fixes #166 Websocket TLS mapping

This introduces the wss:// scheme, which is available and works like
the ws:// scheme if TLS is enabled in the library.

The library modularization is refactored somewhat, to make it easier
to use.  There is now a single NNG_ENABLE_TLS that enables TLS support
under the hood.

This also adds a new option for the TLS transport, NNG_OPT_TLS_CONFIG
(and a similar one for WSS, NNG_OPT_TLS_WSS_CONFIG) that offer access
to the underlying TLS configuration object, which now has a public API
to go with it as well.

Note that it is also possible to use pure HTTPS using the *private*
API, which will be exposed in a public form soon.

1 files changed, 0 insertions, 84 deletions

diff --git a/src/supplemental/tls.h b/src/supplemental/tls.h
deleted file mode 100644
index da2fe8cd..00000000
--- a/src/supplemental/tls.h
+++ /dev/null
@@ -1,84 +0,0 @@
-//
-// Copyright 2017 Staysail Systems, Inc. <info@staysail.tech>
-// Copyright 2017 Capitar IT Group BV <info@capitar.com>
-//
-// This software is supplied under the terms of the MIT License, a
-// copy of which should be located in the distribution where this
-// file was obtained (LICENSE.txt).  A copy of the license may also be
-// found online at https://opensource.org/licenses/MIT.
-//
-
-#ifndef NNG_SUPPLEMENTAL_TLS_H
-#define NNG_SUPPLEMENTAL_TLS_H
-
-// nni_tls represents the context for a single TLS stream.
-typedef struct nni_tls nni_tls;
-
-// nni_tls_config is the context for full TLS configuration, normally
-// associated with an endpoint, for example.
-typedef struct nni_tls_config nni_tls_config;
-
-#define NNI_TLS_CONFIG_SERVER 1
-#define NNI_TLS_CONFIG_CLIENT 0
-
-extern int  nni_tls_config_init(nni_tls_config **, int);
-extern void nni_tls_config_fini(nni_tls_config *);
-
-// nni_tls_config_server_name is used by clients to set the server name
-// that they expect to be talking to.  This may also support the SNI
-// extension for virtual hosting.
-extern int nni_tls_config_server_name(nni_tls_config *, const char *);
-
-// nni_tls_config_ca_cert configures one or more CAs used for validation
-// of peer certificates.  Multiple CAs (and their chains) may be configured
-// by either calling this multiple times, or by specifying a list of
-// certificates as concatenated data.  The certs may be in PEM or DER
-// format.
-extern int nni_tls_config_ca_cert(nni_tls_config *, const uint8_t *, size_t);
-
-// nni_tls_config_clr loads a certificate revocation list.  Again, these
-// are in X.509 format (either PEM or DER).
-extern int nni_tls_config_crl(nni_tls_config *, const uint8_t *, size_t);
-
-// nni_tls_config_cert is used to load our own certificate.  For servers,
-// this may be called more than once to configure multiple different keys,
-// for example with different algorithms depending on what the peer supports.
-// On the client, only a single option is available.
-extern int nni_tls_config_cert(nni_tls_config *, const uint8_t *crt, size_t);
-extern int nni_tls_config_key(nni_tls_config *, const uint8_t *, size_t);
-extern int nni_tls_config_pass(nni_tls_config *, const char *);
-
-// nni_tls_config_validate_peer is used to enable validation of the peer
-// and it's certificate.  If disabled, the peer's certificate will still
-// be available, but may not be valid.
-extern int nni_tls_config_validate_peer(nni_tls_config *, bool);
-
-// nni_tls_config_auth_mode is a read-ony option that is used to configure
-// the authentication mode use.  The default is that servers have this off
-// (i.e. no client authentication) and clients have it on (they verify
-// the server), which matches typical practice.
-extern int nni_tls_config_auth_mode(nni_tls_config *, int);
-#define NNI_TLS_CONFIG_AUTH_MODE_NONE 0     // No verification is performed
-#define NNI_TLS_CONFIG_AUTH_MODE_OPTIONAL 1 // Verify cert if presented
-#define NNI_TLS_CONFIG_AUTH_MODE_REQUIRED 2 // Verify cert, close if invalid
-
-extern int  nni_tls_init(nni_tls **, nni_tls_config *, nni_plat_tcp_pipe *);
-extern void nni_tls_close(nni_tls *);
-extern void nni_tls_fini(nni_tls *);
-extern void nni_tls_send(nni_tls *, nni_aio *);
-extern void nni_tls_recv(nni_tls *, nni_aio *);
-
-// nni_tls_verified returns true if the peer, or false if the peer did not
-// verify.  (During the handshake phase, the peer is not verified, so this
-// might return false if executed too soon.  The verification status will
-// be accurate once the handshake is finished, however.
-extern int nni_tls_verified(nni_tls *);
-
-// nni_tls_ciphersuite_name returns the name of the ciphersuite in use.
-extern const char *nni_tls_ciphersuite_name(nni_tls *);
-
-// TBD: getting additional peer certificate information...
-
-extern void nni_tls_strerror(int, char *, size_t); // review this
-
-#endif // NNG_SUPPLEMENTAL_TLS_H