diff options
Diffstat (limited to 'src/crypto/tls.h')
-rw-r--r-- | src/crypto/tls.h | 21 |
1 files changed, 15 insertions, 6 deletions
diff --git a/src/crypto/tls.h b/src/crypto/tls.h index 09fb73b1..c201dcd6 100644 --- a/src/crypto/tls.h +++ b/src/crypto/tls.h @@ -22,7 +22,8 @@ enum tls_event { TLS_CERT_CHAIN_SUCCESS, TLS_CERT_CHAIN_FAILURE, TLS_PEER_CERTIFICATE, - TLS_ALERT + TLS_ALERT, + TLS_UNSAFE_RENEGOTIATION_DISABLED, }; /* @@ -112,6 +113,7 @@ struct tls_config { #define TLS_CONN_ENABLE_TLSv1_1 BIT(15) #define TLS_CONN_ENABLE_TLSv1_2 BIT(16) #define TLS_CONN_TEAP_ANON_DH BIT(17) +#define TLS_CONN_ALLOW_UNSAFE_RENEGOTIATION BIT(18) /** * struct tls_connection_params - Parameters for TLS connection @@ -148,8 +150,6 @@ struct tls_config { * @private_key_passwd: Passphrase for decrypted private key, %NULL if no * passphrase is used. * @dh_file: File name for DH/DSA data in PEM format, or %NULL if not used - * @dh_blob: dh_file as inlined data or %NULL if not used - * @dh_blob_len: dh_blob length * @engine: 1 = use engine (e.g., a smartcard) for private key operations * (this is OpenSSL specific for now) * @engine_id: engine id string (this is OpenSSL specific for now) @@ -198,8 +198,6 @@ struct tls_connection_params { const char *private_key_passwd; const char *private_key_passwd2; const char *dh_file; - const u8 *dh_blob; - size_t dh_blob_len; /* OpenSSL specific variables */ int engine; @@ -355,7 +353,9 @@ int __must_check tls_global_set_verify(void *tls_ctx, int check_crl, * tls_connection_set_verify - Set certificate verification options * @tls_ctx: TLS context data from tls_init() * @conn: Connection context data from tls_connection_init() - * @verify_peer: 1 = verify peer certificate + * @verify_peer: 0 = do not verify peer certificate, 1 = verify peer + * certificate (require it to be provided), 2 = verify peer certificate if + * provided * @flags: Connection flags (TLS_CONN_*) * @session_ctx: Session caching context or %NULL to use default * @session_ctx_len: Length of @session_ctx in bytes. @@ -684,4 +684,13 @@ const char * tls_connection_get_peer_subject(struct tls_connection *conn); */ bool tls_connection_get_own_cert_used(struct tls_connection *conn); +/** + * tls_register_cert_callback - Register a callback to retrieve certificates + * @cb: Callback object to register + */ +typedef ssize_t (*tls_get_certificate_cb) +(void* ctx, const char* alias, uint8_t** value); + +void tls_register_cert_callback(tls_get_certificate_cb cb); + #endif /* TLS_H */ |