2 * Copyright 2017 Facebook, Inc.
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
21 #include <folly/Optional.h>
22 #include <folly/String.h>
23 #include <folly/io/async/AsyncSocket.h>
24 #include <folly/io/async/AsyncTimeout.h>
25 #include <folly/io/async/SSLContext.h>
26 #include <folly/io/async/TimeoutManager.h>
27 #include <folly/io/async/ssl/OpenSSLPtrTypes.h>
28 #include <folly/io/async/ssl/OpenSSLUtils.h>
29 #include <folly/io/async/ssl/SSLErrors.h>
30 #include <folly/io/async/ssl/TLSDefinitions.h>
32 #include <folly/Bits.h>
33 #include <folly/io/IOBuf.h>
34 #include <folly/io/Cursor.h>
35 #include <folly/portability/OpenSSL.h>
36 #include <folly/portability/Sockets.h>
41 * A class for performing asynchronous I/O on an SSL connection.
43 * AsyncSSLSocket allows users to asynchronously wait for data on an
44 * SSL connection, and to asynchronously send data.
46 * The APIs for reading and writing are intentionally asymmetric.
47 * Waiting for data to read is a persistent API: a callback is
48 * installed, and is notified whenever new data is available. It
49 * continues to be notified of new events until it is uninstalled.
51 * AsyncSSLSocket does not provide read timeout functionality,
52 * because it typically cannot determine when the timeout should be
53 * active. Generally, a timeout should only be enabled when
54 * processing is blocked waiting on data from the remote endpoint.
55 * For server connections, the timeout should not be active if the
56 * server is currently processing one or more outstanding requests for
57 * this connection. For client connections, the timeout should not be
58 * active if there are no requests pending on the connection.
59 * Additionally, if a client has multiple pending requests, it will
60 * ususally want a separate timeout for each request, rather than a
61 * single read timeout.
63 * The write API is fairly intuitive: a user can request to send a
64 * block of data, and a callback will be informed once the entire
65 * block has been transferred to the kernel, or on error.
66 * AsyncSSLSocket does provide a send timeout, since most callers
67 * want to give up if the remote end stops responding and no further
68 * progress can be made sending the data.
70 class AsyncSSLSocket : public virtual AsyncSocket {
72 typedef std::unique_ptr<AsyncSSLSocket, Destructor> UniquePtr;
73 using X509_deleter = folly::static_function_deleter<X509, &X509_free>;
77 virtual ~HandshakeCB() = default;
80 * handshakeVer() is invoked during handshaking to give the
81 * application chance to validate it's peer's certificate.
83 * Note that OpenSSL performs only rudimentary internal
84 * consistency verification checks by itself. Any other validation
85 * like whether or not the certificate was issued by a trusted CA.
86 * The default implementation of this callback mimics what what
87 * OpenSSL does internally if SSL_VERIFY_PEER is set with no
88 * verification callback.
90 * See the passages on verify_callback in SSL_CTX_set_verify(3)
93 virtual bool handshakeVer(AsyncSSLSocket* /*sock*/,
95 X509_STORE_CTX* /*ctx*/) noexcept {
100 * handshakeSuc() is called when a new SSL connection is
101 * established, i.e., after SSL_accept/connect() returns successfully.
103 * The HandshakeCB will be uninstalled before handshakeSuc()
106 * @param sock SSL socket on which the handshake was initiated
108 virtual void handshakeSuc(AsyncSSLSocket *sock) noexcept = 0;
111 * handshakeErr() is called if an error occurs while
112 * establishing the SSL connection.
114 * The HandshakeCB will be uninstalled before handshakeErr()
117 * @param sock SSL socket on which the handshake was initiated
118 * @param ex An exception representing the error.
120 virtual void handshakeErr(
121 AsyncSSLSocket *sock,
122 const AsyncSocketException& ex)
126 class Timeout : public AsyncTimeout {
128 Timeout(AsyncSSLSocket* sslSocket, EventBase* eventBase)
129 : AsyncTimeout(eventBase), sslSocket_(sslSocket) {}
131 bool scheduleTimeout(TimeoutManager::timeout_type timeout) {
133 return AsyncTimeout::scheduleTimeout(timeout);
136 bool scheduleTimeout(uint32_t timeoutMs) {
137 return scheduleTimeout(std::chrono::milliseconds{timeoutMs});
140 TimeoutManager::timeout_type getTimeout() {
144 virtual void timeoutExpired() noexcept override {
145 sslSocket_->timeoutExpired(timeout_);
149 AsyncSSLSocket* sslSocket_;
150 TimeoutManager::timeout_type timeout_;
154 * Create a client AsyncSSLSocket
156 AsyncSSLSocket(const std::shared_ptr<folly::SSLContext> &ctx,
157 EventBase* evb, bool deferSecurityNegotiation = false);
160 * Create a server/client AsyncSSLSocket from an already connected
161 * socket file descriptor.
163 * Note that while AsyncSSLSocket enables TCP_NODELAY for sockets it creates
164 * when connecting, it does not change the socket options when given an
165 * existing file descriptor. If callers want TCP_NODELAY enabled when using
166 * this version of the constructor, they need to explicitly call
167 * setNoDelay(true) after the constructor returns.
169 * @param ctx SSL context for this connection.
170 * @param evb EventBase that will manage this socket.
171 * @param fd File descriptor to take over (should be a connected socket).
172 * @param server Is socket in server mode?
173 * @param deferSecurityNegotiation
174 * unencrypted data can be sent before sslConn/Accept
177 const std::shared_ptr<folly::SSLContext>& ctx,
181 bool deferSecurityNegotiation = false);
184 * Create a server/client AsyncSSLSocket from an already connected
188 const std::shared_ptr<folly::SSLContext>& ctx,
189 AsyncSocket::UniquePtr oldAsyncSocket,
191 bool deferSecurityNegotiation = false);
194 * Helper function to create a server/client shared_ptr<AsyncSSLSocket>.
196 static std::shared_ptr<AsyncSSLSocket> newSocket(
197 const std::shared_ptr<folly::SSLContext>& ctx,
198 EventBase* evb, int fd, bool server=true,
199 bool deferSecurityNegotiation = false) {
200 return std::shared_ptr<AsyncSSLSocket>(
201 new AsyncSSLSocket(ctx, evb, fd, server, deferSecurityNegotiation),
206 * Helper function to create a client shared_ptr<AsyncSSLSocket>.
208 static std::shared_ptr<AsyncSSLSocket> newSocket(
209 const std::shared_ptr<folly::SSLContext>& ctx,
210 EventBase* evb, bool deferSecurityNegotiation = false) {
211 return std::shared_ptr<AsyncSSLSocket>(
212 new AsyncSSLSocket(ctx, evb, deferSecurityNegotiation),
217 #if FOLLY_OPENSSL_HAS_SNI
219 * Create a client AsyncSSLSocket with tlsext_servername in
220 * the Client Hello message.
222 AsyncSSLSocket(const std::shared_ptr<folly::SSLContext> &ctx,
224 const std::string& serverName,
225 bool deferSecurityNegotiation = false);
228 * Create a client AsyncSSLSocket from an already connected
229 * socket file descriptor.
231 * Note that while AsyncSSLSocket enables TCP_NODELAY for sockets it creates
232 * when connecting, it does not change the socket options when given an
233 * existing file descriptor. If callers want TCP_NODELAY enabled when using
234 * this version of the constructor, they need to explicitly call
235 * setNoDelay(true) after the constructor returns.
237 * @param ctx SSL context for this connection.
238 * @param evb EventBase that will manage this socket.
239 * @param fd File descriptor to take over (should be a connected socket).
240 * @param serverName tlsext_hostname that will be sent in ClientHello.
243 const std::shared_ptr<folly::SSLContext>& ctx,
246 const std::string& serverName,
247 bool deferSecurityNegotiation = false);
249 static std::shared_ptr<AsyncSSLSocket> newSocket(
250 const std::shared_ptr<folly::SSLContext>& ctx,
252 const std::string& serverName,
253 bool deferSecurityNegotiation = false) {
254 return std::shared_ptr<AsyncSSLSocket>(
255 new AsyncSSLSocket(ctx, evb, serverName, deferSecurityNegotiation),
258 #endif // FOLLY_OPENSSL_HAS_SNI
261 * TODO: implement support for SSL renegotiation.
263 * This involves proper handling of the SSL_ERROR_WANT_READ/WRITE
264 * code as a result of SSL_write/read(), instead of returning an
265 * error. In that case, the READ/WRITE event should be registered,
266 * and a flag (e.g., writeBlockedOnRead) should be set to indiciate
267 * the condition. In the next invocation of read/write callback, if
268 * the flag is on, performWrite()/performRead() should be called in
269 * addition to the normal call to performRead()/performWrite(), and
270 * the flag should be reset.
273 // Inherit TAsyncTransport methods from AsyncSocket except the
275 // See the documentation in TAsyncTransport.h
276 // TODO: implement graceful shutdown in close()
277 // TODO: implement detachSSL() that returns the SSL connection
278 virtual void closeNow() override;
279 virtual void shutdownWrite() override;
280 virtual void shutdownWriteNow() override;
281 virtual bool good() const override;
282 virtual bool connecting() const override;
283 virtual std::string getApplicationProtocol() noexcept override;
285 virtual std::string getSecurityProtocol() const override { return "TLS"; }
287 virtual void setEorTracking(bool track) override;
288 virtual size_t getRawBytesWritten() const override;
289 virtual size_t getRawBytesReceived() const override;
290 void enableClientHelloParsing();
293 * Accept an SSL connection on the socket.
295 * The callback will be invoked and uninstalled when an SSL
296 * connection has been established on the underlying socket.
297 * The value of verifyPeer determines the client verification method.
298 * By default, its set to use the value in the underlying context
300 * @param callback callback object to invoke on success/failure
301 * @param timeout timeout for this function in milliseconds, or 0 for no
303 * @param verifyPeer SSLVerifyPeerEnum uses the options specified in the
304 * context by default, can be set explcitly to override the
305 * method in the context
307 virtual void sslAccept(
308 HandshakeCB* callback,
309 std::chrono::milliseconds timeout = std::chrono::milliseconds::zero(),
310 const folly::SSLContext::SSLVerifyPeerEnum& verifyPeer =
311 folly::SSLContext::SSLVerifyPeerEnum::USE_CTX);
314 * Invoke SSL accept following an asynchronous session cache lookup
316 void restartSSLAccept();
319 * Connect to the given address, invoking callback when complete or on error
321 * Note timeout applies to TCP + SSL connection time
323 void connect(ConnectCallback* callback,
324 const folly::SocketAddress& address,
326 const OptionMap &options = emptyOptionMap,
327 const folly::SocketAddress& bindAddr = anyAddress())
331 * A variant of connect that allows the caller to specify
332 * the timeout for the regular connect and the ssl connect
334 * connectTimeout is specified as the time to establish a TCP
336 * totalConnectTimeout defines the
337 * time it takes from starting the TCP connection to the time
338 * the ssl connection is established. The reason the timeout is
339 * defined this way is because user's rarely need to specify the SSL
340 * timeout independently of the connect timeout. It allows us to
341 * bound the time for a connect and SSL connection in
342 * a finer grained manner than if timeout was just defined
343 * independently for SSL.
345 virtual void connect(
346 ConnectCallback* callback,
347 const folly::SocketAddress& address,
348 std::chrono::milliseconds connectTimeout,
349 std::chrono::milliseconds totalConnectTimeout,
350 const OptionMap& options = emptyOptionMap,
351 const folly::SocketAddress& bindAddr = anyAddress()) noexcept;
353 using AsyncSocket::connect;
356 * Initiate an SSL connection on the socket
357 * The callback will be invoked and uninstalled when an SSL connection
358 * has been establshed on the underlying socket.
359 * The verification option verifyPeer is applied if it's passed explicitly.
360 * If it's not, the options in SSLContext set on the underlying SSLContext
363 * @param callback callback object to invoke on success/failure
364 * @param timeout timeout for this function in milliseconds, or 0 for no
366 * @param verifyPeer SSLVerifyPeerEnum uses the options specified in the
367 * context by default, can be set explcitly to override the
368 * method in the context. If verification is turned on sets
369 * SSL_VERIFY_PEER and invokes
370 * HandshakeCB::handshakeVer().
372 virtual void sslConn(
373 HandshakeCB* callback,
374 std::chrono::milliseconds timeout = std::chrono::milliseconds::zero(),
375 const folly::SSLContext::SSLVerifyPeerEnum& verifyPeer =
376 folly::SSLContext::SSLVerifyPeerEnum::USE_CTX);
386 STATE_REMOTE_CLOSED, /// remote end closed; we can still write
387 STATE_CLOSING, ///< close() called, but waiting on writes to complete
388 /// close() called with pending writes, before connect() has completed
389 STATE_CONNECTING_CLOSING,
394 SSLStateEnum getSSLState() const { return sslState_;}
397 * Get a handle to the negotiated SSL session. This increments the session
398 * refcount and must be deallocated by the caller.
400 SSL_SESSION *getSSLSession();
403 * Get a handle to the SSL struct.
405 const SSL* getSSL() const;
408 * Set the SSL session to be used during sslConn. AsyncSSLSocket will
409 * hold a reference to the session until it is destroyed or released by the
410 * underlying SSL structure.
412 * @param takeOwnership if true, AsyncSSLSocket will assume the caller's
413 * reference count to session.
415 void setSSLSession(SSL_SESSION *session, bool takeOwnership = false);
418 * Get the name of the protocol selected by the client during
419 * Next Protocol Negotiation (NPN) or Application Layer Protocol Negotiation
422 * Throw an exception if openssl does not support NPN
424 * @param protoName Name of the protocol (not guaranteed to be
425 * null terminated); will be set to nullptr if
426 * the client did not negotiate a protocol.
427 * Note: the AsyncSSLSocket retains ownership
429 * @param protoNameLen Length of the name.
430 * @param protoType Whether this was an NPN or ALPN negotiation
432 virtual void getSelectedNextProtocol(
433 const unsigned char** protoName,
435 SSLContext::NextProtocolType* protoType = nullptr) const;
438 * Get the name of the protocol selected by the client during
439 * Next Protocol Negotiation (NPN) or Application Layer Protocol Negotiation
442 * @param protoName Name of the protocol (not guaranteed to be
443 * null terminated); will be set to nullptr if
444 * the client did not negotiate a protocol.
445 * Note: the AsyncSSLSocket retains ownership
447 * @param protoNameLen Length of the name.
448 * @param protoType Whether this was an NPN or ALPN negotiation
449 * @return false if openssl does not support NPN
451 virtual bool getSelectedNextProtocolNoThrow(
452 const unsigned char** protoName,
454 SSLContext::NextProtocolType* protoType = nullptr) const;
457 * Determine if the session specified during setSSLSession was reused
458 * or if the server rejected it and issued a new session.
460 virtual bool getSSLSessionReused() const;
463 * true if the session was resumed using session ID
465 bool sessionIDResumed() const { return sessionIDResumed_; }
467 void setSessionIDResumed(bool resumed) {
468 sessionIDResumed_ = resumed;
472 * Get the negociated cipher name for this SSL connection.
473 * Returns the cipher used or the constant value "NONE" when no SSL session
474 * has been established.
476 virtual const char* getNegotiatedCipherName() const;
479 * Get the server name for this SSL connection.
480 * Returns the server name used or the constant value "NONE" when no SSL
481 * session has been established.
482 * If openssl has no SNI support, throw TTransportException.
484 const char *getSSLServerName() const;
487 * Get the server name for this SSL connection.
488 * Returns the server name used or the constant value "NONE" when no SSL
489 * session has been established.
490 * If openssl has no SNI support, return "NONE"
492 const char *getSSLServerNameNoThrow() const;
495 * Get the SSL version for this connection.
496 * Possible return values are SSL2_VERSION, SSL3_VERSION, TLS1_VERSION,
497 * with hexa representations 0x200, 0x300, 0x301,
498 * or 0 if no SSL session has been established.
500 int getSSLVersion() const;
503 * Get the signature algorithm used in the cert that is used for this
506 const char *getSSLCertSigAlgName() const;
509 * Get the certificate size used for this SSL connection.
511 int getSSLCertSize() const;
514 * Get the certificate used for this SSL connection. May be null
516 virtual const X509* getSelfCert() const override;
518 virtual void attachEventBase(EventBase* eventBase) override {
519 AsyncSocket::attachEventBase(eventBase);
520 handshakeTimeout_.attachEventBase(eventBase);
521 connectionTimeout_.attachEventBase(eventBase);
524 virtual void detachEventBase() override {
525 AsyncSocket::detachEventBase();
526 handshakeTimeout_.detachEventBase();
527 connectionTimeout_.detachEventBase();
530 virtual bool isDetachable() const override {
531 return AsyncSocket::isDetachable() && !handshakeTimeout_.isScheduled();
534 virtual void attachTimeoutManager(TimeoutManager* manager) {
535 handshakeTimeout_.attachTimeoutManager(manager);
538 virtual void detachTimeoutManager() {
539 handshakeTimeout_.detachTimeoutManager();
542 #if OPENSSL_VERSION_NUMBER >= 0x009080bfL
544 * This function will set the SSL context for this socket to the
545 * argument. This should only be used on client SSL Sockets that have
546 * already called detachSSLContext();
548 void attachSSLContext(const std::shared_ptr<folly::SSLContext>& ctx);
551 * Detaches the SSL context for this socket.
553 void detachSSLContext();
556 #if FOLLY_OPENSSL_HAS_SNI
558 * Switch the SSLContext to continue the SSL handshake.
559 * It can only be used in server mode.
561 void switchServerSSLContext(
562 const std::shared_ptr<folly::SSLContext>& handshakeCtx);
565 * Did server recognize/support the tlsext_hostname in Client Hello?
566 * It can only be used in client mode.
568 * @return true - tlsext_hostname is matched by the server
569 * false - tlsext_hostname is not matched or
570 * is not supported by server
572 bool isServerNameMatch() const;
575 * Set the SNI hostname that we'll advertise to the server in the
576 * ClientHello message.
578 void setServerName(std::string serverName) noexcept;
579 #endif // FOLLY_OPENSSL_HAS_SNI
581 void timeoutExpired(std::chrono::milliseconds timeout) noexcept;
584 * Get the list of supported ciphers sent by the client in the client's
587 void getSSLClientCiphers(
588 std::string& clientCiphers,
589 bool convertToString = true) const;
592 * Get the list of compression methods sent by the client in TLS Hello.
594 std::string getSSLClientComprMethods() const;
597 * Get the list of TLS extensions sent by the client in the TLS Hello.
599 std::string getSSLClientExts() const;
601 std::string getSSLClientSigAlgs() const;
604 * Get the list of versions in the supported versions extension (used to
605 * negotiate TLS 1.3).
607 std::string getSSLClientSupportedVersions() const;
609 std::string getSSLAlertsReceived() const;
612 * Save an optional alert message generated during certificate verify
614 void setSSLCertVerificationAlert(std::string alert);
616 std::string getSSLCertVerificationAlert() const;
619 * Get the list of shared ciphers between the server and the client.
620 * Works well for only SSLv2, not so good for SSLv3 or TLSv1.
622 void getSSLSharedCiphers(std::string& sharedCiphers) const;
625 * Get the list of ciphers supported by the server in the server's
628 void getSSLServerCiphers(std::string& serverCiphers) const;
631 * Method to check if peer verfication is set.
633 * @return true if peer verification is required.
635 bool needsPeerVerification() const;
637 static int getSSLExDataIndex();
638 static AsyncSSLSocket* getFromSSL(const SSL *ssl);
639 static int bioWrite(BIO* b, const char* in, int inl);
640 static int bioRead(BIO* b, char* out, int outl);
641 void resetClientHelloParsing(SSL *ssl);
642 static void clientHelloParsingCallback(int write_p, int version,
643 int content_type, const void *buf, size_t len, SSL *ssl, void *arg);
644 static const char* getSSLServerNameFromSSL(SSL* ssl);
647 ssl::ClientHelloInfo* getClientHelloInfo() const {
648 return clientHelloInfo_.get();
652 * Returns the time taken to complete a handshake.
654 virtual std::chrono::nanoseconds getHandshakeTime() const {
655 return handshakeEndTime_ - handshakeStartTime_;
658 void setMinWriteSize(size_t minWriteSize) {
659 minWriteSize_ = minWriteSize;
662 size_t getMinWriteSize() const {
663 return minWriteSize_;
666 void setReadCB(ReadCallback* callback) override;
669 * Tries to enable the buffer movable experimental feature in openssl.
670 * This is not guaranteed to succeed in case openssl does not have
671 * the experimental feature built in.
673 void setBufferMovableEnabled(bool enabled);
676 * Returns the peer certificate, or nullptr if no peer certificate received.
678 virtual ssl::X509UniquePtr getPeerCert() const override {
683 X509* cert = SSL_get_peer_certificate(ssl_);
684 return ssl::X509UniquePtr(cert);
688 * Force AsyncSSLSocket object to cache local and peer socket addresses.
689 * If called with "true" before connect() this function forces full local
690 * and remote socket addresses to be cached in the socket object and available
691 * through getLocalAddress()/getPeerAddress() methods even after the socket is
694 void forceCacheAddrOnFailure(bool force) { cacheAddrOnFailure_ = force; }
696 const std::string& getServiceIdentity() const { return serviceIdentity_; }
698 void setServiceIdentity(std::string serviceIdentity) {
699 serviceIdentity_ = std::move(serviceIdentity);
702 void setCertCacheHit(bool hit) {
706 bool getCertCacheHit() const {
707 return certCacheHit_;
710 bool sessionResumptionAttempted() const {
711 return sessionResumptionAttempted_;
715 * If the SSL socket was used to connect as well
716 * as establish an SSL connection, this gives the total
717 * timeout for the connect + SSL connection that was
720 std::chrono::milliseconds getTotalConnectTimeout() const {
721 return totalConnectTimeout_;
731 * Protected destructor.
733 * Users of AsyncSSLSocket must never delete it directly. Instead, invoke
734 * destroy() instead. (See the documentation in DelayedDestruction.h for
739 // Inherit event notification methods from AsyncSocket except
741 void prepareReadBuffer(void** buf, size_t* buflen) override;
742 void handleRead() noexcept override;
743 void handleWrite() noexcept override;
744 void handleAccept() noexcept;
745 void handleConnect() noexcept override;
747 void invalidState(HandshakeCB* callback);
748 bool willBlock(int ret,
750 unsigned long* errErrorOut) noexcept;
752 virtual void checkForImmediateRead() noexcept override;
753 // AsyncSocket calls this at the wrong time for SSL
754 void handleInitialReadWrite() noexcept override {}
756 WriteResult interpretSSLError(int rc, int error);
757 ReadResult performRead(void** buf, size_t* buflen, size_t* offset) override;
758 WriteResult performWrite(
762 uint32_t* countWritten,
763 uint32_t* partialWritten) override;
765 ssize_t performWriteIovec(const iovec* vec, uint32_t count,
766 WriteFlags flags, uint32_t* countWritten,
767 uint32_t* partialWritten);
769 // This virtual wrapper around SSL_write exists solely for testing/mockability
770 virtual int sslWriteImpl(SSL *ssl, const void *buf, int n) {
771 return SSL_write(ssl, buf, n);
775 * Apply verification options passed to sslConn/sslAccept or those set
776 * in the underlying SSLContext object.
778 * @param ssl pointer to the SSL object on which verification options will be
779 * applied. If verifyPeer_ was explicitly set either via sslConn/sslAccept,
780 * those options override the settings in the underlying SSLContext.
782 void applyVerificationOptions(SSL * ssl);
785 * Sets up SSL with a custom write bio which intercepts all writes.
787 * @return true, if succeeds and false if there is an error creating the bio.
792 * A SSL_write wrapper that understand EOR
794 * @param ssl: SSL* object
795 * @param buf: Buffer to be written
796 * @param n: Number of bytes to be written
797 * @param eor: Does the last byte (buf[n-1]) have the app-last-byte?
798 * @return: The number of app bytes successfully written to the socket
800 int eorAwareSSLWrite(SSL *ssl, const void *buf, int n, bool eor);
802 // Inherit error handling methods from AsyncSocket, plus the following.
803 void failHandshake(const char* fn, const AsyncSocketException& ex);
805 void invokeHandshakeErr(const AsyncSocketException& ex);
806 void invokeHandshakeCB();
808 void invokeConnectErr(const AsyncSocketException& ex) override;
809 void invokeConnectSuccess() override;
810 void scheduleConnectTimeout() override;
812 void cacheLocalPeerAddr();
814 void startSSLConnect();
816 static void sslInfoCallback(const SSL *ssl, int type, int val);
818 // Whether the current write to the socket should use MSG_MORE.
819 bool corkCurrentWrite_{false};
820 // SSL related members.
822 // Used to prevent client-initiated renegotiation. Note that AsyncSSLSocket
823 // doesn't fully support renegotiation, so we could just fail all attempts
824 // to enforce this. Once it is supported, we should make it an option
825 // to disable client-initiated renegotiation.
826 bool handshakeComplete_{false};
827 bool renegotiateAttempted_{false};
828 SSLStateEnum sslState_{STATE_UNINIT};
829 std::shared_ptr<folly::SSLContext> ctx_;
830 // Callback for SSL_accept() or SSL_connect()
831 HandshakeCB* handshakeCallback_{nullptr};
833 SSL_SESSION *sslSession_{nullptr};
834 Timeout handshakeTimeout_;
835 Timeout connectionTimeout_;
836 // whether the SSL session was resumed using session ID or not
837 bool sessionIDResumed_{false};
839 // The app byte num that we are tracking for the MSG_EOR
840 // Only one app EOR byte can be tracked.
841 size_t appEorByteNo_{0};
843 // Try to avoid calling SSL_write() for buffers smaller than this.
844 // It doesn't take effect when it is 0.
845 size_t minWriteSize_{1500};
847 // When openssl is about to sendmsg() across the minEorRawBytesNo_,
848 // it will pass MSG_EOR to sendmsg().
849 size_t minEorRawByteNo_{0};
850 #if FOLLY_OPENSSL_HAS_SNI
851 std::shared_ptr<folly::SSLContext> handshakeCtx_;
852 std::string tlsextHostname_;
855 // a service identity that this socket/connection is associated with
856 std::string serviceIdentity_;
858 folly::SSLContext::SSLVerifyPeerEnum
859 verifyPeer_{folly::SSLContext::SSLVerifyPeerEnum::USE_CTX};
861 // Callback for SSL_CTX_set_verify()
862 static int sslVerifyCallback(int preverifyOk, X509_STORE_CTX* ctx);
864 bool parseClientHello_{false};
865 bool cacheAddrOnFailure_{false};
866 bool bufferMovableEnabled_{false};
867 bool certCacheHit_{false};
868 std::unique_ptr<ssl::ClientHelloInfo> clientHelloInfo_;
869 std::vector<std::pair<char, StringPiece>> alertsReceived_;
871 // Time taken to complete the ssl handshake.
872 std::chrono::steady_clock::time_point handshakeStartTime_;
873 std::chrono::steady_clock::time_point handshakeEndTime_;
874 std::chrono::milliseconds handshakeConnectTimeout_{0};
875 bool sessionResumptionAttempted_{false};
876 std::chrono::milliseconds totalConnectTimeout_{0};
878 std::string sslVerificationAlert_;