TLS properties: allows setting custom cipher suite for TLS/SSL connections.

This commit is contained in:
Vincent Richard 2013-09-21 11:53:38 +02:00
parent 7d7fb6daaf
commit 041344d02a
18 changed files with 652 additions and 36 deletions

View File

@ -222,10 +222,13 @@ libvmime_messaging_sources = [
libvmime_net_tls_sources = [
'net/tls/TLSSession.cpp', 'net/tls/TLSSession.hpp',
'net/tls/TLSSocket.cpp', 'net/tls/TLSSocket.hpp',
'net/tls/TLSProperties.cpp', 'net/tls/TLSProperties.hpp',
'net/tls/gnutls/TLSSession_GnuTLS.cpp', 'net/tls/gnutls/TLSSession_GnuTLS.hpp',
'net/tls/gnutls/TLSSocket_GnuTLS.cpp', 'net/tls/gnutls/TLSSocket_GnuTLS.hpp',
'net/tls/gnutls/TLSProperties_GnuTLS.cpp', 'net/tls/gnutls/TLSProperties_GnuTLS.hpp',
'net/tls/openssl/TLSSession_OpenSSL.cpp', 'net/tls/openssl/TLSSession_OpenSSL.hpp',
'net/tls/openssl/TLSSocket_OpenSSL.cpp', 'net/tls/openssl/TLSSocket_OpenSSL.hpp',
'net/tls/openssl/TLSProperties_OpenSSL.cpp', 'net/tls/openssl/TLSProperties_OpenSSL.hpp',
'net/tls/openssl/OpenSSLInitializer.cpp', 'net/tls/openssl/OpenSSLInitializer.hpp',
'net/tls/TLSSecuredConnectionInfos.cpp', 'net/tls/TLSSecuredConnectionInfos.hpp',
'security/cert/certificateChain.cpp', 'security/cert/certificateChain.hpp',

View File

@ -1006,3 +1006,68 @@ Finally, to make the service use your own certificate verifier, simply write:
theService->setCertificateVerifier(vmime::create <myCertVerifier>());
\end{lstlisting}
\subsection{SSL/TLS Properties} % --------------------------------------------
If you want to customize behavior or set some options on TLS/SSL connection,
you may use the TLSProperties object, and pass it to the service session. The
TLS/SSL options must be set {\em before} creating any service with the session
(ie. before calling either {\vcode getStore()} or {\vcode getTransport()} on
the session), or they will not be used.
The following example shows how to set the cipher suite preferences for TLS:
\begin{lstlisting}[caption={Setting TLS cipher suite preferences}]
vmime::ref <vmime::net::session> sess = /* ... */;
vmime::ref <vmime::net::tls::TLSProperties> tlsProps =
vmime::create <vmime::net::tls::TLSProperties>();
// for OpenSSL
tlsProps->setCipherString("HIGH:!ADH:@STRENGTH");
// for GNU TLS
tlsProps->setCipherString("NORMAL:%SSL3_RECORD_VERSION");
sess->setTLSProperties(tlsProps);
\end{lstlisting}
Please note that the cipher suite string format and meaning depend on the
underlying TLS library (either OpenSSL or GNU TLS):
\begin{itemize}
\item for GNU TLS, read this: \newline
\url{http://gnutls.org/manual/html\_node/Priority-Strings.html}
\item for OpenSSL, read this: \newline
\url{http://www.openssl.org/docs/apps/ciphers.html#CIPHER\_STRINGS}
\end{itemize}
You may also set cipher suite preferences using predefined constants that
map to generic security modes:
\begin{lstlisting}[caption={Setting TLS cipher suite preferences using predefined modes}]
sess->setCipherSuite(vmime::net::tls::TLSProperties::CIPHERSUITE_HIGH);
\end{lstlisting}
The following constants are available:
\noindent\begin{tabularx}{1.0\textwidth}{|l|X|}
\hline
{\bf Constant} &
{\bf Meaning} \\
\hline
CIPHERSUITE\_HIGH &
High encryption cipher suites ($>$ 128 bits) \\
\hline
CIPHERSUITE\_MEDIUM &
Medium encryption cipher suites ($>=$ 128 bits) \\
\hline
CIPHERSUITE\_LOW &
Low encryption cipher suites ($>=$ 64 bits) \\
\hline
CIPHERSUITE\_DEFAULT &
Default cipher suite (actual cipher suites used depends
on the underlying SSL/TLS library) \\
\hline
\end{tabularx}

View File

@ -112,8 +112,9 @@ void IMAPConnection::connect()
#if VMIME_HAVE_TLS_SUPPORT
if (store->isIMAPS()) // dedicated port/IMAPS
{
ref <tls::TLSSession> tlsSession =
tls::TLSSession::create(store->getCertificateVerifier());
ref <tls::TLSSession> tlsSession = tls::TLSSession::create
(store->getCertificateVerifier(),
store->getSession()->getTLSProperties());
ref <tls::TLSSocket> tlsSocket =
tlsSession->getSocket(m_socket);
@ -474,8 +475,9 @@ void IMAPConnection::startTLS()
("STARTTLS", resp->getErrorLog(), "bad response");
}
ref <tls::TLSSession> tlsSession =
tls::TLSSession::create(m_store.acquire()->getCertificateVerifier());
ref <tls::TLSSession> tlsSession = tls::TLSSession::create
(m_store.acquire()->getCertificateVerifier(),
m_store.acquire()->getSession()->getTLSProperties());
ref <tls::TLSSocket> tlsSocket =
tlsSession->getSocket(m_socket);

View File

@ -106,8 +106,9 @@ void POP3Connection::connect()
#if VMIME_HAVE_TLS_SUPPORT
if (store->isPOP3S()) // dedicated port/POP3S
{
ref <tls::TLSSession> tlsSession =
tls::TLSSession::create(store->getCertificateVerifier());
ref <tls::TLSSession> tlsSession = tls::TLSSession::create
(store->getCertificateVerifier(),
store->getSession()->getTLSProperties());
ref <tls::TLSSocket> tlsSocket =
tlsSession->getSocket(m_socket);
@ -544,8 +545,9 @@ void POP3Connection::startTLS()
if (!response->isSuccess())
throw exceptions::command_error("STLS", response->getFirstLine());
ref <tls::TLSSession> tlsSession =
tls::TLSSession::create(m_store.acquire()->getCertificateVerifier());
ref <tls::TLSSession> tlsSession = tls::TLSSession::create
(m_store.acquire()->getCertificateVerifier(),
m_store.acquire()->getSession()->getTLSProperties());
ref <tls::TLSSocket> tlsSocket =
tlsSession->getSocket(m_socket);

View File

@ -39,18 +39,19 @@ namespace net {
session::session()
: m_tlsProps(vmime::create <tls::TLSProperties>())
{
}
session::session(const session& sess)
: object(), m_props(sess.m_props)
: object(), m_props(sess.m_props), m_tlsProps(vmime::create <tls::TLSProperties>(*sess.m_tlsProps))
{
}
session::session(const propertySet& props)
: m_props(props)
: m_props(props), m_tlsProps(vmime::create <tls::TLSProperties>())
{
}
@ -136,6 +137,18 @@ propertySet& session::getProperties()
}
void session::setTLSProperties(ref <tls::TLSProperties> tlsProps)
{
m_tlsProps = vmime::create <tls::TLSProperties>(*tlsProps);
}
ref <tls::TLSProperties> session::getTLSProperties() const
{
return m_tlsProps;
}
} // net
} // vmime

View File

@ -107,8 +107,9 @@ void SMTPConnection::connect()
#if VMIME_HAVE_TLS_SUPPORT
if (transport->isSMTPS()) // dedicated port/SMTPS
{
ref <tls::TLSSession> tlsSession =
tls::TLSSession::create(transport->getCertificateVerifier());
ref <tls::TLSSession> tlsSession = tls::TLSSession::create
(transport->getCertificateVerifier(),
transport->getSession()->getTLSProperties());
ref <tls::TLSSocket> tlsSocket =
tlsSession->getSocket(m_socket);
@ -479,8 +480,9 @@ void SMTPConnection::startTLS()
resp->getCode(), resp->getEnhancedCode());
}
ref <tls::TLSSession> tlsSession =
tls::TLSSession::create(getTransport()->getCertificateVerifier());
ref <tls::TLSSession> tlsSession = tls::TLSSession::create
(getTransport()->getCertificateVerifier(),
getTransport()->getSession()->getTLSProperties());
ref <tls::TLSSocket> tlsSocket =
tlsSession->getSocket(m_socket);

View File

@ -0,0 +1,44 @@
//
// VMime library (http://www.vmime.org)
// Copyright (C) 2002-2013 Vincent Richard <vincent@vmime.org>
//
// This program is free software; you can redistribute it and/or
// modify it under the terms of the GNU General Public License as
// published by the Free Software Foundation; either version 3 of
// the License, or (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
// General Public License for more details.
//
// You should have received a copy of the GNU General Public License along
// with this program; if not, write to the Free Software Foundation, Inc.,
// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
//
// Linking this library statically or dynamically with other modules is making
// a combined work based on this library. Thus, the terms and conditions of
// the GNU General Public License cover the whole combination.
//
#include "vmime/config.hpp"
#if VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_TLS_SUPPORT
#include "vmime/net/tls/TLSProperties.hpp"
namespace vmime {
namespace net {
namespace tls {
} // tls
} // net
} // vmime
#endif // VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_TLS_SUPPORT

View File

@ -0,0 +1,113 @@
//
// VMime library (http://www.vmime.org)
// Copyright (C) 2002-2013 Vincent Richard <vincent@vmime.org>
//
// This program is free software; you can redistribute it and/or
// modify it under the terms of the GNU General Public License as
// published by the Free Software Foundation; either version 3 of
// the License, or (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
// General Public License for more details.
//
// You should have received a copy of the GNU General Public License along
// with this program; if not, write to the Free Software Foundation, Inc.,
// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
//
// Linking this library statically or dynamically with other modules is making
// a combined work based on this library. Thus, the terms and conditions of
// the GNU General Public License cover the whole combination.
//
#include "vmime/config.hpp"
#if VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_TLS_SUPPORT && VMIME_TLS_SUPPORT_LIB_IS_GNUTLS
#include "vmime/base.hpp"
#include "vmime/net/tls/gnutls/TLSProperties_GnuTLS.hpp"
#include <gnutls/gnutls.h>
#if GNUTLS_VERSION_NUMBER < 0x030000
#include <gnutls/extra.h>
#endif
namespace vmime {
namespace net {
namespace tls {
TLSProperties::TLSProperties()
: m_data(vmime::create <TLSProperties_GnuTLS>())
{
setCipherSuite(CIPHERSUITE_DEFAULT);
}
TLSProperties::TLSProperties(const TLSProperties& props)
: object(),
m_data(vmime::create <TLSProperties_GnuTLS>())
{
*m_data.dynamicCast <TLSProperties_GnuTLS>() = *props.m_data.dynamicCast <TLSProperties_GnuTLS>();
}
void TLSProperties::setCipherSuite(const GenericCipherSuite cipherSuite)
{
switch (cipherSuite)
{
case CIPHERSUITE_HIGH:
setCipherSuite("SECURE256:%SSL3_RECORD_VERSION");
break;
case CIPHERSUITE_MEDIUM:
setCipherSuite("SECURE128:%SSL3_RECORD_VERSION");
break;
case CIPHERSUITE_LOW:
setCipherSuite("NORMAL:%SSL3_RECORD_VERSION");
break;
default:
case CIPHERSUITE_DEFAULT:
setCipherSuite("NORMAL:%SSL3_RECORD_VERSION");
break;
}
}
void TLSProperties::setCipherSuite(const string& cipherSuite)
{
m_data.dynamicCast <TLSProperties_GnuTLS>()->cipherSuite = cipherSuite;
}
const string TLSProperties::getCipherSuite() const
{
return m_data.dynamicCast <TLSProperties_GnuTLS>()->cipherSuite;
}
TLSProperties_GnuTLS& TLSProperties_GnuTLS::operator=(const TLSProperties_GnuTLS& other)
{
cipherSuite = other.cipherSuite;
return *this;
}
} // tls
} // net
} // vmime
#endif // VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_TLS_SUPPORT && VMIME_TLS_SUPPORT_LIB_IS_GNUTLS

View File

@ -49,6 +49,7 @@
#include "vmime/net/tls/gnutls/TLSSession_GnuTLS.hpp"
#include "vmime/net/tls/gnutls/TLSSocket_GnuTLS.hpp"
#include "vmime/net/tls/gnutls/TLSProperties_GnuTLS.hpp"
#include "vmime/exception.hpp"
@ -133,14 +134,14 @@ static TLSGlobal g_gnutlsGlobal;
// static
ref <TLSSession> TLSSession::create(ref <security::cert::certificateVerifier> cv)
ref <TLSSession> TLSSession::create(ref <security::cert::certificateVerifier> cv, ref <TLSProperties> props)
{
return vmime::create <TLSSession_GnuTLS>(cv);
return vmime::create <TLSSession_GnuTLS>(cv, props);
}
TLSSession_GnuTLS::TLSSession_GnuTLS(ref <security::cert::certificateVerifier> cv)
: m_certVerifier(cv)
TLSSession_GnuTLS::TLSSession_GnuTLS(ref <security::cert::certificateVerifier> cv, ref <TLSProperties> props)
: m_certVerifier(cv), m_props(props)
{
int res;
@ -151,21 +152,16 @@ TLSSession_GnuTLS::TLSSession_GnuTLS(ref <security::cert::certificateVerifier> c
// Sets some default priority on the ciphers, key exchange methods,
// macs and compression methods.
#if HAVE_GNUTLS_PRIORITY_FUNCS
#if VMIME_HAVE_GNUTLS_PRIORITY_FUNCS
gnutls_dh_set_prime_bits(*m_gnutlsSession, 128);
if ((res = gnutls_priority_set_direct
(*m_gnutlsSession, "NORMAL:%SSL3_RECORD_VERSION", NULL)) != 0)
(*m_gnutlsSession, m_props->getCipherSuite().c_str(), NULL)) != 0)
{
if ((res = gnutls_priority_set_direct
(*m_gnutlsSession, "NORMAL", NULL)) != 0)
{
throwTLSException
("gnutls_priority_set_direct", res);
}
throwTLSException("gnutls_priority_set_direct", res);
}
#else // !HAVE_GNUTLS_PRIORITY_FUNCS
#else // !VMIME_HAVE_GNUTLS_PRIORITY_FUNCS
gnutls_set_default_priority(*m_gnutlsSession);
@ -241,7 +237,7 @@ TLSSession_GnuTLS::TLSSession_GnuTLS(ref <security::cert::certificateVerifier> c
gnutls_compression_set_priority(*m_gnutlsSession, compressionPriority);
#endif // !HAVE_GNUTLS_PRIORITY_FUNCS
#endif // !VMIME_HAVE_GNUTLS_PRIORITY_FUNCS
// Initialize credentials
gnutls_credentials_set(*m_gnutlsSession,

View File

@ -0,0 +1,112 @@
//
// VMime library (http://www.vmime.org)
// Copyright (C) 2002-2013 Vincent Richard <vincent@vmime.org>
//
// This program is free software; you can redistribute it and/or
// modify it under the terms of the GNU General Public License as
// published by the Free Software Foundation; either version 3 of
// the License, or (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
// General Public License for more details.
//
// You should have received a copy of the GNU General Public License along
// with this program; if not, write to the Free Software Foundation, Inc.,
// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
//
// Linking this library statically or dynamically with other modules is making
// a combined work based on this library. Thus, the terms and conditions of
// the GNU General Public License cover the whole combination.
//
#include "vmime/config.hpp"
#if VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_TLS_SUPPORT && VMIME_TLS_SUPPORT_LIB_IS_OPENSSL
#include "vmime/base.hpp"
#include "vmime/net/tls/openssl/TLSProperties_OpenSSL.hpp"
#include <openssl/ssl.h>
#include <openssl/err.h>
namespace vmime {
namespace net {
namespace tls {
TLSProperties::TLSProperties()
: m_data(vmime::create <TLSProperties_OpenSSL>())
{
setCipherSuite(CIPHERSUITE_DEFAULT);
}
TLSProperties::TLSProperties(const TLSProperties& props)
: object(),
m_data(vmime::create <TLSProperties_OpenSSL>())
{
*m_data.dynamicCast <TLSProperties_OpenSSL>() = *props.m_data.dynamicCast <TLSProperties_OpenSSL>();
}
void TLSProperties::setCipherSuite(const GenericCipherSuite cipherSuite)
{
switch (cipherSuite)
{
case CIPHERSUITE_HIGH:
setCipherSuite("HIGH");
break;
case CIPHERSUITE_MEDIUM:
setCipherSuite("MEDIUM");
break;
case CIPHERSUITE_LOW:
setCipherSuite("LOW");
break;
default:
case CIPHERSUITE_DEFAULT:
setCipherSuite("DEFAULT");
break;
}
}
void TLSProperties::setCipherSuite(const string& cipherSuite)
{
m_data.dynamicCast <TLSProperties_OpenSSL>()->cipherSuite = cipherSuite;
}
const string TLSProperties::getCipherSuite() const
{
return m_data.dynamicCast <TLSProperties_OpenSSL>()->cipherSuite;
}
TLSProperties_OpenSSL& TLSProperties_OpenSSL::operator=(const TLSProperties_OpenSSL& other)
{
cipherSuite = other.cipherSuite;
return *this;
}
} // tls
} // net
} // vmime
#endif // VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_TLS_SUPPORT && VMIME_TLS_SUPPORT_LIB_IS_OPENSSL

View File

@ -28,6 +28,7 @@
#include "vmime/net/tls/openssl/TLSSession_OpenSSL.hpp"
#include "vmime/net/tls/openssl/TLSProperties_OpenSSL.hpp"
#include "vmime/net/tls/openssl/OpenSSLInitializer.hpp"
#include "vmime/exception.hpp"
@ -45,19 +46,19 @@ static OpenSSLInitializer::autoInitializer openSSLInitializer;
// static
ref <TLSSession> TLSSession::create(ref <security::cert::certificateVerifier> cv)
ref <TLSSession> TLSSession::create(ref <security::cert::certificateVerifier> cv, ref <TLSProperties> props)
{
return vmime::create <TLSSession_OpenSSL>(cv);
return vmime::create <TLSSession_OpenSSL>(cv, props);
}
TLSSession_OpenSSL::TLSSession_OpenSSL(ref <vmime::security::cert::certificateVerifier> cv)
: m_sslctx(0), m_certVerifier(cv)
TLSSession_OpenSSL::TLSSession_OpenSSL(ref <vmime::security::cert::certificateVerifier> cv, ref <TLSProperties> props)
: m_sslctx(0), m_certVerifier(cv), m_props(props)
{
m_sslctx = SSL_CTX_new(SSLv23_client_method());
SSL_CTX_set_options(m_sslctx, SSL_OP_ALL | SSL_OP_NO_SSLv2);
SSL_CTX_set_mode(m_sslctx, SSL_MODE_AUTO_RETRY);
SSL_CTX_set_cipher_list(m_sslctx, "ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH");
SSL_CTX_set_cipher_list(m_sslctx, m_props->getCipherSuite().c_str());
SSL_CTX_set_session_cache_mode(m_sslctx, SSL_SESS_CACHE_OFF);
}

View File

@ -33,6 +33,8 @@
#include "vmime/security/authenticator.hpp"
#include "vmime/net/tls/TLSProperties.hpp"
#include "vmime/utility/url.hpp"
#include "vmime/propertySet.hpp"
@ -141,9 +143,23 @@ public:
*/
propertySet& getProperties();
/** Set properties for SSL/TLS secured connections in this session.
*
* @param tlsProps SSL/TLS properties
*/
void setTLSProperties(ref <tls::TLSProperties> tlsProps);
/** Get properties for SSL/TLS secured connections in this session.
*
* @return SSL/TLS properties
*/
ref <tls::TLSProperties> getTLSProperties() const;
private:
propertySet m_props;
ref <tls::TLSProperties> m_tlsProps;
};

View File

@ -0,0 +1,105 @@
//
// VMime library (http://www.vmime.org)
// Copyright (C) 2002-2013 Vincent Richard <vincent@vmime.org>
//
// This program is free software; you can redistribute it and/or
// modify it under the terms of the GNU General Public License as
// published by the Free Software Foundation; either version 3 of
// the License, or (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
// General Public License for more details.
//
// You should have received a copy of the GNU General Public License along
// with this program; if not, write to the Free Software Foundation, Inc.,
// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
//
// Linking this library statically or dynamically with other modules is making
// a combined work based on this library. Thus, the terms and conditions of
// the GNU General Public License cover the whole combination.
//
#ifndef VMIME_NET_TLS_TLSPROPERTIES_HPP_INCLUDED
#define VMIME_NET_TLS_TLSPROPERTIES_HPP_INCLUDED
#include "vmime/config.hpp"
#if VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_TLS_SUPPORT
#include "vmime/types.hpp"
namespace vmime {
namespace net {
namespace tls {
/** Holds options for a TLS session.
*/
class VMIME_EXPORT TLSProperties : public object
{
public:
TLSProperties();
TLSProperties(const TLSProperties&);
/** Predefined generic cipher suites (work with all TLS libraries). */
enum GenericCipherSuite
{
CIPHERSUITE_HIGH, /**< High encryption cipher suites (> 128 bits). */
CIPHERSUITE_MEDIUM, /**< Medium encryption cipher suites (>= 128 bits). */
CIPHERSUITE_LOW, /**< Low encryption cipher suites (>= 64 bits). */
CIPHERSUITE_DEFAULT /**< Default cipher suite. */
};
/** Sets the cipher suite preferences for a SSL/TLS session, using
* predefined, generic suites. This works with all underlying TLS
* libraries (OpenSSL and GNU TLS).
*
* @param cipherSuite predefined cipher suite
*/
void setCipherSuite(const GenericCipherSuite cipherSuite);
/** Sets the cipher suite preferences for a SSL/TLS session, using
* a character string. The format and meaning of the string depend
* on the underlying TLS library.
*
* For GNU TLS, read this:
* http://gnutls.org/manual/html_node/Priority-Strings.html
*
* For OpenSSL, read this:
* http://www.openssl.org/docs/apps/ciphers.html#CIPHER_STRINGS
*
* @param cipherSuite cipher suite as a string
*/
void setCipherSuite(const string& cipherSuite);
/** Returns the cipher suite preferences for a SSL/TLS session, as
* a character string. The format and meaning of the string depend
* on the underlying TLS library (see setCipherSuite() method).
*
* @return cipher suite string
*/
const string getCipherSuite() const;
private:
ref <object> m_data;
};
} // tls
} // net
} // vmime
#endif // VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_TLS_SUPPORT
#endif // VMIME_NET_TLS_TLSPROPERTIES_HPP_INCLUDED

View File

@ -34,6 +34,7 @@
#include "vmime/types.hpp"
#include "vmime/net/tls/TLSSocket.hpp"
#include "vmime/net/tls/TLSProperties.hpp"
#include "vmime/security/cert/certificateVerifier.hpp"
@ -53,9 +54,10 @@ public:
*
* @param cv object responsible for verifying certificates
* sent by the server
* @param props TLS properties for this session
* @return a new TLS session
*/
static ref <TLSSession> create(ref <security::cert::certificateVerifier> cv);
static ref <TLSSession> create(ref <security::cert::certificateVerifier> cv, ref <TLSProperties> props);
/** Create a new socket that adds a TLS security layer around
* an existing socket. You should create only one socket

View File

@ -0,0 +1,68 @@
//
// VMime library (http://www.vmime.org)
// Copyright (C) 2002-2013 Vincent Richard <vincent@vmime.org>
//
// This program is free software; you can redistribute it and/or
// modify it under the terms of the GNU General Public License as
// published by the Free Software Foundation; either version 3 of
// the License, or (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
// General Public License for more details.
//
// You should have received a copy of the GNU General Public License along
// with this program; if not, write to the Free Software Foundation, Inc.,
// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
//
// Linking this library statically or dynamically with other modules is making
// a combined work based on this library. Thus, the terms and conditions of
// the GNU General Public License cover the whole combination.
//
#ifndef VMIME_NET_TLS_TLSPROPERTIES_GNUTLS_HPP_INCLUDED
#define VMIME_NET_TLS_TLSPROPERTIES_GNUTLS_HPP_INCLUDED
#ifndef VMIME_BUILDING_DOC
#include "vmime/config.hpp"
#if VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_TLS_SUPPORT && VMIME_TLS_SUPPORT_LIB_IS_GNUTLS
#include "vmime/types.hpp"
#include "vmime/net/tls/TLSProperties.hpp"
namespace vmime {
namespace net {
namespace tls {
class TLSProperties_GnuTLS : public object
{
public:
TLSProperties_GnuTLS& operator=(const TLSProperties_GnuTLS& other);
string cipherSuite;
};
} // tls
} // net
} // vmime
#endif // VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_TLS_SUPPORT && VMIME_TLS_SUPPORT_LIB_IS_GNUTLS
#endif // VMIME_BUILDING_DOC
#endif // VMIME_NET_TLS_TLSPROPERTIES_GNUTLS_HPP_INCLUDED

View File

@ -38,6 +38,7 @@
#include "vmime/net/tls/TLSSession.hpp"
#include "vmime/net/tls/TLSSocket.hpp"
#include "vmime/net/tls/TLSProperties.hpp"
namespace vmime {
@ -51,7 +52,7 @@ class TLSSession_GnuTLS : public TLSSession
public:
TLSSession_GnuTLS(ref <security::cert::certificateVerifier> cv);
TLSSession_GnuTLS(ref <security::cert::certificateVerifier> cv, ref <TLSProperties> props);
~TLSSession_GnuTLS();
@ -73,6 +74,7 @@ private:
#endif // LIBGNUTLS_VERSION
ref <security::cert::certificateVerifier> m_certVerifier;
ref <TLSProperties> m_props;
};

View File

@ -0,0 +1,68 @@
//
// VMime library (http://www.vmime.org)
// Copyright (C) 2002-2013 Vincent Richard <vincent@vmime.org>
//
// This program is free software; you can redistribute it and/or
// modify it under the terms of the GNU General Public License as
// published by the Free Software Foundation; either version 3 of
// the License, or (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
// General Public License for more details.
//
// You should have received a copy of the GNU General Public License along
// with this program; if not, write to the Free Software Foundation, Inc.,
// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
//
// Linking this library statically or dynamically with other modules is making
// a combined work based on this library. Thus, the terms and conditions of
// the GNU General Public License cover the whole combination.
//
#ifndef VMIME_NET_TLS_TLSPROPERTIES_OPENSSL_HPP_INCLUDED
#define VMIME_NET_TLS_TLSPROPERTIES_OPENSSL_HPP_INCLUDED
#ifndef VMIME_BUILDING_DOC
#include "vmime/config.hpp"
#if VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_TLS_SUPPORT && VMIME_TLS_SUPPORT_LIB_IS_OPENSSL
#include "vmime/types.hpp"
#include "vmime/net/tls/TLSProperties.hpp"
namespace vmime {
namespace net {
namespace tls {
class TLSProperties_OpenSSL : public object
{
public:
TLSProperties_OpenSSL& operator=(const TLSProperties_OpenSSL& other);
string cipherSuite;
};
} // tls
} // net
} // vmime
#endif // VMIME_HAVE_MESSAGING_FEATURES && VMIME_HAVE_TLS_SUPPORT && VMIME_TLS_SUPPORT_LIB_IS_OPENSSL
#endif // VMIME_BUILDING_DOC
#endif // VMIME_NET_TLS_TLSPROPERTIES_OPENSSL_HPP_INCLUDED

View File

@ -38,6 +38,7 @@
#include "vmime/net/tls/TLSSession.hpp"
#include "vmime/net/tls/TLSSocket.hpp"
#include "vmime/net/tls/TLSProperties.hpp"
#include <openssl/ssl.h>
@ -54,7 +55,7 @@ class TLSSession_OpenSSL : public TLSSession
public:
TLSSession_OpenSSL(const ref <security::cert::certificateVerifier> cv);
TLSSession_OpenSSL(const ref <security::cert::certificateVerifier> cv, ref <TLSProperties> props);
~TLSSession_OpenSSL();
@ -90,6 +91,7 @@ private:
SSL_CTX* m_sslctx;
ref <security::cert::certificateVerifier> m_certVerifier;
ref <TLSProperties> m_props;
};