1
0
mirror of https://git.sr.ht/~sircmpwn/gmni synced 2024-12-04 18:48:17 +01:00
gmni/include/tofu.h

50 lines
1.1 KiB
C
Raw Normal View History

2020-09-21 21:37:24 +02:00
#ifndef GEMINI_TOFU_H
#define GEMINI_TOFU_H
#include <limits.h>
#include <openssl/ssl.h>
#include <openssl/x509.h>
#include <time.h>
enum tofu_error {
TOFU_VALID,
// Expired, wrong CN, etc.
TOFU_INVALID_CERT,
// Cert is valid but we haven't seen it before
TOFU_UNTRUSTED_CERT,
// Cert is valid but we already trust another cert for this host
TOFU_FINGERPRINT_MISMATCH,
};
enum tofu_action {
TOFU_ASK,
TOFU_FAIL,
TOFU_TRUST_ONCE,
TOFU_TRUST_ALWAYS,
};
struct known_host {
char *host, *fingerprint;
time_t expires;
int lineno;
struct known_host *next;
};
// Called when the user needs to be prompted to agree to trust an unknown
// certificate. Return true to trust this certificate.
typedef enum tofu_action (tofu_callback_t)(enum tofu_error error,
const char *fingerprint, struct known_host *host, void *data);
struct gemini_tofu {
char known_hosts_path[PATH_MAX+1];
struct known_host *known_hosts;
int lineno;
tofu_callback_t *callback;
void *cb_data;
};
void gemini_tofu_init(struct gemini_tofu *tofu,
SSL_CTX *ssl_ctx, tofu_callback_t *cb, void *data);
2020-09-23 18:50:25 +02:00
void gemini_tofu_finish(struct gemini_tofu *tofu);
2020-09-21 21:37:24 +02:00
#endif