1 /* 2 * virnettlscontext.h: TLS encryption/x509 handling 3 * 4 * Copyright (C) 2010-2011 Red Hat, Inc. 5 * 6 * This library is free software; you can redistribute it and/or 7 * modify it under the terms of the GNU Lesser General Public 8 * License as published by the Free Software Foundation; either 9 * version 2.1 of the License, or (at your option) any later version. 10 * 11 * This library is distributed in the hope that it will be useful, 12 * but WITHOUT ANY WARRANTY; without even the implied warranty of 13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 14 * Lesser General Public License for more details. 15 * 16 * You should have received a copy of the GNU Lesser General Public 17 * License along with this library. If not, see 18 * <http://www.gnu.org/licenses/>. 19 */ 20 21 #pragma once 22 23 #include "internal.h" 24 #include "virobject.h" 25 26 typedef struct _virNetTLSContext virNetTLSContext; 27 28 typedef struct _virNetTLSSession virNetTLSSession; 29 30 31 void virNetTLSInit(void); 32 33 virNetTLSContext *virNetTLSContextNewServerPath(const char *pkipath, 34 bool tryUserPkiPath, 35 const char *const *x509dnACL, 36 const char *priority, 37 bool sanityCheckCert, 38 bool requireValidCert); 39 40 virNetTLSContext *virNetTLSContextNewClientPath(const char *pkipath, 41 bool tryUserPkiPath, 42 const char *priority, 43 bool sanityCheckCert, 44 bool requireValidCert); 45 46 virNetTLSContext *virNetTLSContextNewServer(const char *cacert, 47 const char *cacrl, 48 const char *cert, 49 const char *key, 50 const char *const *x509dnACL, 51 const char *priority, 52 bool sanityCheckCert, 53 bool requireValidCert); 54 55 virNetTLSContext *virNetTLSContextNewClient(const char *cacert, 56 const char *cacrl, 57 const char *cert, 58 const char *key, 59 const char *priority, 60 bool sanityCheckCert, 61 bool requireValidCert); 62 63 int virNetTLSContextReloadForServer(virNetTLSContext *ctxt, 64 bool tryUserPkiPath); 65 66 int virNetTLSContextCheckCertificate(virNetTLSContext *ctxt, 67 virNetTLSSession *sess); 68 69 70 typedef ssize_t (*virNetTLSSessionWriteFunc)(const char *buf, size_t len, 71 void *opaque); 72 typedef ssize_t (*virNetTLSSessionReadFunc)(char *buf, size_t len, 73 void *opaque); 74 75 virNetTLSSession *virNetTLSSessionNew(virNetTLSContext *ctxt, 76 const char *hostname); 77 78 void virNetTLSSessionSetIOCallbacks(virNetTLSSession *sess, 79 virNetTLSSessionWriteFunc writeFunc, 80 virNetTLSSessionReadFunc readFunc, 81 void *opaque); 82 83 ssize_t virNetTLSSessionWrite(virNetTLSSession *sess, 84 const char *buf, size_t len); 85 ssize_t virNetTLSSessionRead(virNetTLSSession *sess, 86 char *buf, size_t len); 87 88 int virNetTLSSessionHandshake(virNetTLSSession *sess); 89 90 typedef enum { 91 VIR_NET_TLS_HANDSHAKE_COMPLETE, 92 VIR_NET_TLS_HANDSHAKE_SENDING, 93 VIR_NET_TLS_HANDSHAKE_RECVING, 94 } virNetTLSSessionHandshakeStatus; 95 96 virNetTLSSessionHandshakeStatus 97 virNetTLSSessionGetHandshakeStatus(virNetTLSSession *sess); 98 99 int virNetTLSSessionGetKeySize(virNetTLSSession *sess); 100 101 const char *virNetTLSSessionGetX509DName(virNetTLSSession *sess); 102