2
0

openssl.h 4.7 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121
  1. #ifndef HEADER_CURL_SSLUSE_H
  2. #define HEADER_CURL_SSLUSE_H
  3. /***************************************************************************
  4. * _ _ ____ _
  5. * Project ___| | | | _ \| |
  6. * / __| | | | |_) | |
  7. * | (__| |_| | _ <| |___
  8. * \___|\___/|_| \_\_____|
  9. *
  10. * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  11. *
  12. * This software is licensed as described in the file COPYING, which
  13. * you should have received as part of this distribution. The terms
  14. * are also available at https://curl.se/docs/copyright.html.
  15. *
  16. * You may opt to use, copy, modify, merge, publish, distribute and/or sell
  17. * copies of the Software, and permit persons to whom the Software is
  18. * furnished to do so, under the terms of the COPYING file.
  19. *
  20. * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
  21. * KIND, either express or implied.
  22. *
  23. * SPDX-License-Identifier: curl
  24. *
  25. ***************************************************************************/
  26. #include "curl_setup.h"
  27. #ifdef USE_OPENSSL
  28. /*
  29. * This header should only be needed to get included by vtls.c, openssl.c
  30. * and ngtcp2.c
  31. */
  32. #include <openssl/ossl_typ.h>
  33. #include <openssl/ssl.h>
  34. #include "urldata.h"
  35. /* Struct to hold a Curl OpenSSL instance */
  36. struct ossl_ctx {
  37. /* these ones requires specific SSL-types */
  38. SSL_CTX* ssl_ctx;
  39. SSL* ssl;
  40. X509* server_cert;
  41. BIO_METHOD *bio_method;
  42. CURLcode io_result; /* result of last BIO cfilter operation */
  43. #ifndef HAVE_KEYLOG_CALLBACK
  44. /* Set to true once a valid keylog entry has been created to avoid dupes. */
  45. BIT(keylog_done);
  46. #endif
  47. BIT(x509_store_setup); /* x509 store has been set up */
  48. BIT(reused_session); /* session-ID was reused for this */
  49. };
  50. typedef CURLcode Curl_ossl_ctx_setup_cb(struct Curl_cfilter *cf,
  51. struct Curl_easy *data,
  52. void *user_data);
  53. typedef int Curl_ossl_new_session_cb(SSL *ssl, SSL_SESSION *ssl_sessionid);
  54. CURLcode Curl_ossl_ctx_init(struct ossl_ctx *octx,
  55. struct Curl_cfilter *cf,
  56. struct Curl_easy *data,
  57. struct ssl_peer *peer,
  58. int transport, /* TCP or QUIC */
  59. const unsigned char *alpn, size_t alpn_len,
  60. Curl_ossl_ctx_setup_cb *cb_setup,
  61. void *cb_user_data,
  62. Curl_ossl_new_session_cb *cb_new_session,
  63. void *ssl_user_data);
  64. #if (OPENSSL_VERSION_NUMBER < 0x30000000L)
  65. #define SSL_get1_peer_certificate SSL_get_peer_certificate
  66. #endif
  67. CURLcode Curl_ossl_verifyhost(struct Curl_easy *data, struct connectdata *conn,
  68. struct ssl_peer *peer, X509 *server_cert);
  69. extern const struct Curl_ssl Curl_ssl_openssl;
  70. CURLcode Curl_ossl_set_client_cert(struct Curl_easy *data,
  71. SSL_CTX *ctx, char *cert_file,
  72. const struct curl_blob *cert_blob,
  73. const char *cert_type, char *key_file,
  74. const struct curl_blob *key_blob,
  75. const char *key_type, char *key_passwd);
  76. CURLcode Curl_ossl_certchain(struct Curl_easy *data, SSL *ssl);
  77. /**
  78. * Setup the OpenSSL X509_STORE in `ssl_ctx` for the cfilter `cf` and
  79. * easy handle `data`. Will allow reuse of a shared cache if suitable
  80. * and configured.
  81. */
  82. CURLcode Curl_ssl_setup_x509_store(struct Curl_cfilter *cf,
  83. struct Curl_easy *data,
  84. SSL_CTX *ssl_ctx);
  85. CURLcode Curl_ossl_ctx_configure(struct Curl_cfilter *cf,
  86. struct Curl_easy *data,
  87. SSL_CTX *ssl_ctx);
  88. /*
  89. * Add a new session to the cache. Takes ownership of the session.
  90. */
  91. CURLcode Curl_ossl_add_session(struct Curl_cfilter *cf,
  92. struct Curl_easy *data,
  93. const struct ssl_peer *peer,
  94. SSL_SESSION *ssl_sessionid);
  95. /*
  96. * Get the server cert, verify it and show it, etc., only call failf() if
  97. * ssl config verifypeer or -host is set. Otherwise all this is for
  98. * informational purposes only!
  99. */
  100. CURLcode Curl_oss_check_peer_cert(struct Curl_cfilter *cf,
  101. struct Curl_easy *data,
  102. struct ossl_ctx *octx,
  103. struct ssl_peer *peer);
  104. #endif /* USE_OPENSSL */
  105. #endif /* HEADER_CURL_SSLUSE_H */