00001 #ifndef PROTON_SSL_H
00002 #define PROTON_SSL_H 1
00003
00004
00005
00006
00007
00008
00009
00010
00011
00012
00013
00014
00015
00016
00017
00018
00019
00020
00021
00022
00023
00024
00025 #include <proton/import_export.h>
00026 #include <proton/type_compat.h>
00027 #include <proton/types.h>
00028
00029 #ifdef __cplusplus
00030 extern "C" {
00031 #endif
00032
00080 typedef struct pn_ssl_domain_t pn_ssl_domain_t;
00081
00085 typedef struct pn_ssl_t pn_ssl_t;
00086
00090 typedef enum {
00091 PN_SSL_MODE_CLIENT = 1,
00092 PN_SSL_MODE_SERVER
00093 } pn_ssl_mode_t;
00094
00098 typedef enum {
00099 PN_SSL_RESUME_UNKNOWN,
00100 PN_SSL_RESUME_NEW,
00101 PN_SSL_RESUME_REUSED
00102 } pn_ssl_resume_status_t;
00103
00109 PN_EXTERN bool pn_ssl_present( void );
00110
00122 PN_EXTERN pn_ssl_domain_t *pn_ssl_domain(pn_ssl_mode_t mode);
00123
00130 PN_EXTERN void pn_ssl_domain_free(pn_ssl_domain_t *domain);
00131
00156 PN_EXTERN int pn_ssl_domain_set_credentials(pn_ssl_domain_t *domain,
00157 const char *credential_1,
00158 const char *credential_2,
00159 const char *password);
00160
00176 PN_EXTERN int pn_ssl_domain_set_trusted_ca_db(pn_ssl_domain_t *domain,
00177 const char *certificate_db);
00178
00195 typedef enum {
00196 PN_SSL_VERIFY_NULL = 0,
00197 PN_SSL_VERIFY_PEER,
00198 PN_SSL_ANONYMOUS_PEER,
00199 PN_SSL_VERIFY_PEER_NAME
00200 } pn_ssl_verify_mode_t;
00201
00225 PN_EXTERN int pn_ssl_domain_set_peer_authentication(pn_ssl_domain_t *domain,
00226 const pn_ssl_verify_mode_t mode,
00227 const char *trusted_CAs);
00228
00239 PN_EXTERN int pn_ssl_domain_set_ciphers(pn_ssl_domain_t *domain, const char *ciphers);
00240
00251 PN_EXTERN int pn_ssl_domain_allow_unsecured_client(pn_ssl_domain_t *domain);
00252
00263 PN_EXTERN pn_ssl_t *pn_ssl(pn_transport_t *transport);
00264
00279 PN_EXTERN int pn_ssl_init(pn_ssl_t *ssl,
00280 pn_ssl_domain_t *domain,
00281 const char *session_id);
00282
00296 PN_EXTERN bool pn_ssl_get_cipher_name(pn_ssl_t *ssl, char *buffer, size_t size);
00297
00304 PN_EXTERN int pn_ssl_get_ssf(pn_ssl_t *ssl);
00305
00318 PN_EXTERN bool pn_ssl_get_protocol_name(pn_ssl_t *ssl, char *buffer, size_t size);
00319
00333 PN_EXTERN pn_ssl_resume_status_t pn_ssl_resume_status(pn_ssl_t *ssl);
00334
00357 PN_EXTERN int pn_ssl_set_peer_hostname(pn_ssl_t *ssl, const char *hostname);
00358
00372 PN_EXTERN int pn_ssl_get_peer_hostname(pn_ssl_t *ssl, char *hostname, size_t *bufsize);
00373
00381 PN_EXTERN const char* pn_ssl_get_remote_subject(pn_ssl_t *ssl);
00382
00386 typedef enum {
00387 PN_SSL_CERT_SUBJECT_COUNTRY_NAME,
00388 PN_SSL_CERT_SUBJECT_STATE_OR_PROVINCE,
00389 PN_SSL_CERT_SUBJECT_CITY_OR_LOCALITY,
00390 PN_SSL_CERT_SUBJECT_ORGANIZATION_NAME,
00391 PN_SSL_CERT_SUBJECT_ORGANIZATION_UNIT,
00392 PN_SSL_CERT_SUBJECT_COMMON_NAME
00393 } pn_ssl_cert_subject_subfield;
00394
00398 typedef enum {
00399 PN_SSL_SHA1,
00400 PN_SSL_SHA256,
00401 PN_SSL_SHA512,
00402 PN_SSL_MD5
00403 } pn_ssl_hash_alg;
00404
00418 PN_EXTERN int pn_ssl_get_cert_fingerprint(pn_ssl_t *ssl0,
00419 char *fingerprint,
00420 size_t fingerprint_length,
00421 pn_ssl_hash_alg hash_alg);
00422
00435 PN_EXTERN const char* pn_ssl_get_remote_subject_subfield(pn_ssl_t *ssl0, pn_ssl_cert_subject_subfield field);
00436
00441 #ifdef __cplusplus
00442 }
00443 #endif
00444
00445 #endif