vtls.h
Go to the documentation of this file.
00001 #ifndef HEADER_CURL_VTLS_H
00002 #define HEADER_CURL_VTLS_H
00003 /***************************************************************************
00004  *                                  _   _ ____  _
00005  *  Project                     ___| | | |  _ \| |
00006  *                             / __| | | | |_) | |
00007  *                            | (__| |_| |  _ <| |___
00008  *                             \___|\___/|_| \_\_____|
00009  *
00010  * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
00011  *
00012  * This software is licensed as described in the file COPYING, which
00013  * you should have received as part of this distribution. The terms
00014  * are also available at https://curl.haxx.se/docs/copyright.html.
00015  *
00016  * You may opt to use, copy, modify, merge, publish, distribute and/or sell
00017  * copies of the Software, and permit persons to whom the Software is
00018  * furnished to do so, under the terms of the COPYING file.
00019  *
00020  * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
00021  * KIND, either express or implied.
00022  *
00023  ***************************************************************************/
00024 #include "curl_setup.h"
00025 
00026 #include "openssl.h"        /* OpenSSL versions */
00027 #include "gtls.h"           /* GnuTLS versions */
00028 #include "nssg.h"           /* NSS versions */
00029 #include "gskit.h"          /* Global Secure ToolKit versions */
00030 #include "polarssl.h"       /* PolarSSL versions */
00031 #include "axtls.h"          /* axTLS versions */
00032 #include "cyassl.h"         /* CyaSSL versions */
00033 #include "schannel.h"       /* Schannel SSPI version */
00034 #include "darwinssl.h"      /* SecureTransport (Darwin) version */
00035 #include "mbedtls.h"        /* mbedTLS versions */
00036 
00037 #ifndef MAX_PINNED_PUBKEY_SIZE
00038 #define MAX_PINNED_PUBKEY_SIZE 1048576 /* 1MB */
00039 #endif
00040 
00041 #ifndef MD5_DIGEST_LENGTH
00042 #define MD5_DIGEST_LENGTH 16 /* fixed size */
00043 #endif
00044 
00045 #ifndef SHA256_DIGEST_LENGTH
00046 #define SHA256_DIGEST_LENGTH 32 /* fixed size */
00047 #endif
00048 
00049 /* see https://tools.ietf.org/html/draft-ietf-tls-applayerprotoneg-04 */
00050 #define ALPN_HTTP_1_1_LENGTH 8
00051 #define ALPN_HTTP_1_1 "http/1.1"
00052 
00053 /* set of helper macros for the backends to access the correct fields. For the
00054    proxy or for the remote host - to properly support HTTPS proxy */
00055 
00056 #define SSL_IS_PROXY() (CURLPROXY_HTTPS == conn->http_proxy.proxytype && \
00057   ssl_connection_complete != conn->proxy_ssl[conn->sock[SECONDARYSOCKET] == \
00058   CURL_SOCKET_BAD ? FIRSTSOCKET : SECONDARYSOCKET].state)
00059 #define SSL_SET_OPTION(var) (SSL_IS_PROXY() ? data->set.proxy_ssl.var : \
00060                              data->set.ssl.var)
00061 #define SSL_CONN_CONFIG(var) (SSL_IS_PROXY() ?          \
00062   conn->proxy_ssl_config.var : conn->ssl_config.var)
00063 
00064 bool Curl_ssl_config_matches(struct ssl_primary_config* data,
00065                              struct ssl_primary_config* needle);
00066 bool Curl_clone_primary_ssl_config(struct ssl_primary_config *source,
00067                                    struct ssl_primary_config *dest);
00068 void Curl_free_primary_ssl_config(struct ssl_primary_config* sslc);
00069 int Curl_ssl_getsock(struct connectdata *conn, curl_socket_t *socks,
00070                      int numsocks);
00071 
00072 int Curl_ssl_backend(void);
00073 
00074 #ifdef USE_SSL
00075 int Curl_ssl_init(void);
00076 void Curl_ssl_cleanup(void);
00077 CURLcode Curl_ssl_connect(struct connectdata *conn, int sockindex);
00078 CURLcode Curl_ssl_connect_nonblocking(struct connectdata *conn,
00079                                       int sockindex,
00080                                       bool *done);
00081 /* tell the SSL stuff to close down all open information regarding
00082    connections (and thus session ID caching etc) */
00083 void Curl_ssl_close_all(struct Curl_easy *data);
00084 void Curl_ssl_close(struct connectdata *conn, int sockindex);
00085 CURLcode Curl_ssl_shutdown(struct connectdata *conn, int sockindex);
00086 CURLcode Curl_ssl_set_engine(struct Curl_easy *data, const char *engine);
00087 /* Sets engine as default for all SSL operations */
00088 CURLcode Curl_ssl_set_engine_default(struct Curl_easy *data);
00089 struct curl_slist *Curl_ssl_engines_list(struct Curl_easy *data);
00090 
00091 /* init the SSL session ID cache */
00092 CURLcode Curl_ssl_initsessions(struct Curl_easy *, size_t);
00093 size_t Curl_ssl_version(char *buffer, size_t size);
00094 bool Curl_ssl_data_pending(const struct connectdata *conn,
00095                            int connindex);
00096 int Curl_ssl_check_cxn(struct connectdata *conn);
00097 
00098 /* Certificate information list handling. */
00099 
00100 void Curl_ssl_free_certinfo(struct Curl_easy *data);
00101 CURLcode Curl_ssl_init_certinfo(struct Curl_easy *data, int num);
00102 CURLcode Curl_ssl_push_certinfo_len(struct Curl_easy *data, int certnum,
00103                                     const char *label, const char *value,
00104                                     size_t valuelen);
00105 CURLcode Curl_ssl_push_certinfo(struct Curl_easy *data, int certnum,
00106                                 const char *label, const char *value);
00107 
00108 /* Functions to be used by SSL library adaptation functions */
00109 
00110 /* Lock session cache mutex.
00111  * Call this before calling other Curl_ssl_*session* functions
00112  * Caller should unlock this mutex as soon as possible, as it may block
00113  * other SSL connection from making progress.
00114  * The purpose of explicitly locking SSL session cache data is to allow
00115  * individual SSL engines to manage session lifetime in their specific way.
00116  */
00117 void Curl_ssl_sessionid_lock(struct connectdata *conn);
00118 
00119 /* Unlock session cache mutex */
00120 void Curl_ssl_sessionid_unlock(struct connectdata *conn);
00121 
00122 /* extract a session ID
00123  * Sessionid mutex must be locked (see Curl_ssl_sessionid_lock).
00124  * Caller must make sure that the ownership of returned sessionid object
00125  * is properly taken (e.g. its refcount is incremented
00126  * under sessionid mutex).
00127  */
00128 bool Curl_ssl_getsessionid(struct connectdata *conn,
00129                            void **ssl_sessionid,
00130                            size_t *idsize, /* set 0 if unknown */
00131                            int sockindex);
00132 /* add a new session ID
00133  * Sessionid mutex must be locked (see Curl_ssl_sessionid_lock).
00134  * Caller must ensure that it has properly shared ownership of this sessionid
00135  * object with cache (e.g. incrementing refcount on success)
00136  */
00137 CURLcode Curl_ssl_addsessionid(struct connectdata *conn,
00138                                void *ssl_sessionid,
00139                                size_t idsize,
00140                                int sockindex);
00141 /* Kill a single session ID entry in the cache
00142  * Sessionid mutex must be locked (see Curl_ssl_sessionid_lock).
00143  * This will call engine-specific curlssl_session_free function, which must
00144  * take sessionid object ownership from sessionid cache
00145  * (e.g. decrement refcount).
00146  */
00147 void Curl_ssl_kill_session(struct curl_ssl_session *session);
00148 /* delete a session from the cache
00149  * Sessionid mutex must be locked (see Curl_ssl_sessionid_lock).
00150  * This will call engine-specific curlssl_session_free function, which must
00151  * take sessionid object ownership from sessionid cache
00152  * (e.g. decrement refcount).
00153  */
00154 void Curl_ssl_delsessionid(struct connectdata *conn, void *ssl_sessionid);
00155 
00156 /* get N random bytes into the buffer */
00157 CURLcode Curl_ssl_random(struct Curl_easy *data, unsigned char *buffer,
00158                          size_t length);
00159 CURLcode Curl_ssl_md5sum(unsigned char *tmp, /* input */
00160                          size_t tmplen,
00161                          unsigned char *md5sum, /* output */
00162                          size_t md5len);
00163 /* Check pinned public key. */
00164 CURLcode Curl_pin_peer_pubkey(struct Curl_easy *data,
00165                               const char *pinnedpubkey,
00166                               const unsigned char *pubkey, size_t pubkeylen);
00167 
00168 bool Curl_ssl_cert_status_request(void);
00169 
00170 bool Curl_ssl_false_start(void);
00171 
00172 #define SSL_SHUTDOWN_TIMEOUT 10000 /* ms */
00173 
00174 #else
00175 /* Set the API backend definition to none */
00176 #define CURL_SSL_BACKEND CURLSSLBACKEND_NONE
00177 
00178 /* When SSL support is not present, just define away these function calls */
00179 #define Curl_ssl_init() 1
00180 #define Curl_ssl_cleanup() Curl_nop_stmt
00181 #define Curl_ssl_connect(x,y) CURLE_NOT_BUILT_IN
00182 #define Curl_ssl_close_all(x) Curl_nop_stmt
00183 #define Curl_ssl_close(x,y) Curl_nop_stmt
00184 #define Curl_ssl_shutdown(x,y) CURLE_NOT_BUILT_IN
00185 #define Curl_ssl_set_engine(x,y) CURLE_NOT_BUILT_IN
00186 #define Curl_ssl_set_engine_default(x) CURLE_NOT_BUILT_IN
00187 #define Curl_ssl_engines_list(x) NULL
00188 #define Curl_ssl_send(a,b,c,d,e) -1
00189 #define Curl_ssl_recv(a,b,c,d,e) -1
00190 #define Curl_ssl_initsessions(x,y) CURLE_OK
00191 #define Curl_ssl_version(x,y) 0
00192 #define Curl_ssl_data_pending(x,y) 0
00193 #define Curl_ssl_check_cxn(x) 0
00194 #define Curl_ssl_free_certinfo(x) Curl_nop_stmt
00195 #define Curl_ssl_connect_nonblocking(x,y,z) CURLE_NOT_BUILT_IN
00196 #define Curl_ssl_kill_session(x) Curl_nop_stmt
00197 #define Curl_ssl_random(x,y,z) ((void)x, CURLE_NOT_BUILT_IN)
00198 #define Curl_ssl_cert_status_request() FALSE
00199 #define Curl_ssl_false_start() FALSE
00200 #endif
00201 
00202 #endif /* HEADER_CURL_VTLS_H */

rc_visard_driver
Author(s): Heiko Hirschmueller , Christian Emmerich , Felix Ruess
autogenerated on Thu Jun 6 2019 20:43:07