summaryrefslogtreecommitdiff
path: root/include/mailutils/tls.h
blob: faf9f537489630d1c40d67cf54e82624f019dfed (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
/* GNU Mailutils -- a suite of utilities for electronic mail
   Copyright (C) 2003, 2005, 2007-2008, 2010-2012, 2014-2017 Free
   Software Foundation, Inc.

   This library is free software; you can redistribute it and/or
   modify it under the terms of the GNU Lesser General Public
   License as published by the Free Software Foundation; either
   version 3 of the License, or (at your option) any later version.

   This library is distributed in the hope that it will be useful,
   but WITHOUT ANY WARRANTY; without even the implied warranty of
   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
   Lesser General Public License for more details.

   You should have received a copy of the GNU Lesser General
   Public License along with this library.  If not, see
   <http://www.gnu.org/licenses/>. */

#ifndef _MAILUTILS_TLS_H
#define _MAILUTILS_TLS_H

#include <mailutils/types.h>
#include <mailutils/cli.h>
#include <mailutils/util.h>

#ifdef __cplusplus
extern "C" {
#endif

struct mu_tls_config
{
  char *cert_file;
  char *key_file;
  char *ca_file;
  char *priorities;
};

enum mu_tls_type
  {
    MU_TLS_CLIENT,
    MU_TLS_SERVER
  };

extern int mu_tls_enable;
extern int mu_tls_cert_file_checks;
extern int mu_tls_key_file_checks;
extern int mu_tls_ca_file_checks;

#define MU_TLS_CERT_FILE_CHECKS			\
  (MU_FILE_SAFETY_GROUP_WRITABLE		\
   | MU_FILE_SAFETY_GROUP_WRITABLE		\
   | MU_FILE_SAFETY_LINKED_WRDIR)

#define MU_TLS_KEY_FILE_CHECKS			\
  (MU_FILE_SAFETY_ALL & ~MU_FILE_SAFETY_OWNER_MISMATCH)

#define MU_TLS_CA_FILE_CHECKS			\
  (MU_FILE_SAFETY_GROUP_WRITABLE		\
   | MU_FILE_SAFETY_GROUP_WRITABLE		\
   | MU_FILE_SAFETY_LINKED_WRDIR)

void mu_tls_cfg_init (void);
  
int mu_tls_stream_create (mu_stream_t *pstream,
			  mu_stream_t strin, mu_stream_t strout,
			  struct mu_tls_config const *conf,
			  enum mu_tls_type type,
			  int flags);
int mu_tls_client_stream_create (mu_stream_t *pstream,
				 mu_stream_t strin, mu_stream_t strout,
				 int flags);

void mu_deinit_tls_libs (void);
int mu_init_tls_libs (void);

enum mu_tls_config_status
  {
    MU_TLS_CONFIG_OK,         /* Configuration OK */
    MU_TLS_CONFIG_NULL,       /* Configuration is empty */ 
    MU_TLS_CONFIG_UNSAFE,     /* At least one file is considered unsafe */
    MU_TLS_CONFIG_FAIL        /* Some files absent (or other system error) */
  };

int mu_tls_config_check (struct mu_tls_config const *conf, int verbose);

extern struct mu_cli_capa mu_cli_capa_tls;
  
#ifdef __cplusplus
}
#endif

#endif /* _MAILUTILS_TLS_H */

Return to:

Send suggestions and report system problems to the System administrator.