diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-15 13:14:46 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-15 13:14:46 +0000 |
commit | 025c439e829e0db9ac511cd9c1b8d5fd53475ead (patch) | |
tree | fa6986b4690f991613ffb97cea1f6942427baf5d /logsrvd/tls_common.h | |
parent | Initial commit. (diff) | |
download | sudo-upstream/1.9.15p5.tar.xz sudo-upstream/1.9.15p5.zip |
Adding upstream version 1.9.15p5.upstream/1.9.15p5upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'logsrvd/tls_common.h')
-rw-r--r-- | logsrvd/tls_common.h | 53 |
1 files changed, 53 insertions, 0 deletions
diff --git a/logsrvd/tls_common.h b/logsrvd/tls_common.h new file mode 100644 index 0000000..2222118 --- /dev/null +++ b/logsrvd/tls_common.h @@ -0,0 +1,53 @@ +/* + * SPDX-License-Identifier: ISC + * + * Copyright (c) 2021 Todd C. Miller <Todd.Miller@sudo.ws> + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#ifndef SUDO_TLS_COMMON_H +#define SUDO_TLS_COMMON_H + +#include <config.h> + +#if defined(HAVE_OPENSSL) +# if defined(HAVE_WOLFSSL) +# include <wolfssl/options.h> +# endif +# include <openssl/ssl.h> +# include <openssl/err.h> +# include <sudo_ssl_compat.h> + +struct tls_client_closure { + SSL *ssl; + void *parent_closure; + struct sudo_event_base *evbase; /* duplicated */ + struct sudo_event *tls_connect_ev; + struct peer_info *peer_name; + struct timespec connect_timeout; + bool (*start_fn)(struct tls_client_closure *); + bool tls_connect_state; +}; + +/* tls_client.c */ +void tls_connect_cb(int sock, int what, void *v); +bool tls_client_setup(int sock, const char *ca_bundle_file, const char *cert_file, const char *key_file, const char *dhparam_file, const char *ciphers_v12, const char *ciphers_v13, bool verify_server, bool check_peer, struct tls_client_closure *closure); +bool tls_ctx_client_setup(SSL_CTX *ssl_ctx, int sock, struct tls_client_closure *closure); + +/* tls_init.c */ +SSL_CTX *init_tls_context(const char *ca_bundle_file, const char *cert_file, const char *key_file, const char *dhparam_file, const char *ciphers_v12, const char *ciphers_v13, bool verify_cert); + +#endif /* HAVE_OPENSSL */ + +#endif /* SUDO_TLS_COMMON_H */ |