1 /**
2 * SSL support.
3 *
4 * License:
5 * This Source Code Form is subject to the terms of
6 * the Mozilla Public License, v. 2.0. If a copy of
7 * the MPL was not distributed with this file, You
8 * can obtain one at http://mozilla.org/MPL/2.0/.
9 *
10 * Authors:
11 * Vladimir Panteleev <ae@cy.md>
12 */13 14 moduleae.net.ssl;
15 16 importae.net.asockets : IConnection, ConnectionAdapter;
17 18 /// Abstract interface for an SSL context provider.19 classSSLProvider20 {
21 /// Create an SSL context of the given kind (client or server).22 abstractSSLContextcreateContext(SSLContext.Kindkind);
23 24 /// Create a connection adapter using the given context.25 abstractSSLAdaptercreateAdapter(SSLContextcontext, IConnectionnext);
26 }
27 28 /// The default (null) `SSLProvider` implementation.29 /// Throws an assertion failure.30 classNoSSLProvider : SSLProvider31 {
32 overrideSSLContextcreateContext(SSLContext.Kindkind)
33 {
34 assert(false, "SSL implementation not set");
35 } ///36 37 overrideSSLAdaptercreateAdapter(SSLContextcontext, IConnectionnext)
38 {
39 assert(false, "SSL implementation not set");
40 } ///41 }
42 43 enumSSLVersion44 {
45 unspecified,
46 ssl3,
47 tls1,
48 tls11,
49 tls12,
50 tls13,
51 }
52 53 /// Abstract interface for an SSL context.54 abstractclassSSLContext55 {
56 /// Context kind.57 enumKind58 {
59 client, ///60 server, ///61 }
62 63 /// Whether to verify the peer certificate.64 enumVerify65 {
66 none, /// Do not verify or require.67 verify, /// Verify the certificate if one is specified.68 require, /// Require a certificate and verify it.69 }
70 71 abstractvoidsetCipherList(string[] ciphers); /// Configure OpenSSL-like cipher list.72 abstractvoidenableDH(intbits); /// Enable Diffie-Hellman key exchange with the specified key size.73 abstractvoidenableECDH(); /// Enable elliptic-curve DH key exchange.74 abstractvoidsetCertificate(stringpath); /// Load and use a local certificate from the given file.75 abstractvoidsetPrivateKey(stringpath); /// Load and use the certificate private key from the given file.76 abstractvoidsetPreSharedKey(stringid, const(ubyte)[] key); /// Use a pre-shared key instead of using certificate-based peer verification.77 abstractvoidsetPeerVerify(Verifyverify); /// Configure peer certificate verification.78 abstractvoidsetPeerRootCertificate(stringpath); /// Require that peer certificates are signed by the specified root certificate.79 abstractvoidsetFlags(int); /// Configure provider-specific flags.80 abstractvoidsetMinimumVersion(SSLVersion); /// Set the minimum protocol version.81 abstractvoidsetMaximumVersion(SSLVersion); /// Set the maximum protocol version.82 }
83 84 /// Base class for a connection adapter with TLS encryption.85 abstractclassSSLAdapter : ConnectionAdapter86 {
87 this(IConnectionnext) { super(next); } ///88 89 /// Specifies the expected host name (used for peer verification).90 abstractvoidsetHostName(stringhostname, ushortport = 0, stringservice = null);
91 92 /// Retrieves the SNI hostname, if one was indicated.93 abstractstringgetSNIHostname();
94 95 /// Retrieves the host (local) certificate.96 abstractSSLCertificategetHostCertificate();
97 98 /// Retrieves the peer (remote) certificate.99 abstractSSLCertificategetPeerCertificate();
100 }
101 102 /// Abstract interface for an SSL certificate.103 abstractclassSSLCertificate104 {
105 /// Returns the full certificate subject name.106 abstractstringgetSubjectName();
107 }
108 109 /// The current global SSL provider.110 SSLProviderssl;
111 112 staticthis()
113 {
114 assert(!ssl);
115 ssl = newNoSSLProvider();
116 }