1 /* GNU Mailutils -- a suite of utilities for electronic mail 2 Copyright (C) 2003-2021 Free Software Foundation, Inc. 3 4 This library is free software; you can redistribute it and/or 5 modify it under the terms of the GNU Lesser General Public 6 License as published by the Free Software Foundation; either 7 version 3 of the License, or (at your option) any later version. 8 9 This library is distributed in the hope that it will be useful, 10 but WITHOUT ANY WARRANTY; without even the implied warranty of 11 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 12 Lesser General Public License for more details. 13 14 You should have received a copy of the GNU Lesser General 15 Public License along with this library. If not, see 16 <http://www.gnu.org/licenses/>. */ 17 18 #ifndef _MAILUTILS_TLS_H 19 #define _MAILUTILS_TLS_H 20 21 #include <mailutils/types.h> 22 #include <mailutils/cli.h> 23 #include <mailutils/util.h> 24 25 #ifdef __cplusplus 26 extern "C" { 27 #endif 28 29 struct mu_tls_config 30 { 31 char *cert_file; 32 char *key_file; 33 char *ca_file; 34 char *priorities; 35 }; 36 37 enum mu_tls_type 38 { 39 MU_TLS_CLIENT, 40 MU_TLS_SERVER 41 }; 42 43 extern int mu_tls_enable; 44 extern int mu_tls_cert_file_checks; 45 extern int mu_tls_key_file_checks; 46 extern int mu_tls_ca_file_checks; 47 48 #define MU_TLS_CERT_FILE_CHECKS \ 49 (MU_FILE_SAFETY_GROUP_WRITABLE \ 50 | MU_FILE_SAFETY_GROUP_WRITABLE \ 51 | MU_FILE_SAFETY_LINKED_WRDIR) 52 53 #define MU_TLS_KEY_FILE_CHECKS \ 54 (MU_FILE_SAFETY_ALL & ~MU_FILE_SAFETY_OWNER_MISMATCH) 55 56 #define MU_TLS_CA_FILE_CHECKS \ 57 (MU_FILE_SAFETY_GROUP_WRITABLE \ 58 | MU_FILE_SAFETY_GROUP_WRITABLE \ 59 | MU_FILE_SAFETY_LINKED_WRDIR) 60 61 void mu_tls_cfg_init (void); 62 63 int mu_tls_stream_create (mu_stream_t *pstream, 64 mu_stream_t strin, mu_stream_t strout, 65 struct mu_tls_config const *conf, 66 enum mu_tls_type type, 67 int flags); 68 int mu_tls_client_stream_create (mu_stream_t *pstream, 69 mu_stream_t strin, mu_stream_t strout, 70 int flags); 71 72 void mu_deinit_tls_libs (void); 73 int mu_init_tls_libs (void); 74 75 enum mu_tls_config_status 76 { 77 MU_TLS_CONFIG_OK, /* Configuration OK */ 78 MU_TLS_CONFIG_NULL, /* Configuration is empty */ 79 MU_TLS_CONFIG_UNSAFE, /* At least one file is considered unsafe */ 80 MU_TLS_CONFIG_FAIL /* Some files absent (or other system error) */ 81 }; 82 83 int mu_tls_config_check (struct mu_tls_config const *conf, int verbose); 84 85 extern struct mu_cli_capa mu_cli_capa_tls; 86 87 #ifdef __cplusplus 88 } 89 #endif 90 91 #endif /* _MAILUTILS_TLS_H */ 92 93