1290001Sglebius/* 2290001Sglebius * Copyright (c) 2009-2012 Niels Provos and Nick Mathewson 3290001Sglebius * 4290001Sglebius * Redistribution and use in source and binary forms, with or without 5290001Sglebius * modification, are permitted provided that the following conditions 6290001Sglebius * are met: 7290001Sglebius * 1. Redistributions of source code must retain the above copyright 8290001Sglebius * notice, this list of conditions and the following disclaimer. 9290001Sglebius * 2. Redistributions in binary form must reproduce the above copyright 10290001Sglebius * notice, this list of conditions and the following disclaimer in the 11290001Sglebius * documentation and/or other materials provided with the distribution. 12290001Sglebius * 3. The name of the author may not be used to endorse or promote products 13290001Sglebius * derived from this software without specific prior written permission. 14290001Sglebius * 15290001Sglebius * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 16290001Sglebius * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 17290001Sglebius * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 18290001Sglebius * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 19290001Sglebius * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 20290001Sglebius * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 21290001Sglebius * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 22290001Sglebius * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 23290001Sglebius * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 24290001Sglebius * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 25290001Sglebius */ 26290001Sglebius#ifndef EVENT2_BUFFEREVENT_SSL_H_INCLUDED_ 27290001Sglebius#define EVENT2_BUFFEREVENT_SSL_H_INCLUDED_ 28290001Sglebius 29290001Sglebius/** @file event2/bufferevent_ssl.h 30290001Sglebius 31290001Sglebius OpenSSL support for bufferevents. 32290001Sglebius */ 33290001Sglebius#include <event2/visibility.h> 34290001Sglebius#include <event2/event-config.h> 35290001Sglebius#include <event2/bufferevent.h> 36290001Sglebius#include <event2/util.h> 37290001Sglebius 38290001Sglebius#ifdef __cplusplus 39290001Sglebiusextern "C" { 40290001Sglebius#endif 41290001Sglebius 42290001Sglebius/* This is what openssl's SSL objects are underneath. */ 43290001Sglebiusstruct ssl_st; 44290001Sglebius 45290001Sglebius/** 46290001Sglebius The state of an SSL object to be used when creating a new 47290001Sglebius SSL bufferevent. 48290001Sglebius */ 49290001Sglebiusenum bufferevent_ssl_state { 50290001Sglebius BUFFEREVENT_SSL_OPEN = 0, 51290001Sglebius BUFFEREVENT_SSL_CONNECTING = 1, 52290001Sglebius BUFFEREVENT_SSL_ACCEPTING = 2 53290001Sglebius}; 54290001Sglebius 55290001Sglebius#if defined(EVENT__HAVE_OPENSSL) || defined(EVENT_IN_DOXYGEN_) 56290001Sglebius/** 57290001Sglebius Create a new SSL bufferevent to send its data over another bufferevent. 58290001Sglebius 59290001Sglebius @param base An event_base to use to detect reading and writing. It 60290001Sglebius must also be the base for the underlying bufferevent. 61290001Sglebius @param underlying A socket to use for this SSL 62290001Sglebius @param ssl A SSL* object from openssl. 63290001Sglebius @param state The current state of the SSL connection 64290001Sglebius @param options One or more bufferevent_options 65290001Sglebius @return A new bufferevent on success, or NULL on failure 66290001Sglebius*/ 67290001SglebiusEVENT2_EXPORT_SYMBOL 68290001Sglebiusstruct bufferevent * 69290001Sglebiusbufferevent_openssl_filter_new(struct event_base *base, 70290001Sglebius struct bufferevent *underlying, 71290001Sglebius struct ssl_st *ssl, 72290001Sglebius enum bufferevent_ssl_state state, 73290001Sglebius int options); 74290001Sglebius 75290001Sglebius/** 76290001Sglebius Create a new SSL bufferevent to send its data over an SSL * on a socket. 77290001Sglebius 78290001Sglebius @param base An event_base to use to detect reading and writing 79290001Sglebius @param fd A socket to use for this SSL 80290001Sglebius @param ssl A SSL* object from openssl. 81290001Sglebius @param state The current state of the SSL connection 82290001Sglebius @param options One or more bufferevent_options 83290001Sglebius @return A new bufferevent on success, or NULL on failure. 84290001Sglebius*/ 85290001SglebiusEVENT2_EXPORT_SYMBOL 86290001Sglebiusstruct bufferevent * 87290001Sglebiusbufferevent_openssl_socket_new(struct event_base *base, 88290001Sglebius evutil_socket_t fd, 89290001Sglebius struct ssl_st *ssl, 90290001Sglebius enum bufferevent_ssl_state state, 91290001Sglebius int options); 92290001Sglebius 93290001Sglebius/** Control how to report dirty SSL shutdowns. 94290001Sglebius 95290001Sglebius If the peer (or the network, or an attacker) closes the TCP 96290001Sglebius connection before closing the SSL channel, and the protocol is SSL >= v3, 97290001Sglebius this is a "dirty" shutdown. If allow_dirty_shutdown is 0 (default), 98290001Sglebius this is reported as BEV_EVENT_ERROR. 99290001Sglebius 100290001Sglebius If instead allow_dirty_shutdown=1, a dirty shutdown is reported as 101290001Sglebius BEV_EVENT_EOF. 102290001Sglebius 103290001Sglebius (Note that if the protocol is < SSLv3, you will always receive 104290001Sglebius BEV_EVENT_EOF, since SSL 2 and earlier cannot distinguish a secure 105290001Sglebius connection close from a dirty one. This is one reason (among many) 106290001Sglebius not to use SSL 2.) 107290001Sglebius*/ 108290001Sglebius 109290001SglebiusEVENT2_EXPORT_SYMBOL 110290001Sglebiusint bufferevent_openssl_get_allow_dirty_shutdown(struct bufferevent *bev); 111290001SglebiusEVENT2_EXPORT_SYMBOL 112290001Sglebiusvoid bufferevent_openssl_set_allow_dirty_shutdown(struct bufferevent *bev, 113290001Sglebius int allow_dirty_shutdown); 114290001Sglebius 115290001Sglebius/** Return the underlying openssl SSL * object for an SSL bufferevent. */ 116290001SglebiusEVENT2_EXPORT_SYMBOL 117290001Sglebiusstruct ssl_st * 118290001Sglebiusbufferevent_openssl_get_ssl(struct bufferevent *bufev); 119290001Sglebius 120290001Sglebius/** Tells a bufferevent to begin SSL renegotiation. */ 121290001SglebiusEVENT2_EXPORT_SYMBOL 122290001Sglebiusint bufferevent_ssl_renegotiate(struct bufferevent *bev); 123290001Sglebius 124290001Sglebius/** Return the most recent OpenSSL error reported on an SSL bufferevent. */ 125290001SglebiusEVENT2_EXPORT_SYMBOL 126290001Sglebiusunsigned long bufferevent_get_openssl_error(struct bufferevent *bev); 127290001Sglebius 128290001Sglebius#endif 129290001Sglebius 130290001Sglebius#ifdef __cplusplus 131290001Sglebius} 132290001Sglebius#endif 133290001Sglebius 134290001Sglebius#endif /* EVENT2_BUFFEREVENT_SSL_H_INCLUDED_ */ 135