curl/lib/vquic/vquic-tls.h

#ifndef HEADER_CURL_VQUIC_TLS_H
#define HEADER_CURL_VQUIC_TLS_H
/***************************************************************************
 *                                  _   _ ____  _
 *  Project                     ___| | | |  _ \| |
 *                             / __| | | | |_) | |
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
 * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
 * are also available at https://curl.se/docs/copyright.html.
 *
 * You may opt to use, copy, modify, merge, publish, distribute and/or sell
 * copies of the Software, and permit persons to whom the Software is
 * furnished to do so, under the terms of the COPYING file.
 *
 * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
 * KIND, either express or implied.
 *
 * SPDX-License-Identifier: curl
 *
 ***************************************************************************/

#include "curl_setup.h"
#include "bufq.h"

#if defined(ENABLE_QUIC) && \
  (defined(USE_OPENSSL) || defined(USE_GNUTLS) || defined(USE_WOLFSSL))

struct quic_tls_ctx {
#ifdef USE_OPENSSL
  SSL_CTX *ssl_ctx;
  SSL *ssl;
#elif defined(USE_GNUTLS)
  struct gtls_instance *gtls;
#elif defined(USE_WOLFSSL)
  WOLFSSL_CTX *ssl_ctx;
  WOLFSSL *ssl;
#endif
  BIT(x509_store_setup);             /* if x509 store has been set up */
};

/**
 * Callback passed to `Curl_vquic_tls_init()` that can
 * do early initializations on the not otherwise configured TLS
 * instances created. This varies by TLS backend:
 * - openssl/wolfssl: SSL_CTX* has just been created
 * - gnutls: gtls_client_init() has run
 */
typedef CURLcode Curl_vquic_tls_ctx_setup(struct quic_tls_ctx *ctx,
                                          struct Curl_cfilter *cf,
                                          struct Curl_easy *data);

/**
 * Initialize the QUIC TLS instances based of the SSL configurations
 * for the connection filter, transfer and peer.
 * @param ctx         the TLS context to initialize
 * @param cf          the connection filter involved
 * @param data        the transfer involved
 * @param peer        the peer that will be connected to
 * @param alpn        the ALPN string in protocol format ((len+bytes+)+),
 *                    may be NULL
 * @param alpn_len    the overall number of bytes in `alpn`
 * @param ctx_setup   optional callback for very early TLS config
 * @param user_data   optional pointer to set in TLS application context
 */
CURLcode Curl_vquic_tls_init(struct quic_tls_ctx *ctx,
                             struct Curl_cfilter *cf,
                             struct Curl_easy *data,
                             struct ssl_peer *peer,
                             const char *alpn, size_t alpn_len,
                             Curl_vquic_tls_ctx_setup *ctx_setup,
                             void *user_data);

/**
 * Cleanup all data that has been initialized.
 */
void Curl_vquic_tls_cleanup(struct quic_tls_ctx *ctx);

CURLcode Curl_vquic_tls_before_recv(struct quic_tls_ctx *ctx,
                                    struct Curl_cfilter *cf,
                                    struct Curl_easy *data);

/**
 * After the QUIC basic handshake has been, verify that the peer
 * (and its certificate) fulfill our requirements.
 */
CURLcode Curl_vquic_tls_verify_peer(struct quic_tls_ctx *ctx,
                                    struct Curl_cfilter *cf,
                                    struct Curl_easy *data,
                                    struct ssl_peer *peer);

#endif /* !ENABLE_QUIC && (USE_OPENSSL || USE_GNUTLS || USE_WOLFSSL) */

#endif /* HEADER_CURL_VQUIC_TLS_H */