/*
- * "$Id$"
- *
* Private HTTP definitions for CUPS.
*
- * Copyright 2007-2014 by Apple Inc.
+ * Copyright 2007-2017 by Apple Inc.
* Copyright 1997-2007 by Easy Software Products, all rights reserved.
*
* These coded instructions, statements, and computer programs are the
* property of Apple Inc. and are protected by Federal copyright
* law. Distribution and use rights are outlined in the file "LICENSE.txt"
* which should have been included with this file. If this file is
- * file is missing or damaged, see the license at "http://www.cups.org/".
+ * missing or damaged, see the license at "http://www.cups.org/".
*
* This file is subject to the Apple OS-Developed Software exception.
*/
# if defined(__APPLE__) && !defined(_SOCKLEN_T)
/*
- * MacOS X 10.2.x does not define socklen_t, and in fact uses an int instead of
+ * macOS 10.2.x does not define socklen_t, and in fact uses an int instead of
* unsigned type for length values...
*/
# ifdef HAVE_GNUTLS
# include <gnutls/gnutls.h>
# include <gnutls/x509.h>
-# include <gcrypt.h>
# elif defined(HAVE_CDSASSL)
# include <CoreFoundation/CoreFoundation.h>
# include <Security/Security.h>
# ifdef __cplusplus
extern "C" {
# endif /* __cplusplus */
+# ifndef _SECURITY_VERSION_GREATER_THAN_57610_
+typedef CF_OPTIONS(uint32_t, SecKeyUsage) {
+ kSecKeyUsageAll = 0x7FFFFFFF
+};
+# endif /* !_SECURITY_VERSION_GREATER_THAN_57610_ */
+extern const void * kSecCSRChallengePassword;
+extern const void * kSecSubjectAltName;
+extern const void * kSecCertificateKeyUsage;
+extern const void * kSecCSRBasicContraintsPathLen;
+extern const void * kSecCertificateExtensions;
+extern const void * kSecCertificateExtensionsEncoded;
+extern const void * kSecOidCommonName;
+extern const void * kSecOidCountryName;
+extern const void * kSecOidStateProvinceName;
+extern const void * kSecOidLocalityName;
+extern const void * kSecOidOrganization;
+extern const void * kSecOidOrganizationalUnit;
extern SecCertificateRef SecCertificateCreateWithBytes(CFAllocatorRef allocator, const UInt8 *bytes, CFIndex length);
extern bool SecCertificateIsValid(SecCertificateRef certificate, CFAbsoluteTime verifyTime);
extern CFAbsoluteTime SecCertificateNotValidAfter(SecCertificateRef certificate);
+extern SecCertificateRef SecGenerateSelfSignedCertificate(CFArrayRef subject, CFDictionaryRef parameters, SecKeyRef publicKey, SecKeyRef privateKey);
+extern SecIdentityRef SecIdentityCreate(CFAllocatorRef allocator, SecCertificateRef certificate, SecKeyRef privateKey);
# ifdef __cplusplus
}
# endif /* __cplusplus */
# ifndef WIN32
# include <net/if.h>
+# include <resolv.h>
# ifdef HAVE_GETIFADDRS
# include <ifaddrs.h>
# else
* Constants...
*/
+# define _HTTP_MAX_SBUFFER 65536 /* Size of (de)compression buffer */
+# define _HTTP_RESOLVE_DEFAULT 0 /* Just resolve with default options */
+# define _HTTP_RESOLVE_STDERR 1 /* Log resolve progress to stderr */
+# define _HTTP_RESOLVE_FQDN 2 /* Resolve to a FQDN */
+# define _HTTP_RESOLVE_FAXOUT 4 /* Resolve FaxOut service? */
-#define _HTTP_MAX_SBUFFER 65536 /* Size of (de)compression buffer */
-#define _HTTP_RESOLVE_DEFAULT 0 /* Just resolve with default options */
-#define _HTTP_RESOLVE_STDERR 1 /* Log resolve progress to stderr */
-#define _HTTP_RESOLVE_FQDN 2 /* Resolve to a FQDN */
-#define _HTTP_RESOLVE_FAXOUT 4 /* Resolve FaxOut service? */
+# define _HTTP_TLS_NONE 0 /* No TLS options */
+# define _HTTP_TLS_ALLOW_RC4 1 /* Allow RC4 cipher suites */
+# define _HTTP_TLS_ALLOW_DH 2 /* Allow DH/DHE key negotiation */
+# define _HTTP_TLS_DENY_CBC 4 /* Deny CBC cipher suites */
+# define _HTTP_TLS_SET_DEFAULT 128 /* Setting the default TLS options */
+
+# define _HTTP_TLS_SSL3 0 /* Min/max version is SSL/3.0 */
+# define _HTTP_TLS_1_0 1 /* Min/max version is TLS/1.0 */
+# define _HTTP_TLS_1_1 2 /* Min/max version is TLS/1.1 */
+# define _HTTP_TLS_1_2 3 /* Min/max version is TLS/1.2 */
+# define _HTTP_TLS_1_3 4 /* Min/max version is TLS/1.3 */
+# define _HTTP_TLS_MAX 5 /* Highest known TLS version */
/*
# if !defined(HAVE_SECBASEPRIV_H) && defined(HAVE_CSSMERRORSTRING) /* Declare prototype for function in that header... */
extern const char *cssmErrorString(int error);
# endif /* !HAVE_SECBASEPRIV_H && HAVE_CSSMERRORSTRING */
-# ifndef HAVE_SECITEMPRIV_H /* Declare constants from that header... */
-extern const CFTypeRef kSecClassCertificate;
-extern const CFTypeRef kSecClassIdentity;
-# endif /* !HAVE_SECITEMPRIV_H */
# if !defined(HAVE_SECIDENTITYSEARCHPRIV_H) && defined(HAVE_SECIDENTITYSEARCHCREATEWITHPOLICY) /* Declare prototype for function in that header... */
extern OSStatus SecIdentitySearchCreateWithPolicy(SecPolicyRef policy,
CFStringRef idString, CSSM_KEYUSE keyUsage,
int readBufferUsed; /* Bytes used in buffer */
BYTE *writeBuffer; /* Data pre-encryption */
int writeBufferLength; /* Length of write buffer */
- DWORD certFlags; /* Cert verification flags */
PCCERT_CONTEXT localCert, /* Local certificate */
remoteCert; /* Remote (peer's) certificate */
+ char error[256]; /* Most recent error message */
} _http_sspi_t;
typedef _http_sspi_t *http_tls_t;
-typedef void *http_tls_credentials_t;
+typedef PCCERT_CONTEXT http_tls_credentials_t;
# else
/*
extern size_t _httpTLSPending(http_t *http);
extern int _httpTLSRead(http_t *http, char *buf, int len);
extern int _httpTLSSetCredentials(http_t *http);
+extern void _httpTLSSetOptions(int options, int min_version, int max_version);
extern int _httpTLSStart(http_t *http);
extern void _httpTLSStop(http_t *http);
extern int _httpTLSWrite(http_t *http, const char *buf, int len);
# endif /* __cplusplus */
#endif /* !_CUPS_HTTP_PRIVATE_H_ */
-
-/*
- * End of "$Id$".
- */