objc2_security/generated/SecProtocolOptions.rs
1//! This file has been automatically generated by `objc2`'s `header-translator`.
2//! DO NOT EDIT
3use core::cell::UnsafeCell;
4use core::ffi::*;
5use core::marker::{PhantomData, PhantomPinned};
6use core::ptr::NonNull;
7#[cfg(feature = "objc2")]
8use objc2::__framework_prelude::*;
9
10use crate::*;
11
12/// [Apple's documentation](https://developer.apple.com/documentation/security/sec_protocol_options?language=objc)
13#[repr(C)]
14#[derive(Debug)]
15pub struct sec_protocol_options {
16 inner: [u8; 0],
17 _p: UnsafeCell<PhantomData<(*const UnsafeCell<()>, PhantomPinned)>>,
18}
19
20#[cfg(feature = "objc2")]
21unsafe impl RefEncode for sec_protocol_options {
22 const ENCODING_REF: Encoding =
23 Encoding::Pointer(&Encoding::Struct("sec_protocol_options", &[]));
24}
25
26/// [Apple's documentation](https://developer.apple.com/documentation/security/sec_protocol_options_t?language=objc)
27pub type sec_protocol_options_t = *mut sec_protocol_options;
28
29extern "C-unwind" {
30 /// Compare two `sec_protocol_options_t` instances.
31 ///
32 ///
33 /// Parameter `optionsA`: A `sec_protocol_options_t` instance.
34 ///
35 ///
36 /// Parameter `optionsB`: A `sec_protocol_options_t` instance.
37 ///
38 ///
39 /// Returns: True if equal, and false otherwise.
40 pub fn sec_protocol_options_are_equal(
41 options_a: sec_protocol_options_t,
42 options_b: sec_protocol_options_t,
43 ) -> bool;
44}
45
46extern "C-unwind" {
47 /// Set the local identity to be used for this protocol instance.
48 ///
49 ///
50 /// Parameter `options`: A `sec_protocol_options_t` instance.
51 ///
52 ///
53 /// Parameter `identity`: A `sec_identity_t` instance carrying the private key and certificate.
54 #[cfg(feature = "SecProtocolTypes")]
55 pub fn sec_protocol_options_set_local_identity(
56 options: sec_protocol_options_t,
57 identity: sec_identity_t,
58 );
59}
60
61extern "C-unwind" {
62 /// Append a TLS ciphersuite to the set of enabled ciphersuites.
63 ///
64 ///
65 /// Parameter `options`: A `sec_protocol_options_t` instance.
66 ///
67 ///
68 /// Parameter `ciphersuite`: A `tls_ciphersuite_t` value.
69 #[cfg(feature = "SecProtocolTypes")]
70 pub fn sec_protocol_options_append_tls_ciphersuite(
71 options: sec_protocol_options_t,
72 ciphersuite: tls_ciphersuite_t,
73 );
74}
75
76extern "C-unwind" {
77 /// Add a TLS ciphersuite to the set of enabled ciphersuites.
78 ///
79 ///
80 /// Parameter `options`: A `sec_protocol_options_t` instance.
81 ///
82 ///
83 /// Parameter `ciphersuite`: A SSLCipherSuite value.
84 #[cfg(feature = "CipherSuite")]
85 #[deprecated = "Use sec_protocol_options_append_tls_ciphersuite"]
86 pub fn sec_protocol_options_add_tls_ciphersuite(
87 options: sec_protocol_options_t,
88 ciphersuite: SSLCipherSuite,
89 );
90}
91
92extern "C-unwind" {
93 /// Append a TLS ciphersuite group to the set of enabled ciphersuites.
94 ///
95 ///
96 /// Parameter `options`: A `sec_protocol_options_t` instance.
97 ///
98 ///
99 /// Parameter `group`: A tls_ciphersuite_group_t value.
100 #[cfg(feature = "SecProtocolTypes")]
101 pub fn sec_protocol_options_append_tls_ciphersuite_group(
102 options: sec_protocol_options_t,
103 group: tls_ciphersuite_group_t,
104 );
105}
106
107extern "C-unwind" {
108 /// Add a TLS ciphersuite group to the set of enabled ciphersuites.
109 ///
110 ///
111 /// Parameter `options`: A `sec_protocol_options_t` instance.
112 ///
113 ///
114 /// Parameter `group`: A SSLCipherSuiteGroup value.
115 #[cfg(feature = "CipherSuite")]
116 #[deprecated = "Use sec_protocol_options_append_tls_ciphersuite_group"]
117 pub fn sec_protocol_options_add_tls_ciphersuite_group(
118 options: sec_protocol_options_t,
119 group: SSLCiphersuiteGroup,
120 );
121}
122
123extern "C-unwind" {
124 /// Set the minimum support TLS version.
125 ///
126 ///
127 /// Parameter `options`: A `sec_protocol_options_t` instance.
128 ///
129 ///
130 /// Parameter `version`: A SSLProtocol enum value.
131 #[cfg(feature = "SecProtocolTypes")]
132 #[deprecated]
133 pub fn sec_protocol_options_set_tls_min_version(
134 options: sec_protocol_options_t,
135 version: SSLProtocol,
136 );
137}
138
139extern "C-unwind" {
140 /// Set the minimum support TLS version.
141 ///
142 ///
143 /// Parameter `options`: A `sec_protocol_options_t` instance.
144 ///
145 ///
146 /// Parameter `version`: A tls_protocol_version_t enum value.
147 #[cfg(feature = "SecProtocolTypes")]
148 pub fn sec_protocol_options_set_min_tls_protocol_version(
149 options: sec_protocol_options_t,
150 version: tls_protocol_version_t,
151 );
152}
153
154extern "C-unwind" {
155 /// Get the system default minimum TLS protocol version.
156 ///
157 ///
158 /// Returns: The default minimum TLS version.
159 #[cfg(feature = "SecProtocolTypes")]
160 pub fn sec_protocol_options_get_default_min_tls_protocol_version() -> tls_protocol_version_t;
161}
162
163extern "C-unwind" {
164 /// Get the system default minimum DTLS protocol version.
165 ///
166 ///
167 /// Returns: The default minimum DTLS version.
168 #[cfg(feature = "SecProtocolTypes")]
169 pub fn sec_protocol_options_get_default_min_dtls_protocol_version() -> tls_protocol_version_t;
170}
171
172extern "C-unwind" {
173 /// Set the maximum support TLS version.
174 ///
175 ///
176 /// Parameter `options`: A `sec_protocol_options_t` instance.
177 ///
178 ///
179 /// Parameter `version`: A SSLProtocol enum value.
180 #[cfg(feature = "SecProtocolTypes")]
181 #[deprecated]
182 pub fn sec_protocol_options_set_tls_max_version(
183 options: sec_protocol_options_t,
184 version: SSLProtocol,
185 );
186}
187
188extern "C-unwind" {
189 /// Set the maximum support TLS version.
190 ///
191 ///
192 /// Parameter `options`: A `sec_protocol_options_t` instance.
193 ///
194 ///
195 /// Parameter `version`: A tls_protocol_version_t enum value.
196 #[cfg(feature = "SecProtocolTypes")]
197 pub fn sec_protocol_options_set_max_tls_protocol_version(
198 options: sec_protocol_options_t,
199 version: tls_protocol_version_t,
200 );
201}
202
203extern "C-unwind" {
204 /// Get the system default maximum TLS protocol version.
205 ///
206 ///
207 /// Returns: The default maximum TLS version.
208 #[cfg(feature = "SecProtocolTypes")]
209 pub fn sec_protocol_options_get_default_max_tls_protocol_version() -> tls_protocol_version_t;
210}
211
212extern "C-unwind" {
213 /// Get the system default maximum DTLS protocol version.
214 ///
215 ///
216 /// Returns: The default maximum DTLS version.
217 #[cfg(feature = "SecProtocolTypes")]
218 pub fn sec_protocol_options_get_default_max_dtls_protocol_version() -> tls_protocol_version_t;
219}
220
221extern "C-unwind" {
222 /// For experimental use only. Find out whether Encrypted Client Hello has been enabled.
223 ///
224 ///
225 /// Returns: A boolean that indicates whether or not Encrypted Client Hello has been enabled.
226 pub fn sec_protocol_options_get_enable_encrypted_client_hello(
227 options: sec_protocol_options_t,
228 ) -> bool;
229}
230
231extern "C-unwind" {
232 /// Check whether the QUIC legacy codepoint has been enabled.
233 ///
234 ///
235 /// Returns: A boolean that indicates whether or not the QUIC legacy codepoint has been
236 /// enabled.
237 pub fn sec_protocol_options_get_quic_use_legacy_codepoint(
238 options: sec_protocol_options_t,
239 ) -> bool;
240}
241
242extern "C-unwind" {
243 /// Add an application protocol supported by clients of this protocol instance.
244 ///
245 ///
246 /// Parameter `options`: A `sec_protocol_options_t` instance.
247 ///
248 ///
249 /// Parameter `application_protocol`: A NULL-terminated string defining the application protocol.
250 pub fn sec_protocol_options_add_tls_application_protocol(
251 options: sec_protocol_options_t,
252 application_protocol: NonNull<c_char>,
253 );
254}
255
256extern "C-unwind" {
257 /// Set the server name to be used when verifying the peer's certificate. This will override
258 /// the server name obtained from the endpoint.
259 ///
260 ///
261 /// Parameter `options`: A `sec_protocol_options_t` instance.
262 ///
263 ///
264 /// Parameter `server_name`: A NULL-terminated string carrying the server name.
265 pub fn sec_protocol_options_set_tls_server_name(
266 options: sec_protocol_options_t,
267 server_name: NonNull<c_char>,
268 );
269}
270
271extern "C-unwind" {
272 /// Enable or disable TLS session ticket support.
273 ///
274 ///
275 /// Parameter `options`: A `sec_protocol_options_t` instance.
276 ///
277 ///
278 /// Parameter `tickets_enabled`: Flag to enable or disable TLS session ticket support.
279 pub fn sec_protocol_options_set_tls_tickets_enabled(
280 options: sec_protocol_options_t,
281 tickets_enabled: bool,
282 );
283}
284
285extern "C-unwind" {
286 /// Signal if this is a TLS fallback attempt.
287 ///
288 /// A fallback attempt is one following a previously failed TLS connection
289 /// due to version or parameter incompatibility, e.g., when speaking to a server
290 /// that does not support a client-offered ciphersuite.
291 ///
292 /// Clients MUST NOT enable fallback for fresh connections.
293 ///
294 ///
295 /// Parameter `options`: A `sec_protocol_options_t` instance.
296 ///
297 ///
298 /// Parameter `is_fallback_attempt`: Set a flag indicating that this is a TLS fallback attempt.
299 pub fn sec_protocol_options_set_tls_is_fallback_attempt(
300 options: sec_protocol_options_t,
301 is_fallback_attempt: bool,
302 );
303}
304
305extern "C-unwind" {
306 /// Enable or disable TLS session resumption.
307 ///
308 ///
309 /// Parameter `options`: A `sec_protocol_options_t` instance.
310 ///
311 ///
312 /// Parameter `resumption_enabled`: Flag to enable or disable TLS session resumption.
313 pub fn sec_protocol_options_set_tls_resumption_enabled(
314 options: sec_protocol_options_t,
315 resumption_enabled: bool,
316 );
317}
318
319extern "C-unwind" {
320 /// Enable or disable TLS False Start.
321 ///
322 ///
323 /// Parameter `options`: A `sec_protocol_options_t` instance.
324 ///
325 ///
326 /// Parameter `false_start_enabled`: Flag to enable or disable TLS False Start.
327 pub fn sec_protocol_options_set_tls_false_start_enabled(
328 options: sec_protocol_options_t,
329 false_start_enabled: bool,
330 );
331}
332
333extern "C-unwind" {
334 /// Enable or disable OCSP support.
335 ///
336 ///
337 /// Parameter `options`: A `sec_protocol_options_t` instance.
338 ///
339 ///
340 /// Parameter `ocsp_enabled`: Flag to enable or disable OCSP support.
341 pub fn sec_protocol_options_set_tls_ocsp_enabled(
342 options: sec_protocol_options_t,
343 ocsp_enabled: bool,
344 );
345}
346
347extern "C-unwind" {
348 /// Enable or disable SCT (signed certificate timestamp) support.
349 ///
350 ///
351 /// Parameter `options`: A `sec_protocol_options_t` instance.
352 ///
353 ///
354 /// Parameter `sct_enabled`: Flag to enable or disable SCT support.
355 pub fn sec_protocol_options_set_tls_sct_enabled(
356 options: sec_protocol_options_t,
357 sct_enabled: bool,
358 );
359}
360
361extern "C-unwind" {
362 /// Enable or disable TLS (1.2 and prior) session renegotiation. This defaults to `true`.
363 ///
364 ///
365 /// Parameter `options`: A `sec_protocol_options_t` instance.
366 ///
367 ///
368 /// Parameter `renegotiation_enabled`: Flag to enable or disable TLS (1.2 and prior) session renegotiation.
369 pub fn sec_protocol_options_set_tls_renegotiation_enabled(
370 options: sec_protocol_options_t,
371 renegotiation_enabled: bool,
372 );
373}
374
375extern "C-unwind" {
376 /// Enable or disable peer authentication. Clients default to true, whereas servers default to false.
377 ///
378 ///
379 /// Parameter `options`: A `sec_protocol_options_t` instance.
380 ///
381 ///
382 /// Parameter `peer_authentication_required`: Flag to enable or disable mandatory peer authentication.
383 pub fn sec_protocol_options_set_peer_authentication_required(
384 options: sec_protocol_options_t,
385 peer_authentication_required: bool,
386 );
387}
388
389extern "C-unwind" {
390 /// When this is enabled, the endpoint requests the peer certificate, but if none is provided, the
391 /// endpoint still proceeds with the connection. Default false for servers; always false for clients (clients ignore
392 /// this option). If peer_authentication_required is set to true via
393 /// sec_protocol_options_set_peer_authentication_required(), peer_authentication_optional will be disregarded
394 /// and the peer certificate will be required.
395 ///
396 ///
397 /// Parameter `options`: A `sec_protocol_options_t` instance.
398 ///
399 ///
400 /// Parameter `peer_authentication_optional`: Flag to enable or disable requested peer authentication.
401 pub fn sec_protocol_options_set_peer_authentication_optional(
402 options: sec_protocol_options_t,
403 peer_authentication_optional: bool,
404 );
405}
406
407extern "C-unwind" {
408 /// For experimental use only. When this is enabled, the Encrypted Client Hello extension will be sent on the Client
409 /// Hello if TLS 1.3 is among the supported TLS versions. Default false.
410 ///
411 ///
412 /// Parameter `options`: A `sec_protocol_options_t` instance.
413 ///
414 ///
415 /// Parameter `peer_authentication_optional`: Flag to enable or disable Encrypted Client Hello.
416 pub fn sec_protocol_options_set_enable_encrypted_client_hello(
417 options: sec_protocol_options_t,
418 enable_encrypted_client_hello: bool,
419 );
420}
421
422extern "C-unwind" {
423 /// Set QUIC to use the legacy codepoint. Defaults to true.
424 ///
425 ///
426 /// Parameter `options`: A `sec_protocol_options_t` instance.
427 ///
428 ///
429 /// Parameter `quic_use_legacy_codepoint`: A boolean to enable/disable the legacy codepoint.
430 pub fn sec_protocol_options_set_quic_use_legacy_codepoint(
431 options: sec_protocol_options_t,
432 quic_use_legacy_codepoint: bool,
433 );
434}
435
436/// sec_protocol_key_update_complete_t
437///
438///
439/// Block to be invoked when a key update event is handled.
440///
441/// See also [Apple's documentation](https://developer.apple.com/documentation/security/sec_protocol_key_update_complete_t?language=objc)
442#[cfg(feature = "block2")]
443pub type sec_protocol_key_update_complete_t = *mut block2::Block<dyn Fn()>;
444
445/// sec_protocol_key_update_t
446///
447///
448/// Block to be invoked when the protocol key MUST be updated.
449///
450///
451/// Parameter `metadata`: A `sec_protocol_metadata_t` instance.
452///
453///
454/// Parameter `complete`: A `sec_protocol_key_update_complete_t` to be invoked when the key update is complete.
455///
456/// See also [Apple's documentation](https://developer.apple.com/documentation/security/sec_protocol_key_update_t?language=objc)
457#[cfg(all(feature = "SecProtocolMetadata", feature = "block2"))]
458pub type sec_protocol_key_update_t =
459 *mut block2::Block<dyn Fn(sec_protocol_metadata_t, sec_protocol_key_update_complete_t)>;
460
461/// sec_protocol_challenge_complete_t
462///
463///
464/// Block to be invoked when an identity (authentication) challenge is complete.
465///
466/// Note: prior to macOS 10.15, iOS 13.0, watchOS 6.0, and tvOS 13.0, calling this
467/// block with a NULL `identity` argument was prohibited.
468///
469///
470/// Parameter `identity`: A `sec_identity_t` containing the identity to use for this challenge.
471///
472/// See also [Apple's documentation](https://developer.apple.com/documentation/security/sec_protocol_challenge_complete_t?language=objc)
473#[cfg(all(feature = "SecProtocolTypes", feature = "block2"))]
474pub type sec_protocol_challenge_complete_t = *mut block2::Block<dyn Fn(sec_identity_t)>;
475
476/// sec_protocol_challenge_t
477///
478///
479/// Block to be invoked when the protocol instance is issued a challenge (e.g., a TLS certificate request).
480///
481///
482/// Parameter `metadata`: A `sec_protocol_metadata_t` instance.
483///
484///
485/// Parameter `complete`: A `sec_protocol_challenge_complete_t` to be invoked when the challenge is complete.
486///
487/// See also [Apple's documentation](https://developer.apple.com/documentation/security/sec_protocol_challenge_t?language=objc)
488#[cfg(all(
489 feature = "SecProtocolMetadata",
490 feature = "SecProtocolTypes",
491 feature = "block2"
492))]
493pub type sec_protocol_challenge_t =
494 *mut block2::Block<dyn Fn(sec_protocol_metadata_t, sec_protocol_challenge_complete_t)>;
495
496/// sec_protocol_verify_complete_t
497///
498///
499/// Block to be invoked when verification is complete.
500///
501///
502/// Parameter `result`: A `bool` indicating if verification succeeded or failed.
503///
504/// See also [Apple's documentation](https://developer.apple.com/documentation/security/sec_protocol_verify_complete_t?language=objc)
505#[cfg(feature = "block2")]
506pub type sec_protocol_verify_complete_t = *mut block2::Block<dyn Fn(bool)>;
507
508/// sec_protocol_verify_t
509///
510///
511/// Block to be invoked when the protocol instance must verify the peer.
512///
513/// NOTE: this may be called one or more times for a given connection.
514///
515///
516/// Parameter `metadata`: A `sec_protocol_metadata_t` instance.
517///
518///
519/// Parameter `trust_ref`: A `sec_trust_t` instance.
520///
521///
522/// Parameter `complete`: A `sec_protocol_verify_finish_t` to be invoked when verification is complete.
523///
524/// See also [Apple's documentation](https://developer.apple.com/documentation/security/sec_protocol_verify_t?language=objc)
525#[cfg(all(
526 feature = "SecProtocolMetadata",
527 feature = "SecProtocolTypes",
528 feature = "block2"
529))]
530pub type sec_protocol_verify_t = *mut block2::Block<
531 dyn Fn(sec_protocol_metadata_t, sec_trust_t, sec_protocol_verify_complete_t),
532>;