native: implement ssl and security opts

2 files changed, 105 insertions, 1 deletions

diff --git a/src/enums.c b/src/enums.c
index 31a61b4..1228f63 100644
--- a/src/enums.c
+++ b/src/enums.c
@@ -116,6 +116,53 @@ static const struct jurl_enum jurl_enums[] = {
 	{CURLOPT_USE_SSL, CURLUSESSL_CONTROL, "usessl/control"},
 	{CURLOPT_USE_SSL, CURLUSESSL_ALL,     "usessl/all"},
 
+	{CURLOPT_SSLVERSION, CURL_SSLVERSION_DEFAULT,     "sslversion/default"},
+	{CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1,       "sslversion/tlsv1"},
+	{CURLOPT_SSLVERSION, CURL_SSLVERSION_SSLv2,       "sslversion/sslv2"},
+	{CURLOPT_SSLVERSION, CURL_SSLVERSION_SSLv3,       "sslversion/sslv3"},
+#if CURL_AT_LEAST_VERSION(7,34,0)
+	{CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1_0,     "sslversion/tlsv1.0"},
+	{CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1_1,     "sslversion/tlsv1.1"},
+	{CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1_2,     "sslversion/tlsv1.2"},
+#endif
+#if CURL_AT_LEAST_VERSION(7,52,0)
+	{CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1_3,     "sslversion/tlsv1.3"},
+#endif
+#if CURL_AT_LEAST_VERSION(7,54,0)
+	{CURLOPT_SSLVERSION, CURL_SSLVERSION_MAX_DEFAULT, "sslversion/max-default"},
+	{CURLOPT_SSLVERSION, CURL_SSLVERSION_MAX_TLSv1_0, "sslversion/max-tlsv1.0"},
+	{CURLOPT_SSLVERSION, CURL_SSLVERSION_MAX_TLSv1_1, "sslversion/max-tlsv1.1"},
+	{CURLOPT_SSLVERSION, CURL_SSLVERSION_MAX_TLSv1_2, "sslversion/max-tlsv1.2"},
+	{CURLOPT_SSLVERSION, CURL_SSLVERSION_MAX_TLSv1_3, "sslversion/max-tlsv1.3"},
+#endif
+
+	{CURLOPT_SSL_OPTIONS,       CURLSSLOPT_ALLOW_BEAST,        "sslopt/allow-beast"},
+	{CURLOPT_PROXY_SSL_OPTIONS, CURLSSLOPT_ALLOW_BEAST,        "sslopt/allow-beast"},
+#if CURL_AT_LEAST_VERSION(7,44,0)
+	{CURLOPT_SSL_OPTIONS,       CURLSSLOPT_NO_REVOKE,          "sslopt/no-revoke"},
+	{CURLOPT_PROXY_SSL_OPTIONS, CURLSSLOPT_NO_REVOKE,          "sslopt/no-revoke"},
+#endif
+#if CURL_AT_LEAST_VERSION(7,68,0)
+	{CURLOPT_SSL_OPTIONS,       CURLSSLOPT_NO_PARTIALCHAIN,    "sslopt/no-partialchain"},
+	{CURLOPT_PROXY_SSL_OPTIONS, CURLSSLOPT_NO_PARTIALCHAIN,    "sslopt/no-partialchain"},
+#endif
+#if CURL_AT_LEAST_VERSION(7,70,0)
+	{CURLOPT_SSL_OPTIONS,       CURLSSLOPT_REVOKE_BEST_EFFORT, "sslopt/revoke-best-effort"},
+	{CURLOPT_PROXY_SSL_OPTIONS, CURLSSLOPT_REVOKE_BEST_EFFORT, "sslopt/revoke-best-effort"},
+#endif
+#if CURL_AT_LEAST_VERSION(7,71,0)
+	{CURLOPT_SSL_OPTIONS,       CURLSSLOPT_NATIVE_CA,          "sslopt/native-ca"},
+	{CURLOPT_PROXY_SSL_OPTIONS, CURLSSLOPT_NATIVE_CA,          "sslopt/native-ca"},
+#endif
+#if CURL_AT_LEAST_VERSION(7,77,0)
+	{CURLOPT_SSL_OPTIONS,       CURLSSLOPT_AUTO_CLIENT_CERT,   "sslopt/auto-client-cert"},
+	{CURLOPT_PROXY_SSL_OPTIONS, CURLSSLOPT_AUTO_CLIENT_CERT,   "sslopt/auto-client-cert"},
+#endif
+
+	{CURLOPT_GSSAPI_DELEGATION, CURLGSSAPI_DELEGATION_NONE,        "gssapi-delegation/none"},
+	{CURLOPT_GSSAPI_DELEGATION, CURLGSSAPI_DELEGATION_FLAG,        "gssapi-delegation/flag"},
+	{CURLOPT_GSSAPI_DELEGATION, CURLGSSAPI_DELEGATION_POLICY_FLAG, "gssapi-delegation/policy-flag"},
+
 	{CURLOPT_SSH_AUTH_TYPES, CURLSSH_AUTH_PUBLICKEY, "ssh-auth/publickey"},
 	{CURLOPT_SSH_AUTH_TYPES, CURLSSH_AUTH_PASSWORD,  "ssh-auth/password"},
 	{CURLOPT_SSH_AUTH_TYPES, CURLSSH_AUTH_HOST,      "ssh-auth/host"},
diff --git a/src/setopt.c b/src/setopt.c
index c0e64ce..e000731 100644
--- a/src/setopt.c
+++ b/src/setopt.c
@@ -263,7 +263,64 @@ static const struct jurl_opt jurl_opts[] = {
 	{CURLOPT_UPKEEP_INTERVAL_MS,        "upkeep-interval-ms",        JURL_PARAMTYPE_LONG},
 
 	// * ssl and security options
-	// TODO: holy shit it's long and I'm bored
+	{CURLOPT_SSLCERT,               "sslcert",               JURL_PARAMTYPE_STRING},
+	// TODO: sslcert-blob: curl_blob
+	{CURLOPT_PROXY_SSLCERT,         "proxy-sslcert",         JURL_PARAMTYPE_STRING},
+	// TODO: proxy-sslcert-blob: curl_blob
+	{CURLOPT_SSLCERTTYPE,           "sslcerttype",           JURL_PARAMTYPE_STRING}, // not type checked, PEM|DER|P12
+	{CURLOPT_PROXY_SSLCERTTYPE,     "proxy-sslcerttype",     JURL_PARAMTYPE_STRING},
+	{CURLOPT_SSLKEY,                "sslkey",                JURL_PARAMTYPE_STRING},
+	// TODO: sslkey-blob: curl_blob
+	{CURLOPT_PROXY_SSLKEY,          "proxy-sslkey",          JURL_PARAMTYPE_STRING},
+	// TODO: proxy-sslkey-blob: curl_blob
+	{CURLOPT_SSLKEYTYPE,            "sslkeytype",            JURL_PARAMTYPE_STRING}, // PEM|DER|ENG
+	{CURLOPT_PROXY_SSLKEYTYPE,      "proxy-sslkeytype",      JURL_PARAMTYPE_STRING},
+	{CURLOPT_KEYPASSWD,             "keypasswd",             JURL_PARAMTYPE_STRING},
+	{CURLOPT_PROXY_KEYPASSWD,       "proxy-keypasswd",       JURL_PARAMTYPE_STRING},
+	{CURLOPT_SSL_EC_CURVES,         "ssl-ec-curves",         JURL_PARAMTYPE_STRING},
+	{CURLOPT_SSL_ENABLE_ALPN,       "ssl-enable-alpn",       JURL_PARAMTYPE_BOOLEAN},
+	{CURLOPT_SSL_ENABLE_NPN,        "ssl-enable-npn",        JURL_PARAMTYPE_BOOLEAN},
+	{CURLOPT_SSLENGINE,             "sslengine",             JURL_PARAMTYPE_STRING},
+	{CURLOPT_SSLENGINE_DEFAULT,     "sslengine-default",     JURL_PARAMTYPE_STRING},
+	{CURLOPT_SSL_FALSESTART,        "ssl-falsestart",        JURL_PARAMTYPE_BOOLEAN},
+	{CURLOPT_SSLVERSION,            "sslversion",            JURL_PARAMTYPE_ENUM},   // you can only set one min one max
+	{CURLOPT_SSL_VERIFYHOST,        "ssl-verifyhost",        JURL_PARAMTYPE_LONG},
+	{CURLOPT_DOH_SSL_VERIFYHOST,    "doh-ssl-verifyhost",    JURL_PARAMTYPE_LONG},
+	{CURLOPT_PROXY_SSL_VERIFYHOST,  "proxy-ssl-verifyhost",  JURL_PARAMTYPE_LONG},
+	{CURLOPT_SSL_VERIFYPEER,        "ssl-verifypeer",        JURL_PARAMTYPE_BOOLEAN},
+	{CURLOPT_DOH_SSL_VERIFYPEER,    "doh-ssl-verifypeer",    JURL_PARAMTYPE_BOOLEAN},
+	{CURLOPT_PROXY_SSL_VERIFYPEER,  "proxy-ssl-verifypeer",  JURL_PARAMTYPE_BOOLEAN},
+	{CURLOPT_SSL_VERIFYSTATUS,      "ssl-verifystatus",      JURL_PARAMTYPE_BOOLEAN},
+	{CURLOPT_DOH_SSL_VERIFYSTATUS,  "doh-ssl-verifystatus",  JURL_PARAMTYPE_BOOLEAN},
+	{CURLOPT_CAINFO,                "cainfo",                JURL_PARAMTYPE_STRING},
+	// TODO: cainfo-blob: curl_blob
+	{CURLOPT_PROXY_CAINFO,          "proxy-cainfo",          JURL_PARAMTYPE_STRING},
+	// TODO: proxy-cainfo-blob: curl_blob
+	{CURLOPT_ISSUERCERT,            "issuercert",            JURL_PARAMTYPE_STRING},
+	// TODO: issuercert-blob: curl_blob
+	{CURLOPT_PROXY_ISSUERCERT,      "proxy-issuercert",      JURL_PARAMTYPE_STRING},
+	// TODO: proxy-issuercert-blob: curl_blob
+	{CURLOPT_CAPATH,                "capath",                JURL_PARAMTYPE_STRING}, // this is important for static linking
+	{CURLOPT_PROXY_CAPATH,          "proxy-capath",          JURL_PARAMTYPE_STRING},
+	{CURLOPT_CRLFILE,               "crlfile",               JURL_PARAMTYPE_STRING},
+	{CURLOPT_PROXY_CRLFILE,         "proxy-crlfile",         JURL_PARAMTYPE_STRING},
+#if CURL_AT_LEAST_VERSION(7,87,0)
+	{CURLOPT_CA_CACHE_TIMEOUT,      "ca-cache-timeout",      JURL_PARAMTYPE_LONG},
+#endif
+	{CURLOPT_CERTINFO,              "certinfo",              JURL_PARAMTYPE_LONG},
+	{CURLOPT_PINNEDPUBLICKEY,       "pinnedpublickey",       JURL_PARAMTYPE_STRING},
+	{CURLOPT_PROXY_PINNEDPUBLICKEY, "proxy-pinnedpublickey", JURL_PARAMTYPE_STRING},
+	// SKIP: random-file: deprecated
+	// SKIP: edgsocket: deprecated
+	{CURLOPT_SSL_CIPHER_LIST,       "ssl-cipher-list",       JURL_PARAMTYPE_STRING},
+	{CURLOPT_PROXY_SSL_CIPHER_LIST, "proxy-ssl-cipher-list", JURL_PARAMTYPE_STRING},
+	{CURLOPT_TLS13_CIPHERS,         "tls13-ciphers",         JURL_PARAMTYPE_STRING},
+	{CURLOPT_PROXY_TLS13_CIPHERS,   "proxy-tls13-ciphers",   JURL_PARAMTYPE_STRING},
+	{CURLOPT_SSL_SESSIONID_CACHE,   "ssl-sessionid-cache",   JURL_PARAMTYPE_BOOLEAN},
+	{CURLOPT_SSL_OPTIONS,           "ssl-options",           JURL_PARAMTYPE_ENUM},
+	{CURLOPT_PROXY_SSL_OPTIONS,     "proxy-ssl-options",     JURL_PARAMTYPE_ENUM},
+	{CURLOPT_KRBLEVEL,              "krblevel",              JURL_PARAMTYPE_STRING}, // clear|safe|confidential|private
+	{CURLOPT_GSSAPI_DELEGATION,     "gssapi-delegation",     JURL_PARAMTYPE_ENUM},
 
 	// * ssh options
 	{CURLOPT_SSH_AUTH_TYPES,             "ssh-auth-types",             JURL_PARAMTYPE_ENUM},