1 /* 2 C K _ S S L . H -- OpenSSL Interface Header for C-Kermit 3 4 Copyright (C) 1985, 2015, 5 Trustees of Columbia University in the City of New York. 6 All rights reserved. See the C-Kermit COPYING.TXT file or the 7 copyright text in the ckcmai.c module for disclaimer and permissions. 8 9 Author: Jeffrey E Altman (jaltman@secure-endpoints.com) 10 Secure Endpoints Inc., New York City 11 */ 12 13 #ifdef CK_SSL 14 #ifndef CK_ANSIC 15 #define NOPROTO 16 #endif /* CK_ANSIC */ 17 18 #ifdef COMMENT /* Not for C-Kermit 7.1 */ 19 #ifdef KRB5 20 #ifndef NOSSLK5 21 #ifndef SSL_KRB5 22 #define SSL_KRB5 23 #endif /* SSL_KRB5 */ 24 #endif /* NOSSLK5 */ 25 #endif /* KRB5 */ 26 #endif /* COMMENT */ 27 28 #ifdef OS2 29 #ifndef ZLIB 30 #define ZLIB 31 #endif /* ZLIB */ 32 #endif /* OS2 */ 33 34 #ifdef ZLIB 35 #include <openssl/comp.h> 36 #endif /* ZLIB */ 37 /* We place the following to avoid loading openssl/mdc2.h since it 38 * relies on the OpenSSL des.h. Since we do not need the MDC2 39 * definitions there is no reason to have it included by openssl/evp.h 40 */ 41 #define OPENSSL_NO_MDC2 42 #ifdef OPENSSL_100 43 #define OPENSSL_098 44 45 /* Different major/minor version or development version of OpenSSL 46 * means ABI may break compatibility. 47 * Modified by Adam Friedlander for OpenSSL >= 1.0.0 48 */ 49 #define COMPAT_VERSION_MASK 0xffff000f 50 #else 51 /* Different major/minor/fix/development (not patch) version of OpenSSL 52 * means ABI may break compatibility. */ 53 #define COMPAT_VERSION_MASK 0xffffff0f 54 55 #endif /* OPENSSL_100 */ 56 #ifdef OPENSSL_098 57 #define OPENSSL_097 58 #endif /* OPENSSL_098 */ 59 #ifdef CK_DES 60 #include <openssl/des.h> 61 #endif /* CK_DES */ 62 #include <openssl/ssl.h> 63 #include <openssl/x509v3.h> 64 #include <openssl/rand.h> 65 #include <openssl/x509_vfy.h> 66 #include <openssl/err.h> 67 #include <openssl/pem.h> 68 #include <openssl/bn.h> 69 #include <openssl/blowfish.h> 70 #include <openssl/dh.h> 71 #include <openssl/rc4.h> 72 #include <openssl/cast.h> 73 #include <openssl/dsa.h> 74 #include <openssl/rsa.h> 75 #include <openssl/md5.h> 76 #include <openssl/sha.h> 77 #include <openssl/evp.h> 78 #include <openssl/hmac.h> 79 #ifdef SSL_KRB5 80 #include <openssl/kssl.h> 81 #endif /* SSL_KRB5 */ 82 83 extern BIO *bio_err; 84 extern SSL *ssl_con; 85 extern SSL_CTX *ssl_ctx; 86 extern int ssl_debug_flag; 87 extern int ssl_only_flag; 88 extern int ssl_active_flag; 89 extern int ssl_verify_flag; 90 extern int ssl_verbose_flag; 91 extern int ssl_certsok_flag; 92 extern int ssl_dummy_flag; 93 extern int ssl_verify_depth; 94 95 extern char *ssl_rsa_cert_file; 96 extern char *ssl_rsa_cert_chain_file; 97 extern char *ssl_rsa_key_file; 98 extern char *ssl_dsa_cert_file; 99 extern char *ssl_dsa_cert_chain_file; 100 extern char *ssl_dh_key_file; 101 extern char *ssl_cipher_list; 102 extern char *ssl_crl_file; 103 extern char *ssl_crl_dir; 104 extern char *ssl_verify_file; 105 extern char *ssl_verify_dir; 106 extern char *ssl_dh_param_file; 107 extern char *ssl_rnd_file; 108 109 extern SSL_CTX *tls_ctx; 110 extern SSL *tls_con; 111 extern int tls_only_flag; 112 extern int tls_active_flag; 113 extern int x509_cert_valid; 114 extern X509_STORE *crl_store; 115 116 extern int ssl_raw_flag; 117 extern int tls_raw_flag; 118 119 #ifndef NOHTTP 120 extern SSL_CTX *tls_http_ctx; 121 extern SSL *tls_http_con; 122 extern int tls_http_active_flag; 123 #endif /* NOHTTP */ 124 125 extern int ssl_initialized; 126 127 _PROTOTYP(VOID ssl_once_init,(void)); 128 _PROTOTYP(int ssl_tn_init,(int)); 129 _PROTOTYP(int ssl_http_init,(char *)); 130 _PROTOTYP(int ck_ssl_http_client,(int,char *)); 131 _PROTOTYP(int ssl_display_connect_details,(SSL *,int,int)); 132 _PROTOTYP(int ssl_server_verify_callback,(int, X509_STORE_CTX *)); 133 _PROTOTYP(int ssl_client_verify_callback,(int, X509_STORE_CTX *)); 134 _PROTOTYP(int ssl_reply,(int, unsigned char *, int)); 135 _PROTOTYP(int ssl_is,(unsigned char *, int)); 136 _PROTOTYP(int ck_ssl_incoming,(int)); 137 _PROTOTYP(int ck_ssl_outgoing,(int)); 138 _PROTOTYP(int tls_is_user_valid,(SSL *, const char *)); 139 _PROTOTYP(char * ssl_get_dnsName,(SSL *)); 140 _PROTOTYP(char * ssl_get_commonName,(SSL *)); 141 _PROTOTYP(char * ssl_get_issuer_name,(SSL *)); 142 _PROTOTYP(char * ssl_get_subject_name,(SSL *)); 143 _PROTOTYP(int ssl_get_client_finished,(char *, int)); 144 _PROTOTYP(int ssl_get_server_finished,(char *, int)); 145 _PROTOTYP(int ssl_passwd_callback,(char *, int, int, VOID *)); 146 _PROTOTYP(VOID ssl_client_info_callback,(const SSL *,int, int)); 147 _PROTOTYP(int ssl_anonymous_cipher,(SSL * ssl)); 148 _PROTOTYP(int tls_load_certs,(SSL_CTX * ctx, SSL * con, int server)); 149 _PROTOTYP(int ssl_verify_crl,(int, X509_STORE_CTX *)); 150 _PROTOTYP(int tls_is_krb5,(int)); 151 _PROTOTYP(int X509_userok,(X509 *,const char *)); 152 _PROTOTYP(int ck_X509_save_cert_to_user_store,(X509 *)); 153 /* SMS 2007/02/15 */ 154 _PROTOTYP(int ssl_check_server_name,(SSL * ssl, char * hostname)); 155 #ifdef COMMENT 156 /* [jt] 2013/11/21 - Kermit 95 is no longer a special case */ 157 #ifdef OS2 158 #include "ckosslc.h" 159 #include "ckossl.h" 160 #endif /* OS2 */ 161 #endif /* COMMENT */ 162 163 #define SSL_CLIENT 0 164 #define SSL_SERVER 1 165 #define SSL_HTTP 2 166 167 #define SSL_ERR_BFSZ 4096 168 169 #ifdef SSL_KRB5 170 #define DEFAULT_CIPHER_LIST "HIGH:MEDIUM:LOW:+KRB5:+ADH:+EXP" 171 #else 172 #define DEFAULT_CIPHER_LIST "HIGH:MEDIUM:LOW:+ADH:+EXP" 173 #endif /* SSL_KRB5 */ 174 #endif /* CK_SSL */ 175