Summary:
This patch adds a function to AsyncSSLSocket, so the user can check if the peer cert
should be verified. This allows the user to implement custom logic for peer cert validation.
Reviewed By: Orvid
Differential Revision:
D4456402
fbshipit-source-id:
2f8a5c932d0341d6c9290bcb52264dd4fa174263
AsyncSocket::connect(connector, address, timeout, options, bindAddr);
}
AsyncSocket::connect(connector, address, timeout, options, bindAddr);
}
+bool AsyncSSLSocket::needsPeerVerification() const {
+ if (verifyPeer_ == SSLContext::SSLVerifyPeerEnum::USE_CTX) {
+ return ctx_->needsPeerVerification();
+ }
+ return (
+ verifyPeer_ == SSLContext::SSLVerifyPeerEnum::VERIFY ||
+ verifyPeer_ == SSLContext::SSLVerifyPeerEnum::VERIFY_REQ_CLIENT_CERT);
+}
+
void AsyncSSLSocket::applyVerificationOptions(SSL * ssl) {
// apply the settings specified in verifyPeer_
if (verifyPeer_ == SSLContext::SSLVerifyPeerEnum::USE_CTX) {
void AsyncSSLSocket::applyVerificationOptions(SSL * ssl) {
// apply the settings specified in verifyPeer_
if (verifyPeer_ == SSLContext::SSLVerifyPeerEnum::USE_CTX) {
*/
void getSSLServerCiphers(std::string& serverCiphers) const;
*/
void getSSLServerCiphers(std::string& serverCiphers) const;
+ /**
+ * Method to check if peer verfication is set.
+ *
+ * @return true if peer verification is required.
+ */
+ bool needsPeerVerification() const;
+
static int getSSLExDataIndex();
static AsyncSSLSocket* getFromSSL(const SSL *ssl);
static int bioWrite(BIO* b, const char* in, int inl);
static int getSSLExDataIndex();
static AsyncSSLSocket* getFromSSL(const SSL *ssl);
static int bioWrite(BIO* b, const char* in, int inl);