1290001Sglebius/*
2290001Sglebius * Copyright (c) 2009-2012 Niels Provos and Nick Mathewson
3290001Sglebius *
4290001Sglebius * Redistribution and use in source and binary forms, with or without
5290001Sglebius * modification, are permitted provided that the following conditions
6290001Sglebius * are met:
7290001Sglebius * 1. Redistributions of source code must retain the above copyright
8290001Sglebius *    notice, this list of conditions and the following disclaimer.
9290001Sglebius * 2. Redistributions in binary form must reproduce the above copyright
10290001Sglebius *    notice, this list of conditions and the following disclaimer in the
11290001Sglebius *    documentation and/or other materials provided with the distribution.
12290001Sglebius * 3. The name of the author may not be used to endorse or promote products
13290001Sglebius *    derived from this software without specific prior written permission.
14290001Sglebius *
15290001Sglebius * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
16290001Sglebius * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
17290001Sglebius * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
18290001Sglebius * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
19290001Sglebius * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
20290001Sglebius * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
21290001Sglebius * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
22290001Sglebius * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
23290001Sglebius * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
24290001Sglebius * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
25290001Sglebius */
26290001Sglebius#ifndef EVENT2_BUFFEREVENT_SSL_H_INCLUDED_
27290001Sglebius#define EVENT2_BUFFEREVENT_SSL_H_INCLUDED_
28290001Sglebius
29290001Sglebius/** @file event2/bufferevent_ssl.h
30290001Sglebius
31290001Sglebius    OpenSSL support for bufferevents.
32290001Sglebius */
33290001Sglebius#include <event2/visibility.h>
34290001Sglebius#include <event2/event-config.h>
35290001Sglebius#include <event2/bufferevent.h>
36290001Sglebius#include <event2/util.h>
37290001Sglebius
38290001Sglebius#ifdef __cplusplus
39290001Sglebiusextern "C" {
40290001Sglebius#endif
41290001Sglebius
42290001Sglebius/* This is what openssl's SSL objects are underneath. */
43290001Sglebiusstruct ssl_st;
44290001Sglebius
45290001Sglebius/**
46290001Sglebius   The state of an SSL object to be used when creating a new
47290001Sglebius   SSL bufferevent.
48290001Sglebius */
49290001Sglebiusenum bufferevent_ssl_state {
50290001Sglebius	BUFFEREVENT_SSL_OPEN = 0,
51290001Sglebius	BUFFEREVENT_SSL_CONNECTING = 1,
52290001Sglebius	BUFFEREVENT_SSL_ACCEPTING = 2
53290001Sglebius};
54290001Sglebius
55290001Sglebius#if defined(EVENT__HAVE_OPENSSL) || defined(EVENT_IN_DOXYGEN_)
56290001Sglebius/**
57290001Sglebius   Create a new SSL bufferevent to send its data over another bufferevent.
58290001Sglebius
59290001Sglebius   @param base An event_base to use to detect reading and writing.  It
60290001Sglebius      must also be the base for the underlying bufferevent.
61290001Sglebius   @param underlying A socket to use for this SSL
62290001Sglebius   @param ssl A SSL* object from openssl.
63290001Sglebius   @param state The current state of the SSL connection
64290001Sglebius   @param options One or more bufferevent_options
65290001Sglebius   @return A new bufferevent on success, or NULL on failure
66290001Sglebius*/
67290001SglebiusEVENT2_EXPORT_SYMBOL
68290001Sglebiusstruct bufferevent *
69290001Sglebiusbufferevent_openssl_filter_new(struct event_base *base,
70290001Sglebius    struct bufferevent *underlying,
71290001Sglebius    struct ssl_st *ssl,
72290001Sglebius    enum bufferevent_ssl_state state,
73290001Sglebius    int options);
74290001Sglebius
75290001Sglebius/**
76290001Sglebius   Create a new SSL bufferevent to send its data over an SSL * on a socket.
77290001Sglebius
78290001Sglebius   @param base An event_base to use to detect reading and writing
79290001Sglebius   @param fd A socket to use for this SSL
80290001Sglebius   @param ssl A SSL* object from openssl.
81290001Sglebius   @param state The current state of the SSL connection
82290001Sglebius   @param options One or more bufferevent_options
83290001Sglebius   @return A new bufferevent on success, or NULL on failure.
84290001Sglebius*/
85290001SglebiusEVENT2_EXPORT_SYMBOL
86290001Sglebiusstruct bufferevent *
87290001Sglebiusbufferevent_openssl_socket_new(struct event_base *base,
88290001Sglebius    evutil_socket_t fd,
89290001Sglebius    struct ssl_st *ssl,
90290001Sglebius    enum bufferevent_ssl_state state,
91290001Sglebius    int options);
92290001Sglebius
93290001Sglebius/** Control how to report dirty SSL shutdowns.
94290001Sglebius
95290001Sglebius    If the peer (or the network, or an attacker) closes the TCP
96290001Sglebius    connection before closing the SSL channel, and the protocol is SSL >= v3,
97290001Sglebius    this is a "dirty" shutdown.  If allow_dirty_shutdown is 0 (default),
98290001Sglebius    this is reported as BEV_EVENT_ERROR.
99290001Sglebius
100290001Sglebius    If instead allow_dirty_shutdown=1, a dirty shutdown is reported as
101290001Sglebius    BEV_EVENT_EOF.
102290001Sglebius
103290001Sglebius    (Note that if the protocol is < SSLv3, you will always receive
104290001Sglebius    BEV_EVENT_EOF, since SSL 2 and earlier cannot distinguish a secure
105290001Sglebius    connection close from a dirty one.  This is one reason (among many)
106290001Sglebius    not to use SSL 2.)
107290001Sglebius*/
108290001Sglebius
109290001SglebiusEVENT2_EXPORT_SYMBOL
110290001Sglebiusint bufferevent_openssl_get_allow_dirty_shutdown(struct bufferevent *bev);
111290001SglebiusEVENT2_EXPORT_SYMBOL
112290001Sglebiusvoid bufferevent_openssl_set_allow_dirty_shutdown(struct bufferevent *bev,
113290001Sglebius    int allow_dirty_shutdown);
114290001Sglebius
115290001Sglebius/** Return the underlying openssl SSL * object for an SSL bufferevent. */
116290001SglebiusEVENT2_EXPORT_SYMBOL
117290001Sglebiusstruct ssl_st *
118290001Sglebiusbufferevent_openssl_get_ssl(struct bufferevent *bufev);
119290001Sglebius
120290001Sglebius/** Tells a bufferevent to begin SSL renegotiation. */
121290001SglebiusEVENT2_EXPORT_SYMBOL
122290001Sglebiusint bufferevent_ssl_renegotiate(struct bufferevent *bev);
123290001Sglebius
124290001Sglebius/** Return the most recent OpenSSL error reported on an SSL bufferevent. */
125290001SglebiusEVENT2_EXPORT_SYMBOL
126290001Sglebiusunsigned long bufferevent_get_openssl_error(struct bufferevent *bev);
127290001Sglebius
128290001Sglebius#endif
129290001Sglebius
130290001Sglebius#ifdef __cplusplus
131290001Sglebius}
132290001Sglebius#endif
133290001Sglebius
134290001Sglebius#endif /* EVENT2_BUFFEREVENT_SSL_H_INCLUDED_ */
135