Gecko [ apartmentfairs.com ]

Name	Size	Permission
swoole.h	26.96 KB	-rw-r--r--
swoole_api.h	2.02 KB	-rw-r--r--
swoole_asm_context.h	2.31 KB	-rw-r--r--
swoole_async.h	3.29 KB	-rw-r--r--
swoole_atomic.h	2.3 KB	-rw-r--r--
swoole_base64.h	1.3 KB	-rw-r--r--
swoole_buffer.h	2.24 KB	-rw-r--r--
swoole_channel.h	2.37 KB	-rw-r--r--
swoole_client.h	11.75 KB	-rw-r--r--
swoole_config.h	8.79 KB	-rw-r--r--
swoole_coroutine.h	8.92 KB	-rw-r--r--
swoole_coroutine_api.h	5.12 KB	-rw-r--r--
swoole_coroutine_channel.h	4.17 KB	-rw-r--r--
swoole_coroutine_context.h	2.75 KB	-rw-r--r--
swoole_coroutine_socket.h	17.64 KB	-rw-r--r--
swoole_coroutine_system.h	3.78 KB	-rw-r--r--
swoole_dtls.h	2.42 KB	-rw-r--r--
swoole_error.h	6.46 KB	-rw-r--r--
swoole_file.h	4.88 KB	-rw-r--r--
swoole_file_hook.h	2.76 KB	-rw-r--r--
swoole_hash.h	1.24 KB	-rw-r--r--
swoole_heap.h	1.9 KB	-rw-r--r--
swoole_http.h	7.24 KB	-rw-r--r--
swoole_http2.h	8.55 KB	-rw-r--r--
swoole_iouring.h	5.52 KB	-rw-r--r--
swoole_llhttp.h	2.02 KB	-rw-r--r--
swoole_lock.h	3.25 KB	-rw-r--r--
swoole_log.h	15.71 KB	-rw-r--r--
swoole_lru_cache.h	3.18 KB	-rw-r--r--
swoole_memory.h	2.83 KB	-rw-r--r--
swoole_message_bus.h	5.18 KB	-rw-r--r--
swoole_mime_type.h	1.42 KB	-rw-r--r--
swoole_mqtt.h	2.16 KB	-rw-r--r--
swoole_msg_queue.h	1.96 KB	-rw-r--r--
swoole_pipe.h	2.6 KB	-rw-r--r--
swoole_process_pool.h	13.17 KB	-rw-r--r--
swoole_protocol.h	5.03 KB	-rw-r--r--
swoole_proxy.h	3.3 KB	-rw-r--r--
swoole_reactor.h	12.4 KB	-rw-r--r--
swoole_redis.h	1.83 KB	-rw-r--r--
swoole_server.h	49.72 KB	-rw-r--r--
swoole_signal.h	2.99 KB	-rw-r--r--
swoole_socket.h	18.51 KB	-rw-r--r--
swoole_socket_hook.h	2.31 KB	-rw-r--r--
swoole_socket_impl.h	1.43 KB	-rw-r--r--
swoole_ssl.h	5.22 KB	-rw-r--r--
swoole_static_handler.h	5.21 KB	-rw-r--r--
swoole_string.h	7.32 KB	-rw-r--r--
swoole_table.h	6.5 KB	-rw-r--r--
swoole_thread.h	1.99 KB	-rw-r--r--
swoole_timer.h	4.37 KB	-rw-r--r--
swoole_uring_socket.h	3.84 KB	-rw-r--r--
swoole_util.h	7.49 KB	-rw-r--r--
swoole_version.h	1.74 KB	-rw-r--r--
swoole_websocket.h	5.11 KB	-rw-r--r--

Code Editor : swoole_ssl.h

/*
  +----------------------------------------------------------------------+
  | Swoole                                                               |
  +----------------------------------------------------------------------+
  | This source file is subject to version 2.0 of the Apache license,    |
  | that is bundled with this package in the file LICENSE, and is        |
  | available through the world-wide-web at the following url:           |
  | http://www.apache.org/licenses/LICENSE-2.0.html                      |
  | If you did not receive a copy of the Apache2.0 license and are unable|
  | to obtain it through the world-wide-web, please send a note to       |
  | license@php.net so we can mail you a copy immediately.               |
  +----------------------------------------------------------------------+
  | Author: Tianfeng Han  <rango@swoole.com>                             |
  +----------------------------------------------------------------------+
*/

#pragma once

#include "swoole.h"

#include <unordered_map>
#include <string>

#include <openssl/ssl.h>
#include <openssl/bio.h>
#include <openssl/err.h>
#include <openssl/crypto.h>
#include <openssl/x509.h>
#include <openssl/x509v3.h>
#include <openssl/rand.h>
#include <openssl/conf.h>
#include <openssl/opensslv.h>

#if OPENSSL_VERSION_NUMBER >= 0x10100000L
#define SW_SUPPORT_DTLS
#endif

#if defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x3000000fL
#undef SW_SUPPORT_DTLS
#endif

#ifdef OPENSSL_IS_BORINGSSL
#define BIO_CTRL_DGRAM_SET_CONNECTED 32
#define BIO_CTRL_DGRAM_SET_PEER 44
#define BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT 45
#define BIO_dgram_get_peer(b, peer) (int) BIO_ctrl(b, BIO_CTRL_DGRAM_GET_PEER, 0, (char *) (peer))
#define OPENSSL_assert(x) assert(x)
#endif

enum swSSLCreateFlag {
    SW_SSL_SERVER = 1,
    SW_SSL_CLIENT = 2,
};

enum swSSLState {
    SW_SSL_STATE_HANDSHAKE = 0,
    SW_SSL_STATE_READY = 1,
    SW_SSL_STATE_WAIT_STREAM = 2,
};

enum swSSLVersion {
    SW_SSL_SSLv2 = 1u << 1,
    SW_SSL_SSLv3 = 1u << 2,
    SW_SSL_TLSv1 = 1u << 3,
    SW_SSL_TLSv1_1 = 1u << 4,
    SW_SSL_TLSv1_2 = 1u << 5,
    SW_SSL_TLSv1_3 = 1u << 6,
    SW_SSL_DTLS = 1u << 7,
};

enum swSSLMethod {
    SW_SSLv23_METHOD = 0,
    SW_SSLv3_METHOD,
    SW_SSLv3_SERVER_METHOD,
    SW_SSLv3_CLIENT_METHOD,
    SW_SSLv23_SERVER_METHOD,
    SW_SSLv23_CLIENT_METHOD,
    SW_TLSv1_METHOD,
    SW_TLSv1_SERVER_METHOD,
    SW_TLSv1_CLIENT_METHOD,
#ifdef TLS1_1_VERSION
    SW_TLSv1_1_METHOD,
    SW_TLSv1_1_SERVER_METHOD,
    SW_TLSv1_1_CLIENT_METHOD,
#endif
#ifdef TLS1_2_VERSION
    SW_TLSv1_2_METHOD,
    SW_TLSv1_2_SERVER_METHOD,
    SW_TLSv1_2_CLIENT_METHOD,
#endif
#ifdef SW_SUPPORT_DTLS
    SW_DTLS_CLIENT_METHOD,
    SW_DTLS_SERVER_METHOD,
#endif
};

namespace swoole {

struct SSLContext {
    uchar http : 1;
    uchar http_v2 : 1;
    uchar prefer_server_ciphers : 1;
    uchar session_tickets : 1;
    uchar stapling : 1;
    uchar stapling_verify : 1;
    std::string ciphers;
    std::string ecdh_curve;
    std::string session_cache;
    std::string dhparam;
    std::string cert_file;
    std::string key_file;
    std::string passphrase;
    std::string client_cert_file;
#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
    uchar disable_tls_host_name : 1;
    std::string tls_host_name;
#endif

#ifdef OPENSSL_IS_BORINGSSL
    uint8_t grease;
#endif

std::string cafile;
    std::string capath;
    uint8_t verify_depth;
    uchar disable_compress : 1;
    uchar verify_peer : 1;
    uchar allow_self_signed : 1;
    uint32_t protocols;
    uint8_t create_flag;
    SSL_CTX *context;

SSL_CTX *get_context() const {
        return context;
    }

bool ready() const {
        return context != nullptr;
    }

void set_protocols(uint32_t _protocols) {
        protocols = _protocols;
    }

bool set_cert_file(const std::string &_cert_file) {
        if (access(_cert_file.c_str(), R_OK) < 0) {
            swoole_warning("ssl cert file[%s] not found", _cert_file.c_str());
            return false;
        }
        cert_file = _cert_file;
        return true;
    }

bool set_key_file(const std::string &_key_file) {
        if (access(_key_file.c_str(), R_OK) < 0) {
            swoole_warning("ssl key file[%s] not found", _key_file.c_str());
            return false;
        }
        key_file = _key_file;
        return true;
    }

bool set_client_cert_file(const std::string &file) {
        if (access(file.c_str(), R_OK) < 0) {
            swoole_warning("ssl client cert file[%s] not found", file.c_str());
            return false;
        }
        client_cert_file = file;
        return true;
    }

bool create();
    bool set_capath() const;
    bool set_ciphers() const;
    bool set_client_certificate() const;
    bool set_ecdh_curve() const;
    bool set_dhparam() const;
    ~SSLContext();
};
}  // namespace swoole

void swoole_ssl_init();
void swoole_ssl_destroy();
void swoole_ssl_lock_callback(int mode, int type, const char *file, int line);
void swoole_ssl_server_http_advise(swoole::SSLContext &);
const char *swoole_ssl_get_error();
int swoole_ssl_get_ex_connection_index();
int swoole_ssl_get_ex_port_index();
std::string swoole_ssl_get_version_message();

${this.title}

Code Editor : swoole_ssl.h