From 6315589fa194758a106431598d8e247b6de76b74 Mon Sep 17 00:00:00 2001 From: Szymon Nowakowski Date: Sun, 8 Mar 2026 23:37:22 +0100 Subject: [PATCH] web: SSL but bad --- packages/web/src/Connection.zig | 50 ++ packages/web/src/Response.zig | 2 +- packages/web/src/Server.zig | 28 +- packages/web/src/Worker.zig | 29 +- packages/web/src/main.zig | 7 +- packages/web/src/openssl.zig | 6 +- packages/web/src/openssl/Context.zig | 657 ------------------------ packages/web/src/openssl/Method.zig | 111 ---- packages/web/src/openssl/Session.zig | 3 - packages/web/src/openssl/Ssl.zig | 315 +++++++++++- packages/web/src/openssl/SslContext.zig | 657 ++++++++++++++++++++++++ packages/web/src/openssl/SslMethod.zig | 111 ++++ packages/web/src/openssl/SslSession.zig | 3 + 13 files changed, 1175 insertions(+), 804 deletions(-) delete mode 100644 packages/web/src/openssl/Context.zig delete mode 100644 packages/web/src/openssl/Method.zig delete mode 100644 packages/web/src/openssl/Session.zig create mode 100644 packages/web/src/openssl/SslContext.zig create mode 100644 packages/web/src/openssl/SslMethod.zig create mode 100644 packages/web/src/openssl/SslSession.zig diff --git a/packages/web/src/Connection.zig b/packages/web/src/Connection.zig index 85ac5c6..6364887 100644 --- a/packages/web/src/Connection.zig +++ b/packages/web/src/Connection.zig @@ -2,14 +2,64 @@ const std = @import("std"); const Connection = @This(); const FileDescriptor = @import("FileDescriptor.zig").FileDescriptor; +const openssl = @import("openssl.zig"); const linux = std.os.linux; address: std.net.Address, fd: FileDescriptor, +ssl: ?*openssl.Ssl, node: std.DoublyLinkedList.Node = .{}, +pub fn reinit( + self: *Connection, + address: std.net.Address, + fd: FileDescriptor, + ssl: ?*openssl.Ssl, +) void { + self.address = address; + self.fd = fd; + self.ssl = ssl; +} + pub fn deinit(self: *Connection) void { + if (self.ssl) |x| x.free(); self.fd.close(); self.* = undefined; } + +pub fn read(self: *const Connection, buf: []u8) !usize { + if (self.ssl) |ssl| { + const bytes_read = try ssl.read(buf); + return bytes_read; + } else { + const bytes_read = try self.fd.read(buf); + return bytes_read; + } +} + +pub fn readAll(self: *const Connection, buf: []u8) !void { + if (self.ssl) |ssl| { + try ssl.readall(buf); + } else { + try self.fd.readAll(buf); + } +} + +pub fn write(self: *const Connection, buf: []const u8) !usize { + if (self.ssl) |ssl| { + const bytes_written = try ssl.write(buf); + return bytes_written; + } else { + const bytes_written = try self.fd.write(buf); + return bytes_written; + } +} + +pub fn writeAll(self: *const Connection, buf: []const u8) !void { + if (self.ssl) |ssl| { + try ssl.writeAll(buf); + } else { + try self.fd.writeAll(buf); + } +} diff --git a/packages/web/src/Response.zig b/packages/web/src/Response.zig index 427975d..104bc07 100644 --- a/packages/web/src/Response.zig +++ b/packages/web/src/Response.zig @@ -62,7 +62,7 @@ pub fn sendResponse(self: *Response, options: ResponseOptions) !void { pub fn finalize(self: *Response) void { std.debug.assert(self.state == .init); - if (self.connection.fd.writeAll(self.writer.buffered())) { + if (self.connection.writeAll(self.writer.buffered())) { self.state = .sent; } else |err| { self.state = .{ .errored = err }; diff --git a/packages/web/src/Server.zig b/packages/web/src/Server.zig index 930ab51..63917af 100644 --- a/packages/web/src/Server.zig +++ b/packages/web/src/Server.zig @@ -4,6 +4,7 @@ const Server = @This(); const Connection = @import("Connection.zig"); const FileDescriptor = @import("FileDescriptor.zig").FileDescriptor; const http = @import("http.zig"); +const openssl = @import("openssl.zig"); const RequestRouter = @import("RequestRouter.zig"); const Worker = @import("Worker.zig"); @@ -12,6 +13,7 @@ const errno = linux.E.init; fd: FileDescriptor, address: std.net.Address, +ssl_ctx: ?*openssl.SslContext, workers: []Worker, threads: []std.Thread, request_router: RequestRouter, @@ -33,7 +35,10 @@ const huge_page_size = 2 * 1024 * 1024; pub const Options = struct { request_router: RequestRouter, - address: std.net.Address = .initIp4(.{ 127, 0, 0, 1 }, 80), + address: std.net.Address = .initIp4(.{ 127, 0, 0, 1 }, 8000), + /// If not `null`, the server will use TLS with the provided OpenSSL + /// context. + ssl_ctx: ?*openssl.SslContext = null, max_connections: u32 = 128, /// The number of worker threads. If set to `0`, the number of worker /// threads will be equal to the number of logical CPU cores. @@ -170,6 +175,7 @@ pub fn init(allocator: std.mem.Allocator, options: Options) !Server { return .{ .fd = fd, .address = listen_address, + .ssl_ctx = options.ssl_ctx, .workers = workers, .threads = threads, .request_router = options.request_router, @@ -222,6 +228,12 @@ pub fn listen(self: *Server, running: *const std.atomic.Value(bool)) !void { continue; }; + const ssl: ?*openssl.Ssl = self.maybeInitSsl(fd) catch |e| { + std.log.err("Error while estabilishing SSL connection: {}", .{e}); + fd.close(); + continue; + }; + { self.mutex.lock(); defer self.mutex.unlock(); @@ -229,8 +241,7 @@ pub fn listen(self: *Server, running: *const std.atomic.Value(bool)) !void { while (true) { if (self.connection_pool.pop()) |node| { const connection: *Connection = @fieldParentPtr("node", node); - connection.fd = fd; - connection.address = address; + connection.reinit(address, fd, ssl); self.connection_queue.prepend(node); break; } @@ -243,6 +254,17 @@ pub fn listen(self: *Server, running: *const std.atomic.Value(bool)) !void { } } +fn maybeInitSsl(self: *const Server, fd: FileDescriptor) !?*openssl.Ssl { + if (self.ssl_ctx) |ssl_ctx| { + const ssl = try openssl.Ssl.new(ssl_ctx); + try ssl.setFd(fd); + try ssl.accept(); + return ssl; + } else { + return null; + } +} + fn err(rc: usize) !void { const e = errno(rc); return if (e != .SUCCESS) error.SystemError else {}; diff --git a/packages/web/src/Worker.zig b/packages/web/src/Worker.zig index 3bfad8c..16af451 100644 --- a/packages/web/src/Worker.zig +++ b/packages/web/src/Worker.zig @@ -88,7 +88,7 @@ fn handleRequest( leftover_bytes = 0; } else { const read_tail = self.read_tail; - bytes_read = try connection.fd.read(self.read_buffer_ptr[read_tail..max_read_tail]); + bytes_read = try connection.read(self.read_buffer_ptr[read_tail..max_read_tail]); chunk = self.read_buffer_ptr[read_tail .. read_tail + bytes_read]; self.read_tail += bytes_read; } @@ -126,6 +126,8 @@ fn handleRequest( try response.writer.print("Content-Length: {d}\r\n", .{cause_name.len}); try response.writer.print("\r\n", .{}); try response.writer.print("{s}", .{cause_name}); + + response.finalize(); }, error.HandlerError => { const cause = parser.last_handler_error; @@ -136,6 +138,8 @@ fn handleRequest( try response.writer.print("Content-Length: {d}\r\n", .{cause_name.len}); try response.writer.print("\r\n", .{}); try response.writer.print("{s}", .{cause_name}); + + response.finalize(); }, } return false; @@ -158,26 +162,3 @@ fn handleRequest( } } } - -fn read(self: *Worker, fd: FileDescriptor) ![]const u8 { - const read_tail = self.read_tail; - const max_read_tail = self.read_head + self.read_buffer_size; - - std.debug.assert(max_read_tail > read_tail); - - const bytes_read = try fd.read(self.read_buffer_ptr[self.read_head .. self.read_head + self.read_buffer_size]); - const bytes = self.read_buffer_ptr[self.read_head .. self.read_head + bytes_read]; - - std.debug.assert(std.math.isPowerOfTwo(self.read_buffer_size)); - self.read_head = (self.read_head + bytes_read) & ~(self.read_buffer_size - 1); - - return bytes; -} - -fn consumeReadHead(self: *Worker, consumed: usize) void { - const bytes_read = self.read_tail - self.read_head; - std.debug.assert(consumed <= bytes_read); - - self.read_head = (self.read_head + consumed) & ~(self.read_buffer_size - 1); - self.read_tail = self.read_head + (bytes_read - consumed); -} diff --git a/packages/web/src/main.zig b/packages/web/src/main.zig index 71cb45a..8d419c6 100644 --- a/packages/web/src/main.zig +++ b/packages/web/src/main.zig @@ -120,7 +120,9 @@ const Handler = struct { const time_ns = self.timer.read(); const time_us_ceil = (time_ns + std.time.ns_per_us - 1) / std.time.ns_per_us; - std.log.info("{s} {s} ({} µs)", .{ @tagName(self.route.method), self.route.pathname, time_us_ceil }); + const rps_floor = std.time.ns_per_s / time_ns; + + std.log.info("{s} {s} (lat = {} µs, rlat = {} rps)", .{ @tagName(self.route.method), self.route.pathname, time_us_ceil, rps_floor }); self.allocator.destroy(self); } @@ -139,7 +141,7 @@ pub fn main() !void { _ = ssl.c_ssl.OpenSSL_add_all_algorithms(); _ = ssl.c_ssl.SSL_load_error_strings(); - const ssl_ctx = try ssl.Context.new(ssl.Method.tlsServerMethod()); + const ssl_ctx = try ssl.SslContext.new(.tlsServerMethod()); defer ssl_ctx.free(); _ = ssl_ctx.setMinProtoVersion(ssl.c_ssl.TLS1_3_VERSION); @@ -152,6 +154,7 @@ pub fn main() !void { var server = try web.Server.init(allocator, .{ .request_router = router.interface(), .address = .initIp4(.{ 127, 0, 0, 1 }, 8000), + .ssl_ctx = ssl_ctx, }); defer server.deinit(allocator); diff --git a/packages/web/src/openssl.zig b/packages/web/src/openssl.zig index d8974cb..e8e8e23 100644 --- a/packages/web/src/openssl.zig +++ b/packages/web/src/openssl.zig @@ -3,5 +3,7 @@ const std = @import("std"); pub const c_err = @import("openssl/err.zig"); pub const c_ssl = @import("openssl/ssl.zig"); -pub const Context = @import("openssl/Context.zig").Context; -pub const Method = @import("openssl/Method.zig").Method; +pub const Ssl = @import("openssl/Ssl.zig").Ssl; +pub const SslContext = @import("openssl/SslContext.zig").SslContext; +pub const SslMethod = @import("openssl/SslMethod.zig").SslMethod; +pub const SslSession = @import("openssl/SslSession.zig").SslSession; diff --git a/packages/web/src/openssl/Context.zig b/packages/web/src/openssl/Context.zig deleted file mode 100644 index e85ab01..0000000 --- a/packages/web/src/openssl/Context.zig +++ /dev/null @@ -1,657 +0,0 @@ -const std = @import("std"); - -const c_ssl = @import("ssl.zig"); - -const Method = @import("Method.zig").Method; -const Session = @import("Session.zig").Session; -const Ssl = @import("Ssl.zig").Ssl; - -pub const Context = opaque { - - // --- MACROS -------------------------------------------------------------- - - pub inline fn setMode(self: *Context, op: anytype) i64 { - return self.ctrl(c_ssl.c_ssl.SSL_CTRL_MODE, op, null); - } - - pub inline fn clearMode(self: *Context, op: anytype) i64 { - return self.ctrl(c_ssl.SSL_CTRL_CLEAR_MODE, op, null); - } - - pub inline fn getMode(self: *Context) i64 { - return self.ctrl(c_ssl.SSL_CTRL_MODE, 0, null); - } - - pub inline fn setCertFlags(self: *Context, op: anytype) i64 { - return self.ctrl(c_ssl.SSL_CTRL_CERT_FLAGS, op, null); - } - - pub inline fn clearCertFlags(self: *Context, op: anytype) i64 { - return self.ctrl(c_ssl.SSL_CTRL_CLEAR_CERT_FLAGS, op, null); - } - - pub inline fn setMsgCallbackArg(self: *Context, arg: anytype) i64 { - return self.ctrl(c_ssl.SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, arg); - } - - pub inline fn sessNumber(self: *Context) i64 { - return self.ctrl(c_ssl.SSL_CTRL_SESS_NUMBER, 0, null); - } - - pub inline fn sessConnect(self: *Context) i64 { - return self.ctrl(c_ssl.SSL_CTRL_SESS_CONNECT, 0, null); - } - - pub inline fn sessConnectGood(self: *Context) i64 { - return self.ctrl(c_ssl.SSL_CTRL_SESS_CONNECT_GOOD, 0, null); - } - - pub inline fn sessConnectRenegotiate(self: *Context) i64 { - return self.ctrl(c_ssl.SSL_CTRL_SESS_CONNECT_RENEGOTIATE, 0, null); - } - - pub inline fn sessAccept(self: *Context) i64 { - return self.ctrl(c_ssl.SSL_CTRL_SESS_ACCEPT, 0, null); - } - pub inline fn sessAcceptRenegotiate(self: *Context) i64 { - return self.ctrl(c_ssl.SSL_CTRL_SESS_ACCEPT_RENEGOTIATE, 0, null); - } - - pub inline fn sessAcceptGood(self: *Context) i64 { - return self.ctrl(c_ssl.SSL_CTRL_SESS_ACCEPT_GOOD, 0, null); - } - - pub inline fn sessHits(self: *Context) i64 { - return self.ctrl(c_ssl.SSL_CTRL_SESS_HIT, 0, null); - } - - pub inline fn sessCbHits(self: *Context) i64 { - return self.ctrl(c_ssl.SSL_CTRL_SESS_CB_HIT, 0, null); - } - - pub inline fn sessMisses(self: *Context) i64 { - return self.ctrl(c_ssl.SSL_CTRL_SESS_MISSES, 0, null); - } - - pub inline fn sessTimeouts(self: *Context) i64 { - return self.ctrl(c_ssl.SSL_CTRL_SESS_TIMEOUTS, 0, null); - } - - pub inline fn sessCacheFull(self: *Context) i64 { - return self.ctrl(c_ssl.SSL_CTRL_SESS_CACHE_FULL, 0, null); - } - - pub inline fn setTlsextServernameArg(self: *Context, arg: anytype) i64 { - return self.ctrl(c_ssl.SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG, 0, arg); - } - - pub inline fn getTlsextTicketKeys(self: *Context, keys: anytype, keylen: anytype) i64 { - return self.ctrl(c_ssl.SSL_CTRL_GET_TLSEXT_TICKET_KEYS, keylen, keys); - } - - pub inline fn setTlsextTicketKeys(self: *Context, keys: anytype, keylen: anytype) i64 { - return self.ctrl(c_ssl.SSL_CTRL_SET_TLSEXT_TICKET_KEYS, keylen, keys); - } - - pub inline fn getTlsextStatusCb(self: *Context, cb: anytype) i64 { - return self.ctrl(c_ssl.SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB, 0, @import("std").zig.c_translation.cast(?*anyopaque, cb)); - } - - pub inline fn getTlsextStatusArg(self: *Context, arg: anytype) i64 { - return self.ctrl(c_ssl.SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG, 0, arg); - } - - pub inline fn setTlsextStatusArg(self: *Context, arg: anytype) i64 { - return self.ctrl(c_ssl.SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG, 0, arg); - } - - pub inline fn setTlsextStatusType(self: *Context, @"type": anytype) i64 { - return self.ctrl(c_ssl.SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE, @"type", null); - } - - pub inline fn getTlsextStatusType(self: *Context) i64 { - return self.ctrl(c_ssl.SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE, 0, null); - } - - pub inline fn getAppData(self: *const Context) ?*anyopaque { - return self.getExData(0); - } - - pub inline fn setAppData(self: *Context, data: ?*anyopaque) i32 { - return self.setExData(0, data); - } - - pub inline fn setTmpDh(self: *Context, dh: anytype) i64 { - return self.ctrl(c_ssl.SSL_CTRL_SET_TMP_DH, 0, @import("std").zig.c_translation.cast([*c]u8, dh)); - } - - pub inline fn setDhAuto(self: *Context, onoff: anytype) i64 { - return self.ctrl(c_ssl.SSL_CTRL_SET_DH_AUTO, onoff, null); - } - - pub inline fn setTmpEcdh(self: *Context, ecdh: anytype) i64 { - return self.ctrl(c_ssl.SSL_CTRL_SET_TMP_ECDH, 0, @import("std").zig.c_translation.cast([*c]u8, ecdh)); - } - - pub inline fn addExtraChainCert(self: *Context, x509: anytype) i64 { - return self.ctrl(c_ssl.SSL_CTRL_EXTRA_CHAIN_CERT, 0, @import("std").zig.c_translation.cast([*c]u8, x509)); - } - - pub inline fn getExtraChainCerts(self: *Context, px509: anytype) i64 { - return self.ctrl(c_ssl.SSL_CTRL_GET_EXTRA_CHAIN_CERTS, 0, px509); - } - - pub inline fn getExtraChainCertsOnly(self: *Context, px509: anytype) i64 { - return self.ctrl(c_ssl.SSL_CTRL_GET_EXTRA_CHAIN_CERTS, @as(c_int, 1), px509); - } - - pub inline fn clearExtraChainCerts(self: *Context) i64 { - return self.ctrl(c_ssl.SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS, 0, null); - } - - pub inline fn set0Chain(self: *Context, sk: anytype) i64 { - return self.ctrl(c_ssl.SSL_CTRL_CHAIN, 0, @import("std").zig.c_translation.cast([*c]u8, sk)); - } - - pub inline fn set1Chain(self: *Context, sk: anytype) i64 { - return self.ctrl(c_ssl.SSL_CTRL_CHAIN, @as(c_int, 1), @import("std").zig.c_translation.cast([*c]u8, sk)); - } - - pub inline fn add0ChainCert(self: *Context, x509: anytype) i64 { - return self.ctrl(c_ssl.SSL_CTRL_CHAIN_CERT, 0, @import("std").zig.c_translation.cast([*c]u8, x509)); - } - - pub inline fn add1ChainCert(self: *Context, x509: anytype) i64 { - return self.ctrl(c_ssl.SSL_CTRL_CHAIN_CERT, @as(c_int, 1), @import("std").zig.c_translation.cast([*c]u8, x509)); - } - - pub inline fn get0ChainCerts(self: *Context, px509: anytype) i64 { - return self.ctrl(c_ssl.SSL_CTRL_GET_CHAIN_CERTS, 0, px509); - } - - pub inline fn clearChainCerts(self: *Context) i64 { - return self.set0Chain(null); - } - - pub inline fn buildCertChain(self: *Context, flags: anytype) i64 { - return self.ctrl(c_ssl.SSL_CTRL_BUILD_CERT_CHAIN, flags, null); - } - - pub inline fn selectCurrentCert(self: *Context, x509: anytype) i64 { - return self.ctrl(c_ssl.SSL_CTRL_SELECT_CURRENT_CERT, 0, @import("std").zig.c_translation.cast([*c]u8, x509)); - } - - pub inline fn setCurrentCert(self: *Context, op: anytype) i64 { - return self.ctrl(c_ssl.SSL_CTRL_SET_CURRENT_CERT, op, null); - } - - pub inline fn set0VerifyCertStore(self: *Context, st: anytype) i64 { - return self.ctrl(c_ssl.SSL_CTRL_SET_VERIFY_CERT_STORE, 0, @import("std").zig.c_translation.cast([*c]u8, st)); - } - - pub inline fn set1VerifyCertStore(self: *Context, st: anytype) i64 { - return self.ctrl(c_ssl.SSL_CTRL_SET_VERIFY_CERT_STORE, @as(c_int, 1), @import("std").zig.c_translation.cast([*c]u8, st)); - } - - pub inline fn get0VerifyCertStore(self: *Context, st: anytype) i64 { - return self.ctrl(c_ssl.SSL_CTRL_GET_VERIFY_CERT_STORE, 0, @import("std").zig.c_translation.cast([*c]u8, st)); - } - - pub inline fn set0ChainCertStore(self: *Context, st: anytype) i64 { - return self.ctrl(c_ssl.SSL_CTRL_SET_CHAIN_CERT_STORE, 0, @import("std").zig.c_translation.cast([*c]u8, st)); - } - - pub inline fn set1ChainCertStore(self: *Context, st: anytype) i64 { - return self.ctrl(c_ssl.SSL_CTRL_SET_CHAIN_CERT_STORE, @as(c_int, 1), @import("std").zig.c_translation.cast([*c]u8, st)); - } - - pub inline fn get0ChainCertStore(self: *Context, st: anytype) i64 { - return self.ctrl(c_ssl.SSL_CTRL_GET_CHAIN_CERT_STORE, 0, @import("std").zig.c_translation.cast([*c]u8, st)); - } - - pub inline fn set1Groups(self: *Context, glist: anytype, glistlen: anytype) i64 { - return self.ctrl(c_ssl.SSL_CTRL_SET_GROUPS, glistlen, @import("std").zig.c_translation.cast([*c]c_int, glist)); - } - - pub inline fn set1GroupsList(self: *Context, s: anytype) i64 { - return self.ctrl(c_ssl.SSL_CTRL_SET_GROUPS_LIST, 0, @import("std").zig.c_translation.cast([*c]u8, s)); - } - - pub inline fn set1Sigalgs(self: *Context, slist: anytype, slistlen: anytype) i64 { - return self.ctrl(c_ssl.SSL_CTRL_SET_SIGALGS, slistlen, @import("std").zig.c_translation.cast([*c]c_int, slist)); - } - - pub inline fn set1SigalgsList(self: *Context, s: anytype) i64 { - return self.ctrl(c_ssl.SSL_CTRL_SET_SIGALGS_LIST, 0, @import("std").zig.c_translation.cast([*c]u8, s)); - } - - pub inline fn set1ClientSigalgs(self: *Context, slist: anytype, slistlen: anytype) i64 { - return self.ctrl(c_ssl.SSL_CTRL_SET_CLIENT_SIGALGS, slistlen, @import("std").zig.c_translation.cast([*c]c_int, slist)); - } - - pub inline fn set1ClientSigalgsList(self: *Context, s: anytype) i64 { - return self.ctrl(c_ssl.SSL_CTRL_SET_CLIENT_SIGALGS_LIST, 0, @import("std").zig.c_translation.cast([*c]u8, s)); - } - - pub inline fn set1ClientCertificateTypes(self: *Context, clist: anytype, clistlen: anytype) i64 { - return self.ctrl(c_ssl.SSL_CTRL_SET_CLIENT_CERT_TYPES, clistlen, @import("std").zig.c_translation.cast([*c]u8, clist)); - } - - pub inline fn setMinProtoVersion(self: *Context, version: anytype) i64 { - return self.ctrl(c_ssl.SSL_CTRL_SET_MIN_PROTO_VERSION, version, null); - } - - pub inline fn setMaxProtoVersion(self: *Context, version: anytype) i64 { - return self.ctrl(c_ssl.SSL_CTRL_SET_MAX_PROTO_VERSION, version, null); - } - - pub inline fn getMinProtoVersion(self: *Context) i64 { - return self.ctrl(c_ssl.SSL_CTRL_GET_MIN_PROTO_VERSION, 0, null); - } - - pub inline fn getMaxProtoVersion(self: *Context) i64 { - return self.ctrl(c_ssl.SSL_CTRL_GET_MAX_PROTO_VERSION, 0, null); - } - - pub inline fn getExNewIndex( - argl: i64, - argp: ?*anyopaque, - new_func: ?*const c_ssl.CRYPTO_EX_new, - dup_func: ?*const c_ssl.CRYPTO_EX_dup, - free_func: ?*const c_ssl.CRYPTO_EX_free, - ) i32 { - return c_ssl.CRYPTO_get_ex_new_index(c_ssl.CRYPTO_EX_INDEX_SSL_CTX, argl, argp, new_func, dup_func, free_func); - } - - pub inline fn sessSetCacheSize(self: *Context, t: anytype) i64 { - return self.ctrl(c_ssl.SSL_CTRL_SET_SESS_CACHE_SIZE, t, null); - } - - pub inline fn sessGetCacheSize(self: *Context) i64 { - return self.ctrl(c_ssl.SSL_CTRL_GET_SESS_CACHE_SIZE, 0, null); - } - - pub inline fn setSessionCacheMode(self: *Context, m: anytype) i64 { - return self.ctrl(c_ssl.SSL_CTRL_SET_SESS_CACHE_MODE, m, null); - } - - pub inline fn getSessionCacheMode(self: *Context) i64 { - return self.ctrl(c_ssl.SSL_CTRL_GET_SESS_CACHE_MODE, 0, null); - } - - pub inline fn getDefaultReadAhead(self: *Context) i64 { - return self.getReadAhead(); - } - - pub inline fn setDefaultReadAhead(self: *Context, m: anytype) i64 { - return self.setReadAhead(m); - } - - pub inline fn getReadAhead(self: *Context) i64 { - return self.ctrl(c_ssl.SSL_CTRL_GET_READ_AHEAD, 0, null); - } - - pub inline fn setReadAhead(self: *Context, m: anytype) i64 { - return self.ctrl(c_ssl.SSL_CTRL_SET_READ_AHEAD, m, null); - } - - pub inline fn getMaxCertList(self: *Context) i64 { - return self.ctrl(c_ssl.SSL_CTRL_GET_MAX_CERT_LIST, 0, null); - } - - pub inline fn setMaxCertList(self: *Context, m: anytype) i64 { - return self.ctrl(c_ssl.SSL_CTRL_SET_MAX_CERT_LIST, m, null); - } - - pub inline fn setMaxSendFragment(self: *Context, m: anytype) i64 { - return self.ctrl(c_ssl.SSL_CTRL_SET_MAX_SEND_FRAGMENT, m, null); - } - - pub inline fn setSplitSendFragment(self: *Context, m: anytype) i64 { - return self.ctrl(c_ssl.SSL_CTRL_SET_SPLIT_SEND_FRAGMENT, m, null); - } - - pub inline fn setMaxPipelines(self: *Context, m: anytype) i64 { - return self.ctrl(c_ssl.SSL_CTRL_SET_MAX_PIPELINES, m, null); - } - - // --- METHODS ------------------------------------------------------------- - - pub inline fn checkPrivateKey(self: *const Context) !void { - if (import.SSL_CTX_check_private_key(self) == 0) { - return error.InvalidPrivateKey; - } - } - - pub inline fn ctrl(self: *Context, cmd: i32, larg: i64, parg: ?*anyopaque) i64 { - return import.SSL_CTX_ctrl(self, cmd, larg, parg); - } - - pub inline fn free(self: *Context) void { - import.SSL_CTX_free(self); - } - - pub inline fn getExData(self: *const Context, index: i32) ?*anyopaque { - return import.SSL_CTX_get_ex_data(self, index); - } - - pub inline fn new(method: ?*const Method) !*Context { - return import.SSL_CTX_new(method) orelse error.OpenSslError; - } - - pub inline fn setExData(self: *Context, index: i32, data: ?*anyopaque) i32 { - return import.SSL_CTX_set_ex_data(self, index, data); - } - - pub inline fn setOptions(self: *Context, op: u64) u64 { - return import.SSL_CTX_set_options(self, op); - } - - pub inline fn useCertificateFile(self: *Context, file: [*:0]const u8, @"type": i32) !void { - const res = import.SSL_CTX_use_certificate_file(self, file, @"type"); - if (res <= 0) { - return error.OpenSslError; - } - } - - pub inline fn usePrivateKeyFile(self: *Context, file: [*:0]const u8, @"type": i32) !void { - const res = import.SSL_CTX_use_PrivateKey_file(self, file, @"type"); - if (res <= 0) { - return error.OpenSslError; - } - } -}; - -const import = struct { - pub extern fn SSL_CTX_add_client_CA(ctx: *Context, x: ?*c_ssl.X509) i32; - pub extern fn SSL_CTX_add_client_custom_ext( - ctx: *Context, - ext_type: u32, - add_cb: c_ssl.custom_ext_add_cb, - free_cb: c_ssl.custom_ext_free_cb, - add_arg: ?*anyopaque, - parse_cb: c_ssl.custom_ext_parse_cb, - parse_arg: ?*anyopaque, - ) i32; - pub extern fn SSL_CTX_add_custom_ext( - ctx: *Context, - ext_type: u32, - context: u32, - add_cb: c_ssl.SSL_custom_ext_add_cb_ex, - free_cb: c_ssl.SSL_custom_ext_free_cb_ex, - add_arg: ?*anyopaque, - parse_cb: c_ssl.SSL_custom_ext_parse_cb_ex, - parse_arg: ?*anyopaque, - ) i32; - pub extern fn SSL_CTX_add_server_custom_ext( - ctx: *Context, - ext_type: u32, - add_cb: c_ssl.custom_ext_add_cb, - free_cb: c_ssl.custom_ext_free_cb, - add_arg: ?*anyopaque, - parse_cb: c_ssl.custom_ext_parse_cb, - parse_arg: ?*anyopaque, - ) i32; - pub extern fn SSL_CTX_add_session(ctx: *Context, session: ?*c_ssl.Session) i32; - pub extern fn SSL_CTX_add1_to_CA_list(ctx: *Context, x: ?*const c_ssl.X509) i32; - pub extern fn SSL_CTX_callback_ctrl(*Context, i32, ?*const fn () callconv(.c) void) i64; - pub extern fn SSL_CTX_check_private_key(ctx: *const Context) i32; - pub extern fn SSL_CTX_clear_options(ctx: *Context, op: u64) u64; - pub extern fn SSL_CTX_config(ctx: *Context, name: [*c]const u8) i32; - pub extern fn SSL_CTX_ct_is_enabled(ctx: *const Context) i32; - pub extern fn SSL_CTX_ctrl(ctx: *Context, cmd: i32, larg: i64, parg: ?*anyopaque) i64; - pub extern fn SSL_CTX_dane_clear_flags(ctx: *Context, flags: i64) i64; - pub extern fn SSL_CTX_dane_enable(ctx: *Context) i32; - pub extern fn SSL_CTX_dane_mtype_set(ctx: *Context, md: ?*const c_ssl.EVP_MD, mtype: u8, ord: u8) i32; - pub extern fn SSL_CTX_dane_set_flags(ctx: *Context, flags: i64) i64; - pub extern fn SSL_CTX_enable_ct(ctx: *Context, validation_mode: i32) i32; - pub extern fn SSL_CTX_flush_sessions(ctx: *Context, tm: i64) void; - pub extern fn SSL_CTX_free(*Context) void; - pub extern fn SSL_CTX_get_cert_store(*const Context) ?*c_ssl.X509_STORE; - pub extern fn SSL_CTX_get_ciphers(ctx: *const Context) ?*c_ssl.struct_stack_st_SSL_CIPHER; - pub extern fn SSL_CTX_get_client_CA_list(s: *const Context) ?*c_ssl.struct_stack_st_X509_NAME; - pub extern fn SSL_CTX_get_client_cert_cb(ctx: *Context) ?*const fn (?*Ssl, [*c]?*c_ssl.X509, [*c]?*c_ssl.EVP_PKEY) callconv(.c) i32; - pub extern fn SSL_CTX_get_default_passwd_cb_userdata(ctx: *Context) ?*anyopaque; - pub extern fn SSL_CTX_get_default_passwd_cb(ctx: *Context) ?*const c_ssl.pem_password_cb; - pub extern fn SSL_CTX_get_ex_data(ssl: *const Context, idx: i32) ?*anyopaque; - pub extern fn SSL_CTX_get_info_callback(ctx: *Context) ?*const fn (?*const Ssl, i32, i32) callconv(.c) void; - pub extern fn SSL_CTX_get_keylog_callback(ctx: *const Context) c_ssl.SSL_CTX_keylog_cb_func; - pub extern fn SSL_CTX_get_max_early_data(ctx: *const Context) u32; - pub extern fn SSL_CTX_get_num_tickets(ctx: *const Context) usize; - pub extern fn SSL_CTX_get_options(ctx: *const Context) u64; - pub extern fn SSL_CTX_get_quiet_shutdown(ctx: *const Context) i32; - pub extern fn SSL_CTX_get_record_padding_callback_arg(ctx: *const Context) ?*anyopaque; - pub extern fn SSL_CTX_get_recv_max_early_data(ctx: *const Context) u32; - pub extern fn SSL_CTX_get_security_callback(ctx: *const Context) ?*const fn ( - ?*const Ssl, - *const Context, - i32, - i32, - i32, - ?*anyopaque, - ?*anyopaque, - ) callconv(.c) i32; - pub extern fn SSL_CTX_get_security_level(ctx: *const Context) i32; - pub extern fn SSL_CTX_get_ssl_method(ctx: *const Context) ?*const Method; - pub extern fn SSL_CTX_get_timeout(ctx: *const Context) i64; - pub extern fn SSL_CTX_get_verify_callback(ctx: *const Context) c_ssl.SSL_verify_cb; - pub extern fn SSL_CTX_get_verify_depth(ctx: *const Context) i32; - pub extern fn SSL_CTX_get_verify_mode(ctx: *const Context) i32; - pub extern fn SSL_CTX_get0_CA_list(ctx: *const Context) ?*const c_ssl.struct_stack_st_X509_NAME; - pub extern fn SSL_CTX_get0_certificate(ctx: *const Context) ?*c_ssl.X509; - pub extern fn SSL_CTX_get0_ctlog_store(ctx: *const Context) ?*const c_ssl.CTLOG_STORE; - pub extern fn SSL_CTX_get0_param(ctx: *Context) ?*c_ssl.X509_VERIFY_PARAM; - pub extern fn SSL_CTX_get0_privatekey(ctx: *const Context) ?*c_ssl.EVP_PKEY; - pub extern fn SSL_CTX_get0_security_ex_data(ctx: *const Context) ?*anyopaque; - pub extern fn SSL_CTX_has_client_custom_ext(ctx: *const Context, ext_type: u32) i32; - pub extern fn SSL_CTX_load_verify_dir(ctx: *Context, CApath: [*c]const u8) i32; - pub extern fn SSL_CTX_load_verify_file(ctx: *Context, CAfile: [*c]const u8) i32; - pub extern fn SSL_CTX_load_verify_locations(ctx: *Context, CAfile: [*c]const u8, CApath: [*c]const u8) i32; - pub extern fn SSL_CTX_load_verify_store(ctx: *Context, CAstore: [*c]const u8) i32; - pub extern fn SSL_CTX_new_ex(libctx: ?*c_ssl.OSSL_LIB_CTX, propq: [*c]const u8, meth: ?*const Method) ?*Context; - pub extern fn SSL_CTX_new(meth: ?*const Method) ?*Context; - pub extern fn SSL_CTX_remove_session(ctx: *Context, session: ?*Session) i32; - pub extern fn SSL_CTX_sess_get_get_cb(ctx: *Context) ?*const fn ( - ?*c_ssl.struct_ssl_st, - [*c]const u8, - i32, - [*c]i32, - ) callconv(.c) ?*Session; - pub extern fn SSL_CTX_sess_get_new_cb(ctx: *Context) ?*const fn ( - ?*c_ssl.struct_ssl_st, - ?*Session, - ) callconv(.c) i32; - pub extern fn SSL_CTX_sess_get_remove_cb(ctx: *Context) ?*const fn ( - ?*c_ssl.struct_ssl_ctx_st, - ?*Session, - ) callconv(.c) void; - pub extern fn SSL_CTX_sess_set_get_cb( - ctx: *Context, - get_session_cb: ?*const fn ( - ?*c_ssl.struct_ssl_st, - [*c]const u8, - i32, - [*c]i32, - ) callconv(.c) ?*Session, - ) void; - pub extern fn SSL_CTX_sess_set_new_cb( - ctx: *Context, - new_session_cb: ?*const fn ( - ?*c_ssl.struct_ssl_st, - ?*Session, - ) callconv(.c) i32, - ) void; - pub extern fn SSL_CTX_sess_set_remove_cb( - ctx: *Context, - remove_session_cb: ?*const fn ( - ?*c_ssl.struct_ssl_ctx_st, - ?*Session, - ) callconv(.c) void, - ) void; - pub extern fn SSL_CTX_sessions(ctx: *Context) ?*c_ssl.struct_lhash_st_SSL_SESSION; - pub extern fn SSL_CTX_set_allow_early_data_cb(ctx: *Context, cb: c_ssl.SSL_allow_early_data_cb_fn, arg: ?*anyopaque) void; - pub extern fn SSL_CTX_set_alpn_protos(ctx: *Context, protos: [*c]const u8, protos_len: u32) i32; - pub extern fn SSL_CTX_set_alpn_select_cb(ctx: *Context, cb: c_ssl.SSL_CTX_alpn_select_cb_func, arg: ?*anyopaque) void; - pub extern fn SSL_CTX_set_async_callback_arg(ctx: *Context, arg: ?*anyopaque) i32; - pub extern fn SSL_CTX_set_async_callback(ctx: *Context, callback: c_ssl.SSL_async_callback_fn) i32; - pub extern fn SSL_CTX_set_block_padding(ctx: *Context, block_size: usize) i32; - pub extern fn SSL_CTX_set_cert_cb(c: *Context, cb: ?*const fn (?*Ssl, ?*anyopaque) callconv(.c) i32, arg: ?*anyopaque) void; - pub extern fn SSL_CTX_set_cert_store(*Context, ?*c_ssl.X509_STORE) void; - pub extern fn SSL_CTX_set_cert_verify_callback( - ctx: *Context, - cb: ?*const fn ( - ?*c_ssl.X509_STORE_CTX, - ?*anyopaque, - ) callconv(.c) i32, - arg: ?*anyopaque, - ) void; - pub extern fn SSL_CTX_set_cipher_list(*Context, str: [*c]const u8) i32; - pub extern fn SSL_CTX_set_ciphersuites(ctx: *Context, str: [*c]const u8) i32; - pub extern fn SSL_CTX_set_client_CA_list(ctx: *Context, name_list: ?*c_ssl.struct_stack_st_X509_NAME) void; - pub extern fn SSL_CTX_set_client_cert_cb( - ctx: *Context, - client_cert_cb: ?*const fn ( - ?*Ssl, - [*c]?*c_ssl.X509, - [*c]?*c_ssl.EVP_PKEY, - ) callconv(.c) i32, - ) void; - pub extern fn SSL_CTX_set_client_cert_engine(ctx: *Context, e: ?*c_ssl.ENGINE) i32; - pub extern fn SSL_CTX_set_client_hello_cb(c: *Context, cb: c_ssl.SSL_client_hello_cb_fn, arg: ?*anyopaque) void; - pub extern fn SSL_CTX_set_cookie_generate_cb(ctx: *Context, app_gen_cookie_cb: ?*const fn (?*Ssl, [*c]u8, [*c]u32) callconv(.c) i32) void; - pub extern fn SSL_CTX_set_cookie_verify_cb(ctx: *Context, app_verify_cookie_cb: ?*const fn (?*Ssl, [*c]const u8, u32) callconv(.c) i32) void; - pub extern fn SSL_CTX_set_ct_validation_callback(ctx: *Context, callback: c_ssl.ssl_ct_validation_cb, arg: ?*anyopaque) i32; - pub extern fn SSL_CTX_set_ctlog_list_file(ctx: *Context, path: [*c]const u8) i32; - pub extern fn SSL_CTX_set_default_ctlog_list_file(ctx: *Context) i32; - pub extern fn SSL_CTX_set_default_passwd_cb_userdata(ctx: *Context, u: ?*anyopaque) void; - pub extern fn SSL_CTX_set_default_passwd_cb(ctx: *Context, cb: ?*const c_ssl.pem_password_cb) void; - pub extern fn SSL_CTX_set_default_read_buffer_len(ctx: *Context, len: usize) void; - pub extern fn SSL_CTX_set_default_verify_dir(ctx: *Context) i32; - pub extern fn SSL_CTX_set_default_verify_file(ctx: *Context) i32; - pub extern fn SSL_CTX_set_default_verify_paths(ctx: *Context) i32; - pub extern fn SSL_CTX_set_default_verify_store(ctx: *Context) i32; - pub extern fn SSL_CTX_set_ex_data(ssl: *Context, idx: i32, data: ?*anyopaque) i32; - pub extern fn SSL_CTX_set_generate_session_id(ctx: *Context, cb: c_ssl.GEN_SESSION_CB) i32; - pub extern fn SSL_CTX_set_info_callback(ctx: *Context, cb: ?*const fn (?*const Ssl, i32, i32) callconv(.c) void) void; - pub extern fn SSL_CTX_set_keylog_callback(ctx: *Context, cb: c_ssl.SSL_CTX_keylog_cb_func) void; - pub extern fn SSL_CTX_set_max_early_data(ctx: *Context, max_early_data: u32) i32; - pub extern fn SSL_CTX_set_msg_callback( - ctx: *Context, - cb: ?*const fn ( - i32, - i32, - i32, - ?*const anyopaque, - usize, - ?*Ssl, - ?*anyopaque, - ) callconv(.c) void, - ) void; - pub extern fn SSL_CTX_set_next_proto_select_cb(s: *Context, cb: c_ssl.SSL_CTX_npn_select_cb_func, arg: ?*anyopaque) void; - pub extern fn SSL_CTX_set_next_protos_advertised_cb(s: *Context, cb: c_ssl.SSL_CTX_npn_advertised_cb_func, arg: ?*anyopaque) void; - pub extern fn SSL_CTX_set_not_resumable_session_callback(ctx: *Context, cb: ?*const fn (?*Ssl, i32) callconv(.c) i32) void; - pub extern fn SSL_CTX_set_num_tickets(ctx: *Context, num_tickets: usize) i32; - pub extern fn SSL_CTX_set_options(ctx: *Context, op: u64) u64; - pub extern fn SSL_CTX_set_post_handshake_auth(ctx: *Context, val: i32) void; - pub extern fn SSL_CTX_set_psk_client_callback(ctx: *Context, cb: c_ssl.SSL_psk_client_cb_func) void; - pub extern fn SSL_CTX_set_psk_find_session_callback(ctx: *Context, cb: c_ssl.SSL_psk_find_session_cb_func) void; - pub extern fn SSL_CTX_set_psk_server_callback(ctx: *Context, cb: c_ssl.SSL_psk_server_cb_func) void; - pub extern fn SSL_CTX_set_psk_use_session_callback(ctx: *Context, cb: c_ssl.SSL_psk_use_session_cb_func) void; - pub extern fn SSL_CTX_set_purpose(ctx: *Context, purpose: i32) i32; - pub extern fn SSL_CTX_set_quiet_shutdown(ctx: *Context, mode: i32) void; - pub extern fn SSL_CTX_set_record_padding_callback_arg(ctx: *Context, arg: ?*anyopaque) void; - pub extern fn SSL_CTX_set_record_padding_callback(ctx: *Context, cb: ?*const fn (?*Ssl, i32, usize, ?*anyopaque) callconv(.c) usize) void; - pub extern fn SSL_CTX_set_recv_max_early_data(ctx: *Context, recv_max_early_data: u32) i32; - pub extern fn SSL_CTX_set_security_callback( - ctx: *Context, - cb: ?*const fn ( - ?*const Ssl, - *const Context, - i32, - i32, - i32, - ?*anyopaque, - ?*anyopaque, - ) callconv(.c) i32, - ) void; - pub extern fn SSL_CTX_set_security_level(ctx: *Context, level: i32) void; - pub extern fn SSL_CTX_set_session_id_context(ctx: *Context, sid_ctx: [*c]const u8, sid_ctx_len: u32) i32; - pub extern fn SSL_CTX_set_session_ticket_cb( - ctx: *Context, - gen_cb: c_ssl.SSL_CTX_generate_session_ticket_fn, - dec_cb: c_ssl.SSL_CTX_decrypt_session_ticket_fn, - arg: ?*anyopaque, - ) i32; - pub extern fn SSL_CTX_set_srp_cb_arg(ctx: *Context, arg: ?*anyopaque) i32; - pub extern fn SSL_CTX_set_srp_client_pwd_callback(ctx: *Context, cb: ?*const fn (?*Ssl, ?*anyopaque) callconv(.c) [*c]u8) i32; - pub extern fn SSL_CTX_set_srp_password(ctx: *Context, password: [*c]u8) i32; - pub extern fn SSL_CTX_set_srp_strength(ctx: *Context, strength: i32) i32; - pub extern fn SSL_CTX_set_srp_username_callback(ctx: *Context, cb: ?*const fn (?*Ssl, [*c]i32, ?*anyopaque) callconv(.c) i32) i32; - pub extern fn SSL_CTX_set_srp_username(ctx: *Context, name: [*c]u8) i32; - pub extern fn SSL_CTX_set_srp_verify_param_callback(ctx: *Context, cb: ?*const fn (?*Ssl, ?*anyopaque) callconv(.c) i32) i32; - pub extern fn SSL_CTX_set_ssl_version(ctx: *Context, meth: ?*const Method) i32; - pub extern fn SSL_CTX_set_stateless_cookie_generate_cb( - ctx: *Context, - gen_stateless_cookie_cb: ?*const fn ( - ?*Ssl, - [*c]u8, - [*c]usize, - ) callconv(.c) i32, - ) void; - pub extern fn SSL_CTX_set_stateless_cookie_verify_cb( - ctx: *Context, - verify_stateless_cookie_cb: ?*const fn ( - ?*Ssl, - [*c]const u8, - usize, - ) callconv(.c) i32, - ) void; - pub extern fn SSL_CTX_set_timeout(ctx: *Context, t: i64) i64; - pub extern fn SSL_CTX_set_tlsext_max_fragment_length(ctx: *Context, mode: u8) i32; - pub extern fn SSL_CTX_set_tlsext_ticket_key_evp_cb( - ctx: *Context, - fp: ?*const fn ( - ?*Ssl, - [*c]u8, - [*c]u8, - ?*c_ssl.EVP_CIPHER_CTX, - ?*c_ssl.EVP_MAC_CTX, - i32, - ) callconv(.c) i32, - ) i32; - pub extern fn SSL_CTX_set_tlsext_use_srtp(ctx: *Context, profiles: [*c]const u8) i32; - pub extern fn SSL_CTX_set_tmp_dh_callback(ctx: *Context, dh: ?*const fn (?*Ssl, i32, i32) callconv(.c) ?*c_ssl.DH) void; - pub extern fn SSL_CTX_set_trust(ctx: *Context, trust: i32) i32; - pub extern fn SSL_CTX_set_verify_depth(ctx: *Context, depth: i32) void; - pub extern fn SSL_CTX_set_verify(ctx: *Context, mode: i32, callback: c_ssl.SSL_verify_cb) void; - pub extern fn SSL_CTX_set0_CA_list(ctx: *Context, name_list: ?*c_ssl.struct_stack_st_X509_NAME) void; - pub extern fn SSL_CTX_set0_ctlog_store(ctx: *Context, logs: ?*c_ssl.CTLOG_STORE) void; - pub extern fn SSL_CTX_set0_security_ex_data(ctx: *Context, ex: ?*anyopaque) void; - pub extern fn SSL_CTX_set0_tmp_dh_pkey(ctx: *Context, dhpkey: ?*c_ssl.EVP_PKEY) i32; - pub extern fn SSL_CTX_set1_cert_store(*Context, ?*c_ssl.X509_STORE) void; - pub extern fn SSL_CTX_set1_param(ctx: *Context, vpm: ?*c_ssl.X509_VERIFY_PARAM) i32; - pub extern fn SSL_CTX_SRP_CTX_free(ctx: *Context) i32; - pub extern fn SSL_CTX_SRP_CTX_init(ctx: *Context) i32; - pub extern fn SSL_CTX_up_ref(ctx: *Context) i32; - pub extern fn SSL_CTX_use_cert_and_key( - ctx: *Context, - x509: ?*c_ssl.X509, - privatekey: ?*c_ssl.EVP_PKEY, - chain: ?*c_ssl.struct_stack_st_X509, - override: i32, - ) i32; - pub extern fn SSL_CTX_use_certificate_ASN1(ctx: *Context, len: i32, d: [*c]const u8) i32; - pub extern fn SSL_CTX_use_certificate_chain_file(ctx: *Context, file: [*c]const u8) i32; - pub extern fn SSL_CTX_use_certificate_file(ctx: *Context, file: [*c]const u8, @"type": i32) i32; - pub extern fn SSL_CTX_use_certificate(ctx: *Context, x: ?*c_ssl.X509) i32; - pub extern fn SSL_CTX_use_PrivateKey_ASN1(pk: i32, ctx: *Context, d: [*c]const u8, len: i64) i32; - pub extern fn SSL_CTX_use_PrivateKey_file(ctx: *Context, file: [*c]const u8, @"type": i32) i32; - pub extern fn SSL_CTX_use_PrivateKey(ctx: *Context, pkey: ?*c_ssl.EVP_PKEY) i32; - pub extern fn SSL_CTX_use_psk_identity_hint(ctx: *Context, identity_hint: [*c]const u8) i32; - pub extern fn SSL_CTX_use_RSAPrivateKey_ASN1(ctx: *Context, d: [*c]const u8, len: i64) i32; - pub extern fn SSL_CTX_use_RSAPrivateKey_file(ctx: *Context, file: [*c]const u8, @"type": i32) i32; - pub extern fn SSL_CTX_use_RSAPrivateKey(ctx: *Context, rsa: ?*c_ssl.RSA) i32; - pub extern fn SSL_CTX_use_serverinfo_ex(ctx: *Context, version: u32, serverinfo: [*c]const u8, serverinfo_length: usize) i32; - pub extern fn SSL_CTX_use_serverinfo_file(ctx: *Context, file: [*c]const u8) i32; - pub extern fn SSL_CTX_use_serverinfo(ctx: *Context, serverinfo: [*c]const u8, serverinfo_length: usize) i32; -}; diff --git a/packages/web/src/openssl/Method.zig b/packages/web/src/openssl/Method.zig deleted file mode 100644 index 715b812..0000000 --- a/packages/web/src/openssl/Method.zig +++ /dev/null @@ -1,111 +0,0 @@ -const std = @import("std"); - -pub const Method = opaque { - pub inline fn dtlsClientMethod() ?*const Method { - return import.DTLS_client_method(); - } - - pub inline fn dtlsMethod() ?*const Method { - return import.DTLS_method(); - } - - pub inline fn dtlsServerMethod() ?*const Method { - return import.DTLS_server_method(); - } - - pub inline fn dtlsV1_2ClientMethod() ?*const Method { - return import.DTLSv1_2_client_method(); - } - - pub inline fn dtlsV1_2Method() ?*const Method { - return import.DTLSv1_2_method(); - } - - pub inline fn dtlsV1_2ServerMethod() ?*const Method { - return import.DTLSv1_2_server_method(); - } - - pub inline fn dtlsV1ClientMethod() ?*const Method { - return import.DTLSv1_client_method(); - } - - pub inline fn dtlsV1Method() ?*const Method { - return import.DTLSv1_method(); - } - - pub inline fn dtlsV1ServerMethod() ?*const Method { - return import.DTLSv1_server_method(); - } - - pub inline fn tlsClientMethod() ?*const Method { - return import.TLS_client_method(); - } - - pub inline fn tlsMethod() ?*const Method { - return import.TLS_method(); - } - - pub inline fn tlsServerMethod() ?*const Method { - return import.TLS_server_method(); - } - - pub inline fn tlsV1_1ClientMethod() ?*const Method { - return import.TLSv1_1_client_method(); - } - - pub inline fn tlsV1_1Method() ?*const Method { - return import.TLSv1_1_method(); - } - - pub inline fn tlsV1_1ServerMethod() ?*const Method { - return import.TLSv1_1_server_method(); - } - - pub inline fn tlsV1_2ClientMethod() ?*const Method { - return import.TLSv1_2_client_method(); - } - - pub inline fn tlsV1_2Method() ?*const Method { - return import.TLSv1_2_method(); - } - - pub inline fn tlsV1_2ServerMethod() ?*const Method { - return import.TLSv1_2_server_method(); - } - - pub inline fn tlsV1ClientMethod() ?*const Method { - return import.TLSv1_client_method(); - } - - pub inline fn tlsV1Method() ?*const Method { - return import.TLSv1_method(); - } - - pub inline fn tlsV1ServerMethod() ?*const Method { - return import.TLSv1_server_method(); - } -}; - -const import = struct { - pub extern fn DTLS_client_method() ?*const Method; - pub extern fn DTLS_method() ?*const Method; - pub extern fn DTLS_server_method() ?*const Method; - pub extern fn DTLSv1_2_client_method() ?*const Method; - pub extern fn DTLSv1_2_method() ?*const Method; - pub extern fn DTLSv1_2_server_method() ?*const Method; - pub extern fn DTLSv1_client_method() ?*const Method; - pub extern fn DTLSv1_method() ?*const Method; - pub extern fn DTLSv1_server_method() ?*const Method; - pub extern fn TLS_client_method() ?*const Method; - pub extern fn TLS_method() ?*const Method; - pub extern fn TLS_server_method() ?*const Method; - pub extern fn TLSv1_1_client_method() ?*const Method; - pub extern fn TLSv1_1_method() ?*const Method; - pub extern fn TLSv1_1_server_method() ?*const Method; - pub extern fn TLSv1_2_client_method() ?*const Method; - pub extern fn TLSv1_2_method() ?*const Method; - pub extern fn TLSv1_2_server_method() ?*const Method; - pub extern fn TLSv1_client_method() ?*const Method; - pub extern fn TLSv1_method() ?*const Method; - pub extern fn TLSv1_server_method() ?*const Method; -}; diff --git a/packages/web/src/openssl/Session.zig b/packages/web/src/openssl/Session.zig deleted file mode 100644 index 011ec80..0000000 --- a/packages/web/src/openssl/Session.zig +++ /dev/null @@ -1,3 +0,0 @@ -const std = @import("std"); - -pub const Session = opaque {}; diff --git a/packages/web/src/openssl/Ssl.zig b/packages/web/src/openssl/Ssl.zig index 1d54d92..aba1fad 100644 --- a/packages/web/src/openssl/Ssl.zig +++ b/packages/web/src/openssl/Ssl.zig @@ -1,3 +1,316 @@ const std = @import("std"); -pub const Ssl = opaque {}; +const c_ssl = @import("ssl.zig"); + +const FileDescriptor = @import("../FileDescriptor.zig").FileDescriptor; +const SslContext = @import("SslContext.zig").SslContext; +const SslMethod = @import("SslMethod.zig").SslMethod; +const SslSession = @import("SslSession.zig").SslSession; + +pub const Ssl = opaque { + pub inline fn accept(self: *Ssl) !void { + const res = import.SSL_accept(self); + if (res <= 0) { + return error.OpenSslError; + } + } + + pub inline fn free(self: *Ssl) void { + import.SSL_free(self); + } + + pub inline fn new(ctx: *SslContext) !*Ssl { + return import.SSL_new(ctx) orelse error.OpenSslError; + } + + pub inline fn read(self: *Ssl, buf: []u8) !usize { + var bytes_read: usize = undefined; + const res = import.SSL_read_ex(self, buf.ptr, buf.len, &bytes_read); + return if (res <= 0) error.OpenSslError else bytes_read; + } + + pub fn readAll(self: *Ssl, buf: []u8) !void { + var total_bytes_read: usize = 0; + + while (total_bytes_read < buf.len) { + const chunk = buf[total_bytes_read..]; + const bytes_read = try self.read(chunk); + total_bytes_read += bytes_read; + } + } + + pub inline fn setFd(self: *Ssl, fd: FileDescriptor) !void { + const res = import.SSL_set_fd(self, @intFromEnum(fd)); + if (res <= 0) { + return error.OpenSslError; + } + } + + pub inline fn write(self: *Ssl, buf: []const u8) !usize { + var bytes_written: usize = undefined; + const res = import.SSL_write_ex(self, buf.ptr, buf.len, &bytes_written); + return if (res <= 0) error.OpenSslError else bytes_written; + } + + pub fn writeAll(self: *Ssl, buf: []const u8) !void { + var total_bytes_written: usize = 0; + + while (total_bytes_written < buf.len) { + const chunk = buf[total_bytes_written..]; + const bytes_written = try self.write(chunk); + total_bytes_written += bytes_written; + } + } +}; + +const import = struct { + pub extern fn SSL_accept(ssl: ?*Ssl) i32; + pub extern fn SSL_add_client_CA(ssl: ?*Ssl, x: ?*c_ssl.X509) i32; + pub extern fn SSL_add_dir_cert_subjects_to_stack(stackCAs: ?*c_ssl.struct_stack_st_X509_NAME, dir: [*c]const u8) i32; + pub extern fn SSL_add_file_cert_subjects_to_stack(stackCAs: ?*c_ssl.struct_stack_st_X509_NAME, file: [*c]const u8) i32; + pub extern fn SSL_add_ssl_module() void; + pub extern fn SSL_add_store_cert_subjects_to_stack(stackCAs: ?*c_ssl.struct_stack_st_X509_NAME, uri: [*c]const u8) i32; + pub extern fn SSL_add1_host(s: ?*Ssl, hostname: [*c]const u8) i32; + pub extern fn SSL_add1_to_CA_list(ssl: ?*Ssl, x: ?*const c_ssl.X509) i32; + pub extern fn SSL_alert_desc_string_long(value: i32) [*c]const u8; + pub extern fn SSL_alert_desc_string(value: i32) [*c]const u8; + pub extern fn SSL_alert_type_string_long(value: i32) [*c]const u8; + pub extern fn SSL_alert_type_string(value: i32) [*c]const u8; + pub extern fn SSL_alloc_buffers(ssl: ?*Ssl) i32; + pub extern fn SSL_bytes_to_cipher_list(s: ?*Ssl, bytes: [*c]const u8, len: usize, isv2format: i32, sk: [*c]?*c_ssl.struct_stack_st_SSL_CIPHER, scsvs: [*c]?*c_ssl.struct_stack_st_SSL_CIPHER) i32; + pub extern fn SSL_callback_ctrl(?*Ssl, i32, ?*const fn () callconv(.c) void) i64; + pub extern fn SSL_certs_clear(s: ?*Ssl) void; + pub extern fn SSL_check_chain(s: ?*Ssl, x: ?*c_ssl.X509, pk: ?*c_ssl.EVP_PKEY, chain: ?*c_ssl.struct_stack_st_X509) i32; + pub extern fn SSL_check_private_key(ctx: ?*const Ssl) i32; + pub extern fn SSL_clear_options(s: ?*Ssl, op: u64) u64; + pub extern fn SSL_clear(s: ?*Ssl) i32; + pub extern fn SSL_client_hello_get0_ciphers(s: ?*Ssl, out: [*c][*c]const u8) usize; + pub extern fn SSL_client_hello_get0_compression_methods(s: ?*Ssl, out: [*c][*c]const u8) usize; + pub extern fn SSL_client_hello_get0_ext(s: ?*Ssl, @"type": u32, out: [*c][*c]const u8, outlen: [*c]usize) i32; + pub extern fn SSL_client_hello_get0_legacy_version(s: ?*Ssl) u32; + pub extern fn SSL_client_hello_get0_random(s: ?*Ssl, out: [*c][*c]const u8) usize; + pub extern fn SSL_client_hello_get0_session_id(s: ?*Ssl, out: [*c][*c]const u8) usize; + pub extern fn SSL_client_hello_get1_extensions_present(s: ?*Ssl, out: [*c][*c]i32, outlen: [*c]usize) i32; + pub extern fn SSL_client_hello_isv2(s: ?*Ssl) i32; + pub extern fn SSL_client_version(s: ?*const Ssl) i32; + pub extern fn SSL_config(s: ?*Ssl, name: [*c]const u8) i32; + pub extern fn SSL_connect(ssl: ?*Ssl) i32; + pub extern fn SSL_copy_session_id(to: ?*Ssl, from: ?*const Ssl) i32; + pub extern fn SSL_ct_is_enabled(s: ?*const Ssl) i32; + pub extern fn SSL_ctrl(ssl: ?*Ssl, cmd: i32, larg: i64, parg: ?*anyopaque) i64; + pub extern fn SSL_dane_clear_flags(ssl: ?*Ssl, flags: u64) u64; + pub extern fn SSL_dane_enable(s: ?*Ssl, basedomain: [*c]const u8) i32; + pub extern fn SSL_dane_set_flags(ssl: ?*Ssl, flags: u64) u64; + pub extern fn SSL_dane_tlsa_add(s: ?*Ssl, usage: u8, selector: u8, mtype: u8, data: [*c]const u8, dlen: usize) i32; + pub extern fn SSL_do_handshake(s: ?*Ssl) i32; + pub extern fn SSL_dup_CA_list(sk: ?*const c_ssl.struct_stack_st_X509_NAME) ?*c_ssl.struct_stack_st_X509_NAME; + pub extern fn SSL_dup(ssl: ?*Ssl) ?*Ssl; + pub extern fn SSL_enable_ct(s: ?*Ssl, validation_mode: i32) i32; + pub extern fn SSL_export_keying_material_early(s: ?*Ssl, out: [*c]u8, olen: usize, label: [*c]const u8, llen: usize, context: [*c]const u8, contextlen: usize) i32; + pub extern fn SSL_export_keying_material(s: ?*Ssl, out: [*c]u8, olen: usize, label: [*c]const u8, llen: usize, context: [*c]const u8, contextlen: usize, use_context: i32) i32; + pub extern fn SSL_extension_supported(ext_type: u32) i32; + pub extern fn SSL_free_buffers(ssl: ?*Ssl) i32; + pub extern fn SSL_free(ssl: ?*Ssl) void; + pub extern fn SSL_get_all_async_fds(s: ?*Ssl, fds: [*c]i32, numfds: [*c]usize) i32; + pub extern fn SSL_get_async_status(s: ?*Ssl, status: [*c]i32) i32; + pub extern fn SSL_get_certificate(ssl: ?*const Ssl) ?*c_ssl.X509; + pub extern fn SSL_get_changed_async_fds(s: ?*Ssl, addfd: [*c]i32, numaddfds: [*c]usize, delfd: [*c]i32, numdelfds: [*c]usize) i32; + pub extern fn SSL_get_cipher_list(s: ?*const Ssl, n: i32) [*c]const u8; + pub extern fn SSL_get_ciphers(s: ?*const Ssl) ?*c_ssl.struct_stack_st_SSL_CIPHER; + pub extern fn SSL_get_client_CA_list(s: ?*const Ssl) ?*c_ssl.struct_stack_st_X509_NAME; + pub extern fn SSL_get_client_ciphers(s: ?*const Ssl) ?*c_ssl.struct_stack_st_SSL_CIPHER; + pub extern fn SSL_get_client_random(ssl: ?*const Ssl, out: [*c]u8, outlen: usize) usize; + pub extern fn SSL_get_current_cipher(s: ?*const Ssl) ?*const c_ssl.SSL_CIPHER; + pub extern fn SSL_get_current_compression(s: ?*const Ssl) ?*const c_ssl.COMP_METHOD; + pub extern fn SSL_get_current_expansion(s: ?*const Ssl) ?*const c_ssl.COMP_METHOD; + pub extern fn SSL_get_default_passwd_cb_userdata(s: ?*Ssl) ?*anyopaque; + pub extern fn SSL_get_default_passwd_cb(s: ?*Ssl) ?*const c_ssl.pem_password_cb; + pub extern fn SSL_get_default_timeout(s: ?*const Ssl) i64; + pub extern fn SSL_get_early_data_status(s: ?*const Ssl) i32; + pub extern fn SSL_get_error(s: ?*const Ssl, ret_code: i32) i32; + pub extern fn SSL_get_ex_data_X509_STORE_CTX_idx() i32; + pub extern fn SSL_get_ex_data(ssl: ?*const Ssl, idx: i32) ?*anyopaque; + pub extern fn SSL_get_fd(s: ?*const Ssl) i32; + pub extern fn SSL_get_finished(s: ?*const Ssl, buf: ?*anyopaque, count: usize) usize; + pub extern fn SSL_get_info_callback(ssl: ?*const Ssl) ?*const fn (?*const Ssl, i32, i32) callconv(.c) void; + pub extern fn SSL_get_key_update_type(s: ?*const Ssl) i32; + pub extern fn SSL_get_max_early_data(s: ?*const Ssl) u32; + pub extern fn SSL_get_num_tickets(s: ?*const Ssl) usize; + pub extern fn SSL_get_options(s: ?*const Ssl) u64; + pub extern fn SSL_get_peer_cert_chain(s: ?*const Ssl) ?*c_ssl.struct_stack_st_X509; + pub extern fn SSL_get_peer_finished(s: ?*const Ssl, buf: ?*anyopaque, count: usize) usize; + pub extern fn SSL_get_peer_signature_type_nid(s: ?*const Ssl, pnid: [*c]i32) i32; + pub extern fn SSL_get_pending_cipher(s: ?*const Ssl) ?*const c_ssl.SSL_CIPHER; + pub extern fn SSL_get_privatekey(ssl: ?*const Ssl) ?*c_ssl.struct_evp_pkey_st; + pub extern fn SSL_get_psk_identity_hint(s: ?*const Ssl) [*c]const u8; + pub extern fn SSL_get_psk_identity(s: ?*const Ssl) [*c]const u8; + pub extern fn SSL_get_quiet_shutdown(ssl: ?*const Ssl) i32; + pub extern fn SSL_get_rbio(s: ?*const Ssl) ?*c_ssl.BIO; + pub extern fn SSL_get_read_ahead(s: ?*const Ssl) i32; + pub extern fn SSL_get_record_padding_callback_arg(ssl: ?*const Ssl) ?*anyopaque; + pub extern fn SSL_get_recv_max_early_data(s: ?*const Ssl) u32; + pub extern fn SSL_get_rfd(s: ?*const Ssl) i32; + pub extern fn SSL_get_security_callback(s: ?*const Ssl) ?*const fn (?*const Ssl, ?*const SslContext, i32, i32, i32, ?*anyopaque, ?*anyopaque) callconv(.c) i32; + pub extern fn SSL_get_security_level(s: ?*const Ssl) i32; + pub extern fn SSL_get_selected_srtp_profile(s: ?*Ssl) [*c]c_ssl.SRTP_PROTECTION_PROFILE; + pub extern fn SSL_get_server_random(ssl: ?*const Ssl, out: [*c]u8, outlen: usize) usize; + pub extern fn SSL_get_servername_type(s: ?*const Ssl) i32; + pub extern fn SSL_get_servername(s: ?*const Ssl, @"type": i32) [*c]const u8; + pub extern fn SSL_get_session(ssl: ?*const Ssl) ?*SslSession; + pub extern fn SSL_get_shared_ciphers(s: ?*const Ssl, buf: [*c]u8, size: i32) [*c]u8; + pub extern fn SSL_get_shared_sigalgs(s: ?*Ssl, idx: i32, psign: [*c]i32, phash: [*c]i32, psignandhash: [*c]i32, rsig: [*c]u8, rhash: [*c]u8) i32; + pub extern fn SSL_get_shutdown(ssl: ?*const Ssl) i32; + pub extern fn SSL_get_sigalgs(s: ?*Ssl, idx: i32, psign: [*c]i32, phash: [*c]i32, psignandhash: [*c]i32, rsig: [*c]u8, rhash: [*c]u8) i32; + pub extern fn SSL_get_signature_type_nid(s: ?*const Ssl, pnid: [*c]i32) i32; + pub extern fn SSL_get_srp_g(s: ?*Ssl) ?*c_ssl.BIGNUM; + pub extern fn SSL_get_srp_N(s: ?*Ssl) ?*c_ssl.BIGNUM; + pub extern fn SSL_get_srp_userinfo(s: ?*Ssl) [*c]u8; + pub extern fn SSL_get_srp_username(s: ?*Ssl) [*c]u8; + pub extern fn SSL_get_srtp_profiles(ssl: ?*Ssl) ?*c_ssl.struct_stack_st_SRTP_PROTECTION_PROFILE; + pub extern fn SSL_get_SSL_CTX(ssl: ?*const Ssl) ?*SslContext; + pub extern fn SSL_get_ssl_method(s: ?*const Ssl) ?*const SslMethod; + pub extern fn SSL_get_state(ssl: ?*const Ssl) c_ssl.OSSL_HANDSHAKE_STATE; + pub extern fn SSL_get_verify_callback(s: ?*const Ssl) c_ssl.SSL_verify_cb; + pub extern fn SSL_get_verify_depth(s: ?*const Ssl) i32; + pub extern fn SSL_get_verify_mode(s: ?*const Ssl) i32; + pub extern fn SSL_get_verify_result(ssl: ?*const Ssl) i64; + pub extern fn SSL_get_version(s: ?*const Ssl) [*c]const u8; + pub extern fn SSL_get_wbio(s: ?*const Ssl) ?*c_ssl.BIO; + pub extern fn SSL_get_wfd(s: ?*const Ssl) i32; + pub extern fn SSL_get0_alpn_selected(ssl: ?*const Ssl, data: [*c][*c]const u8, len: [*c]u32) void; + pub extern fn SSL_get0_CA_list(s: ?*const Ssl) ?*const c_ssl.struct_stack_st_X509_NAME; + pub extern fn SSL_get0_dane_authority(s: ?*Ssl, mcert: [*c]?*c_ssl.X509, mspki: [*c]?*c_ssl.EVP_PKEY) i32; + pub extern fn SSL_get0_dane_tlsa(s: ?*Ssl, usage: [*c]u8, selector: [*c]u8, mtype: [*c]u8, data: [*c][*c]const u8, dlen: [*c]usize) i32; + pub extern fn SSL_get0_dane(ssl: ?*Ssl) ?*c_ssl.SSL_DANE; + pub extern fn SSL_get0_next_proto_negotiated(s: ?*const Ssl, data: [*c][*c]const u8, len: [*c]u32) void; + pub extern fn SSL_get0_param(ssl: ?*Ssl) ?*c_ssl.X509_VERIFY_PARAM; + pub extern fn SSL_get0_peer_CA_list(s: ?*const Ssl) ?*const c_ssl.struct_stack_st_X509_NAME; + pub extern fn SSL_get0_peer_certificate(s: ?*const Ssl) ?*c_ssl.X509; + pub extern fn SSL_get0_peer_scts(s: ?*Ssl) ?*const c_ssl.struct_stack_st_SCT; + pub extern fn SSL_get0_peername(s: ?*Ssl) [*c]const u8; + pub extern fn SSL_get0_security_ex_data(s: ?*const Ssl) ?*anyopaque; + pub extern fn SSL_get0_verified_chain(s: ?*const Ssl) ?*c_ssl.struct_stack_st_X509; + pub extern fn SSL_get1_peer_certificate(s: ?*const Ssl) ?*c_ssl.X509; + pub extern fn SSL_get1_session(ssl: ?*Ssl) ?*SslSession; + pub extern fn SSL_get1_supported_ciphers(s: ?*Ssl) ?*c_ssl.struct_stack_st_SSL_CIPHER; + pub extern fn SSL_group_to_name(s: ?*Ssl, id: i32) [*c]const u8; + pub extern fn SSL_has_matching_session_id(s: ?*const Ssl, id: [*c]const u8, id_len: u32) i32; + pub extern fn SSL_has_pending(s: ?*const Ssl) i32; + pub extern fn SSL_in_before(s: ?*const Ssl) i32; + pub extern fn SSL_in_init(s: ?*const Ssl) i32; + pub extern fn SSL_is_dtls(s: ?*const Ssl) i32; + pub extern fn SSL_is_init_finished(s: ?*const Ssl) i32; + pub extern fn SSL_is_server(s: ?*const Ssl) i32; + pub extern fn SSL_key_update(s: ?*Ssl, updatetype: i32) i32; + pub extern fn SSL_load_client_CA_file_ex(file: [*c]const u8, libctx: ?*c_ssl.OSSL_LIB_CTX, propq: [*c]const u8) ?*c_ssl.struct_stack_st_X509_NAME; + pub extern fn SSL_load_client_CA_file(file: [*c]const u8) ?*c_ssl.struct_stack_st_X509_NAME; + pub extern fn SSL_new_session_ticket(s: ?*Ssl) i32; + pub extern fn SSL_new(ctx: ?*SslContext) ?*Ssl; + pub extern fn SSL_peek_ex(ssl: ?*Ssl, buf: ?*anyopaque, num: usize, readbytes: ?*usize) i32; + pub extern fn SSL_peek(ssl: ?*Ssl, buf: ?*anyopaque, num: i32) i32; + pub extern fn SSL_pending(s: ?*const Ssl) i32; + pub extern fn SSL_read_early_data(s: ?*Ssl, buf: ?*anyopaque, num: usize, readbytes: ?*usize) i32; + pub extern fn SSL_read_ex(ssl: ?*Ssl, buf: ?*anyopaque, num: usize, readbytes: ?*usize) i32; + pub extern fn SSL_read(ssl: ?*Ssl, buf: ?*anyopaque, num: i32) i32; + pub extern fn SSL_renegotiate_abbreviated(s: ?*Ssl) i32; + pub extern fn SSL_renegotiate_pending(s: ?*const Ssl) i32; + pub extern fn SSL_renegotiate(s: ?*Ssl) i32; + pub extern fn SSL_rstate_string_long(s: ?*const Ssl) [*c]const u8; + pub extern fn SSL_rstate_string(s: ?*const Ssl) [*c]const u8; + pub extern fn SSL_select_next_proto(out: [*c][*c]u8, outlen: [*c]u8, in: [*c]const u8, inlen: u32, client: [*c]const u8, client_len: u32) i32; + pub extern fn SSL_sendfile(s: ?*Ssl, fd: i32, offset: c_ssl.off_t, size: usize, flags: i32) isize; + pub extern fn SSL_session_reused(s: ?*const Ssl) i32; + pub extern fn SSL_set_accept_state(s: ?*Ssl) void; + pub extern fn SSL_set_allow_early_data_cb(s: ?*Ssl, cb: c_ssl.SSL_allow_early_data_cb_fn, arg: ?*anyopaque) void; + pub extern fn SSL_set_alpn_protos(ssl: ?*Ssl, protos: [*c]const u8, protos_len: u32) i32; + pub extern fn SSL_set_async_callback_arg(s: ?*Ssl, arg: ?*anyopaque) i32; + pub extern fn SSL_set_async_callback(s: ?*Ssl, callback: c_ssl.SSL_async_callback_fn) i32; + pub extern fn SSL_set_bio(s: ?*Ssl, rbio: ?*c_ssl.BIO, wbio: ?*c_ssl.BIO) void; + pub extern fn SSL_set_block_padding(ssl: ?*Ssl, block_size: usize) i32; + pub extern fn SSL_set_cert_cb(s: ?*Ssl, cb: ?*const fn (?*Ssl, ?*anyopaque) callconv(.c) i32, arg: ?*anyopaque) void; + pub extern fn SSL_set_cipher_list(s: ?*Ssl, str: [*c]const u8) i32; + pub extern fn SSL_set_ciphersuites(s: ?*Ssl, str: [*c]const u8) i32; + pub extern fn SSL_set_client_CA_list(s: ?*Ssl, name_list: ?*c_ssl.struct_stack_st_X509_NAME) void; + pub extern fn SSL_set_connect_state(s: ?*Ssl) void; + pub extern fn SSL_set_ct_validation_callback(s: ?*Ssl, callback: c_ssl.ssl_ct_validation_cb, arg: ?*anyopaque) i32; + pub extern fn SSL_set_debug(s: ?*Ssl, debug: i32) void; + pub extern fn SSL_set_default_passwd_cb_userdata(s: ?*Ssl, u: ?*anyopaque) void; + pub extern fn SSL_set_default_passwd_cb(s: ?*Ssl, cb: ?*const c_ssl.pem_password_cb) void; + pub extern fn SSL_set_default_read_buffer_len(s: ?*Ssl, len: usize) void; + pub extern fn SSL_set_ex_data(ssl: ?*Ssl, idx: i32, data: ?*anyopaque) i32; + pub extern fn SSL_set_fd(s: ?*Ssl, fd: i32) i32; + pub extern fn SSL_set_generate_session_id(s: ?*Ssl, cb: c_ssl.GEN_SESSION_CB) i32; + pub extern fn SSL_set_hostflags(s: ?*Ssl, flags: u32) void; + pub extern fn SSL_set_info_callback(ssl: ?*Ssl, cb: ?*const fn (?*const Ssl, i32, i32) callconv(.c) void) void; + pub extern fn SSL_set_max_early_data(s: ?*Ssl, max_early_data: u32) i32; + pub extern fn SSL_set_msg_callback(ssl: ?*Ssl, cb: ?*const fn (i32, i32, i32, ?*const anyopaque, usize, ?*Ssl, ?*anyopaque) callconv(.c) void) void; + pub extern fn SSL_set_not_resumable_session_callback(ssl: ?*Ssl, cb: ?*const fn (?*Ssl, i32) callconv(.c) i32) void; + pub extern fn SSL_set_num_tickets(s: ?*Ssl, num_tickets: usize) i32; + pub extern fn SSL_set_options(s: ?*Ssl, op: u64) u64; + pub extern fn SSL_set_post_handshake_auth(s: ?*Ssl, val: i32) void; + pub extern fn SSL_set_psk_client_callback(ssl: ?*Ssl, cb: c_ssl.SSL_psk_client_cb_func) void; + pub extern fn SSL_set_psk_find_session_callback(s: ?*Ssl, cb: c_ssl.SSL_psk_find_session_cb_func) void; + pub extern fn SSL_set_psk_server_callback(ssl: ?*Ssl, cb: c_ssl.SSL_psk_server_cb_func) void; + pub extern fn SSL_set_psk_use_session_callback(s: ?*Ssl, cb: c_ssl.SSL_psk_use_session_cb_func) void; + pub extern fn SSL_set_purpose(ssl: ?*Ssl, purpose: i32) i32; + pub extern fn SSL_set_quiet_shutdown(ssl: ?*Ssl, mode: i32) void; + pub extern fn SSL_set_read_ahead(s: ?*Ssl, yes: i32) void; + pub extern fn SSL_set_record_padding_callback_arg(ssl: ?*Ssl, arg: ?*anyopaque) void; + pub extern fn SSL_set_record_padding_callback(ssl: ?*Ssl, cb: ?*const fn (?*Ssl, i32, usize, ?*anyopaque) callconv(.c) usize) i32; + pub extern fn SSL_set_recv_max_early_data(s: ?*Ssl, recv_max_early_data: u32) i32; + pub extern fn SSL_set_rfd(s: ?*Ssl, fd: i32) i32; + pub extern fn SSL_set_security_callback(s: ?*Ssl, cb: ?*const fn (?*const Ssl, ?*const SslContext, i32, i32, i32, ?*anyopaque, ?*anyopaque) callconv(.c) i32) void; + pub extern fn SSL_set_security_level(s: ?*Ssl, level: i32) void; + pub extern fn SSL_set_session_id_context(ssl: ?*Ssl, sid_ctx: [*c]const u8, sid_ctx_len: u32) i32; + pub extern fn SSL_set_session_secret_cb(s: ?*Ssl, session_secret_cb: c_ssl.tls_session_secret_cb_fn, arg: ?*anyopaque) i32; + pub extern fn SSL_set_session_ticket_ext_cb(s: ?*Ssl, cb: c_ssl.tls_session_ticket_ext_cb_fn, arg: ?*anyopaque) i32; + pub extern fn SSL_set_session_ticket_ext(s: ?*Ssl, ext_data: ?*anyopaque, ext_len: i32) i32; + pub extern fn SSL_set_session(to: ?*Ssl, session: ?*SslSession) i32; + pub extern fn SSL_set_shutdown(ssl: ?*Ssl, mode: i32) void; + pub extern fn SSL_set_srp_server_param_pw(s: ?*Ssl, user: [*c]const u8, pass: [*c]const u8, grp: [*c]const u8) i32; + pub extern fn SSL_set_srp_server_param(s: ?*Ssl, N: ?*const c_ssl.BIGNUM, g: ?*const c_ssl.BIGNUM, sa: ?*c_ssl.BIGNUM, v: ?*c_ssl.BIGNUM, info: [*c]u8) i32; + pub extern fn SSL_set_SSL_CTX(ssl: ?*Ssl, ctx: ?*SslContext) ?*SslContext; + pub extern fn SSL_set_ssl_method(s: ?*Ssl, method: ?*const SslMethod) i32; + pub extern fn SSL_set_tlsext_max_fragment_length(ssl: ?*Ssl, mode: u8) i32; + pub extern fn SSL_set_tlsext_use_srtp(ssl: ?*Ssl, profiles: [*c]const u8) i32; + pub extern fn SSL_set_tmp_dh_callback(ssl: ?*Ssl, dh: ?*const fn (?*Ssl, i32, i32) callconv(.c) ?*c_ssl.DH) void; + pub extern fn SSL_set_trust(ssl: ?*Ssl, trust: i32) i32; + pub extern fn SSL_set_verify_depth(s: ?*Ssl, depth: i32) void; + pub extern fn SSL_set_verify_result(ssl: ?*Ssl, v: i64) void; + pub extern fn SSL_set_verify(s: ?*Ssl, mode: i32, callback: c_ssl.SSL_verify_cb) void; + pub extern fn SSL_set_wfd(s: ?*Ssl, fd: i32) i32; + pub extern fn SSL_set0_CA_list(s: ?*Ssl, name_list: ?*c_ssl.struct_stack_st_X509_NAME) void; + pub extern fn SSL_set0_rbio(s: ?*Ssl, rbio: ?*c_ssl.BIO) void; + pub extern fn SSL_set0_security_ex_data(s: ?*Ssl, ex: ?*anyopaque) void; + pub extern fn SSL_set0_tmp_dh_pkey(s: ?*Ssl, dhpkey: ?*c_ssl.EVP_PKEY) i32; + pub extern fn SSL_set0_wbio(s: ?*Ssl, wbio: ?*c_ssl.BIO) void; + pub extern fn SSL_set1_host(s: ?*Ssl, hostname: [*c]const u8) i32; + pub extern fn SSL_set1_param(ssl: ?*Ssl, vpm: ?*c_ssl.X509_VERIFY_PARAM) i32; + pub extern fn SSL_shutdown(s: ?*Ssl) i32; + pub extern fn SSL_srp_server_param_with_username(s: ?*Ssl, ad: [*c]i32) i32; + pub extern fn SSL_state_string_long(s: ?*const Ssl) [*c]const u8; + pub extern fn SSL_state_string(s: ?*const Ssl) [*c]const u8; + pub extern fn SSL_stateless(s: ?*Ssl) i32; + pub extern fn SSL_test_functions() ?*const c_ssl.struct_openssl_ssl_test_functions; + pub extern fn SSL_trace(write_p: i32, version: i32, content_type: i32, buf: ?*const anyopaque, len: usize, ssl: ?*Ssl, arg: ?*anyopaque) void; + pub extern fn SSL_up_ref(s: ?*Ssl) i32; + pub extern fn SSL_use_cert_and_key(ssl: ?*Ssl, x509: ?*c_ssl.X509, privatekey: ?*c_ssl.EVP_PKEY, chain: ?*c_ssl.struct_stack_st_X509, override: i32) i32; + pub extern fn SSL_use_certificate_ASN1(ssl: ?*Ssl, d: [*c]const u8, len: i32) i32; + pub extern fn SSL_use_certificate_chain_file(ssl: ?*Ssl, file: [*c]const u8) i32; + pub extern fn SSL_use_certificate_file(ssl: ?*Ssl, file: [*c]const u8, @"type": i32) i32; + pub extern fn SSL_use_certificate(ssl: ?*Ssl, x: ?*c_ssl.X509) i32; + pub extern fn SSL_use_PrivateKey_ASN1(pk: i32, ssl: ?*Ssl, d: [*c]const u8, len: i64) i32; + pub extern fn SSL_use_PrivateKey_file(ssl: ?*Ssl, file: [*c]const u8, @"type": i32) i32; + pub extern fn SSL_use_PrivateKey(ssl: ?*Ssl, pkey: ?*c_ssl.EVP_PKEY) i32; + pub extern fn SSL_use_psk_identity_hint(s: ?*Ssl, identity_hint: [*c]const u8) i32; + pub extern fn SSL_use_RSAPrivateKey_ASN1(ssl: ?*Ssl, d: [*c]const u8, len: i64) i32; + pub extern fn SSL_use_RSAPrivateKey_file(ssl: ?*Ssl, file: [*c]const u8, @"type": i32) i32; + pub extern fn SSL_use_RSAPrivateKey(ssl: ?*Ssl, rsa: ?*c_ssl.RSA) i32; + pub extern fn SSL_verify_client_post_handshake(s: ?*Ssl) i32; + pub extern fn SSL_version(ssl: ?*const Ssl) i32; + pub extern fn SSL_waiting_for_async(s: ?*Ssl) i32; + pub extern fn SSL_want(s: ?*const Ssl) i32; + pub extern fn SSL_write_early_data(s: ?*Ssl, buf: ?*const anyopaque, num: usize, written: ?*usize) i32; + pub extern fn SSL_write_ex(s: ?*Ssl, buf: ?*const anyopaque, num: usize, written: ?*usize) i32; + pub extern fn SSL_write(ssl: ?*Ssl, buf: ?*const anyopaque, num: i32) i32; +}; diff --git a/packages/web/src/openssl/SslContext.zig b/packages/web/src/openssl/SslContext.zig new file mode 100644 index 0000000..351c1ea --- /dev/null +++ b/packages/web/src/openssl/SslContext.zig @@ -0,0 +1,657 @@ +const std = @import("std"); + +const c_ssl = @import("ssl.zig"); + +const Ssl = @import("Ssl.zig").Ssl; +const SslMethod = @import("SslMethod.zig").SslMethod; +const SslSession = @import("SslSession.zig").SslSession; + +pub const SslContext = opaque { + + // --- MACROS -------------------------------------------------------------- + + pub inline fn setMode(self: *SslContext, op: anytype) i64 { + return self.ctrl(c_ssl.c_ssl.SSL_CTRL_MODE, op, null); + } + + pub inline fn clearMode(self: *SslContext, op: anytype) i64 { + return self.ctrl(c_ssl.SSL_CTRL_CLEAR_MODE, op, null); + } + + pub inline fn getMode(self: *SslContext) i64 { + return self.ctrl(c_ssl.SSL_CTRL_MODE, 0, null); + } + + pub inline fn setCertFlags(self: *SslContext, op: anytype) i64 { + return self.ctrl(c_ssl.SSL_CTRL_CERT_FLAGS, op, null); + } + + pub inline fn clearCertFlags(self: *SslContext, op: anytype) i64 { + return self.ctrl(c_ssl.SSL_CTRL_CLEAR_CERT_FLAGS, op, null); + } + + pub inline fn setMsgCallbackArg(self: *SslContext, arg: anytype) i64 { + return self.ctrl(c_ssl.SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, arg); + } + + pub inline fn sessNumber(self: *SslContext) i64 { + return self.ctrl(c_ssl.SSL_CTRL_SESS_NUMBER, 0, null); + } + + pub inline fn sessConnect(self: *SslContext) i64 { + return self.ctrl(c_ssl.SSL_CTRL_SESS_CONNECT, 0, null); + } + + pub inline fn sessConnectGood(self: *SslContext) i64 { + return self.ctrl(c_ssl.SSL_CTRL_SESS_CONNECT_GOOD, 0, null); + } + + pub inline fn sessConnectRenegotiate(self: *SslContext) i64 { + return self.ctrl(c_ssl.SSL_CTRL_SESS_CONNECT_RENEGOTIATE, 0, null); + } + + pub inline fn sessAccept(self: *SslContext) i64 { + return self.ctrl(c_ssl.SSL_CTRL_SESS_ACCEPT, 0, null); + } + pub inline fn sessAcceptRenegotiate(self: *SslContext) i64 { + return self.ctrl(c_ssl.SSL_CTRL_SESS_ACCEPT_RENEGOTIATE, 0, null); + } + + pub inline fn sessAcceptGood(self: *SslContext) i64 { + return self.ctrl(c_ssl.SSL_CTRL_SESS_ACCEPT_GOOD, 0, null); + } + + pub inline fn sessHits(self: *SslContext) i64 { + return self.ctrl(c_ssl.SSL_CTRL_SESS_HIT, 0, null); + } + + pub inline fn sessCbHits(self: *SslContext) i64 { + return self.ctrl(c_ssl.SSL_CTRL_SESS_CB_HIT, 0, null); + } + + pub inline fn sessMisses(self: *SslContext) i64 { + return self.ctrl(c_ssl.SSL_CTRL_SESS_MISSES, 0, null); + } + + pub inline fn sessTimeouts(self: *SslContext) i64 { + return self.ctrl(c_ssl.SSL_CTRL_SESS_TIMEOUTS, 0, null); + } + + pub inline fn sessCacheFull(self: *SslContext) i64 { + return self.ctrl(c_ssl.SSL_CTRL_SESS_CACHE_FULL, 0, null); + } + + pub inline fn setTlsextServernameArg(self: *SslContext, arg: anytype) i64 { + return self.ctrl(c_ssl.SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG, 0, arg); + } + + pub inline fn getTlsextTicketKeys(self: *SslContext, keys: anytype, keylen: anytype) i64 { + return self.ctrl(c_ssl.SSL_CTRL_GET_TLSEXT_TICKET_KEYS, keylen, keys); + } + + pub inline fn setTlsextTicketKeys(self: *SslContext, keys: anytype, keylen: anytype) i64 { + return self.ctrl(c_ssl.SSL_CTRL_SET_TLSEXT_TICKET_KEYS, keylen, keys); + } + + pub inline fn getTlsextStatusCb(self: *SslContext, cb: anytype) i64 { + return self.ctrl(c_ssl.SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB, 0, @import("std").zig.c_translation.cast(?*anyopaque, cb)); + } + + pub inline fn getTlsextStatusArg(self: *SslContext, arg: anytype) i64 { + return self.ctrl(c_ssl.SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG, 0, arg); + } + + pub inline fn setTlsextStatusArg(self: *SslContext, arg: anytype) i64 { + return self.ctrl(c_ssl.SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG, 0, arg); + } + + pub inline fn setTlsextStatusType(self: *SslContext, @"type": anytype) i64 { + return self.ctrl(c_ssl.SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE, @"type", null); + } + + pub inline fn getTlsextStatusType(self: *SslContext) i64 { + return self.ctrl(c_ssl.SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE, 0, null); + } + + pub inline fn getAppData(self: *const SslContext) ?*anyopaque { + return self.getExData(0); + } + + pub inline fn setAppData(self: *SslContext, data: ?*anyopaque) i32 { + return self.setExData(0, data); + } + + pub inline fn setTmpDh(self: *SslContext, dh: anytype) i64 { + return self.ctrl(c_ssl.SSL_CTRL_SET_TMP_DH, 0, @import("std").zig.c_translation.cast([*c]u8, dh)); + } + + pub inline fn setDhAuto(self: *SslContext, onoff: anytype) i64 { + return self.ctrl(c_ssl.SSL_CTRL_SET_DH_AUTO, onoff, null); + } + + pub inline fn setTmpEcdh(self: *SslContext, ecdh: anytype) i64 { + return self.ctrl(c_ssl.SSL_CTRL_SET_TMP_ECDH, 0, @import("std").zig.c_translation.cast([*c]u8, ecdh)); + } + + pub inline fn addExtraChainCert(self: *SslContext, x509: anytype) i64 { + return self.ctrl(c_ssl.SSL_CTRL_EXTRA_CHAIN_CERT, 0, @import("std").zig.c_translation.cast([*c]u8, x509)); + } + + pub inline fn getExtraChainCerts(self: *SslContext, px509: anytype) i64 { + return self.ctrl(c_ssl.SSL_CTRL_GET_EXTRA_CHAIN_CERTS, 0, px509); + } + + pub inline fn getExtraChainCertsOnly(self: *SslContext, px509: anytype) i64 { + return self.ctrl(c_ssl.SSL_CTRL_GET_EXTRA_CHAIN_CERTS, @as(c_int, 1), px509); + } + + pub inline fn clearExtraChainCerts(self: *SslContext) i64 { + return self.ctrl(c_ssl.SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS, 0, null); + } + + pub inline fn set0Chain(self: *SslContext, sk: anytype) i64 { + return self.ctrl(c_ssl.SSL_CTRL_CHAIN, 0, @import("std").zig.c_translation.cast([*c]u8, sk)); + } + + pub inline fn set1Chain(self: *SslContext, sk: anytype) i64 { + return self.ctrl(c_ssl.SSL_CTRL_CHAIN, @as(c_int, 1), @import("std").zig.c_translation.cast([*c]u8, sk)); + } + + pub inline fn add0ChainCert(self: *SslContext, x509: anytype) i64 { + return self.ctrl(c_ssl.SSL_CTRL_CHAIN_CERT, 0, @import("std").zig.c_translation.cast([*c]u8, x509)); + } + + pub inline fn add1ChainCert(self: *SslContext, x509: anytype) i64 { + return self.ctrl(c_ssl.SSL_CTRL_CHAIN_CERT, @as(c_int, 1), @import("std").zig.c_translation.cast([*c]u8, x509)); + } + + pub inline fn get0ChainCerts(self: *SslContext, px509: anytype) i64 { + return self.ctrl(c_ssl.SSL_CTRL_GET_CHAIN_CERTS, 0, px509); + } + + pub inline fn clearChainCerts(self: *SslContext) i64 { + return self.set0Chain(null); + } + + pub inline fn buildCertChain(self: *SslContext, flags: anytype) i64 { + return self.ctrl(c_ssl.SSL_CTRL_BUILD_CERT_CHAIN, flags, null); + } + + pub inline fn selectCurrentCert(self: *SslContext, x509: anytype) i64 { + return self.ctrl(c_ssl.SSL_CTRL_SELECT_CURRENT_CERT, 0, @import("std").zig.c_translation.cast([*c]u8, x509)); + } + + pub inline fn setCurrentCert(self: *SslContext, op: anytype) i64 { + return self.ctrl(c_ssl.SSL_CTRL_SET_CURRENT_CERT, op, null); + } + + pub inline fn set0VerifyCertStore(self: *SslContext, st: anytype) i64 { + return self.ctrl(c_ssl.SSL_CTRL_SET_VERIFY_CERT_STORE, 0, @import("std").zig.c_translation.cast([*c]u8, st)); + } + + pub inline fn set1VerifyCertStore(self: *SslContext, st: anytype) i64 { + return self.ctrl(c_ssl.SSL_CTRL_SET_VERIFY_CERT_STORE, @as(c_int, 1), @import("std").zig.c_translation.cast([*c]u8, st)); + } + + pub inline fn get0VerifyCertStore(self: *SslContext, st: anytype) i64 { + return self.ctrl(c_ssl.SSL_CTRL_GET_VERIFY_CERT_STORE, 0, @import("std").zig.c_translation.cast([*c]u8, st)); + } + + pub inline fn set0ChainCertStore(self: *SslContext, st: anytype) i64 { + return self.ctrl(c_ssl.SSL_CTRL_SET_CHAIN_CERT_STORE, 0, @import("std").zig.c_translation.cast([*c]u8, st)); + } + + pub inline fn set1ChainCertStore(self: *SslContext, st: anytype) i64 { + return self.ctrl(c_ssl.SSL_CTRL_SET_CHAIN_CERT_STORE, @as(c_int, 1), @import("std").zig.c_translation.cast([*c]u8, st)); + } + + pub inline fn get0ChainCertStore(self: *SslContext, st: anytype) i64 { + return self.ctrl(c_ssl.SSL_CTRL_GET_CHAIN_CERT_STORE, 0, @import("std").zig.c_translation.cast([*c]u8, st)); + } + + pub inline fn set1Groups(self: *SslContext, glist: anytype, glistlen: anytype) i64 { + return self.ctrl(c_ssl.SSL_CTRL_SET_GROUPS, glistlen, @import("std").zig.c_translation.cast([*c]c_int, glist)); + } + + pub inline fn set1GroupsList(self: *SslContext, s: anytype) i64 { + return self.ctrl(c_ssl.SSL_CTRL_SET_GROUPS_LIST, 0, @import("std").zig.c_translation.cast([*c]u8, s)); + } + + pub inline fn set1Sigalgs(self: *SslContext, slist: anytype, slistlen: anytype) i64 { + return self.ctrl(c_ssl.SSL_CTRL_SET_SIGALGS, slistlen, @import("std").zig.c_translation.cast([*c]c_int, slist)); + } + + pub inline fn set1SigalgsList(self: *SslContext, s: anytype) i64 { + return self.ctrl(c_ssl.SSL_CTRL_SET_SIGALGS_LIST, 0, @import("std").zig.c_translation.cast([*c]u8, s)); + } + + pub inline fn set1ClientSigalgs(self: *SslContext, slist: anytype, slistlen: anytype) i64 { + return self.ctrl(c_ssl.SSL_CTRL_SET_CLIENT_SIGALGS, slistlen, @import("std").zig.c_translation.cast([*c]c_int, slist)); + } + + pub inline fn set1ClientSigalgsList(self: *SslContext, s: anytype) i64 { + return self.ctrl(c_ssl.SSL_CTRL_SET_CLIENT_SIGALGS_LIST, 0, @import("std").zig.c_translation.cast([*c]u8, s)); + } + + pub inline fn set1ClientCertificateTypes(self: *SslContext, clist: anytype, clistlen: anytype) i64 { + return self.ctrl(c_ssl.SSL_CTRL_SET_CLIENT_CERT_TYPES, clistlen, @import("std").zig.c_translation.cast([*c]u8, clist)); + } + + pub inline fn setMinProtoVersion(self: *SslContext, version: anytype) i64 { + return self.ctrl(c_ssl.SSL_CTRL_SET_MIN_PROTO_VERSION, version, null); + } + + pub inline fn setMaxProtoVersion(self: *SslContext, version: anytype) i64 { + return self.ctrl(c_ssl.SSL_CTRL_SET_MAX_PROTO_VERSION, version, null); + } + + pub inline fn getMinProtoVersion(self: *SslContext) i64 { + return self.ctrl(c_ssl.SSL_CTRL_GET_MIN_PROTO_VERSION, 0, null); + } + + pub inline fn getMaxProtoVersion(self: *SslContext) i64 { + return self.ctrl(c_ssl.SSL_CTRL_GET_MAX_PROTO_VERSION, 0, null); + } + + pub inline fn getExNewIndex( + argl: i64, + argp: ?*anyopaque, + new_func: ?*const c_ssl.CRYPTO_EX_new, + dup_func: ?*const c_ssl.CRYPTO_EX_dup, + free_func: ?*const c_ssl.CRYPTO_EX_free, + ) i32 { + return c_ssl.CRYPTO_get_ex_new_index(c_ssl.CRYPTO_EX_INDEX_SSL_CTX, argl, argp, new_func, dup_func, free_func); + } + + pub inline fn sessSetCacheSize(self: *SslContext, t: anytype) i64 { + return self.ctrl(c_ssl.SSL_CTRL_SET_SESS_CACHE_SIZE, t, null); + } + + pub inline fn sessGetCacheSize(self: *SslContext) i64 { + return self.ctrl(c_ssl.SSL_CTRL_GET_SESS_CACHE_SIZE, 0, null); + } + + pub inline fn setSessionCacheMode(self: *SslContext, m: anytype) i64 { + return self.ctrl(c_ssl.SSL_CTRL_SET_SESS_CACHE_MODE, m, null); + } + + pub inline fn getSessionCacheMode(self: *SslContext) i64 { + return self.ctrl(c_ssl.SSL_CTRL_GET_SESS_CACHE_MODE, 0, null); + } + + pub inline fn getDefaultReadAhead(self: *SslContext) i64 { + return self.getReadAhead(); + } + + pub inline fn setDefaultReadAhead(self: *SslContext, m: anytype) i64 { + return self.setReadAhead(m); + } + + pub inline fn getReadAhead(self: *SslContext) i64 { + return self.ctrl(c_ssl.SSL_CTRL_GET_READ_AHEAD, 0, null); + } + + pub inline fn setReadAhead(self: *SslContext, m: anytype) i64 { + return self.ctrl(c_ssl.SSL_CTRL_SET_READ_AHEAD, m, null); + } + + pub inline fn getMaxCertList(self: *SslContext) i64 { + return self.ctrl(c_ssl.SSL_CTRL_GET_MAX_CERT_LIST, 0, null); + } + + pub inline fn setMaxCertList(self: *SslContext, m: anytype) i64 { + return self.ctrl(c_ssl.SSL_CTRL_SET_MAX_CERT_LIST, m, null); + } + + pub inline fn setMaxSendFragment(self: *SslContext, m: anytype) i64 { + return self.ctrl(c_ssl.SSL_CTRL_SET_MAX_SEND_FRAGMENT, m, null); + } + + pub inline fn setSplitSendFragment(self: *SslContext, m: anytype) i64 { + return self.ctrl(c_ssl.SSL_CTRL_SET_SPLIT_SEND_FRAGMENT, m, null); + } + + pub inline fn setMaxPipelines(self: *SslContext, m: anytype) i64 { + return self.ctrl(c_ssl.SSL_CTRL_SET_MAX_PIPELINES, m, null); + } + + // --- METHODS ------------------------------------------------------------- + + pub inline fn checkPrivateKey(self: *const SslContext) !void { + if (import.SSL_CTX_check_private_key(self) == 0) { + return error.InvalidPrivateKey; + } + } + + pub inline fn ctrl(self: *SslContext, cmd: i32, larg: i64, parg: ?*anyopaque) i64 { + return import.SSL_CTX_ctrl(self, cmd, larg, parg); + } + + pub inline fn free(self: *SslContext) void { + import.SSL_CTX_free(self); + } + + pub inline fn getExData(self: *const SslContext, index: i32) ?*anyopaque { + return import.SSL_CTX_get_ex_data(self, index); + } + + pub inline fn new(method: ?*const SslMethod) !*SslContext { + return import.SSL_CTX_new(method) orelse error.OpenSslError; + } + + pub inline fn setExData(self: *SslContext, index: i32, data: ?*anyopaque) i32 { + return import.SSL_CTX_set_ex_data(self, index, data); + } + + pub inline fn setOptions(self: *SslContext, op: u64) u64 { + return import.SSL_CTX_set_options(self, op); + } + + pub inline fn useCertificateFile(self: *SslContext, file: [*:0]const u8, @"type": i32) !void { + const res = import.SSL_CTX_use_certificate_file(self, file, @"type"); + if (res <= 0) { + return error.OpenSslError; + } + } + + pub inline fn usePrivateKeyFile(self: *SslContext, file: [*:0]const u8, @"type": i32) !void { + const res = import.SSL_CTX_use_PrivateKey_file(self, file, @"type"); + if (res <= 0) { + return error.OpenSslError; + } + } +}; + +const import = struct { + pub extern fn SSL_CTX_add_client_CA(ctx: *SslContext, x: ?*c_ssl.X509) i32; + pub extern fn SSL_CTX_add_client_custom_ext( + ctx: *SslContext, + ext_type: u32, + add_cb: c_ssl.custom_ext_add_cb, + free_cb: c_ssl.custom_ext_free_cb, + add_arg: ?*anyopaque, + parse_cb: c_ssl.custom_ext_parse_cb, + parse_arg: ?*anyopaque, + ) i32; + pub extern fn SSL_CTX_add_custom_ext( + ctx: *SslContext, + ext_type: u32, + context: u32, + add_cb: c_ssl.SSL_custom_ext_add_cb_ex, + free_cb: c_ssl.SSL_custom_ext_free_cb_ex, + add_arg: ?*anyopaque, + parse_cb: c_ssl.SSL_custom_ext_parse_cb_ex, + parse_arg: ?*anyopaque, + ) i32; + pub extern fn SSL_CTX_add_server_custom_ext( + ctx: *SslContext, + ext_type: u32, + add_cb: c_ssl.custom_ext_add_cb, + free_cb: c_ssl.custom_ext_free_cb, + add_arg: ?*anyopaque, + parse_cb: c_ssl.custom_ext_parse_cb, + parse_arg: ?*anyopaque, + ) i32; + pub extern fn SSL_CTX_add_session(ctx: *SslContext, session: ?*c_ssl.Session) i32; + pub extern fn SSL_CTX_add1_to_CA_list(ctx: *SslContext, x: ?*const c_ssl.X509) i32; + pub extern fn SSL_CTX_callback_ctrl(*SslContext, i32, ?*const fn () callconv(.c) void) i64; + pub extern fn SSL_CTX_check_private_key(ctx: *const SslContext) i32; + pub extern fn SSL_CTX_clear_options(ctx: *SslContext, op: u64) u64; + pub extern fn SSL_CTX_config(ctx: *SslContext, name: [*c]const u8) i32; + pub extern fn SSL_CTX_ct_is_enabled(ctx: *const SslContext) i32; + pub extern fn SSL_CTX_ctrl(ctx: *SslContext, cmd: i32, larg: i64, parg: ?*anyopaque) i64; + pub extern fn SSL_CTX_dane_clear_flags(ctx: *SslContext, flags: i64) i64; + pub extern fn SSL_CTX_dane_enable(ctx: *SslContext) i32; + pub extern fn SSL_CTX_dane_mtype_set(ctx: *SslContext, md: ?*const c_ssl.EVP_MD, mtype: u8, ord: u8) i32; + pub extern fn SSL_CTX_dane_set_flags(ctx: *SslContext, flags: i64) i64; + pub extern fn SSL_CTX_enable_ct(ctx: *SslContext, validation_mode: i32) i32; + pub extern fn SSL_CTX_flush_sessions(ctx: *SslContext, tm: i64) void; + pub extern fn SSL_CTX_free(*SslContext) void; + pub extern fn SSL_CTX_get_cert_store(*const SslContext) ?*c_ssl.X509_STORE; + pub extern fn SSL_CTX_get_ciphers(ctx: *const SslContext) ?*c_ssl.struct_stack_st_SSL_CIPHER; + pub extern fn SSL_CTX_get_client_CA_list(s: *const SslContext) ?*c_ssl.struct_stack_st_X509_NAME; + pub extern fn SSL_CTX_get_client_cert_cb(ctx: *SslContext) ?*const fn (?*Ssl, [*c]?*c_ssl.X509, [*c]?*c_ssl.EVP_PKEY) callconv(.c) i32; + pub extern fn SSL_CTX_get_default_passwd_cb_userdata(ctx: *SslContext) ?*anyopaque; + pub extern fn SSL_CTX_get_default_passwd_cb(ctx: *SslContext) ?*const c_ssl.pem_password_cb; + pub extern fn SSL_CTX_get_ex_data(ssl: *const SslContext, idx: i32) ?*anyopaque; + pub extern fn SSL_CTX_get_info_callback(ctx: *SslContext) ?*const fn (?*const Ssl, i32, i32) callconv(.c) void; + pub extern fn SSL_CTX_get_keylog_callback(ctx: *const SslContext) c_ssl.SSL_CTX_keylog_cb_func; + pub extern fn SSL_CTX_get_max_early_data(ctx: *const SslContext) u32; + pub extern fn SSL_CTX_get_num_tickets(ctx: *const SslContext) usize; + pub extern fn SSL_CTX_get_options(ctx: *const SslContext) u64; + pub extern fn SSL_CTX_get_quiet_shutdown(ctx: *const SslContext) i32; + pub extern fn SSL_CTX_get_record_padding_callback_arg(ctx: *const SslContext) ?*anyopaque; + pub extern fn SSL_CTX_get_recv_max_early_data(ctx: *const SslContext) u32; + pub extern fn SSL_CTX_get_security_callback(ctx: *const SslContext) ?*const fn ( + ?*const Ssl, + *const SslContext, + i32, + i32, + i32, + ?*anyopaque, + ?*anyopaque, + ) callconv(.c) i32; + pub extern fn SSL_CTX_get_security_level(ctx: *const SslContext) i32; + pub extern fn SSL_CTX_get_ssl_method(ctx: *const SslContext) ?*const SslMethod; + pub extern fn SSL_CTX_get_timeout(ctx: *const SslContext) i64; + pub extern fn SSL_CTX_get_verify_callback(ctx: *const SslContext) c_ssl.SSL_verify_cb; + pub extern fn SSL_CTX_get_verify_depth(ctx: *const SslContext) i32; + pub extern fn SSL_CTX_get_verify_mode(ctx: *const SslContext) i32; + pub extern fn SSL_CTX_get0_CA_list(ctx: *const SslContext) ?*const c_ssl.struct_stack_st_X509_NAME; + pub extern fn SSL_CTX_get0_certificate(ctx: *const SslContext) ?*c_ssl.X509; + pub extern fn SSL_CTX_get0_ctlog_store(ctx: *const SslContext) ?*const c_ssl.CTLOG_STORE; + pub extern fn SSL_CTX_get0_param(ctx: *SslContext) ?*c_ssl.X509_VERIFY_PARAM; + pub extern fn SSL_CTX_get0_privatekey(ctx: *const SslContext) ?*c_ssl.EVP_PKEY; + pub extern fn SSL_CTX_get0_security_ex_data(ctx: *const SslContext) ?*anyopaque; + pub extern fn SSL_CTX_has_client_custom_ext(ctx: *const SslContext, ext_type: u32) i32; + pub extern fn SSL_CTX_load_verify_dir(ctx: *SslContext, CApath: [*c]const u8) i32; + pub extern fn SSL_CTX_load_verify_file(ctx: *SslContext, CAfile: [*c]const u8) i32; + pub extern fn SSL_CTX_load_verify_locations(ctx: *SslContext, CAfile: [*c]const u8, CApath: [*c]const u8) i32; + pub extern fn SSL_CTX_load_verify_store(ctx: *SslContext, CAstore: [*c]const u8) i32; + pub extern fn SSL_CTX_new_ex(libctx: ?*c_ssl.OSSL_LIB_CTX, propq: [*c]const u8, meth: ?*const SslMethod) ?*SslContext; + pub extern fn SSL_CTX_new(meth: ?*const SslMethod) ?*SslContext; + pub extern fn SSL_CTX_remove_session(ctx: *SslContext, session: ?*SslSession) i32; + pub extern fn SSL_CTX_sess_get_get_cb(ctx: *SslContext) ?*const fn ( + ?*c_ssl.struct_ssl_st, + [*c]const u8, + i32, + [*c]i32, + ) callconv(.c) ?*SslSession; + pub extern fn SSL_CTX_sess_get_new_cb(ctx: *SslContext) ?*const fn ( + ?*c_ssl.struct_ssl_st, + ?*SslSession, + ) callconv(.c) i32; + pub extern fn SSL_CTX_sess_get_remove_cb(ctx: *SslContext) ?*const fn ( + ?*c_ssl.struct_ssl_ctx_st, + ?*SslSession, + ) callconv(.c) void; + pub extern fn SSL_CTX_sess_set_get_cb( + ctx: *SslContext, + get_session_cb: ?*const fn ( + ?*c_ssl.struct_ssl_st, + [*c]const u8, + i32, + [*c]i32, + ) callconv(.c) ?*SslSession, + ) void; + pub extern fn SSL_CTX_sess_set_new_cb( + ctx: *SslContext, + new_session_cb: ?*const fn ( + ?*c_ssl.struct_ssl_st, + ?*SslSession, + ) callconv(.c) i32, + ) void; + pub extern fn SSL_CTX_sess_set_remove_cb( + ctx: *SslContext, + remove_session_cb: ?*const fn ( + ?*c_ssl.struct_ssl_ctx_st, + ?*SslSession, + ) callconv(.c) void, + ) void; + pub extern fn SSL_CTX_sessions(ctx: *SslContext) ?*c_ssl.struct_lhash_st_SSL_SESSION; + pub extern fn SSL_CTX_set_allow_early_data_cb(ctx: *SslContext, cb: c_ssl.SSL_allow_early_data_cb_fn, arg: ?*anyopaque) void; + pub extern fn SSL_CTX_set_alpn_protos(ctx: *SslContext, protos: [*c]const u8, protos_len: u32) i32; + pub extern fn SSL_CTX_set_alpn_select_cb(ctx: *SslContext, cb: c_ssl.SSL_CTX_alpn_select_cb_func, arg: ?*anyopaque) void; + pub extern fn SSL_CTX_set_async_callback_arg(ctx: *SslContext, arg: ?*anyopaque) i32; + pub extern fn SSL_CTX_set_async_callback(ctx: *SslContext, callback: c_ssl.SSL_async_callback_fn) i32; + pub extern fn SSL_CTX_set_block_padding(ctx: *SslContext, block_size: usize) i32; + pub extern fn SSL_CTX_set_cert_cb(c: *SslContext, cb: ?*const fn (?*Ssl, ?*anyopaque) callconv(.c) i32, arg: ?*anyopaque) void; + pub extern fn SSL_CTX_set_cert_store(*SslContext, ?*c_ssl.X509_STORE) void; + pub extern fn SSL_CTX_set_cert_verify_callback( + ctx: *SslContext, + cb: ?*const fn ( + ?*c_ssl.X509_STORE_CTX, + ?*anyopaque, + ) callconv(.c) i32, + arg: ?*anyopaque, + ) void; + pub extern fn SSL_CTX_set_cipher_list(*SslContext, str: [*c]const u8) i32; + pub extern fn SSL_CTX_set_ciphersuites(ctx: *SslContext, str: [*c]const u8) i32; + pub extern fn SSL_CTX_set_client_CA_list(ctx: *SslContext, name_list: ?*c_ssl.struct_stack_st_X509_NAME) void; + pub extern fn SSL_CTX_set_client_cert_cb( + ctx: *SslContext, + client_cert_cb: ?*const fn ( + ?*Ssl, + [*c]?*c_ssl.X509, + [*c]?*c_ssl.EVP_PKEY, + ) callconv(.c) i32, + ) void; + pub extern fn SSL_CTX_set_client_cert_engine(ctx: *SslContext, e: ?*c_ssl.ENGINE) i32; + pub extern fn SSL_CTX_set_client_hello_cb(c: *SslContext, cb: c_ssl.SSL_client_hello_cb_fn, arg: ?*anyopaque) void; + pub extern fn SSL_CTX_set_cookie_generate_cb(ctx: *SslContext, app_gen_cookie_cb: ?*const fn (?*Ssl, [*c]u8, [*c]u32) callconv(.c) i32) void; + pub extern fn SSL_CTX_set_cookie_verify_cb(ctx: *SslContext, app_verify_cookie_cb: ?*const fn (?*Ssl, [*c]const u8, u32) callconv(.c) i32) void; + pub extern fn SSL_CTX_set_ct_validation_callback(ctx: *SslContext, callback: c_ssl.ssl_ct_validation_cb, arg: ?*anyopaque) i32; + pub extern fn SSL_CTX_set_ctlog_list_file(ctx: *SslContext, path: [*c]const u8) i32; + pub extern fn SSL_CTX_set_default_ctlog_list_file(ctx: *SslContext) i32; + pub extern fn SSL_CTX_set_default_passwd_cb_userdata(ctx: *SslContext, u: ?*anyopaque) void; + pub extern fn SSL_CTX_set_default_passwd_cb(ctx: *SslContext, cb: ?*const c_ssl.pem_password_cb) void; + pub extern fn SSL_CTX_set_default_read_buffer_len(ctx: *SslContext, len: usize) void; + pub extern fn SSL_CTX_set_default_verify_dir(ctx: *SslContext) i32; + pub extern fn SSL_CTX_set_default_verify_file(ctx: *SslContext) i32; + pub extern fn SSL_CTX_set_default_verify_paths(ctx: *SslContext) i32; + pub extern fn SSL_CTX_set_default_verify_store(ctx: *SslContext) i32; + pub extern fn SSL_CTX_set_ex_data(ssl: *SslContext, idx: i32, data: ?*anyopaque) i32; + pub extern fn SSL_CTX_set_generate_session_id(ctx: *SslContext, cb: c_ssl.GEN_SESSION_CB) i32; + pub extern fn SSL_CTX_set_info_callback(ctx: *SslContext, cb: ?*const fn (?*const Ssl, i32, i32) callconv(.c) void) void; + pub extern fn SSL_CTX_set_keylog_callback(ctx: *SslContext, cb: c_ssl.SSL_CTX_keylog_cb_func) void; + pub extern fn SSL_CTX_set_max_early_data(ctx: *SslContext, max_early_data: u32) i32; + pub extern fn SSL_CTX_set_msg_callback( + ctx: *SslContext, + cb: ?*const fn ( + i32, + i32, + i32, + ?*const anyopaque, + usize, + ?*Ssl, + ?*anyopaque, + ) callconv(.c) void, + ) void; + pub extern fn SSL_CTX_set_next_proto_select_cb(s: *SslContext, cb: c_ssl.SSL_CTX_npn_select_cb_func, arg: ?*anyopaque) void; + pub extern fn SSL_CTX_set_next_protos_advertised_cb(s: *SslContext, cb: c_ssl.SSL_CTX_npn_advertised_cb_func, arg: ?*anyopaque) void; + pub extern fn SSL_CTX_set_not_resumable_session_callback(ctx: *SslContext, cb: ?*const fn (?*Ssl, i32) callconv(.c) i32) void; + pub extern fn SSL_CTX_set_num_tickets(ctx: *SslContext, num_tickets: usize) i32; + pub extern fn SSL_CTX_set_options(ctx: *SslContext, op: u64) u64; + pub extern fn SSL_CTX_set_post_handshake_auth(ctx: *SslContext, val: i32) void; + pub extern fn SSL_CTX_set_psk_client_callback(ctx: *SslContext, cb: c_ssl.SSL_psk_client_cb_func) void; + pub extern fn SSL_CTX_set_psk_find_session_callback(ctx: *SslContext, cb: c_ssl.SSL_psk_find_session_cb_func) void; + pub extern fn SSL_CTX_set_psk_server_callback(ctx: *SslContext, cb: c_ssl.SSL_psk_server_cb_func) void; + pub extern fn SSL_CTX_set_psk_use_session_callback(ctx: *SslContext, cb: c_ssl.SSL_psk_use_session_cb_func) void; + pub extern fn SSL_CTX_set_purpose(ctx: *SslContext, purpose: i32) i32; + pub extern fn SSL_CTX_set_quiet_shutdown(ctx: *SslContext, mode: i32) void; + pub extern fn SSL_CTX_set_record_padding_callback_arg(ctx: *SslContext, arg: ?*anyopaque) void; + pub extern fn SSL_CTX_set_record_padding_callback(ctx: *SslContext, cb: ?*const fn (?*Ssl, i32, usize, ?*anyopaque) callconv(.c) usize) void; + pub extern fn SSL_CTX_set_recv_max_early_data(ctx: *SslContext, recv_max_early_data: u32) i32; + pub extern fn SSL_CTX_set_security_callback( + ctx: *SslContext, + cb: ?*const fn ( + ?*const Ssl, + *const SslContext, + i32, + i32, + i32, + ?*anyopaque, + ?*anyopaque, + ) callconv(.c) i32, + ) void; + pub extern fn SSL_CTX_set_security_level(ctx: *SslContext, level: i32) void; + pub extern fn SSL_CTX_set_session_id_context(ctx: *SslContext, sid_ctx: [*c]const u8, sid_ctx_len: u32) i32; + pub extern fn SSL_CTX_set_session_ticket_cb( + ctx: *SslContext, + gen_cb: c_ssl.SSL_CTX_generate_session_ticket_fn, + dec_cb: c_ssl.SSL_CTX_decrypt_session_ticket_fn, + arg: ?*anyopaque, + ) i32; + pub extern fn SSL_CTX_set_srp_cb_arg(ctx: *SslContext, arg: ?*anyopaque) i32; + pub extern fn SSL_CTX_set_srp_client_pwd_callback(ctx: *SslContext, cb: ?*const fn (?*Ssl, ?*anyopaque) callconv(.c) [*c]u8) i32; + pub extern fn SSL_CTX_set_srp_password(ctx: *SslContext, password: [*c]u8) i32; + pub extern fn SSL_CTX_set_srp_strength(ctx: *SslContext, strength: i32) i32; + pub extern fn SSL_CTX_set_srp_username_callback(ctx: *SslContext, cb: ?*const fn (?*Ssl, [*c]i32, ?*anyopaque) callconv(.c) i32) i32; + pub extern fn SSL_CTX_set_srp_username(ctx: *SslContext, name: [*c]u8) i32; + pub extern fn SSL_CTX_set_srp_verify_param_callback(ctx: *SslContext, cb: ?*const fn (?*Ssl, ?*anyopaque) callconv(.c) i32) i32; + pub extern fn SSL_CTX_set_ssl_version(ctx: *SslContext, meth: ?*const SslMethod) i32; + pub extern fn SSL_CTX_set_stateless_cookie_generate_cb( + ctx: *SslContext, + gen_stateless_cookie_cb: ?*const fn ( + ?*Ssl, + [*c]u8, + [*c]usize, + ) callconv(.c) i32, + ) void; + pub extern fn SSL_CTX_set_stateless_cookie_verify_cb( + ctx: *SslContext, + verify_stateless_cookie_cb: ?*const fn ( + ?*Ssl, + [*c]const u8, + usize, + ) callconv(.c) i32, + ) void; + pub extern fn SSL_CTX_set_timeout(ctx: *SslContext, t: i64) i64; + pub extern fn SSL_CTX_set_tlsext_max_fragment_length(ctx: *SslContext, mode: u8) i32; + pub extern fn SSL_CTX_set_tlsext_ticket_key_evp_cb( + ctx: *SslContext, + fp: ?*const fn ( + ?*Ssl, + [*c]u8, + [*c]u8, + ?*c_ssl.EVP_CIPHER_CTX, + ?*c_ssl.EVP_MAC_CTX, + i32, + ) callconv(.c) i32, + ) i32; + pub extern fn SSL_CTX_set_tlsext_use_srtp(ctx: *SslContext, profiles: [*c]const u8) i32; + pub extern fn SSL_CTX_set_tmp_dh_callback(ctx: *SslContext, dh: ?*const fn (?*Ssl, i32, i32) callconv(.c) ?*c_ssl.DH) void; + pub extern fn SSL_CTX_set_trust(ctx: *SslContext, trust: i32) i32; + pub extern fn SSL_CTX_set_verify_depth(ctx: *SslContext, depth: i32) void; + pub extern fn SSL_CTX_set_verify(ctx: *SslContext, mode: i32, callback: c_ssl.SSL_verify_cb) void; + pub extern fn SSL_CTX_set0_CA_list(ctx: *SslContext, name_list: ?*c_ssl.struct_stack_st_X509_NAME) void; + pub extern fn SSL_CTX_set0_ctlog_store(ctx: *SslContext, logs: ?*c_ssl.CTLOG_STORE) void; + pub extern fn SSL_CTX_set0_security_ex_data(ctx: *SslContext, ex: ?*anyopaque) void; + pub extern fn SSL_CTX_set0_tmp_dh_pkey(ctx: *SslContext, dhpkey: ?*c_ssl.EVP_PKEY) i32; + pub extern fn SSL_CTX_set1_cert_store(*SslContext, ?*c_ssl.X509_STORE) void; + pub extern fn SSL_CTX_set1_param(ctx: *SslContext, vpm: ?*c_ssl.X509_VERIFY_PARAM) i32; + pub extern fn SSL_CTX_SRP_CTX_free(ctx: *SslContext) i32; + pub extern fn SSL_CTX_SRP_CTX_init(ctx: *SslContext) i32; + pub extern fn SSL_CTX_up_ref(ctx: *SslContext) i32; + pub extern fn SSL_CTX_use_cert_and_key( + ctx: *SslContext, + x509: ?*c_ssl.X509, + privatekey: ?*c_ssl.EVP_PKEY, + chain: ?*c_ssl.struct_stack_st_X509, + override: i32, + ) i32; + pub extern fn SSL_CTX_use_certificate_ASN1(ctx: *SslContext, len: i32, d: [*c]const u8) i32; + pub extern fn SSL_CTX_use_certificate_chain_file(ctx: *SslContext, file: [*c]const u8) i32; + pub extern fn SSL_CTX_use_certificate_file(ctx: *SslContext, file: [*c]const u8, @"type": i32) i32; + pub extern fn SSL_CTX_use_certificate(ctx: *SslContext, x: ?*c_ssl.X509) i32; + pub extern fn SSL_CTX_use_PrivateKey_ASN1(pk: i32, ctx: *SslContext, d: [*c]const u8, len: i64) i32; + pub extern fn SSL_CTX_use_PrivateKey_file(ctx: *SslContext, file: [*c]const u8, @"type": i32) i32; + pub extern fn SSL_CTX_use_PrivateKey(ctx: *SslContext, pkey: ?*c_ssl.EVP_PKEY) i32; + pub extern fn SSL_CTX_use_psk_identity_hint(ctx: *SslContext, identity_hint: [*c]const u8) i32; + pub extern fn SSL_CTX_use_RSAPrivateKey_ASN1(ctx: *SslContext, d: [*c]const u8, len: i64) i32; + pub extern fn SSL_CTX_use_RSAPrivateKey_file(ctx: *SslContext, file: [*c]const u8, @"type": i32) i32; + pub extern fn SSL_CTX_use_RSAPrivateKey(ctx: *SslContext, rsa: ?*c_ssl.RSA) i32; + pub extern fn SSL_CTX_use_serverinfo_ex(ctx: *SslContext, version: u32, serverinfo: [*c]const u8, serverinfo_length: usize) i32; + pub extern fn SSL_CTX_use_serverinfo_file(ctx: *SslContext, file: [*c]const u8) i32; + pub extern fn SSL_CTX_use_serverinfo(ctx: *SslContext, serverinfo: [*c]const u8, serverinfo_length: usize) i32; +}; diff --git a/packages/web/src/openssl/SslMethod.zig b/packages/web/src/openssl/SslMethod.zig new file mode 100644 index 0000000..fb4d134 --- /dev/null +++ b/packages/web/src/openssl/SslMethod.zig @@ -0,0 +1,111 @@ +const std = @import("std"); + +pub const SslMethod = opaque { + pub inline fn dtlsClientMethod() ?*const SslMethod { + return import.DTLS_client_method(); + } + + pub inline fn dtlsMethod() ?*const SslMethod { + return import.DTLS_method(); + } + + pub inline fn dtlsServerMethod() ?*const SslMethod { + return import.DTLS_server_method(); + } + + pub inline fn dtlsV1_2ClientMethod() ?*const SslMethod { + return import.DTLSv1_2_client_method(); + } + + pub inline fn dtlsV1_2Method() ?*const SslMethod { + return import.DTLSv1_2_method(); + } + + pub inline fn dtlsV1_2ServerMethod() ?*const SslMethod { + return import.DTLSv1_2_server_method(); + } + + pub inline fn dtlsV1ClientMethod() ?*const SslMethod { + return import.DTLSv1_client_method(); + } + + pub inline fn dtlsV1Method() ?*const SslMethod { + return import.DTLSv1_method(); + } + + pub inline fn dtlsV1ServerMethod() ?*const SslMethod { + return import.DTLSv1_server_method(); + } + + pub inline fn tlsClientMethod() ?*const SslMethod { + return import.TLS_client_method(); + } + + pub inline fn tlsMethod() ?*const SslMethod { + return import.TLS_method(); + } + + pub inline fn tlsServerMethod() ?*const SslMethod { + return import.TLS_server_method(); + } + + pub inline fn tlsV1_1ClientMethod() ?*const SslMethod { + return import.TLSv1_1_client_method(); + } + + pub inline fn tlsV1_1Method() ?*const SslMethod { + return import.TLSv1_1_method(); + } + + pub inline fn tlsV1_1ServerMethod() ?*const SslMethod { + return import.TLSv1_1_server_method(); + } + + pub inline fn tlsV1_2ClientMethod() ?*const SslMethod { + return import.TLSv1_2_client_method(); + } + + pub inline fn tlsV1_2Method() ?*const SslMethod { + return import.TLSv1_2_method(); + } + + pub inline fn tlsV1_2ServerMethod() ?*const SslMethod { + return import.TLSv1_2_server_method(); + } + + pub inline fn tlsV1ClientMethod() ?*const SslMethod { + return import.TLSv1_client_method(); + } + + pub inline fn tlsV1Method() ?*const SslMethod { + return import.TLSv1_method(); + } + + pub inline fn tlsV1ServerMethod() ?*const SslMethod { + return import.TLSv1_server_method(); + } +}; + +const import = struct { + pub extern fn DTLS_client_method() ?*const SslMethod; + pub extern fn DTLS_method() ?*const SslMethod; + pub extern fn DTLS_server_method() ?*const SslMethod; + pub extern fn DTLSv1_2_client_method() ?*const SslMethod; + pub extern fn DTLSv1_2_method() ?*const SslMethod; + pub extern fn DTLSv1_2_server_method() ?*const SslMethod; + pub extern fn DTLSv1_client_method() ?*const SslMethod; + pub extern fn DTLSv1_method() ?*const SslMethod; + pub extern fn DTLSv1_server_method() ?*const SslMethod; + pub extern fn TLS_client_method() ?*const SslMethod; + pub extern fn TLS_method() ?*const SslMethod; + pub extern fn TLS_server_method() ?*const SslMethod; + pub extern fn TLSv1_1_client_method() ?*const SslMethod; + pub extern fn TLSv1_1_method() ?*const SslMethod; + pub extern fn TLSv1_1_server_method() ?*const SslMethod; + pub extern fn TLSv1_2_client_method() ?*const SslMethod; + pub extern fn TLSv1_2_method() ?*const SslMethod; + pub extern fn TLSv1_2_server_method() ?*const SslMethod; + pub extern fn TLSv1_client_method() ?*const SslMethod; + pub extern fn TLSv1_method() ?*const SslMethod; + pub extern fn TLSv1_server_method() ?*const SslMethod; +}; diff --git a/packages/web/src/openssl/SslSession.zig b/packages/web/src/openssl/SslSession.zig new file mode 100644 index 0000000..20c6083 --- /dev/null +++ b/packages/web/src/openssl/SslSession.zig @@ -0,0 +1,3 @@ +const std = @import("std"); + +pub const SslSession = opaque {};