author | Tero Marttila <terom@fixme.fi> |
Thu, 28 May 2009 01:17:36 +0300 | |
branch | new-lib-errors |
changeset 219 | cefec18b8268 |
parent 180 | src/ssl_internal.h@22967b165692 |
permissions | -rw-r--r-- |
219
cefec18b8268
some of the lib/transport stuff compiles
Tero Marttila <terom@fixme.fi>
parents:
180
diff
changeset
|
1 |
#ifndef LIBQMSK_SSL_INTERNAL_H |
cefec18b8268
some of the lib/transport stuff compiles
Tero Marttila <terom@fixme.fi>
parents:
180
diff
changeset
|
2 |
#define LIBQMSK_SSL_INTERNAL_H |
2
a834f0559939
working SSL using gnutls - a bit of a painful process
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
3 |
|
30
7f8dd120933f
rework error to use a struct error_desc, and move ERR_SOCK/ERR_GNUTLS definitions to sock.h/sock_gnutls.h. error_desc definitions are still in error.c, though :(
Tero Marttila <terom@fixme.fi>
parents:
29
diff
changeset
|
4 |
/** |
7f8dd120933f
rework error to use a struct error_desc, and move ERR_SOCK/ERR_GNUTLS definitions to sock.h/sock_gnutls.h. error_desc definitions are still in error.c, though :(
Tero Marttila <terom@fixme.fi>
parents:
29
diff
changeset
|
5 |
* @file |
7f8dd120933f
rework error to use a struct error_desc, and move ERR_SOCK/ERR_GNUTLS definitions to sock.h/sock_gnutls.h. error_desc definitions are still in error.c, though :(
Tero Marttila <terom@fixme.fi>
parents:
29
diff
changeset
|
6 |
* |
7f8dd120933f
rework error to use a struct error_desc, and move ERR_SOCK/ERR_GNUTLS definitions to sock.h/sock_gnutls.h. error_desc definitions are still in error.c, though :(
Tero Marttila <terom@fixme.fi>
parents:
29
diff
changeset
|
7 |
* A sock_stream implementation using GnuTLS for SSL |
2
a834f0559939
working SSL using gnutls - a bit of a painful process
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
8 |
*/ |
180
22967b165692
rename sock_ssl/sock_gnutls -> ssl/ssl_client
Tero Marttila <terom@fixme.fi>
parents:
155
diff
changeset
|
9 |
#include "ssl.h" |
22967b165692
rename sock_ssl/sock_gnutls -> ssl/ssl_client
Tero Marttila <terom@fixme.fi>
parents:
155
diff
changeset
|
10 |
#include "tcp_internal.h" |
2
a834f0559939
working SSL using gnutls - a bit of a painful process
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
11 |
|
a834f0559939
working SSL using gnutls - a bit of a painful process
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
12 |
#include <gnutls/gnutls.h> |
a834f0559939
working SSL using gnutls - a bit of a painful process
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
13 |
|
30
7f8dd120933f
rework error to use a struct error_desc, and move ERR_SOCK/ERR_GNUTLS definitions to sock.h/sock_gnutls.h. error_desc definitions are still in error.c, though :(
Tero Marttila <terom@fixme.fi>
parents:
29
diff
changeset
|
14 |
/** |
7f8dd120933f
rework error to use a struct error_desc, and move ERR_SOCK/ERR_GNUTLS definitions to sock.h/sock_gnutls.h. error_desc definitions are still in error.c, though :(
Tero Marttila <terom@fixme.fi>
parents:
29
diff
changeset
|
15 |
* GnuTLS library error codes |
7f8dd120933f
rework error to use a struct error_desc, and move ERR_SOCK/ERR_GNUTLS definitions to sock.h/sock_gnutls.h. error_desc definitions are still in error.c, though :(
Tero Marttila <terom@fixme.fi>
parents:
29
diff
changeset
|
16 |
*/ |
180
22967b165692
rename sock_ssl/sock_gnutls -> ssl/ssl_client
Tero Marttila <terom@fixme.fi>
parents:
155
diff
changeset
|
17 |
enum ssl_error_code { |
219
cefec18b8268
some of the lib/transport stuff compiles
Tero Marttila <terom@fixme.fi>
parents:
180
diff
changeset
|
18 |
ERR_GNUTLS_NONE, |
30
7f8dd120933f
rework error to use a struct error_desc, and move ERR_SOCK/ERR_GNUTLS definitions to sock.h/sock_gnutls.h. error_desc definitions are still in error.c, though :(
Tero Marttila <terom@fixme.fi>
parents:
29
diff
changeset
|
19 |
ERR_GNUTLS_CERT_ALLOC_CRED, |
7f8dd120933f
rework error to use a struct error_desc, and move ERR_SOCK/ERR_GNUTLS definitions to sock.h/sock_gnutls.h. error_desc definitions are still in error.c, though :(
Tero Marttila <terom@fixme.fi>
parents:
29
diff
changeset
|
20 |
ERR_GNUTLS_GLOBAL_INIT, |
7f8dd120933f
rework error to use a struct error_desc, and move ERR_SOCK/ERR_GNUTLS definitions to sock.h/sock_gnutls.h. error_desc definitions are still in error.c, though :(
Tero Marttila <terom@fixme.fi>
parents:
29
diff
changeset
|
21 |
ERR_GNUTLS_INIT, |
7f8dd120933f
rework error to use a struct error_desc, and move ERR_SOCK/ERR_GNUTLS definitions to sock.h/sock_gnutls.h. error_desc definitions are still in error.c, though :(
Tero Marttila <terom@fixme.fi>
parents:
29
diff
changeset
|
22 |
ERR_GNUTLS_SET_DEFAULT_PRIORITY, |
7f8dd120933f
rework error to use a struct error_desc, and move ERR_SOCK/ERR_GNUTLS definitions to sock.h/sock_gnutls.h. error_desc definitions are still in error.c, though :(
Tero Marttila <terom@fixme.fi>
parents:
29
diff
changeset
|
23 |
ERR_GNUTLS_CRED_SET, |
7f8dd120933f
rework error to use a struct error_desc, and move ERR_SOCK/ERR_GNUTLS definitions to sock.h/sock_gnutls.h. error_desc definitions are still in error.c, though :(
Tero Marttila <terom@fixme.fi>
parents:
29
diff
changeset
|
24 |
ERR_GNUTLS_HANDSHAKE, |
7f8dd120933f
rework error to use a struct error_desc, and move ERR_SOCK/ERR_GNUTLS definitions to sock.h/sock_gnutls.h. error_desc definitions are still in error.c, though :(
Tero Marttila <terom@fixme.fi>
parents:
29
diff
changeset
|
25 |
ERR_GNUTLS_RECORD_SEND, |
7f8dd120933f
rework error to use a struct error_desc, and move ERR_SOCK/ERR_GNUTLS definitions to sock.h/sock_gnutls.h. error_desc definitions are still in error.c, though :(
Tero Marttila <terom@fixme.fi>
parents:
29
diff
changeset
|
26 |
ERR_GNUTLS_RECORD_RECV, |
7f8dd120933f
rework error to use a struct error_desc, and move ERR_SOCK/ERR_GNUTLS definitions to sock.h/sock_gnutls.h. error_desc definitions are still in error.c, though :(
Tero Marttila <terom@fixme.fi>
parents:
29
diff
changeset
|
27 |
ERR_GNUTLS_RECORD_GET_DIRECTION, |
140
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
28 |
ERR_GNUTLS_CERT_VERIFY_PEERS2, |
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
29 |
ERR_GNUTLS_CERT_VERIFY, |
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
30 |
ERR_GNUTLS_CERT_SET_X509_TRUST_FILE, |
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
31 |
ERR_GNUTLS_CERT_SET_X509_KEY_FILE, |
30
7f8dd120933f
rework error to use a struct error_desc, and move ERR_SOCK/ERR_GNUTLS definitions to sock.h/sock_gnutls.h. error_desc definitions are still in error.c, though :(
Tero Marttila <terom@fixme.fi>
parents:
29
diff
changeset
|
32 |
}; |
7f8dd120933f
rework error to use a struct error_desc, and move ERR_SOCK/ERR_GNUTLS definitions to sock.h/sock_gnutls.h. error_desc definitions are still in error.c, though :(
Tero Marttila <terom@fixme.fi>
parents:
29
diff
changeset
|
33 |
|
219
cefec18b8268
some of the lib/transport stuff compiles
Tero Marttila <terom@fixme.fi>
parents:
180
diff
changeset
|
34 |
const struct error_list ssl_errors; |
cefec18b8268
some of the lib/transport stuff compiles
Tero Marttila <terom@fixme.fi>
parents:
180
diff
changeset
|
35 |
|
85 | 36 |
/** |
140
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
37 |
* GnuTLS credentials for client sockets. |
2
a834f0559939
working SSL using gnutls - a bit of a painful process
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
38 |
*/ |
180
22967b165692
rename sock_ssl/sock_gnutls -> ssl/ssl_client
Tero Marttila <terom@fixme.fi>
parents:
155
diff
changeset
|
39 |
struct ssl_client_cred { |
85 | 40 |
/** Our client certificate */ |
140
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
41 |
gnutls_certificate_credentials_t x509; |
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
42 |
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
43 |
/** Should we verify? */ |
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
44 |
bool verify; |
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
45 |
|
180
22967b165692
rename sock_ssl/sock_gnutls -> ssl/ssl_client
Tero Marttila <terom@fixme.fi>
parents:
155
diff
changeset
|
46 |
/** Refcount from ssl_client */ |
140
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
47 |
int refcount; |
2
a834f0559939
working SSL using gnutls - a bit of a painful process
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
48 |
}; |
a834f0559939
working SSL using gnutls - a bit of a painful process
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
49 |
|
85 | 50 |
/** |
180
22967b165692
rename sock_ssl/sock_gnutls -> ssl/ssl_client
Tero Marttila <terom@fixme.fi>
parents:
155
diff
changeset
|
51 |
* Global anonymous x509 credentials |
22967b165692
rename sock_ssl/sock_gnutls -> ssl/ssl_client
Tero Marttila <terom@fixme.fi>
parents:
155
diff
changeset
|
52 |
*/ |
22967b165692
rename sock_ssl/sock_gnutls -> ssl/ssl_client
Tero Marttila <terom@fixme.fi>
parents:
155
diff
changeset
|
53 |
extern struct ssl_client_cred ssl_client_cred_anon; |
22967b165692
rename sock_ssl/sock_gnutls -> ssl/ssl_client
Tero Marttila <terom@fixme.fi>
parents:
155
diff
changeset
|
54 |
|
22967b165692
rename sock_ssl/sock_gnutls -> ssl/ssl_client
Tero Marttila <terom@fixme.fi>
parents:
155
diff
changeset
|
55 |
/* |
22967b165692
rename sock_ssl/sock_gnutls -> ssl/ssl_client
Tero Marttila <terom@fixme.fi>
parents:
155
diff
changeset
|
56 |
* Our transport_type |
22967b165692
rename sock_ssl/sock_gnutls -> ssl/ssl_client
Tero Marttila <terom@fixme.fi>
parents:
155
diff
changeset
|
57 |
*/ |
22967b165692
rename sock_ssl/sock_gnutls -> ssl/ssl_client
Tero Marttila <terom@fixme.fi>
parents:
155
diff
changeset
|
58 |
extern struct transport_type ssl_client_type; |
22967b165692
rename sock_ssl/sock_gnutls -> ssl/ssl_client
Tero Marttila <terom@fixme.fi>
parents:
155
diff
changeset
|
59 |
|
22967b165692
rename sock_ssl/sock_gnutls -> ssl/ssl_client
Tero Marttila <terom@fixme.fi>
parents:
155
diff
changeset
|
60 |
/** |
85 | 61 |
* An SSL-encrypted TCP connection, using libgnutls |
2
a834f0559939
working SSL using gnutls - a bit of a painful process
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
62 |
*/ |
180
22967b165692
rename sock_ssl/sock_gnutls -> ssl/ssl_client
Tero Marttila <terom@fixme.fi>
parents:
155
diff
changeset
|
63 |
struct ssl_client { |
85 | 64 |
/** The underlying TCP connection */ |
180
22967b165692
rename sock_ssl/sock_gnutls -> ssl/ssl_client
Tero Marttila <terom@fixme.fi>
parents:
155
diff
changeset
|
65 |
struct tcp_client base_tcp; |
140
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
66 |
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
67 |
/** The hostname we connected to, for verification */ |
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
68 |
char *hostname; |
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
69 |
|
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
70 |
/** The credentials we are using, unless anon */ |
180
22967b165692
rename sock_ssl/sock_gnutls -> ssl/ssl_client
Tero Marttila <terom@fixme.fi>
parents:
155
diff
changeset
|
71 |
struct ssl_client_cred *cred; |
2
a834f0559939
working SSL using gnutls - a bit of a painful process
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
72 |
|
85 | 73 |
/** The GnuTLS session for this connection */ |
2
a834f0559939
working SSL using gnutls - a bit of a painful process
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
74 |
gnutls_session_t session; |
12
4147fae232d9
update sock_stream_read/write semantics for EOF/EAGAIN, tentative event-based gnutls code
Tero Marttila <terom@fixme.fi>
parents:
5
diff
changeset
|
75 |
|
140
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
76 |
/** Should we verify the peer cert? */ |
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
77 |
bool verify; |
aa390e52eda8
implement ssl_cafile/verify/cert/pkey for x509 credentials
Tero Marttila <terom@fixme.fi>
parents:
139
diff
changeset
|
78 |
|
139
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
117
diff
changeset
|
79 |
/** Are we running a handshake? */ |
55b9dcc2b73a
implement sock_ssl_connect_async (the old sock_ssl_connect exists no more)
Tero Marttila <terom@fixme.fi>
parents:
117
diff
changeset
|
80 |
bool handshake; |
2
a834f0559939
working SSL using gnutls - a bit of a painful process
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
81 |
}; |
a834f0559939
working SSL using gnutls - a bit of a painful process
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
82 |
|
85 | 83 |
/** |
2
a834f0559939
working SSL using gnutls - a bit of a painful process
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
84 |
* Initialize the global gnutls state |
a834f0559939
working SSL using gnutls - a bit of a painful process
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
85 |
*/ |
180
22967b165692
rename sock_ssl/sock_gnutls -> ssl/ssl_client
Tero Marttila <terom@fixme.fi>
parents:
155
diff
changeset
|
86 |
err_t ssl_global_init (error_t *err); |
2
a834f0559939
working SSL using gnutls - a bit of a painful process
Tero Marttila <terom@fixme.fi>
parents:
diff
changeset
|
87 |
|
219
cefec18b8268
some of the lib/transport stuff compiles
Tero Marttila <terom@fixme.fi>
parents:
180
diff
changeset
|
88 |
#endif |