1 /*
2 ** Zabbix
3 ** Copyright (C) 2001-2021 Zabbix SIA
4 **
5 ** This program is free software; you can redistribute it and/or modify
6 ** it under the terms of the GNU General Public License as published by
7 ** the Free Software Foundation; either version 2 of the License, or
8 ** (at your option) any later version.
9 **
10 ** This program is distributed in the hope that it will be useful,
11 ** but WITHOUT ANY WARRANTY; without even the implied warranty of
12 ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 ** GNU General Public License for more details.
14 **
15 ** You should have received a copy of the GNU General Public License
16 ** along with this program; if not, write to the Free Software
17 ** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
18 **/
19 
20 #ifndef ZABBIX_TLS_H
21 #define ZABBIX_TLS_H
22 
23 #if defined(HAVE_POLARSSL) || defined(HAVE_GNUTLS) || defined(HAVE_OPENSSL)
24 
25 #if defined(_WINDOWS)
26 /* Typical thread is long-running, if necessary, it initializes TLS for itself. Zabbix sender is an exception. If */
27 /* data is sent from a file or in real time then sender's 'main' thread starts the 'send_value' thread for each   */
28 /* 250 values to be sent. To avoid TLS initialization on every start of 'send_value' thread we initialize TLS in  */
29 /* 'main' thread and use this structure for passing minimum TLS variables into 'send_value' thread. */
30 
31 #if defined(HAVE_POLARSSL)
32 #	include <polarssl/entropy.h>
33 #	include <polarssl/ctr_drbg.h>
34 #	include <polarssl/ssl.h>
35 #elif defined(HAVE_GNUTLS)
36 #	include <gnutls/gnutls.h>
37 #elif defined(HAVE_OPENSSL)
38 #	include <openssl/ssl.h>
39 #endif
40 
41 typedef struct
42 {
43 #if defined(HAVE_POLARSSL)
44 	char			*my_psk;
45 	size_t			my_psk_len;
46 	char			*my_psk_identity;
47 	size_t			my_psk_identity_len;
48 	x509_crt		*ca_cert;
49 	x509_crl		*crl;
50 	x509_crt		*my_cert;
51 	pk_context		*my_priv_key;
52 	entropy_context		*entropy;
53 	ctr_drbg_context	*ctr_drbg;
54 	int			*ciphersuites_cert;
55 	int			*ciphersuites_psk;
56 #elif defined(HAVE_GNUTLS)
57 	gnutls_certificate_credentials_t	my_cert_creds;
58 	gnutls_psk_client_credentials_t		my_psk_client_creds;
59 	gnutls_priority_t			ciphersuites_cert;
60 	gnutls_priority_t			ciphersuites_psk;
61 #elif defined(HAVE_OPENSSL)
62 	SSL_CTX			*ctx_cert;
63 #ifdef HAVE_OPENSSL_WITH_PSK
64 	SSL_CTX			*ctx_psk;
65 	char			*psk_identity_for_cb;
66 	size_t			psk_identity_len_for_cb;
67 	char			*psk_for_cb;
68 	size_t			psk_len_for_cb;
69 #endif
70 #endif
71 }
72 ZBX_THREAD_SENDVAL_TLS_ARGS;
73 
74 void	zbx_tls_pass_vars(ZBX_THREAD_SENDVAL_TLS_ARGS *args);
75 void	zbx_tls_take_vars(ZBX_THREAD_SENDVAL_TLS_ARGS *args);
76 #endif	/* #if defined(_WINDOWS) */
77 
78 void	zbx_tls_validate_config(void);
79 void	zbx_tls_library_deinit(void);
80 void	zbx_tls_init_parent(void);
81 void	zbx_tls_init_child(void);
82 void	zbx_tls_free(void);
83 void	zbx_tls_free_on_signal(void);
84 void	zbx_tls_version(void);
85 
86 #endif	/* #if defined(HAVE_POLARSSL) || defined(HAVE_GNUTLS) || defined(HAVE_OPENSSL) */
87 
88 #endif	/* ZABBIX_TLS_H */
89