|
Boost-Commit : |
Subject: [Boost-commit] svn:boost r84322 - in trunk: boost/asio/ssl boost/asio/ssl/detail boost/asio/ssl/detail/impl boost/asio/ssl/impl libs/asio/test/ssl
From: chris_at_[hidden]
Date: 2013-05-17 07:00:51
Author: chris_kohlhoff
Date: 2013-05-17 07:00:49 EDT (Fri, 17 May 2013)
New Revision: 84322
URL: http://svn.boost.org/trac/boost/changeset/84322
Log:
Add set_verify_depth function to SSL context and stream.
Thanks go to Nick Jones <nick dot fa dot jones at gmail dot com>, on
whose work this commit is based.
Text files modified:
trunk/boost/asio/ssl/context.hpp | 29 +++++++++++++++++++++++++++++
trunk/boost/asio/ssl/detail/engine.hpp | 4 ++++
trunk/boost/asio/ssl/detail/impl/engine.ipp | 9 +++++++++
trunk/boost/asio/ssl/impl/context.ipp | 16 ++++++++++++++++
trunk/boost/asio/ssl/stream.hpp | 37 +++++++++++++++++++++++++++++++++++++
trunk/libs/asio/test/ssl/stream.cpp | 3 +++
6 files changed, 98 insertions(+), 0 deletions(-)
Modified: trunk/boost/asio/ssl/context.hpp
==============================================================================
--- trunk/boost/asio/ssl/context.hpp (original)
+++ trunk/boost/asio/ssl/context.hpp 2013-05-17 07:00:49 EDT (Fri, 17 May 2013)
@@ -167,6 +167,35 @@
BOOST_ASIO_DECL boost::system::error_code set_verify_mode(
verify_mode v, boost::system::error_code& ec);
+ /// Set the peer verification depth.
+ /**
+ * This function may be used to configure the maximum verification depth
+ * allowed by the context.
+ *
+ * @param depth Maximum depth for the certificate chain verification that
+ * shall be allowed.
+ *
+ * @throws boost::system::system_error Thrown on failure.
+ *
+ * @note Calls @c SSL_CTX_set_verify_depth.
+ */
+ BOOST_ASIO_DECL void set_verify_depth(int depth);
+
+ /// Set the peer verification depth.
+ /**
+ * This function may be used to configure the maximum verification depth
+ * allowed by the context.
+ *
+ * @param depth Maximum depth for the certificate chain verification that
+ * shall be allowed.
+ *
+ * @param ec Set to indicate what error occurred, if any.
+ *
+ * @note Calls @c SSL_CTX_set_verify_depth.
+ */
+ BOOST_ASIO_DECL boost::system::error_code set_verify_depth(
+ int depth, boost::system::error_code& ec);
+
/// Set the callback used to verify peer certificates.
/**
* This function is used to specify a callback function that will be called
Modified: trunk/boost/asio/ssl/detail/engine.hpp
==============================================================================
--- trunk/boost/asio/ssl/detail/engine.hpp (original)
+++ trunk/boost/asio/ssl/detail/engine.hpp 2013-05-17 07:00:49 EDT (Fri, 17 May 2013)
@@ -73,6 +73,10 @@
BOOST_ASIO_DECL boost::system::error_code set_verify_mode(
verify_mode v, boost::system::error_code& ec);
+ // Set the peer verification depth.
+ BOOST_ASIO_DECL boost::system::error_code set_verify_depth(
+ int depth, boost::system::error_code& ec);
+
// Set a peer certificate verification callback.
BOOST_ASIO_DECL boost::system::error_code set_verify_callback(
verify_callback_base* callback, boost::system::error_code& ec);
Modified: trunk/boost/asio/ssl/detail/impl/engine.ipp
==============================================================================
--- trunk/boost/asio/ssl/detail/impl/engine.ipp (original)
+++ trunk/boost/asio/ssl/detail/impl/engine.ipp 2013-05-17 07:00:49 EDT (Fri, 17 May 2013)
@@ -84,6 +84,15 @@
return ec;
}
+boost::system::error_code engine::set_verify_depth(
+ int depth, boost::system::error_code& ec)
+{
+ ::SSL_set_verify_depth(ssl_, depth);
+
+ ec = boost::system::error_code();
+ return ec;
+}
+
boost::system::error_code engine::set_verify_callback(
verify_callback_base* callback, boost::system::error_code& ec)
{
Modified: trunk/boost/asio/ssl/impl/context.ipp
==============================================================================
--- trunk/boost/asio/ssl/impl/context.ipp (original)
+++ trunk/boost/asio/ssl/impl/context.ipp 2013-05-17 07:00:49 EDT (Fri, 17 May 2013)
@@ -226,6 +226,22 @@
return ec;
}
+void context::set_verify_depth(int depth)
+{
+ boost::system::error_code ec;
+ set_verify_depth(depth, ec);
+ boost::asio::detail::throw_error(ec, "set_verify_depth");
+}
+
+boost::system::error_code context::set_verify_depth(
+ int depth, boost::system::error_code& ec)
+{
+ ::SSL_CTX_set_verify_depth(handle_, depth);
+
+ ec = boost::system::error_code();
+ return ec;
+}
+
void context::load_verify_file(const std::string& filename)
{
boost::system::error_code ec;
Modified: trunk/boost/asio/ssl/stream.hpp
==============================================================================
--- trunk/boost/asio/ssl/stream.hpp (original)
+++ trunk/boost/asio/ssl/stream.hpp 2013-05-17 07:00:49 EDT (Fri, 17 May 2013)
@@ -259,6 +259,43 @@
return core_.engine_.set_verify_mode(v, ec);
}
+ /// Set the peer verification depth.
+ /**
+ * This function may be used to configure the maximum verification depth
+ * allowed by the stream.
+ *
+ * @param depth Maximum depth for the certificate chain verification that
+ * shall be allowed.
+ *
+ * @throws boost::system::system_error Thrown on failure.
+ *
+ * @note Calls @c SSL_set_verify_depth.
+ */
+ void set_verify_depth(int depth)
+ {
+ boost::system::error_code ec;
+ set_verify_depth(depth, ec);
+ boost::asio::detail::throw_error(ec, "set_verify_depth");
+ }
+
+ /// Set the peer verification depth.
+ /**
+ * This function may be used to configure the maximum verification depth
+ * allowed by the stream.
+ *
+ * @param depth Maximum depth for the certificate chain verification that
+ * shall be allowed.
+ *
+ * @param ec Set to indicate what error occurred, if any.
+ *
+ * @note Calls @c SSL_set_verify_depth.
+ */
+ boost::system::error_code set_verify_depth(
+ int depth, boost::system::error_code& ec)
+ {
+ return core_.engine_.set_verify_depth(depth, ec);
+ }
+
/// Set the callback used to verify peer certificates.
/**
* This function is used to specify a callback function that will be called
Modified: trunk/libs/asio/test/ssl/stream.cpp
==============================================================================
--- trunk/libs/asio/test/ssl/stream.cpp (original)
+++ trunk/libs/asio/test/ssl/stream.cpp 2013-05-17 07:00:49 EDT (Fri, 17 May 2013)
@@ -105,6 +105,9 @@
stream1.set_verify_mode(ssl::verify_none);
stream1.set_verify_mode(ssl::verify_none, ec);
+ stream1.set_verify_depth(1);
+ stream1.set_verify_depth(1, ec);
+
stream1.set_verify_callback(verify_callback);
stream1.set_verify_callback(verify_callback, ec);
#endif // !defined(BOOST_ASIO_ENABLE_OLD_SSL)
Boost-Commit list run by bdawes at acm.org, david.abrahams at rcn.com, gregod at cs.rpi.edu, cpdaniel at pacbell.net, john at johnmaddock.co.uk