| <!DOCTYPE html> |
| <!-- |
| - |
| - Licensed to the Apache Software Foundation (ASF) under one |
| - or more contributor license agreements. See the NOTICE file |
| - distributed with this work for additional information |
| - regarding copyright ownership. The ASF licenses this file |
| - to you under the Apache License, Version 2.0 (the |
| - "License"); you may not use this file except in compliance |
| - with the License. You may obtain a copy of the License at |
| - |
| - http://www.apache.org/licenses/LICENSE-2.0 |
| - |
| - Unless required by applicable law or agreed to in writing, |
| - software distributed under the License is distributed on an |
| - "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY |
| - KIND, either express or implied. See the License for the |
| - specific language governing permissions and limitations |
| - under the License. |
| - |
| --> |
| <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"> |
| <head> |
| <title>ssl.cpp - Apache Qpid™</title> |
| <meta http-equiv="X-UA-Compatible" content="IE=edge"/> |
| <meta name="viewport" content="width=device-width, initial-scale=1.0"/> |
| <link rel="stylesheet" href="/site.css" type="text/css" async="async"/> |
| <link rel="stylesheet" href="/deferred.css" type="text/css" defer="defer"/> |
| <script type="text/javascript">var _deferredFunctions = [];</script> |
| <script type="text/javascript" src="/deferred.js" defer="defer"></script> |
| <!--[if lte IE 8]> |
| <link rel="stylesheet" href="/ie.css" type="text/css"/> |
| <script type="text/javascript" src="/html5shiv.js"></script> |
| <![endif]--> |
| |
| <!-- Redirects for `go get` and godoc.org --> |
| <meta name="go-import" |
| content="qpid.apache.org git https://git-wip-us.apache.org/repos/asf/qpid-proton.git"/> |
| <meta name="go-source" |
| content="qpid.apache.org |
| https://github.com/apache/qpid-proton/blob/go1/README.md |
| https://github.com/apache/qpid-proton/tree/go1{/dir} |
| https://github.com/apache/qpid-proton/blob/go1{/dir}/{file}#L{line}"/> |
| </head> |
| <body> |
| <div id="-content"> |
| <div id="-top" class="panel"> |
| <a id="-menu-link"><img width="16" height="16" src="" alt="Menu"/></a> |
| |
| <a id="-search-link"><img width="22" height="16" src="" alt="Search"/></a> |
| |
| <ul id="-global-navigation"> |
| <li><a id="-logotype" href="/index.html">Apache Qpid<sup>™</sup></a></li> |
| <li><a href="/documentation.html">Documentation</a></li> |
| <li><a href="/download.html">Download</a></li> |
| <li><a href="/discussion.html">Discussion</a></li> |
| </ul> |
| </div> |
| |
| <div id="-menu" class="panel" style="display: none;"> |
| <div class="flex"> |
| <section> |
| <h3>Project</h3> |
| |
| <ul> |
| <li><a href="/overview.html">Overview</a></li> |
| <li><a href="/components/index.html">Components</a></li> |
| <li><a href="/releases/index.html">Releases</a></li> |
| </ul> |
| </section> |
| |
| <section> |
| <h3>Messaging APIs</h3> |
| |
| <ul> |
| <li><a href="/proton/index.html">Qpid Proton</a></li> |
| <li><a href="/components/jms/index.html">Qpid JMS</a></li> |
| <li><a href="/components/messaging-api/index.html">Qpid Messaging API</a></li> |
| </ul> |
| </section> |
| |
| <section> |
| <h3>Servers and tools</h3> |
| |
| <ul> |
| <li><a href="/components/broker-j/index.html">Broker-J</a></li> |
| <li><a href="/components/cpp-broker/index.html">C++ broker</a></li> |
| <li><a href="/components/dispatch-router/index.html">Dispatch router</a></li> |
| </ul> |
| </section> |
| |
| <section> |
| <h3>Resources</h3> |
| |
| <ul> |
| <li><a href="/dashboard.html">Dashboard</a></li> |
| <li><a href="https://cwiki.apache.org/confluence/display/qpid/Index">Wiki</a></li> |
| <li><a href="/resources.html">More resources</a></li> |
| </ul> |
| </section> |
| </div> |
| </div> |
| |
| <div id="-search" class="panel" style="display: none;"> |
| <form action="http://www.google.com/search" method="get"> |
| <input type="hidden" name="sitesearch" value="qpid.apache.org"/> |
| <input type="text" name="q" maxlength="255" autofocus="autofocus" tabindex="1"/> |
| <button type="submit">Search</button> |
| <a href="/search.html">More ways to search</a> |
| </form> |
| </div> |
| |
| <div id="-middle" class="panel"> |
| <ul id="-path-navigation"><li><a href="/index.html">Home</a></li><li><a href="/releases/index.html">Releases</a></li><li><a href="/releases/qpid-proton-0.25.0/index.html">Qpid Proton 0.25.0</a></li><li><a href="/releases/qpid-proton-0.25.0/proton/cpp/examples/index.html">Proton C++ Examples</a></li><li>ssl.cpp</li></ul> |
| |
| <div id="-middle-content"> |
| |
| <h1>ssl.cpp</h1> |
| <div class="highlight"><pre><span></span><span class="cp">#include</span> <span class="cpf">"options.hpp"</span><span class="cp"></span> |
| |
| <span class="cp">#include</span> <span class="cpf"><proton/connection_options.hpp></span><span class="cp"></span> |
| <span class="cp">#include</span> <span class="cpf"><proton/connection.hpp></span><span class="cp"></span> |
| <span class="cp">#include</span> <span class="cpf"><proton/container.hpp></span><span class="cp"></span> |
| <span class="cp">#include</span> <span class="cpf"><proton/error_condition.hpp></span><span class="cp"></span> |
| <span class="cp">#include</span> <span class="cpf"><proton/listen_handler.hpp></span><span class="cp"></span> |
| <span class="cp">#include</span> <span class="cpf"><proton/listener.hpp></span><span class="cp"></span> |
| <span class="cp">#include</span> <span class="cpf"><proton/message.hpp></span><span class="cp"></span> |
| <span class="cp">#include</span> <span class="cpf"><proton/messaging_handler.hpp></span><span class="cp"></span> |
| <span class="cp">#include</span> <span class="cpf"><proton/ssl.hpp></span><span class="cp"></span> |
| <span class="cp">#include</span> <span class="cpf"><proton/tracker.hpp></span><span class="cp"></span> |
| <span class="cp">#include</span> <span class="cpf"><proton/transport.hpp></span><span class="cp"></span> |
| |
| <span class="cp">#include</span> <span class="cpf"><iostream></span><span class="cp"></span> |
| |
| <span class="cp">#include</span> <span class="cpf">"fake_cpp11.hpp"</span><span class="cp"></span> |
| |
| <span class="k">using</span> <span class="n">proton</span><span class="o">::</span><span class="n">connection_options</span><span class="p">;</span> |
| <span class="k">using</span> <span class="n">proton</span><span class="o">::</span><span class="n">ssl_client_options</span><span class="p">;</span> |
| <span class="k">using</span> <span class="n">proton</span><span class="o">::</span><span class="n">ssl_server_options</span><span class="p">;</span> |
| <span class="k">using</span> <span class="n">proton</span><span class="o">::</span><span class="n">ssl_certificate</span><span class="p">;</span> |
| |
| <span class="c1">// Helper functions defined below.</span> |
| <span class="kt">bool</span> <span class="nf">using_OpenSSL</span><span class="p">();</span> |
| <span class="n">std</span><span class="o">::</span><span class="n">string</span> <span class="n">platform_CA</span><span class="p">(</span><span class="k">const</span> <span class="n">std</span><span class="o">::</span><span class="n">string</span> <span class="o">&</span><span class="n">base_name</span><span class="p">);</span> |
| <span class="n">ssl_certificate</span> <span class="nf">platform_certificate</span><span class="p">(</span><span class="k">const</span> <span class="n">std</span><span class="o">::</span><span class="n">string</span> <span class="o">&</span><span class="n">base_name</span><span class="p">,</span> <span class="k">const</span> <span class="n">std</span><span class="o">::</span><span class="n">string</span> <span class="o">&</span><span class="n">passwd</span><span class="p">);</span> |
| <span class="n">std</span><span class="o">::</span><span class="n">string</span> <span class="n">find_CN</span><span class="p">(</span><span class="k">const</span> <span class="n">std</span><span class="o">::</span><span class="n">string</span> <span class="o">&</span><span class="p">);</span> |
| |
| <span class="k">namespace</span> <span class="p">{</span> |
| <span class="k">const</span> <span class="n">std</span><span class="o">::</span><span class="n">string</span> <span class="n">verify_full</span><span class="p">(</span><span class="s">"full"</span><span class="p">);</span> <span class="c1">// Normal verification</span> |
| <span class="k">const</span> <span class="n">std</span><span class="o">::</span><span class="n">string</span> <span class="n">verify_noname</span><span class="p">(</span><span class="s">"noname"</span><span class="p">);</span> <span class="c1">// Skip matching host name against the certificate</span> |
| <span class="k">const</span> <span class="n">std</span><span class="o">::</span><span class="n">string</span> <span class="n">verify_fail</span><span class="p">(</span><span class="s">"fail"</span><span class="p">);</span> <span class="c1">// Force name mismatch failure</span> |
| <span class="n">std</span><span class="o">::</span><span class="n">string</span> <span class="n">verify</span><span class="p">(</span><span class="n">verify_full</span><span class="p">);</span> <span class="c1">// Default for example</span> |
| <span class="n">std</span><span class="o">::</span><span class="n">string</span> <span class="n">cert_directory</span><span class="p">;</span> |
| <span class="p">}</span> |
| |
| |
| <span class="k">struct</span> <span class="nl">server_handler</span> <span class="p">:</span> <span class="k">public</span> <span class="n">proton</span><span class="o">::</span><span class="n">messaging_handler</span> <span class="p">{</span> |
| <span class="n">proton</span><span class="o">::</span><span class="n">listener</span> <span class="n">listener</span><span class="p">;</span> |
| |
| <span class="kt">void</span> <span class="nf">on_connection_open</span><span class="p">(</span><span class="n">proton</span><span class="o">::</span><span class="n">connection</span> <span class="o">&</span><span class="n">c</span><span class="p">)</span> <span class="n">OVERRIDE</span> <span class="p">{</span> |
| <span class="n">std</span><span class="o">::</span><span class="n">cout</span> <span class="o"><<</span> <span class="s">"Inbound server connection connected via SSL. Protocol: "</span> <span class="o"><<</span> |
| <span class="n">c</span><span class="p">.</span><span class="n">transport</span><span class="p">().</span><span class="n">ssl</span><span class="p">().</span><span class="n">protocol</span><span class="p">()</span> <span class="o"><<</span> <span class="n">std</span><span class="o">::</span><span class="n">endl</span><span class="p">;</span> |
| <span class="n">listener</span><span class="p">.</span><span class="n">stop</span><span class="p">();</span> <span class="c1">// Just expecting the one connection.</span> |
| |
| <span class="c1">// Go and do default inbound open stuff too</span> |
| <span class="n">messaging_handler</span><span class="o">::</span><span class="n">on_connection_open</span><span class="p">(</span><span class="n">c</span><span class="p">);</span> |
| <span class="p">}</span> |
| |
| <span class="kt">void</span> <span class="nf">on_transport_error</span><span class="p">(</span><span class="n">proton</span><span class="o">::</span><span class="n">transport</span> <span class="o">&</span><span class="n">t</span><span class="p">)</span> <span class="n">OVERRIDE</span> <span class="p">{</span> |
| <span class="n">listener</span><span class="p">.</span><span class="n">stop</span><span class="p">();</span> |
| <span class="p">}</span> |
| |
| <span class="kt">void</span> <span class="nf">on_message</span><span class="p">(</span><span class="n">proton</span><span class="o">::</span><span class="n">delivery</span> <span class="o">&</span><span class="p">,</span> <span class="n">proton</span><span class="o">::</span><span class="n">message</span> <span class="o">&</span><span class="n">m</span><span class="p">)</span> <span class="n">OVERRIDE</span> <span class="p">{</span> |
| <span class="n">std</span><span class="o">::</span><span class="n">cout</span> <span class="o"><<</span> <span class="n">m</span><span class="p">.</span><span class="n">body</span><span class="p">()</span> <span class="o"><<</span> <span class="n">std</span><span class="o">::</span><span class="n">endl</span><span class="p">;</span> |
| <span class="p">}</span> |
| <span class="p">};</span> |
| |
| |
| <span class="k">class</span> <span class="nc">hello_world_direct</span> <span class="o">:</span> <span class="k">public</span> <span class="n">proton</span><span class="o">::</span><span class="n">messaging_handler</span> <span class="p">{</span> |
| <span class="k">private</span><span class="o">:</span> |
| <span class="k">class</span> <span class="nc">listener_open_handler</span> <span class="o">:</span> <span class="k">public</span> <span class="n">proton</span><span class="o">::</span><span class="n">listen_handler</span> <span class="p">{</span> |
| <span class="kt">void</span> <span class="n">on_open</span><span class="p">(</span><span class="n">proton</span><span class="o">::</span><span class="n">listener</span><span class="o">&</span> <span class="n">l</span><span class="p">)</span> <span class="n">OVERRIDE</span> <span class="p">{</span> |
| <span class="n">std</span><span class="o">::</span><span class="n">ostringstream</span> <span class="n">url</span><span class="p">;</span> |
| <span class="n">url</span> <span class="o"><<</span> <span class="s">"//:"</span> <span class="o"><<</span> <span class="n">l</span><span class="p">.</span><span class="n">port</span><span class="p">()</span> <span class="o"><<</span> <span class="s">"/example"</span><span class="p">;</span> <span class="c1">// Connect to the actual port</span> |
| <span class="n">l</span><span class="p">.</span><span class="n">container</span><span class="p">().</span><span class="n">open_sender</span><span class="p">(</span><span class="n">url</span><span class="p">.</span><span class="n">str</span><span class="p">());</span> |
| <span class="p">}</span> |
| <span class="p">};</span> |
| |
| <span class="n">listener_open_handler</span> <span class="n">listen_handler</span><span class="p">;</span> |
| <span class="n">server_handler</span> <span class="n">s_handler</span><span class="p">;</span> |
| |
| <span class="k">public</span><span class="o">:</span> |
| <span class="kt">void</span> <span class="n">on_container_start</span><span class="p">(</span><span class="n">proton</span><span class="o">::</span><span class="n">container</span> <span class="o">&</span><span class="n">c</span><span class="p">)</span> <span class="n">OVERRIDE</span> <span class="p">{</span> |
| <span class="c1">// Configure listener. Details vary by platform.</span> |
| <span class="n">ssl_certificate</span> <span class="n">server_cert</span> <span class="o">=</span> <span class="n">platform_certificate</span><span class="p">(</span><span class="s">"tserver"</span><span class="p">,</span> <span class="s">"tserverpw"</span><span class="p">);</span> |
| <span class="n">ssl_server_options</span> <span class="nf">ssl_srv</span><span class="p">(</span><span class="n">server_cert</span><span class="p">);</span> |
| <span class="n">connection_options</span> <span class="n">server_opts</span><span class="p">;</span> |
| <span class="n">server_opts</span><span class="p">.</span><span class="n">ssl_server_options</span><span class="p">(</span><span class="n">ssl_srv</span><span class="p">).</span><span class="n">handler</span><span class="p">(</span><span class="n">s_handler</span><span class="p">);</span> |
| <span class="n">c</span><span class="p">.</span><span class="n">server_connection_options</span><span class="p">(</span><span class="n">server_opts</span><span class="p">);</span> |
| |
| <span class="c1">// Configure client with a Certificate Authority database</span> |
| <span class="c1">// populated with the server's self signed certificate.</span> |
| <span class="n">connection_options</span> <span class="n">client_opts</span><span class="p">;</span> |
| <span class="k">if</span> <span class="p">(</span><span class="n">verify</span> <span class="o">==</span> <span class="n">verify_full</span><span class="p">)</span> <span class="p">{</span> |
| <span class="n">ssl_client_options</span> <span class="n">ssl_cli</span><span class="p">(</span><span class="n">platform_CA</span><span class="p">(</span><span class="s">"tserver"</span><span class="p">));</span> |
| <span class="n">client_opts</span><span class="p">.</span><span class="n">ssl_client_options</span><span class="p">(</span><span class="n">ssl_cli</span><span class="p">);</span> |
| <span class="c1">// The next line is optional in normal use. Since the</span> |
| <span class="c1">// example uses IP addresses in the connection string, use</span> |
| <span class="c1">// the virtual_host option to set the server host name</span> |
| <span class="c1">// used for certificate verification:</span> |
| <span class="n">client_opts</span><span class="p">.</span><span class="n">virtual_host</span><span class="p">(</span><span class="s">"test_server"</span><span class="p">);</span> |
| <span class="p">}</span> <span class="k">else</span> <span class="k">if</span> <span class="p">(</span><span class="n">verify</span> <span class="o">==</span> <span class="n">verify_noname</span><span class="p">)</span> <span class="p">{</span> |
| <span class="c1">// Downgrade the verification from VERIFY_PEER_NAME to VERIFY_PEER.</span> |
| <span class="n">ssl_client_options</span> <span class="n">ssl_cli</span><span class="p">(</span><span class="n">platform_CA</span><span class="p">(</span><span class="s">"tserver"</span><span class="p">),</span> <span class="n">proton</span><span class="o">::</span><span class="n">ssl</span><span class="o">::</span><span class="n">VERIFY_PEER</span><span class="p">);</span> |
| <span class="n">client_opts</span><span class="p">.</span><span class="n">ssl_client_options</span><span class="p">(</span><span class="n">ssl_cli</span><span class="p">);</span> |
| <span class="p">}</span> <span class="k">else</span> <span class="k">if</span> <span class="p">(</span><span class="n">verify</span> <span class="o">==</span> <span class="n">verify_fail</span><span class="p">)</span> <span class="p">{</span> |
| <span class="n">ssl_client_options</span> <span class="n">ssl_cli</span><span class="p">(</span><span class="n">platform_CA</span><span class="p">(</span><span class="s">"tserver"</span><span class="p">));</span> |
| <span class="n">client_opts</span><span class="p">.</span><span class="n">ssl_client_options</span><span class="p">(</span><span class="n">ssl_cli</span><span class="p">);</span> |
| <span class="n">client_opts</span><span class="p">.</span><span class="n">virtual_host</span><span class="p">(</span><span class="s">"wrong_name_for_server"</span><span class="p">);</span> <span class="c1">// Pick any name that doesn't match.</span> |
| <span class="p">}</span> <span class="k">else</span> <span class="k">throw</span> <span class="n">std</span><span class="o">::</span><span class="n">logic_error</span><span class="p">(</span><span class="s">"bad verify mode: "</span> <span class="o">+</span> <span class="n">verify</span><span class="p">);</span> |
| |
| <span class="n">c</span><span class="p">.</span><span class="n">client_connection_options</span><span class="p">(</span><span class="n">client_opts</span><span class="p">);</span> |
| <span class="n">s_handler</span><span class="p">.</span><span class="n">listener</span> <span class="o">=</span> <span class="n">c</span><span class="p">.</span><span class="n">listen</span><span class="p">(</span><span class="s">"//:0"</span><span class="p">,</span> <span class="n">listen_handler</span><span class="p">);</span> <span class="c1">// Listen on port 0 for a dynamic port</span> |
| <span class="p">}</span> |
| |
| <span class="kt">void</span> <span class="n">on_connection_open</span><span class="p">(</span><span class="n">proton</span><span class="o">::</span><span class="n">connection</span> <span class="o">&</span><span class="n">c</span><span class="p">)</span> <span class="n">OVERRIDE</span> <span class="p">{</span> |
| <span class="n">std</span><span class="o">::</span><span class="n">string</span> <span class="n">subject</span> <span class="o">=</span> <span class="n">c</span><span class="p">.</span><span class="n">transport</span><span class="p">().</span><span class="n">ssl</span><span class="p">().</span><span class="n">remote_subject</span><span class="p">();</span> |
| <span class="n">std</span><span class="o">::</span><span class="n">cout</span> <span class="o"><<</span> <span class="s">"Outgoing client connection connected via SSL. Server certificate identity "</span> <span class="o"><<</span> |
| <span class="n">find_CN</span><span class="p">(</span><span class="n">subject</span><span class="p">)</span> <span class="o"><<</span> <span class="n">std</span><span class="o">::</span><span class="n">endl</span><span class="p">;</span> |
| <span class="p">}</span> |
| |
| <span class="kt">void</span> <span class="n">on_transport_error</span><span class="p">(</span><span class="n">proton</span><span class="o">::</span><span class="n">transport</span> <span class="o">&</span><span class="n">t</span><span class="p">)</span> <span class="n">OVERRIDE</span> <span class="p">{</span> |
| <span class="n">std</span><span class="o">::</span><span class="n">string</span> <span class="n">err</span> <span class="o">=</span> <span class="n">t</span><span class="p">.</span><span class="n">error</span><span class="p">().</span><span class="n">what</span><span class="p">();</span> |
| <span class="k">if</span> <span class="p">(</span><span class="n">verify</span> <span class="o">==</span> <span class="n">verify_fail</span> <span class="o">&&</span> <span class="n">err</span><span class="p">.</span><span class="n">find</span><span class="p">(</span><span class="s">"certificate"</span><span class="p">)</span> <span class="o">!=</span> <span class="n">std</span><span class="o">::</span><span class="n">string</span><span class="o">::</span><span class="n">npos</span><span class="p">)</span> <span class="p">{</span> |
| <span class="n">std</span><span class="o">::</span><span class="n">cout</span> <span class="o"><<</span> <span class="s">"Expected failure of connection with wrong peer name: "</span> <span class="o"><<</span> <span class="n">err</span> |
| <span class="o"><<</span> <span class="n">std</span><span class="o">::</span><span class="n">endl</span><span class="p">;</span> |
| <span class="p">}</span> <span class="k">else</span> <span class="p">{</span> |
| <span class="n">std</span><span class="o">::</span><span class="n">cout</span> <span class="o"><<</span> <span class="s">"Unexpected transport error: "</span> <span class="o"><<</span> <span class="n">err</span> <span class="o"><<</span> <span class="n">std</span><span class="o">::</span><span class="n">endl</span><span class="p">;</span> |
| <span class="p">}</span> |
| <span class="p">}</span> |
| |
| <span class="kt">void</span> <span class="n">on_sendable</span><span class="p">(</span><span class="n">proton</span><span class="o">::</span><span class="n">sender</span> <span class="o">&</span><span class="n">s</span><span class="p">)</span> <span class="n">OVERRIDE</span> <span class="p">{</span> |
| <span class="n">proton</span><span class="o">::</span><span class="n">message</span> <span class="n">m</span><span class="p">;</span> |
| <span class="n">m</span><span class="p">.</span><span class="n">body</span><span class="p">(</span><span class="s">"Hello World!"</span><span class="p">);</span> |
| <span class="n">s</span><span class="p">.</span><span class="n">send</span><span class="p">(</span><span class="n">m</span><span class="p">);</span> |
| <span class="n">s</span><span class="p">.</span><span class="n">close</span><span class="p">();</span> |
| <span class="p">}</span> |
| |
| <span class="kt">void</span> <span class="n">on_tracker_accept</span><span class="p">(</span><span class="n">proton</span><span class="o">::</span><span class="n">tracker</span> <span class="o">&</span><span class="n">t</span><span class="p">)</span> <span class="n">OVERRIDE</span> <span class="p">{</span> |
| <span class="c1">// All done.</span> |
| <span class="n">t</span><span class="p">.</span><span class="n">connection</span><span class="p">().</span><span class="n">close</span><span class="p">();</span> |
| <span class="p">}</span> |
| <span class="p">};</span> |
| |
| <span class="kt">int</span> <span class="nf">main</span><span class="p">(</span><span class="kt">int</span> <span class="n">argc</span><span class="p">,</span> <span class="kt">char</span> <span class="o">**</span><span class="n">argv</span><span class="p">)</span> <span class="p">{</span> |
| <span class="n">example</span><span class="o">::</span><span class="n">options</span> <span class="n">opts</span><span class="p">(</span><span class="n">argc</span><span class="p">,</span> <span class="n">argv</span><span class="p">);</span> |
| <span class="n">opts</span><span class="p">.</span><span class="n">add_value</span><span class="p">(</span><span class="n">cert_directory</span><span class="p">,</span> <span class="sc">'c'</span><span class="p">,</span> <span class="s">"cert_directory"</span><span class="p">,</span> |
| <span class="s">"directory containing SSL certificates and private key information"</span><span class="p">,</span> <span class="s">"CERTDIR"</span><span class="p">);</span> |
| <span class="n">opts</span><span class="p">.</span><span class="n">add_value</span><span class="p">(</span><span class="n">verify</span><span class="p">,</span> <span class="sc">'v'</span><span class="p">,</span> <span class="s">"verify"</span><span class="p">,</span> <span class="s">"verify type: </span><span class="se">\"</span><span class="s">minimum</span><span class="se">\"</span><span class="s">, </span><span class="se">\"</span><span class="s">full</span><span class="se">\"</span><span class="s">, </span><span class="se">\"</span><span class="s">fail</span><span class="se">\"</span><span class="s">"</span><span class="p">,</span> <span class="s">"VERIFY"</span><span class="p">);</span> |
| |
| <span class="k">try</span> <span class="p">{</span> |
| <span class="n">opts</span><span class="p">.</span><span class="n">parse</span><span class="p">();</span> |
| |
| <span class="kt">size_t</span> <span class="n">sz</span> <span class="o">=</span> <span class="n">cert_directory</span><span class="p">.</span><span class="n">size</span><span class="p">();</span> |
| <span class="k">if</span> <span class="p">(</span><span class="n">sz</span> <span class="o">&&</span> <span class="n">cert_directory</span><span class="p">[</span><span class="n">sz</span> <span class="o">-</span><span class="mi">1</span><span class="p">]</span> <span class="o">!=</span> <span class="sc">'/'</span><span class="p">)</span> |
| <span class="n">cert_directory</span><span class="p">.</span><span class="n">append</span><span class="p">(</span><span class="s">"/"</span><span class="p">);</span> |
| <span class="k">else</span> <span class="n">cert_directory</span> <span class="o">=</span> <span class="s">"ssl-certs/"</span><span class="p">;</span> |
| |
| <span class="k">if</span> <span class="p">(</span><span class="n">verify</span> <span class="o">!=</span> <span class="n">verify_noname</span> <span class="o">&&</span> <span class="n">verify</span> <span class="o">!=</span> <span class="n">verify_full</span> <span class="o">&&</span> <span class="n">verify</span> <span class="o">!=</span> <span class="n">verify_fail</span><span class="p">)</span> |
| <span class="k">throw</span> <span class="n">std</span><span class="o">::</span><span class="n">runtime_error</span><span class="p">(</span><span class="s">"bad verify argument: "</span> <span class="o">+</span> <span class="n">verify</span><span class="p">);</span> |
| |
| <span class="n">hello_world_direct</span> <span class="n">hwd</span><span class="p">;</span> |
| <span class="n">proton</span><span class="o">::</span><span class="n">container</span><span class="p">(</span><span class="n">hwd</span><span class="p">).</span><span class="n">run</span><span class="p">();</span> |
| <span class="k">return</span> <span class="mi">0</span><span class="p">;</span> |
| <span class="p">}</span> <span class="k">catch</span> <span class="p">(</span><span class="k">const</span> <span class="n">std</span><span class="o">::</span><span class="n">exception</span><span class="o">&</span> <span class="n">e</span><span class="p">)</span> <span class="p">{</span> |
| <span class="n">std</span><span class="o">::</span><span class="n">cerr</span> <span class="o"><<</span> <span class="n">e</span><span class="p">.</span><span class="n">what</span><span class="p">()</span> <span class="o"><<</span> <span class="n">std</span><span class="o">::</span><span class="n">endl</span><span class="p">;</span> |
| <span class="p">}</span> |
| <span class="k">return</span> <span class="mi">1</span><span class="p">;</span> |
| <span class="p">}</span> |
| |
| |
| <span class="kt">bool</span> <span class="nf">using_OpenSSL</span><span class="p">()</span> <span class="p">{</span> |
| <span class="c1">// Current defaults.</span> |
| <span class="cp">#if defined(_WIN32)</span> |
| <span class="k">return</span> <span class="nb">false</span><span class="p">;</span> |
| <span class="cp">#else</span> |
| <span class="k">return</span> <span class="nb">true</span><span class="p">;</span> |
| <span class="cp">#endif</span> |
| <span class="p">}</span> |
| |
| <span class="n">ssl_certificate</span> <span class="nf">platform_certificate</span><span class="p">(</span><span class="k">const</span> <span class="n">std</span><span class="o">::</span><span class="n">string</span> <span class="o">&</span><span class="n">base_name</span><span class="p">,</span> <span class="k">const</span> <span class="n">std</span><span class="o">::</span><span class="n">string</span> <span class="o">&</span><span class="n">passwd</span><span class="p">)</span> <span class="p">{</span> |
| <span class="k">if</span> <span class="p">(</span><span class="n">using_OpenSSL</span><span class="p">())</span> <span class="p">{</span> |
| <span class="c1">// The first argument will be the name of the file containing the public certificate, the</span> |
| <span class="c1">// second argument will be the name of the file containing the private key.</span> |
| <span class="k">return</span> <span class="n">ssl_certificate</span><span class="p">(</span><span class="n">cert_directory</span> <span class="o">+</span> <span class="n">base_name</span> <span class="o">+</span> <span class="s">"-certificate.pem"</span><span class="p">,</span> |
| <span class="n">cert_directory</span> <span class="o">+</span> <span class="n">base_name</span> <span class="o">+</span> <span class="s">"-private-key.pem"</span><span class="p">,</span> <span class="n">passwd</span><span class="p">);</span> |
| <span class="p">}</span> |
| <span class="k">else</span> <span class="p">{</span> |
| <span class="c1">// Windows SChannel</span> |
| <span class="c1">// The first argument will be the database or store that contains one or more complete certificates</span> |
| <span class="c1">// (public and private data). The second will be an optional name of the certificate in the store</span> |
| <span class="c1">// (not used in this example with one certificate per store).</span> |
| <span class="k">return</span> <span class="n">ssl_certificate</span><span class="p">(</span><span class="n">cert_directory</span> <span class="o">+</span> <span class="n">base_name</span> <span class="o">+</span> <span class="s">"-full.p12"</span><span class="p">,</span> <span class="s">""</span><span class="p">,</span> <span class="n">passwd</span><span class="p">);</span> |
| <span class="p">}</span> |
| <span class="p">}</span> |
| |
| <span class="n">std</span><span class="o">::</span><span class="n">string</span> <span class="n">platform_CA</span><span class="p">(</span><span class="k">const</span> <span class="n">std</span><span class="o">::</span><span class="n">string</span> <span class="o">&</span><span class="n">base_name</span><span class="p">)</span> <span class="p">{</span> |
| <span class="k">if</span> <span class="p">(</span><span class="n">using_OpenSSL</span><span class="p">())</span> <span class="p">{</span> |
| <span class="c1">// In this simple example with self-signed certificates, the peer's certificate is the CA database.</span> |
| <span class="k">return</span> <span class="n">cert_directory</span> <span class="o">+</span> <span class="n">base_name</span> <span class="o">+</span> <span class="s">"-certificate.pem"</span><span class="p">;</span> |
| <span class="p">}</span> |
| <span class="k">else</span> <span class="p">{</span> |
| <span class="c1">// Windows SChannel. Use a pkcs#12 file with just the peer's public certificate information.</span> |
| <span class="k">return</span> <span class="n">cert_directory</span> <span class="o">+</span> <span class="n">base_name</span> <span class="o">+</span> <span class="s">"-certificate.p12"</span><span class="p">;</span> |
| <span class="p">}</span> |
| <span class="p">}</span> |
| |
| <span class="n">std</span><span class="o">::</span><span class="n">string</span> <span class="n">find_CN</span><span class="p">(</span><span class="k">const</span> <span class="n">std</span><span class="o">::</span><span class="n">string</span> <span class="o">&</span><span class="n">subject</span><span class="p">)</span> <span class="p">{</span> |
| <span class="c1">// The subject string is returned with different whitespace and component ordering between platforms.</span> |
| <span class="c1">// Here we just return the common name by searching for "CN=...." in the subject, knowing that</span> |
| <span class="c1">// the test certificates do not contain any escaped characters.</span> |
| <span class="kt">size_t</span> <span class="n">pos</span> <span class="o">=</span> <span class="n">subject</span><span class="p">.</span><span class="n">find</span><span class="p">(</span><span class="s">"CN="</span><span class="p">);</span> |
| <span class="k">if</span> <span class="p">(</span><span class="n">pos</span> <span class="o">==</span> <span class="n">std</span><span class="o">::</span><span class="n">string</span><span class="o">::</span><span class="n">npos</span><span class="p">)</span> <span class="k">throw</span> <span class="n">std</span><span class="o">::</span><span class="n">runtime_error</span><span class="p">(</span><span class="s">"No common name in certificate subject"</span><span class="p">);</span> |
| <span class="n">std</span><span class="o">::</span><span class="n">string</span> <span class="n">cn</span> <span class="o">=</span> <span class="n">subject</span><span class="p">.</span><span class="n">substr</span><span class="p">(</span><span class="n">pos</span><span class="p">);</span> |
| <span class="n">pos</span> <span class="o">=</span> <span class="n">cn</span><span class="p">.</span><span class="n">find</span><span class="p">(</span><span class="sc">','</span><span class="p">);</span> |
| <span class="k">return</span> <span class="n">pos</span> <span class="o">==</span> <span class="n">std</span><span class="o">::</span><span class="n">string</span><span class="o">::</span><span class="n">npos</span> <span class="o">?</span> <span class="nl">cn</span> <span class="p">:</span> <span class="n">cn</span><span class="p">.</span><span class="n">substr</span><span class="p">(</span><span class="mi">0</span><span class="p">,</span> <span class="n">pos</span><span class="p">);</span> |
| <span class="p">}</span> |
| </pre></div> |
| |
| <p><a href="ssl.cpp">Download this file</a></p> |
| |
| |
| <hr/> |
| |
| <ul id="-apache-navigation"> |
| <li><a href="http://www.apache.org/">Apache</a></li> |
| <li><a href="http://www.apache.org/licenses/">License</a></li> |
| <li><a href="http://www.apache.org/foundation/sponsorship.html">Sponsorship</a></li> |
| <li><a href="http://www.apache.org/foundation/thanks.html">Thanks!</a></li> |
| <li><a href="/security.html">Security</a></li> |
| <li><a href="http://www.apache.org/"><img id="-apache-feather" width="48" height="14" src="" alt="Apache"/></a></li> |
| </ul> |
| |
| <p id="-legal"> |
| Apache Qpid, Messaging built on AMQP; Copyright © 2015 |
| The Apache Software Foundation; Licensed under |
| the <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache |
| License, Version 2.0</a>; Apache Qpid, Qpid, Qpid Proton, |
| Proton, Apache, the Apache feather logo, and the Apache Qpid |
| project logo are trademarks of The Apache Software |
| Foundation; All other marks mentioned may be trademarks or |
| registered trademarks of their respective owners |
| </p> |
| </div> |
| </div> |
| </div> |
| </body> |
| </html> |
