blob: 9f621b89a6d5445f6c98a3992d302192687e4e6d [file] [log] [blame] [edit]
/*
* Copyright (C) Tildeslash Ltd. All rights reserved.
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License version 3.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
* In addition, as a special exception, the copyright holders give
* permission to link the code of portions of this program with the
* OpenSSL library under certain conditions as described in each
* individual source file, and distribute linked combinations
* including the two.
*
* You must obey the GNU Affero General Public License in all respects
* for all of the code used other than OpenSSL.
*/
#ifndef SSL_H
#define SSL_H
#include "config.h"
#ifdef HAVE_OPENSSL
#include <openssl/crypto.h>
#include <openssl/x509.h>
#include <openssl/pem.h>
#include <openssl/ssl.h>
#include <openssl/err.h>
#ifdef OPENSSL_FIPS
#include <openssl/fips.h>
#endif
#endif
#define SSL_VERSION_AUTO 0
#define SSL_VERSION_SSLV2 1
#define SSL_VERSION_SSLV3 2
#define SSL_VERSION_TLS 3
#define SSL_VERSION_NONE 4
/** Defines an SSL object */
typedef struct myssl {
int use_ssl; /**< TRUE if SSL is required for connection */
int version; /**< The SSL version to use for connection */
char *certmd5; /**< The expected md5 sum of the server's certificate */
char *clientpemfile; /**< Optional client certificate */
} Ssl_T;
#ifdef HAVE_OPENSSL
typedef struct my_ssl_connection {
int socket;
int accepted;
SSL *handler;
SSL_CTX *ctx;
X509 *cert;
SSL_METHOD *method;
BIO *socket_bio;
const char *cipher;
char *cert_subject;
char *cert_issuer;
unsigned char *cert_md5;
unsigned int cert_md5_len;
char *clientpemfile;
struct my_ssl_connection *prev;
struct my_ssl_connection *next;
} ssl_connection;
typedef struct my_ssl_server_connection {
int server_socket;
SSL_METHOD *method;
SSL_CTX *ctx;
char *pemfile;
char *clientpemfile;
ssl_connection *ssl_conn_list;
} ssl_server_connection;
#define have_ssl() 1
void stop_ssl();
int embed_ssl_socket(ssl_connection *, int);
int embed_accepted_ssl_socket(ssl_connection *, int);
int close_ssl_socket(ssl_connection *);
void close_accepted_ssl_socket(ssl_server_connection *, ssl_connection *);
void delete_ssl_socket(ssl_connection *);
void delete_ssl_server_socket(ssl_server_connection *);
int check_ssl_md5sum(ssl_connection *, char *);
int send_ssl_socket(ssl_connection *, void *, size_t, int);
int recv_ssl_socket(ssl_connection *, void *, int, int);
ssl_connection *new_ssl_connection(char *, int);
ssl_connection *insert_accepted_ssl_socket(ssl_server_connection *);
ssl_server_connection *init_ssl_server(char *, char *);
#ifdef OPENSSL_FIPS
void enable_fips_mode();
#endif
#else
typedef void ssl_connection;
typedef void ssl_server_connection;
/* dummy ssl functions */
#define have_ssl() 0
#define stop_ssl()
#define embed_ssl_socket(x, y) 0
#define embed_accepted_ssl_socket(x, y) 0
#define close_ssl_socket(x) 0
#define close_accepted_ssl_socket(x, y)
#define delete_ssl_socket(x)
#define delete_ssl_server_socket(x)
#define check_ssl_md5sum(x, y) 0
#define send_ssl_socket(a, b, c, d) 0
#define recv_ssl_socket(a, b, c, d) 0
#define new_ssl_connection(x, y) NULL
#define insert_accepted_ssl_socket(x) NULL
#define init_ssl_server(x, y) NULL
#endif
#endif