Main Page   Namespace List   Class Hierarchy   Alphabetical List   Compound List   File List   Compound Members   File Members   Related Pages  

SslCtx Class Reference

SslCtx is a wrapper around the SSL_CTX structure from the OpenSSL library. More...

#include <SslCtx.h>

List of all members.

Public Methods

 SslCtx ()
 ~SslCtx ()
SSL_CTX * getSslCtx ()
long setOptions (long)
 A wrapper around SSL_CTX_set_options(). More...

long getOptions ()
 A wrapper around SSL_CTX_get_options(). More...

void setPrivateKeyPassword (string password)
 You must set this prior to calling setPrivateKeyFile(). More...

bool setCertificateFile (string certificateFile)
 Set the file which contains all of your certificates. More...

bool setPrivateKeyFile (string privateKeyFile)
 Set the file which contains your private key. More...

bool setPrivateKeyFile (string privateKeyFile, string privateKeyPassword)
 Set the file which contains your private key and the password for that file. More...

bool setCertificateAuthorityFile (string caFile, string caPath)

Private Methods

long setDefaultOptions ()
 Set default options used by this application. More...


Static Private Methods

int verify_callback (int ok, X509_STORE_CTX *ctx)
int getPrivateKeyPasswordCallback (char *buf, int len, int rwflag, void *user_data)

Private Attributes

SSL_CTX * m_sslCtx
 The OpenSSL object which contains the SSL context for a connection. More...

std::string m_privateKeyPassword
 password to open the private key file. More...


Detailed Description

SslCtx is a wrapper around the SSL_CTX structure from the OpenSSL library.

==========
  SslCtx
==========

    SslCtx stands for "SSL Context".  It maintains global state information about all
    SSL connections that the application creates.

=====
Usage
=====
    If BOTH setPrivateKeyFile() and setCertificateFile() are NOT called,
    SSL will not send any certificates upon connection.

    SSL checks if the remote host's certificates are signed with one of 
    the CA certificates provided via setCertificateAuthorityFile().
    If the check fails, establishing a connection fails. 

    If setCertificateAuthorityFile() is NOT called, SSL doesn't verify 
    the certificates from the remote host.

========
Examples
========

    // create a context for a server
    SslCtx server_ctx;
    
    //   Fetch a private and public key pair from "./priv.pem" with a key "testkey".
    server_ctx.setPrivateKeyFile("./priv.pem", "testkey");

    //   Fetch certificates from "./cert.pem".
    //   Send these certificates to the client.
    server_ctx.setCertificateFile("./cert.pem");

    // No call to setCertificateAuthorityFile(), therefore we will not
    //   verify the client's certificates.


    // Create a context for a client
    SslCtx client_ctx;
    // No call to setPrivateKeyFile() and no call to setCertificateFile(), therefore
    //   we will not send any certificates to the server.

    //   verify server's certificates with CA certificates in "./cacert.pem".
    client_ctx.setCertificateAuthorityFile("./cert.pem", "");


    // Create a context for a client
    SslCtx client_ctx;

    // No call to setPrivateKey(), setCertificateFile(), and setCertificateAuthorityFile(), 
    // therefore we will not send any certificates to the server, and
    // we will not verify the server's certificates.

    

Definition at line 13 of file SslCtx.h.


Constructor & Destructor Documentation

SslCtx::SslCtx
 

Initialize SSL context.

Definition at line 68 of file SslCtx.cpp.

SslCtx::~SslCtx
 

Definition at line 82 of file SslCtx.cpp.


Member Function Documentation

long SslCtx::getOptions
 

A wrapper around SSL_CTX_get_options().

Definition at line 235 of file SslCtx.cpp.

Referenced by setDefaultOptions().

int SslCtx::getPrivateKeyPasswordCallback char * buf,
int size,
int rwflag,
void * user_data
[static, private]
 

Definition at line 160 of file SslCtx.cpp.

SSL_CTX * SslCtx::getSslCtx
 

Definition at line 91 of file SslCtx.cpp.

Referenced by Ssl::open().

bool SslCtx::setCertificateAuthorityFile string caFile,
string caPath
 

Set the file which contains Certificate Authority Certficates.

caFile must point to a file of CA certificates in PEM format. The file can contain several CA certificates identified by -----BEGIN CERTIFICATE----- ... (CA certificate in base64 encoding) ... -----END CERTIFICATE----- sequences.

caPath is also used for providing CA certificates, but it is hardly used. If you don't want to use ca_path, set ca_path to "". caPath is described in SSL_CTX_load_verify_locations() manpage.

Definition at line 332 of file SslCtx.cpp.

bool SslCtx::setCertificateFile string certificateFile
 

Set the file which contains all of your certificates.

The file must be in PEM format.

Parameters:
certificateFile   File name.
Todo:
Use SSL_CTX_use_certificate_chain_file instead.

Definition at line 265 of file SslCtx.cpp.

long SslCtx::setDefaultOptions [private]
 

Set default options used by this application.

Returns:
The option bitmask.

Definition at line 207 of file SslCtx.cpp.

Referenced by SslCtx().

long SslCtx::setOptions long options
 

A wrapper around SSL_CTX_set_options().

Definition at line 226 of file SslCtx.cpp.

Referenced by setDefaultOptions().

bool SslCtx::setPrivateKeyFile string privateKeyFile,
string privateKeyPassword
 

Set the file which contains your private key and the password for that file.

Definition at line 311 of file SslCtx.cpp.

bool SslCtx::setPrivateKeyFile string privateKeyFile
 

Set the file which contains your private key.

The file must be in PEM format. If the file is password-protected, you must call setPrivateKeyPassword() first.

Definition at line 287 of file SslCtx.cpp.

Referenced by setPrivateKeyFile().

void SslCtx::setPrivateKeyPassword string password
 

You must set this prior to calling setPrivateKeyFile().

Definition at line 244 of file SslCtx.cpp.

Referenced by setPrivateKeyFile().

int SslCtx::verify_callback int ok,
X509_STORE_CTX * ctx
[static, private]
 

Definition at line 98 of file SslCtx.cpp.


Member Data Documentation

std::string SslCtx::m_privateKeyPassword [private]
 

password to open the private key file.

Definition at line 41 of file SslCtx.h.

SSL_CTX* SslCtx::m_sslCtx [private]
 

The OpenSSL object which contains the SSL context for a connection.

Definition at line 38 of file SslCtx.h.


The documentation for this class was generated from the following files:
Generated at Thu Jul 11 13:31:59 2002 for Peekabooty by doxygen1.2.9 written by Dimitri van Heesch, © 1997-2001