1 /*
2  *  Copyright 2004 The WebRTC Project Authors. All rights reserved.
3  *
4  *  Use of this source code is governed by a BSD-style license
5  *  that can be found in the LICENSE file in the root of the source
6  *  tree. An additional intellectual property rights grant can be found
7  *  in the file PATENTS.  All contributing project authors may
8  *  be found in the AUTHORS file in the root of the source tree.
9  */
10 
11 #ifndef WEBRTC_BASE_OPENSSLADAPTER_H__
12 #define WEBRTC_BASE_OPENSSLADAPTER_H__
13 
14 #include <string>
15 #include "webrtc/base/messagehandler.h"
16 #include "webrtc/base/messagequeue.h"
17 #include "webrtc/base/ssladapter.h"
18 
19 typedef struct ssl_st SSL;
20 typedef struct ssl_ctx_st SSL_CTX;
21 typedef struct x509_store_ctx_st X509_STORE_CTX;
22 
23 namespace rtc {
24 
25 ///////////////////////////////////////////////////////////////////////////////
26 
27 class OpenSSLAdapter : public SSLAdapter, public MessageHandler {
28 public:
29   static bool InitializeSSL(VerificationCallback callback);
30   static bool InitializeSSLThread();
31   static bool CleanupSSL();
32 
33   OpenSSLAdapter(AsyncSocket* socket);
34   ~OpenSSLAdapter() override;
35 
36   void SetMode(SSLMode mode) override;
37   int StartSSL(const char* hostname, bool restartable) override;
38   int Send(const void* pv, size_t cb) override;
39   int SendTo(const void* pv, size_t cb, const SocketAddress& addr) override;
40   int Recv(void* pv, size_t cb) override;
41   int RecvFrom(void* pv, size_t cb, SocketAddress* paddr) override;
42   int Close() override;
43 
44   // Note that the socket returns ST_CONNECTING while SSL is being negotiated.
45   ConnState GetState() const override;
46 
47 protected:
48  void OnConnectEvent(AsyncSocket* socket) override;
49  void OnReadEvent(AsyncSocket* socket) override;
50  void OnWriteEvent(AsyncSocket* socket) override;
51  void OnCloseEvent(AsyncSocket* socket, int err) override;
52 
53 private:
54   enum SSLState {
55     SSL_NONE, SSL_WAIT, SSL_CONNECTING, SSL_CONNECTED, SSL_ERROR
56   };
57 
58   enum { MSG_TIMEOUT };
59 
60   int BeginSSL();
61   int ContinueSSL();
62   void Error(const char* context, int err, bool signal = true);
63   void Cleanup();
64 
65   void OnMessage(Message* msg) override;
66 
67   static bool VerifyServerName(SSL* ssl, const char* host,
68                                bool ignore_bad_cert);
69   bool SSLPostConnectionCheck(SSL* ssl, const char* host);
70 #if !defined(NDEBUG)
71   static void SSLInfoCallback(const SSL* s, int where, int ret);
72 #endif
73   static int SSLVerifyCallback(int ok, X509_STORE_CTX* store);
74   static VerificationCallback custom_verify_callback_;
75   friend class OpenSSLStreamAdapter;  // for custom_verify_callback_;
76 
77   static bool ConfigureTrustedRootCertificates(SSL_CTX* ctx);
78   SSL_CTX* SetupSSLContext();
79 
80   SSLState state_;
81   bool ssl_read_needs_write_;
82   bool ssl_write_needs_read_;
83   // If true, socket will retain SSL configuration after Close.
84   bool restartable_;
85 
86   SSL* ssl_;
87   SSL_CTX* ssl_ctx_;
88   std::string ssl_host_name_;
89   // Do DTLS or not
90   SSLMode ssl_mode_;
91 
92   bool custom_verification_succeeded_;
93 };
94 
95 /////////////////////////////////////////////////////////////////////////////
96 
97 } // namespace rtc
98 
99 #endif // WEBRTC_BASE_OPENSSLADAPTER_H__
100