diff options
author | Maxim Yurchuk <maxim-yurchuk@ydb.tech> | 2024-10-18 20:31:38 +0300 |
---|---|---|
committer | GitHub <noreply@github.com> | 2024-10-18 20:31:38 +0300 |
commit | 2a74bac2d2d3bccb4e10120f1ead805640ec9dd0 (patch) | |
tree | 047e4818ced5aaf73f58517629e5260b5291f9f0 /contrib/libs/curl/lib/vtls/openssl.h | |
parent | 2d9656823e9521d8c29ea4c9a1d0eab78391abfc (diff) | |
parent | 3d834a1923bbf9403cd4a448e7f32b670aa4124f (diff) | |
download | ydb-2a74bac2d2d3bccb4e10120f1ead805640ec9dd0.tar.gz |
Merge pull request #10502 from ydb-platform/mergelibs-241016-1210
Library import 241016-1210
Diffstat (limited to 'contrib/libs/curl/lib/vtls/openssl.h')
-rw-r--r-- | contrib/libs/curl/lib/vtls/openssl.h | 63 |
1 files changed, 11 insertions, 52 deletions
diff --git a/contrib/libs/curl/lib/vtls/openssl.h b/contrib/libs/curl/lib/vtls/openssl.h index 7aba947d18..e802363a4a 100644 --- a/contrib/libs/curl/lib/vtls/openssl.h +++ b/contrib/libs/curl/lib/vtls/openssl.h @@ -36,46 +36,23 @@ #include "urldata.h" -/* Struct to hold a Curl OpenSSL instance */ -struct ossl_ctx { - /* these ones requires specific SSL-types */ - SSL_CTX* ssl_ctx; - SSL* ssl; - X509* server_cert; - BIO_METHOD *bio_method; - CURLcode io_result; /* result of last BIO cfilter operation */ -#ifndef HAVE_KEYLOG_CALLBACK - /* Set to true once a valid keylog entry has been created to avoid dupes. - This is a bool and not a bitfield because it is passed by address. */ - bool keylog_done; -#endif - BIT(x509_store_setup); /* x509 store has been set up */ - BIT(reused_session); /* session-ID was reused for this */ -}; - -typedef CURLcode Curl_ossl_ctx_setup_cb(struct Curl_cfilter *cf, - struct Curl_easy *data, - void *user_data); - -typedef int Curl_ossl_new_session_cb(SSL *ssl, SSL_SESSION *ssl_sessionid); - -CURLcode Curl_ossl_ctx_init(struct ossl_ctx *octx, - struct Curl_cfilter *cf, - struct Curl_easy *data, - struct ssl_peer *peer, - int transport, /* TCP or QUIC */ - const unsigned char *alpn, size_t alpn_len, - Curl_ossl_ctx_setup_cb *cb_setup, - void *cb_user_data, - Curl_ossl_new_session_cb *cb_new_session, - void *ssl_user_data); - #if (OPENSSL_VERSION_NUMBER < 0x30000000L) #define SSL_get1_peer_certificate SSL_get_peer_certificate #endif +CURLcode Curl_ossl_verifyhost(struct Curl_easy *data, struct connectdata *conn, + struct ssl_peer *peer, X509 *server_cert); extern const struct Curl_ssl Curl_ssl_openssl; +CURLcode Curl_ossl_set_client_cert(struct Curl_easy *data, + SSL_CTX *ctx, char *cert_file, + const struct curl_blob *cert_blob, + const char *cert_type, char *key_file, + const struct curl_blob *key_blob, + const char *key_type, char *key_passwd); + +CURLcode Curl_ossl_certchain(struct Curl_easy *data, SSL *ssl); + /** * Setup the OpenSSL X509_STORE in `ssl_ctx` for the cfilter `cf` and * easy handle `data`. Will allow reuse of a shared cache if suitable @@ -89,23 +66,5 @@ CURLcode Curl_ossl_ctx_configure(struct Curl_cfilter *cf, struct Curl_easy *data, SSL_CTX *ssl_ctx); -/* - * Add a new session to the cache. Takes ownership of the session. - */ -CURLcode Curl_ossl_add_session(struct Curl_cfilter *cf, - struct Curl_easy *data, - const struct ssl_peer *peer, - SSL_SESSION *ssl_sessionid); - -/* - * Get the server cert, verify it and show it, etc., only call failf() if - * ssl config verifypeer or -host is set. Otherwise all this is for - * informational purposes only! - */ -CURLcode Curl_oss_check_peer_cert(struct Curl_cfilter *cf, - struct Curl_easy *data, - struct ossl_ctx *octx, - struct ssl_peer *peer); - #endif /* USE_OPENSSL */ #endif /* HEADER_CURL_SSLUSE_H */ |