diff options
| author | defanor <defanor@uberspace.net> | 2021-09-19 22:05:38 +0300 |
|---|---|---|
| committer | defanor <defanor@uberspace.net> | 2021-09-19 22:05:38 +0300 |
| commit | c84f9e76d8e93c37b974c0fc64a6afdf432595cc (patch) | |
| tree | 0829e751c2d19d7752a8c785ac8c021bba1852ea /src/rexmpp_tls.h | |
| parent | 26745d3a4e21ecf46492445b9c0251d80890bf62 (diff) | |
Introduce OpenSSL and no-TLS options, in addition to GnuTLS
Also an option to require TLS is added.
There's no DANE TLSA checks with OpenSSL yet, TLS session resumptions
and ALPN aren't used with it; just basic connections with certificate
verification are added. And now SASL EXTERNAL authentication isn't
quite usable.
Diffstat (limited to 'src/rexmpp_tls.h')
| -rw-r--r-- | src/rexmpp_tls.h | 74 |
1 files changed, 74 insertions, 0 deletions
diff --git a/src/rexmpp_tls.h b/src/rexmpp_tls.h new file mode 100644 index 0000000..22515e3 --- /dev/null +++ b/src/rexmpp_tls.h @@ -0,0 +1,74 @@ +/** + @file rexmpp_tls.h + @brief TLS abstraction + @author defanor <defanor@uberspace.net> + @date 2021 + @copyright MIT license. + +These functions only alter the rexmpp structure's tls member (in +particular, they don't change other state variables), but use rexmpp_t +to write logs and read other values (including server socket). + +*/ + + +#ifndef REXMPP_TLS_H +#define REXMPP_TLS_H + +#include <stdint.h> + +#include "rexmpp.h" +#include "config.h" + +typedef struct rexmpp_tls rexmpp_tls_t; + +/** + @brief TLS operation results. +*/ +enum rexmpp_tls_err { + REXMPP_TLS_SUCCESS, + REXMPP_TLS_E_AGAIN, + REXMPP_TLS_E_OTHER +}; + +typedef enum rexmpp_tls_err rexmpp_tls_err_t; + +#if defined(USE_GNUTLS) +#include <gnutls/gnutls.h> +struct rexmpp_tls { + void *tls_session_data; + size_t tls_session_data_size; + gnutls_session_t gnutls_session; + gnutls_certificate_credentials_t gnutls_cred; +}; +#elif defined(USE_OPENSSL) +#include <openssl/ssl.h> +enum rexmpp_openssl_direction { + REXMPP_OPENSSL_NONE, + REXMPP_OPENSSL_READ, + REXMPP_OPENSSL_WRITE +}; +struct rexmpp_tls { + SSL_CTX *openssl_ctx; + SSL *openssl_conn; + enum rexmpp_openssl_direction openssl_direction; +}; +#else +struct rexmpp_tls { + int dummy; +}; +#endif + +int rexmpp_tls_init(rexmpp_t *s); +void rexmpp_tls_cleanup(rexmpp_t *s); +void rexmpp_tls_deinit(rexmpp_t *s); + +rexmpp_tls_err_t rexmpp_tls_connect(rexmpp_t *s); +rexmpp_tls_err_t rexmpp_tls_disconnect(rexmpp_t *s); + +rexmpp_tls_err_t rexmpp_tls_send(rexmpp_t *s, void *data, size_t data_size, ssize_t *written); +rexmpp_tls_err_t rexmpp_tls_recv(rexmpp_t *s, void *data, size_t data_size, ssize_t *received); + +int rexmpp_tls_fds(rexmpp_t *s, fd_set *read_fds, fd_set *write_fds); + +#endif |