2 * Copyright (c) 2015, Facebook, Inc.
5 * This source code is licensed under the BSD-style license found in the
6 * LICENSE file in the root directory of this source tree. An additional grant
7 * of patent rights can be found in the PATENTS file in the same directory.
12 #include <folly/String.h>
14 #include <folly/io/async/AsyncSSLSocket.h>
19 * SSL session establish/resume status
21 * changing these values will break logging pipelines
23 enum class SSLResumeEnum : uint8_t {
25 RESUME_SESSION_ID = 1,
30 enum class SSLErrorEnum {
38 static std::mutex sIndexLock_;
42 * Ensures only one caller will allocate an ex_data index for a given static
45 static void getSSLCtxExIndex(int* pindex) {
46 std::lock_guard<std::mutex> g(sIndexLock_);
48 *pindex = SSL_CTX_get_ex_new_index(0, nullptr, nullptr, nullptr, nullptr);
52 static void getRSAExIndex(int* pindex) {
53 std::lock_guard<std::mutex> g(sIndexLock_);
55 *pindex = RSA_get_ex_new_index(0, nullptr, nullptr, nullptr, nullptr);
59 static inline std::string hexlify(const std::string& binary) {
61 folly::hexlify<std::string, std::string>(binary, hex);
66 static inline const std::string& hexlify(const std::string& binary,
68 folly::hexlify<std::string, std::string>(binary, hex);
74 * Return the SSL resume type for the given socket.
76 static inline SSLResumeEnum getResumeState(
77 AsyncSSLSocket* sslSocket) {
78 return sslSocket->getSSLSessionReused() ?
79 (sslSocket->sessionIDResumed() ?
80 SSLResumeEnum::RESUME_SESSION_ID :
81 SSLResumeEnum::RESUME_TICKET) :
82 SSLResumeEnum::HANDSHAKE;
86 * Get the Common Name from an X.509 certificate
87 * @param cert certificate to inspect
88 * @return common name, or null if an error occurs
90 static std::unique_ptr<std::string> getCommonName(const X509* cert);
93 * Get the Subject Alternative Name value(s) from an X.509 certificate
94 * @param cert certificate to inspect
95 * @return set of zero or more alternative names, or null if
98 static std::unique_ptr<std::list<std::string>> getSubjectAltName(