summaryrefslogtreecommitdiff
path: root/src/include
diff options
context:
space:
mode:
authorLaurent Bercot <ska-skaware@skarnet.org>2021-05-30 09:19:26 +0000
committerLaurent Bercot <ska-skaware@skarnet.org>2021-05-30 09:19:26 +0000
commite763c3ef1485404585b923365f93314aab4e8dd6 (patch)
tree53dbb23320627390527f0d0bc45278b8520c46dc /src/include
parent02afa553cc33400ead38ac85f8f7f2f3fe79f49d (diff)
downloads6-networking-e763c3ef1485404585b923365f93314aab4e8dd6.tar.xz
Start work on bearssl server-side sni
Diffstat (limited to 'src/include')
-rw-r--r--src/include/s6-networking/sbearssl.h32
1 files changed, 32 insertions, 0 deletions
diff --git a/src/include/s6-networking/sbearssl.h b/src/include/s6-networking/sbearssl.h
index 8de12ab..83bc376 100644
--- a/src/include/s6-networking/sbearssl.h
+++ b/src/include/s6-networking/sbearssl.h
@@ -13,6 +13,7 @@
#include <skalibs/stralloc.h>
#include <skalibs/genalloc.h>
#include <skalibs/tai.h>
+#include <skalibs/avltree.h>
/*
* Support library for bearssl.
@@ -153,6 +154,7 @@ extern int sbearssl_skey_from (sbearssl_skey *, br_skey const *, stralloc *) ;
extern int sbearssl_skey_to (sbearssl_skey const *, br_skey *, char *) ;
extern int sbearssl_skey_readfile (char const *, sbearssl_skey *, stralloc *) ;
+extern void sbearssl_skey_wipe (sbearssl_skey, char *) ;
/* Public keys */
@@ -262,6 +264,36 @@ extern int sbearssl_send_environment (br_ssl_engine_context *, sbearssl_handshak
extern void sbearssl_run (br_ssl_engine_context *, int *, tain_t const *, uint32_t, unsigned int, sbearssl_handshake_cbfunc_ref, sbearssl_handshake_cbarg *) gccattr_noreturn ;
+ /* Generic server policy class and server-side SNI implementation */
+
+typedef struct sbearssl_sni_map_s sbearssl_sni_map, *sbearssl_sni_map_ref ;
+struct sbearssl_sni_map_s
+{
+ char const *servername ;
+ sbearssl_skey skey ;
+ size_t chainindex ;
+ size_t chainlen ;
+} ;
+
+typedef struct sbearssl_sni_policy_context_s sbearssl_sni_policy_context, *sbearssl_sni_policy_context_ref ;
+struct sbearssl_sni_policy_context_s
+{
+ br_ssl_server_policy_class const *vtable ;
+ br_skey skey ;
+ avltree map ;
+ genalloc mapga ;
+ genalloc certga ;
+ stralloc storage ;
+}
+
+extern br_ssl_server_policy_class const sbearssl_sni_policy_vtable ;
+extern int sbearssl_sni_policy_init (sbearssl_sni_policy_context *) ;
+extern int sbearssl_sni_policy_add_keypair_file (sbearssl_sni_policy_context *, char const *, char const *, char const *) ;
+
+extern void sbearssl_sctx_init_full_generic (br_ssl_server_context *) ;
+extern void sbearssl_sctx_set_policy_sni (br_ssl_server_context *, sbearssl_sni_policy_context *) ;
+
+
/* s6-tlsc-io and s6-tlsd-io implementations */
extern void sbearssl_client_init_and_run (int *, tain_t const *, uint32_t, uint32_t, unsigned int, char const *, sbearssl_handshake_cbfunc_ref, sbearssl_handshake_cbarg *) gccattr_noreturn ;