mirror of
https://github.com/zigzap/zap.git
synced 2025-10-20 15:14:08 +00:00
79 lines
2.9 KiB
Zig
79 lines
2.9 KiB
Zig
const fio = @import("fio.zig");
|
|
|
|
/// Server-Side TLS function wrapper
|
|
const Tls = @This();
|
|
|
|
fio_tls: ?*anyopaque = null,
|
|
|
|
/// TLS settings used in init() and addCertificate()
|
|
/// If all values are NULL, a TLS object wll be created without a
|
|
/// certificate. This could be used for clients together with Tls.trust().
|
|
pub const TlsSettings = struct {
|
|
/// If a server name is provided, then NULL values _can_ be used to create an anonymous (unverified)
|
|
/// context / settings object.
|
|
server_name: ?[*:0]const u8 = null,
|
|
public_certificate_file: ?[*:0]const u8 = null,
|
|
private_key_file: ?[*:0]const u8 = null,
|
|
/// The private_key_password can be NULL if the private key PEM file isn't password protected.
|
|
private_key_password: ?[*:0]const u8 = null,
|
|
};
|
|
|
|
/// Creates a new SSL/TLS context / settings object with a default certificate (if any).
|
|
/// If a server name is provided, then NULL values can be used to create an anonymous (unverified)
|
|
/// context / settings object. If all values are NULL, a TLS object will be created without a
|
|
/// certificate. This could be used for clients together with Tls.trust().
|
|
/// The private_key_password can be NULL if the private key PEM file isn't password protected.
|
|
pub fn init(settings: TlsSettings) !Tls {
|
|
const ret = fio.fio_tls_new(
|
|
settings.server_name,
|
|
settings.public_certificate_file,
|
|
settings.private_key_file,
|
|
settings.private_key_password,
|
|
);
|
|
if (ret == null) return error.FileNotFound;
|
|
return Tls{ .fio_tls = ret };
|
|
}
|
|
|
|
/// Destroys the SSL/TLS context / settings object and frees any related resources / memory.
|
|
pub fn deinit(tls: *const Tls) void {
|
|
fio.fio_tls_destroy(tls.fio_tls);
|
|
}
|
|
|
|
// pub fn incRefCount(tls: *Tls) !void {
|
|
// if (tls.fio_tls == null) {
|
|
// return error.Uninitialized;
|
|
// }
|
|
// fio.fio_tls_dup(tls.fio_tls);
|
|
// }
|
|
|
|
/// Adds a certificate a new SSL/TLS context / settings object (SNI support).
|
|
/// The private_key_password can be NULL if the private key PEM file isn't password protected.
|
|
pub fn addCertificate(tls: *Tls, settings: TlsSettings) !void {
|
|
if (tls.fio_tls == null) {
|
|
return error.Uninitialized;
|
|
}
|
|
|
|
const ret = fio.fio_tls_cert_add(
|
|
tls.fio_tls,
|
|
settings.server_name,
|
|
settings.public_certificate_file,
|
|
settings.private_key_file,
|
|
settings.private_key_password,
|
|
);
|
|
|
|
if (ret != 0) return error.FileNotFound;
|
|
return;
|
|
}
|
|
|
|
/// Adds a certificate to the "trust" list, which automatically adds a peer verification requirement.
|
|
/// Note: when the fio_tls_s object is used for server connections, this will limit connections to
|
|
/// clients that connect using a trusted certificate.
|
|
pub fn trust(tls: *Tls, public_cert_file: [*:0]const u8) !void {
|
|
if (tls.fio_tls == null) {
|
|
return error.Uninitialized;
|
|
}
|
|
|
|
const ret = fio.fio_tls_trust(tls.fio_tls, public_cert_file);
|
|
if (ret != 0) return error.FileNotFound;
|
|
return;
|
|
}
|