#ifndef SOCK_GNUTLS_H
#define SOCK_GNUTLS_H
/**
* @file
*
* A sock_stream implementation using GnuTLS for SSL
*/
#include "sock_internal.h"
#include "sock_tcp.h"
#include <gnutls/gnutls.h>
/**
* GnuTLS library error codes
*/
enum sock_gnutls_error_code {
_ERR_GNUTLS_BEGIN = _ERR_GNUTLS,
ERR_GNUTLS_CERT_ALLOC_CRED,
ERR_GNUTLS_GLOBAL_INIT,
ERR_GNUTLS_INIT,
ERR_GNUTLS_SET_DEFAULT_PRIORITY,
ERR_GNUTLS_CRED_SET,
ERR_GNUTLS_HANDSHAKE,
ERR_GNUTLS_RECORD_SEND,
ERR_GNUTLS_RECORD_RECV,
ERR_GNUTLS_RECORD_GET_DIRECTION,
};
/**
* Additional gnutls configuration for client sockets.
*
* XXX: currently, we just have one global instance, set up by sock_gnutls_init, used for all sockets
*/
struct sock_gnutls_client_ctx {
/** Our client certificate */
gnutls_certificate_credentials_t xcred;
};
/**
* An SSL-encrypted TCP connection, using libgnutls
*/
struct sock_gnutls {
/** The underlying TCP connection */
struct sock_tcp base_tcp;
/** Additional SSL info XXX: do we need to keep a ref to this? */
struct sock_gnutls_ctx *ctx;
/** The GnuTLS session for this connection */
gnutls_session_t session;
/** The current event_enable mask */
int ev_mask;
};
/**
* Cast a sock_gnutls to a sock_stream.
*/
#define SOCK_GNUTLS_BASE(sock_ptr) (&(sock_ptr)->base_tcp.base)
/**
* Cast a sock_gnutls to a sock_tcp.
*/
#define SOCK_GNUTLS_TCP(sock_ptr) (&(sock_ptr)->base_tcp)
/**
* Get a pointer to the sock_gnutls's error_info.
*/
#define SOCK_GNUTLS_ERR(sock_ptr) SOCK_ERR(SOCK_GNUTLS_BASE(sock_ptr))
/**
* Initialize the global gnutls state
*/
err_t sock_gnutls_global_init (struct error_info *err);
/**
* Release the connection destructively, i.e. do not close it cleanly, just abort.
*/
void sock_gnutls_destroy (struct sock_gnutls *sock);
#endif /* SOCK_GNUTLS_H */