Mercurial Mercurial > evirc / diff
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
src/lib/ssl.h
branchnew-lib-errors
changeset 219 cefec18b8268
parent 180 22967b165692 
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/src/lib/ssl.h	Thu May 28 01:17:36 2009 +0300
@@ -0,0 +1,75 @@
+#ifndef LIBQMSK_SSL_H
+#define LIBQMSK_SSL_H
+
+/**
+ * @file
+ *
+ * SSL transport implementation.
+ */
+#include "transport.h"
+#include <stdbool.h>
+
+/**
+ * SSL client credentials for use with ssl_client_credentials/sock_ssl_connect
+ */
+struct ssl_client_cred;
+
+/**
+ * Set up SSL client credentials for use with sock_ssl_connect. This includes information both required to identify
+ * ourselves to the server, as well as to verify the server.
+ *
+ * To verify the server's certificate, pass in a path to a file containing the CA certificate(s) that should be used to
+ * verify the server's certificate, and then either give `verify` as true to force verification, or false to simply
+ * warn. XXX: not entirely true
+ *
+ * To supply a client certificate to the server, pass in the paths to the cert/pkey files. If given as NULL, an
+ * anonymous client certificate will be used. Both must be supplied if given.
+ *
+ * The newly created SSL client credential will initially have a refcount of one, and can then be used with sock_ssl_connect.
+ *
+ * @param ctx_cred the newly created client credentials are returned via this
+ * @param cafile_path given as non-NULL to load trusted certs for verification from the given path
+ * @param verify force verification of the peer cert
+ * @param cert_path path to the client certificate file, or NULL
+ * @param pkey_path path to the client private key, or NULL
+ * @param err returned error info
+ */
+err_t ssl_client_cred_create (struct ssl_client_cred **ctx_cred,
+        const char *cafile_path, bool verify,
+        const char *cert_path, const char *pkey_path,
+        error_t *err
+);
+
+/**
+ * Aquire a referenec for the given cred.
+ */
+void ssl_client_cred_get (struct ssl_client_cred *cred);
+
+/**
+ * Release a reference allocated for the given cred.
+ */
+void ssl_client_cred_put (struct ssl_client_cred *cred);
+
+/**
+ * Start a non-blocking SSL connect/handshake to the given host/service. The socket will not yet be connected when the
+ * function returns, but rather, the eventual redyness/failure of the connect/handshake will be indicated later using
+ * the given \a cb_func.
+ *
+ * The given ssl_client_cred should either be NULL to use an anonymous client cert and not verify the server cert,
+ * or a ssl_client_cred allocated using ssl_client_cred_create(). The contexts are reference-counted, so once
+ * a cred context has been released, it will be destroyed once the last connection using it is destroyed.
+ * 
+ * @param info the transport setup info
+ * @param transport_ptr returned transport
+ * @param hostname the hostname to connect to
+ * @param service the TCP service name (i.e. port) to connect to
+ * @param cred the SSL client credentials to use, if not NULL
+ * @param err returned error info
+ */
+err_t ssl_connect (const struct transport_info *info, transport_t **transport_ptr, 
+        const char *hostname, const char *service,
+        struct ssl_client_cred *cred,
+        error_t *err
+    );
+
+#endif
evirc