![]() |
XRootD
|
#include <XrdTlsContext.hh>
Classes | |
struct | CTX_Params |
Public Member Functions | |
XrdTlsContext (const char *cert=0, const char *key=0, const char *cadir=0, const char *cafile=0, uint64_t opts=0, std::string *eMsg=0) | |
XrdTlsContext (const XrdTlsContext &ctx)=delete | |
Disallow any copies of this object. | |
XrdTlsContext (XrdTlsContext &&ctx)=delete | |
~XrdTlsContext () | |
Destructor. | |
XrdTlsContext * | Clone (bool full=true, bool startCRLRefresh=false) |
void * | Context () |
const CTX_Params * | GetParams () |
bool | isOK () |
bool | newHostCertificateDetected () |
XrdTlsContext & | operator= (const XrdTlsContext &ctx)=delete |
XrdTlsContext & | operator= (XrdTlsContext &&ctx)=delete |
void * | Session () |
int | SessionCache (int opts=scNone, const char *id=0, int idlen=0) |
bool | SetContextCiphers (const char *ciphers) |
bool | SetCrlRefresh (int refsec=-1) |
bool | x509Verify () |
Static Public Member Functions | |
static const char * | Init () |
static void | SetDefaultCiphers (const char *ciphers) |
Static Public Attributes | |
static const uint64_t | artON = 0x0000002000000000 |
Auto retry Handshake. | |
static const uint64_t | crlFC = 0x000000C000000000 |
Full crl chain checking. | |
static const uint64_t | crlON = 0x0000008000000000 |
Enables crl checking. | |
static const uint64_t | crlRF = 0x00000000ffff0000 |
Mask to isolate crl refresh in min. | |
static const int | crlRS = 16 |
Bits to shift vdept. | |
static const int | DEFAULT_CRL_REF_INT_SEC = 8 * 60 * 60 |
Default CRL refresh interval in seconds. | |
static const uint64_t | dnsok = 0x0000000200000000 |
Trust DNS for host name. | |
static const uint64_t | hsto = 0x00000000000000ff |
Mask to isolate the hsto. | |
static const uint64_t | logVF = 0x0000000800000000 |
Log verify failures. | |
static const uint64_t | nopxy = 0x0000000100000000 |
Do not allow proxy certs. | |
static const uint64_t | rfCRL = 0x0000004000000000 |
Turn on the CRL refresh thread. | |
static const int | scClnt = 0x00040000 |
Turn on cache client mode. | |
static const int | scFMax = 0x00007fff |
static const int | scIdErr = 0x80000000 |
Info: Id not set, is too long. | |
static const int | scKeep = 0x40000000 |
Info: TLS-controlled flush disabled. | |
static const int | scNone = 0x00000000 |
Do not change any option settings. | |
static const int | scOff = 0x00010000 |
Turn off cache. | |
static const int | scSrvr = 0x00020000 |
Turn on cache server mode (default) | |
static const uint64_t | servr = 0x0000000400000000 |
This is a server context. | |
static const int | vdepS = 8 |
Bits to shift vdept. | |
static const uint64_t | vdept = 0x000000000000ff00 |
Mask to isolate vdept. | |
Definition at line 36 of file XrdTlsContext.hh.
XrdTlsContext::XrdTlsContext | ( | const char * | cert = 0, |
const char * | key = 0, | ||
const char * | cadir = 0, | ||
const char * | cafile = 0, | ||
uint64_t | opts = 0, | ||
std::string * | eMsg = 0 ) |
Definition at line 580 of file XrdTlsContext.cc.
References artON, crlFC, crlON, crlRF, crlRS, XrdTls::dbgALL, XrdTls::dbgCTX, XrdTls::dbgOUT, XrdTls::dbgSIO, XrdTls::dbgSOK, eMsg, emsg(), FATAL, FATAL_SSL, XrdOucUtils::getModificationTime(), Init(), logVF, nopxy, opts, rfCRL, servr, SetCrlRefresh(), XrdTls::SetDebug(), Stat, stat, vdepS, and vdept.
Referenced by XrdTlsContext(), XrdTlsContext(), Clone(), operator=(), operator=(), and Session().
XrdTlsContext::~XrdTlsContext | ( | ) |
Destructor.
Definition at line 786 of file XrdTlsContext.cc.
|
delete |
Disallow any copies of this object.
References XrdTlsContext().
|
delete |
XrdTlsContext * XrdTlsContext::Clone | ( | bool | full = true, |
bool | startCRLRefresh = false ) |
Clone a new context from this context.
full | When true the complete context is cloned. When false, a context with no peer verification is cloned. |
Definition at line 802 of file XrdTlsContext.cc.
References XrdTlsContext(), XrdTlsContext::CTX_Params::cadir, XrdTlsContext::CTX_Params::cafile, XrdTlsContext::CTX_Params::cert, isOK(), XrdTlsContext::CTX_Params::opts, XrdTlsContext::CTX_Params::pkey, rfCRL, and SessionCache().
Referenced by XrdTlsCrl::Refresh().
void * XrdTlsContext::Context | ( | ) |
Get the underlying context (should not be used).
Definition at line 844 of file XrdTlsContext.cc.
const XrdTlsContext::CTX_Params * XrdTlsContext::GetParams | ( | ) |
Definition at line 853 of file XrdTlsContext.cc.
Referenced by XrdTlsSocket::Init().
|
static |
Simply initialize the TLS library.
Definition at line 862 of file XrdTlsContext.cc.
Referenced by XrdCryptosslFactory::XrdCryptosslFactory(), XrdTlsContext(), and XrdCryptoLite_New_bf32().
bool XrdTlsContext::isOK | ( | ) |
Determine if this object was correctly built.
Definition at line 881 of file XrdTlsContext.cc.
Referenced by Clone(), and XrdTlsCrl::Refresh().
bool XrdTlsContext::newHostCertificateDetected | ( | ) |
Definition at line 1127 of file XrdTlsContext.cc.
References XrdOucUtils::getModificationTime().
Referenced by XrdTlsCrl::Refresh().
|
delete |
|
delete |
void * XrdTlsContext::Session | ( | ) |
Apply this context to obtain a new SSL session.
Definition at line 896 of file XrdTlsContext.cc.
References XrdTlsContext(), XrdTlsContextImpl::ctx, DBG_CTX, and EPNAME.
Referenced by XrdTlsSocket::Init().
int XrdTlsContext::SessionCache | ( | int | opts = scNone, |
const char * | id = 0, | ||
int | idlen = 0 ) |
Definition at line 982 of file XrdTlsContext.cc.
References opts, scClnt, scFMax, scIdErr, scKeep, scNone, scOff, scSrvr, and XrdTlsFlush::Setup_Flusher().
Referenced by Clone().
bool XrdTlsContext::SetContextCiphers | ( | const char * | ciphers | ) |
Set allowed ciphers for this context.
ciphers | The colon separated list of allowable ciphers. |
Definition at line 1043 of file XrdTlsContext.cc.
References Fatal().
bool XrdTlsContext::SetCrlRefresh | ( | int | refsec = -1 | ) |
Set CRL refresh time. By default, CRL's are not refreshed.
refsec | >0: The number of seconds between refreshes. A value less than 60 sets it to 60. =0: Stops automatic refreshing. <0: Starts automatic refreshing with the current setting if it has not already been started. |
Definition at line 1066 of file XrdTlsContext.cc.
References DEFAULT_CRL_REF_INT_SEC, XrdTls::Emsg(), XrdTlsCrl::Refresh(), and XrdSysThread::Run().
Referenced by XrdTlsContext().
|
static |
Set allowed default ciphers.
ciphers | The colon separated list of allowable ciphers. |
Definition at line 1057 of file XrdTlsContext.cc.
bool XrdTlsContext::x509Verify | ( | ) |
Check if certificates are being verified.
Definition at line 1122 of file XrdTlsContext.cc.
Referenced by XrdTlsSocket::Init(), and XrdTlsCrl::Refresh().
|
static |
Auto retry Handshake.
Definition at line 241 of file XrdTlsContext.hh.
Referenced by XrdTlsContext().
|
static |
Full crl chain checking.
Definition at line 238 of file XrdTlsContext.hh.
Referenced by XrdTlsContext().
|
static |
Enables crl checking.
Definition at line 237 of file XrdTlsContext.hh.
Referenced by XrdTlsContext().
|
static |
Mask to isolate crl refresh in min.
Definition at line 239 of file XrdTlsContext.hh.
Referenced by XrdTlsContext().
|
static |
Bits to shift vdept.
Definition at line 240 of file XrdTlsContext.hh.
Referenced by XrdTlsContext().
|
static |
Default CRL refresh interval in seconds.
Definition at line 66 of file XrdTlsContext.hh.
Referenced by XrdTlsContext::CTX_Params::CTX_Params(), and SetCrlRefresh().
|
static |
Trust DNS for host name.
Definition at line 234 of file XrdTlsContext.hh.
Referenced by XrdTlsSocket::Init().
|
static |
Mask to isolate the hsto.
Constructor. Note that you should use isOK() to determine if construction was successful. A false return indicates failure.
cert | Pointer to the certificate file to be used. If nil, a generic context is created for client use. |
key | Pointer to the private key flle to be used. It must correspond to the certificate file. If nil, it is assumed that the key is contained in the cert file. |
cadir | path to the directory containing the CA certificates. |
cafile | path to the file containing the CA certificates. |
opts | Processing options (or'd bitwise): artON - Auto retry handshakes (i.e. block on handshake) crlON - Perform crl check on the leaf node crlFC - Apply crl check to full chain crlRF - Initial crl refresh interval in minutes. dnsok - trust DNS when verifying hostname. hsto - the handshake timeout value in seconds. logVF - Turn on verification failure logging. nopxy - Do not allow proxy cert (normally allowed) servr - This is a server-side context and x509 peer certificate validation may be turned off. vdept - The maximum depth of the certificate chain that must be validated (max is 255). |
eMsg | If non-zero, the reason for the failure is returned, |
Definition at line 229 of file XrdTlsContext.hh.
Referenced by XrdTlsSocket::Init().
|
static |
Log verify failures.
Definition at line 232 of file XrdTlsContext.hh.
Referenced by XrdConfig::XrdConfig(), and XrdTlsContext().
|
static |
Do not allow proxy certs.
Definition at line 235 of file XrdTlsContext.hh.
Referenced by XrdTlsContext().
|
static |
Turn on the CRL refresh thread.
Definition at line 236 of file XrdTlsContext.hh.
Referenced by XrdTlsContext(), and Clone().
|
static |
Turn on cache client mode.
Definition at line 135 of file XrdTlsContext.hh.
Referenced by SessionCache().
|
static |
Maximum flush interval in seconds When 0 keeps the current setting
Definition at line 138 of file XrdTlsContext.hh.
Referenced by SessionCache().
|
static |
Info: Id not set, is too long.
Definition at line 137 of file XrdTlsContext.hh.
Referenced by SessionCache().
|
static |
Info: TLS-controlled flush disabled.
Definition at line 136 of file XrdTlsContext.hh.
Referenced by SessionCache().
|
static |
Do not change any option settings.
Get or set session cache parameters for generated sessions.
opts | One or more bit or'd options (see below). |
id | The identifier to be used (may be nil to keep setting). |
idlen | The length of the identifier (may be zero as above). |
Definition at line 132 of file XrdTlsContext.hh.
Referenced by SessionCache().
|
static |
|
static |
Turn on cache server mode (default)
Definition at line 134 of file XrdTlsContext.hh.
Referenced by SessionCache().
|
static |
This is a server context.
Definition at line 233 of file XrdTlsContext.hh.
Referenced by XrdConfig::XrdConfig(), and XrdTlsContext().
|
static |
Bits to shift vdept.
Definition at line 231 of file XrdTlsContext.hh.
Referenced by XrdTlsContext().
|
static |
Mask to isolate vdept.
Definition at line 230 of file XrdTlsContext.hh.
Referenced by XrdTlsContext().