folly::AsyncSSLSocket Class Reference

#include <AsyncSSLSocket.h>

Inheritance diagram for folly::AsyncSSLSocket:

Classes
class	DefaultOpenSSLAsyncFinishCallback
class	HandshakeCB
class	Timeout

Public Types
enum	SSLStateEnum {   STATE_UNINIT, STATE_UNENCRYPTED, STATE_ACCEPTING, STATE_CACHE_LOOKUP,   STATE_ASYNC_PENDING, STATE_CONNECTING, STATE_ESTABLISHED, STATE_REMOTE_CLOSED,   STATE_CLOSING, STATE_CONNECTING_CLOSING, STATE_CLOSED, STATE_ERROR }
typedef std::unique_ptr< AsyncSSLSocket, Destructor >	UniquePtr
using	X509_deleter = folly::static_function_deleter< X509,&X509_free >
Public Types inherited from folly::AsyncSocket
enum	StateEnum : uint8_t {   StateEnum::UNINIT, StateEnum::CONNECTING, StateEnum::ESTABLISHED, StateEnum::CLOSED,   StateEnum::ERROR, StateEnum::FAST_OPEN }
typedef std::unique_ptr< AsyncSocket, Destructor >	UniquePtr
typedef std::map< OptionKey, int >	OptionMap
Public Types inherited from folly::AsyncTransportWrapper
using	UniquePtr = std::unique_ptr< AsyncTransportWrapper, Destructor >
using	ReadCallback = AsyncReader::ReadCallback
using	WriteCallback = AsyncWriter::WriteCallback
Public Types inherited from folly::AsyncTransport
typedef std::unique_ptr< AsyncTransport, Destructor >	UniquePtr

Public Member Functions
	AsyncSSLSocket (const std::shared_ptr< folly::SSLContext > &ctx, EventBase *evb, bool deferSecurityNegotiation=false)
	AsyncSSLSocket (const std::shared_ptr< folly::SSLContext > &ctx, EventBase *evb, int fd, bool server=true, bool deferSecurityNegotiation=false)
	AsyncSSLSocket (const std::shared_ptr< folly::SSLContext > &ctx, AsyncSocket::UniquePtr oldAsyncSocket, bool server=true, bool deferSecurityNegotiation=false)
void	closeNow () override
void	shutdownWrite () override
void	shutdownWriteNow () override
bool	good () const override
bool	connecting () const override
std::string	getApplicationProtocol () const noexceptoverride
std::string	getSecurityProtocol () const override
void	setEorTracking (bool track) override
size_t	getRawBytesWritten () const override
size_t	getRawBytesReceived () const override
void	enableClientHelloParsing ()
virtual void	sslAccept (HandshakeCB *callback, std::chrono::milliseconds timeout=std::chrono::milliseconds::zero(), const folly::SSLContext::SSLVerifyPeerEnum &verifyPeer=folly::SSLContext::SSLVerifyPeerEnum::USE_CTX)
void	restartSSLAccept ()
void	connect (ConnectCallback *callback, const folly::SocketAddress &address, int timeout=0, const OptionMap &options=emptyOptionMap, const folly::SocketAddress &bindAddr=anyAddress()) noexceptoverride
virtual void	connect (ConnectCallback *callback, const folly::SocketAddress &address, std::chrono::milliseconds connectTimeout, std::chrono::milliseconds totalConnectTimeout, const OptionMap &options=emptyOptionMap, const folly::SocketAddress &bindAddr=anyAddress()) noexcept
virtual void	sslConn (HandshakeCB *callback, std::chrono::milliseconds timeout=std::chrono::milliseconds::zero(), const folly::SSLContext::SSLVerifyPeerEnum &verifyPeer=folly::SSLContext::SSLVerifyPeerEnum::USE_CTX)
SSLStateEnum	getSSLState () const
SSL_SESSION *	getSSLSession ()
const SSL *	getSSL () const
void	setSSLSession (SSL_SESSION *session, bool takeOwnership=false)
virtual void	getSelectedNextProtocol (const unsigned char **protoName, unsigned *protoLen) const
virtual bool	getSelectedNextProtocolNoThrow (const unsigned char **protoName, unsigned *protoLen) const
virtual bool	getSSLSessionReused () const
bool	sessionIDResumed () const
void	setSessionIDResumed (bool resumed)
virtual const char *	getNegotiatedCipherName () const
const char *	getSSLServerName () const
const char *	getSSLServerNameNoThrow () const
int	getSSLVersion () const
const char *	getSSLCertSigAlgName () const
int	getSSLCertSize () const
const X509 *	getSelfCert () const override
void	attachEventBase (EventBase *eventBase) override
void	detachEventBase () override
bool	isDetachable () const override
virtual void	attachTimeoutManager (TimeoutManager *manager)
virtual void	detachTimeoutManager ()
const std::shared_ptr< folly::SSLContext > &	getSSLContext () const
void	timeoutExpired (std::chrono::milliseconds timeout) noexcept
void	getSSLClientCiphers (std::string &clientCiphers, bool convertToString=true) const
std::string	getSSLClientComprMethods () const
std::string	getSSLClientExts () const
std::string	getSSLClientSigAlgs () const
std::string	getSSLClientSupportedVersions () const
std::string	getSSLAlertsReceived () const
void	setSSLCertVerificationAlert (std::string alert)
std::string	getSSLCertVerificationAlert () const
void	getSSLSharedCiphers (std::string &sharedCiphers) const
void	getSSLServerCiphers (std::string &serverCiphers) const
bool	needsPeerVerification () const
void	resetClientHelloParsing (SSL *ssl)
ssl::ClientHelloInfo *	getClientHelloInfo () const
virtual std::chrono::nanoseconds	getHandshakeTime () const
void	setMinWriteSize (size_t minWriteSize)
size_t	getMinWriteSize () const
void	setReadCB (ReadCallback *callback) override
void	setBufferMovableEnabled (bool enabled)
const AsyncTransportCertificate *	getPeerCertificate () const override
const AsyncTransportCertificate *	getSelfCertificate () const override
ssl::X509UniquePtr	getPeerCert () const override
void	forceCacheAddrOnFailure (bool force)
const std::string &	getSessionKey () const
void	setSessionKey (std::string sessionKey)
void	setCertCacheHit (bool hit)
bool	getCertCacheHit () const
bool	sessionResumptionAttempted () const
std::chrono::milliseconds	getTotalConnectTimeout () const
void	setAsyncOperationFinishCallback (std::unique_ptr< ReadCallback > cb)
Public Member Functions inherited from folly::AsyncSocket
	AsyncSocket ()
	AsyncSocket (EventBase *evb)
void	setShutdownSocketSet (const std::weak_ptr< ShutdownSocketSet > &wSS)
	AsyncSocket (EventBase *evb, const folly::SocketAddress &address, uint32_t connectTimeout=0)
	AsyncSocket (EventBase *evb, const std::string &ip, uint16_t port, uint32_t connectTimeout=0)
	AsyncSocket (EventBase *evb, int fd, uint32_t zeroCopyBufId=0)
	AsyncSocket (AsyncSocket::UniquePtr)
void	destroy () override
EventBase *	getEventBase () const override
virtual int	getFd () const
virtual int	detachFd ()
void	connect (ConnectCallback *callback, const std::string &ip, uint16_t port, int timeout=0, const OptionMap &options=emptyOptionMap) noexcept
void	cancelConnect ()
void	setSendTimeout (uint32_t milliseconds) override
uint32_t	getSendTimeout () const override
void	setMaxReadsPerEvent (uint16_t maxReads)
uint16_t	getMaxReadsPerEvent () const
virtual void	setErrMessageCB (ErrMessageCallback *callback)
virtual ErrMessageCallback *	getErrMessageCallback () const
virtual void	setSendMsgParamCB (SendMsgParamsCallback *callback)
virtual SendMsgParamsCallback *	getSendMsgParamsCB () const
ReadCallback *	getReadCallback () const override
bool	setZeroCopy (bool enable)
bool	getZeroCopy () const
uint32_t	getZeroCopyBufId () const
size_t	getZeroCopyReenableThreshold () const
void	setZeroCopyReenableThreshold (size_t threshold)
void	write (WriteCallback *callback, const void *buf, size_t bytes, WriteFlags flags=WriteFlags::NONE) override
void	writev (WriteCallback *callback, const iovec *vec, size_t count, WriteFlags flags=WriteFlags::NONE) override
void	writeChain (WriteCallback *callback, std::unique_ptr< folly::IOBuf > &&buf, WriteFlags flags=WriteFlags::NONE) override
virtual void	writeRequest (WriteRequest *req)
void	writeRequestReady ()
void	close () override
void	closeWithReset () override
bool	readable () const override
bool	writable () const override
bool	isPending () const override
virtual bool	hangup () const
bool	error () const override
void	getLocalAddress (folly::SocketAddress *address) const override
void	getPeerAddress (folly::SocketAddress *address) const override
bool	isEorTrackingEnabled () const override
virtual bool	isClosedByPeer () const
virtual bool	isClosedBySelf () const
size_t	getAppBytesWritten () const override
size_t	getAppBytesReceived () const override
std::chrono::nanoseconds	getConnectTime () const
std::chrono::milliseconds	getConnectTimeout () const
std::chrono::steady_clock::time_point	getConnectStartTime () const
std::chrono::steady_clock::time_point	getConnectEndTime () const
bool	getTFOAttempted () const
bool	getTFOFinished () const
bool	getTFOSucceded () const
int	setNoDelay (bool noDelay)
void	setCloseOnExec ()
int	setCongestionFlavor (const std::string &cname)
int	setQuickAck (bool quickack)
int	setSendBufSize (size_t bufsize)
int	setRecvBufSize (size_t bufsize)
int	setTCPProfile (int profd)
template<typename T >
int	getSockOpt (int level, int optname, T *optval, socklen_t *optlen)
template<typename T >
int	setSockOpt (int level, int optname, const T *optval)
virtual int	getSockOptVirtual (int level, int optname, void *optval, socklen_t *optlen)
virtual int	setSockOptVirtual (int level, int optname, void const *optval, socklen_t optlen)
virtual void	setPreReceivedData (std::unique_ptr< IOBuf > data)
void	enableTFO ()
void	disableTransparentTls ()
void	disableTSocks ()
void	setBufferCallback (BufferCallback *cb)
void	setEvbChangedCallback (std::unique_ptr< EvbChangeCallback > cb)
void	cacheAddresses ()
bool	isZeroCopyWriteInProgress () const noexcept
bool	processZeroCopyWriteInProgress () noexcept
void	setPeerCertificate (std::unique_ptr< const AsyncTransportCertificate > cert)
void	setSelfCertificate (std::unique_ptr< const AsyncTransportCertificate > cert)
Public Member Functions inherited from folly::AsyncTransportWrapper
virtual const AsyncTransportWrapper *	getWrappedTransport () const
template<class T >
const T *	getUnderlyingTransport () const
template<class T >
T *	getUnderlyingTransport ()
Public Member Functions inherited from folly::AsyncTransport
SocketAddress	getLocalAddress () const
void	getAddress (SocketAddress *address) const override
SocketAddress	getPeerAddress () const
virtual bool	isReplaySafe () const
virtual void	setReplaySafetyCallback (ReplaySafetyCallback *callback)
Public Member Functions inherited from folly::DelayedDestruction
bool	getDestroyPending () const
Public Member Functions inherited from folly::DelayedDestructionBase
virtual	~DelayedDestructionBase ()=default
Public Member Functions inherited from folly::AsyncSocketBase
virtual	~AsyncSocketBase ()=default

Static Public Member Functions
static std::shared_ptr< AsyncSSLSocket >	newSocket (const std::shared_ptr< folly::SSLContext > &ctx, EventBase *evb, int fd, bool server=true, bool deferSecurityNegotiation=false)
static std::shared_ptr< AsyncSSLSocket >	newSocket (const std::shared_ptr< folly::SSLContext > &ctx, EventBase *evb, bool deferSecurityNegotiation=false)
static int	getSSLExDataIndex ()
static AsyncSSLSocket *	getFromSSL (const SSL *ssl)
static int	bioWrite (BIO *b, const char *in, int inl)
static int	bioRead (BIO *b, char *out, int outl)
static void	clientHelloParsingCallback (int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)
static const char *	getSSLServerNameFromSSL (SSL *ssl)
Static Public Member Functions inherited from folly::AsyncSocket
static std::shared_ptr< AsyncSocket >	newSocket (EventBase *evb)
static std::shared_ptr< AsyncSocket >	newSocket (EventBase *evb, const folly::SocketAddress &address, uint32_t connectTimeout=0)
static std::shared_ptr< AsyncSocket >	newSocket (EventBase *evb, const std::string &ip, uint16_t port, uint32_t connectTimeout=0)
static std::shared_ptr< AsyncSocket >	newSocket (EventBase *evb, int fd)
static const folly::SocketAddress &	anyAddress ()

Protected Member Functions
	~AsyncSSLSocket () override
void	prepareReadBuffer (void **buf, size_t *buflen) override
void	handleRead () noexceptoverride
void	handleWrite () noexceptoverride
void	handleAccept () noexcept
void	handleConnect () noexceptoverride
void	invalidState (HandshakeCB *callback)
bool	willBlock (int ret, int *sslErrorOut, unsigned long *errErrorOut) noexcept
void	checkForImmediateRead () noexceptoverride
void	handleInitialReadWrite () noexceptoverride
WriteResult	interpretSSLError (int rc, int error)
ReadResult	performRead (void **buf, size_t *buflen, size_t *offset) override
WriteResult	performWrite (const iovec *vec, uint32_t count, WriteFlags flags, uint32_t *countWritten, uint32_t *partialWritten) override
ssize_t	performWriteIovec (const iovec *vec, uint32_t count, WriteFlags flags, uint32_t *countWritten, uint32_t *partialWritten)
virtual int	sslWriteImpl (SSL *ssl, const void *buf, int n)
void	applyVerificationOptions (const ssl::SSLUniquePtr &ssl)
bool	setupSSLBio ()
int	eorAwareSSLWrite (const ssl::SSLUniquePtr &ssl, const void *buf, int n, bool eor)
void	failHandshake (const char *fn, const AsyncSocketException &ex)
void	invokeHandshakeErr (const AsyncSocketException &ex)
void	invokeHandshakeCB ()
void	invokeConnectErr (const AsyncSocketException &ex) override
void	invokeConnectSuccess () override
void	scheduleConnectTimeout () override
void	startSSLConnect ()
Protected Member Functions inherited from folly::AsyncSocket
	~AsyncSocket () override
void	init ()
void	scheduleImmediateRead () noexcept
void	scheduleInitialReadWrite () noexcept
void	ioReady (uint16_t events) noexcept
virtual size_t	handleErrMessages () noexcept
void	timeoutExpired () noexcept
void	writeChainImpl (WriteCallback *callback, iovec *vec, size_t count, std::unique_ptr< folly::IOBuf > &&buf, WriteFlags flags)
void	writeImpl (WriteCallback *callback, const iovec *vec, size_t count, std::unique_ptr< folly::IOBuf > &&buf, WriteFlags flags=WriteFlags::NONE)
AsyncSocket::WriteResult	sendSocketMessage (int fd, struct msghdr *msg, int msg_flags)
virtual ssize_t	tfoSendMsg (int fd, struct msghdr *msg, int msg_flags)
int	socketConnect (const struct sockaddr *addr, socklen_t len)
void	registerForConnectEvents ()
bool	updateEventRegistration ()
bool	updateEventRegistration (uint16_t enable, uint16_t disable)
void	doClose ()
void	startFail ()
void	finishFail ()
void	finishFail (const AsyncSocketException &ex)
void	invokeAllErrors (const AsyncSocketException &ex)
void	fail (const char *fn, const AsyncSocketException &ex)
void	failConnect (const char *fn, const AsyncSocketException &ex)
void	failRead (const char *fn, const AsyncSocketException &ex)
void	failErrMessageRead (const char *fn, const AsyncSocketException &ex)
void	failWrite (const char *fn, WriteCallback *callback, size_t bytesWritten, const AsyncSocketException &ex)
void	failWrite (const char *fn, const AsyncSocketException &ex)
void	failAllWrites (const AsyncSocketException &ex)
void	invalidState (ConnectCallback *callback)
void	invalidState (ErrMessageCallback *callback)
void	invalidState (ReadCallback *callback)
void	invalidState (WriteCallback *callback)
std::string	withAddr (const std::string &s)
void	cacheLocalAddress () const
void	cachePeerAddress () const
bool	isZeroCopyRequest (WriteFlags flags)
bool	isZeroCopyMsg (const cmsghdr &cmsg) const
void	processZeroCopyMsg (const cmsghdr &cmsg)
uint32_t	getNextZeroCopyBufId ()
void	adjustZeroCopyFlags (folly::WriteFlags &flags)
void	addZeroCopyBuf (std::unique_ptr< folly::IOBuf > &&buf)
void	addZeroCopyBuf (folly::IOBuf *ptr)
void	setZeroCopyBuf (std::unique_ptr< folly::IOBuf > &&buf)
bool	containsZeroCopyBuf (folly::IOBuf *ptr)
void	releaseZeroCopyBuf (uint32_t id)
Protected Member Functions inherited from folly::AsyncTransport
	~AsyncTransport () override=default
Protected Member Functions inherited from folly::DelayedDestruction
	~DelayedDestruction () override=default
	DelayedDestruction ()
Protected Member Functions inherited from folly::DelayedDestructionBase
	DelayedDestructionBase ()
uint32_t	getDestructorGuardCount () const
Protected Member Functions inherited from folly::AsyncReader
virtual	~AsyncReader ()=default
Protected Member Functions inherited from folly::AsyncWriter
virtual	~AsyncWriter ()=default

Static Protected Member Functions
static void	sslInfoCallback (const SSL *ssl, int type, int val)
static int	sslVerifyCallback (int preverifyOk, X509_STORE_CTX *ctx)

Protected Attributes
bool	corkCurrentWrite_ {false}
bool	server_ {false}
bool	handshakeComplete_ {false}
bool	renegotiateAttempted_ {false}
SSLStateEnum	sslState_ {STATE_UNINIT}
std::shared_ptr< folly::SSLContext >	ctx_
HandshakeCB *	handshakeCallback_ {nullptr}
ssl::SSLUniquePtr	ssl_
SSL_SESSION *	sslSession_ {nullptr}
Timeout	handshakeTimeout_
Timeout	connectionTimeout_
size_t	appEorByteNo_ {0}
size_t	minWriteSize_ {1500}
size_t	minEorRawByteNo_ {0}
std::string	sessionKey_
folly::SSLContext::SSLVerifyPeerEnum	verifyPeer_
bool	parseClientHello_ {false}
bool	cacheAddrOnFailure_ {false}
bool	bufferMovableEnabled_ {false}
bool	certCacheHit_ {false}
std::unique_ptr< ssl::ClientHelloInfo >	clientHelloInfo_
std::vector< std::pair< char, StringPiece > >	alertsReceived_
std::chrono::steady_clock::time_point	handshakeStartTime_
std::chrono::steady_clock::time_point	handshakeEndTime_
std::chrono::milliseconds	handshakeConnectTimeout_ {0}
std::chrono::milliseconds	totalConnectTimeout_ {0}
std::string	sslVerificationAlert_
bool	sessionResumptionAttempted_ {false}
bool	sessionIDResumed_ {false}
std::unique_ptr< ReadCallback >	asyncOperationFinishCallback_
Protected Attributes inherited from folly::AsyncSocket
uint32_t	zeroCopyBufId_ {0}
std::unordered_map< uint32_t, folly::IOBuf * >	idZeroCopyBufPtrMap_
std::unordered_map< folly::IOBuf *, IOBufInfo >	idZeroCopyBufInfoMap_
StateEnum	state_
	StateEnum describing current state. More...
uint8_t	shutdownFlags_
	Shutdown state (ShutdownFlags) More...
uint16_t	eventFlags_
	EventBase::HandlerFlags settings. More...
int	fd_
	The socket file descriptor. More...
folly::SocketAddress	addr_
	The address we tried to connect to. More...
folly::SocketAddress	localAddr_
	The address we are connecting from. More...
uint32_t	sendTimeout_
	The send timeout, in milliseconds. More...
uint16_t	maxReadsPerEvent_
	Max reads per event loop iteration. More...
bool	isBufferMovable_ {false}
int8_t	readErr_ {READ_NO_ERROR}
	The read error encountered, if any. More...
EventBase *	eventBase_
	The EventBase. More...
WriteTimeout	writeTimeout_
	A timeout for connect and write. More...
IoHandler	ioHandler_
	A EventHandler to monitor the fd. More...
ImmediateReadCB	immediateReadHandler_
	LoopCallback for checking read. More...
ConnectCallback *	connectCallback_
	ConnectCallback. More...
ErrMessageCallback *	errMessageCallback_
	TimestampCallback. More...
SendMsgParamsCallback *	sendMsgParamCallback_
	< Callback for retrieving More...
ReadCallback *	readCallback_
	ReadCallback. More...
WriteRequest *	writeReqHead_
	Chain of WriteRequests. More...
WriteRequest *	writeReqTail_
	End of WriteRequest chain. More...
std::weak_ptr< ShutdownSocketSet >	wShutdownSocketSet_
size_t	appBytesReceived_
	Num of bytes received from socket. More...
size_t	appBytesWritten_
	Num of bytes written to socket. More...
std::unique_ptr< IOBuf >	preReceivedData_
std::chrono::steady_clock::time_point	connectStartTime_
std::chrono::steady_clock::time_point	connectEndTime_
std::chrono::milliseconds	connectTimeout_ {0}
std::unique_ptr< EvbChangeCallback >	evbChangeCb_ {nullptr}
BufferCallback *	bufferCallback_ {nullptr}
bool	tfoEnabled_ {false}
bool	tfoAttempted_ {false}
bool	tfoFinished_ {false}
bool	noTransparentTls_ {false}
bool	noTSocks_ {false}
bool	trackEor_ {false}
bool	zeroCopyEnabled_ {false}
bool	zeroCopyVal_ {false}
size_t	zeroCopyReenableThreshold_ {0}
size_t	zeroCopyReenableCounter_ {0}
std::unique_ptr< const AsyncTransportCertificate >	peerCertData_
std::unique_ptr< const AsyncTransportCertificate >	selfCertData_

Private Member Functions
void	handleReturnFromSSLAccept (int ret)
void	init ()

Additional Inherited Members
Static Public Attributes inherited from folly::AsyncSocket
static const OptionMap	emptyOptionMap
Protected Types inherited from folly::AsyncSocket
enum	ReadResultEnum { READ_EOF = 0, READ_ERROR = -1, READ_BLOCKING = -2, READ_NO_ERROR = -3 }
enum	WriteResultEnum { WRITE_ERROR = -1 }
enum	ShutdownFlags { SHUT_WRITE_PENDING = 0x01, SHUT_WRITE = 0x02, SHUT_READ = 0x04 }

Detailed Description

A class for performing asynchronous I/O on an SSL connection.

AsyncSSLSocket allows users to asynchronously wait for data on an SSL connection, and to asynchronously send data.

The APIs for reading and writing are intentionally asymmetric. Waiting for data to read is a persistent API: a callback is installed, and is notified whenever new data is available. It continues to be notified of new events until it is uninstalled.

AsyncSSLSocket does not provide read timeout functionality, because it typically cannot determine when the timeout should be active. Generally, a timeout should only be enabled when processing is blocked waiting on data from the remote endpoint. For server connections, the timeout should not be active if the server is currently processing one or more outstanding requests for this connection. For client connections, the timeout should not be active if there are no requests pending on the connection. Additionally, if a client has multiple pending requests, it will ususally want a separate timeout for each request, rather than a single read timeout.

The write API is fairly intuitive: a user can request to send a block of data, and a callback will be informed once the entire block has been transferred to the kernel, or on error. AsyncSSLSocket does provide a send timeout, since most callers want to give up if the remote end stops responding and no further progress can be made sending the data.

Definition at line 70 of file AsyncSSLSocket.h.

Member Typedef Documentation

typedef std::unique_ptr<AsyncSSLSocket, Destructor> folly::AsyncSSLSocket::UniquePtr

Definition at line 72 of file AsyncSSLSocket.h.

using folly::AsyncSSLSocket::X509_deleter = folly::static_function_deleter<X509, &X509_free>

Definition at line 73 of file AsyncSSLSocket.h.

Member Enumeration Documentation

enum folly::AsyncSSLSocket::SSLStateEnum

Enumerator
STATE_UNINIT
STATE_UNENCRYPTED
STATE_ACCEPTING
STATE_CACHE_LOOKUP
STATE_ASYNC_PENDING
STATE_CONNECTING
STATE_ESTABLISHED
STATE_REMOTE_CLOSED
STATE_CLOSING	remote end closed; we can still write close() called, but waiting on writes to complete
STATE_CONNECTING_CLOSING	close() called with pending writes, before connect() has completed
STATE_CLOSED
STATE_ERROR

Definition at line 428 of file AsyncSSLSocket.h.

                    {
    STATE_UNINIT,
    STATE_UNENCRYPTED,
    STATE_ACCEPTING,
    STATE_CACHE_LOOKUP,
    STATE_ASYNC_PENDING,
    STATE_CONNECTING,
    STATE_ESTABLISHED,
    STATE_REMOTE_CLOSED, 
    STATE_CLOSING, 
    STATE_CONNECTING_CLOSING,
    STATE_CLOSED,
    STATE_ERROR
  };

Constructor & Destructor Documentation

folly::AsyncSSLSocket::AsyncSSLSocket	(	const std::shared_ptr< folly::SSLContext > &	ctx,
		EventBase *	evb,
		bool	deferSecurityNegotiation = false
	)

Create a client AsyncSSLSocket

Definition at line 222 of file AsyncSSLSocket.cpp.

References init(), sslState_, and STATE_UNENCRYPTED.

Referenced by AsyncSSLSocket(), and newSocket().

    : AsyncSocket(evb),
      ctx_(ctx),
      handshakeTimeout_(this, evb),
      connectionTimeout_(this, evb) {
  init();
  if (deferSecurityNegotiation) {
    sslState_ = STATE_UNENCRYPTED;
  }
}

folly::AsyncSSLSocket::AsyncSSLSocket	(	const std::shared_ptr< folly::SSLContext > &	ctx,
		EventBase *	evb,
		int	fd,
		bool	server = true,
		bool	deferSecurityNegotiation = false
	)

Create a server/client AsyncSSLSocket from an already connected socket file descriptor.

Note that while AsyncSSLSocket enables TCP_NODELAY for sockets it creates when connecting, it does not change the socket options when given an existing file descriptor. If callers want TCP_NODELAY enabled when using this version of the constructor, they need to explicitly call setNoDelay(true) after the constructor returns.

Parameters

ctx	SSL context for this connection.
evb	EventBase that will manage this socket.
fd	File descriptor to take over (should be a connected socket).
server	Is socket in server mode?
deferSecurityNegotiation	unencrypted data can be sent before sslConn/Accept

Create a server/client AsyncSSLSocket

Definition at line 239 of file AsyncSSLSocket.cpp.

References ctx_, init(), folly::AsyncSocket::noTransparentTls_, sslInfoCallback(), sslState_, and STATE_UNENCRYPTED.

    : AsyncSocket(evb, fd),
      server_(server),
      ctx_(ctx),
      handshakeTimeout_(this, evb),
      connectionTimeout_(this, evb) {
  noTransparentTls_ = true;
  init();
  if (server) {
    SSL_CTX_set_info_callback(
        ctx_->getSSLCtx(), AsyncSSLSocket::sslInfoCallback);
  }
  if (deferSecurityNegotiation) {
    sslState_ = STATE_UNENCRYPTED;
  }
}

folly::AsyncSSLSocket::AsyncSSLSocket	(	const std::shared_ptr< folly::SSLContext > &	ctx,
		AsyncSocket::UniquePtr	oldAsyncSocket,
		bool	server = true,
		bool	deferSecurityNegotiation = false
	)

Create a server/client AsyncSSLSocket from an already connected AsyncSocket.

Definition at line 261 of file AsyncSSLSocket.cpp.

References AsyncSSLSocket(), ctx_, init(), folly::AsyncSocket::noTransparentTls_, sslInfoCallback(), sslState_, STATE_UNENCRYPTED, and string.

    : AsyncSocket(std::move(oldAsyncSocket)),
      server_(server),
      ctx_(ctx),
      handshakeTimeout_(this, AsyncSocket::getEventBase()),
      connectionTimeout_(this, AsyncSocket::getEventBase()) {
  noTransparentTls_ = true;
  init();
  if (server) {
    SSL_CTX_set_info_callback(
        ctx_->getSSLCtx(), AsyncSSLSocket::sslInfoCallback);
  }
  if (deferSecurityNegotiation) {
    sslState_ = STATE_UNENCRYPTED;
  }
}

folly::AsyncSSLSocket::~AsyncSSLSocket ( )

overrideprotected

Protected destructor.

Users of AsyncSSLSocket must never delete it directly. Instead, invoke destroy() instead. (See the documentation in DelayedDestruction.h for more details.)

Definition at line 311 of file AsyncSSLSocket.cpp.

References folly::AsyncSocket::eventBase_, folly::AsyncSocket::eventFlags_, folly::AsyncSocket::fd_, sslState_, and folly::AsyncSocket::state_.

Referenced by setAsyncOperationFinishCallback().

                                {
  VLOG(3) << "actual destruction of AsyncSSLSocket(this=" << this
          << ", evb=" << eventBase_ << ", fd=" << fd_
          << ", state=" << int(state_) << ", sslState=" << sslState_
          << ", events=" << eventFlags_ << ")";
}

Member Function Documentation

void folly::AsyncSSLSocket::applyVerificationOptions ( const ssl::SSLUniquePtr &  ssl )

protected

Apply verification options passed to sslConn/sslAccept or those set in the underlying SSLContext object.

Parameters

ssl	pointer to the SSL object on which verification options will be applied. If verifyPeer_ was explicitly set either via sslConn/sslAccept, those options override the settings in the underlying SSLContext.

Definition at line 720 of file AsyncSSLSocket.cpp.

References ctx_, folly::SSLContext::getVerificationMode(), sslVerifyCallback(), and verifyPeer_.

Referenced by handleAccept(), sslConn(), and sslWriteImpl().

                                                                        {
  // apply the settings specified in verifyPeer_
  if (verifyPeer_ == SSLContext::SSLVerifyPeerEnum::USE_CTX) {
    if (ctx_->needsPeerVerification()) {
      SSL_set_verify(
          ssl.get(),
          ctx_->getVerificationMode(),
          AsyncSSLSocket::sslVerifyCallback);
    }
  } else {
    if (verifyPeer_ == SSLContext::SSLVerifyPeerEnum::VERIFY ||
        verifyPeer_ == SSLContext::SSLVerifyPeerEnum::VERIFY_REQ_CLIENT_CERT) {
      SSL_set_verify(
          ssl.get(),
          SSLContext::getVerificationMode(verifyPeer_),
          AsyncSSLSocket::sslVerifyCallback);
    }
  }
}

void folly::AsyncSSLSocket::attachEventBase ( EventBase *  eventBase )

inlineoverridevirtual

Attach the transport to a EventBase.

This may only be called if the transport is not currently attached to a EventBase (by an earlier call to detachEventBase()).

This method must be invoked in the EventBase's thread.

Reimplemented from folly::AsyncSocket.

Definition at line 569 of file AsyncSSLSocket.h.

References folly::AsyncTimeout::attachEventBase(), folly::AsyncSocket::attachEventBase(), connectionTimeout_, and handshakeTimeout_.

Referenced by folly::EvbAndContext::attach().

                                                      {
    AsyncSocket::attachEventBase(eventBase);
    handshakeTimeout_.attachEventBase(eventBase);
    connectionTimeout_.attachEventBase(eventBase);
  }

virtual void folly::AsyncSSLSocket::attachTimeoutManager ( TimeoutManager *  manager )

inlinevirtual

Definition at line 585 of file AsyncSSLSocket.h.

References folly::AsyncTimeout::attachTimeoutManager(), and handshakeTimeout_.

                                                             {
    handshakeTimeout_.attachTimeoutManager(manager);
  }

int folly::AsyncSSLSocket::bioRead ( BIO *  b, char *  out, int  outl  )

static

Definition at line 1751 of file AsyncSSLSocket.cpp.

References folly::IOBufQueue::append(), folly::ssl::OpenSSLUtils::getBioAppData(), folly::ssl::OpenSSLUtils::getBioFd(), folly::ssl::OpenSSLUtils::getBioShouldRetryWrite(), folly::IOBufQueue::move(), folly::gen::move, folly::io::detail::CursorBase< Derived, BufType >::pullAtMost(), folly::netops::recv(), and folly::IOBufQueue::trimStart().

Referenced by getSSLContext().

                                                       {
  if (!out) {
    return 0;
  }
  BIO_clear_retry_flags(b);

  auto appData = OpenSSLUtils::getBioAppData(b);
  CHECK(appData);
  auto sslSock = reinterpret_cast<AsyncSSLSocket*>(appData);

  if (sslSock->preReceivedData_ && !sslSock->preReceivedData_->empty()) {
    VLOG(5) << "AsyncSSLSocket::bioRead() this=" << sslSock
            << ", reading pre-received data";

    Cursor cursor(sslSock->preReceivedData_.get());
    auto len = cursor.pullAtMost(out, outl);

    IOBufQueue queue;
    queue.append(std::move(sslSock->preReceivedData_));
    queue.trimStart(len);
    sslSock->preReceivedData_ = queue.move();
    return static_cast<int>(len);
  } else {
    auto result = int(recv(OpenSSLUtils::getBioFd(b, nullptr), out, outl, 0));
    if (result <= 0 && OpenSSLUtils::getBioShouldRetryWrite(result)) {
      BIO_set_retry_read(b);
    }
    return result;
  }
}

int folly::AsyncSSLSocket::bioWrite ( BIO *  b, const char *  in, int  inl  )

static

Definition at line 1701 of file AsyncSSLSocket.cpp.

References folly::CORK, folly::EOR, folly::ssl::OpenSSLUtils::getBioAppData(), folly::ssl::OpenSSLUtils::getBioFd(), folly::ssl::OpenSSLUtils::getBioShouldRetryWrite(), folly::AsyncSocket::SendMsgParamsCallback::maxAncillaryDataSize, and folly::NONE.

Referenced by getSSLContext().

                                                            {
  struct msghdr msg;
  struct iovec iov;
  AsyncSSLSocket* tsslSock;

  iov.iov_base = const_cast<char*>(in);
  iov.iov_len = size_t(inl);
  memset(&msg, 0, sizeof(msg));
  msg.msg_iov = &iov;
  msg.msg_iovlen = 1;

  auto appData = OpenSSLUtils::getBioAppData(b);
  CHECK(appData);

  tsslSock = reinterpret_cast<AsyncSSLSocket*>(appData);
  CHECK(tsslSock);

  WriteFlags flags = WriteFlags::NONE;
  if (tsslSock->isEorTrackingEnabled() && tsslSock->minEorRawByteNo_ &&
      tsslSock->minEorRawByteNo_ <= BIO_number_written(b) + inl) {
    flags |= WriteFlags::EOR;
  }

  if (tsslSock->corkCurrentWrite_) {
    flags |= WriteFlags::CORK;
  }

  int msg_flags = tsslSock->getSendMsgParamsCB()->getFlags(
      flags, false /*zeroCopyEnabled*/);
  msg.msg_controllen =
      tsslSock->getSendMsgParamsCB()->getAncillaryDataSize(flags);
  CHECK_GE(
      AsyncSocket::SendMsgParamsCallback::maxAncillaryDataSize,
      msg.msg_controllen);
  if (msg.msg_controllen != 0) {
    msg.msg_control = reinterpret_cast<char*>(alloca(msg.msg_controllen));
    tsslSock->getSendMsgParamsCB()->getAncillaryData(flags, msg.msg_control);
  }

  auto result = tsslSock->sendSocketMessage(
      OpenSSLUtils::getBioFd(b, nullptr), &msg, msg_flags);
  BIO_clear_retry_flags(b);
  if (!result.exception && result.writeReturn <= 0) {
    if (OpenSSLUtils::getBioShouldRetryWrite(int(result.writeReturn))) {
      BIO_set_retry_write(b);
    }
  }
  return int(result.writeReturn);
}

void folly::AsyncSSLSocket::checkForImmediateRead ( )

overrideprotectedvirtualnoexcept

Reimplemented from folly::AsyncSocket.

Definition at line 1073 of file AsyncSSLSocket.cpp.

References folly::AsyncSocket::checkForImmediateRead(), folly::AsyncSocket::handleRead(), and ssl_.

Referenced by setAsyncOperationFinishCallback(), and sslAccept().

                                                    {
  // openssl may have buffered data that it read from the socket already.
  // In this case we have to process it immediately, rather than waiting for
  // the socket to become readable again.
  if (ssl_ != nullptr && SSL_pending(ssl_.get()) > 0) {
    AsyncSocket::handleRead();
  } else {
    AsyncSocket::checkForImmediateRead();
  }
}

void folly::AsyncSSLSocket::clientHelloParsingCallback ( int  write_p, int  version, int  content_type, const void *  buf, size_t  len, SSL *  ssl, void *  arg  )

static

Definition at line 1807 of file AsyncSSLSocket.cpp.

References clientHelloInfo_, folly::IOBuf::copyBuffer(), i, resetClientHelloParsing(), folly::ssl::SIGNATURE_ALGORITHMS, folly::ssl::SUPPORTED_VERSIONS, uint16_t, uint32_t, uint8_t, and folly::IOBuf::wrapBuffer().

Referenced by getSSLContext(), and handleAccept().

               {
  AsyncSSLSocket* sock = static_cast<AsyncSSLSocket*>(arg);
  if (written != 0) {
    sock->resetClientHelloParsing(ssl);
    return;
  }
  if (contentType != SSL3_RT_HANDSHAKE) {
    return;
  }
  if (len == 0) {
    return;
  }

  auto& clientHelloBuf = sock->clientHelloInfo_->clientHelloBuf_;
  clientHelloBuf.append(IOBuf::wrapBuffer(buf, len));
  try {
    Cursor cursor(clientHelloBuf.front());
    if (cursor.read<uint8_t>() != SSL3_MT_CLIENT_HELLO) {
      sock->resetClientHelloParsing(ssl);
      return;
    }

    if (cursor.totalLength() < 3) {
      clientHelloBuf.trimEnd(len);
      clientHelloBuf.append(IOBuf::copyBuffer(buf, len));
      return;
    }

    uint32_t messageLength = cursor.read<uint8_t>();
    messageLength <<= 8;
    messageLength |= cursor.read<uint8_t>();
    messageLength <<= 8;
    messageLength |= cursor.read<uint8_t>();
    if (cursor.totalLength() < messageLength) {
      clientHelloBuf.trimEnd(len);
      clientHelloBuf.append(IOBuf::copyBuffer(buf, len));
      return;
    }

    sock->clientHelloInfo_->clientHelloMajorVersion_ = cursor.read<uint8_t>();
    sock->clientHelloInfo_->clientHelloMinorVersion_ = cursor.read<uint8_t>();

    cursor.skip(4); // gmt_unix_time
    cursor.skip(28); // random_bytes

    cursor.skip(cursor.read<uint8_t>()); // session_id

    uint16_t cipherSuitesLength = cursor.readBE<uint16_t>();
    for (int i = 0; i < cipherSuitesLength; i += 2) {
      sock->clientHelloInfo_->clientHelloCipherSuites_.push_back(
          cursor.readBE<uint16_t>());
    }

    uint8_t compressionMethodsLength = cursor.read<uint8_t>();
    for (int i = 0; i < compressionMethodsLength; ++i) {
      sock->clientHelloInfo_->clientHelloCompressionMethods_.push_back(
          cursor.readBE<uint8_t>());
    }

    if (cursor.totalLength() > 0) {
      uint16_t extensionsLength = cursor.readBE<uint16_t>();
      while (extensionsLength) {
        ssl::TLSExtension extensionType =
            static_cast<ssl::TLSExtension>(cursor.readBE<uint16_t>());
        sock->clientHelloInfo_->clientHelloExtensions_.push_back(extensionType);
        extensionsLength -= 2;
        uint16_t extensionDataLength = cursor.readBE<uint16_t>();
        extensionsLength -= 2;
        extensionsLength -= extensionDataLength;

        if (extensionType == ssl::TLSExtension::SIGNATURE_ALGORITHMS) {
          cursor.skip(2);
          extensionDataLength -= 2;
          while (extensionDataLength) {
            ssl::HashAlgorithm hashAlg =
                static_cast<ssl::HashAlgorithm>(cursor.readBE<uint8_t>());
            ssl::SignatureAlgorithm sigAlg =
                static_cast<ssl::SignatureAlgorithm>(cursor.readBE<uint8_t>());
            extensionDataLength -= 2;
            sock->clientHelloInfo_->clientHelloSigAlgs_.emplace_back(
                hashAlg, sigAlg);
          }
        } else if (extensionType == ssl::TLSExtension::SUPPORTED_VERSIONS) {
          cursor.skip(1);
          extensionDataLength -= 1;
          while (extensionDataLength) {
            sock->clientHelloInfo_->clientHelloSupportedVersions_.push_back(
                cursor.readBE<uint16_t>());
            extensionDataLength -= 2;
          }
        } else {
          cursor.skip(extensionDataLength);
        }
      }
    }
  } catch (std::out_of_range&) {
    // we'll use what we found and cleanup below.
    VLOG(4) << "AsyncSSLSocket::clientHelloParsingCallback(): "
            << "buffer finished unexpectedly."
            << " AsyncSSLSocket socket=" << sock;
  }

  sock->resetClientHelloParsing(ssl);
}

void folly::AsyncSSLSocket::closeNow ( )

overridevirtual

TODO: implement support for SSL renegotiation.

This involves proper handling of the SSL_ERROR_WANT_READ/WRITE code as a result of SSL_write/read(), instead of returning an error. In that case, the READ/WRITE event should be registered, and a flag (e.g., writeBlockedOnRead) should be set to indiciate the condition. In the next invocation of read/write callback, if the flag is on, performWrite()/performRead() should be called in addition to the normal call to performRead()/performWrite(), and the flag should be reset.

Reimplemented from folly::AsyncSocket.

Definition at line 327 of file AsyncSSLSocket.cpp.

References folly::AsyncTimeout::cancelTimeout(), folly::AsyncSocket::closeNow(), folly::AsyncSocketException::END_OF_FILE, folly::AsyncSocket::fd_, handshakeTimeout_, invokeHandshakeErr(), folly::AsyncTimeout::isScheduled(), ssl_, sslSession_, sslState_, and STATE_CLOSED.

Referenced by folly::test::MockAsyncSSLSocket::connect(), SSLCacheClient::handshakeSuc(), newSocket(), shutdownWriteNow(), and folly::TEST().

                              {
  // Close the SSL connection.
  if (ssl_ != nullptr && fd_ != -1) {
    int rc = SSL_shutdown(ssl_.get());
    if (rc == 0) {
      rc = SSL_shutdown(ssl_.get());
    }
    if (rc < 0) {
      ERR_clear_error();
    }
  }

  if (sslSession_ != nullptr) {
    SSL_SESSION_free(sslSession_);
    sslSession_ = nullptr;
  }

  sslState_ = STATE_CLOSED;

  if (handshakeTimeout_.isScheduled()) {
    handshakeTimeout_.cancelTimeout();
  }

  DestructorGuard dg(this);

  invokeHandshakeErr(AsyncSocketException(
      AsyncSocketException::END_OF_FILE, "SSL connection closed locally"));

  // Close the socket.
  AsyncSocket::closeNow();
}

void folly::AsyncSSLSocket::connect ( ConnectCallback *  callback, const folly::SocketAddress &  address, int  timeout = 0, const OptionMap &  options = emptyOptionMap, const folly::SocketAddress &  bindAddr = anyAddress()  )

overridevirtualnoexcept

Connect to the given address, invoking callback when complete or on error

Note timeout applies to TCP + SSL connection time

Reimplemented from folly::AsyncSocket.

Reimplemented in folly::test::MockAsyncSSLSocket.

Definition at line 682 of file AsyncSSLSocket.cpp.

References folly::detail::timeout.

Referenced by getSecurityProtocol().

                                                 {
  auto timeoutChrono = std::chrono::milliseconds(timeout);
  connect(callback, address, timeoutChrono, timeoutChrono, options, bindAddr);
}

void folly::AsyncSSLSocket::connect ( ConnectCallback *  callback, const folly::SocketAddress &  address, std::chrono::milliseconds  connectTimeout, std::chrono::milliseconds  totalConnectTimeout, const OptionMap &  options = emptyOptionMap, const folly::SocketAddress &  bindAddr = anyAddress()  )

virtualnoexcept

A variant of connect that allows the caller to specify the timeout for the regular connect and the ssl connect separately. connectTimeout is specified as the time to establish a TCP connection. totalConnectTimeout defines the time it takes from starting the TCP connection to the time the ssl connection is established. The reason the timeout is defined this way is because user's rarely need to specify the SSL timeout independently of the connect timeout. It allows us to bound the time for a connect and SSL connection in a finer grained manner than if timeout was just defined independently for SSL.

Definition at line 692 of file AsyncSSLSocket.cpp.

References folly::AsyncSocket::connect(), folly::AsyncSocket::noTransparentTls_, server_, sslState_, folly::AsyncSocket::state_, STATE_UNENCRYPTED, STATE_UNINIT, totalConnectTimeout_, and folly::AsyncSocket::UNINIT.

                                                 {
  assert(!server_);
  assert(state_ == StateEnum::UNINIT);
  assert(sslState_ == STATE_UNINIT || sslState_ == STATE_UNENCRYPTED);
  noTransparentTls_ = true;
  totalConnectTimeout_ = totalConnectTimeout;
  if (sslState_ != STATE_UNENCRYPTED) {
    callback = new AsyncSSLSocketConnector(this, callback, totalConnectTimeout);
  }
  AsyncSocket::connect(
      callback, address, int(connectTimeout.count()), options, bindAddr);
}

bool folly::AsyncSSLSocket::connecting ( ) const

overridevirtual

Determine if transport is connected to the endpoint

Returns

false iff the transport is connected, otherwise true

Reimplemented from folly::AsyncSocket.

Definition at line 386 of file AsyncSSLSocket.cpp.

References folly::AsyncSocket::connecting(), folly::AsyncSocket::good(), server_, sslState_, STATE_CONNECTING, and STATE_UNINIT.

Referenced by newSocket().

                                      {
  return (
      !server_ &&
      (AsyncSocket::connecting() ||
       (AsyncSocket::good() &&
        (sslState_ == STATE_UNINIT || sslState_ == STATE_CONNECTING))));
}

void folly::AsyncSSLSocket::detachEventBase ( )

inlineoverridevirtual

Detach the transport from its EventBase.

This may only be called when the transport is idle and has no reads or writes pending. Once detached, the transport may not be used again until it is re-attached to a EventBase by calling attachEventBase().

This method must be called from the current EventBase's thread.

Reimplemented from folly::AsyncSocket.

Definition at line 575 of file AsyncSSLSocket.h.

References connectionTimeout_, folly::AsyncTimeout::detachEventBase(), folly::AsyncSocket::detachEventBase(), and handshakeTimeout_.

                                  {
    AsyncSocket::detachEventBase();
    handshakeTimeout_.detachEventBase();
    connectionTimeout_.detachEventBase();
  }

virtual void folly::AsyncSSLSocket::detachTimeoutManager ( )

inlinevirtual

Definition at line 589 of file AsyncSSLSocket.h.

References folly::AsyncTimeout::detachTimeoutManager(), and handshakeTimeout_.

                                      {
    handshakeTimeout_.detachTimeoutManager();
  }

void folly::AsyncSSLSocket::enableClientHelloParsing

(

)

Definition at line 1796 of file AsyncSSLSocket.cpp.

References clientHelloInfo_, and parseClientHello_.

Referenced by getSecurityProtocol().

                                              {
  parseClientHello_ = true;
  clientHelloInfo_ = std::make_unique<ssl::ClientHelloInfo>();
}

int folly::AsyncSSLSocket::eorAwareSSLWrite ( const ssl::SSLUniquePtr &  ssl, const void *  buf, int  n, bool  eor  )

protected

A SSL_write wrapper that understand EOR

Parameters

ssl	SSL pointer
buf	Buffer to be written
n	Number of bytes to be written
eor	Does the last byte (buf[n-1]) have the app-last-byte?

Returns

: The number of app bytes successfully written to the socket

Definition at line 1651 of file AsyncSSLSocket.cpp.

References folly::AsyncSocket::appBytesWritten_, appEorByteNo_, getRawBytesWritten(), folly::AsyncSocket::isEorTrackingEnabled(), minEorRawByteNo_, and sslWriteImpl().

Referenced by performWrite(), and sslWriteImpl().

              {
  if (eor && isEorTrackingEnabled()) {
    if (appEorByteNo_) {
      // cannot track for more than one app byte EOR
      CHECK(appEorByteNo_ == appBytesWritten_ + n);
    } else {
      appEorByteNo_ = appBytesWritten_ + n;
    }

    // 1. It is fine to keep updating minEorRawByteNo_.
    // 2. It is _min_ in the sense that SSL record will add some overhead.
    minEorRawByteNo_ = getRawBytesWritten() + n;
  }

  n = sslWriteImpl(ssl.get(), buf, n);
  if (n > 0) {
    appBytesWritten_ += n;
    if (appEorByteNo_) {
      if (getRawBytesWritten() >= minEorRawByteNo_) {
        minEorRawByteNo_ = 0;
      }
      if (appBytesWritten_ == appEorByteNo_) {
        appEorByteNo_ = 0;
      } else {
        CHECK(appBytesWritten_ < appEorByteNo_);
      }
    }
  }
  return n;
}

void folly::AsyncSSLSocket::failHandshake ( const char *  fn, const AsyncSocketException &  ex  )

protected

Definition at line 650 of file AsyncSSLSocket.cpp.

References folly::AsyncTimeout::cancelTimeout(), folly::AsyncSocket::finishFail(), handshakeTimeout_, invokeHandshakeErr(), folly::AsyncTimeout::isScheduled(), and folly::AsyncSocket::startFail().

Referenced by handleAccept(), handleConnect(), handleReturnFromSSLAccept(), invalidState(), restartSSLAccept(), sslConn(), sslWriteImpl(), and timeoutExpired().

                                    {
  startFail();
  if (handshakeTimeout_.isScheduled()) {
    handshakeTimeout_.cancelTimeout();
  }
  invokeHandshakeErr(ex);
  finishFail();
}

void folly::AsyncSSLSocket::forceCacheAddrOnFailure ( bool  force )

inline

Force AsyncSSLSocket object to cache local and peer socket addresses. If called with "true" before connect() this function forces full local and remote socket addresses to be cached in the socket object and available through getLocalAddress()/getPeerAddress() methods even after the socket is closed.

Definition at line 765 of file AsyncSSLSocket.h.

References cacheAddrOnFailure_.

                                           {
    cacheAddrOnFailure_ = force;
  }

std::string folly::AsyncSSLSocket::getApplicationProtocol ( ) const

overridevirtualnoexcept

Return the application protocol being used by the underlying transport protocol. This is useful for transports which are used to tunnel other protocols.

Reimplemented from folly::AsyncTransport.

Definition at line 394 of file AsyncSSLSocket.cpp.

References getSelectedNextProtocolNoThrow(), and string.

Referenced by newSocket().

                                                                {
  const unsigned char* protoName = nullptr;
  unsigned protoLength;
  if (getSelectedNextProtocolNoThrow(&protoName, &protoLength)) {
    return std::string(reinterpret_cast<const char*>(protoName), protoLength);
  }
  return "";
}

bool folly::AsyncSSLSocket::getCertCacheHit ( ) const

inline

Definition at line 781 of file AsyncSSLSocket.h.

References certCacheHit_.

                               {
    return certCacheHit_;
  }

ssl::ClientHelloInfo* folly::AsyncSSLSocket::getClientHelloInfo ( ) const

inline

Definition at line 716 of file AsyncSSLSocket.h.

References clientHelloInfo_.

Referenced by wangle::SSLContextManager::addSSLContextConfig().

                                                 {
    return clientHelloInfo_.get();
  }

AsyncSSLSocket * folly::AsyncSSLSocket::getFromSSL ( const SSL *  ssl )

static

Definition at line 645 of file AsyncSSLSocket.cpp.

References getSSLExDataIndex().

Referenced by wangle::SSLContextManager::addSSLContextConfig(), wangle::SSLSessionCacheManager::getSession(), folly::TestSSLAsyncCacheServer::getSessionCallback(), wangle::SSLSessionCallbacks::getSessionKeyFromSSL(), getSSLContext(), folly::SNIServer::serverNameCallback(), sslInfoCallback(), and sslVerifyCallback().

                                                         {
  return static_cast<AsyncSSLSocket*>(
      SSL_get_ex_data(ssl, getSSLExDataIndex()));
}

virtual std::chrono::nanoseconds folly::AsyncSSLSocket::getHandshakeTime ( ) const

inlinevirtual

Returns the time taken to complete a handshake.

Definition at line 723 of file AsyncSSLSocket.h.

References handshakeEndTime_, and handshakeStartTime_.

                                                        {
    return handshakeEndTime_ - handshakeStartTime_;
  }

size_t folly::AsyncSSLSocket::getMinWriteSize ( ) const

inline

Definition at line 731 of file AsyncSSLSocket.h.

References getPeerCertificate(), getSelfCertificate(), minWriteSize_, setBufferMovableEnabled(), and setReadCB().

                                 {
    return minWriteSize_;
  }

const char * folly::AsyncSSLSocket::getNegotiatedCipherName ( ) const

virtual

Get the negociated cipher name for this SSL connection. Returns the cipher used or the constant value "NONE" when no SSL session has been established.

Definition at line 882 of file AsyncSSLSocket.cpp.

References ssl_.

Referenced by proxygen::HTTPConnector::connectSuccess(), wangle::SSLAcceptorHandshakeHelper::fillSSLTransportInfoFields(), and setSessionIDResumed().

                                                          {
  return (ssl_ != nullptr) ? SSL_get_cipher_name(ssl_.get()) : nullptr;
}

ssl::X509UniquePtr folly::AsyncSSLSocket::getPeerCert ( ) const

inlineoverridevirtual

Returns the peer certificate, or nullptr if no peer certificate received.

Reimplemented from folly::AsyncTransport.

Definition at line 750 of file AsyncSSLSocket.h.

References getPeerCertificate().

                                                {
    auto peerCert = getPeerCertificate();
    if (!peerCert) {
      return nullptr;
    }
    return peerCert->getX509();
  }

const AsyncTransportCertificate * folly::AsyncSSLSocket::getPeerCertificate ( ) const

overridevirtual

Get the peer certificate information if any

Reimplemented from folly::AsyncSocket.

Definition at line 935 of file AsyncSSLSocket.cpp.

References folly::gen::move, folly::AsyncSocket::peerCertData_, and ssl_.

Referenced by getMinWriteSize(), and getPeerCert().

                                                                          {
  if (peerCertData_) {
    return peerCertData_.get();
  }
  if (ssl_ != nullptr) {
    auto peerX509 = SSL_get_peer_certificate(ssl_.get());
    if (peerX509) {
      // already up ref'd
      folly::ssl::X509UniquePtr peer(peerX509);
      peerCertData_ = std::make_unique<AsyncSSLCertificate>(std::move(peer));
    }
  }
  return peerCertData_.get();
}

size_t folly::AsyncSSLSocket::getRawBytesReceived ( ) const

overridevirtual

Reimplemented from folly::AsyncSocket.

Definition at line 429 of file AsyncSSLSocket.cpp.

References b, and ssl_.

Referenced by wangle::SSLAcceptorHandshakeHelper::fillSSLTransportInfoFields(), and getSecurityProtocol().

                                                 {
  BIO* b;
  if (!ssl_ || !(b = SSL_get_rbio(ssl_.get()))) {
    return 0;
  }

  return BIO_number_read(b);
}

size_t folly::AsyncSSLSocket::getRawBytesWritten ( ) const

overridevirtual

Reimplemented from folly::AsyncSocket.

Definition at line 411 of file AsyncSSLSocket.cpp.

References b, cpp.ast::next(), and ssl_.

Referenced by eorAwareSSLWrite(), wangle::SSLAcceptorHandshakeHelper::fillSSLTransportInfoFields(), and getSecurityProtocol().

                                                {
  // The bio(s) in the write path are in a chain
  // each bio flushes to the next and finally written into the socket
  // to get the rawBytesWritten on the socket,
  // get the write bytes of the last bio
  BIO* b;
  if (!ssl_ || !(b = SSL_get_wbio(ssl_.get()))) {
    return 0;
  }
  BIO* next = BIO_next(b);
  while (next != nullptr) {
    b = next;
    next = BIO_next(b);
  }

  return BIO_number_written(b);
}

std::string folly::AsyncSSLSocket::getSecurityProtocol ( ) const

inlineoverridevirtual

Returns the name of the security protocol being used.

Reimplemented from folly::AsyncTransport.

Definition at line 330 of file AsyncSSLSocket.h.

References folly::AsyncSocket::anyAddress(), connect(), folly::AsyncSocket::connect(), folly::AsyncSocket::emptyOptionMap, enableClientHelloParsing(), getRawBytesReceived(), getRawBytesWritten(), folly::pushmi::__adl::noexcept(), restartSSLAccept(), setEorTracking(), sslAccept(), sslConn(), sslState_, STATE_UNENCRYPTED, and folly::detail::timeout.

Referenced by wangle::SSLAcceptorHandshakeHelper::fillSSLTransportInfoFields().

                                                 {
    if (sslState_ == STATE_UNENCRYPTED) {
      return "";
    }
    return "TLS";
  }

void folly::AsyncSSLSocket::getSelectedNextProtocol ( const unsigned char **  protoName, unsigned *  protoLen  ) const

virtual

Get the name of the protocol selected by the client during Application Layer Protocol Negotiation (ALPN)

Throw an exception if openssl does not support NPN

Parameters

protoName	Name of the protocol (not guaranteed to be null terminated); will be set to nullptr if the client did not negotiate a protocol. Note: the AsyncSSLSocket retains ownership of this string.
protoNameLen	Length of the name.
protoType	Whether this was an NPN or ALPN negotiation

Definition at line 853 of file AsyncSSLSocket.cpp.

References getSelectedNextProtocolNoThrow(), and folly::AsyncSocketException::NOT_SUPPORTED.

Referenced by folly::test::MockAsyncSSLSocket::connect(), getSSLState(), and CurlService::CurlClient::sslHandshakeFollowup().

                              {
  if (!getSelectedNextProtocolNoThrow(protoName, protoLen)) {
    throw AsyncSocketException(
        AsyncSocketException::NOT_SUPPORTED, "ALPN not supported");
  }
}

bool folly::AsyncSSLSocket::getSelectedNextProtocolNoThrow ( const unsigned char **  protoName, unsigned *  protoLen  ) const

virtual

Get the name of the protocol selected by the client during Next Protocol Negotiation (NPN) or Application Layer Protocol Negotiation (ALPN)

Parameters

protoName	Name of the protocol (not guaranteed to be null terminated); will be set to nullptr if the client did not negotiate a protocol. Note: the AsyncSSLSocket retains ownership of this string.
protoNameLen	Length of the name.
protoType	Whether this was an NPN or ALPN negotiation

Returns

false if openssl does not support NPN

Definition at line 862 of file AsyncSSLSocket.cpp.

References ssl_.

Referenced by folly::test::MockAsyncSSLSocket::connect(), getApplicationProtocol(), getSelectedNextProtocol(), and getSSLState().

                              {
  *protoName = nullptr;
  *protoLen = 0;
#if FOLLY_OPENSSL_HAS_ALPN
  SSL_get0_alpn_selected(ssl_.get(), protoName, protoLen);
  return true;
#else
  return false;
#endif
}

const X509 * folly::AsyncSSLSocket::getSelfCert ( ) const

overridevirtual

Get the certificate used for this SSL connection. May be null

Reimplemented from folly::AsyncTransport.

Definition at line 967 of file AsyncSSLSocket.cpp.

References ssl_.

Referenced by setSessionIDResumed().

                                              {
  return (ssl_ != nullptr) ? SSL_get_certificate(ssl_.get()) : nullptr;
}

const AsyncTransportCertificate * folly::AsyncSSLSocket::getSelfCertificate ( ) const

overridevirtual

Get the certificate information of this transport, if any

Reimplemented from folly::AsyncSocket.

Definition at line 950 of file AsyncSSLSocket.cpp.

References folly::gen::move, folly::AsyncSocket::selfCertData_, and ssl_.

Referenced by getMinWriteSize().

                                                                          {
  if (selfCertData_) {
    return selfCertData_.get();
  }
  if (ssl_ != nullptr) {
    auto selfX509 = SSL_get_certificate(ssl_.get());
    if (selfX509) {
      // need to upref
      X509_up_ref(selfX509);
      folly::ssl::X509UniquePtr peer(selfX509);
      selfCertData_ = std::make_unique<AsyncSSLCertificate>(std::move(peer));
    }
  }
  return selfCertData_.get();
}

const std::string& folly::AsyncSSLSocket::getSessionKey ( ) const

inline

Definition at line 769 of file AsyncSSLSocket.h.

References sessionKey_.

                                         {
    return sessionKey_;
  }

const SSL * folly::AsyncSSLSocket::getSSL

(

)

const

Get a handle to the SSL struct.

Definition at line 837 of file AsyncSSLSocket.cpp.

References ssl_.

Referenced by getSSLState().

                                        {
  return ssl_.get();
}

std::string folly::AsyncSSLSocket::getSSLAlertsReceived

(

)

const

Definition at line 2004 of file AsyncSSLSocket.cpp.

References alertsReceived_, and string.

Referenced by getSSLContext().

                                                     {
  std::string ret;

  for (const auto& alert : alertsReceived_) {
    if (!ret.empty()) {
      ret.append(",");
    }
    ret.append(folly::to<std::string>(alert.first, ": ", alert.second));
  }

  return ret;
}

const char * folly::AsyncSSLSocket::getSSLCertSigAlgName

(

)

const

Get the signature algorithm used in the cert that is used for this connection.

Definition at line 915 of file AsyncSSLSocket.cpp.

References ssl_.

Referenced by wangle::SSLAcceptorHandshakeHelper::fillSSLTransportInfoFields(), and setSessionIDResumed().

                                                       {
  X509* cert = (ssl_ != nullptr) ? SSL_get_certificate(ssl_.get()) : nullptr;
  if (cert) {
    int nid = X509_get_signature_nid(cert);
    return OBJ_nid2ln(nid);
  }
  return nullptr;
}

int folly::AsyncSSLSocket::getSSLCertSize

(

)

const

Get the certificate size used for this SSL connection.

Definition at line 924 of file AsyncSSLSocket.cpp.

References ssl_.

Referenced by wangle::SSLAcceptorHandshakeHelper::fillSSLTransportInfoFields(), and setSessionIDResumed().

                                         {
  int certSize = 0;
  X509* cert = (ssl_ != nullptr) ? SSL_get_certificate(ssl_.get()) : nullptr;
  if (cert) {
    EVP_PKEY* key = X509_get_pubkey(cert);
    certSize = EVP_PKEY_bits(key);
    EVP_PKEY_free(key);
  }
  return certSize;
}

std::string folly::AsyncSSLSocket::getSSLCertVerificationAlert

(

)

const

Definition at line 2021 of file AsyncSSLSocket.cpp.

References sslVerificationAlert_.

Referenced by getSSLContext().

                                                            {
  return sslVerificationAlert_;
}

void folly::AsyncSSLSocket::getSSLClientCiphers	(	std::string &	clientCiphers,
		bool	convertToString = true
	)		const

Get the list of supported ciphers sent by the client in the client's preference order.

Definition at line 1919 of file AsyncSSLSocket.cpp.

References clientHelloInfo_, folly::gen::first, folly::ssl::OpenSSLUtils::getCipherName(), folly::hexlify(), folly::gen::move, name, parseClientHello_, string, and uint8_t.

Referenced by wangle::SSLAcceptorHandshakeHelper::fillSSLTransportInfoFields(), and getSSLContext().

                                {
  std::string ciphers;

  if (parseClientHello_ == false ||
      clientHelloInfo_->clientHelloCipherSuites_.empty()) {
    clientCiphers = "";
    return;
  }

  bool first = true;
  for (auto originalCipherCode : clientHelloInfo_->clientHelloCipherSuites_) {
    if (first) {
      first = false;
    } else {
      ciphers += ":";
    }

    bool nameFound = convertToString;

    if (convertToString) {
      const auto& name = OpenSSLUtils::getCipherName(originalCipherCode);
      if (name.empty()) {
        nameFound = false;
      } else {
        ciphers += name;
      }
    }

    if (!nameFound) {
      folly::hexlify(
          std::array<uint8_t, 2>{
              {static_cast<uint8_t>((originalCipherCode >> 8) & 0xffL),
               static_cast<uint8_t>(originalCipherCode & 0x00ffL)}},
          ciphers,
          /* append to ciphers = */ true);
    }
  }

  clientCiphers = std::move(ciphers);
}

std::string folly::AsyncSSLSocket::getSSLClientComprMethods

(

)

const

Get the list of compression methods sent by the client in TLS Hello.

Definition at line 1962 of file AsyncSSLSocket.cpp.

References clientHelloInfo_, folly::join(), and parseClientHello_.

Referenced by wangle::SSLAcceptorHandshakeHelper::fillSSLTransportInfoFields(), and getSSLContext().

                                                         {
  if (!parseClientHello_) {
    return "";
  }
  return folly::join(":", clientHelloInfo_->clientHelloCompressionMethods_);
}

std::string folly::AsyncSSLSocket::getSSLClientExts

(

)

const

Get the list of TLS extensions sent by the client in the TLS Hello.

Definition at line 1969 of file AsyncSSLSocket.cpp.

References clientHelloInfo_, folly::join(), and parseClientHello_.

Referenced by wangle::SSLAcceptorHandshakeHelper::fillSSLTransportInfoFields(), and getSSLContext().

                                                 {
  if (!parseClientHello_) {
    return "";
  }
  return folly::join(":", clientHelloInfo_->clientHelloExtensions_);
}

std::string folly::AsyncSSLSocket::getSSLClientSigAlgs

(

)

const

Definition at line 1976 of file AsyncSSLSocket.cpp.

References clientHelloInfo_, i, parseClientHello_, and string.

Referenced by wangle::SSLAcceptorHandshakeHelper::fillSSLTransportInfoFields(), and getSSLContext().

                                                    {
  if (!parseClientHello_) {
    return "";
  }

  std::string sigAlgs;
  sigAlgs.reserve(clientHelloInfo_->clientHelloSigAlgs_.size() * 4);
  for (size_t i = 0; i < clientHelloInfo_->clientHelloSigAlgs_.size(); i++) {
    if (i) {
      sigAlgs.push_back(':');
    }
    sigAlgs.append(
        folly::to<std::string>(clientHelloInfo_->clientHelloSigAlgs_[i].first));
    sigAlgs.push_back(',');
    sigAlgs.append(folly::to<std::string>(
        clientHelloInfo_->clientHelloSigAlgs_[i].second));
  }

  return sigAlgs;
}

std::string folly::AsyncSSLSocket::getSSLClientSupportedVersions

(

)

const

Get the list of versions in the supported versions extension (used to negotiate TLS 1.3).

Definition at line 1997 of file AsyncSSLSocket.cpp.

References clientHelloInfo_, folly::join(), and parseClientHello_.

Referenced by wangle::SSLAcceptorHandshakeHelper::fillSSLTransportInfoFields(), and getSSLContext().

                                                              {
  if (!parseClientHello_) {
    return "";
  }
  return folly::join(":", clientHelloInfo_->clientHelloSupportedVersions_);
}

const std::shared_ptr<folly::SSLContext>& folly::AsyncSSLSocket::getSSLContext ( ) const

inline

Returns the original folly::SSLContext associated with this socket.

Suitable for use in AsyncSSLSocket constructor to construct a new AsyncSSLSocket using an existing socket's context.

switchServerSSLContext() does not affect this return value.

Definition at line 615 of file AsyncSSLSocket.h.

References b, bioRead(), bioWrite(), clientHelloParsingCallback(), ctx_, getFromSSL(), getSSLAlertsReceived(), getSSLCertVerificationAlert(), getSSLClientCiphers(), getSSLClientComprMethods(), getSSLClientExts(), getSSLClientSigAlgs(), getSSLClientSupportedVersions(), getSSLExDataIndex(), getSSLServerCiphers(), getSSLServerNameFromSSL(), getSSLSharedCiphers(), needsPeerVerification(), folly::pushmi::__adl::noexcept(), resetClientHelloParsing(), setSSLCertVerificationAlert(), string, folly::detail::timeout, folly::AsyncSocket::timeoutExpired(), and version.

                                                              {
    return ctx_;
  }

int folly::AsyncSSLSocket::getSSLExDataIndex ( )

static

Definition at line 639 of file AsyncSSLSocket.cpp.

Referenced by getFromSSL(), getSSLContext(), handleAccept(), and sslConn().

                                      {
  static auto index = SSL_get_ex_new_index(
      0, (void*)"AsyncSSLSocket data index", nullptr, nullptr, nullptr);
  return index;
}

void folly::AsyncSSLSocket::getSSLServerCiphers

(

std::string &

serverCiphers

)

const

Get the list of ciphers supported by the server in the server's preference order.

Definition at line 2032 of file AsyncSSLSocket.cpp.

References cipher, i, and ssl_.

Referenced by wangle::SSLAcceptorHandshakeHelper::fillSSLTransportInfoFields(), and getSSLContext().

                                                                       {
  serverCiphers = SSL_get_cipher_list(ssl_.get(), 0);
  int i = 1;
  const char* cipher;
  while ((cipher = SSL_get_cipher_list(ssl_.get(), i)) != nullptr) {
    serverCiphers.append(":");
    serverCiphers.append(cipher);
    i++;
  }
}

const char * folly::AsyncSSLSocket::getSSLServerName

(

)

const

Get the server name for this SSL connection. Returns the server name used or the constant value "NONE" when no SSL session has been established. If openssl has no SNI support, throw TTransportException.

Definition at line 898 of file AsyncSSLSocket.cpp.

References getSSLServerNameFromSSL(), folly::AsyncSocketException::NOT_SUPPORTED, and ssl_.

Referenced by wangle::SSLAcceptorHandshakeHelper::fillSSLTransportInfoFields(), and setSessionIDResumed().

                                                   {
#ifdef SSL_CTRL_SET_TLSEXT_SERVERNAME_CB
  return getSSLServerNameFromSSL(ssl_.get());
#else
  throw AsyncSocketException(
      AsyncSocketException::NOT_SUPPORTED, "SNI not supported");
#endif
}

const char * folly::AsyncSSLSocket::getSSLServerNameFromSSL ( SSL *  ssl )

static

Definition at line 887 of file AsyncSSLSocket.cpp.

Referenced by getSSLContext(), getSSLServerName(), getSSLServerNameNoThrow(), and wangle::SSLSessionCallbacks::newSessionCallback().

                                                            {
  if (ssl == nullptr) {
    return nullptr;
  }
#ifdef SSL_CTRL_SET_TLSEXT_SERVERNAME_CB
  return SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name);
#else
  return nullptr;
#endif
}

const char * folly::AsyncSSLSocket::getSSLServerNameNoThrow

(

)

const

Get the server name for this SSL connection. Returns the server name used or the constant value "NONE" when no SSL session has been established. If openssl has no SNI support, return "NONE"

Definition at line 907 of file AsyncSSLSocket.cpp.

References getSSLServerNameFromSSL(), and ssl_.

Referenced by setSessionIDResumed().

                                                          {
  return getSSLServerNameFromSSL(ssl_.get());
}

SSL_SESSION * folly::AsyncSSLSocket::getSSLSession

(

)

Get a handle to the negotiated SSL session. This increments the session refcount and must be deallocated by the caller.

Definition at line 829 of file AsyncSSLSocket.cpp.

References ssl_, sslSession_, sslState_, and STATE_ESTABLISHED.

Referenced by wangle::ClientBootstrap< Pipeline >::ConnectCallback::connectSuccess(), getSSLState(), and SSLCacheClient::handshakeSuc().

                                           {
  if (ssl_ != nullptr && sslState_ == STATE_ESTABLISHED) {
    return SSL_get1_session(ssl_.get());
  }

  return sslSession_;
}

bool folly::AsyncSSLSocket::getSSLSessionReused ( ) const

virtual

Determine if the session specified during setSSLSession was reused or if the server rejected it and issued a new session.

Definition at line 875 of file AsyncSSLSocket.cpp.

References ssl_, sslState_, and STATE_ESTABLISHED.

Referenced by wangle::ClientBootstrap< Pipeline >::ConnectCallback::connectSuccess(), wangle::SSLUtil::getResumeState(), getSSLState(), and SSLCacheClient::handshakeSuc().

                                               {
  if (ssl_ != nullptr && sslState_ == STATE_ESTABLISHED) {
    return SSL_session_reused(ssl_.get());
  }
  return false;
}

void folly::AsyncSSLSocket::getSSLSharedCiphers

(

std::string &

sharedCiphers

)

const

Get the list of shared ciphers between the server and the client. Works well for only SSLv2, not so good for SSLv3 or TLSv1.

Definition at line 2025 of file AsyncSSLSocket.cpp.

References ssl_.

Referenced by getSSLContext().

                                                                       {
  char ciphersBuffer[1024];
  ciphersBuffer[0] = '\0';
  SSL_get_shared_ciphers(ssl_.get(), ciphersBuffer, sizeof(ciphersBuffer) - 1);
  sharedCiphers = ciphersBuffer;
}

SSLStateEnum folly::AsyncSSLSocket::getSSLState ( ) const

inline

Definition at line 444 of file AsyncSSLSocket.h.

References getSelectedNextProtocol(), getSelectedNextProtocolNoThrow(), getSSL(), getSSLSession(), getSSLSessionReused(), setSSLSession(), and sslState_.

                                   {
    return sslState_;
  }

int folly::AsyncSSLSocket::getSSLVersion

(

)

const

Get the SSL version for this connection. Possible return values are SSL2_VERSION, SSL3_VERSION, TLS1_VERSION, with hexa representations 0x200, 0x300, 0x301, or 0 if no SSL session has been established.

Definition at line 911 of file AsyncSSLSocket.cpp.

References ssl_.

Referenced by proxygen::HTTPConnector::connectSuccess(), wangle::SSLAcceptorHandshakeHelper::fillSSLTransportInfoFields(), and setSessionIDResumed().

                                        {
  return (ssl_ != nullptr) ? SSL_version(ssl_.get()) : 0;
}

std::chrono::milliseconds folly::AsyncSSLSocket::getTotalConnectTimeout ( ) const

inline

If the SSL socket was used to connect as well as establish an SSL connection, this gives the total timeout for the connect + SSL connection that was set.

Definition at line 795 of file AsyncSSLSocket.h.

References totalConnectTimeout_.

                                                       {
    return totalConnectTimeout_;
  }

bool folly::AsyncSSLSocket::good ( ) const

overridevirtual

Determine if transport is open and ready to read or write.

Note that this function returns false on EOF; you must also call error() to distinguish between an EOF and an error.

Returns

true iff the transport is open and ready, false otherwise.

Reimplemented from folly::AsyncSocket.

Definition at line 374 of file AsyncSSLSocket.cpp.

References folly::AsyncSocket::good(), sslState_, STATE_ACCEPTING, STATE_CONNECTING, STATE_ESTABLISHED, STATE_UNENCRYPTED, and STATE_UNINIT.

Referenced by folly::test::MockAsyncSSLSocket::connect(), and newSocket().

                                {
  return (
      AsyncSocket::good() &&
      (sslState_ == STATE_ACCEPTING || sslState_ == STATE_CONNECTING ||
       sslState_ == STATE_ESTABLISHED || sslState_ == STATE_UNENCRYPTED ||
       sslState_ == STATE_UNINIT));
}

void folly::AsyncSSLSocket::handleAccept ( )

protectednoexcept

Definition at line 1108 of file AsyncSSLSocket.cpp.

References applyVerificationOptions(), clientHelloParsingCallback(), ctx_, folly::AsyncSocket::ESTABLISHED, folly::AsyncSocket::eventFlags_, failHandshake(), folly::AsyncSocket::fd_, getSSLExDataIndex(), handleReturnFromSSLAccept(), folly::AsyncSocketException::INTERNAL_ERROR, folly::EventHandler::NONE, parseClientHello_, folly::EventHandler::READ, server_, setupSSLBio(), ssl_, sslState_, folly::AsyncSocket::state_, STATE_ACCEPTING, STATE_ERROR, folly::AsyncSocket::updateEventRegistration(), and folly::EventHandler::WRITE.

Referenced by handleRead(), handleWrite(), restartSSLAccept(), and setAsyncOperationFinishCallback().

                                           {
  VLOG(3) << "AsyncSSLSocket::handleAccept() this=" << this << ", fd=" << fd_
          << ", state=" << int(state_) << ", "
          << "sslState=" << sslState_ << ", events=" << eventFlags_;
  assert(server_);
  assert(state_ == StateEnum::ESTABLISHED && sslState_ == STATE_ACCEPTING);
  if (!ssl_) {
    /* lazily create the SSL structure */
    try {
      ssl_.reset(ctx_->createSSL());
    } catch (std::exception& e) {
      sslState_ = STATE_ERROR;
      AsyncSocketException ex(
          AsyncSocketException::INTERNAL_ERROR,
          "error calling SSLContext::createSSL()");
      LOG(ERROR) << "AsyncSSLSocket::handleAccept(this=" << this
                 << ", fd=" << fd_ << "): " << e.what();
      return failHandshake(__func__, ex);
    }

    if (!setupSSLBio()) {
      sslState_ = STATE_ERROR;
      AsyncSocketException ex(
          AsyncSocketException::INTERNAL_ERROR, "error creating write bio");
      return failHandshake(__func__, ex);
    }

    SSL_set_ex_data(ssl_.get(), getSSLExDataIndex(), this);

    applyVerificationOptions(ssl_);
  }

  if (server_ && parseClientHello_) {
    SSL_set_msg_callback(
        ssl_.get(), &AsyncSSLSocket::clientHelloParsingCallback);
    SSL_set_msg_callback_arg(ssl_.get(), this);
  }

  DCHECK(ctx_->sslAcceptRunner());
  updateEventRegistration(
      EventHandler::NONE, EventHandler::READ | EventHandler::WRITE);
  DelayedDestruction::DestructorGuard dg(this);
  ctx_->sslAcceptRunner()->run(
      [this, dg]() { return SSL_accept(ssl_.get()); },
      [this, dg](int ret) { handleReturnFromSSLAccept(ret); });
}

void folly::AsyncSSLSocket::handleConnect ( )

overrideprotectedvirtualnoexcept

Reimplemented from folly::AsyncSocket.

Definition at line 1209 of file AsyncSSLSocket.cpp.

References folly::AsyncTimeout::cancelTimeout(), folly::AsyncSocket::CONNECTING, folly::AsyncSocket::ESTABLISHED, folly::AsyncSocket::eventBase_, folly::AsyncSocket::eventFlags_, failHandshake(), folly::AsyncSocket::FAST_OPEN, folly::AsyncSocket::fd_, folly::AsyncSocket::handleConnect(), folly::AsyncSocket::handleInitialReadWrite(), handshakeComplete_, handshakeTimeout_, invokeHandshakeCB(), folly::AsyncTimeout::isScheduled(), folly::EventHandler::READ, server_, ssl_, sslState_, folly::AsyncSocket::state_, STATE_CONNECTING, STATE_ERROR, STATE_ESTABLISHED, folly::AsyncSocket::updateEventRegistration(), willBlock(), and folly::EventHandler::WRITE.

Referenced by handleRead(), handleWrite(), setAsyncOperationFinishCallback(), and startSSLConnect().

                                            {
  VLOG(3) << "AsyncSSLSocket::handleConnect() this=" << this << ", fd=" << fd_
          << ", state=" << int(state_) << ", "
          << "sslState=" << sslState_ << ", events=" << eventFlags_;
  assert(!server_);
  if (state_ < StateEnum::ESTABLISHED) {
    return AsyncSocket::handleConnect();
  }

  assert(
      (state_ == StateEnum::FAST_OPEN || state_ == StateEnum::ESTABLISHED) &&
      sslState_ == STATE_CONNECTING);
  assert(ssl_);

  auto originalState = state_;
  int ret = SSL_connect(ssl_.get());
  if (ret <= 0) {
    int sslError;
    unsigned long errError;
    int errnoCopy = errno;
    if (willBlock(ret, &sslError, &errError)) {
      // We fell back to connecting state due to TFO
      if (state_ == StateEnum::CONNECTING) {
        DCHECK_EQ(StateEnum::FAST_OPEN, originalState);
        if (handshakeTimeout_.isScheduled()) {
          handshakeTimeout_.cancelTimeout();
        }
      }
      return;
    } else {
      sslState_ = STATE_ERROR;
      SSLException ex(sslError, errError, ret, errnoCopy);
      return failHandshake(__func__, ex);
    }
  }

  handshakeComplete_ = true;
  updateEventRegistration(0, EventHandler::READ | EventHandler::WRITE);

  // Move into STATE_ESTABLISHED in the normal case that we are in
  // STATE_CONNECTING.
  sslState_ = STATE_ESTABLISHED;

  VLOG(3) << "AsyncSSLSocket " << this << ": "
          << "fd " << fd_ << " successfully connected; "
          << "state=" << int(state_) << ", sslState=" << sslState_
          << ", events=" << eventFlags_;

  // Remember the EventBase we are attached to, before we start invoking any
  // callbacks (since the callbacks may call detachEventBase()).
  EventBase* originalEventBase = eventBase_;

  // Call the handshake callback.
  invokeHandshakeCB();

  // Note that the connect callback may have changed our state.
  // (set or unset the read callback, called write(), closed the socket, etc.)
  // The following code needs to handle these situations correctly.
  //
  // If the socket has been closed, readCallback_ and writeReqHead_ will
  // always be nullptr, so that will prevent us from trying to read or write.
  //
  // The main thing to check for is if eventBase_ is still originalEventBase.
  // If not, we have been detached from this event base, so we shouldn't
  // perform any more operations.
  if (eventBase_ != originalEventBase) {
    return;
  }

  AsyncSocket::handleInitialReadWrite();
}

void folly::AsyncSSLSocket::handleInitialReadWrite ( )

inlineoverrideprotectedvirtualnoexcept

Reimplemented from folly::AsyncSocket.

Definition at line 836 of file AsyncSSLSocket.h.

References count, folly::AsyncSocket::error(), interpretSSLError(), performRead(), performWrite(), performWriteIovec(), and uint32_t.

{}

void folly::AsyncSSLSocket::handleRead ( )

overrideprotectedvirtualnoexcept

Reimplemented from folly::AsyncSocket.

Definition at line 1357 of file AsyncSSLSocket.cpp.

References folly::AsyncSocket::ESTABLISHED, folly::AsyncSocket::eventFlags_, folly::AsyncSocket::fd_, handleAccept(), handleConnect(), folly::AsyncSocket::handleRead(), server_, sslState_, folly::AsyncSocket::state_, STATE_ACCEPTING, and STATE_CONNECTING.

Referenced by setAsyncOperationFinishCallback().

                                         {
  VLOG(5) << "AsyncSSLSocket::handleRead() this=" << this << ", fd=" << fd_
          << ", state=" << int(state_) << ", "
          << "sslState=" << sslState_ << ", events=" << eventFlags_;
  if (state_ < StateEnum::ESTABLISHED) {
    return AsyncSocket::handleRead();
  }

  if (sslState_ == STATE_ACCEPTING) {
    assert(server_);
    handleAccept();
    return;
  } else if (sslState_ == STATE_CONNECTING) {
    assert(!server_);
    handleConnect();
    return;
  }

  // Normal read
  AsyncSocket::handleRead();
}

void folly::AsyncSSLSocket::handleReturnFromSSLAccept ( int  ret )

private

Handle the return from invoking SSL_accept

Definition at line 1155 of file AsyncSSLSocket.cpp.

References folly::AsyncSocket::eventBase_, folly::AsyncSocket::eventFlags_, failHandshake(), folly::AsyncSocket::fd_, folly::AsyncSocket::handleInitialReadWrite(), handshakeComplete_, invokeHandshakeCB(), folly::EventHandler::READ, sslState_, folly::AsyncSocket::state_, STATE_ACCEPTING, STATE_ERROR, STATE_ESTABLISHED, folly::AsyncSocket::updateEventRegistration(), willBlock(), and folly::EventHandler::WRITE.

Referenced by handleAccept(), and setAsyncOperationFinishCallback().

                                                      {
  if (sslState_ != STATE_ACCEPTING) {
    return;
  }

  if (ret <= 0) {
    VLOG(3) << "SSL_accept returned: " << ret;
    int sslError;
    unsigned long errError;
    int errnoCopy = errno;
    if (willBlock(ret, &sslError, &errError)) {
      return;
    } else {
      sslState_ = STATE_ERROR;
      SSLException ex(sslError, errError, ret, errnoCopy);
      return failHandshake(__func__, ex);
    }
  }

  handshakeComplete_ = true;
  updateEventRegistration(0, EventHandler::READ | EventHandler::WRITE);

  // Move into STATE_ESTABLISHED in the normal case that we are in
  // STATE_ACCEPTING.
  sslState_ = STATE_ESTABLISHED;

  VLOG(3) << "AsyncSSLSocket " << this << ": fd " << fd_
          << " successfully accepted; state=" << int(state_)
          << ", sslState=" << sslState_ << ", events=" << eventFlags_;

  // Remember the EventBase we are attached to, before we start invoking any
  // callbacks (since the callbacks may call detachEventBase()).
  EventBase* originalEventBase = eventBase_;

  // Call the accept callback.
  invokeHandshakeCB();

  // Note that the accept callback may have changed our state.
  // (set or unset the read callback, called write(), closed the socket, etc.)
  // The following code needs to handle these situations correctly.
  //
  // If the socket has been closed, readCallback_ and writeReqHead_ will
  // always be nullptr, so that will prevent us from trying to read or write.
  //
  // The main thing to check for is if eventBase_ is still originalEventBase.
  // If not, we have been detached from this event base, so we shouldn't
  // perform any more operations.
  if (eventBase_ != originalEventBase) {
    return;
  }

  AsyncSocket::handleInitialReadWrite();
}

void folly::AsyncSSLSocket::handleWrite ( )

overrideprotectedvirtualnoexcept

This function attempts to write as much data as possible, until no more data can be written.

• If it sends all available data, it unregisters for write events, and stops the writeTimeout_.
• If not all of the data can be sent immediately, it reschedules writeTimeout_ (if a non-zero timeout is set), and ensures the handler is registered for write events.

Reimplemented from folly::AsyncSocket.

Definition at line 1449 of file AsyncSSLSocket.cpp.

References folly::AsyncSocket::ESTABLISHED, folly::AsyncSocket::eventFlags_, folly::AsyncSocket::fd_, handleAccept(), handleConnect(), folly::AsyncSocket::handleWrite(), server_, sslState_, folly::AsyncSocket::state_, STATE_ACCEPTING, and STATE_CONNECTING.

Referenced by setAsyncOperationFinishCallback().

                                          {
  VLOG(5) << "AsyncSSLSocket::handleWrite() this=" << this << ", fd=" << fd_
          << ", state=" << int(state_) << ", "
          << "sslState=" << sslState_ << ", events=" << eventFlags_;
  if (state_ < StateEnum::ESTABLISHED) {
    return AsyncSocket::handleWrite();
  }

  if (sslState_ == STATE_ACCEPTING) {
    assert(server_);
    handleAccept();
    return;
  }

  if (sslState_ == STATE_CONNECTING) {
    assert(!server_);
    handleConnect();
    return;
  }

  // Normal write
  AsyncSocket::handleWrite();
}

void folly::AsyncSSLSocket::init ( )

private

Definition at line 318 of file AsyncSSLSocket.cpp.

References ctx_.

Referenced by AsyncSSLSocket(), and setAsyncOperationFinishCallback().

                          {
  // Do this here to ensure we initialize this once before any use of
  // AsyncSSLSocket instances and not as part of library load.
  static const auto sslBioMethodInitializer = initsslBioMethod();
  (void)sslBioMethodInitializer;

  setup_SSL_CTX(ctx_->getSSLCtx());
}

AsyncSocket::WriteResult folly::AsyncSSLSocket::interpretSSLError ( int  rc, int  error  )

protected

Definition at line 1473 of file AsyncSSLSocket.cpp.

References folly::AsyncSocket::eventFlags_, folly::AsyncSocket::fd_, folly::INVALID_RENEGOTIATION, sslState_, folly::AsyncSocket::state_, and folly::AsyncSocket::WRITE_ERROR.

Referenced by handleInitialReadWrite(), and performWrite().

                                                                          {
  if (error == SSL_ERROR_WANT_READ) {
    // Even though we are attempting to write data, SSL_write() may
    // need to read data if renegotiation is being performed.  We currently
    // don't support this and just fail the write.
    LOG(ERROR) << "AsyncSSLSocket(fd=" << fd_ << ", state=" << int(state_)
               << ", sslState=" << sslState_ << ", events=" << eventFlags_
               << "): "
               << "unsupported SSL renegotiation during write";
    return WriteResult(
        WRITE_ERROR,
        std::make_unique<SSLException>(SSLError::INVALID_RENEGOTIATION));
  } else {
    if (zero_return(error, rc)) {
      return WriteResult(0);
    }
    auto errError = ERR_get_error();
    VLOG(3) << "ERROR: AsyncSSLSocket(fd=" << fd_ << ", state=" << int(state_)
            << ", sslState=" << sslState_ << ", events=" << eventFlags_ << "): "
            << "SSL error: " << error << ", errno: " << errno
            << ", func: " << ERR_func_error_string(errError)
            << ", reason: " << ERR_reason_error_string(errError);
    return WriteResult(
        WRITE_ERROR,
        std::make_unique<SSLException>(error, errError, rc, errno));
  }
}

void folly::AsyncSSLSocket::invalidState ( HandshakeCB *  callback )

protected

Definition at line 438 of file AsyncSSLSocket.cpp.

References folly::AsyncSocket::eventFlags_, failHandshake(), folly::AsyncSocket::fd_, handshakeCallback_, handshakeEndTime_, handshakeTimeout_, folly::AsyncSocketException::INVALID_STATE, folly::AsyncTimeout::isScheduled(), now(), server_, sslState_, folly::AsyncSocket::state_, and STATE_ERROR.

Referenced by setAsyncOperationFinishCallback(), sslAccept(), and sslConn().

                                                       {
  LOG(ERROR) << "AsyncSSLSocket(this=" << this << ", fd=" << fd_
             << ", state=" << int(state_) << ", sslState=" << sslState_ << ", "
             << "events=" << eventFlags_ << ", server=" << short(server_)
             << "): "
             << "sslAccept/Connect() called in invalid "
             << "state, handshake callback " << handshakeCallback_
             << ", new callback " << callback;
  assert(!handshakeTimeout_.isScheduled());
  sslState_ = STATE_ERROR;

  AsyncSocketException ex(
      AsyncSocketException::INVALID_STATE,
      "sslAccept() called with socket in invalid state");

  handshakeEndTime_ = std::chrono::steady_clock::now();
  if (callback) {
    callback->handshakeErr(this, ex);
  }

  failHandshake(__func__, ex);
}

void folly::AsyncSSLSocket::invokeConnectErr ( const AsyncSocketException &  ex )

overrideprotectedvirtual

Reimplemented from folly::AsyncSocket.

Definition at line 1281 of file AsyncSSLSocket.cpp.

References folly::AsyncTimeout::cancelTimeout(), connectionTimeout_, handshakeTimeout_, folly::AsyncSocket::invokeConnectErr(), invokeHandshakeErr(), folly::AsyncTimeout::isScheduled(), and sslState_.

Referenced by sslWriteImpl().

                                                                    {
  connectionTimeout_.cancelTimeout();
  AsyncSocket::invokeConnectErr(ex);
  if (sslState_ == SSLStateEnum::STATE_CONNECTING) {
    if (handshakeTimeout_.isScheduled()) {
      handshakeTimeout_.cancelTimeout();
    }
    // If we fell back to connecting state during TFO and the connection
    // failed, it would be an SSL failure as well.
    invokeHandshakeErr(ex);
  }
}

void folly::AsyncSSLSocket::invokeConnectSuccess ( )

overrideprotectedvirtual

Reimplemented from folly::AsyncSocket.

Definition at line 1294 of file AsyncSSLSocket.cpp.

References folly::AsyncTimeout::cancelTimeout(), connectionTimeout_, folly::AsyncSocket::invokeConnectSuccess(), sslState_, startSSLConnect(), and folly::AsyncSocket::tfoAttempted_.

Referenced by sslWriteImpl().

                                          {
  connectionTimeout_.cancelTimeout();
  if (sslState_ == SSLStateEnum::STATE_CONNECTING) {
    assert(tfoAttempted_);
    // If we failed TFO, we'd fall back to trying to connect the socket,
    // to setup things like timeouts.
    startSSLConnect();
  }
  // still invoke the base class since it re-sets the connect time.
  AsyncSocket::invokeConnectSuccess();
}

void folly::AsyncSSLSocket::invokeHandshakeCB ( )

protected

Definition at line 670 of file AsyncSSLSocket.cpp.

References folly::AsyncTimeout::cancelTimeout(), handshakeCallback_, handshakeEndTime_, folly::AsyncSSLSocket::HandshakeCB::handshakeSuc(), handshakeTimeout_, folly::AsyncTimeout::isScheduled(), and now().

Referenced by handleConnect(), handleReturnFromSSLAccept(), and sslWriteImpl().

                                       {
  handshakeEndTime_ = std::chrono::steady_clock::now();
  if (handshakeTimeout_.isScheduled()) {
    handshakeTimeout_.cancelTimeout();
  }
  if (handshakeCallback_) {
    HandshakeCB* callback = handshakeCallback_;
    handshakeCallback_ = nullptr;
    callback->handshakeSuc(this);
  }
}

void folly::AsyncSSLSocket::invokeHandshakeErr ( const AsyncSocketException &  ex )

protected

Definition at line 661 of file AsyncSSLSocket.cpp.

References handshakeCallback_, handshakeEndTime_, folly::AsyncSSLSocket::HandshakeCB::handshakeErr(), and now().

Referenced by closeNow(), failHandshake(), invokeConnectErr(), and sslWriteImpl().

                                                                      {
  handshakeEndTime_ = std::chrono::steady_clock::now();
  if (handshakeCallback_ != nullptr) {
    HandshakeCB* callback = handshakeCallback_;
    handshakeCallback_ = nullptr;
    callback->handshakeErr(this, ex);
  }
}

bool folly::AsyncSSLSocket::isDetachable ( ) const

inlineoverridevirtual

Determine if the transport can be detached.

This method must be called from the current EventBase's thread.

Reimplemented from folly::AsyncSocket.

Definition at line 581 of file AsyncSSLSocket.h.

References handshakeTimeout_, folly::AsyncSocket::isDetachable(), and folly::AsyncTimeout::isScheduled().

                                     {
    return AsyncSocket::isDetachable() && !handshakeTimeout_.isScheduled();
  }

bool folly::AsyncSSLSocket::needsPeerVerification

(

)

const

Method to check if peer verfication is set.

Returns

true if peer verification is required.

Definition at line 711 of file AsyncSSLSocket.cpp.

References ctx_, and verifyPeer_.

Referenced by getSSLContext().

                                                 {
  if (verifyPeer_ == SSLContext::SSLVerifyPeerEnum::USE_CTX) {
    return ctx_->needsPeerVerification();
  }
  return (
      verifyPeer_ == SSLContext::SSLVerifyPeerEnum::VERIFY ||
      verifyPeer_ == SSLContext::SSLVerifyPeerEnum::VERIFY_REQ_CLIENT_CERT);
}

static std::shared_ptr<AsyncSSLSocket> folly::AsyncSSLSocket::newSocket ( const std::shared_ptr< folly::SSLContext > &  ctx, EventBase *  evb, int  fd, bool  server = true, bool  deferSecurityNegotiation = false  )

inlinestatic

Helper function to create a server/client shared_ptr<AsyncSSLSocket>.

Definition at line 239 of file AsyncSSLSocket.h.

References AsyncSSLSocket().

Referenced by wangle::ClientBootstrap< DefaultPipeline >::connect(), folly::SSLClient::connect(), folly::SSLServerAcceptCallbackBase::connectionAccepted(), folly::EvbAndContext::createSocket(), and newSocket().

                                             {
    return std::shared_ptr<AsyncSSLSocket>(
        new AsyncSSLSocket(ctx, evb, fd, server, deferSecurityNegotiation),
        Destructor());
  }

static std::shared_ptr<AsyncSSLSocket> folly::AsyncSSLSocket::newSocket ( const std::shared_ptr< folly::SSLContext > &  ctx, EventBase *  evb, bool  deferSecurityNegotiation = false  )

inlinestatic

Helper function to create a client shared_ptr<AsyncSSLSocket>.

Definition at line 253 of file AsyncSSLSocket.h.

References AsyncSSLSocket(), closeNow(), connecting(), getApplicationProtocol(), good(), newSocket(), folly::pushmi::__adl::noexcept(), shutdownWrite(), shutdownWriteNow(), and string.

                                             {
    return std::shared_ptr<AsyncSSLSocket>(
        new AsyncSSLSocket(ctx, evb, deferSecurityNegotiation), Destructor());
  }

AsyncSocket::ReadResult folly::AsyncSSLSocket::performRead ( void **  buf, size_t *  buflen, size_t *  offset  )

overrideprotectedvirtual

Attempt to read from the socket.

Parameters

buf	The buffer to read data into.
buflen	The length of the buffer.

Returns

Returns a read result. See read result for details.

Reimplemented from folly::AsyncSocket.

Definition at line 1380 of file AsyncSSLSocket.cpp.

References folly::AsyncSocket::appBytesReceived_, folly::CLIENT_RENEGOTIATION, folly::AsyncSocket::eventFlags_, folly::AsyncSocket::fd_, folly::INVALID_RENEGOTIATION, folly::AsyncSocket::isBufferMovable_, folly::AsyncSocket::performRead(), folly::AsyncSocket::READ_BLOCKING, folly::AsyncSocket::READ_ERROR, renegotiateAttempted_, server_, ssl_, sslState_, folly::AsyncSocket::state_, and STATE_UNENCRYPTED.

Referenced by handleInitialReadWrite().

                                                                      {
  VLOG(4) << "AsyncSSLSocket::performRead() this=" << this << ", buf=" << *buf
          << ", buflen=" << *buflen;

  if (sslState_ == STATE_UNENCRYPTED) {
    return AsyncSocket::performRead(buf, buflen, offset);
  }

  int bytes = 0;
  if (!isBufferMovable_) {
    bytes = SSL_read(ssl_.get(), *buf, int(*buflen));
  }
#ifdef SSL_MODE_MOVE_BUFFER_OWNERSHIP
  else {
    bytes = SSL_read_buf(ssl_.get(), buf, (int*)offset, (int*)buflen);
  }
#endif

  if (server_ && renegotiateAttempted_) {
    LOG(ERROR) << "AsyncSSLSocket(fd=" << fd_ << ", state=" << int(state_)
               << ", sslstate=" << sslState_ << ", events=" << eventFlags_
               << "): client intitiated SSL renegotiation not permitted";
    return ReadResult(
        READ_ERROR,
        std::make_unique<SSLException>(SSLError::CLIENT_RENEGOTIATION));
  }
  if (bytes <= 0) {
    int error = SSL_get_error(ssl_.get(), bytes);
    if (error == SSL_ERROR_WANT_READ) {
      // The caller will register for read event if not already.
      if (errno == EWOULDBLOCK || errno == EAGAIN) {
        return ReadResult(READ_BLOCKING);
      } else {
        return ReadResult(READ_ERROR);
      }
    } else if (error == SSL_ERROR_WANT_WRITE) {
      // TODO: Even though we are attempting to read data, SSL_read() may
      // need to write data if renegotiation is being performed.  We currently
      // don't support this and just fail the read.
      LOG(ERROR) << "AsyncSSLSocket(fd=" << fd_ << ", state=" << int(state_)
                 << ", sslState=" << sslState_ << ", events=" << eventFlags_
                 << "): unsupported SSL renegotiation during read";
      return ReadResult(
          READ_ERROR,
          std::make_unique<SSLException>(SSLError::INVALID_RENEGOTIATION));
    } else {
      if (zero_return(error, bytes)) {
        return ReadResult(bytes);
      }
      auto errError = ERR_get_error();
      VLOG(6) << "AsyncSSLSocket(fd=" << fd_ << ", "
              << "state=" << state_ << ", "
              << "sslState=" << sslState_ << ", "
              << "events=" << std::hex << eventFlags_ << "): "
              << "bytes: " << bytes << ", "
              << "error: " << error << ", "
              << "errno: " << errno << ", "
              << "func: " << ERR_func_error_string(errError) << ", "
              << "reason: " << ERR_reason_error_string(errError);
      return ReadResult(
          READ_ERROR,
          std::make_unique<SSLException>(error, errError, bytes, errno));
    }
  } else {
    appBytesReceived_ += bytes;
    return ReadResult(bytes);
  }
}

AsyncSocket::WriteResult folly::AsyncSSLSocket::performWrite ( const iovec *  vec, uint32_t  count, WriteFlags  flags, uint32_t *  countWritten, uint32_t *  partialWritten  )

overrideprotectedvirtual

Attempt to write to the socket.

Parameters

vec	The iovec array pointing to the buffers to write.
count	The length of the iovec array.
flags	Set of write flags.
countWritten	On return, the value pointed to by this parameter will contain the number of iovec entries that were fully written.
partialWritten	On return, the value pointed to by this parameter will contain the number of bytes written in the partially written iovec entry.

Returns

Returns a WriteResult. See WriteResult for more details.

Reimplemented from folly::AsyncSocket.

Definition at line 1501 of file AsyncSSLSocket.cpp.

References folly::CORK, corkCurrentWrite_, count, folly::EARLY_WRITE, folly::EOR, eorAwareSSLWrite(), folly::AsyncSocket::eventFlags_, folly::AsyncSocket::fd_, i, interpretSSLError(), folly::isSet(), min, minWriteSize_, folly::AsyncSocket::performWrite(), SCOPE_EXIT, ssl_, sslState_, folly::AsyncSocket::state_, STATE_ESTABLISHED, STATE_UNENCRYPTED, uint32_t, and folly::AsyncSocket::WRITE_ERROR.

Referenced by handleInitialReadWrite().

                              {
  if (sslState_ == STATE_UNENCRYPTED) {
    return AsyncSocket::performWrite(
        vec, count, flags, countWritten, partialWritten);
  }
  if (sslState_ != STATE_ESTABLISHED) {
    LOG(ERROR) << "AsyncSSLSocket(fd=" << fd_ << ", state=" << int(state_)
               << ", sslState=" << sslState_ << ", events=" << eventFlags_
               << "): "
               << "TODO: AsyncSSLSocket currently does not support calling "
               << "write() before the handshake has fully completed";
    return WriteResult(
        WRITE_ERROR, std::make_unique<SSLException>(SSLError::EARLY_WRITE));
  }

  // Declare a buffer used to hold small write requests.  It could point to a
  // memory block either on stack or on heap. If it is on heap, we release it
  // manually when scope exits
  char* combinedBuf{nullptr};
  SCOPE_EXIT {
    // Note, always keep this check consistent with what we do below
    if (combinedBuf != nullptr && minWriteSize_ > MAX_STACK_BUF_SIZE) {
      delete[] combinedBuf;
    }
  };

  *countWritten = 0;
  *partialWritten = 0;
  ssize_t totalWritten = 0;
  size_t bytesStolenFromNextBuffer = 0;
  for (uint32_t i = 0; i < count; i++) {
    const iovec* v = vec + i;
    size_t offset = bytesStolenFromNextBuffer;
    bytesStolenFromNextBuffer = 0;
    size_t len = v->iov_len - offset;
    const void* buf;
    if (len == 0) {
      (*countWritten)++;
      continue;
    }
    buf = ((const char*)v->iov_base) + offset;

    ssize_t bytes;
    uint32_t buffersStolen = 0;
    auto sslWriteBuf = buf;
    if ((len < minWriteSize_) && ((i + 1) < count)) {
      // Combine this buffer with part or all of the next buffers in
      // order to avoid really small-grained calls to SSL_write().
      // Each call to SSL_write() produces a separate record in
      // the egress SSL stream, and we've found that some low-end
      // mobile clients can't handle receiving an HTTP response
      // header and the first part of the response body in two
      // separate SSL records (even if those two records are in
      // the same TCP packet).

      if (combinedBuf == nullptr) {
        if (minWriteSize_ > MAX_STACK_BUF_SIZE) {
          // Allocate the buffer on heap
          combinedBuf = new char[minWriteSize_];
        } else {
          // Allocate the buffer on stack
          combinedBuf = (char*)alloca(minWriteSize_);
        }
      }
      assert(combinedBuf != nullptr);
      sslWriteBuf = combinedBuf;

      memcpy(combinedBuf, buf, len);
      do {
        // INVARIANT: i + buffersStolen == complete chunks serialized
        uint32_t nextIndex = i + buffersStolen + 1;
        bytesStolenFromNextBuffer =
            std::min(vec[nextIndex].iov_len, minWriteSize_ - len);
        if (bytesStolenFromNextBuffer > 0) {
          assert(vec[nextIndex].iov_base != nullptr);
          ::memcpy(
              combinedBuf + len,
              vec[nextIndex].iov_base,
              bytesStolenFromNextBuffer);
        }
        len += bytesStolenFromNextBuffer;
        if (bytesStolenFromNextBuffer < vec[nextIndex].iov_len) {
          // couldn't steal the whole buffer
          break;
        } else {
          bytesStolenFromNextBuffer = 0;
          buffersStolen++;
        }
      } while ((i + buffersStolen + 1) < count && (len < minWriteSize_));
    }

    // Advance any empty buffers immediately after.
    if (bytesStolenFromNextBuffer == 0) {
      while ((i + buffersStolen + 1) < count &&
             vec[i + buffersStolen + 1].iov_len == 0) {
        buffersStolen++;
      }
    }

    corkCurrentWrite_ =
        isSet(flags, WriteFlags::CORK) || (i + buffersStolen + 1 < count);
    bytes = eorAwareSSLWrite(
        ssl_,
        sslWriteBuf,
        int(len),
        (isSet(flags, WriteFlags::EOR) && i + buffersStolen + 1 == count));

    if (bytes <= 0) {
      int error = SSL_get_error(ssl_.get(), int(bytes));
      if (error == SSL_ERROR_WANT_WRITE) {
        // The caller will register for write event if not already.
        *partialWritten = uint32_t(offset);
        return WriteResult(totalWritten);
      }
      auto writeResult = interpretSSLError(int(bytes), error);
      if (writeResult.writeReturn < 0) {
        return writeResult;
      } // else fall through to below to correctly record totalWritten
    }

    totalWritten += bytes;

    if (bytes == (ssize_t)len) {
      // The full iovec is written.
      (*countWritten) += 1 + buffersStolen;
      i += buffersStolen;
      // continue
    } else {
      bytes += offset; // adjust bytes to account for all of v
      while (bytes >= (ssize_t)v->iov_len) {
        // We combined this buf with part or all of the next one, and
        // we managed to write all of this buf but not all of the bytes
        // from the next one that we'd hoped to write.
        bytes -= v->iov_len;
        (*countWritten)++;
        v = &(vec[++i]);
      }
      *partialWritten = uint32_t(bytes);
      return WriteResult(totalWritten);
    }
  }

  return WriteResult(totalWritten);
}

ssize_t folly::AsyncSSLSocket::performWriteIovec ( const iovec *  vec, uint32_t  count, WriteFlags  flags, uint32_t *  countWritten, uint32_t *  partialWritten  )

protected

Referenced by handleInitialReadWrite().

void folly::AsyncSSLSocket::prepareReadBuffer ( void **  buf, size_t *  buflen  )

overrideprotectedvirtual

Reimplemented from folly::AsyncSocket.

Definition at line 1346 of file AsyncSSLSocket.cpp.

References folly::AsyncReader::ReadCallback::getReadBuffer(), folly::AsyncSocket::isBufferMovable_, and folly::AsyncSocket::readCallback_.

Referenced by setAsyncOperationFinishCallback().

                                                                 {
  CHECK(readCallback_);
  if (isBufferMovable_) {
    *buf = nullptr;
    *buflen = 0;
  } else {
    // buf is necessary for SSLSocket without SSL_MODE_MOVE_BUFFER_OWNERSHIP
    readCallback_->getReadBuffer(buf, buflen);
  }
}

void folly::AsyncSSLSocket::resetClientHelloParsing

(

SSL *

ssl

)

Definition at line 1801 of file AsyncSSLSocket.cpp.

References clientHelloInfo_.

Referenced by clientHelloParsingCallback(), and getSSLContext().

                                                     {
  SSL_set_msg_callback(ssl, nullptr);
  SSL_set_msg_callback_arg(ssl, nullptr);
  clientHelloInfo_->clientHelloBuf_.clear();
}

void folly::AsyncSSLSocket::restartSSLAccept

(

)

Invoke SSL accept following an asynchronous session cache lookup

Definition at line 1084 of file AsyncSSLSocket.cpp.

References folly::AsyncSocket::eventFlags_, failHandshake(), folly::AsyncSocket::fd_, handleAccept(), sslState_, folly::AsyncSocket::state_, STATE_ACCEPTING, STATE_ASYNC_PENDING, STATE_CACHE_LOOKUP, STATE_CLOSED, STATE_ERROR, and folly::AsyncSocketException::TIMED_OUT.

Referenced by getSecurityProtocol(), folly::TestSSLAsyncCacheServer::getSessionCallback(), and wangle::SSLSessionCacheManager::restartSSLAccept().

                                      {
  VLOG(3) << "AsyncSSLSocket::restartSSLAccept() this=" << this
          << ", fd=" << fd_ << ", state=" << int(state_) << ", "
          << "sslState=" << sslState_ << ", events=" << eventFlags_;
  DestructorGuard dg(this);
  assert(
      sslState_ == STATE_CACHE_LOOKUP || sslState_ == STATE_ASYNC_PENDING ||
      sslState_ == STATE_ERROR || sslState_ == STATE_CLOSED);
  if (sslState_ == STATE_CLOSED) {
    // I sure hope whoever closed this socket didn't delete it already,
    // but this is not strictly speaking an error
    return;
  }
  if (sslState_ == STATE_ERROR) {
    // go straight to fail if timeout expired during lookup
    AsyncSocketException ex(
        AsyncSocketException::TIMED_OUT, "SSL accept timed out");
    failHandshake(__func__, ex);
    return;
  }
  sslState_ = STATE_ACCEPTING;
  this->handleAccept();
}

void folly::AsyncSSLSocket::scheduleConnectTimeout ( )

overrideprotectedvirtual

Reimplemented from folly::AsyncSocket.

Definition at line 1306 of file AsyncSSLSocket.cpp.

References folly::AsyncSocket::connectCallback_, connectionTimeout_, folly::AsyncSocket::connectTimeout_, folly::AsyncSocketException::INTERNAL_ERROR, folly::AsyncSocket::scheduleConnectTimeout(), folly::AsyncSSLSocket::Timeout::scheduleTimeout(), sslState_, and folly::AsyncSocket::withAddr().

Referenced by sslWriteImpl().

                                            {
  if (sslState_ == SSLStateEnum::STATE_CONNECTING) {
    // We fell back from TFO, and need to set the timeouts.
    // We will not have a connect callback in this case, thus if the timer
    // expires we would have no-one to notify.
    // Thus we should reset even the connect timers to point to the handshake
    // timeouts.
    assert(connectCallback_ == nullptr);
    // We use a different connect timeout here than the handshake timeout, so
    // that we can disambiguate the 2 timers.
    if (connectTimeout_.count() > 0) {
      if (!connectionTimeout_.scheduleTimeout(connectTimeout_)) {
        throw AsyncSocketException(
            AsyncSocketException::INTERNAL_ERROR,
            withAddr("failed to schedule AsyncSSLSocket connect timeout"));
      }
    }
    return;
  }
  AsyncSocket::scheduleConnectTimeout();
}

bool folly::AsyncSSLSocket::sessionIDResumed ( ) const

inline

true if the session was resumed using session ID

Definition at line 514 of file AsyncSSLSocket.h.

References sessionIDResumed_.

Referenced by wangle::SSLUtil::getResumeState().

                                {
    return sessionIDResumed_;
  }

bool folly::AsyncSSLSocket::sessionResumptionAttempted ( ) const

inline

Definition at line 785 of file AsyncSSLSocket.h.

References sessionResumptionAttempted_.

                                          {
    return sessionResumptionAttempted_;
  }

void folly::AsyncSSLSocket::setAsyncOperationFinishCallback ( std::unique_ptr< ReadCallback >  cb )

inline

Definition at line 800 of file AsyncSSLSocket.h.

References asyncOperationFinishCallback_, checkForImmediateRead(), handleAccept(), handleConnect(), handleRead(), handleReturnFromSSLAccept(), handleWrite(), init(), invalidState(), folly::gen::move, folly::pushmi::__adl::noexcept(), prepareReadBuffer(), willBlock(), and ~AsyncSSLSocket().

                                                                       {
    asyncOperationFinishCallback_ = std::move(cb);
  }

void folly::AsyncSSLSocket::setBufferMovableEnabled

(

bool

enabled

)

Tries to enable the buffer movable experimental feature in openssl. This is not guaranteed to succeed in case openssl does not have the experimental feature built in.

Definition at line 1342 of file AsyncSSLSocket.cpp.

References bufferMovableEnabled_.

Referenced by getMinWriteSize().

                                                         {
  bufferMovableEnabled_ = enabled;
}

void folly::AsyncSSLSocket::setCertCacheHit ( bool  hit )

inline

Definition at line 777 of file AsyncSSLSocket.h.

References certCacheHit_.

                                 {
    certCacheHit_ = hit;
  }

void folly::AsyncSSLSocket::setEorTracking ( bool  track )

overridevirtual

Reimplemented from folly::AsyncSocket.

Definition at line 403 of file AsyncSSLSocket.cpp.

References appEorByteNo_, folly::AsyncSocket::isEorTrackingEnabled(), minEorRawByteNo_, and folly::AsyncSocket::setEorTracking().

Referenced by getSecurityProtocol().

                                              {
  if (isEorTrackingEnabled() != track) {
    AsyncSocket::setEorTracking(track);
    appEorByteNo_ = 0;
    minEorRawByteNo_ = 0;
  }
}

void folly::AsyncSSLSocket::setMinWriteSize ( size_t  minWriteSize )

inline

Definition at line 727 of file AsyncSSLSocket.h.

References minWriteSize_.

                                            {
    minWriteSize_ = minWriteSize;
  }

void folly::AsyncSSLSocket::setReadCB ( ReadCallback *  callback )

overridevirtual

Reimplemented from folly::AsyncSocket.

Definition at line 1328 of file AsyncSSLSocket.cpp.

References bufferMovableEnabled_, folly::AsyncReader::ReadCallback::isBufferMovable(), folly::AsyncSocket::isBufferMovable_, folly::AsyncSocket::setReadCB(), and ssl_.

Referenced by folly::test::MockAsyncSSLSocket::connect(), and getMinWriteSize().

                                                     {
#ifdef SSL_MODE_MOVE_BUFFER_OWNERSHIP
  // turn on the buffer movable in openssl
  if (bufferMovableEnabled_ && ssl_ != nullptr && !isBufferMovable_ &&
      callback != nullptr && callback->isBufferMovable()) {
    SSL_set_mode(
        ssl_.get(), SSL_get_mode(ssl_.get()) | SSL_MODE_MOVE_BUFFER_OWNERSHIP);
    isBufferMovable_ = true;
  }
#endif

  AsyncSocket::setReadCB(callback);
}

void folly::AsyncSSLSocket::setSessionIDResumed ( bool  resumed )

inline

Definition at line 518 of file AsyncSSLSocket.h.

References getNegotiatedCipherName(), getSelfCert(), getSSLCertSigAlgName(), getSSLCertSize(), getSSLServerName(), getSSLServerNameNoThrow(), getSSLVersion(), and sessionIDResumed_.

Referenced by wangle::SSLSessionCacheManager::getSession().

                                         {
    sessionIDResumed_ = resumed;
  }

void folly::AsyncSSLSocket::setSessionKey ( std::string  sessionKey )

inline

Definition at line 773 of file AsyncSSLSocket.h.

References folly::gen::move, and sessionKey_.

                                           {
    sessionKey_ = std::move(sessionKey);
  }

void folly::AsyncSSLSocket::setSSLCertVerificationAlert

(

std::string

alert

)

Definition at line 2017 of file AsyncSSLSocket.cpp.

References folly::gen::move, and sslVerificationAlert_.

Referenced by getSSLContext().

                                                                {
  sslVerificationAlert_ = std::move(alert);
}

void folly::AsyncSSLSocket::setSSLSession	(	SSL_SESSION *	session,
		bool	takeOwnership = false
	)

Set the SSL session to be used during sslConn. AsyncSSLSocket will hold a reference to the session until it is destroyed or released by the underlying SSL structure.

Parameters

takeOwnership

if true, AsyncSSLSocket will assume the caller's reference count to session.

Definition at line 841 of file AsyncSSLSocket.cpp.

References sslSession_.

Referenced by SSLCacheClient::connectSuccess(), and getSSLState().

                                                                           {
  if (sslSession_) {
    SSL_SESSION_free(sslSession_);
  }
  sslSession_ = session;
  if (!takeOwnership && session != nullptr) {
    // Increment the reference count
    // This API exists in BoringSSL and OpenSSL 1.1.0
    SSL_SESSION_up_ref(session);
  }
}

bool folly::AsyncSSLSocket::setupSSLBio ( )

protected

Sets up SSL with a custom write bio which intercepts all writes.

Returns

true, if succeeds and false if there is an error creating the bio.

Definition at line 740 of file AsyncSSLSocket.cpp.

References folly::AsyncSocket::fd_, folly::ssl::OpenSSLUtils::setBioAppData(), folly::ssl::OpenSSLUtils::setBioFd(), and ssl_.

Referenced by handleAccept(), sslConn(), and sslWriteImpl().

                                 {
  auto sslBio = BIO_new(getSSLBioMethod());

  if (!sslBio) {
    return false;
  }

  OpenSSLUtils::setBioAppData(sslBio, this);
  OpenSSLUtils::setBioFd(sslBio, fd_, BIO_NOCLOSE);
  SSL_set_bio(ssl_.get(), sslBio, sslBio);
  return true;
}

void folly::AsyncSSLSocket::shutdownWrite ( )

overridevirtual

Perform a half-shutdown of the write side of the transport.

The caller should not make any more calls to write() or writev() after shutdownWrite() is called. Any future write attempts will fail immediately.

Not all transport types support half-shutdown. If the underlying transport does not support half-shutdown, it will fully shutdown both the read and write sides of the transport. (Fully shutting down the socket is better than doing nothing at all, since the caller may rely on the shutdownWrite() call to notify the other end of the connection that no more data can be read.)

If there is pending data still waiting to be written on the transport, the actual shutdown will be delayed until the pending data has been written.

Note: There is no corresponding shutdownRead() equivalent. Simply uninstall the read callback if you wish to stop reading. (On TCP sockets at least, shutting down the read side of the socket is a no-op anyway.)

Reimplemented from folly::AsyncSocket.

Definition at line 359 of file AsyncSSLSocket.cpp.

References folly::AsyncSocket::close().

Referenced by newSocket().

                                   {
  // SSL sockets do not support half-shutdown, so just perform a full shutdown.
  //
  // (Performing a full shutdown here is more desirable than doing nothing at
  // all.  The purpose of shutdownWrite() is normally to notify the other end
  // of the connection that no more data will be sent.  If we do nothing, the
  // other end will never know that no more data is coming, and this may result
  // in protocol deadlock.)
  close();
}

void folly::AsyncSSLSocket::shutdownWriteNow ( )

overridevirtual

Perform a half-shutdown of the write side of the transport.

shutdownWriteNow() is identical to shutdownWrite(), except that it immediately performs the shutdown, rather than waiting for pending writes to complete. Any pending write requests will be immediately failed when shutdownWriteNow() is called.

Reimplemented from folly::AsyncSocket.

Definition at line 370 of file AsyncSSLSocket.cpp.

References closeNow().

Referenced by newSocket().

                                      {
  closeNow();
}

void folly::AsyncSSLSocket::sslAccept ( HandshakeCB *  callback, std::chrono::milliseconds  timeout = std::chrono::milliseconds::zero(), const folly::SSLContext::SSLVerifyPeerEnum &  verifyPeer = folly::SSLContext::SSLVerifyPeerEnum::USE_CTX  )

virtual

Accept an SSL connection on the socket.

The callback will be invoked and uninstalled when an SSL connection has been established on the underlying socket. The value of verifyPeer determines the client verification method. By default, its set to use the value in the underlying context

Parameters

callback	callback object to invoke on success/failure
timeout	timeout for this function in milliseconds, or 0 for no timeout
verifyPeer	SSLVerifyPeerEnum uses the options specified in the context by default, can be set explcitly to override the method in the context

Reimplemented in folly::test::MockAsyncSSLSocket.

Definition at line 461 of file AsyncSSLSocket.cpp.

References folly::AsyncSocket::cacheAddresses(), cacheAddrOnFailure_, checkForImmediateRead(), ctx_, folly::EventBase::dcheckIsInEventBaseThread(), folly::AsyncSocket::eventBase_, folly::AsyncSocket::getFd(), folly::SSLContext::getSSLCtx(), folly::ssl::OpenSSLUtils::getSSLInitialCtx(), folly::gen::guard(), handshakeCallback_, handshakeEndTime_, handshakeStartTime_, handshakeTimeout_, invalidState(), folly::gen::move, now(), folly::EventHandler::READ, folly::AsyncSSLSocket::Timeout::scheduleTimeout(), server_, folly::ssl::OpenSSLUtils::setSSLInitialCtx(), ssl_, folly::portability::ssl::SSL_SESSION_get0_hostname(), sslInfoCallback(), sslState_, STATE_ACCEPTING, STATE_UNENCRYPTED, STATE_UNINIT, string, folly::AsyncSocket::updateEventRegistration(), verifyPeer_, and folly::EventHandler::WRITE.

Referenced by folly::SSLServerAcceptCallback::connAccepted(), folly::SSLServerAsyncCacheAcceptCallback::connAccepted(), folly::HandshakeErrorCallback::connAccepted(), and getSecurityProtocol().

                                                   {
  DestructorGuard dg(this);
  eventBase_->dcheckIsInEventBaseThread();
  verifyPeer_ = verifyPeer;

  // Make sure we're in the uninitialized state
  if (!server_ ||
      (sslState_ != STATE_UNINIT && sslState_ != STATE_UNENCRYPTED) ||
      handshakeCallback_ != nullptr) {
    return invalidState(callback);
  }

  // Cache local and remote socket addresses to keep them available
  // after socket file descriptor is closed.
  if (cacheAddrOnFailure_) {
    cacheAddresses();
  }

  handshakeStartTime_ = std::chrono::steady_clock::now();
  // Make end time at least >= start time.
  handshakeEndTime_ = handshakeStartTime_;

  sslState_ = STATE_ACCEPTING;
  handshakeCallback_ = callback;

  if (timeout > std::chrono::milliseconds::zero()) {
    handshakeTimeout_.scheduleTimeout(timeout);
  }

  /* register for a read operation (waiting for CLIENT HELLO) */
  updateEventRegistration(EventHandler::READ, EventHandler::WRITE);

  checkForImmediateRead();
}

void folly::AsyncSSLSocket::sslConn ( HandshakeCB *  callback, std::chrono::milliseconds  timeout = std::chrono::milliseconds::zero(), const folly::SSLContext::SSLVerifyPeerEnum &  verifyPeer = folly::SSLContext::SSLVerifyPeerEnum::USE_CTX  )

virtual

Initiate an SSL connection on the socket The callback will be invoked and uninstalled when an SSL connection has been establshed on the underlying socket. The verification option verifyPeer is applied if it's passed explicitly. If it's not, the options in SSLContext set on the underlying SSLContext are applied.

Parameters

callback	callback object to invoke on success/failure
timeout	timeout for this function in milliseconds, or 0 for no timeout
verifyPeer	SSLVerifyPeerEnum uses the options specified in the context by default, can be set explcitly to override the method in the context. If verification is turned on sets SSL_VERIFY_PEER and invokes HandshakeCB::handshakeVer().

Reimplemented in folly::test::MockAsyncSSLSocket.

Definition at line 753 of file AsyncSSLSocket.cpp.

References applyVerificationOptions(), folly::AsyncSocket::cacheAddresses(), cacheAddrOnFailure_, ctx_, folly::EventBase::dcheckIsInEventBaseThread(), folly::AsyncSocket::eventBase_, failHandshake(), folly::AsyncSocket::fd_, getSSLExDataIndex(), handshakeCallback_, handshakeConnectTimeout_, folly::AsyncSocketException::INTERNAL_ERROR, invalidState(), server_, sessionResumptionAttempted_, setupSSLBio(), ssl_, sslSession_, sslState_, startSSLConnect(), STATE_CONNECTING, STATE_ERROR, STATE_UNENCRYPTED, STATE_UNINIT, and verifyPeer_.

Referenced by SSLCacheClient::connectSuccess(), and getSecurityProtocol().

                                                   {
  DestructorGuard dg(this);
  eventBase_->dcheckIsInEventBaseThread();

  // Cache local and remote socket addresses to keep them available
  // after socket file descriptor is closed.
  if (cacheAddrOnFailure_) {
    cacheAddresses();
  }

  verifyPeer_ = verifyPeer;

  // Make sure we're in the uninitialized state
  if (server_ ||
      (sslState_ != STATE_UNINIT && sslState_ != STATE_UNENCRYPTED) ||
      handshakeCallback_ != nullptr) {
    return invalidState(callback);
  }

  sslState_ = STATE_CONNECTING;
  handshakeCallback_ = callback;

  try {
    ssl_.reset(ctx_->createSSL());
  } catch (std::exception& e) {
    sslState_ = STATE_ERROR;
    AsyncSocketException ex(
        AsyncSocketException::INTERNAL_ERROR,
        "error calling SSLContext::createSSL()");
    LOG(ERROR) << "AsyncSSLSocket::sslConn(this=" << this << ", fd=" << fd_
               << "): " << e.what();
    return failHandshake(__func__, ex);
  }

  if (!setupSSLBio()) {
    sslState_ = STATE_ERROR;
    AsyncSocketException ex(
        AsyncSocketException::INTERNAL_ERROR, "error creating SSL bio");
    return failHandshake(__func__, ex);
  }

  applyVerificationOptions(ssl_);

  if (sslSession_ != nullptr) {
    sessionResumptionAttempted_ = true;
    SSL_set_session(ssl_.get(), sslSession_);
    SSL_SESSION_free(sslSession_);
    sslSession_ = nullptr;
  }
#if FOLLY_OPENSSL_HAS_SNI
  if (tlsextHostname_.size()) {
    SSL_set_tlsext_host_name(ssl_.get(), tlsextHostname_.c_str());
  }
#endif

  SSL_set_ex_data(ssl_.get(), getSSLExDataIndex(), this);

  handshakeConnectTimeout_ = timeout;
  startSSLConnect();
}

void folly::AsyncSSLSocket::sslInfoCallback ( const SSL *  ssl, int  type, int  val  )

staticprotected

Definition at line 1686 of file AsyncSSLSocket.cpp.

References alertsReceived_, getFromSSL(), handshakeComplete_, renegotiateAttempted_, and type.

Referenced by AsyncSSLSocket(), sslAccept(), and sslWriteImpl().

                                                                       {
  AsyncSSLSocket* sslSocket = AsyncSSLSocket::getFromSSL(ssl);
  if (sslSocket->handshakeComplete_ && (where & SSL_CB_HANDSHAKE_START)) {
    sslSocket->renegotiateAttempted_ = true;
  }
  if (where & SSL_CB_READ_ALERT) {
    const char* type = SSL_alert_type_string(ret);
    if (type) {
      const char* desc = SSL_alert_desc_string(ret);
      sslSocket->alertsReceived_.emplace_back(
          *type, StringPiece(desc, std::strlen(desc)));
    }
  }
}

int folly::AsyncSSLSocket::sslVerifyCallback ( int  preverifyOk, X509_STORE_CTX *  ctx  )

staticprotected

Definition at line 1782 of file AsyncSSLSocket.cpp.

References getFromSSL().

Referenced by applyVerificationOptions().

                             {
  SSL* ssl = (SSL*)X509_STORE_CTX_get_ex_data(
      x509Ctx, SSL_get_ex_data_X509_STORE_CTX_idx());
  AsyncSSLSocket* self = AsyncSSLSocket::getFromSSL(ssl);

  VLOG(3) << "AsyncSSLSocket::sslVerifyCallback() this=" << self << ", "
          << "fd=" << self->fd_ << ", preverifyOk=" << preverifyOk;
  return (self->handshakeCallback_)
      ? self->handshakeCallback_->handshakeVer(self, preverifyOk, x509Ctx)
      : preverifyOk;
}

virtual int folly::AsyncSSLSocket::sslWriteImpl ( SSL *  ssl, const void *  buf, int  n  )

inlineprotectedvirtual

Definition at line 855 of file AsyncSSLSocket.h.

References applyVerificationOptions(), eorAwareSSLWrite(), failHandshake(), invokeConnectErr(), invokeConnectSuccess(), invokeHandshakeCB(), invokeHandshakeErr(), scheduleConnectTimeout(), setupSSLBio(), sslInfoCallback(), startSSLConnect(), type, and val.

Referenced by eorAwareSSLWrite().

                                                             {
    return SSL_write(ssl, buf, n);
  }

void folly::AsyncSSLSocket::startSSLConnect ( )

protected

Definition at line 819 of file AsyncSSLSocket.cpp.

References handleConnect(), handshakeConnectTimeout_, handshakeEndTime_, handshakeStartTime_, handshakeTimeout_, now(), and folly::AsyncSSLSocket::Timeout::scheduleTimeout().

Referenced by invokeConnectSuccess(), sslConn(), and sslWriteImpl().

                                     {
  handshakeStartTime_ = std::chrono::steady_clock::now();
  // Make end time at least >= start time.
  handshakeEndTime_ = handshakeStartTime_;
  if (handshakeConnectTimeout_ > std::chrono::milliseconds::zero()) {
    handshakeTimeout_.scheduleTimeout(handshakeConnectTimeout_);
  }
  handleConnect();
}

void folly::AsyncSSLSocket::timeoutExpired ( std::chrono::milliseconds  timeout )

noexcept

Definition at line 609 of file AsyncSSLSocket.cpp.

References folly::AsyncSocket::CONNECTING, folly::AsyncSocket::ESTABLISHED, failHandshake(), folly::sformat(), sslState_, folly::AsyncSocket::state_, STATE_ACCEPTING, STATE_ASYNC_PENDING, STATE_CACHE_LOOKUP, STATE_CONNECTING, STATE_ERROR, folly::AsyncSocketException::TIMED_OUT, and folly::detail::timeout.

                                            {
  if (state_ == StateEnum::ESTABLISHED &&
      (sslState_ == STATE_CACHE_LOOKUP || sslState_ == STATE_ASYNC_PENDING)) {
    sslState_ = STATE_ERROR;
    // We are expecting a callback in restartSSLAccept.  The cache lookup
    // and rsa-call necessarily have pointers to this ssl socket, so delay
    // the cleanup until he calls us back.
  } else if (state_ == StateEnum::CONNECTING) {
    assert(sslState_ == STATE_CONNECTING);
    DestructorGuard dg(this);
    AsyncSocketException ex(
        AsyncSocketException::TIMED_OUT,
        "Fallback connect timed out during TFO");
    failHandshake(__func__, ex);
  } else {
    assert(
        state_ == StateEnum::ESTABLISHED &&
        (sslState_ == STATE_CONNECTING || sslState_ == STATE_ACCEPTING));
    DestructorGuard dg(this);
    AsyncSocketException ex(
        AsyncSocketException::TIMED_OUT,
        folly::sformat(
            "SSL {} timed out after {}ms",
            (sslState_ == STATE_CONNECTING) ? "connect" : "accept",
            timeout.count()));
    failHandshake(__func__, ex);
  }
}

bool folly::AsyncSSLSocket::willBlock ( int  ret, int *  sslErrorOut, unsigned long *  errErrorOut  )

protectednoexcept

Definition at line 971 of file AsyncSSLSocket.cpp.

References asyncOperationFinishCallback_, folly::AsyncSocket::eventBase_, folly::AsyncSocket::eventFlags_, folly::AsyncSocket::fd_, folly::gen::move, folly::AsyncPipeReader::newReader(), folly::EventHandler::NONE, folly::EventHandler::READ, ssl_, sslState_, folly::AsyncSocket::state_, STATE_ASYNC_PENDING, STATE_CACHE_LOOKUP, folly::AsyncSocket::updateEventRegistration(), and folly::EventHandler::WRITE.

Referenced by handleConnect(), handleReturnFromSSLAccept(), and setAsyncOperationFinishCallback().

                                         {
  *errErrorOut = 0;
  int error = *sslErrorOut = SSL_get_error(ssl_.get(), ret);
  if (error == SSL_ERROR_WANT_READ) {
    // Register for read event if not already.
    updateEventRegistration(EventHandler::READ, EventHandler::WRITE);
    return true;
  } else if (error == SSL_ERROR_WANT_WRITE) {
    VLOG(3) << "AsyncSSLSocket(fd=" << fd_ << ", state=" << int(state_)
            << ", sslState=" << sslState_ << ", events=" << eventFlags_ << "): "
            << "SSL_ERROR_WANT_WRITE";
    // Register for write event if not already.
    updateEventRegistration(EventHandler::WRITE, EventHandler::READ);
    return true;
#ifdef SSL_ERROR_WANT_SESS_CACHE_LOOKUP
  } else if (error == SSL_ERROR_WANT_SESS_CACHE_LOOKUP) {
    // We will block but we can't register our own socket.  The callback that
    // triggered this code will re-call handleAccept at the appropriate time.

    // We can only get here if the linked libssl.so has support for this feature
    // as well, otherwise SSL_get_error cannot return our error code.
    sslState_ = STATE_CACHE_LOOKUP;

    // Unregister for all events while blocked here
    updateEventRegistration(
        EventHandler::NONE, EventHandler::READ | EventHandler::WRITE);

    // The timeout (if set) keeps running here
    return true;
#endif
  } else if ((false
#ifdef SSL_ERROR_WANT_RSA_ASYNC_PENDING
              || error == SSL_ERROR_WANT_RSA_ASYNC_PENDING
#endif
#ifdef SSL_ERROR_WANT_ECDSA_ASYNC_PENDING
              || error == SSL_ERROR_WANT_ECDSA_ASYNC_PENDING
#endif
#ifdef SSL_ERROR_WANT_ASYNC // OpenSSL 1.1.0 Async API
              || error == SSL_ERROR_WANT_ASYNC
#endif
              )) {
    // Our custom openssl function has kicked off an async request to do
    // rsa/ecdsa private key operation.  When that call returns, a callback will
    // be invoked that will re-call handleAccept.
    sslState_ = STATE_ASYNC_PENDING;

    // Unregister for all events while blocked here
    updateEventRegistration(
        EventHandler::NONE, EventHandler::READ | EventHandler::WRITE);

#ifdef SSL_ERROR_WANT_ASYNC
    if (error == SSL_ERROR_WANT_ASYNC) {
      size_t numfds;
      if (SSL_get_all_async_fds(ssl_.get(), NULL, &numfds) <= 0) {
        VLOG(4) << "SSL_ERROR_WANT_ASYNC but no async FDs set!";
        return false;
      }
      if (numfds != 1) {
        VLOG(4) << "SSL_ERROR_WANT_ASYNC expected exactly 1 async fd, got "
                << numfds;
        return false;
      }
      OSSL_ASYNC_FD ofd; // This should just be an int in POSIX
      if (SSL_get_all_async_fds(ssl_.get(), &ofd, &numfds) <= 0) {
        VLOG(4) << "SSL_ERROR_WANT_ASYNC cant get async fd";
        return false;
      }

      auto asyncPipeReader = AsyncPipeReader::newReader(eventBase_, ofd);
      auto asyncPipeReaderPtr = asyncPipeReader.get();
      if (!asyncOperationFinishCallback_) {
        asyncOperationFinishCallback_.reset(
            new DefaultOpenSSLAsyncFinishCallback(
                std::move(asyncPipeReader), this, DestructorGuard(this)));
      }
      asyncPipeReaderPtr->setReadCB(asyncOperationFinishCallback_.get());
    }
#endif

    // The timeout (if set) keeps running here
    return true;
  } else {
    unsigned long lastError = *errErrorOut = ERR_get_error();
    VLOG(6) << "AsyncSSLSocket(fd=" << fd_ << ", "
            << "state=" << state_ << ", "
            << "sslState=" << sslState_ << ", "
            << "events=" << std::hex << eventFlags_ << "): "
            << "SSL error: " << error << ", "
            << "errno: " << errno << ", "
            << "ret: " << ret << ", "
            << "read: " << BIO_number_read(SSL_get_rbio(ssl_.get())) << ", "
            << "written: " << BIO_number_written(SSL_get_wbio(ssl_.get()))
            << ", "
            << "func: " << ERR_func_error_string(lastError) << ", "
            << "reason: " << ERR_reason_error_string(lastError);
    return false;
  }
}

Member Data Documentation

std::vector<std::pair<char, StringPiece> > folly::AsyncSSLSocket::alertsReceived_

protected

Definition at line 954 of file AsyncSSLSocket.h.

Referenced by getSSLAlertsReceived(), and sslInfoCallback().

size_t folly::AsyncSSLSocket::appEorByteNo_ {0}

protected

Definition at line 926 of file AsyncSSLSocket.h.

Referenced by eorAwareSSLWrite(), and setEorTracking().

std::unique_ptr<ReadCallback> folly::AsyncSSLSocket::asyncOperationFinishCallback_

protected

Definition at line 968 of file AsyncSSLSocket.h.

Referenced by setAsyncOperationFinishCallback(), and willBlock().

bool folly::AsyncSSLSocket::bufferMovableEnabled_ {false}

protected

Definition at line 951 of file AsyncSSLSocket.h.

Referenced by setBufferMovableEnabled(), and setReadCB().

bool folly::AsyncSSLSocket::cacheAddrOnFailure_ {false}

protected

Definition at line 950 of file AsyncSSLSocket.h.

Referenced by forceCacheAddrOnFailure(), sslAccept(), and sslConn().

bool folly::AsyncSSLSocket::certCacheHit_ {false}

protected

Definition at line 952 of file AsyncSSLSocket.h.

Referenced by getCertCacheHit(), and setCertCacheHit().

std::unique_ptr<ssl::ClientHelloInfo> folly::AsyncSSLSocket::clientHelloInfo_

protected

Definition at line 953 of file AsyncSSLSocket.h.

Referenced by clientHelloParsingCallback(), enableClientHelloParsing(), getClientHelloInfo(), getSSLClientCiphers(), getSSLClientComprMethods(), getSSLClientExts(), getSSLClientSigAlgs(), getSSLClientSupportedVersions(), and resetClientHelloParsing().

Timeout folly::AsyncSSLSocket::connectionTimeout_

protected

Definition at line 922 of file AsyncSSLSocket.h.

Referenced by attachEventBase(), detachEventBase(), invokeConnectErr(), invokeConnectSuccess(), and scheduleConnectTimeout().

bool folly::AsyncSSLSocket::corkCurrentWrite_ {false}

protected

Definition at line 906 of file AsyncSSLSocket.h.

Referenced by performWrite().

std::shared_ptr<folly::SSLContext> folly::AsyncSSLSocket::ctx_

protected

Definition at line 916 of file AsyncSSLSocket.h.

Referenced by applyVerificationOptions(), AsyncSSLSocket(), getSSLContext(), handleAccept(), init(), needsPeerVerification(), sslAccept(), and sslConn().

HandshakeCB* folly::AsyncSSLSocket::handshakeCallback_ {nullptr}

protected

Definition at line 918 of file AsyncSSLSocket.h.

Referenced by invalidState(), invokeHandshakeCB(), invokeHandshakeErr(), folly::test::MockAsyncSSLSocket::sslAccept(), sslAccept(), folly::test::MockAsyncSSLSocket::sslConn(), and sslConn().

bool folly::AsyncSSLSocket::handshakeComplete_ {false}

protected

Definition at line 913 of file AsyncSSLSocket.h.

Referenced by handleConnect(), handleReturnFromSSLAccept(), and sslInfoCallback().

std::chrono::milliseconds folly::AsyncSSLSocket::handshakeConnectTimeout_ {0}

protected

Definition at line 959 of file AsyncSSLSocket.h.

Referenced by sslConn(), and startSSLConnect().

std::chrono::steady_clock::time_point folly::AsyncSSLSocket::handshakeEndTime_

protected

Definition at line 958 of file AsyncSSLSocket.h.

Referenced by getHandshakeTime(), invalidState(), invokeHandshakeCB(), invokeHandshakeErr(), sslAccept(), and startSSLConnect().

std::chrono::steady_clock::time_point folly::AsyncSSLSocket::handshakeStartTime_

protected

Definition at line 957 of file AsyncSSLSocket.h.

Referenced by getHandshakeTime(), sslAccept(), and startSSLConnect().

Timeout folly::AsyncSSLSocket::handshakeTimeout_

protected

Definition at line 921 of file AsyncSSLSocket.h.

Referenced by attachEventBase(), attachTimeoutManager(), closeNow(), detachEventBase(), detachTimeoutManager(), failHandshake(), handleConnect(), invalidState(), invokeConnectErr(), invokeHandshakeCB(), isDetachable(), folly::test::MockAsyncSSLSocket::sslAccept(), sslAccept(), folly::test::MockAsyncSSLSocket::sslConn(), and startSSLConnect().

size_t folly::AsyncSSLSocket::minEorRawByteNo_ {0}

protected

Definition at line 934 of file AsyncSSLSocket.h.

Referenced by eorAwareSSLWrite(), and setEorTracking().

size_t folly::AsyncSSLSocket::minWriteSize_ {1500}

protected

Definition at line 930 of file AsyncSSLSocket.h.

Referenced by getMinWriteSize(), performWrite(), and setMinWriteSize().

bool folly::AsyncSSLSocket::parseClientHello_ {false}

protected

Definition at line 949 of file AsyncSSLSocket.h.

Referenced by enableClientHelloParsing(), getSSLClientCiphers(), getSSLClientComprMethods(), getSSLClientExts(), getSSLClientSigAlgs(), getSSLClientSupportedVersions(), and handleAccept().

bool folly::AsyncSSLSocket::renegotiateAttempted_ {false}

protected

Definition at line 914 of file AsyncSSLSocket.h.

Referenced by performRead(), and sslInfoCallback().

bool folly::AsyncSSLSocket::server_ {false}

protected

Definition at line 908 of file AsyncSSLSocket.h.

Referenced by connect(), connecting(), handleAccept(), handleConnect(), handleRead(), handleWrite(), invalidState(), performRead(), sslAccept(), and sslConn().

bool folly::AsyncSSLSocket::sessionIDResumed_ {false}

protected

Definition at line 966 of file AsyncSSLSocket.h.

Referenced by sessionIDResumed(), and setSessionIDResumed().

std::string folly::AsyncSSLSocket::sessionKey_

protected

Definition at line 941 of file AsyncSSLSocket.h.

Referenced by getSessionKey(), and setSessionKey().

bool folly::AsyncSSLSocket::sessionResumptionAttempted_ {false}

protected

Definition at line 964 of file AsyncSSLSocket.h.

Referenced by sessionResumptionAttempted(), and sslConn().

ssl::SSLUniquePtr folly::AsyncSSLSocket::ssl_

protected

Definition at line 919 of file AsyncSSLSocket.h.

Referenced by checkForImmediateRead(), closeNow(), getNegotiatedCipherName(), getPeerCertificate(), getRawBytesReceived(), getRawBytesWritten(), getSelectedNextProtocolNoThrow(), getSelfCert(), getSelfCertificate(), getSSL(), getSSLCertSigAlgName(), getSSLCertSize(), getSSLServerCiphers(), getSSLServerName(), getSSLServerNameNoThrow(), getSSLSession(), getSSLSessionReused(), getSSLSharedCiphers(), getSSLVersion(), handleAccept(), handleConnect(), performRead(), performWrite(), setReadCB(), setupSSLBio(), sslAccept(), sslConn(), and willBlock().

SSL_SESSION* folly::AsyncSSLSocket::sslSession_ {nullptr}

protected

Definition at line 920 of file AsyncSSLSocket.h.

Referenced by closeNow(), getSSLSession(), setSSLSession(), and sslConn().

SSLStateEnum folly::AsyncSSLSocket::sslState_ {STATE_UNINIT}

protected

Definition at line 915 of file AsyncSSLSocket.h.

Referenced by AsyncSSLSocket(), closeNow(), connect(), connecting(), getSecurityProtocol(), getSSLSession(), getSSLSessionReused(), getSSLState(), good(), handleAccept(), handleConnect(), handleRead(), handleReturnFromSSLAccept(), handleWrite(), interpretSSLError(), invalidState(), invokeConnectErr(), invokeConnectSuccess(), performRead(), performWrite(), restartSSLAccept(), scheduleConnectTimeout(), folly::test::MockAsyncSSLSocket::sslAccept(), sslAccept(), folly::test::MockAsyncSSLSocket::sslConn(), sslConn(), timeoutExpired(), willBlock(), and ~AsyncSSLSocket().

std::string folly::AsyncSSLSocket::sslVerificationAlert_

protected

Definition at line 962 of file AsyncSSLSocket.h.

Referenced by getSSLCertVerificationAlert(), and setSSLCertVerificationAlert().

std::chrono::milliseconds folly::AsyncSSLSocket::totalConnectTimeout_ {0}

protected

Definition at line 960 of file AsyncSSLSocket.h.

Referenced by connect(), and getTotalConnectTimeout().

folly::SSLContext::SSLVerifyPeerEnum folly::AsyncSSLSocket::verifyPeer_

protected

Initial value:

{
      folly::SSLContext::SSLVerifyPeerEnum::USE_CTX}

Definition at line 943 of file AsyncSSLSocket.h.

Referenced by applyVerificationOptions(), needsPeerVerification(), sslAccept(), and sslConn().

---

The documentation for this class was generated from the following files:

• proxygen/folly/folly/io/async/AsyncSSLSocket.h
• proxygen/folly/folly/io/async/AsyncSSLSocket.cpp