Mixe for Privacy and Anonymity in the Internet
Public Member Functions | Private Member Functions | Private Attributes | List of all members
CATLSClientSocket Class Reference

#include <CATLSClientSocket.hpp>

Inheritance diagram for CATLSClientSocket:
Collaboration diagram for CATLSClientSocket:

Public Member Functions

 CATLSClientSocket ()
 
 ~CATLSClientSocket ()
 
SINT32 sendFully (const UINT8 *buff, UINT32 len)
 Sends all data over the network. More...
 
SINT32 send (const UINT8 *buff, UINT32 len)
 Sends all data over the network. More...
 
SINT32 receive (UINT8 *buff, UINT32 len)
 Will receive some bytes from the socket. More...
 
SINT32 close ()
 Shuts down the socket. More...
 
SINT32 connect (const CASocketAddr &psa, UINT32 msTimeout)
 Establishes the actual TCP/IP connection and performs the TLS handshake. More...
 
SINT32 setServerCertificate (CACertificate *pCert)
 Sets the Certifcate we accept as server identification. More...
 
- Public Member Functions inherited from CASocket
 CASocket (bool bIsReserved=false)
 
 ~CASocket ()
 
virtual SINT32 create ()
 
virtual SINT32 create (bool a_bShowTypicalError)
 
virtual SINT32 create (SINT32 type)
 
virtual SINT32 listen (const CASocketAddr &psa)
 Starts listening on address psa. More...
 
virtual SINT32 listen (UINT16 port)
 
virtual SINT32 accept (CASocket &s)
 Accepts a new connection. More...
 
virtual SINT32 connect (const CASocketAddr &psa)
 
virtual SINT32 connect (const CASocketAddr &psa, UINT32 retry, UINT32 sWaitTime)
 Tries to connect to the peer described by psa. More...
 
virtual SINT32 sendFullyTimeOut (const UINT8 *buff, UINT32 len, UINT32 msTimeOut, UINT32 msTimeOutSingleSend)
 Sends all data over the network. More...
 
virtual SINT32 sendTimeOut (const UINT8 *buff, UINT32 len, UINT32 msTimeOut)
 Sends some data over the network. More...
 
virtual SINT32 receiveFullyT (UINT8 *buff, UINT32 len, UINT32 msTimeOut)
 Trys to receive all bytes. More...
 
virtual SINT32 receiveLine (UINT8 *line, UINT32 maxLen, UINT32 msTimeOut)
 
virtual SINT32 peek (UINT8 *buff, UINT32 len)
 Will peek some bytes from the socket read queue. More...
 
SOCKET getSocket ()
 Returns the number of the Socket used. More...
 
virtual SINT32 getLocalIP (UINT8 r_Ip[4])
 LERNGRUPPE Returns the source address of the socket. More...
 
virtual SINT32 getLocalPort ()
 
virtual SINT32 getPeerIP (UINT8 ip[4])
 
virtual SINT32 getPeerPort ()
 
virtual SINT32 setReuseAddr (bool b)
 
virtual SINT32 setSendTimeOut (UINT32 msTimeOut)
 
virtual SINT32 getSendTimeOut ()
 
virtual SINT32 setRecvBuff (UINT32 r)
 
virtual SINT32 getRecvBuff ()
 
virtual SINT32 setSendBuff (SINT32 r)
 Returns < 0 on error, otherwise the new sendbuffersize (which may be less than r) More...
 
virtual SINT32 getSendBuff ()
 
virtual SINT32 setKeepAlive (bool b)
 Enables/disables the socket keep-alive option. More...
 
virtual SINT32 setKeepAlive (UINT32 sec)
 Enables the socket keep-alive option with a given ping time (in seconds). More...
 
virtual SINT32 setNonBlocking (bool b)
 
virtual SINT32 getNonBlocking (bool *b)
 
virtual bool isClosed ()
 
- Public Member Functions inherited from CAClientSocket
virtual ~CAClientSocket ()
 
SINT32 receiveFully (UINT8 *buff, UINT32 len)
 Receives all len bytes. More...
 

Private Member Functions

SINT32 doTLSConnect (const CASocketAddr &psa)
 Does the TLS handshake. More...
 

Private Attributes

SSL * m_pSSL
 
SSL_CTX * m_pCtx
 
CACertificatem_pRootCert
 
bool m_bConnectedTLS
 is the TLS layer established ? More...
 

Additional Inherited Members

- Static Public Member Functions inherited from CASocket
static SINT32 init ()
 
static SINT32 cleanup ()
 
static SINT32 setMaxNormalSockets (UINT32 u)
 Sets the max number of allowed "normal" sockets. More...
 
static SINT32 getMaxOpenSockets ()
 Tries to find out how many socket we can open by open as many socket as possible witthout errors. More...
 
static UINT32 countOpenSockets ()
 
- Protected Attributes inherited from CASocket
volatile bool m_bSocketIsClosed
 check More...
 
SOCKET m_Socket
 
CASingleSocketGroupm_pSingleSocketGroupRead
 

Detailed Description

Definition at line 48 of file CATLSClientSocket.hpp.

Constructor & Destructor Documentation

◆ CATLSClientSocket()

CATLSClientSocket::CATLSClientSocket ( )

Definition at line 35 of file CATLSClientSocket.cpp.

36  {
37  m_bConnectedTLS = false;
38  m_pCtx = SSL_CTX_new( TLSv1_client_method() );
39 #ifdef SSL_OP_NO_TICKET
40  // disable buggy TLS client extensions, as otherwise we will get no connection to a Java TLS server; the bug is fixes in OpenSSL > 0.9.8g
41  SSL_CTX_set_options(m_pCtx, SSL_OP_ALL|SSL_OP_NO_TICKET);
42 #else
43  SSL_CTX_set_options(m_pCtx, SSL_OP_ALL);
44 #endif
45  m_pSSL = NULL;
46  m_pRootCert=NULL;
47  //m_pSocket=new CASocket();
48 
49  }
CACertificate * m_pRootCert
bool m_bConnectedTLS
is the TLS layer established ?

References m_bConnectedTLS, m_pCtx, m_pRootCert, and m_pSSL.

◆ ~CATLSClientSocket()

CATLSClientSocket::~CATLSClientSocket ( )

Definition at line 51 of file CATLSClientSocket.cpp.

52  {
53  close();
54  SSL_CTX_free(m_pCtx);
55  //delete m_pSocket;
56  //m_pSocket = NULL;
57  delete m_pRootCert;
58  m_pRootCert = NULL;
59  }
SINT32 close()
Shuts down the socket.

References close(), m_pCtx, and m_pRootCert.

Here is the call graph for this function:

Member Function Documentation

◆ close()

SINT32 CATLSClientSocket::close ( )
virtual

Shuts down the socket.

This is an overridden virtual function which shuts down the TLS layer first

Reimplemented from CASocket.

Definition at line 65 of file CATLSClientSocket.cpp.

66  {
67  if(m_bConnectedTLS)
68  {
69  SSL_shutdown(m_pSSL);
70  m_bConnectedTLS = false;
71  }
72  if(m_pSSL!=NULL)
73  {
74  SSL_free(m_pSSL);
75  }
76  m_pSSL=NULL;
77  return CASocket::close();
78  }
virtual SINT32 close()
Definition: CASocket.cpp:351

References CASocket::close(), m_bConnectedTLS, and m_pSSL.

Referenced by doTLSConnect(), CAAccountingBIInterface::initBIConnection(), CAAccountingBIInterface::terminateBIConnection(), and ~CATLSClientSocket().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ connect()

SINT32 CATLSClientSocket::connect ( const CASocketAddr psa,
UINT32  msTimeout 
)
virtual

Establishes the actual TCP/IP connection and performs the TLS handshake.

Establishes the TCP/IP connection, performs the TLS handshake and checks the server certificate validity.

Reimplemented from CASocket.

Definition at line 170 of file CATLSClientSocket.cpp.

171  {
172  SINT32 rc;
173  // call base class connect function
174  if( (rc=CASocket::connect(psa, msTimeout)) != E_SUCCESS)
175  {
176  CASocket::close();
177  return rc;
178  }
179  // do our own connection initialisation (TLS handshake)
180  rc = doTLSConnect(psa);
181  return rc;
182  }
signed int SINT32
Definition: basetypedefs.h:132
virtual SINT32 connect(const CASocketAddr &psa)
Definition: CASocket.hpp:64
SINT32 doTLSConnect(const CASocketAddr &psa)
Does the TLS handshake.
const SINT32 E_SUCCESS
Definition: errorcodes.hpp:2

References CASocket::close(), CASocket::connect(), doTLSConnect(), and E_SUCCESS.

Referenced by CAAccountingBIInterface::initBIConnection().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ doTLSConnect()

SINT32 CATLSClientSocket::doTLSConnect ( const CASocketAddr psa)
private

Does the TLS handshake.

The TCP Connection must be established first and openSSL library must be initialized

Definition at line 97 of file CATLSClientSocket.cpp.

98  {
99  SINT32 status;
100  #ifdef DEBUG
101  CAMsg::printMsg(LOG_DEBUG,"starting tls connect\n");
102  #endif
103  if(m_bConnectedTLS)
104  return E_UNKNOWN;
105 
106  m_pSSL=SSL_new(m_pCtx);
107  // do the standard part of the ssl handshake
108 
109  SSL_set_fd( m_pSSL, m_Socket );
110  if((status = SSL_connect( m_pSSL )) != 1)
111  {
112  int err = SSL_get_error(m_pSSL, status);
113  CAMsg::printMsg(LOG_INFO,"CATLSClientSocket::doTLSConnect() failed! Reason: %i\n", err);
114  SSL_shutdown(m_pSSL);
115  close();
116  m_bConnectedTLS = false;
117  return E_UNKNOWN;
118  }
119  #ifdef DEBUG
120  CAMsg::printMsg(LOG_DEBUG,"connect passed\n");
121  #endif
122 
123  // ssl handshake ok, now let's check the server's identity
124  // Note: This code was stolen from LinuxJournal
125  // issue 89: An Introduction to OpenSSL Programming, Part I of II
126 
127 
128  // is the certificate valid?
129  SINT32 ret=SSL_get_verify_result( m_pSSL );
130  if(ret != X509_V_OK&&ret!=X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT )
131  {
132  CAMsg::printMsg(LOG_ERR, "SSLClientSocket: the Server certificate is INVALID!! Error: %i\n",ret);
133  close();
134  m_bConnectedTLS = false;
135  return E_UNKNOWN;
136  }
137  X509* peerCert=SSL_get_peer_certificate(m_pSSL);
138  if(peerCert==NULL)
139  {
140  CAMsg::printMsg(LOG_ERR, "SSLClientSocket: the Server shows no certificate!\n");
141  close();
142  m_bConnectedTLS = false;
143  return E_UNKNOWN;
144  }
145  ret=1;
146  if(m_pRootCert!=NULL)
147  {
148  EVP_PKEY* pubKey=X509_get_pubkey(m_pRootCert->getX509());
149  ret=X509_verify(peerCert,pubKey);
150  }
151  X509_free(peerCert);
152  if(ret!=1)
153  {
154  CAMsg::printMsg(LOG_ERR, "SSLClientSocket: could not verify server certificate!\n");
155  close();
156  m_bConnectedTLS = false;
157  return E_UNKNOWN;
158  }
159  m_bConnectedTLS = true;
160  return E_SUCCESS;
161  }
X509 * getX509() const
static SINT32 printMsg(UINT32 typ, const char *format,...)
Writes a given message to the log.
Definition: CAMsg.cpp:251
SOCKET m_Socket
Definition: CASocket.hpp:150
#define E_UNKNOWN
Definition: errorcodes.hpp:3

References close(), E_SUCCESS, E_UNKNOWN, CACertificate::getX509(), m_bConnectedTLS, m_pCtx, m_pRootCert, m_pSSL, CASocket::m_Socket, and CAMsg::printMsg().

Referenced by connect().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ receive()

SINT32 CATLSClientSocket::receive ( UINT8 buff,
UINT32  len 
)
virtual

Will receive some bytes from the socket.

May block or not depending on whatever this socket was set to blocking or non-blocking mode. Warning: If socket is in blocking mode and receive is called, receive will block until some data is available, EVEN IF AN OTHER THREAD WILL CLOSE THIS SOCKET!

Parameters
buffthe buffer which get the received data
lensize of buff
Returns
SOCKET_ERROR if an error occured
Return values
E_AGAIN,ifsocket was in non-blocking mode and receive would block or a timeout was reached
0if socket was gracefully closed
Returns
the number of bytes received (always >0)

Reimplemented from CASocket.

Definition at line 244 of file CATLSClientSocket.cpp.

245 {
246  SINT32 ret=::SSL_read(m_pSSL,(char*)buff,len);
247  if(ret<0)
248  {
249  int err = SSL_get_error(m_pSSL, ret);
250  if ( (SSL_ERROR_WANT_READ == err) ||
251  (SSL_ERROR_WANT_WRITE == err) )
252  {
253  return E_AGAIN;
254  }
255 
256  if( (err == SSL_ERROR_SYSCALL) && (ret == -1) )
257  {
258  int errnum = errno;
259  CAMsg::printMsg(LOG_ERR, "TLS-Socket: receive I/O error occured: %s\n", strerror(errnum));
260  }
261  return SOCKET_ERROR;
262  }
263  return ret;
264 }
#define SOCKET_ERROR
Definition: StdAfx.h:464
#define E_AGAIN
Definition: errorcodes.hpp:9
UINT16 len
Definition: typedefs.hpp:0

References E_AGAIN, len, m_pSSL, and CAMsg::printMsg().

Here is the call graph for this function:

◆ send()

SINT32 CATLSClientSocket::send ( const UINT8 buff,
UINT32  len 
)
virtual

Sends all data over the network.

This may block, until all data was sent.

Parameters
buffthe buffer of data to send
lencontent length
Return values
E_UNKNOWNif an error occured
E_SUCCESSif successfull

Reimplemented from CASocket.

Definition at line 190 of file CATLSClientSocket.cpp.

191 {
192  if(len==0)
193  {
194  return E_SUCCESS; //nothing to send
195  }
196  SINT32 ret=::SSL_write(m_pSSL,(char*)buff,len);
197  if(ret<0)
198  {
199  int err = SSL_get_error(m_pSSL, ret);
200  if ( (SSL_ERROR_WANT_READ == err) ||
201  (SSL_ERROR_WANT_WRITE == err) )
202  {
203  return E_AGAIN;
204  }
205 
206  if( (err == SSL_ERROR_SYSCALL) && (ret == -1) )
207  {
208  int errnum = errno;
209  CAMsg::printMsg(LOG_ERR, "TLS-Socket: send I/O error occured: %s\n", strerror(errnum));
210  }
211  return SOCKET_ERROR;
212  }
213  return ret;
214 }

References E_AGAIN, E_SUCCESS, len, m_pSSL, and CAMsg::printMsg().

Here is the call graph for this function:

◆ sendFully()

SINT32 CATLSClientSocket::sendFully ( const UINT8 buff,
UINT32  len 
)
virtual

Sends all data over the network.

This may block, until all data was sent.

Parameters
buffthe buffer of data to send
lencontent length
Return values
E_UNKNOWNif an error occured
E_SUCCESSif successfull

Reimplemented from CASocket.

Definition at line 222 of file CATLSClientSocket.cpp.

223  {
224  if(len==0)
225  return E_SUCCESS; //nothing to send
226  SINT32 ret=::SSL_write(m_pSSL,(char*)buff,len);
227  if(ret < 0 || ((UINT32)ret) < len)
228  return E_UNKNOWN;
229  return E_SUCCESS;
230  }
unsigned int UINT32
Definition: basetypedefs.h:131

References E_SUCCESS, E_UNKNOWN, len, and m_pSSL.

◆ setServerCertificate()

SINT32 CATLSClientSocket::setServerCertificate ( CACertificate pCert)

Sets the Certifcate we accept as server identification.

Init the SSL object.

Set to NULL if you do not want any certificate checking. @Note At the moment only a depth of verification path of zero or one is supported!

SSL_init_library() must be called before this!

Definition at line 86 of file CATLSClientSocket.cpp.

87  {
88  m_pRootCert=pCert->clone();
89  return E_SUCCESS;
90  }
CACertificate * clone() const

References CACertificate::clone(), E_SUCCESS, and m_pRootCert.

Referenced by CAAccountingBIInterface::initBIConnection().

Here is the call graph for this function:
Here is the caller graph for this function:

Member Data Documentation

◆ m_bConnectedTLS

bool CATLSClientSocket::m_bConnectedTLS
private

is the TLS layer established ?

Definition at line 89 of file CATLSClientSocket.hpp.

Referenced by CATLSClientSocket(), close(), and doTLSConnect().

◆ m_pCtx

SSL_CTX* CATLSClientSocket::m_pCtx
private

Definition at line 85 of file CATLSClientSocket.hpp.

Referenced by CATLSClientSocket(), doTLSConnect(), and ~CATLSClientSocket().

◆ m_pRootCert

CACertificate* CATLSClientSocket::m_pRootCert
private

◆ m_pSSL

SSL* CATLSClientSocket::m_pSSL
private

Definition at line 84 of file CATLSClientSocket.hpp.

Referenced by CATLSClientSocket(), close(), doTLSConnect(), receive(), send(), and sendFully().


The documentation for this class was generated from the following files: