Simulation Core
Não pode escolher mais do que 25 tópicos Os tópicos devem começar com uma letra ou um número, podem incluir traços ('-') e podem ter até 35 caracteres.
 
 
 
 
 
 

164 linhas
5.9 KiB

  1. /*
  2. * Copyright (c) 2019, Redis Labs
  3. *
  4. * All rights reserved.
  5. *
  6. * Redistribution and use in source and binary forms, with or without
  7. * modification, are permitted provided that the following conditions are met:
  8. *
  9. * * Redistributions of source code must retain the above copyright notice,
  10. * this list of conditions and the following disclaimer.
  11. * * Redistributions in binary form must reproduce the above copyright
  12. * notice, this list of conditions and the following disclaimer in the
  13. * documentation and/or other materials provided with the distribution.
  14. * * Neither the name of Redis nor the names of its contributors may be used
  15. * to endorse or promote products derived from this software without
  16. * specific prior written permission.
  17. *
  18. * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
  19. * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  20. * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  21. * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
  22. * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
  23. * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
  24. * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
  25. * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
  26. * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
  27. * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
  28. * POSSIBILITY OF SUCH DAMAGE.
  29. */
  30. #ifndef __HIREDIS_SSL_H
  31. #define __HIREDIS_SSL_H
  32. #ifdef __cplusplus
  33. extern "C" {
  34. #endif
  35. /* This is the underlying struct for SSL in ssl.h, which is not included to
  36. * keep build dependencies short here.
  37. */
  38. struct ssl_st;
  39. /* A wrapper around OpenSSL SSL_CTX to allow easy SSL use without directly
  40. * calling OpenSSL.
  41. */
  42. typedef struct redisSSLContext redisSSLContext;
  43. /**
  44. * Initialization errors that redisCreateSSLContext() may return.
  45. */
  46. typedef enum {
  47. REDIS_SSL_CTX_NONE = 0, /* No Error */
  48. REDIS_SSL_CTX_CREATE_FAILED, /* Failed to create OpenSSL SSL_CTX */
  49. REDIS_SSL_CTX_CERT_KEY_REQUIRED, /* Client cert and key must both be specified or skipped */
  50. REDIS_SSL_CTX_CA_CERT_LOAD_FAILED, /* Failed to load CA Certificate or CA Path */
  51. REDIS_SSL_CTX_CLIENT_CERT_LOAD_FAILED, /* Failed to load client certificate */
  52. REDIS_SSL_CTX_CLIENT_DEFAULT_CERT_FAILED, /* Failed to set client default certificate directory */
  53. REDIS_SSL_CTX_PRIVATE_KEY_LOAD_FAILED, /* Failed to load private key */
  54. REDIS_SSL_CTX_OS_CERTSTORE_OPEN_FAILED, /* Failed to open system certifcate store */
  55. REDIS_SSL_CTX_OS_CERT_ADD_FAILED /* Failed to add CA certificates obtained from system to the SSL context */
  56. } redisSSLContextError;
  57. /* Constants that mirror OpenSSL's verify modes. By default,
  58. * REDIS_SSL_VERIFY_PEER is used with redisCreateSSLContext().
  59. * Some Redis clients disable peer verification if there are no
  60. * certificates specified.
  61. */
  62. #define REDIS_SSL_VERIFY_NONE 0x00
  63. #define REDIS_SSL_VERIFY_PEER 0x01
  64. #define REDIS_SSL_VERIFY_FAIL_IF_NO_PEER_CERT 0x02
  65. #define REDIS_SSL_VERIFY_CLIENT_ONCE 0x04
  66. #define REDIS_SSL_VERIFY_POST_HANDSHAKE 0x08
  67. /* Options to create an OpenSSL context. */
  68. typedef struct {
  69. const char *cacert_filename;
  70. const char *capath;
  71. const char *cert_filename;
  72. const char *private_key_filename;
  73. const char *server_name;
  74. int verify_mode;
  75. } redisSSLOptions;
  76. /**
  77. * Return the error message corresponding with the specified error code.
  78. */
  79. const char *redisSSLContextGetError(redisSSLContextError error);
  80. /**
  81. * Helper function to initialize the OpenSSL library.
  82. *
  83. * OpenSSL requires one-time initialization before it can be used. Callers should
  84. * call this function only once, and only if OpenSSL is not directly initialized
  85. * elsewhere.
  86. */
  87. int redisInitOpenSSL(void);
  88. /**
  89. * Helper function to initialize an OpenSSL context that can be used
  90. * to initiate SSL connections.
  91. *
  92. * cacert_filename is an optional name of a CA certificate/bundle file to load
  93. * and use for validation.
  94. *
  95. * capath is an optional directory path where trusted CA certificate files are
  96. * stored in an OpenSSL-compatible structure.
  97. *
  98. * cert_filename and private_key_filename are optional names of a client side
  99. * certificate and private key files to use for authentication. They need to
  100. * be both specified or omitted.
  101. *
  102. * server_name is an optional and will be used as a server name indication
  103. * (SNI) TLS extension.
  104. *
  105. * If error is non-null, it will be populated in case the context creation fails
  106. * (returning a NULL).
  107. */
  108. redisSSLContext *redisCreateSSLContext(const char *cacert_filename, const char *capath,
  109. const char *cert_filename, const char *private_key_filename,
  110. const char *server_name, redisSSLContextError *error);
  111. /**
  112. * Helper function to initialize an OpenSSL context that can be used
  113. * to initiate SSL connections. This is a more extensible version of redisCreateSSLContext().
  114. *
  115. * options contains a structure of SSL options to use.
  116. *
  117. * If error is non-null, it will be populated in case the context creation fails
  118. * (returning a NULL).
  119. */
  120. redisSSLContext *redisCreateSSLContextWithOptions(redisSSLOptions *options,
  121. redisSSLContextError *error);
  122. /**
  123. * Free a previously created OpenSSL context.
  124. */
  125. void redisFreeSSLContext(redisSSLContext *redis_ssl_ctx);
  126. /**
  127. * Initiate SSL on an existing redisContext.
  128. *
  129. * This is similar to redisInitiateSSL() but does not require the caller
  130. * to directly interact with OpenSSL, and instead uses a redisSSLContext
  131. * previously created using redisCreateSSLContext().
  132. */
  133. int redisInitiateSSLWithContext(redisContext *c, redisSSLContext *redis_ssl_ctx);
  134. /**
  135. * Initiate SSL/TLS negotiation on a provided OpenSSL SSL object.
  136. */
  137. int redisInitiateSSL(redisContext *c, struct ssl_st *ssl);
  138. #ifdef __cplusplus
  139. }
  140. #endif
  141. #endif /* __HIREDIS_SSL_H */