Add needsPeerVerification function to check if peer cert should be verified

Summary:
This patch adds a function to AsyncSSLSocket, so the user can check if the peer cert
should be verified. This allows the user to implement custom logic for peer cert validation.

Reviewed By: Orvid

Differential Revision: D4456402

fbshipit-source-id: 2f8a5c932d0341d6c9290bcb52264dd4fa174263

folly/io/async/AsyncSSLSocket.cpp

@@ -656,6 +656,15 @@ void AsyncSSLSocket::connect(ConnectCallback* callback,
   AsyncSocket::connect(connector, address, timeout, options, bindAddr);
 }
 
+bool AsyncSSLSocket::needsPeerVerification() const {
+  if (verifyPeer_ == SSLContext::SSLVerifyPeerEnum::USE_CTX) {
+    return ctx_->needsPeerVerification();
+  }
+  return (
+      verifyPeer_ == SSLContext::SSLVerifyPeerEnum::VERIFY ||
+      verifyPeer_ == SSLContext::SSLVerifyPeerEnum::VERIFY_REQ_CLIENT_CERT);
+}
+
 void AsyncSSLSocket::applyVerificationOptions(SSL * ssl) {
   // apply the settings specified in verifyPeer_
   if (verifyPeer_ == SSLContext::SSLVerifyPeerEnum::USE_CTX) {

folly/io/async/AsyncSSLSocket.h

@@ -587,6 +587,13 @@ class AsyncSSLSocket : public virtual AsyncSocket {
    */
   void getSSLServerCiphers(std::string& serverCiphers) const;
 
+  /**
+   * Method to check if peer verfication is set.
+   *
+   * @return true if peer verification is required.
+   */
+  bool needsPeerVerification() const;
+
   static int getSSLExDataIndex();
   static AsyncSSLSocket* getFromSSL(const SSL *ssl);
   static int bioWrite(BIO* b, const char* in, int inl);