ts::TLSServer Class Reference

Implementation of a SSL/TLS server. More...

#include <tsTLSServer.h>

Inheritance diagram for ts::TLSServer:

Collaboration diagram for ts::TLSServer:

Public Types
using	SuperClass = TCPServer
	Reference to the superclass.

Public Member Functions
	TLSServer ()
	Constructor.
	TLSServer (const TLSArgs &args)
	Constructor with initial arguments.
virtual bool	accept (TCPConnection &client, IPSocketAddress &addr, Report &report=(ts::CerrReport::Instance())) override
	Wait for an incoming client connection.
bool	bind (const IPSocketAddress &addr, Report &report=(ts::CerrReport::Instance()))
	Bind to a local address and port.
virtual bool	close (Report &report=(ts::CerrReport::Instance())) override
	Close the socket.
IP	generation () const
	Get the IP generation with which the socket was open.
const UString &	getCertificatePath () const
	Get the certificate path for the server.
const UString &	getCertificateStore () const
	Get the certificate store.
const UString &	getKeyPath () const
	Get the private key path for the server.
bool	getLocalAddress (IPSocketAddress &addr, Report &report=(ts::CerrReport::Instance()))
	Get local socket address.
SysSocketType	getSocket () const
	Get the underlying socket device handle (use with care).
bool	isOpen () const
	Check if socket is open.
virtual bool	listen (int backlog, Report &report=(ts::CerrReport::Instance())) override
	Start the server.
virtual bool	open (IP gen, Report &report=(ts::CerrReport::Instance())) override
	Open the socket.
bool	reusePort (bool reuse_port, Report &report=(ts::CerrReport::Instance()))
	Set the "reuse port" option.
void	setArgs (const TLSArgs &args)
	Set command line arguments for the server.
void	setCertificatePath (const UString &path)
	Set the certificate path for the server.
void	setCertificateStore (const UString &name)
	Set the certificate store.
bool	setKeepAlive (bool active, Report &report=(ts::CerrReport::Instance()))
	Set the "keep alive" option.
void	setKeyPath (const UString &path)
	Set the private key path for the server.
bool	setLingerTime (int seconds, Report &report=(ts::CerrReport::Instance()))
	Set the linger time option.
bool	setNoDelay (bool active, Report &report=(ts::CerrReport::Instance()))
	Set the "no delay" option.
bool	setNoLinger (Report &report=(ts::CerrReport::Instance()))
	Remove the linger time option.
bool	setReceiveBufferSize (size_t size, Report &report=(ts::CerrReport::Instance()))
	Set the receive buffer size.
bool	setReceiveTimeout (cn::milliseconds timeout, Report &report=(ts::CerrReport::Instance()))
	Set the receive timeout.
bool	setSendBufferSize (size_t size, Report &report=(ts::CerrReport::Instance()))
	Set the send buffer size.
bool	setTTL (int ttl, Report &report=(ts::CerrReport::Instance()))
	Set the Time To Live (TTL) option.

Protected Member Functions
bool	convert (IPAddress &addr, Report &report) const
	Convert an IP address to make it compatible with the socket IP generation.
bool	createSocket (IP gen, int type, int protocol, Report &report)
	Create the socket.
virtual void	declareOpened (SysSocketType sock, Report &report) override
	Set an open socket descriptor from a subclass.
virtual void	handleClosed (Report &report)
	This virtual method can be overriden by subclasses to be notified of close.
virtual void	handleOpened (Report &report)
	This virtual method can be overriden by subclasses to be notified of open.

Protected Attributes
std::recursive_mutex	_mutex {}
	Mutex protecting this object.

Detailed Description

Implementation of a SSL/TLS server.

Creating a test private key and its self-signed certificate

On UNIX systems (with OpenSSL):

openssl req -quiet -newkey rsa:3072 -new -noenc -x509 -subj="/CN=$(hostname)" -days 3650 -keyout key.pem -out cert.pem

To display the properties of the certificate:

openssl x509 -in cert.pem -noout -text

On Windows:

New-SelfSignedCertificate -FriendlyName "Test Server" -Type SSLServerAuthentication `
    -DnsName @([System.Net.Dns]::GetHostName(), "localhost") `
    -CertStoreLocation Cert:\CurrentUser\My `
    -KeyAlgorithm "RSA" -KeyLength 3072

To display the properties of the certificate:

Get-ChildItem Cert:\CurrentUser\My | Where-Object -Property FriendlyName -eq "Test Server" | Format-List

A self-signed certificate is considered as invalid. So, make sure to ignore this error. With curl, use option –insecure or -k.

To view the certificate of a server using OpenSSL:

openssl s_client -showcerts -servername <name> -connect <name>:<port> </dev/null | openssl x509 -noout -text

Constructor & Destructor Documentation

TLSServer()

ts::TLSServer::TLSServer ( const TLSArgs &  args )

inline

Constructor with initial arguments.

Parameters

[in]

args

Initial TLS arguments.

Member Function Documentation

setArgs()

void ts::TLSServer::setArgs

(

const TLSArgs &

args

)

Set command line arguments for the server.

Parameters

[in]

args

TLS arguments.

setCertificatePath()

void ts::TLSServer::setCertificatePath ( const UString &  path )

inline

Set the certificate path for the server.

Parameters

[in]

path

Path to the certificate. On UNIX systems (with OpenSSL), this is the path name of the certificate file in PEM format. On Windows, this is the name of a certificate, either its "friendly name", its subject name (without "CN="), its DNS name.

getCertificatePath()

const UString & ts::TLSServer::getCertificatePath ( ) const

inline

Get the certificate path for the server.

Returns

A constant reference to the path to the certificate.

See also

setCertificatePath()

setKeyPath()

void ts::TLSServer::setKeyPath ( const UString &  path )

inline

Set the private key path for the server.

Parameters

[in]

path

Path to the private key. On UNIX systems (with OpenSSL), this is the path name of the private key file in PEM format. On Windows, the private key is retrieved with the certificate and this parameter is unused.

getKeyPath()

const UString & ts::TLSServer::getKeyPath ( ) const

inline

Get the private key path for the server.

Returns

A constant reference to the path to the private key.

See also

setKeyPath()

setCertificateStore()

void ts::TLSServer::setCertificateStore ( const UString &  name )

inline

Set the certificate store.

Parameters

[in]

name

On UNIX systems (with OpenSSL), this parameter is unused. On Windows, the possible values are "system" (Cert:\LocalMachine\My) and "user" (Cert:\CurrentUser\My). The default is "user".

getCertificateStore()

const UString & ts::TLSServer::getCertificateStore ( ) const

inline

Get the certificate store.

Returns

A constant reference to the name of the certificate store.

See also

setCertificateStore()

listen()

virtual bool ts::TLSServer::listen ( int  backlog, Report &  report = (ts::CerrReport::Instance())  )

overridevirtual

Start the server.

Here, starting the server means starting to listen to incoming client connections. Internally to the kernel, the incoming connections are queued up to backlog. When the method accept() is invoked and some incoming connections are already queued in the kernel, the oldest one is immediately accepted. Otherwise, accept() blocks until a new incoming connection arrives.

Parameters

[in]	backlog	Maximum number of incoming connections which allowed to queue in the kernel until the next call to accept(). Note that this value is a minimum queue size. But the kernel may accept more. There is no guarantee that additional incoming connections will be rejected if more than backlog are already queueing.
[in,out]	report	Where to report error.

Returns

True on success, false on error.

Reimplemented from ts::TCPServer.

accept()

virtual bool ts::TLSServer::accept ( TCPConnection &  client, IPSocketAddress &  addr, Report &  report = (ts::CerrReport::Instance())  )

overridevirtual

Wait for an incoming client connection.

Parameters

[out]	client	This object receives the new connection. Upon successful return from accept(), the TCPConnection object is a properly connected TCP session. Once the connection is completed, the TCPConnection objects on the client side and the server side are symmetric and can be used the same way.
[out]	addr	This object receives the socket address of the client. If the server wants to filter client connections based on their IP address, it may use addr for that.
[in,out]	report	Where to report error.

Returns

True on success, false on error.

See also

listen()

Reimplemented from ts::TCPServer.

close()

virtual bool ts::TLSServer::close ( Report &  report = (ts::CerrReport::Instance()) )

overridevirtual

Close the socket.

Parameters

[in,out]

report

Where to report error.

Returns

True on success, false on error.

Reimplemented from ts::TCPServer.

setTTL()

bool ts::TCPSocket::setTTL ( int  ttl, Report &  report = (ts::CerrReport::Instance())  )

inherited

Set the Time To Live (TTL) option.

Parameters

[in]	ttl	The TTL value, ie. the maximum number of "hops" between routers before an IP packet is dropped.
[in,out]	report	Where to report error.

Returns

True on success, false on error.

setNoLinger()

bool ts::TCPSocket::setNoLinger ( Report &  report = (ts::CerrReport::Instance()) )

inherited

Remove the linger time option.

Parameters

[in,out]

report

Where to report error.

Returns

True on success, false on error.

setLingerTime()

bool ts::TCPSocket::setLingerTime ( int  seconds, Report &  report = (ts::CerrReport::Instance())  )

inherited

Set the linger time option.

Parameters

[in]	seconds	Number of seconds to wait after shuting down the socket.
[in,out]	report	Where to report error.

Returns

True on success, false on error.

setKeepAlive()

bool ts::TCPSocket::setKeepAlive ( bool  active, Report &  report = (ts::CerrReport::Instance())  )

inherited

Set the "keep alive" option.

Parameters

[in]	active	If true, the socket periodically sends "keep alive" packets when the connection is idle.
[in,out]	report	Where to report error.

Returns

True on success, false on error.

setNoDelay()

bool ts::TCPSocket::setNoDelay ( bool  active, Report &  report = (ts::CerrReport::Instance())  )

inherited

Set the "no delay" option.

Parameters

[in]	active	If true, the socket immediately sends outgoing packets. By default, a TCP socket waits a small amount of time after a send() operation to get a chance to group outgoing data from successive send() operations into one single packet.
[in,out]	report	Where to report error.

Returns

True on success, false on error.

bind()

bool ts::TCPSocket::bind ( const IPSocketAddress &  addr, Report &  report = (ts::CerrReport::Instance())  )

inherited

Bind to a local address and port.

The IP address part of the socket address must one of:

• IPAddress::AnyAddress4. Any local interface may be used to connect to a server (client side) or to receive incoming client connections (server side).
• The IP address of an interface of the local system. Outgoing connections (client side) will be only allowed through this interface. Incoming client connections (server side) will be accepted only when they arrive through the selected interface.

The port number part of the socket address must be one of:

• IPSocketAddress::AnyPort. The socket is bound to an arbitrary unused local TCP port. This is the usual configuration for a TCP client.
• A specific port number. This is the usual configuration for a TCP server. If this TCP port is already bound by another local TCP socket, the bind operation fails, unless the "reuse port" option has already been set.

Parameters

[in]	addr	Local socket address to bind to.
[in,out]	report	Where to report error.

Returns

True on success, false on error.

open()

virtual bool ts::TCPSocket::open ( IP  gen, Report &  report = (ts::CerrReport::Instance())  )

overridevirtualinherited

Open the socket.

Parameters

[in]	gen	IP generation, IPv4 or IPv6. If set to IP::Any, open an IPv6 socket (IPv4 connections allowed).
[in,out]	report	Where to report error.

Returns

True on success, false on error.

Implements ts::Socket.

handleOpened()

virtual void ts::TCPSocket::handleOpened ( Report &  report )

protectedvirtualinherited

This virtual method can be overriden by subclasses to be notified of open.

All subclasses should explicitly invoke their superclass' handlers.

Parameters

[in,out]

report

Where to report error.

handleClosed()

virtual void ts::TCPSocket::handleClosed ( Report &  report )

protectedvirtualinherited

This virtual method can be overriden by subclasses to be notified of close.

All subclasses should explicitly invoke their superclass' handlers.

Parameters

[in,out]

report

Where to report error.

Reimplemented in ts::TCPConnection.

declareOpened()

virtual void ts::TCPSocket::declareOpened ( SysSocketType  sock, Report &  report  )

overrideprotectedvirtualinherited

Set an open socket descriptor from a subclass.

This method is used by a server to declare that a client socket has just become opened.

Parameters

[in]	sock	New socket descriptor.
[in,out]	report	Where to report error.

Reimplemented from ts::Socket.

isOpen()

bool ts::Socket::isOpen ( ) const

inlineinherited

Check if socket is open.

Returns

True if socket is open.

generation()

IP ts::Socket::generation ( ) const

inlineinherited

Get the IP generation with which the socket was open.

Returns

The IP generation used to open the socket. Never IP::Any.

setSendBufferSize()

bool ts::Socket::setSendBufferSize ( size_t  size, Report &  report = (ts::CerrReport::Instance())  )

inherited

Set the send buffer size.

Parameters

[in]	size	Send buffer size in bytes.
[in,out]	report	Where to report error.

Returns

True on success, false on error.

setReceiveBufferSize()

bool ts::Socket::setReceiveBufferSize ( size_t  size, Report &  report = (ts::CerrReport::Instance())  )

inherited

Set the receive buffer size.

Parameters

[in]	size	Receive buffer size in bytes.
[in,out]	report	Where to report error.

Returns

True on success, false on error.

setReceiveTimeout()

bool ts::Socket::setReceiveTimeout ( cn::milliseconds  timeout, Report &  report = (ts::CerrReport::Instance())  )

inherited

Set the receive timeout.

Parameters

[in]	timeout	Receive timeout in milliseconds. If negative or zero, receive timeout is not used, reception waits forever.
[in,out]	report	Where to report error.

Returns

True on success, false on error.

reusePort()

bool ts::Socket::reusePort ( bool  reuse_port, Report &  report = (ts::CerrReport::Instance())  )

inherited

Set the "reuse port" option.

Parameters

[in]	reuse_port	If true, the socket is allowed to reuse a local UDP port which is already bound.
[in,out]	report	Where to report error.

Returns

True on success, false on error.

getLocalAddress()

bool ts::Socket::getLocalAddress ( IPSocketAddress &  addr, Report &  report = (ts::CerrReport::Instance())  )

inherited

Get local socket address.

Parameters

[out]	addr	Local socket address of the connection.
[in,out]	report	Where to report error.

Returns

True on success, false on error.

getSocket()

SysSocketType ts::Socket::getSocket ( ) const

inlineinherited

Get the underlying socket device handle (use with care).

This method is reserved for low-level operations and should not be used by normal applications.

Returns

The underlying socket system device handle or file descriptor. Return SYS_SOCKET_INVALID if the socket is not open.

createSocket()

bool ts::Socket::createSocket ( IP  gen, int  type, int  protocol, Report &  report  )

protectedinherited

Create the socket.

Parameters

[in]	gen	IP generation.
[in]	type	Socket type: SOCK_STREAM, SOCK_DGRAM
[in]	protocol	Socket protocol: IPPROTO_TCP, IPPROTO_UDP
[in,out]	report	Where to report error.

Returns

True on success, false on error.

See also

open(ge, Report&)

convert()

bool ts::Socket::convert ( IPAddress &  addr, Report &  report  ) const

protectedinherited

Convert an IP address to make it compatible with the socket IP generation.

Parameters

	addr	[in,out] The address to convert.
[in,out]	report	Where to report error.

Returns

True on success, false on error.

---

The documentation for this class was generated from the following file:

• tsTLSServer.h