|
1 #ifndef LIBQMSK_SSL_INTERNAL_H |
|
2 #define LIBQMSK_SSL_INTERNAL_H |
|
3 |
|
4 /** |
|
5 * @file |
|
6 * |
|
7 * A sock_stream implementation using GnuTLS for SSL |
|
8 */ |
|
9 #include "ssl.h" |
|
10 #include "tcp_internal.h" |
|
11 |
|
12 #include <gnutls/gnutls.h> |
|
13 |
|
14 /** |
|
15 * GnuTLS library error codes |
|
16 */ |
|
17 enum ssl_error_code { |
|
18 ERR_GNUTLS_NONE, |
|
19 ERR_GNUTLS_CERT_ALLOC_CRED, |
|
20 ERR_GNUTLS_GLOBAL_INIT, |
|
21 ERR_GNUTLS_INIT, |
|
22 ERR_GNUTLS_SET_DEFAULT_PRIORITY, |
|
23 ERR_GNUTLS_CRED_SET, |
|
24 ERR_GNUTLS_HANDSHAKE, |
|
25 ERR_GNUTLS_RECORD_SEND, |
|
26 ERR_GNUTLS_RECORD_RECV, |
|
27 ERR_GNUTLS_RECORD_GET_DIRECTION, |
|
28 ERR_GNUTLS_CERT_VERIFY_PEERS2, |
|
29 ERR_GNUTLS_CERT_VERIFY, |
|
30 ERR_GNUTLS_CERT_SET_X509_TRUST_FILE, |
|
31 ERR_GNUTLS_CERT_SET_X509_KEY_FILE, |
|
32 }; |
|
33 |
|
34 const struct error_list ssl_errors; |
|
35 |
|
36 /** |
|
37 * GnuTLS credentials for client sockets. |
|
38 */ |
|
39 struct ssl_client_cred { |
|
40 /** Our client certificate */ |
|
41 gnutls_certificate_credentials_t x509; |
|
42 |
|
43 /** Should we verify? */ |
|
44 bool verify; |
|
45 |
|
46 /** Refcount from ssl_client */ |
|
47 int refcount; |
|
48 }; |
|
49 |
|
50 /** |
|
51 * Global anonymous x509 credentials |
|
52 */ |
|
53 extern struct ssl_client_cred ssl_client_cred_anon; |
|
54 |
|
55 /* |
|
56 * Our transport_type |
|
57 */ |
|
58 extern struct transport_type ssl_client_type; |
|
59 |
|
60 /** |
|
61 * An SSL-encrypted TCP connection, using libgnutls |
|
62 */ |
|
63 struct ssl_client { |
|
64 /** The underlying TCP connection */ |
|
65 struct tcp_client base_tcp; |
|
66 |
|
67 /** The hostname we connected to, for verification */ |
|
68 char *hostname; |
|
69 |
|
70 /** The credentials we are using, unless anon */ |
|
71 struct ssl_client_cred *cred; |
|
72 |
|
73 /** The GnuTLS session for this connection */ |
|
74 gnutls_session_t session; |
|
75 |
|
76 /** Should we verify the peer cert? */ |
|
77 bool verify; |
|
78 |
|
79 /** Are we running a handshake? */ |
|
80 bool handshake; |
|
81 }; |
|
82 |
|
83 /** |
|
84 * Initialize the global gnutls state |
|
85 */ |
|
86 err_t ssl_global_init (error_t *err); |
|
87 |
|
88 #endif |