Subject: [Boost-bugs] [Boost C++ Libraries] #4294: boost::asio::context_base should not depend on OpenSSL Types
From: Boost C++ Libraries (noreply_at_[hidden])
Date: 2010-06-04 03:30:07
#4294: boost::asio::context_base should not depend on OpenSSL Types
---------------------------------------+------------------------------------
Reporter: ecyrbe <ecyrbe@…> | Owner: chris_kohlhoff
Type: Bugs | Status: new
Milestone: Boost 1.44.0 | Component: asio
Version: Boost Development Trunk | Severity: Problem
Keywords: asio ssl tls |
---------------------------------------+------------------------------------
For the moment boost::asio::context_base depends on OpenSSL types.
But implementation details should go to context service impl.
Indeed, if one want to implement a backend based on GnuTLS (or another),
this implies that contect_base and then ssl::basic_context template can't
be used to use another thing than OpenSSL.
context_base should look something like this :
class context_base
{
public:
/// Different methods supported by a context.
enum methods
{
/// Client method
client,
/// Server method
server,
/// Generic SSL version 2.
ssl_2,
/// Generic SSL version 3.
ssl_3,
/// Generic TLS version 1.
tls_1,
/// Generic TLS version 1.1.
tls_1_1,
/// Generic TLS version 1.2.
tls_1_2
};
typedef int method_option;
static const method_option bit_client = 1<<client;
static const method_option bit_server = 1<<server;
static const method_option bit_ssl_2 = 1<<ssl_2;
static const method_option bit_ssl_3 = 1<<ssl_3;
static const method_option bit_tls_1 = 1<<tls_1;
static const method_option bit_tls_1_1 = 1<<tls_1_1;
static const method_option bit_tls_1_2 = 1<<tls_1_2;
/// File format types.
enum file_format
{
/// ASN.1 file.
asn1,
/// PEM file.
pem
};
enum verify_mode {
verify_none,
verify_peer,
verify_fail_if_no_peer_cert,
verify_client_once
};
typedef int verify_mode_option;
const verify_mode_option bit_verify_none =
1<<verify_none;
const verify_mode_option bit_verify_peer =
1<<verify_peer;
const verify_mode_option bit_verify_fail_if_no_peer_cert =
1<<verify_fail_if_no_peer_cert;
const verify_mode_option bit_verify_client_once =
1<<verify_client_once;
/// Purpose of PEM password.
enum password_purpose
{
/// The password is needed for reading/decryption.
for_reading,
/// The password is needed for writing/encryption.
for_writing
};
};
then in basic_context :
-the constructor should take a combination (with the "|" operator) of
method_option (you can even define short combinations for classic openssl
default methods if you want) and the implementation set or trigger errors
accordingly (if the requested mode is not supplied, like tls_1.1 or 1.2
with the openssl backend.
I'm currently trying to implement GnuTLS backend, but i don't want to fork
all the public asio::ssl api. a common one should be a better solution for
everybody.
-
-- Ticket URL: <https://svn.boost.org/trac/boost/ticket/4294> Boost C++ Libraries <http://www.boost.org/> Boost provides free peer-reviewed portable C++ source libraries.
This archive was generated by hypermail 2.1.7 : 2017-02-16 18:50:03 UTC