curl/lib/sslgen.h

#ifndef __SSLGEN_H
#define __SSLGEN_H
/***************************************************************************
 *                                  _   _ ____  _
 *  Project                     ___| | | |  _ \| |
 *                             / __| | | | |_) | |
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
 * Copyright (C) 1998 - 2008, 2010, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
 * are also available at http://curl.haxx.se/docs/copyright.html.
 *
 * You may opt to use, copy, modify, merge, publish, distribute and/or sell
 * copies of the Software, and permit persons to whom the Software is
 * furnished to do so, under the terms of the COPYING file.
 *
 * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
 * KIND, either express or implied.
 *
 ***************************************************************************/

bool Curl_ssl_config_matches(struct ssl_config_data* data,
                             struct ssl_config_data* needle);
bool Curl_clone_ssl_config(struct ssl_config_data* source,
                           struct ssl_config_data* dest);
void Curl_free_ssl_config(struct ssl_config_data* sslc);

#ifdef USE_SSL
int Curl_ssl_init(void);
void Curl_ssl_cleanup(void);
CURLcode Curl_ssl_connect(struct connectdata *conn, int sockindex);
CURLcode Curl_ssl_connect_nonblocking(struct connectdata *conn,
                                      int sockindex,
                                      bool *done);
/* tell the SSL stuff to close down all open information regarding
   connections (and thus session ID caching etc) */
void Curl_ssl_close_all(struct SessionHandle *data);
void Curl_ssl_close(struct connectdata *conn, int sockindex);
CURLcode Curl_ssl_shutdown(struct connectdata *conn, int sockindex);
CURLcode Curl_ssl_set_engine(struct SessionHandle *data, const char *engine);
/* Sets engine as default for all SSL operations */
CURLcode Curl_ssl_set_engine_default(struct SessionHandle *data);
struct curl_slist *Curl_ssl_engines_list(struct SessionHandle *data);

/* init the SSL session ID cache */
CURLcode Curl_ssl_initsessions(struct SessionHandle *, long);
size_t Curl_ssl_version(char *buffer, size_t size);
bool Curl_ssl_data_pending(const struct connectdata *conn,
                           int connindex);
int Curl_ssl_check_cxn(struct connectdata *conn);
void Curl_ssl_free_certinfo(struct SessionHandle *data);

/* Functions to be used by SSL library adaptation functions */

/* extract a session ID */
int Curl_ssl_getsessionid(struct connectdata *conn,
                          void **ssl_sessionid,
                          size_t *idsize) /* set 0 if unknown */;
/* add a new session ID */
CURLcode Curl_ssl_addsessionid(struct connectdata *conn,
                               void *ssl_sessionid,
                               size_t idsize);
/* delete a session from the cache */
void Curl_ssl_delsessionid(struct connectdata *conn, void *ssl_sessionid);

#define SSL_SHUTDOWN_TIMEOUT 10000 /* ms */

#else
/* When SSL support is not present, just define away these function calls */
#define Curl_ssl_init() 1
#define Curl_ssl_cleanup() do { } while (0)
#define Curl_ssl_connect(x,y) CURLE_FAILED_INIT
#define Curl_ssl_close_all(x)
#define Curl_ssl_close(x,y)
#define Curl_ssl_shutdown(x,y) CURLE_FAILED_INIT
#define Curl_ssl_set_engine(x,y) CURLE_FAILED_INIT
#define Curl_ssl_set_engine_default(x) CURLE_FAILED_INIT
#define Curl_ssl_engines_list(x) NULL
#define Curl_ssl_send(a,b,c,d,e) -1
#define Curl_ssl_recv(a,b,c,d,e) -1
#define Curl_ssl_initsessions(x,y) CURLE_OK
#define Curl_ssl_version(x,y) 0
#define Curl_ssl_data_pending(x,y) 0
#define Curl_ssl_check_cxn(x) 0
#define Curl_ssl_free_certinfo(x)

#endif

#endif /* USE_SSL */
GnuTLS support added. There's now a "generic" SSL layer that we use all over internally, with code provided by sslgen.c. All SSL-layer-specific code is then written in ssluse.c (for OpenSSL) and gtls.c (for GnuTLS). As far as possible, internals should not need to know what SSL layer that is in use. Building with GnuTLS currently makes two test cases fail. TODO.gnutls contains a few known outstanding issues for the GnuTLS support. GnuTLS support is enabled with configure --with-gnutls 2005-04-07 11:27:13 -04:00			`#ifndef __SSLGEN_H`
			`#define __SSLGEN_H`
			`/***************************************************************************`
			`* _ _ ____ _`
			`* Project ___\| \| \| \| _ \\| \|`
			`* / __\| \| \| \| \|_) \| \|`
			`* \| (__\| \|_\| \| _ <\| \|___`
			`* \___\|\___/\|_\| \_\_____\|`
			`*`
refactorize interface of Curl_ssl_recv/Curl_ssl_send 2010-04-04 17:37:18 -04:00			`* Copyright (C) 1998 - 2008, 2010, Daniel Stenberg, <daniel@haxx.se>, et al.`
GnuTLS support added. There's now a "generic" SSL layer that we use all over internally, with code provided by sslgen.c. All SSL-layer-specific code is then written in ssluse.c (for OpenSSL) and gtls.c (for GnuTLS). As far as possible, internals should not need to know what SSL layer that is in use. Building with GnuTLS currently makes two test cases fail. TODO.gnutls contains a few known outstanding issues for the GnuTLS support. GnuTLS support is enabled with configure --with-gnutls 2005-04-07 11:27:13 -04:00			`*`
			`* This software is licensed as described in the file COPYING, which`
			`* you should have received as part of this distribution. The terms`
			`* are also available at http://curl.haxx.se/docs/copyright.html.`
			`*`
			`* You may opt to use, copy, modify, merge, publish, distribute and/or sell`
			`* copies of the Software, and permit persons to whom the Software is`
			`* furnished to do so, under the terms of the COPYING file.`
			`*`
			`* This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY`
			`* KIND, either express or implied.`
			`*`
			`***************************************************************************/`

			`bool Curl_ssl_config_matches(struct ssl_config_data* data,`
			`struct ssl_config_data* needle);`
			`bool Curl_clone_ssl_config(struct ssl_config_data* source,`
			`struct ssl_config_data* dest);`
			`void Curl_free_ssl_config(struct ssl_config_data* sslc);`

- I did a cleanup of the internal generic SSL layer and how the various SSL libraries are supported. Starting now, each underlying SSL library support code does a set of defines for the 16 functions the generic layer (sslgen.c) uses (all these new function defines use the prefix "curlssl_"). This greatly simplified the generic layer in readability by involving much less #ifdefs and other preprocessor stuff and should make it easier for people to make libcurl work with new SSL libraries. Hopefully I can later on document these 16 functions somewhat as well. I also made most of the internal SSL-dependent functions (using Curl_ssl_ prefix) #defined to nothing when no SSL support is requested - previously they would unnecessarily call mostly empty functions. 2008-06-11 13:01:58 -04:00			`#ifdef USE_SSL`
GnuTLS support added. There's now a "generic" SSL layer that we use all over internally, with code provided by sslgen.c. All SSL-layer-specific code is then written in ssluse.c (for OpenSSL) and gtls.c (for GnuTLS). As far as possible, internals should not need to know what SSL layer that is in use. Building with GnuTLS currently makes two test cases fail. TODO.gnutls contains a few known outstanding issues for the GnuTLS support. GnuTLS support is enabled with configure --with-gnutls 2005-04-07 11:27:13 -04:00			`int Curl_ssl_init(void);`
			`void Curl_ssl_cleanup(void);`
			`CURLcode Curl_ssl_connect(struct connectdata *conn, int sockindex);`
cleaned up Curl_write() and the sub functions it uses for various protocols. They all now return ssize_t to Curl_write(). Unfortunately, Curl_read() is in a sorrier state but it too would benefit from a similar cleanup. 2006-11-11 16:34:43 -05:00			`CURLcode Curl_ssl_connect_nonblocking(struct connectdata *conn,`
Xavier Bouchoux made the SSL connection non-blocking for the multi interface (when using OpenSSL). 2006-03-21 16:54:44 -05:00			`int sockindex,`
			`bool *done);`
GnuTLS support added. There's now a "generic" SSL layer that we use all over internally, with code provided by sslgen.c. All SSL-layer-specific code is then written in ssluse.c (for OpenSSL) and gtls.c (for GnuTLS). As far as possible, internals should not need to know what SSL layer that is in use. Building with GnuTLS currently makes two test cases fail. TODO.gnutls contains a few known outstanding issues for the GnuTLS support. GnuTLS support is enabled with configure --with-gnutls 2005-04-07 11:27:13 -04:00			`/* tell the SSL stuff to close down all open information regarding`
			`connections (and thus session ID caching etc) */`
			`void Curl_ssl_close_all(struct SessionHandle *data);`
- I did a cleanup of the internal generic SSL layer and how the various SSL libraries are supported. Starting now, each underlying SSL library support code does a set of defines for the 16 functions the generic layer (sslgen.c) uses (all these new function defines use the prefix "curlssl_"). This greatly simplified the generic layer in readability by involving much less #ifdefs and other preprocessor stuff and should make it easier for people to make libcurl work with new SSL libraries. Hopefully I can later on document these 16 functions somewhat as well. I also made most of the internal SSL-dependent functions (using Curl_ssl_ prefix) #defined to nothing when no SSL support is requested - previously they would unnecessarily call mostly empty functions. 2008-06-11 13:01:58 -04:00			`void Curl_ssl_close(struct connectdata *conn, int sockindex);`
			`CURLcode Curl_ssl_shutdown(struct connectdata *conn, int sockindex);`
GnuTLS support added. There's now a "generic" SSL layer that we use all over internally, with code provided by sslgen.c. All SSL-layer-specific code is then written in ssluse.c (for OpenSSL) and gtls.c (for GnuTLS). As far as possible, internals should not need to know what SSL layer that is in use. Building with GnuTLS currently makes two test cases fail. TODO.gnutls contains a few known outstanding issues for the GnuTLS support. GnuTLS support is enabled with configure --with-gnutls 2005-04-07 11:27:13 -04:00			`CURLcode Curl_ssl_set_engine(struct SessionHandle data, const char engine);`
			`/* Sets engine as default for all SSL operations */`
			`CURLcode Curl_ssl_set_engine_default(struct SessionHandle *data);`
- I did a cleanup of the internal generic SSL layer and how the various SSL libraries are supported. Starting now, each underlying SSL library support code does a set of defines for the 16 functions the generic layer (sslgen.c) uses (all these new function defines use the prefix "curlssl_"). This greatly simplified the generic layer in readability by involving much less #ifdefs and other preprocessor stuff and should make it easier for people to make libcurl work with new SSL libraries. Hopefully I can later on document these 16 functions somewhat as well. I also made most of the internal SSL-dependent functions (using Curl_ssl_ prefix) #defined to nothing when no SSL support is requested - previously they would unnecessarily call mostly empty functions. 2008-06-11 13:01:58 -04:00			`struct curl_slist Curl_ssl_engines_list(struct SessionHandle data);`
refactorize interface of Curl_ssl_recv/Curl_ssl_send 2010-04-04 17:37:18 -04:00
GnuTLS support added. There's now a "generic" SSL layer that we use all over internally, with code provided by sslgen.c. All SSL-layer-specific code is then written in ssluse.c (for OpenSSL) and gtls.c (for GnuTLS). As far as possible, internals should not need to know what SSL layer that is in use. Building with GnuTLS currently makes two test cases fail. TODO.gnutls contains a few known outstanding issues for the GnuTLS support. GnuTLS support is enabled with configure --with-gnutls 2005-04-07 11:27:13 -04:00			`/* init the SSL session ID cache */`
			`CURLcode Curl_ssl_initsessions(struct SessionHandle *, long);`
- I did a cleanup of the internal generic SSL layer and how the various SSL libraries are supported. Starting now, each underlying SSL library support code does a set of defines for the 16 functions the generic layer (sslgen.c) uses (all these new function defines use the prefix "curlssl_"). This greatly simplified the generic layer in readability by involving much less #ifdefs and other preprocessor stuff and should make it easier for people to make libcurl work with new SSL libraries. Hopefully I can later on document these 16 functions somewhat as well. I also made most of the internal SSL-dependent functions (using Curl_ssl_ prefix) #defined to nothing when no SSL support is requested - previously they would unnecessarily call mostly empty functions. 2008-06-11 13:01:58 -04:00			`size_t Curl_ssl_version(char *buffer, size_t size);`
			`bool Curl_ssl_data_pending(const struct connectdata *conn,`
			`int connindex);`
			`int Curl_ssl_check_cxn(struct connectdata *conn);`
- Introducing CURLOPT_CERTINFO and the corresponding CURLINFO_CERTINFO. By enabling this feature with CURLOPT_CERTINFO for a request using SSL (HTTPS or FTPS), libcurl will gather lots of server certificate info and that info can then get extracted by a client after the request has completed with curl_easy_getinfo()'s CURLINFO_CERTINFO option. Linus Nielsen Feltzing helped me test and smoothen out this feature. Unfortunately, this feature currently only works with libcurl built to use OpenSSL. This feature was sponsored by networking4all.com - thanks! 2008-09-05 10:29:21 -04:00			`void Curl_ssl_free_certinfo(struct SessionHandle *data);`
A few prototypes shouldn't be defined if SSL is disabled. 2008-10-20 19:07:48 -04:00
			`/* Functions to be used by SSL library adaptation functions */`

			`/* extract a session ID */`
			`int Curl_ssl_getsessionid(struct connectdata *conn,`
			`void **ssl_sessionid,`
			`size_t idsize) / set 0 if unknown */;`
			`/* add a new session ID */`
			`CURLcode Curl_ssl_addsessionid(struct connectdata *conn,`
			`void *ssl_sessionid,`
			`size_t idsize);`
- Michael Smith posted bug report #2786255 (http://curl.haxx.se/bug/view.cgi?id=2786255) with a patch, identifying how libcurl did not deal with SSL session ids properly if the server rejected a re-use of one. Starting now, it will forget the rejected one and remember the new. This change was for OpenSSL only, it is likely that other SSL lib code needs similar fixes. 2009-05-04 17:57:14 -04:00			`/* delete a session from the cache */`
			`void Curl_ssl_delsessionid(struct connectdata conn, void ssl_sessionid);`
A few prototypes shouldn't be defined if SSL is disabled. 2008-10-20 19:07:48 -04:00
			`#define SSL_SHUTDOWN_TIMEOUT 10000 /* ms */`

- I did a cleanup of the internal generic SSL layer and how the various SSL libraries are supported. Starting now, each underlying SSL library support code does a set of defines for the 16 functions the generic layer (sslgen.c) uses (all these new function defines use the prefix "curlssl_"). This greatly simplified the generic layer in readability by involving much less #ifdefs and other preprocessor stuff and should make it easier for people to make libcurl work with new SSL libraries. Hopefully I can later on document these 16 functions somewhat as well. I also made most of the internal SSL-dependent functions (using Curl_ssl_ prefix) #defined to nothing when no SSL support is requested - previously they would unnecessarily call mostly empty functions. 2008-06-11 13:01:58 -04:00			`#else`
			`/* When SSL support is not present, just define away these function calls */`
			`#define Curl_ssl_init() 1`
fix compiler warning: empty body in an if-statement 2008-07-04 23:31:41 -04:00			`#define Curl_ssl_cleanup() do { } while (0)`
- I did a cleanup of the internal generic SSL layer and how the various SSL libraries are supported. Starting now, each underlying SSL library support code does a set of defines for the 16 functions the generic layer (sslgen.c) uses (all these new function defines use the prefix "curlssl_"). This greatly simplified the generic layer in readability by involving much less #ifdefs and other preprocessor stuff and should make it easier for people to make libcurl work with new SSL libraries. Hopefully I can later on document these 16 functions somewhat as well. I also made most of the internal SSL-dependent functions (using Curl_ssl_ prefix) #defined to nothing when no SSL support is requested - previously they would unnecessarily call mostly empty functions. 2008-06-11 13:01:58 -04:00			`#define Curl_ssl_connect(x,y) CURLE_FAILED_INIT`
			`#define Curl_ssl_close_all(x)`
			`#define Curl_ssl_close(x,y)`
			`#define Curl_ssl_shutdown(x,y) CURLE_FAILED_INIT`
			`#define Curl_ssl_set_engine(x,y) CURLE_FAILED_INIT`
			`#define Curl_ssl_set_engine_default(x) CURLE_FAILED_INIT`
			`#define Curl_ssl_engines_list(x) NULL`
ssl: Fix build when SSL isn't enabled Signed-off-by: Ben Greear <greearb@candelatech.com> 2010-04-05 19:41:33 -04:00			`#define Curl_ssl_send(a,b,c,d,e) -1`
			`#define Curl_ssl_recv(a,b,c,d,e) -1`
- I did a cleanup of the internal generic SSL layer and how the various SSL libraries are supported. Starting now, each underlying SSL library support code does a set of defines for the 16 functions the generic layer (sslgen.c) uses (all these new function defines use the prefix "curlssl_"). This greatly simplified the generic layer in readability by involving much less #ifdefs and other preprocessor stuff and should make it easier for people to make libcurl work with new SSL libraries. Hopefully I can later on document these 16 functions somewhat as well. I also made most of the internal SSL-dependent functions (using Curl_ssl_ prefix) #defined to nothing when no SSL support is requested - previously they would unnecessarily call mostly empty functions. 2008-06-11 13:01:58 -04:00			`#define Curl_ssl_initsessions(x,y) CURLE_OK`
			`#define Curl_ssl_version(x,y) 0`
			`#define Curl_ssl_data_pending(x,y) 0`
			`#define Curl_ssl_check_cxn(x) 0`
- Introducing CURLOPT_CERTINFO and the corresponding CURLINFO_CERTINFO. By enabling this feature with CURLOPT_CERTINFO for a request using SSL (HTTPS or FTPS), libcurl will gather lots of server certificate info and that info can then get extracted by a client after the request has completed with curl_easy_getinfo()'s CURLINFO_CERTINFO option. Linus Nielsen Feltzing helped me test and smoothen out this feature. Unfortunately, this feature currently only works with libcurl built to use OpenSSL. This feature was sponsored by networking4all.com - thanks! 2008-09-05 10:29:21 -04:00			`#define Curl_ssl_free_certinfo(x)`
- I did a cleanup of the internal generic SSL layer and how the various SSL libraries are supported. Starting now, each underlying SSL library support code does a set of defines for the 16 functions the generic layer (sslgen.c) uses (all these new function defines use the prefix "curlssl_"). This greatly simplified the generic layer in readability by involving much less #ifdefs and other preprocessor stuff and should make it easier for people to make libcurl work with new SSL libraries. Hopefully I can later on document these 16 functions somewhat as well. I also made most of the internal SSL-dependent functions (using Curl_ssl_ prefix) #defined to nothing when no SSL support is requested - previously they would unnecessarily call mostly empty functions. 2008-06-11 13:01:58 -04:00
			`#endif`

A few prototypes shouldn't be defined if SSL is disabled. 2008-10-20 19:07:48 -04:00			`#endif /* USE_SSL */`