Support setting client certificate and SSL options on HTTP client (#1090)

2021-11-27 19:11:05 +08:00 · 2021-11-27 19:11:05 +08:00 · 6e6493299e
parent faf3e0c17c
commit 6e6493299e
4 changed files with 55 additions and 2 deletions
--- a/lib/inc/drogon/HttpClient.h
+++ b/lib/inc/drogon/HttpClient.h
@ -258,6 +258,31 @@ class DROGON_EXPORT HttpClient : public trantor::NonCopyable
        return port() == 80;
    }

+    /**
+     * @brief Set the client certificate used by the HTTP connection
+     *
+     * @param cert Path to the certificate
+     * @param key Path to the certificate's private key
+     * @note this method has no effect if the HTTP client is communicating via
+     * unencrypted HTTP
+     */
+    virtual void setCertPath(const std::string &cert,
+                             const std::string &key) = 0;
+
+    /**
+     * @brief Supplies command style options for `SSL_CONF_cmd`
+     *
+     * @param sslConfCmds options for SSL_CONF_cmd
+     * @note this method has no effect if the HTTP client is communicating via
+     * unencrypted HTTP
+     * @code
+     * addSSLConfigs({{"-dhparam", "/path/to/dhparam"}, {"-strict", ""}});
+     * @endcode
+     */
+    virtual void addSSLConfigs(
+        const std::vector<std::pair<std::string, std::string>>
+            &sslConfCmds) = 0;
+
    /// Create a Http client using the hostString to connect to server
    /**
     *
--- a/lib/src/HttpClientImpl.cc
+++ b/lib/src/HttpClientImpl.cc
@ -39,7 +39,12 @@ void HttpClientImpl::createTcpClient()
    {
        LOG_TRACE << "useOldTLS=" << useOldTLS_;
        LOG_TRACE << "domain=" << domain_;
-        tcpClientPtr_->enableSSL(useOldTLS_, validateCert_, domain_);
+        tcpClientPtr_->enableSSL(useOldTLS_,
+                                 validateCert_,
+                                 domain_,
+                                 sslConfCmds_,
+                                 clientCertPath_,
+                                 clientKeyPath_);
    }
 #endif
    auto thisPtr = shared_from_this();
@ -645,3 +650,19 @@ void HttpClientImpl::handleCookies(const HttpResponseImplPtr &resp)
        }
    }
 }
+
+void HttpClientImpl::setCertPath(const std::string &cert,
+                                 const std::string &key)
+{
+    clientCertPath_ = cert;
+    clientKeyPath_ = key;
+}
+
+void HttpClientImpl::addSSLConfigs(
+    const std::vector<std::pair<std::string, std::string>> &sslConfCmds)
+{
+    for (const auto &cmd : sslConfCmds)
+    {
+        sslConfCmds_.push_back(cmd);
+    }
+}
--- a/lib/src/HttpClientImpl.h
+++ b/lib/src/HttpClientImpl.h
@ -101,6 +101,10 @@ class HttpClientImpl final : public HttpClient,
        return useSSL_;
    }

+    void setCertPath(const std::string &cert, const std::string &key) override;
+    void addSSLConfigs(const std::vector<std::pair<std::string, std::string>>
+                           &sslConfCmds) override;
+
  private:
    std::shared_ptr<trantor::TcpClient> tcpClientPtr_;
    trantor::EventLoop *loop_;
@ -133,6 +137,9 @@ class HttpClientImpl final : public HttpClient,
    std::shared_ptr<trantor::Resolver> resolverPtr_;
    bool useOldTLS_{false};
    std::string userAgent_{"DrogonClient"};
+    std::vector<std::pair<std::string, std::string>> sslConfCmds_;
+    std::string clientCertPath_;
+    std::string clientKeyPath_;
 };
 using HttpClientImplPtr = std::shared_ptr<HttpClientImpl>;
 }  // namespace drogon
--- a/2
+++ b/2
@ -1 +1 @@
-Subproject commit 586aacd084e088bbc041350a657b80b143820276
+Subproject commit 63ff8d9bad639c5fa3e6bd7072669813fae4c6af