Main Page | Modules | Data Structures | Directories | File List | Data Fields | Globals

tlsprv.h

00001 /*
00002  * Copyright (c) 2005, 2006 by KoanLogic s.r.l. <http://www.koanlogic.com>
00003  * All rights reserved.
00004  *
00005  * This file is part of KLone, and as such it is subject to the license stated
00006  * in the LICENSE file which you have received as part of this distribution.
00007  *
00008  * $Id: tlsprv.h,v 1.9 2007/08/08 22:42:51 tho Exp $
00009  */
00010 
00011 #ifndef _KLONE_TLS_PRV_H_
00012 #define _KLONE_TLS_PRV_H_
00013 
00014 #include "klone_conf.h"
00015 #ifdef  HAVE_LIBOPENSSL
00016 
00017 #ifdef __cplusplus
00018 extern "C" {
00019 #endif
00020 
00021 /* (pseudo) unique data to feed the PRNG */
00022 struct tls_rand_seed_s 
00023 {
00024     pid_t   pid;
00025     long    t1, t2;
00026     void    *stack;
00027 };
00028 
00029 typedef struct tls_rand_seed_s tls_rand_seed_t;
00030 
00031 /* SSL_CTX initialization parameters.  Mapping of "verify_client" configuration
00032  * directive to vmode is done in the following way:
00033  *  "none"      -> SSL_VERIFY_NONE
00034  *  "optional"  -> SSL_VERIFY_PEER
00035  *  "require"   -> SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT */
00036 struct tls_ctx_args_s
00037 {
00038     const char *cert;       /* server certificate file (PEM) */
00039     const char *key;        /* server private key (PEM) */
00040     const char *certchain;  /* Server Certificate Authorities (PEM) */
00041     const char *ca;         /* Client Certification Authorities file (PEM) */
00042     const char *crl;        /* Certificate Revocation List (PEM) */
00043     const char *dh;         /* Diffie-Hellman parameters (PEM) */
00044     int crlopts;            /* CRL check mode: 'all' or 'client-only' */
00045     int depth;              /* max depth for the cert chain verification */
00046     int vmode;              /* SSL verification mode */
00047 };
00048 
00049 typedef struct tls_ctx_args_s tls_ctx_args_t;
00050 
00051 /* used by tls.c */
00052 DH *get_dh1024 (void);
00053 BIO *bio_from_emb (const char *);
00054 int tls_load_verify_locations(SSL_CTX *, const char *);
00055 int tls_use_certificate_file(SSL_CTX *, const char *, int);
00056 int tls_use_PrivateKey_file(SSL_CTX *, const char *, int);
00057 int tls_use_certificate_chain(SSL_CTX *, const char *, int, 
00058         int (*)(char *, int, int, void *));
00059 int tls_use_crls (SSL_CTX *ctx, tls_ctx_args_t *cargs);
00060 BIO *tls_get_file_bio(const char *res_name);
00061 STACK_OF(X509_NAME) *tls_load_client_CA_file(const char *);
00062 int tls_verify_cb (int ok, X509_STORE_CTX *ctx);
00063 char *tls_get_error (void);
00064 
00065 #ifdef __cplusplus
00066 }
00067 #endif 
00068 
00069 #endif /* HAVE_LIBOPENSSL */
00070 #endif /* _KLONE_TLS_PRV_H_ */