objc2_security/generated/
SecProtocolOptions.rs

1//! This file has been automatically generated by `objc2`'s `header-translator`.
2//! DO NOT EDIT
3use core::cell::UnsafeCell;
4use core::ffi::*;
5use core::marker::{PhantomData, PhantomPinned};
6use core::ptr::NonNull;
7#[cfg(feature = "objc2")]
8use objc2::__framework_prelude::*;
9
10use crate::*;
11
12/// A `sec_protocol_options` instance is a container of options for security protocol instances,
13/// such as TLS. Protocol options are used to configure security protocols in the network stack.
14/// For example, clients may set the maximum and minimum allowed TLS versions through protocol
15/// options.
16///
17/// See also [Apple's documentation](https://developer.apple.com/documentation/security/sec_protocol_options?language=objc)
18#[repr(C)]
19#[derive(Debug)]
20pub struct sec_protocol_options {
21    inner: [u8; 0],
22    _p: UnsafeCell<PhantomData<(*const UnsafeCell<()>, PhantomPinned)>>,
23}
24
25#[cfg(feature = "objc2")]
26unsafe impl RefEncode for sec_protocol_options {
27    const ENCODING_REF: Encoding =
28        Encoding::Pointer(&Encoding::Struct("sec_protocol_options", &[]));
29}
30
31/// A `sec_protocol_options` instance is a container of options for security protocol instances,
32/// such as TLS. Protocol options are used to configure security protocols in the network stack.
33/// For example, clients may set the maximum and minimum allowed TLS versions through protocol
34/// options.
35///
36/// See also [Apple's documentation](https://developer.apple.com/documentation/security/sec_protocol_options_t?language=objc)
37pub type sec_protocol_options_t = *mut sec_protocol_options;
38
39impl sec_protocol_options {
40    /// Compare two `sec_protocol_options_t` instances.
41    ///
42    ///
43    /// Parameter `optionsA`: A `sec_protocol_options_t` instance.
44    ///
45    ///
46    /// Parameter `optionsB`: A `sec_protocol_options_t` instance.
47    ///
48    ///
49    /// Returns: True if equal, and false otherwise.
50    ///
51    /// # Safety
52    ///
53    /// - `options_a` must be a valid pointer.
54    /// - `options_b` must be a valid pointer.
55    #[doc(alias = "sec_protocol_options_are_equal")]
56    #[inline]
57    pub unsafe fn are_equal(
58        options_a: sec_protocol_options_t,
59        options_b: sec_protocol_options_t,
60    ) -> bool {
61        extern "C-unwind" {
62            fn sec_protocol_options_are_equal(
63                options_a: sec_protocol_options_t,
64                options_b: sec_protocol_options_t,
65            ) -> bool;
66        }
67        unsafe { sec_protocol_options_are_equal(options_a, options_b) }
68    }
69
70    /// Set the local identity to be used for this protocol instance.
71    ///
72    ///
73    /// Parameter `options`: A `sec_protocol_options_t` instance.
74    ///
75    ///
76    /// Parameter `identity`: A `sec_identity_t` instance carrying the private key and certificate.
77    ///
78    /// # Safety
79    ///
80    /// - `options` must be a valid pointer.
81    /// - `identity` must be a valid pointer.
82    #[doc(alias = "sec_protocol_options_set_local_identity")]
83    #[cfg(feature = "SecProtocolTypes")]
84    #[inline]
85    pub unsafe fn set_local_identity(options: sec_protocol_options_t, identity: sec_identity_t) {
86        extern "C-unwind" {
87            fn sec_protocol_options_set_local_identity(
88                options: sec_protocol_options_t,
89                identity: sec_identity_t,
90            );
91        }
92        unsafe { sec_protocol_options_set_local_identity(options, identity) }
93    }
94
95    /// Append a TLS ciphersuite to the set of enabled ciphersuites.
96    ///
97    ///
98    /// Parameter `options`: A `sec_protocol_options_t` instance.
99    ///
100    ///
101    /// Parameter `ciphersuite`: A `tls_ciphersuite_t` value.
102    ///
103    /// # Safety
104    ///
105    /// `options` must be a valid pointer.
106    #[doc(alias = "sec_protocol_options_append_tls_ciphersuite")]
107    #[cfg(feature = "SecProtocolTypes")]
108    #[inline]
109    pub unsafe fn append_tls_ciphersuite(
110        options: sec_protocol_options_t,
111        ciphersuite: tls_ciphersuite_t,
112    ) {
113        extern "C-unwind" {
114            fn sec_protocol_options_append_tls_ciphersuite(
115                options: sec_protocol_options_t,
116                ciphersuite: tls_ciphersuite_t,
117            );
118        }
119        unsafe { sec_protocol_options_append_tls_ciphersuite(options, ciphersuite) }
120    }
121
122    /// Add a TLS ciphersuite to the set of enabled ciphersuites.
123    ///
124    ///
125    /// Parameter `options`: A `sec_protocol_options_t` instance.
126    ///
127    ///
128    /// Parameter `ciphersuite`: A SSLCipherSuite value.
129    ///
130    /// # Safety
131    ///
132    /// `options` must be a valid pointer.
133    #[doc(alias = "sec_protocol_options_add_tls_ciphersuite")]
134    #[cfg(feature = "CipherSuite")]
135    #[deprecated = "Use sec_protocol_options_append_tls_ciphersuite"]
136    #[inline]
137    pub unsafe fn add_tls_ciphersuite(
138        options: sec_protocol_options_t,
139        ciphersuite: SSLCipherSuite,
140    ) {
141        extern "C-unwind" {
142            fn sec_protocol_options_add_tls_ciphersuite(
143                options: sec_protocol_options_t,
144                ciphersuite: SSLCipherSuite,
145            );
146        }
147        unsafe { sec_protocol_options_add_tls_ciphersuite(options, ciphersuite) }
148    }
149
150    /// Append a TLS ciphersuite group to the set of enabled ciphersuites.
151    ///
152    ///
153    /// Parameter `options`: A `sec_protocol_options_t` instance.
154    ///
155    ///
156    /// Parameter `group`: A tls_ciphersuite_group_t value.
157    ///
158    /// # Safety
159    ///
160    /// `options` must be a valid pointer.
161    #[doc(alias = "sec_protocol_options_append_tls_ciphersuite_group")]
162    #[cfg(feature = "SecProtocolTypes")]
163    #[inline]
164    pub unsafe fn append_tls_ciphersuite_group(
165        options: sec_protocol_options_t,
166        group: tls_ciphersuite_group_t,
167    ) {
168        extern "C-unwind" {
169            fn sec_protocol_options_append_tls_ciphersuite_group(
170                options: sec_protocol_options_t,
171                group: tls_ciphersuite_group_t,
172            );
173        }
174        unsafe { sec_protocol_options_append_tls_ciphersuite_group(options, group) }
175    }
176
177    /// Add a TLS ciphersuite group to the set of enabled ciphersuites.
178    ///
179    ///
180    /// Parameter `options`: A `sec_protocol_options_t` instance.
181    ///
182    ///
183    /// Parameter `group`: A SSLCipherSuiteGroup value.
184    ///
185    /// # Safety
186    ///
187    /// `options` must be a valid pointer.
188    #[doc(alias = "sec_protocol_options_add_tls_ciphersuite_group")]
189    #[cfg(feature = "CipherSuite")]
190    #[deprecated = "Use sec_protocol_options_append_tls_ciphersuite_group"]
191    #[inline]
192    pub unsafe fn add_tls_ciphersuite_group(
193        options: sec_protocol_options_t,
194        group: SSLCiphersuiteGroup,
195    ) {
196        extern "C-unwind" {
197            fn sec_protocol_options_add_tls_ciphersuite_group(
198                options: sec_protocol_options_t,
199                group: SSLCiphersuiteGroup,
200            );
201        }
202        unsafe { sec_protocol_options_add_tls_ciphersuite_group(options, group) }
203    }
204
205    /// Set the minimum support TLS version.
206    ///
207    ///
208    /// Parameter `options`: A `sec_protocol_options_t` instance.
209    ///
210    ///
211    /// Parameter `version`: A SSLProtocol enum value.
212    ///
213    /// # Safety
214    ///
215    /// `options` must be a valid pointer.
216    #[doc(alias = "sec_protocol_options_set_tls_min_version")]
217    #[cfg(feature = "SecProtocolTypes")]
218    #[deprecated]
219    #[inline]
220    pub unsafe fn set_tls_min_version(options: sec_protocol_options_t, version: SSLProtocol) {
221        extern "C-unwind" {
222            fn sec_protocol_options_set_tls_min_version(
223                options: sec_protocol_options_t,
224                version: SSLProtocol,
225            );
226        }
227        unsafe { sec_protocol_options_set_tls_min_version(options, version) }
228    }
229
230    /// Set the minimum support TLS version.
231    ///
232    ///
233    /// Parameter `options`: A `sec_protocol_options_t` instance.
234    ///
235    ///
236    /// Parameter `version`: A tls_protocol_version_t enum value.
237    ///
238    /// # Safety
239    ///
240    /// `options` must be a valid pointer.
241    #[doc(alias = "sec_protocol_options_set_min_tls_protocol_version")]
242    #[cfg(feature = "SecProtocolTypes")]
243    #[inline]
244    pub unsafe fn set_min_tls_protocol_version(
245        options: sec_protocol_options_t,
246        version: tls_protocol_version_t,
247    ) {
248        extern "C-unwind" {
249            fn sec_protocol_options_set_min_tls_protocol_version(
250                options: sec_protocol_options_t,
251                version: tls_protocol_version_t,
252            );
253        }
254        unsafe { sec_protocol_options_set_min_tls_protocol_version(options, version) }
255    }
256
257    /// Get the system default minimum TLS protocol version.
258    ///
259    ///
260    /// Returns: The default minimum TLS version.
261    #[doc(alias = "sec_protocol_options_get_default_min_tls_protocol_version")]
262    #[cfg(feature = "SecProtocolTypes")]
263    #[inline]
264    pub unsafe fn default_min_tls_protocol_version() -> tls_protocol_version_t {
265        extern "C-unwind" {
266            fn sec_protocol_options_get_default_min_tls_protocol_version() -> tls_protocol_version_t;
267        }
268        unsafe { sec_protocol_options_get_default_min_tls_protocol_version() }
269    }
270
271    /// Get the system default minimum DTLS protocol version.
272    ///
273    ///
274    /// Returns: The default minimum DTLS version.
275    #[doc(alias = "sec_protocol_options_get_default_min_dtls_protocol_version")]
276    #[cfg(feature = "SecProtocolTypes")]
277    #[inline]
278    pub unsafe fn default_min_dtls_protocol_version() -> tls_protocol_version_t {
279        extern "C-unwind" {
280            fn sec_protocol_options_get_default_min_dtls_protocol_version() -> tls_protocol_version_t;
281        }
282        unsafe { sec_protocol_options_get_default_min_dtls_protocol_version() }
283    }
284
285    /// Set the maximum support TLS version.
286    ///
287    ///
288    /// Parameter `options`: A `sec_protocol_options_t` instance.
289    ///
290    ///
291    /// Parameter `version`: A SSLProtocol enum value.
292    ///
293    /// # Safety
294    ///
295    /// `options` must be a valid pointer.
296    #[doc(alias = "sec_protocol_options_set_tls_max_version")]
297    #[cfg(feature = "SecProtocolTypes")]
298    #[deprecated]
299    #[inline]
300    pub unsafe fn set_tls_max_version(options: sec_protocol_options_t, version: SSLProtocol) {
301        extern "C-unwind" {
302            fn sec_protocol_options_set_tls_max_version(
303                options: sec_protocol_options_t,
304                version: SSLProtocol,
305            );
306        }
307        unsafe { sec_protocol_options_set_tls_max_version(options, version) }
308    }
309
310    /// Set the maximum support TLS version.
311    ///
312    ///
313    /// Parameter `options`: A `sec_protocol_options_t` instance.
314    ///
315    ///
316    /// Parameter `version`: A tls_protocol_version_t enum value.
317    ///
318    /// # Safety
319    ///
320    /// `options` must be a valid pointer.
321    #[doc(alias = "sec_protocol_options_set_max_tls_protocol_version")]
322    #[cfg(feature = "SecProtocolTypes")]
323    #[inline]
324    pub unsafe fn set_max_tls_protocol_version(
325        options: sec_protocol_options_t,
326        version: tls_protocol_version_t,
327    ) {
328        extern "C-unwind" {
329            fn sec_protocol_options_set_max_tls_protocol_version(
330                options: sec_protocol_options_t,
331                version: tls_protocol_version_t,
332            );
333        }
334        unsafe { sec_protocol_options_set_max_tls_protocol_version(options, version) }
335    }
336
337    /// Get the system default maximum TLS protocol version.
338    ///
339    ///
340    /// Returns: The default maximum TLS version.
341    #[doc(alias = "sec_protocol_options_get_default_max_tls_protocol_version")]
342    #[cfg(feature = "SecProtocolTypes")]
343    #[inline]
344    pub unsafe fn default_max_tls_protocol_version() -> tls_protocol_version_t {
345        extern "C-unwind" {
346            fn sec_protocol_options_get_default_max_tls_protocol_version() -> tls_protocol_version_t;
347        }
348        unsafe { sec_protocol_options_get_default_max_tls_protocol_version() }
349    }
350
351    /// Get the system default maximum DTLS protocol version.
352    ///
353    ///
354    /// Returns: The default maximum DTLS version.
355    #[doc(alias = "sec_protocol_options_get_default_max_dtls_protocol_version")]
356    #[cfg(feature = "SecProtocolTypes")]
357    #[inline]
358    pub unsafe fn default_max_dtls_protocol_version() -> tls_protocol_version_t {
359        extern "C-unwind" {
360            fn sec_protocol_options_get_default_max_dtls_protocol_version() -> tls_protocol_version_t;
361        }
362        unsafe { sec_protocol_options_get_default_max_dtls_protocol_version() }
363    }
364
365    /// For experimental use only. Find out whether Encrypted Client Hello has been enabled.
366    ///
367    ///
368    /// Returns: A boolean that indicates whether or not Encrypted Client Hello has been enabled.
369    ///
370    /// # Safety
371    ///
372    /// `options` must be a valid pointer.
373    #[doc(alias = "sec_protocol_options_get_enable_encrypted_client_hello")]
374    #[inline]
375    pub unsafe fn enabled_encrypted_client_hello(options: sec_protocol_options_t) -> bool {
376        extern "C-unwind" {
377            fn sec_protocol_options_get_enable_encrypted_client_hello(
378                options: sec_protocol_options_t,
379            ) -> bool;
380        }
381        unsafe { sec_protocol_options_get_enable_encrypted_client_hello(options) }
382    }
383
384    /// Check whether the QUIC legacy codepoint has been enabled.
385    ///
386    ///
387    /// Returns: A boolean that indicates whether or not the QUIC legacy codepoint has been
388    /// enabled.
389    ///
390    /// # Safety
391    ///
392    /// `options` must be a valid pointer.
393    #[doc(alias = "sec_protocol_options_get_quic_use_legacy_codepoint")]
394    #[inline]
395    pub unsafe fn quic_use_legacy_codepoint(options: sec_protocol_options_t) -> bool {
396        extern "C-unwind" {
397            fn sec_protocol_options_get_quic_use_legacy_codepoint(
398                options: sec_protocol_options_t,
399            ) -> bool;
400        }
401        unsafe { sec_protocol_options_get_quic_use_legacy_codepoint(options) }
402    }
403
404    /// Add an application protocol supported by clients of this protocol instance.
405    ///
406    ///
407    /// Parameter `options`: A `sec_protocol_options_t` instance.
408    ///
409    ///
410    /// Parameter `application_protocol`: A NULL-terminated string defining the application protocol.
411    ///
412    /// # Safety
413    ///
414    /// - `options` must be a valid pointer.
415    /// - `application_protocol` must be a valid pointer.
416    #[doc(alias = "sec_protocol_options_add_tls_application_protocol")]
417    #[inline]
418    pub unsafe fn add_tls_application_protocol(
419        options: sec_protocol_options_t,
420        application_protocol: NonNull<c_char>,
421    ) {
422        extern "C-unwind" {
423            fn sec_protocol_options_add_tls_application_protocol(
424                options: sec_protocol_options_t,
425                application_protocol: NonNull<c_char>,
426            );
427        }
428        unsafe { sec_protocol_options_add_tls_application_protocol(options, application_protocol) }
429    }
430
431    /// Set the server name to be used when verifying the peer's certificate. This will override
432    /// the server name obtained from the endpoint.
433    ///
434    ///
435    /// Parameter `options`: A `sec_protocol_options_t` instance.
436    ///
437    ///
438    /// Parameter `server_name`: A NULL-terminated string carrying the server name.
439    ///
440    /// # Safety
441    ///
442    /// - `options` must be a valid pointer.
443    /// - `server_name` must be a valid pointer.
444    #[doc(alias = "sec_protocol_options_set_tls_server_name")]
445    #[inline]
446    pub unsafe fn set_tls_server_name(
447        options: sec_protocol_options_t,
448        server_name: NonNull<c_char>,
449    ) {
450        extern "C-unwind" {
451            fn sec_protocol_options_set_tls_server_name(
452                options: sec_protocol_options_t,
453                server_name: NonNull<c_char>,
454            );
455        }
456        unsafe { sec_protocol_options_set_tls_server_name(options, server_name) }
457    }
458
459    /// Enable or disable TLS session ticket support.
460    ///
461    ///
462    /// Parameter `options`: A `sec_protocol_options_t` instance.
463    ///
464    ///
465    /// Parameter `tickets_enabled`: Flag to enable or disable TLS session ticket support.
466    ///
467    /// # Safety
468    ///
469    /// `options` must be a valid pointer.
470    #[doc(alias = "sec_protocol_options_set_tls_tickets_enabled")]
471    #[inline]
472    pub unsafe fn set_tls_tickets_enabled(options: sec_protocol_options_t, tickets_enabled: bool) {
473        extern "C-unwind" {
474            fn sec_protocol_options_set_tls_tickets_enabled(
475                options: sec_protocol_options_t,
476                tickets_enabled: bool,
477            );
478        }
479        unsafe { sec_protocol_options_set_tls_tickets_enabled(options, tickets_enabled) }
480    }
481
482    /// Signal if this is a TLS fallback attempt.
483    ///
484    /// A fallback attempt is one following a previously failed TLS connection
485    /// due to version or parameter incompatibility, e.g., when speaking to a server
486    /// that does not support a client-offered ciphersuite.
487    ///
488    /// Clients MUST NOT enable fallback for fresh connections.
489    ///
490    ///
491    /// Parameter `options`: A `sec_protocol_options_t` instance.
492    ///
493    ///
494    /// Parameter `is_fallback_attempt`: Set a flag indicating that this is a TLS fallback attempt.
495    ///
496    /// # Safety
497    ///
498    /// `options` must be a valid pointer.
499    #[doc(alias = "sec_protocol_options_set_tls_is_fallback_attempt")]
500    #[inline]
501    pub unsafe fn set_tls_is_fallback_attempt(
502        options: sec_protocol_options_t,
503        is_fallback_attempt: bool,
504    ) {
505        extern "C-unwind" {
506            fn sec_protocol_options_set_tls_is_fallback_attempt(
507                options: sec_protocol_options_t,
508                is_fallback_attempt: bool,
509            );
510        }
511        unsafe { sec_protocol_options_set_tls_is_fallback_attempt(options, is_fallback_attempt) }
512    }
513
514    /// Enable or disable TLS session resumption.
515    ///
516    ///
517    /// Parameter `options`: A `sec_protocol_options_t` instance.
518    ///
519    ///
520    /// Parameter `resumption_enabled`: Flag to enable or disable TLS session resumption.
521    ///
522    /// # Safety
523    ///
524    /// `options` must be a valid pointer.
525    #[doc(alias = "sec_protocol_options_set_tls_resumption_enabled")]
526    #[inline]
527    pub unsafe fn set_tls_resumption_enabled(
528        options: sec_protocol_options_t,
529        resumption_enabled: bool,
530    ) {
531        extern "C-unwind" {
532            fn sec_protocol_options_set_tls_resumption_enabled(
533                options: sec_protocol_options_t,
534                resumption_enabled: bool,
535            );
536        }
537        unsafe { sec_protocol_options_set_tls_resumption_enabled(options, resumption_enabled) }
538    }
539
540    /// Enable or disable TLS False Start.
541    ///
542    ///
543    /// Parameter `options`: A `sec_protocol_options_t` instance.
544    ///
545    ///
546    /// Parameter `false_start_enabled`: Flag to enable or disable TLS False Start.
547    ///
548    /// # Safety
549    ///
550    /// `options` must be a valid pointer.
551    #[doc(alias = "sec_protocol_options_set_tls_false_start_enabled")]
552    #[inline]
553    pub unsafe fn set_tls_false_start_enabled(
554        options: sec_protocol_options_t,
555        false_start_enabled: bool,
556    ) {
557        extern "C-unwind" {
558            fn sec_protocol_options_set_tls_false_start_enabled(
559                options: sec_protocol_options_t,
560                false_start_enabled: bool,
561            );
562        }
563        unsafe { sec_protocol_options_set_tls_false_start_enabled(options, false_start_enabled) }
564    }
565
566    /// Enable or disable OCSP support.
567    ///
568    ///
569    /// Parameter `options`: A `sec_protocol_options_t` instance.
570    ///
571    ///
572    /// Parameter `ocsp_enabled`: Flag to enable or disable OCSP support.
573    ///
574    /// # Safety
575    ///
576    /// `options` must be a valid pointer.
577    #[doc(alias = "sec_protocol_options_set_tls_ocsp_enabled")]
578    #[inline]
579    pub unsafe fn set_tls_ocsp_enabled(options: sec_protocol_options_t, ocsp_enabled: bool) {
580        extern "C-unwind" {
581            fn sec_protocol_options_set_tls_ocsp_enabled(
582                options: sec_protocol_options_t,
583                ocsp_enabled: bool,
584            );
585        }
586        unsafe { sec_protocol_options_set_tls_ocsp_enabled(options, ocsp_enabled) }
587    }
588
589    /// Enable or disable SCT (signed certificate timestamp) support.
590    ///
591    ///
592    /// Parameter `options`: A `sec_protocol_options_t` instance.
593    ///
594    ///
595    /// Parameter `sct_enabled`: Flag to enable or disable SCT support.
596    ///
597    /// # Safety
598    ///
599    /// `options` must be a valid pointer.
600    #[doc(alias = "sec_protocol_options_set_tls_sct_enabled")]
601    #[inline]
602    pub unsafe fn set_tls_sct_enabled(options: sec_protocol_options_t, sct_enabled: bool) {
603        extern "C-unwind" {
604            fn sec_protocol_options_set_tls_sct_enabled(
605                options: sec_protocol_options_t,
606                sct_enabled: bool,
607            );
608        }
609        unsafe { sec_protocol_options_set_tls_sct_enabled(options, sct_enabled) }
610    }
611
612    /// Enable or disable TLS (1.2 and prior) session renegotiation. This defaults to `true`.
613    ///
614    ///
615    /// Parameter `options`: A `sec_protocol_options_t` instance.
616    ///
617    ///
618    /// Parameter `renegotiation_enabled`: Flag to enable or disable TLS (1.2 and prior) session renegotiation.
619    ///
620    /// # Safety
621    ///
622    /// `options` must be a valid pointer.
623    #[doc(alias = "sec_protocol_options_set_tls_renegotiation_enabled")]
624    #[inline]
625    pub unsafe fn set_tls_renegotiation_enabled(
626        options: sec_protocol_options_t,
627        renegotiation_enabled: bool,
628    ) {
629        extern "C-unwind" {
630            fn sec_protocol_options_set_tls_renegotiation_enabled(
631                options: sec_protocol_options_t,
632                renegotiation_enabled: bool,
633            );
634        }
635        unsafe {
636            sec_protocol_options_set_tls_renegotiation_enabled(options, renegotiation_enabled)
637        }
638    }
639
640    /// Enable or disable peer authentication. Clients default to true, whereas servers default to false.
641    ///
642    ///
643    /// Parameter `options`: A `sec_protocol_options_t` instance.
644    ///
645    ///
646    /// Parameter `peer_authentication_required`: Flag to enable or disable mandatory peer authentication.
647    ///
648    /// # Safety
649    ///
650    /// `options` must be a valid pointer.
651    #[doc(alias = "sec_protocol_options_set_peer_authentication_required")]
652    #[inline]
653    pub unsafe fn set_peer_authentication_required(
654        options: sec_protocol_options_t,
655        peer_authentication_required: bool,
656    ) {
657        extern "C-unwind" {
658            fn sec_protocol_options_set_peer_authentication_required(
659                options: sec_protocol_options_t,
660                peer_authentication_required: bool,
661            );
662        }
663        unsafe {
664            sec_protocol_options_set_peer_authentication_required(
665                options,
666                peer_authentication_required,
667            )
668        }
669    }
670
671    /// When this is enabled, the endpoint requests the peer certificate, but if none is provided, the
672    /// endpoint still proceeds with the connection. Default false for servers; always false for clients (clients ignore
673    /// this option). If peer_authentication_required is set to true via
674    /// sec_protocol_options_set_peer_authentication_required(), peer_authentication_optional will be disregarded
675    /// and the peer certificate will be required.
676    ///
677    ///
678    /// Parameter `options`: A `sec_protocol_options_t` instance.
679    ///
680    ///
681    /// Parameter `peer_authentication_optional`: Flag to enable or disable requested peer authentication.
682    ///
683    /// # Safety
684    ///
685    /// `options` must be a valid pointer.
686    #[doc(alias = "sec_protocol_options_set_peer_authentication_optional")]
687    #[inline]
688    pub unsafe fn set_peer_authentication_optional(
689        options: sec_protocol_options_t,
690        peer_authentication_optional: bool,
691    ) {
692        extern "C-unwind" {
693            fn sec_protocol_options_set_peer_authentication_optional(
694                options: sec_protocol_options_t,
695                peer_authentication_optional: bool,
696            );
697        }
698        unsafe {
699            sec_protocol_options_set_peer_authentication_optional(
700                options,
701                peer_authentication_optional,
702            )
703        }
704    }
705
706    /// For experimental use only. When this is enabled, the Encrypted Client Hello extension will be sent on the Client
707    /// Hello if TLS 1.3 is among the supported TLS versions. Default false.
708    ///
709    ///
710    /// Parameter `options`: A `sec_protocol_options_t` instance.
711    ///
712    ///
713    /// Parameter `peer_authentication_optional`: Flag to enable or disable Encrypted Client Hello.
714    ///
715    /// # Safety
716    ///
717    /// `options` must be a valid pointer.
718    #[doc(alias = "sec_protocol_options_set_enable_encrypted_client_hello")]
719    #[inline]
720    pub unsafe fn set_enable_encrypted_client_hello(
721        options: sec_protocol_options_t,
722        enable_encrypted_client_hello: bool,
723    ) {
724        extern "C-unwind" {
725            fn sec_protocol_options_set_enable_encrypted_client_hello(
726                options: sec_protocol_options_t,
727                enable_encrypted_client_hello: bool,
728            );
729        }
730        unsafe {
731            sec_protocol_options_set_enable_encrypted_client_hello(
732                options,
733                enable_encrypted_client_hello,
734            )
735        }
736    }
737
738    /// Set QUIC to use the legacy codepoint. Defaults to true.
739    ///
740    ///
741    /// Parameter `options`: A `sec_protocol_options_t` instance.
742    ///
743    ///
744    /// Parameter `quic_use_legacy_codepoint`: A boolean to enable/disable the legacy codepoint.
745    ///
746    /// # Safety
747    ///
748    /// `options` must be a valid pointer.
749    #[doc(alias = "sec_protocol_options_set_quic_use_legacy_codepoint")]
750    #[inline]
751    pub unsafe fn set_quic_use_legacy_codepoint(
752        options: sec_protocol_options_t,
753        quic_use_legacy_codepoint: bool,
754    ) {
755        extern "C-unwind" {
756            fn sec_protocol_options_set_quic_use_legacy_codepoint(
757                options: sec_protocol_options_t,
758                quic_use_legacy_codepoint: bool,
759            );
760        }
761        unsafe {
762            sec_protocol_options_set_quic_use_legacy_codepoint(options, quic_use_legacy_codepoint)
763        }
764    }
765}
766
767/// sec_protocol_key_update_complete_t
768///
769///
770/// Block to be invoked when a key update event is handled.
771///
772/// See also [Apple's documentation](https://developer.apple.com/documentation/security/sec_protocol_key_update_complete_t?language=objc)
773#[cfg(feature = "block2")]
774pub type sec_protocol_key_update_complete_t = *mut block2::DynBlock<dyn Fn()>;
775
776/// sec_protocol_key_update_t
777///
778///
779/// Block to be invoked when the protocol key MUST be updated.
780///
781///
782/// Parameter `metadata`: A `sec_protocol_metadata_t` instance.
783///
784///
785/// Parameter `complete`: A `sec_protocol_key_update_complete_t` to be invoked when the key update is complete.
786///
787/// See also [Apple's documentation](https://developer.apple.com/documentation/security/sec_protocol_key_update_t?language=objc)
788#[cfg(all(feature = "SecProtocolMetadata", feature = "block2"))]
789pub type sec_protocol_key_update_t =
790    *mut block2::DynBlock<dyn Fn(sec_protocol_metadata_t, sec_protocol_key_update_complete_t)>;
791
792/// sec_protocol_challenge_complete_t
793///
794///
795/// Block to be invoked when an identity (authentication) challenge is complete.
796///
797/// Note: prior to macOS 10.15, iOS 13.0, watchOS 6.0, and tvOS 13.0, calling this
798/// block with a NULL `identity` argument was prohibited.
799///
800///
801/// Parameter `identity`: A `sec_identity_t` containing the identity to use for this challenge.
802///
803/// See also [Apple's documentation](https://developer.apple.com/documentation/security/sec_protocol_challenge_complete_t?language=objc)
804#[cfg(all(feature = "SecProtocolTypes", feature = "block2"))]
805pub type sec_protocol_challenge_complete_t = *mut block2::DynBlock<dyn Fn(sec_identity_t)>;
806
807/// sec_protocol_challenge_t
808///
809///
810/// Block to be invoked when the protocol instance is issued a challenge (e.g., a TLS certificate request).
811///
812///
813/// Parameter `metadata`: A `sec_protocol_metadata_t` instance.
814///
815///
816/// Parameter `complete`: A `sec_protocol_challenge_complete_t` to be invoked when the challenge is complete.
817///
818/// See also [Apple's documentation](https://developer.apple.com/documentation/security/sec_protocol_challenge_t?language=objc)
819#[cfg(all(
820    feature = "SecProtocolMetadata",
821    feature = "SecProtocolTypes",
822    feature = "block2"
823))]
824pub type sec_protocol_challenge_t =
825    *mut block2::DynBlock<dyn Fn(sec_protocol_metadata_t, sec_protocol_challenge_complete_t)>;
826
827/// sec_protocol_verify_complete_t
828///
829///
830/// Block to be invoked when verification is complete.
831///
832///
833/// Parameter `result`: A `bool` indicating if verification succeeded or failed.
834///
835/// See also [Apple's documentation](https://developer.apple.com/documentation/security/sec_protocol_verify_complete_t?language=objc)
836#[cfg(feature = "block2")]
837pub type sec_protocol_verify_complete_t = *mut block2::DynBlock<dyn Fn(bool)>;
838
839/// sec_protocol_verify_t
840///
841///
842/// Block to be invoked when the protocol instance must verify the peer.
843///
844/// NOTE: this may be called one or more times for a given connection.
845///
846///
847/// Parameter `metadata`: A `sec_protocol_metadata_t` instance.
848///
849///
850/// Parameter `trust_ref`: A `sec_trust_t` instance.
851///
852///
853/// Parameter `complete`: A `sec_protocol_verify_finish_t` to be invoked when verification is complete.
854///
855/// See also [Apple's documentation](https://developer.apple.com/documentation/security/sec_protocol_verify_t?language=objc)
856#[cfg(all(
857    feature = "SecProtocolMetadata",
858    feature = "SecProtocolTypes",
859    feature = "block2"
860))]
861pub type sec_protocol_verify_t = *mut block2::DynBlock<
862    dyn Fn(sec_protocol_metadata_t, sec_trust_t, sec_protocol_verify_complete_t),
863>;
864
865extern "C-unwind" {
866    #[deprecated = "renamed to `sec_protocol_options::are_equal`"]
867    pub fn sec_protocol_options_are_equal(
868        options_a: sec_protocol_options_t,
869        options_b: sec_protocol_options_t,
870    ) -> bool;
871}
872
873extern "C-unwind" {
874    #[cfg(feature = "SecProtocolTypes")]
875    #[deprecated = "renamed to `sec_protocol_options::set_local_identity`"]
876    pub fn sec_protocol_options_set_local_identity(
877        options: sec_protocol_options_t,
878        identity: sec_identity_t,
879    );
880}
881
882extern "C-unwind" {
883    #[cfg(feature = "SecProtocolTypes")]
884    #[deprecated = "renamed to `sec_protocol_options::append_tls_ciphersuite`"]
885    pub fn sec_protocol_options_append_tls_ciphersuite(
886        options: sec_protocol_options_t,
887        ciphersuite: tls_ciphersuite_t,
888    );
889}
890
891extern "C-unwind" {
892    #[cfg(feature = "CipherSuite")]
893    #[deprecated = "renamed to `sec_protocol_options::add_tls_ciphersuite`"]
894    pub fn sec_protocol_options_add_tls_ciphersuite(
895        options: sec_protocol_options_t,
896        ciphersuite: SSLCipherSuite,
897    );
898}
899
900extern "C-unwind" {
901    #[cfg(feature = "SecProtocolTypes")]
902    #[deprecated = "renamed to `sec_protocol_options::append_tls_ciphersuite_group`"]
903    pub fn sec_protocol_options_append_tls_ciphersuite_group(
904        options: sec_protocol_options_t,
905        group: tls_ciphersuite_group_t,
906    );
907}
908
909extern "C-unwind" {
910    #[cfg(feature = "CipherSuite")]
911    #[deprecated = "renamed to `sec_protocol_options::add_tls_ciphersuite_group`"]
912    pub fn sec_protocol_options_add_tls_ciphersuite_group(
913        options: sec_protocol_options_t,
914        group: SSLCiphersuiteGroup,
915    );
916}
917
918extern "C-unwind" {
919    #[cfg(feature = "SecProtocolTypes")]
920    #[deprecated = "renamed to `sec_protocol_options::set_tls_min_version`"]
921    pub fn sec_protocol_options_set_tls_min_version(
922        options: sec_protocol_options_t,
923        version: SSLProtocol,
924    );
925}
926
927extern "C-unwind" {
928    #[cfg(feature = "SecProtocolTypes")]
929    #[deprecated = "renamed to `sec_protocol_options::set_min_tls_protocol_version`"]
930    pub fn sec_protocol_options_set_min_tls_protocol_version(
931        options: sec_protocol_options_t,
932        version: tls_protocol_version_t,
933    );
934}
935
936extern "C-unwind" {
937    #[cfg(feature = "SecProtocolTypes")]
938    #[deprecated = "renamed to `sec_protocol_options::default_min_tls_protocol_version`"]
939    pub fn sec_protocol_options_get_default_min_tls_protocol_version() -> tls_protocol_version_t;
940}
941
942extern "C-unwind" {
943    #[cfg(feature = "SecProtocolTypes")]
944    #[deprecated = "renamed to `sec_protocol_options::default_min_dtls_protocol_version`"]
945    pub fn sec_protocol_options_get_default_min_dtls_protocol_version() -> tls_protocol_version_t;
946}
947
948extern "C-unwind" {
949    #[cfg(feature = "SecProtocolTypes")]
950    #[deprecated = "renamed to `sec_protocol_options::set_tls_max_version`"]
951    pub fn sec_protocol_options_set_tls_max_version(
952        options: sec_protocol_options_t,
953        version: SSLProtocol,
954    );
955}
956
957extern "C-unwind" {
958    #[cfg(feature = "SecProtocolTypes")]
959    #[deprecated = "renamed to `sec_protocol_options::set_max_tls_protocol_version`"]
960    pub fn sec_protocol_options_set_max_tls_protocol_version(
961        options: sec_protocol_options_t,
962        version: tls_protocol_version_t,
963    );
964}
965
966extern "C-unwind" {
967    #[cfg(feature = "SecProtocolTypes")]
968    #[deprecated = "renamed to `sec_protocol_options::default_max_tls_protocol_version`"]
969    pub fn sec_protocol_options_get_default_max_tls_protocol_version() -> tls_protocol_version_t;
970}
971
972extern "C-unwind" {
973    #[cfg(feature = "SecProtocolTypes")]
974    #[deprecated = "renamed to `sec_protocol_options::default_max_dtls_protocol_version`"]
975    pub fn sec_protocol_options_get_default_max_dtls_protocol_version() -> tls_protocol_version_t;
976}
977
978extern "C-unwind" {
979    #[deprecated = "renamed to `sec_protocol_options::enabled_encrypted_client_hello`"]
980    pub fn sec_protocol_options_get_enable_encrypted_client_hello(
981        options: sec_protocol_options_t,
982    ) -> bool;
983}
984
985extern "C-unwind" {
986    #[deprecated = "renamed to `sec_protocol_options::quic_use_legacy_codepoint`"]
987    pub fn sec_protocol_options_get_quic_use_legacy_codepoint(
988        options: sec_protocol_options_t,
989    ) -> bool;
990}
991
992extern "C-unwind" {
993    #[deprecated = "renamed to `sec_protocol_options::add_tls_application_protocol`"]
994    pub fn sec_protocol_options_add_tls_application_protocol(
995        options: sec_protocol_options_t,
996        application_protocol: NonNull<c_char>,
997    );
998}
999
1000extern "C-unwind" {
1001    #[deprecated = "renamed to `sec_protocol_options::set_tls_server_name`"]
1002    pub fn sec_protocol_options_set_tls_server_name(
1003        options: sec_protocol_options_t,
1004        server_name: NonNull<c_char>,
1005    );
1006}
1007
1008extern "C-unwind" {
1009    #[deprecated = "renamed to `sec_protocol_options::set_tls_tickets_enabled`"]
1010    pub fn sec_protocol_options_set_tls_tickets_enabled(
1011        options: sec_protocol_options_t,
1012        tickets_enabled: bool,
1013    );
1014}
1015
1016extern "C-unwind" {
1017    #[deprecated = "renamed to `sec_protocol_options::set_tls_is_fallback_attempt`"]
1018    pub fn sec_protocol_options_set_tls_is_fallback_attempt(
1019        options: sec_protocol_options_t,
1020        is_fallback_attempt: bool,
1021    );
1022}
1023
1024extern "C-unwind" {
1025    #[deprecated = "renamed to `sec_protocol_options::set_tls_resumption_enabled`"]
1026    pub fn sec_protocol_options_set_tls_resumption_enabled(
1027        options: sec_protocol_options_t,
1028        resumption_enabled: bool,
1029    );
1030}
1031
1032extern "C-unwind" {
1033    #[deprecated = "renamed to `sec_protocol_options::set_tls_false_start_enabled`"]
1034    pub fn sec_protocol_options_set_tls_false_start_enabled(
1035        options: sec_protocol_options_t,
1036        false_start_enabled: bool,
1037    );
1038}
1039
1040extern "C-unwind" {
1041    #[deprecated = "renamed to `sec_protocol_options::set_tls_ocsp_enabled`"]
1042    pub fn sec_protocol_options_set_tls_ocsp_enabled(
1043        options: sec_protocol_options_t,
1044        ocsp_enabled: bool,
1045    );
1046}
1047
1048extern "C-unwind" {
1049    #[deprecated = "renamed to `sec_protocol_options::set_tls_sct_enabled`"]
1050    pub fn sec_protocol_options_set_tls_sct_enabled(
1051        options: sec_protocol_options_t,
1052        sct_enabled: bool,
1053    );
1054}
1055
1056extern "C-unwind" {
1057    #[deprecated = "renamed to `sec_protocol_options::set_tls_renegotiation_enabled`"]
1058    pub fn sec_protocol_options_set_tls_renegotiation_enabled(
1059        options: sec_protocol_options_t,
1060        renegotiation_enabled: bool,
1061    );
1062}
1063
1064extern "C-unwind" {
1065    #[deprecated = "renamed to `sec_protocol_options::set_peer_authentication_required`"]
1066    pub fn sec_protocol_options_set_peer_authentication_required(
1067        options: sec_protocol_options_t,
1068        peer_authentication_required: bool,
1069    );
1070}
1071
1072extern "C-unwind" {
1073    #[deprecated = "renamed to `sec_protocol_options::set_peer_authentication_optional`"]
1074    pub fn sec_protocol_options_set_peer_authentication_optional(
1075        options: sec_protocol_options_t,
1076        peer_authentication_optional: bool,
1077    );
1078}
1079
1080extern "C-unwind" {
1081    #[deprecated = "renamed to `sec_protocol_options::set_enable_encrypted_client_hello`"]
1082    pub fn sec_protocol_options_set_enable_encrypted_client_hello(
1083        options: sec_protocol_options_t,
1084        enable_encrypted_client_hello: bool,
1085    );
1086}
1087
1088extern "C-unwind" {
1089    #[deprecated = "renamed to `sec_protocol_options::set_quic_use_legacy_codepoint`"]
1090    pub fn sec_protocol_options_set_quic_use_legacy_codepoint(
1091        options: sec_protocol_options_t,
1092        quic_use_legacy_codepoint: bool,
1093    );
1094}