2 * QEMU I/O channels TLS driver
4 * Copyright (c) 2015 Red Hat, Inc.
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
21 #ifndef QIO_CHANNEL_TLS_H
22 #define QIO_CHANNEL_TLS_H
24 #include "io/channel.h"
26 #include "crypto/tlssession.h"
28 #define TYPE_QIO_CHANNEL_TLS "qio-channel-tls"
29 #define QIO_CHANNEL_TLS(obj) \
30 OBJECT_CHECK(QIOChannelTLS, (obj), TYPE_QIO_CHANNEL_TLS)
32 typedef struct QIOChannelTLS QIOChannelTLS
;
37 * The QIOChannelTLS class provides a channel wrapper which
38 * can transparently run the TLS encryption protocol. It is
39 * usually used over a TCP socket, but there is actually no
40 * technical restriction on which type of master channel is
41 * used as the transport.
43 * This channel object is capable of running as either a
44 * TLS server or TLS client.
47 struct QIOChannelTLS
{
50 QCryptoTLSSession
*session
;
51 QIOChannelShutdown shutdown
;
55 * qio_channel_tls_new_server:
56 * @master: the underlying channel object
57 * @creds: the credentials to use for TLS handshake
58 * @aclname: the access control list for validating clients
59 * @errp: pointer to a NULL-initialized error object
61 * Create a new TLS channel that runs the server side of
62 * a TLS session. The TLS session handshake will use the
63 * credentials provided in @creds. If the @aclname parameter
64 * is non-NULL, then the client will have to provide
65 * credentials (ie a x509 client certificate) which will
66 * then be validated against the ACL.
68 * After creating the channel, it is mandatory to call
69 * the qio_channel_tls_handshake() method before attempting
70 * todo any I/O on the channel.
72 * Once the handshake has completed, all I/O should be done
73 * via the new TLS channel object and not the original
76 * Returns: the new TLS channel object, or NULL
79 qio_channel_tls_new_server(QIOChannel
*master
,
80 QCryptoTLSCreds
*creds
,
85 * qio_channel_tls_new_client:
86 * @master: the underlying channel object
87 * @creds: the credentials to use for TLS handshake
88 * @hostname: the user specified server hostname
89 * @errp: pointer to a NULL-initialized error object
91 * Create a new TLS channel that runs the client side of
92 * a TLS session. The TLS session handshake will use the
93 * credentials provided in @creds. The @hostname parameter
94 * should provide the user specified hostname of the server
95 * and will be validated against the server's credentials
96 * (ie CommonName of the x509 certificate)
98 * After creating the channel, it is mandatory to call
99 * the qio_channel_tls_handshake() method before attempting
100 * todo any I/O on the channel.
102 * Once the handshake has completed, all I/O should be done
103 * via the new TLS channel object and not the original
106 * Returns: the new TLS channel object, or NULL
109 qio_channel_tls_new_client(QIOChannel
*master
,
110 QCryptoTLSCreds
*creds
,
111 const char *hostname
,
115 * qio_channel_tls_handshake:
116 * @ioc: the TLS channel object
117 * @func: the callback to invoke when completed
118 * @opaque: opaque data to pass to @func
119 * @destroy: optional callback to free @opaque
120 * @context: the context that TLS handshake will run with. If %NULL,
121 * the default context will be used
123 * Perform the TLS session handshake. This method
124 * will return immediately and the handshake will
125 * continue in the background, provided the main
126 * loop is running. When the handshake is complete,
127 * or fails, the @func callback will be invoked.
129 void qio_channel_tls_handshake(QIOChannelTLS
*ioc
,
132 GDestroyNotify destroy
,
133 GMainContext
*context
);
136 * qio_channel_tls_get_session:
137 * @ioc: the TLS channel object
139 * Get the TLS session used by the channel.
141 * Returns: the TLS session
144 qio_channel_tls_get_session(QIOChannelTLS
*ioc
);
146 #endif /* QIO_CHANNEL_TLS_H */