Utilities
Collaboration diagram for Utilities:
Macros | |
| #define | SSL_MOD_POLICIES_KEY "ssl_module_policies" |
| #define | SSL_PROTOCOL_CONSTANTS_SSLV3 SSL_PROTOCOL_SSLV3 |
| #define | SSL_POLICY_HONOR_ORDER 1 |
| #define | SSL_POLICY_COMPRESSION 0 |
| #define | SSL_POLICY_SESSION_TICKETS 0 |
| #define | SSL_POLICY_MOZILLA_VERSION 4.0 |
| #define | SSL_POLICY_MODERN 0 |
| #define | SSL_POLICY_INTERMEDIATE 1 |
| #define | SSL_POLICY_INTERMEDIATE_SSL_CIPHERS "ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS" |
| #define | SSL_POLICY_INTERMEDIATE_TLS13_CIPHERS NULL |
| #define | SSL_POLICY_INTERMEDIATE_PROTOCOLS (SSL_PROTOCOL_ALL & ~(SSL_PROTOCOL_TLSV1_3|SSL_PROTOCOL_CONSTANTS_SSLV3)) |
| #define | SSL_POLICY_OLD 1 |
| #define | SSL_POLICY_OLD_SSL_CIPHERS "ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:DES-CBC3-SHA:HIGH:SEED:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!RSAPSK:!aDH:!aECDH:!EDH-DSS-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:!SRP" |
| #define | SSL_POLICY_OLD_TLS13_CIPHERS NULL |
| #define | SSL_POLICY_OLD_PROTOCOLS (SSL_PROTOCOL_ALL & ~(SSL_PROTOCOL_TLSV1_3)) |
| #define | MODSSL_LIBRARY_VERSION OPENSSL_VERSION_NUMBER |
| #define | MODSSL_LIBRARY_NAME "OpenSSL" |
| #define | MODSSL_LIBRARY_TEXT OPENSSL_VERSION_TEXT |
| #define | MODSSL_LIBRARY_DYNTEXT OpenSSL_version(OPENSSL_VERSION) |
| #define | MODSSL_SESSION_MAX_DER 1024*10 |
| #define | MODSSL_SESSION_ID_STRING_LEN ((SSL_MAX_SSL_SESSION_ID_LENGTH + 1) * 2) |
Functions | |
| void | modssl_init_app_data2_idx (void) |
| void * | modssl_get_app_data2 (SSL *) |
| void | modssl_set_app_data2 (SSL *, void *) |
| EVP_PKEY * | modssl_read_privatekey (const char *filename, pem_password_cb *cb, void *ud) |
| int | modssl_smart_shutdown (SSL *ssl) |
| BOOL | modssl_X509_getBC (X509 *, int *, int *) |
| char * | modssl_X509_NAME_ENTRY_to_string (apr_pool_t *p, X509_NAME_ENTRY *xsne, int raw) |
| char * | modssl_X509_NAME_to_string (apr_pool_t *, X509_NAME *, int) |
| BOOL | modssl_X509_getSAN (apr_pool_t *, X509 *, int, const char *, int, apr_array_header_t **) |
| BOOL | modssl_X509_match_name (apr_pool_t *, X509 *, const char *, BOOL, server_rec *) |
| char * | modssl_SSL_SESSION_id2sz (IDCONST unsigned char *, int, char *, int) |
| char * | modssl_bio_free_read (apr_pool_t *p, BIO *bio) |
| apr_status_t | modssl_read_cert (apr_pool_t *p, const char *cert_pem, const char *key_pem, pem_password_cb *cb, void *ud, X509 **pcert, EVP_PKEY **pkey) |
| apr_status_t | modssl_cert_get_pem (apr_pool_t *p, X509 *cert1, X509 *cert2, const char **ppem) |
Detailed Description
Macro Definition Documentation
◆ MODSSL_LIBRARY_DYNTEXT
| #define MODSSL_LIBRARY_DYNTEXT OpenSSL_version(OPENSSL_VERSION) |
◆ MODSSL_LIBRARY_NAME
| #define MODSSL_LIBRARY_NAME "OpenSSL" |
◆ MODSSL_LIBRARY_TEXT
| #define MODSSL_LIBRARY_TEXT OPENSSL_VERSION_TEXT |
◆ MODSSL_LIBRARY_VERSION
| #define MODSSL_LIBRARY_VERSION OPENSSL_VERSION_NUMBER |
SSL library version number
◆ MODSSL_SESSION_ID_STRING_LEN
| #define MODSSL_SESSION_ID_STRING_LEN ((SSL_MAX_SSL_SESSION_ID_LENGTH + 1) * 2) |
max length for modssl_SSL_SESSION_id2sz
◆ MODSSL_SESSION_MAX_DER
| #define MODSSL_SESSION_MAX_DER 1024*10 |
Maximum length of a DER encoded session. FIXME: There is no define in OpenSSL, but OpenSSL uses 1024*10, so this value should be ok. Although we have no warm feeling.
◆ SSL_MOD_POLICIES_KEY
| #define SSL_MOD_POLICIES_KEY "ssl_module_policies" |
◆ SSL_POLICY_COMPRESSION
| #define SSL_POLICY_COMPRESSION 0 |
◆ SSL_POLICY_HONOR_ORDER
| #define SSL_POLICY_HONOR_ORDER 1 |
◆ SSL_POLICY_INTERMEDIATE
| #define SSL_POLICY_INTERMEDIATE 1 |
◆ SSL_POLICY_INTERMEDIATE_PROTOCOLS
| #define SSL_POLICY_INTERMEDIATE_PROTOCOLS (SSL_PROTOCOL_ALL & ~(SSL_PROTOCOL_TLSV1_3|SSL_PROTOCOL_CONSTANTS_SSLV3)) |
◆ SSL_POLICY_INTERMEDIATE_SSL_CIPHERS
| #define SSL_POLICY_INTERMEDIATE_SSL_CIPHERS "ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS" |
◆ SSL_POLICY_INTERMEDIATE_TLS13_CIPHERS
| #define SSL_POLICY_INTERMEDIATE_TLS13_CIPHERS NULL |
◆ SSL_POLICY_MODERN
| #define SSL_POLICY_MODERN 0 |
◆ SSL_POLICY_MOZILLA_VERSION
| #define SSL_POLICY_MOZILLA_VERSION 4.0 |
Define a core set of policies that are always there:
- 'modern' from https://wiki.mozilla.org/Security/Server_Side_TLS
- 'intermediate' from https://wiki.mozilla.org/Security/Server_Side_TLS
- 'old' from https://wiki.mozilla.org/Security/Server_Side_TLS The JSON version can be retrieved here: https://statics.tls.security.mozilla.org/server-side-tls-conf.json
◆ SSL_POLICY_OLD
| #define SSL_POLICY_OLD 1 |
◆ SSL_POLICY_OLD_PROTOCOLS
| #define SSL_POLICY_OLD_PROTOCOLS (SSL_PROTOCOL_ALL & ~(SSL_PROTOCOL_TLSV1_3)) |
◆ SSL_POLICY_OLD_SSL_CIPHERS
| #define SSL_POLICY_OLD_SSL_CIPHERS "ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:DES-CBC3-SHA:HIGH:SEED:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!RSAPSK:!aDH:!aECDH:!EDH-DSS-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:!SRP" |
◆ SSL_POLICY_OLD_TLS13_CIPHERS
| #define SSL_POLICY_OLD_TLS13_CIPHERS NULL |
◆ SSL_POLICY_SESSION_TICKETS
| #define SSL_POLICY_SESSION_TICKETS 0 |
◆ SSL_PROTOCOL_CONSTANTS_SSLV3
| #define SSL_PROTOCOL_CONSTANTS_SSLV3 SSL_PROTOCOL_SSLV3 |
Function Documentation
◆ modssl_bio_free_read()
| char* modssl_bio_free_read | ( | apr_pool_t * | p, |
| BIO * | bio | ||
| ) |
◆ modssl_cert_get_pem()
| apr_status_t modssl_cert_get_pem | ( | apr_pool_t * | p, |
| X509 * | cert1, | ||
| X509 * | cert2, | ||
| const char ** | ppem | ||
| ) |
◆ modssl_get_app_data2()
| void* modssl_get_app_data2 | ( | SSL * | ) |
◆ modssl_init_app_data2_idx()
| void modssl_init_app_data2_idx | ( | void | ) |
Additional Functions
◆ modssl_read_cert()
| apr_status_t modssl_read_cert | ( | apr_pool_t * | p, |
| const char * | cert_pem, | ||
| const char * | key_pem, | ||
| pem_password_cb * | cb, | ||
| void * | ud, | ||
| X509 ** | pcert, | ||
| EVP_PKEY ** | pkey | ||
| ) |
◆ modssl_read_privatekey()
| EVP_PKEY* modssl_read_privatekey | ( | const char * | filename, |
| pem_password_cb * | cb, | ||
| void * | ud | ||
| ) |
◆ modssl_set_app_data2()
| void modssl_set_app_data2 | ( | SSL * | , |
| void * | |||
| ) |
◆ modssl_smart_shutdown()
| int modssl_smart_shutdown | ( | SSL * | ssl | ) |
◆ modssl_SSL_SESSION_id2sz()
◆ modssl_X509_getBC()
◆ modssl_X509_getSAN()
| BOOL modssl_X509_getSAN | ( | apr_pool_t * | , |
| X509 * | , | ||
| int | , | ||
| const char * | , | ||
| int | , | ||
| apr_array_header_t ** | |||
| ) |
◆ modssl_X509_match_name()
| BOOL modssl_X509_match_name | ( | apr_pool_t * | , |
| X509 * | , | ||
| const char * | , | ||
| BOOL | , | ||
| server_rec * | |||
| ) |
◆ modssl_X509_NAME_ENTRY_to_string()
| char* modssl_X509_NAME_ENTRY_to_string | ( | apr_pool_t * | p, |
| X509_NAME_ENTRY * | xsne, | ||
| int | raw | ||
| ) |
◆ modssl_X509_NAME_to_string()
| char* modssl_X509_NAME_to_string | ( | apr_pool_t * | , |
| X509_NAME * | , | ||
| int | |||
| ) |
