Go to the documentation of this file.00001
00002
00003
00004
00005
00006
00007
00008
00009
00010
00011
00012
00013
00014
00015
00016
00017
00018
00019
00020
00021
00022
00023
00024
00025
00026
00027
00028
00029
00030
00031
00032
00033
00034
00035
00036
00037
00038
00039
00040
00041
00042
00043
00044
00045
00046
00047
00048
00049
00050
00051
00052
00053
00054
00055
00056
00057
00058
00059
00060
00061
00062
00063
00064
00065
00066
00067
00068
00069
00070
00071
00072
00073 #include <openssl/ssl.h>
00074
00075 #ifndef BOOL
00076 #define BOOL unsigned int
00077 #endif
00078
00079 typedef enum {
00080 SSL_SHUTDOWN_TYPE_UNSET,
00081 SSL_SHUTDOWN_TYPE_STANDARD,
00082 SSL_SHUTDOWN_TYPE_UNCLEAN,
00083 SSL_SHUTDOWN_TYPE_ACCURATE
00084 } ssl_shutdown_type_e;
00085
00086 typedef enum {
00087 SSL_ENABLED_UNSET = -1,
00088 SSL_ENABLED_FALSE = 0,
00089 SSL_ENABLED_TRUE = 1,
00090 SSL_ENABLED_OPTIONAL = 3
00091 } ssl_enabled_t;
00092
00093 #if AP_MODULE_MAGIC_AT_LEAST(20051115,0)
00094 typedef enum {
00095 SSL_CVERIFY_UNSET = -1,
00096 SSL_CVERIFY_NONE = 0,
00097 SSL_CVERIFY_OPTIONAL = 1,
00098 SSL_CVERIFY_REQUIRE = 2,
00099 SSL_CVERIFY_OPTIONAL_NO_CA = 3
00100 } ssl_verify_t;
00101
00102 #define ssl_verify_error_is_optional(errnum) \
00103 ((errnum == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT) \
00104 || (errnum == X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN) \
00105 || (errnum == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY) \
00106 || (errnum == X509_V_ERR_CERT_UNTRUSTED) \
00107 || (errnum == X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE))
00108
00109 #endif
00110
00111 typedef struct {
00112 SSL *ssl;
00113 const char *client_dn;
00114 X509 *client_cert;
00115 ssl_shutdown_type_e shutdown_type;
00116 const char *verify_info;
00117 const char *verify_error;
00118 int verify_depth;
00119 int is_proxy;
00120 int disabled;
00121 int non_ssl_request;
00122 } SSLConnRec;
00123
00124 #if AP_MODULE_MAGIC_AT_LEAST(20051115,0)
00125 typedef struct {
00126 const char *ca_cert_path;
00127 const char *ca_cert_file;
00128
00129 const char *cipher_suite;
00130
00131 int verify_depth;
00132 ssl_verify_t verify_mode;
00133 } modssl_auth_ctx_t;
00134 #endif
00135
00136 typedef struct {
00137 void *sc;
00138 SSL_CTX *ssl_ctx;
00139 #if AP_MODULE_MAGIC_AT_LEAST(20051115,0)
00140 void *pks;
00141 void *pkp;
00142
00143 int protocol;
00144
00145 int pphrase_dialog_type;
00146 const char *pphrase_dialog_path;
00147
00148 const char *cert_chain;
00149
00150 const char *crl_path;
00151 const char *crl_file;
00152 X509_STORE *crl;
00153
00154 modssl_auth_ctx_t auth;
00155 #endif
00156 } modssl_ctx_t;
00157
00158
00159 typedef struct {
00160 void *mc;
00161 BOOL enabled;
00162 BOOL proxy_enabled;
00163 const char *vhost_id;
00164 int vhost_id_len;
00165 int session_cache_timeout;
00166 #if AP_MODULE_MAGIC_AT_LEAST(20051115,0)
00167 BOOL cipher_server_pref;
00168 #endif
00169 modssl_ctx_t *server;
00170 modssl_ctx_t *proxy;
00171 } SSLSrvConfigRec;
00172
00173
00174 typedef struct {
00175 void *mc;
00176 unsigned int enabled;
00177 unsigned int proxy_enabled;
00178 const char *vhost_id;
00179 int vhost_id_len;
00180 int session_cache_timeout;
00181 #if AP_MODULE_MAGIC_AT_LEAST(20051115,0)
00182 BOOL cipher_server_pref;
00183 #endif
00184
00185 int insecure_reneg;
00186 modssl_ctx_t *server;
00187 modssl_ctx_t *proxy;
00188 } SSLSrvConfigRec2;
00189
00190
00191
00192 #define SSLSrvConfigRec_server(sc) (mod_ssl_with_insecure_reneg ? (((SSLSrvConfigRec2 *) sc)->server) : (((SSLSrvConfigRec *) sc)->server))
00193 #define SSLSrvConfigRec_proxy(sc) (mod_ssl_with_insecure_reneg ? (((SSLSrvConfigRec2 *) sc)->proxy) : (((SSLSrvConfigRec *) sc)->proxy))
00194
00195 #if AP_MODULE_MAGIC_AT_LEAST(20051115,0)
00196 typedef struct {
00197 BOOL bSSLRequired;
00198 apr_array_header_t *aRequirement;
00199 int nOptions;
00200 int nOptionsAdd;
00201 int nOptionsDel;
00202 const char *szCipherSuite;
00203 ssl_verify_t nVerifyClient;
00204 int nVerifyDepth;
00205 const char *szCACertificatePath;
00206 const char *szCACertificateFile;
00207 const char *szUserName;
00208 } SSLDirConfigRec;
00209 #endif
00210
00211 extern module AP_MODULE_DECLARE_DATA ssl_module;