1 /* 2 ** Zabbix 3 ** Copyright (C) 2001-2021 Zabbix SIA 4 ** 5 ** This program is free software; you can redistribute it and/or modify 6 ** it under the terms of the GNU General Public License as published by 7 ** the Free Software Foundation; either version 2 of the License, or 8 ** (at your option) any later version. 9 ** 10 ** This program is distributed in the hope that it will be useful, 11 ** but WITHOUT ANY WARRANTY; without even the implied warranty of 12 ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 ** GNU General Public License for more details. 14 ** 15 ** You should have received a copy of the GNU General Public License 16 ** along with this program; if not, write to the Free Software 17 ** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 18 **/ 19 20 #ifndef ZABBIX_TLS_H 21 #define ZABBIX_TLS_H 22 23 #if defined(HAVE_POLARSSL) || defined(HAVE_GNUTLS) || defined(HAVE_OPENSSL) 24 25 #if defined(_WINDOWS) 26 /* Typical thread is long-running, if necessary, it initializes TLS for itself. Zabbix sender is an exception. If */ 27 /* data is sent from a file or in real time then sender's 'main' thread starts the 'send_value' thread for each */ 28 /* 250 values to be sent. To avoid TLS initialization on every start of 'send_value' thread we initialize TLS in */ 29 /* 'main' thread and use this structure for passing minimum TLS variables into 'send_value' thread. */ 30 31 #if defined(HAVE_POLARSSL) 32 # include <polarssl/entropy.h> 33 # include <polarssl/ctr_drbg.h> 34 # include <polarssl/ssl.h> 35 #elif defined(HAVE_GNUTLS) 36 # include <gnutls/gnutls.h> 37 #elif defined(HAVE_OPENSSL) 38 # include <openssl/ssl.h> 39 #endif 40 41 typedef struct 42 { 43 #if defined(HAVE_POLARSSL) 44 char *my_psk; 45 size_t my_psk_len; 46 char *my_psk_identity; 47 size_t my_psk_identity_len; 48 x509_crt *ca_cert; 49 x509_crl *crl; 50 x509_crt *my_cert; 51 pk_context *my_priv_key; 52 entropy_context *entropy; 53 ctr_drbg_context *ctr_drbg; 54 int *ciphersuites_cert; 55 int *ciphersuites_psk; 56 #elif defined(HAVE_GNUTLS) 57 gnutls_certificate_credentials_t my_cert_creds; 58 gnutls_psk_client_credentials_t my_psk_client_creds; 59 gnutls_priority_t ciphersuites_cert; 60 gnutls_priority_t ciphersuites_psk; 61 #elif defined(HAVE_OPENSSL) 62 SSL_CTX *ctx_cert; 63 #ifdef HAVE_OPENSSL_WITH_PSK 64 SSL_CTX *ctx_psk; 65 char *psk_identity_for_cb; 66 size_t psk_identity_len_for_cb; 67 char *psk_for_cb; 68 size_t psk_len_for_cb; 69 #endif 70 #endif 71 } 72 ZBX_THREAD_SENDVAL_TLS_ARGS; 73 74 void zbx_tls_pass_vars(ZBX_THREAD_SENDVAL_TLS_ARGS *args); 75 void zbx_tls_take_vars(ZBX_THREAD_SENDVAL_TLS_ARGS *args); 76 #endif /* #if defined(_WINDOWS) */ 77 78 void zbx_tls_validate_config(void); 79 void zbx_tls_library_deinit(void); 80 void zbx_tls_init_parent(void); 81 void zbx_tls_init_child(void); 82 void zbx_tls_free(void); 83 void zbx_tls_free_on_signal(void); 84 void zbx_tls_version(void); 85 86 #endif /* #if defined(HAVE_POLARSSL) || defined(HAVE_GNUTLS) || defined(HAVE_OPENSSL) */ 87 88 #endif /* ZABBIX_TLS_H */ 89