/usr/include/sipxtapi/os/OsSSL.h is in libsipxtapi-dev 3.3.0~test17-1.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 | //
// Copyright (C) 2004-2006 SIPfoundry Inc.
// Licensed by SIPfoundry under the LGPL license.
//
// Copyright (C) 2004-2006 Pingtel Corp. All rights reserved.
// Licensed to SIPfoundry under a Contributor Agreement.
//
// $$
///////////////////////////////////////////////////////////////////////////////
#ifndef _OsSSL_h_
#define _OsSSL_h__
// SYSTEM INCLUDES
// APPLICATION INCLUDES
#include "os/OsBSem.h"
#include "os/OsSysLog.h"
#include "openssl/ssl.h"
// DEFINES
// MACROS
// EXTERNAL FUNCTIONS
// EXTERNAL VARIABLES
// CONSTANTS
// STRUCTS
// TYPEDEFS
// FORWARD DECLARATIONS
class UtlString;
class UtlSList;
/// Wrapper for the OpenSSL SSL_CTX context structure.
/// This class is responsible for all global policy initialization and
/// enforcement.
class OsSSL
{
/* //////////////////////////// PUBLIC //////////////////////////////////// */
public:
/// Construct an SSL Context from which connections are created.
OsSSL(const char* authorityPath = NULL, /**< Path to a directory containing trusted
* certificates files;
* If NULL, compiled-in default is used */
const char* publicCertificatePath = NULL, /**< Path to certificate file;
* If NULL, compiled-in default is used */
const char* privateKeyPath = NULL /**< Path to private key file;
* If NULL, compiled-in default is used.
* @note: If publicCertificatePath is NULL, this
* must also be NULL.
*/
);
~OsSSL();
/* ============================ CREATORS ================================== */
/* ============================ MANIPULATORS ============================== */
/* ============================ ACCESSORS ================================= */
/// Get an SSL server connection handle
SSL* getServerConnection();
/// Get an SSL client connection handle
SSL* getClientConnection();
/// Release an SSL session handle
void releaseConnection(SSL*& connection);
/// Get the validated names for the connection peer.
static bool peerIdentity( SSL* connection ///< SSL context from connection to be described
,UtlSList* altNames /**< UtlStrings for verfied subjectAltNames
* are added to this - caller must free them.
*/
,UtlString* commonName ///< the Subject name is returned here
);
/**<
* Usually, the names in the altNames will be easier to parse and use than commonName
* Either or both of altNames or commonName may be NULL, in which case no names are returned;
* the return value still indicates the trust relationship with the peer certificate.
* @returns
* - true if the connection peer is validated by a trusted authority
* - false if not, in which case no names are returned.
*/
/// Log SSL connection information
static void logConnectParams(const OsSysLogFacility facility, ///< callers facility
const OsSysLogPriority priority, ///< log priority
const char* callerMsg, ///< Identifies circumstances of connection
SSL* connection ///< SSL connection to be described
);
/// Log an error resulting from an SSL call, with the SSL error text expanded
static void logError(const OsSysLogFacility facility, ///< callers facility
const OsSysLogPriority priority, ///< how bad was it?
const char* callerMsg, ///< Identifies caller and what failed
int errCode ///< error returned from ssl routine
);
/// Debug: print out list of ciphers enabled
void dumpCipherList();
/* ============================ INQUIRY =================================== */
/* //////////////////////////// PROTECTED ///////////////////////////////// */
protected:
/* //////////////////////////// PRIVATE /////////////////////////////////// */
private:
static bool sInitialized;
SSL_CTX* mCTX;
/// Certificate chain validation hook called by openssl
static int verifyCallback(int valid, ///< validity so far from openssl
X509_STORE_CTX* store ///< certificate information db
);
/**<
* @returns validity as determined by local policy
* @note See 'man SSL_CTX_set_verify'
*/
/// Disable copy constructor
OsSSL(const OsSSL& rOsSSL);
/// Disable assignment operator
OsSSL& operator=(const OsSSL& rhs);
};
/// A singleton wrapper for OsSSL
class OsSharedSSL
{
public:
static OsSSL* get();
private:
static OsBSem* spSslLock;
static OsSSL* spSharedSSL;
/// singleton constructor
OsSharedSSL();
~OsSharedSSL();
/// Disable copy constructor
OsSharedSSL(const OsSharedSSL& r);
/// Disable assignment operator
OsSharedSSL& operator=(const OsSharedSSL& rhs);
};
/* ============================ INLINE METHODS ============================ */
#endif // _OsSSL_h_
|