1*6236dae4SAndroid Build Coastguard Worker #ifndef HEADER_CURL_SSLUSE_H 2*6236dae4SAndroid Build Coastguard Worker #define HEADER_CURL_SSLUSE_H 3*6236dae4SAndroid Build Coastguard Worker /*************************************************************************** 4*6236dae4SAndroid Build Coastguard Worker * _ _ ____ _ 5*6236dae4SAndroid Build Coastguard Worker * Project ___| | | | _ \| | 6*6236dae4SAndroid Build Coastguard Worker * / __| | | | |_) | | 7*6236dae4SAndroid Build Coastguard Worker * | (__| |_| | _ <| |___ 8*6236dae4SAndroid Build Coastguard Worker * \___|\___/|_| \_\_____| 9*6236dae4SAndroid Build Coastguard Worker * 10*6236dae4SAndroid Build Coastguard Worker * Copyright (C) Daniel Stenberg, <[email protected]>, et al. 11*6236dae4SAndroid Build Coastguard Worker * 12*6236dae4SAndroid Build Coastguard Worker * This software is licensed as described in the file COPYING, which 13*6236dae4SAndroid Build Coastguard Worker * you should have received as part of this distribution. The terms 14*6236dae4SAndroid Build Coastguard Worker * are also available at https://curl.se/docs/copyright.html. 15*6236dae4SAndroid Build Coastguard Worker * 16*6236dae4SAndroid Build Coastguard Worker * You may opt to use, copy, modify, merge, publish, distribute and/or sell 17*6236dae4SAndroid Build Coastguard Worker * copies of the Software, and permit persons to whom the Software is 18*6236dae4SAndroid Build Coastguard Worker * furnished to do so, under the terms of the COPYING file. 19*6236dae4SAndroid Build Coastguard Worker * 20*6236dae4SAndroid Build Coastguard Worker * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY 21*6236dae4SAndroid Build Coastguard Worker * KIND, either express or implied. 22*6236dae4SAndroid Build Coastguard Worker * 23*6236dae4SAndroid Build Coastguard Worker * SPDX-License-Identifier: curl 24*6236dae4SAndroid Build Coastguard Worker * 25*6236dae4SAndroid Build Coastguard Worker ***************************************************************************/ 26*6236dae4SAndroid Build Coastguard Worker 27*6236dae4SAndroid Build Coastguard Worker #include "curl_setup.h" 28*6236dae4SAndroid Build Coastguard Worker 29*6236dae4SAndroid Build Coastguard Worker #ifdef USE_OPENSSL 30*6236dae4SAndroid Build Coastguard Worker /* 31*6236dae4SAndroid Build Coastguard Worker * This header should only be needed to get included by vtls.c, openssl.c 32*6236dae4SAndroid Build Coastguard Worker * and ngtcp2.c 33*6236dae4SAndroid Build Coastguard Worker */ 34*6236dae4SAndroid Build Coastguard Worker #include <openssl/ossl_typ.h> 35*6236dae4SAndroid Build Coastguard Worker #include <openssl/ssl.h> 36*6236dae4SAndroid Build Coastguard Worker 37*6236dae4SAndroid Build Coastguard Worker #include "urldata.h" 38*6236dae4SAndroid Build Coastguard Worker 39*6236dae4SAndroid Build Coastguard Worker /* Struct to hold a Curl OpenSSL instance */ 40*6236dae4SAndroid Build Coastguard Worker struct ossl_ctx { 41*6236dae4SAndroid Build Coastguard Worker /* these ones requires specific SSL-types */ 42*6236dae4SAndroid Build Coastguard Worker SSL_CTX* ssl_ctx; 43*6236dae4SAndroid Build Coastguard Worker SSL* ssl; 44*6236dae4SAndroid Build Coastguard Worker X509* server_cert; 45*6236dae4SAndroid Build Coastguard Worker BIO_METHOD *bio_method; 46*6236dae4SAndroid Build Coastguard Worker CURLcode io_result; /* result of last BIO cfilter operation */ 47*6236dae4SAndroid Build Coastguard Worker #ifndef HAVE_KEYLOG_CALLBACK 48*6236dae4SAndroid Build Coastguard Worker /* Set to true once a valid keylog entry has been created to avoid dupes. 49*6236dae4SAndroid Build Coastguard Worker This is a bool and not a bitfield because it is passed by address. */ 50*6236dae4SAndroid Build Coastguard Worker bool keylog_done; 51*6236dae4SAndroid Build Coastguard Worker #endif 52*6236dae4SAndroid Build Coastguard Worker BIT(x509_store_setup); /* x509 store has been set up */ 53*6236dae4SAndroid Build Coastguard Worker BIT(reused_session); /* session-ID was reused for this */ 54*6236dae4SAndroid Build Coastguard Worker }; 55*6236dae4SAndroid Build Coastguard Worker 56*6236dae4SAndroid Build Coastguard Worker typedef CURLcode Curl_ossl_ctx_setup_cb(struct Curl_cfilter *cf, 57*6236dae4SAndroid Build Coastguard Worker struct Curl_easy *data, 58*6236dae4SAndroid Build Coastguard Worker void *user_data); 59*6236dae4SAndroid Build Coastguard Worker 60*6236dae4SAndroid Build Coastguard Worker typedef int Curl_ossl_new_session_cb(SSL *ssl, SSL_SESSION *ssl_sessionid); 61*6236dae4SAndroid Build Coastguard Worker 62*6236dae4SAndroid Build Coastguard Worker CURLcode Curl_ossl_ctx_init(struct ossl_ctx *octx, 63*6236dae4SAndroid Build Coastguard Worker struct Curl_cfilter *cf, 64*6236dae4SAndroid Build Coastguard Worker struct Curl_easy *data, 65*6236dae4SAndroid Build Coastguard Worker struct ssl_peer *peer, 66*6236dae4SAndroid Build Coastguard Worker int transport, /* TCP or QUIC */ 67*6236dae4SAndroid Build Coastguard Worker const unsigned char *alpn, size_t alpn_len, 68*6236dae4SAndroid Build Coastguard Worker Curl_ossl_ctx_setup_cb *cb_setup, 69*6236dae4SAndroid Build Coastguard Worker void *cb_user_data, 70*6236dae4SAndroid Build Coastguard Worker Curl_ossl_new_session_cb *cb_new_session, 71*6236dae4SAndroid Build Coastguard Worker void *ssl_user_data); 72*6236dae4SAndroid Build Coastguard Worker 73*6236dae4SAndroid Build Coastguard Worker #if (OPENSSL_VERSION_NUMBER < 0x30000000L) 74*6236dae4SAndroid Build Coastguard Worker #define SSL_get1_peer_certificate SSL_get_peer_certificate 75*6236dae4SAndroid Build Coastguard Worker #endif 76*6236dae4SAndroid Build Coastguard Worker 77*6236dae4SAndroid Build Coastguard Worker extern const struct Curl_ssl Curl_ssl_openssl; 78*6236dae4SAndroid Build Coastguard Worker 79*6236dae4SAndroid Build Coastguard Worker /** 80*6236dae4SAndroid Build Coastguard Worker * Setup the OpenSSL X509_STORE in `ssl_ctx` for the cfilter `cf` and 81*6236dae4SAndroid Build Coastguard Worker * easy handle `data`. Will allow reuse of a shared cache if suitable 82*6236dae4SAndroid Build Coastguard Worker * and configured. 83*6236dae4SAndroid Build Coastguard Worker */ 84*6236dae4SAndroid Build Coastguard Worker CURLcode Curl_ssl_setup_x509_store(struct Curl_cfilter *cf, 85*6236dae4SAndroid Build Coastguard Worker struct Curl_easy *data, 86*6236dae4SAndroid Build Coastguard Worker SSL_CTX *ssl_ctx); 87*6236dae4SAndroid Build Coastguard Worker 88*6236dae4SAndroid Build Coastguard Worker CURLcode Curl_ossl_ctx_configure(struct Curl_cfilter *cf, 89*6236dae4SAndroid Build Coastguard Worker struct Curl_easy *data, 90*6236dae4SAndroid Build Coastguard Worker SSL_CTX *ssl_ctx); 91*6236dae4SAndroid Build Coastguard Worker 92*6236dae4SAndroid Build Coastguard Worker /* 93*6236dae4SAndroid Build Coastguard Worker * Add a new session to the cache. Takes ownership of the session. 94*6236dae4SAndroid Build Coastguard Worker */ 95*6236dae4SAndroid Build Coastguard Worker CURLcode Curl_ossl_add_session(struct Curl_cfilter *cf, 96*6236dae4SAndroid Build Coastguard Worker struct Curl_easy *data, 97*6236dae4SAndroid Build Coastguard Worker const struct ssl_peer *peer, 98*6236dae4SAndroid Build Coastguard Worker SSL_SESSION *ssl_sessionid); 99*6236dae4SAndroid Build Coastguard Worker 100*6236dae4SAndroid Build Coastguard Worker /* 101*6236dae4SAndroid Build Coastguard Worker * Get the server cert, verify it and show it, etc., only call failf() if 102*6236dae4SAndroid Build Coastguard Worker * ssl config verifypeer or -host is set. Otherwise all this is for 103*6236dae4SAndroid Build Coastguard Worker * informational purposes only! 104*6236dae4SAndroid Build Coastguard Worker */ 105*6236dae4SAndroid Build Coastguard Worker CURLcode Curl_oss_check_peer_cert(struct Curl_cfilter *cf, 106*6236dae4SAndroid Build Coastguard Worker struct Curl_easy *data, 107*6236dae4SAndroid Build Coastguard Worker struct ossl_ctx *octx, 108*6236dae4SAndroid Build Coastguard Worker struct ssl_peer *peer); 109*6236dae4SAndroid Build Coastguard Worker 110*6236dae4SAndroid Build Coastguard Worker #endif /* USE_OPENSSL */ 111*6236dae4SAndroid Build Coastguard Worker #endif /* HEADER_CURL_SSLUSE_H */ 112