Mercurial Mercurial > loudmouth / file revision
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
loudmouth/lm-ssl.h
author convert-repo
Mon, 25 Jan 2021 22:55:03 +0000
changeset 741 d79ab1c77b17
parent 704 d682ae8d7d3a
permissions -rw-r--r--
update tags

/* -*- Mode: C; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
/*
 * Copyright (C) 2003-2004 Imendio AB
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public License as
 * published by the Free Software Foundation; either version 2 of the
 * License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 * Lesser General Public License for more details.
 *
 * You should have received a copy of the GNU Lesser General Public
 * License along with this program; if not, see <https://www.gnu.org/licenses>
 */

/**
 * SECTION:lm-ssl
 * @Title: LmSSL
 * @Short_description: SSL struct for SSL support in Loudmouth
 *
 * Use this together with an #LmConnection to get the connection to use SSL. Example of how to use the #LmSSL API.
 *
 * <informalexample><programlisting><![CDATA[
 * LmConnection *connection;
 * LmSSL        *ssl;
 *
 * connection = lm_connection_new ("myserver");
 * ssl = lm_ssl_new (NULL, my_ssl_func, NULL, NULL);
 * lm_connection_set_ssl (connection, ssl);
 * ...
 * ]]></programlisting></informalexample>
 */

#ifndef __LM_SSL_H__
#define __LM_SSL_H__

#include <glib.h>

#if !defined (LM_INSIDE_LOUDMOUTH_H) && !defined (LM_COMPILATION)
#error "Only <loudmouth/loudmouth.h> can be included directly, this file may disappear or change contents."
#endif

#define LM_FINGERPRINT_PREFIX "SHA256:"
#define LM_FINGERPRINT_LENGTH 72

G_BEGIN_DECLS

/**
 * LmSSL:
 *
 * This should not be accessed directly. Use the accessor functions as described below.
 */
typedef struct _LmSSL LmSSL;

/**
 * LmCertificateStatus:
 * @LM_CERT_INVALID: The certificate is invalid.
 * @LM_CERT_ISSUER_NOT_FOUND: The issuer of the certificate is not found.
 * @LM_CERT_REVOKED: The certificate has been revoked.
 *
 * Provides information of the status of a certain certificate.
 */
typedef enum {
    LM_CERT_INVALID,
    LM_CERT_ISSUER_NOT_FOUND,
    LM_CERT_REVOKED
} LmCertificateStatus;

/**
 * LmSSLStatus:
 * @LM_SSL_STATUS_NO_CERT_FOUND: The server doesn't provide a certificate.
 * @LM_SSL_STATUS_UNTRUSTED_CERT: The certification can not be trusted.
 * @LM_SSL_STATUS_CERT_EXPIRED: The certificate has expired.
 * @LM_SSL_STATUS_CERT_NOT_ACTIVATED: The certificate has not been activated.
 * @LM_SSL_STATUS_CERT_HOSTNAME_MISMATCH: The server hostname doesn't match the one in the certificate.
 * @LM_SSL_STATUS_CERT_FINGERPRINT_MISMATCH: The fingerprint doesn't match your expected.
 * @LM_SSL_STATUS_GENERIC_ERROR: Some other error.
 *
 * Provides information about something gone wrong when trying to setup the SSL connection.
 */
typedef enum {
    LM_SSL_STATUS_NO_CERT_FOUND,
    LM_SSL_STATUS_UNTRUSTED_CERT,
    LM_SSL_STATUS_CERT_EXPIRED,
    LM_SSL_STATUS_CERT_NOT_ACTIVATED,
    LM_SSL_STATUS_CERT_HOSTNAME_MISMATCH,
    LM_SSL_STATUS_CERT_FINGERPRINT_MISMATCH,
    LM_SSL_STATUS_GENERIC_ERROR
} LmSSLStatus;

/**
 * LmSSLResponse:
 * @LM_SSL_RESPONSE_CONTINUE: Continue to connect.
 * @LM_SSL_RESPONSE_STOP: Stop the connection.
 *
 * Used to inform #LmConnection if you want to stop due to an error reported or if you want to continue to connect.
 */
typedef enum {
    LM_SSL_RESPONSE_CONTINUE,
    LM_SSL_RESPONSE_STOP
} LmSSLResponse;

/**
 * LmSSLFunction:
 * @ssl: An #LmSSL.
 * @status: The status informing what went wrong.
 * @user_data: User data provided in the callback.
 *
 * This function is called if something goes wrong during the connecting phase.
 *
 * Returns: User should return #LM_SSL_RESPONSE_CONTINUE if connection should proceed and otherwise #LM_SSL_RESPONSE_STOP.
 */
typedef LmSSLResponse (* LmSSLFunction)      (LmSSL        *ssl,
                                              LmSSLStatus   status,
                                              gpointer      user_data);

LmSSL *               lm_ssl_new             (const gchar *expected_fingerprint,
                                              LmSSLFunction   ssl_function,
                                              gpointer        user_data,
                                              GDestroyNotify  notify);

gboolean              lm_ssl_is_supported    (void);

void                  lm_ssl_set_cipher_list (LmSSL          *ssl,
                                              const gchar    *cipher_list);

void                  lm_ssl_set_ca          (LmSSL *ssl,
                                              const gchar    *ca_path);

const gchar *         lm_ssl_get_fingerprint (LmSSL          *ssl);

void                  lm_ssl_use_starttls    (LmSSL *ssl,
                                              gboolean use_starttls,
                                              gboolean require);

gboolean              lm_ssl_get_use_starttls (LmSSL *ssl);

gboolean              lm_ssl_get_require_starttls (LmSSL *ssl);

LmSSL *               lm_ssl_ref             (LmSSL          *ssl);
void                  lm_ssl_unref           (LmSSL          *ssl);

G_END_DECLS

#endif /* __LM_SSL_H__ */
loudmouth