#include <tls_client.h>
Public Member Functions | |
| std::string | application_protocol () const override |
| Client (const std::shared_ptr< Callbacks > &callbacks, const std::shared_ptr< Session_Manager > &session_manager, const std::shared_ptr< Credentials_Manager > &creds, const std::shared_ptr< const Policy > &policy, const std::shared_ptr< RandomNumberGenerator > &rng, Server_Information server_info=Server_Information(), Protocol_Version offer_version=Protocol_Version::latest_tls_version(), const std::vector< std::string > &next_protocols={}, size_t reserved_io_buffer_size=TLS::Client::IO_BUF_DEFAULT_SIZE) | |
| void | close () override |
| std::optional< std::string > | external_psk_identity () const override |
| size_t | from_peer (std::span< const uint8_t > data) override |
| bool | is_active () const override |
| bool | is_closed () const override |
| bool | is_closed_for_reading () const override |
| bool | is_closed_for_writing () const override |
| bool | is_handshake_complete () const override |
| SymmetricKey | key_material_export (std::string_view label, std::string_view context, size_t length) const override |
| std::vector< X509_Certificate > | peer_cert_chain () const override |
| std::shared_ptr< const Public_Key > | peer_raw_public_key () const override |
| size_t | received_data (const uint8_t buf[], size_t buf_size) |
| size_t | received_data (std::span< const uint8_t > data) |
| void | renegotiate (bool force_full_renegotiation=false) override |
| bool | secure_renegotiation_supported () const override |
| void | send (const uint8_t buf[], size_t buf_size) |
| void | send (std::span< const uint8_t > data) |
| void | send (std::string_view s) |
| void | send_alert (const Alert &alert) override |
| void | send_fatal_alert (Alert::Type type) override |
| void | send_warning_alert (Alert::Type type) override |
| bool | timeout_check () override |
| void | to_peer (std::span< const uint8_t > data) override |
| void | update_traffic_keys (bool request_peer_update=false) override |
| ~Client () override | |
Static Public Attributes | |
| static constexpr size_t | IO_BUF_DEFAULT_SIZE = 10 * 1024 |
Detailed Description
SSL/TLS Client
Definition at line 28 of file tls_client.h.
Constructor & Destructor Documentation
◆ Client()
| Botan::TLS::Client::Client | ( | const std::shared_ptr< Callbacks > & | callbacks, |
| const std::shared_ptr< Session_Manager > & | session_manager, | ||
| const std::shared_ptr< Credentials_Manager > & | creds, | ||
| const std::shared_ptr< const Policy > & | policy, | ||
| const std::shared_ptr< RandomNumberGenerator > & | rng, | ||
| Server_Information | server_info = Server_Information(), | ||
| Protocol_Version | offer_version = Protocol_Version::latest_tls_version(), | ||
| const std::vector< std::string > & | next_protocols = {}, | ||
| size_t | reserved_io_buffer_size = TLS::Client::IO_BUF_DEFAULT_SIZE ) |
Initialize a new TLS client. The constructor will immediately initiate a new session.
The callbacks parameter specifies the various application callbacks which pertain to this particular client connection.
The session_manager is an interface for storing TLS sessions, which allows for session resumption upon reconnecting to a server. In the absence of a need for persistent sessions, use TLS::Session_Manager_In_Memory which caches connections for the lifetime of a single process.
The credentials_manager is an interface that will be called to retrieve any certificates, private keys, or pre-shared keys.
Use the optional server_info to specify the DNS name of the server you are attempting to connect to, if you know it. This helps the server select what certificate to use and helps the client validate the connection.
Use the optional offer_version to control the version of TLS you wish the client to offer. Normally, you'll want to offer the most recent version of (D)TLS that is available, however some broken servers are intolerant of certain versions being offered, and for classes of applications that have to deal with such servers (typically web browsers) it may be necessary to implement a version backdown strategy if the initial attempt fails.
- Warning
- Implementing such a backdown strategy allows an attacker to downgrade your connection to the weakest protocol that both you and the server support.
Setting offer_version is also used to offer DTLS instead of TLS; use TLS::Protocol_Version::latest_dtls_version().
Optionally, the client will advertise next_protocols to the server using the ALPN extension.
The optional reserved_io_buffer_size specifies how many bytes to pre-allocate in the I/O buffers. Use this if you want to control how much memory the channel uses initially (the buffers will be resized as needed to process inputs). Otherwise some reasonable default is used. The TLS 1.3 implementation ignores this.
Definition at line 30 of file tls_client.cpp.
References BOTAN_ARG_CHECK, and Botan::TLS::Protocol_Version::is_datagram_protocol().
◆ ~Client()
|
overridedefault |
References application_protocol(), close(), external_psk_identity(), from_peer(), is_active(), is_closed(), is_closed_for_reading(), is_closed_for_writing(), is_handshake_complete(), key_material_export(), peer_cert_chain(), peer_raw_public_key(), renegotiate(), secure_renegotiation_supported(), send_alert(), send_fatal_alert(), send_warning_alert(), timeout_check(), to_peer(), and update_traffic_keys().
Member Function Documentation
◆ application_protocol()
|
overridevirtual |
- Returns
- network protocol as advertised by the TLS server, if server sent the ALPN extension
Implements Botan::TLS::Channel.
Definition at line 172 of file tls_client.cpp.
Referenced by ~Client().
◆ close()
|
overridevirtual |
Send a close notification alert
Implements Botan::TLS::Channel.
Definition at line 164 of file tls_client.cpp.
Referenced by ~Client().
◆ external_psk_identity()
|
overridevirtual |
Implements Botan::TLS::Channel.
Definition at line 128 of file tls_client.cpp.
Referenced by ~Client().
◆ from_peer()
|
overridevirtual |
Implements Botan::TLS::Channel.
Definition at line 90 of file tls_client.cpp.
Referenced by ~Client().
◆ is_active()
|
overridevirtual |
Check whether the connection is ready to send application data. Note that a TLS 1.3 server MAY send data before receiving the client's Finished message. Only after receiving the client's Finished, can the server be sure about the client's liveness and (optional) identity.
Consider using is_handshake_complete() if you need to wait until the handshake if fully complete.
- Returns
- true iff the connection is active for sending application data
Implements Botan::TLS::Channel.
Definition at line 104 of file tls_client.cpp.
Referenced by ~Client().
◆ is_closed()
|
overridevirtual |
Note: For TLS 1.3 a connection is closed only after both peers have signaled a "close_notify". While TLS 1.2 automatically responded in suit once the peer had sent "close_notify", TLS 1.3 allows to continue transmitting data even if the peer closed their writing end.
- Returns
- true iff the connection has been definitely closed
Implements Botan::TLS::Channel.
Definition at line 108 of file tls_client.cpp.
Referenced by ~Client().
◆ is_closed_for_reading()
|
overridevirtual |
- Returns
- true iff the peer closed their channel (i.e. no more incoming data expected)
Implements Botan::TLS::Channel.
Definition at line 112 of file tls_client.cpp.
Referenced by ~Client().
◆ is_closed_for_writing()
|
overridevirtual |
- Returns
- true iff we closed our channel (i.e. no more outgoing data allowed)
Implements Botan::TLS::Channel.
Definition at line 116 of file tls_client.cpp.
Referenced by ~Client().
◆ is_handshake_complete()
|
overridevirtual |
Becomes true as soon as the TLS handshake is fully complete and all security assurances TLS provides can be guaranteed.
- Returns
- true once the TLS handshake has finished successfully
Implements Botan::TLS::Channel.
Definition at line 100 of file tls_client.cpp.
Referenced by ~Client().
◆ key_material_export()
|
overridevirtual |
Key material export (RFC 5705)
- Parameters
-
label a disambiguating label string context a per-association context value length the length of the desired key in bytes
- Returns
- key of length bytes
Implements Botan::TLS::Channel.
Definition at line 132 of file tls_client.cpp.
Referenced by ~Client().
◆ peer_cert_chain()
|
overridevirtual |
- Returns
- certificate chain of the peer (may be empty)
Implements Botan::TLS::Channel.
Definition at line 120 of file tls_client.cpp.
Referenced by ~Client().
◆ peer_raw_public_key()
|
overridevirtual |
- Returns
- raw public key of the peer (may be nullptr)
Implements Botan::TLS::Channel.
Definition at line 124 of file tls_client.cpp.
Referenced by ~Client().
◆ received_data() [1/2]
|
inlineinherited |
Definition at line 48 of file tls_channel.h.
References from_peer().
◆ received_data() [2/2]
|
inlineinherited |
Inject TLS traffic received from counterparty
- Returns
- a hint as to how many more bytes we need to process the current record (this may be 0 if on a record boundary)
Definition at line 46 of file tls_channel.h.
References from_peer().
◆ renegotiate()
|
overridevirtual |
Attempt to renegotiate the session
- Parameters
-
force_full_renegotiation if true, require a full renegotiation, otherwise allow session resumption
Implements Botan::TLS::Channel.
Definition at line 136 of file tls_client.cpp.
Referenced by ~Client().
◆ secure_renegotiation_supported()
|
overridevirtual |
- Returns
- true iff the counterparty supports the secure renegotiation extensions.
Implements Botan::TLS::Channel.
Definition at line 144 of file tls_client.cpp.
Referenced by ~Client().
◆ send() [1/3]
|
inlineinherited |
Definition at line 56 of file tls_channel.h.
References to_peer().
◆ send() [2/3]
|
inlineinherited |
Inject plaintext intended for counterparty Throws an exception if is_active() is false
Definition at line 54 of file tls_channel.h.
References to_peer().
◆ send() [3/3]
|
inlineinherited |
Inject plaintext intended for counterparty Throws an exception if is_active() is false
Definition at line 62 of file tls_channel.h.
References send().
Referenced by send().
◆ send_alert()
|
overridevirtual |
Inject plaintext intended for counterparty Throws an exception if is_active() is false Send a TLS alert message. If the alert is fatal, the internal state (keys, etc) will be reset.
- Parameters
-
alert the Alert to send
Implements Botan::TLS::Channel.
Definition at line 152 of file tls_client.cpp.
Referenced by ~Client().
◆ send_fatal_alert()
|
overridevirtual |
Send a fatal alert
Implements Botan::TLS::Channel.
Definition at line 160 of file tls_client.cpp.
Referenced by ~Client().
◆ send_warning_alert()
|
overridevirtual |
Send a warning alert
Implements Botan::TLS::Channel.
Definition at line 156 of file tls_client.cpp.
Referenced by ~Client().
◆ timeout_check()
|
overridevirtual |
Perform a handshake timeout check.
This function does nothing unless the channel represents a DTLS connection and a handshake is actively in progress. In this case it will check the current timeout state and potentially initiate retransmission of handshake packets.
- Returns
- true if a timeout condition occurred
Implements Botan::TLS::Channel.
Definition at line 168 of file tls_client.cpp.
Referenced by ~Client().
◆ to_peer()
|
overridevirtual |
Implements Botan::TLS::Channel.
Definition at line 148 of file tls_client.cpp.
Referenced by ~Client().
◆ update_traffic_keys()
|
overridevirtual |
Attempt to update the session's traffic key material Note that this is possible with a TLS 1.3 channel, only.
- Parameters
-
request_peer_update if true, require a reciprocal key update
Implements Botan::TLS::Channel.
Definition at line 140 of file tls_client.cpp.
Referenced by ~Client().
Member Data Documentation
◆ IO_BUF_DEFAULT_SIZE
|
staticconstexprinherited |
Definition at line 32 of file tls_channel.h.
Referenced by Botan::TLS::Channel_Impl_13::expect_downgrade().
The documentation for this class was generated from the following files:
- src/lib/tls/tls_client.h
- src/lib/tls/tls_client.cpp
Generated by
1.13.2