src/lib-master/master-service-ssl-settings.h

f29756821a4c6b12b73e4a2a3e1c230117a43773Timo Sirainen#ifndef MASTER_SERVICE_SSL_SETTINGS_H
f29756821a4c6b12b73e4a2a3e1c230117a43773Timo Sirainen#define MASTER_SERVICE_SSL_SETTINGS_H
f29756821a4c6b12b73e4a2a3e1c230117a43773Timo Sirainen
f29756821a4c6b12b73e4a2a3e1c230117a43773Timo Sirainenstruct master_service;
30dca95419d100d0736cc927738966ceb33ed1d0Aki Tuomistruct ssl_iostream_settings;
f29756821a4c6b12b73e4a2a3e1c230117a43773Timo Sirainen
f29756821a4c6b12b73e4a2a3e1c230117a43773Timo Sirainenstruct master_service_ssl_settings {
f29756821a4c6b12b73e4a2a3e1c230117a43773Timo Sirainen    const char *ssl;
f29756821a4c6b12b73e4a2a3e1c230117a43773Timo Sirainen    const char *ssl_ca;
f29756821a4c6b12b73e4a2a3e1c230117a43773Timo Sirainen    const char *ssl_cert;
165551d5733c2f21e25ff1d28c1795d0bf63353fAki Tuomi    const char *ssl_alt_cert;
f29756821a4c6b12b73e4a2a3e1c230117a43773Timo Sirainen    const char *ssl_key;
165551d5733c2f21e25ff1d28c1795d0bf63353fAki Tuomi    const char *ssl_alt_key;
f29756821a4c6b12b73e4a2a3e1c230117a43773Timo Sirainen    const char *ssl_key_password;
6d4fb028a24e03b52152f3cfb309596a27aae91eTimo Sirainen    const char *ssl_client_ca_file;
6d4fb028a24e03b52152f3cfb309596a27aae91eTimo Sirainen    const char *ssl_client_ca_dir;
878734e3d9ff8da069a2567f18ca61eefa3116aaAki Tuomi    const char *ssl_dh;
f29756821a4c6b12b73e4a2a3e1c230117a43773Timo Sirainen    const char *ssl_cipher_list;
c4d66e8ccbb8440622f1a70791ed2a8f99659af1Juha Koho    const char *ssl_curve_list;
976dee5384c4827dc648c9bc53825390521c388eMartti Rannanjärvi    const char *ssl_min_protocol;
f29756821a4c6b12b73e4a2a3e1c230117a43773Timo Sirainen    const char *ssl_cert_username_field;
f29756821a4c6b12b73e4a2a3e1c230117a43773Timo Sirainen    const char *ssl_crypto_device;
9864489d143fafe6f08f6a6d98a478d36458aa98Phil Carmody    const char *ssl_options;
9864489d143fafe6f08f6a6d98a478d36458aa98Phil Carmody
f29756821a4c6b12b73e4a2a3e1c230117a43773Timo Sirainen    bool ssl_verify_client_cert;
f29756821a4c6b12b73e4a2a3e1c230117a43773Timo Sirainen    bool ssl_require_crl;
f29756821a4c6b12b73e4a2a3e1c230117a43773Timo Sirainen    bool verbose_ssl;
f974134f495e47ba7173f5b0f75fbd5cbacf1fe2Timo Sirainen    bool ssl_prefer_server_ciphers;
9864489d143fafe6f08f6a6d98a478d36458aa98Phil Carmody
9864489d143fafe6f08f6a6d98a478d36458aa98Phil Carmody    /* These are derived from ssl_options, not set directly */
9864489d143fafe6f08f6a6d98a478d36458aa98Phil Carmody    struct {
9864489d143fafe6f08f6a6d98a478d36458aa98Phil Carmody        bool compression;
ea6bcfde34e4cced9b42f1b4f5140a47752cb0abTimo Sirainen        bool tickets;
9864489d143fafe6f08f6a6d98a478d36458aa98Phil Carmody    } parsed_opts;
f29756821a4c6b12b73e4a2a3e1c230117a43773Timo Sirainen};
f29756821a4c6b12b73e4a2a3e1c230117a43773Timo Sirainen
b5af146eccd777e3429aef6c4da7825d53774ffeTimo Sirainenenum master_service_ssl_settings_type {
b5af146eccd777e3429aef6c4da7825d53774ffeTimo Sirainen    MASTER_SERVICE_SSL_SETTINGS_TYPE_SERVER,
b5af146eccd777e3429aef6c4da7825d53774ffeTimo Sirainen    MASTER_SERVICE_SSL_SETTINGS_TYPE_CLIENT,
b5af146eccd777e3429aef6c4da7825d53774ffeTimo Sirainen};
b5af146eccd777e3429aef6c4da7825d53774ffeTimo Sirainen
f29756821a4c6b12b73e4a2a3e1c230117a43773Timo Sirainenextern const struct setting_parser_info master_service_ssl_setting_parser_info;
f29756821a4c6b12b73e4a2a3e1c230117a43773Timo Sirainen
f29756821a4c6b12b73e4a2a3e1c230117a43773Timo Sirainenconst struct master_service_ssl_settings *
f29756821a4c6b12b73e4a2a3e1c230117a43773Timo Sirainenmaster_service_ssl_settings_get(struct master_service *service);
f29756821a4c6b12b73e4a2a3e1c230117a43773Timo Sirainen
30dca95419d100d0736cc927738966ceb33ed1d0Aki Tuomi/* Provides master service ssl settings to iostream settings */
b5af146eccd777e3429aef6c4da7825d53774ffeTimo Sirainenvoid master_service_ssl_settings_to_iostream_set(
b5af146eccd777e3429aef6c4da7825d53774ffeTimo Sirainen    const struct master_service_ssl_settings *ssl_set, pool_t pool,
b5af146eccd777e3429aef6c4da7825d53774ffeTimo Sirainen    enum master_service_ssl_settings_type type,
b5af146eccd777e3429aef6c4da7825d53774ffeTimo Sirainen    struct ssl_iostream_settings *set_r);
30dca95419d100d0736cc927738966ceb33ed1d0Aki Tuomi
f29756821a4c6b12b73e4a2a3e1c230117a43773Timo Sirainen#endif