tls_internal.h

Go to the documentation of this file.

/*
 * Copyright 2024 the Pacemaker project contributors
 *
 * The version control history for this file may have further details.
 *
 * This source code is licensed under the GNU Lesser General Public License
 * version 2.1 or later (LGPLv2.1+) WITHOUT ANY WARRANTY.
 */

#ifndef PCMK__CRM_COMMON_TLS_INTERNAL__H
#define PCMK__CRM_COMMON_TLS_INTERNAL__H

#include <gnutls/gnutls.h>  // gnutls_session_t, gnutls_dh_params_t, etc.

#include <crm/common/ipc_internal.h>        // pcmk__client_t
#include <crm/common/remote_internal.h>     // pcmk__remote_t

#ifdef __cplusplus
extern "C" {
#endif

typedef struct {
    bool server;
    gnutls_dh_params_t dh_params;
    gnutls_credentials_type_t cred_type;

    const char *ca_file;
    const char *cert_file;
    const char *crl_file;
    const char *key_file;

    union {
        gnutls_anon_server_credentials_t anon_s;
        gnutls_anon_client_credentials_t anon_c;
        gnutls_certificate_credentials_t cert;
        gnutls_psk_server_credentials_t psk_s;
        gnutls_psk_client_credentials_t psk_c;
    } credentials;
} pcmk__tls_t;

void pcmk__free_tls(pcmk__tls_t *tls);

int pcmk__init_tls(pcmk__tls_t **tls, bool server,
                   gnutls_credentials_type_t cred_type);

int pcmk__init_tls_dh(gnutls_dh_params_t *dh_params);

gnutls_session_t pcmk__new_tls_session(pcmk__tls_t *tls, int csock);

void pcmk__tls_add_psk_key(pcmk__tls_t *tls, gnutls_datum_t *key);

void pcmk__tls_add_psk_callback(pcmk__tls_t *tls,
                                gnutls_psk_server_credentials_function *cb);

int pcmk__read_handshake_data(const pcmk__client_t *client);

void pcmk__tls_check_cert_expiration(gnutls_session_t session);

int pcmk__tls_client_handshake(pcmk__remote_t *remote, int timeout_sec,
                               int *gnutls_rc);

int pcmk__tls_client_try_handshake(pcmk__remote_t *remote, int *gnutls_rc);

bool pcmk__x509_enabled(void);

#ifdef __cplusplus
}
#endif

#endif      // PCMK__CRM_COMMON_TLS_INTERNAL__H