Apache2
 All Data Structures Namespaces Files Functions Variables Typedefs Enumerations Enumerator Macros Groups Pages
Private
Collaboration diagram for Private:

Data Structures

struct  ssl_require_t
 
struct  ssl_randseed_t
 
struct  ssl_asn1_t
 
struct  SSLConnRec
 
struct  SSLModConfigRec
 
struct  modssl_pk_server_t
 
struct  modssl_pk_proxy_t
 
struct  modssl_auth_ctx_t
 
struct  modssl_ctx_t
 
struct  SSLSrvConfigRec
 
struct  SSLDirConfigRec
 

Macros

#define APR_WANT_STRFUNC
 
#define APR_WANT_MEMFUNC
 
#define FALSE   0
 
#define TRUE   !FALSE
 
#define BOOL   unsigned int
 
#define MODSSL_SSL_CIPHER_CONST
 
#define MODSSL_SSL_METHOD_CONST
 
#define MODSSL_USE_OPENSSL_PRE_1_1_API   (OPENSSL_VERSION_NUMBER < 0x10100000L)
 
#define IDCONST
 
#define BN_get_rfc2409_prime_768   get_rfc2409_prime_768
 
#define BN_get_rfc2409_prime_1024   get_rfc2409_prime_1024
 
#define BN_get_rfc3526_prime_1536   get_rfc3526_prime_1536
 
#define BN_get_rfc3526_prime_2048   get_rfc3526_prime_2048
 
#define BN_get_rfc3526_prime_3072   get_rfc3526_prime_3072
 
#define BN_get_rfc3526_prime_4096   get_rfc3526_prime_4096
 
#define BN_get_rfc3526_prime_6144   get_rfc3526_prime_6144
 
#define BN_get_rfc3526_prime_8192   get_rfc3526_prime_8192
 
#define BIO_set_init(x, v)   (x->init=v)
 
#define BIO_get_data(x)   (x->ptr)
 
#define BIO_set_data(x, v)   (x->ptr=v)
 
#define BIO_get_shutdown(x)   (x->shutdown)
 
#define BIO_set_shutdown(x, v)   (x->shutdown=v)
 
#define DH_bits(x)   (BN_num_bits(x->p))
 
#define X509_STORE_CTX_get0_store(x)   (x->ctx)
 
#define X509_STORE_CTX_get0_current_issuer(x)   (x->current_issuer)
 
#define UNSET   (-1)
 
#define NUL   '\0'
 
#define RAND_MAX   INT_MAX
 
#define UCHAR   unsigned char
 
#define strEQ(s1, s2)   (strcmp(s1,s2) == 0)
 
#define strNE(s1, s2)   (strcmp(s1,s2) != 0)
 
#define strEQn(s1, s2, n)   (strncmp(s1,s2,n) == 0)
 
#define strNEn(s1, s2, n)   (strncmp(s1,s2,n) != 0)
 
#define strcEQ(s1, s2)   (strcasecmp(s1,s2) == 0)
 
#define strcNE(s1, s2)   (strcasecmp(s1,s2) != 0)
 
#define strcEQn(s1, s2, n)   (strncasecmp(s1,s2,n) == 0)
 
#define strcNEn(s1, s2, n)   (strncasecmp(s1,s2,n) != 0)
 
#define strIsEmpty(s)   (s == NULL || s[0] == NUL)
 
#define myConnConfig(c)   ((SSLConnRec *)ap_get_module_config(c->conn_config, &ssl_module))
 
#define myConnConfigSet(c, val)   ap_set_module_config(c->conn_config, &ssl_module, val)
 
#define mySrvConfig(srv)   ((SSLSrvConfigRec *)ap_get_module_config(srv->module_config, &ssl_module))
 
#define myDirConfig(req)   ((SSLDirConfigRec *)ap_get_module_config(req->per_dir_config, &ssl_module))
 
#define myCtxConfig(sslconn, sc)   (sslconn->is_proxy ? sslconn->dc->proxy : sc->server)
 
#define myModConfig(srv)   mySrvConfig((srv))->mc
 
#define mySrvFromConn(c)   myConnConfig(c)->server
 
#define myDirConfigFromConn(c)   myConnConfig(c)->dc
 
#define mySrvConfigFromConn(c)   mySrvConfig(mySrvFromConn(c))
 
#define myModConfigFromConn(c)   myModConfig(mySrvFromConn(c))
 
#define SSL_SESSION_CACHE_TIMEOUT   300
 
#define DEFAULT_RENEG_BUFFER_SIZE   (128 * 1024)
 
#define DEFAULT_OCSP_MAX_SKEW   (60 * 5)
 
#define DEFAULT_OCSP_TIMEOUT   10
 
#define SSL_OPT_NONE   (0)
 
#define SSL_OPT_RELSET   (1<<0)
 
#define SSL_OPT_STDENVVARS   (1<<1)
 
#define SSL_OPT_EXPORTCERTDATA   (1<<3)
 
#define SSL_OPT_FAKEBASICAUTH   (1<<4)
 
#define SSL_OPT_STRICTREQUIRE   (1<<5)
 
#define SSL_OPT_OPTRENEGOTIATE   (1<<6)
 
#define SSL_OPT_LEGACYDNFORMAT   (1<<7)
 
#define SSL_PROTOCOL_NONE   (0)
 
#define SSL_PROTOCOL_SSLV3   (1<<1)
 
#define SSL_PROTOCOL_TLSV1   (1<<2)
 
#define SSL_PROTOCOL_BASIC   (SSL_PROTOCOL_SSLV3|SSL_PROTOCOL_TLSV1)
 
#define SSL_PROTOCOL_ALL   (SSL_PROTOCOL_BASIC)
 
#define SSL_PROTOCOL_DEFAULT   (SSL_PROTOCOL_ALL & ~SSL_PROTOCOL_SSLV3)
 
#define SSL_VERIFY_PEER_STRICT   (SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT)
 
#define ssl_verify_error_is_optional(errnum)
 
#define SSL_PCM_EXISTS   1
 
#define SSL_PCM_ISREG   2
 
#define SSL_PCM_ISDIR   4
 
#define SSL_PCM_ISNONZERO   8
 
#define SSL_CACHE_MUTEX_TYPE   "ssl-cache"
 
#define SSL_STAPLING_CACHE_MUTEX_TYPE   "ssl-stapling"
 
#define SSL_STAPLING_REFRESH_MUTEX_TYPE   "ssl-stapling-refresh"
 
#define SSLLOG_MARK   __FILE__,__LINE__
 

Typedefs

typedef int ssl_opt_t
 
typedef int ssl_proto_t
 
typedef unsigned int ssl_pathcheck_t
 
typedef struct SSLSrvConfigRec SSLSrvConfigRec
 
typedef struct SSLDirConfigRec SSLDirConfigRec
 

Enumerations

enum  ssl_verify_t {
  SSL_CVERIFY_UNSET = UNSET, SSL_CVERIFY_NONE = 0, SSL_CVERIFY_OPTIONAL = 1, SSL_CVERIFY_REQUIRE = 2,
  SSL_CVERIFY_OPTIONAL_NO_CA = 3
}
 
enum  ssl_crlcheck_t { SSL_CRLCHECK_NONE = (0), SSL_CRLCHECK_LEAF = (1 << 0), SSL_CRLCHECK_CHAIN = (1 << 1), SSL_CRLCHECK_NO_CRL_FOR_CERT_OK = (1 << 2) }
 
enum  ssl_ocspcheck_t { SSL_OCSPCHECK_NONE = (0), SSL_OCSPCHECK_LEAF = (1 << 0), SSL_OCSPCHECK_CHAIN = (1 << 1), SSL_OCSPCHECK_NO_OCSP_FOR_CERT_OK = (1 << 2) }
 
enum  ssl_pphrase_t { SSL_PPTYPE_UNSET = UNSET, SSL_PPTYPE_BUILTIN = 0, SSL_PPTYPE_FILTER = 1, SSL_PPTYPE_PIPE = 2 }
 
enum  ssl_enabled_t { SSL_ENABLED_UNSET = UNSET, SSL_ENABLED_FALSE = 0, SSL_ENABLED_TRUE = 1, SSL_ENABLED_OPTIONAL = 3 }
 
enum  ssl_rsctx_t { SSL_RSCTX_STARTUP = 1, SSL_RSCTX_CONNECT = 2 }
 
enum  ssl_rssrc_t { SSL_RSSRC_BUILTIN = 1, SSL_RSSRC_FILE = 2, SSL_RSSRC_EXEC = 3, SSL_RSSRC_EGD = 4 }
 
enum  ssl_shutdown_type_e { SSL_SHUTDOWN_TYPE_UNSET, SSL_SHUTDOWN_TYPE_STANDARD, SSL_SHUTDOWN_TYPE_UNCLEAN, SSL_SHUTDOWN_TYPE_ACCURATE }
 

Functions

 APLOG_USE_MODULE (ssl)
 
SSLSrvConfigRecssl_policy_lookup (apr_pool_t *pool, const char *name)
 
SSLModConfigRecssl_config_global_create (server_rec *)
 
void ssl_config_global_fix (SSLModConfigRec *)
 
BOOL ssl_config_global_isfixed (SSLModConfigRec *)
 
voidssl_config_server_create (apr_pool_t *, server_rec *)
 
voidssl_config_server_merge (apr_pool_t *, void *, void *)
 
voidssl_config_perdir_create (apr_pool_t *, char *)
 
voidssl_config_perdir_merge (apr_pool_t *, void *, void *)
 
void ssl_config_proxy_merge (apr_pool_t *, SSLDirConfigRec *, SSLDirConfigRec *)
 
const char * ssl_cmd_SSLPolicyApply (cmd_parms *, void *, const char *)
 
const char * ssl_cmd_SSLPassPhraseDialog (cmd_parms *, void *, const char *)
 
const char * ssl_cmd_SSLCryptoDevice (cmd_parms *, void *, const char *)
 
const char * ssl_cmd_SSLRandomSeed (cmd_parms *, void *, const char *, const char *, const char *)
 
const char * ssl_cmd_SSLEngine (cmd_parms *, void *, const char *)
 
const char * ssl_cmd_SSLCipherSuite (cmd_parms *, void *, const char *, const char *)
 
const char * ssl_cmd_SSLCertificateFile (cmd_parms *, void *, const char *)
 
const char * ssl_cmd_SSLCertificateKeyFile (cmd_parms *, void *, const char *)
 
const char * ssl_cmd_SSLCertificateChainFile (cmd_parms *, void *, const char *)
 
const char * ssl_cmd_SSLCACertificatePath (cmd_parms *, void *, const char *)
 
const char * ssl_cmd_SSLCACertificateFile (cmd_parms *, void *, const char *)
 
const char * ssl_cmd_SSLCADNRequestPath (cmd_parms *, void *, const char *)
 
const char * ssl_cmd_SSLCADNRequestFile (cmd_parms *, void *, const char *)
 
const char * ssl_cmd_SSLCARevocationPath (cmd_parms *, void *, const char *)
 
const char * ssl_cmd_SSLCARevocationFile (cmd_parms *, void *, const char *)
 
const char * ssl_cmd_SSLCARevocationCheck (cmd_parms *, void *, const char *)
 
const char * ssl_cmd_SSLHonorCipherOrder (cmd_parms *cmd, void *dcfg, int flag)
 
const char * ssl_cmd_SSLCompression (cmd_parms *, void *, int flag)
 
const char * ssl_cmd_SSLSessionTickets (cmd_parms *, void *, int flag)
 
const char * ssl_cmd_SSLVerifyClient (cmd_parms *, void *, const char *)
 
const char * ssl_cmd_SSLVerifyDepth (cmd_parms *, void *, const char *)
 
const char * ssl_cmd_SSLSessionCache (cmd_parms *, void *, const char *)
 
const char * ssl_cmd_SSLSessionCacheTimeout (cmd_parms *, void *, const char *)
 
const char * ssl_cmd_SSLProtocol (cmd_parms *, void *, const char *)
 
const char * ssl_cmd_SSLOptions (cmd_parms *, void *, const char *)
 
const char * ssl_cmd_SSLRequireSSL (cmd_parms *, void *)
 
const char * ssl_cmd_SSLRequire (cmd_parms *, void *, const char *)
 
const char * ssl_cmd_SSLUserName (cmd_parms *, void *, const char *)
 
const char * ssl_cmd_SSLRenegBufferSize (cmd_parms *cmd, void *dcfg, const char *arg)
 
const char * ssl_cmd_SSLStrictSNIVHostCheck (cmd_parms *cmd, void *dcfg, int flag)
 
const char * ssl_cmd_SSLInsecureRenegotiation (cmd_parms *cmd, void *dcfg, int flag)
 
const char * ssl_cmd_SSLProxyEngine (cmd_parms *cmd, void *dcfg, int flag)
 
const char * ssl_cmd_SSLProxyProtocol (cmd_parms *, void *, const char *)
 
const char * ssl_cmd_SSLProxyCipherSuite (cmd_parms *, void *, const char *, const char *)
 
const char * ssl_cmd_SSLProxyVerify (cmd_parms *, void *, const char *)
 
const char * ssl_cmd_SSLProxyVerifyDepth (cmd_parms *, void *, const char *)
 
const char * ssl_cmd_SSLProxyCACertificatePath (cmd_parms *, void *, const char *)
 
const char * ssl_cmd_SSLProxyCACertificateFile (cmd_parms *, void *, const char *)
 
const char * ssl_cmd_SSLProxyCARevocationPath (cmd_parms *, void *, const char *)
 
const char * ssl_cmd_SSLProxyCARevocationFile (cmd_parms *, void *, const char *)
 
const char * ssl_cmd_SSLProxyCARevocationCheck (cmd_parms *, void *, const char *)
 
const char * ssl_cmd_SSLProxyMachineCertificatePath (cmd_parms *, void *, const char *)
 
const char * ssl_cmd_SSLProxyMachineCertificateFile (cmd_parms *, void *, const char *)
 
const char * ssl_cmd_SSLProxyMachineCertificateChainFile (cmd_parms *, void *, const char *)
 
const char * ssl_cmd_SSLProxyCheckPeerExpire (cmd_parms *cmd, void *dcfg, int flag)
 
const char * ssl_cmd_SSLProxyCheckPeerCN (cmd_parms *cmd, void *dcfg, int flag)
 
const char * ssl_cmd_SSLProxyCheckPeerName (cmd_parms *cmd, void *dcfg, int flag)
 
const char * ssl_cmd_SSLOCSPOverrideResponder (cmd_parms *cmd, void *dcfg, int flag)
 
const char * ssl_cmd_SSLOCSPDefaultResponder (cmd_parms *cmd, void *dcfg, const char *arg)
 
const char * ssl_cmd_SSLOCSPResponseTimeSkew (cmd_parms *cmd, void *dcfg, const char *arg)
 
const char * ssl_cmd_SSLOCSPResponseMaxAge (cmd_parms *cmd, void *dcfg, const char *arg)
 
const char * ssl_cmd_SSLOCSPResponderTimeout (cmd_parms *cmd, void *dcfg, const char *arg)
 
const char * ssl_cmd_SSLOCSPUseRequestNonce (cmd_parms *cmd, void *dcfg, int flag)
 
const char * ssl_cmd_SSLOCSPEnable (cmd_parms *cmd, void *dcfg, const char *arg)
 
const char * ssl_cmd_SSLOCSPProxyURL (cmd_parms *cmd, void *dcfg, const char *arg)
 
const char * ssl_cmd_SSLOCSPNoVerify (cmd_parms *cmd, void *dcfg, int flag)
 
const char * ssl_cmd_SSLOCSPResponderCertificateFile (cmd_parms *cmd, void *dcfg, const char *arg)
 
const char * ssl_cmd_SSLFIPS (cmd_parms *cmd, void *dcfg, int flag)
 
apr_status_t ssl_init_Module (apr_pool_t *, apr_pool_t *, apr_pool_t *, server_rec *)
 
apr_status_t ssl_init_Engine (server_rec *, apr_pool_t *)
 
apr_status_t ssl_init_ConfigureServer (server_rec *, apr_pool_t *, apr_pool_t *, SSLSrvConfigRec *, apr_array_header_t *)
 
apr_status_t ssl_init_CheckServers (server_rec *, apr_pool_t *)
 
int ssl_proxy_section_post_config (apr_pool_t *p, apr_pool_t *plog, apr_pool_t *ptemp, server_rec *s, ap_conf_vector_t *section_config)
 
ssl_init_FindCAList (server_rec *, apr_pool_t *, const char *, const char *)
 
void ssl_init_Child (apr_pool_t *, server_rec *)
 
apr_status_t ssl_init_ModuleKill (void *data)
 
int ssl_hook_Auth (request_rec *)
 
int ssl_hook_UserCheck (request_rec *)
 
int ssl_hook_Access (request_rec *)
 
int ssl_hook_Fixup (request_rec *)
 
int ssl_hook_ReadReq (request_rec *)
 
int ssl_hook_Upgrade (request_rec *)
 
void ssl_hook_ConfigTest (apr_pool_t *pconf, server_rec *s)
 
DH * ssl_callback_TmpDH (SSL *, int, int)
 
int ssl_callback_SSLVerify (int, X509_STORE_CTX *)
 
int ssl_callback_SSLVerify_CRL (int, X509_STORE_CTX *, conn_rec *)
 
int ssl_callback_proxy_cert (SSL *ssl, X509 **x509, EVP_PKEY **pkey)
 
int ssl_callback_NewSessionCacheEntry (SSL *, SSL_SESSION *)
 
SSL_SESSION * ssl_callback_GetSessionCacheEntry (SSL *, IDCONST unsigned char *, int, int *)
 
void ssl_callback_DelSessionCacheEntry (SSL_CTX *, SSL_SESSION *)
 
void ssl_callback_Info (const SSL *, int, int)
 
apr_status_t ssl_scache_init (server_rec *, apr_pool_t *)
 
void ssl_scache_status_register (apr_pool_t *p)
 
void ssl_scache_kill (server_rec *)
 
BOOL ssl_scache_store (server_rec *, IDCONST UCHAR *, int, apr_time_t, SSL_SESSION *, apr_pool_t *)
 
SSL_SESSION * ssl_scache_retrieve (server_rec *, IDCONST UCHAR *, int, apr_pool_t *)
 
void ssl_scache_remove (server_rec *, IDCONST UCHAR *, int, apr_pool_t *)
 
void ssl_io_filter_init (conn_rec *, request_rec *r, SSL *)
 
void ssl_io_filter_register (apr_pool_t *)
 
long ssl_io_data_cb (BIO *, int, const char *, int, long, long)
 
int ssl_io_buffer_fill (request_rec *r, apr_size_t maxlen)
 
int ssl_rand_seed (server_rec *, apr_pool_t *, ssl_rsctx_t, char *)
 
char * ssl_util_vhostid (apr_pool_t *, server_rec *)
 
apr_file_tssl_util_ppopen (server_rec *, apr_pool_t *, const char *, const char *const *)
 
void ssl_util_ppclose (server_rec *, apr_pool_t *, apr_file_t *)
 
char * ssl_util_readfilter (server_rec *, apr_pool_t *, const char *, const char *const *)
 
BOOL ssl_util_path_check (ssl_pathcheck_t, const char *, apr_pool_t *)
 
void ssl_util_thread_setup (apr_pool_t *)
 
void ssl_util_thread_id_setup (apr_pool_t *)
 
int ssl_init_ssl_connection (conn_rec *c, request_rec *r)
 
BOOL ssl_util_vhost_matches (const char *servername, server_rec *s)
 
apr_status_t ssl_load_encrypted_pkey (server_rec *, apr_pool_t *, int, const char *, apr_array_header_t **)
 
apr_status_t modssl_load_engine_keypair (server_rec *s, apr_pool_t *p, const char *vhostid, const char *certid, const char *keyid, X509 **pubkey, EVP_PKEY **privkey)
 
DH * ssl_dh_GetParamFromFile (const char *)
 
ssl_asn1_tssl_asn1_table_set (apr_hash_t *table, const char *key, EVP_PKEY *pkey)
 
ssl_asn1_tssl_asn1_table_get (apr_hash_t *table, const char *key)
 
void ssl_asn1_table_unset (apr_hash_t *table, const char *key)
 
int ssl_mutex_init (server_rec *, apr_pool_t *)
 
int ssl_mutex_reinit (server_rec *, apr_pool_t *)
 
int ssl_mutex_on (server_rec *)
 
int ssl_mutex_off (server_rec *)
 
int ssl_stapling_mutex_reinit (server_rec *, apr_pool_t *)
 
apr_status_t ssl_die (server_rec *)
 
void ssl_log_ssl_error (const char *, int, int, server_rec *)
 
void ssl_log_xerror (const char *file, int line, int level, apr_status_t rv, apr_pool_t *p, server_rec *s, X509 *cert, const char *format,...) __attribute__((format(printf
 
void void ssl_log_cxerror (const char *file, int line, int level, apr_status_t rv, conn_rec *c, X509 *cert, const char *format,...) __attribute__((format(printf
 
void void void ssl_log_rxerror (const char *file, int line, int level, apr_status_t rv, request_rec *r, X509 *cert, const char *format,...) __attribute__((format(printf
 
void ssl_var_register (apr_pool_t *p)
 
char * ssl_var_lookup (apr_pool_t *, server_rec *, conn_rec *, request_rec *, char *)
 
apr_array_header_tssl_ext_list (apr_pool_t *p, conn_rec *c, int peer, const char *extension)
 
void ssl_var_log_config_register (apr_pool_t *p)
 
void modssl_var_extract_dns (apr_table_t *t, SSL *ssl, apr_pool_t *p)
 
void modssl_var_extract_san_entries (apr_table_t *t, SSL *ssl, apr_pool_t *p)
 
int modssl_verify_ocsp (X509_STORE_CTX *ctx, SSLSrvConfigRec *sc, server_rec *s, conn_rec *c, apr_pool_t *pool)
 
OCSP_RESPONSE * modssl_dispatch_ocsp_request (const apr_uri_t *uri, apr_interval_time_t timeout, OCSP_REQUEST *request, conn_rec *c, apr_pool_t *p)
 
void ssl_init_ocsp_certificates (server_rec *s, modssl_ctx_t *mctx)
 
DH * modssl_get_dh_params (unsigned keylen)
 
int modssl_request_is_tls (const request_rec *r, SSLConnRec **sslconn)
 
int modssl_is_engine_id (const char *name)
 
int ssl_is_challenge (conn_rec *c, const char *servername, X509 **pcert, EVP_PKEY **pkey)
 

Variables

module AP_MODULE_DECLARE_DATA ssl_module
 
const authz_provider ssl_authz_provider_require_ssl
 
const authz_provider ssl_authz_provider_verify_client
 

Detailed Description

Macro Definition Documentation

#define APR_WANT_MEMFUNC
#define APR_WANT_STRFUNC

Apache headers

#define BIO_get_data (   x)    (x->ptr)
#define BIO_get_shutdown (   x)    (x->shutdown)
#define BIO_set_data (   x,
 
)    (x->ptr=v)
#define BIO_set_init (   x,
 
)    (x->init=v)
#define BIO_set_shutdown (   x,
 
)    (x->shutdown=v)
#define BN_get_rfc2409_prime_1024   get_rfc2409_prime_1024
#define BN_get_rfc2409_prime_768   get_rfc2409_prime_768

The following features all depend on TLS extension support. Within this block, check again for features (not version numbers).

#define BN_get_rfc3526_prime_1536   get_rfc3526_prime_1536
#define BN_get_rfc3526_prime_2048   get_rfc3526_prime_2048
#define BN_get_rfc3526_prime_3072   get_rfc3526_prime_3072
#define BN_get_rfc3526_prime_4096   get_rfc3526_prime_4096
#define BN_get_rfc3526_prime_6144   get_rfc3526_prime_6144
#define BN_get_rfc3526_prime_8192   get_rfc3526_prime_8192
#define BOOL   unsigned int
#define DEFAULT_OCSP_MAX_SKEW   (60 * 5)
#define DEFAULT_OCSP_TIMEOUT   10
#define DEFAULT_RENEG_BUFFER_SIZE   (128 * 1024)
#define DH_bits (   x)    (BN_num_bits(x->p))
#define FALSE   0
#define IDCONST
#define MODSSL_SSL_CIPHER_CONST

...shifting sands of OpenSSL... Note: when adding support for new OpenSSL features, avoid explicit version number checks whenever possible, and use "feature-based" detection instead (check for definitions of constants or functions)

#define MODSSL_SSL_METHOD_CONST
#define MODSSL_USE_OPENSSL_PRE_1_1_API   (OPENSSL_VERSION_NUMBER < 0x10100000L)
#define myConnConfig (   c)    ((SSLConnRec *)ap_get_module_config(c->conn_config, &ssl_module))
#define myConnConfigSet (   c,
  val 
)    ap_set_module_config(c->conn_config, &ssl_module, val)
#define myCtxConfig (   sslconn,
  sc 
)    (sslconn->is_proxy ? sslconn->dc->proxy : sc->server)
#define myDirConfig (   req)    ((SSLDirConfigRec *)ap_get_module_config(req->per_dir_config, &ssl_module))
#define myDirConfigFromConn (   c)    myConnConfig(c)->dc
#define myModConfig (   srv)    mySrvConfig((srv))->mc
#define myModConfigFromConn (   c)    myModConfig(mySrvFromConn(c))
#define mySrvConfig (   srv)    ((SSLSrvConfigRec *)ap_get_module_config(srv->module_config, &ssl_module))
#define mySrvConfigFromConn (   c)    mySrvConfig(mySrvFromConn(c))
#define mySrvFromConn (   c)    myConnConfig(c)->server
#define NUL   '\0'
#define RAND_MAX   INT_MAX
#define SSL_CACHE_MUTEX_TYPE   "ssl-cache"
#define SSL_OPT_EXPORTCERTDATA   (1<<3)
#define SSL_OPT_FAKEBASICAUTH   (1<<4)
#define SSL_OPT_LEGACYDNFORMAT   (1<<7)
#define SSL_OPT_NONE   (0)

Define the SSL options

#define SSL_OPT_OPTRENEGOTIATE   (1<<6)
#define SSL_OPT_RELSET   (1<<0)
#define SSL_OPT_STDENVVARS   (1<<1)
#define SSL_OPT_STRICTREQUIRE   (1<<5)
#define SSL_PCM_EXISTS   1

Define the Path Checking modes

#define SSL_PCM_ISDIR   4
#define SSL_PCM_ISNONZERO   8
#define SSL_PCM_ISREG   2
#define SSL_PROTOCOL_ALL   (SSL_PROTOCOL_BASIC)
#define SSL_PROTOCOL_BASIC   (SSL_PROTOCOL_SSLV3|SSL_PROTOCOL_TLSV1)
#define SSL_PROTOCOL_DEFAULT   (SSL_PROTOCOL_ALL & ~SSL_PROTOCOL_SSLV3)
#define SSL_PROTOCOL_NONE   (0)

Define the SSL Protocol options

#define SSL_PROTOCOL_SSLV3   (1<<1)
#define SSL_PROTOCOL_TLSV1   (1<<2)
#define SSL_SESSION_CACHE_TIMEOUT   300

Defaults for the configuration

#define SSL_STAPLING_CACHE_MUTEX_TYPE   "ssl-stapling"
#define SSL_STAPLING_REFRESH_MUTEX_TYPE   "ssl-stapling-refresh"
#define ssl_verify_error_is_optional (   errnum)
Value:
((errnum == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT) \
|| (errnum == X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN) \
|| (errnum == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY) \
|| (errnum == X509_V_ERR_CERT_UNTRUSTED) \
|| (errnum == X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE))
#define SSL_VERIFY_PEER_STRICT   (SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT)
#define SSLLOG_MARK   __FILE__,__LINE__
#define strcEQ (   s1,
  s2 
)    (strcasecmp(s1,s2) == 0)
#define strcEQn (   s1,
  s2,
 
)    (strncasecmp(s1,s2,n) == 0)
#define strcNE (   s1,
  s2 
)    (strcasecmp(s1,s2) != 0)
#define strcNEn (   s1,
  s2,
 
)    (strncasecmp(s1,s2,n) != 0)
#define strEQ (   s1,
  s2 
)    (strcmp(s1,s2) == 0)

Provide useful shorthands

#define strEQn (   s1,
  s2,
 
)    (strncmp(s1,s2,n) == 0)
#define strIsEmpty (   s)    (s == NULL || s[0] == NUL)
#define strNE (   s1,
  s2 
)    (strcmp(s1,s2) != 0)
#define strNEn (   s1,
  s2,
 
)    (strncmp(s1,s2,n) != 0)
#define TRUE   !FALSE
#define UCHAR   unsigned char

Provide reasonable defines for some types

#define UNSET   (-1)
#define X509_STORE_CTX_get0_current_issuer (   x)    (x->current_issuer)
#define X509_STORE_CTX_get0_store (   x)    (x->ctx)

Typedef Documentation

typedef int ssl_opt_t
typedef unsigned int ssl_pathcheck_t
typedef int ssl_proto_t

Define the mod_ssl per-module configuration structure (i.e. the global configuration for each httpd process)

Enumeration Type Documentation

CRL checking mask (mode | flags)

Enumerator
SSL_CRLCHECK_NONE 
SSL_CRLCHECK_LEAF 
SSL_CRLCHECK_CHAIN 
SSL_CRLCHECK_NO_CRL_FOR_CERT_OK 

Define the SSL enabled state

Enumerator
SSL_ENABLED_UNSET 
SSL_ENABLED_FALSE 
SSL_ENABLED_TRUE 
SSL_ENABLED_OPTIONAL 

OCSP checking mask (mode | flags)

Enumerator
SSL_OCSPCHECK_NONE 
SSL_OCSPCHECK_LEAF 
SSL_OCSPCHECK_CHAIN 
SSL_OCSPCHECK_NO_OCSP_FOR_CERT_OK 

Define the SSL pass phrase dialog types

Enumerator
SSL_PPTYPE_UNSET 
SSL_PPTYPE_BUILTIN 
SSL_PPTYPE_FILTER 
SSL_PPTYPE_PIPE 

Define the SSL random number generator seeding source

Enumerator
SSL_RSCTX_STARTUP 
SSL_RSCTX_CONNECT 
Enumerator
SSL_RSSRC_BUILTIN 
SSL_RSSRC_FILE 
SSL_RSSRC_EXEC 
SSL_RSSRC_EGD 
Enumerator
SSL_SHUTDOWN_TYPE_UNSET 
SSL_SHUTDOWN_TYPE_STANDARD 
SSL_SHUTDOWN_TYPE_UNCLEAN 
SSL_SHUTDOWN_TYPE_ACCURATE 

Define the SSL verify levels

Enumerator
SSL_CVERIFY_UNSET 
SSL_CVERIFY_NONE 
SSL_CVERIFY_OPTIONAL 
SSL_CVERIFY_REQUIRE 
SSL_CVERIFY_OPTIONAL_NO_CA 

Function Documentation

APLOG_USE_MODULE ( ssl  )
OCSP_RESPONSE* modssl_dispatch_ocsp_request ( const apr_uri_t uri,
apr_interval_time_t  timeout,
OCSP_REQUEST *  request,
conn_rec c,
apr_pool_t p 
)
DH* modssl_get_dh_params ( unsigned  keylen)
int modssl_is_engine_id ( const char *  name)
apr_status_t modssl_load_engine_keypair ( server_rec s,
apr_pool_t p,
const char *  vhostid,
const char *  certid,
const char *  keyid,
X509 **  pubkey,
EVP_PKEY **  privkey 
)
int modssl_request_is_tls ( const request_rec r,
SSLConnRec **  sslconn 
)
void modssl_var_extract_dns ( apr_table_t t,
SSL *  ssl,
apr_pool_t p 
)
void modssl_var_extract_san_entries ( apr_table_t t,
SSL *  ssl,
apr_pool_t p 
)
int modssl_verify_ocsp ( X509_STORE_CTX *  ctx,
SSLSrvConfigRec sc,
server_rec s,
conn_rec c,
apr_pool_t pool 
)
ssl_asn1_t* ssl_asn1_table_get ( apr_hash_t table,
const char *  key 
)
ssl_asn1_t* ssl_asn1_table_set ( apr_hash_t table,
const char *  key,
EVP_PKEY *  pkey 
)
void ssl_asn1_table_unset ( apr_hash_t table,
const char *  key 
)
void ssl_callback_DelSessionCacheEntry ( SSL_CTX *  ,
SSL_SESSION *   
)
SSL_SESSION* ssl_callback_GetSessionCacheEntry ( SSL *  ,
IDCONST unsigned char *  ,
int  ,
int  
)
void ssl_callback_Info ( const SSL *  ,
int  ,
int   
)
int ssl_callback_NewSessionCacheEntry ( SSL *  ,
SSL_SESSION *   
)
int ssl_callback_proxy_cert ( SSL *  ssl,
X509 **  x509,
EVP_PKEY **  pkey 
)
int ssl_callback_SSLVerify ( int  ,
X509_STORE_CTX *   
)
int ssl_callback_SSLVerify_CRL ( int  ,
X509_STORE_CTX *  ,
conn_rec  
)
DH* ssl_callback_TmpDH ( SSL *  ,
int  ,
int   
)

OpenSSL callbacks

const char* ssl_cmd_SSLCACertificateFile ( cmd_parms ,
void ,
const char *   
)
const char* ssl_cmd_SSLCACertificatePath ( cmd_parms ,
void ,
const char *   
)
const char* ssl_cmd_SSLCADNRequestFile ( cmd_parms ,
void ,
const char *   
)
const char* ssl_cmd_SSLCADNRequestPath ( cmd_parms ,
void ,
const char *   
)
const char* ssl_cmd_SSLCARevocationCheck ( cmd_parms ,
void ,
const char *   
)
const char* ssl_cmd_SSLCARevocationFile ( cmd_parms ,
void ,
const char *   
)
const char* ssl_cmd_SSLCARevocationPath ( cmd_parms ,
void ,
const char *   
)
const char* ssl_cmd_SSLCertificateChainFile ( cmd_parms ,
void ,
const char *   
)
const char* ssl_cmd_SSLCertificateFile ( cmd_parms ,
void ,
const char *   
)
const char* ssl_cmd_SSLCertificateKeyFile ( cmd_parms ,
void ,
const char *   
)
const char* ssl_cmd_SSLCipherSuite ( cmd_parms ,
void ,
const char *  ,
const char *   
)
const char* ssl_cmd_SSLCompression ( cmd_parms ,
void ,
int  flag 
)
const char* ssl_cmd_SSLCryptoDevice ( cmd_parms ,
void ,
const char *   
)
const char* ssl_cmd_SSLEngine ( cmd_parms ,
void ,
const char *   
)
const char* ssl_cmd_SSLFIPS ( cmd_parms cmd,
void dcfg,
int  flag 
)
const char* ssl_cmd_SSLHonorCipherOrder ( cmd_parms cmd,
void dcfg,
int  flag 
)
const char* ssl_cmd_SSLInsecureRenegotiation ( cmd_parms cmd,
void dcfg,
int  flag 
)
const char* ssl_cmd_SSLOCSPDefaultResponder ( cmd_parms cmd,
void dcfg,
const char *  arg 
)
const char* ssl_cmd_SSLOCSPEnable ( cmd_parms cmd,
void dcfg,
const char *  arg 
)
const char* ssl_cmd_SSLOCSPNoVerify ( cmd_parms cmd,
void dcfg,
int  flag 
)
const char* ssl_cmd_SSLOCSPOverrideResponder ( cmd_parms cmd,
void dcfg,
int  flag 
)
const char* ssl_cmd_SSLOCSPProxyURL ( cmd_parms cmd,
void dcfg,
const char *  arg 
)
const char* ssl_cmd_SSLOCSPResponderCertificateFile ( cmd_parms cmd,
void dcfg,
const char *  arg 
)
const char* ssl_cmd_SSLOCSPResponderTimeout ( cmd_parms cmd,
void dcfg,
const char *  arg 
)
const char* ssl_cmd_SSLOCSPResponseMaxAge ( cmd_parms cmd,
void dcfg,
const char *  arg 
)
const char* ssl_cmd_SSLOCSPResponseTimeSkew ( cmd_parms cmd,
void dcfg,
const char *  arg 
)
const char* ssl_cmd_SSLOCSPUseRequestNonce ( cmd_parms cmd,
void dcfg,
int  flag 
)
const char* ssl_cmd_SSLOptions ( cmd_parms ,
void ,
const char *   
)
const char* ssl_cmd_SSLPassPhraseDialog ( cmd_parms ,
void ,
const char *   
)
const char* ssl_cmd_SSLPolicyApply ( cmd_parms ,
void ,
const char *   
)
const char* ssl_cmd_SSLProtocol ( cmd_parms ,
void ,
const char *   
)
const char* ssl_cmd_SSLProxyCACertificateFile ( cmd_parms ,
void ,
const char *   
)
const char* ssl_cmd_SSLProxyCACertificatePath ( cmd_parms ,
void ,
const char *   
)
const char* ssl_cmd_SSLProxyCARevocationCheck ( cmd_parms ,
void ,
const char *   
)
const char* ssl_cmd_SSLProxyCARevocationFile ( cmd_parms ,
void ,
const char *   
)
const char* ssl_cmd_SSLProxyCARevocationPath ( cmd_parms ,
void ,
const char *   
)
const char* ssl_cmd_SSLProxyCheckPeerCN ( cmd_parms cmd,
void dcfg,
int  flag 
)
const char* ssl_cmd_SSLProxyCheckPeerExpire ( cmd_parms cmd,
void dcfg,
int  flag 
)
const char* ssl_cmd_SSLProxyCheckPeerName ( cmd_parms cmd,
void dcfg,
int  flag 
)
const char* ssl_cmd_SSLProxyCipherSuite ( cmd_parms ,
void ,
const char *  ,
const char *   
)
const char* ssl_cmd_SSLProxyEngine ( cmd_parms cmd,
void dcfg,
int  flag 
)
const char* ssl_cmd_SSLProxyMachineCertificateChainFile ( cmd_parms ,
void ,
const char *   
)
const char* ssl_cmd_SSLProxyMachineCertificateFile ( cmd_parms ,
void ,
const char *   
)
const char* ssl_cmd_SSLProxyMachineCertificatePath ( cmd_parms ,
void ,
const char *   
)
const char* ssl_cmd_SSLProxyProtocol ( cmd_parms ,
void ,
const char *   
)
const char* ssl_cmd_SSLProxyVerify ( cmd_parms ,
void ,
const char *   
)
const char* ssl_cmd_SSLProxyVerifyDepth ( cmd_parms ,
void ,
const char *   
)
const char* ssl_cmd_SSLRandomSeed ( cmd_parms ,
void ,
const char *  ,
const char *  ,
const char *   
)
const char* ssl_cmd_SSLRenegBufferSize ( cmd_parms cmd,
void dcfg,
const char *  arg 
)
const char* ssl_cmd_SSLRequire ( cmd_parms ,
void ,
const char *   
)
const char* ssl_cmd_SSLRequireSSL ( cmd_parms ,
void  
)
const char* ssl_cmd_SSLSessionCache ( cmd_parms ,
void ,
const char *   
)
const char* ssl_cmd_SSLSessionCacheTimeout ( cmd_parms ,
void ,
const char *   
)
const char* ssl_cmd_SSLSessionTickets ( cmd_parms ,
void ,
int  flag 
)
const char* ssl_cmd_SSLStrictSNIVHostCheck ( cmd_parms cmd,
void dcfg,
int  flag 
)
const char* ssl_cmd_SSLUserName ( cmd_parms ,
void ,
const char *   
)
const char* ssl_cmd_SSLVerifyClient ( cmd_parms ,
void ,
const char *   
)
const char* ssl_cmd_SSLVerifyDepth ( cmd_parms ,
void ,
const char *   
)
SSLModConfigRec* ssl_config_global_create ( server_rec )

configuration handling

void ssl_config_global_fix ( SSLModConfigRec )
BOOL ssl_config_global_isfixed ( SSLModConfigRec )
void* ssl_config_perdir_create ( apr_pool_t ,
char *   
)
void* ssl_config_perdir_merge ( apr_pool_t ,
void ,
void  
)
void ssl_config_proxy_merge ( apr_pool_t ,
SSLDirConfigRec ,
SSLDirConfigRec  
)
void* ssl_config_server_create ( apr_pool_t ,
server_rec  
)
void* ssl_config_server_merge ( apr_pool_t ,
void ,
void  
)
DH* ssl_dh_GetParamFromFile ( const char *  )

Diffie-Hellman Parameter Support

apr_status_t ssl_die ( server_rec )
apr_array_header_t* ssl_ext_list ( apr_pool_t p,
conn_rec c,
int  peer,
const char *  extension 
)
int ssl_hook_Access ( request_rec )
int ssl_hook_Auth ( request_rec )

Apache API hooks

void ssl_hook_ConfigTest ( apr_pool_t pconf,
server_rec s 
)
int ssl_hook_Fixup ( request_rec )
int ssl_hook_ReadReq ( request_rec )
int ssl_hook_Upgrade ( request_rec )
int ssl_hook_UserCheck ( request_rec )
apr_status_t ssl_init_CheckServers ( server_rec ,
apr_pool_t  
)
void ssl_init_Child ( apr_pool_t ,
server_rec  
)
apr_status_t ssl_init_ConfigureServer ( server_rec ,
apr_pool_t ,
apr_pool_t ,
SSLSrvConfigRec ,
apr_array_header_t  
)
apr_status_t ssl_init_Engine ( server_rec ,
apr_pool_t  
)
* ssl_init_FindCAList ( server_rec ,
apr_pool_t ,
const char *  ,
const char *   
)
apr_status_t ssl_init_Module ( apr_pool_t ,
apr_pool_t ,
apr_pool_t ,
server_rec  
)

module initialization

apr_status_t ssl_init_ModuleKill ( void data)
void ssl_init_ocsp_certificates ( server_rec s,
modssl_ctx_t mctx 
)
int ssl_init_ssl_connection ( conn_rec c,
request_rec r 
)
int ssl_io_buffer_fill ( request_rec r,
apr_size_t  maxlen 
)
long ssl_io_data_cb ( BIO *  ,
int  ,
const char *  ,
int  ,
long  ,
long   
)
void ssl_io_filter_init ( conn_rec ,
request_rec r,
SSL *   
)

OCSP Stapling Support I/O

void ssl_io_filter_register ( apr_pool_t )
int ssl_is_challenge ( conn_rec c,
const char *  servername,
X509 **  pcert,
EVP_PKEY **  pkey 
)
apr_status_t ssl_load_encrypted_pkey ( server_rec ,
apr_pool_t ,
int  ,
const char *  ,
apr_array_header_t **   
)

Pass Phrase Support

void void ssl_log_cxerror ( const char *  file,
int  line,
int  level,
apr_status_t  rv,
conn_rec c,
X509 *  cert,
const char *  format,
  ... 
)
void void void ssl_log_rxerror ( const char *  file,
int  line,
int  level,
apr_status_t  rv,
request_rec r,
X509 *  cert,
const char *  format,
  ... 
)
void ssl_log_ssl_error ( const char *  ,
int  ,
int  ,
server_rec  
)

Logfile Support

void ssl_log_xerror ( const char *  file,
int  line,
int  level,
apr_status_t  rv,
apr_pool_t p,
server_rec s,
X509 *  cert,
const char *  format,
  ... 
)
int ssl_mutex_init ( server_rec ,
apr_pool_t  
)

Mutex Support

int ssl_mutex_off ( server_rec )
int ssl_mutex_on ( server_rec )
int ssl_mutex_reinit ( server_rec ,
apr_pool_t  
)
SSLSrvConfigRec* ssl_policy_lookup ( apr_pool_t pool,
const char *  name 
)
int ssl_proxy_section_post_config ( apr_pool_t p,
apr_pool_t plog,
apr_pool_t ptemp,
server_rec s,
ap_conf_vector_t section_config 
)
int ssl_rand_seed ( server_rec ,
apr_pool_t ,
ssl_rsctx_t  ,
char *   
)

PRNG

apr_status_t ssl_scache_init ( server_rec ,
apr_pool_t  
)

Session Cache Support

void ssl_scache_kill ( server_rec )
void ssl_scache_remove ( server_rec ,
IDCONST UCHAR ,
int  ,
apr_pool_t  
)
SSL_SESSION* ssl_scache_retrieve ( server_rec ,
IDCONST UCHAR ,
int  ,
apr_pool_t  
)
void ssl_scache_status_register ( apr_pool_t p)
BOOL ssl_scache_store ( server_rec ,
IDCONST UCHAR ,
int  ,
apr_time_t  ,
SSL_SESSION *  ,
apr_pool_t  
)
int ssl_stapling_mutex_reinit ( server_rec ,
apr_pool_t  
)
BOOL ssl_util_path_check ( ssl_pathcheck_t  ,
const char *  ,
apr_pool_t  
)
void ssl_util_ppclose ( server_rec ,
apr_pool_t ,
apr_file_t  
)
apr_file_t* ssl_util_ppopen ( server_rec ,
apr_pool_t ,
const char *  ,
const char *const *   
)
char* ssl_util_readfilter ( server_rec ,
apr_pool_t ,
const char *  ,
const char *const *   
)
void ssl_util_thread_id_setup ( apr_pool_t )
void ssl_util_thread_setup ( apr_pool_t )
BOOL ssl_util_vhost_matches ( const char *  servername,
server_rec s 
)
char* ssl_util_vhostid ( apr_pool_t ,
server_rec  
)

Utility Functions

void ssl_var_log_config_register ( apr_pool_t p)
char* ssl_var_lookup ( apr_pool_t ,
server_rec ,
conn_rec ,
request_rec ,
char *   
)
void ssl_var_register ( apr_pool_t p)

Variables

Variable Documentation

const authz_provider ssl_authz_provider_require_ssl

Apache authz provisders

const authz_provider ssl_authz_provider_verify_client

function prototypesAPI glue structures