| author | Tero Marttila <terom@fixme.fi> |
| Sun, 19 Apr 2009 04:04:42 +0300 | |
| changeset 140 | aa390e52eda8 |
| child 155 | c59d3eaff0fb |
| permissions | -rw-r--r-- |
|
140
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
1 |
#ifndef SOCK_SSL_H |
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
2 |
#define SOCK_SSL_H |
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
3 |
|
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
4 |
/** |
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
5 |
* @file |
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
6 |
* |
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
7 |
* SSL-specific functionality as related to sock.h |
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
8 |
*/ |
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
9 |
#include "sock.h" |
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
10 |
|
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
11 |
/** |
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
12 |
* SSL client credentials for use with sock_ssl_client_credentials/sock_ssl_connect |
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
13 |
*/ |
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
14 |
struct sock_ssl_client_cred; |
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
15 |
|
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
16 |
/** |
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
17 |
* Set up SSL client credentials for use with sock_ssl_connect. This includes information both required to identify |
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
18 |
* ourselves to the server, as well as to verify the server. |
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
19 |
* |
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
20 |
* To verify the server's certificate, pass in a path to a file containing the CA certificate(s) that should be used to |
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
21 |
* verify the server's certificate, and then either give `verify` as true to force verification, or false to simply |
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
22 |
* warn. XXX: not entirely true |
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
23 |
* |
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
24 |
* To supply a client certificate to the server, pass in the paths to the cert/pkey files. If given as NULL, an |
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
25 |
* anonymous client certificate will be used. Both must be supplied if given. |
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
26 |
* |
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
27 |
* The newly created SSL client credential will initially have a refcount of one, and can then be used with sock_ssl_connect. |
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
28 |
* |
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
29 |
* @param ctx_cred the newly created client credentials are returned via this |
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
30 |
* @param cafile_path given as non-NULL to load trusted certs for verification from the given path |
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
31 |
* @param verify force verification of the peer cert |
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
32 |
* @param cert_path path to the client certificate file, or NULL |
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
33 |
* @param pkey_path path to the client private key, or NULL |
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
34 |
* @param err returned error info |
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
35 |
*/ |
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
36 |
err_t sock_ssl_client_cred_create (struct sock_ssl_client_cred **ctx_cred, |
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
37 |
const char *cafile_path, bool verify, |
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
38 |
const char *cert_path, const char *pkey_path, |
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
39 |
struct error_info *err |
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
40 |
); |
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
41 |
|
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
42 |
/** |
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
43 |
* Aquire a referenec for the given cred. |
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
44 |
*/ |
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
45 |
void sock_ssl_client_cred_get (struct sock_ssl_client_cred *cred); |
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
46 |
|
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
47 |
/** |
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
48 |
* Release a reference allocated for the given cred. |
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
49 |
*/ |
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
50 |
void sock_ssl_client_cred_put (struct sock_ssl_client_cred *cred); |
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
51 |
|
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
52 |
/** |
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
53 |
* Start a non-blocking SSL connect/handshake to the given host/service. The socket will not yet be connected when the |
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
54 |
* function returns, but rather, the eventual redyness/failure of the connect/handshake will be indicated later using |
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
55 |
* the given \a cb_func. |
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
56 |
* |
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
57 |
* The given sock_ssl_client_cred should either be NULL to use an anonymous client cert and not verify the server cert, |
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
58 |
* or a sock_ssl_client_cred allocated using sock_ssl_client_cred_create(). The contexts are reference-counted, so once |
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
59 |
* a cred context has been released, it will be destroyed once the last connection using it is destroyed. |
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
60 |
* |
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
61 |
* @param sock_ptr the new sock_stream |
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
62 |
* @param hostname the hostname to connect to |
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
63 |
* @param service the TCP service name (i.e. port) to connect to |
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
64 |
* @param cred the SSL client credentials to use, if not NULL |
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
65 |
* @param cb_func the callback for connection/handshake completion |
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
66 |
* @param cb_arg the callback context argument |
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
67 |
* @param err returned error info |
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
68 |
*/ |
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
69 |
err_t sock_ssl_connect_async (struct sock_stream **sock_ptr, |
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
70 |
const char *hostname, const char *service, |
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
71 |
struct sock_ssl_client_cred *cred, |
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
72 |
sock_stream_connect_cb cb_func, void *cb_arg, |
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
73 |
struct error_info *err |
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
74 |
); |
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
75 |
|
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
76 |
|
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
77 |
|
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
78 |
#endif /* SOCK_SSL_H */ |