TLS implementation with OpenSSL. More...

Data Structures
struct	tls_t

Macros
#define	STROPHE_ERR_func_error_string(e) ERR_func_error_string(e)

#define	TLS_ERROR_STR(error, table) _tls_error_str(error, table, ARRAY_SIZE(table))

#define	TLS_ERROR_FIELD(x) [x] = #x

Enumerations
enum	{ TLS_SHUTDOWN_MAX_RETRIES = 10 , TLS_TIMEOUT_SEC = 0 , TLS_TIMEOUT_USEC = 100000 }

Functions
static const unsigned char *	ASN1_STRING_get0_data (ASN1_STRING *asn1)

static int	SSL_CTX_use_cert_and_key (SSL_CTX ctx, X509 x509, EVP_PKEY privatekey, STACK_OF(X509) chain, int override)

static int	GENERAL_NAME_get0_otherName (const GENERAL_NAME gen, ASN1_OBJECT poid, ASN1_TYPE *pvalue)

static void	_tls_sock_wait (tls_t *tls, int error)

static const char *	_tls_error_str (int error, const char **tbl, size_t tbl_size)

static void	_tls_set_error (tls_t *tls, int error)

static void	_tls_log_error (xmpp_ctx_t *ctx)

static void	_tls_dump_cert_info (tls_t *tls)

static X509 *	_tls_cert_read (xmpp_conn_t *conn)

static X509 *	_tls_cert_read_p12 (xmpp_conn_t conn, EVP_PKEY pkey, STACK_OF(X509) *ca)

static int	_tls_xaddr_nid (void)

static int	_tls_xmppaddr_to_string (GENERAL_NAME name, char *res)
	Convert GENERAL_NAME* to a string.

static int	_tls_dnsname_to_string (GENERAL_NAME name, char *res)

static GENERAL_NAMES *	_tls_conn_get_names (xmpp_conn_t *conn)

static GENERAL_NAMES *	_tls_cert_get_names (X509 *client_cert)

void	tls_initialize (void)

void	tls_shutdown (void)

int	tls_error (struct conn_interface *intf)

char *	tls_id_on_xmppaddr (xmpp_conn_t *conn, unsigned int n)
	Search through the SubjectAlternativeNames and return the next id-on-xmppAddr element starting from `n`.

unsigned int	tls_id_on_xmppaddr_num (xmpp_conn_t *conn)

static int	_convert_ASN1TIME (ASN1_TIME ansi_time, char buf, size_t len)

static char *	_asn1_time_to_str (const xmpp_ctx_t ctx, ASN1_TIME t)

static char *	_get_fingerprint (const xmpp_ctx_t ctx, X509 err_cert, xmpp_cert_element_t el)

static char *	_get_alg (const xmpp_ctx_t ctx, X509 err_cert, xmpp_cert_element_t el)

static xmpp_tlscert_t *	_x509_to_tlscert (xmpp_ctx_t ctx, X509 cert)

static int	_tls_verify (int preverify_ok, X509_STORE_CTX *x509_ctx)

static int	_tls_password_callback (char buf, int size, int rwflag, void u)

tls_t *	tls_new (xmpp_conn_t *conn)

void	tls_free (tls_t *tls)

xmpp_tlscert_t *	tls_peer_cert (xmpp_conn_t *conn)

int	tls_set_credentials (tls_t tls, const char cafilename)

int	tls_init_channel_binding (tls_t tls, const char binding_prefix, size_t binding_prefix_len)

const void *	tls_get_channel_binding_data (tls_t tls, size_t size)

int	tls_start (tls_t *tls)

int	tls_stop (tls_t *tls)

int	tls_is_recoverable (struct conn_interface *intf, int error)

int	tls_pending (struct conn_interface *intf)

int	tls_read (struct conn_interface intf, void buff, size_t len)

int	tls_write (struct conn_interface intf, const void buff, size_t len)

int	tls_clear_pending_write (struct conn_interface *intf)

static X509 *	_tls_cert_read_x509 (xmpp_conn_t *conn)

static int	_tls_parse_p12 (PKCS12 p12, const char pass, EVP_PKEY pkey, X509 cert, STACK_OF(X509) **ca)

Variables
const char *	tls_errors []

const char *	cert_errors []

Detailed Description

TLS implementation with OpenSSL.

Macro Definition Documentation

◆ STROPHE_ERR_func_error_string

#define STROPHE_ERR_func_error_string ( e ) ERR_func_error_string(e)

◆ TLS_ERROR_STR

#define TLS_ERROR_STR	(	error,
		table
	)	_tls_error_str(error, table, ARRAY_SIZE(table))

◆ TLS_ERROR_FIELD

#define TLS_ERROR_FIELD ( x ) [x] = #x

Enumeration Type Documentation

◆ anonymous enum

anonymous enum

Enumerator
TLS_SHUTDOWN_MAX_RETRIES
TLS_TIMEOUT_SEC
TLS_TIMEOUT_USEC

Function Documentation

◆ ASN1_STRING_get0_data()

static const unsigned char * ASN1_STRING_get0_data ( ASN1_STRING * asn1 )

static

◆ SSL_CTX_use_cert_and_key()

static int SSL_CTX_use_cert_and_key	(	SSL_CTX *	ctx,
		X509 *	x509,
		EVP_PKEY *	privatekey,
		STACK_OF(X509) *	chain,
		int	override
	)

static

◆ GENERAL_NAME_get0_otherName()

static int GENERAL_NAME_get0_otherName	(	const GENERAL_NAME *	gen,
		ASN1_OBJECT **	poid,
		ASN1_TYPE **	pvalue
	)

static

◆ _tls_sock_wait()

static void _tls_sock_wait	(	tls_t *	tls,
		int	error
	)

static

◆ _tls_error_str()

static const char * _tls_error_str	(	int	error,
		const char **	tbl,
		size_t	tbl_size
	)

static

◆ _tls_set_error()

static void _tls_set_error	(	tls_t *	tls,
		int	error
	)

static

◆ _tls_log_error()

static void _tls_log_error ( xmpp_ctx_t * ctx )

static

◆ _tls_dump_cert_info()

static void _tls_dump_cert_info ( tls_t * tls )

static

◆ _tls_cert_read()

static X509 * _tls_cert_read ( xmpp_conn_t * conn )

static

◆ _tls_cert_read_p12()

static X509 * _tls_cert_read_p12	(	xmpp_conn_t *	conn,
		EVP_PKEY **	pkey,
		STACK_OF(X509) **	ca
	)

static

◆ _tls_xaddr_nid()

static int _tls_xaddr_nid ( void )

static

◆ _tls_xmppaddr_to_string()

static int _tls_xmppaddr_to_string	(	GENERAL_NAME *	name,
		char **	res
	)

static

Convert GENERAL_NAME* to a string.

This checks whether the GENERAL_NAME* that is given has the correct id-on-xmppAddr set and then optionally converts this form ASN.1 to a string/char*.

When res pointer is set to NULL this method doesn't allocate the result but only checks whether it is in the correct format.

Parameters

name	Pointer to the GENERAL_NAME that shall be converted
res	Result-pointer (optional, can be NULL)

Returns: classic Unix style - 0=success, 1=error

◆ _tls_dnsname_to_string()

static int _tls_dnsname_to_string	(	GENERAL_NAME *	name,
		char **	res
	)

static

◆ _tls_conn_get_names()

static GENERAL_NAMES * _tls_conn_get_names ( xmpp_conn_t * conn )

static

◆ _tls_cert_get_names()

static GENERAL_NAMES * _tls_cert_get_names ( X509 * client_cert )

static

◆ tls_initialize()

void tls_initialize ( void )

◆ tls_shutdown()

void tls_shutdown ( void )

◆ tls_error()

int tls_error ( struct conn_interface * intf )

◆ tls_id_on_xmppaddr()

char * tls_id_on_xmppaddr	(	xmpp_conn_t *	conn,
		unsigned int	n
	)

Search through the SubjectAlternativeNames and return the next id-on-xmppAddr element starting from n.

◆ tls_id_on_xmppaddr_num()

unsigned int tls_id_on_xmppaddr_num ( xmpp_conn_t * conn )

◆ _convert_ASN1TIME()

static int _convert_ASN1TIME	(	ASN1_TIME *	ansi_time,
		char *	buf,
		size_t	len
	)

static

◆ _asn1_time_to_str()

static char * _asn1_time_to_str	(	const xmpp_ctx_t *	ctx,
		ASN1_TIME *	t
	)

static

◆ _get_fingerprint()

static char * _get_fingerprint	(	const xmpp_ctx_t *	ctx,
		X509 *	err_cert,
		xmpp_cert_element_t	el
	)

static

◆ _get_alg()

static char * _get_alg	(	const xmpp_ctx_t *	ctx,
		X509 *	err_cert,
		xmpp_cert_element_t	el
	)

static

◆ _x509_to_tlscert()

static xmpp_tlscert_t * _x509_to_tlscert	(	xmpp_ctx_t *	ctx,
		X509 *	cert
	)

static

◆ _tls_verify()

static int _tls_verify	(	int	preverify_ok,
		X509_STORE_CTX *	x509_ctx
	)

static

◆ _tls_password_callback()

static int _tls_password_callback	(	char *	buf,
		int	size,
		int	rwflag,
		void *	u
	)

static

◆ tls_new()

tls_t * tls_new ( xmpp_conn_t * conn )

◆ tls_free()

void tls_free ( tls_t * tls )

◆ tls_peer_cert()

xmpp_tlscert_t * tls_peer_cert ( xmpp_conn_t * conn )

◆ tls_set_credentials()

int tls_set_credentials	(	tls_t *	tls,
		const char *	cafilename
	)

◆ tls_init_channel_binding()

int tls_init_channel_binding	(	tls_t *	tls,
		const char **	binding_prefix,
		size_t *	binding_prefix_len
	)

◆ tls_get_channel_binding_data()

const void * tls_get_channel_binding_data	(	tls_t *	tls,
		size_t *	size
	)

◆ tls_start()

int tls_start ( tls_t * tls )

◆ tls_stop()

int tls_stop ( tls_t * tls )

◆ tls_is_recoverable()

int tls_is_recoverable	(	struct conn_interface *	intf,
		int	error
	)

◆ tls_pending()

int tls_pending ( struct conn_interface * intf )

◆ tls_read()

int tls_read	(	struct conn_interface *	intf,
		void *	buff,
		size_t	len
	)

◆ tls_write()

int tls_write	(	struct conn_interface *	intf,
		const void *	buff,
		size_t	len
	)

◆ tls_clear_pending_write()

int tls_clear_pending_write ( struct conn_interface * intf )

◆ _tls_cert_read_x509()

static X509 * _tls_cert_read_x509 ( xmpp_conn_t * conn )

static

◆ _tls_parse_p12()

static int _tls_parse_p12	(	PKCS12 *	p12,
		const char *	pass,
		EVP_PKEY **	pkey,
		X509 **	cert,
		STACK_OF(X509) **	ca
	)

static

Variable Documentation

◆ tls_errors

const char* tls_errors[]

Initial value:

= {
    TLS_ERROR_FIELD(SSL_ERROR_NONE),
    TLS_ERROR_FIELD(SSL_ERROR_SSL),
    TLS_ERROR_FIELD(SSL_ERROR_WANT_READ),
    TLS_ERROR_FIELD(SSL_ERROR_WANT_WRITE),
    TLS_ERROR_FIELD(SSL_ERROR_WANT_X509_LOOKUP),
    TLS_ERROR_FIELD(SSL_ERROR_SYSCALL),
    TLS_ERROR_FIELD(SSL_ERROR_ZERO_RETURN),
    TLS_ERROR_FIELD(SSL_ERROR_WANT_CONNECT),
    TLS_ERROR_FIELD(SSL_ERROR_WANT_ACCEPT),
 
}

◆ cert_errors

const char* cert_errors[]

Data Structures

Macros

Enumerations

Functions

Variables

Detailed Description

Macro Definition Documentation

◆ STROPHE_ERR_func_error_string

◆ TLS_ERROR_STR

◆ TLS_ERROR_FIELD

Enumeration Type Documentation

◆ anonymous enum

Function Documentation

◆ ASN1_STRING_get0_data()

◆ SSL_CTX_use_cert_and_key()

◆ GENERAL_NAME_get0_otherName()

◆ _tls_sock_wait()

◆ _tls_error_str()

◆ _tls_set_error()

◆ _tls_log_error()

◆ _tls_dump_cert_info()

◆ _tls_cert_read()

◆ _tls_cert_read_p12()

◆ _tls_xaddr_nid()

◆ _tls_xmppaddr_to_string()

◆ _tls_dnsname_to_string()

◆ _tls_conn_get_names()

◆ _tls_cert_get_names()

◆ tls_initialize()

◆ tls_shutdown()

◆ tls_error()

◆ tls_id_on_xmppaddr()

◆ tls_id_on_xmppaddr_num()

◆ _convert_ASN1TIME()

◆ _asn1_time_to_str()

◆ _get_fingerprint()

◆ _get_alg()

◆ _x509_to_tlscert()

◆ _tls_verify()

◆ _tls_password_callback()

◆ tls_new()

◆ tls_free()

◆ tls_peer_cert()

◆ tls_set_credentials()

◆ tls_init_channel_binding()

◆ tls_get_channel_binding_data()

◆ tls_start()

◆ tls_stop()

◆ tls_is_recoverable()

◆ tls_pending()

◆ tls_read()

◆ tls_write()

◆ tls_clear_pending_write()

◆ _tls_cert_read_x509()

◆ _tls_parse_p12()

Variable Documentation

◆ tls_errors

◆ cert_errors