Boost logo

Boost-Commit :

Subject: [Boost-commit] svn:boost r84322 - in trunk: boost/asio/ssl boost/asio/ssl/detail boost/asio/ssl/detail/impl boost/asio/ssl/impl libs/asio/test/ssl
From: chris_at_[hidden]
Date: 2013-05-17 07:00:51


Author: chris_kohlhoff
Date: 2013-05-17 07:00:49 EDT (Fri, 17 May 2013)
New Revision: 84322
URL: http://svn.boost.org/trac/boost/changeset/84322

Log:
Add set_verify_depth function to SSL context and stream.

Thanks go to Nick Jones <nick dot fa dot jones at gmail dot com>, on
whose work this commit is based.

Text files modified:
   trunk/boost/asio/ssl/context.hpp | 29 +++++++++++++++++++++++++++++
   trunk/boost/asio/ssl/detail/engine.hpp | 4 ++++
   trunk/boost/asio/ssl/detail/impl/engine.ipp | 9 +++++++++
   trunk/boost/asio/ssl/impl/context.ipp | 16 ++++++++++++++++
   trunk/boost/asio/ssl/stream.hpp | 37 +++++++++++++++++++++++++++++++++++++
   trunk/libs/asio/test/ssl/stream.cpp | 3 +++
   6 files changed, 98 insertions(+), 0 deletions(-)

Modified: trunk/boost/asio/ssl/context.hpp
==============================================================================
--- trunk/boost/asio/ssl/context.hpp (original)
+++ trunk/boost/asio/ssl/context.hpp 2013-05-17 07:00:49 EDT (Fri, 17 May 2013)
@@ -167,6 +167,35 @@
   BOOST_ASIO_DECL boost::system::error_code set_verify_mode(
       verify_mode v, boost::system::error_code& ec);
 
+ /// Set the peer verification depth.
+ /**
+ * This function may be used to configure the maximum verification depth
+ * allowed by the context.
+ *
+ * @param depth Maximum depth for the certificate chain verification that
+ * shall be allowed.
+ *
+ * @throws boost::system::system_error Thrown on failure.
+ *
+ * @note Calls @c SSL_CTX_set_verify_depth.
+ */
+ BOOST_ASIO_DECL void set_verify_depth(int depth);
+
+ /// Set the peer verification depth.
+ /**
+ * This function may be used to configure the maximum verification depth
+ * allowed by the context.
+ *
+ * @param depth Maximum depth for the certificate chain verification that
+ * shall be allowed.
+ *
+ * @param ec Set to indicate what error occurred, if any.
+ *
+ * @note Calls @c SSL_CTX_set_verify_depth.
+ */
+ BOOST_ASIO_DECL boost::system::error_code set_verify_depth(
+ int depth, boost::system::error_code& ec);
+
   /// Set the callback used to verify peer certificates.
   /**
    * This function is used to specify a callback function that will be called

Modified: trunk/boost/asio/ssl/detail/engine.hpp
==============================================================================
--- trunk/boost/asio/ssl/detail/engine.hpp (original)
+++ trunk/boost/asio/ssl/detail/engine.hpp 2013-05-17 07:00:49 EDT (Fri, 17 May 2013)
@@ -73,6 +73,10 @@
   BOOST_ASIO_DECL boost::system::error_code set_verify_mode(
       verify_mode v, boost::system::error_code& ec);
 
+ // Set the peer verification depth.
+ BOOST_ASIO_DECL boost::system::error_code set_verify_depth(
+ int depth, boost::system::error_code& ec);
+
   // Set a peer certificate verification callback.
   BOOST_ASIO_DECL boost::system::error_code set_verify_callback(
       verify_callback_base* callback, boost::system::error_code& ec);

Modified: trunk/boost/asio/ssl/detail/impl/engine.ipp
==============================================================================
--- trunk/boost/asio/ssl/detail/impl/engine.ipp (original)
+++ trunk/boost/asio/ssl/detail/impl/engine.ipp 2013-05-17 07:00:49 EDT (Fri, 17 May 2013)
@@ -84,6 +84,15 @@
   return ec;
 }
 
+boost::system::error_code engine::set_verify_depth(
+ int depth, boost::system::error_code& ec)
+{
+ ::SSL_set_verify_depth(ssl_, depth);
+
+ ec = boost::system::error_code();
+ return ec;
+}
+
 boost::system::error_code engine::set_verify_callback(
     verify_callback_base* callback, boost::system::error_code& ec)
 {

Modified: trunk/boost/asio/ssl/impl/context.ipp
==============================================================================
--- trunk/boost/asio/ssl/impl/context.ipp (original)
+++ trunk/boost/asio/ssl/impl/context.ipp 2013-05-17 07:00:49 EDT (Fri, 17 May 2013)
@@ -226,6 +226,22 @@
   return ec;
 }
 
+void context::set_verify_depth(int depth)
+{
+ boost::system::error_code ec;
+ set_verify_depth(depth, ec);
+ boost::asio::detail::throw_error(ec, "set_verify_depth");
+}
+
+boost::system::error_code context::set_verify_depth(
+ int depth, boost::system::error_code& ec)
+{
+ ::SSL_CTX_set_verify_depth(handle_, depth);
+
+ ec = boost::system::error_code();
+ return ec;
+}
+
 void context::load_verify_file(const std::string& filename)
 {
   boost::system::error_code ec;

Modified: trunk/boost/asio/ssl/stream.hpp
==============================================================================
--- trunk/boost/asio/ssl/stream.hpp (original)
+++ trunk/boost/asio/ssl/stream.hpp 2013-05-17 07:00:49 EDT (Fri, 17 May 2013)
@@ -259,6 +259,43 @@
     return core_.engine_.set_verify_mode(v, ec);
   }
 
+ /// Set the peer verification depth.
+ /**
+ * This function may be used to configure the maximum verification depth
+ * allowed by the stream.
+ *
+ * @param depth Maximum depth for the certificate chain verification that
+ * shall be allowed.
+ *
+ * @throws boost::system::system_error Thrown on failure.
+ *
+ * @note Calls @c SSL_set_verify_depth.
+ */
+ void set_verify_depth(int depth)
+ {
+ boost::system::error_code ec;
+ set_verify_depth(depth, ec);
+ boost::asio::detail::throw_error(ec, "set_verify_depth");
+ }
+
+ /// Set the peer verification depth.
+ /**
+ * This function may be used to configure the maximum verification depth
+ * allowed by the stream.
+ *
+ * @param depth Maximum depth for the certificate chain verification that
+ * shall be allowed.
+ *
+ * @param ec Set to indicate what error occurred, if any.
+ *
+ * @note Calls @c SSL_set_verify_depth.
+ */
+ boost::system::error_code set_verify_depth(
+ int depth, boost::system::error_code& ec)
+ {
+ return core_.engine_.set_verify_depth(depth, ec);
+ }
+
   /// Set the callback used to verify peer certificates.
   /**
    * This function is used to specify a callback function that will be called

Modified: trunk/libs/asio/test/ssl/stream.cpp
==============================================================================
--- trunk/libs/asio/test/ssl/stream.cpp (original)
+++ trunk/libs/asio/test/ssl/stream.cpp 2013-05-17 07:00:49 EDT (Fri, 17 May 2013)
@@ -105,6 +105,9 @@
     stream1.set_verify_mode(ssl::verify_none);
     stream1.set_verify_mode(ssl::verify_none, ec);
 
+ stream1.set_verify_depth(1);
+ stream1.set_verify_depth(1, ec);
+
     stream1.set_verify_callback(verify_callback);
     stream1.set_verify_callback(verify_callback, ec);
 #endif // !defined(BOOST_ASIO_ENABLE_OLD_SSL)


Boost-Commit list run by bdawes at acm.org, david.abrahams at rcn.com, gregod at cs.rpi.edu, cpdaniel at pacbell.net, john at johnmaddock.co.uk