-
-
Notifications
You must be signed in to change notification settings - Fork 78
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
ef9608a
commit ed827ca
Showing
1 changed file
with
79 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,79 @@ | ||
| const fio = @import("fio.zig"); | ||
|
|
||
| /// Server-Side TLS function wrapper | ||
| const Tls = @This(); | ||
|
|
||
| fio_tls: ?*anyopaque = null, | ||
|
|
||
| /// TLS settings used in init() and addCertificate() | ||
| /// If all values are NULL, a TLS object wll be created without a | ||
| /// certificate. This could be used for clients together with Tls.trust(). | ||
| pub const TlsSettings = struct { | ||
| /// If a server name is provided, then NULL values _can_ be used to create an anonymous (unverified) | ||
| /// context / settings object. | ||
| server_name: ?[*:0]const u8 = null, | ||
| public_certificate_file: ?[*:0]const u8 = null, | ||
| private_key_file: ?[*:0]const u8 = null, | ||
| /// The private_key_password can be NULL if the private key PEM file isn't password protected. | ||
| private_key_password: ?[*:0]const u8 = null, | ||
| }; | ||
|
|
||
| /// Creates a new SSL/TLS context / settings object with a default certificate (if any). | ||
| /// If a server name is provided, then NULL values can be used to create an anonymous (unverified) | ||
| /// context / settings object. If all values are NULL, a TLS object will be created without a | ||
| /// certificate. This could be used for clients together with Tls.trust(). | ||
| /// The private_key_password can be NULL if the private key PEM file isn't password protected. | ||
| pub fn init(settings: TlsSettings) !Tls { | ||
| const ret = fio.fio_tls_new( | ||
| settings.server_name, | ||
| settings.public_certificate_file, | ||
| settings.private_key_file, | ||
| settings.private_key_password, | ||
| ); | ||
| if (ret == null) return error.FileNotFound; | ||
| return Tls{ .fio_tls = ret }; | ||
| } | ||
|
|
||
| /// Destroys the SSL/TLS context / settings object and frees any related resources / memory. | ||
| pub fn deinit(tls: *const Tls) void { | ||
| fio.fio_tls_destroy(tls.fio_tls); | ||
| } | ||
|
|
||
| // pub fn incRefCount(tls: *Tls) !void { | ||
| // if (tls.fio_tls == null) { | ||
| // return error.Uninitialized; | ||
| // } | ||
| // fio.fio_tls_dup(tls.fio_tls); | ||
| // } | ||
|
|
||
| /// Adds a certificate a new SSL/TLS context / settings object (SNI support). | ||
| /// The private_key_password can be NULL if the private key PEM file isn't password protected. | ||
| pub fn addCertificate(tls: *Tls, settings: TlsSettings) !void { | ||
| if (tls.fio_tls == null) { | ||
| return error.Uninitialized; | ||
| } | ||
|
|
||
| const ret = fio.fio_tls_cert_add( | ||
| tls.fio_tls, | ||
| settings.server_name, | ||
| settings.public_certificate_file, | ||
| settings.private_key_file, | ||
| settings.private_key_password, | ||
| ); | ||
|
|
||
| if (ret != 0) return error.FileNotFound; | ||
| return; | ||
| } | ||
|
|
||
| /// Adds a certificate to the "trust" list, which automatically adds a peer verification requirement. | ||
| /// Note: when the fio_tls_s object is used for server connections, this will limit connections to | ||
| /// clients that connect using a trusted certificate. | ||
| pub fn trust(tls: *Tls, public_cert_file: [*:0]const u8) !void { | ||
| if (tls.fio_tls == null) { | ||
| return error.Uninitialized; | ||
| } | ||
|
|
||
| const ret = fio.fio_tls_trust(tls.fio_tls, public_cert_file); | ||
| if (ret != 0) return error.FileNotFound; | ||
| return; | ||
| } |