D7net
Home
Console
Upload
information
Create File
Create Folder
About
Tools
:
/
proc
/
self
/
root
/
opt
/
cloudlinux
/
alt-php81
/
root
/
usr
/
include
/
php
/
ext
/
swoole
/
include
/
Filename :
swoole_ssl.h
back
Copy
/* +----------------------------------------------------------------------+ | Swoole | +----------------------------------------------------------------------+ | This source file is subject to version 2.0 of the Apache license, | | that is bundled with this package in the file LICENSE, and is | | available through the world-wide-web at the following url: | | http://www.apache.org/licenses/LICENSE-2.0.html | | If you did not receive a copy of the Apache2.0 license and are unable| | to obtain it through the world-wide-web, please send a note to | | license@php.net so we can mail you a copy immediately. | +----------------------------------------------------------------------+ | Author: Tianfeng Han <rango@swoole.com> | +----------------------------------------------------------------------+ */ #pragma once #include "swoole.h" #ifdef SW_USE_OPENSSL #include <unordered_map> #include <string> #include <array> #include <openssl/ssl.h> #include <openssl/bio.h> #include <openssl/err.h> #include <openssl/conf.h> #include <openssl/ossl_typ.h> #include <openssl/crypto.h> #include <openssl/x509.h> #include <openssl/x509v3.h> #include <openssl/rand.h> #include <openssl/opensslv.h> #if OPENSSL_VERSION_NUMBER >= 0x10100000L #define SW_SUPPORT_DTLS #endif #if defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x3000000fL #undef SW_SUPPORT_DTLS #endif #ifdef OPENSSL_IS_BORINGSSL #define BIO_CTRL_DGRAM_SET_CONNECTED 32 #define BIO_CTRL_DGRAM_SET_PEER 44 #define BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT 45 #define BIO_dgram_get_peer(b,peer) \ (int)BIO_ctrl(b, BIO_CTRL_DGRAM_GET_PEER, 0, (char *)(peer)) #define OPENSSL_assert(x) assert(x) #endif enum swSSLCreateFlag { SW_SSL_SERVER = 1, SW_SSL_CLIENT = 2, }; enum swSSLState { SW_SSL_STATE_HANDSHAKE = 0, SW_SSL_STATE_READY = 1, SW_SSL_STATE_WAIT_STREAM = 2, }; enum swSSLVersion { SW_SSL_SSLv2 = 1u << 1, SW_SSL_SSLv3 = 1u << 2, SW_SSL_TLSv1 = 1u << 3, SW_SSL_TLSv1_1 = 1u << 4, SW_SSL_TLSv1_2 = 1u << 5, SW_SSL_TLSv1_3 = 1u << 6, SW_SSL_DTLS = 1u << 7, }; #define SW_SSL_ALL (SW_SSL_SSLv2 | SW_SSL_SSLv3 | SW_SSL_TLSv1 | SW_SSL_TLSv1_1 | SW_SSL_TLSv1_2 | SW_SSL_TLSv1_3) enum swSSLMethod { SW_SSLv23_METHOD = 0, SW_SSLv3_METHOD, SW_SSLv3_SERVER_METHOD, SW_SSLv3_CLIENT_METHOD, SW_SSLv23_SERVER_METHOD, SW_SSLv23_CLIENT_METHOD, SW_TLSv1_METHOD, SW_TLSv1_SERVER_METHOD, SW_TLSv1_CLIENT_METHOD, #ifdef TLS1_1_VERSION SW_TLSv1_1_METHOD, SW_TLSv1_1_SERVER_METHOD, SW_TLSv1_1_CLIENT_METHOD, #endif #ifdef TLS1_2_VERSION SW_TLSv1_2_METHOD, SW_TLSv1_2_SERVER_METHOD, SW_TLSv1_2_CLIENT_METHOD, #endif #ifdef SW_SUPPORT_DTLS SW_DTLS_CLIENT_METHOD, SW_DTLS_SERVER_METHOD, #endif }; namespace swoole { struct SSLContext { uchar http : 1; uchar http_v2 : 1; uchar prefer_server_ciphers : 1; uchar session_tickets : 1; uchar stapling : 1; uchar stapling_verify : 1; std::string ciphers; std::string ecdh_curve; std::string session_cache; std::string dhparam; std::string cert_file; std::string key_file; std::string passphrase; std::string client_cert_file; #ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME uchar disable_tls_host_name : 1; std::string tls_host_name; #endif #ifdef OPENSSL_IS_BORINGSSL uint8_t grease; #endif std::string cafile; std::string capath; uint8_t verify_depth; uchar disable_compress : 1; uchar verify_peer : 1; uchar allow_self_signed : 1; uint32_t protocols; uint8_t create_flag; SSL_CTX *context; SSL_CTX *get_context() { return context; } bool ready() { return context != nullptr; } void set_protocols(uint32_t _protocols) { protocols = _protocols; } bool set_cert_file(const std::string &_cert_file) { if (access(_cert_file.c_str(), R_OK) < 0) { swoole_warning("ssl cert file[%s] not found", _cert_file.c_str()); return false; } cert_file = _cert_file; return true; } bool set_key_file(const std::string &_key_file) { if (access(_key_file.c_str(), R_OK) < 0) { swoole_warning("ssl key file[%s] not found", _key_file.c_str()); return false; } key_file = _key_file; return true; } bool create(); bool set_capath(); bool set_ciphers(); bool set_client_certificate(); bool set_ecdh_curve(); bool set_dhparam(); ~SSLContext(); }; } void swoole_ssl_init(void); void swoole_ssl_init_thread_safety(); bool swoole_ssl_is_thread_safety(); void swoole_ssl_server_http_advise(swoole::SSLContext &); const char *swoole_ssl_get_error(); int swoole_ssl_get_ex_connection_index(); int swoole_ssl_get_ex_port_index(); std::string swoole_ssl_get_version_message(); #endif