2
* Copyright (c) 2002-2009 BalaBit IT Ltd, Budapest, Hungary
4
* This program is free software; you can redistribute it and/or modify it
5
* under the terms of the GNU General Public License version 2 as published
6
* by the Free Software Foundation.
8
* Note that this permission is granted for only version 2 of the GPL.
10
* As an additional exemption you are allowed to compile & link against the
11
* OpenSSL libraries as published by the OpenSSL project. See the file
12
* COPYING for details.
14
* This program is distributed in the hope that it will be useful,
15
* but WITHOUT ANY WARRANTY; without even the implied warranty of
16
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17
* GNU General Public License for more details.
19
* You should have received a copy of the GNU General Public License
20
* along with this program; if not, write to the Free Software
21
* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
24
#ifndef TLSCONTEXT_H_INCLUDED
25
#define TLSCONTEXT_H_INCLUDED
27
#include "syslog-ng.h"
31
#include <openssl/ssl.h>
49
typedef gint (*TLSSessionVerifyFunc)(gint ok, X509_STORE_CTX *ctx, gpointer user_data);
50
typedef struct _TLSContext TLSContext;
52
typedef struct _TLSSession
56
TLSSessionVerifyFunc verify_func;
58
GDestroyNotify verify_data_destroy;
61
void tls_session_set_verify(TLSSession *self, TLSSessionVerifyFunc verify_func, gpointer verify_data, GDestroyNotify verify_destroy);
62
void tls_session_free(TLSSession *self);
67
TLSVerifyMode verify_mode;
73
GList *trusted_fingerpint_list;
74
GList *trusted_dn_list;
78
TLSSession *tls_context_setup_session(TLSContext *self);
79
void tls_session_set_trusted_fingerprints(TLSContext *self, GList *fingerprints);
80
void tls_session_set_trusted_dn(TLSContext *self, GList *dns);
81
TLSContext *tls_context_new(TLSMode mode);
82
void tls_context_free(TLSContext *s);
84
TLSVerifyMode tls_lookup_verify_mode(const gchar *mode_str);
86
void tls_log_certificate_validation_progress(int ok, X509_STORE_CTX *ctx);
87
gboolean tls_verify_certificate_name(X509 *cert, const gchar *hostname);
91
typedef struct _TLSContext TLSContext;
92
typedef struct _TLSSession TLSSession;
94
#define tls_context_new(m)