Mercurial > trustbridge

view ui/sslconnection.h @ 359:f6ce186cebc2

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
If DO_RELEASE_BUILD is set use pubkey-release and test with it This currently fails because polarssl rejects keys with a public exponent larger then 64 bit. With the following patch all tests pass. But this currently awaits upstream comment. https://polarssl.org/discussions/bug-report-issues/rsa-keys-with-large-public-exponents-are-rejected --- rsa.c.orig 2014-04-10 17:22:32.727290031 +0200 +++ rsa.c 2014-04-10 17:22:38.847410225 +0200 @@ -154,7 +154,7 @@ return( POLARSSL_ERR_RSA_KEY_CHECK_FAILED ); if( mpi_msb( &ctx->E ) < 2 || - mpi_msb( &ctx->E ) > 64 ) + mpi_msb( &ctx->E ) > POLARSSL_MPI_MAX_BITS ) return( POLARSSL_ERR_RSA_KEY_CHECK_FAILED ); return( 0 );
author Andre Heinecke <andre.heinecke@intevation.de>
date Thu, 10 Apr 2014 17:50:44 +0200
parents d28e2624c1d5
children 17e1c8f37d72
line wrap: on
line source
#ifndef SSLCONNECTION_H
#define SSLCONNECTION_H

/**
 * @file sslconnection.h
 * @brief Qt wrapper around polarssl ssl api
 */

#include <QDebug>
#include <QUrl>
#include <QString>
#include <QByteArray>

#include <polarssl/entropy.h>
#include <polarssl/net.h>
#include <polarssl/ssl.h>
#include <polarssl/ctr_drbg.h>
#include <polarssl/error.h>
#include <polarssl/certs.h>

class SSLConnection
{
public:
    enum ErrorCode {
        NoError,
        NoConnection,
        SSLHandshakeFailed,
        InvalidCertificate,
        InvalidPinnedCertificate,
        InvalidResponse,
        ConnectionLost,
        Timeout,
        ErrUnknown
    };

    /**
     * @brief Construct a pinned SSL Connection
     *
     * @param[in] url the Url to connect to
     * @param[in] certificate optional certificate to validate https connection
     */
    SSLConnection(const QString& url,
                  const QByteArray& certificate = QByteArray());

    ~SSLConnection();

    /** @brief write */
    int write(const QByteArray& request);

    /**
     * @brief read at most len bytes and reset the connection
     *
     * @param [in] len Amount of bytes to read.
     *
     * @returns a byte array containing the data or
     * a NULL byte array on error*/
    QByteArray read(size_t len);

    bool initialized() { return mInitialized; }
    bool connected() { return mConnected; }

    ErrorCode getLastError() { return mErrorState; }

    /** @brief: Establish the connection
     *
     * @returns 0 on success otherwise a polarssl error or -1 is returned
     */
    int connect();

private:
    QUrl mUrl;
    QByteArray mPinnedCert;
    x509_crt mX509PinnedCert;
    entropy_context mEntropy;
    ctr_drbg_context mCtr_drbg;
    ssl_context mSSL;
    ssl_session mSavedSession;
    bool mInitialized;
    bool mConnected; /* A connection was established */
    bool mNeedsReset; /* The connection needs to be reset before the next
                         write */
    int mServerFD;
    SSLConnection::ErrorCode mErrorState;
    /* @brief: Initialize polarssl structures
     *
     * This wraps polarssl initialization functions
     * that can return an error.
     * Sets the error state accordingly.
     *
     * @returns: 0 on success a polarssl error otherwise.
     */
    int init();

    /* @brief Reset the connection.
     *
     * Resets the https connection and does another handshake.
     *
     * @returns: 0 on success a polarssl error or -1 otherwise. */
    int reset();

    /* @brief validates that the certificate matches the pinned one.
     *
     * Checks the peer certificate of mSSL and validates that the
     * certificate matches mPinnedCertificate.
     *
     * @returns: 0 on success a polarssl error or -1 otherwise. */
    int validateCertificate();

    /* @brief disconnects the connection */
    void disconnect();
};

#endif
http://wald.intevation.org/projects/trustbridge/