2 * Copyright (c) 2021 Eivind Næss. All rights reserved.
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in
13 * the documentation and/or other materials provided with the
16 * 3. The name(s) of the authors of this software must not be used to
17 * endorse or promote products derived from this software without
18 * prior written permission.
20 * THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO
21 * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
22 * AND FITNESS, IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY
23 * SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
24 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
25 * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
26 * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
33 * Structure used in verifying the peer certificate
38 * Initialize the SSL library
45 const SSL_METHOD* tls_method();
48 * Configure the SSL options
50 int tls_set_opts(SSL_CTX *ctx);
53 * Configure the SSL context's max TLS version
55 int tls_set_version(SSL_CTX *ctx, const char *max_version);
58 * Configure the SSL context's verify callback
60 int tls_set_verify(SSL_CTX *ctx, int depth);
63 * Configure the SSL verify information
65 int tls_set_verify_info(SSL *ssl, const char *peer_name, const char *peer_cert_file,
66 bool client, struct tls_info **out);
69 * Free the tls_info structure and it's members
71 void tls_free_verify_info(struct tls_info **in);
74 * Configure the SSL context's CRL details
76 int tls_set_crl(SSL_CTX *ctx, const char *crl_dir, const char *crl_file);
79 * Configure the SSL context's CA verify locations
81 int tls_set_ca(SSL_CTX *ctx, const char *ca_dir, const char *ca_file);
84 * Log all errors from ssl library
86 void tls_log_sslerr( void );