http: add ssl verify callback

savoirfairelinux · Sep 22, 2019 · afe9081 · afe9081
1 parent c564810
commit afe9081
Show file tree

Hide file tree

Showing 2 changed files with 30 additions and 19 deletions.
diff --git a/include/opendht/http.h b/include/opendht/http.h
@@ -59,6 +59,7 @@ using HandlerCb = std::function<void(const asio::error_code& ec)>;
 using BytesHandlerCb = std::function<void(const asio::error_code& ec, const size_t bytes)>;
 using ConnectHandlerCb = std::function<void(const asio::error_code& ec,
                                             const asio::ip::tcp::endpoint& endpoint)>;
+using SSLVerifyCb = std::function<bool(bool preverified, asio::ssl::verify_context& ctx)>;
 
 using ssl_socket_t = restinio::impl::tls_socket_t;
 using socket_t = asio::ip::tcp::socket;
@@ -87,11 +88,10 @@ class OPENDHT_PUBLIC Connection
 
     unsigned int id();
     bool is_open();
-    bool is_v6();
     bool is_ssl();
 
-    void set_endpoint(const asio::ip::tcp::endpoint& endpoint,
-                      const asio::ssl::verify_mode verify_mode = asio::ssl::verify_none);
+    void set_ssl_verification(const asio::ip::tcp::endpoint& endpoint, const asio::ssl::verify_mode verify_mode);
+    void set_ssl_verification(SSLVerifyCb verify_cb, const asio::ssl::verify_mode verify_mode);
 
     asio::streambuf& input();
     asio::streambuf& data();
@@ -118,8 +118,6 @@ class OPENDHT_PUBLIC Connection
     std::unique_ptr<ssl_socket_t> ssl_socket_;
     std::unique_ptr<asio::const_buffer> certificate_;
 
-    asio::ip::tcp::endpoint endpoint_;
-
     asio::streambuf write_buf_;
     asio::streambuf read_buf_;
 
@@ -241,6 +239,7 @@ class OPENDHT_PUBLIC Request
 
     void add_on_status_callback(OnStatusCb cb);
     void add_on_body_callback(OnDataCb cb);
+    void add_on_ssl_verify_callback(SSLVerifyCb cb);
     void add_on_state_change_callback(OnStateChangeCb cb);
 
     void send();
@@ -263,6 +262,7 @@ class OPENDHT_PUBLIC Request
         OnCompleteCb on_headers_complete;
         OnCompleteCb on_message_complete;
 
+        SSLVerifyCb ssl_verify;
         OnStateChangeCb on_state_change;
     };
 

diff --git a/src/http.cpp b/src/http.cpp
@@ -151,24 +151,17 @@ Connection::is_open()
         return socket_->is_open();
 }
 
-bool
-Connection::is_v6()
-{
-    return endpoint_.address().is_v6();
-}
-
 bool
 Connection::is_ssl()
 {
     return ssl_ctx_ ? true : false;
 }
 
 void
-Connection::set_endpoint(const asio::ip::tcp::endpoint& endpoint, const asio::ssl::verify_mode verify_mode)
+Connection::set_ssl_verification(const asio::ip::tcp::endpoint& endpoint, const asio::ssl::verify_mode verify_mode)
 {
-    endpoint_ = endpoint;
     if (ssl_ctx_ and verify_mode != asio::ssl::verify_none){
-        auto hostname = endpoint_.address().to_string();
+        auto hostname = endpoint.address().to_string();
         ssl_socket_->asio_ssl_stream().set_verify_mode(verify_mode);
         ssl_socket_->asio_ssl_stream().set_verify_callback(
             [this, hostname](bool preverified, asio::ssl::verify_context& ctx) -> bool {
@@ -186,6 +179,17 @@ Connection::set_endpoint(const asio::ip::tcp::endpoint& endpoint, const asio::ss
     }
 }
 
+void
+Connection::set_ssl_verification(SSLVerifyCb verify_cb, const asio::ssl::verify_mode verify_mode)
+{
+    if (ssl_ctx_ and verify_mode != asio::ssl::verify_none){
+        ssl_socket_->asio_ssl_stream().set_verify_mode(verify_mode);
+        ssl_socket_->asio_ssl_stream().set_verify_callback(verify_cb);
+        if (logger_)
+            logger_->d("[http:client]  [connection:%i] ssl verify callback set", id_);
+    }
+}
+
 asio::streambuf&
 Connection::input()
 {
@@ -578,6 +582,13 @@ Request::add_on_body_callback(OnDataCb cb)
     cbs_->on_body = std::move(cb);
 }
 
+void
+Request::add_on_ssl_verify_callback(SSLVerifyCb cb)
+{
+    std::lock_guard<std::mutex> lock(cbs_mutex_);
+    cbs_->ssl_verify = std::move(cb);
+}
+
 void
 Request::add_on_state_change_callback(OnStateChangeCb cb)
 {
@@ -720,9 +731,11 @@ Request::connect(std::vector<asio::ip::tcp::endpoint>&& endpoints, HandlerCb cb)
                 logger_->d("[http:client]  [request:%i] connect success", id_);
 
             if (get_url().protocol == "https"){
-                if (certificate_)
-                    conn_->set_endpoint(endpoint, asio::ssl::verify_peer
-                                                  | asio::ssl::verify_fail_if_no_peer_cert);
+                auto verify_mode = asio::ssl::verify_peer | asio::ssl::verify_fail_if_no_peer_cert;
+                if (cbs_->ssl_verify)
+                    conn_->set_ssl_verification(cbs_->ssl_verify, verify_mode);
+                else if (certificate_)
+                    conn_->set_ssl_verification(endpoint, verify_mode);
 
                 if (conn_ and conn_->is_open() and conn_->is_ssl()){
                     conn_->async_handshake([this, cb](const asio::error_code& ec){
@@ -740,8 +753,6 @@ Request::connect(std::vector<asio::ip::tcp::endpoint>&& endpoints, HandlerCb cb)
                     cb(asio::error::operation_aborted);
                 return;
             }
-            else
-                conn_->set_endpoint(endpoint, asio::ssl::verify_none);
         }
         if (cb)
             cb(ec);