add client cert support for websocket (drogonframework#1967)

qwerity · Mar 4, 2024 · 4cbac30 · 4cbac30
1 parent 88d0668
commit 4cbac30
Show file tree

Hide file tree

Showing 3 changed files with 53 additions and 1 deletion.
diff --git a/lib/inc/drogon/WebSocketClient.h b/lib/inc/drogon/WebSocketClient.h
@@ -90,6 +90,31 @@ class DROGON_EXPORT WebSocketClient
     virtual void connectToServer(const HttpRequestPtr &request,
                                  const WebSocketRequestCallback &callback) = 0;
 
+    /**
+     * @brief Set the client certificate used by the HTTP connection
+     *
+     * @param cert Path to the certificate
+     * @param key Path to the certificate's private key
+     * @note this method has no effect if the HTTP client is communicating via
+     * unencrypted HTTP
+     */
+    virtual void setCertPath(const std::string &cert,
+                             const std::string &key) = 0;
+
+    /**
+     * @brief Supplies command style options for `SSL_CONF_cmd`
+     *
+     * @param sslConfCmds options for SSL_CONF_cmd
+     * @note this method has no effect if the HTTP client is communicating via
+     * unencrypted HTTP
+     * @code
+       addSSLConfigs({{"-dhparam", "/path/to/dhparam"}, {"-strict", ""}});
+     * @endcode
+     */
+    virtual void addSSLConfigs(
+        const std::vector<std::pair<std::string, std::string>>
+            &sslConfCmds) = 0;
+
 #ifdef __cpp_impl_coroutine
     /**
      * @brief Set messages handler. When a message is received from the server,

diff --git a/lib/src/WebSocketClientImpl.cc b/lib/src/WebSocketClientImpl.cc
@@ -57,7 +57,10 @@ void WebSocketClientImpl::createTcpClient()
         auto policy = trantor::TLSPolicy::defaultClientPolicy();
         policy->setUseOldTLS(useOldTLS_)
             .setValidate(validateCert_)
-            .setHostname(domain_);
+            .setHostname(domain_)
+            .setConfCmds(sslConfCmds_)
+            .setCertPath(clientCertPath_)
+            .setKeyPath(clientKeyPath_);
         tcpClientPtr_->enableSSL(std::move(policy));
     }
     auto thisPtr = shared_from_this();
@@ -452,6 +455,22 @@ void WebSocketClientImpl::connectToServer(
     }
 }
 
+void WebSocketClientImpl::setCertPath(const std::string &cert,
+                                      const std::string &key)
+{
+    clientCertPath_ = cert;
+    clientKeyPath_ = key;
+}
+
+void WebSocketClientImpl::addSSLConfigs(
+    const std::vector<std::pair<std::string, std::string>> &sslConfCmds)
+{
+    for (const auto &cmd : sslConfCmds)
+    {
+        sslConfCmds_.push_back(cmd);
+    }
+}
+
 WebSocketClientPtr WebSocketClient::newWebSocketClient(const std::string &ip,
                                                        uint16_t port,
                                                        bool useSSL,

diff --git a/lib/src/WebSocketClientImpl.h b/lib/src/WebSocketClientImpl.h
@@ -51,6 +51,11 @@ class WebSocketClientImpl
     void connectToServer(const HttpRequestPtr &request,
                          const WebSocketRequestCallback &callback) override;
 
+    void setCertPath(const std::string &cert, const std::string &key) override;
+
+    void addSSLConfigs(const std::vector<std::pair<std::string, std::string>>
+                           &sslConfCmds) override;
+
     trantor::EventLoop *getLoop() override
     {
         return loop_;
@@ -83,6 +88,9 @@ class WebSocketClientImpl
     bool stop_{false};
     std::string wsKey_;
     std::string wsAccept_;
+    std::string clientCertPath_;
+    std::string clientKeyPath_;
+    std::vector<std::pair<std::string, std::string>> sslConfCmds_;
 
     HttpRequestPtr upgradeRequest_;
     std::function<void(std::string &&,