keel/tls__mbedtls_8h_source.html

/*

 * tls_mbedtls.h — mbedTLS backend for Keel's KlTls vtable

 *

 * Provides TLS 1.2/1.3 server (and client) support using mbedTLS.

 * Supports mutual TLS (mTLS) with configurable client authentication.

 *

 * Usage:

 *   KlAllocator alloc = kl_allocator_default();

 *   KlTlsCtx *ctx = kl_tls_mbedtls_ctx_create("cert.pem", "key.pem",

 *                                               NULL, 0, &alloc);

 *   KlConfig config = {

 *       .tls = &(KlTlsConfig){

 *           .ctx = ctx,

 *           .factory = kl_tls_mbedtls_create,

 *           .ctx_destroy = kl_tls_mbedtls_ctx_destroy,

 *       },

 *       ...

 *   };

 *

 * For client-side usage (e.g. Hull HTTP client):

 *   KlAllocator alloc = kl_allocator_default();

 *   KlTlsCtx *ctx = kl_tls_mbedtls_client_ctx_create(NULL, &alloc);

 *   KlTls *tls = kl_tls_mbedtls_create(ctx, &alloc);

 *   tls->handshake(tls, fd);

 *   tls->write(tls, fd, buf, len);

 *   tls->read(tls, fd, buf, len);

 *   tls->shutdown(tls, fd);

 *   tls->destroy(tls);

 *   kl_tls_mbedtls_ctx_destroy(ctx);

 *

 * SPDX-License-Identifier: MIT

 */


#ifndef KEEL_TLS_MBEDTLS_H

#define KEEL_TLS_MBEDTLS_H


#include <keel/tls.h>

#include <keel/allocator.h>


typedef enum {

    KL_MTLS_NONE     = 0,

    KL_MTLS_OPTIONAL = 1,

    KL_MTLS_REQUIRED = 2

} KlMtlsMode;


KlTlsCtx *kl_tls_mbedtls_ctx_create(const char *cert_path,

                                      const char *key_path,

                                      const char *ca_path,

                                      int client_auth,

                                      KlAllocator *alloc);


KlTlsCtx *kl_tls_mbedtls_client_ctx_create(const char *ca_path,

                                              KlAllocator *alloc);


void kl_tls_mbedtls_ctx_destroy(KlTlsCtx *ctx);


KlTls *kl_tls_mbedtls_create(KlTlsCtx *ctx, KlAllocator *alloc);


int kl_tls_mbedtls_set_hostname(KlTls *tls, const char *hostname);


#endif /* KEEL_TLS_MBEDTLS_H */

allocator.h

KlAllocator
Bring-your-own allocator vtable.
Definition allocator.h:12

KlTls
Definition tls.h:27

tls.h

KlTlsCtx
struct KlTlsCtx KlTlsCtx
Opaque per-server TLS context (certificates, keys, ciphers). User-owned — KEEL never inspects or modi...
Definition tls.h:94

kl_tls_mbedtls_ctx_destroy
void kl_tls_mbedtls_ctx_destroy(KlTlsCtx *ctx)
Destroy a TLS context.

KlMtlsMode
KlMtlsMode
Client authentication mode for mTLS.
Definition tls_mbedtls.h:43

KL_MTLS_OPTIONAL
@ KL_MTLS_OPTIONAL
Definition tls_mbedtls.h:45

KL_MTLS_NONE
@ KL_MTLS_NONE
Definition tls_mbedtls.h:44

KL_MTLS_REQUIRED
@ KL_MTLS_REQUIRED
Definition tls_mbedtls.h:46

kl_tls_mbedtls_set_hostname
int kl_tls_mbedtls_set_hostname(KlTls *tls, const char *hostname)
Set the expected server hostname for SNI (client mode).

kl_tls_mbedtls_ctx_create
KlTlsCtx * kl_tls_mbedtls_ctx_create(const char *cert_path, const char *key_path, const char *ca_path, int client_auth, KlAllocator *alloc)
Create a server-side TLS context (certificates + keys).

kl_tls_mbedtls_client_ctx_create
KlTlsCtx * kl_tls_mbedtls_client_ctx_create(const char *ca_path, KlAllocator *alloc)
Create a client-side TLS context (for outbound connections).

kl_tls_mbedtls_create
KlTls * kl_tls_mbedtls_create(KlTlsCtx *ctx, KlAllocator *alloc)
Factory: create a per-connection KlTls session.