summaryrefslogtreecommitdiffstats
path: root/lib/vquic/vquic-tls.h
diff options
context:
space:
mode:
Diffstat (limited to 'lib/vquic/vquic-tls.h')
-rw-r--r--lib/vquic/vquic-tls.h98
1 files changed, 98 insertions, 0 deletions
diff --git a/lib/vquic/vquic-tls.h b/lib/vquic/vquic-tls.h
new file mode 100644
index 0000000..9c0dfd8
--- /dev/null
+++ b/lib/vquic/vquic-tls.h
@@ -0,0 +1,98 @@
+#ifndef HEADER_CURL_VQUIC_TLS_H
+#define HEADER_CURL_VQUIC_TLS_H
+/***************************************************************************
+ * _ _ ____ _
+ * Project ___| | | | _ \| |
+ * / __| | | | |_) | |
+ * | (__| |_| | _ <| |___
+ * \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at https://curl.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ * SPDX-License-Identifier: curl
+ *
+ ***************************************************************************/
+
+#include "curl_setup.h"
+#include "bufq.h"
+
+#if defined(ENABLE_QUIC) && \
+ (defined(USE_OPENSSL) || defined(USE_GNUTLS) || defined(USE_WOLFSSL))
+
+struct quic_tls_ctx {
+#ifdef USE_OPENSSL
+ SSL_CTX *ssl_ctx;
+ SSL *ssl;
+#elif defined(USE_GNUTLS)
+ struct gtls_instance *gtls;
+#elif defined(USE_WOLFSSL)
+ WOLFSSL_CTX *ssl_ctx;
+ WOLFSSL *ssl;
+#endif
+ BIT(x509_store_setup); /* if x509 store has been set up */
+};
+
+/**
+ * Callback passed to `Curl_vquic_tls_init()` that can
+ * do early initializations on the not otherwise configured TLS
+ * instances created. This varies by TLS backend:
+ * - openssl/wolfssl: SSL_CTX* has just been created
+ * - gnutls: gtls_client_init() has run
+ */
+typedef CURLcode Curl_vquic_tls_ctx_setup(struct quic_tls_ctx *ctx,
+ struct Curl_cfilter *cf,
+ struct Curl_easy *data);
+
+/**
+ * Initialize the QUIC TLS instances based of the SSL configurations
+ * for the connection filter, transfer and peer.
+ * @param ctx the TLS context to initialize
+ * @param cf the connection filter involved
+ * @param data the transfer involved
+ * @param peer the peer that will be connected to
+ * @param alpn the ALPN string in protocol format ((len+bytes+)+),
+ * may be NULL
+ * @param alpn_len the overall number of bytes in `alpn`
+ * @param ctx_setup optional callback for very early TLS config
+ * @param user_data optional pointer to set in TLS application context
+ */
+CURLcode Curl_vquic_tls_init(struct quic_tls_ctx *ctx,
+ struct Curl_cfilter *cf,
+ struct Curl_easy *data,
+ struct ssl_peer *peer,
+ const char *alpn, size_t alpn_len,
+ Curl_vquic_tls_ctx_setup *ctx_setup,
+ void *user_data);
+
+/**
+ * Cleanup all data that has been initialized.
+ */
+void Curl_vquic_tls_cleanup(struct quic_tls_ctx *ctx);
+
+CURLcode Curl_vquic_tls_before_recv(struct quic_tls_ctx *ctx,
+ struct Curl_cfilter *cf,
+ struct Curl_easy *data);
+
+/**
+ * After the QUIC basic handshake has been, verify that the peer
+ * (and its certificate) fulfill our requirements.
+ */
+CURLcode Curl_vquic_tls_verify_peer(struct quic_tls_ctx *ctx,
+ struct Curl_cfilter *cf,
+ struct Curl_easy *data,
+ struct ssl_peer *peer);
+
+#endif /* !ENABLE_QUIC && (USE_OPENSSL || USE_GNUTLS || USE_WOLFSSL) */
+
+#endif /* HEADER_CURL_VQUIC_TLS_H */