gtls.h (4873B)
1 #ifndef HEADER_CURL_GTLS_H 2 #define HEADER_CURL_GTLS_H 3 /*************************************************************************** 4 * _ _ ____ _ 5 * Project ___| | | | _ \| | 6 * / __| | | | |_) | | 7 * | (__| |_| | _ <| |___ 8 * \___|\___/|_| \_\_____| 9 * 10 * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al. 11 * 12 * This software is licensed as described in the file COPYING, which 13 * you should have received as part of this distribution. The terms 14 * are also available at https://curl.se/docs/copyright.html. 15 * 16 * You may opt to use, copy, modify, merge, publish, distribute and/or sell 17 * copies of the Software, and permit persons to whom the Software is 18 * furnished to do so, under the terms of the COPYING file. 19 * 20 * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY 21 * KIND, either express or implied. 22 * 23 * SPDX-License-Identifier: curl 24 * 25 ***************************************************************************/ 26 27 #include "../curl_setup.h" 28 #include <curl/curl.h> 29 30 #ifdef USE_GNUTLS 31 32 #include <gnutls/gnutls.h> 33 #include "../curlx/timeval.h" 34 35 #ifdef HAVE_GNUTLS_SRP 36 /* the function exists */ 37 #ifdef USE_TLS_SRP 38 /* the functionality is not disabled */ 39 #define USE_GNUTLS_SRP 40 #endif 41 #endif 42 43 struct Curl_easy; 44 struct Curl_cfilter; 45 struct alpn_spec; 46 struct ssl_primary_config; 47 struct ssl_config_data; 48 struct ssl_peer; 49 struct ssl_connect_data; 50 struct Curl_ssl_session; 51 52 int Curl_glts_get_ietf_proto(gnutls_session_t session); 53 54 struct gtls_shared_creds { 55 gnutls_certificate_credentials_t creds; 56 char *CAfile; /* CAfile path used to generate X509 store */ 57 struct curltime time; /* when the shared creds was created */ 58 size_t refcount; 59 BIT(trust_setup); /* x509 anchors + CRLs have been set up */ 60 }; 61 62 CURLcode Curl_gtls_shared_creds_create(struct Curl_easy *data, 63 struct gtls_shared_creds **pcreds); 64 CURLcode Curl_gtls_shared_creds_up_ref(struct gtls_shared_creds *creds); 65 void Curl_gtls_shared_creds_free(struct gtls_shared_creds **pcreds); 66 67 struct gtls_ctx { 68 gnutls_session_t session; 69 struct gtls_shared_creds *shared_creds; 70 #ifdef USE_GNUTLS_SRP 71 gnutls_srp_client_credentials_t srp_client_cred; 72 #endif 73 CURLcode io_result; /* result of last IO cfilter operation */ 74 BIT(sent_shutdown); 75 }; 76 77 size_t Curl_gtls_version(char *buffer, size_t size); 78 79 typedef CURLcode Curl_gtls_ctx_setup_cb(struct Curl_cfilter *cf, 80 struct Curl_easy *data, 81 void *user_data); 82 83 typedef CURLcode Curl_gtls_init_session_reuse_cb(struct Curl_cfilter *cf, 84 struct Curl_easy *data, 85 struct alpn_spec *alpns, 86 struct Curl_ssl_session *scs, 87 bool *do_early_data); 88 89 CURLcode Curl_gtls_ctx_init(struct gtls_ctx *gctx, 90 struct Curl_cfilter *cf, 91 struct Curl_easy *data, 92 struct ssl_peer *peer, 93 const struct alpn_spec *alpns, 94 Curl_gtls_ctx_setup_cb *cb_setup, 95 void *cb_user_data, 96 void *ssl_user_data, 97 Curl_gtls_init_session_reuse_cb *sess_reuse_cb); 98 99 CURLcode Curl_gtls_client_trust_setup(struct Curl_cfilter *cf, 100 struct Curl_easy *data, 101 struct gtls_ctx *gtls); 102 103 CURLcode Curl_gtls_verifyserver(struct Curl_easy *data, 104 gnutls_session_t session, 105 struct ssl_primary_config *config, 106 struct ssl_config_data *ssl_config, 107 struct ssl_peer *peer, 108 const char *pinned_key); 109 110 /* Extract TLS session and place in cache, if configured. */ 111 CURLcode Curl_gtls_cache_session(struct Curl_cfilter *cf, 112 struct Curl_easy *data, 113 const char *ssl_peer_key, 114 gnutls_session_t session, 115 curl_off_t valid_until, 116 const char *alpn, 117 unsigned char *quic_tp, 118 size_t quic_tp_len); 119 120 /* Report properties of a successful handshake */ 121 void Curl_gtls_report_handshake(struct Curl_easy *data, 122 struct gtls_ctx *gctx); 123 124 extern const struct Curl_ssl Curl_ssl_gnutls; 125 126 #endif /* USE_GNUTLS */ 127 #endif /* HEADER_CURL_GTLS_H */