2 * Copyright 2016 Facebook, Inc.
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
21 #include <folly/Optional.h>
22 #include <folly/String.h>
23 #include <folly/io/async/AsyncSocket.h>
24 #include <folly/io/async/AsyncTimeout.h>
25 #include <folly/io/async/SSLContext.h>
26 #include <folly/io/async/TimeoutManager.h>
27 #include <folly/io/async/ssl/OpenSSLPtrTypes.h>
28 #include <folly/io/async/ssl/OpenSSLUtils.h>
29 #include <folly/io/async/ssl/SSLErrors.h>
30 #include <folly/io/async/ssl/TLSDefinitions.h>
32 #include <folly/Bits.h>
33 #include <folly/io/IOBuf.h>
34 #include <folly/io/Cursor.h>
35 #include <folly/portability/Sockets.h>
40 * A class for performing asynchronous I/O on an SSL connection.
42 * AsyncSSLSocket allows users to asynchronously wait for data on an
43 * SSL connection, and to asynchronously send data.
45 * The APIs for reading and writing are intentionally asymmetric.
46 * Waiting for data to read is a persistent API: a callback is
47 * installed, and is notified whenever new data is available. It
48 * continues to be notified of new events until it is uninstalled.
50 * AsyncSSLSocket does not provide read timeout functionality,
51 * because it typically cannot determine when the timeout should be
52 * active. Generally, a timeout should only be enabled when
53 * processing is blocked waiting on data from the remote endpoint.
54 * For server connections, the timeout should not be active if the
55 * server is currently processing one or more outstanding requests for
56 * this connection. For client connections, the timeout should not be
57 * active if there are no requests pending on the connection.
58 * Additionally, if a client has multiple pending requests, it will
59 * ususally want a separate timeout for each request, rather than a
60 * single read timeout.
62 * The write API is fairly intuitive: a user can request to send a
63 * block of data, and a callback will be informed once the entire
64 * block has been transferred to the kernel, or on error.
65 * AsyncSSLSocket does provide a send timeout, since most callers
66 * want to give up if the remote end stops responding and no further
67 * progress can be made sending the data.
69 class AsyncSSLSocket : public virtual AsyncSocket {
71 typedef std::unique_ptr<AsyncSSLSocket, Destructor> UniquePtr;
72 using X509_deleter = folly::static_function_deleter<X509, &X509_free>;
76 virtual ~HandshakeCB() = default;
79 * handshakeVer() is invoked during handshaking to give the
80 * application chance to validate it's peer's certificate.
82 * Note that OpenSSL performs only rudimentary internal
83 * consistency verification checks by itself. Any other validation
84 * like whether or not the certificate was issued by a trusted CA.
85 * The default implementation of this callback mimics what what
86 * OpenSSL does internally if SSL_VERIFY_PEER is set with no
87 * verification callback.
89 * See the passages on verify_callback in SSL_CTX_set_verify(3)
92 virtual bool handshakeVer(AsyncSSLSocket* /*sock*/,
94 X509_STORE_CTX* /*ctx*/) noexcept {
99 * handshakeSuc() is called when a new SSL connection is
100 * established, i.e., after SSL_accept/connect() returns successfully.
102 * The HandshakeCB will be uninstalled before handshakeSuc()
105 * @param sock SSL socket on which the handshake was initiated
107 virtual void handshakeSuc(AsyncSSLSocket *sock) noexcept = 0;
110 * handshakeErr() is called if an error occurs while
111 * establishing the SSL connection.
113 * The HandshakeCB will be uninstalled before handshakeErr()
116 * @param sock SSL socket on which the handshake was initiated
117 * @param ex An exception representing the error.
119 virtual void handshakeErr(
120 AsyncSSLSocket *sock,
121 const AsyncSocketException& ex)
125 class HandshakeTimeout : public AsyncTimeout {
127 HandshakeTimeout(AsyncSSLSocket* sslSocket, EventBase* eventBase)
128 : AsyncTimeout(eventBase)
129 , sslSocket_(sslSocket) {}
131 virtual void timeoutExpired() noexcept {
132 sslSocket_->timeoutExpired();
136 AsyncSSLSocket* sslSocket_;
140 * Create a client AsyncSSLSocket
142 AsyncSSLSocket(const std::shared_ptr<folly::SSLContext> &ctx,
143 EventBase* evb, bool deferSecurityNegotiation = false);
146 * Create a server/client AsyncSSLSocket from an already connected
147 * socket file descriptor.
149 * Note that while AsyncSSLSocket enables TCP_NODELAY for sockets it creates
150 * when connecting, it does not change the socket options when given an
151 * existing file descriptor. If callers want TCP_NODELAY enabled when using
152 * this version of the constructor, they need to explicitly call
153 * setNoDelay(true) after the constructor returns.
155 * @param ctx SSL context for this connection.
156 * @param evb EventBase that will manage this socket.
157 * @param fd File descriptor to take over (should be a connected socket).
158 * @param server Is socket in server mode?
159 * @param deferSecurityNegotiation
160 * unencrypted data can be sent before sslConn/Accept
162 AsyncSSLSocket(const std::shared_ptr<folly::SSLContext>& ctx,
163 EventBase* evb, int fd,
164 bool server = true, bool deferSecurityNegotiation = false);
168 * Helper function to create a server/client shared_ptr<AsyncSSLSocket>.
170 static std::shared_ptr<AsyncSSLSocket> newSocket(
171 const std::shared_ptr<folly::SSLContext>& ctx,
172 EventBase* evb, int fd, bool server=true,
173 bool deferSecurityNegotiation = false) {
174 return std::shared_ptr<AsyncSSLSocket>(
175 new AsyncSSLSocket(ctx, evb, fd, server, deferSecurityNegotiation),
180 * Helper function to create a client shared_ptr<AsyncSSLSocket>.
182 static std::shared_ptr<AsyncSSLSocket> newSocket(
183 const std::shared_ptr<folly::SSLContext>& ctx,
184 EventBase* evb, bool deferSecurityNegotiation = false) {
185 return std::shared_ptr<AsyncSSLSocket>(
186 new AsyncSSLSocket(ctx, evb, deferSecurityNegotiation),
191 #if OPENSSL_VERSION_NUMBER >= 0x1000105fL && !defined(OPENSSL_NO_TLSEXT)
193 * Create a client AsyncSSLSocket with tlsext_servername in
194 * the Client Hello message.
196 AsyncSSLSocket(const std::shared_ptr<folly::SSLContext> &ctx,
198 const std::string& serverName,
199 bool deferSecurityNegotiation = false);
202 * Create a client AsyncSSLSocket from an already connected
203 * socket file descriptor.
205 * Note that while AsyncSSLSocket enables TCP_NODELAY for sockets it creates
206 * when connecting, it does not change the socket options when given an
207 * existing file descriptor. If callers want TCP_NODELAY enabled when using
208 * this version of the constructor, they need to explicitly call
209 * setNoDelay(true) after the constructor returns.
211 * @param ctx SSL context for this connection.
212 * @param evb EventBase that will manage this socket.
213 * @param fd File descriptor to take over (should be a connected socket).
214 * @param serverName tlsext_hostname that will be sent in ClientHello.
216 AsyncSSLSocket(const std::shared_ptr<folly::SSLContext>& ctx,
219 const std::string& serverName,
220 bool deferSecurityNegotiation = false);
222 static std::shared_ptr<AsyncSSLSocket> newSocket(
223 const std::shared_ptr<folly::SSLContext>& ctx,
225 const std::string& serverName,
226 bool deferSecurityNegotiation = false) {
227 return std::shared_ptr<AsyncSSLSocket>(
228 new AsyncSSLSocket(ctx, evb, serverName, deferSecurityNegotiation),
234 * TODO: implement support for SSL renegotiation.
236 * This involves proper handling of the SSL_ERROR_WANT_READ/WRITE
237 * code as a result of SSL_write/read(), instead of returning an
238 * error. In that case, the READ/WRITE event should be registered,
239 * and a flag (e.g., writeBlockedOnRead) should be set to indiciate
240 * the condition. In the next invocation of read/write callback, if
241 * the flag is on, performWrite()/performRead() should be called in
242 * addition to the normal call to performRead()/performWrite(), and
243 * the flag should be reset.
246 // Inherit TAsyncTransport methods from AsyncSocket except the
248 // See the documentation in TAsyncTransport.h
249 // TODO: implement graceful shutdown in close()
250 // TODO: implement detachSSL() that returns the SSL connection
251 virtual void closeNow() override;
252 virtual void shutdownWrite() override;
253 virtual void shutdownWriteNow() override;
254 virtual bool good() const override;
255 virtual bool connecting() const override;
256 virtual std::string getApplicationProtocol() noexcept override;
258 virtual std::string getSecurityProtocol() const override { return "TLS"; }
260 bool isEorTrackingEnabled() const override;
261 virtual void setEorTracking(bool track) override;
262 virtual size_t getRawBytesWritten() const override;
263 virtual size_t getRawBytesReceived() const override;
264 void enableClientHelloParsing();
267 * Accept an SSL connection on the socket.
269 * The callback will be invoked and uninstalled when an SSL
270 * connection has been established on the underlying socket.
271 * The value of verifyPeer determines the client verification method.
272 * By default, its set to use the value in the underlying context
274 * @param callback callback object to invoke on success/failure
275 * @param timeout timeout for this function in milliseconds, or 0 for no
277 * @param verifyPeer SSLVerifyPeerEnum uses the options specified in the
278 * context by default, can be set explcitly to override the
279 * method in the context
281 virtual void sslAccept(HandshakeCB* callback, uint32_t timeout = 0,
282 const folly::SSLContext::SSLVerifyPeerEnum& verifyPeer =
283 folly::SSLContext::SSLVerifyPeerEnum::USE_CTX);
286 * Invoke SSL accept following an asynchronous session cache lookup
288 void restartSSLAccept();
291 * Connect to the given address, invoking callback when complete or on error
293 * Note timeout applies to TCP + SSL connection time
295 void connect(ConnectCallback* callback,
296 const folly::SocketAddress& address,
298 const OptionMap &options = emptyOptionMap,
299 const folly::SocketAddress& bindAddr = anyAddress())
302 using AsyncSocket::connect;
305 * Initiate an SSL connection on the socket
306 * The callback will be invoked and uninstalled when an SSL connection
307 * has been establshed on the underlying socket.
308 * The verification option verifyPeer is applied if it's passed explicitly.
309 * If it's not, the options in SSLContext set on the underlying SSLContext
312 * @param callback callback object to invoke on success/failure
313 * @param timeout timeout for this function in milliseconds, or 0 for no
315 * @param verifyPeer SSLVerifyPeerEnum uses the options specified in the
316 * context by default, can be set explcitly to override the
317 * method in the context. If verification is turned on sets
318 * SSL_VERIFY_PEER and invokes
319 * HandshakeCB::handshakeVer().
321 virtual void sslConn(HandshakeCB *callback, uint64_t timeout = 0,
322 const folly::SSLContext::SSLVerifyPeerEnum& verifyPeer =
323 folly::SSLContext::SSLVerifyPeerEnum::USE_CTX);
333 STATE_REMOTE_CLOSED, /// remote end closed; we can still write
334 STATE_CLOSING, ///< close() called, but waiting on writes to complete
335 /// close() called with pending writes, before connect() has completed
336 STATE_CONNECTING_CLOSING,
341 SSLStateEnum getSSLState() const { return sslState_;}
344 * Get a handle to the negotiated SSL session. This increments the session
345 * refcount and must be deallocated by the caller.
347 SSL_SESSION *getSSLSession();
350 * Get a handle to the SSL struct.
352 const SSL* getSSL() const;
355 * Set the SSL session to be used during sslConn. AsyncSSLSocket will
356 * hold a reference to the session until it is destroyed or released by the
357 * underlying SSL structure.
359 * @param takeOwnership if true, AsyncSSLSocket will assume the caller's
360 * reference count to session.
362 void setSSLSession(SSL_SESSION *session, bool takeOwnership = false);
365 * Get the name of the protocol selected by the client during
366 * Next Protocol Negotiation (NPN) or Application Layer Protocol Negotiation
369 * Throw an exception if openssl does not support NPN
371 * @param protoName Name of the protocol (not guaranteed to be
372 * null terminated); will be set to nullptr if
373 * the client did not negotiate a protocol.
374 * Note: the AsyncSSLSocket retains ownership
376 * @param protoNameLen Length of the name.
377 * @param protoType Whether this was an NPN or ALPN negotiation
379 virtual void getSelectedNextProtocol(
380 const unsigned char** protoName,
382 SSLContext::NextProtocolType* protoType = nullptr) const;
385 * Get the name of the protocol selected by the client during
386 * Next Protocol Negotiation (NPN) or Application Layer Protocol Negotiation
389 * @param protoName Name of the protocol (not guaranteed to be
390 * null terminated); will be set to nullptr if
391 * the client did not negotiate a protocol.
392 * Note: the AsyncSSLSocket retains ownership
394 * @param protoNameLen Length of the name.
395 * @param protoType Whether this was an NPN or ALPN negotiation
396 * @return false if openssl does not support NPN
398 virtual bool getSelectedNextProtocolNoThrow(
399 const unsigned char** protoName,
401 SSLContext::NextProtocolType* protoType = nullptr) const;
404 * Determine if the session specified during setSSLSession was reused
405 * or if the server rejected it and issued a new session.
407 virtual bool getSSLSessionReused() const;
410 * true if the session was resumed using session ID
412 bool sessionIDResumed() const { return sessionIDResumed_; }
414 void setSessionIDResumed(bool resumed) {
415 sessionIDResumed_ = resumed;
419 * Get the negociated cipher name for this SSL connection.
420 * Returns the cipher used or the constant value "NONE" when no SSL session
421 * has been established.
423 virtual const char* getNegotiatedCipherName() const;
426 * Get the server name for this SSL connection.
427 * Returns the server name used or the constant value "NONE" when no SSL
428 * session has been established.
429 * If openssl has no SNI support, throw TTransportException.
431 const char *getSSLServerName() const;
434 * Get the server name for this SSL connection.
435 * Returns the server name used or the constant value "NONE" when no SSL
436 * session has been established.
437 * If openssl has no SNI support, return "NONE"
439 const char *getSSLServerNameNoThrow() const;
442 * Get the SSL version for this connection.
443 * Possible return values are SSL2_VERSION, SSL3_VERSION, TLS1_VERSION,
444 * with hexa representations 0x200, 0x300, 0x301,
445 * or 0 if no SSL session has been established.
447 int getSSLVersion() const;
450 * Get the signature algorithm used in the cert that is used for this
453 const char *getSSLCertSigAlgName() const;
456 * Get the certificate size used for this SSL connection.
458 int getSSLCertSize() const;
461 * Get the certificate used for this SSL connection. May be null
463 virtual const X509* getSelfCert() const override;
465 virtual void attachEventBase(EventBase* eventBase) override {
466 AsyncSocket::attachEventBase(eventBase);
467 handshakeTimeout_.attachEventBase(eventBase);
470 virtual void detachEventBase() override {
471 AsyncSocket::detachEventBase();
472 handshakeTimeout_.detachEventBase();
475 virtual bool isDetachable() const override {
476 return AsyncSocket::isDetachable() && !handshakeTimeout_.isScheduled();
479 virtual void attachTimeoutManager(TimeoutManager* manager) {
480 handshakeTimeout_.attachTimeoutManager(manager);
483 virtual void detachTimeoutManager() {
484 handshakeTimeout_.detachTimeoutManager();
487 #if OPENSSL_VERSION_NUMBER >= 0x009080bfL
489 * This function will set the SSL context for this socket to the
490 * argument. This should only be used on client SSL Sockets that have
491 * already called detachSSLContext();
493 void attachSSLContext(const std::shared_ptr<folly::SSLContext>& ctx);
496 * Detaches the SSL context for this socket.
498 void detachSSLContext();
501 #if OPENSSL_VERSION_NUMBER >= 0x1000105fL && !defined(OPENSSL_NO_TLSEXT)
503 * Switch the SSLContext to continue the SSL handshake.
504 * It can only be used in server mode.
506 void switchServerSSLContext(
507 const std::shared_ptr<folly::SSLContext>& handshakeCtx);
510 * Did server recognize/support the tlsext_hostname in Client Hello?
511 * It can only be used in client mode.
513 * @return true - tlsext_hostname is matched by the server
514 * false - tlsext_hostname is not matched or
515 * is not supported by server
517 bool isServerNameMatch() const;
520 * Set the SNI hostname that we'll advertise to the server in the
521 * ClientHello message.
523 void setServerName(std::string serverName) noexcept;
526 void timeoutExpired() noexcept;
529 * Get the list of supported ciphers sent by the client in the client's
532 void getSSLClientCiphers(
533 std::string& clientCiphers,
534 bool convertToString = true) const {
535 std::stringstream ciphersStream;
536 std::string cipherName;
538 if (parseClientHello_ == false
539 || clientHelloInfo_->clientHelloCipherSuites_.empty()) {
544 for (auto originalCipherCode : clientHelloInfo_->clientHelloCipherSuites_)
546 const SSL_CIPHER* cipher = nullptr;
547 if (convertToString) {
548 // OpenSSL expects code as a big endian char array
549 auto cipherCode = htons(originalCipherCode);
551 #if defined(SSL_OP_NO_TLSv1_2)
553 TLSv1_2_method()->get_cipher_by_char((unsigned char*)&cipherCode);
554 #elif defined(SSL_OP_NO_TLSv1_1)
556 TLSv1_1_method()->get_cipher_by_char((unsigned char*)&cipherCode);
557 #elif defined(SSL_OP_NO_TLSv1)
559 TLSv1_method()->get_cipher_by_char((unsigned char*)&cipherCode);
562 SSLv3_method()->get_cipher_by_char((unsigned char*)&cipherCode);
566 if (cipher == nullptr) {
567 ciphersStream << std::setfill('0') << std::setw(4) << std::hex
568 << originalCipherCode << ":";
570 ciphersStream << SSL_CIPHER_get_name(cipher) << ":";
574 clientCiphers = ciphersStream.str();
575 clientCiphers.erase(clientCiphers.end() - 1);
579 * Get the list of compression methods sent by the client in TLS Hello.
581 std::string getSSLClientComprMethods() const {
582 if (!parseClientHello_) {
585 return folly::join(":", clientHelloInfo_->clientHelloCompressionMethods_);
589 * Get the list of TLS extensions sent by the client in the TLS Hello.
591 std::string getSSLClientExts() const {
592 if (!parseClientHello_) {
595 return folly::join(":", clientHelloInfo_->clientHelloExtensions_);
598 std::string getSSLClientSigAlgs() const {
599 if (!parseClientHello_) {
604 sigAlgs.reserve(clientHelloInfo_->clientHelloSigAlgs_.size() * 4);
605 for (size_t i = 0; i < clientHelloInfo_->clientHelloSigAlgs_.size(); i++) {
607 sigAlgs.push_back(':');
609 sigAlgs.append(folly::to<std::string>(
610 clientHelloInfo_->clientHelloSigAlgs_[i].first));
611 sigAlgs.push_back(',');
612 sigAlgs.append(folly::to<std::string>(
613 clientHelloInfo_->clientHelloSigAlgs_[i].second));
619 std::string getSSLAlertsReceived() const {
622 for (const auto& alert : alertsReceived_) {
626 ret.append(folly::to<std::string>(alert.first, ": ", alert.second));
633 * Get the list of shared ciphers between the server and the client.
634 * Works well for only SSLv2, not so good for SSLv3 or TLSv1.
636 void getSSLSharedCiphers(std::string& sharedCiphers) const {
637 char ciphersBuffer[1024];
638 ciphersBuffer[0] = '\0';
639 SSL_get_shared_ciphers(ssl_, ciphersBuffer, sizeof(ciphersBuffer) - 1);
640 sharedCiphers = ciphersBuffer;
644 * Get the list of ciphers supported by the server in the server's
647 void getSSLServerCiphers(std::string& serverCiphers) const {
648 serverCiphers = SSL_get_cipher_list(ssl_, 0);
651 while ((cipher = SSL_get_cipher_list(ssl_, i)) != nullptr) {
652 serverCiphers.append(":");
653 serverCiphers.append(cipher);
658 static int getSSLExDataIndex();
659 static AsyncSSLSocket* getFromSSL(const SSL *ssl);
660 static int bioWrite(BIO* b, const char* in, int inl);
661 void resetClientHelloParsing(SSL *ssl);
662 static void clientHelloParsingCallback(int write_p, int version,
663 int content_type, const void *buf, size_t len, SSL *ssl, void *arg);
664 static const char* getSSLServerNameFromSSL(SSL* ssl);
667 ssl::ClientHelloInfo* getClientHelloInfo() const {
668 return clientHelloInfo_.get();
672 * Returns the time taken to complete a handshake.
674 virtual std::chrono::nanoseconds getHandshakeTime() const {
675 return handshakeEndTime_ - handshakeStartTime_;
678 void setMinWriteSize(size_t minWriteSize) {
679 minWriteSize_ = minWriteSize;
682 size_t getMinWriteSize() const {
683 return minWriteSize_;
686 void setReadCB(ReadCallback* callback) override;
689 * Tries to enable the buffer movable experimental feature in openssl.
690 * This is not guaranteed to succeed in case openssl does not have
691 * the experimental feature built in.
693 void setBufferMovableEnabled(bool enabled);
696 * Returns the peer certificate, or nullptr if no peer certificate received.
698 virtual ssl::X509UniquePtr getPeerCert() const override {
703 X509* cert = SSL_get_peer_certificate(ssl_);
704 return ssl::X509UniquePtr(cert);
708 * Force AsyncSSLSocket object to cache local and peer socket addresses.
709 * If called with "true" before connect() this function forces full local
710 * and remote socket addresses to be cached in the socket object and available
711 * through getLocalAddress()/getPeerAddress() methods even after the socket is
714 void forceCacheAddrOnFailure(bool force) { cacheAddrOnFailure_ = force; }
716 const std::string& getServiceIdentity() const { return serviceIdentity_; }
718 void setServiceIdentity(std::string serviceIdentity) {
719 serviceIdentity_ = std::move(serviceIdentity);
722 void setCertCacheHit(bool hit) {
726 bool getCertCacheHit() const {
727 return certCacheHit_;
737 * Protected destructor.
739 * Users of AsyncSSLSocket must never delete it directly. Instead, invoke
740 * destroy() instead. (See the documentation in DelayedDestruction.h for
745 // Inherit event notification methods from AsyncSocket except
747 void prepareReadBuffer(void** buf, size_t* buflen) noexcept override;
748 void handleRead() noexcept override;
749 void handleWrite() noexcept override;
750 void handleAccept() noexcept;
751 void handleConnect() noexcept override;
753 void invalidState(HandshakeCB* callback);
754 bool willBlock(int ret,
756 unsigned long* errErrorOut) noexcept;
758 virtual void checkForImmediateRead() noexcept override;
759 // AsyncSocket calls this at the wrong time for SSL
760 void handleInitialReadWrite() noexcept override {}
762 WriteResult interpretSSLError(int rc, int error);
763 ReadResult performRead(void** buf, size_t* buflen, size_t* offset) override;
764 WriteResult performWrite(
768 uint32_t* countWritten,
769 uint32_t* partialWritten) override;
771 ssize_t performWriteIovec(const iovec* vec, uint32_t count,
772 WriteFlags flags, uint32_t* countWritten,
773 uint32_t* partialWritten);
775 // This virtual wrapper around SSL_write exists solely for testing/mockability
776 virtual int sslWriteImpl(SSL *ssl, const void *buf, int n) {
777 return SSL_write(ssl, buf, n);
781 * Apply verification options passed to sslConn/sslAccept or those set
782 * in the underlying SSLContext object.
784 * @param ssl pointer to the SSL object on which verification options will be
785 * applied. If verifyPeer_ was explicitly set either via sslConn/sslAccept,
786 * those options override the settings in the underlying SSLContext.
788 void applyVerificationOptions(SSL * ssl);
791 * Sets up SSL with a custom write bio which intercepts all writes.
793 * @return true, if succeeds and false if there is an error creating the bio.
798 * A SSL_write wrapper that understand EOR
800 * @param ssl: SSL* object
801 * @param buf: Buffer to be written
802 * @param n: Number of bytes to be written
803 * @param eor: Does the last byte (buf[n-1]) have the app-last-byte?
804 * @return: The number of app bytes successfully written to the socket
806 int eorAwareSSLWrite(SSL *ssl, const void *buf, int n, bool eor);
808 // Inherit error handling methods from AsyncSocket, plus the following.
809 void failHandshake(const char* fn, const AsyncSocketException& ex);
811 void invokeHandshakeErr(const AsyncSocketException& ex);
812 void invokeHandshakeCB();
814 void invokeConnectSuccess() override;
816 void cacheLocalPeerAddr();
818 static void sslInfoCallback(const SSL *ssl, int type, int val);
820 // Whether we've applied the TCP_CORK option to the socket
822 // SSL related members.
824 // Used to prevent client-initiated renegotiation. Note that AsyncSSLSocket
825 // doesn't fully support renegotiation, so we could just fail all attempts
826 // to enforce this. Once it is supported, we should make it an option
827 // to disable client-initiated renegotiation.
828 bool handshakeComplete_{false};
829 bool renegotiateAttempted_{false};
830 SSLStateEnum sslState_{STATE_UNINIT};
831 std::shared_ptr<folly::SSLContext> ctx_;
832 // Callback for SSL_accept() or SSL_connect()
833 HandshakeCB* handshakeCallback_{nullptr};
835 SSL_SESSION *sslSession_{nullptr};
836 HandshakeTimeout handshakeTimeout_;
837 // whether the SSL session was resumed using session ID or not
838 bool sessionIDResumed_{false};
840 // Whether to track EOR or not.
841 bool trackEor_{false};
843 // The app byte num that we are tracking for the MSG_EOR
844 // Only one app EOR byte can be tracked.
845 size_t appEorByteNo_{0};
847 // Try to avoid calling SSL_write() for buffers smaller than this.
848 // It doesn't take effect when it is 0.
849 size_t minWriteSize_{1500};
851 // When openssl is about to sendmsg() across the minEorRawBytesNo_,
852 // it will pass MSG_EOR to sendmsg().
853 size_t minEorRawByteNo_{0};
854 #if OPENSSL_VERSION_NUMBER >= 0x1000105fL && !defined(OPENSSL_NO_TLSEXT)
855 std::shared_ptr<folly::SSLContext> handshakeCtx_;
856 std::string tlsextHostname_;
859 // a service identity that this socket/connection is associated with
860 std::string serviceIdentity_;
862 folly::SSLContext::SSLVerifyPeerEnum
863 verifyPeer_{folly::SSLContext::SSLVerifyPeerEnum::USE_CTX};
865 // Callback for SSL_CTX_set_verify()
866 static int sslVerifyCallback(int preverifyOk, X509_STORE_CTX* ctx);
868 bool parseClientHello_{false};
869 bool cacheAddrOnFailure_{false};
870 bool bufferMovableEnabled_{false};
871 bool certCacheHit_{false};
872 std::unique_ptr<ssl::ClientHelloInfo> clientHelloInfo_;
873 std::vector<std::pair<char, StringPiece>> alertsReceived_;
875 // Time taken to complete the ssl handshake.
876 std::chrono::steady_clock::time_point handshakeStartTime_;
877 std::chrono::steady_clock::time_point handshakeEndTime_;