Go to the source code of this file.
|
apr_status_t | tls_cert_load_pem (apr_pool_t *p, const tls_cert_spec_t *cert, tls_cert_pem_t **ppem) |
|
apr_status_t | tls_cert_to_pem (const char **ppem, apr_pool_t *p, const rustls_certificate *cert) |
|
apr_status_t | tls_cert_load_cert_key (apr_pool_t *p, const tls_cert_spec_t *spec, const char **pcert_pem, const rustls_certified_key **pckey) |
|
tls_cert_reg_t * | tls_cert_reg_make (apr_pool_t *p) |
|
apr_size_t | tls_cert_reg_count (tls_cert_reg_t *reg) |
|
apr_status_t | tls_cert_reg_get_certified_key (tls_cert_reg_t *reg, server_rec *s, const tls_cert_spec_t *spec, const rustls_certified_key **pckey) |
|
void | tls_cert_reg_do (tls_cert_reg_visitor *visitor, void *userdata, tls_cert_reg_t *reg) |
|
const char * | tls_cert_reg_get_id (tls_cert_reg_t *reg, const rustls_certified_key *certified_key) |
|
apr_status_t | tls_cert_load_root_store (apr_pool_t *p, const char *store_file, rustls_root_cert_store **pstore) |
|
tls_cert_root_stores_t * | tls_cert_root_stores_make (apr_pool_t *p) |
|
void | tls_cert_root_stores_clear (tls_cert_root_stores_t *stores) |
|
apr_status_t | tls_cert_root_stores_get (tls_cert_root_stores_t *stores, const char *store_file, rustls_root_cert_store **pstore) |
|
tls_cert_verifiers_t * | tls_cert_verifiers_make (apr_pool_t *p, tls_cert_root_stores_t *stores) |
|
void | tls_cert_verifiers_clear (tls_cert_verifiers_t *verifiers) |
|
apr_status_t | tls_cert_client_verifiers_get (tls_cert_verifiers_t *verifiers, const char *store_file, const rustls_client_cert_verifier **pverifier) |
|
apr_status_t | tls_cert_client_verifiers_get_optional (tls_cert_verifiers_t *verifiers, const char *store_file, const rustls_client_cert_verifier_optional **pverifier) |
|
◆ tls_cert_reg_t
A registry of rustls_certified_key* by identifier.
◆ tls_cert_reg_visitor
typedef int tls_cert_reg_visitor(void *userdata, server_rec *s, const char *id, const char *cert_pem, const rustls_certified_key *certified_key) |
Visit all certified keys in the registry. The callback may return 0 to abort the iteration.
- Parameters
-
userdata | supplied by the visit invocation |
s | the server_rec the certified was load into first |
id | internal identifier of the certified key |
cert_pem | the PEM data of the certificate and its chain |
certified_key | the key instance itself |
◆ tls_cert_root_stores_t
◆ tls_cert_verifiers_t
◆ tls_cert_client_verifiers_get()
Get the mandatory client certificate verifier for the root certificate store in store_file
. Will create the verifier if not already known.
- Parameters
-
verifiers | the registry of certificate verifiers |
store_file | the (server relative) path of the PEM file with certificates |
pverifiers | the verifier on success |
◆ tls_cert_client_verifiers_get_optional()
apr_status_t tls_cert_client_verifiers_get_optional |
( |
tls_cert_verifiers_t * |
verifiers, |
|
|
const char * |
store_file, |
|
|
const rustls_client_cert_verifier_optional ** |
pverifier |
|
) |
| |
Get the optional client certificate verifier for the root certificate store in store_file
. Will create the verifier if not already known.
- Parameters
-
verifiers | the registry of certificate verifiers |
store_file | the (server relative) path of the PEM file with certificates |
pverifiers | the verifier on success |
◆ tls_cert_load_cert_key()
Load a rustls certified key from a certificate specification. The returned rustls_certified_key
is owned by the caller.
- Parameters
-
p | the memory pool to use |
spec | the specification for the certificate (file or PEM data) |
cert_pem | return the PEM data used for loading the certificates, optional |
pckey | the loaded certified key on return |
◆ tls_cert_load_pem()
Load the PEM data for a certificate file and key file as given in cert
.
◆ tls_cert_load_root_store()
apr_status_t tls_cert_load_root_store |
( |
apr_pool_t * |
p, |
|
|
const char * |
store_file, |
|
|
rustls_root_cert_store ** |
pstore |
|
) |
| |
Load all root certificates from a PEM file into a rustls_root_cert_store.
- Parameters
-
p | the memory pool to use |
store_file | the (server relative) path of the PEM file |
pstore | the loaded root store on success |
◆ tls_cert_reg_count()
Return the number of certified keys in the registry.
◆ tls_cert_reg_do()
Visit all certified_key entries in the registry.
- Parameters
-
visitor | callback invoked on each entry until it returns 0. |
userdata | passed to callback |
reg | the registry to iterate over |
◆ tls_cert_reg_get_certified_key()
Get a the rustls_certified_key
identified by spec
from the registry. This will load the key the first time it is requested. The returned rustls_certified_key
is owned by the registry.
- Parameters
-
reg | the certified key registry |
s | the server_rec this is loaded into, useful for error logging |
spec | the specification of the certified key |
pckey | the certified key instance on return |
◆ tls_cert_reg_get_id()
const char* tls_cert_reg_get_id |
( |
tls_cert_reg_t * |
reg, |
|
|
const rustls_certified_key * |
certified_key |
|
) |
| |
Get the identity assigned to a loaded, certified key. Returns NULL, if the key is not part of the registry. The returned bytes are owned by the registry entry.
- Parameters
-
reg | the registry to look in. |
certified_key | the key to get the identifier for |
◆ tls_cert_reg_make()
Create a new registry with lifetime based on the memory pool. The registry will take care of its memory and allocated keys when the pool is destroyed.
◆ tls_cert_root_stores_clear()
Clear the root stores registry, freeing all stores.
◆ tls_cert_root_stores_get()
Load all root certificates from a PEM file into a rustls_root_cert_store.
- Parameters
-
p | the memory pool to use |
store_file | the (server relative) path of the PEM file |
pstore | the loaded root store on success |
◆ tls_cert_root_stores_make()
Create a new root stores registry with lifetime based on the memory pool. The registry will take care of its memory and allocated stores when the pool is destroyed.
◆ tls_cert_to_pem()
◆ tls_cert_verifiers_clear()
Clear the verifiers registry, freeing all verifiers.
◆ tls_cert_verifiers_make()
Create a new registry for certificate verifiers with lifetime based on the memory pool. The registry will take care of its memory and allocated verifiers when the pool is destroyed.
- Parameters
-
p | the memory pool to use |
stores | the store registry for lookups |