objc2-security 0.3.2

//! This file has been automatically generated by `objc2`'s `header-translator`.
//! DO NOT EDIT
use core::cell::UnsafeCell;
use core::ffi::*;
use core::marker::{PhantomData, PhantomPinned};
use core::ptr::NonNull;
#[cfg(feature = "objc2")]
use objc2::__framework_prelude::*;

use crate::*;

/// A `sec_protocol_options` instance is a container of options for security protocol instances,
/// such as TLS. Protocol options are used to configure security protocols in the network stack.
/// For example, clients may set the maximum and minimum allowed TLS versions through protocol
/// options.
///
/// See also [Apple's documentation](https://developer.apple.com/documentation/security/sec_protocol_options?language=objc)
#[repr(C)]
#[derive(Debug)]
pub struct sec_protocol_options {
    inner: [u8; 0],
    _p: UnsafeCell<PhantomData<(*const UnsafeCell<()>, PhantomPinned)>>,
}

#[cfg(feature = "objc2")]
unsafe impl RefEncode for sec_protocol_options {
    const ENCODING_REF: Encoding =
        Encoding::Pointer(&Encoding::Struct("sec_protocol_options", &[]));
}

/// A `sec_protocol_options` instance is a container of options for security protocol instances,
/// such as TLS. Protocol options are used to configure security protocols in the network stack.
/// For example, clients may set the maximum and minimum allowed TLS versions through protocol
/// options.
///
/// See also [Apple's documentation](https://developer.apple.com/documentation/security/sec_protocol_options_t?language=objc)
pub type sec_protocol_options_t = *mut sec_protocol_options;

impl sec_protocol_options {
    /// Compare two `sec_protocol_options_t` instances.
    ///
    ///
    /// Parameter `optionsA`: A `sec_protocol_options_t` instance.
    ///
    ///
    /// Parameter `optionsB`: A `sec_protocol_options_t` instance.
    ///
    ///
    /// Returns: True if equal, and false otherwise.
    ///
    /// # Safety
    ///
    /// - `options_a` must be a valid pointer.
    /// - `options_b` must be a valid pointer.
    #[doc(alias = "sec_protocol_options_are_equal")]
    #[inline]
    pub unsafe fn are_equal(
        options_a: sec_protocol_options_t,
        options_b: sec_protocol_options_t,
    ) -> bool {
        extern "C-unwind" {
            fn sec_protocol_options_are_equal(
                options_a: sec_protocol_options_t,
                options_b: sec_protocol_options_t,
            ) -> bool;
        }
        unsafe { sec_protocol_options_are_equal(options_a, options_b) }
    }

    /// Set the local identity to be used for this protocol instance.
    ///
    ///
    /// Parameter `options`: A `sec_protocol_options_t` instance.
    ///
    ///
    /// Parameter `identity`: A `sec_identity_t` instance carrying the private key and certificate.
    ///
    /// # Safety
    ///
    /// - `options` must be a valid pointer.
    /// - `identity` must be a valid pointer.
    #[doc(alias = "sec_protocol_options_set_local_identity")]
    #[cfg(feature = "SecProtocolTypes")]
    #[inline]
    pub unsafe fn set_local_identity(options: sec_protocol_options_t, identity: sec_identity_t) {
        extern "C-unwind" {
            fn sec_protocol_options_set_local_identity(
                options: sec_protocol_options_t,
                identity: sec_identity_t,
            );
        }
        unsafe { sec_protocol_options_set_local_identity(options, identity) }
    }

    /// Append a TLS ciphersuite to the set of enabled ciphersuites.
    ///
    ///
    /// Parameter `options`: A `sec_protocol_options_t` instance.
    ///
    ///
    /// Parameter `ciphersuite`: A `tls_ciphersuite_t` value.
    ///
    /// # Safety
    ///
    /// `options` must be a valid pointer.
    #[doc(alias = "sec_protocol_options_append_tls_ciphersuite")]
    #[cfg(feature = "SecProtocolTypes")]
    #[inline]
    pub unsafe fn append_tls_ciphersuite(
        options: sec_protocol_options_t,
        ciphersuite: tls_ciphersuite_t,
    ) {
        extern "C-unwind" {
            fn sec_protocol_options_append_tls_ciphersuite(
                options: sec_protocol_options_t,
                ciphersuite: tls_ciphersuite_t,
            );
        }
        unsafe { sec_protocol_options_append_tls_ciphersuite(options, ciphersuite) }
    }

    /// Add a TLS ciphersuite to the set of enabled ciphersuites.
    ///
    ///
    /// Parameter `options`: A `sec_protocol_options_t` instance.
    ///
    ///
    /// Parameter `ciphersuite`: A SSLCipherSuite value.
    ///
    /// # Safety
    ///
    /// `options` must be a valid pointer.
    #[doc(alias = "sec_protocol_options_add_tls_ciphersuite")]
    #[cfg(feature = "CipherSuite")]
    #[deprecated = "Use sec_protocol_options_append_tls_ciphersuite"]
    #[inline]
    pub unsafe fn add_tls_ciphersuite(
        options: sec_protocol_options_t,
        ciphersuite: SSLCipherSuite,
    ) {
        extern "C-unwind" {
            fn sec_protocol_options_add_tls_ciphersuite(
                options: sec_protocol_options_t,
                ciphersuite: SSLCipherSuite,
            );
        }
        unsafe { sec_protocol_options_add_tls_ciphersuite(options, ciphersuite) }
    }

    /// Append a TLS ciphersuite group to the set of enabled ciphersuites.
    ///
    ///
    /// Parameter `options`: A `sec_protocol_options_t` instance.
    ///
    ///
    /// Parameter `group`: A tls_ciphersuite_group_t value.
    ///
    /// # Safety
    ///
    /// `options` must be a valid pointer.
    #[doc(alias = "sec_protocol_options_append_tls_ciphersuite_group")]
    #[cfg(feature = "SecProtocolTypes")]
    #[inline]
    pub unsafe fn append_tls_ciphersuite_group(
        options: sec_protocol_options_t,
        group: tls_ciphersuite_group_t,
    ) {
        extern "C-unwind" {
            fn sec_protocol_options_append_tls_ciphersuite_group(
                options: sec_protocol_options_t,
                group: tls_ciphersuite_group_t,
            );
        }
        unsafe { sec_protocol_options_append_tls_ciphersuite_group(options, group) }
    }

    /// Add a TLS ciphersuite group to the set of enabled ciphersuites.
    ///
    ///
    /// Parameter `options`: A `sec_protocol_options_t` instance.
    ///
    ///
    /// Parameter `group`: A SSLCipherSuiteGroup value.
    ///
    /// # Safety
    ///
    /// `options` must be a valid pointer.
    #[doc(alias = "sec_protocol_options_add_tls_ciphersuite_group")]
    #[cfg(feature = "CipherSuite")]
    #[deprecated = "Use sec_protocol_options_append_tls_ciphersuite_group"]
    #[inline]
    pub unsafe fn add_tls_ciphersuite_group(
        options: sec_protocol_options_t,
        group: SSLCiphersuiteGroup,
    ) {
        extern "C-unwind" {
            fn sec_protocol_options_add_tls_ciphersuite_group(
                options: sec_protocol_options_t,
                group: SSLCiphersuiteGroup,
            );
        }
        unsafe { sec_protocol_options_add_tls_ciphersuite_group(options, group) }
    }

    /// Set the minimum support TLS version.
    ///
    ///
    /// Parameter `options`: A `sec_protocol_options_t` instance.
    ///
    ///
    /// Parameter `version`: A SSLProtocol enum value.
    ///
    /// # Safety
    ///
    /// `options` must be a valid pointer.
    #[doc(alias = "sec_protocol_options_set_tls_min_version")]
    #[cfg(feature = "SecProtocolTypes")]
    #[deprecated]
    #[inline]
    pub unsafe fn set_tls_min_version(options: sec_protocol_options_t, version: SSLProtocol) {
        extern "C-unwind" {
            fn sec_protocol_options_set_tls_min_version(
                options: sec_protocol_options_t,
                version: SSLProtocol,
            );
        }
        unsafe { sec_protocol_options_set_tls_min_version(options, version) }
    }

    /// Set the minimum support TLS version.
    ///
    ///
    /// Parameter `options`: A `sec_protocol_options_t` instance.
    ///
    ///
    /// Parameter `version`: A tls_protocol_version_t enum value.
    ///
    /// # Safety
    ///
    /// `options` must be a valid pointer.
    #[doc(alias = "sec_protocol_options_set_min_tls_protocol_version")]
    #[cfg(feature = "SecProtocolTypes")]
    #[inline]
    pub unsafe fn set_min_tls_protocol_version(
        options: sec_protocol_options_t,
        version: tls_protocol_version_t,
    ) {
        extern "C-unwind" {
            fn sec_protocol_options_set_min_tls_protocol_version(
                options: sec_protocol_options_t,
                version: tls_protocol_version_t,
            );
        }
        unsafe { sec_protocol_options_set_min_tls_protocol_version(options, version) }
    }

    /// Get the system default minimum TLS protocol version.
    ///
    ///
    /// Returns: The default minimum TLS version.
    #[doc(alias = "sec_protocol_options_get_default_min_tls_protocol_version")]
    #[cfg(feature = "SecProtocolTypes")]
    #[inline]
    pub unsafe fn default_min_tls_protocol_version() -> tls_protocol_version_t {
        extern "C-unwind" {
            fn sec_protocol_options_get_default_min_tls_protocol_version() -> tls_protocol_version_t;
        }
        unsafe { sec_protocol_options_get_default_min_tls_protocol_version() }
    }

    /// Get the system default minimum DTLS protocol version.
    ///
    ///
    /// Returns: The default minimum DTLS version.
    #[doc(alias = "sec_protocol_options_get_default_min_dtls_protocol_version")]
    #[cfg(feature = "SecProtocolTypes")]
    #[inline]
    pub unsafe fn default_min_dtls_protocol_version() -> tls_protocol_version_t {
        extern "C-unwind" {
            fn sec_protocol_options_get_default_min_dtls_protocol_version() -> tls_protocol_version_t;
        }
        unsafe { sec_protocol_options_get_default_min_dtls_protocol_version() }
    }

    /// Set the maximum support TLS version.
    ///
    ///
    /// Parameter `options`: A `sec_protocol_options_t` instance.
    ///
    ///
    /// Parameter `version`: A SSLProtocol enum value.
    ///
    /// # Safety
    ///
    /// `options` must be a valid pointer.
    #[doc(alias = "sec_protocol_options_set_tls_max_version")]
    #[cfg(feature = "SecProtocolTypes")]
    #[deprecated]
    #[inline]
    pub unsafe fn set_tls_max_version(options: sec_protocol_options_t, version: SSLProtocol) {
        extern "C-unwind" {
            fn sec_protocol_options_set_tls_max_version(
                options: sec_protocol_options_t,
                version: SSLProtocol,
            );
        }
        unsafe { sec_protocol_options_set_tls_max_version(options, version) }
    }

    /// Set the maximum support TLS version.
    ///
    ///
    /// Parameter `options`: A `sec_protocol_options_t` instance.
    ///
    ///
    /// Parameter `version`: A tls_protocol_version_t enum value.
    ///
    /// # Safety
    ///
    /// `options` must be a valid pointer.
    #[doc(alias = "sec_protocol_options_set_max_tls_protocol_version")]
    #[cfg(feature = "SecProtocolTypes")]
    #[inline]
    pub unsafe fn set_max_tls_protocol_version(
        options: sec_protocol_options_t,
        version: tls_protocol_version_t,
    ) {
        extern "C-unwind" {
            fn sec_protocol_options_set_max_tls_protocol_version(
                options: sec_protocol_options_t,
                version: tls_protocol_version_t,
            );
        }
        unsafe { sec_protocol_options_set_max_tls_protocol_version(options, version) }
    }

    /// Get the system default maximum TLS protocol version.
    ///
    ///
    /// Returns: The default maximum TLS version.
    #[doc(alias = "sec_protocol_options_get_default_max_tls_protocol_version")]
    #[cfg(feature = "SecProtocolTypes")]
    #[inline]
    pub unsafe fn default_max_tls_protocol_version() -> tls_protocol_version_t {
        extern "C-unwind" {
            fn sec_protocol_options_get_default_max_tls_protocol_version() -> tls_protocol_version_t;
        }
        unsafe { sec_protocol_options_get_default_max_tls_protocol_version() }
    }

    /// Get the system default maximum DTLS protocol version.
    ///
    ///
    /// Returns: The default maximum DTLS version.
    #[doc(alias = "sec_protocol_options_get_default_max_dtls_protocol_version")]
    #[cfg(feature = "SecProtocolTypes")]
    #[inline]
    pub unsafe fn default_max_dtls_protocol_version() -> tls_protocol_version_t {
        extern "C-unwind" {
            fn sec_protocol_options_get_default_max_dtls_protocol_version() -> tls_protocol_version_t;
        }
        unsafe { sec_protocol_options_get_default_max_dtls_protocol_version() }
    }

    /// For experimental use only. Find out whether Encrypted Client Hello has been enabled.
    ///
    ///
    /// Returns: A boolean that indicates whether or not Encrypted Client Hello has been enabled.
    ///
    /// # Safety
    ///
    /// `options` must be a valid pointer.
    #[doc(alias = "sec_protocol_options_get_enable_encrypted_client_hello")]
    #[inline]
    pub unsafe fn enabled_encrypted_client_hello(options: sec_protocol_options_t) -> bool {
        extern "C-unwind" {
            fn sec_protocol_options_get_enable_encrypted_client_hello(
                options: sec_protocol_options_t,
            ) -> bool;
        }
        unsafe { sec_protocol_options_get_enable_encrypted_client_hello(options) }
    }

    /// Check whether the QUIC legacy codepoint has been enabled.
    ///
    ///
    /// Returns: A boolean that indicates whether or not the QUIC legacy codepoint has been
    /// enabled.
    ///
    /// # Safety
    ///
    /// `options` must be a valid pointer.
    #[doc(alias = "sec_protocol_options_get_quic_use_legacy_codepoint")]
    #[inline]
    pub unsafe fn quic_use_legacy_codepoint(options: sec_protocol_options_t) -> bool {
        extern "C-unwind" {
            fn sec_protocol_options_get_quic_use_legacy_codepoint(
                options: sec_protocol_options_t,
            ) -> bool;
        }
        unsafe { sec_protocol_options_get_quic_use_legacy_codepoint(options) }
    }

    /// Add an application protocol supported by clients of this protocol instance.
    ///
    ///
    /// Parameter `options`: A `sec_protocol_options_t` instance.
    ///
    ///
    /// Parameter `application_protocol`: A NULL-terminated string defining the application protocol.
    ///
    /// # Safety
    ///
    /// - `options` must be a valid pointer.
    /// - `application_protocol` must be a valid pointer.
    #[doc(alias = "sec_protocol_options_add_tls_application_protocol")]
    #[inline]
    pub unsafe fn add_tls_application_protocol(
        options: sec_protocol_options_t,
        application_protocol: NonNull<c_char>,
    ) {
        extern "C-unwind" {
            fn sec_protocol_options_add_tls_application_protocol(
                options: sec_protocol_options_t,
                application_protocol: NonNull<c_char>,
            );
        }
        unsafe { sec_protocol_options_add_tls_application_protocol(options, application_protocol) }
    }

    /// Set the server name to be used when verifying the peer's certificate. This will override
    /// the server name obtained from the endpoint.
    ///
    ///
    /// Parameter `options`: A `sec_protocol_options_t` instance.
    ///
    ///
    /// Parameter `server_name`: A NULL-terminated string carrying the server name.
    ///
    /// # Safety
    ///
    /// - `options` must be a valid pointer.
    /// - `server_name` must be a valid pointer.
    #[doc(alias = "sec_protocol_options_set_tls_server_name")]
    #[inline]
    pub unsafe fn set_tls_server_name(
        options: sec_protocol_options_t,
        server_name: NonNull<c_char>,
    ) {
        extern "C-unwind" {
            fn sec_protocol_options_set_tls_server_name(
                options: sec_protocol_options_t,
                server_name: NonNull<c_char>,
            );
        }
        unsafe { sec_protocol_options_set_tls_server_name(options, server_name) }
    }

    /// Enable or disable TLS session ticket support.
    ///
    ///
    /// Parameter `options`: A `sec_protocol_options_t` instance.
    ///
    ///
    /// Parameter `tickets_enabled`: Flag to enable or disable TLS session ticket support.
    ///
    /// # Safety
    ///
    /// `options` must be a valid pointer.
    #[doc(alias = "sec_protocol_options_set_tls_tickets_enabled")]
    #[inline]
    pub unsafe fn set_tls_tickets_enabled(options: sec_protocol_options_t, tickets_enabled: bool) {
        extern "C-unwind" {
            fn sec_protocol_options_set_tls_tickets_enabled(
                options: sec_protocol_options_t,
                tickets_enabled: bool,
            );
        }
        unsafe { sec_protocol_options_set_tls_tickets_enabled(options, tickets_enabled) }
    }

    /// Signal if this is a TLS fallback attempt.
    ///
    /// A fallback attempt is one following a previously failed TLS connection
    /// due to version or parameter incompatibility, e.g., when speaking to a server
    /// that does not support a client-offered ciphersuite.
    ///
    /// Clients MUST NOT enable fallback for fresh connections.
    ///
    ///
    /// Parameter `options`: A `sec_protocol_options_t` instance.
    ///
    ///
    /// Parameter `is_fallback_attempt`: Set a flag indicating that this is a TLS fallback attempt.
    ///
    /// # Safety
    ///
    /// `options` must be a valid pointer.
    #[doc(alias = "sec_protocol_options_set_tls_is_fallback_attempt")]
    #[inline]
    pub unsafe fn set_tls_is_fallback_attempt(
        options: sec_protocol_options_t,
        is_fallback_attempt: bool,
    ) {
        extern "C-unwind" {
            fn sec_protocol_options_set_tls_is_fallback_attempt(
                options: sec_protocol_options_t,
                is_fallback_attempt: bool,
            );
        }
        unsafe { sec_protocol_options_set_tls_is_fallback_attempt(options, is_fallback_attempt) }
    }

    /// Enable or disable TLS session resumption.
    ///
    ///
    /// Parameter `options`: A `sec_protocol_options_t` instance.
    ///
    ///
    /// Parameter `resumption_enabled`: Flag to enable or disable TLS session resumption.
    ///
    /// # Safety
    ///
    /// `options` must be a valid pointer.
    #[doc(alias = "sec_protocol_options_set_tls_resumption_enabled")]
    #[inline]
    pub unsafe fn set_tls_resumption_enabled(
        options: sec_protocol_options_t,
        resumption_enabled: bool,
    ) {
        extern "C-unwind" {
            fn sec_protocol_options_set_tls_resumption_enabled(
                options: sec_protocol_options_t,
                resumption_enabled: bool,
            );
        }
        unsafe { sec_protocol_options_set_tls_resumption_enabled(options, resumption_enabled) }
    }

    /// Enable or disable TLS False Start.
    ///
    ///
    /// Parameter `options`: A `sec_protocol_options_t` instance.
    ///
    ///
    /// Parameter `false_start_enabled`: Flag to enable or disable TLS False Start.
    ///
    /// # Safety
    ///
    /// `options` must be a valid pointer.
    #[doc(alias = "sec_protocol_options_set_tls_false_start_enabled")]
    #[inline]
    pub unsafe fn set_tls_false_start_enabled(
        options: sec_protocol_options_t,
        false_start_enabled: bool,
    ) {
        extern "C-unwind" {
            fn sec_protocol_options_set_tls_false_start_enabled(
                options: sec_protocol_options_t,
                false_start_enabled: bool,
            );
        }
        unsafe { sec_protocol_options_set_tls_false_start_enabled(options, false_start_enabled) }
    }

    /// Enable or disable OCSP support.
    ///
    ///
    /// Parameter `options`: A `sec_protocol_options_t` instance.
    ///
    ///
    /// Parameter `ocsp_enabled`: Flag to enable or disable OCSP support.
    ///
    /// # Safety
    ///
    /// `options` must be a valid pointer.
    #[doc(alias = "sec_protocol_options_set_tls_ocsp_enabled")]
    #[inline]
    pub unsafe fn set_tls_ocsp_enabled(options: sec_protocol_options_t, ocsp_enabled: bool) {
        extern "C-unwind" {
            fn sec_protocol_options_set_tls_ocsp_enabled(
                options: sec_protocol_options_t,
                ocsp_enabled: bool,
            );
        }
        unsafe { sec_protocol_options_set_tls_ocsp_enabled(options, ocsp_enabled) }
    }

    /// Enable or disable SCT (signed certificate timestamp) support.
    ///
    ///
    /// Parameter `options`: A `sec_protocol_options_t` instance.
    ///
    ///
    /// Parameter `sct_enabled`: Flag to enable or disable SCT support.
    ///
    /// # Safety
    ///
    /// `options` must be a valid pointer.
    #[doc(alias = "sec_protocol_options_set_tls_sct_enabled")]
    #[inline]
    pub unsafe fn set_tls_sct_enabled(options: sec_protocol_options_t, sct_enabled: bool) {
        extern "C-unwind" {
            fn sec_protocol_options_set_tls_sct_enabled(
                options: sec_protocol_options_t,
                sct_enabled: bool,
            );
        }
        unsafe { sec_protocol_options_set_tls_sct_enabled(options, sct_enabled) }
    }

    /// Enable or disable TLS (1.2 and prior) session renegotiation. This defaults to `true`.
    ///
    ///
    /// Parameter `options`: A `sec_protocol_options_t` instance.
    ///
    ///
    /// Parameter `renegotiation_enabled`: Flag to enable or disable TLS (1.2 and prior) session renegotiation.
    ///
    /// # Safety
    ///
    /// `options` must be a valid pointer.
    #[doc(alias = "sec_protocol_options_set_tls_renegotiation_enabled")]
    #[inline]
    pub unsafe fn set_tls_renegotiation_enabled(
        options: sec_protocol_options_t,
        renegotiation_enabled: bool,
    ) {
        extern "C-unwind" {
            fn sec_protocol_options_set_tls_renegotiation_enabled(
                options: sec_protocol_options_t,
                renegotiation_enabled: bool,
            );
        }
        unsafe {
            sec_protocol_options_set_tls_renegotiation_enabled(options, renegotiation_enabled)
        }
    }

    /// Enable or disable peer authentication. Clients default to true, whereas servers default to false.
    ///
    ///
    /// Parameter `options`: A `sec_protocol_options_t` instance.
    ///
    ///
    /// Parameter `peer_authentication_required`: Flag to enable or disable mandatory peer authentication.
    ///
    /// # Safety
    ///
    /// `options` must be a valid pointer.
    #[doc(alias = "sec_protocol_options_set_peer_authentication_required")]
    #[inline]
    pub unsafe fn set_peer_authentication_required(
        options: sec_protocol_options_t,
        peer_authentication_required: bool,
    ) {
        extern "C-unwind" {
            fn sec_protocol_options_set_peer_authentication_required(
                options: sec_protocol_options_t,
                peer_authentication_required: bool,
            );
        }
        unsafe {
            sec_protocol_options_set_peer_authentication_required(
                options,
                peer_authentication_required,
            )
        }
    }

    /// When this is enabled, the endpoint requests the peer certificate, but if none is provided, the
    /// endpoint still proceeds with the connection. Default false for servers; always false for clients (clients ignore
    /// this option). If peer_authentication_required is set to true via
    /// sec_protocol_options_set_peer_authentication_required(), peer_authentication_optional will be disregarded
    /// and the peer certificate will be required.
    ///
    ///
    /// Parameter `options`: A `sec_protocol_options_t` instance.
    ///
    ///
    /// Parameter `peer_authentication_optional`: Flag to enable or disable requested peer authentication.
    ///
    /// # Safety
    ///
    /// `options` must be a valid pointer.
    #[doc(alias = "sec_protocol_options_set_peer_authentication_optional")]
    #[inline]
    pub unsafe fn set_peer_authentication_optional(
        options: sec_protocol_options_t,
        peer_authentication_optional: bool,
    ) {
        extern "C-unwind" {
            fn sec_protocol_options_set_peer_authentication_optional(
                options: sec_protocol_options_t,
                peer_authentication_optional: bool,
            );
        }
        unsafe {
            sec_protocol_options_set_peer_authentication_optional(
                options,
                peer_authentication_optional,
            )
        }
    }

    /// For experimental use only. When this is enabled, the Encrypted Client Hello extension will be sent on the Client
    /// Hello if TLS 1.3 is among the supported TLS versions. Default false.
    ///
    ///
    /// Parameter `options`: A `sec_protocol_options_t` instance.
    ///
    ///
    /// Parameter `peer_authentication_optional`: Flag to enable or disable Encrypted Client Hello.
    ///
    /// # Safety
    ///
    /// `options` must be a valid pointer.
    #[doc(alias = "sec_protocol_options_set_enable_encrypted_client_hello")]
    #[inline]
    pub unsafe fn set_enable_encrypted_client_hello(
        options: sec_protocol_options_t,
        enable_encrypted_client_hello: bool,
    ) {
        extern "C-unwind" {
            fn sec_protocol_options_set_enable_encrypted_client_hello(
                options: sec_protocol_options_t,
                enable_encrypted_client_hello: bool,
            );
        }
        unsafe {
            sec_protocol_options_set_enable_encrypted_client_hello(
                options,
                enable_encrypted_client_hello,
            )
        }
    }

    /// Set QUIC to use the legacy codepoint. Defaults to true.
    ///
    ///
    /// Parameter `options`: A `sec_protocol_options_t` instance.
    ///
    ///
    /// Parameter `quic_use_legacy_codepoint`: A boolean to enable/disable the legacy codepoint.
    ///
    /// # Safety
    ///
    /// `options` must be a valid pointer.
    #[doc(alias = "sec_protocol_options_set_quic_use_legacy_codepoint")]
    #[inline]
    pub unsafe fn set_quic_use_legacy_codepoint(
        options: sec_protocol_options_t,
        quic_use_legacy_codepoint: bool,
    ) {
        extern "C-unwind" {
            fn sec_protocol_options_set_quic_use_legacy_codepoint(
                options: sec_protocol_options_t,
                quic_use_legacy_codepoint: bool,
            );
        }
        unsafe {
            sec_protocol_options_set_quic_use_legacy_codepoint(options, quic_use_legacy_codepoint)
        }
    }
}

/// sec_protocol_key_update_complete_t
///
///
/// Block to be invoked when a key update event is handled.
///
/// See also [Apple's documentation](https://developer.apple.com/documentation/security/sec_protocol_key_update_complete_t?language=objc)
#[cfg(feature = "block2")]
pub type sec_protocol_key_update_complete_t = *mut block2::DynBlock<dyn Fn()>;

/// sec_protocol_key_update_t
///
///
/// Block to be invoked when the protocol key MUST be updated.
///
///
/// Parameter `metadata`: A `sec_protocol_metadata_t` instance.
///
///
/// Parameter `complete`: A `sec_protocol_key_update_complete_t` to be invoked when the key update is complete.
///
/// See also [Apple's documentation](https://developer.apple.com/documentation/security/sec_protocol_key_update_t?language=objc)
#[cfg(all(feature = "SecProtocolMetadata", feature = "block2"))]
pub type sec_protocol_key_update_t =
    *mut block2::DynBlock<dyn Fn(sec_protocol_metadata_t, sec_protocol_key_update_complete_t)>;

/// sec_protocol_challenge_complete_t
///
///
/// Block to be invoked when an identity (authentication) challenge is complete.
///
/// Note: prior to macOS 10.15, iOS 13.0, watchOS 6.0, and tvOS 13.0, calling this
/// block with a NULL `identity` argument was prohibited.
///
///
/// Parameter `identity`: A `sec_identity_t` containing the identity to use for this challenge.
///
/// See also [Apple's documentation](https://developer.apple.com/documentation/security/sec_protocol_challenge_complete_t?language=objc)
#[cfg(all(feature = "SecProtocolTypes", feature = "block2"))]
pub type sec_protocol_challenge_complete_t = *mut block2::DynBlock<dyn Fn(sec_identity_t)>;

/// sec_protocol_challenge_t
///
///
/// Block to be invoked when the protocol instance is issued a challenge (e.g., a TLS certificate request).
///
///
/// Parameter `metadata`: A `sec_protocol_metadata_t` instance.
///
///
/// Parameter `complete`: A `sec_protocol_challenge_complete_t` to be invoked when the challenge is complete.
///
/// See also [Apple's documentation](https://developer.apple.com/documentation/security/sec_protocol_challenge_t?language=objc)
#[cfg(all(
    feature = "SecProtocolMetadata",
    feature = "SecProtocolTypes",
    feature = "block2"
))]
pub type sec_protocol_challenge_t =
    *mut block2::DynBlock<dyn Fn(sec_protocol_metadata_t, sec_protocol_challenge_complete_t)>;

/// sec_protocol_verify_complete_t
///
///
/// Block to be invoked when verification is complete.
///
///
/// Parameter `result`: A `bool` indicating if verification succeeded or failed.
///
/// See also [Apple's documentation](https://developer.apple.com/documentation/security/sec_protocol_verify_complete_t?language=objc)
#[cfg(feature = "block2")]
pub type sec_protocol_verify_complete_t = *mut block2::DynBlock<dyn Fn(bool)>;

/// sec_protocol_verify_t
///
///
/// Block to be invoked when the protocol instance must verify the peer.
///
/// NOTE: this may be called one or more times for a given connection.
///
///
/// Parameter `metadata`: A `sec_protocol_metadata_t` instance.
///
///
/// Parameter `trust_ref`: A `sec_trust_t` instance.
///
///
/// Parameter `complete`: A `sec_protocol_verify_finish_t` to be invoked when verification is complete.
///
/// See also [Apple's documentation](https://developer.apple.com/documentation/security/sec_protocol_verify_t?language=objc)
#[cfg(all(
    feature = "SecProtocolMetadata",
    feature = "SecProtocolTypes",
    feature = "block2"
))]
pub type sec_protocol_verify_t = *mut block2::DynBlock<
    dyn Fn(sec_protocol_metadata_t, sec_trust_t, sec_protocol_verify_complete_t),
>;

extern "C-unwind" {
    #[deprecated = "renamed to `sec_protocol_options::are_equal`"]
    pub fn sec_protocol_options_are_equal(
        options_a: sec_protocol_options_t,
        options_b: sec_protocol_options_t,
    ) -> bool;
}

extern "C-unwind" {
    #[cfg(feature = "SecProtocolTypes")]
    #[deprecated = "renamed to `sec_protocol_options::set_local_identity`"]
    pub fn sec_protocol_options_set_local_identity(
        options: sec_protocol_options_t,
        identity: sec_identity_t,
    );
}

extern "C-unwind" {
    #[cfg(feature = "SecProtocolTypes")]
    #[deprecated = "renamed to `sec_protocol_options::append_tls_ciphersuite`"]
    pub fn sec_protocol_options_append_tls_ciphersuite(
        options: sec_protocol_options_t,
        ciphersuite: tls_ciphersuite_t,
    );
}

extern "C-unwind" {
    #[cfg(feature = "CipherSuite")]
    #[deprecated = "renamed to `sec_protocol_options::add_tls_ciphersuite`"]
    pub fn sec_protocol_options_add_tls_ciphersuite(
        options: sec_protocol_options_t,
        ciphersuite: SSLCipherSuite,
    );
}

extern "C-unwind" {
    #[cfg(feature = "SecProtocolTypes")]
    #[deprecated = "renamed to `sec_protocol_options::append_tls_ciphersuite_group`"]
    pub fn sec_protocol_options_append_tls_ciphersuite_group(
        options: sec_protocol_options_t,
        group: tls_ciphersuite_group_t,
    );
}

extern "C-unwind" {
    #[cfg(feature = "CipherSuite")]
    #[deprecated = "renamed to `sec_protocol_options::add_tls_ciphersuite_group`"]
    pub fn sec_protocol_options_add_tls_ciphersuite_group(
        options: sec_protocol_options_t,
        group: SSLCiphersuiteGroup,
    );
}

extern "C-unwind" {
    #[cfg(feature = "SecProtocolTypes")]
    #[deprecated = "renamed to `sec_protocol_options::set_tls_min_version`"]
    pub fn sec_protocol_options_set_tls_min_version(
        options: sec_protocol_options_t,
        version: SSLProtocol,
    );
}

extern "C-unwind" {
    #[cfg(feature = "SecProtocolTypes")]
    #[deprecated = "renamed to `sec_protocol_options::set_min_tls_protocol_version`"]
    pub fn sec_protocol_options_set_min_tls_protocol_version(
        options: sec_protocol_options_t,
        version: tls_protocol_version_t,
    );
}

extern "C-unwind" {
    #[cfg(feature = "SecProtocolTypes")]
    #[deprecated = "renamed to `sec_protocol_options::default_min_tls_protocol_version`"]
    pub fn sec_protocol_options_get_default_min_tls_protocol_version() -> tls_protocol_version_t;
}

extern "C-unwind" {
    #[cfg(feature = "SecProtocolTypes")]
    #[deprecated = "renamed to `sec_protocol_options::default_min_dtls_protocol_version`"]
    pub fn sec_protocol_options_get_default_min_dtls_protocol_version() -> tls_protocol_version_t;
}

extern "C-unwind" {
    #[cfg(feature = "SecProtocolTypes")]
    #[deprecated = "renamed to `sec_protocol_options::set_tls_max_version`"]
    pub fn sec_protocol_options_set_tls_max_version(
        options: sec_protocol_options_t,
        version: SSLProtocol,
    );
}

extern "C-unwind" {
    #[cfg(feature = "SecProtocolTypes")]
    #[deprecated = "renamed to `sec_protocol_options::set_max_tls_protocol_version`"]
    pub fn sec_protocol_options_set_max_tls_protocol_version(
        options: sec_protocol_options_t,
        version: tls_protocol_version_t,
    );
}

extern "C-unwind" {
    #[cfg(feature = "SecProtocolTypes")]
    #[deprecated = "renamed to `sec_protocol_options::default_max_tls_protocol_version`"]
    pub fn sec_protocol_options_get_default_max_tls_protocol_version() -> tls_protocol_version_t;
}

extern "C-unwind" {
    #[cfg(feature = "SecProtocolTypes")]
    #[deprecated = "renamed to `sec_protocol_options::default_max_dtls_protocol_version`"]
    pub fn sec_protocol_options_get_default_max_dtls_protocol_version() -> tls_protocol_version_t;
}

extern "C-unwind" {
    #[deprecated = "renamed to `sec_protocol_options::enabled_encrypted_client_hello`"]
    pub fn sec_protocol_options_get_enable_encrypted_client_hello(
        options: sec_protocol_options_t,
    ) -> bool;
}

extern "C-unwind" {
    #[deprecated = "renamed to `sec_protocol_options::quic_use_legacy_codepoint`"]
    pub fn sec_protocol_options_get_quic_use_legacy_codepoint(
        options: sec_protocol_options_t,
    ) -> bool;
}

extern "C-unwind" {
    #[deprecated = "renamed to `sec_protocol_options::add_tls_application_protocol`"]
    pub fn sec_protocol_options_add_tls_application_protocol(
        options: sec_protocol_options_t,
        application_protocol: NonNull<c_char>,
    );
}

extern "C-unwind" {
    #[deprecated = "renamed to `sec_protocol_options::set_tls_server_name`"]
    pub fn sec_protocol_options_set_tls_server_name(
        options: sec_protocol_options_t,
        server_name: NonNull<c_char>,
    );
}

extern "C-unwind" {
    #[deprecated = "renamed to `sec_protocol_options::set_tls_tickets_enabled`"]
    pub fn sec_protocol_options_set_tls_tickets_enabled(
        options: sec_protocol_options_t,
        tickets_enabled: bool,
    );
}

extern "C-unwind" {
    #[deprecated = "renamed to `sec_protocol_options::set_tls_is_fallback_attempt`"]
    pub fn sec_protocol_options_set_tls_is_fallback_attempt(
        options: sec_protocol_options_t,
        is_fallback_attempt: bool,
    );
}

extern "C-unwind" {
    #[deprecated = "renamed to `sec_protocol_options::set_tls_resumption_enabled`"]
    pub fn sec_protocol_options_set_tls_resumption_enabled(
        options: sec_protocol_options_t,
        resumption_enabled: bool,
    );
}

extern "C-unwind" {
    #[deprecated = "renamed to `sec_protocol_options::set_tls_false_start_enabled`"]
    pub fn sec_protocol_options_set_tls_false_start_enabled(
        options: sec_protocol_options_t,
        false_start_enabled: bool,
    );
}

extern "C-unwind" {
    #[deprecated = "renamed to `sec_protocol_options::set_tls_ocsp_enabled`"]
    pub fn sec_protocol_options_set_tls_ocsp_enabled(
        options: sec_protocol_options_t,
        ocsp_enabled: bool,
    );
}

extern "C-unwind" {
    #[deprecated = "renamed to `sec_protocol_options::set_tls_sct_enabled`"]
    pub fn sec_protocol_options_set_tls_sct_enabled(
        options: sec_protocol_options_t,
        sct_enabled: bool,
    );
}

extern "C-unwind" {
    #[deprecated = "renamed to `sec_protocol_options::set_tls_renegotiation_enabled`"]
    pub fn sec_protocol_options_set_tls_renegotiation_enabled(
        options: sec_protocol_options_t,
        renegotiation_enabled: bool,
    );
}

extern "C-unwind" {
    #[deprecated = "renamed to `sec_protocol_options::set_peer_authentication_required`"]
    pub fn sec_protocol_options_set_peer_authentication_required(
        options: sec_protocol_options_t,
        peer_authentication_required: bool,
    );
}

extern "C-unwind" {
    #[deprecated = "renamed to `sec_protocol_options::set_peer_authentication_optional`"]
    pub fn sec_protocol_options_set_peer_authentication_optional(
        options: sec_protocol_options_t,
        peer_authentication_optional: bool,
    );
}

extern "C-unwind" {
    #[deprecated = "renamed to `sec_protocol_options::set_enable_encrypted_client_hello`"]
    pub fn sec_protocol_options_set_enable_encrypted_client_hello(
        options: sec_protocol_options_t,
        enable_encrypted_client_hello: bool,
    );
}

extern "C-unwind" {
    #[deprecated = "renamed to `sec_protocol_options::set_quic_use_legacy_codepoint`"]
    pub fn sec_protocol_options_set_quic_use_legacy_codepoint(
        options: sec_protocol_options_t,
        quic_use_legacy_codepoint: bool,
    );
}