TLS

include/sockpp/connector.h

@@ -69,6 +69,8 @@ class connector : public stream_socket
 	connector(const connector&) =delete;
 	connector& operator=(const connector&) =delete;
 
+    bool recreate(const sock_address& addr);
+
 public:
 	/**
 	 * Creates an unconnected connector.
@@ -80,6 +82,14 @@ class connector : public stream_socket
 	 * @param addr The remote server address. 
 	 */
 	connector(const sock_address& addr) { connect(addr); }
+	/**
+	 * Creates the connector and attempts to connect to the specified
+	 * address, with a timeout.
+     * If the operation times out, the \ref last_error will be set to ETIMEOUT.
+	 * @param addr The remote server address.
+     * @param t The duration after which to give up. Zero means never.
+	 */
+	connector(const sock_address& addr, std::chrono::milliseconds t) { connect(addr, t); }
 	/**
 	 * Move constructor.
 	 * Creates a connector by moving the other connector to this one.
@@ -112,6 +122,16 @@ class connector : public stream_socket
 	 * @return @em true on success, @em false on error
 	 */
 	bool connect(const sock_address& addr);
+	/**
+     * Attempts to connect to the specified server, with a timeout.
+     * If the socket is currently connected, this will close the current
+     * connection and open the new one.
+     * If the operation times out, the \ref last_error will be set to ETIMEOUT.
+	 * @param addr The remote server address.
+     * @param timeout The duration after which to give up. Zero means never.
+	 * @return @em true on success, @em false on error
+	 */
+	bool connect(const sock_address& addr, std::chrono::microseconds timeout);
 };
 
 /////////////////////////////////////////////////////////////////////////////
@@ -182,6 +202,18 @@ class connector_tmpl : public connector
 	 * @return @em true on success, @em false on error
 	 */
 	bool connect(const addr_t& addr) { return base::connect(addr); }
+	/**
+     * Attempts to connect to the specified server, with a timeout.
+     * If the socket is currently connected, this will close the current
+     * connection and open the new one.
+     * If the operation times out, the \ref last_error will be set to ETIMEOUT.
+	 * @param addr The remote server address.
+     * @param timeout The duration after which to give up. Zero means never.
+	 * @return @em true on success, @em false on error
+	 */
+	bool connect(const addr_t& addr, std::chrono::microseconds timeout) {
+        return base::connect(addr, timeout);
+    }
 };
 
 /////////////////////////////////////////////////////////////////////////////

include/sockpp/mbedtls_context.h

@@ -0,0 +1,120 @@
+/**
+ * @file mbedtls_socket.h
+ *
+ * TLS (SSL) socket implementation using mbedTLS.
+ *
+ * @author Jens Alfke
+ * @author Couchbase, Inc.
+ * @author www.couchbase.com
+ *
+ * @date August 2019
+ */
+
+// --------------------------------------------------------------------------
+// This file is part of the "sockpp" C++ socket library.
+//
+// Copyright (c) 2014-2019 Frank Pagliughi
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+// 1. Redistributions of source code must retain the above copyright notice,
+// this list of conditions and the following disclaimer.
+//
+// 2. Redistributions in binary form must reproduce the above copyright
+// notice, this list of conditions and the following disclaimer in the
+// documentation and/or other materials provided with the distribution.
+//
+// 3. Neither the name of the copyright holder nor the names of its
+// contributors may be used to endorse or promote products derived from this
+// software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
+// IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
+// THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+// PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR
+// CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+// EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+// PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+// PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+// LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+// NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+// SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+// --------------------------------------------------------------------------
+
+#ifndef __sockpp_mbedtls_socket_h
+#define __sockpp_mbedtls_socket_h
+
+#include "sockpp/tls_context.h"
+#include "sockpp/tls_socket.h"
+#include <memory>
+#include <string>
+#include <functional>
+
+struct mbedtls_pk_context;
+struct mbedtls_ssl_config;
+struct mbedtls_x509_crt;
+
+namespace sockpp {
+
+    /**
+     * A concrete implementation of \ref tls_context, using the mbedTLS library.
+     * You probably don't want to use this class directly, unless you want to instantiate a
+     * custom context so you can have different contexts for different sockets.
+     */
+    class mbedtls_context : public tls_context {
+    public:
+        mbedtls_context(role_t = CLIENT);
+        ~mbedtls_context() override;
+
+        void set_root_certs(const std::string &certData) override;
+        void require_peer_cert(role_t, bool) override;
+        void allow_only_certificate(const std::string &certData) override;
+
+        void allow_only_certificate(mbedtls_x509_crt *certificate);
+
+        /**
+         * Sets the identity certificate and private key using mbedTLS objects.
+         */
+        void set_identity(mbedtls_x509_crt *certificate,
+                          mbedtls_pk_context *private_key);
+
+        void set_identity(const std::string &certificate_data,
+                          const std::string &private_key_data) override;
+
+        std::unique_ptr<tls_socket> wrap_socket(std::unique_ptr<stream_socket> socket,
+                                                role_t,
+                                                const std::string &peer_name) override;
+
+        role_t role();
+
+        static mbedtls_x509_crt* get_system_root_certs();
+
+        using Logger = std::function<void(int level, const char *filename, int line, const char *message)>;
+        void set_logger(int threshold, Logger);
+
+    private:
+        struct cert;
+        struct key;
+
+        int verify_callback(mbedtls_x509_crt *crt, int depth, uint32_t *flags);
+        static std::unique_ptr<cert> parse_cert(const std::string &cert_data, bool partialOk);
+
+        std::unique_ptr<mbedtls_ssl_config> ssl_config_;
+        std::unique_ptr<cert> root_certs_;
+        std::unique_ptr<cert> pinned_cert_;
+
+        std::unique_ptr<cert> identity_cert_;
+        std::unique_ptr<key> identity_key_;
+        Logger logger_;
+
+        static cert *s_system_root_certs;
+
+        friend class mbedtls_socket;
+    };
+
+}
+
+#endif

include/sockpp/platform.h

@@ -78,11 +78,7 @@
 	#ifndef _SSIZE_T_DEFINED 
 		#define _SSIZE_T_DEFINED 
 		#undef ssize_t
-		#ifdef _WIN64 
-			using ssize_t = int64_t;
-		#else 
-			using ssize_t = int;
-		#endif // _WIN64 
+        using ssize_t = SSIZE_T;
 	#endif // _SSIZE_T_DEFINED
 
     #ifndef _SUSECONDS_T

include/sockpp/socket.h

@@ -415,7 +415,7 @@ class socket
 	 * @param on Whether to turn non-blocking mode on or off.
 	 * @return @em true on success, @em false on failure.
 	 */
-	bool set_non_blocking(bool on=true);
+	virtual bool set_non_blocking(bool on=true);
     /**
      * Gets a string describing the specified error.
      * This is typically the returned message from the system strerror().
@@ -445,14 +445,16 @@ class socket
 	 *  	@li SHUT_RDWR (2) Further reads and writes disallowed.
 	 * @return @em true on success, @em false on error.
 	 */
-	bool shutdown(int how=SHUT_RDWR);
+	virtual bool shutdown(int how=SHUT_RDWR);
 	/**
 	 * Closes the socket.
 	 * After closing the socket, the handle is @em invalid, and can not be
 	 * used again until reassigned.
 	 * @return @em true if the sock is closed, @em false on error.
 	 */
-	bool close();
+	virtual bool close();
+
+    friend struct ioresult;
 };
 
 /////////////////////////////////////////////////////////////////////////////

include/sockpp/stream_socket.h

@@ -54,6 +54,26 @@ namespace sockpp {
 
 /////////////////////////////////////////////////////////////////////////////
 
+/**
+ * Result of a thread-safe read or write
+ * (\ref read_r, \ref read_n_r, \ref write_r, \ref write_n_r)
+ */
+struct ioresult {
+    size_t count = 0;               ///< Byte count, or 0 on error or EOF
+    int error = 0;                  ///< errno value (0 if no error or EOF)
+
+    ioresult() = default;
+
+    ioresult(size_t c, int e) :count(c), error(e) { }
+
+    explicit inline ioresult(ssize_t n) {
+        if (n >= 0)
+            count = size_t(n);
+        else
+            error = socket::get_last_error();
+    }
+};
+
 /**
  * Base class for streaming sockets, such as TCP and Unix Domain.
  * This is the streaming connection between two peers. It looks like a
@@ -206,6 +226,12 @@ class stream_socket : public socket
 	bool write_timeout(const std::chrono::duration<Rep,Period>& to) {
 		return write_timeout(std::chrono::duration_cast<std::chrono::microseconds>(to));
 	}
+
+    virtual ioresult read_r(void *buf, size_t n);
+    virtual ioresult read_n_r(void *buf, size_t n);
+    virtual ioresult write_r(const void *buf, size_t n);
+    virtual ioresult write_n_r(const void *buf, size_t n);
+
 };
 
 /////////////////////////////////////////////////////////////////////////////