alternative asio client based on botan (WIP)

Author: Hannes Rantzsch

Release/include/cpprest/http_client.h

@@ -61,6 +61,11 @@ typedef void* native_handle;
 #include "cpprest/oauth2.h"
 
 #if !defined(_WIN32) && !defined(__cplusplus_winrt) || defined(CPPREST_FORCE_HTTP_CLIENT_ASIO)
+
+#if defined(CPPREST_BOTAN_SSL)
+#include <botan/asio_context.h>
+#else  // CPPREST_BOTAN_SSL
+
 #if defined(__clang__)
 #pragma clang diagnostic push
 #pragma clang diagnostic ignored "-Wconversion"
@@ -69,6 +74,9 @@ typedef void* native_handle;
 #if defined(__clang__)
 #pragma clang diagnostic pop
 #endif
+
+#endif  // CPPREST_BOTAN_SSL
+
 #endif
 
 /// The web namespace contains functionality common to multiple protocols like HTTP and WebSockets.
@@ -86,6 +94,12 @@ namespace client
 using web::credentials;
 using web::web_proxy;
 
+#if defined(CPPREST_BOTAN_SSL)
+using ssl_context_t = Botan::TLS::Context;
+#else
+using ssl_context_t = boost::asio::ssl::context;
+#endif
+
 /// <summary>
 /// HTTP client configuration class, used to set the possible configuration options
 /// used to create an http_client instance.
@@ -334,15 +348,15 @@ class http_client_config
     /// </summary>
     /// <param name="callback">A user callback allowing for customization of the ssl context at construction
     /// time.</param>
-    void set_ssl_context_callback(const std::function<void(boost::asio::ssl::context&)>& callback)
+    void set_ssl_context_callback(const std::function<void(ssl_context_t&)>& callback)
     {
         m_ssl_context_callback = callback;
     }
 
     /// <summary>
     /// Gets the user's callback to allow for customization of the ssl context.
     /// </summary>
-    const std::function<void(boost::asio::ssl::context&)>& get_ssl_context_callback() const
+    const std::function<void(ssl_context_t&)>& get_ssl_context_callback() const
     {
         return m_ssl_context_callback;
     }
@@ -386,7 +400,7 @@ class http_client_config
     std::function<void(native_handle)> m_set_user_nativesessionhandle_options;
 
 #if !defined(_WIN32) && !defined(__cplusplus_winrt) || defined(CPPREST_FORCE_HTTP_CLIENT_ASIO)
-    std::function<void(boost::asio::ssl::context&)> m_ssl_context_callback;
+    std::function<void(ssl_context_t&)> m_ssl_context_callback;
     bool m_tlsext_sni_enabled;
 #endif
 #if defined(_WIN32) && !defined(__cplusplus_winrt)
@@ -402,6 +416,8 @@ class http_pipeline;
 class http_client
 {
 public:
+    using ssl_context = ssl_context_t;
+
     /// <summary>
     /// Creates a new http_client connected to specified uri.
     /// </summary>

Release/src/http/client/http_client_asio.cpp

@@ -25,12 +25,19 @@
 #pragma clang diagnostic ignored "-Wunused-local-typedef"
 #pragma clang diagnostic ignored "-Winfinite-recursion"
 #endif
+
 #include <boost/algorithm/string.hpp>
+#include <boost/asio/steady_timer.hpp>
+#include <boost/bind.hpp>
+
+#if defined(CPPREST_BOTAN_SSL)
+#include <botan/asio_stream.h>
+#else
 #include <boost/asio.hpp>
 #include <boost/asio/ssl.hpp>
 #include <boost/asio/ssl/error.hpp>
-#include <boost/asio/steady_timer.hpp>
-#include <boost/bind.hpp>
+#endif
+
 #if defined(__clang__)
 #pragma clang diagnostic pop
 #endif
@@ -87,8 +94,7 @@ namespace
 {
 const std::string CRLF("\r\n");
 
-std::string calc_cn_host(const web::http::uri& baseUri,
-                         const web::http::http_headers& requestHeaders)
+std::string calc_cn_host(const web::http::uri& baseUri, const web::http::http_headers& requestHeaders)
 {
     std::string result;
     if (baseUri.scheme() == U("https"))
@@ -142,9 +148,18 @@ static std::string generate_base64_userpass(const ::web::credentials& creds)
 
 class asio_connection_pool;
 
+#if defined(CPPREST_BOTAN_SSL)
+using ssl_stream_t = Botan::TLS::Stream<tcp::socket&, Botan::TLS::Client>;
+using ssl_handshake_type_t = Botan::TLS::handshake_type;
+#else
+using ssl_stream_t = boost::asio::ssl::stream<tcp::socket&>;
+using ssl_handshake_type_t = boost::asio::ssl::stream_base::handshake_type;
+#endif
+
 class asio_connection
 {
     friend class asio_client;
+    using ssl_context_t = http_client::ssl_context;
 
 public:
     asio_connection(boost::asio::io_service& io_service)
@@ -161,20 +176,24 @@ class asio_connection
     ~asio_connection() { close(); }
 
     // This simply instantiates the internal state to support ssl. It does not perform the handshake.
-    void upgrade_to_ssl(std::string&& cn_hostname,
-                        const std::function<void(boost::asio::ssl::context&)>& ssl_context_callback)
+    void upgrade_to_ssl(std::string&& cn_hostname, const std::function<void(ssl_context_t&)>& ssl_context_callback)
     {
         std::lock_guard<std::mutex> lock(m_socket_lock);
         assert(!is_ssl());
+#if defined(CPPREST_BOTAN_SSL)
+        Botan::TLS::Context ssl_context;
+        ssl_context_callback(ssl_context);
+        ssl_context.serverInfo = Botan::TLS::Server_Information(m_cn_hostname);
+#else
         boost::asio::ssl::context ssl_context(boost::asio::ssl::context::sslv23);
         ssl_context.set_default_verify_paths();
         ssl_context.set_options(boost::asio::ssl::context::default_workarounds);
         if (ssl_context_callback)
         {
             ssl_context_callback(ssl_context);
         }
-        m_ssl_stream = utility::details::make_unique<boost::asio::ssl::stream<boost::asio::ip::tcp::socket&>>(
-            m_socket, ssl_context);
+#endif
+        m_ssl_stream = utility::details::make_unique<ssl_stream_t>(m_socket, ssl_context);
         m_cn_hostname = std::move(cn_hostname);
     }
 
@@ -232,6 +251,7 @@ class asio_connection
             // server due to inactivity. Unfortunately, the exact error we get
             // in this case depends on the Boost.Asio version used.
 #if BOOST_ASIO_VERSION >= 101008
+            // TODO
             if (boost::asio::ssl::error::stream_truncated == ec) return true;
 #else // Asio < 1.10.8 didn't have ssl::error::stream_truncated
             if (boost::system::error_code(ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SHORT_READ),
@@ -259,14 +279,17 @@ class asio_connection
     }
 
     template<typename HandshakeHandler, typename CertificateHandler>
-    void async_handshake(boost::asio::ssl::stream_base::handshake_type type,
+    void async_handshake(ssl_handshake_type_t type,
                          const http_client_config& config,
                          const HandshakeHandler& handshake_handler,
                          const CertificateHandler& cert_handler)
     {
         std::lock_guard<std::mutex> lock(m_socket_lock);
         assert(is_ssl());
 
+#if !defined(CPPREST_BOTAN_SSL)
+        // This is configured via the Botan::TLS::Context callback in the Botan case
+
         // Check to turn on/off server certificate verification.
         if (config.validate_certificates())
         {
@@ -283,7 +306,7 @@ class asio_connection
         {
             SSL_set_tlsext_host_name(m_ssl_stream->native_handle(), &m_cn_hostname[0]);
         }
-
+#endif
         m_ssl_stream->async_handshake(type, handshake_handler);
     }
 
@@ -337,7 +360,7 @@ class asio_connection
     // as normal message processing.
     std::mutex m_socket_lock;
     tcp::socket m_socket;
-    std::unique_ptr<boost::asio::ssl::stream<tcp::socket&>> m_ssl_stream;
+    std::unique_ptr<ssl_stream_t> m_ssl_stream;
     std::string m_cn_hostname;
 
     bool m_is_reused;
@@ -1062,10 +1085,13 @@ class asio_context final : public request_context, public std::enable_shared_fro
         {
             const auto weakCtx = std::weak_ptr<asio_context>(shared_from_this());
             m_connection->async_handshake(
-                boost::asio::ssl::stream_base::client,
+                ssl_handshake_type_t::client,
                 m_http_client->client_config(),
                 boost::bind(&asio_context::handle_handshake, shared_from_this(), boost::asio::placeholders::error),
 
+#if defined(CPPREST_BOTAN_SSL)
+                false // unused
+#else
                 // Use a weak_ptr since the verify_callback is stored until the connection is
                 // destroyed. This avoids creating a circular reference since we pool connection
                 // objects.
@@ -1076,7 +1102,9 @@ class asio_context final : public request_context, public std::enable_shared_fro
                         return this_request->handle_cert_verification(preverified, verify_context);
                     }
                     return false;
-                });
+                }
+#endif
+            );
         }
         else
         {
@@ -1096,7 +1124,7 @@ class asio_context final : public request_context, public std::enable_shared_fro
         }
         else
         {
-            report_error("Error in SSL handshake", ec, httpclient_errorcode_context::handshake);
+            report_error("Error in SSL handshake: " + ec.message(), ec, httpclient_errorcode_context::handshake);
         }
     }
 

Release/tests/functional/http/client/client_construction.cpp

@@ -181,7 +181,7 @@ SUITE(client_construction)
         http_client_config config;
         bool called = false;
 
-        config.set_ssl_context_callback([&called](boost::asio::ssl::context& ctx) { called = true; });
+        config.set_ssl_context_callback([&called](http_client::ssl_context& ctx) { called = true; });
 
         http_client client("https://www.google.com/", config);
 
@@ -202,7 +202,7 @@ SUITE(client_construction)
         http_client_config config;
         bool called = false;
 
-        config.set_ssl_context_callback([&called](boost::asio::ssl::context& ctx) { called = true; });
+        config.set_ssl_context_callback([&called](http_client::ssl_context& ctx) { called = true; });
 
         http_client client("http://www.google.com/", config);
 

Release/tests/functional/http/listener/listener_construction_tests.cpp

@@ -425,7 +425,7 @@ SUITE(listener_construction_tests)
         }
     }
 
-#if !defined(_WIN32) && !defined(__cplusplus_winrt) || defined(CPPREST_FORCE_HTTP_LISTENER_ASIO)
+#if (!defined(_WIN32) && !defined(__cplusplus_winrt) || defined(CPPREST_FORCE_HTTP_LISTENER_ASIO)) && !defined(CPPREST_BOTAN_SSL)
 
     TEST_FIXTURE(uri_address, create_https_listener_get, "Ignore", "github 209")
     {