Sākums Izpētīt Palīdzība
Reģistrēties Pierakstīties
lugt
/
click_hdfs
1
0
Atdalīts 0
Faili Problēmas 0 Izmaiņu pieprasījumi 0 Vikivietne
Koks: efaed54c90
Atzari Tagi
click_hdfs
/
contirb
/
libhdfspp
/
third_party
/
asio-1.10.2
/
doc
/
asio
/
overview
/
ssl.html

ssl.html 17 KB
Vēsture Neapstrādāts

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186 
  1. <html>
    2. 

  2. <head>
    3. 

  3. <meta http-equiv="Content-Type" content="text/html; charset=US-ASCII">
    4. 

  4. <title>SSL</title>
    5. 

  5. <link rel="stylesheet" href="../../boostbook.css" type="text/css">
    6. 

  6. <meta name="generator" content="DocBook XSL Stylesheets V1.75.2">
    7. 

  7. <link rel="home" href="../../index.html" title="Asio">
    8. 

  8. <link rel="up" href="../overview.html" title="Overview">
    9. 

  9. <link rel="prev" href="windows/object_handle.html" title="Object HANDLEs">
    10. 

  10. <link rel="next" href="cpp2011.html" title="C++ 2011 Support">
    11. 

  11. </head>
    12. 

  12. <body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
    13. 

  13. <table cellpadding="2" width="100%"><tr><td valign="top"><img alt="asio C++ library" width="250" height="60" src="../../asio.png"></td></tr></table>
    14. 

  14. <hr>
    15. 

  15. <div class="spirit-nav">
    16. 

  16. <a accesskey="p" href="windows/object_handle.html"><img src="../../prev.png" alt="Prev"></a><a accesskey="u" href="../overview.html"><img src="../../up.png" alt="Up"></a><a accesskey="h" href="../../index.html"><img src="../../home.png" alt="Home"></a><a accesskey="n" href="cpp2011.html"><img src="../../next.png" alt="Next"></a>
    17. 

  17. </div>
    18. 

  18. <div class="section">
    19. 

  19. <div class="titlepage"><div><div><h3 class="title">
    20. 

  20. <a name="asio.overview.ssl"></a><a class="link" href="ssl.html" title="SSL">SSL</a>
    21. 

  21. </h3></div></div></div>
    22. 

  22. <p>
    23. 

  23.         Asio contains classes and class templates for basic SSL support. These classes
    24. 

  24.         allow encrypted communication to be layered on top of an existing stream,
    25. 

  25.         such as a TCP socket.
    26. 

  26.       </p>
    27. 

  27. <p>
    28. 

  28.         Before creating an encrypted stream, an application must construct an SSL
    29. 

  29.         context object. This object is used to set SSL options such as verification
    30. 

  30.         mode, certificate files, and so on. As an illustration, client-side initialisation
    31. 

  31.         may look something like:
    32. 

  32.       </p>
    33. 

  33. <pre class="programlisting"><span class="identifier">ssl</span><span class="special">::</span><span class="identifier">context</span> <span class="identifier">ctx</span><span class="special">(</span><span class="identifier">ssl</span><span class="special">::</span><span class="identifier">context</span><span class="special">::</span><span class="identifier">sslv23</span><span class="special">);</span>
    34. 

  34. <span class="identifier">ctx</span><span class="special">.</span><span class="identifier">set_verify_mode</span><span class="special">(</span><span class="identifier">ssl</span><span class="special">::</span><span class="identifier">verify_peer</span><span class="special">);</span>
    35. 

  35. <span class="identifier">ctx</span><span class="special">.</span><span class="identifier">load_verify_file</span><span class="special">(</span><span class="string">"ca.pem"</span><span class="special">);</span>
    36. 

  36. </pre>
    37. 

  37. <p>
    38. 

  38.         To use SSL with a TCP socket, one may write:
    39. 

  39.       </p>
    40. 

  40. <pre class="programlisting"><span class="identifier">ssl</span><span class="special">::</span><span class="identifier">stream</span><span class="special">&lt;</span><span class="identifier">ip</span><span class="special">::</span><span class="identifier">tcp</span><span class="special">::</span><span class="identifier">socket</span><span class="special">&gt;</span> <span class="identifier">ssl_sock</span><span class="special">(</span><span class="identifier">my_io_service</span><span class="special">,</span> <span class="identifier">ctx</span><span class="special">);</span>
    41. 

  41. </pre>
    42. 

  42. <p>
    43. 

  43.         To perform socket-specific operations, such as establishing an outbound connection
    44. 

  44.         or accepting an incoming one, the underlying socket must first be obtained
    45. 

  45.         using the <code class="computeroutput"><span class="identifier">ssl</span><span class="special">::</span><span class="identifier">stream</span></code> template's <a class="link" href="../reference/ssl__stream/lowest_layer.html" title="ssl::stream::lowest_layer"><code class="computeroutput"><span class="identifier">lowest_layer</span><span class="special">()</span></code></a>
    46. 

  46.         member function:
    47. 

  47.       </p>
    48. 

  48. <pre class="programlisting"><span class="identifier">ip</span><span class="special">::</span><span class="identifier">tcp</span><span class="special">::</span><span class="identifier">socket</span><span class="special">::</span><span class="identifier">lowest_layer_type</span><span class="special">&amp;</span> <span class="identifier">sock</span> <span class="special">=</span> <span class="identifier">ssl_sock</span><span class="special">.</span><span class="identifier">lowest_layer</span><span class="special">();</span>
    49. 

  49. <span class="identifier">sock</span><span class="special">.</span><span class="identifier">connect</span><span class="special">(</span><span class="identifier">my_endpoint</span><span class="special">);</span>
    50. 

  50. </pre>
    51. 

  51. <p>
    52. 

  52.         In some use cases the underlying stream object will need to have a longer
    53. 

  53.         lifetime than the SSL stream, in which case the template parameter should
    54. 

  54.         be a reference to the stream type:
    55. 

  55.       </p>
    56. 

  56. <pre class="programlisting"><span class="identifier">ip</span><span class="special">::</span><span class="identifier">tcp</span><span class="special">::</span><span class="identifier">socket</span> <span class="identifier">sock</span><span class="special">(</span><span class="identifier">my_io_service</span><span class="special">);</span>
    57. 

  57. <span class="identifier">ssl</span><span class="special">::</span><span class="identifier">stream</span><span class="special">&lt;</span><span class="identifier">ip</span><span class="special">::</span><span class="identifier">tcp</span><span class="special">::</span><span class="identifier">socket</span><span class="special">&amp;&gt;</span> <span class="identifier">ssl_sock</span><span class="special">(</span><span class="identifier">sock</span><span class="special">,</span> <span class="identifier">ctx</span><span class="special">);</span>
    58. 

  58. </pre>
    59. 

  59. <p>
    60. 

  60.         SSL handshaking must be performed prior to transmitting or receiving data
    61. 

  61.         over an encrypted connection. This is accomplished using the <code class="computeroutput"><span class="identifier">ssl</span><span class="special">::</span><span class="identifier">stream</span></code>
    62. 

  62.         template's <a class="link" href="../reference/ssl__stream/handshake.html" title="ssl::stream::handshake">handshake()</a>
    63. 

  63.         or <a class="link" href="../reference/ssl__stream/async_handshake.html" title="ssl::stream::async_handshake">async_handshake()</a>
    64. 

  64.         member functions.
    65. 

  65.       </p>
    66. 

  66. <p>
    67. 

  67.         Once connected, SSL stream objects are used as synchronous or asynchronous
    68. 

  68.         read and write streams. This means the objects can be used with any of the
    69. 

  69.         <a class="link" href="../reference/read.html" title="read">read()</a>, <a class="link" href="../reference/async_read.html" title="async_read">async_read()</a>,
    70. 

  70.         <a class="link" href="../reference/write.html" title="write">write()</a>, <a class="link" href="../reference/async_write.html" title="async_write">async_write()</a>,
    71. 

  71.         <a class="link" href="../reference/read_until.html" title="read_until">read_until()</a> or <a class="link" href="../reference/async_read_until.html" title="async_read_until">async_read_until()</a>
    72. 

  72.         free functions.
    73. 

  73.       </p>
    74. 

  74. <h5>
    75. 

  75. <a name="asio.overview.ssl.h0"></a>
    76. 

  76.         <span><a name="asio.overview.ssl.certificate_verification"></a></span><a class="link" href="ssl.html#asio.overview.ssl.certificate_verification">Certificate
    77. 

  77.         Verification</a>
    78. 

  78.       </h5>
    79. 

  79. <p>
    80. 

  80.         Asio provides various methods for configuring the way SSL certificates are
    81. 

  81.         verified:
    82. 

  82.       </p>
    83. 

  83. <div class="itemizedlist"><ul class="itemizedlist" type="disc">
    84. 

  84. <li class="listitem">
    85. 

  85.             <a class="link" href="../reference/ssl__context/set_default_verify_paths.html" title="ssl::context::set_default_verify_paths">ssl::context::set_default_verify_paths()</a>
    86. 

  86.           </li>
    87. 

  87. <li class="listitem">
    88. 

  88.             <a class="link" href="../reference/ssl__context/set_verify_mode.html" title="ssl::context::set_verify_mode">ssl::context::set_verify_mode()</a>
    89. 

  89.           </li>
    90. 

  90. <li class="listitem">
    91. 

  91.             <a class="link" href="../reference/ssl__context/set_verify_callback.html" title="ssl::context::set_verify_callback">ssl::context::set_verify_callback()</a>
    92. 

  92.           </li>
    93. 

  93. <li class="listitem">
    94. 

  94.             <a class="link" href="../reference/ssl__context/load_verify_file.html" title="ssl::context::load_verify_file">ssl::context::load_verify_file()</a>
    95. 

  95.           </li>
    96. 

  96. <li class="listitem">
    97. 

  97.             <a class="link" href="../reference/ssl__stream/set_verify_mode.html" title="ssl::stream::set_verify_mode">ssl::stream::set_verify_mode()</a>
    98. 

  98.           </li>
    99. 

  99. <li class="listitem">
    100. 

  100.             <a class="link" href="../reference/ssl__stream/set_verify_callback.html" title="ssl::stream::set_verify_callback">ssl::stream::set_verify_callback()</a>
    101. 

  101.           </li>
    102. 

  102. </ul></div>
    103. 

  103. <p>
    104. 

  104.         To simplify use cases where certificates are verified according to the rules
    105. 

  105.         in RFC 2818 (certificate verification for HTTPS), Asio provides a reusable
    106. 

  106.         verification callback as a function object:
    107. 

  107.       </p>
    108. 

  108. <div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem">
    109. 

  109.             <a class="link" href="../reference/ssl__rfc2818_verification.html" title="ssl::rfc2818_verification">ssl::rfc2818_verification</a>
    110. 

  110.           </li></ul></div>
    111. 

  111. <p>
    112. 

  112.         The following example shows verification of a remote host's certificate according
    113. 

  113.         to the rules used by HTTPS:
    114. 

  114.       </p>
    115. 

  115. <pre class="programlisting"><span class="keyword">using</span> <span class="identifier">asio</span><span class="special">::</span><span class="identifier">ip</span><span class="special">::</span><span class="identifier">tcp</span><span class="special">;</span>
    116. 

  116. <span class="keyword">namespace</span> <span class="identifier">ssl</span> <span class="special">=</span> <span class="identifier">asio</span><span class="special">::</span><span class="identifier">ssl</span><span class="special">;</span>
    117. 

  117. <span class="keyword">typedef</span> <span class="identifier">ssl</span><span class="special">::</span><span class="identifier">stream</span><span class="special">&lt;</span><span class="identifier">tcp</span><span class="special">::</span><span class="identifier">socket</span><span class="special">&gt;</span> <span class="identifier">ssl_socket</span><span class="special">;</span>
    118. 

  118. 

  119. <span class="comment">// Create a context that uses the default paths for</span>
    120. 

  120. <span class="comment">// finding CA certificates.</span>
    121. 

  121. <span class="identifier">ssl</span><span class="special">::</span><span class="identifier">context</span> <span class="identifier">ctx</span><span class="special">(</span><span class="identifier">ssl</span><span class="special">::</span><span class="identifier">context</span><span class="special">::</span><span class="identifier">sslv23</span><span class="special">);</span>
    122. 

  122. <span class="identifier">ctx</span><span class="special">.</span><span class="identifier">set_default_verify_paths</span><span class="special">();</span>
    123. 

  123. 

  124. <span class="comment">// Open a socket and connect it to the remote host.</span>
    125. 

  125. <span class="identifier">asio</span><span class="special">::</span><span class="identifier">io_service</span> <span class="identifier">io_service</span><span class="special">;</span>
    126. 

  126. <span class="identifier">ssl_socket</span> <span class="identifier">sock</span><span class="special">(</span><span class="identifier">io_service</span><span class="special">,</span> <span class="identifier">ctx</span><span class="special">);</span>
    127. 

  127. <span class="identifier">tcp</span><span class="special">::</span><span class="identifier">resolver</span> <span class="identifier">resolver</span><span class="special">(</span><span class="identifier">io_service</span><span class="special">);</span>
    128. 

  128. <span class="identifier">tcp</span><span class="special">::</span><span class="identifier">resolver</span><span class="special">::</span><span class="identifier">query</span> <span class="identifier">query</span><span class="special">(</span><span class="string">"host.name"</span><span class="special">,</span> <span class="string">"https"</span><span class="special">);</span>
    129. 

  129. <span class="identifier">asio</span><span class="special">::</span><span class="identifier">connect</span><span class="special">(</span><span class="identifier">sock</span><span class="special">.</span><span class="identifier">lowest_layer</span><span class="special">(),</span> <span class="identifier">resolver</span><span class="special">.</span><span class="identifier">resolve</span><span class="special">(</span><span class="identifier">query</span><span class="special">));</span>
    130. 

  130. <span class="identifier">sock</span><span class="special">.</span><span class="identifier">lowest_layer</span><span class="special">().</span><span class="identifier">set_option</span><span class="special">(</span><span class="identifier">tcp</span><span class="special">::</span><span class="identifier">no_delay</span><span class="special">(</span><span class="keyword">true</span><span class="special">));</span>
    131. 

  131. 

  132. <span class="comment">// Perform SSL handshake and verify the remote host's</span>
    133. 

  133. <span class="comment">// certificate.</span>
    134. 

  134. <span class="identifier">sock</span><span class="special">.</span><span class="identifier">set_verify_mode</span><span class="special">(</span><span class="identifier">ssl</span><span class="special">::</span><span class="identifier">verify_peer</span><span class="special">);</span>
    135. 

  135. <span class="identifier">sock</span><span class="special">.</span><span class="identifier">set_verify_callback</span><span class="special">(</span><span class="identifier">ssl</span><span class="special">::</span><span class="identifier">rfc2818_verification</span><span class="special">(</span><span class="string">"host.name"</span><span class="special">));</span>
    136. 

  136. <span class="identifier">sock</span><span class="special">.</span><span class="identifier">handshake</span><span class="special">(</span><span class="identifier">ssl_socket</span><span class="special">::</span><span class="identifier">client</span><span class="special">);</span>
    137. 

  137. 

  138. <span class="comment">// ... read and write as normal ...</span>
    139. 

  139. </pre>
    140. 

  140. <h5>
    141. 

  141. <a name="asio.overview.ssl.h1"></a>
    142. 

  142.         <span><a name="asio.overview.ssl.ssl_and_threads"></a></span><a class="link" href="ssl.html#asio.overview.ssl.ssl_and_threads">SSL
    143. 

  143.         and Threads</a>
    144. 

  144.       </h5>
    145. 

  145. <p>
    146. 

  146.         SSL stream objects perform no locking of their own. Therefore, it is essential
    147. 

  147.         that all asynchronous SSL operations are performed in an implicit or explicit
    148. 

  148.         <a class="link" href="core/strands.html" title="Strands: Use Threads Without Explicit Locking">strand</a>. Note that this
    149. 

  149.         means that no synchronisation is required (and so no locking overhead is
    150. 

  150.         incurred) in single threaded programs.
    151. 

  151.       </p>
    152. 

  152. <h5>
    153. 

  153. <a name="asio.overview.ssl.h2"></a>
    154. 

  154.         <span><a name="asio.overview.ssl.see_also"></a></span><a class="link" href="ssl.html#asio.overview.ssl.see_also">See
    155. 

  155.         Also</a>
    156. 

  156.       </h5>
    157. 

  157. <p>
    158. 

  158.         <a class="link" href="../reference/ssl__context.html" title="ssl::context">ssl::context</a>, <a class="link" href="../reference/ssl__rfc2818_verification.html" title="ssl::rfc2818_verification">ssl::rfc2818_verification</a>,
    159. 

  159.         <a class="link" href="../reference/ssl__stream.html" title="ssl::stream">ssl::stream</a>, <a class="link" href="../examples/cpp03_examples.html#asio.examples.cpp03_examples.ssl">SSL
    160. 

  160.         example</a>.
    161. 

  161.       </p>
    162. 

  162. <h5>
    163. 

  163. <a name="asio.overview.ssl.h3"></a>
    164. 

  164.         <span><a name="asio.overview.ssl.notes"></a></span><a class="link" href="ssl.html#asio.overview.ssl.notes">Notes</a>
    165. 

  165.       </h5>
    166. 

  166. <p>
    167. 

  167.         <a href="http://www.openssl.org" target="_top">OpenSSL</a> is required to make use
    168. 

  168.         of Asio's SSL support. When an application needs to use OpenSSL functionality
    169. 

  169.         that is not wrapped by Asio, the underlying OpenSSL types may be obtained
    170. 

  170.         by calling <a class="link" href="../reference/ssl__context/native_handle.html" title="ssl::context::native_handle"><code class="computeroutput"><span class="identifier">ssl</span><span class="special">::</span><span class="identifier">context</span><span class="special">::</span><span class="identifier">native_handle</span><span class="special">()</span></code></a> or <a class="link" href="../reference/ssl__stream/native_handle.html" title="ssl::stream::native_handle"><code class="computeroutput"><span class="identifier">ssl</span><span class="special">::</span><span class="identifier">stream</span><span class="special">::</span><span class="identifier">native_handle</span><span class="special">()</span></code></a>.
    171. 

  171.       </p>
    172. 

  172. </div>
    173. 

  173. <table xmlns:rev="http://www.cs.rpi.edu/~gregod/boost/tools/doc/revision" width="100%"><tr>
    174. 

  174. <td align="left"></td>
    175. 

  175. <td align="right"><div class="copyright-footer">Copyright &#169; 2003-2014 Christopher M. Kohlhoff<p>
    176. 

  176.         Distributed under the Boost Software License, Version 1.0. (See accompanying
    177. 

  177.         file LICENSE_1_0.txt or copy at <a href="http://www.boost.org/LICENSE_1_0.txt" target="_top">http://www.boost.org/LICENSE_1_0.txt</a>)
    178. 

  178.       </p>
    179. 

  179. </div></td>
    180. 

  180. </tr></table>
    181. 

  181. <hr>
    182. 

  182. <div class="spirit-nav">
    183. 

  183. <a accesskey="p" href="windows/object_handle.html"><img src="../../prev.png" alt="Prev"></a><a accesskey="u" href="../overview.html"><img src="../../up.png" alt="Up"></a><a accesskey="h" href="../../index.html"><img src="../../home.png" alt="Home"></a><a accesskey="n" href="cpp2011.html"><img src="../../next.png" alt="Next"></a>
    184. 

  184. </div>
    185. 

  185. </body>
    186. 

  186. </html>
    187.