1 /* 2 ** Zabbix 3 ** Copyright (C) 2001-2021 Zabbix SIA 4 ** 5 ** This program is free software; you can redistribute it and/or modify 6 ** it under the terms of the GNU General Public License as published by 7 ** the Free Software Foundation; either version 2 of the License, or 8 ** (at your option) any later version. 9 ** 10 ** This program is distributed in the hope that it will be useful, 11 ** but WITHOUT ANY WARRANTY; without even the implied warranty of 12 ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 ** GNU General Public License for more details. 14 ** 15 ** You should have received a copy of the GNU General Public License 16 ** along with this program; if not, write to the Free Software 17 ** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 18 **/ 19 20 #ifndef ZABBIX_TLS_H 21 #define ZABBIX_TLS_H 22 23 #if defined(HAVE_GNUTLS) || defined(HAVE_OPENSSL) 24 25 #if defined(HAVE_GNUTLS) 26 # include <gnutls/gnutls.h> 27 # include <gnutls/x509.h> 28 #elif defined(HAVE_OPENSSL) 29 # include <openssl/ssl.h> 30 # include <openssl/err.h> 31 # include <openssl/rand.h> 32 #endif 33 34 #if defined(HAVE_OPENSSL) && OPENSSL_VERSION_NUMBER < 0x1010000fL || defined(LIBRESSL_VERSION_NUMBER) 35 # if !defined(LIBRESSL_VERSION_NUMBER) 36 # define OPENSSL_INIT_LOAD_SSL_STRINGS 0 37 # define OPENSSL_INIT_LOAD_CRYPTO_STRINGS 0 38 # define OPENSSL_VERSION SSLEAY_VERSION 39 # endif 40 # define OpenSSL_version SSLeay_version 41 # define TLS_method TLSv1_2_method 42 # define TLS_client_method TLSv1_2_client_method 43 # define SSL_CTX_get_ciphers(ciphers) ((ciphers)->cipher_list) 44 # if !defined(LIBRESSL_VERSION_NUMBER) 45 # define SSL_CTX_set_min_proto_version(ctx, TLSv) 1 46 # endif 47 #endif 48 49 #if defined(_WINDOWS) 50 /* Typical thread is long-running, if necessary, it initializes TLS for itself. Zabbix sender is an exception. If */ 51 /* data is sent from a file or in real time then sender's 'main' thread starts the 'send_value' thread for each */ 52 /* 250 values to be sent. To avoid TLS initialization on every start of 'send_value' thread we initialize TLS in */ 53 /* 'main' thread and use this structure for passing minimum TLS variables into 'send_value' thread. */ 54 55 struct zbx_thread_sendval_tls_args 56 { 57 #if defined(HAVE_GNUTLS) 58 gnutls_certificate_credentials_t my_cert_creds; 59 gnutls_psk_client_credentials_t my_psk_client_creds; 60 gnutls_priority_t ciphersuites_cert; 61 gnutls_priority_t ciphersuites_psk; 62 #elif defined(HAVE_OPENSSL) 63 SSL_CTX *ctx_cert; 64 #ifdef HAVE_OPENSSL_WITH_PSK 65 SSL_CTX *ctx_psk; 66 const char *psk_identity_for_cb; 67 size_t psk_identity_len_for_cb; 68 char *psk_for_cb; 69 size_t psk_len_for_cb; 70 #endif 71 #endif 72 }; 73 74 #endif /* #if defined(_WINDOWS) */ 75 76 #endif /* #if defined(HAVE_GNUTLS) || defined(HAVE_OPENSSL) */ 77 78 #endif /* ZABBIX_TLS_H */ 79