29 _ca_tag(TLS_TAG_NONE),
30 _cert_tag(TLS_TAG_NONE),
31 _key_tag(TLS_TAG_NONE),
32 _next_tag(TAG_BASE) {}
37 bool setCACert(
const uint8_t* pem,
size_t len) {
return _addCredential(TLS_CREDENTIAL_CA_CERTIFICATE, pem, len, &_ca_tag); }
39 bool setCertificate(
const uint8_t* pem,
size_t len) {
return _addCredential(TLS_CREDENTIAL_PUBLIC_CERTIFICATE, pem, len, &_cert_tag); }
41 bool setPrivateKey(
const uint8_t* pem,
size_t len) {
return _addCredential(TLS_CREDENTIAL_PRIVATE_KEY, pem, len, &_key_tag); }
47 int connect(
const char* host, uint16_t port)
override {
50 struct sockaddr_storage addr = {};
51 socklen_t addrlen =
sizeof(addr);
53 if (
_resolve(host, port, (
struct sockaddr*)&addr, &addrlen) < 0)
56 _sock = zsock_socket(addr.ss_family, SOCK_STREAM, IPPROTO_TLS_1_2);
57 if (
_sock < 0)
return 0;
59 if (!_configureTLS(host)) {
65 if (zsock_connect(
_sock, (
struct sockaddr*)&addr, addrlen) < 0) {
71 int connect(uint32_t ip, uint16_t port)
override {
72 char host[INET_ADDRSTRLEN];
73 struct in_addr addr_in;
75 zsock_inet_ntop(AF_INET, &addr_in, host,
sizeof(host));
81 sec_tag_t _ca_tag, _cert_tag, _key_tag, _next_tag;
83 static constexpr sec_tag_t TAG_BASE = 100;
84 static constexpr sec_tag_t TLS_TAG_NONE = 0;
86 bool _addCredential(
enum tls_credential_type type,
87 const uint8_t* data,
size_t len, sec_tag_t* tag_out) {
88 if (!data || len == 0)
return false;
89 sec_tag_t tag = _next_tag++;
90 if (tls_credential_add(tag, type, data, len) < 0) { --_next_tag;
return false; }
95 bool _configureTLS(
const char* host) {
96 int verify = _insecure ? TLS_PEER_VERIFY_NONE : TLS_PEER_VERIFY_REQUIRED;
97 if (zsock_setsockopt(
_sock, SOL_TLS, TLS_PEER_VERIFY, &verify,
sizeof(verify)) < 0)
100 if (host && !_insecure)
101 if (zsock_setsockopt(
_sock, SOL_TLS, TLS_HOSTNAME, host, strlen(host)) < 0)
104 sec_tag_t tags[3];
int n = 0;
105 if (_ca_tag != TLS_TAG_NONE) tags[n++] = _ca_tag;
106 if (_cert_tag != TLS_TAG_NONE) tags[n++] = _cert_tag;
107 if (_key_tag != TLS_TAG_NONE) tags[n++] = _key_tag;
110 if (zsock_setsockopt(
_sock, SOL_TLS, TLS_SEC_TAG_LIST, tags, n *
sizeof(sec_tag_t)) < 0)