mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2024-11-02 19:31:18 +00:00
214489f550
Extend the virNetTLSContextNew* constructors to allow the TLS priority string to be passed in, overriding the compile time default. Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
104 lines
4.3 KiB
C
104 lines
4.3 KiB
C
/*
|
|
* virnettlscontext.h: TLS encryption/x509 handling
|
|
*
|
|
* Copyright (C) 2010-2011 Red Hat, Inc.
|
|
*
|
|
* This library is free software; you can redistribute it and/or
|
|
* modify it under the terms of the GNU Lesser General Public
|
|
* License as published by the Free Software Foundation; either
|
|
* version 2.1 of the License, or (at your option) any later version.
|
|
*
|
|
* This library is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
* Lesser General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU Lesser General Public
|
|
* License along with this library. If not, see
|
|
* <http://www.gnu.org/licenses/>.
|
|
*/
|
|
|
|
#ifndef __VIR_NET_TLS_CONTEXT_H__
|
|
# define __VIR_NET_TLS_CONTEXT_H__
|
|
|
|
# include "internal.h"
|
|
# include "virobject.h"
|
|
|
|
typedef struct _virNetTLSContext virNetTLSContext;
|
|
typedef virNetTLSContext *virNetTLSContextPtr;
|
|
|
|
typedef struct _virNetTLSSession virNetTLSSession;
|
|
typedef virNetTLSSession *virNetTLSSessionPtr;
|
|
|
|
|
|
void virNetTLSInit(void);
|
|
|
|
virNetTLSContextPtr virNetTLSContextNewServerPath(const char *pkipath,
|
|
bool tryUserPkiPath,
|
|
const char *const*x509dnWhitelist,
|
|
const char *priority,
|
|
bool sanityCheckCert,
|
|
bool requireValidCert);
|
|
|
|
virNetTLSContextPtr virNetTLSContextNewClientPath(const char *pkipath,
|
|
bool tryUserPkiPath,
|
|
const char *priority,
|
|
bool sanityCheckCert,
|
|
bool requireValidCert);
|
|
|
|
virNetTLSContextPtr virNetTLSContextNewServer(const char *cacert,
|
|
const char *cacrl,
|
|
const char *cert,
|
|
const char *key,
|
|
const char *const*x509dnWhitelist,
|
|
const char *priority,
|
|
bool sanityCheckCert,
|
|
bool requireValidCert);
|
|
|
|
virNetTLSContextPtr virNetTLSContextNewClient(const char *cacert,
|
|
const char *cacrl,
|
|
const char *cert,
|
|
const char *key,
|
|
const char *priority,
|
|
bool sanityCheckCert,
|
|
bool requireValidCert);
|
|
|
|
int virNetTLSContextCheckCertificate(virNetTLSContextPtr ctxt,
|
|
virNetTLSSessionPtr sess);
|
|
|
|
|
|
typedef ssize_t (*virNetTLSSessionWriteFunc)(const char *buf, size_t len,
|
|
void *opaque);
|
|
typedef ssize_t (*virNetTLSSessionReadFunc)(char *buf, size_t len,
|
|
void *opaque);
|
|
|
|
virNetTLSSessionPtr virNetTLSSessionNew(virNetTLSContextPtr ctxt,
|
|
const char *hostname);
|
|
|
|
void virNetTLSSessionSetIOCallbacks(virNetTLSSessionPtr sess,
|
|
virNetTLSSessionWriteFunc writeFunc,
|
|
virNetTLSSessionReadFunc readFunc,
|
|
void *opaque);
|
|
|
|
ssize_t virNetTLSSessionWrite(virNetTLSSessionPtr sess,
|
|
const char *buf, size_t len);
|
|
ssize_t virNetTLSSessionRead(virNetTLSSessionPtr sess,
|
|
char *buf, size_t len);
|
|
|
|
int virNetTLSSessionHandshake(virNetTLSSessionPtr sess);
|
|
|
|
typedef enum {
|
|
VIR_NET_TLS_HANDSHAKE_COMPLETE,
|
|
VIR_NET_TLS_HANDSHAKE_SENDING,
|
|
VIR_NET_TLS_HANDSHAKE_RECVING,
|
|
} virNetTLSSessionHandshakeStatus;
|
|
|
|
virNetTLSSessionHandshakeStatus
|
|
virNetTLSSessionGetHandshakeStatus(virNetTLSSessionPtr sess);
|
|
|
|
int virNetTLSSessionGetKeySize(virNetTLSSessionPtr sess);
|
|
|
|
const char *virNetTLSSessionGetX509DName(virNetTLSSessionPtr sess);
|
|
|
|
#endif
|