make outgoing SSL_connect() non-blocking

[freeradius.git] / src / include / tls-h

diff --git a/src/include/tls-h b/src/include/tls-h
index 0169b2f..6c4629b 100644 (file)
--- a/src/include/tls-h
+++ b/src/include/tls-h
@@ -137,6 +137,7 @@ typedef struct _tls_session_t {
        unsigned int    (*record_minus)(record_t *buf, void *ptr, unsigned int size);
 
        bool            invalid_hb_used;                //!< Whether heartbleed attack was detected.
+       bool            connected;                      //!< whether the outgoing socket is connected
 
        /*
         *      Framed-MTU attribute in RADIUS, if present, can also be used to set this
@@ -298,11 +299,17 @@ void              tls_global_init(void);
 #ifdef ENABLE_OPENSSL_VERSION_CHECK
 int            tls_global_version_check(char const *acknowledged);
 #endif
+
+int            tls_error_log(REQUEST *request, char const *msg, ...) CC_HINT(format (printf, 2, 3));
+int            tls_error_io_log(REQUEST *request, tls_session_t *session, int ret, char const *msg, ...)
+                                CC_HINT(format (printf, 4, 5));
+
 void           tls_global_cleanup(void);
 tls_session_t  *tls_new_session(TALLOC_CTX *ctx, fr_tls_server_conf_t *conf, REQUEST *request, bool client_cert);
 tls_session_t  *tls_new_client_session(TALLOC_CTX *ctx, fr_tls_server_conf_t *conf, int fd);
 fr_tls_server_conf_t *tls_server_conf_parse(CONF_SECTION *cs);
 fr_tls_server_conf_t *tls_client_conf_parse(CONF_SECTION *cs);
+fr_tls_server_conf_t *tls_server_conf_alloc(TALLOC_CTX *ctx);
 SSL_CTX                *tls_init_ctx(fr_tls_server_conf_t *conf, int client);
 int            tls_handshake_recv(REQUEST *, tls_session_t *ssn);
 int            tls_handshake_send(REQUEST *, tls_session_t *ssn);
@@ -341,19 +348,17 @@ struct fr_tls_server_conf_t {
        char const      *ca_file;
        char const      *dh_file;
        char const      *rsa_file;
-       bool            rsa_key;
-       bool            dh_key;
-       uint32_t        rsa_key_length;
-       uint32_t        dh_key_length;
        uint32_t        verify_depth;
        bool            file_type;
        bool            include_length;
+       bool            auto_chain;
+       bool            disable_single_dh_use;
        bool            disable_tlsv1;
        bool            disable_tlsv1_1;
        bool            disable_tlsv1_2;
 
        /*
-        *      Always < 4096 (due to radius limit), 0 by default = 2048
+        *      Always < 4096 (due to radius limit), 0 by default = 1024
         */
        uint32_t        fragment_size;
        bool            check_crl;
@@ -361,6 +366,7 @@ struct fr_tls_server_conf_t {
        bool            allow_expired_crl;
        char const      *check_cert_cn;
        char const      *cipher_list;
+       bool            cipher_server_preference;
        char const      *check_cert_issuer;
 
        bool            session_cache_enable;
@@ -371,6 +377,7 @@ struct fr_tls_server_conf_t {
        char            session_context_id[SSL_MAX_SSL_SESSION_ID_LENGTH];
        time_t          session_last_flushed;
 
+       bool            verify_skip_if_ocsp_ok;
        char const      *verify_tmp_dir;
        char const      *verify_client_cert_cmd;
        bool            require_client_cert;