00001 #ifndef PROTON_SSL_H
00002 #define PROTON_SSL_H 1
00003
00004
00005
00006
00007
00008
00009
00010
00011
00012
00013
00014
00015
00016
00017
00018
00019
00020
00021
00022
00023
00024
00025 #include <proton/import_export.h>
00026 #include <proton/type_compat.h>
00027 #include <proton/types.h>
00028
00029 #ifdef __cplusplus
00030 extern "C" {
00031 #endif
00032
00080 typedef struct pn_ssl_domain_t pn_ssl_domain_t;
00081
00085 typedef struct pn_ssl_t pn_ssl_t;
00086
00090 typedef enum {
00091 PN_SSL_MODE_CLIENT = 1,
00092 PN_SSL_MODE_SERVER
00093 } pn_ssl_mode_t;
00094
00098 typedef enum {
00099 PN_SSL_RESUME_UNKNOWN,
00100 PN_SSL_RESUME_NEW,
00101 PN_SSL_RESUME_REUSED
00102 } pn_ssl_resume_status_t;
00103
00109 PN_EXTERN bool pn_ssl_present( void );
00110
00122 PN_EXTERN pn_ssl_domain_t *pn_ssl_domain(pn_ssl_mode_t mode);
00123
00130 PN_EXTERN void pn_ssl_domain_free(pn_ssl_domain_t *domain);
00131
00156 PN_EXTERN int pn_ssl_domain_set_credentials(pn_ssl_domain_t *domain,
00157 const char *credential_1,
00158 const char *credential_2,
00159 const char *password);
00160
00176 PN_EXTERN int pn_ssl_domain_set_trusted_ca_db(pn_ssl_domain_t *domain,
00177 const char *certificate_db);
00178
00195 typedef enum {
00196 PN_SSL_VERIFY_NULL = 0,
00197 PN_SSL_VERIFY_PEER,
00198 PN_SSL_ANONYMOUS_PEER,
00199 PN_SSL_VERIFY_PEER_NAME
00200 } pn_ssl_verify_mode_t;
00201
00225 PN_EXTERN int pn_ssl_domain_set_peer_authentication(pn_ssl_domain_t *domain,
00226 const pn_ssl_verify_mode_t mode,
00227 const char *trusted_CAs);
00228
00242 PN_EXTERN int pn_ssl_domain_set_protocols(pn_ssl_domain_t *domain, const char *protocols);
00243
00254 PN_EXTERN int pn_ssl_domain_set_ciphers(pn_ssl_domain_t *domain, const char *ciphers);
00255
00266 PN_EXTERN int pn_ssl_domain_allow_unsecured_client(pn_ssl_domain_t *domain);
00267
00278 PN_EXTERN pn_ssl_t *pn_ssl(pn_transport_t *transport);
00279
00294 PN_EXTERN int pn_ssl_init(pn_ssl_t *ssl,
00295 pn_ssl_domain_t *domain,
00296 const char *session_id);
00297
00311 PN_EXTERN bool pn_ssl_get_cipher_name(pn_ssl_t *ssl, char *buffer, size_t size);
00312
00319 PN_EXTERN int pn_ssl_get_ssf(pn_ssl_t *ssl);
00320
00333 PN_EXTERN bool pn_ssl_get_protocol_name(pn_ssl_t *ssl, char *buffer, size_t size);
00334
00348 PN_EXTERN pn_ssl_resume_status_t pn_ssl_resume_status(pn_ssl_t *ssl);
00349
00372 PN_EXTERN int pn_ssl_set_peer_hostname(pn_ssl_t *ssl, const char *hostname);
00373
00387 PN_EXTERN int pn_ssl_get_peer_hostname(pn_ssl_t *ssl, char *hostname, size_t *bufsize);
00388
00396 PN_EXTERN const char* pn_ssl_get_remote_subject(pn_ssl_t *ssl);
00397
00401 typedef enum {
00402 PN_SSL_CERT_SUBJECT_COUNTRY_NAME,
00403 PN_SSL_CERT_SUBJECT_STATE_OR_PROVINCE,
00404 PN_SSL_CERT_SUBJECT_CITY_OR_LOCALITY,
00405 PN_SSL_CERT_SUBJECT_ORGANIZATION_NAME,
00406 PN_SSL_CERT_SUBJECT_ORGANIZATION_UNIT,
00407 PN_SSL_CERT_SUBJECT_COMMON_NAME
00408 } pn_ssl_cert_subject_subfield;
00409
00413 typedef enum {
00414 PN_SSL_SHA1,
00415 PN_SSL_SHA256,
00416 PN_SSL_SHA512,
00417 PN_SSL_MD5
00418 } pn_ssl_hash_alg;
00419
00433 PN_EXTERN int pn_ssl_get_cert_fingerprint(pn_ssl_t *ssl0,
00434 char *fingerprint,
00435 size_t fingerprint_length,
00436 pn_ssl_hash_alg hash_alg);
00437
00450 PN_EXTERN const char* pn_ssl_get_remote_subject_subfield(pn_ssl_t *ssl0, pn_ssl_cert_subject_subfield field);
00451
00456 #ifdef __cplusplus
00457 }
00458 #endif
00459
00460 #endif