Apache2
Collaboration diagram for Private:

Data Structures

struct  ssl_require_t
 
struct  ssl_randseed_t
 
struct  ssl_asn1_t
 
struct  SSLConnRec
 
struct  modssl_retained_data_t
 
struct  SSLModConfigRec
 
struct  modssl_pk_server_t
 
struct  modssl_pk_proxy_t
 
struct  modssl_auth_ctx_t
 
struct  modssl_ctx_t
 
struct  SSLSrvConfigRec
 
struct  SSLDirConfigRec
 

Macros

#define APR_WANT_STRFUNC
 
#define APR_WANT_MEMFUNC
 
#define FALSE   0
 
#define TRUE   !FALSE
 
#define BOOL   unsigned int
 
#define MODSSL_SSL_CIPHER_CONST
 
#define MODSSL_SSL_METHOD_CONST
 
#define MODSSL_USE_OPENSSL_PRE_1_1_API   (OPENSSL_VERSION_NUMBER < 0x10100000L)
 
#define MODSSL_USE_SSLRAND
 
#define IDCONST
 
#define BN_get_rfc2409_prime_768   get_rfc2409_prime_768
 
#define BN_get_rfc2409_prime_1024   get_rfc2409_prime_1024
 
#define BN_get_rfc3526_prime_1536   get_rfc3526_prime_1536
 
#define BN_get_rfc3526_prime_2048   get_rfc3526_prime_2048
 
#define BN_get_rfc3526_prime_3072   get_rfc3526_prime_3072
 
#define BN_get_rfc3526_prime_4096   get_rfc3526_prime_4096
 
#define BN_get_rfc3526_prime_6144   get_rfc3526_prime_6144
 
#define BN_get_rfc3526_prime_8192   get_rfc3526_prime_8192
 
#define BIO_set_init(x, v)   (x->init=v)
 
#define BIO_get_data(x)   (x->ptr)
 
#define BIO_set_data(x, v)   (x->ptr=v)
 
#define BIO_get_shutdown(x)   (x->shutdown)
 
#define BIO_set_shutdown(x, v)   (x->shutdown=v)
 
#define DH_bits(x)   (BN_num_bits(x->p))
 
#define X509_up_ref(x)   (CRYPTO_add(&(x)->references, +1, CRYPTO_LOCK_X509))
 
#define EVP_PKEY_up_ref(pk)   (CRYPTO_add(&(pk)->references, +1, CRYPTO_LOCK_EVP_PKEY))
 
#define X509_STORE_CTX_get0_store(x)   (x->ctx)
 
#define X509_STORE_CTX_get0_current_issuer(x)   (x->current_issuer)
 
#define UNSET   (-1)
 
#define NUL   '\0'
 
#define RAND_MAX   INT_MAX
 
#define UCHAR   unsigned char
 
#define strEQ(s1, s2)   (strcmp(s1,s2) == 0)
 
#define strNE(s1, s2)   (strcmp(s1,s2) != 0)
 
#define strEQn(s1, s2, n)   (strncmp(s1,s2,n) == 0)
 
#define strNEn(s1, s2, n)   (strncmp(s1,s2,n) != 0)
 
#define strcEQ(s1, s2)   (strcasecmp(s1,s2) == 0)
 
#define strcNE(s1, s2)   (strcasecmp(s1,s2) != 0)
 
#define strcEQn(s1, s2, n)   (strncasecmp(s1,s2,n) == 0)
 
#define strcNEn(s1, s2, n)   (strncasecmp(s1,s2,n) != 0)
 
#define strIsEmpty(s)   (s == NULL || s[0] == NUL)
 
#define myConnConfig(c)   ((SSLConnRec *)ap_get_module_config(c->conn_config, &ssl_module))
 
#define myConnConfigSet(c, val)   ap_set_module_config(c->conn_config, &ssl_module, val)
 
#define mySrvConfig(srv)   ((SSLSrvConfigRec *)ap_get_module_config(srv->module_config, &ssl_module))
 
#define myDirConfig(req)   ((SSLDirConfigRec *)ap_get_module_config(req->per_dir_config, &ssl_module))
 
#define myCtxConfig(sslconn, sc)   (sslconn->is_proxy ? sslconn->dc->proxy : sc->server)
 
#define myModConfig(srv)   mySrvConfig((srv))->mc
 
#define mySrvFromConn(c)   myConnConfig(c)->server
 
#define myDirConfigFromConn(c)   myConnConfig(c)->dc
 
#define mySrvConfigFromConn(c)   mySrvConfig(mySrvFromConn(c))
 
#define myModConfigFromConn(c)   myModConfig(mySrvFromConn(c))
 
#define SSL_SESSION_CACHE_TIMEOUT   300
 
#define DEFAULT_RENEG_BUFFER_SIZE   (128 * 1024)
 
#define DEFAULT_OCSP_MAX_SKEW   (60 * 5)
 
#define DEFAULT_OCSP_TIMEOUT   10
 
#define SSL_OPT_NONE   (0)
 
#define SSL_OPT_RELSET   (1<<0)
 
#define SSL_OPT_STDENVVARS   (1<<1)
 
#define SSL_OPT_EXPORTCERTDATA   (1<<3)
 
#define SSL_OPT_FAKEBASICAUTH   (1<<4)
 
#define SSL_OPT_STRICTREQUIRE   (1<<5)
 
#define SSL_OPT_OPTRENEGOTIATE   (1<<6)
 
#define SSL_OPT_LEGACYDNFORMAT   (1<<7)
 
#define SSL_OPT_EXPORTCB64DATA   (1<<8)
 
#define SSL_PROTOCOL_NONE   (0)
 
#define SSL_PROTOCOL_SSLV3   (1<<1)
 
#define SSL_PROTOCOL_TLSV1   (1<<2)
 
#define SSL_PROTOCOL_BASIC   (SSL_PROTOCOL_SSLV3|SSL_PROTOCOL_TLSV1)
 
#define SSL_PROTOCOL_ALL   (SSL_PROTOCOL_BASIC)
 
#define SSL_PROTOCOL_DEFAULT   (SSL_PROTOCOL_ALL & ~SSL_PROTOCOL_SSLV3)
 
#define SSL_VERIFY_PEER_STRICT   (SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT)
 
#define ssl_verify_error_is_optional(errnum)
 
#define SSL_PCM_EXISTS   1
 
#define SSL_PCM_ISREG   2
 
#define SSL_PCM_ISDIR   4
 
#define SSL_PCM_ISNONZERO   8
 
#define MODSSL_RETAINED_KEY   "mod_ssl-retained-1"
 
#define SSL_CACHE_MUTEX_TYPE   "ssl-cache"
 
#define SSL_STAPLING_CACHE_MUTEX_TYPE   "ssl-stapling"
 
#define SSL_STAPLING_REFRESH_MUTEX_TYPE   "ssl-stapling-refresh"
 
#define SSLLOG_MARK   __FILE__,__LINE__
 

Typedefs

typedef int ssl_opt_t
 
typedef int ssl_proto_t
 
typedef unsigned int ssl_pathcheck_t
 
typedef struct SSLSrvConfigRec SSLSrvConfigRec
 
typedef struct SSLDirConfigRec SSLDirConfigRec
 

Enumerations

enum  ssl_verify_t {
  SSL_CVERIFY_UNSET = UNSET, SSL_CVERIFY_NONE = 0, SSL_CVERIFY_OPTIONAL = 1, SSL_CVERIFY_REQUIRE = 2,
  SSL_CVERIFY_OPTIONAL_NO_CA = 3
}
 
enum  ssl_crlcheck_t { SSL_CRLCHECK_NONE = (0), SSL_CRLCHECK_LEAF = (1 << 0), SSL_CRLCHECK_CHAIN = (1 << 1), SSL_CRLCHECK_NO_CRL_FOR_CERT_OK = (1 << 2) }
 
enum  ssl_ocspcheck_t { SSL_OCSPCHECK_NONE = (0), SSL_OCSPCHECK_LEAF = (1 << 0), SSL_OCSPCHECK_CHAIN = (1 << 1), SSL_OCSPCHECK_NO_OCSP_FOR_CERT_OK = (1 << 2) }
 
enum  ssl_pphrase_t { SSL_PPTYPE_UNSET = UNSET, SSL_PPTYPE_BUILTIN = 0, SSL_PPTYPE_FILTER = 1, SSL_PPTYPE_PIPE = 2 }
 
enum  ssl_enabled_t { SSL_ENABLED_UNSET = UNSET, SSL_ENABLED_FALSE = 0, SSL_ENABLED_TRUE = 1, SSL_ENABLED_OPTIONAL = 3 }
 
enum  ssl_rsctx_t { SSL_RSCTX_STARTUP = 1, SSL_RSCTX_CONNECT = 2 }
 
enum  ssl_rssrc_t { SSL_RSSRC_BUILTIN = 1, SSL_RSSRC_FILE = 2, SSL_RSSRC_EXEC = 3, SSL_RSSRC_EGD = 4 }
 
enum  modssl_reneg_state { RENEG_INIT = 0, RENEG_REJECT, RENEG_ALLOW, RENEG_ABORT }
 
enum  ssl_shutdown_type_e { SSL_SHUTDOWN_TYPE_UNSET, SSL_SHUTDOWN_TYPE_STANDARD, SSL_SHUTDOWN_TYPE_UNCLEAN, SSL_SHUTDOWN_TYPE_ACCURATE }
 

Functions

 APLOG_USE_MODULE (ssl)
 
SSLSrvConfigRecssl_policy_lookup (apr_pool_t *pool, const char *name)
 
void ssl_config_global_fix (SSLModConfigRec *)
 
BOOL ssl_config_global_isfixed (SSLModConfigRec *)
 
voidssl_config_server_create (apr_pool_t *, server_rec *)
 
voidssl_config_server_merge (apr_pool_t *, void *, void *)
 
voidssl_config_perdir_create (apr_pool_t *, char *)
 
voidssl_config_perdir_merge (apr_pool_t *, void *, void *)
 
void ssl_config_proxy_merge (apr_pool_t *, SSLDirConfigRec *, SSLDirConfigRec *)
 
const char * ssl_cmd_SSLPolicyApply (cmd_parms *, void *, const char *)
 
const char * ssl_cmd_SSLPassPhraseDialog (cmd_parms *, void *, const char *)
 
const char * ssl_cmd_SSLCryptoDevice (cmd_parms *, void *, const char *)
 
const char * ssl_cmd_SSLRandomSeed (cmd_parms *, void *, const char *, const char *, const char *)
 
const char * ssl_cmd_SSLEngine (cmd_parms *, void *, const char *)
 
const char * ssl_cmd_SSLCipherSuite (cmd_parms *, void *, const char *, const char *)
 
const char * ssl_cmd_SSLCertificateFile (cmd_parms *, void *, const char *)
 
const char * ssl_cmd_SSLCertificateKeyFile (cmd_parms *, void *, const char *)
 
const char * ssl_cmd_SSLCertificateChainFile (cmd_parms *, void *, const char *)
 
const char * ssl_cmd_SSLCACertificatePath (cmd_parms *, void *, const char *)
 
const char * ssl_cmd_SSLCACertificateFile (cmd_parms *, void *, const char *)
 
const char * ssl_cmd_SSLCADNRequestPath (cmd_parms *, void *, const char *)
 
const char * ssl_cmd_SSLCADNRequestFile (cmd_parms *, void *, const char *)
 
const char * ssl_cmd_SSLCARevocationPath (cmd_parms *, void *, const char *)
 
const char * ssl_cmd_SSLCARevocationFile (cmd_parms *, void *, const char *)
 
const char * ssl_cmd_SSLCARevocationCheck (cmd_parms *, void *, const char *)
 
const char * ssl_cmd_SSLHonorCipherOrder (cmd_parms *cmd, void *dcfg, int flag)
 
const char * ssl_cmd_SSLCompression (cmd_parms *, void *, int flag)
 
const char * ssl_cmd_SSLSessionTickets (cmd_parms *, void *, int flag)
 
const char * ssl_cmd_SSLVerifyClient (cmd_parms *, void *, const char *)
 
const char * ssl_cmd_SSLVerifyDepth (cmd_parms *, void *, const char *)
 
const char * ssl_cmd_SSLSessionCache (cmd_parms *, void *, const char *)
 
const char * ssl_cmd_SSLSessionCacheTimeout (cmd_parms *, void *, const char *)
 
const char * ssl_cmd_SSLProtocol (cmd_parms *, void *, const char *)
 
const char * ssl_cmd_SSLOptions (cmd_parms *, void *, const char *)
 
const char * ssl_cmd_SSLRequireSSL (cmd_parms *, void *)
 
const char * ssl_cmd_SSLRequire (cmd_parms *, void *, const char *)
 
const char * ssl_cmd_SSLUserName (cmd_parms *, void *, const char *)
 
const char * ssl_cmd_SSLRenegBufferSize (cmd_parms *cmd, void *dcfg, const char *arg)
 
const char * ssl_cmd_SSLStrictSNIVHostCheck (cmd_parms *cmd, void *dcfg, int flag)
 
const char * ssl_cmd_SSLInsecureRenegotiation (cmd_parms *cmd, void *dcfg, int flag)
 
const char * ssl_cmd_SSLProxyEngine (cmd_parms *cmd, void *dcfg, int flag)
 
const char * ssl_cmd_SSLProxyProtocol (cmd_parms *, void *, const char *)
 
const char * ssl_cmd_SSLProxyCipherSuite (cmd_parms *, void *, const char *, const char *)
 
const char * ssl_cmd_SSLProxyVerify (cmd_parms *, void *, const char *)
 
const char * ssl_cmd_SSLProxyVerifyDepth (cmd_parms *, void *, const char *)
 
const char * ssl_cmd_SSLProxyCACertificatePath (cmd_parms *, void *, const char *)
 
const char * ssl_cmd_SSLProxyCACertificateFile (cmd_parms *, void *, const char *)
 
const char * ssl_cmd_SSLProxyCARevocationPath (cmd_parms *, void *, const char *)
 
const char * ssl_cmd_SSLProxyCARevocationFile (cmd_parms *, void *, const char *)
 
const char * ssl_cmd_SSLProxyCARevocationCheck (cmd_parms *, void *, const char *)
 
const char * ssl_cmd_SSLProxyMachineCertificatePath (cmd_parms *, void *, const char *)
 
const char * ssl_cmd_SSLProxyMachineCertificateFile (cmd_parms *, void *, const char *)
 
const char * ssl_cmd_SSLProxyMachineCertificateChainFile (cmd_parms *, void *, const char *)
 
const char * ssl_cmd_SSLProxyCheckPeerExpire (cmd_parms *cmd, void *dcfg, int flag)
 
const char * ssl_cmd_SSLProxyCheckPeerCN (cmd_parms *cmd, void *dcfg, int flag)
 
const char * ssl_cmd_SSLProxyCheckPeerName (cmd_parms *cmd, void *dcfg, int flag)
 
const char * ssl_cmd_SSLOCSPOverrideResponder (cmd_parms *cmd, void *dcfg, int flag)
 
const char * ssl_cmd_SSLOCSPDefaultResponder (cmd_parms *cmd, void *dcfg, const char *arg)
 
const char * ssl_cmd_SSLOCSPResponseTimeSkew (cmd_parms *cmd, void *dcfg, const char *arg)
 
const char * ssl_cmd_SSLOCSPResponseMaxAge (cmd_parms *cmd, void *dcfg, const char *arg)
 
const char * ssl_cmd_SSLOCSPResponderTimeout (cmd_parms *cmd, void *dcfg, const char *arg)
 
const char * ssl_cmd_SSLOCSPUseRequestNonce (cmd_parms *cmd, void *dcfg, int flag)
 
const char * ssl_cmd_SSLOCSPEnable (cmd_parms *cmd, void *dcfg, const char *arg)
 
const char * ssl_cmd_SSLOCSPProxyURL (cmd_parms *cmd, void *dcfg, const char *arg)
 
const char * ssl_cmd_SSLOCSPNoVerify (cmd_parms *cmd, void *dcfg, int flag)
 
const char * ssl_cmd_SSLOCSPResponderCertificateFile (cmd_parms *cmd, void *dcfg, const char *arg)
 
const char * ssl_cmd_SSLFIPS (cmd_parms *cmd, void *dcfg, int flag)
 
apr_status_t ssl_init_Module (apr_pool_t *, apr_pool_t *, apr_pool_t *, server_rec *)
 
apr_status_t ssl_init_Engine (server_rec *, apr_pool_t *)
 
apr_status_t ssl_init_ConfigureServer (server_rec *, apr_pool_t *, apr_pool_t *, SSLSrvConfigRec *, apr_array_header_t *)
 
apr_status_t ssl_init_CheckServers (server_rec *, apr_pool_t *)
 
int ssl_proxy_section_post_config (apr_pool_t *p, apr_pool_t *plog, apr_pool_t *ptemp, server_rec *s, ap_conf_vector_t *section_config)
 
ssl_init_FindCAList (server_rec *, apr_pool_t *, const char *, const char *)
 
void ssl_init_Child (apr_pool_t *, server_rec *)
 
apr_status_t ssl_init_ModuleKill (void *data)
 
int ssl_hook_Auth (request_rec *)
 
int ssl_hook_UserCheck (request_rec *)
 
int ssl_hook_Access (request_rec *)
 
int ssl_hook_Fixup (request_rec *)
 
int ssl_hook_ReadReq (request_rec *)
 
int ssl_hook_Upgrade (request_rec *)
 
void ssl_hook_ConfigTest (apr_pool_t *pconf, server_rec *s)
 
DH * ssl_callback_TmpDH (SSL *, int, int)
 
int ssl_callback_SSLVerify (int, X509_STORE_CTX *)
 
int ssl_callback_SSLVerify_CRL (int, X509_STORE_CTX *, conn_rec *)
 
int ssl_callback_proxy_cert (SSL *ssl, X509 **x509, EVP_PKEY **pkey)
 
int ssl_callback_NewSessionCacheEntry (SSL *, SSL_SESSION *)
 
SSL_SESSION * ssl_callback_GetSessionCacheEntry (SSL *, IDCONST unsigned char *, int, int *)
 
void ssl_callback_DelSessionCacheEntry (SSL_CTX *, SSL_SESSION *)
 
void ssl_callback_Info (const SSL *, int, int)
 
apr_status_t ssl_scache_init (server_rec *, apr_pool_t *)
 
void ssl_scache_status_register (apr_pool_t *p)
 
void ssl_scache_kill (server_rec *)
 
BOOL ssl_scache_store (server_rec *, IDCONST UCHAR *, int, apr_time_t, SSL_SESSION *, apr_pool_t *)
 
SSL_SESSION * ssl_scache_retrieve (server_rec *, IDCONST UCHAR *, int, apr_pool_t *)
 
void ssl_scache_remove (server_rec *, IDCONST UCHAR *, int, apr_pool_t *)
 
void ssl_io_filter_init (conn_rec *, request_rec *r, SSL *)
 
void ssl_io_filter_register (apr_pool_t *)
 
long ssl_io_data_cb (BIO *, int, const char *, int, long, long)
 
int ssl_io_buffer_fill (request_rec *r, apr_size_t maxlen)
 
void ssl_rand_seed (server_rec *, apr_pool_t *, ssl_rsctx_t, char *)
 
char * ssl_util_vhostid (apr_pool_t *, server_rec *)
 
apr_file_tssl_util_ppopen (server_rec *, apr_pool_t *, const char *, const char *const *)
 
void ssl_util_ppclose (server_rec *, apr_pool_t *, apr_file_t *)
 
char * ssl_util_readfilter (server_rec *, apr_pool_t *, const char *, const char *const *)
 
BOOL ssl_util_path_check (ssl_pathcheck_t, const char *, apr_pool_t *)
 
void ssl_util_thread_setup (apr_pool_t *)
 
void ssl_util_thread_id_setup (apr_pool_t *)
 
int ssl_init_ssl_connection (conn_rec *c, request_rec *r)
 
BOOL ssl_util_vhost_matches (const char *servername, server_rec *s)
 
apr_status_t ssl_load_encrypted_pkey (server_rec *, apr_pool_t *, int, const char *, apr_array_header_t **)
 
apr_status_t modssl_load_engine_keypair (server_rec *s, apr_pool_t *p, const char *vhostid, const char *certid, const char *keyid, X509 **pubkey, EVP_PKEY **privkey)
 
DH * ssl_dh_GetParamFromFile (const char *)
 
ssl_asn1_tssl_asn1_table_set (apr_hash_t *table, const char *key, EVP_PKEY *pkey)
 
ssl_asn1_tssl_asn1_table_get (apr_hash_t *table, const char *key)
 
int ssl_mutex_init (server_rec *, apr_pool_t *)
 
int ssl_mutex_reinit (server_rec *, apr_pool_t *)
 
int ssl_mutex_on (server_rec *)
 
int ssl_mutex_off (server_rec *)
 
int ssl_stapling_mutex_reinit (server_rec *, apr_pool_t *)
 
apr_status_t ssl_die (server_rec *)
 
void ssl_log_ssl_error (const char *, int, int, server_rec *)
 
void ssl_log_xerror (const char *file, int line, int level, apr_status_t rv, apr_pool_t *p, server_rec *s, X509 *cert, const char *format,...) __attribute__((format(printf
 
void void ssl_log_cxerror (const char *file, int line, int level, apr_status_t rv, conn_rec *c, X509 *cert, const char *format,...) __attribute__((format(printf
 
void void void ssl_log_rxerror (const char *file, int line, int level, apr_status_t rv, request_rec *r, X509 *cert, const char *format,...) __attribute__((format(printf
 
void ssl_var_register (apr_pool_t *p)
 
const char * ssl_var_lookup (apr_pool_t *p, server_rec *s, conn_rec *c, request_rec *r, const char *name) AP_FN_ATTR_NONNULL((1
 
apr_array_header_tssl_ext_list (apr_pool_t *p, conn_rec *c, int peer, const char *extension)
 
void ssl_var_log_config_register (apr_pool_t *p)
 
void modssl_var_extract_dns (apr_table_t *t, SSL *ssl, apr_pool_t *p)
 
void modssl_var_extract_san_entries (apr_table_t *t, SSL *ssl, apr_pool_t *p)
 
int modssl_verify_ocsp (X509_STORE_CTX *ctx, SSLSrvConfigRec *sc, server_rec *s, conn_rec *c, apr_pool_t *pool)
 
OCSP_RESPONSE * modssl_dispatch_ocsp_request (const apr_uri_t *uri, apr_interval_time_t timeout, OCSP_REQUEST *request, conn_rec *c, apr_pool_t *p)
 
void ssl_init_ocsp_certificates (server_rec *s, modssl_ctx_t *mctx)
 
DH * modssl_get_dh_params (unsigned keylen)
 
int modssl_request_is_tls (const request_rec *r, SSLConnRec **sslconn)
 
int modssl_is_engine_id (const char *name)
 
int ssl_is_challenge (conn_rec *c, const char *servername, X509 **pcert, EVP_PKEY **pkey, const char **pcert_file, const char **pkey_file)
 
void modssl_set_reneg_state (SSLConnRec *sslconn, modssl_reneg_state state)
 

Variables

module AP_MODULE_DECLARE_DATA ssl_module
 
const authz_provider ssl_authz_provider_require_ssl
 
const authz_provider ssl_authz_provider_verify_client
 
const char AP_FN_ATTR_WARN_UNUSED_RESULT
 

Detailed Description

Macro Definition Documentation

#define APR_WANT_MEMFUNC
#define APR_WANT_STRFUNC

Apache headers

#define BIO_get_data (   x)    (x->ptr)
#define BIO_get_shutdown (   x)    (x->shutdown)
#define BIO_set_data (   x,
 
)    (x->ptr=v)
#define BIO_set_init (   x,
 
)    (x->init=v)
#define BIO_set_shutdown (   x,
 
)    (x->shutdown=v)
#define BN_get_rfc2409_prime_1024   get_rfc2409_prime_1024
#define BN_get_rfc2409_prime_768   get_rfc2409_prime_768

The following features all depend on TLS extension support. Within this block, check again for features (not version numbers).

#define BN_get_rfc3526_prime_1536   get_rfc3526_prime_1536
#define BN_get_rfc3526_prime_2048   get_rfc3526_prime_2048
#define BN_get_rfc3526_prime_3072   get_rfc3526_prime_3072
#define BN_get_rfc3526_prime_4096   get_rfc3526_prime_4096
#define BN_get_rfc3526_prime_6144   get_rfc3526_prime_6144
#define BN_get_rfc3526_prime_8192   get_rfc3526_prime_8192
#define BOOL   unsigned int
#define DEFAULT_OCSP_MAX_SKEW   (60 * 5)
#define DEFAULT_OCSP_TIMEOUT   10
#define DEFAULT_RENEG_BUFFER_SIZE   (128 * 1024)
#define DH_bits (   x)    (BN_num_bits(x->p))
#define EVP_PKEY_up_ref (   pk)    (CRYPTO_add(&(pk)->references, +1, CRYPTO_LOCK_EVP_PKEY))
#define FALSE   0
#define IDCONST
#define MODSSL_RETAINED_KEY   "mod_ssl-retained-1"
#define MODSSL_SSL_CIPHER_CONST

...shifting sands of OpenSSL... Note: when adding support for new OpenSSL features, avoid explicit version number checks whenever possible, and use "feature-based" detection instead (check for definitions of constants or functions)

#define MODSSL_SSL_METHOD_CONST
#define MODSSL_USE_OPENSSL_PRE_1_1_API   (OPENSSL_VERSION_NUMBER < 0x10100000L)
#define MODSSL_USE_SSLRAND
#define myConnConfig (   c)    ((SSLConnRec *)ap_get_module_config(c->conn_config, &ssl_module))
#define myConnConfigSet (   c,
  val 
)    ap_set_module_config(c->conn_config, &ssl_module, val)
#define myCtxConfig (   sslconn,
  sc 
)    (sslconn->is_proxy ? sslconn->dc->proxy : sc->server)
#define myDirConfig (   req)    ((SSLDirConfigRec *)ap_get_module_config(req->per_dir_config, &ssl_module))
#define myDirConfigFromConn (   c)    myConnConfig(c)->dc
#define myModConfig (   srv)    mySrvConfig((srv))->mc
#define myModConfigFromConn (   c)    myModConfig(mySrvFromConn(c))
#define mySrvConfig (   srv)    ((SSLSrvConfigRec *)ap_get_module_config(srv->module_config, &ssl_module))
#define mySrvConfigFromConn (   c)    mySrvConfig(mySrvFromConn(c))
#define mySrvFromConn (   c)    myConnConfig(c)->server
#define NUL   '\0'
#define RAND_MAX   INT_MAX
#define SSL_CACHE_MUTEX_TYPE   "ssl-cache"
#define SSL_OPT_EXPORTCB64DATA   (1<<8)
#define SSL_OPT_EXPORTCERTDATA   (1<<3)
#define SSL_OPT_FAKEBASICAUTH   (1<<4)
#define SSL_OPT_LEGACYDNFORMAT   (1<<7)
#define SSL_OPT_NONE   (0)

Define the SSL options

#define SSL_OPT_OPTRENEGOTIATE   (1<<6)
#define SSL_OPT_RELSET   (1<<0)
#define SSL_OPT_STDENVVARS   (1<<1)
#define SSL_OPT_STRICTREQUIRE   (1<<5)
#define SSL_PCM_EXISTS   1

Define the Path Checking modes

#define SSL_PCM_ISDIR   4
#define SSL_PCM_ISNONZERO   8
#define SSL_PCM_ISREG   2
#define SSL_PROTOCOL_ALL   (SSL_PROTOCOL_BASIC)
#define SSL_PROTOCOL_BASIC   (SSL_PROTOCOL_SSLV3|SSL_PROTOCOL_TLSV1)
#define SSL_PROTOCOL_DEFAULT   (SSL_PROTOCOL_ALL & ~SSL_PROTOCOL_SSLV3)
#define SSL_PROTOCOL_NONE   (0)

Define the SSL Protocol options

#define SSL_PROTOCOL_SSLV3   (1<<1)
#define SSL_PROTOCOL_TLSV1   (1<<2)
#define SSL_SESSION_CACHE_TIMEOUT   300

Defaults for the configuration

#define SSL_STAPLING_CACHE_MUTEX_TYPE   "ssl-stapling"
#define SSL_STAPLING_REFRESH_MUTEX_TYPE   "ssl-stapling-refresh"
#define ssl_verify_error_is_optional (   errnum)
Value:
((errnum == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT) \
|| (errnum == X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN) \
|| (errnum == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY) \
|| (errnum == X509_V_ERR_CERT_UNTRUSTED) \
|| (errnum == X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE))
#define SSL_VERIFY_PEER_STRICT   (SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT)
#define SSLLOG_MARK   __FILE__,__LINE__
#define strcEQ (   s1,
  s2 
)    (strcasecmp(s1,s2) == 0)
#define strcEQn (   s1,
  s2,
 
)    (strncasecmp(s1,s2,n) == 0)
#define strcNE (   s1,
  s2 
)    (strcasecmp(s1,s2) != 0)
#define strcNEn (   s1,
  s2,
 
)    (strncasecmp(s1,s2,n) != 0)
#define strEQ (   s1,
  s2 
)    (strcmp(s1,s2) == 0)

Provide useful shorthands

#define strEQn (   s1,
  s2,
 
)    (strncmp(s1,s2,n) == 0)
#define strIsEmpty (   s)    (s == NULL || s[0] == NUL)
#define strNE (   s1,
  s2 
)    (strcmp(s1,s2) != 0)
#define strNEn (   s1,
  s2,
 
)    (strncmp(s1,s2,n) != 0)
#define TRUE   !FALSE
#define UCHAR   unsigned char

Provide reasonable defines for some types

#define UNSET   (-1)
#define X509_STORE_CTX_get0_current_issuer (   x)    (x->current_issuer)
#define X509_STORE_CTX_get0_store (   x)    (x->ctx)
#define X509_up_ref (   x)    (CRYPTO_add(&(x)->references, +1, CRYPTO_LOCK_X509))

Typedef Documentation

typedef int ssl_opt_t
typedef unsigned int ssl_pathcheck_t
typedef int ssl_proto_t

Define the mod_ssl per-module configuration structure (i.e. the global configuration for each httpd process)

Enumeration Type Documentation

Enumerator
RENEG_INIT 
RENEG_REJECT 
RENEG_ALLOW 
RENEG_ABORT 

CRL checking mask (mode | flags)

Enumerator
SSL_CRLCHECK_NONE 
SSL_CRLCHECK_LEAF 
SSL_CRLCHECK_CHAIN 
SSL_CRLCHECK_NO_CRL_FOR_CERT_OK 

Define the SSL enabled state

Enumerator
SSL_ENABLED_UNSET 
SSL_ENABLED_FALSE 
SSL_ENABLED_TRUE 
SSL_ENABLED_OPTIONAL 

OCSP checking mask (mode | flags)

Enumerator
SSL_OCSPCHECK_NONE 
SSL_OCSPCHECK_LEAF 
SSL_OCSPCHECK_CHAIN 
SSL_OCSPCHECK_NO_OCSP_FOR_CERT_OK 

Define the SSL pass phrase dialog types

Enumerator
SSL_PPTYPE_UNSET 
SSL_PPTYPE_BUILTIN 
SSL_PPTYPE_FILTER 
SSL_PPTYPE_PIPE 

Define the SSL random number generator seeding source

Enumerator
SSL_RSCTX_STARTUP 
SSL_RSCTX_CONNECT 
Enumerator
SSL_RSSRC_BUILTIN 
SSL_RSSRC_FILE 
SSL_RSSRC_EXEC 
SSL_RSSRC_EGD 
Enumerator
SSL_SHUTDOWN_TYPE_UNSET 
SSL_SHUTDOWN_TYPE_STANDARD 
SSL_SHUTDOWN_TYPE_UNCLEAN 
SSL_SHUTDOWN_TYPE_ACCURATE 

Define the SSL verify levels

Enumerator
SSL_CVERIFY_UNSET 
SSL_CVERIFY_NONE 
SSL_CVERIFY_OPTIONAL 
SSL_CVERIFY_REQUIRE 
SSL_CVERIFY_OPTIONAL_NO_CA 

Function Documentation

APLOG_USE_MODULE ( ssl  )
OCSP_RESPONSE* modssl_dispatch_ocsp_request ( const apr_uri_t uri,
apr_interval_time_t  timeout,
OCSP_REQUEST *  request,
conn_rec c,
apr_pool_t p 
)
DH* modssl_get_dh_params ( unsigned  keylen)
int modssl_is_engine_id ( const char *  name)
apr_status_t modssl_load_engine_keypair ( server_rec s,
apr_pool_t p,
const char *  vhostid,
const char *  certid,
const char *  keyid,
X509 **  pubkey,
EVP_PKEY **  privkey 
)
int modssl_request_is_tls ( const request_rec r,
SSLConnRec **  sslconn 
)
void modssl_set_reneg_state ( SSLConnRec sslconn,
modssl_reneg_state  state 
)
void modssl_var_extract_dns ( apr_table_t t,
SSL *  ssl,
apr_pool_t p 
)
void modssl_var_extract_san_entries ( apr_table_t t,
SSL *  ssl,
apr_pool_t p 
)
int modssl_verify_ocsp ( X509_STORE_CTX *  ctx,
SSLSrvConfigRec sc,
server_rec s,
conn_rec c,
apr_pool_t pool 
)
ssl_asn1_t* ssl_asn1_table_get ( apr_hash_t table,
const char *  key 
)
ssl_asn1_t* ssl_asn1_table_set ( apr_hash_t table,
const char *  key,
EVP_PKEY *  pkey 
)
void ssl_callback_DelSessionCacheEntry ( SSL_CTX *  ,
SSL_SESSION *   
)
SSL_SESSION* ssl_callback_GetSessionCacheEntry ( SSL *  ,
IDCONST unsigned char *  ,
int  ,
int  
)
void ssl_callback_Info ( const SSL *  ,
int  ,
int   
)
int ssl_callback_NewSessionCacheEntry ( SSL *  ,
SSL_SESSION *   
)
int ssl_callback_proxy_cert ( SSL *  ssl,
X509 **  x509,
EVP_PKEY **  pkey 
)
int ssl_callback_SSLVerify ( int  ,
X509_STORE_CTX *   
)
int ssl_callback_SSLVerify_CRL ( int  ,
X509_STORE_CTX *  ,
conn_rec  
)
DH* ssl_callback_TmpDH ( SSL *  ,
int  ,
int   
)

OpenSSL callbacks

const char* ssl_cmd_SSLCACertificateFile ( cmd_parms ,
void ,
const char *   
)
const char* ssl_cmd_SSLCACertificatePath ( cmd_parms ,
void ,
const char *   
)
const char* ssl_cmd_SSLCADNRequestFile ( cmd_parms ,
void ,
const char *   
)
const char* ssl_cmd_SSLCADNRequestPath ( cmd_parms ,
void ,
const char *   
)
const char* ssl_cmd_SSLCARevocationCheck ( cmd_parms ,
void ,
const char *   
)
const char* ssl_cmd_SSLCARevocationFile ( cmd_parms ,
void ,
const char *   
)
const char* ssl_cmd_SSLCARevocationPath ( cmd_parms ,
void ,
const char *   
)
const char* ssl_cmd_SSLCertificateChainFile ( cmd_parms ,
void ,
const char *   
)
const char* ssl_cmd_SSLCertificateFile ( cmd_parms ,
void ,
const char *   
)
const char* ssl_cmd_SSLCertificateKeyFile ( cmd_parms ,
void ,
const char *   
)
const char* ssl_cmd_SSLCipherSuite ( cmd_parms ,
void ,
const char *  ,
const char *   
)
const char* ssl_cmd_SSLCompression ( cmd_parms ,
void ,
int  flag 
)
const char* ssl_cmd_SSLCryptoDevice ( cmd_parms ,
void ,
const char *   
)
const char* ssl_cmd_SSLEngine ( cmd_parms ,
void ,
const char *   
)
const char* ssl_cmd_SSLFIPS ( cmd_parms cmd,
void dcfg,
int  flag 
)
const char* ssl_cmd_SSLHonorCipherOrder ( cmd_parms cmd,
void dcfg,
int  flag 
)
const char* ssl_cmd_SSLInsecureRenegotiation ( cmd_parms cmd,
void dcfg,
int  flag 
)
const char* ssl_cmd_SSLOCSPDefaultResponder ( cmd_parms cmd,
void dcfg,
const char *  arg 
)
const char* ssl_cmd_SSLOCSPEnable ( cmd_parms cmd,
void dcfg,
const char *  arg 
)
const char* ssl_cmd_SSLOCSPNoVerify ( cmd_parms cmd,
void dcfg,
int  flag 
)
const char* ssl_cmd_SSLOCSPOverrideResponder ( cmd_parms cmd,
void dcfg,
int  flag 
)
const char* ssl_cmd_SSLOCSPProxyURL ( cmd_parms cmd,
void dcfg,
const char *  arg 
)
const char* ssl_cmd_SSLOCSPResponderCertificateFile ( cmd_parms cmd,
void dcfg,
const char *  arg 
)
const char* ssl_cmd_SSLOCSPResponderTimeout ( cmd_parms cmd,
void dcfg,
const char *  arg 
)
const char* ssl_cmd_SSLOCSPResponseMaxAge ( cmd_parms cmd,
void dcfg,
const char *  arg 
)
const char* ssl_cmd_SSLOCSPResponseTimeSkew ( cmd_parms cmd,
void dcfg,
const char *  arg 
)
const char* ssl_cmd_SSLOCSPUseRequestNonce ( cmd_parms cmd,
void dcfg,
int  flag 
)
const char* ssl_cmd_SSLOptions ( cmd_parms ,
void ,
const char *   
)
const char* ssl_cmd_SSLPassPhraseDialog ( cmd_parms ,
void ,
const char *   
)
const char* ssl_cmd_SSLPolicyApply ( cmd_parms ,
void ,
const char *   
)
const char* ssl_cmd_SSLProtocol ( cmd_parms ,
void ,
const char *   
)
const char* ssl_cmd_SSLProxyCACertificateFile ( cmd_parms ,
void ,
const char *   
)
const char* ssl_cmd_SSLProxyCACertificatePath ( cmd_parms ,
void ,
const char *   
)
const char* ssl_cmd_SSLProxyCARevocationCheck ( cmd_parms ,
void ,
const char *   
)
const char* ssl_cmd_SSLProxyCARevocationFile ( cmd_parms ,
void ,
const char *   
)
const char* ssl_cmd_SSLProxyCARevocationPath ( cmd_parms ,
void ,
const char *   
)
const char* ssl_cmd_SSLProxyCheckPeerCN ( cmd_parms cmd,
void dcfg,
int  flag 
)
const char* ssl_cmd_SSLProxyCheckPeerExpire ( cmd_parms cmd,
void dcfg,
int  flag 
)
const char* ssl_cmd_SSLProxyCheckPeerName ( cmd_parms cmd,
void dcfg,
int  flag 
)
const char* ssl_cmd_SSLProxyCipherSuite ( cmd_parms ,
void ,
const char *  ,
const char *   
)
const char* ssl_cmd_SSLProxyEngine ( cmd_parms cmd,
void dcfg,
int  flag 
)
const char* ssl_cmd_SSLProxyMachineCertificateChainFile ( cmd_parms ,
void ,
const char *   
)
const char* ssl_cmd_SSLProxyMachineCertificateFile ( cmd_parms ,
void ,
const char *   
)
const char* ssl_cmd_SSLProxyMachineCertificatePath ( cmd_parms ,
void ,
const char *   
)
const char* ssl_cmd_SSLProxyProtocol ( cmd_parms ,
void ,
const char *   
)
const char* ssl_cmd_SSLProxyVerify ( cmd_parms ,
void ,
const char *   
)
const char* ssl_cmd_SSLProxyVerifyDepth ( cmd_parms ,
void ,
const char *   
)
const char* ssl_cmd_SSLRandomSeed ( cmd_parms ,
void ,
const char *  ,
const char *  ,
const char *   
)
const char* ssl_cmd_SSLRenegBufferSize ( cmd_parms cmd,
void dcfg,
const char *  arg 
)
const char* ssl_cmd_SSLRequire ( cmd_parms ,
void ,
const char *   
)
const char* ssl_cmd_SSLRequireSSL ( cmd_parms ,
void  
)
const char* ssl_cmd_SSLSessionCache ( cmd_parms ,
void ,
const char *   
)
const char* ssl_cmd_SSLSessionCacheTimeout ( cmd_parms ,
void ,
const char *   
)
const char* ssl_cmd_SSLSessionTickets ( cmd_parms ,
void ,
int  flag 
)
const char* ssl_cmd_SSLStrictSNIVHostCheck ( cmd_parms cmd,
void dcfg,
int  flag 
)
const char* ssl_cmd_SSLUserName ( cmd_parms ,
void ,
const char *   
)
const char* ssl_cmd_SSLVerifyClient ( cmd_parms ,
void ,
const char *   
)
const char* ssl_cmd_SSLVerifyDepth ( cmd_parms ,
void ,
const char *   
)
void ssl_config_global_fix ( SSLModConfigRec )

configuration handling

BOOL ssl_config_global_isfixed ( SSLModConfigRec )
void* ssl_config_perdir_create ( apr_pool_t ,
char *   
)
void* ssl_config_perdir_merge ( apr_pool_t ,
void ,
void  
)
void ssl_config_proxy_merge ( apr_pool_t ,
SSLDirConfigRec ,
SSLDirConfigRec  
)
void* ssl_config_server_create ( apr_pool_t ,
server_rec  
)
void* ssl_config_server_merge ( apr_pool_t ,
void ,
void  
)
DH* ssl_dh_GetParamFromFile ( const char *  )

Diffie-Hellman Parameter Support

apr_status_t ssl_die ( server_rec )
apr_array_header_t* ssl_ext_list ( apr_pool_t p,
conn_rec c,
int  peer,
const char *  extension 
)
int ssl_hook_Access ( request_rec )
int ssl_hook_Auth ( request_rec )

Apache API hooks

void ssl_hook_ConfigTest ( apr_pool_t pconf,
server_rec s 
)
int ssl_hook_Fixup ( request_rec )
int ssl_hook_ReadReq ( request_rec )
int ssl_hook_Upgrade ( request_rec )
int ssl_hook_UserCheck ( request_rec )
apr_status_t ssl_init_CheckServers ( server_rec ,
apr_pool_t  
)
void ssl_init_Child ( apr_pool_t ,
server_rec  
)
apr_status_t ssl_init_ConfigureServer ( server_rec ,
apr_pool_t ,
apr_pool_t ,
SSLSrvConfigRec ,
apr_array_header_t  
)
apr_status_t ssl_init_Engine ( server_rec ,
apr_pool_t  
)
* ssl_init_FindCAList ( server_rec ,
apr_pool_t ,
const char *  ,
const char *   
)
apr_status_t ssl_init_Module ( apr_pool_t ,
apr_pool_t ,
apr_pool_t ,
server_rec  
)

module initialization

apr_status_t ssl_init_ModuleKill ( void data)
void ssl_init_ocsp_certificates ( server_rec s,
modssl_ctx_t mctx 
)
int ssl_init_ssl_connection ( conn_rec c,
request_rec r 
)
int ssl_io_buffer_fill ( request_rec r,
apr_size_t  maxlen 
)
long ssl_io_data_cb ( BIO *  ,
int  ,
const char *  ,
int  ,
long  ,
long   
)
void ssl_io_filter_init ( conn_rec ,
request_rec r,
SSL *   
)

OCSP Stapling Support I/O

void ssl_io_filter_register ( apr_pool_t )
int ssl_is_challenge ( conn_rec c,
const char *  servername,
X509 **  pcert,
EVP_PKEY **  pkey,
const char **  pcert_file,
const char **  pkey_file 
)
apr_status_t ssl_load_encrypted_pkey ( server_rec ,
apr_pool_t ,
int  ,
const char *  ,
apr_array_header_t **   
)

Pass Phrase Support

void void ssl_log_cxerror ( const char *  file,
int  line,
int  level,
apr_status_t  rv,
conn_rec c,
X509 *  cert,
const char *  format,
  ... 
)
void void void ssl_log_rxerror ( const char *  file,
int  line,
int  level,
apr_status_t  rv,
request_rec r,
X509 *  cert,
const char *  format,
  ... 
)
void ssl_log_ssl_error ( const char *  ,
int  ,
int  ,
server_rec  
)

Logfile Support

void ssl_log_xerror ( const char *  file,
int  line,
int  level,
apr_status_t  rv,
apr_pool_t p,
server_rec s,
X509 *  cert,
const char *  format,
  ... 
)
int ssl_mutex_init ( server_rec ,
apr_pool_t  
)

Mutex Support

int ssl_mutex_off ( server_rec )
int ssl_mutex_on ( server_rec )
int ssl_mutex_reinit ( server_rec ,
apr_pool_t  
)
SSLSrvConfigRec* ssl_policy_lookup ( apr_pool_t pool,
const char *  name 
)
int ssl_proxy_section_post_config ( apr_pool_t p,
apr_pool_t plog,
apr_pool_t ptemp,
server_rec s,
ap_conf_vector_t section_config 
)
void ssl_rand_seed ( server_rec ,
apr_pool_t ,
ssl_rsctx_t  ,
char *   
)

PRNG

apr_status_t ssl_scache_init ( server_rec ,
apr_pool_t  
)

Session Cache Support

void ssl_scache_kill ( server_rec )
void ssl_scache_remove ( server_rec ,
IDCONST UCHAR ,
int  ,
apr_pool_t  
)
SSL_SESSION* ssl_scache_retrieve ( server_rec ,
IDCONST UCHAR ,
int  ,
apr_pool_t  
)
void ssl_scache_status_register ( apr_pool_t p)
BOOL ssl_scache_store ( server_rec ,
IDCONST UCHAR ,
int  ,
apr_time_t  ,
SSL_SESSION *  ,
apr_pool_t  
)
int ssl_stapling_mutex_reinit ( server_rec ,
apr_pool_t  
)
BOOL ssl_util_path_check ( ssl_pathcheck_t  ,
const char *  ,
apr_pool_t  
)
void ssl_util_ppclose ( server_rec ,
apr_pool_t ,
apr_file_t  
)
apr_file_t* ssl_util_ppopen ( server_rec ,
apr_pool_t ,
const char *  ,
const char *const *   
)
char* ssl_util_readfilter ( server_rec ,
apr_pool_t ,
const char *  ,
const char *const *   
)
void ssl_util_thread_id_setup ( apr_pool_t )
void ssl_util_thread_setup ( apr_pool_t )
BOOL ssl_util_vhost_matches ( const char *  servername,
server_rec s 
)
char* ssl_util_vhostid ( apr_pool_t ,
server_rec  
)

Utility Functions

void ssl_var_log_config_register ( apr_pool_t p)
const char* ssl_var_lookup ( apr_pool_t p,
server_rec s,
conn_rec c,
request_rec r,
const char *  name 
)

This hook allows modules to look up SSL related variables for a server/connection/request, depending on what they inquire. Some variables will only be available for a connection/request, for example.

Parameters
pThe pool to allocate a returned value in, MUST be provided
sThe server to inquire a value for, maybe NULL
cThe current connection, maybe NULL
rThe current request, maybe NULL
nameThe name of the variable to retrieve, MUST be provided
Returns
value or the variable or NULL if not provided/available
void ssl_var_register ( apr_pool_t p)

Variables

Variable Documentation

const char AP_FN_ATTR_WARN_UNUSED_RESULT
const authz_provider ssl_authz_provider_require_ssl

Apache authz provisders

const authz_provider ssl_authz_provider_verify_client

function prototypesAPI glue structures