1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
|
/*
SSL interface definitions internal to neon.
Copyright (C) 2003-2005, 2008, 2009, Joe Orton <joe@manyfish.co.uk>
Copyright (C) 2004, Aleix Conchillo Flaque <aleix@member.fsf.org>
This library is free software; you can redistribute it and/or
modify it under the terms of the GNU Library General Public
License as published by the Free Software Foundation; either
version 2 of the License, or (at your option) any later version.
This library is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
Library General Public License for more details.
You should have received a copy of the GNU Library General Public
License along with this library; if not, write to the Free
Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
MA 02111-1307, USA
*/
/* THIS IS NOT A PUBLIC INTERFACE. You CANNOT include this header file
* from an application. */
#ifndef NE_PRIVSSL_H
#define NE_PRIVSSL_H
/* This is the private interface between ne_socket, ne_gnutls and
* ne_openssl. */
#include "ne_ssl.h"
#include "ne_socket.h"
#ifdef HAVE_OPENSSL
#include <openssl/ssl.h>
struct ne_ssl_context_s {
SSL_CTX *ctx;
SSL_SESSION *sess;
const char *hostname; /* for SNI */
int failures; /* bitmask of exposed failure bits. */
};
typedef SSL *ne_ssl_socket;
/* Create a clicert object from cert DER {der, der_len}, using given
* RSA_METHOD for the RSA object. */
NE_PRIVATE ne_ssl_client_cert *
ne__ssl_clicert_exkey_import(const unsigned char *der,
size_t der_len,
const RSA_METHOD *method);
#endif /* HAVE_OPENSSL */
#ifdef HAVE_GNUTLS
#include <gnutls/gnutls.h>
#ifdef HAVE_GNUTLS_PRIVKEY_IMPORT_EXT
#include <gnutls/abstract.h>
#endif
struct ne_ssl_context_s {
gnutls_certificate_credentials_t cred;
int verify; /* non-zero if client cert verification required */
const char *hostname; /* for SNI */
/* Session cache. */
union ne_ssl_scache {
struct {
gnutls_datum_t key, data;
} server;
#if defined(HAVE_GNUTLS_SESSION_GET_DATA2)
gnutls_datum_t client;
#else
struct {
char *data;
size_t len;
} client;
#endif
} cache;
};
typedef gnutls_session_t ne_ssl_socket;
NE_PRIVATE ne_ssl_client_cert *
ne__ssl_clicert_exkey_import(const unsigned char *der, size_t der_len,
gnutls_privkey_sign_func sign_func, void *userdata);
#endif /* HAVE_GNUTLS */
#ifdef NE_HAVE_SSL
NE_PRIVATE ne_ssl_socket ne__sock_sslsock(ne_socket *sock);
/* Process-global initialization of the SSL library; returns non-zero
* on error. */
NE_PRIVATE int ne__ssl_init(void);
/* Process-global de-initialization of the SSL library. */
NE_PRIVATE void ne__ssl_exit(void);
#endif
#endif /* NE_PRIVSSL_H */
|