1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
|
/*
* ngtcp2
*
* Copyright (c) 2019 ngtcp2 contributors
*
* Permission is hereby granted, free of charge, to any person obtaining
* a copy of this software and associated documentation files (the
* "Software"), to deal in the Software without restriction, including
* without limitation the rights to use, copy, modify, merge, publish,
* distribute, sublicense, and/or sell copies of the Software, and to
* permit persons to whom the Software is furnished to do so, subject to
* the following conditions:
*
* The above copyright notice and this permission notice shall be
* included in all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
* NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
* LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
* OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
* WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
*/
#ifndef NGTCP2_CRYPTO_OPENSSL_H
#define NGTCP2_CRYPTO_OPENSSL_H
#include <ngtcp2/ngtcp2.h>
#include <openssl/ssl.h>
#ifdef __cplusplus
extern "C" {
#endif
/**
* @macrosection
*
* OpenSSL specific error codes
*/
/**
* @macro
*
* :macro:`NGTCP2_CRYPTO_OPENSSL_ERR_TLS_WANT_X509_LOOKUP` is the
* error code which indicates that TLS handshake routine is
* interrupted by X509 certificate lookup. See
* :macro:`SSL_ERROR_WANT_X509_LOOKUP` error description from
* `SSL_do_handshake`.
*/
#define NGTCP2_CRYPTO_OPENSSL_ERR_TLS_WANT_X509_LOOKUP -10001
/**
* @macro
*
* :macro:`NGTCP2_CRYPTO_OPENSSL_ERR_TLS_WANT_CLIENT_HELLO_CB` is the
* error code which indicates that TLS handshake routine is
* interrupted by client hello callback. See
* :macro:`SSL_ERROR_WANT_CLIENT_HELLO_CB` error description from
* `SSL_do_handshake`.
*/
#define NGTCP2_CRYPTO_OPENSSL_ERR_TLS_WANT_CLIENT_HELLO_CB -10002
/**
* @function
*
* `ngtcp2_crypto_openssl_from_ossl_encryption_level` translates
* |ossl_level| to :type:`ngtcp2_crypto_level`. This function is only
* available for OpenSSL backend.
*/
NGTCP2_EXTERN ngtcp2_crypto_level
ngtcp2_crypto_openssl_from_ossl_encryption_level(
OSSL_ENCRYPTION_LEVEL ossl_level);
/**
* @function
*
* `ngtcp2_crypto_openssl_from_ngtcp2_crypto_level` translates
* |crypto_level| to OSSL_ENCRYPTION_LEVEL. This function is only
* available for OpenSSL backend.
*/
NGTCP2_EXTERN OSSL_ENCRYPTION_LEVEL
ngtcp2_crypto_openssl_from_ngtcp2_crypto_level(
ngtcp2_crypto_level crypto_level);
/**
* @function
*
* `ngtcp2_crypto_openssl_configure_server_context` configures
* |ssl_ctx| for server side QUIC connection. It performs the
* following modifications:
*
* - Set minimum and maximum TLS version to TLSv1.3.
* - Set SSL_QUIC_METHOD by calling SSL_CTX_set_quic_method.
*
* Application must set a pointer to :type:`ngtcp2_crypto_conn_ref` to
* SSL object by calling SSL_set_app_data, and
* :type:`ngtcp2_crypto_conn_ref` object must have
* :member:`ngtcp2_crypto_conn_ref.get_conn` field assigned to get
* :type:`ngtcp2_conn`.
*
* It returns 0 if it succeeds, or -1.
*/
NGTCP2_EXTERN int
ngtcp2_crypto_openssl_configure_server_context(SSL_CTX *ssl_ctx);
/**
* @function
*
* `ngtcp2_crypto_openssl_configure_client_context` configures
* |ssl_ctx| for client side QUIC connection. It performs the
* following modifications:
*
* - Set minimum and maximum TLS version to TLSv1.3.
* - Set SSL_QUIC_METHOD by calling SSL_CTX_set_quic_method.
*
* Application must set a pointer to :type:`ngtcp2_crypto_conn_ref` to
* SSL object by calling SSL_set_app_data, and
* :type:`ngtcp2_crypto_conn_ref` object must have
* :member:`ngtcp2_crypto_conn_ref.get_conn` field assigned to get
* :type:`ngtcp2_conn`.
*
* It returns 0 if it succeeds, or -1.
*/
NGTCP2_EXTERN int
ngtcp2_crypto_openssl_configure_client_context(SSL_CTX *ssl_ctx);
#ifdef __cplusplus
}
#endif
#endif /* NGTCP2_CRYPTO_OPENSSL_H */
|
