32
28
struct ostream *plain_output;
33
29
struct ostream *ssl_output;
37
34
int plain_stream_errno;
39
36
/* copied settings */
40
37
bool verbose, verbose_invalid_cert, require_valid_cert;
43
int (*handshake_callback)(void *context);
40
ssl_iostream_handshake_callback_t *handshake_callback;
44
41
void *handshake_context;
46
43
unsigned int handshaked:1;
44
unsigned int handshake_failed:1;
47
45
unsigned int cert_received:1;
48
46
unsigned int cert_broken:1;
49
47
unsigned int want_read:1;
48
unsigned int input_handler:1;
50
49
unsigned int ostream_flush_waiting_input:1;
51
50
unsigned int closed:1;
54
53
extern int dovecot_ssl_extdata_index;
56
struct istream *i_stream_create_ssl(struct ssl_iostream *ssl_io);
57
struct ostream *o_stream_create_ssl(struct ssl_iostream *ssl_io);
58
void ssl_iostream_unref(struct ssl_iostream **ssl_io);
60
int ssl_iostream_load_key(const struct ssl_iostream_settings *set,
61
const char *key_source, EVP_PKEY **pkey_r);
55
struct istream *openssl_i_stream_create_ssl(struct ssl_iostream *ssl_io);
56
struct ostream *openssl_o_stream_create_ssl(struct ssl_iostream *ssl_io);
58
int openssl_iostream_context_init_client(const struct ssl_iostream_settings *set,
59
struct ssl_iostream_context **ctx_r,
60
const char **error_r);
61
int openssl_iostream_context_init_server(const struct ssl_iostream_settings *set,
62
struct ssl_iostream_context **ctx_r,
63
const char **error_r);
64
void openssl_iostream_context_deinit(struct ssl_iostream_context *ctx);
66
int openssl_iostream_load_key(const struct ssl_iostream_settings *set,
67
EVP_PKEY **pkey_r, const char **error_r);
62
68
const char *ssl_iostream_get_use_certificate_error(const char *cert);
63
69
int openssl_cert_match_name(SSL *ssl, const char *verify_name);
70
int openssl_get_protocol_options(const char *protocols);
71
#define OPENSSL_ALL_PROTOCOL_OPTIONS \
72
(SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1)
65
74
/* Sync plain_input/plain_output streams with BIOs. Returns TRUE if at least
66
75
one byte was read/written. */
67
bool ssl_iostream_bio_sync(struct ssl_iostream *ssl_io);
76
bool openssl_iostream_bio_sync(struct ssl_iostream *ssl_io);
68
77
/* Call when there's more data available in plain_input/plain_output.
69
78
Returns 1 if it's ok to continue with SSL_read/SSL_write, 0 if not
70
79
(still handshaking), -1 if error occurred. */
71
int ssl_iostream_more(struct ssl_iostream *ssl_io);
80
int openssl_iostream_more(struct ssl_iostream *ssl_io);
73
82
/* Returns 1 if the operation should be retried (we read/wrote more data),
74
83
0 if the operation should retried later once more data has been
75
84
read/written, -1 if a fatal error occurred (errno is set). */
76
int ssl_iostream_handle_error(struct ssl_iostream *ssl_io, int ret,
77
const char *func_name);
78
int ssl_iostream_handle_write_error(struct ssl_iostream *ssl_io, int ret,
79
const char *func_name);
81
const char *ssl_iostream_error(void);
82
const char *ssl_iostream_key_load_error(void);
84
void ssl_iostream_context_free_params(struct ssl_iostream_context *ctx);
85
int openssl_iostream_handle_error(struct ssl_iostream *ssl_io, int ret,
86
const char *func_name);
87
int openssl_iostream_handle_write_error(struct ssl_iostream *ssl_io, int ret,
88
const char *func_name);
90
const char *openssl_iostream_error(void);
91
const char *openssl_iostream_key_load_error(void);
93
int openssl_iostream_generate_params(buffer_t *output, const char **error_r);
94
int openssl_iostream_context_import_params(struct ssl_iostream_context *ctx,
95
const buffer_t *input);
96
void openssl_iostream_context_free_params(struct ssl_iostream_context *ctx);