1 /* 2 * Advanced Exchange Access (AXA) send, receive, or validate SRA data 3 * 4 * Copyright (c) 2014-2018 by Farsight Security, Inc. 5 * 6 * Licensed under the Apache License, Version 2.0 (the "License"); 7 * you may not use this file except in compliance with the License. 8 * You may obtain a copy of the License at 9 * 10 * http://www.apache.org/licenses/LICENSE-2.0 11 * 12 * Unless required by applicable law or agreed to in writing, software 13 * distributed under the License is distributed on an "AS IS" BASIS, 14 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 15 * See the License for the specific language governing permissions and 16 * limitations under the License. 17 */ 18 19 #ifndef AXA_WIRE_H 20 #define AXA_WIRE_H 21 22 /** 23 * \defgroup axa_wire axa_wire 24 * 25 * `axa_wire` is an interface for wire protocol data types and function 26 * declarations. 27 * 28 * @{ 29 */ 30 31 #include <axa/axa.h> 32 #include <axa/protocol.h> 33 34 #include <nmsg.h> 35 36 #include <openssl/ssl.h> 37 38 /** 39 * Parse an AXA watch definition. 40 * If there is a problem, the function will return false and emsg->c will 41 * contain a relevant error message -- except when the watch makes no sense. 42 * In that case, emsg->c[0] == '\0'. 43 * 44 * \param[out] emsg the reason if something went wrong 45 * \param[out] watch parsed result 46 * \param[out] watch_len sizeof(*watch) - sizeof(watch->pat); 47 * \param[in] arg user specified string to watch for, must be NULL terminated 48 * 49 * \retval true success 50 * \retval false error; check emsg 51 */ 52 extern bool axa_parse_watch(axa_emsg_t *emsg, 53 axa_p_watch_t *watch, size_t *watch_len, 54 const char *arg); 55 56 /** 57 * Parse a RAD watch definition. 58 * If there is a problem, the function will return false and emsg->c will 59 * contain a relevant error message -- except when the watch is unrecognized. 60 * In that case, emsg->c[0] == '\0'. 61 * 62 * \param[out] emsg if something goes wrong, this will contain the reason 63 * \param[out] watch parsed result 64 * \param[out] watch_len sizeof(*watch) - sizeof(watch->pat); 65 * \param[in] arg user specified string to watch for, must be NULL terminated 66 * 67 * \retval true success 68 * \retval false error, check emsg 69 */ 70 extern bool axa_parse_rad_watch(axa_emsg_t *emsg, 71 axa_p_watch_t *watch, size_t *watch_len, 72 const char *arg); 73 74 /** 75 * Parse an AXA anomaly detection module definition. 76 * 77 * If there is a problem, the function will return false and emsg->c will 78 * contain a relevant error message -- except when the watch is unrecognized. 79 * In that case, emsg->c[0] == '\0'. 80 * 81 * \param[out] emsg if something goes wrong, this will contain the reason 82 * \param[out] anom parsed result 83 * \param[out] anom_len sizeof(*watch) - sizeof(watch->pat); 84 * \param[in] arg user specified string to watch for, must be NULL terminated 85 * 86 * \retval true success 87 * \retval false error, check emsg 88 */ 89 extern bool axa_parse_anom(axa_emsg_t *emsg, 90 axa_p_anom_t *anom, size_t *anom_len, 91 const char *arg); 92 93 /** 94 * Convert a network address to its string equivalent 95 * 96 * \param[out] buf will hold the watch string 97 * \param[in] buf_len length of buf 98 * \param[in] af the address family 99 * \param[in] addr the address to convert 100 * \param[in] alen size of the addr parameter 101 * \param[in] prefix address prefix length 102 * 103 * \return buf 104 */ 105 extern char *axa_watch_ip_to_str(char *buf, size_t buf_len, 106 int af, const void *addr, size_t alen, uint prefix); 107 108 /** 109 * Convert a watch to its string equivalent 110 * 111 * \param[out] buf will hold the watch string 112 * \param[in] buf_len length of buf 113 * \param[in] watch the watch to convert 114 * \param[in] watch_len size of the watch parameter 115 * 116 * \return buf 117 */ 118 extern char *axa_watch_to_str(char *buf, size_t buf_len, 119 const axa_p_watch_t *watch, size_t watch_len); 120 121 /** maximum human readable tag string length */ 122 #define AXA_TAG_STRLEN 10 123 124 /** 125 * Convert AXA tag to its string equivalent. If the tag is #AXA_TAG_NONE, buf 126 * will contain "*". 127 * 128 * \param[out] buf will hold the tag string 129 * \param[in] buf_len length of buf (should be AXA_TAG_STRLEN) 130 * \param[in] tag the AXA tag value 131 * 132 * \return buf 133 */ 134 extern const char *axa_tag_to_str(char *buf, size_t buf_len, axa_tag_t tag); 135 136 /** maximum buffer size for text representations of AXA opcodes */ 137 #define AXA_P_OP_STRLEN 20 138 139 /** 140 * Convert AXA opcode to its string equivalent. If the opcode is unknown to 141 * AXA, the buffer will contain the string "unknown op n". 142 * 143 * \param[out] buf will hold the opcode string 144 * \param[in] buf_len length of buf (should be #AXA_P_OP_STRLEN) 145 * \param[in] op the opcode to look up 146 * 147 * \return buf 148 */ 149 extern const char *axa_op_to_str(char *buf, size_t buf_len, axa_p_op_t op); 150 151 /** 152 * Convert AXA option type to its string equivalent. If the opcode is 153 * unknown to AXA, the buffer will contain the string 154 * "unknown option type #n". 155 * 156 * \param[out] buf will hold the option type string 157 * \param[in] buflen length of buf (should be #AXA_P_OP_STRLEN) 158 * \param[in] opt the option type to look up 159 * 160 * \return buf 161 */ 162 extern const char * axa_opt_to_str(char *buf, size_t buflen, axa_p_opt_type_t opt); 163 164 /** 165 * Convert AXA tag and opcode to their string equivalents separated by ' '. 166 * 167 * \param[out] buf for the result 168 * \param[in] buf_len length of buf (should be #AXA_P_OP_STRLEN) 169 * \param[in] tag the tag to convert 170 * \param[in] op the opcode to convert 171 * 172 * \return buf 173 */ 174 extern const char *axa_tag_op_to_str(char *buf, size_t buf_len, 175 axa_tag_t tag, axa_p_op_t op); 176 177 /** 178 * Parse a raw IP datagram. 179 * 180 * \param[in] pkt_data IP datagram 181 * \param[in] caplen captured length of the packet 182 * \param[in] ch host byte order SIE channel on which it arrived 183 * \param[out] dst buffer for destination address and port number 184 * \param[out] src buffer for destination address and port number 185 * \param[out] cmt buffer for error messages, optional protocol name,or 186 * other optional comments; always '\0' terminated 187 * \param[in] cmt_len length of cmt; 80 is good 188 * 189 * \retval true found something to decode into the src and dst buffers 190 * \retval false only the cmt buffer is set 191 */ 192 extern bool axa_ipdg_parse(const uint8_t *pkt_data, size_t caplen, 193 axa_p_ch_t ch, axa_socku_t *dst, axa_socku_t *src, 194 char *cmt, size_t cmt_len); 195 196 197 /* "dns=" *. NS_MAXDNAME AXA_P_WATCH_STR_SHARED '\0' */ 198 /** Maximum buffer or string length from axa_p_to_str() */ 199 #define AXA_P_STRLEN (sizeof("dns=")-1+2+1025+1 \ 200 +sizeof(AXA_P_WATCH_STR_SHARED)+1) 201 202 /** 203 * Convert AXA protocol message to a string representation. 204 * Return NULL if the protocol message is invalid. 205 * 206 * \param[out] buf will hold the message string 207 * \param[in] buf_len length of buf (should be AXA_P_STRLEN) 208 * \param[in] print_op if true, prepend the tag and opcode to string 209 * \param[in] hdr protocol header 210 * \param[in] cmd AXA command to parse into a string 211 * 212 * \return buf 213 */ 214 extern char *axa_p_to_str(char *buf, size_t buf_len, bool print_op, 215 const axa_p_hdr_t *hdr, const axa_p_body_t *cmd); 216 217 /** 218 * AXA protocol data direction, to or from SRA or RAD server 219 */ 220 typedef enum { 221 AXA_P_TO_SRA, /**< To SRA server */ 222 AXA_P_FROM_SRA, /**< From SRA server */ 223 AXA_P_TO_RAD, /**< To RAD server */ 224 AXA_P_FROM_RAD /**< From RAD server */ 225 } axa_p_direction_t; 226 227 /** 228 * Check the header of an AXA message. Return false if 229 * the header is invalid. 230 * 231 * \param[out] emsg the reason if the return value is false 232 * \param[in] hdr AXA protocol header (will be filled in) 233 * \param[in] label label for error message 234 * \param[in] dir direction of header for error message 235 * 236 * \return bool header is ok 237 */ 238 extern bool 239 axa_ck_hdr(axa_emsg_t *emsg, const axa_p_hdr_t *hdr, 240 const char *label, axa_p_direction_t dir); 241 242 /** 243 * Populate an AXA header including converting to wire byte order. 244 * 245 * \param[out] emsg the reason if the return value is 0 246 * \param[out] hdr AXA protocol header (will be filled in) 247 * \param[in] pvers protocol version 248 * \param[in] tag AXA tag 249 * \param[in] op AXA opcode 250 * \param[in] b1_len length of first message body (if any) 251 * \param[in] b2_len length of second message body (if any) 252 * \param[in] dir the direction of the flow (to/from SRA to to/from RAD) 253 * 254 * \return 0 for bad parameters or total length of AXA message or 255 * sizeof(hdr)+b1_len+b2_len in wire byte order 256 */ 257 extern size_t axa_make_hdr(axa_emsg_t *emsg, axa_p_hdr_t *hdr, 258 axa_p_pvers_t pvers, axa_tag_t tag, axa_p_op_t op, 259 size_t b1_len, size_t b2_len, axa_p_direction_t dir); 260 261 /** 262 * Sanity check the body of an AXA message 263 * 264 * Depending on the opcode, function checks such things as NULL 265 * termination on strings, sane channel numbers, legal options, watch 266 * semantics, etc. 267 * 268 * \param[out] emsg if something goes wrong, this will contain the reason 269 * \param[in] op opcode 270 * \param[in] body message body 271 * \param[in] body_len message body length 272 * 273 * \retval true message is legal 274 * \retval false something's wrong, check emsg 275 */ 276 extern bool axa_ck_body(axa_emsg_t *emsg, axa_p_op_t op, 277 const axa_p_body_t *body, size_t body_len); 278 279 /** 280 * AXA I/O type prefix: UNIX domain socket 281 * unix:/path/to/socket 282 */ 283 #define AXA_IO_TYPE_UNIX_STR "unix" 284 /** 285 * AXA I/O type prefix: TCP connection 286 * tcp:hostname,port 287 */ 288 #define AXA_IO_TYPE_TCP_STR "tcp" 289 /** 290 * AXA I/O type prefix: ssh connection 291 * ssh:[user\@]host 292 */ 293 #define AXA_IO_TYPE_SSH_STR "ssh" 294 /** 295 * AXA I/O type prefix: tls connection 296 * tls:certfile,keyfile[,certdir]\@host[,port] 297 */ 298 #define AXA_IO_TYPE_TLS_STR "tls" 299 /** 300 * AXA I/O type prefix: apikey/tls 301 * apikey:hostname,port 302 */ 303 #define AXA_IO_TYPE_APIKEY_STR "apikey" 304 305 /** AXA I/O context types */ 306 typedef enum { 307 AXA_IO_TYPE_UNKN = 0, /**< invalid */ 308 AXA_IO_TYPE_UNIX, /**< UNIX domain socket */ 309 AXA_IO_TYPE_TCP, /**< TCP/IP socket */ 310 AXA_IO_TYPE_SSH, /**< ssh pipe */ 311 AXA_IO_TYPE_TLS, /**< TLS connection */ 312 AXA_IO_TYPE_APIKEY /**< apikey/TLS */ 313 } axa_io_type_t; 314 315 /** AXA I/O context */ 316 typedef struct axa_io { 317 axa_io_type_t type; /**< type */ 318 bool is_rad; /**< true=server is radd, not srad */ 319 bool is_client; /**< true=client instead of server */ 320 bool nonblock; /**< non-blocking I/O */ 321 322 axa_socku_t su; /**< peer IP or UDS address */ 323 324 /** [user@]sshhost, host,port, socket path, or whatever of peer */ 325 char *addr; 326 /** text to label tracing and error messages, close to addr */ 327 char *label; 328 329 int bufsize; /**< SO_RCVBUF and SO_SNDBUF size */ 330 int i_fd; /**< input to server */ 331 int i_events; /**< needed poll(2) events */ 332 int o_fd; /**< output from server */ 333 int o_events; /**< needed poll(2) events */ 334 335 char *cert_file; /**< TLS certificate file */ 336 char *key_file; /**< TLS key file name */ 337 SSL *ssl; /**< TLS OpenSSL ssl */ 338 char *tls_info; /**< TLS cipher, compression, etc. */ 339 340 axa_p_user_t user; /**< TLS, TCP or UNIX domain socket */ 341 axa_p_user_t apikey; /**< apikey */ 342 bool connected_tcp; /**< false if connect() in progress */ 343 bool connected; /**< TLS or other connection made */ 344 345 /** 346 * In an AXA client using an ssh pipe and so type==CLIENT_TYPE_SSH_STR, 347 * this FD gets error messages from ssh. In a server, it keeps the 348 * sshd process from closing the sshd-ssh connection. 349 */ 350 int tun_fd; 351 pid_t tun_pid; /**< ssh PID */ 352 bool tun_debug; /**< enable tunnel debugging */ 353 354 char *tun_buf; /**< transport error or trace buffer */ 355 size_t tun_buf_size; /**< length of tun_buf */ 356 size_t tun_buf_len; /**< data data in tun_buf */ 357 size_t tun_buf_bol; /**< start of next line in tun_buf */ 358 359 axa_p_pvers_t pvers; /**< protocol version for this server */ 360 361 axa_p_hdr_t recv_hdr; /**< received header */ 362 axa_p_body_t *recv_body; /**< received body */ 363 size_t recv_body_len; /**< sizeof(recv_hdr) + *recv_body */ 364 365 uint8_t *recv_buf; /**< unprocessed input data */ 366 ssize_t recv_buf_len; /**< size of recv_buf_data */ 367 uint8_t *recv_start; /**< start of unused in recv_buf_data */ 368 ssize_t recv_bytes; /**< length of unused data */ 369 370 uint8_t *send_buf; /**< non-blocking output buffer */ 371 size_t send_buf_len; /**< non-blocking output buffer size */ 372 uint8_t *send_start; /**< start of unsent output */ 373 size_t send_bytes; /**< number of unsent bytes */ 374 375 struct timeval alive; /**< AXA protocol keepalive timer */ 376 } axa_io_t; 377 378 /** 379 * Check than an AXA I/O context is open. 380 * 381 * \param[in] io address of an I/O context 382 */ 383 #define AXA_IO_OPENED(io) ((io)->i_fd >= 0) 384 385 /** 386 * check that an AXA I/O context is open and connected 387 * 388 * \param[in] io address of an I/O context 389 */ 390 #define AXA_IO_CONNECTED(io) (AXA_IO_OPENED(io) && (io)->connected) 391 392 /** 393 * Initialize an AXA I/O structure with default values. 394 * When re-initializing, all buffers must have been freed and file descriptors 395 * closed. 396 * 397 * \param[in] io address of an I/O context 398 */ 399 extern void axa_io_init(axa_io_t *io); 400 401 /** 402 * Get the current protocol version used by an AXA I/O structure. 403 * 404 * \param[in] io address of an I/O context 405 * \param[out] pvers the protocol version 406 */ 407 extern void axa_io_pvers_get(axa_io_t *io, uint8_t *pvers); 408 409 /** 410 * Set the current protocol version that will be used by an AXA I/O structure. 411 * Note this function can have drastic consequences if a connection was 412 * previously established and the protocol version is changed to something 413 * the other end does not understand. 414 * 415 * \param[in] io address of an I/O context 416 * \param[out] pvers the protocol version to change to 417 */ 418 extern void axa_io_pvers_set(axa_io_t *io, uint8_t pvers); 419 420 /** 421 * Flush and free the received AXA protocol message (if any) in an I/O context 422 * from a previous use of axa_recv_buf() or axa_input(). 423 * 424 * \param[in] io address of an I/O context 425 */ 426 extern void axa_recv_flush(axa_io_t *io); 427 428 /** 429 * Close the connection and flush and release buffers. 430 * 431 * \param[in] io address of an I/O context 432 */ 433 extern void axa_io_close(axa_io_t *io); 434 435 /** I/O result codes */ 436 typedef enum { 437 AXA_IO_ERR, /**< print emsg */ 438 AXA_IO_OK, /**< operation finished */ 439 AXA_IO_BUSY, /**< incomplete; poll() & try again */ 440 AXA_IO_TUNERR, /**< get text via axa_io_tunerr() */ 441 AXA_IO_KEEPALIVE, /**< need to send keepalive NOP */ 442 /* AXA_IO_AUTHERR, **< authentication error */ 443 } axa_io_result_t; 444 445 /** 446 * Receive some of an AXA request or response into a fixed header buffer and 447 * a dynamic body buffer. This function can stall until a byte is read, 448 * so call axa_io_wait() first or axa_input() instead. 449 * axa_recv_flush() must be called to discard the AXA message before 450 * another use of this function. 451 * 452 * \param[out] emsg if something goes wrong, this will contain the reason 453 * \param[in] io AXA IO context 454 * 455 * \retval #AXA_IO_OK message in io->recv_hdr, recv_body, and recv_len 456 * \retval #AXA_IO_BUSY try again after axa_io_wait() 457 * \retval #AXA_IO_ERR fatal error or EOF 458 */ 459 extern axa_io_result_t axa_recv_buf(axa_emsg_t *emsg, axa_io_t *io); 460 461 /** 462 * Send an AXA request or response to the client or the server. 463 * The message is in 1, 2, or 3 parts. 464 * hdr always points to the AXA protocol header to build 465 * b1 and b1_len specify an optional second part 466 * b2 and b2_len specify the optional third part. The second part must 467 * be present if the third part is. 468 * 469 * \param[out] emsg an error message for a result of #AXA_IO_ERR 470 * \param[in] io AXA I/O context 471 * \param[in] tag AXA tag 472 * \param[in] op AXA opcode 473 * \param[out] hdr AXA protocol header to be built or NULL 474 * \param[in] b1 NULL or first part of AXA message after header 475 * \param[in] b1_len length of b1 476 * \param[in] b2 NULL or second part of the message 477 * \param[in] b2_len length of b2 478 * 479 * \retval #AXA_IO_OK finished or output saved 480 * \retval #AXA_IO_BUSY nothing sent; axa_io_wait() and try again 481 * \retval #AXA_IO_ERR fatal error 482 */ 483 extern axa_io_result_t axa_send(axa_emsg_t *emsg, axa_io_t *io, 484 axa_tag_t tag, axa_p_op_t op, axa_p_hdr_t *hdr, 485 const void *b1, size_t b1_len, 486 const void *b2, size_t b2_len); 487 488 /** 489 * Flush the pending output buffer. 490 * 491 * \param[out] emsg contains an error message for return values other than 492 * #AXA_IO_OK 493 * \param[in] io AXA I/O context 494 * 495 * \retval #AXA_IO_OK finished 496 * \retval #AXA_IO_BUSY incomplete; io->{i,o}_events ready for axa_io_wait() 497 * \retval #AXA_IO_ERR fatal error 498 */ 499 extern axa_io_result_t axa_send_flush(axa_emsg_t *emsg, axa_io_t *io); 500 501 /** 502 * Save un-transmitted data. 503 * 504 * \param[in] io AXA I/O context 505 * \param[in] done bytes already handled 506 * \param[out] hdr AXA protocol header 507 * \param[in] b1 NULL or first part of AXA message after header 508 * \param[in] b1_len length of b1 509 * \param[in] b2 NULL or second part of the message 510 * \param[in] b2_len length of b2 511 */ 512 extern void axa_send_save(axa_io_t *io, size_t done, const axa_p_hdr_t *hdr, 513 const void *b1, size_t b1_len, 514 const void *b2, size_t b2_len); 515 516 /** 517 * Wait for some input activity. 518 * 519 * \param[out] emsg if something goes wrong, this will contain the reason 520 * \param[in] io address of the AXA I/O context 521 * \param[in] wait_ms wait no longer than this many milliseconds 522 * \param[in] keepalive true to wake up to send a keep-alive 523 * \param[in] tun true to pay attention if possible to tunnel messages 524 * 525 * \retval one of #axa_io_result_t 526 */ 527 extern axa_io_result_t axa_io_wait(axa_emsg_t *emsg, axa_io_t *io, 528 time_t wait_ms, bool keepalive, bool tun); 529 530 /** 531 * Wait for and read an AXA message from the server into the client context. 532 * 533 * #axa_recv_flush() must be called to discard the AXA message in the 534 * client context before another use of this function. 535 * 536 * \param[out] emsg if something goes wrong, this will contain the reason 537 * \param[in] io address of the AXA I/O context 538 * \param[in] wait_ms milliseconds to wait 539 * 540 * \retval one of #axa_io_result_t 541 */ 542 extern axa_io_result_t axa_input(axa_emsg_t *emsg, axa_io_t *io, 543 time_t wait_ms); 544 545 /** 546 * Get error or debugging messages from the tunnel (e.g. ssh). 547 * 548 * \param[in] io address of the AXA I/O context 549 * 550 * \retval NULL or pointer to '\0' terminated text 551 */ 552 extern const char *axa_io_tunerr(axa_io_t *io); 553 554 555 /** @cond */ 556 557 extern axa_io_type_t axa_io_type_parse(const char **addr); 558 extern const char *axa_io_type_to_str(axa_io_type_t type); 559 560 /* Internal functions to clean up TLS when shutting down a connection. */ 561 extern void axa_tls_cleanup(void); 562 extern void axa_apikey_cleanup(void); 563 564 /* Internal function to parse "certfile,keyfile@host,port" */ 565 extern bool axa_tls_parse(axa_emsg_t *emsg, 566 char **cert_filep, char **key_filep, char **addr, 567 const char *spec); 568 569 extern bool axa_apikey_load_and_check_key(axa_emsg_t *emsg, 570 const char *key_file, const char *cert_file); 571 /* Internal functions */ 572 extern axa_io_result_t axa_tls_start(axa_emsg_t *emsg, axa_io_t *io); 573 extern axa_io_result_t axa_apikey_start(axa_emsg_t *emsg, axa_io_t *io); 574 extern void axa_tls_stop(axa_io_t *io); 575 extern void axa_apikey_stop(axa_io_t *io); 576 extern axa_io_result_t axa_tls_write(axa_emsg_t *emsg, axa_io_t *io, 577 const void *b, size_t b_len); 578 extern axa_io_result_t axa_tls_flush(axa_emsg_t *emsg, axa_io_t *io); 579 extern axa_io_result_t axa_tls_read(axa_emsg_t *emsg, axa_io_t *io); 580 581 /* Parse apikey specification. */ 582 extern bool axa_apikey_parse(axa_emsg_t *emsg, char **addr, axa_p_user_t *u, 583 const char *spec); 584 extern bool axa_apikey_parse_srvr(axa_emsg_t *emsg, 585 char **cert_filep, char **key_filep, char **addr, 586 const char *spec); 587 588 /** @endcond */ 589 590 /** 591 * Get or set TLS certificates directory. 592 * 593 * \param[out] emsg the reason if something went wrong 594 * \param[in] dir directory containing TLS certificate key files or NULL 595 * 596 * \retval true success 597 * \retval false error; check emsg 598 */ 599 extern bool axa_tls_certs_dir(axa_emsg_t *emsg, const char *dir); 600 601 /** 602 * Get or set cipher list for TLS transport. 603 * 604 * \param[out] emsg the reason if something went wrong 605 * \param[in] list OpenSSL format cipher list or NULL 606 * 607 * \retval NULL implies an error; check emsg 608 * \retval new value if not NULL 609 */ 610 extern const char *axa_tls_cipher_list(axa_emsg_t *emsg, const char *list); 611 612 /** 613 * Get or set TLS cipher list for apikey transport. 614 * 615 * \param[out] emsg the reason if something went wrong 616 * \param[in] list OpenSSL format cipher list or NULL 617 * 618 * \retval NULL implies an error; check emsg 619 * \retval new value if not NULL 620 */ 621 extern const char *axa_apikey_cipher_list(axa_emsg_t *emsg, 622 const char *list); 623 624 /** 625 * Initialize the AXA TLS code including creating an SSL_CTX. 626 * 627 * \param[out] emsg the reason if something went wrong 628 * \param[in] srvr true if running as a server. 629 * \param[in] threaded true if using pthreads. 630 * 631 * \retval true success 632 * \retval false error; check emsg 633 */ 634 extern bool axa_tls_init(axa_emsg_t *emsg, bool srvr, bool threaded); 635 636 /** 637 * Initialize the AXA TLS code including creating an SSL_CTX for the 638 * apikey transport. 639 * 640 * \param[out] emsg the reason if something went wrong 641 * \param[in] srvr true if running as a server. 642 * \param[in] threaded true if using pthreads. 643 * 644 * \retval true success 645 * \retval false error; check emsg 646 */ 647 extern bool axa_apikey_init(axa_emsg_t *emsg, bool srvr, bool threaded); 648 649 /** 650 * Clean up AXA I/O functions including freeing TLS data 651 */ 652 extern void axa_io_cleanup(void); 653 654 /**@}*/ 655 656 #endif /* AXA_WIRE_H */ 657