Seastar
High performance C++ framework for concurrent servers
Classes | Typedefs | Enumerations
seastar::tls Namespace Reference

Detailed Description

Relatively thin SSL wrapper for socket IO. (Can be expanded to other IO forms).

The current underlying mechanism is gnutls, however, all interfaces are kept agnostic, so in theory it could be replaced with OpenSSL or similar.

Classes

class  abstract_credentials
 
class  certificate_credentials
 
class  credentials_builder
 
class  dh_params
 
class  reloadable_credentials
 
class  server_credentials
 
class  verification_error
 
class  x509_cert
 

Typedefs

typedef std::basic_string_view< char > blob
 
using dn_callback = noncopyable_function< void(session_type type, sstring subject, sstring issuer)>
 
using reload_callback = std::function< void(const std::unordered_set< sstring > &, std::exception_ptr)>
 

Enumerations

enum  x509_crt_format { DER, PEM }
 
enum  session_type { CLIENT, SERVER }
 
enum  client_auth { NONE, REQUEST, REQUIRE }
 

Class Documentation

◆ seastar::tls::reloadable_credentials

class seastar::tls::reloadable_credentials

Typedef Documentation

◆ dn_callback

using seastar::tls::dn_callback = typedef noncopyable_function<void(session_type type, sstring subject, sstring issuer)>

Callback prototype for receiving Distinguished Name (DN) information

Parameters
typeOur own role in the TLS handshake (client vs. server)
subjectThe subject DN string
issuerThe issuer DN string

Enumeration Type Documentation

◆ session_type

Enum like tls::session::type but independent of gnutls headers

Warning
Uses a different internal encoding than tls::session::type

Function Documentation

◆ connect()

future<connected_socket> seastar::tls::connect ( shared_ptr< certificate_credentials ,
socket_address  ,
sstring  name = {} 
)

Creates a TLS client connection using the default network stack and the supplied credentials. Typically these should contain enough information to validate the remote certificate (i.e. trust info).

Parameters
nameAn optional expected server name for the remote end point

◆ listen()

server_socket seastar::tls::listen ( shared_ptr< server_credentials ,
socket_address  sa,
listen_options  opts = listen_options() 
)

Creates a server socket that accepts SSL/TLS clients using default network stack and the supplied credentials. The credentials object should contain certificate info for the server and optionally trust/crl data.

◆ socket()

::seastar::socket seastar::tls::socket ( shared_ptr< certificate_credentials ,
sstring  name = {} 
)

Creates a socket through which a TLS client connection can be created, using the default network stack and the supplied credentials. Typically these should contain enough information to validate the remote certificate (i.e. trust info).

Parameters
nameAn optional expected server name for the remote end point

◆ wrap_client()

future<connected_socket> seastar::tls::wrap_client ( shared_ptr< certificate_credentials ,
connected_socket &&  ,
sstring  name = {} 
)

Wraps an existing connection in SSL/TLS.