Optionally validate certificates on TLS server links

[ngircd-alex.git] / src / ngircd / conn.h

diff --git a/src/ngircd/conn.h b/src/ngircd/conn.h
index c642541f07ce486b712f5a3b0e719a438d9ea8da..258dcb592456b97e8fda640a3055e8df69db85cd 100644 (file)
--- a/src/ngircd/conn.h
+++ b/src/ngircd/conn.h
@@ -40,7 +40,9 @@
 #define CONN_SSL               32      /* this connection is SSL encrypted */
 #define CONN_SSL_WANT_WRITE    64      /* SSL/TLS library needs to write protocol data */
 #define CONN_SSL_WANT_READ     128     /* SSL/TLS library needs to read protocol data */
-#define CONN_SSL_FLAGS_ALL     (CONN_SSL_CONNECT|CONN_SSL|CONN_SSL_WANT_WRITE|CONN_SSL_WANT_READ)
+#define CONN_SSL_PEERCERT_OK   256     /* peer presented a valid certificate (used to check inbound server auth */
+#define CONN_SSL_COMPRESSION   512     /* SSL/TLS link is compressed */
+#define CONN_SSL_FLAGS_ALL     (CONN_SSL_CONNECT|CONN_SSL|CONN_SSL_WANT_WRITE|CONN_SSL_WANT_READ|CONN_SSL_PEERCERT_OK|CONN_SSL_COMPRESSION)
 #endif
 typedef int CONN_ID;
 
@@ -143,6 +145,7 @@ GLOBAL char *Conn_GetCertFp PARAMS((CONN_ID Idx));
 GLOBAL bool Conn_SetCertFp PARAMS((CONN_ID Idx, const char *fingerprint));
 GLOBAL bool Conn_UsesSSL PARAMS((CONN_ID Idx));
 
+GLOBAL const char* Conn_BuildProtoID PARAMS((CONN_ID i));
 #ifdef SSL_SUPPORT
 GLOBAL bool Conn_GetCipherInfo PARAMS((CONN_ID Idx, char *buf, size_t len));
 #endif