diff --git a/NetSSL_OpenSSL/include/Poco/Net/SSLManager.h b/NetSSL_OpenSSL/include/Poco/Net/SSLManager.h index b6387d839..6d0f46929 100644 --- a/NetSSL_OpenSSL/include/Poco/Net/SSLManager.h +++ b/NetSSL_OpenSSL/include/Poco/Net/SSLManager.h @@ -29,7 +29,7 @@ #include "Poco/SharedPtr.h" #include "Poco/Mutex.h" #include -#ifdef OPENSSL_FIPS +#if defined(OPENSSL_FIPS) && OPENSSL_VERSION_NUMBER < 0x010001000L #include #endif @@ -42,7 +42,7 @@ class Context; class NetSSL_API SSLManager - /// SSLManager is a singleton for holding the default server/client + /// SSLManager is a singleton for holding the default server/client /// Context and handling callbacks for certificate verification errors /// and private key passphrases. /// @@ -62,7 +62,7 @@ class NetSSL_API SSLManager /// ClientVerificationError and PrivateKeyPassphraseRequired events /// must be registered. /// - /// An exemplary documentation which sets either the server or client default context and creates + /// An exemplary documentation which sets either the server or client default context and creates /// a PrivateKeyPassphraseHandler that reads the password from the XML file looks like this: /// /// @@ -104,7 +104,7 @@ class NetSSL_API SSLManager /// Following is a list of supported configuration properties. Property names must always /// be prefixed with openSSL.server or openSSL.client. Some properties are only supported /// for servers. - /// + /// /// - privateKeyFile (string): The path to the file containing the private key for the certificate /// in PEM format (or containing both the private key and the certificate). /// - certificateFile (string): The Path to the file containing the server's or client's certificate @@ -117,9 +117,9 @@ class NetSSL_API SSLManager /// - loadDefaultCAFile (boolean): Specifies whether the builtin CA certificates from OpenSSL are used. /// - cipherList (string): Specifies the supported ciphers in OpenSSL notation /// (e.g. "ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH"). - /// - preferServerCiphers (bool): When choosing a cipher, use the server's preferences instead of the - /// client preferences. When not called, the SSL server will always follow the clients - /// preferences. When called, the SSL/TLS server will choose following its own + /// - preferServerCiphers (bool): When choosing a cipher, use the server's preferences instead of the + /// client preferences. When not called, the SSL server will always follow the clients + /// preferences. When called, the SSL/TLS server will choose following its own /// preferences. /// - privateKeyPassphraseHandler.name (string): The name of the class (subclass of PrivateKeyPassphraseHandler) /// used for obtaining the passphrase for accessing the private key. @@ -127,14 +127,14 @@ class NetSSL_API SSLManager /// - invalidCertificateHandler.name: The name of the class (subclass of CertificateHandler) /// used for confirming invalid certificates. /// - cacheSessions (boolean): Enables or disables session caching. - /// - sessionIdContext (string): contains the application's unique session ID context, which becomes - /// part of each session identifier generated by the server. Can be an arbitrary sequence + /// - sessionIdContext (string): contains the application's unique session ID context, which becomes + /// part of each session identifier generated by the server. Can be an arbitrary sequence /// of bytes with a maximum length of SSL_MAX_SSL_SESSION_ID_LENGTH. Should be specified /// for a server to enable session caching. Should be specified even if session caching /// is disabled to avoid problems with clients that request session caching (e.g. Firefox 3.6). /// If not specified, defaults to ${application.name}. /// - sessionCacheSize (integer): Sets the maximum size of the server session cache, in number of - /// sessions. The default size (according to OpenSSL documentation) is 1024*20, which may be too + /// sessions. The default size (according to OpenSSL documentation) is 1024*20, which may be too /// large for many applications, especially on embedded platforms with limited memory. /// Specifying a size of 0 will set an unlimited cache size. /// - sessionTimeout (integer): Sets the timeout (in seconds) of cached sessions on the server. @@ -149,7 +149,7 @@ class NetSSL_API SSLManager /// If not specified or empty, the default parameters are used. /// - ecdhCurve (string): Specifies the name of the curve to use for ECDH, based /// on the curve names specified in RFC 4492. Defaults to "prime256v1". - /// - fips: Enable or disable OpenSSL FIPS mode. Only supported if the OpenSSL version + /// - fips: Enable or disable OpenSSL FIPS mode. Only supported if the OpenSSL version /// that this library is built against supports FIPS mode. { public: @@ -176,7 +176,7 @@ public: /// PtrPassphraseHandler and ptrCertificateHandler can be 0. However, in this case, event delegates /// must be registered with the ServerVerificationError and PrivateKeyPassphraseRequired events. /// - /// Note: Always create the handlers (or register the corresponding event delegates) before creating + /// Note: Always create the handlers (or register the corresponding event delegates) before creating /// the Context, as during creation of the Context the passphrase for the private key might be needed. /// /// Valid initialization code would be: @@ -192,7 +192,7 @@ public: /// PtrPassphraseHandler and ptrCertificateHandler can be 0. However, in this case, event delegates /// must be registered with the ClientVerificationError and PrivateKeyPassphraseRequired events. /// - /// Note: Always create the handlers (or register the corresponding event delegates) before creating + /// Note: Always create the handlers (or register the corresponding event delegates) before creating /// the Context, as during creation of the Context the passphrase for the private key might be needed. /// /// Valid initialization code would be: @@ -202,13 +202,13 @@ public: /// SSLManager::instance().initializeClient(pConsoleHandler, pInvalidCertHandler, pContext); Context::Ptr defaultServerContext(); - /// Returns the default Context used by the server. + /// Returns the default Context used by the server. /// /// Unless initializeServer() has been called, the first call to this method initializes the default Context /// from the application configuration. Context::Ptr defaultClientContext(); - /// Returns the default Context used by the client. + /// Returns the default Context used by the client. /// /// Unless initializeClient() has been called, the first call to this method initializes the default Context /// from the application configuration. @@ -230,16 +230,16 @@ public: /// If none is set, it will try to auto-initialize one from an application configuration. PrivateKeyFactoryMgr& privateKeyFactoryMgr(); - /// Returns the private key factory manager which stores the + /// Returns the private key factory manager which stores the /// factories for the different registered passphrase handlers for private keys. CertificateHandlerFactoryMgr& certificateHandlerFactoryMgr(); - /// Returns the CertificateHandlerFactoryMgr which stores the + /// Returns the CertificateHandlerFactoryMgr which stores the /// factories for the different registered certificate handlers. static bool isFIPSEnabled(); // Returns true if FIPS mode is enabled, false otherwise. - + void shutdown(); /// Shuts down the SSLManager and releases the default Context /// objects. After a call to shutdown(), the SSLManager can no @@ -267,7 +267,7 @@ protected: /// Method is invoked by OpenSSL to retrieve a passwd for an encrypted certificate. /// The request is delegated to the PrivatekeyPassword event. This method returns the /// length of the password. - + static Poco::Util::AbstractConfiguration& appConfig(); /// Returns the application configuration. ///