;
119 : return ctx;
120 : }
121 :
122 0 : ~tls_context_data()
123 : {
124 : // Clean up cached native contexts (no lock needed - destructor)
125 0 : while( native_contexts_ )
126 : {
127 0 : auto* next = native_contexts_->next_;
128 0 : delete native_contexts_;
129 0 : native_contexts_ = next;
130 : }
131 0 : }
132 : };
133 :
134 : } // namespace detail
135 :
136 : //------------------------------------------------------------------------------
137 :
138 : /** Implementation of tls_context.
139 :
140 : Contains all portable TLS configuration data plus
141 : cached native SSL contexts as an intrusive list.
142 : */
143 : struct tls_context::impl : detail::tls_context_data
144 : {
145 : };
146 :
147 : //------------------------------------------------------------------------------
148 :
149 : namespace detail {
150 :
151 : /** Return the TLS context data.
152 :
153 : Provides read-only access to the portable configuration
154 : stored in the context.
155 :
156 : @param ctx The TLS context.
157 :
158 : @return Reference to the context implementation.
159 : */
160 : inline tls_context_data const&
161 : get_tls_context_data( tls_context const& ctx ) noexcept
162 : {
163 : return *ctx.impl_;
164 : }
165 :
166 : } // namespace detail
167 :
168 : } // namespace boost::corosio
169 :
170 : #endif
|
