diff options
| author | Håvard Pettersen <havardpe@oath.com> | 2020-02-17 13:21:43 +0000 |
|---|---|---|
| committer | Håvard Pettersen <havardpe@oath.com> | 2020-02-21 09:47:50 +0000 |
| commit | 6e23a79c7cef059495a2163de38aca02b8e3c79d (patch) | |
| tree | 416e3fca69e6b00b643345bf68de9d4d8c81f444 /vespalib | |
| parent | 25bcc44fcf22a5e4737d6d4551b4a292bc04d4e0 (diff) | |
use authority for sni
Diffstat (limited to 'vespalib')
5 files changed, 24 insertions, 0 deletions
diff --git a/vespalib/src/vespa/vespalib/net/crypto_engine.h b/vespalib/src/vespa/vespalib/net/crypto_engine.h index 4deacf9a6c7..71511b8a552 100644 --- a/vespalib/src/vespa/vespalib/net/crypto_engine.h +++ b/vespalib/src/vespa/vespalib/net/crypto_engine.h @@ -19,6 +19,8 @@ class SocketSpec; **/ struct CryptoEngine { using SP = std::shared_ptr<CryptoEngine>; + virtual bool use_tls_when_client() const = 0; + virtual bool always_use_tls_when_server() const = 0; virtual CryptoSocket::UP create_client_crypto_socket(SocketHandle socket, const SocketSpec &spec) = 0; virtual CryptoSocket::UP create_server_crypto_socket(SocketHandle socket) = 0; virtual ~CryptoEngine(); @@ -29,6 +31,8 @@ struct CryptoEngine { * Crypto engine without encryption. **/ struct NullCryptoEngine : public CryptoEngine { + bool use_tls_when_client() const override { return false; } + bool always_use_tls_when_server() const override { return false; } CryptoSocket::UP create_client_crypto_socket(SocketHandle socket, const SocketSpec &spec) override; CryptoSocket::UP create_server_crypto_socket(SocketHandle socket) override; }; @@ -39,6 +43,8 @@ struct NullCryptoEngine : public CryptoEngine { * from TLS. **/ struct XorCryptoEngine : public CryptoEngine { + bool use_tls_when_client() const override { return false; } + bool always_use_tls_when_server() const override { return false; } CryptoSocket::UP create_client_crypto_socket(SocketHandle socket, const SocketSpec &spec) override; CryptoSocket::UP create_server_crypto_socket(SocketHandle socket) override; }; diff --git a/vespalib/src/vespa/vespalib/net/tls/auto_reloading_tls_crypto_engine.cpp b/vespalib/src/vespa/vespalib/net/tls/auto_reloading_tls_crypto_engine.cpp index c425ab75ce8..bdb2402adbc 100644 --- a/vespalib/src/vespa/vespalib/net/tls/auto_reloading_tls_crypto_engine.cpp +++ b/vespalib/src/vespa/vespalib/net/tls/auto_reloading_tls_crypto_engine.cpp @@ -99,6 +99,18 @@ CryptoSocket::UP AutoReloadingTlsCryptoEngine::create_server_crypto_socket(Socke return acquire_current_engine()->create_server_crypto_socket(std::move(socket)); } +bool +AutoReloadingTlsCryptoEngine::use_tls_when_client() const +{ + return acquire_current_engine()->use_tls_when_client(); +} + +bool +AutoReloadingTlsCryptoEngine::always_use_tls_when_server() const +{ + return acquire_current_engine()->always_use_tls_when_server(); +} + std::unique_ptr<TlsCryptoSocket> AutoReloadingTlsCryptoEngine::create_tls_client_crypto_socket(SocketHandle socket, const SocketSpec &spec) { return acquire_current_engine()->create_tls_client_crypto_socket(std::move(socket), spec); diff --git a/vespalib/src/vespa/vespalib/net/tls/auto_reloading_tls_crypto_engine.h b/vespalib/src/vespa/vespalib/net/tls/auto_reloading_tls_crypto_engine.h index e268cbc8f1a..1b80b782daf 100644 --- a/vespalib/src/vespa/vespalib/net/tls/auto_reloading_tls_crypto_engine.h +++ b/vespalib/src/vespa/vespalib/net/tls/auto_reloading_tls_crypto_engine.h @@ -47,6 +47,8 @@ public: CryptoSocket::UP create_client_crypto_socket(SocketHandle socket, const SocketSpec &spec) override; CryptoSocket::UP create_server_crypto_socket(SocketHandle socket) override; + bool use_tls_when_client() const override; + bool always_use_tls_when_server() const override; std::unique_ptr<TlsCryptoSocket> create_tls_client_crypto_socket(SocketHandle socket, const SocketSpec &spec) override; std::unique_ptr<TlsCryptoSocket> create_tls_server_crypto_socket(SocketHandle socket) override; }; diff --git a/vespalib/src/vespa/vespalib/net/tls/maybe_tls_crypto_engine.h b/vespalib/src/vespa/vespalib/net/tls/maybe_tls_crypto_engine.h index 147a770bc8f..ece7d094c54 100644 --- a/vespalib/src/vespa/vespalib/net/tls/maybe_tls_crypto_engine.h +++ b/vespalib/src/vespa/vespalib/net/tls/maybe_tls_crypto_engine.h @@ -28,6 +28,8 @@ public: : _null_engine(std::make_shared<NullCryptoEngine>()), _tls_engine(std::move(tls_engine)), _use_tls_when_client(use_tls_when_client) {} + bool use_tls_when_client() const override { return _use_tls_when_client; } + bool always_use_tls_when_server() const override { return false; } CryptoSocket::UP create_client_crypto_socket(SocketHandle socket, const SocketSpec &spec) override; CryptoSocket::UP create_server_crypto_socket(SocketHandle socket) override; }; diff --git a/vespalib/src/vespa/vespalib/net/tls/tls_crypto_engine.h b/vespalib/src/vespa/vespalib/net/tls/tls_crypto_engine.h index 5e760cf5585..444a817b357 100644 --- a/vespalib/src/vespa/vespalib/net/tls/tls_crypto_engine.h +++ b/vespalib/src/vespa/vespalib/net/tls/tls_crypto_engine.h @@ -27,6 +27,8 @@ public: net::tls::AuthorizationMode authz_mode = net::tls::AuthorizationMode::Enforce); std::unique_ptr<TlsCryptoSocket> create_tls_client_crypto_socket(SocketHandle socket, const SocketSpec &spec) override; std::unique_ptr<TlsCryptoSocket> create_tls_server_crypto_socket(SocketHandle socket) override; + bool use_tls_when_client() const override { return true; } + bool always_use_tls_when_server() const override { return true; } CryptoSocket::UP create_client_crypto_socket(SocketHandle socket, const SocketSpec &spec) override { return create_tls_client_crypto_socket(std::move(socket), spec); } |