/*
 * $Id: tlsreqcnfs.h,v 1.9 2007/06/18 04:40:07 ca Exp $
 */

#ifndef SM_TLSREQCNFS_H
#define SM_TLSREQCNFS_H 1

#include "sm/generic.h"
#include "sm/types.h"
#include "sm/sm-conf.h"
#include "sm/mta.h"
#include "sm/cnf.h"

#if SM_TLSREQCNFDEF
#define EXTERN
#else
#define EXTERN extern
#endif

EXTERN
sm_conf_definition_T const
tlsreq_flag_names[]
#if SM_TLSREQCNFDEF
=
{
{ SM_CONF_DEF_MAGIC, "verified", sm_conf_type_choice_value,
	TLSREQ_FL_VRFD,
	0, NULL, 0, NULL, NULL, NULL, NULL SM_LC_NO_ISSET SM_LC_SET_MAGIC(0) },
{ SM_CONF_DEF_MAGIC, "encrypted",		sm_conf_type_choice_value,
	TLSREQ_FL_ENCR,
	0, NULL, 0, NULL, NULL, NULL, NULL SM_LC_NO_ISSET SM_LC_SET_MAGIC(0) },

/* Sentinel */
{ SM_CONF_DEF_MAGIC, NULL, 0, 0, 0, NULL, 0, NULL, NULL, NULL, NULL SM_LC_NO_ISSET	SM_LC_SET_MAGIC(0)}
}
#endif /* SM_TLSREQCNFDEF */
;

EXTERN
sm_conf_definition_T const
tlsreq_violation[]
#if SM_TLSREQCNFDEF
=
{
{ SM_CONF_DEF_MAGIC, "permfail",		sm_conf_type_choice_value,
	TLSREQ_VIOL_PERM,
	0, NULL, 0, NULL, NULL, NULL,
	"perm fail connection on requirement violation"
	SM_LC_NO_ISSET	SM_LC_SET_MAGIC(0) },
{ SM_CONF_DEF_MAGIC, "tempfail",		sm_conf_type_choice_value,
	TLSREQ_VIOL_TEMP,
	0, NULL, 0, NULL, NULL, NULL,
	"temp fail connection on requirement violation"
	SM_LC_NO_ISSET	SM_LC_SET_MAGIC(0) },
{ SM_CONF_DEF_MAGIC, "abort",		sm_conf_type_choice_value,
	TLSREQ_VIOL_421,
	0, NULL, 0, NULL, NULL, NULL,
	"abort connection on requirement violation"
	SM_LC_NO_ISSET	SM_LC_SET_MAGIC(0) },

/* Sentinel */
{ SM_CONF_DEF_MAGIC, NULL, 0, 0, 0, NULL, 0, NULL, NULL, NULL, NULL SM_LC_NO_ISSET	SM_LC_SET_MAGIC(0)}
}
#endif /* SM_TLSREQCNFDEF */
;


#define TLSREQ_DEFS(strct, sn)	\
{ SM_CONF_DEF_MAGIC, "common_name",	sm_conf_type_string,	\
	offsetof(strct, sn##_common_name),	0,	\
	NULL,	\
	0,	NULL,	NULL,	NULL,	\
	"Common name"	\
	SM_LC_NO_ISSET SM_LC_SET_MAGIC(0) },	\
{ SM_CONF_DEF_MAGIC, "cert_subject",	sm_conf_type_string,	\
	offsetof(strct, sn##_cert_subject),	0,	\
	NULL,	\
	0,	NULL,	NULL,	NULL,	\
	"CERT subject"	\
	SM_LC_NO_ISSET SM_LC_SET_MAGIC(0) },	\
{ SM_CONF_DEF_MAGIC, "cert_issuer",	sm_conf_type_string,	\
	offsetof(strct, sn##_cert_issuer),	0,	\
	NULL,	\
	0,	NULL,	NULL,	NULL,	\
	"CERT issuer"	\
	SM_LC_NO_ISSET SM_LC_SET_MAGIC(0) },	\
{ SM_CONF_DEF_MAGIC, "min_cipher_bits",		sm_conf_type_u32,	\
	offsetof(strct, sn##_min_cipher_bits),	sizeof(uint),	\
	NULL, 0, NULL, NULL, NULL,	\
	"minimum cipher bits"	\
	SM_LC_NO_ISSET SM_LC_SET_MAGIC(0) },	\
{ SM_CONF_DEF_MAGIC, "cipher_bits_min",		sm_conf_type_u32,	\
	offsetof(strct, sn##_min_cipher_bits),	sizeof(uint),	\
	NULL, SM_CONF_FLAG_DPRCD, NULL, NULL, NULL,	\
	"minimum cipher bits (use min_cipher_bits)"	\
	SM_LC_NO_ISSET SM_LC_SET_MAGIC(0) },	\
{ SM_CONF_DEF_MAGIC, "flags",		sm_conf_type_choice,	\
	offsetof(strct, sn##_flags),	sizeof(uint),	\
	NULL,	SM_CONF_FLAG_MULTIPLE, tlsreq_flag_names,	\
	NULL, NULL, NULL	\
	SM_LC_NO_ISSET SM_LC_SET_MAGIC(0) },	\
{ SM_CONF_DEF_MAGIC, "requirements_violation",		sm_conf_type_choice,	\
	offsetof(strct, sn##_viol),	sizeof(uint),	\
	"abort",	\
	SM_CONF_FLAG_KEEP_DEFAULT,	\
	tlsreq_violation,	\
	NULL,	NULL,	\
	"how to treat TLS requirements violation"	\
	SM_LC_NO_ISSET SM_LC_SET_MAGIC(0)	}

#define TLSREQ_STRUCTS(sn)			\
	const char	*sn##_common_name;	\
	const char	*sn##_cert_subject;	\
	const char	*sn##_cert_issuer;	\
	uint		 sn##_flags;	\
	uint		 sn##_min_cipher_bits;	\
	uint		 sn##_viol;

#undef EXTERN

#endif /* SM_TLSREQCNFS_H */