tlsprv.h

00001 /*
00002  * Copyright (c) 2005-2012 by KoanLogic s.r.l. <http://www.koanlogic.com>
00003  * All rights reserved.
00004  *
00005  * This file is part of KLone, and as such it is subject to the license stated
00006  * in the LICENSE file which you have received as part of this distribution.
00007  *
00008  * $Id: tlsprv.h,v 1.13 2008/03/26 09:02:24 tho Exp $
00009  */
00010 
00011 #ifndef _KLONE_TLS_PRV_H_
00012 #define _KLONE_TLS_PRV_H_
00013 
00014 #include "klone_conf.h"
00015 #ifdef SSL_ON
00016 
00017 #ifdef __cplusplus
00018 extern "C" {
00019 #endif
00020 
00021 /* (pseudo) unique data to feed the PRNG */
00022 struct tls_rand_seed_s 
00023 {
00024     pid_t pid;
00025     long t1, t2;
00026     void *stack;
00027 };
00028 
00029 typedef struct tls_rand_seed_s tls_rand_seed_t;
00030 
00031 /* SSL_CTX initialization parameters.  Mapping of "verify_client" configuration
00032  * directive to vmode is done in the following way:
00033  *  "none"      -> SSL_VERIFY_NONE
00034  *  "optional"  -> SSL_VERIFY_PEER
00035  *  "require"   -> SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT */
00036 struct tls_ctx_args_s
00037 {
00038     const char *cert;       /* server certificate file (PEM) */
00039     const char *key;        /* server private key (PEM) */
00040     const char *certchain;  /* Server Certificate Authorities (PEM) */
00041     const char *ca;         /* Client Certification Authorities file (PEM) */
00042     const char *crl;        /* Certificate Revocation List (PEM) */
00043     const char *dh;         /* Diffie-Hellman parameters (PEM) */
00044 #ifdef SSL_OPENSSL_PSK
00045     const char *pskdb;      /* Pre Shared Keys password file */
00046     int psk_is_hashed;      /* !0 if password is hashed (MD5), 0 if cleartext */
00047     const char *psk_hint;   /* PSK global hint (may be overridden locally) */
00048 #endif
00049     int crlopts;            /* CRL check mode: 'all' or 'client-only' */
00050     int depth;              /* max depth for the cert chain verification */
00051     int vmode;              /* SSL verification mode */
00052 };
00053 
00054 typedef struct tls_ctx_args_s tls_ctx_args_t;
00055 
00056 /* used by tls.c */
00057 #ifdef SSL_OPENSSL
00058 DH *get_dh1024 (void);
00059 BIO *bio_from_emb (const char *);
00060 BIO *tls_get_file_bio(const char *res_name);
00061 STACK_OF(X509_NAME) *tls_load_client_CA_file(const char *);
00062 #endif
00063 int tls_load_verify_locations(SSL_CTX *, const char *);
00064 int tls_use_certificate_file(SSL_CTX *, const char *, int);
00065 int tls_use_PrivateKey_file(SSL_CTX *, const char *, int);
00066 int tls_use_certificate_chain(SSL_CTX *, const char *, int, 
00067         int (*)(char *, int, int, void *));
00068 int tls_use_crls (SSL_CTX *ctx, tls_ctx_args_t *cargs);
00069 int tls_verify_cb (int ok, X509_STORE_CTX *ctx);
00070 char *tls_get_error (void);
00071 #ifdef SSL_OPENSSL_PSK
00072 int tls_psk_init (SSL_CTX *c, tls_ctx_args_t *cargs);
00073 #endif
00074 
00075 #ifdef __cplusplus
00076 }
00077 #endif 
00078 
00079 #endif /* SSL_ON */
00080 #endif /* _KLONE_TLS_PRV_H_ */