tls: introduce a wrap function

Introduce `git_tls_stream_wrap` which will take an existing `stream`
with an already connected socket and begin speaking TLS on top of it.
This is useful if you've built a connection to a proxy server and you
wish to begin CONNECT over it to tunnel a TLS connection.

Also update the pluggable TLS stream layer so that it can accept a
registration structure that provides an `init` and `wrap` function,
instead of a single initialization function.

1 files changed, 15 insertions, 4 deletions

diff --git a/src/streams/tls.h b/src/streams/tls.h
index 6d110e8ad..00c6e0b56 100644
--- a/src/streams/tls.h
+++ b/src/streams/tls.h
@@ -11,13 +11,24 @@
 
 #include "git2/sys/stream.h"
 
+/** Configure TLS stream functions. */
+int git_tls_stream_global_init(void);
+
 /**
  * Create a TLS stream with the most appropriate backend available for
- * the current platform.
- *
- * This allows us to ask for a SecureTransport or OpenSSL stream
- * according to being on general Unix vs OS X.
+ * the current platform, whether that's SecureTransport on macOS,
+ * OpenSSL or mbedTLS on other Unixes, or something else entirely.
  */
 extern int git_tls_stream_new(git_stream **out, const char *host, const char *port);
 
+/**
+ * Create a TLS stream on top of an existing insecure stream, using
+ * the most appropriate backend available for the current platform.
+ *
+ * This allows us to create a CONNECT stream on top of a proxy;
+ * using SecureTransport on macOS, OpenSSL or mbedTLS on other
+ * Unixes, or something else entirely.
+ */
+extern int git_tls_stream_wrap(git_stream **out, git_stream *in, const char *host);
+
 #endif