From 641cb063bc71acc7f29d25b12c8713a8beb2018c Mon Sep 17 00:00:00 2001 From: Mattes D Date: Mon, 22 Aug 2016 19:53:34 +0200 Subject: cTCPLink supports TLS out of the box. --- src/OSSupport/Network.h | 33 +++++++++++++++++++++++++++++++++ 1 file changed, 33 insertions(+) (limited to 'src/OSSupport/Network.h') diff --git a/src/OSSupport/Network.h b/src/OSSupport/Network.h index 1162d7fc6..78c5e92f0 100644 --- a/src/OSSupport/Network.h +++ b/src/OSSupport/Network.h @@ -20,6 +20,11 @@ typedef std::vector cTCPLinkPtrs; class cServerHandle; typedef SharedPtr cServerHandlePtr; typedef std::vector cServerHandlePtrs; +class cCryptoKey; +typedef SharedPtr cCryptoKeyPtr; +class cX509Cert; +typedef SharedPtr cX509CertPtr; + @@ -49,6 +54,10 @@ public: Sending data on the link is not an error, but the data won't be delivered. */ virtual void OnRemoteClosed(void) = 0; + /** Called when the TLS handshake has been completed and communication can continue regularly. + Has an empty default implementation, so that link callback descendants don't need to specify TLS handlers when they don't use TLS at all. */ + virtual void OnTlsHandshakeCompleted(void) {} + /** Called when an error is detected on the connection. */ virtual void OnError(int a_ErrorCode, const AString & a_ErrorMsg) = 0; }; @@ -90,6 +99,30 @@ public: Sends the RST packet, queued outgoing and incoming data is lost. */ virtual void Close(void) = 0; + /** Starts a TLS handshake as a client connection. + If a client certificate should be used for the connection, set the certificate into a_OwnCertData and + its corresponding private key to a_OwnPrivKeyData. If both are empty, no client cert is presented. + a_OwnPrivKeyPassword is the password to be used for decoding PrivKey, empty if not passworded. + Returns empty string on success, non-empty error description on failure. */ + virtual AString StartTLSClient( + cX509CertPtr a_OwnCert, + cCryptoKeyPtr a_OwnPrivKey + ) = 0; + + /** Starts a TLS handshake as a server connection. + Set the server certificate into a_CertData and its corresponding private key to a_OwnPrivKeyData. + a_OwnPrivKeyPassword is the password to be used for decoding PrivKey, empty if not passworded. + a_StartTLSData is any data that should be pushed into the TLS before reading more data from the remote. + This is used mainly for protocols starting TLS in the middle of communication, when the TLS start command + can be received together with the TLS Client Hello message in one OnReceivedData() call, to re-queue the + Client Hello message into the TLS handshake buffer. + Returns empty string on success, non-empty error description on failure. */ + virtual AString StartTLSServer( + cX509CertPtr a_OwnCert, + cCryptoKeyPtr a_OwnPrivKey, + const AString & a_StartTLSData + ) = 0; + /** Returns the callbacks that are used. */ cCallbacksPtr GetCallbacks(void) const { return m_Callbacks; } -- cgit v1.2.3