23 #ifndef SEASTAR_MODULE
25 #include <unordered_set>
27 #include <boost/any.hpp>
30 #include <seastar/core/future.hh>
31 #include <seastar/core/internal/api-level.hh>
32 #include <seastar/core/sstring.hh>
33 #include <seastar/core/shared_ptr.hh>
34 #include <seastar/net/socket_defs.hh>
35 #include <seastar/net/inet_address.hh>
36 #include <seastar/util/std-compat.hh>
37 #include <seastar/util/modules.hh>
38 #include <seastar/net/api.hh>
45 class connected_socket;
61 enum class x509_crt_format {
66 typedef std::basic_string_view<char> blob;
70 class server_credentials;
71 class certificate_credentials;
72 class credentials_builder;
104 std::unique_ptr<impl> _impl;
125 virtual void set_x509_trust(
const blob&, x509_crt_format) = 0;
126 virtual void set_x509_crl(
const blob&, x509_crt_format) = 0;
127 virtual void set_x509_key(
const blob& cert,
const blob& key, x509_crt_format) = 0;
129 virtual void set_simple_pkcs12(
const blob&, x509_crt_format,
const sstring& password) = 0;
131 virtual future<> set_x509_trust_file(
const sstring& cafile, x509_crt_format);
132 virtual future<> set_x509_crl_file(
const sstring& crlfile, x509_crt_format);
133 virtual future<> set_x509_key_file(
const sstring& cf,
const sstring& kf, x509_crt_format);
135 virtual future<> set_simple_pkcs12_file(
const sstring& pkcs12file, x509_crt_format,
const sstring& password);
138 template<
typename Base>
179 void set_x509_trust(
const blob&, x509_crt_format)
override;
180 void set_x509_crl(
const blob&, x509_crt_format)
override;
181 void set_x509_key(
const blob& cert,
const blob& key, x509_crt_format)
override;
182 void set_simple_pkcs12(
const blob&, x509_crt_format,
const sstring& password)
override;
225 friend class session;
226 friend class server_session;
229 template<
typename Base>
237 using runtime_error::runtime_error;
240 enum class client_auth {
241 NONE, REQUEST, REQUIRE
260 void set_client_auth(client_auth);
263 class reloadable_credentials_base;
265 using reload_callback = std::function<void(
const std::unordered_set<sstring>&, std::exception_ptr)>;
279 void set_dh_level(dh_params::level = dh_params::level::LEGACY);
281 void set_x509_trust(
const blob&, x509_crt_format)
override ;
282 void set_x509_crl(
const blob&, x509_crt_format)
override;
283 void set_x509_key(
const blob& cert,
const blob& key, x509_crt_format)
override;
284 void set_simple_pkcs12(
const blob&, x509_crt_format,
const sstring& password)
override;
286 future<> set_x509_trust_file(
const sstring& cafile, x509_crt_format)
override;
287 future<> set_x509_crl_file(
const sstring& crlfile, x509_crt_format)
override;
288 future<> set_x509_key_file(
const sstring& cf,
const sstring& kf, x509_crt_format)
override;
289 future<> set_simple_pkcs12_file(
const sstring& pkcs12file, x509_crt_format,
const sstring& password)
override;
292 void set_client_auth(client_auth);
293 void set_priority_string(
const sstring&);
305 friend class reloadable_credentials_base;
307 std::multimap<sstring, boost::any> _blobs;
308 client_auth _client_auth = client_auth::NONE;
331 [[deprecated(
"Use overload with tls_options parameter")]]
333 [[deprecated(
"Use overload with tls_options parameter")]]
361 [[deprecated(
"Use overload with tls_options parameter")]]
385 [[deprecated(
"Use overload with tls_options parameter")]]
437 using value_type = std::variant<
455 std::ostream& operator<<(std::ostream&,
const subject_alt_name::value_type&);
456 std::ostream& operator<<(std::ostream&,
const subject_alt_name&);
487 extern const int ERROR_UNKNOWN_CIPHER_TYPE;
488 extern const int ERROR_INVALID_SESSION;
489 extern const int ERROR_UNEXPECTED_HANDSHAKE_PACKET;
490 extern const int ERROR_UNKNOWN_CIPHER_SUITE;
491 extern const int ERROR_UNKNOWN_ALGORITHM;
492 extern const int ERROR_UNSUPPORTED_SIGNATURE_ALGORITHM;
493 extern const int ERROR_SAFE_RENEGOTIATION_FAILED;
494 extern const int ERROR_UNSAFE_RENEGOTIATION_DENIED;
495 extern const int ERROR_UNKNOWN_SRP_USERNAME;
496 extern const int ERROR_PREMATURE_TERMINATION;
A representation of a possibly not-yet-computed value.
Definition: future.hh:1238
Definition: inet_address.hh:49
A listening socket, waiting to accept incoming network connections.
Definition: api.hh:325
Definition: socket_defs.hh:47
void set_priority_string(const sstring &)
future set_system_trust()
void set_dn_verification_callback(dn_callback)
static future< dh_params > from_file(const sstring &, x509_crt_format)
holds the implementation parts of the metrics layer, do not use directly.
sstring server_name
server name to be used for the SNI TLS extension
Definition: tls.hh:317
session_type
Definition: tls.hh:146
std::string_view format_as(subject_alt_name_type)
const std::error_category & error_category()
future< connected_socket > connect(shared_ptr< certificate_credentials >, socket_address, sstring name)
subject_alt_name_type
Definition: tls.hh:426
future< std::optional< session_dn > > get_dn_information(connected_socket &socket)
bool wait_for_eof_on_shutdown
whether to wait for EOF from server on session termination
Definition: tls.hh:315
::seastar::socket socket(shared_ptr< certificate_credentials >, sstring name)
future< connected_socket > wrap_client(shared_ptr< certificate_credentials >, connected_socket &&, sstring name)
future< std::vector< subject_alt_name > > get_alt_name_information(connected_socket &socket, std::unordered_set< subject_alt_name_type > types={})
server_socket listen(shared_ptr< server_credentials >, socket_address sa, listen_options opts=listen_options())
const int ERROR_UNKNOWN_COMPRESSION_ALGORITHM
TLS configuration options.
Definition: tls.hh:313
Seastar API namespace.
Definition: abort_on_ebadf.hh:26
Definition: noncopyable_function.hh:37