Botan
2.1.0
Crypto and TLS for C++11
|
#include <tls_callbacks.h>
Public Types | |
typedef std::function< void(Alert, const uint8_t[], size_t)> | alert_cb |
typedef std::function< void(const uint8_t[], size_t)> | data_cb |
typedef std::function< bool(const Session &)> | handshake_cb |
typedef std::function< void(const Handshake_Message &)> | handshake_msg_cb |
typedef std::function< std::string(std::vector< std::string >)> | next_protocol_fn |
typedef std::function< void(const uint8_t[], size_t)> | output_fn |
Public Member Functions | |
Compat_Callbacks (output_fn output_fn, data_cb app_data_cb, alert_cb alert_cb, handshake_cb hs_cb, handshake_msg_cb hs_msg_cb=nullptr, next_protocol_fn next_proto=nullptr) | |
Compat_Callbacks (output_fn output_fn, data_cb app_data_cb, std::function< void(Alert)> alert_cb, handshake_cb hs_cb, handshake_msg_cb hs_msg_cb=nullptr, next_protocol_fn next_proto=nullptr) | |
void | tls_alert (Alert alert) override |
void | tls_emit_data (const uint8_t data[], size_t size) override |
void | tls_inspect_handshake_msg (const Handshake_Message &hmsg) override |
virtual void | tls_log_debug (const char *what) |
virtual void | tls_log_debug_bin (const char *descr, const uint8_t val[], size_t val_len) |
virtual void | tls_log_error (const char *err) |
void | tls_record_received (uint64_t, const uint8_t data[], size_t size) override |
std::string | tls_server_choose_app_protocol (const std::vector< std::string > &client_protos) override |
virtual void | tls_session_activated () |
bool | tls_session_established (const Session &session) override |
virtual void | tls_verify_cert_chain (const std::vector< X509_Certificate > &cert_chain, const std::vector< std::shared_ptr< const OCSP::Response >> &ocsp_responses, const std::vector< Certificate_Store * > &trusted_roots, Usage_Type usage, const std::string &hostname, const TLS::Policy &policy) |
virtual std::chrono::milliseconds | tls_verify_cert_chain_ocsp_timeout () const |
TLS::Callbacks using std::function for compatability with the old API signatures. This type is only provided for backward compatibility. New implementations should derive from TLS::Callbacks instead.
Definition at line 202 of file tls_callbacks.h.
typedef std::function<void (Alert, const uint8_t[], size_t)> Botan::TLS::Compat_Callbacks::alert_cb |
Definition at line 207 of file tls_callbacks.h.
typedef std::function<void (const uint8_t[], size_t)> Botan::TLS::Compat_Callbacks::data_cb |
Definition at line 206 of file tls_callbacks.h.
typedef std::function<bool (const Session&)> Botan::TLS::Compat_Callbacks::handshake_cb |
Definition at line 208 of file tls_callbacks.h.
typedef std::function<void (const Handshake_Message&)> Botan::TLS::Compat_Callbacks::handshake_msg_cb |
Definition at line 209 of file tls_callbacks.h.
typedef std::function<std::string (std::vector<std::string>)> Botan::TLS::Compat_Callbacks::next_protocol_fn |
Definition at line 210 of file tls_callbacks.h.
typedef std::function<void (const uint8_t[], size_t)> Botan::TLS::Compat_Callbacks::output_fn |
Definition at line 205 of file tls_callbacks.h.
|
inline |
output_fn | is called with data for the outbound socket |
app_data_cb | is called when new application data is received |
alert_cb | is called when a TLS alert is received |
hs_cb | is called when a handshake is completed |
hs_msg_cb | is called for each handshake message received |
next_proto | is called with ALPN protocol data sent by the client |
Definition at line 226 of file tls_callbacks.h.
|
inline |
Definition at line 234 of file tls_callbacks.h.
|
inlineoverridevirtual |
Mandatory callback: alert received Called when an alert is received from the peer If fatal, the connection is closing. If not fatal, the connection may still be closing (depending on the error and the peer).
alert | the source of the alert |
Implements Botan::TLS::Callbacks.
Definition at line 257 of file tls_callbacks.h.
References BOTAN_ASSERT.
|
inlineoverridevirtual |
Mandatory callback: output function The channel will call this with data which needs to be sent to the peer (eg, over a socket or some other form of IPC). The array will be overwritten when the function returns so a copy must be made if the data cannot be sent immediately.
data | the vector of data to send |
size | the number of bytes to send |
Implements Botan::TLS::Callbacks.
Definition at line 243 of file tls_callbacks.h.
References BOTAN_ASSERT.
|
inlineoverridevirtual |
Optional callback: inspect handshake message Throw an exception to abort the handshake. Default simply ignores the message.
message | the handshake message |
Reimplemented from Botan::TLS::Callbacks.
Definition at line 277 of file tls_callbacks.h.
|
inlinevirtualinherited |
Optional callback: debug logging. (not currently called)
what | Some hopefully informative string |
Definition at line 178 of file tls_callbacks.h.
References BOTAN_UNUSED.
|
inlinevirtualinherited |
Optional callback: debug logging taking a buffer. (not currently called)
descr | What this buffer is |
val | the bytes |
val_len | length of val |
Definition at line 189 of file tls_callbacks.h.
References BOTAN_UNUSED.
|
inlinevirtualinherited |
Optional callback: error logging. (not currently called)
err | An error message related to this connection. |
Definition at line 169 of file tls_callbacks.h.
References BOTAN_UNUSED.
|
inlineoverridevirtual |
Mandatory callback: process application data Called when application data record is received from the peer. Again the array is overwritten immediately after the function returns.
seq_no | the underlying TLS/DTLS record sequence number |
data | the vector containing the received record |
size | the length of the received record, in bytes |
Implements Botan::TLS::Callbacks.
Definition at line 250 of file tls_callbacks.h.
References BOTAN_ASSERT.
|
inlineoverridevirtual |
Optional callback for server: choose ALPN protocol ALPN (RFC 7301) works by the client sending a list of application protocols it is willing to negotiate. The server then selects which protocol to use, which is not necessarily even on the list that the client sent.
client_protos | the vector of protocols the client is willing to negotiate |
Reimplemented from Botan::TLS::Callbacks.
Definition at line 271 of file tls_callbacks.h.
|
inlinevirtualinherited |
Optional callback: session activated Called when a session is active and can be written to
Definition at line 92 of file tls_callbacks.h.
Referenced by Botan::TLS::Channel::activate_session().
|
inlineoverridevirtual |
Mandatory callback: session established Called when a session is established. Throw an exception to abort the connection.
session | the session descriptor |
Implements Botan::TLS::Callbacks.
Definition at line 264 of file tls_callbacks.h.
References BOTAN_ASSERT.
|
virtualinherited |
Optional callback with default impl: verify cert chain
Default implementation performs a standard PKIX validation and initiates network OCSP request for end-entity cert. Override to provide different behavior.
Check the certificate chain is valid up to a trusted root, and optionally (if hostname != "") that the hostname given is consistent with the leaf certificate.
This function should throw an exception derived from std::exception with an informative what() result if the certificate chain cannot be verified.
cert_chain | specifies a certificate chain leading to a trusted root CA certificate. |
ocsp_responses | the server may have provided some |
trusted_roots | the list of trusted certificates |
usage | what this cert chain is being used for Usage_Type::TLS_SERVER_AUTH for server chains, Usage_Type::TLS_CLIENT_AUTH for client chains, Usage_Type::UNSPECIFIED for other uses |
hostname | when authenticating a server, this is the hostname the client requested (eg via SNI). When authenticating a client, this is the server name the client is authenticating to. Empty in other cases or if no hostname was used. |
policy | the TLS policy associated with the session being authenticated using the certificate chain |
Definition at line 26 of file tls_callbacks.cpp.
References Botan::TLS::Policy::minimum_signature_strength(), Botan::TLS::Policy::require_cert_revocation_info(), Botan::TLS_SERVER_AUTH, and Botan::x509_path_validate().
|
inlinevirtualinherited |
Called by default tls_verify_cert_chain
to get the timeout to use for OCSP requests. Return 0 to disable online OCSP checks.
Definition at line 136 of file tls_callbacks.h.