envoyproxy · mattklein123 · Aug 14, 2020 · Aug 10, 2020 · Aug 10, 2020 · Aug 10, 2020
diff --git a/include/envoy/network/BUILD b/include/envoy/network/BUILD
@@ -130,12 +130,19 @@ envoy_cc_library(
     hdrs = ["transport_socket.h"],
     deps = [
         ":io_handle_interface",
+        ":post_io_action_interface",
         ":proxy_protocol_options_lib",
         "//include/envoy/buffer:buffer_interface",
         "//include/envoy/ssl:connection_interface",
     ],
 )
 
+envoy_cc_library(
+    name = "post_io_action_interface",
+    hdrs = ["post_io_action.h"],
+    deps = [],
+)
+
 envoy_cc_library(
     name = "connection_balancer_interface",
     hdrs = ["connection_balancer.h"],

diff --git a/include/envoy/network/post_io_action.h b/include/envoy/network/post_io_action.h
@@ -0,0 +1,17 @@
+#pragma once
+
+namespace Envoy {
+namespace Network {
+
+/**
+ * Action that should occur on a connection after I/O.
+ */
+enum class PostIoAction {
+  // Close the connection.
+  Close,
+  // Keep the connection open.
+  KeepOpen
+};
+
+} // namespace Network
+} // namespace Envoy
diff --git a/include/envoy/network/transport_socket.h b/include/envoy/network/transport_socket.h
@@ -5,6 +5,7 @@
 #include "envoy/buffer/buffer.h"
 #include "envoy/common/pure.h"
 #include "envoy/network/io_handle.h"
+#include "envoy/network/post_io_action.h"
 #include "envoy/network/proxy_protocol.h"
 #include "envoy/ssl/connection.h"
 
@@ -16,16 +17,6 @@ namespace Network {
 class Connection;
 enum class ConnectionEvent;
 
-/**
- * Action that should occur on a connection after I/O.
- */
-enum class PostIoAction {
-  // Close the connection.
-  Close,
-  // Keep the connection open.
-  KeepOpen
-};
-
 /**
  * Result of each I/O event.
  */
@@ -151,7 +142,7 @@ class TransportSocket {
   virtual void onConnected() PURE;
 
   /**
-   * @return the const SSL connection data if this is an SSL connection, or nullptr if it is not.
+   * @return the SSL connection data if this is an SSL connection, or nullptr if it is not.
    */
   virtual Ssl::ConnectionInfoConstSharedPtr ssl() const PURE;
 };

diff --git a/include/envoy/ssl/BUILD b/include/envoy/ssl/BUILD
@@ -13,6 +13,7 @@ envoy_cc_library(
     hdrs = ["connection.h"],
     external_deps = ["abseil_optional"],
     deps = [
+        ":ssl_socket_state",
         "//include/envoy/common:time_interface",
     ],
 )
@@ -68,3 +69,19 @@ envoy_cc_library(
     deps = [
     ],
 )
+
+envoy_cc_library(
+    name = "ssl_socket_state",
+    hdrs = ["ssl_socket_state.h"],
+    deps = [],
+)
+
+envoy_cc_library(
+    name = "handshaker_interface",
+    hdrs = ["handshaker.h"],
+    external_deps = ["ssl"],
+    deps = [
+        "//include/envoy/network:connection_interface",
+        "//include/envoy/network:post_io_action_interface",
+    ],
+)
diff --git a/include/envoy/ssl/handshaker.h b/include/envoy/ssl/handshaker.h
@@ -0,0 +1,39 @@
+#pragma once
+
+#include "envoy/network/connection.h"
+#include "envoy/network/post_io_action.h"
+
+#include "openssl/ssl.h"
+
+namespace Envoy {
+namespace Ssl {
+
+class HandshakeCallbacks {
+public:
+  virtual ~HandshakeCallbacks() = default;
+
+  /**
+   * @return the connection state.
+   */
+  virtual Network::Connection::State connectionState() const PURE;
+
+  virtual void onSuccess(SSL* ssl) PURE;
+  virtual void onFailure() PURE;
+};
+
+/**
+ * Base interface for performing TLS handshakes.
+ */
+class Handshaker {
+public:
+  virtual ~Handshaker() = default;
+
+  /**
+   * Performs a TLS handshake and returns an action indicating
+   * whether the callsite should close the connection or keep it open.
+   */
+  virtual Network::PostIoAction doHandshake() PURE;
+};
+
+} // namespace Ssl
+} // namespace Envoy
diff --git a/include/envoy/ssl/ssl_socket_state.h b/include/envoy/ssl/ssl_socket_state.h
@@ -0,0 +1,9 @@
+#pragma once
+
+namespace Envoy {
+namespace Ssl {
+
+enum class SocketState { PreHandshake, HandshakeInProgress, HandshakeComplete, ShutdownSent };
+
+} // namespace Ssl
+} // namespace Envoy
diff --git a/source/extensions/transport_sockets/common/passthrough.cc b/source/extensions/transport_sockets/common/passthrough.cc
@@ -44,4 +44,4 @@ Ssl::ConnectionInfoConstSharedPtr PassthroughSocket::ssl() const {
 
 } // namespace TransportSockets
 } // namespace Extensions
-} // namespace Envoy
+} // namespace Envoy
diff --git a/source/extensions/transport_sockets/common/passthrough.h b/source/extensions/transport_sockets/common/passthrough.h
@@ -29,4 +29,4 @@ class PassthroughSocket : public Network::TransportSocket {
 
 } // namespace TransportSockets
 } // namespace Extensions
-} // namespace Envoy
+} // namespace Envoy
diff --git a/source/extensions/transport_sockets/tls/BUILD b/source/extensions/transport_sockets/tls/BUILD
@@ -47,7 +47,9 @@ envoy_cc_library(
         ":utility_lib",
         "//include/envoy/network:connection_interface",
         "//include/envoy/network:transport_socket_interface",
+        "//include/envoy/ssl:handshaker_interface",
         "//include/envoy/ssl:ssl_socket_extended_info_interface",
+        "//include/envoy/ssl:ssl_socket_state",
         "//include/envoy/ssl/private_key:private_key_callbacks_interface",
         "//include/envoy/ssl/private_key:private_key_interface",
         "//include/envoy/stats:stats_macros",