1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
|
/* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
/**
* @file mod_ssl.h
* @brief SSL extension module for Apache
*
* @defgroup MOD_SSL mod_ssl
* @ingroup APACHE_MODS
* @{
*/
#ifndef __MOD_SSL_H__
#define __MOD_SSL_H__
#include "httpd.h"
#include "http_config.h"
#include "apr_optional.h"
#include "apr_tables.h" /* for apr_array_header_t */
/* Create a set of SSL_DECLARE(type), SSL_DECLARE_NONSTD(type) and
* SSL_DECLARE_DATA with appropriate export and import tags for the platform
*/
#if !defined(WIN32)
#define SSL_DECLARE(type) type
#define SSL_DECLARE_NONSTD(type) type
#define SSL_DECLARE_DATA
#elif defined(SSL_DECLARE_STATIC)
#define SSL_DECLARE(type) type __stdcall
#define SSL_DECLARE_NONSTD(type) type
#define SSL_DECLARE_DATA
#elif defined(SSL_DECLARE_EXPORT)
#define SSL_DECLARE(type) __declspec(dllexport) type __stdcall
#define SSL_DECLARE_NONSTD(type) __declspec(dllexport) type
#define SSL_DECLARE_DATA __declspec(dllexport)
#else
#define SSL_DECLARE(type) __declspec(dllimport) type __stdcall
#define SSL_DECLARE_NONSTD(type) __declspec(dllimport) type
#define SSL_DECLARE_DATA __declspec(dllimport)
#endif
/** The ssl_var_lookup() optional function retrieves SSL environment
* variables. The pool in which to allocate the return value must be
* non-NULL since httpd 2.5.1. c and/or r may be NULL. */
APR_DECLARE_OPTIONAL_FN(const char *, ssl_var_lookup,
(apr_pool_t *p, server_rec *s,
conn_rec *c, request_rec *r,
const char *name))
AP_FN_ATTR_NONNULL((1, 2, 5)) AP_FN_ATTR_WARN_UNUSED_RESULT;
/** The ssl_ext_list() optional function attempts to build an array
* of all the values contained in the named X.509 extension. The
* returned array will be created in the supplied pool.
* The client certificate is used if peer is non-zero; the server
* certificate is used otherwise.
* Extension specifies the extensions to use as a string. This can be
* one of the "known" long or short names, or a numeric OID,
* e.g. "1.2.3.4", 'nsComment' and 'DN' are all valid.
* A pointer to an apr_array_header_t structure is returned if at
* least one matching extension is found, NULL otherwise.
*/
APR_DECLARE_OPTIONAL_FN(apr_array_header_t *, ssl_ext_list,
(apr_pool_t *p, conn_rec *c, int peer,
const char *extension));
/** An optional function which returns non-zero if the given connection
* is using SSL/TLS. */
APR_DECLARE_OPTIONAL_FN(int, ssl_is_https, (conn_rec *));
/** A function that returns the TLS channel binding data as per
* RFC5929. A buffer containing the Channel Binding Token for the
* given type will be allocated from the pool and returned to the
* caller, along with the size. Returns APR_SUCCESS on success; buf
* and size are not adjusted on error. */
APR_DECLARE_OPTIONAL_FN(apr_status_t, ssl_get_tls_cb,
(apr_pool_t *p, conn_rec *c, const char *type,
unsigned char **buf, apr_size_t *size));
/** The ssl_proxy_enable() and ssl_engine_{set,disable}() optional
* functions are used by mod_proxy to enable use of SSL for outgoing
* connections. */
APR_DECLARE_OPTIONAL_FN(int, ssl_proxy_enable, (conn_rec *));
APR_DECLARE_OPTIONAL_FN(int, ssl_engine_disable, (conn_rec *));
APR_DECLARE_OPTIONAL_FN(int, ssl_engine_set, (conn_rec *,
ap_conf_vector_t *,
int proxy, int enable));
/* Check for availability of new hooks */
#define SSL_CERT_HOOKS
#ifdef SSL_CERT_HOOKS
/** Lets others add certificate and key files to the given server.
* For each cert a key must also be added.
* @param cert_file and array of const char* with the path to the certificate chain
* @param key_file and array of const char* with the path to the private key file
*/
APR_DECLARE_EXTERNAL_HOOK(ssl, SSL, int, add_cert_files,
(server_rec *s, apr_pool_t *p,
apr_array_header_t *cert_files,
apr_array_header_t *key_files))
/** In case no certificates are available for a server, this
* lets other modules add a fallback certificate for the time
* being. Regular requests against this server will be answered
* with a 503.
* @param cert_file and array of const char* with the path to the certificate chain
* @param key_file and array of const char* with the path to the private key file
*/
APR_DECLARE_EXTERNAL_HOOK(ssl, SSL, int, add_fallback_cert_files,
(server_rec *s, apr_pool_t *p,
apr_array_header_t *cert_files,
apr_array_header_t *key_files))
#endif /* SSL_CERT_HOOKS */
#endif /* __MOD_SSL_H__ */
/** @} */
|
