src/corosio/src/tls/context.cpp

Line	Hits	Source Code
1		//
2		// Copyright (c) 2025 Vinnie Falco (vinnie.falco@gmail.com)
3		// Copyright (c) 2026 Steve Gerbino
4		//
5		// Distributed under the Boost Software License, Version 1.0. (See accompanying
6		// file LICENSE_1_0.txt or copy at http://www.boost.org/LICENSE_1_0.txt)
7		//
8		// Official repository: https://github.com/cppalliance/corosio
9		//
10
11		#include <boost/corosio/tls_context.hpp>
12		#include "detail/context_impl.hpp"
13
14		#include <cerrno>
15		#include <fstream>
16		#include <sstream>
17
18		namespace boost::corosio {
19
20	✗	tls_context::tls_context() : impl_(std::make_shared<impl>()) {}
21
22		//
23		// Credential Loading
24		//
25
26		std::error_code
27	✗	tls_context::use_certificate(
28		std::string_view certificate, tls_file_format format)
29		{
30	✗	impl_->entity_certificate = std::string(certificate);
31	✗	impl_->entity_cert_format = format;
32	✗	return {};
33		}
34
35		std::error_code
36	✗	tls_context::use_certificate_file(
37		std::string_view filename, tls_file_format format)
38		{
39	✗	std::ifstream file(std::string(filename), std::ios::binary);
40	✗	if (!file)
41	✗	return std::error_code(ENOENT, std::generic_category());
42
43	✗	std::ostringstream ss;
44	✗	ss << file.rdbuf();
45	✗	impl_->entity_certificate = ss.str();
46	✗	impl_->entity_cert_format = format;
47	✗	return {};
48	✗	}
49
50		std::error_code
51	✗	tls_context::use_certificate_chain(std::string_view chain)
52		{
53	✗	impl_->certificate_chain = std::string(chain);
54	✗	return {};
55		}
56
57		std::error_code
58	✗	tls_context::use_certificate_chain_file(std::string_view filename)
59		{
60	✗	std::ifstream file(std::string(filename), std::ios::binary);
61	✗	if (!file)
62	✗	return std::error_code(ENOENT, std::generic_category());
63
64	✗	std::ostringstream ss;
65	✗	ss << file.rdbuf();
66	✗	impl_->certificate_chain = ss.str();
67	✗	return {};
68	✗	}
69
70		std::error_code
71	✗	tls_context::use_private_key(
72		std::string_view private_key, tls_file_format format)
73		{
74	✗	impl_->private_key = std::string(private_key);
75	✗	impl_->private_key_format = format;
76	✗	return {};
77		}
78
79		std::error_code
80	✗	tls_context::use_private_key_file(
81		std::string_view filename, tls_file_format format)
82		{
83	✗	std::ifstream file(std::string(filename), std::ios::binary);
84	✗	if (!file)
85	✗	return std::error_code(ENOENT, std::generic_category());
86
87	✗	std::ostringstream ss;
88	✗	ss << file.rdbuf();
89	✗	impl_->private_key = ss.str();
90	✗	impl_->private_key_format = format;
91	✗	return {};
92	✗	}
93
94		std::error_code
95	✗	tls_context::use_pkcs12(
96		std::string_view /data/, std::string_view /passphrase/)
97		{
98		// TODO: Implement PKCS#12 parsing
99	✗	return std::make_error_code(std::errc::function_not_supported);
100		}
101
102		std::error_code
103	✗	tls_context::use_pkcs12_file(
104		std::string_view /filename/, std::string_view /passphrase/)
105		{
106		// TODO: Implement PKCS#12 file loading
107	✗	return std::make_error_code(std::errc::function_not_supported);
108		}
109
110		//
111		// Trust Anchors
112		//
113
114		std::error_code
115	✗	tls_context::add_certificate_authority(std::string_view ca)
116		{
117	✗	impl_->ca_certificates.emplace_back(ca);
118	✗	return {};
119		}
120
121		std::error_code
122	✗	tls_context::load_verify_file(std::string_view filename)
123		{
124	✗	std::ifstream file(std::string(filename), std::ios::binary);
125	✗	if (!file)
126	✗	return std::error_code(ENOENT, std::generic_category());
127
128	✗	std::ostringstream ss;
129	✗	ss << file.rdbuf();
130	✗	impl_->ca_certificates.push_back(ss.str());
131	✗	return {};
132	✗	}
133
134		std::error_code
135	✗	tls_context::add_verify_path(std::string_view path)
136		{
137	✗	impl_->verify_paths.emplace_back(path);
138	✗	return {};
139		}
140
141		std::error_code
142	✗	tls_context::set_default_verify_paths()
143		{
144	✗	impl_->use_default_verify_paths = true;
145	✗	return {};
146		}
147
148		//
149		// Protocol Configuration
150		//
151
152		std::error_code
153	✗	tls_context::set_min_protocol_version(tls_version v)
154		{
155	✗	impl_->min_version = v;
156	✗	return {};
157		}
158
159		std::error_code
160	✗	tls_context::set_max_protocol_version(tls_version v)
161		{
162	✗	impl_->max_version = v;
163	✗	return {};
164		}
165
166		std::error_code
167	✗	tls_context::set_ciphersuites(std::string_view ciphers)
168		{
169	✗	impl_->ciphersuites = std::string(ciphers);
170	✗	return {};
171		}
172
173		std::error_code
174	✗	tls_context::set_alpn(std::initializer_list<std::string_view> protocols)
175		{
176	✗	impl_->alpn_protocols.clear();
177	✗	for (auto const& p : protocols)
178	✗	impl_->alpn_protocols.emplace_back(p);
179	✗	return {};
180		}
181
182		//
183		// Certificate Verification
184		//
185
186		std::error_code
187	✗	tls_context::set_verify_mode(tls_verify_mode mode)
188		{
189	✗	impl_->verification_mode = mode;
190	✗	return {};
191		}
192
193		std::error_code
194	✗	tls_context::set_verify_depth(int depth)
195		{
196	✗	impl_->verify_depth = depth;
197	✗	return {};
198		}
199
200		void
201	✗	tls_context::set_hostname(std::string_view hostname)
202		{
203	✗	impl_->hostname = std::string(hostname);
204	✗	}
205
206		void
207	✗	tls_context::set_servername_callback_impl(
208		std::function<bool(std::string_view)> callback)
209		{
210	✗	impl_->servername_callback = std::move(callback);
211	✗	}
212
213		void
214	✗	tls_context::set_password_callback_impl(
215		std::function<std::string(std::size_t, tls_password_purpose)> callback)
216		{
217	✗	impl_->password_callback = std::move(callback);
218	✗	}
219
220		//
221		// Revocation Checking
222		//
223
224		std::error_code
225	✗	tls_context::add_crl(std::string_view crl)
226		{
227	✗	impl_->crls.emplace_back(crl);
228	✗	return {};
229		}
230
231		std::error_code
232	✗	tls_context::add_crl_file(std::string_view filename)
233		{
234	✗	std::ifstream file(std::string(filename), std::ios::binary);
235	✗	if (!file)
236	✗	return std::error_code(ENOENT, std::generic_category());
237
238	✗	std::ostringstream ss;
239	✗	ss << file.rdbuf();
240	✗	impl_->crls.push_back(ss.str());
241	✗	return {};
242	✗	}
243
244		std::error_code
245	✗	tls_context::set_ocsp_staple(std::string_view response)
246		{
247	✗	impl_->ocsp_staple = std::string(response);
248	✗	return {};
249		}
250
251		void
252	✗	tls_context::set_require_ocsp_staple(bool require)
253		{
254	✗	impl_->require_ocsp_staple = require;
255	✗	}
256
257		void
258	✗	tls_context::set_revocation_policy(tls_revocation_policy policy)
259		{
260	✗	impl_->revocation = policy;
261	✗	}
262
263		} // namespace boost::corosio
264

1

//

2

3

4

//

5

// Distributed under the Boost Software License, Version 1.0. (See accompanying

6

// file LICENSE_1_0.txt or copy at http://www.boost.org/LICENSE_1_0.txt)

7

//

8

// Official repository: https://github.com/cppalliance/corosio

9

//

10

11

#include <boost/corosio/tls_context.hpp>

12

#include "detail/context_impl.hpp"

13

14

#include <cerrno>

15

#include <fstream>

16

#include <sstream>

17

18

namespace boost::corosio {

19

20

✗

tls_context::tls_context() : impl_(std::make_shared<impl>()) {}

21

22

//

23

// Credential Loading

24

//

25

26

std::error_code

27

✗

tls_context::use_certificate(

28

std::string_view certificate, tls_file_format format)

29

{

30

✗

impl_->entity_certificate = std::string(certificate);

31

✗

impl_->entity_cert_format = format;

32

✗

return {};

33

}

34

35

std::error_code

36

✗

tls_context::use_certificate_file(

37

std::string_view filename, tls_file_format format)

38

{

39

✗

std::ifstream file(std::string(filename), std::ios::binary);

40

✗

if (!file)

41

✗

return std::error_code(ENOENT, std::generic_category());

42

43

✗

std::ostringstream ss;

44

✗

ss << file.rdbuf();

45

✗

impl_->entity_certificate = ss.str();

46

✗

impl_->entity_cert_format = format;

47

✗

return {};

48

✗

}

49

50

std::error_code

51

✗

tls_context::use_certificate_chain(std::string_view chain)

52

{

53

✗

impl_->certificate_chain = std::string(chain);

54

✗

return {};

55

}

56

57

std::error_code

58

✗

tls_context::use_certificate_chain_file(std::string_view filename)

59

{

60

✗

std::ifstream file(std::string(filename), std::ios::binary);

61

✗

if (!file)

62

✗

return std::error_code(ENOENT, std::generic_category());

63

64

✗

std::ostringstream ss;

65

✗

ss << file.rdbuf();

66

✗

impl_->certificate_chain = ss.str();

67

✗

return {};

68

✗

}

69

70

std::error_code

71

✗

tls_context::use_private_key(

72

std::string_view private_key, tls_file_format format)

73

{

74

✗

impl_->private_key = std::string(private_key);

75

✗

impl_->private_key_format = format;

76

✗

return {};

77

}

78

79

std::error_code

80

✗

tls_context::use_private_key_file(

81

std::string_view filename, tls_file_format format)

82

{

83

✗

std::ifstream file(std::string(filename), std::ios::binary);

84

✗

if (!file)

85

✗

return std::error_code(ENOENT, std::generic_category());

86

87

✗

std::ostringstream ss;

88

✗

ss << file.rdbuf();

89

✗

impl_->private_key = ss.str();

90

✗

impl_->private_key_format = format;

91

✗

return {};

92

✗

}

93

94

std::error_code

95

✗

tls_context::use_pkcs12(

96

std::string_view /*data*/, std::string_view /*passphrase*/)

97

{

98

// TODO: Implement PKCS#12 parsing

99

✗

return std::make_error_code(std::errc::function_not_supported);

100

}

101

102

std::error_code

103

✗

tls_context::use_pkcs12_file(

104

std::string_view /*filename*/, std::string_view /*passphrase*/)

105

{

106

// TODO: Implement PKCS#12 file loading

107

✗

return std::make_error_code(std::errc::function_not_supported);

108

}

109

110

//

111

// Trust Anchors

112

//

113

114

std::error_code

115

✗

tls_context::add_certificate_authority(std::string_view ca)

116

{

117

✗

impl_->ca_certificates.emplace_back(ca);

118

✗

return {};

119

}

120

121

std::error_code

122

✗

tls_context::load_verify_file(std::string_view filename)

123

{

124

✗

std::ifstream file(std::string(filename), std::ios::binary);

125

✗

if (!file)

126

✗

return std::error_code(ENOENT, std::generic_category());

127

128

✗

std::ostringstream ss;

129

✗

ss << file.rdbuf();

130

✗

impl_->ca_certificates.push_back(ss.str());

131

✗

return {};

132

✗

}

133

134

std::error_code

135

✗

tls_context::add_verify_path(std::string_view path)

136

{

137

✗

impl_->verify_paths.emplace_back(path);

138

✗

return {};

139

}

140

141

std::error_code

142

✗

tls_context::set_default_verify_paths()

143

{

144

✗

impl_->use_default_verify_paths = true;

145

✗

return {};

146

}

147

148

//

149

// Protocol Configuration

150

//

151

152

std::error_code

153

✗

tls_context::set_min_protocol_version(tls_version v)

154

{

155

✗

impl_->min_version = v;

156

✗

return {};

157

}

158

159

std::error_code

160

✗

tls_context::set_max_protocol_version(tls_version v)

161

{

162

✗

impl_->max_version = v;

163

✗

return {};

164

}

165

166

std::error_code

167

✗

tls_context::set_ciphersuites(std::string_view ciphers)

168

{

169

✗

impl_->ciphersuites = std::string(ciphers);

170

✗

return {};

171

}

172

173

std::error_code

174

✗

tls_context::set_alpn(std::initializer_list<std::string_view> protocols)

175

{

176

✗

impl_->alpn_protocols.clear();

177

✗

for (auto const& p : protocols)

178

✗

impl_->alpn_protocols.emplace_back(p);

179

✗

return {};

180

}

181

182

//

183

// Certificate Verification

184

//

185

186

std::error_code

187

✗

tls_context::set_verify_mode(tls_verify_mode mode)

188

{

189

✗

impl_->verification_mode = mode;

190

✗

return {};

191

}

192

193

std::error_code

194

✗

tls_context::set_verify_depth(int depth)

195

{

196

✗

impl_->verify_depth = depth;

197

✗

return {};

198

}

199

200

void

201

✗

tls_context::set_hostname(std::string_view hostname)

202

{

203

✗

impl_->hostname = std::string(hostname);

204

✗

}

205

206

void

207

✗

tls_context::set_servername_callback_impl(

208

std::function<bool(std::string_view)> callback)

209

{

210

✗

impl_->servername_callback = std::move(callback);

211

✗

}

212

213

void

214

✗

tls_context::set_password_callback_impl(

215

std::function<std::string(std::size_t, tls_password_purpose)> callback)

216

{

217

✗

impl_->password_callback = std::move(callback);

218

✗

}

219

220

//

221

// Revocation Checking

222

//

223

224

std::error_code

225

✗

tls_context::add_crl(std::string_view crl)

226

{

227

✗

impl_->crls.emplace_back(crl);

228

✗

return {};

229

}

230

231

std::error_code

232

✗

tls_context::add_crl_file(std::string_view filename)

233

{

234

✗

std::ifstream file(std::string(filename), std::ios::binary);

235

✗

if (!file)

236

✗

return std::error_code(ENOENT, std::generic_category());

237

238

✗

std::ostringstream ss;

239

✗

ss << file.rdbuf();

240

✗

impl_->crls.push_back(ss.str());

241

✗

return {};

242

✗

}

243

244

std::error_code

245

✗

tls_context::set_ocsp_staple(std::string_view response)

246

{

247

✗

impl_->ocsp_staple = std::string(response);

248

✗

return {};

249

}

250

251

void

252

✗

tls_context::set_require_ocsp_staple(bool require)

253

{

254

✗

impl_->require_ocsp_staple = require;

255

✗

}

256

257

void

258

✗

tls_context::set_revocation_policy(tls_revocation_policy policy)

259

{

260

✗

impl_->revocation = policy;

261

✗

}

262

263

} // namespace boost::corosio

264