#ifndef LIBQMSK_SSL_INTERNAL_H
#define LIBQMSK_SSL_INTERNAL_H

/**
 * @file
 *
 * A sock_stream implementation using GnuTLS for SSL
 */
#include "ssl.h"
#include "tcp_internal.h"

#include <gnutls/gnutls.h>

/**
 * GnuTLS library error codes
 */
enum ssl_error_code {
    ERR_GNUTLS_NONE, 
    ERR_GNUTLS_CERT_ALLOC_CRED,
    ERR_GNUTLS_GLOBAL_INIT,
    ERR_GNUTLS_INIT,
    ERR_GNUTLS_SET_DEFAULT_PRIORITY,
    ERR_GNUTLS_CRED_SET,
    ERR_GNUTLS_HANDSHAKE,
    ERR_GNUTLS_RECORD_SEND,
    ERR_GNUTLS_RECORD_RECV,
    ERR_GNUTLS_RECORD_GET_DIRECTION,   
    ERR_GNUTLS_CERT_VERIFY_PEERS2,
    ERR_GNUTLS_CERT_VERIFY,
    ERR_GNUTLS_CERT_SET_X509_TRUST_FILE,
    ERR_GNUTLS_CERT_SET_X509_KEY_FILE,
};

const struct error_list ssl_errors;

/**
 * GnuTLS credentials for client sockets.
 */
struct ssl_client_cred {
    /** Our client certificate */
    gnutls_certificate_credentials_t x509;

    /** Should we verify? */
    bool verify;

    /** Refcount from ssl_client */
    int refcount;
};

/**
 * Global anonymous x509 credentials
 */
extern struct ssl_client_cred ssl_client_cred_anon;

/*
 * Our transport_type
 */
extern struct transport_type ssl_client_type;

/**
 * An SSL-encrypted TCP connection, using libgnutls
 */
struct ssl_client {
    /** The underlying TCP connection */
    struct tcp_client base_tcp;

    /** The hostname we connected to, for verification */
    char *hostname;

    /** The credentials we are using, unless anon */
    struct ssl_client_cred *cred;
    
    /** The GnuTLS session for this connection */
    gnutls_session_t session;

    /** Should we verify the peer cert? */
    bool verify;

    /** Are we running a handshake? */
    bool handshake;
};

/**
 * Initialize the global gnutls state
 */
err_t ssl_global_init (error_t *err);

#endif