#include <folly/Optional.h>
#include <folly/String.h>
#include <folly/io/async/AsyncSocket.h>
-#include <folly/io/async/SSLContext.h>
#include <folly/io/async/AsyncTimeout.h>
-#include <folly/io/async/OpenSSLPtrTypes.h>
+#include <folly/io/async/SSLContext.h>
#include <folly/io/async/TimeoutManager.h>
+#include <folly/io/async/ssl/OpenSSLPtrTypes.h>
+#include <folly/io/async/ssl/OpenSSLUtils.h>
+#include <folly/io/async/ssl/TLSDefinitions.h>
#include <folly/Bits.h>
#include <folly/io/IOBuf.h>
int content_type, const void *buf, size_t len, SSL *ssl, void *arg);
static const char* getSSLServerNameFromSSL(SSL* ssl);
- // http://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml
- enum class TLSExtension: uint16_t {
- SERVER_NAME = 0,
- MAX_FRAGMENT_LENGTH = 1,
- CLIENT_CERTIFICATE_URL = 2,
- TRUSTED_CA_KEYS = 3,
- TRUNCATED_HMAC = 4,
- STATUS_REQUEST = 5,
- USER_MAPPING = 6,
- CLIENT_AUTHZ = 7,
- SERVER_AUTHZ = 8,
- CERT_TYPE = 9,
- SUPPORTED_GROUPS = 10,
- EC_POINT_FORMATS = 11,
- SRP = 12,
- SIGNATURE_ALGORITHMS = 13,
- USE_SRTP = 14,
- HEARTBEAT = 15,
- APPLICATION_LAYER_PROTOCOL_NEGOTIATION = 16,
- STATUS_REQUEST_V2 = 17,
- SIGNED_CERTIFICATE_TIMESTAMP = 18,
- CLIENT_CERTIFICATE_TYPE = 19,
- SERVER_CERTIFICATE_TYPE = 20,
- PADDING = 21,
- ENCRYPT_THEN_MAC = 22,
- EXTENDED_MASTER_SECRET = 23,
- SESSION_TICKET = 35,
- RENEGOTIATION_INFO = 65281
- };
-
- // http://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-18
- enum class HashAlgorithm: uint8_t {
- NONE = 0,
- MD5 = 1,
- SHA1 = 2,
- SHA224 = 3,
- SHA256 = 4,
- SHA384 = 5,
- SHA512 = 6
- };
-
- // http://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-16
- enum class SignatureAlgorithm: uint8_t {
- ANONYMOUS = 0,
- RSA = 1,
- DSA = 2,
- ECDSA = 3
- };
-
- struct ClientHelloInfo {
- folly::IOBufQueue clientHelloBuf_;
- uint8_t clientHelloMajorVersion_;
- uint8_t clientHelloMinorVersion_;
- std::vector<uint16_t> clientHelloCipherSuites_;
- std::vector<uint8_t> clientHelloCompressionMethods_;
- std::vector<TLSExtension> clientHelloExtensions_;
- std::vector<
- std::pair<HashAlgorithm, SignatureAlgorithm>> clientHelloSigAlgs_;
- };
-
// For unit-tests
- ClientHelloInfo* getClientHelloInfo() const {
+ ssl::ClientHelloInfo* getClientHelloInfo() const {
return clientHelloInfo_.get();
}
/**
* Returns the peer certificate, or nullptr if no peer certificate received.
*/
- virtual X509_UniquePtr getPeerCert() const override {
+ virtual ssl::X509UniquePtr getPeerCert() const override {
if (!ssl_) {
return nullptr;
}
X509* cert = SSL_get_peer_certificate(ssl_);
- return X509_UniquePtr(cert);
+ return ssl::X509UniquePtr(cert);
}
/**
bool parseClientHello_{false};
bool cacheAddrOnFailure_{false};
- std::unique_ptr<ClientHelloInfo> clientHelloInfo_;
+ std::unique_ptr<ssl::ClientHelloInfo> clientHelloInfo_;
// Time taken to complete the ssl handshake.
std::chrono::steady_clock::time_point handshakeStartTime_;