Add security::server_name and security::on_certificate_verify options.
diff --git a/asio/include/asio/security/on_certificate_verify.hpp b/asio/include/asio/security/on_certificate_verify.hpp
new file mode 100644
index 0000000..36205dd
--- /dev/null
+++ b/asio/include/asio/security/on_certificate_verify.hpp
@@ -0,0 +1,104 @@
+//
+// security/on_certificate_verify.hpp
+// ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+//
+// Copyright (c) 2003-2021 Christopher M. Kohlhoff (chris at kohlhoff dot com)
+//
+// Distributed under the Boost Software License, Version 1.0. (See accompanying
+// file LICENSE_1_0.txt or copy at http://www.boost.org/LICENSE_1_0.txt)
+//
+
+#ifndef ASIO_SECURITY_ON_CERTIFICATE_VERIFY_HPP
+#define ASIO_SECURITY_ON_CERTIFICATE_VERIFY_HPP
+
+#if defined(_MSC_VER) && (_MSC_VER >= 1200)
+# pragma once
+#endif // defined(_MSC_VER) && (_MSC_VER >= 1200)
+
+#include "asio/detail/config.hpp"
+
+#if defined(ASIO_HAS_APPLE_NETWORK_FRAMEWORK)
+
+#include "asio/detail/apple_nw_ptr.hpp"
+#include <Network/Network.h>
+
+#include "asio/detail/push_options.hpp"
+
+namespace asio {
+namespace security {
+
+/// Socket option to set the certificate verification callback.
+template <typename Function>
+class on_certificate_verify
+{
+public:
+ explicit on_certificate_verify(Function f)
+ : f_(ASIO_MOVE_CAST(Function)(f))
+ {
+ }
+
+ // The following functions comprise the extensible interface for the
+ // SettableSocketOption concept when targeting the Apple Network Framework.
+
+ // Set the socket option on the specified connection.
+ static void apple_nw_set(const void* self, nw_parameters_t parameters,
+ nw_connection_t, asio::error_code& ec)
+ {
+ static_cast<const on_certificate_verify*>(self)->do_set(parameters, ec);
+ }
+
+ // Set the socket option on the specified listener.
+ static void apple_nw_set(const void* self,
+ nw_parameters_t parameters, nw_listener_t,
+ asio::error_code& ec)
+ {
+ static_cast<const on_certificate_verify*>(self)->do_set(parameters, ec);
+ }
+
+private:
+ void do_set(nw_parameters_t parameters, asio::error_code& ec) const
+ {
+ asio::detail::apple_nw_ptr<nw_protocol_stack_t> protocol_stack(
+ nw_parameters_copy_default_protocol_stack(parameters));
+
+ asio::detail::apple_nw_ptr<nw_protocol_definition_t> tls_definition(
+ nw_protocol_copy_tls_definition());
+
+ nw_protocol_stack_iterate_application_protocols(protocol_stack,
+ ^(nw_protocol_options_t protocol)
+ {
+ asio::detail::apple_nw_ptr<nw_protocol_definition_t> definition(
+ nw_protocol_options_copy_definition(protocol));
+
+ if (nw_protocol_definition_is_equal(definition, tls_definition))
+ {
+ asio::detail::apple_nw_ptr<sec_protocol_options_t> sec_options(
+ nw_tls_copy_sec_protocol_options(protocol));
+
+ __block Function f(f_);
+ sec_protocol_options_set_verify_block(sec_options,
+ Block_copy(
+ ^(sec_protocol_metadata_t metadata,
+ sec_trust_t trust_ref,
+ sec_protocol_verify_complete_t complete)
+ {
+ f(metadata, trust_ref, complete);
+ }),
+ dispatch_get_global_queue(QOS_CLASS_USER_INITIATED, 0));
+ }
+ });
+
+ ec = asio::error_code();
+ }
+
+ Function f_;
+};
+
+} // namespace security
+} // namespace asio
+
+#include "asio/detail/pop_options.hpp"
+
+#endif // defined(ASIO_HAS_APPLE_NETWORK_FRAMEWORK)
+
+#endif // ASIO_SECURITY_ON_CERTIFICATE_VERIFY_HPP
diff --git a/asio/include/asio/security/server_name.hpp b/asio/include/asio/security/server_name.hpp
new file mode 100644
index 0000000..274ea99
--- /dev/null
+++ b/asio/include/asio/security/server_name.hpp
@@ -0,0 +1,95 @@
+//
+// security/server_name.hpp
+// ~~~~~~~~~~~~~~~~~~~~~~~~
+//
+// Copyright (c) 2003-2021 Christopher M. Kohlhoff (chris at kohlhoff dot com)
+//
+// Distributed under the Boost Software License, Version 1.0. (See accompanying
+// file LICENSE_1_0.txt or copy at http://www.boost.org/LICENSE_1_0.txt)
+//
+
+#ifndef ASIO_SECURITY_SERVER_NAME_HPP
+#define ASIO_SECURITY_SERVER_NAME_HPP
+
+#if defined(_MSC_VER) && (_MSC_VER >= 1200)
+# pragma once
+#endif // defined(_MSC_VER) && (_MSC_VER >= 1200)
+
+#include "asio/detail/config.hpp"
+
+#if defined(ASIO_HAS_APPLE_NETWORK_FRAMEWORK)
+
+#include <string>
+#include "asio/detail/apple_nw_ptr.hpp"
+#include <Network/Network.h>
+
+#include "asio/detail/push_options.hpp"
+
+namespace asio {
+namespace security {
+
+/// Socket option to set the server name for verification
+class server_name
+{
+public:
+ explicit server_name(const std::string& name)
+ : name_(name)
+ {
+ }
+
+ // The following functions comprise the extensible interface for the
+ // SettableSocketOption concept when targeting the Apple Network Framework.
+
+ // Set the socket option on the specified connection.
+ static void apple_nw_set(const void* self, nw_parameters_t parameters,
+ nw_connection_t, asio::error_code& ec)
+ {
+ static_cast<const server_name*>(self)->do_set(parameters, ec);
+ }
+
+ // Set the socket option on the specified listener.
+ static void apple_nw_set(const void* self,
+ nw_parameters_t parameters, nw_listener_t,
+ asio::error_code& ec)
+ {
+ static_cast<const server_name*>(self)->do_set(parameters, ec);
+ }
+
+private:
+ void do_set(nw_parameters_t parameters, asio::error_code& ec) const
+ {
+ asio::detail::apple_nw_ptr<nw_protocol_stack_t> protocol_stack(
+ nw_parameters_copy_default_protocol_stack(parameters));
+
+ asio::detail::apple_nw_ptr<nw_protocol_definition_t> tls_definition(
+ nw_protocol_copy_tls_definition());
+
+ nw_protocol_stack_iterate_application_protocols(protocol_stack,
+ ^(nw_protocol_options_t protocol)
+ {
+ asio::detail::apple_nw_ptr<nw_protocol_definition_t> definition(
+ nw_protocol_options_copy_definition(protocol));
+
+ if (nw_protocol_definition_is_equal(definition, tls_definition))
+ {
+ asio::detail::apple_nw_ptr<sec_protocol_options_t> sec_options(
+ nw_tls_copy_sec_protocol_options(protocol));
+
+ sec_protocol_options_set_tls_server_name(sec_options, name_.c_str());
+ }
+ });
+
+ ec = asio::error_code();
+ }
+
+ std::string name_;
+};
+
+} // namespace security
+} // namespace asio
+
+#include "asio/detail/pop_options.hpp"
+
+#endif // defined(ASIO_HAS_APPLE_NETWORK_FRAMEWORK)
+
+#endif // ASIO_SECURITY_SERVER_NAME_HPP
diff --git a/asio/include/netx.hpp b/asio/include/netx.hpp
index 6f99d6b..b9f69ed 100644
--- a/asio/include/netx.hpp
+++ b/asio/include/netx.hpp
@@ -23,6 +23,8 @@
#include "asio/generic/stream_protocol.hpp"
#include "asio/generic/host.hpp"
#include "asio/ip/tls_tcp.hpp"
+#include "asio/security/on_certificate_verify.hpp"
+#include "asio/security/server_name.hpp"
#include "asio/use_awaitable.hpp"
namespace netx
@@ -36,6 +38,7 @@
using generic_datagram_socket = asio::generic::datagram_protocol::socket;
using generic_stream_socket = asio::generic::stream_protocol::socket;
namespace ip { using asio::ip::tls_tcp; }
+ namespace security = asio::security;
}
#endif // NETX_HPP
diff --git a/asio/src/examples/cpp20/https_client_with_verify.cpp b/asio/src/examples/cpp20/https_client_with_verify.cpp
new file mode 100644
index 0000000..4e21e62
--- /dev/null
+++ b/asio/src/examples/cpp20/https_client_with_verify.cpp
@@ -0,0 +1,57 @@
+// Compile with:
+//
+// g++ -std=c++2a -fcoroutines-ts -Wall -Wextra -Ipath-to-asio/include \
+// -DASIO_HAS_APPLE_NETWORK_FRAMEWORK -o https_client https_client.cpp \
+// -framework Network -framework Security
+
+#include <net.hpp>
+#include <netx.hpp>
+#include <iostream>
+
+using default_token = netx::as_single_t<netx::use_awaitable_t<>>;
+using socket_type = default_token::as_default_on_t<netx::generic_stream_socket>;
+
+netx::awaitable<void> run(net::io_context& ctx)
+{
+ socket_type socket(ctx);
+ socket.open(netx::ip::tls_tcp::any());
+
+ socket.set_option(netx::security::server_name("www.boost.org"));
+
+ socket.set_option(netx::security::on_certificate_verify(
+ [](auto /*metadata*/, auto /*trust*/, auto complete)
+ {
+ std::cout << "verifying certificate\n";
+ complete(true);
+ }));
+
+ co_await socket.async_connect(netx::host(netx::ip::tls_tcp::any(), "www.boost.org", "443"));
+
+ std::cout << "Sending request" << std::endl;
+ std::string request("GET /LICENSE_1_0.txt HTTP/1.0\r\nHost: www.boost.org\r\n\r\n");
+ auto [err1, n1] = co_await net::async_write(socket, net::buffer(request));
+ if (err1)
+ {
+ std::cerr << "failed to send request" << std::endl;
+ co_return;
+ }
+
+ std::cout << "Sent request, waiting for response" << std::endl;
+ std::string response;
+ auto [err2, n2] = co_await net::async_read(socket, net::dynamic_buffer(response));
+ if (err2 && err2 != net::stream_errc::eof)
+ {
+ std::cerr << "failed to receive response" << std::endl;
+ co_return;
+ }
+
+ std::cout << "Received response" << std::endl;
+ std::cout << response << std::endl;
+}
+
+int main()
+{
+ net::io_context ctx;
+ netx::co_spawn(ctx, run(ctx), netx::detached);
+ ctx.run();
+}
