32
28
struct ostream *plain_output;
33
29
struct ostream *ssl_output;
34
char *plain_stream_errstr;
37
35
int plain_stream_errno;
39
37
/* copied settings */
40
38
bool verbose, verbose_invalid_cert, require_valid_cert;
43
int (*handshake_callback)(void *context);
41
ssl_iostream_handshake_callback_t *handshake_callback;
44
42
void *handshake_context;
46
44
unsigned int handshaked:1;
45
unsigned int handshake_failed:1;
47
46
unsigned int cert_received:1;
48
47
unsigned int cert_broken:1;
49
48
unsigned int want_read:1;
49
unsigned int input_handler:1;
50
50
unsigned int ostream_flush_waiting_input:1;
51
51
unsigned int closed:1;
54
54
extern int dovecot_ssl_extdata_index;
56
struct istream *i_stream_create_ssl(struct ssl_iostream *ssl_io);
57
struct ostream *o_stream_create_ssl(struct ssl_iostream *ssl_io);
58
void ssl_iostream_unref(struct ssl_iostream **ssl_io);
60
int ssl_iostream_load_key(const struct ssl_iostream_settings *set,
61
const char *key_source, EVP_PKEY **pkey_r);
56
struct istream *openssl_i_stream_create_ssl(struct ssl_iostream *ssl_io);
57
struct ostream *openssl_o_stream_create_ssl(struct ssl_iostream *ssl_io);
59
int openssl_iostream_context_init_client(const struct ssl_iostream_settings *set,
60
struct ssl_iostream_context **ctx_r,
61
const char **error_r);
62
int openssl_iostream_context_init_server(const struct ssl_iostream_settings *set,
63
struct ssl_iostream_context **ctx_r,
64
const char **error_r);
65
void openssl_iostream_context_deinit(struct ssl_iostream_context *ctx);
66
void openssl_iostream_global_deinit(void);
68
int openssl_iostream_load_key(const struct ssl_iostream_settings *set,
69
EVP_PKEY **pkey_r, const char **error_r);
62
70
const char *ssl_iostream_get_use_certificate_error(const char *cert);
63
71
int openssl_cert_match_name(SSL *ssl, const char *verify_name);
72
int openssl_get_protocol_options(const char *protocols);
73
#define OPENSSL_ALL_PROTOCOL_OPTIONS \
74
(SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1)
65
76
/* Sync plain_input/plain_output streams with BIOs. Returns TRUE if at least
66
77
one byte was read/written. */
67
bool ssl_iostream_bio_sync(struct ssl_iostream *ssl_io);
78
bool openssl_iostream_bio_sync(struct ssl_iostream *ssl_io);
68
79
/* Call when there's more data available in plain_input/plain_output.
69
80
Returns 1 if it's ok to continue with SSL_read/SSL_write, 0 if not
70
81
(still handshaking), -1 if error occurred. */
71
int ssl_iostream_more(struct ssl_iostream *ssl_io);
82
int openssl_iostream_more(struct ssl_iostream *ssl_io);
73
84
/* Returns 1 if the operation should be retried (we read/wrote more data),
74
85
0 if the operation should retried later once more data has been
75
86
read/written, -1 if a fatal error occurred (errno is set). */
76
int ssl_iostream_handle_error(struct ssl_iostream *ssl_io, int ret,
77
const char *func_name);
78
int ssl_iostream_handle_write_error(struct ssl_iostream *ssl_io, int ret,
79
const char *func_name);
81
const char *ssl_iostream_error(void);
82
const char *ssl_iostream_key_load_error(void);
84
void ssl_iostream_context_free_params(struct ssl_iostream_context *ctx);
87
int openssl_iostream_handle_error(struct ssl_iostream *ssl_io, int ret,
88
const char *func_name);
89
int openssl_iostream_handle_write_error(struct ssl_iostream *ssl_io, int ret,
90
const char *func_name);
92
const char *openssl_iostream_error(void);
93
const char *openssl_iostream_key_load_error(void);
95
int openssl_iostream_generate_params(buffer_t *output, const char **error_r);
96
int openssl_iostream_context_import_params(struct ssl_iostream_context *ctx,
97
const buffer_t *input);
98
void openssl_iostream_context_free_params(struct ssl_iostream_context *ctx);