/*****************************************************************************\
* Copyright (c) 2002 Pelle Johansson.                                         *
* All rights reserved.                                                        *
*                                                                             *
* This file is part of the moftpd package. Use and distribution of            *
* this software is governed by the terms in the file LICENCE, which           *
* should have come with this package.                                         *
\*****************************************************************************/

/* $moftpd: tls.h 1224 2004-10-28 22:42:00Z morth $ */

#ifndef _TLS_H
#define _TLS_H

#ifdef USE_TLS

#ifdef HAVE_GNUTLS

typedef struct tls
{
  gnutls_session session;
  gnutls_certificate_credentials creds;
  int options;
} *tls_t;

typedef gnutls_x509_privkey tlskey_t;
typedef gnutls_x509_crt tlscert_t;

#elif defined (HAVE_LIBSSL)
typedef struct tls
{
  SSL *ssl;
  BIO *bio;
} *tls_t;

typedef X509 *tlscert_t;
typedef EVP_PKEY *tlskey_t;

#endif

enum
{
  tlsVerifyClient = 1 << 0
};

const char *tls_get_cert_dir (void);

tls_t tls_open (int fd, int options, tlscert_t cert, tlskey_t key);
void tls_start (tls_t tls);
int tls_stop (tls_t tls);
void tls_free (tls_t tls);

int tls_accept (tls_t tls);
ssize_t tls_read (tls_t tls, void *buf, size_t maxlen);
ssize_t tls_write (tls_t tls, const void *buf, size_t len);
ssize_t tls_write_vecs (tls_t tls, struct iovec *vecs, int num);

tlscert_t tls_read_cert (const char *file);
tlscert_t tls_get_peer_cert (const tls_t tls);
void tls_free_cert (tlscert_t cert);

const char *tls_get_cn (tlscert_t cert);
int tls_compare_certs (const tlscert_t c1, const tlscert_t c2);

tlskey_t tls_read_key (const char *file);
void tls_free_key (tlskey_t key);

const char *tls_error (const tls_t tls, int res);

#endif /*USE_TLS*/

#endif /*_TLS_H*/