Skip to content

Commit 860596a

Browse files
binarytrailsbinarytrails
committed
http: add ssl verify callback
1 parent dcdfeb0 commit 860596a

File tree

2 files changed

+30
-19
lines changed

2 files changed

+30
-19
lines changed

include/opendht/http.h

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -63,6 +63,7 @@ using HandlerCb = std::function<void(const asio::error_code& ec)>;
6363
using BytesHandlerCb = std::function<void(const asio::error_code& ec, const size_t bytes)>;
6464
using ConnectHandlerCb = std::function<void(const asio::error_code& ec,
6565
const asio::ip::tcp::endpoint& endpoint)>;
66+
using SSLVerifyCb = std::function<bool(bool preverified, asio::ssl::verify_context& ctx)>;
6667

6768
using ssl_socket_t = restinio::impl::tls_socket_t;
6869
using socket_t = asio::ip::tcp::socket;
@@ -91,11 +92,10 @@ class OPENDHT_PUBLIC Connection
9192

9293
unsigned int id();
9394
bool is_open();
94-
bool is_v6();
9595
bool is_ssl();
9696

97-
void set_endpoint(const asio::ip::tcp::endpoint& endpoint,
98-
const asio::ssl::verify_mode verify_mode = asio::ssl::verify_none);
97+
void set_ssl_verification(const asio::ip::tcp::endpoint& endpoint, const asio::ssl::verify_mode verify_mode);
98+
void set_ssl_verification(SSLVerifyCb verify_cb, const asio::ssl::verify_mode verify_mode);
9999

100100
asio::streambuf& input();
101101
asio::streambuf& data();
@@ -122,8 +122,6 @@ class OPENDHT_PUBLIC Connection
122122
std::unique_ptr<ssl_socket_t> ssl_socket_;
123123
std::unique_ptr<asio::const_buffer> certificate_;
124124

125-
asio::ip::tcp::endpoint endpoint_;
126-
127125
asio::streambuf write_buf_;
128126
asio::streambuf read_buf_;
129127

@@ -248,6 +246,7 @@ class OPENDHT_PUBLIC Request
248246

249247
void add_on_status_callback(OnStatusCb cb);
250248
void add_on_body_callback(OnDataCb cb);
249+
void add_on_ssl_verify_callback(SSLVerifyCb cb);
251250
void add_on_state_change_callback(OnStateChangeCb cb);
252251

253252
void send();
@@ -270,6 +269,7 @@ class OPENDHT_PUBLIC Request
270269
OnCompleteCb on_headers_complete;
271270
OnCompleteCb on_message_complete;
272271

272+
SSLVerifyCb ssl_verify;
273273
OnStateChangeCb on_state_change;
274274
};
275275

src/http.cpp

Lines changed: 25 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -152,24 +152,17 @@ Connection::is_open()
152152
return socket_->is_open();
153153
}
154154

155-
bool
156-
Connection::is_v6()
157-
{
158-
return endpoint_.address().is_v6();
159-
}
160-
161155
bool
162156
Connection::is_ssl()
163157
{
164158
return ssl_ctx_ ? true : false;
165159
}
166160

167161
void
168-
Connection::set_endpoint(const asio::ip::tcp::endpoint& endpoint, const asio::ssl::verify_mode verify_mode)
162+
Connection::set_ssl_verification(const asio::ip::tcp::endpoint& endpoint, const asio::ssl::verify_mode verify_mode)
169163
{
170-
endpoint_ = endpoint;
171164
if (ssl_ctx_ and verify_mode != asio::ssl::verify_none){
172-
auto hostname = endpoint_.address().to_string();
165+
auto hostname = endpoint.address().to_string();
173166
ssl_socket_->asio_ssl_stream().set_verify_mode(verify_mode);
174167
ssl_socket_->asio_ssl_stream().set_verify_callback(
175168
[this, hostname](bool preverified, asio::ssl::verify_context& ctx) -> bool {
@@ -187,6 +180,17 @@ Connection::set_endpoint(const asio::ip::tcp::endpoint& endpoint, const asio::ss
187180
}
188181
}
189182

183+
void
184+
Connection::set_ssl_verification(SSLVerifyCb verify_cb, const asio::ssl::verify_mode verify_mode)
185+
{
186+
if (ssl_ctx_ and verify_mode != asio::ssl::verify_none){
187+
ssl_socket_->asio_ssl_stream().set_verify_mode(verify_mode);
188+
ssl_socket_->asio_ssl_stream().set_verify_callback(verify_cb);
189+
if (logger_)
190+
logger_->d("[http:client] [connection:%i] ssl verify callback set", id_);
191+
}
192+
}
193+
190194
asio::streambuf&
191195
Connection::input()
192196
{
@@ -606,6 +610,13 @@ Request::add_on_body_callback(OnDataCb cb)
606610
cbs_->on_body = std::move(cb);
607611
}
608612

613+
void
614+
Request::add_on_ssl_verify_callback(SSLVerifyCb cb)
615+
{
616+
std::lock_guard<std::mutex> lock(cbs_mutex_);
617+
cbs_->ssl_verify = std::move(cb);
618+
}
619+
609620
void
610621
Request::add_on_state_change_callback(OnStateChangeCb cb)
611622
{
@@ -748,9 +759,11 @@ Request::connect(std::vector<asio::ip::tcp::endpoint>&& endpoints, HandlerCb cb)
748759
logger_->d("[http:client] [request:%i] connect success", id_);
749760

750761
if (get_url().protocol == "https"){
751-
if (certificate_)
752-
conn_->set_endpoint(endpoint, asio::ssl::verify_peer
753-
| asio::ssl::verify_fail_if_no_peer_cert);
762+
auto verify_mode = asio::ssl::verify_peer | asio::ssl::verify_fail_if_no_peer_cert;
763+
if (cbs_->ssl_verify)
764+
conn_->set_ssl_verification(cbs_->ssl_verify, verify_mode);
765+
else if (certificate_)
766+
conn_->set_ssl_verification(endpoint, verify_mode);
754767

755768
if (conn_ and conn_->is_open() and conn_->is_ssl()){
756769
conn_->async_handshake([this, cb](const asio::error_code& ec){
@@ -768,8 +781,6 @@ Request::connect(std::vector<asio::ip::tcp::endpoint>&& endpoints, HandlerCb cb)
768781
cb(asio::error::operation_aborted);
769782
return;
770783
}
771-
else
772-
conn_->set_endpoint(endpoint, asio::ssl::verify_none);
773784
}
774785
if (cb)
775786
cb(ec);

0 commit comments

Comments
 (0)