tango-tfe/common/include/ssl_stream.h

#pragma once
#include <stdlib.h>
struct ssl_stream;

enum ssl_stream_action
{
	SSL_ACTION_PASSTHROUGH=0,
	SSL_ACTION_INTERCEPT,
	SSL_ACTION_SHUTDOWN
};
typedef enum ssl_stream_action ssl_stream_new_hook(struct ssl_stream *upstream, void* u_para);

enum SSL_STREAM_OPT
{
	SSL_STREAM_OPT_INTERCEPT_POLICY_ID,
	SSL_STREAM_OPT_IS_EV_CERT,				//0:FALSE, 1:TRUE.
	SSL_STREAM_OPT_IS_CT_CERT,				//0:FALSE, 1:TRUE.
	SSL_STREAM_OPT_IS_MUTUAL_AUTH,			//0:FALSE, 1:TRUE.
	SSL_STREAM_OPT_PINNING_STATUS,			//0:FALSE, 1:TRUE.
	SSL_STREAM_OPT_JA3_PINNING_STATUS, 	  	//0:FALSE, 1:TRUE.
	SSL_STREAM_OPT_HAS_PROTOCOL_ERRORS,		//0:FALSE, 1:TRUE.
	SSL_STREAM_OPT_NO_VERIFY_SELF_SIGNED,	//VALUE is an interger, SIZE=sizeof(int). 1:ON, 0:OFF. DEFAULT:0.
	SSL_STREAM_OPT_NO_VERIFY_COMMON_NAME,	//VALUE is an interger, SIZE=sizeof(int). 1:ON, 0:OFF. DEFAULT:1.
	SSL_STREAM_OPT_NO_VERIFY_ISSUER,		//VALUE is an interger, SIZE=sizeof(int). 1:ON, 0:OFF. DEFAULT:0.
	SSL_STREAM_OPT_NO_VERIFY_EXPIRY_DATE,	//VALUE is an interger, SIZE=sizeof(int). 1:ON, 0:OFF. DEFAULT:0.
	SSL_STREAM_OPT_BLOCK_FAKE_CERT,			//VALUE is an interger, SIZE=sizeof(int). 1:PASSTHROUGH, 0:BLOCK. DEFAULT:1.
	SSL_STREAM_OPT_PROTOCOL_MIN_VERSION,
	SSL_STREAM_OPT_PROTOCOL_MAX_VERSION,
	SSL_STREAM_OPT_ENABLE_ALPN,
	SSL_STREAM_OPT_KEYRING_ID,
	SSL_STREAM_OPT_SNI,						//VALUE is string
	SSL_STREAM_OPT_ADDR						//VALUE is string
};
enum ssl_ja3_pinning_status
{
    JA3_PINNING_STATUS_UNKNOWN = -1,
    JA3_PINNING_STATUS_NOT_PINNING = 0,
    JA3_PINNING_STATUS_IS_PINNING = 1,
};
int sslver_str2num(const char * version_str);

//s_stream must be upstream.
int ssl_stream_set_integer_opt(struct ssl_stream *upstream, enum SSL_STREAM_OPT  opt_type, int opt_val);
int ssl_stream_get_integer_opt(struct ssl_stream *upstream, enum SSL_STREAM_OPT  opt_type, int *opt_val);
int ssl_stream_get_string_opt(struct ssl_stream *upstream, enum SSL_STREAM_OPT opt_type, char* in_buff, size_t sz);