TLS properties: allows setting custom cipher suite for TLS/SSL connections.
This commit is contained in:
parent
7d7fb6daaf
commit
041344d02a
@ -222,10 +222,13 @@ libvmime_messaging_sources = [
|
||||
libvmime_net_tls_sources = [
|
||||
'net/tls/TLSSession.cpp', 'net/tls/TLSSession.hpp',
|
||||
'net/tls/TLSSocket.cpp', 'net/tls/TLSSocket.hpp',
|
||||
'net/tls/TLSProperties.cpp', 'net/tls/TLSProperties.hpp',
|
||||
'net/tls/gnutls/TLSSession_GnuTLS.cpp', 'net/tls/gnutls/TLSSession_GnuTLS.hpp',
|
||||
'net/tls/gnutls/TLSSocket_GnuTLS.cpp', 'net/tls/gnutls/TLSSocket_GnuTLS.hpp',
|
||||
'net/tls/gnutls/TLSProperties_GnuTLS.cpp', 'net/tls/gnutls/TLSProperties_GnuTLS.hpp',
|
||||
'net/tls/openssl/TLSSession_OpenSSL.cpp', 'net/tls/openssl/TLSSession_OpenSSL.hpp',
|
||||
'net/tls/openssl/TLSSocket_OpenSSL.cpp', 'net/tls/openssl/TLSSocket_OpenSSL.hpp',
|
||||
'net/tls/openssl/TLSProperties_OpenSSL.cpp', 'net/tls/openssl/TLSProperties_OpenSSL.hpp',
|
||||
'net/tls/openssl/OpenSSLInitializer.cpp', 'net/tls/openssl/OpenSSLInitializer.hpp',
|
||||
'net/tls/TLSSecuredConnectionInfos.cpp', 'net/tls/TLSSecuredConnectionInfos.hpp',
|
||||
'security/cert/certificateChain.cpp', 'security/cert/certificateChain.hpp',
|
||||
|
@ -1006,3 +1006,68 @@ Finally, to make the service use your own certificate verifier, simply write:
|
||||
theService->setCertificateVerifier(vmime::create <myCertVerifier>());
|
||||
\end{lstlisting}
|
||||
|
||||
\subsection{SSL/TLS Properties} % --------------------------------------------
|
||||
|
||||
If you want to customize behavior or set some options on TLS/SSL connection,
|
||||
you may use the TLSProperties object, and pass it to the service session. The
|
||||
TLS/SSL options must be set {\em before} creating any service with the session
|
||||
(ie. before calling either {\vcode getStore()} or {\vcode getTransport()} on
|
||||
the session), or they will not be used.
|
||||
|
||||
The following example shows how to set the cipher suite preferences for TLS:
|
||||
|
||||
\begin{lstlisting}[caption={Setting TLS cipher suite preferences}]
|
||||
vmime::ref <vmime::net::session> sess = /* ... */;
|
||||
|
||||
vmime::ref <vmime::net::tls::TLSProperties> tlsProps =
|
||||
vmime::create <vmime::net::tls::TLSProperties>();
|
||||
|
||||
// for OpenSSL
|
||||
tlsProps->setCipherString("HIGH:!ADH:@STRENGTH");
|
||||
|
||||
// for GNU TLS
|
||||
tlsProps->setCipherString("NORMAL:%SSL3_RECORD_VERSION");
|
||||
|
||||
sess->setTLSProperties(tlsProps);
|
||||
\end{lstlisting}
|
||||
|
||||
Please note that the cipher suite string format and meaning depend on the
|
||||
underlying TLS library (either OpenSSL or GNU TLS):
|
||||
|
||||
\begin{itemize}
|
||||
\item for GNU TLS, read this: \newline
|
||||
\url{http://gnutls.org/manual/html\_node/Priority-Strings.html}
|
||||
|
||||
\item for OpenSSL, read this: \newline
|
||||
\url{http://www.openssl.org/docs/apps/ciphers.html#CIPHER\_STRINGS}
|
||||
\end{itemize}
|
||||
|
||||
You may also set cipher suite preferences using predefined constants that
|
||||
map to generic security modes:
|
||||
|
||||
\begin{lstlisting}[caption={Setting TLS cipher suite preferences using predefined modes}]
|
||||
sess->setCipherSuite(vmime::net::tls::TLSProperties::CIPHERSUITE_HIGH);
|
||||
\end{lstlisting}
|
||||
|
||||
The following constants are available:
|
||||
|
||||
\noindent\begin{tabularx}{1.0\textwidth}{|l|X|}
|
||||
\hline
|
||||
{\bf Constant} &
|
||||
{\bf Meaning} \\
|
||||
\hline
|
||||
CIPHERSUITE\_HIGH &
|
||||
High encryption cipher suites ($>$ 128 bits) \\
|
||||
\hline
|
||||
CIPHERSUITE\_MEDIUM &
|
||||
Medium encryption cipher suites ($>=$ 128 bits) \\
|
||||
\hline
|
||||
CIPHERSUITE\_LOW &
|
||||
Low encryption cipher suites ($>=$ 64 bits) \\
|
||||
\hline
|
||||
CIPHERSUITE\_DEFAULT &
|
||||
Default cipher suite (actual cipher suites used depends
|
||||
on the underlying SSL/TLS library) \\
|
||||
\hline
|
||||
\end{tabularx}
|
||||
|
||||
|
@ -112,8 +112,9 @@ void IMAPConnection::connect()
|
||||
#if VMIME_HAVE_TLS_SUPPORT
|
||||
if (store->isIMAPS()) // dedicated port/IMAPS
|
||||
{
|
||||
ref <tls::TLSSession> tlsSession =
|
||||
tls::TLSSession::create(store->getCertificateVerifier());
|
||||
ref <tls::TLSSession> tlsSession = tls::TLSSession::create
|
||||
(store->getCertificateVerifier(),
|
||||
store->getSession()->getTLSProperties());
|
||||
|
||||
ref <tls::TLSSocket> tlsSocket =
|
||||
tlsSession->getSocket(m_socket);
|
||||
@ -474,8 +475,9 @@ void IMAPConnection::startTLS()
|
||||
("STARTTLS", resp->getErrorLog(), "bad response");
|
||||
}
|
||||
|
||||
ref <tls::TLSSession> tlsSession =
|
||||
tls::TLSSession::create(m_store.acquire()->getCertificateVerifier());
|
||||
ref <tls::TLSSession> tlsSession = tls::TLSSession::create
|
||||
(m_store.acquire()->getCertificateVerifier(),
|
||||
m_store.acquire()->getSession()->getTLSProperties());
|
||||
|
||||
ref <tls::TLSSocket> tlsSocket =
|
||||
tlsSession->getSocket(m_socket);
|
||||
|
@ -106,8 +106,9 @@ void POP3Connection::connect()
|
||||
#if VMIME_HAVE_TLS_SUPPORT
|
||||
if (store->isPOP3S()) // dedicated port/POP3S
|
||||
{
|
||||
ref <tls::TLSSession> tlsSession =
|
||||
tls::TLSSession::create(store->getCertificateVerifier());
|
||||
ref <tls::TLSSession> tlsSession = tls::TLSSession::create
|
||||
(store->getCertificateVerifier(),
|
||||
store->getSession()->getTLSProperties());
|
||||
|
||||
ref <tls::TLSSocket> tlsSocket =
|
||||
tlsSession->getSocket(m_socket);
|
||||
@ -544,8 +545,9 @@ void POP3Connection::startTLS()
|
||||
if (!response->isSuccess())
|
||||
throw exceptions::command_error("STLS", response->getFirstLine());
|
||||
|
||||
ref <tls::TLSSession> tlsSession =
|
||||
tls::TLSSession::create(m_store.acquire()->getCertificateVerifier());
|
||||
ref <tls::TLSSession> tlsSession = tls::TLSSession::create
|
||||
(m_store.acquire()->getCertificateVerifier(),
|
||||
m_store.acquire()->getSession()->getTLSProperties());
|
||||
|
||||
ref <tls::TLSSocket> tlsSocket =
|
||||
tlsSession->getSocket(m_socket);
|
||||
|
@ -39,18 +39,19 @@ namespace net {
|
||||
|
||||
|
||||
session::session()
|
||||
: m_tlsProps(vmime::create <tls::TLSProperties>())
|
||||
{
|
||||
}
|
||||
|
||||
|
||||
session::session(const session& sess)
|
||||
: object(), m_props(sess.m_props)
|
||||
: object(), m_props(sess.m_props), m_tlsProps(vmime::create <tls::TLSProperties>(*sess.m_tlsProps))
|
||||
{
|
||||
}
|
||||
|
||||
|
||||
session::session(const propertySet& props)
|
||||
: m_props(props)
|
||||
: m_props(props), m_tlsProps(vmime::create <tls::TLSProperties>())
|
||||
{
|
||||
}
|
||||
|
||||
@ -136,6 +137,18 @@ propertySet& session::getProperties()
|
||||
}
|
||||
|
||||
|
||||
void session::setTLSProperties(ref <tls::TLSProperties> tlsProps)
|
||||
{
|
||||
m_tlsProps = vmime::create <tls::TLSProperties>(*tlsProps);
|
||||
}
|
||||
|
||||
|
||||
ref <tls::TLSProperties> session::getTLSProperties() const
|
||||
{
|
||||
return m_tlsProps;
|
||||
}
|
||||
|
||||
|
||||
} // net
|
||||
} // vmime
|
||||
|
||||
|
@ -107,8 +107,9 @@ void SMTPConnection::connect()
|
||||
#if VMIME_HAVE_TLS_SUPPORT
|
||||
if (transport->isSMTPS()) // dedicated port/SMTPS
|
||||
{
|
||||
ref <tls::TLSSession> tlsSession =
|
||||
tls::TLSSession::create(transport->getCertificateVerifier());
|
||||
ref <tls::TLSSession> tlsSession = tls::TLSSession::create
|
||||
(transport->getCertificateVerifier(),
|
||||
transport->getSession()->getTLSProperties());
|
||||
|
||||
ref <tls::TLSSocket> tlsSocket =
|
||||
tlsSession->getSocket(m_socket);
|
||||
@ -479,8 +480,9 @@ void SMTPConnection::startTLS()
|
||||
resp->getCode(), resp->getEnhancedCode());
|
||||
}
|
||||
|
||||
ref <tls::TLSSession> tlsSession =
|
||||
tls::TLSSession::create(getTransport()->getCertificateVerifier());
|
||||
ref <tls::TLSSession> tlsSession = tls::TLSSession::create
|
||||
(getTransport()->getCertificateVerifier(),
|
||||
getTransport()->getSession()->getTLSProperties());
|
||||
|
||||
ref <tls::TLSSocket> tlsSocket =
|
||||
tlsSession->getSocket(m_socket);
|
||||
|
44
src/net/tls/TLSProperties.cpp
Normal file
44
src/net/tls/TLSProperties.cpp
Normal file
@ -0,0 +1,44 @@
|
||||
//
|
||||
// VMime library (http://www.vmime.org)
|
||||
// Copyright (C) 2002-2013 Vincent Richard <vincent@vmime.org>
|
||||
//
|
||||
// This program is free software; you can redistribute it and/or
|
||||
// modify it under the terms of the GNU General Public License as
|
||||
// published by the Free Software Foundation; either version 3 of
|
||||
// the License, or (at your option) any later version.
|
||||
//
|
||||
// This program is distributed in the hope that it will be useful,
|
||||
// but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||
// General Public License for more details.
|
||||
//
|
||||
// You should have received a copy of the GNU General Public License along
|
||||
// with this program; if not, write to the Free Software Foundation, Inc.,
|
||||
// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
||||
//
|
||||
// Linking this library statically or dynamically with other modules is making
|
||||
// a combined work based on this library. Thus, the terms and conditions of
|
||||
// the GNU General Public License cover the whole combination.
|
||||
//
|
||||
|
||||
#include "vmime/config.hpp"
|
||||
|
||||
|
||||
#if VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_TLS_SUPPORT
|
||||
|
||||
|
||||
#include "vmime/net/tls/TLSProperties.hpp"
|
||||
|
||||
|
||||
namespace vmime {
|
||||
namespace net {
|
||||
namespace tls {
|
||||
|
||||
|
||||
} // tls
|
||||
} // net
|
||||
} // vmime
|
||||
|
||||
|
||||
#endif // VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_TLS_SUPPORT
|
||||
|
113
src/net/tls/gnutls/TLSProperties_GnuTLS.cpp
Normal file
113
src/net/tls/gnutls/TLSProperties_GnuTLS.cpp
Normal file
@ -0,0 +1,113 @@
|
||||
//
|
||||
// VMime library (http://www.vmime.org)
|
||||
// Copyright (C) 2002-2013 Vincent Richard <vincent@vmime.org>
|
||||
//
|
||||
// This program is free software; you can redistribute it and/or
|
||||
// modify it under the terms of the GNU General Public License as
|
||||
// published by the Free Software Foundation; either version 3 of
|
||||
// the License, or (at your option) any later version.
|
||||
//
|
||||
// This program is distributed in the hope that it will be useful,
|
||||
// but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||
// General Public License for more details.
|
||||
//
|
||||
// You should have received a copy of the GNU General Public License along
|
||||
// with this program; if not, write to the Free Software Foundation, Inc.,
|
||||
// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
||||
//
|
||||
// Linking this library statically or dynamically with other modules is making
|
||||
// a combined work based on this library. Thus, the terms and conditions of
|
||||
// the GNU General Public License cover the whole combination.
|
||||
//
|
||||
|
||||
#include "vmime/config.hpp"
|
||||
|
||||
|
||||
#if VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_TLS_SUPPORT && VMIME_TLS_SUPPORT_LIB_IS_GNUTLS
|
||||
|
||||
|
||||
#include "vmime/base.hpp"
|
||||
#include "vmime/net/tls/gnutls/TLSProperties_GnuTLS.hpp"
|
||||
|
||||
#include <gnutls/gnutls.h>
|
||||
#if GNUTLS_VERSION_NUMBER < 0x030000
|
||||
#include <gnutls/extra.h>
|
||||
#endif
|
||||
|
||||
|
||||
namespace vmime {
|
||||
namespace net {
|
||||
namespace tls {
|
||||
|
||||
|
||||
TLSProperties::TLSProperties()
|
||||
: m_data(vmime::create <TLSProperties_GnuTLS>())
|
||||
{
|
||||
setCipherSuite(CIPHERSUITE_DEFAULT);
|
||||
}
|
||||
|
||||
|
||||
TLSProperties::TLSProperties(const TLSProperties& props)
|
||||
: object(),
|
||||
m_data(vmime::create <TLSProperties_GnuTLS>())
|
||||
{
|
||||
*m_data.dynamicCast <TLSProperties_GnuTLS>() = *props.m_data.dynamicCast <TLSProperties_GnuTLS>();
|
||||
}
|
||||
|
||||
|
||||
void TLSProperties::setCipherSuite(const GenericCipherSuite cipherSuite)
|
||||
{
|
||||
switch (cipherSuite)
|
||||
{
|
||||
case CIPHERSUITE_HIGH:
|
||||
|
||||
setCipherSuite("SECURE256:%SSL3_RECORD_VERSION");
|
||||
break;
|
||||
|
||||
case CIPHERSUITE_MEDIUM:
|
||||
|
||||
setCipherSuite("SECURE128:%SSL3_RECORD_VERSION");
|
||||
break;
|
||||
|
||||
case CIPHERSUITE_LOW:
|
||||
|
||||
setCipherSuite("NORMAL:%SSL3_RECORD_VERSION");
|
||||
break;
|
||||
|
||||
default:
|
||||
case CIPHERSUITE_DEFAULT:
|
||||
|
||||
setCipherSuite("NORMAL:%SSL3_RECORD_VERSION");
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
void TLSProperties::setCipherSuite(const string& cipherSuite)
|
||||
{
|
||||
m_data.dynamicCast <TLSProperties_GnuTLS>()->cipherSuite = cipherSuite;
|
||||
}
|
||||
|
||||
|
||||
const string TLSProperties::getCipherSuite() const
|
||||
{
|
||||
return m_data.dynamicCast <TLSProperties_GnuTLS>()->cipherSuite;
|
||||
}
|
||||
|
||||
|
||||
|
||||
TLSProperties_GnuTLS& TLSProperties_GnuTLS::operator=(const TLSProperties_GnuTLS& other)
|
||||
{
|
||||
cipherSuite = other.cipherSuite;
|
||||
|
||||
return *this;
|
||||
}
|
||||
|
||||
|
||||
} // tls
|
||||
} // net
|
||||
} // vmime
|
||||
|
||||
|
||||
#endif // VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_TLS_SUPPORT && VMIME_TLS_SUPPORT_LIB_IS_GNUTLS
|
@ -49,6 +49,7 @@
|
||||
|
||||
#include "vmime/net/tls/gnutls/TLSSession_GnuTLS.hpp"
|
||||
#include "vmime/net/tls/gnutls/TLSSocket_GnuTLS.hpp"
|
||||
#include "vmime/net/tls/gnutls/TLSProperties_GnuTLS.hpp"
|
||||
|
||||
#include "vmime/exception.hpp"
|
||||
|
||||
@ -133,14 +134,14 @@ static TLSGlobal g_gnutlsGlobal;
|
||||
|
||||
|
||||
// static
|
||||
ref <TLSSession> TLSSession::create(ref <security::cert::certificateVerifier> cv)
|
||||
ref <TLSSession> TLSSession::create(ref <security::cert::certificateVerifier> cv, ref <TLSProperties> props)
|
||||
{
|
||||
return vmime::create <TLSSession_GnuTLS>(cv);
|
||||
return vmime::create <TLSSession_GnuTLS>(cv, props);
|
||||
}
|
||||
|
||||
|
||||
TLSSession_GnuTLS::TLSSession_GnuTLS(ref <security::cert::certificateVerifier> cv)
|
||||
: m_certVerifier(cv)
|
||||
TLSSession_GnuTLS::TLSSession_GnuTLS(ref <security::cert::certificateVerifier> cv, ref <TLSProperties> props)
|
||||
: m_certVerifier(cv), m_props(props)
|
||||
{
|
||||
int res;
|
||||
|
||||
@ -151,21 +152,16 @@ TLSSession_GnuTLS::TLSSession_GnuTLS(ref <security::cert::certificateVerifier> c
|
||||
|
||||
// Sets some default priority on the ciphers, key exchange methods,
|
||||
// macs and compression methods.
|
||||
#if HAVE_GNUTLS_PRIORITY_FUNCS
|
||||
#if VMIME_HAVE_GNUTLS_PRIORITY_FUNCS
|
||||
gnutls_dh_set_prime_bits(*m_gnutlsSession, 128);
|
||||
|
||||
if ((res = gnutls_priority_set_direct
|
||||
(*m_gnutlsSession, "NORMAL:%SSL3_RECORD_VERSION", NULL)) != 0)
|
||||
(*m_gnutlsSession, m_props->getCipherSuite().c_str(), NULL)) != 0)
|
||||
{
|
||||
if ((res = gnutls_priority_set_direct
|
||||
(*m_gnutlsSession, "NORMAL", NULL)) != 0)
|
||||
{
|
||||
throwTLSException
|
||||
("gnutls_priority_set_direct", res);
|
||||
}
|
||||
throwTLSException("gnutls_priority_set_direct", res);
|
||||
}
|
||||
|
||||
#else // !HAVE_GNUTLS_PRIORITY_FUNCS
|
||||
#else // !VMIME_HAVE_GNUTLS_PRIORITY_FUNCS
|
||||
|
||||
gnutls_set_default_priority(*m_gnutlsSession);
|
||||
|
||||
@ -241,7 +237,7 @@ TLSSession_GnuTLS::TLSSession_GnuTLS(ref <security::cert::certificateVerifier> c
|
||||
|
||||
gnutls_compression_set_priority(*m_gnutlsSession, compressionPriority);
|
||||
|
||||
#endif // !HAVE_GNUTLS_PRIORITY_FUNCS
|
||||
#endif // !VMIME_HAVE_GNUTLS_PRIORITY_FUNCS
|
||||
|
||||
// Initialize credentials
|
||||
gnutls_credentials_set(*m_gnutlsSession,
|
||||
|
112
src/net/tls/openssl/TLSProperties_OpenSSL.cpp
Normal file
112
src/net/tls/openssl/TLSProperties_OpenSSL.cpp
Normal file
@ -0,0 +1,112 @@
|
||||
//
|
||||
// VMime library (http://www.vmime.org)
|
||||
// Copyright (C) 2002-2013 Vincent Richard <vincent@vmime.org>
|
||||
//
|
||||
// This program is free software; you can redistribute it and/or
|
||||
// modify it under the terms of the GNU General Public License as
|
||||
// published by the Free Software Foundation; either version 3 of
|
||||
// the License, or (at your option) any later version.
|
||||
//
|
||||
// This program is distributed in the hope that it will be useful,
|
||||
// but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||
// General Public License for more details.
|
||||
//
|
||||
// You should have received a copy of the GNU General Public License along
|
||||
// with this program; if not, write to the Free Software Foundation, Inc.,
|
||||
// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
||||
//
|
||||
// Linking this library statically or dynamically with other modules is making
|
||||
// a combined work based on this library. Thus, the terms and conditions of
|
||||
// the GNU General Public License cover the whole combination.
|
||||
//
|
||||
|
||||
#include "vmime/config.hpp"
|
||||
|
||||
|
||||
#if VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_TLS_SUPPORT && VMIME_TLS_SUPPORT_LIB_IS_OPENSSL
|
||||
|
||||
|
||||
#include "vmime/base.hpp"
|
||||
#include "vmime/net/tls/openssl/TLSProperties_OpenSSL.hpp"
|
||||
|
||||
#include <openssl/ssl.h>
|
||||
#include <openssl/err.h>
|
||||
|
||||
|
||||
namespace vmime {
|
||||
namespace net {
|
||||
namespace tls {
|
||||
|
||||
|
||||
TLSProperties::TLSProperties()
|
||||
: m_data(vmime::create <TLSProperties_OpenSSL>())
|
||||
{
|
||||
setCipherSuite(CIPHERSUITE_DEFAULT);
|
||||
}
|
||||
|
||||
|
||||
TLSProperties::TLSProperties(const TLSProperties& props)
|
||||
: object(),
|
||||
m_data(vmime::create <TLSProperties_OpenSSL>())
|
||||
{
|
||||
*m_data.dynamicCast <TLSProperties_OpenSSL>() = *props.m_data.dynamicCast <TLSProperties_OpenSSL>();
|
||||
}
|
||||
|
||||
|
||||
void TLSProperties::setCipherSuite(const GenericCipherSuite cipherSuite)
|
||||
{
|
||||
switch (cipherSuite)
|
||||
{
|
||||
case CIPHERSUITE_HIGH:
|
||||
|
||||
setCipherSuite("HIGH");
|
||||
break;
|
||||
|
||||
case CIPHERSUITE_MEDIUM:
|
||||
|
||||
setCipherSuite("MEDIUM");
|
||||
break;
|
||||
|
||||
case CIPHERSUITE_LOW:
|
||||
|
||||
setCipherSuite("LOW");
|
||||
break;
|
||||
|
||||
default:
|
||||
case CIPHERSUITE_DEFAULT:
|
||||
|
||||
setCipherSuite("DEFAULT");
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
void TLSProperties::setCipherSuite(const string& cipherSuite)
|
||||
{
|
||||
m_data.dynamicCast <TLSProperties_OpenSSL>()->cipherSuite = cipherSuite;
|
||||
}
|
||||
|
||||
|
||||
const string TLSProperties::getCipherSuite() const
|
||||
{
|
||||
return m_data.dynamicCast <TLSProperties_OpenSSL>()->cipherSuite;
|
||||
}
|
||||
|
||||
|
||||
|
||||
TLSProperties_OpenSSL& TLSProperties_OpenSSL::operator=(const TLSProperties_OpenSSL& other)
|
||||
{
|
||||
cipherSuite = other.cipherSuite;
|
||||
|
||||
return *this;
|
||||
}
|
||||
|
||||
|
||||
} // tls
|
||||
} // net
|
||||
} // vmime
|
||||
|
||||
|
||||
#endif // VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_TLS_SUPPORT && VMIME_TLS_SUPPORT_LIB_IS_OPENSSL
|
||||
|
@ -28,6 +28,7 @@
|
||||
|
||||
|
||||
#include "vmime/net/tls/openssl/TLSSession_OpenSSL.hpp"
|
||||
#include "vmime/net/tls/openssl/TLSProperties_OpenSSL.hpp"
|
||||
#include "vmime/net/tls/openssl/OpenSSLInitializer.hpp"
|
||||
|
||||
#include "vmime/exception.hpp"
|
||||
@ -45,19 +46,19 @@ static OpenSSLInitializer::autoInitializer openSSLInitializer;
|
||||
|
||||
|
||||
// static
|
||||
ref <TLSSession> TLSSession::create(ref <security::cert::certificateVerifier> cv)
|
||||
ref <TLSSession> TLSSession::create(ref <security::cert::certificateVerifier> cv, ref <TLSProperties> props)
|
||||
{
|
||||
return vmime::create <TLSSession_OpenSSL>(cv);
|
||||
return vmime::create <TLSSession_OpenSSL>(cv, props);
|
||||
}
|
||||
|
||||
|
||||
TLSSession_OpenSSL::TLSSession_OpenSSL(ref <vmime::security::cert::certificateVerifier> cv)
|
||||
: m_sslctx(0), m_certVerifier(cv)
|
||||
TLSSession_OpenSSL::TLSSession_OpenSSL(ref <vmime::security::cert::certificateVerifier> cv, ref <TLSProperties> props)
|
||||
: m_sslctx(0), m_certVerifier(cv), m_props(props)
|
||||
{
|
||||
m_sslctx = SSL_CTX_new(SSLv23_client_method());
|
||||
SSL_CTX_set_options(m_sslctx, SSL_OP_ALL | SSL_OP_NO_SSLv2);
|
||||
SSL_CTX_set_mode(m_sslctx, SSL_MODE_AUTO_RETRY);
|
||||
SSL_CTX_set_cipher_list(m_sslctx, "ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH");
|
||||
SSL_CTX_set_cipher_list(m_sslctx, m_props->getCipherSuite().c_str());
|
||||
SSL_CTX_set_session_cache_mode(m_sslctx, SSL_SESS_CACHE_OFF);
|
||||
}
|
||||
|
||||
|
@ -33,6 +33,8 @@
|
||||
|
||||
#include "vmime/security/authenticator.hpp"
|
||||
|
||||
#include "vmime/net/tls/TLSProperties.hpp"
|
||||
|
||||
#include "vmime/utility/url.hpp"
|
||||
|
||||
#include "vmime/propertySet.hpp"
|
||||
@ -141,9 +143,23 @@ public:
|
||||
*/
|
||||
propertySet& getProperties();
|
||||
|
||||
/** Set properties for SSL/TLS secured connections in this session.
|
||||
*
|
||||
* @param tlsProps SSL/TLS properties
|
||||
*/
|
||||
void setTLSProperties(ref <tls::TLSProperties> tlsProps);
|
||||
|
||||
/** Get properties for SSL/TLS secured connections in this session.
|
||||
*
|
||||
* @return SSL/TLS properties
|
||||
*/
|
||||
ref <tls::TLSProperties> getTLSProperties() const;
|
||||
|
||||
private:
|
||||
|
||||
propertySet m_props;
|
||||
|
||||
ref <tls::TLSProperties> m_tlsProps;
|
||||
};
|
||||
|
||||
|
||||
|
105
vmime/net/tls/TLSProperties.hpp
Normal file
105
vmime/net/tls/TLSProperties.hpp
Normal file
@ -0,0 +1,105 @@
|
||||
//
|
||||
// VMime library (http://www.vmime.org)
|
||||
// Copyright (C) 2002-2013 Vincent Richard <vincent@vmime.org>
|
||||
//
|
||||
// This program is free software; you can redistribute it and/or
|
||||
// modify it under the terms of the GNU General Public License as
|
||||
// published by the Free Software Foundation; either version 3 of
|
||||
// the License, or (at your option) any later version.
|
||||
//
|
||||
// This program is distributed in the hope that it will be useful,
|
||||
// but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||
// General Public License for more details.
|
||||
//
|
||||
// You should have received a copy of the GNU General Public License along
|
||||
// with this program; if not, write to the Free Software Foundation, Inc.,
|
||||
// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
||||
//
|
||||
// Linking this library statically or dynamically with other modules is making
|
||||
// a combined work based on this library. Thus, the terms and conditions of
|
||||
// the GNU General Public License cover the whole combination.
|
||||
//
|
||||
|
||||
#ifndef VMIME_NET_TLS_TLSPROPERTIES_HPP_INCLUDED
|
||||
#define VMIME_NET_TLS_TLSPROPERTIES_HPP_INCLUDED
|
||||
|
||||
|
||||
#include "vmime/config.hpp"
|
||||
|
||||
|
||||
#if VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_TLS_SUPPORT
|
||||
|
||||
|
||||
#include "vmime/types.hpp"
|
||||
|
||||
|
||||
namespace vmime {
|
||||
namespace net {
|
||||
namespace tls {
|
||||
|
||||
|
||||
/** Holds options for a TLS session.
|
||||
*/
|
||||
class VMIME_EXPORT TLSProperties : public object
|
||||
{
|
||||
public:
|
||||
|
||||
TLSProperties();
|
||||
TLSProperties(const TLSProperties&);
|
||||
|
||||
|
||||
/** Predefined generic cipher suites (work with all TLS libraries). */
|
||||
enum GenericCipherSuite
|
||||
{
|
||||
CIPHERSUITE_HIGH, /**< High encryption cipher suites (> 128 bits). */
|
||||
CIPHERSUITE_MEDIUM, /**< Medium encryption cipher suites (>= 128 bits). */
|
||||
CIPHERSUITE_LOW, /**< Low encryption cipher suites (>= 64 bits). */
|
||||
|
||||
CIPHERSUITE_DEFAULT /**< Default cipher suite. */
|
||||
};
|
||||
|
||||
/** Sets the cipher suite preferences for a SSL/TLS session, using
|
||||
* predefined, generic suites. This works with all underlying TLS
|
||||
* libraries (OpenSSL and GNU TLS).
|
||||
*
|
||||
* @param cipherSuite predefined cipher suite
|
||||
*/
|
||||
void setCipherSuite(const GenericCipherSuite cipherSuite);
|
||||
|
||||
/** Sets the cipher suite preferences for a SSL/TLS session, using
|
||||
* a character string. The format and meaning of the string depend
|
||||
* on the underlying TLS library.
|
||||
*
|
||||
* For GNU TLS, read this:
|
||||
* http://gnutls.org/manual/html_node/Priority-Strings.html
|
||||
*
|
||||
* For OpenSSL, read this:
|
||||
* http://www.openssl.org/docs/apps/ciphers.html#CIPHER_STRINGS
|
||||
*
|
||||
* @param cipherSuite cipher suite as a string
|
||||
*/
|
||||
void setCipherSuite(const string& cipherSuite);
|
||||
|
||||
/** Returns the cipher suite preferences for a SSL/TLS session, as
|
||||
* a character string. The format and meaning of the string depend
|
||||
* on the underlying TLS library (see setCipherSuite() method).
|
||||
*
|
||||
* @return cipher suite string
|
||||
*/
|
||||
const string getCipherSuite() const;
|
||||
|
||||
private:
|
||||
|
||||
ref <object> m_data;
|
||||
};
|
||||
|
||||
|
||||
} // tls
|
||||
} // net
|
||||
} // vmime
|
||||
|
||||
|
||||
#endif // VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_TLS_SUPPORT
|
||||
|
||||
#endif // VMIME_NET_TLS_TLSPROPERTIES_HPP_INCLUDED
|
@ -34,6 +34,7 @@
|
||||
#include "vmime/types.hpp"
|
||||
|
||||
#include "vmime/net/tls/TLSSocket.hpp"
|
||||
#include "vmime/net/tls/TLSProperties.hpp"
|
||||
|
||||
#include "vmime/security/cert/certificateVerifier.hpp"
|
||||
|
||||
@ -53,9 +54,10 @@ public:
|
||||
*
|
||||
* @param cv object responsible for verifying certificates
|
||||
* sent by the server
|
||||
* @param props TLS properties for this session
|
||||
* @return a new TLS session
|
||||
*/
|
||||
static ref <TLSSession> create(ref <security::cert::certificateVerifier> cv);
|
||||
static ref <TLSSession> create(ref <security::cert::certificateVerifier> cv, ref <TLSProperties> props);
|
||||
|
||||
/** Create a new socket that adds a TLS security layer around
|
||||
* an existing socket. You should create only one socket
|
||||
|
68
vmime/net/tls/gnutls/TLSProperties_GnuTLS.hpp
Normal file
68
vmime/net/tls/gnutls/TLSProperties_GnuTLS.hpp
Normal file
@ -0,0 +1,68 @@
|
||||
//
|
||||
// VMime library (http://www.vmime.org)
|
||||
// Copyright (C) 2002-2013 Vincent Richard <vincent@vmime.org>
|
||||
//
|
||||
// This program is free software; you can redistribute it and/or
|
||||
// modify it under the terms of the GNU General Public License as
|
||||
// published by the Free Software Foundation; either version 3 of
|
||||
// the License, or (at your option) any later version.
|
||||
//
|
||||
// This program is distributed in the hope that it will be useful,
|
||||
// but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||
// General Public License for more details.
|
||||
//
|
||||
// You should have received a copy of the GNU General Public License along
|
||||
// with this program; if not, write to the Free Software Foundation, Inc.,
|
||||
// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
||||
//
|
||||
// Linking this library statically or dynamically with other modules is making
|
||||
// a combined work based on this library. Thus, the terms and conditions of
|
||||
// the GNU General Public License cover the whole combination.
|
||||
//
|
||||
|
||||
#ifndef VMIME_NET_TLS_TLSPROPERTIES_GNUTLS_HPP_INCLUDED
|
||||
#define VMIME_NET_TLS_TLSPROPERTIES_GNUTLS_HPP_INCLUDED
|
||||
|
||||
|
||||
#ifndef VMIME_BUILDING_DOC
|
||||
|
||||
|
||||
#include "vmime/config.hpp"
|
||||
|
||||
|
||||
#if VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_TLS_SUPPORT && VMIME_TLS_SUPPORT_LIB_IS_GNUTLS
|
||||
|
||||
|
||||
#include "vmime/types.hpp"
|
||||
|
||||
#include "vmime/net/tls/TLSProperties.hpp"
|
||||
|
||||
|
||||
namespace vmime {
|
||||
namespace net {
|
||||
namespace tls {
|
||||
|
||||
|
||||
class TLSProperties_GnuTLS : public object
|
||||
{
|
||||
public:
|
||||
|
||||
TLSProperties_GnuTLS& operator=(const TLSProperties_GnuTLS& other);
|
||||
|
||||
|
||||
string cipherSuite;
|
||||
};
|
||||
|
||||
|
||||
} // tls
|
||||
} // net
|
||||
} // vmime
|
||||
|
||||
|
||||
#endif // VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_TLS_SUPPORT && VMIME_TLS_SUPPORT_LIB_IS_GNUTLS
|
||||
|
||||
#endif // VMIME_BUILDING_DOC
|
||||
|
||||
#endif // VMIME_NET_TLS_TLSPROPERTIES_GNUTLS_HPP_INCLUDED
|
||||
|
@ -38,6 +38,7 @@
|
||||
|
||||
#include "vmime/net/tls/TLSSession.hpp"
|
||||
#include "vmime/net/tls/TLSSocket.hpp"
|
||||
#include "vmime/net/tls/TLSProperties.hpp"
|
||||
|
||||
|
||||
namespace vmime {
|
||||
@ -51,7 +52,7 @@ class TLSSession_GnuTLS : public TLSSession
|
||||
|
||||
public:
|
||||
|
||||
TLSSession_GnuTLS(ref <security::cert::certificateVerifier> cv);
|
||||
TLSSession_GnuTLS(ref <security::cert::certificateVerifier> cv, ref <TLSProperties> props);
|
||||
~TLSSession_GnuTLS();
|
||||
|
||||
|
||||
@ -73,6 +74,7 @@ private:
|
||||
#endif // LIBGNUTLS_VERSION
|
||||
|
||||
ref <security::cert::certificateVerifier> m_certVerifier;
|
||||
ref <TLSProperties> m_props;
|
||||
};
|
||||
|
||||
|
||||
|
68
vmime/net/tls/openssl/TLSProperties_OpenSSL.hpp
Normal file
68
vmime/net/tls/openssl/TLSProperties_OpenSSL.hpp
Normal file
@ -0,0 +1,68 @@
|
||||
//
|
||||
// VMime library (http://www.vmime.org)
|
||||
// Copyright (C) 2002-2013 Vincent Richard <vincent@vmime.org>
|
||||
//
|
||||
// This program is free software; you can redistribute it and/or
|
||||
// modify it under the terms of the GNU General Public License as
|
||||
// published by the Free Software Foundation; either version 3 of
|
||||
// the License, or (at your option) any later version.
|
||||
//
|
||||
// This program is distributed in the hope that it will be useful,
|
||||
// but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||
// General Public License for more details.
|
||||
//
|
||||
// You should have received a copy of the GNU General Public License along
|
||||
// with this program; if not, write to the Free Software Foundation, Inc.,
|
||||
// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
||||
//
|
||||
// Linking this library statically or dynamically with other modules is making
|
||||
// a combined work based on this library. Thus, the terms and conditions of
|
||||
// the GNU General Public License cover the whole combination.
|
||||
//
|
||||
|
||||
#ifndef VMIME_NET_TLS_TLSPROPERTIES_OPENSSL_HPP_INCLUDED
|
||||
#define VMIME_NET_TLS_TLSPROPERTIES_OPENSSL_HPP_INCLUDED
|
||||
|
||||
|
||||
#ifndef VMIME_BUILDING_DOC
|
||||
|
||||
|
||||
#include "vmime/config.hpp"
|
||||
|
||||
|
||||
#if VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_TLS_SUPPORT && VMIME_TLS_SUPPORT_LIB_IS_OPENSSL
|
||||
|
||||
|
||||
#include "vmime/types.hpp"
|
||||
|
||||
#include "vmime/net/tls/TLSProperties.hpp"
|
||||
|
||||
|
||||
namespace vmime {
|
||||
namespace net {
|
||||
namespace tls {
|
||||
|
||||
|
||||
class TLSProperties_OpenSSL : public object
|
||||
{
|
||||
public:
|
||||
|
||||
TLSProperties_OpenSSL& operator=(const TLSProperties_OpenSSL& other);
|
||||
|
||||
|
||||
string cipherSuite;
|
||||
};
|
||||
|
||||
|
||||
} // tls
|
||||
} // net
|
||||
} // vmime
|
||||
|
||||
|
||||
#endif // VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_TLS_SUPPORT && VMIME_TLS_SUPPORT_LIB_IS_OPENSSL
|
||||
|
||||
#endif // VMIME_BUILDING_DOC
|
||||
|
||||
#endif // VMIME_NET_TLS_TLSPROPERTIES_OPENSSL_HPP_INCLUDED
|
||||
|
@ -38,6 +38,7 @@
|
||||
|
||||
#include "vmime/net/tls/TLSSession.hpp"
|
||||
#include "vmime/net/tls/TLSSocket.hpp"
|
||||
#include "vmime/net/tls/TLSProperties.hpp"
|
||||
|
||||
|
||||
#include <openssl/ssl.h>
|
||||
@ -54,7 +55,7 @@ class TLSSession_OpenSSL : public TLSSession
|
||||
|
||||
public:
|
||||
|
||||
TLSSession_OpenSSL(const ref <security::cert::certificateVerifier> cv);
|
||||
TLSSession_OpenSSL(const ref <security::cert::certificateVerifier> cv, ref <TLSProperties> props);
|
||||
~TLSSession_OpenSSL();
|
||||
|
||||
|
||||
@ -90,6 +91,7 @@ private:
|
||||
SSL_CTX* m_sslctx;
|
||||
|
||||
ref <security::cert::certificateVerifier> m_certVerifier;
|
||||
ref <TLSProperties> m_props;
|
||||
};
|
||||
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user