| /** |
| * @file session_wrapper.h |
| * @author Roman Janota <janota@cesnet.cz> |
| * @brief libnetconf2 - header for wrapped TLS library function calls (currently OpenSSL and MbedTLS) |
| * |
| * @copyright |
| * Copyright (c) 2024 CESNET, z.s.p.o. |
| * |
| * This source code is licensed under BSD 3-Clause License (the "License"). |
| * You may not use this file except in compliance with the License. |
| * You may obtain a copy of the License at |
| * |
| * https://opensource.org/licenses/BSD-3-Clause |
| */ |
| |
| #ifndef _SESSION_WRAPPER_H_ |
| #define _SESSION_WRAPPER_H_ |
| |
| #include <stdlib.h> |
| |
| #include "config.h" |
| |
| #ifdef HAVE_MBEDTLS |
| |
| #include <mbedtls/ctr_drbg.h> |
| #include <mbedtls/entropy.h> |
| #include <mbedtls/pk.h> |
| #include <mbedtls/ssl.h> |
| #include <mbedtls/x509_crl.h> |
| #include <mbedtls/x509_crt.h> |
| |
| /** |
| * @brief Context from which a TLS session may be created. |
| */ |
| struct nc_tls_ctx { |
| int *sock; /**< Socket FD. */ |
| mbedtls_entropy_context *entropy; /**< Entropy. */ |
| mbedtls_ctr_drbg_context *ctr_drbg; /**< Random bit generator. */ |
| mbedtls_x509_crt *cert; /**< Certificate. */ |
| mbedtls_pk_context *pkey; /**< Private key. */ |
| mbedtls_x509_crt *cert_store; /**< CA certificates store. */ |
| mbedtls_x509_crl *crl_store; /**< CRL store. */ |
| }; |
| |
| #else |
| |
| #include <openssl/evp.h> |
| #include <openssl/ssl.h> |
| #include <openssl/x509.h> |
| |
| /** |
| * @brief Context from which a TLS session may be created. |
| */ |
| struct nc_tls_ctx { |
| X509 *cert; /**< Certificate. */ |
| EVP_PKEY *pkey; /**< Private key. */ |
| X509_STORE *cert_store; /**< CA certificate store. */ |
| X509_STORE *crl_store; /**< CRL store. */ |
| }; |
| |
| #endif |
| |
| /** |
| * @brief Server side TLS verify callback data. |
| */ |
| struct nc_tls_verify_cb_data { |
| struct nc_session *session; /**< NETCONF session. */ |
| struct nc_server_tls_opts *opts; /**< TLS server options. */ |
| struct nc_ctn_data { |
| char *username; /**< Username. */ |
| int matched_ctns; /**< OR'd values of currently matched CTN types. */ |
| int matched_ctn_type[6]; /**< Currently matched CTN types (order matters). */ |
| int matched_ctn_count; /**< Number of matched CTN types. */ |
| } ctn_data; |
| }; |
| |
| /** |
| * @brief Creates a new TLS session from the given configuration. |
| * |
| * @param[in] tls_cfg TLS configuration. |
| * @return New TLS session on success, NULL on fail. |
| */ |
| void * nc_tls_session_new_wrap(void *tls_cfg); |
| |
| /** |
| * @brief Destroys a TLS session. |
| * |
| * @param[in] tls_session TLS session to destroy. |
| */ |
| void nc_tls_session_destroy_wrap(void *tls_session); |
| |
| /** |
| * @brief Creates a new TLS configuration. |
| * |
| * @param[in] side Side of the TLS connection. |
| * @return New TLS configuration on success, NULL on fail. |
| */ |
| void * nc_tls_config_new_wrap(int side); |
| |
| /** |
| * @brief Destroys a TLS configuration. |
| * |
| * @param[in] tls_cfg TLS configuration to destroy. |
| */ |
| void nc_tls_config_destroy_wrap(void *tls_cfg); |
| |
| /** |
| * @brief Creates a new TLS certificate. |
| * |
| * @return New TLS certificate on success, NULL on fail. |
| */ |
| void * nc_tls_cert_new_wrap(void); |
| |
| /** |
| * @brief Destroys a TLS certificate. |
| * |
| * @param[in] cert TLS certificate to destroy. |
| */ |
| void nc_tls_cert_destroy_wrap(void *cert); |
| |
| /** |
| * @brief Destroys a TLS private key. |
| * |
| * @param[in] pkey TLS private key to destroy. |
| */ |
| void nc_tls_privkey_destroy_wrap(void *pkey); |
| |
| /** |
| * @brief Creates a new TLS certificate store. |
| * |
| * @return New TLS certificate store on success, NULL on fail. |
| */ |
| void * nc_tls_cert_store_new_wrap(void); |
| |
| /** |
| * @brief Destroys a TLS certificate store. |
| * |
| * @param[in] cert_store TLS certificate store to destroy. |
| */ |
| void nc_tls_cert_store_destroy_wrap(void *cert_store); |
| |
| /** |
| * @brief Creates a new CRL store. |
| * |
| * @return New CRL store on success, NULL on fail. |
| */ |
| void * nc_tls_crl_store_new_wrap(void); |
| |
| /** |
| * @brief Destroys a CRL store. |
| * |
| * @param[in] crl_store CRL store to destroy. |
| */ |
| void nc_tls_crl_store_destroy_wrap(void *crl_store); |
| |
| /** |
| * @brief Converts PEM certificate data to a certificate. |
| * |
| * @param[in] cert_data PEM certificate data. |
| * @return New certificate on success, NULL on fail. |
| */ |
| void * nc_tls_pem_to_cert_wrap(const char *cert_data); |
| |
| /** |
| * @brief Adds a certificate to a certificate store. |
| * |
| * @param[in] cert Certificate to add. |
| * @param[in] cert_store Certificate store to add the certificate to. |
| * @return 0 on success and the memory belongs to cert_store, non-zero on fail. |
| */ |
| int nc_tls_add_cert_to_store_wrap(void *cert, void *cert_store); |
| |
| /** |
| * @brief Converts PEM private key data to a private key. |
| * |
| * @param[in] privkey_data PEM private key data. |
| * @return New private key on success, NULL on fail. |
| */ |
| void * nc_tls_pem_to_privkey_wrap(const char *privkey_data); |
| |
| /** |
| * @brief Imports CRL from a file. |
| * |
| * @param[in] path Path to the CRL file. |
| * @param[in] crl_store CRL store to import the CRL to. |
| * @return 0 on success, non-zero on fail. |
| */ |
| int nc_tls_import_crl_path_wrap(const char *path, void *crl_store); |
| |
| /** |
| * @brief Parses and adds a CRL to a CRL store. |
| * |
| * @param[in] crl_data CRL data. |
| * @param[in] size Size of the CRL data. |
| * @param[in] crl_store CRL store to add the CRL to. |
| * @return 0 on success, non-zero on fail. |
| */ |
| int nc_server_tls_add_crl_to_store_wrap(const unsigned char *crl_data, size_t size, void *crl_store); |
| |
| /** |
| * @brief Sets the TLS version. |
| * |
| * @param[in] tls_cfg TLS configuration. |
| * @param[in] tls_versions Bit-field of supported TLS versions. |
| * |
| * @return 0 on success, non-zero on fail. |
| */ |
| int nc_server_tls_set_tls_versions_wrap(void *tls_cfg, unsigned int tls_versions); |
| |
| /** |
| * @brief Set TLS server's verify flags, verify cb and its data. |
| * |
| * @param[in] tls_cfg TLS configuration. |
| * @param[in] cb_data Verify callback data. |
| */ |
| void nc_server_tls_set_verify_wrap(void *tls_cfg, struct nc_tls_verify_cb_data *cb_data); |
| |
| /** |
| * @brief Set TLS client's verify flags. |
| * |
| * @param[in] tls_cfg TLS configuration. |
| */ |
| void nc_client_tls_set_verify_wrap(void *tls_cfg); |
| |
| /** |
| * @brief Verify the certificate. |
| * |
| * @param[in] cert Certificate to verify. |
| * @param[in] depth Certificate depth. |
| * @param[in] trusted Boolean flag representing whether the certificate is trusted. |
| * @param[in] cb_data Data for the verify callback. |
| * @return 0 on success, 1 on verify fail, -1 on fatal error. |
| */ |
| int nc_server_tls_verify_cert(void *cert, int depth, int trusted, struct nc_tls_verify_cb_data *cb_data); |
| |
| /** |
| * @brief Check if the peer certificate matches any configured ee certs. |
| * |
| * @param[in] peer_cert Peer certificate. |
| * @param[in] opts TLS options. |
| * @return 0 on success, non-zero on fail. |
| */ |
| int nc_server_tls_verify_peer_cert(void *peer_cert, struct nc_server_tls_opts *opts); |
| |
| /** |
| * @brief Get the subject of the certificate. |
| * |
| * @param[in] cert Certificate. |
| * @return Subject of the certificate on success, NULL on fail. |
| */ |
| char * nc_server_tls_get_subject_wrap(void *cert); |
| |
| /** |
| * @brief Get the issuer of the certificate. |
| * |
| * @param[in] cert Certificate. |
| * @return Issuer of the certificate on success, NULL on fail. |
| */ |
| char * nc_server_tls_get_issuer_wrap(void *cert); |
| |
| /** |
| * @brief Get the Subject Alternative Names of the certificate. |
| * |
| * @param[in] cert Certificate. |
| * @return SANs on success, NULL on fail. |
| */ |
| void * nc_tls_get_sans_wrap(void *cert); |
| |
| /** |
| * @brief Destroy the SANs. |
| * |
| * @param[in] sans SANs to destroy. |
| */ |
| void nc_tls_sans_destroy_wrap(void *sans); |
| |
| /** |
| * @brief Get the number of SANs. |
| * |
| * @param[in] sans SANs. |
| * @return Number of SANs. |
| */ |
| int nc_tls_get_num_sans_wrap(void *sans); |
| |
| #ifdef NC_ENABLED_SSH_TLS |
| |
| /** |
| * @brief Get the SAN value and type in the context of CTN. |
| * |
| * @param[in] sans SANs. |
| * @param[in] idx Index of the SAN. |
| * @param[out] san_value SAN value. |
| * @param[out] san_type SAN type. |
| * @return 0 on success, non-zero on fail. |
| */ |
| int nc_tls_get_san_value_type_wrap(void *sans, int idx, char **san_value, NC_TLS_CTN_MAPTYPE *san_type); |
| |
| #endif |
| |
| /** |
| * @brief Compare two certificates. |
| * |
| * @param[in] cert1 Certificate 1. |
| * @param[in] cert2 Certificate 2. |
| * @return 1 if the certificates match, 0 otherwise. |
| */ |
| int nc_server_tls_certs_match_wrap(void *cert1, void *cert2); |
| |
| /** |
| * @brief Get the MD5 digest of the certificate. |
| * |
| * @param[in] cert Certificate. |
| * @param[out] buf Buffer for the digest. |
| * @return 0 on success, non-zero on fail. |
| */ |
| int nc_server_tls_md5_wrap(void *cert, unsigned char *buf); |
| |
| /** |
| * @brief Get the SHA1 digest of the certificate. |
| * |
| * @param[in] cert Certificate. |
| * @param[out] buf Buffer for the digest. |
| * @return 0 on success, non-zero on fail. |
| */ |
| int nc_server_tls_sha1_wrap(void *cert, unsigned char *buf); |
| |
| /** |
| * @brief Get the SHA224 digest of the certificate. |
| * |
| * @param[in] cert Certificate. |
| * @param[out] buf Buffer for the digest. |
| * @return 0 on success, non-zero on fail. |
| */ |
| int nc_server_tls_sha224_wrap(void *cert, unsigned char *buf); |
| |
| /** |
| * @brief Get the SHA256 digest of the certificate. |
| * |
| * @param[in] cert Certificate. |
| * @param[out] buf Buffer for the digest. |
| * @return 0 on success, non-zero on fail. |
| */ |
| int nc_server_tls_sha256_wrap(void *cert, unsigned char *buf); |
| |
| /** |
| * @brief Get the SHA384 digest of the certificate. |
| * |
| * @param[in] cert Certificate. |
| * @param[out] buf Buffer for the digest. |
| * @return 0 on success, non-zero on fail. |
| */ |
| int nc_server_tls_sha384_wrap(void *cert, unsigned char *buf); |
| |
| /** |
| * @brief Get the SHA512 digest of the certificate. |
| * |
| * @param[in] cert Certificate. |
| * @param[out] buf Buffer for the digest. |
| * @return 0 on success, non-zero on fail. |
| */ |
| int nc_server_tls_sha512_wrap(void *cert, unsigned char *buf); |
| |
| /** |
| * @brief Set the FD for a TLS session. |
| * |
| * @param[in] tls_session TLS session. |
| * @param[in] sock Socket FD. |
| * @param[in] tls_ctx TLS context. |
| */ |
| void nc_server_tls_set_fd_wrap(void *tls_session, int sock, struct nc_tls_ctx *tls_ctx); |
| |
| /** |
| * @brief Perform a server-side step of the TLS handshake. |
| * |
| * @param[in] tls_session TLS session. |
| * @return 1 on success, 0 if the handshake is not finished, negative number on error. |
| */ |
| int nc_server_tls_handshake_step_wrap(void *tls_session); |
| |
| /** |
| * @brief Perform a client-side step of the TLS handshake. |
| * |
| * @param[in] tls_session TLS session. |
| * @param[in] sock Socket FD. |
| * @return 1 on success, 0 if the handshake is not finished, negative number on error. |
| */ |
| int nc_client_tls_handshake_step_wrap(void *tls_session, int sock); |
| |
| /** |
| * @brief Destroy a TLS context. |
| * |
| * @param[in] tls_ctx TLS context. |
| */ |
| void nc_tls_ctx_destroy_wrap(struct nc_tls_ctx *tls_ctx); |
| |
| /** |
| * @brief Load client's certificate and a private key. |
| * |
| * @param[in] cert_path Path to the certificate. |
| * @param[in] key_path Path to the private key. |
| * @param[out] cert Certificate. |
| * @param[out] pkey Private key. |
| * @return 0 on success, non-zero on fail. |
| */ |
| int nc_client_tls_load_cert_key_wrap(const char *cert_path, const char *key_path, void **cert, void **pkey); |
| |
| /** |
| * @brief Load client's trusted certificates. |
| * |
| * @param[in] cert_store Certificate store. |
| * @param[in] file_path Path to the file with trusted certificates. |
| * @param[in] dir_path Path to the directory with trusted certificates. |
| * @return 0 on success, non-zero on fail. |
| */ |
| int nc_client_tls_load_trusted_certs_wrap(void *cert_store, const char *file_path, const char *dir_path); |
| |
| /** |
| * @brief Load client's CRLs. |
| * |
| * @param[in] crl_store CRL store. |
| * @param[in] file_path Path to the file with CRLs. |
| * @param[in] dir_path Path to the directory with CRLs. |
| * @return 0 on success, non-zero on fail. |
| */ |
| int nc_client_tls_load_crl_wrap(void *crl_store, const char *file_path, const char *dir_path); |
| |
| /** |
| * @brief Set the hostname for the TLS session. |
| * |
| * @param[in] tls_session TLS session. |
| * @param[in] hostname Hostname. |
| * @return 0 on success, non-zero on fail. |
| */ |
| int nc_client_tls_set_hostname_wrap(void *tls_session, const char *hostname); |
| |
| /** |
| * @brief Initialize a TLS context. |
| * |
| * @param[in] sock Socket FD. |
| * @param[in] cert Certificate. |
| * @param[in] pkey Private key. |
| * @param[in] cert_store Certificate store. |
| * @param[in] crl_store CRL store. |
| * @param[in,out] tls_ctx TLS context. |
| * @return 0 on success, non-zero on fail. |
| */ |
| int nc_tls_init_ctx_wrap(int sock, void *cert, void *pkey, void *cert_store, void *crl_store, struct nc_tls_ctx *tls_ctx); |
| |
| /** |
| * @brief Setup a TLS configuration from a TLS context. |
| * |
| * @param[in] tls_ctx TLS context. |
| * @param[in] side Side of the TLS connection. |
| * @param[in,out] tls_cfg TLS configuration. |
| * @return 0 on success, non-zero on fail. |
| */ |
| int nc_tls_setup_config_from_ctx_wrap(struct nc_tls_ctx *tls_ctx, int side, void *tls_cfg); |
| |
| /** |
| * @brief Get the error code from a TLS session's verification. |
| * |
| * @param[in] tls_session TLS session. |
| * @return Error code, 0 indicates success. |
| */ |
| uint32_t nc_tls_get_verify_result_wrap(void *tls_session); |
| |
| /** |
| * @brief Get the error string from a TLS session's verification. |
| * |
| * @param[in] err_code Error code. |
| * @return Error string. |
| */ |
| char * nc_tls_verify_error_string_wrap(uint32_t err_code); |
| |
| /** |
| * @brief Print the TLS session's connection error. |
| * |
| * @param[in] connect_ret Error code. |
| * @param[in] peername Peername. |
| * @param[in] tls_session TLS session. |
| */ |
| void nc_client_tls_print_connect_err_wrap(int connect_ret, const char *peername, void *tls_session); |
| |
| /** |
| * @brief Print the TLS session's accept error. |
| * |
| * @param[in] accept_ret Error code. |
| * @param[in] tls_session TLS session. |
| */ |
| void nc_server_tls_print_accept_err_wrap(int accept_ret, void *tls_session); |
| |
| /** |
| * @brief Checks if the DER data is a SubjectPublicKeyInfo public key. |
| * |
| * @param[in] der DER data. |
| * @param[in] len Length of the DER data. |
| * |
| * @return 1 if the data is a SubjectPublicKeyInfo public key, 0 if not, -1 on error. |
| */ |
| int nc_tls_is_der_subpubkey_wrap(unsigned char *der, long len); |
| |
| /** |
| * @brief Decodes base64 to binary. |
| * |
| * @param[in] base64 Base64 string. |
| * @param[out] bin Binary result, memory managed by the caller. |
| * @return Length of the binary data on success, -1 on error. |
| */ |
| int nc_base64_decode_wrap(const char *base64, unsigned char **bin); |
| |
| /** |
| * @brief Encodes binary to base64. |
| * |
| * @param[in] bin Binary data. |
| * @param[in] len Length of the binary data. |
| * @param[out] base64 NULL terminated Base64 result, memory managed by the caller. |
| * @return 0 on success, -1 on error. |
| */ |
| int nc_base64_encode_wrap(const unsigned char *bin, size_t len, char **base64); |
| |
| /** |
| * @brief Reads data from a TLS session. |
| * |
| * @param[in] session NETCONF session. |
| * @param[out] buf Buffer for the data. |
| * @param[in] size Size of the buffer. |
| * @return Number of bytes read on success, -1 on error. |
| */ |
| int nc_tls_read_wrap(struct nc_session *session, unsigned char *buf, size_t size); |
| |
| /** |
| * @brief Writes data to a TLS session. |
| * |
| * @param[in] session NETCONF session. |
| * @param[in] buf Data to write. |
| * @param[in] size Size of the data. |
| * @return Number of bytes written on success, -1 on error. |
| */ |
| int nc_tls_write_wrap(struct nc_session *session, const unsigned char *buf, size_t size); |
| |
| /** |
| * @brief Get the number of pending bytes in a TLS session. |
| * |
| * @param[in] tls_session TLS session. |
| * @return Number of pending bytes. |
| */ |
| int nc_tls_get_num_pending_bytes_wrap(void *tls_session); |
| |
| /** |
| * @brief Get the file descriptor of a TLS session. |
| * |
| * @param[in] session NETCONF session. |
| * @return File descriptor, -1 on error. |
| */ |
| int nc_tls_get_fd_wrap(const struct nc_session *session); |
| |
| /** |
| * @brief Close a TLS session. |
| * |
| * @param[in] tls_session TLS session. |
| */ |
| void nc_tls_close_notify_wrap(void *tls_session); |
| |
| /** |
| * @brief Import a private key from a file. |
| * |
| * @param[in] privkey_path Path to the private key file. |
| * @return Imported private key on success, NULL on fail. |
| */ |
| void * nc_tls_import_privkey_file_wrap(const char *privkey_path); |
| |
| /** |
| * @brief Import a certificate from a file. |
| * |
| * @param[in] cert_path Path to the certificate file. |
| * @return Imported certificate on success, NULL on fail. |
| */ |
| void * nc_tls_import_cert_file_wrap(const char *cert_path); |
| |
| /** |
| * @brief Export a private key to a PEM string. |
| * |
| * @param[in] pkey Private key. |
| * @return PEM string on success, NULL on fail. |
| */ |
| char * nc_tls_export_privkey_pem_wrap(void *pkey); |
| |
| /** |
| * @brief Export a certificate to a PEM string. |
| * |
| * @param[in] cert Certificate. |
| * @return PEM string on success, NULL on fail. |
| */ |
| char * nc_tls_export_cert_pem_wrap(void *cert); |
| |
| /** |
| * @brief Export a public key to a PEM string. |
| * |
| * @param[in] pkey Public key. |
| * @return PEM string on success, NULL on fail. |
| */ |
| char * nc_tls_export_pubkey_pem_wrap(void *pkey); |
| |
| /** |
| * @brief Check if a private key is RSA. |
| * |
| * @param[in] pkey Private key. |
| * @return 1 if the private key is RSA, 0 if not. |
| */ |
| int nc_tls_privkey_is_rsa_wrap(void *pkey); |
| |
| /** |
| * @brief Get the RSA public key parameters from a private key. |
| * |
| * @param[in] pkey Private key. |
| * @param[out] e Exponent. |
| * @param[out] n Modulus. |
| * @return 0 on success, non-zero on fail. |
| */ |
| int nc_tls_get_rsa_pubkey_params_wrap(void *pkey, void **e, void **n); |
| |
| /** |
| * @brief Destroy an MPI. |
| * |
| * @param[in] mpi MPI. |
| */ |
| void nc_tls_destroy_mpi_wrap(void *mpi); |
| |
| /** |
| * @brief Check if a private key is EC. |
| * |
| * @param[in] pkey Private key. |
| * @return 1 if the private key is EC, 0 if not. |
| */ |
| int nc_tls_privkey_is_ec_wrap(void *pkey); |
| |
| /** |
| * @brief Get the group name of an EC private key. |
| * |
| * @param[in] pkey Private key. |
| * @return Group name on success, NULL on fail. |
| */ |
| char * nc_tls_get_ec_group_wrap(void *pkey); |
| |
| /** |
| * @brief Get the EC public key parameters from a private key. |
| * |
| * @param[in] pkey Private key. |
| * @param[out] q Public key point. |
| * @param[out] q_grp Public key group. |
| * @return 0 on success, non-zero on fail. |
| */ |
| int nc_tls_get_ec_pubkey_params_wrap(void *pkey, void **q, void **q_grp); |
| |
| /** |
| * @brief Convert an EC point to binary. |
| * |
| * @param[in] q EC point. |
| * @param[in] q_grp EC group. |
| * @param[out] bin Binary point. |
| * @param[out] bin_len Length of the binary point. |
| * @return 0 on success, non-zero on fail. |
| */ |
| int nc_tls_ec_point_to_bin_wrap(void *q, void *q_grp, unsigned char **bin, int *bin_len); |
| |
| /** |
| * @brief Destroy an EC point. |
| * |
| * @param[in] p EC point. |
| */ |
| void nc_tls_ec_point_destroy_wrap(void *p); |
| |
| /** |
| * @brief Destroy an EC group. |
| * |
| * @param[in] grp EC group. |
| */ |
| void nc_tls_ec_group_destroy_wrap(void *grp); |
| |
| /** |
| * @brief Convert an MPI to binary. |
| * |
| * @param[in] mpi MPI. |
| * @param[out] bin Binary buffer. |
| * @param[out] bin_len Length of the binary. |
| * @return 0 on success, 1 on error. |
| */ |
| int nc_tls_mpi2bin_wrap(void *mpi, unsigned char **bin, int *bin_len); |
| |
| /** |
| * @brief Import a public key from a file. |
| * |
| * @param[in] pubkey_path Path to the public key file. |
| * @return Imported public key on success, NULL on fail. |
| */ |
| void * nc_tls_import_pubkey_file_wrap(const char *pubkey_path); |
| |
| /** |
| * @brief Get all the URIs from a CRL distribution points. |
| * |
| * @param[in] cert_store Certificate store. |
| * @param[out] uris URIs to download the CRLs from. |
| * @param[out] uri_count Number of URIs found. |
| * @return 0 on success, non-zero on fail. |
| */ |
| int nc_server_tls_get_crl_distpoint_uris_wrap(void *cert_store, char ***uris, int *uri_count); |
| |
| /** |
| * @brief Process a cipher suite so that it can be set by the underlying TLS lib. |
| * |
| * @param[in] cipher Cipher suite identity value. |
| * @param[out] out Processed cipher suite. |
| * @return 0 on success, 1 on fail. |
| */ |
| int nc_tls_process_cipher_suite_wrap(const char *cipher, char **out); |
| |
| /** |
| * @brief Append a cipher suite to the list of cipher suites. |
| * |
| * @param[in] opts TLS options. |
| * @param[in] cipher_suite Cipher suite to append. |
| * @return 0 on success, 1 on fail. |
| */ |
| int nc_tls_append_cipher_suite_wrap(struct nc_server_tls_opts *opts, const char *cipher_suite); |
| |
| /** |
| * @brief Set the list of cipher suites for the TLS configuration. |
| * |
| * @param[in] tls_cfg TLS configuration. |
| * @param[in] cipher_suites List of cipher suites. |
| */ |
| void nc_server_tls_set_cipher_suites_wrap(void *tls_cfg, void *cipher_suites); |
| |
| #endif |