- tls hooks support: special tls hooks added in core that allow a module or

 core part to provide a tls implementation. Support for the old in-core
 tls compile options is preserved (but one can compile with either tls
  hooks support or tls-in-core support, not with both in the same time).
Changes were kept to a minimum.
- Makefiles: make TLS=1 deprecated, use instead make TLS_HOOKS=1 or
 make CORE_TLS=1 (if in-core tls support is needed). Added TLS_EXTRA_LIBS
  (e.g. make CORE_TLS=1 TLS_EXTRA_LIBS="-lz -lkrb5").

Makefile

@@ -232,7 +232,7 @@ tar_name=$(NAME)-$(RELEASE)_src
 
 tar_extra_args+=$(addprefix --exclude=$(notdir $(CURDIR))/, \
 					$(auto_gen) $(auto_gen_others))
-ifneq ($(TLS),)
+ifeq ($(CORE_TLS), 1)
 	tar_extra_args+=
 else
 	tar_extra_args+=--exclude=$(notdir $(CURDIR))/tls* 
@@ -242,6 +242,12 @@ ifneq ($(nodeb),)
 	tar_extra_args+=--exclude=$(notdir $(CURDIR))/debian 
 	tar_name:=$(tar_name)_nodeb
 endif
+
+# sanity checks
+ifneq ($(TLS),)
+	$(warning "make TLS option is obsoleted, try TLS_HOOKS or CORE_TLS")
+endif
+
 # include the common rules
 include Makefile.rules
 

Makefile.defs

@@ -51,6 +51,8 @@
 #  2006-03-31  armv6 & mips64 support added
 #              mips and arm set to NOSMP by default (andrei)
 #  2006-07-10  added -DPROFILING (hscholz)
+#  2007-02-09  added TLS_HOOKS and CORE_TLS support, obsoleted TLS=1
+#              added TLS_EXTRA_LIBS (andrei)
 
 
 # check if already included/exported
@@ -67,7 +69,7 @@ MAIN_NAME=ser
 VERSION = 0
 PATCHLEVEL = 10
 SUBLEVEL =   99
-EXTRAVERSION = -dev66
+EXTRAVERSION = -dev67
 
 SER_VER = $(shell expr $(VERSION) \* 1000000 + $(PATCHLEVEL) \* 1000 + \
 			$(SUBLEVEL) )
@@ -102,10 +104,16 @@ OSREL_N= $(shell echo $(OSREL) | sed -e 's/^[^0-9]*//' \
 		[ -n "$$C" ] && R=`expr $$R \* 1000 + $$C`; echo $$R ) )
 
 # TLS support
-TLS ?= 
-ifneq ($(TLS),)
+CORE_TLS ?= 
+TLS_HOOKS ?= 
+ifeq ($(CORE_TLS), 1)
 	RELEASE:=$(RELEASE)-tls
+	TLS_HOOKS:=0
 endif
+ifeq ($(TLS_HOOKS), 1)
+	RELEASE:=$(RELEASE)-tls
+endif
+
 # extra CC command line options (e.g  -march=athlon-mp)
 CC_EXTRA_OPTS ?=
 
@@ -327,8 +335,21 @@ endif
 # -DDISABLE_NAGLE
 #		disable the tcp Nagle algorithm (lower delay)
 # -DUSE_TLS
-#		compiles in tls support, requires -DUSE_TCP. Please use
-#		make TLS=1 instead. (tls support is highly experimental for now)
+#		compiles in tls support, requires -DUSE_TCP. Note: this is only 
+#		generic support (parsing a.s.o.), it does not include the actual
+#		"tls engine". If you really want tls you need also either
+#		-DCORE_TLS and a tls/ subdir with the tls code or -DTLS_HOOKS and
+#		the tls module loaded.
+# -DCORE_TLS
+#		compiles tls in-core support. Requires -DUSE_TLS, conflicts 
+#		-DTLS_HOOKS. Please use make CORE_TLS=1 instead  (it will set all the
+#		needed defines automatically and extra libraries needed for linking).
+# -DTLS_HOOKS
+#		compile tls module support (support for having the "tls engine" in a
+#		module). Requires -DUSE_TLS, conflicts -DCORE_TLS.
+#		Please use make TLS_HOOKS=1 (or TLS_HOOKS=0 to for disabling) instead
+#		of setting -DTLS_HOOKS (it will set all the needed defines 
+#		automatically)
 # -DHAVE_RESOLV_RES
 #		support for changing some of the resolver parameters present
 #		 (_res structure in <resolv.h>)
@@ -395,8 +416,11 @@ DEFS+= $(extra_defs) \
 # use make mode=debug all instead. Anyway no by default ser is  compiled w/ 
 # debugging symbols in all cases (-g). --andrei
 
-ifneq ($(TLS),)
-	DEFS+= -DUSE_TLS
+ifeq ($(CORE_TLS), 1)
+	DEFS+= -DUSE_TLS -DCORE_TLS
+endif
+ifeq ($(TLS_HOOKS), 1)
+	DEFS+= -DUSE_TLS -DTLS_HOOKS
 endif
 
 ifneq ($(STUN),)
@@ -1405,9 +1429,13 @@ ifneq (,$(findstring CYGWIN, $(OS)))
 endif
 
 #add libssl if needed
-ifneq ($(TLS),)
+ifeq ($(CORE_TLS), 1)
 DEFS+= -I$(LOCALBASE)/ssl/include
-LIBS+= -L$(LOCALBASE)/lib -L$(LOCALBASE)/ssl/lib -lssl  -lcrypto
+LIBS+= -L$(LOCALBASE)/lib -L$(LOCALBASE)/ssl/lib -lssl -lcrypto \
+		$(TLS_EXTRA_LIBS)
+# NOTE: depending on the way in which libssl was compiled you might
+#       have to add -lz -lkrb5   (zlib and kerberos5).
+#       E.g.: make CORE_TLS=1 EXTRA_TLS_LIBS="-lz -lkrb5"
 endif
 
 ifneq ($(STUN),)

Makefile.sources

@@ -14,7 +14,7 @@
 sources=$(filter-out $(auto_gen), $(wildcard *.c) $(wildcard mem/*.c) \
 		$(wildcard parser/*.c) $(wildcard parser/digest/*.c) \
 		$(wildcard parser/contact/*.c) $(wildcard db/*.c) ) $(auto_gen)
-ifneq ($(TLS),)
+ifeq ($(CORE_TLS), 1)
 	sources+= $(wildcard tls/*.c)
 endif
 objs=$(sources:.c=.o)

cfg.lex

@@ -272,7 +272,8 @@ TCP_CONNECT_TIMEOUT	"tcp_connect_timeout"
 TCP_CON_LIFETIME	"tcp_connection_lifetime"
 TCP_POLL_METHOD		"tcp_poll_method"
 TCP_MAX_CONNECTIONS	"tcp_max_connections"
-DISABLE_TLS		"disable_tls"
+DISABLE_TLS		"disable_tls"|"tls_disable"
+ENABLE_TLS		"enable_tls"|"tls_enable"
 TLSLOG			"tlslog"|"tls_log"
 TLS_PORT_NO		"tls_port_no"
 TLS_METHOD		"tls_method"
@@ -501,6 +502,7 @@ EAT_ABLE	[\ \t\b\r]
 <INITIAL>{TCP_MAX_CONNECTIONS}	{ count(); yylval.strval=yytext;
 									return TCP_MAX_CONNECTIONS; }
 <INITIAL>{DISABLE_TLS}	{ count(); yylval.strval=yytext; return DISABLE_TLS; }
+<INITIAL>{ENABLE_TLS}	{ count(); yylval.strval=yytext; return ENABLE_TLS; }
 <INITIAL>{TLSLOG}		{ count(); yylval.strval=yytext; return TLS_PORT_NO; }
 <INITIAL>{TLS_PORT_NO}	{ count(); yylval.strval=yytext; return TLS_PORT_NO; }
 <INITIAL>{TLS_METHOD}	{ count(); yylval.strval=yytext; return TLS_METHOD; }

cfg.y

@@ -76,6 +76,8 @@
  *              options (andrei)
  * 2006-10-13  added STUN_ALLOW_STUN, STUN_ALLOW_FP, STUN_REFRESH_INTERVAL
  *              (vlada)
+ * 2007-02-09  separated command needed for tls-in-core and for tls in general
+ *              (andrei)
  */
 
 %{
@@ -104,7 +106,7 @@
 #include "flags.h"
 
 #include "config.h"
-#ifdef USE_TLS
+#ifdef CORE_TLS
 #include "tls/tls_config.h"
 #endif
 
@@ -305,6 +307,7 @@ static struct socket_id* mk_listen_id(char*, int, int);
 %token TCP_POLL_METHOD
 %token TCP_MAX_CONNECTIONS
 %token DISABLE_TLS
+%token ENABLE_TLS
 %token TLSLOG
 %token TLS_PORT_NO
 %token TLS_METHOD
@@ -713,13 +716,21 @@ assign_stm:
 		#endif
 	}
 	| DISABLE_TLS EQUAL error { yyerror("boolean value expected"); }
-	| TLSLOG EQUAL NUMBER {
+	| ENABLE_TLS EQUAL NUMBER {
 		#ifdef USE_TLS
-			tls_log=$3;
+			tls_disable=!($3);
 		#else
 			warn("tls support not compiled in");
 		#endif
 	}
+	| ENABLE_TLS EQUAL error { yyerror("boolean value expected"); }
+	| TLSLOG EQUAL NUMBER {
+		#ifdef CORE_TLS
+			tls_log=$3;
+		#else
+			warn("tls-in-core support not compiled in");
+		#endif
+	}
 	| TLSLOG EQUAL error { yyerror("int value expected"); }
 	| TLS_PORT_NO EQUAL NUMBER {
 		#ifdef USE_TLS
@@ -730,93 +741,93 @@ assign_stm:
 	}
 	| TLS_PORT_NO EQUAL error { yyerror("number expected"); }
 	| TLS_METHOD EQUAL SSLv23 {
-		#ifdef USE_TLS
+		#ifdef CORE_TLS
 			tls_method=TLS_USE_SSLv23;
 		#else
-			warn("tls support not compiled in");
+			warn("tls-in-core support not compiled in");
 		#endif
 	}
 	| TLS_METHOD EQUAL SSLv2 {
-		#ifdef USE_TLS
+		#ifdef CORE_TLS
 			tls_method=TLS_USE_SSLv2;
 		#else
-			warn("tls support not compiled in");
+			warn("tls-in-core support not compiled in");
 		#endif
 	}
 	| TLS_METHOD EQUAL SSLv3 {
-		#ifdef USE_TLS
+		#ifdef CORE_TLS
 			tls_method=TLS_USE_SSLv3;
 		#else
-			warn("tls support not compiled in");
+			warn("tls-in-core support not compiled in");
 		#endif
 	}
 	| TLS_METHOD EQUAL TLSv1 {
-		#ifdef USE_TLS
+		#ifdef CORE_TLS
 			tls_method=TLS_USE_TLSv1;
 		#else
-			warn("tls support not compiled in");
+			warn("tls-in-core support not compiled in");
 		#endif
 	}
 	| TLS_METHOD EQUAL error {
-		#ifdef USE_TLS
+		#ifdef CORE_TLS
 			yyerror("SSLv23, SSLv2, SSLv3 or TLSv1 expected");
 		#else
-			warn("tls support not compiled in");
+			warn("tls-in-core support not compiled in");
 		#endif
 	}
 	| TLS_VERIFY EQUAL NUMBER {
-		#ifdef USE_TLS
+		#ifdef CORE_TLS
 			tls_verify_cert=$3;
 		#else
-			warn("tls support not compiled in");
+			warn("tls-in-core support not compiled in");
 		#endif
 	}
 	| TLS_VERIFY EQUAL error { yyerror("boolean value expected"); }
 	| TLS_REQUIRE_CERTIFICATE EQUAL NUMBER {
-		#ifdef USE_TLS
+		#ifdef CORE_TLS
 			tls_require_cert=$3;
 		#else
-			warn( "tls support not compiled in");
+			warn( "tls-in-core support not compiled in");
 		#endif
 	}
 	| TLS_REQUIRE_CERTIFICATE EQUAL error { yyerror("boolean value expected"); }
 	| TLS_CERTIFICATE EQUAL STRING {
-		#ifdef USE_TLS
+		#ifdef CORE_TLS
 			tls_cert_file=$3;
 		#else
-			warn("tls support not compiled in");
+			warn("tls-in-core support not compiled in");
 		#endif
 	}
 	| TLS_CERTIFICATE EQUAL error { yyerror("string value expected"); }
 	| TLS_PRIVATE_KEY EQUAL STRING {
-		#ifdef USE_TLS
+		#ifdef CORE_TLS
 			tls_pkey_file=$3;
 		#else
-			warn("tls support not compiled in");
+			warn("tls-in-core support not compiled in");
 		#endif
 	}
 	| TLS_PRIVATE_KEY EQUAL error { yyerror("string value expected"); }
 	| TLS_CA_LIST EQUAL STRING {
-		#ifdef USE_TLS
+		#ifdef CORE_TLS
 			tls_ca_file=$3;
 		#else
-			warn("tls support not compiled in");
+			warn("tls-in-core support not compiled in");
 		#endif
 	}
 	| TLS_CA_LIST EQUAL error { yyerror("string value expected"); }
 	| TLS_HANDSHAKE_TIMEOUT EQUAL NUMBER {
-		#ifdef USE_TLS
+		#ifdef CORE_TLS
 			tls_handshake_timeout=$3;
 		#else
-			warn("tls support not compiled in");
+			warn("tls-in-core support not compiled in");
 		#endif
 	}
 	| TLS_HANDSHAKE_TIMEOUT EQUAL error { yyerror("number expected"); }
 	| TLS_SEND_TIMEOUT EQUAL NUMBER {
-		#ifdef USE_TLS
+		#ifdef CORE_TLS
 			tls_send_timeout=$3;
 		#else
-			warn("tls support not compiled in");
+			warn("tls-in-core support not compiled in");
 		#endif
 	}
 	| TLS_SEND_TIMEOUT EQUAL error { yyerror("number expected"); }

main.c

@@ -69,7 +69,9 @@
  *              init_childs(PROC_MAIN) before starting tcp_main, to allow
  *               tcp usage for module started processes (andrei)
  * 2007-01-18  children shutdown procedure moved into shutdown_children;
-*               safer shutdown on start-up error (andrei)
+ *               safer shutdown on start-up error (andrei)
+ * 2007-02-09  TLS support split into tls-in-core (CORE_TLS) and generic TLS 
+ *             (USE_TLS)  (andrei)
  */
 
 
@@ -131,10 +133,14 @@
 #ifdef USE_TCP
 #include "poll_types.h"
 #include "tcp_init.h"
-#ifdef USE_TLS
+#ifdef CORE_TLS
 #include "tls/tls_init.h"
-#endif
-#endif
+#define tls_has_init_si() 1
+#define tls_loaded() 1
+#else
+#include "tls_hooks_init.h"
+#endif /* CORE_TLS */
+#endif /* USE_TCP */
 #include "usr_avp.h"
 #include "core_cmd.h"
 #include "flags.h"
@@ -260,8 +266,12 @@ int tcp_children_no = 0;
 int tcp_disable = 0; /* 1 if tcp is disabled */
 #endif
 #ifdef USE_TLS
-int tls_disable = 0; /* 1 if tls is disabled */
-#endif
+#ifdef	CORE_TLS
+int tls_disable = 0;  /* tls enabled by default */
+#else
+int tls_disable = 1;  /* tls disabled by default */
+#endif /* CORE_TLS */
+#endif /* USE_TLS */
 
 struct process_table *pt=0;		/*array with children pids, 0= main proc,
 									alloc'ed in shared mem if possible*/
@@ -959,7 +969,7 @@ int main_loop()
 			}
 		}
 #ifdef USE_TLS
-		if (!tls_disable){
+		if (!tls_disable && tls_has_init_si()){
 			for(si=tls_listen; si; si=si->next){
 				/* same as for tcp*/
 				if (tls_init(si)==-1)  goto error;
@@ -1553,6 +1563,12 @@ try_again:
 #ifdef USE_TCP
 #ifdef USE_TLS
 	if (!tls_disable){
+		if (!tls_loaded()){
+			LOG(L_WARN, "WARNING: tls support enabled, but no tls engine "
+						" available (forgot to load the tls module?)\n");
+			LOG(L_WARN, "WARNING: disabling tls...\n");
+			tls_disable=1;
+		}
 		/* init tls*/
 		if (init_tls()<0){
 			LOG(L_CRIT, "could not initialize tls, exiting...\n");

tcp_main.c

@@ -120,9 +120,14 @@
 #include "tcp_init.h"
 #include "tsend.h"
 #include "timer_ticks.h"
-#ifdef USE_TLS
+#ifdef CORE_TLS
 #include "tls/tls_server.h"
-#endif 
+#define tls_loaded() 1
+#else
+#include "tls_hooks_init.h"
+#include "tls_hooks.h"
+#endif
+
 #include "tcp_info.h"
 
 #define local_malloc pkg_malloc
@@ -1676,7 +1681,7 @@ void tcp_main_loop()
 		}
 	}
 #ifdef USE_TLS
-	if (!tls_disable){
+	if (!tls_disable && tls_loaded()){
 		for (si=tls_listen; si; si=si->next){
 			if ((si->proto==PROTO_TLS) && (si->socket!=-1)){
 				if (io_watch_add(&io_h, si->socket, F_SOCKINFO, si)<0){

tcp_read.c

@@ -61,8 +61,10 @@
 #include "receive.h"
 #include "timer.h"
 #include "ut.h"
-#ifdef USE_TLS
+#ifdef CORE_TLS
 #include "tls/tls_server.h"
+#else
+#include "tls_hooks.h"
 #endif
 
 #define HANDLE_IO_INLINE

tls_hooks.c

@@ -0,0 +1,77 @@
+/*
+ * $Id$
+ *
+ * Copyright (C) 2007 iptelorg GmbH 
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+/*
+ * tls hooks for modules
+ *
+ * History:
+ * --------
+ *  2007-02-09  created by andrei
+ */
+
+#include "tls_hooks.h"
+#include "tls_hooks_init.h"
+#include "globals.h"
+
+#ifdef TLS_HOOKS
+
+struct tls_hooks tls_hook= {0, 0, 0, 0, 0 ,0 ,0 ,0 ,0 };
+
+static int tls_hooks_loaded=0;
+
+int register_tls_hooks(struct tls_hooks* h)
+{
+	if (!tls_disable){
+		tls_hook=*h;
+		tls_hooks_loaded++;
+		return 0;
+	}
+	return -1;
+}
+
+
+int tls_init(struct socket_info* si)
+{
+	if (tls_hook.init_si)
+		return tls_hook.init_si(si);
+		return -1;
+}
+
+int tls_has_init_si()
+{
+	return (tls_hook.init_si!=0);
+}
+
+int init_tls()
+{
+	if (tls_hook.init)
+		return tls_hook.init();
+	return 0;
+}
+
+void destroy_tls()
+{
+	if (tls_hook.destroy)
+		tls_hook.destroy();
+}
+
+int tls_loaded()
+{
+	return tls_hooks_loaded;
+}
+
+#endif /* TLS_HOOKS */

tls_hooks.h

@@ -0,0 +1,100 @@
+/*
+ * $Id$
+ *
+ * Copyright (C) 2007 iptelorg GmbH 
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+/*
+ * tls hooks for modules
+ *
+ * History:
+ * --------
+ *  2007-02-09  created by andrei
+ */
+
+#ifndef _tls_hooks_h
+#define _tls_hooks_h
+
+#ifdef TLS_HOOKS
+
+#ifndef USE_TLS
+#error "USE_TLS required and not defined (please compile with make \
+	TLS_HOOKS=1)"
+#endif
+
+#ifdef CORE_TLS
+#error "Conflict: CORE_TLS and TLS_HOOKS cannot be defined in the same time"
+#endif
+
+#include "tcp_conn.h"
+
+
+
+struct tls_hooks{
+	int  (*read)(struct tcp_connection* c);
+	int (*blocking_write)(struct tcp_connection* c, int fd, const char* buf,
+							unsigned int len);
+	int  (*on_tcpconn_init)(struct tcp_connection *c, int sock);
+	void (*tcpconn_clean)(struct tcp_connection* c);
+	void (*tcpconn_close)(struct tcp_connection*c , int fd);
+	/* checks if a tls connection is fully established before a read, and if 
+	 * not it runs tls_accept() or tls_connect() as needed
+	 * (tls_accept and tls_connect are deferred to the "reader" process for
+	 *  performance reasons) */
+	int (*fix_read_con)(struct tcp_connection* c);
+	
+	/* per listening socket init, called on ser startup (after modules,
+	 *  process table, init() and udp socket initialization)*/
+	int (*init_si)(struct socket_info* si);
+	/* generic init function (called at ser init, after module initialization
+	 *  and process table creation)*/
+	int (*init)();
+	/* destroy function, called after the modules are destroyed, and 
+	 * after  destroy_tcp() */
+	void (*destroy)();
+};
+
+
+struct tls_hooks tls_hook;
+
+#ifdef __SUNPRO_C
+	#define tls_hook_call(name, ret_not_set, ...) \
+		((tls_hook.name)?(tls_hook.name(__VA_ARGS__)): (ret_not_set))
+	#define tls_hook_call_v(name, __VA_ARGS__) \
+		do{ \
+			if (tls_hook.name) tls_hook.name(__VA_ARGS__); \
+		}while(0)
+#else
+	#define tls_hook_call(name, ret_not_set, args...) \
+		((tls_hook.name)?(tls_hook.name(args)): (ret_not_set))
+	#define tls_hook_call_v(name, args...) \
+		do{ \
+			if (tls_hook.name) tls_hook.name(args); \
+		}while(0)
+#endif
+
+/* hooks */
+
+#define tls_tcpconn_init(c, s)	tls_hook_call(on_tcpconn_init, 0, (c), (s))
+#define tls_tcpconn_clean(c)	tls_hook_call_v(tcpconn_clean, (c))
+#define tls_blocking_write(c, fd, buf, len) \
+	tls_hook_call(blocking_write, -1, (c), (fd), (buf), (len))
+#define tls_close(conn, fd)		tls_hook_call_v(tcpconn_close, (conn), (fd))
+#define tls_read(c)				tls_hook_call(read, -1, (c))
+#define tls_fix_read_conn(c)	tls_hook_call(fix_read_con, -1, (c))
+
+int register_tls_hooks(struct tls_hooks* h);
+
+#endif /* TLS_HOOKS */
+#endif

tls_hooks_init.h

@@ -0,0 +1,50 @@
+/*
+ * $Id$
+ *
+ * Copyright (C) 2007 iptelorg GmbH 
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+/*
+ * tls hooks init
+ *
+ * History:
+ * --------
+ *  2007-02-09  created by andrei
+ */
+
+#ifndef _tls_hooks_init_h
+#define _tls_hooks_init_h
+
+#ifdef TLS_HOOKS
+
+#include "ip_addr.h" /* socket_info */
+
+#ifndef USE_TLS
+#error "USE_TLS required and not defined (please compile with make \
+	TLS_HOOKS=1)"
+#endif
+
+#ifdef CORE_TLS
+#error "Conflict: CORE_TLS and TLS_HOOKS cannot be defined in the same time"
+#endif
+
+
+int tls_loaded();
+int tls_has_init_si(); /*returns true if a handle for tls_init is registered*/
+int tls_init(struct socket_info* si);
+int init_tls();
+void destroy_tls();
+
+#endif /* TLS_HOOKS */
+#endif

version.h

@@ -57,6 +57,18 @@
 #define USE_TLS_STR ""
 #endif
 
+#ifdef CORE_TLS
+#define CORE_TLS_STR ", CORE_TLS"
+#else 
+#define CORE_TLS_STR ""
+#endif
+
+#ifdef TLS_HOOKS
+#define TLS_HOOKS_STR ", TLS_HOOKS"
+#else 
+#define TLS_HOOKS_STR ""
+#endif
+
 
 #ifdef DISABLE_NAGLE
 #define DISABLE_NAGLE_STR ", DISABLE_NAGLE"
@@ -231,6 +243,7 @@
 
 #define SER_COMPILE_FLAGS \
 	STATS_STR EXTRA_DEBUG_STR USE_IPV6_STR USE_TCP_STR USE_TLS_STR \
+	CORE_TLS_STR TLS_HOOKS_STR \
 	USE_STUN_STR DISABLE_NAGLE_STR USE_MCAST_STR NO_DEBUG_STR NO_LOG_STR \
 	NO_SIG_DEBUG_STR DNS_IP_HACK_STR  SHM_MEM_STR SHM_MMAP_STR PKG_MALLOC_STR \
 	VQ_MALLOC_STR F_MALLOC_STR USE_SHM_MEM_STR DBG_QM_MALLOC_STR \