Inheritance diagram for DcmTLSTransportLayer:
Public Member Functions | |
DcmTLSTransportLayer (int networkRole, const char *randFile) | |
constructor. | |
virtual | ~DcmTLSTransportLayer () |
destructor | |
virtual DcmTransportConnection * | createConnection (int openSocket, OFBool useSecureLayer) |
factory method that returns a new transport connection for the given socket. | |
DcmTransportLayerStatus | setPrivateKeyFile (const char *fileName, int fileType) |
loads the private key used for authentication of this application from a file. | |
DcmTransportLayerStatus | setCertificateFile (const char *fileName, int fileType) |
loads the certificate (public key) used for authentication of this application from a file. | |
OFBool | checkPrivateKeyMatchesCertificate () |
checks if the private key and the certificate set using setPrivateKeyFile() and setCertificateFile() match, i.e. | |
DcmTransportLayerStatus | addTrustedCertificateFile (const char *fileName, int fileType) |
loads a certificate from a file and adds it to the pool of trusted certificates. | |
DcmTransportLayerStatus | addTrustedCertificateDir (const char *pathName, int fileType) |
loads all files as certificates from the specified directory and adds them to the pool of trusted certificates. | |
DcmTransportLayerStatus | setCipherSuites (const char *suites) |
sets the list of ciphersuites to negotiate. | |
OFBool | canWriteRandomSeed () |
checks if enough entropy data is available to write back a modified random seed file. | |
OFBool | writeRandomSeed (const char *randFile) |
writes a modified random seed to file. | |
void | seedPRNG (const char *randFile) |
adds the contents of a file to the seed for the cryptographic pseudo-random number generator. | |
void | addPRNGseed (void *buf, size_t bufSize) |
modifies the PRNG by adding random data from the given buffer to the PRNG state. | |
void | setCertificateVerification (DcmCertificateVerification vtype) |
defines how peer certificates should be treated when negotiating a TLS connection. | |
void | setPrivateKeyPasswd (const char *thePasswd) |
sets the password string to be used when loading an encrypted private key file. | |
void | setPrivateKeyPasswdFromConsole () |
sets the password string to be used when loading an encrypted private key file to be read from the console stdin. | |
OFBool | setTempDHParameters (const char *filename) |
loads a set of Diffie-Hellman parameters from file. | |
Static Public Member Functions | |
static unsigned long | getNumberOfCipherSuites () |
returns the number of known ciphersuites. | |
static const char * | getTLSCipherSuiteName (unsigned long idx) |
returns a ciphersuite name in RFC 2246 (TLS) form | |
static const char * | getOpenSSLCipherSuiteName (unsigned long idx) |
returns a ciphersuite name in OpenSSL form | |
static const char * | findOpenSSLCipherSuiteName (const char *tlsCipherSuiteName) |
finds the OpenSSL ciphersuite name for a given RFC 2246 ciphersuite name. | |
static OFString | dumpX509Certificate (X509 *peerCertificate) |
gets the most important attributes of the given X.509 certificate. | |
Private Member Functions | |
DcmTLSTransportLayer (const DcmTLSTransportLayer &) | |
private undefined copy constructor | |
DcmTLSTransportLayer & | operator= (const DcmTLSTransportLayer &) |
private undefined assignment operator | |
Private Attributes | |
SSL_CTX * | transportLayerContext |
OpenSSL context data, needed only once per application. | |
OFBool | canWriteRandseed |
true if there is enough random data to write a new random seed file | |
OFString | privateKeyPasswd |
contains the password for the private key if set on command line |
the pool of trusted certificates, the key and certificate to be used for authentication and the list of ciphersuite to be used for association negotiation.
Definition at line 79 of file tlslayer.h.
DcmTLSTransportLayer::DcmTLSTransportLayer | ( | int | networkRole, | |
const char * | randFile | |||
) |
constructor.
networkRole | network role to be used by the application, influences the choice of the secure transport layer code. | |
randFile | path to file used to feed the random generator |
virtual DcmTransportConnection* DcmTLSTransportLayer::createConnection | ( | int | openSocket, | |
OFBool | useSecureLayer | |||
) | [virtual] |
factory method that returns a new transport connection for the given socket.
Depending on the second parameter, either a transparent or a secure connection is established. If the object cannot be created (e. g. because no secure layer is available), returns NULL.
openSocket | TCP/IP socket to be used for the transport connection. the connection must already be establised on socket level. If a non-null pointer is returned, the new connection object takes over control of the socket. | |
useSecureLayer | if true, a secure layer is used. If false, a transparent layer is used. |
Reimplemented from DcmTransportLayer.
DcmTransportLayerStatus DcmTLSTransportLayer::setPrivateKeyFile | ( | const char * | fileName, | |
int | fileType | |||
) |
loads the private key used for authentication of this application from a file.
fileName | path to the private key file | |
fileType,must | be SSL_FILETYPE_PEM or SSL_FILETYPE_ASN1 |
DcmTransportLayerStatus DcmTLSTransportLayer::setCertificateFile | ( | const char * | fileName, | |
int | fileType | |||
) |
loads the certificate (public key) used for authentication of this application from a file.
fileName | path to the certificate file | |
fileType,must | be SSL_FILETYPE_PEM or SSL_FILETYPE_ASN1 |
OFBool DcmTLSTransportLayer::checkPrivateKeyMatchesCertificate | ( | ) |
checks if the private key and the certificate set using setPrivateKeyFile() and setCertificateFile() match, i.e.
if they establish a private/public key pair.
DcmTransportLayerStatus DcmTLSTransportLayer::addTrustedCertificateFile | ( | const char * | fileName, | |
int | fileType | |||
) |
loads a certificate from a file and adds it to the pool of trusted certificates.
fileName | path to the certificate file | |
fileType,must | be SSL_FILETYPE_PEM or SSL_FILETYPE_ASN1 |
DcmTransportLayerStatus DcmTLSTransportLayer::addTrustedCertificateDir | ( | const char * | pathName, | |
int | fileType | |||
) |
loads all files as certificates from the specified directory and adds them to the pool of trusted certificates.
fileName | path to the directory containing certificate files | |
fileType,must | be SSL_FILETYPE_PEM or SSL_FILETYPE_ASN1 |
DcmTransportLayerStatus DcmTLSTransportLayer::setCipherSuites | ( | const char * | suites | ) |
sets the list of ciphersuites to negotiate.
suites | string containing the list of ciphersuites. The list must be in OpenSSL syntax (use findOpenSSLCipherSuiteName to convert from RFC 2246 ciphersuite names to OpenSSL names), with ciphersuites separated by ':' characters. |
static unsigned long DcmTLSTransportLayer::getNumberOfCipherSuites | ( | ) | [static] |
returns the number of known ciphersuites.
static const char* DcmTLSTransportLayer::getTLSCipherSuiteName | ( | unsigned long | idx | ) | [static] |
returns a ciphersuite name in RFC 2246 (TLS) form
idx | index, must be < getNumberOfCipherSuites() |
static const char* DcmTLSTransportLayer::getOpenSSLCipherSuiteName | ( | unsigned long | idx | ) | [static] |
returns a ciphersuite name in OpenSSL form
idx | index, must be < getNumberOfCipherSuites() |
static const char* DcmTLSTransportLayer::findOpenSSLCipherSuiteName | ( | const char * | tlsCipherSuiteName | ) | [static] |
finds the OpenSSL ciphersuite name for a given RFC 2246 ciphersuite name.
tlsCipherSuiteName | ciphersuite name in RFC 2246 form |
OFBool DcmTLSTransportLayer::canWriteRandomSeed | ( | ) | [inline] |
checks if enough entropy data is available to write back a modified random seed file.
Definition at line 177 of file tlslayer.h.
References canWriteRandseed.
OFBool DcmTLSTransportLayer::writeRandomSeed | ( | const char * | randFile | ) |
writes a modified random seed to file.
randFile | path of file to write |
void DcmTLSTransportLayer::seedPRNG | ( | const char * | randFile | ) |
adds the contents of a file to the seed for the cryptographic pseudo-random number generator.
The file should contain real random entropy data gathered from keystrokes, system events, /dev/random (on Linux) or something similar. If the TLS layer object is not initialized with sufficient random data, negotiation of TLS connections may fail.
randFile | path of the file containing random data |
void DcmTLSTransportLayer::addPRNGseed | ( | void * | buf, | |
size_t | bufSize | |||
) |
modifies the PRNG by adding random data from the given buffer to the PRNG state.
buf | pointer to buffer containing random data number of bytes in buffer |
void DcmTLSTransportLayer::setCertificateVerification | ( | DcmCertificateVerification | vtype | ) |
defines how peer certificates should be treated when negotiating a TLS connection.
vtype | certificate verification mode |
void DcmTLSTransportLayer::setPrivateKeyPasswd | ( | const char * | thePasswd | ) |
sets the password string to be used when loading an encrypted private key file.
Must be called prior to setPrivateKeyFile() in order to be effective.
thePasswd | password string, may be "" or NULL in which case an empty password is assumed. |
OFBool DcmTLSTransportLayer::setTempDHParameters | ( | const char * | filename | ) |
loads a set of Diffie-Hellman parameters from file.
These parameters are required for DH, DHE or DSS ciphersuites.
filename | path to the DH parameter file |
static OFString DcmTLSTransportLayer::dumpX509Certificate | ( | X509 * | peerCertificate | ) | [static] |
gets the most important attributes of the given X.509 certificate.
peerCertificate | X.509 certificate, may be NULL |