diff options
Diffstat (limited to 'include/net-snmp/library/snmpTLSBaseDomain.h')
-rw-r--r-- | include/net-snmp/library/snmpTLSBaseDomain.h | 83 |
1 files changed, 83 insertions, 0 deletions
diff --git a/include/net-snmp/library/snmpTLSBaseDomain.h b/include/net-snmp/library/snmpTLSBaseDomain.h new file mode 100644 index 0000000..bc21cb6 --- /dev/null +++ b/include/net-snmp/library/snmpTLSBaseDomain.h @@ -0,0 +1,83 @@ +#ifndef _SNMPTLSBASEDOMAIN_H +#define _SNMPTLSBASEDOMAIN_H + +#ifdef __cplusplus +extern "C" { +#endif + +#include <net-snmp/library/snmp_transport.h> +#include <net-snmp/library/asn1.h> +#include <net-snmp/library/container.h> + +/* OpenSSL Includes */ +#include "openssl/bio.h" +#include "openssl/ssl.h" +#include "openssl/err.h" + +/* + * Prototypes + */ + + void netsnmp_tlsbase_ctor(void); + void netsnmp_init_tlsbase(void); + const char * _x509_get_error(int x509failvalue, const char *location); + void _openssl_log_error(int rc, SSL *con, const char *location); + + /* will likely go away */ + SSL_CTX *get_client_ctx(void); + SSL_CTX *get_server_ctx(void); + +#define NETSNMP_TLSBASE_IS_CLIENT 0x01 +#define NETSNMP_TLSBASE_CERT_FP_VERIFIED 0x02 + + /* + * _Internal_ structures + */ + typedef struct _netsnmpTLSBaseData_s { + int flags; + SSL_CTX *ssl_context; + SSL *ssl; + BIO *sslbio; + BIO *accept_bio; + BIO *accepted_bio; + char *securityName; + char *addr_string; + netsnmp_indexed_addr_pair *addr; + char *our_identity; + char *their_identity; + char *their_fingerprint; + char *their_hostname; + char *trust_cert; + } _netsnmpTLSBaseData; + +#define VRFY_PARENT_WAS_OK 1 + typedef struct _netsnmp_verify_info_s { + int flags; + } _netsnmp_verify_info; + + SSL_CTX *sslctx_client_setup(const SSL_METHOD *, + _netsnmpTLSBaseData *tlsbase); + SSL_CTX *sslctx_server_setup(const SSL_METHOD *); + + int netsnmp_tlsbase_verify_server_cert(SSL *ssl, + _netsnmpTLSBaseData *tlsdata); + int netsnmp_tlsbase_verify_client_cert(SSL *ssl, + _netsnmpTLSBaseData *tlsdata); + int netsnmp_tlsbase_extract_security_name(SSL *ssl, _netsnmpTLSBaseData *tlsdata); + _netsnmpTLSBaseData *netsnmp_tlsbase_allocate_tlsdata(netsnmp_transport *t, + int isserver); + int netsnmp_tlsbase_wrapup_recv(netsnmp_tmStateReference *tmStateRef, + _netsnmpTLSBaseData *tlsdata, + void **opaque, int *olength); + int netsnmp_tlsbase_config(struct netsnmp_transport_s *t, + const char *token, const char *value); + + int netsnmp_tlsbase_session_init(struct netsnmp_transport_s *, + struct snmp_session *sess); + int tls_get_verify_info_index(void); + + void netsnmp_tlsbase_free_tlsdata(_netsnmpTLSBaseData *tlsbase); +#ifdef __cplusplus +} +#endif +#endif/*_SNMPTLSBASEDOMAIN_H*/ |