#ifndef LIBQMSK_SSL_INTERNAL_H
#define LIBQMSK_SSL_INTERNAL_H
/**
* @file
*
* A sock_stream implementation using GnuTLS for SSL
*/
#include "ssl.h"
#include "tcp_internal.h"
#include <gnutls/gnutls.h>
/**
* GnuTLS library error codes
*/
enum ssl_error_code {
ERR_GNUTLS_NONE,
ERR_GNUTLS_CERT_ALLOC_CRED,
ERR_GNUTLS_GLOBAL_INIT,
ERR_GNUTLS_INIT,
ERR_GNUTLS_SET_DEFAULT_PRIORITY,
ERR_GNUTLS_CRED_SET,
ERR_GNUTLS_HANDSHAKE,
ERR_GNUTLS_RECORD_SEND,
ERR_GNUTLS_RECORD_RECV,
ERR_GNUTLS_RECORD_GET_DIRECTION,
ERR_GNUTLS_CERT_VERIFY_PEERS2,
ERR_GNUTLS_CERT_VERIFY,
ERR_GNUTLS_CERT_SET_X509_TRUST_FILE,
ERR_GNUTLS_CERT_SET_X509_KEY_FILE,
};
const struct error_list ssl_errors;
/**
* GnuTLS credentials for client sockets.
*/
struct ssl_client_cred {
/** Our client certificate */
gnutls_certificate_credentials_t x509;
/** Should we verify? */
bool verify;
/** Refcount from ssl_client */
int refcount;
};
/**
* Global anonymous x509 credentials
*/
extern struct ssl_client_cred ssl_client_cred_anon;
/*
* Our transport_type
*/
extern struct transport_type ssl_client_type;
/**
* An SSL-encrypted TCP connection, using libgnutls
*/
struct ssl_client {
/** The underlying TCP connection */
struct tcp_client base_tcp;
/** The hostname we connected to, for verification */
char *hostname;
/** The credentials we are using, unless anon */
struct ssl_client_cred *cred;
/** The GnuTLS session for this connection */
gnutls_session_t session;
/** Should we verify the peer cert? */
bool verify;
/** Are we running a handshake? */
bool handshake;
};
/**
* Initialize the global gnutls state
*/
err_t ssl_global_init (error_t *err);
#endif