xref: /third_party/curl/lib/vquic/vquic-tls.h (revision 13498266) 
1#ifndef HEADER_CURL_VQUIC_TLS_H
2#define HEADER_CURL_VQUIC_TLS_H
3/***************************************************************************
4 *                                  _   _ ____  _
5 *  Project                     ___| | | |  _ \| |
6 *                             / __| | | | |_) | |
7 *                            | (__| |_| |  _ <| |___
8 *                             \___|\___/|_| \_\_____|
9 *
10 * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
11 *
12 * This software is licensed as described in the file COPYING, which
13 * you should have received as part of this distribution. The terms
14 * are also available at https://curl.se/docs/copyright.html.
15 *
16 * You may opt to use, copy, modify, merge, publish, distribute and/or sell
17 * copies of the Software, and permit persons to whom the Software is
18 * furnished to do so, under the terms of the COPYING file.
19 *
20 * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
21 * KIND, either express or implied.
22 *
23 * SPDX-License-Identifier: curl
24 *
25 ***************************************************************************/
26
27#include "curl_setup.h"
28#include "bufq.h"
29
30#if defined(ENABLE_QUIC) && \
31  (defined(USE_OPENSSL) || defined(USE_GNUTLS) || defined(USE_WOLFSSL))
32
33struct quic_tls_ctx {
34#ifdef USE_OPENSSL
35  SSL_CTX *ssl_ctx;
36  SSL *ssl;
37#elif defined(USE_GNUTLS)
38  struct gtls_instance *gtls;
39#elif defined(USE_WOLFSSL)
40  WOLFSSL_CTX *ssl_ctx;
41  WOLFSSL *ssl;
42#endif
43  BIT(x509_store_setup);             /* if x509 store has been set up */
44};
45
46/**
47 * Callback passed to `Curl_vquic_tls_init()` that can
48 * do early initializations on the not otherwise configured TLS
49 * instances created. This varies by TLS backend:
50 * - openssl/wolfssl: SSL_CTX* has just been created
51 * - gnutls: gtls_client_init() has run
52 */
53typedef CURLcode Curl_vquic_tls_ctx_setup(struct quic_tls_ctx *ctx,
54                                          struct Curl_cfilter *cf,
55                                          struct Curl_easy *data);
56
57/**
58 * Initialize the QUIC TLS instances based of the SSL configurations
59 * for the connection filter, transfer and peer.
60 * @param ctx         the TLS context to initialize
61 * @param cf          the connection filter involved
62 * @param data        the transfer involved
63 * @param peer        the peer that will be connected to
64 * @param alpn        the ALPN string in protocol format ((len+bytes+)+),
65 *                    may be NULL
66 * @param alpn_len    the overall number of bytes in `alpn`
67 * @param ctx_setup   optional callback for very early TLS config
68 * @param user_data   optional pointer to set in TLS application context
69 */
70CURLcode Curl_vquic_tls_init(struct quic_tls_ctx *ctx,
71                             struct Curl_cfilter *cf,
72                             struct Curl_easy *data,
73                             struct ssl_peer *peer,
74                             const char *alpn, size_t alpn_len,
75                             Curl_vquic_tls_ctx_setup *ctx_setup,
76                             void *user_data);
77
78/**
79 * Cleanup all data that has been initialized.
80 */
81void Curl_vquic_tls_cleanup(struct quic_tls_ctx *ctx);
82
83CURLcode Curl_vquic_tls_before_recv(struct quic_tls_ctx *ctx,
84                                    struct Curl_cfilter *cf,
85                                    struct Curl_easy *data);
86
87/**
88 * After the QUIC basic handshake has been, verify that the peer
89 * (and its certificate) fulfill our requirements.
90 */
91CURLcode Curl_vquic_tls_verify_peer(struct quic_tls_ctx *ctx,
92                                    struct Curl_cfilter *cf,
93                                    struct Curl_easy *data,
94                                    struct ssl_peer *peer);
95
96#endif /* !ENABLE_QUIC && (USE_OPENSSL || USE_GNUTLS || USE_WOLFSSL) */
97
98#endif /* HEADER_CURL_VQUIC_TLS_H */
99