1*6236dae4SAndroid Build Coastguard Worker #ifndef HEADER_CURL_VQUIC_TLS_H 2*6236dae4SAndroid Build Coastguard Worker #define HEADER_CURL_VQUIC_TLS_H 3*6236dae4SAndroid Build Coastguard Worker /*************************************************************************** 4*6236dae4SAndroid Build Coastguard Worker * _ _ ____ _ 5*6236dae4SAndroid Build Coastguard Worker * Project ___| | | | _ \| | 6*6236dae4SAndroid Build Coastguard Worker * / __| | | | |_) | | 7*6236dae4SAndroid Build Coastguard Worker * | (__| |_| | _ <| |___ 8*6236dae4SAndroid Build Coastguard Worker * \___|\___/|_| \_\_____| 9*6236dae4SAndroid Build Coastguard Worker * 10*6236dae4SAndroid Build Coastguard Worker * Copyright (C) Daniel Stenberg, <[email protected]>, et al. 11*6236dae4SAndroid Build Coastguard Worker * 12*6236dae4SAndroid Build Coastguard Worker * This software is licensed as described in the file COPYING, which 13*6236dae4SAndroid Build Coastguard Worker * you should have received as part of this distribution. The terms 14*6236dae4SAndroid Build Coastguard Worker * are also available at https://curl.se/docs/copyright.html. 15*6236dae4SAndroid Build Coastguard Worker * 16*6236dae4SAndroid Build Coastguard Worker * You may opt to use, copy, modify, merge, publish, distribute and/or sell 17*6236dae4SAndroid Build Coastguard Worker * copies of the Software, and permit persons to whom the Software is 18*6236dae4SAndroid Build Coastguard Worker * furnished to do so, under the terms of the COPYING file. 19*6236dae4SAndroid Build Coastguard Worker * 20*6236dae4SAndroid Build Coastguard Worker * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY 21*6236dae4SAndroid Build Coastguard Worker * KIND, either express or implied. 22*6236dae4SAndroid Build Coastguard Worker * 23*6236dae4SAndroid Build Coastguard Worker * SPDX-License-Identifier: curl 24*6236dae4SAndroid Build Coastguard Worker * 25*6236dae4SAndroid Build Coastguard Worker ***************************************************************************/ 26*6236dae4SAndroid Build Coastguard Worker 27*6236dae4SAndroid Build Coastguard Worker #include "curl_setup.h" 28*6236dae4SAndroid Build Coastguard Worker #include "bufq.h" 29*6236dae4SAndroid Build Coastguard Worker #include "vtls/openssl.h" 30*6236dae4SAndroid Build Coastguard Worker 31*6236dae4SAndroid Build Coastguard Worker #if defined(USE_HTTP3) && \ 32*6236dae4SAndroid Build Coastguard Worker (defined(USE_OPENSSL) || defined(USE_GNUTLS) || defined(USE_WOLFSSL)) 33*6236dae4SAndroid Build Coastguard Worker 34*6236dae4SAndroid Build Coastguard Worker #include "vtls/wolfssl.h" 35*6236dae4SAndroid Build Coastguard Worker 36*6236dae4SAndroid Build Coastguard Worker struct curl_tls_ctx { 37*6236dae4SAndroid Build Coastguard Worker #ifdef USE_OPENSSL 38*6236dae4SAndroid Build Coastguard Worker struct ossl_ctx ossl; 39*6236dae4SAndroid Build Coastguard Worker #elif defined(USE_GNUTLS) 40*6236dae4SAndroid Build Coastguard Worker struct gtls_ctx gtls; 41*6236dae4SAndroid Build Coastguard Worker #elif defined(USE_WOLFSSL) 42*6236dae4SAndroid Build Coastguard Worker struct wolfssl_ctx wssl; 43*6236dae4SAndroid Build Coastguard Worker #endif 44*6236dae4SAndroid Build Coastguard Worker }; 45*6236dae4SAndroid Build Coastguard Worker 46*6236dae4SAndroid Build Coastguard Worker /** 47*6236dae4SAndroid Build Coastguard Worker * Callback passed to `Curl_vquic_tls_init()` that can 48*6236dae4SAndroid Build Coastguard Worker * do early initializations on the not otherwise configured TLS 49*6236dae4SAndroid Build Coastguard Worker * instances created. This varies by TLS backend: 50*6236dae4SAndroid Build Coastguard Worker * - openssl/wolfssl: SSL_CTX* has just been created 51*6236dae4SAndroid Build Coastguard Worker * - gnutls: gtls_client_init() has run 52*6236dae4SAndroid Build Coastguard Worker */ 53*6236dae4SAndroid Build Coastguard Worker typedef CURLcode Curl_vquic_tls_ctx_setup(struct Curl_cfilter *cf, 54*6236dae4SAndroid Build Coastguard Worker struct Curl_easy *data, 55*6236dae4SAndroid Build Coastguard Worker void *cb_user_data); 56*6236dae4SAndroid Build Coastguard Worker 57*6236dae4SAndroid Build Coastguard Worker /** 58*6236dae4SAndroid Build Coastguard Worker * Initialize the QUIC TLS instances based of the SSL configurations 59*6236dae4SAndroid Build Coastguard Worker * for the connection filter, transfer and peer. 60*6236dae4SAndroid Build Coastguard Worker * @param ctx the TLS context to initialize 61*6236dae4SAndroid Build Coastguard Worker * @param cf the connection filter involved 62*6236dae4SAndroid Build Coastguard Worker * @param data the transfer involved 63*6236dae4SAndroid Build Coastguard Worker * @param peer the peer that will be connected to 64*6236dae4SAndroid Build Coastguard Worker * @param alpn the ALPN string in protocol format ((len+bytes+)+), 65*6236dae4SAndroid Build Coastguard Worker * may be NULL 66*6236dae4SAndroid Build Coastguard Worker * @param alpn_len the overall number of bytes in `alpn` 67*6236dae4SAndroid Build Coastguard Worker * @param cb_setup optional callback for early TLS config 68*6236dae4SAndroid Build Coastguard Worker ± @param cb_user_data user_data param for callback 69*6236dae4SAndroid Build Coastguard Worker * @param ssl_user_data optional pointer to set in TLS application context 70*6236dae4SAndroid Build Coastguard Worker */ 71*6236dae4SAndroid Build Coastguard Worker CURLcode Curl_vquic_tls_init(struct curl_tls_ctx *ctx, 72*6236dae4SAndroid Build Coastguard Worker struct Curl_cfilter *cf, 73*6236dae4SAndroid Build Coastguard Worker struct Curl_easy *data, 74*6236dae4SAndroid Build Coastguard Worker struct ssl_peer *peer, 75*6236dae4SAndroid Build Coastguard Worker const char *alpn, size_t alpn_len, 76*6236dae4SAndroid Build Coastguard Worker Curl_vquic_tls_ctx_setup *cb_setup, 77*6236dae4SAndroid Build Coastguard Worker void *cb_user_data, 78*6236dae4SAndroid Build Coastguard Worker void *ssl_user_data); 79*6236dae4SAndroid Build Coastguard Worker 80*6236dae4SAndroid Build Coastguard Worker /** 81*6236dae4SAndroid Build Coastguard Worker * Cleanup all data that has been initialized. 82*6236dae4SAndroid Build Coastguard Worker */ 83*6236dae4SAndroid Build Coastguard Worker void Curl_vquic_tls_cleanup(struct curl_tls_ctx *ctx); 84*6236dae4SAndroid Build Coastguard Worker 85*6236dae4SAndroid Build Coastguard Worker CURLcode Curl_vquic_tls_before_recv(struct curl_tls_ctx *ctx, 86*6236dae4SAndroid Build Coastguard Worker struct Curl_cfilter *cf, 87*6236dae4SAndroid Build Coastguard Worker struct Curl_easy *data); 88*6236dae4SAndroid Build Coastguard Worker 89*6236dae4SAndroid Build Coastguard Worker /** 90*6236dae4SAndroid Build Coastguard Worker * After the QUIC basic handshake has been, verify that the peer 91*6236dae4SAndroid Build Coastguard Worker * (and its certificate) fulfill our requirements. 92*6236dae4SAndroid Build Coastguard Worker */ 93*6236dae4SAndroid Build Coastguard Worker CURLcode Curl_vquic_tls_verify_peer(struct curl_tls_ctx *ctx, 94*6236dae4SAndroid Build Coastguard Worker struct Curl_cfilter *cf, 95*6236dae4SAndroid Build Coastguard Worker struct Curl_easy *data, 96*6236dae4SAndroid Build Coastguard Worker struct ssl_peer *peer); 97*6236dae4SAndroid Build Coastguard Worker 98*6236dae4SAndroid Build Coastguard Worker #endif /* !USE_HTTP3 && (USE_OPENSSL || USE_GNUTLS || USE_WOLFSSL) */ 99*6236dae4SAndroid Build Coastguard Worker 100*6236dae4SAndroid Build Coastguard Worker #endif /* HEADER_CURL_VQUIC_TLS_H */ 101