checkPeerName_ = false;
+ SSL_CTX_set_options(ctx_, SSL_OP_NO_COMPRESSION);
+
#if OPENSSL_VERSION_NUMBER >= 0x1000105fL && !defined(OPENSSL_NO_TLSEXT)
SSL_CTX_set_tlsext_servername_callback(ctx_, baseServerNameOpenSSLCallback);
SSL_CTX_set_tlsext_servername_arg(ctx_, this);
setCiphersOrThrow(ciphers);
}
+void SSLContext::setCipherList(const std::vector<std::string>& ciphers) {
+ if (ciphers.size() == 0) {
+ return;
+ }
+ std::string opensslCipherList;
+ join(":", ciphers, opensslCipherList);
+ setCiphersOrThrow(opensslCipherList);
+}
+
+void SSLContext::setSignatureAlgorithms(
+ const std::vector<std::string>& sigalgs) {
+ if (sigalgs.size() == 0) {
+ return;
+ }
+#if OPENSSL_VERSION_NUMBER >= 0x1000200fL
+ std::string opensslSigAlgsList;
+ join(":", sigalgs, opensslSigAlgsList);
+ int rc = SSL_CTX_set1_sigalgs_list(ctx_, opensslSigAlgsList.c_str());
+ if (rc == 0) {
+ throw std::runtime_error("SSL_CTX_set1_sigalgs_list " + getErrors());
+ }
+#endif
+}
+
+void SSLContext::setClientECCurvesList(
+ const std::vector<std::string>& ecCurves) {
+ if (ecCurves.size() == 0) {
+ return;
+ }
+#if OPENSSL_VERSION_NUMBER >= 0x1000200fL
+ std::string ecCurvesList;
+ join(":", ecCurves, ecCurvesList);
+ int rc = SSL_CTX_set1_curves_list(ctx_, ecCurvesList.c_str());
+ if (rc == 0) {
+ throw std::runtime_error("SSL_CTX_set1_curves_list " + getErrors());
+ }
+#endif
+}
+
+void SSLContext::setX509VerifyParam(
+ const ssl::X509VerifyParam& x509VerifyParam) {
+ if (!x509VerifyParam) {
+ return;
+ }
+ if (SSL_CTX_set1_param(ctx_, x509VerifyParam.get()) != 1) {
+ throw std::runtime_error("SSL_CTX_set1_param " + getErrors());
+ }
+}
+
void SSLContext::setCiphersOrThrow(const std::string& ciphers) {
int rc = SSL_CTX_set_cipher_list(ctx_, ciphers.c_str());
- if (ERR_peek_error() != 0) {
- throw std::runtime_error("SSL_CTX_set_cipher_list: " + getErrors());
- }
if (rc == 0) {
- throw std::runtime_error("None of specified ciphers are supported");
+ throw std::runtime_error("SSL_CTX_set_cipher_list: " + getErrors());
}
}
*/
virtual void ciphers(const std::string& ciphers);
+ /**
+ * Set default ciphers to be used in SSL handshake process.
+ *
+ * @param ciphers A list of ciphers to use for TLS.
+ */
+ virtual void setCipherList(const std::vector<std::string>& ciphers);
+
/**
* Low-level method that attempts to set the provided ciphers on the
* SSL_CTX object, and throws if something goes wrong.
*/
virtual void setCiphersOrThrow(const std::string& ciphers);
+ /**
+ * Sets the signature algorithms to be used during SSL negotiation
+ * for TLS1.2+
+ *
+ * @param sigalgs A list of signature algorithms, eg. RSA+SHA512
+ */
+ void setSignatureAlgorithms(const std::vector<std::string>& sigalgs);
+
+ /**
+ * Sets the list of EC curves supported by the client.
+ *
+ * @param ecCurves A list of ec curves, eg: P-256
+ */
+ void setClientECCurvesList(const std::vector<std::string>& ecCurves);
+
+ /**
+ * Sets an x509 verification param on the context.
+ */
+ void setX509VerifyParam(const ssl::X509VerifyParam& x509VerifyParam);
+
/**
* Method to set verification option in the context object.
*