1 #ifndef SSL_INTERNAL_H |
|
2 #define SSL_INTERNAL_H |
|
3 |
|
4 /** |
|
5 * @file |
|
6 * |
|
7 * A sock_stream implementation using GnuTLS for SSL |
|
8 */ |
|
9 #include "ssl.h" |
|
10 #include "tcp_internal.h" |
|
11 |
|
12 #include <gnutls/gnutls.h> |
|
13 |
|
14 /** |
|
15 * GnuTLS library error codes |
|
16 */ |
|
17 enum ssl_error_code { |
|
18 _ERR_SSL_BEGIN = _ERR_GNUTLS, |
|
19 |
|
20 ERR_GNUTLS_CERT_ALLOC_CRED, |
|
21 ERR_GNUTLS_GLOBAL_INIT, |
|
22 ERR_GNUTLS_INIT, |
|
23 ERR_GNUTLS_SET_DEFAULT_PRIORITY, |
|
24 ERR_GNUTLS_CRED_SET, |
|
25 ERR_GNUTLS_HANDSHAKE, |
|
26 ERR_GNUTLS_RECORD_SEND, |
|
27 ERR_GNUTLS_RECORD_RECV, |
|
28 ERR_GNUTLS_RECORD_GET_DIRECTION, |
|
29 ERR_GNUTLS_CERT_VERIFY_PEERS2, |
|
30 ERR_GNUTLS_CERT_VERIFY, |
|
31 ERR_GNUTLS_CERT_SET_X509_TRUST_FILE, |
|
32 ERR_GNUTLS_CERT_SET_X509_KEY_FILE, |
|
33 }; |
|
34 |
|
35 /** |
|
36 * GnuTLS credentials for client sockets. |
|
37 */ |
|
38 struct ssl_client_cred { |
|
39 /** Our client certificate */ |
|
40 gnutls_certificate_credentials_t x509; |
|
41 |
|
42 /** Should we verify? */ |
|
43 bool verify; |
|
44 |
|
45 /** Refcount from ssl_client */ |
|
46 int refcount; |
|
47 }; |
|
48 |
|
49 /** |
|
50 * Global anonymous x509 credentials |
|
51 */ |
|
52 extern struct ssl_client_cred ssl_client_cred_anon; |
|
53 |
|
54 /* |
|
55 * Our transport_type |
|
56 */ |
|
57 extern struct transport_type ssl_client_type; |
|
58 |
|
59 /** |
|
60 * An SSL-encrypted TCP connection, using libgnutls |
|
61 */ |
|
62 struct ssl_client { |
|
63 /** The underlying TCP connection */ |
|
64 struct tcp_client base_tcp; |
|
65 |
|
66 /** The hostname we connected to, for verification */ |
|
67 char *hostname; |
|
68 |
|
69 /** The credentials we are using, unless anon */ |
|
70 struct ssl_client_cred *cred; |
|
71 |
|
72 /** The GnuTLS session for this connection */ |
|
73 gnutls_session_t session; |
|
74 |
|
75 /** Should we verify the peer cert? */ |
|
76 bool verify; |
|
77 |
|
78 /** Are we running a handshake? */ |
|
79 bool handshake; |
|
80 }; |
|
81 |
|
82 /** |
|
83 * Initialize the global gnutls state |
|
84 */ |
|
85 err_t ssl_global_init (error_t *err); |
|
86 |
|
87 #endif /* SSL_INTERNAL_H */ |
|