proxygen: wangle::ServerSSLContext Class Reference

#include <ServerSSLContext.h>

Inheritance diagram for wangle::ServerSSLContext:

Public Member Functions
	ServerSSLContext (SSLVersion version=TLSv1)

virtual	~ServerSSLContext () override=default

void	setupTicketManager (const TLSTicketKeySeeds ticketSeeds, const SSLContextConfig &ctxConfig, SSLStats stats)

void	setupSessionCache (const SSLContextConfig &ctxConfig, const SSLCacheOptions &cacheOptions, const std::shared_ptr< SSLCacheProvider > &externalCache, const std::string &sessionIdContext, SSLStats *stats)

TLSTicketKeyManager *	getTicketManager ()

SSLSessionCacheManager *	getSessionCacheManager ()

Public Member Functions inherited from folly::SSLContext
	SSLContext (SSLVersion version=TLSv1)

virtual	~SSLContext ()

virtual void	ciphers (const std::string &ciphers)

virtual void	setCiphersOrThrow (const std::string &ciphers)

template<typename Iterator >
void	setCipherList (Iterator ibegin, Iterator iend)

template<typename Container >
void	setCipherList (const Container &cipherList)

template<typename Value >
void	setCipherList (const std::initializer_list< Value > &cipherList)

template<typename Iterator >
void	setSignatureAlgorithms (Iterator ibegin, Iterator iend)

template<typename Container >
void	setSignatureAlgorithms (const Container &sigalgs)

template<typename Value >
void	setSignatureAlgorithms (const std::initializer_list< Value > &sigalgs)

void	setClientECCurvesList (const std::vector< std::string > &ecCurves)

void	setServerECCurve (const std::string &curveName)

void	setX509VerifyParam (const ssl::X509VerifyParam &x509VerifyParam)

virtual void	setVerificationOption (const SSLVerifyPeerEnum &verifyPeer)

virtual bool	needsPeerVerification ()

virtual int	getVerificationMode ()

virtual void	authenticate (bool checkPeerCert, bool checkPeerName, const std::string &peerName=std::string())

virtual void	loadCertificate (const char path, const char format="PEM")

virtual void	loadCertificateFromBufferPEM (folly::StringPiece cert)

virtual void	loadPrivateKey (const char path, const char format="PEM")

virtual void	loadPrivateKeyFromBufferPEM (folly::StringPiece pkey)

virtual void	loadCertKeyPairFromBufferPEM (folly::StringPiece cert, folly::StringPiece pkey)

virtual void	loadCertKeyPairFromFiles (const char certPath, const char keyPath, const char certFormat="PEM", const char keyFormat="PEM")

virtual bool	isCertKeyPairValid () const

virtual void	loadTrustedCertificates (const char *path)

virtual void	loadTrustedCertificates (X509_STORE *store)

virtual void	loadClientCAList (const char *path)

virtual void	passwordCollector (std::shared_ptr< PasswordCollector > collector)

virtual std::shared_ptr< PasswordCollector >	passwordCollector ()

SSL *	createSSL () const

void	setSessionCacheContext (const std::string &context)

void	setOptions (long options)

SSL_CTX *	getSSLCtx () const

bool	checkPeerName ()

std::string	peerFixedName ()

void	sslAcceptRunner (std::unique_ptr< SSLAcceptRunner > runner)

const SSLAcceptRunner *	sslAcceptRunner ()

Private Attributes
std::unique_ptr< TLSTicketKeyManager >	ticketManager_

std::unique_ptr< SSLSessionCacheManager >	sessionCacheManager_

Additional Inherited Members
Public Types inherited from folly::SSLContext
enum	SSLVersion { SSLv2, SSLv3, TLSv1, TLSv1_2 }

enum	SSLVerifyPeerEnum { USE_CTX, VERIFY, VERIFY_REQ_CLIENT_CERT, NO_VERIFY }

using	ClientProtocolFilterCallback = bool()(unsigned char , unsigned int , const unsigned char *, unsigned int)

Static Public Member Functions inherited from folly::SSLContext
static std::string	getErrors ()

static int	getVerificationMode (const SSLVerifyPeerEnum &verifyPeer)

static std::string	getErrors (int errnoCopy)

static bool	matchName (const char host, const char pattern, int size)

static void	initializeOpenSSL ()

Protected Attributes inherited from folly::SSLContext
SSL_CTX *	ctx_

Detailed Description

Definition at line 42 of file ServerSSLContext.h.

Constructor & Destructor Documentation

wangle::ServerSSLContext::ServerSSLContext ( SSLVersion version = TLSv1 )

explicit

Definition at line 30 of file ServerSSLContext.cpp.

References folly::SSLContext::setSessionCacheContext().

     : folly::SSLContext(version) {
   setSessionCacheContext("ServerSSLContext");
 }

virtual wangle::ServerSSLContext::~ServerSSLContext ( )

overridevirtualdefault

Member Function Documentation

SSLSessionCacheManager* wangle::ServerSSLContext::getSessionCacheManager ( )

inline

Definition at line 66 of file ServerSSLContext.h.

                                                    {
     return sessionCacheManager_.get();
   }

TLSTicketKeyManager* wangle::ServerSSLContext::getTicketManager ( )

inline

Definition at line 61 of file ServerSSLContext.h.

                                           {
     return ticketManager_.get();
   }

void wangle::ServerSSLContext::setupSessionCache	(	const SSLContextConfig &	ctxConfig,
		const SSLCacheOptions &	cacheOptions,
		const std::shared_ptr< SSLCacheProvider > &	externalCache,
		const std::string &	sessionIdContext,
		SSLStats *	stats
	)

Definition at line 57 of file ServerSSLContext.cpp.

References folly::SSLContext::getSSLCtx(), wangle::SSLCacheOptions::maxSSLCacheSize, wangle::SSLContextConfig::sessionCacheEnabled, sessionCacheManager_, wangle::SSLCacheOptions::sslCacheFlushSize, and wangle::SSLCacheOptions::sslCacheTimeout.

                      {
   // the internal cache never does what we want (per-thread-per-vip).
   // Disable it.  SSLSessionCacheManager will set it appropriately.
   SSL_CTX_set_session_cache_mode(getSSLCtx(), SSL_SESS_CACHE_OFF);
   SSL_CTX_set_timeout(getSSLCtx(), cacheOptions.sslCacheTimeout.count());
   if (ctxConfig.sessionCacheEnabled &&
       cacheOptions.maxSSLCacheSize > 0 &&
       cacheOptions.sslCacheFlushSize > 0) {
     sessionCacheManager_ = std::make_unique<SSLSessionCacheManager>(
       cacheOptions.maxSSLCacheSize,
       cacheOptions.sslCacheFlushSize,
       this,
       sessionIdContext,
       stats,
       externalCache);
   } else {
     sessionCacheManager_.reset();
   }
 }

void wangle::ServerSSLContext::setupTicketManager	(	const TLSTicketKeySeeds *	ticketSeeds,
		const SSLContextConfig &	ctxConfig,
		SSLStats *	stats
	)

Definition at line 35 of file ServerSSLContext.cpp.

References wangle::TLSTicketKeySeeds::currentSeeds, wangle::TLSTicketKeySeeds::newSeeds, wangle::TLSTicketKeySeeds::oldSeeds, OPENSSL_MISSING_FEATURE, wangle::SSLContextConfig::sessionTicketEnabled, folly::SSLContext::setOptions(), and ticketManager_.

                      {
 #ifdef SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB
   if (ticketSeeds && ctxConfig.sessionTicketEnabled) {
     ticketManager_ = std::make_unique<TLSTicketKeyManager>(this, stats);
     ticketManager_->setTLSTicketKeySeeds(
         ticketSeeds->oldSeeds,
         ticketSeeds->currentSeeds,
         ticketSeeds->newSeeds);
   } else {
     setOptions(SSL_OP_NO_TICKET);
     ticketManager_.reset();
   }
 #else
   if (ticketSeeds && ctxConfig.sessionTicketEnabled) {
     OPENSSL_MISSING_FEATURE(TLSTicket);
   }
 #endif
 }

Member Data Documentation

std::unique_ptr<SSLSessionCacheManager> wangle::ServerSSLContext::sessionCacheManager_

private

Definition at line 72 of file ServerSSLContext.h.

Referenced by setupSessionCache().

std::unique_ptr<TLSTicketKeyManager> wangle::ServerSSLContext::ticketManager_

private

Definition at line 71 of file ServerSSLContext.h.

Referenced by setupTicketManager().

The documentation for this class was generated from the following files:

proxygen/wangle/wangle/ssl/ServerSSLContext.h
proxygen/wangle/wangle/ssl/ServerSSLContext.cpp

Public Member Functions

Private Attributes

Additional Inherited Members

Detailed Description

Constructor & Destructor Documentation

Member Function Documentation

Member Data Documentation