mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2024-11-04 20:31:13 +00:00
51997e50fa
A socket object has various pieces of security data associated with it, such as the SELinux context, the SASL username and the x509 distinguished name. Add new APIs to virNetServerClient and related modules to access this data. Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
100 lines
4.0 KiB
C
100 lines
4.0 KiB
C
/*
|
|
* virnettlscontext.h: TLS encryption/x509 handling
|
|
*
|
|
* Copyright (C) 2010-2011 Red Hat, Inc.
|
|
*
|
|
* This library is free software; you can redistribute it and/or
|
|
* modify it under the terms of the GNU Lesser General Public
|
|
* License as published by the Free Software Foundation; either
|
|
* version 2.1 of the License, or (at your option) any later version.
|
|
*
|
|
* This library is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
* Lesser General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU Lesser General Public
|
|
* License along with this library. If not, see
|
|
* <http://www.gnu.org/licenses/>.
|
|
*/
|
|
|
|
#ifndef __VIR_NET_TLS_CONTEXT_H__
|
|
# define __VIR_NET_TLS_CONTEXT_H__
|
|
|
|
# include "internal.h"
|
|
# include "virobject.h"
|
|
|
|
typedef struct _virNetTLSContext virNetTLSContext;
|
|
typedef virNetTLSContext *virNetTLSContextPtr;
|
|
|
|
typedef struct _virNetTLSSession virNetTLSSession;
|
|
typedef virNetTLSSession *virNetTLSSessionPtr;
|
|
|
|
|
|
void virNetTLSInit(void);
|
|
|
|
virNetTLSContextPtr virNetTLSContextNewServerPath(const char *pkipath,
|
|
bool tryUserPkiPath,
|
|
const char *const*x509dnWhitelist,
|
|
bool sanityCheckCert,
|
|
bool requireValidCert);
|
|
|
|
virNetTLSContextPtr virNetTLSContextNewClientPath(const char *pkipath,
|
|
bool tryUserPkiPath,
|
|
bool sanityCheckCert,
|
|
bool requireValidCert);
|
|
|
|
virNetTLSContextPtr virNetTLSContextNewServer(const char *cacert,
|
|
const char *cacrl,
|
|
const char *cert,
|
|
const char *key,
|
|
const char *const*x509dnWhitelist,
|
|
bool sanityCheckCert,
|
|
bool requireValidCert);
|
|
|
|
virNetTLSContextPtr virNetTLSContextNewClient(const char *cacert,
|
|
const char *cacrl,
|
|
const char *cert,
|
|
const char *key,
|
|
bool sanityCheckCert,
|
|
bool requireValidCert);
|
|
|
|
int virNetTLSContextCheckCertificate(virNetTLSContextPtr ctxt,
|
|
virNetTLSSessionPtr sess);
|
|
|
|
|
|
typedef ssize_t (*virNetTLSSessionWriteFunc)(const char *buf, size_t len,
|
|
void *opaque);
|
|
typedef ssize_t (*virNetTLSSessionReadFunc)(char *buf, size_t len,
|
|
void *opaque);
|
|
|
|
virNetTLSSessionPtr virNetTLSSessionNew(virNetTLSContextPtr ctxt,
|
|
const char *hostname);
|
|
|
|
void virNetTLSSessionSetIOCallbacks(virNetTLSSessionPtr sess,
|
|
virNetTLSSessionWriteFunc writeFunc,
|
|
virNetTLSSessionReadFunc readFunc,
|
|
void *opaque);
|
|
|
|
ssize_t virNetTLSSessionWrite(virNetTLSSessionPtr sess,
|
|
const char *buf, size_t len);
|
|
ssize_t virNetTLSSessionRead(virNetTLSSessionPtr sess,
|
|
char *buf, size_t len);
|
|
|
|
int virNetTLSSessionHandshake(virNetTLSSessionPtr sess);
|
|
|
|
typedef enum {
|
|
VIR_NET_TLS_HANDSHAKE_COMPLETE,
|
|
VIR_NET_TLS_HANDSHAKE_SENDING,
|
|
VIR_NET_TLS_HANDSHAKE_RECVING,
|
|
} virNetTLSSessionHandshakeStatus;
|
|
|
|
virNetTLSSessionHandshakeStatus
|
|
virNetTLSSessionGetHandshakeStatus(virNetTLSSessionPtr sess);
|
|
|
|
int virNetTLSSessionGetKeySize(virNetTLSSessionPtr sess);
|
|
|
|
const char *virNetTLSSessionGetX509DName(virNetTLSSessionPtr sess);
|
|
|
|
#endif
|