return revoked;
}
+ /** Get certificate usability
+ * @return True if the certificate is not expired nor revoked
+ */
+ bool IsUsable()
+ {
+ return !invalid && !revoked && error.empty();
+ }
+
+ /** Get CA trust status
+ * @return True if the certificate is issued by a CA
+ * and valid.
+ */
bool IsCAVerified()
{
- return trusted && !invalid && !revoked && !unknownsigner && error.empty();
+ return IsUsable() && trusted && !unknownsigner;
}
std::string GetMetaLine()
*/
reference<ssl_cert> certificate;
+ /** Reduce elements in a send queue by appending later elements to the first element until there are no more
+ * elements to append or a desired length is reached
+ * @param sendq SendQ to work on
+ * @param targetsize Target size of the front element
+ */
+ static void FlattenSendQueue(StreamSocket::SendQueue& sendq, size_t targetsize)
+ {
+ if ((sendq.size() <= 1) || (sendq.front().length() >= targetsize))
+ return;
+
+ // Avoid multiple repeated SSL encryption invocations
+ // This adds a single copy of the queue, but avoids
+ // much more overhead in terms of system calls invoked
+ // by an IOHook.
+ std::string tmp;
+ tmp.reserve(std::min(targetsize, sendq.bytes())+1);
+ do
+ {
+ tmp.append(sendq.front());
+ sendq.pop_front();
+ }
+ while (!sendq.empty() && tmp.length() < targetsize);
+ sendq.push_front(tmp);
+ }
+
public:
+ static SSLIOHook* IsSSL(StreamSocket* sock)
+ {
+ IOHook* const iohook = sock->GetIOHook();
+ if ((iohook) && ((iohook->prov->type == IOHookProvider::IOH_SSL)))
+ return static_cast<SSLIOHook*>(iohook);
+ return NULL;
+ }
+
SSLIOHook(IOHookProvider* hookprov)
: IOHook(hookprov)
{
*/
ssl_cert* GetCertificate() const
{
- return certificate;
+ if (certificate && certificate->IsUsable())
+ return certificate;
+ return NULL;
}
/**
return cert->GetFingerprint();
return "";
}
+
+ /**
+ * Get the ciphersuite negotiated with the peer
+ * @param out String where the ciphersuite string will be appended to
+ */
+ virtual void GetCiphersuite(std::string& out) const = 0;
+
+
+ /** Retrieves the name of the SSL connection which is sent via SNI.
+ * @param out String that the server name will be appended to.
+ * returns True if the server name was retrieved; otherwise, false.
+ */
+ virtual bool GetServerName(std::string& out) const = 0;
};
/** Helper functions for obtaining SSL client certificates and key fingerprints
*/
static ssl_cert* GetCertificate(StreamSocket* sock)
{
- IOHook* iohook = sock->GetIOHook();
- if ((!iohook) || (iohook->prov->type != IOHookProvider::IOH_SSL))
+ SSLIOHook* ssliohook = SSLIOHook::IsSSL(sock);
+ if (!ssliohook)
return NULL;
- SSLIOHook* ssliohook = static_cast<SSLIOHook*>(iohook);
return ssliohook->GetCertificate();
}