1 /* $MirOS: src/usr.sbin/httpd/src/modules/ssl/mod_ssl.h,v 1.3 2006/09/20 23:45:09 tg Exp $ */ 2 3 /* _ _ 4 ** _ __ ___ ___ __| | ___ ___| | mod_ssl 5 ** | '_ ` _ \ / _ \ / _` | / __/ __| | Apache Interface to OpenSSL 6 ** | | | | | | (_) | (_| | \__ \__ \ | www.modssl.org 7 ** |_| |_| |_|\___/ \__,_|___|___/___/_| ftp.modssl.org 8 ** |_____| 9 ** mod_ssl.h 10 ** Global header 11 */ 12 13 /* ==================================================================== 14 * Copyright (c) 1998-2003 Ralf S. Engelschall. All rights reserved. 15 * 16 * Redistribution and use in source and binary forms, with or without 17 * modification, are permitted provided that the following conditions 18 * are met: 19 * 20 * 1. Redistributions of source code must retain the above copyright 21 * notice, this list of conditions and the following disclaimer. 22 * 23 * 2. Redistributions in binary form must reproduce the above copyright 24 * notice, this list of conditions and the following 25 * disclaimer in the documentation and/or other materials 26 * provided with the distribution. 27 * 28 * 3. All advertising materials mentioning features or use of this 29 * software must display the following acknowledgment: 30 * "This product includes software developed by 31 * Ralf S. Engelschall <rse@engelschall.com> for use in the 32 * mod_ssl project (http://www.modssl.org/)." 33 * 34 * 4. The names "mod_ssl" must not be used to endorse or promote 35 * products derived from this software without prior written 36 * permission. For written permission, please contact 37 * rse@engelschall.com. 38 * 39 * 5. Products derived from this software may not be called "mod_ssl" 40 * nor may "mod_ssl" appear in their names without prior 41 * written permission of Ralf S. Engelschall. 42 * 43 * 6. Redistributions of any form whatsoever must retain the following 44 * acknowledgment: 45 * "This product includes software developed by 46 * Ralf S. Engelschall <rse@engelschall.com> for use in the 47 * mod_ssl project (http://www.modssl.org/)." 48 * 49 * THIS SOFTWARE IS PROVIDED BY RALF S. ENGELSCHALL ``AS IS'' AND ANY 50 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 51 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 52 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL RALF S. ENGELSCHALL OR 53 * HIS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 54 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 55 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 56 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 57 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 58 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 59 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 60 * OF THE POSSIBILITY OF SUCH DAMAGE. 61 * ==================================================================== 62 */ 63 /* ``The Apache Group: a collection 64 of talented individuals who are 65 trying to perfect the art of 66 never finishing something.'' 67 -- Rob Hartill */ 68 #ifndef MOD_SSL_H 69 #define MOD_SSL_H 1 70 71 /* 72 * Optionally enable the experimental stuff, but allow the user to 73 * override the decision which experimental parts are included by using 74 * CFLAGS="-DSSL_EXPERIMENTAL_xxxx_IGNORE". 75 */ 76 #ifdef SSL_EXPERIMENTAL 77 #ifndef SSL_EXPERIMENTAL_PERDIRCA_IGNORE 78 #define SSL_EXPERIMENTAL_PERDIRCA 79 #endif 80 #ifndef SSL_EXPERIMENTAL_PROXY_IGNORE 81 #define SSL_EXPERIMENTAL_PROXY 82 #endif 83 #ifdef SSL_ENGINE 84 #ifndef SSL_EXPERIMENTAL_ENGINE_IGNORE 85 #define SSL_EXPERIMENTAL_ENGINE 86 #endif 87 #endif 88 #endif /* SSL_EXPERIMENTAL */ 89 90 /* 91 * Power up our brain... 92 */ 93 94 /* OS headers */ 95 #include <stdio.h> 96 #include <stdlib.h> 97 #include <stdarg.h> 98 #include <errno.h> 99 #include <sys/types.h> 100 #include <sys/stat.h> 101 #include <time.h> 102 #include <sys/time.h> 103 104 /* OpenSSL headers */ 105 #include <openssl/ssl.h> 106 #include <openssl/err.h> 107 #include <openssl/x509.h> 108 #include <openssl/x509v3.h> 109 #include <openssl/pem.h> 110 #include <openssl/crypto.h> 111 #include <openssl/evp.h> 112 #include <openssl/rand.h> 113 #ifdef SSL_EXPERIMENTAL_ENGINE 114 #include <openssl/engine.h> 115 #endif 116 117 /* Apache headers */ 118 #define CORE_PRIVATE 119 #include "ap_config.h" 120 #include "httpd.h" 121 #include "http_config.h" 122 #include "http_conf_globals.h" 123 #include "http_protocol.h" 124 #include "http_request.h" 125 #include "http_main.h" 126 #include "http_core.h" 127 #include "http_log.h" 128 #include "scoreboard.h" 129 #include "util_md5.h" 130 #include "fnmatch.h" 131 #undef CORE_PRIVATE 132 133 /* mod_ssl headers */ 134 #include "ssl_expr.h" 135 #include "ssl_util_ssl.h" 136 #include "ssl_util_table.h" 137 138 /* 139 * Provide reasonable default for some defines 140 */ 141 #ifndef FALSE 142 #define FALSE (0) 143 #endif 144 #ifndef TRUE 145 #define TRUE (!FALSE) 146 #endif 147 #ifndef PFALSE 148 #define PFALSE ((void *)FALSE) 149 #endif 150 #ifndef PTRUE 151 #define PTRUE ((void *)TRUE) 152 #endif 153 #ifndef UNSET 154 #define UNSET (-1) 155 #endif 156 #ifndef NUL 157 #define NUL '\0' 158 #endif 159 #ifndef RAND_MAX 160 #include <limits.h> 161 #define RAND_MAX INT_MAX 162 #endif 163 164 /* 165 * Provide reasonable defines for some types 166 */ 167 #ifndef BOOL 168 #define BOOL unsigned int 169 #endif 170 #ifndef UCHAR 171 #define UCHAR unsigned char 172 #endif 173 174 /* 175 * Provide useful shorthands 176 */ 177 #define strEQ(s1,s2) (strcmp(s1,s2) == 0) 178 #define strNE(s1,s2) (strcmp(s1,s2) != 0) 179 #define strEQn(s1,s2,n) (strncmp(s1,s2,n) == 0) 180 #define strNEn(s1,s2,n) (strncmp(s1,s2,n) != 0) 181 182 #define strcEQ(s1,s2) (strcasecmp(s1,s2) == 0) 183 #define strcNE(s1,s2) (strcasecmp(s1,s2) != 0) 184 #define strcEQn(s1,s2,n) (strncasecmp(s1,s2,n) == 0) 185 #define strcNEn(s1,s2,n) (strncasecmp(s1,s2,n) != 0) 186 187 #define strIsEmpty(s) (s == NULL || s[0] == NUL) 188 189 #define cfgMerge(el,unset) new->el = add->el == unset ? base->el : add->el 190 #define cfgMergeArray(el) new->el = ap_append_arrays(p, add->el, base->el) 191 #define cfgMergeTable(el) new->el = ap_overlay_tables(p, add->el, base->el) 192 #define cfgMergeCtx(el) new->el = ap_ctx_overlay(p, add->el, base->el) 193 #define cfgMergeString(el) cfgMerge(el, NULL) 194 #define cfgMergeBool(el) cfgMerge(el, UNSET) 195 #define cfgMergeInt(el) cfgMerge(el, UNSET) 196 197 #define myModConfig() (SSLModConfigRec *)ap_ctx_get(ap_global_ctx, "ssl_module") 198 #define mySrvConfig(srv) (SSLSrvConfigRec *)ap_get_module_config(srv->module_config, &ssl_module) 199 #define myDirConfig(req) (SSLDirConfigRec *)ap_get_module_config(req->per_dir_config, &ssl_module) 200 201 #define myCtxVarSet(mc,num,val) mc->rCtx.pV##num = val 202 #define myCtxVarGet(mc,num,type) (type)(mc->rCtx.pV##num) 203 204 #define AP_ALL_CMD(name, args, desc) \ 205 { "SSL"#name, ssl_cmd_SSL##name, NULL, RSRC_CONF|OR_AUTHCFG, args, desc }, 206 #define AP_SRV_CMD(name, args, desc) \ 207 { "SSL"#name, ssl_cmd_SSL##name, NULL, RSRC_CONF, args, desc }, 208 #define AP_DIR_CMD(name, type, args, desc) \ 209 { "SSL"#name, ssl_cmd_SSL##name, NULL, OR_##type, args, desc }, 210 #define AP_END_CMD \ 211 { NULL } 212 213 /* 214 * SSL Logging 215 */ 216 #define SSL_LOG_NONE (1<<0) 217 #define SSL_LOG_ERROR (1<<1) 218 #define SSL_LOG_WARN (1<<2) 219 #define SSL_LOG_INFO (1<<3) 220 #define SSL_LOG_TRACE (1<<4) 221 #define SSL_LOG_DEBUG (1<<5) 222 #define SSL_LOG_MASK (SSL_LOG_ERROR|SSL_LOG_WARN|SSL_LOG_INFO|SSL_LOG_TRACE|SSL_LOG_DEBUG) 223 224 #define SSL_ADD_NONE (1<<8) 225 #define SSL_ADD_ERRNO (1<<9) 226 #define SSL_ADD_SSLERR (1<<10) 227 #define SSL_NO_TIMESTAMP (1<<11) 228 #define SSL_NO_LEVELID (1<<12) 229 #define SSL_NO_NEWLINE (1<<13) 230 231 /* 232 * Defaults for the configuration 233 */ 234 #ifndef SSL_SESSION_CACHE_TIMEOUT 235 #define SSL_SESSION_CACHE_TIMEOUT 300 236 #endif 237 238 /* 239 * Support for file locking: Try to determine whether we should use fcntl() or 240 * flock(). Would be better ap_config.h could provide this... :-( 241 */ 242 #if defined(USE_FLOCK_SERIALIZED_ACCEPT) 243 #define SSL_USE_FLOCK 1 244 #include <sys/file.h> 245 #endif 246 #if !defined(SSL_USE_FCNTL) && !defined(SSL_USE_FLOCK) 247 #define SSL_USE_FLOCK 1 248 #include <sys/file.h> 249 #ifndef LOCK_UN 250 #undef SSL_USE_FLOCK 251 #define SSL_USE_FCNTL 1 252 #include <fcntl.h> 253 #endif 254 #endif 255 256 /* 257 * Support for Mutex 258 */ 259 #define SSL_MUTEX_LOCK_MODE ( S_IRUSR|S_IWUSR ) 260 #define SSL_CAN_USE_SEM 261 #define SSL_HAVE_IPCSEM 262 #include <sys/types.h> 263 #include <sys/ipc.h> 264 #include <sys/sem.h> 265 /* 266 * Some platforms have a `union semun' pre-defined but Single Unix 267 * Specification (SUSv2) says in semctl(2): `If required, it is of 268 * type union semun, which the application program must explicitly 269 * declare'. So we define it always ourself to avoid problems (but under 270 * a different name to avoid a namespace clash). 271 */ 272 union ssl_ipc_semun { 273 long val; 274 struct semid_ds *buf; 275 unsigned short int *array; 276 }; 277 278 /* 279 * Support for MM library 280 */ 281 #define SSL_MM_FILE_MODE ( S_IRUSR|S_IWUSR ) 282 283 /* 284 * Support for DBM library 285 */ 286 #define SSL_DBM_FILE_MODE ( S_IRUSR|S_IWUSR ) 287 288 #include <ndbm.h> 289 #define ssl_dbm_open dbm_open 290 #define ssl_dbm_close dbm_close 291 #define ssl_dbm_store dbm_store 292 #define ssl_dbm_fetch dbm_fetch 293 #define ssl_dbm_delete dbm_delete 294 #define ssl_dbm_firstkey dbm_firstkey 295 #define ssl_dbm_nextkey dbm_nextkey 296 #if !defined(SSL_DBM_FILE_SUFFIX_DIR) && !defined(SSL_DBM_FILE_SUFFIX_PAG) 297 #if defined(DBM_SUFFIX) 298 #define SSL_DBM_FILE_SUFFIX_DIR DBM_SUFFIX 299 #define SSL_DBM_FILE_SUFFIX_PAG DBM_SUFFIX 300 #elif defined(__FreeBSD__) || (defined(DB_LOCK) && defined(DB_SHMEM)) 301 #define SSL_DBM_FILE_SUFFIX_DIR ".db" 302 #define SSL_DBM_FILE_SUFFIX_PAG ".db" 303 #else 304 #define SSL_DBM_FILE_SUFFIX_DIR ".dir" 305 #define SSL_DBM_FILE_SUFFIX_PAG ".pag" 306 #endif 307 #endif 308 309 /* 310 * Check for OpenSSL version 311 */ 312 #if SSL_LIBRARY_VERSION < 0x00907000 313 #error "mod_ssl requires OpenSSL 0.9.7 or higher" 314 #endif 315 316 /* 317 * The own data structures 318 */ 319 typedef struct { 320 pool *pPool; 321 pool *pSubPool; 322 array_header *aData; 323 } ssl_ds_array; 324 325 typedef struct { 326 pool *pPool; 327 pool *pSubPool; 328 array_header *aKey; 329 array_header *aData; 330 } ssl_ds_table; 331 332 /* 333 * Define the certificate algorithm types 334 */ 335 336 typedef int ssl_algo_t; 337 338 #define SSL_ALGO_UNKNOWN (0) 339 #define SSL_ALGO_RSA (1<<0) 340 #define SSL_ALGO_DSA (1<<1) 341 #define SSL_ALGO_ALL (SSL_ALGO_RSA|SSL_ALGO_DSA) 342 343 #define SSL_AIDX_RSA (0) 344 #define SSL_AIDX_DSA (1) 345 #define SSL_AIDX_MAX (2) 346 347 /* 348 * Define IDs for the temporary RSA keys and DH params 349 */ 350 351 #define SSL_TKP_GEN (0) 352 #define SSL_TKP_ALLOC (1) 353 #define SSL_TKP_FREE (2) 354 355 #define SSL_TKPIDX_RSA512 (0) 356 #define SSL_TKPIDX_RSA1024 (1) 357 #define SSL_TKPIDX_DH512 (2) 358 #define SSL_TKPIDX_DH1024 (3) 359 #define SSL_TKPIDX_MAX (4) 360 361 /* 362 * Define the SSL options 363 */ 364 #define SSL_OPT_NONE (0) 365 #define SSL_OPT_RELSET (1<<0) 366 #define SSL_OPT_STDENVVARS (1<<1) 367 #define SSL_OPT_COMPATENVVARS (1<<2) 368 #define SSL_OPT_EXPORTCERTDATA (1<<3) 369 #define SSL_OPT_FAKEBASICAUTH (1<<4) 370 #define SSL_OPT_STRICTREQUIRE (1<<5) 371 #define SSL_OPT_OPTRENEGOTIATE (1<<6) 372 #define SSL_OPT_ALL (SSL_OPT_STDENVVARS|SSL_OPT_COMPATENVVAR|SSL_OPT_EXPORTCERTDATA|SSL_OPT_FAKEBASICAUTH|SSL_OPT_STRICTREQUIRE|SSL_OPT_OPTRENEGOTIATE) 373 typedef int ssl_opt_t; 374 375 /* 376 * Define the SSL Protocol options 377 */ 378 #define SSL_PROTOCOL_NONE (0) 379 #define SSL_PROTOCOL_SSLV2 (1<<0) 380 #define SSL_PROTOCOL_SSLV3 (1<<1) 381 #define SSL_PROTOCOL_TLSV1 (1<<2) 382 #define SSL_PROTOCOL_ALL (SSL_PROTOCOL_SSLV2|SSL_PROTOCOL_SSLV3|SSL_PROTOCOL_TLSV1) 383 typedef int ssl_proto_t; 384 385 /* 386 * Define the SSL verify levels 387 */ 388 typedef enum { 389 SSL_CVERIFY_UNSET = UNSET, 390 SSL_CVERIFY_NONE = 0, 391 SSL_CVERIFY_OPTIONAL = 1, 392 SSL_CVERIFY_REQUIRE = 2, 393 SSL_CVERIFY_OPTIONAL_NO_CA = 3 394 } ssl_verify_t; 395 396 /* 397 * Define the SSL pass phrase dialog types 398 */ 399 typedef enum { 400 SSL_PPTYPE_UNSET = UNSET, 401 SSL_PPTYPE_BUILTIN = 0, 402 SSL_PPTYPE_FILTER = 1 403 } ssl_pphrase_t; 404 405 /* 406 * Define the Path Checking modes 407 */ 408 #define SSL_PCM_EXISTS 1 409 #define SSL_PCM_ISREG 2 410 #define SSL_PCM_ISDIR 4 411 #define SSL_PCM_ISNONZERO 8 412 typedef unsigned int ssl_pathcheck_t; 413 414 /* 415 * Define the SSL session cache modes and structures 416 */ 417 typedef enum { 418 SSL_SCMODE_UNSET = UNSET, 419 SSL_SCMODE_NONE = 0, 420 SSL_SCMODE_DBM = 1, 421 SSL_SCMODE_SHMHT = 2, 422 SSL_SCMODE_SHMCB = 3 423 } ssl_scmode_t; 424 425 /* 426 * Define the SSL mutex modes 427 */ 428 typedef enum { 429 SSL_MUTEXMODE_UNSET = UNSET, 430 SSL_MUTEXMODE_NONE = 0, 431 SSL_MUTEXMODE_FILE = 1, 432 SSL_MUTEXMODE_SEM = 2 433 } ssl_mutexmode_t; 434 435 /* 436 * Define the SSL requirement structure 437 */ 438 typedef struct { 439 char *cpExpr; 440 ssl_expr *mpExpr; 441 } ssl_require_t; 442 443 /* 444 * Define the SSL random number generator seeding source 445 */ 446 typedef enum { 447 SSL_RSCTX_STARTUP = 1, 448 SSL_RSCTX_CONNECT = 2 449 } ssl_rsctx_t; 450 typedef enum { 451 SSL_RSSRC_BUILTIN = 1, 452 SSL_RSSRC_FILE = 2, 453 SSL_RSSRC_EXEC = 3 454 ,SSL_RSSRC_EGD = 4 455 } ssl_rssrc_t; 456 typedef struct { 457 ssl_rsctx_t nCtx; 458 ssl_rssrc_t nSrc; 459 char *cpPath; 460 int nBytes; 461 } ssl_randseed_t; 462 463 /* 464 * Define the structure of an ASN.1 anything 465 */ 466 typedef struct { 467 long int nData; 468 unsigned char *cpData; 469 } ssl_asn1_t; 470 471 /* 472 * Define the mod_ssl per-module configuration structure 473 * (i.e. the global configuration for each httpd process) 474 */ 475 476 typedef struct { 477 pool *pPool; 478 BOOL bFixed; 479 int nInitCount; 480 int nSessionCacheMode; 481 char *szSessionCacheDataFile; 482 int nSessionCacheDataSize; 483 AP_MM *pSessionCacheDataMM; 484 table_t *tSessionCacheDataTable; 485 ssl_mutexmode_t nMutexMode; 486 char *szMutexFile; 487 int nMutexFD; 488 int nMutexSEMID; 489 array_header *aRandSeed; 490 ssl_ds_table *tTmpKeys; 491 void *pTmpKeys[SSL_TKPIDX_MAX]; 492 ssl_ds_table *tPublicCert; 493 ssl_ds_table *tPrivateKey; 494 #ifdef SSL_EXPERIMENTAL_ENGINE 495 char *szCryptoDevice; 496 #endif 497 struct { 498 void *pV1, *pV2, *pV3, *pV4, *pV5, *pV6, *pV7, *pV8, *pV9, *pV10; 499 } rCtx; 500 #ifdef SSL_VENDOR 501 ap_ctx *ctx; 502 #endif 503 } SSLModConfigRec; 504 505 /* 506 * Define the mod_ssl per-server configuration structure 507 * (i.e. the configuration for the main server 508 * and all <VirtualHost> contexts) 509 */ 510 typedef struct { 511 BOOL bEnabled; 512 char *szPublicCertFile[SSL_AIDX_MAX]; 513 char *szPrivateKeyFile[SSL_AIDX_MAX]; 514 char *szCertificateChain; 515 char *szCACertificatePath; 516 char *szCACertificateFile; 517 char *szLogFile; 518 char *szCipherSuite; 519 FILE *fileLogFile; 520 int nLogLevel; 521 int nVerifyDepth; 522 ssl_verify_t nVerifyClient; 523 X509 *pPublicCert[SSL_AIDX_MAX]; 524 EVP_PKEY *pPrivateKey[SSL_AIDX_MAX]; 525 SSL_CTX *pSSLCtx; 526 int nSessionCacheTimeout; 527 int nPassPhraseDialogType; 528 char *szPassPhraseDialogPath; 529 ssl_proto_t nProtocol; 530 char *szCARevocationPath; 531 char *szCARevocationFile; 532 X509_STORE *pRevocationStore; 533 #ifdef SSL_EXPERIMENTAL_PROXY 534 /* Configuration details for proxy operation */ 535 ssl_proto_t nProxyProtocol; 536 int bProxyVerify; 537 int nProxyVerifyDepth; 538 char *szProxyCACertificatePath; 539 char *szProxyCACertificateFile; 540 char *szProxyClientCertificateFile; 541 char *szProxyClientCertificatePath; 542 char *szProxyCipherSuite; 543 SSL_CTX *pSSLProxyCtx; 544 STACK_OF(X509_INFO) *skProxyClientCerts; 545 #endif 546 #ifdef SSL_VENDOR 547 ap_ctx *ctx; 548 #endif 549 } SSLSrvConfigRec; 550 551 /* 552 * Define the mod_ssl per-directory configuration structure 553 * (i.e. the local configuration for all <Directory> 554 * and .htaccess contexts) 555 */ 556 typedef struct { 557 BOOL bSSLRequired; 558 array_header *aRequirement; 559 ssl_opt_t nOptions; 560 ssl_opt_t nOptionsAdd; 561 ssl_opt_t nOptionsDel; 562 char *szCipherSuite; 563 ssl_verify_t nVerifyClient; 564 int nVerifyDepth; 565 #ifdef SSL_EXPERIMENTAL_PERDIRCA 566 char *szCACertificatePath; 567 char *szCACertificateFile; 568 #endif 569 #ifdef SSL_VENDOR 570 ap_ctx *ctx; 571 #endif 572 } SSLDirConfigRec; 573 574 /* 575 * function prototypes 576 */ 577 578 /* API glue structures */ 579 extern module MODULE_VAR_EXPORT ssl_module; 580 581 /* configuration handling */ 582 void ssl_config_global_create(void); 583 void ssl_config_global_fix(void); 584 BOOL ssl_config_global_isfixed(void); 585 void *ssl_config_server_create(pool *, server_rec *); 586 void *ssl_config_server_merge(pool *, void *, void *); 587 void *ssl_config_perdir_create(pool *, char *); 588 void *ssl_config_perdir_merge(pool *, void *, void *); 589 const char *ssl_cmd_SSLMutex(cmd_parms *, char *, char *); 590 const char *ssl_cmd_SSLPassPhraseDialog(cmd_parms *, char *, char *); 591 const char *ssl_cmd_SSLCryptoDevice(cmd_parms *, char *, char *); 592 const char *ssl_cmd_SSLRandomSeed(cmd_parms *, char *, char *, char *, char *); 593 const char *ssl_cmd_SSLEngine(cmd_parms *, char *, int); 594 const char *ssl_cmd_SSLCipherSuite(cmd_parms *, SSLDirConfigRec *, char *); 595 const char *ssl_cmd_SSLCertificateFile(cmd_parms *, char *, char *); 596 const char *ssl_cmd_SSLCertificateKeyFile(cmd_parms *, char *, char *); 597 const char *ssl_cmd_SSLCertificateChainFile(cmd_parms *, char *, char *); 598 const char *ssl_cmd_SSLCACertificatePath(cmd_parms *, SSLDirConfigRec *, char *); 599 const char *ssl_cmd_SSLCACertificateFile(cmd_parms *, SSLDirConfigRec *, char *); 600 const char *ssl_cmd_SSLCARevocationPath(cmd_parms *, SSLDirConfigRec *, char *); 601 const char *ssl_cmd_SSLCARevocationFile(cmd_parms *, SSLDirConfigRec *, char *); 602 const char *ssl_cmd_SSLVerifyClient(cmd_parms *, SSLDirConfigRec *, char *); 603 const char *ssl_cmd_SSLVerifyDepth(cmd_parms *, SSLDirConfigRec *, char *); 604 const char *ssl_cmd_SSLSessionCache(cmd_parms *, char *, char *); 605 const char *ssl_cmd_SSLSessionCacheTimeout(cmd_parms *, char *, char *); 606 const char *ssl_cmd_SSLLog(cmd_parms *, char *, char *); 607 const char *ssl_cmd_SSLLogLevel(cmd_parms *, char *, char *); 608 const char *ssl_cmd_SSLProtocol(cmd_parms *, char *, const char *); 609 const char *ssl_cmd_SSLOptions(cmd_parms *, SSLDirConfigRec *, const char *); 610 const char *ssl_cmd_SSLRequireSSL(cmd_parms *, SSLDirConfigRec *, char *); 611 const char *ssl_cmd_SSLRequire(cmd_parms *, SSLDirConfigRec *, char *); 612 #ifdef SSL_EXPERIMENTAL_PROXY 613 const char *ssl_cmd_SSLProxyProtocol(cmd_parms *, char *, const char *); 614 const char *ssl_cmd_SSLProxyCipherSuite(cmd_parms *, char *, char *); 615 const char *ssl_cmd_SSLProxyVerify(cmd_parms *, char *, int); 616 const char *ssl_cmd_SSLProxyVerifyDepth(cmd_parms *, char *, char *); 617 const char *ssl_cmd_SSLProxyCACertificatePath(cmd_parms *, char *, char *); 618 const char *ssl_cmd_SSLProxyCACertificateFile(cmd_parms *, char *, char *); 619 const char *ssl_cmd_SSLProxyMachineCertificatePath(cmd_parms *, char *, char *); 620 const char *ssl_cmd_SSLProxyMachineCertificateFile(cmd_parms *, char *, char *); 621 #endif 622 623 /* module initialization */ 624 void ssl_init_Module(server_rec *, pool *); 625 void ssl_init_SSLLibrary(void); 626 void ssl_init_Engine(server_rec *, pool *); 627 void ssl_init_TmpKeysHandle(int, server_rec *, pool *); 628 void ssl_init_ConfigureServer(server_rec *, pool *, SSLSrvConfigRec *); 629 void ssl_init_CheckServers(server_rec *, pool *); 630 STACK_OF(X509_NAME) 631 *ssl_init_FindCAList(server_rec *, pool *, char *, char *); 632 void ssl_init_Child(server_rec *, pool *); 633 void ssl_init_ChildKill(void *); 634 void ssl_init_ModuleKill(void *); 635 636 /* Apache API hooks */ 637 void ssl_hook_AddModule(module *); 638 void ssl_hook_RemoveModule(module *); 639 char *ssl_hook_RewriteCommand(cmd_parms *, void *, const char *); 640 void ssl_hook_NewConnection(conn_rec *); 641 void ssl_hook_TimeoutConnection(int); 642 void ssl_hook_CloseConnection(conn_rec *); 643 int ssl_hook_Translate(request_rec *); 644 int ssl_hook_Auth(request_rec *); 645 int ssl_hook_UserCheck(request_rec *); 646 int ssl_hook_Access(request_rec *); 647 int ssl_hook_Fixup(request_rec *); 648 int ssl_hook_ReadReq(request_rec *); 649 int ssl_hook_Handler(request_rec *); 650 651 /* OpenSSL callbacks */ 652 RSA *ssl_callback_TmpRSA(SSL *, int, int); 653 DH *ssl_callback_TmpDH(SSL *, int, int); 654 int ssl_callback_SSLVerify(int, X509_STORE_CTX *); 655 int ssl_callback_SSLVerify_CRL(int, X509_STORE_CTX *, server_rec *); 656 int ssl_callback_NewSessionCacheEntry(SSL *, SSL_SESSION *); 657 SSL_SESSION *ssl_callback_GetSessionCacheEntry(SSL *, unsigned char *, int, int *); 658 void ssl_callback_DelSessionCacheEntry(SSL_CTX *, SSL_SESSION *); 659 void ssl_callback_LogTracingState(const SSL *, int, int); 660 661 /* Session Cache Support */ 662 void ssl_scache_init(server_rec *, pool *); 663 void ssl_scache_kill(server_rec *); 664 BOOL ssl_scache_store(server_rec *, UCHAR *, int, time_t, SSL_SESSION *); 665 SSL_SESSION *ssl_scache_retrieve(server_rec *, UCHAR *, int); 666 void ssl_scache_remove(server_rec *, UCHAR *, int); 667 void ssl_scache_expire(server_rec *); 668 void ssl_scache_status(server_rec *, pool *, void (*)(char *, void *), void *); 669 char *ssl_scache_id2sz(UCHAR *, int); 670 void ssl_scache_dbm_init(server_rec *, pool *); 671 void ssl_scache_dbm_kill(server_rec *); 672 BOOL ssl_scache_dbm_store(server_rec *, UCHAR *, int, time_t, SSL_SESSION *); 673 SSL_SESSION *ssl_scache_dbm_retrieve(server_rec *, UCHAR *, int); 674 void ssl_scache_dbm_remove(server_rec *, UCHAR *, int); 675 void ssl_scache_dbm_expire(server_rec *); 676 void ssl_scache_dbm_status(server_rec *, pool *, void (*)(char *, void *), void *); 677 void ssl_scache_shmht_init(server_rec *, pool *); 678 void ssl_scache_shmht_kill(server_rec *); 679 BOOL ssl_scache_shmht_store(server_rec *, UCHAR *, int, time_t, SSL_SESSION *); 680 SSL_SESSION *ssl_scache_shmht_retrieve(server_rec *, UCHAR *, int); 681 void ssl_scache_shmht_remove(server_rec *, UCHAR *, int); 682 void ssl_scache_shmht_expire(server_rec *); 683 void ssl_scache_shmht_status(server_rec *, pool *, void (*)(char *, void *), void *); 684 void ssl_scache_shmcb_init(server_rec *, pool *); 685 void ssl_scache_shmcb_kill(server_rec *); 686 BOOL ssl_scache_shmcb_store(server_rec *, UCHAR *, int, time_t, SSL_SESSION *); 687 SSL_SESSION *ssl_scache_shmcb_retrieve(server_rec *, UCHAR *, int); 688 void ssl_scache_shmcb_remove(server_rec *, UCHAR *, int); 689 void ssl_scache_shmcb_expire(server_rec *); 690 void ssl_scache_shmcb_status(server_rec *, pool *, void (*)(char *, void *), void *); 691 692 /* Pass Phrase Support */ 693 void ssl_pphrase_Handle(server_rec *, pool *); 694 int ssl_pphrase_Handle_CB(char *, int, int); 695 696 /* Diffie-Hellman Parameter Support */ 697 DH *ssl_dh_GetTmpParam(int); 698 DH *ssl_dh_GetParamFromFile(char *); 699 700 /* Data Structures */ 701 ssl_ds_array *ssl_ds_array_make(pool *, int); 702 BOOL ssl_ds_array_isempty(ssl_ds_array *); 703 void *ssl_ds_array_push(ssl_ds_array *); 704 void *ssl_ds_array_get(ssl_ds_array *, int); 705 void ssl_ds_array_wipeout(ssl_ds_array *); 706 void ssl_ds_array_kill(ssl_ds_array *); 707 ssl_ds_table *ssl_ds_table_make(pool *, int); 708 BOOL ssl_ds_table_isempty(ssl_ds_table *); 709 void *ssl_ds_table_push(ssl_ds_table *, char *); 710 void *ssl_ds_table_get(ssl_ds_table *, char *); 711 void ssl_ds_table_wipeout(ssl_ds_table *); 712 void ssl_ds_table_kill(ssl_ds_table *); 713 714 /* Mutex Support */ 715 void ssl_mutex_init(server_rec *, pool *); 716 void ssl_mutex_reinit(server_rec *, pool *); 717 void ssl_mutex_on(server_rec *); 718 void ssl_mutex_off(server_rec *); 719 void ssl_mutex_kill(server_rec *s); 720 void ssl_mutex_file_create(server_rec *, pool *); 721 void ssl_mutex_file_open(server_rec *, pool *); 722 void ssl_mutex_file_remove(void *); 723 BOOL ssl_mutex_file_acquire(void); 724 BOOL ssl_mutex_file_release(void); 725 void ssl_mutex_sem_create(server_rec *, pool *); 726 void ssl_mutex_sem_open(server_rec *, pool *); 727 void ssl_mutex_sem_remove(void *); 728 BOOL ssl_mutex_sem_acquire(void); 729 BOOL ssl_mutex_sem_release(void); 730 731 /* Logfile Support */ 732 void ssl_log_open(server_rec *, server_rec *, pool *); 733 BOOL ssl_log_applies(server_rec *, int); 734 void ssl_log(server_rec *, int, const char *, ...); 735 void ssl_die(void); 736 737 /* Variables */ 738 void ssl_var_register(void); 739 void ssl_var_unregister(void); 740 char *ssl_var_lookup(pool *, server_rec *, conn_rec *, request_rec *, char *); 741 742 /* I/O */ 743 void ssl_io_register(void); 744 void ssl_io_unregister(void); 745 long ssl_io_data_cb(BIO *, int, const char *, int, long, long); 746 #ifndef SSL_CONSERVATIVE 747 void ssl_io_suck(request_rec *, SSL *); 748 #endif 749 750 /* PRNG */ 751 int ssl_rand_seed(server_rec *, pool *, ssl_rsctx_t, char *); 752 753 /* Extensions */ 754 void ssl_ext_register(void); 755 void ssl_ext_unregister(void); 756 757 /* Compatibility */ 758 #ifdef SSL_COMPAT 759 char *ssl_compat_directive(server_rec *, pool *, const char *); 760 void ssl_compat_variables(request_rec *); 761 #endif 762 763 /* Utility Functions */ 764 char *ssl_util_server_root_relative(pool *, char *, char *); 765 char *ssl_util_vhostid(pool *, server_rec *); 766 FILE *ssl_util_ppopen(server_rec *, pool *, char *); 767 int ssl_util_ppopen_child(void *, child_info *); 768 void ssl_util_ppclose(server_rec *, pool *, FILE *); 769 char *ssl_util_readfilter(server_rec *, pool *, char *); 770 BOOL ssl_util_path_check(ssl_pathcheck_t, char *); 771 ssl_algo_t ssl_util_algotypeof(X509 *, EVP_PKEY *); 772 char *ssl_util_algotypestr(ssl_algo_t); 773 char *ssl_util_ptxtsub(pool *, const char *, const char *, char *); 774 void ssl_util_thread_setup(void); 775 void ssl_util_thread_cleanup(void); 776 777 /* Vendor extension support */ 778 #if defined(SSL_VENDOR) && defined(SSL_VENDOR_OBJS) 779 void ssl_vendor_register(void); 780 void ssl_vendor_unregister(void); 781 #endif 782 783 #endif /* MOD_SSL_H */ 784