annotate src/login-common/ssl-proxy.h @ 14516:36cde186aec6

*-login: If client certificate isn't valid, log the reason why.
author Timo Sirainen <tss@iki.fi>
date Wed, 25 Apr 2012 21:28:16 +0300
parents 339b1337aab0
children 983c6ff12cc9
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
6410
e4eb71ae8e96 Changed .h ifdef/defines to use <NAME>_H format.
Timo Sirainen <tss@iki.fi>
parents: 4570
diff changeset
1 #ifndef SSL_PROXY_H
e4eb71ae8e96 Changed .h ifdef/defines to use <NAME>_H format.
Timo Sirainen <tss@iki.fi>
parents: 4570
diff changeset
2 #define SSL_PROXY_H
1049
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
3
1235
2660b47fd9bc Added setting verbose_ssl
Timo Sirainen <tss@iki.fi>
parents: 1049
diff changeset
4 struct ip_addr;
2027
dc5d0da1abe9 Added ssl_require_client_cert auth-specific setting. Hide
Timo Sirainen <tss@iki.fi>
parents: 1235
diff changeset
5 struct ssl_proxy;
9283
02721ba17309 login processes: Added initial support for per-connection configuration.
Timo Sirainen <tss@iki.fi>
parents: 9165
diff changeset
6 struct login_settings;
9929
d60fa42fbaac *-login: Fixes to SSL/login proxy connection counting.
Timo Sirainen <tss@iki.fi>
parents: 9756
diff changeset
7 struct client;
1235
2660b47fd9bc Added setting verbose_ssl
Timo Sirainen <tss@iki.fi>
parents: 1049
diff changeset
8
3863
55df57c028d4 Added "bool" type and changed all ints that were used as booleans to bool.
Timo Sirainen <tss@iki.fi>
parents: 3635
diff changeset
9 extern bool ssl_initialized;
1049
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
10
9165
96678e83eab6 imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents: 9159
diff changeset
11 typedef int ssl_handshake_callback_t(void *context);
96678e83eab6 imap/pop3 proxy: Support SSL/TLS connections to remote servers.
Timo Sirainen <tss@iki.fi>
parents: 9159
diff changeset
12
1049
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
13 /* establish SSL connection with the given fd, returns a new fd which you
3520
e2fe8222449d s/occured/occurred/
Timo Sirainen <tss@iki.fi>
parents: 2027
diff changeset
14 must use from now on, or -1 if error occurred. Unless -1 is returned,
1049
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
15 the given fd must be simply forgotten. */
14368
842e5124038d *-login: Another crashfix
Timo Sirainen <tss@iki.fi>
parents: 14367
diff changeset
16 int ssl_proxy_alloc(int fd, const struct ip_addr *ip, pool_t set_pool,
10224
3f1c47797dee ssl: Don't start handshake until client has been set.
Timo Sirainen <tss@iki.fi>
parents: 9929
diff changeset
17 const struct login_settings *set,
3f1c47797dee ssl: Don't start handshake until client has been set.
Timo Sirainen <tss@iki.fi>
parents: 9929
diff changeset
18 struct ssl_proxy **proxy_r);
14368
842e5124038d *-login: Another crashfix
Timo Sirainen <tss@iki.fi>
parents: 14367
diff changeset
19 int ssl_proxy_client_alloc(int fd, struct ip_addr *ip, pool_t set_pool,
10224
3f1c47797dee ssl: Don't start handshake until client has been set.
Timo Sirainen <tss@iki.fi>
parents: 9929
diff changeset
20 const struct login_settings *set,
3f1c47797dee ssl: Don't start handshake until client has been set.
Timo Sirainen <tss@iki.fi>
parents: 9929
diff changeset
21 ssl_handshake_callback_t *callback, void *context,
3f1c47797dee ssl: Don't start handshake until client has been set.
Timo Sirainen <tss@iki.fi>
parents: 9929
diff changeset
22 struct ssl_proxy **proxy_r);
3f1c47797dee ssl: Don't start handshake until client has been set.
Timo Sirainen <tss@iki.fi>
parents: 9929
diff changeset
23 void ssl_proxy_start(struct ssl_proxy *proxy);
9929
d60fa42fbaac *-login: Fixes to SSL/login proxy connection counting.
Timo Sirainen <tss@iki.fi>
parents: 9756
diff changeset
24 void ssl_proxy_set_client(struct ssl_proxy *proxy, struct client *client);
7912
81806d402514 Added more consts, ATTR_CONSTs and ATTR_PUREs.
Timo Sirainen <tss@iki.fi>
parents: 7374
diff changeset
25 bool ssl_proxy_has_valid_client_cert(const struct ssl_proxy *proxy) ATTR_PURE;
8302
0db37acdc59f Login process: Log auth failure reasons better in disconnect message.
Timo Sirainen <tss@iki.fi>
parents: 8122
diff changeset
26 bool ssl_proxy_has_broken_client_cert(struct ssl_proxy *proxy);
13675
7e3afd2252fd login proxy: Verify that remote hostname matches SSL cert, unless ssl=any-cert
Timo Sirainen <tss@iki.fi>
parents: 10695
diff changeset
27 int ssl_proxy_cert_match_name(struct ssl_proxy *proxy, const char *verify_name);
3635
c12df370e1b2 Added ssl_username_from_cert setting. Not actually tested yet..
Timo Sirainen <tss@iki.fi>
parents: 3520
diff changeset
28 const char *ssl_proxy_get_peer_name(struct ssl_proxy *proxy);
7912
81806d402514 Added more consts, ATTR_CONSTs and ATTR_PUREs.
Timo Sirainen <tss@iki.fi>
parents: 7374
diff changeset
29 bool ssl_proxy_is_handshaked(const struct ssl_proxy *proxy) ATTR_PURE;
81806d402514 Added more consts, ATTR_CONSTs and ATTR_PUREs.
Timo Sirainen <tss@iki.fi>
parents: 7374
diff changeset
30 const char *ssl_proxy_get_last_error(const struct ssl_proxy *proxy) ATTR_PURE;
8122
3917bf9cf311 login_log_format_elements: Added %k to show SSL protocol/cipher information.
Timo Sirainen <tss@iki.fi>
parents: 7912
diff changeset
31 const char *ssl_proxy_get_security_string(struct ssl_proxy *proxy);
10695
fd5141e85076 imap: Remember if TLS compression is enabled.
Timo Sirainen <tss@iki.fi>
parents: 10224
diff changeset
32 const char *ssl_proxy_get_compression(struct ssl_proxy *proxy);
14516
36cde186aec6 *-login: If client certificate isn't valid, log the reason why.
Timo Sirainen <tss@iki.fi>
parents: 14393
diff changeset
33 const char *ssl_proxy_get_cert_error(struct ssl_proxy *proxy);
9756
e30495ae11de *-login: Moved most of the common code to login-common.
Timo Sirainen <tss@iki.fi>
parents: 9283
diff changeset
34 void ssl_proxy_free(struct ssl_proxy **proxy);
1049
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
35
4538
9d9e72374164 Fixes to login process handling, especially with
Timo Sirainen <tss@iki.fi>
parents: 3863
diff changeset
36 /* Return number of active SSL proxies */
7912
81806d402514 Added more consts, ATTR_CONSTs and ATTR_PUREs.
Timo Sirainen <tss@iki.fi>
parents: 7374
diff changeset
37 unsigned int ssl_proxy_get_count(void) ATTR_PURE;
4538
9d9e72374164 Fixes to login process handling, especially with
Timo Sirainen <tss@iki.fi>
parents: 3863
diff changeset
38
1049
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
39 void ssl_proxy_init(void);
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
40 void ssl_proxy_deinit(void);
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
41
c41787e8c3f4 Moved common login process code to login-common, created pop3-login.
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
42 #endif