openvpn3/sslconsts_8hpp_source.html

//    OpenVPN -- An application to securely tunnel IP networks

//               over a single port, with support for SSL/TLS-based

//               session authentication and key exchange,

//               packet encryption, packet authentication, and

//               packet compression.

//

//    Copyright (C) 2012- OpenVPN Inc.

//

//    SPDX-License-Identifier: MPL-2.0 OR AGPL-3.0-only WITH openvpn3-openssl-exception

//


#ifndef OPENVPN_SSL_SSLCONSTS_H

#define OPENVPN_SSL_SSLCONSTS_H


namespace openvpn::SSLConst {


// Special return values from SSL read/write methods

enum

{

    // Indicates that no cleartext data is available now (until

    // more ciphertext is pushed into the SSL engine).

    SHOULD_RETRY = -1,


    // Return value from read_cleartext indicating that peer

    // has sent a Close Notify message.

    PEER_CLOSE_NOTIFY = -2,

};


// SSL config flags

enum

{

    // Show SSL status and cert chain in verify method

    LOG_VERIFY_STATUS = (1 << 0),


    // Disable peer verification

    NO_VERIFY_PEER = (1 << 1),


    // [client only] Enable client-side SNI (Server Name Indication)

    // when hostname is provided

    ENABLE_CLIENT_SNI = (1 << 2),


    // [client only] Don't require that the hostname matches

    // the common name in the certificate.

    NO_VERIFY_HOSTNAME = (1 << 3),


    // [server only] Don't automatically fail connections on

    // bad peer cert.  Succeed the connection, but pass the

    // fail status data via AuthCert so the higher layers

    // can handle it.

    DEFERRED_CERT_VERIFY = (1 << 4),


    // [server only] When running as a server, require that

    // clients that connect to us have their certificate

    // purpose set to server.

    SERVER_TO_SERVER = (1 << 5),


    // Peer certificate is optional

    PEER_CERT_OPTIONAL = (1 << 6),


    // [server only] Send a list of client CAs to the client

    SEND_CLIENT_CA_LIST = (1 << 7),


    // Verify peer by fingerprint, makes CA optional

    VERIFY_PEER_FINGERPRINT = (1 << 8),


    // last flag marker

    LAST = (1 << 9)

};


// filter all but SSL flags


inline unsigned int ssl_flags(const unsigned int flags)

{

    return flags & (LAST - 1);

}


} // namespace openvpn::SSLConst


#endif

openvpn::SSLConst
Definition sslconsts.hpp:15

openvpn::SSLConst::ssl_flags
unsigned int ssl_flags(const unsigned int flags)
Definition sslconsts.hpp:71

openvpn::SSLConst::PEER_CLOSE_NOTIFY
@ PEER_CLOSE_NOTIFY
Definition sslconsts.hpp:26

openvpn::SSLConst::SHOULD_RETRY
@ SHOULD_RETRY
Definition sslconsts.hpp:22

openvpn::SSLConst::NO_VERIFY_PEER
@ NO_VERIFY_PEER
Definition sslconsts.hpp:36

openvpn::SSLConst::SERVER_TO_SERVER
@ SERVER_TO_SERVER
Definition sslconsts.hpp:55

openvpn::SSLConst::VERIFY_PEER_FINGERPRINT
@ VERIFY_PEER_FINGERPRINT
Definition sslconsts.hpp:64

openvpn::SSLConst::SEND_CLIENT_CA_LIST
@ SEND_CLIENT_CA_LIST
Definition sslconsts.hpp:61

openvpn::SSLConst::NO_VERIFY_HOSTNAME
@ NO_VERIFY_HOSTNAME
Definition sslconsts.hpp:44

openvpn::SSLConst::LOG_VERIFY_STATUS
@ LOG_VERIFY_STATUS
Definition sslconsts.hpp:33

openvpn::SSLConst::ENABLE_CLIENT_SNI
@ ENABLE_CLIENT_SNI
Definition sslconsts.hpp:40

openvpn::SSLConst::LAST
@ LAST
Definition sslconsts.hpp:67

openvpn::SSLConst::PEER_CERT_OPTIONAL
@ PEER_CERT_OPTIONAL
Definition sslconsts.hpp:58

openvpn::SSLConst::DEFERRED_CERT_VERIFY
@ DEFERRED_CERT_VERIFY
Definition sslconsts.hpp:50

flags
reroute_gw flags
Definition test_capture.cpp:266