1 /* 2 * ngtcp2 3 * 4 * Copyright (c) 2020 ngtcp2 contributors 5 * 6 * Permission is hereby granted, free of charge, to any person obtaining 7 * a copy of this software and associated documentation files (the 8 * "Software"), to deal in the Software without restriction, including 9 * without limitation the rights to use, copy, modify, merge, publish, 10 * distribute, sublicense, and/or sell copies of the Software, and to 11 * permit persons to whom the Software is furnished to do so, subject to 12 * the following conditions: 13 * 14 * The above copyright notice and this permission notice shall be 15 * included in all copies or substantial portions of the Software. 16 * 17 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, 18 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF 19 * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND 20 * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE 21 * LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION 22 * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION 23 * WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 24 */ 25 #ifndef NGTCP2_CRYPTO_BORINGSSL_H 26 #define NGTCP2_CRYPTO_BORINGSSL_H 27 28 #include <ngtcp2/ngtcp2.h> 29 30 #include <openssl/ssl.h> 31 32 #ifdef __cplusplus 33 extern "C" { 34 #endif 35 36 /** 37 * @function 38 * 39 * `ngtcp2_crypto_boringssl_from_ssl_encryption_level` translates 40 * |ssl_level| to :type:`ngtcp2_crypto_level`. This function is only 41 * available for BoringSSL backend. 42 */ 43 NGTCP2_EXTERN ngtcp2_crypto_level 44 ngtcp2_crypto_boringssl_from_ssl_encryption_level( 45 enum ssl_encryption_level_t ssl_level); 46 47 /** 48 * @function 49 * 50 * `ngtcp2_crypto_boringssl_from_ngtcp2_crypto_level` translates 51 * |crypto_level| to ssl_encryption_level_t. This function is only 52 * available for BoringSSL backend. 53 */ 54 NGTCP2_EXTERN enum ssl_encryption_level_t 55 ngtcp2_crypto_boringssl_from_ngtcp2_crypto_level( 56 ngtcp2_crypto_level crypto_level); 57 58 /** 59 * @function 60 * 61 * `ngtcp2_crypto_boringssl_configure_server_context` configures 62 * |ssl_ctx| for server side QUIC connection. It performs the 63 * following modifications: 64 * 65 * - Set minimum and maximum TLS version to TLSv1.3. 66 * - Set SSL_QUIC_METHOD by calling SSL_CTX_set_quic_method. 67 * 68 * Application must set a pointer to :type:`ngtcp2_crypto_conn_ref` to 69 * SSL object by calling SSL_set_app_data, and 70 * :type:`ngtcp2_crypto_conn_ref` object must have 71 * :member:`ngtcp2_crypto_conn_ref.get_conn` field assigned to get 72 * :type:`ngtcp2_conn`. 73 * 74 * It returns 0 if it succeeds, or -1. 75 */ 76 NGTCP2_EXTERN int 77 ngtcp2_crypto_boringssl_configure_server_context(SSL_CTX *ssl_ctx); 78 79 /** 80 * @function 81 * 82 * `ngtcp2_crypto_boringssl_configure_client_context` configures 83 * |ssl_ctx| for client side QUIC connection. It performs the 84 * following modifications: 85 * 86 * - Set minimum and maximum TLS version to TLSv1.3. 87 * - Set SSL_QUIC_METHOD by calling SSL_CTX_set_quic_method. 88 * 89 * Application must set a pointer to :type:`ngtcp2_crypto_conn_ref` to 90 * SSL object by calling SSL_set_app_data, and 91 * :type:`ngtcp2_crypto_conn_ref` object must have 92 * :member:`ngtcp2_crypto_conn_ref.get_conn` field assigned to get 93 * :type:`ngtcp2_conn`. 94 * 95 * It returns 0 if it succeeds, or -1. 96 */ 97 NGTCP2_EXTERN int 98 ngtcp2_crypto_boringssl_configure_client_context(SSL_CTX *ssl_ctx); 99 100 #ifdef __cplusplus 101 } 102 #endif 103 104 #endif /* NGTCP2_CRYPTO_BORINGSSL_H */ 105