1/* 2 * OpenVPN -- An application to securely tunnel IP networks 3 * over a single TCP/UDP port, with support for SSL/TLS-based 4 * session authentication and key exchange, 5 * packet encryption, packet authentication, and 6 * packet compression. 7 * 8 * Copyright (C) 2002-2010 OpenVPN Technologies, Inc. <sales@openvpn.net> 9 * Copyright (C) 2010 Fox Crypto B.V. <openvpn@fox-it.com> 10 * 11 * This program is free software; you can redistribute it and/or modify 12 * it under the terms of the GNU General Public License version 2 13 * as published by the Free Software Foundation. 14 * 15 * This program is distributed in the hope that it will be useful, 16 * but WITHOUT ANY WARRANTY; without even the implied warranty of 17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 18 * GNU General Public License for more details. 19 * 20 * You should have received a copy of the GNU General Public License 21 * along with this program (see the file COPYING included with this 22 * distribution); if not, write to the Free Software Foundation, Inc., 23 * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 24 */ 25 26/** 27 * @file PKCS #11 SSL library-specific backend 28 */ 29 30#ifndef PKCS11_BACKEND_H_ 31#define PKCS11_BACKEND_H_ 32 33#include "syshead.h" 34 35#if defined(ENABLE_PKCS11) 36 37#include "ssl_common.h" 38 39#include <pkcs11-helper-1.0/pkcs11h-certificate.h> 40 41/** 42 * Retrieve PKCS #11 Certificate's DN in a printable format. 43 * 44 * @param certificate The PKCS #11 helper certificate object 45 * @param gc Garbage collection pool to allocate memory in 46 * 47 * @return Certificate's DN on success, NULL on failure 48 */ 49char * pkcs11_certificate_dn (pkcs11h_certificate_t certificate, struct gc_arena *gc); 50 51/** 52 * Retrieve PKCS #11 Certificate's serial number in a printable format. 53 * 54 * @param certificate The PKCS #11 helper certificate object 55 * @param serial Buffer that the certificate's serial will be placed in. 56 * @param serial_len Size of said buffer. 57 * 58 * @return 1 on failure, 0 on success 59 */ 60int pkcs11_certificate_serial (pkcs11h_certificate_t certificate, char *serial, 61 size_t serial_len); 62 63/** 64 * Load PKCS #11 Certificate's information into the given TLS context 65 * 66 * @param certificate The PKCS #11 helper certificate object 67 * @param ssl_ctx TLS context to use. 68 * 69 * @return 1 on failure, 0 on success 70 */ 71int pkcs11_init_tls_session(pkcs11h_certificate_t certificate, 72 struct tls_root_ctx * const ssl_ctx); 73 74#endif /* defined(ENABLE_PKCS11) */ 75#endif /* PKCS11_BACKEND_H_ */ 76