From a857f83b2b25f42eeba1524ebca1bd2e74abc71a Mon Sep 17 00:00:00 2001 From: Ryan Wilson Date: Tue, 24 Jan 2017 14:22:17 -0800 Subject: [PATCH] Add needsPeerVerification function to check if peer cert should be verified Summary: This patch adds a function to AsyncSSLSocket, so the user can check if the peer cert should be verified. This allows the user to implement custom logic for peer cert validation. Reviewed By: Orvid Differential Revision: D4456402 fbshipit-source-id: 2f8a5c932d0341d6c9290bcb52264dd4fa174263 --- folly/io/async/AsyncSSLSocket.cpp | 9 +++++++++ folly/io/async/AsyncSSLSocket.h | 7 +++++++ 2 files changed, 16 insertions(+) diff --git a/folly/io/async/AsyncSSLSocket.cpp b/folly/io/async/AsyncSSLSocket.cpp index 43f876d8..d6fe2495 100644 --- a/folly/io/async/AsyncSSLSocket.cpp +++ b/folly/io/async/AsyncSSLSocket.cpp @@ -656,6 +656,15 @@ void AsyncSSLSocket::connect(ConnectCallback* callback, AsyncSocket::connect(connector, address, timeout, options, bindAddr); } +bool AsyncSSLSocket::needsPeerVerification() const { + if (verifyPeer_ == SSLContext::SSLVerifyPeerEnum::USE_CTX) { + return ctx_->needsPeerVerification(); + } + return ( + verifyPeer_ == SSLContext::SSLVerifyPeerEnum::VERIFY || + verifyPeer_ == SSLContext::SSLVerifyPeerEnum::VERIFY_REQ_CLIENT_CERT); +} + void AsyncSSLSocket::applyVerificationOptions(SSL * ssl) { // apply the settings specified in verifyPeer_ if (verifyPeer_ == SSLContext::SSLVerifyPeerEnum::USE_CTX) { diff --git a/folly/io/async/AsyncSSLSocket.h b/folly/io/async/AsyncSSLSocket.h index 4b0f13f6..7d90fbb1 100644 --- a/folly/io/async/AsyncSSLSocket.h +++ b/folly/io/async/AsyncSSLSocket.h @@ -587,6 +587,13 @@ class AsyncSSLSocket : public virtual AsyncSocket { */ void getSSLServerCiphers(std::string& serverCiphers) const; + /** + * Method to check if peer verfication is set. + * + * @return true if peer verification is required. + */ + bool needsPeerVerification() const; + static int getSSLExDataIndex(); static AsyncSSLSocket* getFromSSL(const SSL *ssl); static int bioWrite(BIO* b, const char* in, int inl); -- 2.34.1