2 * Copyright 2017 Facebook, Inc.
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
21 #include <folly/Bits.h>
22 #include <folly/Optional.h>
23 #include <folly/String.h>
24 #include <folly/io/Cursor.h>
25 #include <folly/io/IOBuf.h>
26 #include <folly/io/async/AsyncSocket.h>
27 #include <folly/io/async/AsyncTimeout.h>
28 #include <folly/io/async/SSLContext.h>
29 #include <folly/io/async/TimeoutManager.h>
30 #include <folly/io/async/ssl/OpenSSLUtils.h>
31 #include <folly/io/async/ssl/SSLErrors.h>
32 #include <folly/io/async/ssl/TLSDefinitions.h>
33 #include <folly/portability/OpenSSL.h>
34 #include <folly/portability/Sockets.h>
35 #include <folly/ssl/OpenSSLPtrTypes.h>
40 * A class for performing asynchronous I/O on an SSL connection.
42 * AsyncSSLSocket allows users to asynchronously wait for data on an
43 * SSL connection, and to asynchronously send data.
45 * The APIs for reading and writing are intentionally asymmetric.
46 * Waiting for data to read is a persistent API: a callback is
47 * installed, and is notified whenever new data is available. It
48 * continues to be notified of new events until it is uninstalled.
50 * AsyncSSLSocket does not provide read timeout functionality,
51 * because it typically cannot determine when the timeout should be
52 * active. Generally, a timeout should only be enabled when
53 * processing is blocked waiting on data from the remote endpoint.
54 * For server connections, the timeout should not be active if the
55 * server is currently processing one or more outstanding requests for
56 * this connection. For client connections, the timeout should not be
57 * active if there are no requests pending on the connection.
58 * Additionally, if a client has multiple pending requests, it will
59 * ususally want a separate timeout for each request, rather than a
60 * single read timeout.
62 * The write API is fairly intuitive: a user can request to send a
63 * block of data, and a callback will be informed once the entire
64 * block has been transferred to the kernel, or on error.
65 * AsyncSSLSocket does provide a send timeout, since most callers
66 * want to give up if the remote end stops responding and no further
67 * progress can be made sending the data.
69 class AsyncSSLSocket : public virtual AsyncSocket {
71 typedef std::unique_ptr<AsyncSSLSocket, Destructor> UniquePtr;
72 using X509_deleter = folly::static_function_deleter<X509, &X509_free>;
76 virtual ~HandshakeCB() = default;
79 * handshakeVer() is invoked during handshaking to give the
80 * application chance to validate it's peer's certificate.
82 * Note that OpenSSL performs only rudimentary internal
83 * consistency verification checks by itself. Any other validation
84 * like whether or not the certificate was issued by a trusted CA.
85 * The default implementation of this callback mimics what what
86 * OpenSSL does internally if SSL_VERIFY_PEER is set with no
87 * verification callback.
89 * See the passages on verify_callback in SSL_CTX_set_verify(3)
92 virtual bool handshakeVer(AsyncSSLSocket* /*sock*/,
94 X509_STORE_CTX* /*ctx*/) noexcept {
99 * handshakeSuc() is called when a new SSL connection is
100 * established, i.e., after SSL_accept/connect() returns successfully.
102 * The HandshakeCB will be uninstalled before handshakeSuc()
105 * @param sock SSL socket on which the handshake was initiated
107 virtual void handshakeSuc(AsyncSSLSocket *sock) noexcept = 0;
110 * handshakeErr() is called if an error occurs while
111 * establishing the SSL connection.
113 * The HandshakeCB will be uninstalled before handshakeErr()
116 * @param sock SSL socket on which the handshake was initiated
117 * @param ex An exception representing the error.
119 virtual void handshakeErr(
120 AsyncSSLSocket *sock,
121 const AsyncSocketException& ex)
125 class Timeout : public AsyncTimeout {
127 Timeout(AsyncSSLSocket* sslSocket, EventBase* eventBase)
128 : AsyncTimeout(eventBase), sslSocket_(sslSocket) {}
130 bool scheduleTimeout(TimeoutManager::timeout_type timeout) {
132 return AsyncTimeout::scheduleTimeout(timeout);
135 bool scheduleTimeout(uint32_t timeoutMs) {
136 return scheduleTimeout(std::chrono::milliseconds{timeoutMs});
139 TimeoutManager::timeout_type getTimeout() {
143 void timeoutExpired() noexcept override {
144 sslSocket_->timeoutExpired(timeout_);
148 AsyncSSLSocket* sslSocket_;
149 TimeoutManager::timeout_type timeout_;
153 * Create a client AsyncSSLSocket
155 AsyncSSLSocket(const std::shared_ptr<folly::SSLContext> &ctx,
156 EventBase* evb, bool deferSecurityNegotiation = false);
159 * Create a server/client AsyncSSLSocket from an already connected
160 * socket file descriptor.
162 * Note that while AsyncSSLSocket enables TCP_NODELAY for sockets it creates
163 * when connecting, it does not change the socket options when given an
164 * existing file descriptor. If callers want TCP_NODELAY enabled when using
165 * this version of the constructor, they need to explicitly call
166 * setNoDelay(true) after the constructor returns.
168 * @param ctx SSL context for this connection.
169 * @param evb EventBase that will manage this socket.
170 * @param fd File descriptor to take over (should be a connected socket).
171 * @param server Is socket in server mode?
172 * @param deferSecurityNegotiation
173 * unencrypted data can be sent before sslConn/Accept
176 const std::shared_ptr<folly::SSLContext>& ctx,
180 bool deferSecurityNegotiation = false);
183 * Create a server/client AsyncSSLSocket from an already connected
187 const std::shared_ptr<folly::SSLContext>& ctx,
188 AsyncSocket::UniquePtr oldAsyncSocket,
190 bool deferSecurityNegotiation = false);
193 * Helper function to create a server/client shared_ptr<AsyncSSLSocket>.
195 static std::shared_ptr<AsyncSSLSocket> newSocket(
196 const std::shared_ptr<folly::SSLContext>& ctx,
197 EventBase* evb, int fd, bool server=true,
198 bool deferSecurityNegotiation = false) {
199 return std::shared_ptr<AsyncSSLSocket>(
200 new AsyncSSLSocket(ctx, evb, fd, server, deferSecurityNegotiation),
205 * Helper function to create a client shared_ptr<AsyncSSLSocket>.
207 static std::shared_ptr<AsyncSSLSocket> newSocket(
208 const std::shared_ptr<folly::SSLContext>& ctx,
209 EventBase* evb, bool deferSecurityNegotiation = false) {
210 return std::shared_ptr<AsyncSSLSocket>(
211 new AsyncSSLSocket(ctx, evb, deferSecurityNegotiation),
216 #if FOLLY_OPENSSL_HAS_SNI
218 * Create a client AsyncSSLSocket with tlsext_servername in
219 * the Client Hello message.
221 AsyncSSLSocket(const std::shared_ptr<folly::SSLContext> &ctx,
223 const std::string& serverName,
224 bool deferSecurityNegotiation = false);
227 * Create a client AsyncSSLSocket from an already connected
228 * socket file descriptor.
230 * Note that while AsyncSSLSocket enables TCP_NODELAY for sockets it creates
231 * when connecting, it does not change the socket options when given an
232 * existing file descriptor. If callers want TCP_NODELAY enabled when using
233 * this version of the constructor, they need to explicitly call
234 * setNoDelay(true) after the constructor returns.
236 * @param ctx SSL context for this connection.
237 * @param evb EventBase that will manage this socket.
238 * @param fd File descriptor to take over (should be a connected socket).
239 * @param serverName tlsext_hostname that will be sent in ClientHello.
242 const std::shared_ptr<folly::SSLContext>& ctx,
245 const std::string& serverName,
246 bool deferSecurityNegotiation = false);
248 static std::shared_ptr<AsyncSSLSocket> newSocket(
249 const std::shared_ptr<folly::SSLContext>& ctx,
251 const std::string& serverName,
252 bool deferSecurityNegotiation = false) {
253 return std::shared_ptr<AsyncSSLSocket>(
254 new AsyncSSLSocket(ctx, evb, serverName, deferSecurityNegotiation),
257 #endif // FOLLY_OPENSSL_HAS_SNI
260 * TODO: implement support for SSL renegotiation.
262 * This involves proper handling of the SSL_ERROR_WANT_READ/WRITE
263 * code as a result of SSL_write/read(), instead of returning an
264 * error. In that case, the READ/WRITE event should be registered,
265 * and a flag (e.g., writeBlockedOnRead) should be set to indiciate
266 * the condition. In the next invocation of read/write callback, if
267 * the flag is on, performWrite()/performRead() should be called in
268 * addition to the normal call to performRead()/performWrite(), and
269 * the flag should be reset.
272 // Inherit TAsyncTransport methods from AsyncSocket except the
274 // See the documentation in TAsyncTransport.h
275 // TODO: implement graceful shutdown in close()
276 // TODO: implement detachSSL() that returns the SSL connection
277 void closeNow() override;
278 void shutdownWrite() override;
279 void shutdownWriteNow() override;
280 bool good() const override;
281 bool connecting() const override;
282 std::string getApplicationProtocol() noexcept override;
284 std::string getSecurityProtocol() const override {
285 if (sslState_ == STATE_UNENCRYPTED) {
291 void setEorTracking(bool track) override;
292 size_t getRawBytesWritten() const override;
293 size_t getRawBytesReceived() const override;
294 void enableClientHelloParsing();
297 * Accept an SSL connection on the socket.
299 * The callback will be invoked and uninstalled when an SSL
300 * connection has been established on the underlying socket.
301 * The value of verifyPeer determines the client verification method.
302 * By default, its set to use the value in the underlying context
304 * @param callback callback object to invoke on success/failure
305 * @param timeout timeout for this function in milliseconds, or 0 for no
307 * @param verifyPeer SSLVerifyPeerEnum uses the options specified in the
308 * context by default, can be set explcitly to override the
309 * method in the context
311 virtual void sslAccept(
312 HandshakeCB* callback,
313 std::chrono::milliseconds timeout = std::chrono::milliseconds::zero(),
314 const folly::SSLContext::SSLVerifyPeerEnum& verifyPeer =
315 folly::SSLContext::SSLVerifyPeerEnum::USE_CTX);
318 * Invoke SSL accept following an asynchronous session cache lookup
320 void restartSSLAccept();
323 * Connect to the given address, invoking callback when complete or on error
325 * Note timeout applies to TCP + SSL connection time
327 void connect(ConnectCallback* callback,
328 const folly::SocketAddress& address,
330 const OptionMap &options = emptyOptionMap,
331 const folly::SocketAddress& bindAddr = anyAddress())
335 * A variant of connect that allows the caller to specify
336 * the timeout for the regular connect and the ssl connect
338 * connectTimeout is specified as the time to establish a TCP
340 * totalConnectTimeout defines the
341 * time it takes from starting the TCP connection to the time
342 * the ssl connection is established. The reason the timeout is
343 * defined this way is because user's rarely need to specify the SSL
344 * timeout independently of the connect timeout. It allows us to
345 * bound the time for a connect and SSL connection in
346 * a finer grained manner than if timeout was just defined
347 * independently for SSL.
349 virtual void connect(
350 ConnectCallback* callback,
351 const folly::SocketAddress& address,
352 std::chrono::milliseconds connectTimeout,
353 std::chrono::milliseconds totalConnectTimeout,
354 const OptionMap& options = emptyOptionMap,
355 const folly::SocketAddress& bindAddr = anyAddress()) noexcept;
357 using AsyncSocket::connect;
360 * Initiate an SSL connection on the socket
361 * The callback will be invoked and uninstalled when an SSL connection
362 * has been establshed on the underlying socket.
363 * The verification option verifyPeer is applied if it's passed explicitly.
364 * If it's not, the options in SSLContext set on the underlying SSLContext
367 * @param callback callback object to invoke on success/failure
368 * @param timeout timeout for this function in milliseconds, or 0 for no
370 * @param verifyPeer SSLVerifyPeerEnum uses the options specified in the
371 * context by default, can be set explcitly to override the
372 * method in the context. If verification is turned on sets
373 * SSL_VERIFY_PEER and invokes
374 * HandshakeCB::handshakeVer().
376 virtual void sslConn(
377 HandshakeCB* callback,
378 std::chrono::milliseconds timeout = std::chrono::milliseconds::zero(),
379 const folly::SSLContext::SSLVerifyPeerEnum& verifyPeer =
380 folly::SSLContext::SSLVerifyPeerEnum::USE_CTX);
390 STATE_REMOTE_CLOSED, /// remote end closed; we can still write
391 STATE_CLOSING, ///< close() called, but waiting on writes to complete
392 /// close() called with pending writes, before connect() has completed
393 STATE_CONNECTING_CLOSING,
398 SSLStateEnum getSSLState() const { return sslState_;}
401 * Get a handle to the negotiated SSL session. This increments the session
402 * refcount and must be deallocated by the caller.
404 SSL_SESSION *getSSLSession();
407 * Get a handle to the SSL struct.
409 const SSL* getSSL() const;
412 * Set the SSL session to be used during sslConn. AsyncSSLSocket will
413 * hold a reference to the session until it is destroyed or released by the
414 * underlying SSL structure.
416 * @param takeOwnership if true, AsyncSSLSocket will assume the caller's
417 * reference count to session.
419 void setSSLSession(SSL_SESSION *session, bool takeOwnership = false);
422 * Get the name of the protocol selected by the client during
423 * Next Protocol Negotiation (NPN) or Application Layer Protocol Negotiation
426 * Throw an exception if openssl does not support NPN
428 * @param protoName Name of the protocol (not guaranteed to be
429 * null terminated); will be set to nullptr if
430 * the client did not negotiate a protocol.
431 * Note: the AsyncSSLSocket retains ownership
433 * @param protoNameLen Length of the name.
434 * @param protoType Whether this was an NPN or ALPN negotiation
436 virtual void getSelectedNextProtocol(
437 const unsigned char** protoName,
439 SSLContext::NextProtocolType* protoType = nullptr) const;
442 * Get the name of the protocol selected by the client during
443 * Next Protocol Negotiation (NPN) or Application Layer Protocol Negotiation
446 * @param protoName Name of the protocol (not guaranteed to be
447 * null terminated); will be set to nullptr if
448 * the client did not negotiate a protocol.
449 * Note: the AsyncSSLSocket retains ownership
451 * @param protoNameLen Length of the name.
452 * @param protoType Whether this was an NPN or ALPN negotiation
453 * @return false if openssl does not support NPN
455 virtual bool getSelectedNextProtocolNoThrow(
456 const unsigned char** protoName,
458 SSLContext::NextProtocolType* protoType = nullptr) const;
461 * Determine if the session specified during setSSLSession was reused
462 * or if the server rejected it and issued a new session.
464 virtual bool getSSLSessionReused() const;
467 * true if the session was resumed using session ID
469 bool sessionIDResumed() const { return sessionIDResumed_; }
471 void setSessionIDResumed(bool resumed) {
472 sessionIDResumed_ = resumed;
476 * Get the negociated cipher name for this SSL connection.
477 * Returns the cipher used or the constant value "NONE" when no SSL session
478 * has been established.
480 virtual const char* getNegotiatedCipherName() const;
483 * Get the server name for this SSL connection.
484 * Returns the server name used or the constant value "NONE" when no SSL
485 * session has been established.
486 * If openssl has no SNI support, throw TTransportException.
488 const char *getSSLServerName() const;
491 * Get the server name for this SSL connection.
492 * Returns the server name used or the constant value "NONE" when no SSL
493 * session has been established.
494 * If openssl has no SNI support, return "NONE"
496 const char *getSSLServerNameNoThrow() const;
499 * Get the SSL version for this connection.
500 * Possible return values are SSL2_VERSION, SSL3_VERSION, TLS1_VERSION,
501 * with hexa representations 0x200, 0x300, 0x301,
502 * or 0 if no SSL session has been established.
504 int getSSLVersion() const;
507 * Get the signature algorithm used in the cert that is used for this
510 const char *getSSLCertSigAlgName() const;
513 * Get the certificate size used for this SSL connection.
515 int getSSLCertSize() const;
518 * Get the certificate used for this SSL connection. May be null
520 const X509* getSelfCert() const override;
522 void attachEventBase(EventBase* eventBase) override {
523 AsyncSocket::attachEventBase(eventBase);
524 handshakeTimeout_.attachEventBase(eventBase);
525 connectionTimeout_.attachEventBase(eventBase);
528 void detachEventBase() override {
529 AsyncSocket::detachEventBase();
530 handshakeTimeout_.detachEventBase();
531 connectionTimeout_.detachEventBase();
534 bool isDetachable() const override {
535 return AsyncSocket::isDetachable() && !handshakeTimeout_.isScheduled();
538 virtual void attachTimeoutManager(TimeoutManager* manager) {
539 handshakeTimeout_.attachTimeoutManager(manager);
542 virtual void detachTimeoutManager() {
543 handshakeTimeout_.detachTimeoutManager();
546 #if OPENSSL_VERSION_NUMBER >= 0x009080bfL
548 * This function will set the SSL context for this socket to the
549 * argument. This should only be used on client SSL Sockets that have
550 * already called detachSSLContext();
552 void attachSSLContext(const std::shared_ptr<folly::SSLContext>& ctx);
555 * Detaches the SSL context for this socket.
557 void detachSSLContext();
561 * Returns the original folly::SSLContext associated with this socket.
563 * Suitable for use in AsyncSSLSocket constructor to construct a new
564 * AsyncSSLSocket using an existing socket's context.
566 * switchServerSSLContext() does not affect this return value.
568 const std::shared_ptr<folly::SSLContext>& getSSLContext() const {
572 #if FOLLY_OPENSSL_HAS_SNI
574 * Switch the SSLContext to continue the SSL handshake.
575 * It can only be used in server mode.
577 void switchServerSSLContext(
578 const std::shared_ptr<folly::SSLContext>& handshakeCtx);
581 * Did server recognize/support the tlsext_hostname in Client Hello?
582 * It can only be used in client mode.
584 * @return true - tlsext_hostname is matched by the server
585 * false - tlsext_hostname is not matched or
586 * is not supported by server
588 bool isServerNameMatch() const;
591 * Set the SNI hostname that we'll advertise to the server in the
592 * ClientHello message.
594 void setServerName(std::string serverName) noexcept;
595 #endif // FOLLY_OPENSSL_HAS_SNI
597 void timeoutExpired(std::chrono::milliseconds timeout) noexcept;
600 * Get the list of supported ciphers sent by the client in the client's
603 void getSSLClientCiphers(
604 std::string& clientCiphers,
605 bool convertToString = true) const;
608 * Get the list of compression methods sent by the client in TLS Hello.
610 std::string getSSLClientComprMethods() const;
613 * Get the list of TLS extensions sent by the client in the TLS Hello.
615 std::string getSSLClientExts() const;
617 std::string getSSLClientSigAlgs() const;
620 * Get the list of versions in the supported versions extension (used to
621 * negotiate TLS 1.3).
623 std::string getSSLClientSupportedVersions() const;
625 std::string getSSLAlertsReceived() const;
628 * Save an optional alert message generated during certificate verify
630 void setSSLCertVerificationAlert(std::string alert);
632 std::string getSSLCertVerificationAlert() const;
635 * Get the list of shared ciphers between the server and the client.
636 * Works well for only SSLv2, not so good for SSLv3 or TLSv1.
638 void getSSLSharedCiphers(std::string& sharedCiphers) const;
641 * Get the list of ciphers supported by the server in the server's
644 void getSSLServerCiphers(std::string& serverCiphers) const;
647 * Method to check if peer verfication is set.
649 * @return true if peer verification is required.
651 bool needsPeerVerification() const;
653 static int getSSLExDataIndex();
654 static AsyncSSLSocket* getFromSSL(const SSL *ssl);
655 static int bioWrite(BIO* b, const char* in, int inl);
656 static int bioRead(BIO* b, char* out, int outl);
657 void resetClientHelloParsing(SSL *ssl);
658 static void clientHelloParsingCallback(int write_p, int version,
659 int content_type, const void *buf, size_t len, SSL *ssl, void *arg);
660 static const char* getSSLServerNameFromSSL(SSL* ssl);
663 ssl::ClientHelloInfo* getClientHelloInfo() const {
664 return clientHelloInfo_.get();
668 * Returns the time taken to complete a handshake.
670 virtual std::chrono::nanoseconds getHandshakeTime() const {
671 return handshakeEndTime_ - handshakeStartTime_;
674 void setMinWriteSize(size_t minWriteSize) {
675 minWriteSize_ = minWriteSize;
678 size_t getMinWriteSize() const {
679 return minWriteSize_;
682 void setReadCB(ReadCallback* callback) override;
685 * Tries to enable the buffer movable experimental feature in openssl.
686 * This is not guaranteed to succeed in case openssl does not have
687 * the experimental feature built in.
689 void setBufferMovableEnabled(bool enabled);
692 * Returns the peer certificate, or nullptr if no peer certificate received.
694 ssl::X509UniquePtr getPeerCert() const override {
699 X509* cert = SSL_get_peer_certificate(ssl_);
700 return ssl::X509UniquePtr(cert);
704 * A set of possible outcomes of certificate validation.
706 enum class CertValidationResult {
707 CERT_VALID, // Cert is valid.
708 CERT_MISSING, // No cert is provided.
709 CERT_INVALID_FUTURE, // Cert has start datetime in the future.
710 CERT_INVALID_EXPIRED, // Cert has expired.
711 CERT_INVALID_BAD_CHAIN, // Cert has bad chain.
712 CERT_INVALID_OTHER, // Cert is invalid due to other reasons.
716 * Get the validation result of client cert. If the server side has not
717 * set this value, it will return folly::none; otherwise a value in
718 * CertValidationResult.
720 const Optional<CertValidationResult> getClientCertValidationResult() {
721 return clientCertValidationResult_;
725 * Set the validation result of client cert. Used by server side.
726 * @param result A value of CertValidationResult wrapped by folly::Optional.
728 void setClientCertValidationResult(
729 const Optional<CertValidationResult>& result) {
730 clientCertValidationResult_ = result;
734 * Force AsyncSSLSocket object to cache local and peer socket addresses.
735 * If called with "true" before connect() this function forces full local
736 * and remote socket addresses to be cached in the socket object and available
737 * through getLocalAddress()/getPeerAddress() methods even after the socket is
740 void forceCacheAddrOnFailure(bool force) { cacheAddrOnFailure_ = force; }
742 const std::string& getServiceIdentity() const { return serviceIdentity_; }
744 void setServiceIdentity(std::string serviceIdentity) {
745 serviceIdentity_ = std::move(serviceIdentity);
748 void setCertCacheHit(bool hit) {
752 bool getCertCacheHit() const {
753 return certCacheHit_;
756 bool sessionResumptionAttempted() const {
757 return sessionResumptionAttempted_;
761 * If the SSL socket was used to connect as well
762 * as establish an SSL connection, this gives the total
763 * timeout for the connect + SSL connection that was
766 std::chrono::milliseconds getTotalConnectTimeout() const {
767 return totalConnectTimeout_;
777 * Protected destructor.
779 * Users of AsyncSSLSocket must never delete it directly. Instead, invoke
780 * destroy() instead. (See the documentation in DelayedDestruction.h for
783 ~AsyncSSLSocket() override;
785 // Inherit event notification methods from AsyncSocket except
787 void prepareReadBuffer(void** buf, size_t* buflen) override;
788 void handleRead() noexcept override;
789 void handleWrite() noexcept override;
790 void handleAccept() noexcept;
791 void handleConnect() noexcept override;
793 void invalidState(HandshakeCB* callback);
794 bool willBlock(int ret,
796 unsigned long* errErrorOut) noexcept;
798 void checkForImmediateRead() noexcept override;
799 // AsyncSocket calls this at the wrong time for SSL
800 void handleInitialReadWrite() noexcept override {}
802 WriteResult interpretSSLError(int rc, int error);
803 ReadResult performRead(void** buf, size_t* buflen, size_t* offset) override;
804 WriteResult performWrite(
808 uint32_t* countWritten,
809 uint32_t* partialWritten) override;
811 ssize_t performWriteIovec(const iovec* vec, uint32_t count,
812 WriteFlags flags, uint32_t* countWritten,
813 uint32_t* partialWritten);
815 // This virtual wrapper around SSL_write exists solely for testing/mockability
816 virtual int sslWriteImpl(SSL *ssl, const void *buf, int n) {
817 return SSL_write(ssl, buf, n);
821 * Apply verification options passed to sslConn/sslAccept or those set
822 * in the underlying SSLContext object.
824 * @param ssl pointer to the SSL object on which verification options will be
825 * applied. If verifyPeer_ was explicitly set either via sslConn/sslAccept,
826 * those options override the settings in the underlying SSLContext.
828 void applyVerificationOptions(SSL * ssl);
831 * Sets up SSL with a custom write bio which intercepts all writes.
833 * @return true, if succeeds and false if there is an error creating the bio.
838 * A SSL_write wrapper that understand EOR
840 * @param ssl: SSL* object
841 * @param buf: Buffer to be written
842 * @param n: Number of bytes to be written
843 * @param eor: Does the last byte (buf[n-1]) have the app-last-byte?
844 * @return: The number of app bytes successfully written to the socket
846 int eorAwareSSLWrite(SSL *ssl, const void *buf, int n, bool eor);
848 // Inherit error handling methods from AsyncSocket, plus the following.
849 void failHandshake(const char* fn, const AsyncSocketException& ex);
851 void invokeHandshakeErr(const AsyncSocketException& ex);
852 void invokeHandshakeCB();
854 void invokeConnectErr(const AsyncSocketException& ex) override;
855 void invokeConnectSuccess() override;
856 void scheduleConnectTimeout() override;
858 void startSSLConnect();
860 static void sslInfoCallback(const SSL *ssl, int type, int val);
862 // Whether the current write to the socket should use MSG_MORE.
863 bool corkCurrentWrite_{false};
864 // SSL related members.
866 // Used to prevent client-initiated renegotiation. Note that AsyncSSLSocket
867 // doesn't fully support renegotiation, so we could just fail all attempts
868 // to enforce this. Once it is supported, we should make it an option
869 // to disable client-initiated renegotiation.
870 bool handshakeComplete_{false};
871 bool renegotiateAttempted_{false};
872 SSLStateEnum sslState_{STATE_UNINIT};
873 std::shared_ptr<folly::SSLContext> ctx_;
874 // Callback for SSL_accept() or SSL_connect()
875 HandshakeCB* handshakeCallback_{nullptr};
877 SSL_SESSION *sslSession_{nullptr};
878 Timeout handshakeTimeout_;
879 Timeout connectionTimeout_;
881 // The app byte num that we are tracking for the MSG_EOR
882 // Only one app EOR byte can be tracked.
883 size_t appEorByteNo_{0};
885 // Try to avoid calling SSL_write() for buffers smaller than this.
886 // It doesn't take effect when it is 0.
887 size_t minWriteSize_{1500};
889 // When openssl is about to sendmsg() across the minEorRawBytesNo_,
890 // it will pass MSG_EOR to sendmsg().
891 size_t minEorRawByteNo_{0};
892 #if FOLLY_OPENSSL_HAS_SNI
893 std::shared_ptr<folly::SSLContext> handshakeCtx_;
894 std::string tlsextHostname_;
897 // a service identity that this socket/connection is associated with
898 std::string serviceIdentity_;
900 folly::SSLContext::SSLVerifyPeerEnum
901 verifyPeer_{folly::SSLContext::SSLVerifyPeerEnum::USE_CTX};
903 Optional<CertValidationResult> clientCertValidationResult_{none};
905 // Callback for SSL_CTX_set_verify()
906 static int sslVerifyCallback(int preverifyOk, X509_STORE_CTX* ctx);
908 bool parseClientHello_{false};
909 bool cacheAddrOnFailure_{false};
910 bool bufferMovableEnabled_{false};
911 bool certCacheHit_{false};
912 std::unique_ptr<ssl::ClientHelloInfo> clientHelloInfo_;
913 std::vector<std::pair<char, StringPiece>> alertsReceived_;
915 // Time taken to complete the ssl handshake.
916 std::chrono::steady_clock::time_point handshakeStartTime_;
917 std::chrono::steady_clock::time_point handshakeEndTime_;
918 std::chrono::milliseconds handshakeConnectTimeout_{0};
919 std::chrono::milliseconds totalConnectTimeout_{0};
921 std::string sslVerificationAlert_;
923 bool sessionResumptionAttempted_{false};
924 // whether the SSL session was resumed using session ID or not
925 bool sessionIDResumed_{false};