Apache2
 All Data Structures Namespaces Files Functions Variables Typedefs Enumerations Enumerator Macros Groups Pages
ssl_private.h File Reference

Internal interfaces private to mod_ssl. More...

#include "httpd.h"
#include "http_config.h"
#include "http_core.h"
#include "http_log.h"
#include "http_main.h"
#include "http_connection.h"
#include "http_request.h"
#include "http_protocol.h"
#include "http_vhost.h"
#include "util_script.h"
#include "util_filter.h"
#include "util_ebcdic.h"
#include "util_mutex.h"
#include "apr.h"
#include "apr_strings.h"
#include "apr_want.h"
#include "apr_tables.h"
#include "apr_lib.h"
#include "apr_fnmatch.h"
#include "apr_global_mutex.h"
#include "apr_optional.h"
#include "ap_socache.h"
#include "mod_auth.h"
#include "ap_expr.h"
#include <openssl/opensslv.h>
#include <openssl/ssl.h>
#include <openssl/err.h>
#include <openssl/x509.h>
#include <openssl/pem.h>
#include <openssl/crypto.h>
#include <openssl/evp.h>
#include <openssl/rand.h>
#include <openssl/x509v3.h>
#include <openssl/x509_vfy.h>
#include <openssl/ocsp.h>
#include "ssl_util_ssl.h"
#include <limits.h>
Include dependency graph for ssl_private.h:

Go to the source code of this file.

Data Structures

struct  ssl_require_t
 
struct  ssl_randseed_t
 
struct  ssl_asn1_t
 
struct  SSLConnRec
 
struct  SSLModConfigRec
 
struct  modssl_pk_server_t
 
struct  modssl_pk_proxy_t
 
struct  modssl_auth_ctx_t
 
struct  modssl_ctx_t
 
struct  SSLSrvConfigRec
 
struct  SSLDirConfigRec
 
struct  SSLPolicyRec
 

Macros

#define APR_WANT_STRFUNC
 
#define APR_WANT_MEMFUNC
 
#define FALSE   0
 
#define TRUE   !FALSE
 
#define BOOL   unsigned int
 
#define MODSSL_SSL_CIPHER_CONST
 
#define MODSSL_SSL_METHOD_CONST
 
#define MODSSL_USE_OPENSSL_PRE_1_1_API   (OPENSSL_VERSION_NUMBER < 0x10100000L)
 
#define IDCONST
 
#define BN_get_rfc2409_prime_768   get_rfc2409_prime_768
 
#define BN_get_rfc2409_prime_1024   get_rfc2409_prime_1024
 
#define BN_get_rfc3526_prime_1536   get_rfc3526_prime_1536
 
#define BN_get_rfc3526_prime_2048   get_rfc3526_prime_2048
 
#define BN_get_rfc3526_prime_3072   get_rfc3526_prime_3072
 
#define BN_get_rfc3526_prime_4096   get_rfc3526_prime_4096
 
#define BN_get_rfc3526_prime_6144   get_rfc3526_prime_6144
 
#define BN_get_rfc3526_prime_8192   get_rfc3526_prime_8192
 
#define BIO_set_init(x, v)   (x->init=v)
 
#define BIO_get_data(x)   (x->ptr)
 
#define BIO_set_data(x, v)   (x->ptr=v)
 
#define BIO_get_shutdown(x)   (x->shutdown)
 
#define BIO_set_shutdown(x, v)   (x->shutdown=v)
 
#define DH_bits(x)   (BN_num_bits(x->p))
 
#define X509_STORE_CTX_get0_store(x)   (x->ctx)
 
#define X509_STORE_CTX_get0_current_issuer(x)   (x->current_issuer)
 
#define UNSET   (-1)
 
#define NUL   '\0'
 
#define RAND_MAX   INT_MAX
 
#define UCHAR   unsigned char
 
#define strEQ(s1, s2)   (strcmp(s1,s2) == 0)
 
#define strNE(s1, s2)   (strcmp(s1,s2) != 0)
 
#define strEQn(s1, s2, n)   (strncmp(s1,s2,n) == 0)
 
#define strNEn(s1, s2, n)   (strncmp(s1,s2,n) != 0)
 
#define strcEQ(s1, s2)   (strcasecmp(s1,s2) == 0)
 
#define strcNE(s1, s2)   (strcasecmp(s1,s2) != 0)
 
#define strcEQn(s1, s2, n)   (strncasecmp(s1,s2,n) == 0)
 
#define strcNEn(s1, s2, n)   (strncasecmp(s1,s2,n) != 0)
 
#define strIsEmpty(s)   (s == NULL || s[0] == NUL)
 
#define myConnConfig(c)   ((SSLConnRec *)ap_get_module_config(c->conn_config, &ssl_module))
 
#define myConnConfigSet(c, val)   ap_set_module_config(c->conn_config, &ssl_module, val)
 
#define mySrvConfig(srv)   ((SSLSrvConfigRec *)ap_get_module_config(srv->module_config, &ssl_module))
 
#define myDirConfig(req)   ((SSLDirConfigRec *)ap_get_module_config(req->per_dir_config, &ssl_module))
 
#define myCtxConfig(sslconn, sc)   (sslconn->is_proxy ? sslconn->dc->proxy : sc->server)
 
#define myModConfig(srv)   mySrvConfig((srv))->mc
 
#define mySrvFromConn(c)   myConnConfig(c)->server
 
#define myDirConfigFromConn(c)   myConnConfig(c)->dc
 
#define mySrvConfigFromConn(c)   mySrvConfig(mySrvFromConn(c))
 
#define myModConfigFromConn(c)   myModConfig(mySrvFromConn(c))
 
#define SSL_SESSION_CACHE_TIMEOUT   300
 
#define DEFAULT_RENEG_BUFFER_SIZE   (128 * 1024)
 
#define DEFAULT_OCSP_MAX_SKEW   (60 * 5)
 
#define DEFAULT_OCSP_TIMEOUT   10
 
#define SSL_OPT_NONE   (0)
 
#define SSL_OPT_RELSET   (1<<0)
 
#define SSL_OPT_STDENVVARS   (1<<1)
 
#define SSL_OPT_EXPORTCERTDATA   (1<<3)
 
#define SSL_OPT_FAKEBASICAUTH   (1<<4)
 
#define SSL_OPT_STRICTREQUIRE   (1<<5)
 
#define SSL_OPT_OPTRENEGOTIATE   (1<<6)
 
#define SSL_OPT_LEGACYDNFORMAT   (1<<7)
 
#define SSL_PROTOCOL_NONE   (0)
 
#define SSL_PROTOCOL_SSLV3   (1<<1)
 
#define SSL_PROTOCOL_TLSV1   (1<<2)
 
#define SSL_PROTOCOL_BASIC   (SSL_PROTOCOL_SSLV3|SSL_PROTOCOL_TLSV1)
 
#define SSL_PROTOCOL_ALL   (SSL_PROTOCOL_BASIC)
 
#define SSL_PROTOCOL_DEFAULT   (SSL_PROTOCOL_ALL & ~SSL_PROTOCOL_SSLV3)
 
#define SSL_VERIFY_PEER_STRICT   (SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT)
 
#define ssl_verify_error_is_optional(errnum)
 
#define SSL_CRLCHECK_FLAGS   (~0x3)
 
#define SSL_PCM_EXISTS   1
 
#define SSL_PCM_ISREG   2
 
#define SSL_PCM_ISDIR   4
 
#define SSL_PCM_ISNONZERO   8
 
#define SSL_CACHE_MUTEX_TYPE   "ssl-cache"
 
#define SSL_STAPLING_CACHE_MUTEX_TYPE   "ssl-stapling"
 
#define SSL_STAPLING_REFRESH_MUTEX_TYPE   "ssl-stapling-refresh"
 
#define SSLLOG_MARK   __FILE__,__LINE__
 

Typedefs

typedef int ssl_opt_t
 
typedef int ssl_proto_t
 
typedef unsigned int ssl_pathcheck_t
 
typedef struct SSLSrvConfigRec SSLSrvConfigRec
 
typedef struct SSLDirConfigRec SSLDirConfigRec
 
typedef struct SSLPolicyRec SSLPolicyRec
 

Enumerations

enum  ssl_verify_t {
  SSL_CVERIFY_UNSET = UNSET, SSL_CVERIFY_NONE = 0, SSL_CVERIFY_OPTIONAL = 1, SSL_CVERIFY_REQUIRE = 2,
  SSL_CVERIFY_OPTIONAL_NO_CA = 3
}
 
enum  ssl_crlcheck_t { SSL_CRLCHECK_NONE = (0), SSL_CRLCHECK_LEAF = (1 << 0), SSL_CRLCHECK_CHAIN = (1 << 1), SSL_CRLCHECK_NO_CRL_FOR_CERT_OK = (1 << 2) }
 
enum  ssl_ocspcheck_t { SSL_OCSPCHECK_NONE = (0), SSL_OCSPCHECK_LEAF = (1 << 0), SSL_OCSPCHECK_CHAIN = (1 << 1), SSL_OCSPCHECK_NO_OCSP_FOR_CERT_OK = (1 << 2) }
 
enum  ssl_pphrase_t { SSL_PPTYPE_UNSET = UNSET, SSL_PPTYPE_BUILTIN = 0, SSL_PPTYPE_FILTER = 1, SSL_PPTYPE_PIPE = 2 }
 
enum  ssl_enabled_t { SSL_ENABLED_UNSET = UNSET, SSL_ENABLED_FALSE = 0, SSL_ENABLED_TRUE = 1, SSL_ENABLED_OPTIONAL = 3 }
 
enum  ssl_rsctx_t { SSL_RSCTX_STARTUP = 1, SSL_RSCTX_CONNECT = 2 }
 
enum  ssl_rssrc_t { SSL_RSSRC_BUILTIN = 1, SSL_RSSRC_FILE = 2, SSL_RSSRC_EXEC = 3, SSL_RSSRC_EGD = 4 }
 
enum  ssl_shutdown_type_e { SSL_SHUTDOWN_TYPE_UNSET, SSL_SHUTDOWN_TYPE_STANDARD, SSL_SHUTDOWN_TYPE_UNCLEAN, SSL_SHUTDOWN_TYPE_ACCURATE }
 

Functions

 APLOG_USE_MODULE (ssl)
 
SSLPolicyRecssl_policy_lookup (apr_pool_t *pool, const char *name)
 
SSLModConfigRecssl_config_global_create (server_rec *)
 
void ssl_config_global_fix (SSLModConfigRec *)
 
BOOL ssl_config_global_isfixed (SSLModConfigRec *)
 
voidssl_config_server_create (apr_pool_t *, server_rec *)
 
voidssl_config_server_merge (apr_pool_t *, void *, void *)
 
voidssl_config_perdir_create (apr_pool_t *, char *)
 
voidssl_config_perdir_merge (apr_pool_t *, void *, void *)
 
void ssl_config_proxy_merge (apr_pool_t *, SSLDirConfigRec *, SSLDirConfigRec *)
 
const char * ssl_cmd_SSLPolicyApply (cmd_parms *, void *, const char *)
 
const char * ssl_cmd_SSLPassPhraseDialog (cmd_parms *, void *, const char *)
 
const char * ssl_cmd_SSLCryptoDevice (cmd_parms *, void *, const char *)
 
const char * ssl_cmd_SSLRandomSeed (cmd_parms *, void *, const char *, const char *, const char *)
 
const char * ssl_cmd_SSLEngine (cmd_parms *, void *, const char *)
 
const char * ssl_cmd_SSLCipherSuite (cmd_parms *, void *, const char *, const char *)
 
const char * ssl_cmd_SSLCertificateFile (cmd_parms *, void *, const char *)
 
const char * ssl_cmd_SSLCertificateKeyFile (cmd_parms *, void *, const char *)
 
const char * ssl_cmd_SSLCertificateChainFile (cmd_parms *, void *, const char *)
 
const char * ssl_cmd_SSLCACertificatePath (cmd_parms *, void *, const char *)
 
const char * ssl_cmd_SSLCACertificateFile (cmd_parms *, void *, const char *)
 
const char * ssl_cmd_SSLCADNRequestPath (cmd_parms *, void *, const char *)
 
const char * ssl_cmd_SSLCADNRequestFile (cmd_parms *, void *, const char *)
 
const char * ssl_cmd_SSLCARevocationPath (cmd_parms *, void *, const char *)
 
const char * ssl_cmd_SSLCARevocationFile (cmd_parms *, void *, const char *)
 
const char * ssl_cmd_SSLCARevocationCheck (cmd_parms *, void *, const char *)
 
const char * ssl_cmd_SSLHonorCipherOrder (cmd_parms *cmd, void *dcfg, int flag)
 
const char * ssl_cmd_SSLCompression (cmd_parms *, void *, int flag)
 
const char * ssl_cmd_SSLSessionTickets (cmd_parms *, void *, int flag)
 
const char * ssl_cmd_SSLVerifyClient (cmd_parms *, void *, const char *)
 
const char * ssl_cmd_SSLVerifyDepth (cmd_parms *, void *, const char *)
 
const char * ssl_cmd_SSLSessionCache (cmd_parms *, void *, const char *)
 
const char * ssl_cmd_SSLSessionCacheTimeout (cmd_parms *, void *, const char *)
 
const char * ssl_cmd_SSLProtocol (cmd_parms *, void *, const char *)
 
const char * ssl_cmd_SSLOptions (cmd_parms *, void *, const char *)
 
const char * ssl_cmd_SSLRequireSSL (cmd_parms *, void *)
 
const char * ssl_cmd_SSLRequire (cmd_parms *, void *, const char *)
 
const char * ssl_cmd_SSLUserName (cmd_parms *, void *, const char *)
 
const char * ssl_cmd_SSLRenegBufferSize (cmd_parms *cmd, void *dcfg, const char *arg)
 
const char * ssl_cmd_SSLStrictSNIVHostCheck (cmd_parms *cmd, void *dcfg, int flag)
 
const char * ssl_cmd_SSLInsecureRenegotiation (cmd_parms *cmd, void *dcfg, int flag)
 
const char * ssl_cmd_SSLProxyEngine (cmd_parms *cmd, void *dcfg, int flag)
 
const char * ssl_cmd_SSLProxyProtocol (cmd_parms *, void *, const char *)
 
const char * ssl_cmd_SSLProxyCipherSuite (cmd_parms *, void *, const char *, const char *)
 
const char * ssl_cmd_SSLProxyVerify (cmd_parms *, void *, const char *)
 
const char * ssl_cmd_SSLProxyVerifyDepth (cmd_parms *, void *, const char *)
 
const char * ssl_cmd_SSLProxyCACertificatePath (cmd_parms *, void *, const char *)
 
const char * ssl_cmd_SSLProxyCACertificateFile (cmd_parms *, void *, const char *)
 
const char * ssl_cmd_SSLProxyCARevocationPath (cmd_parms *, void *, const char *)
 
const char * ssl_cmd_SSLProxyCARevocationFile (cmd_parms *, void *, const char *)
 
const char * ssl_cmd_SSLProxyCARevocationCheck (cmd_parms *, void *, const char *)
 
const char * ssl_cmd_SSLProxyMachineCertificatePath (cmd_parms *, void *, const char *)
 
const char * ssl_cmd_SSLProxyMachineCertificateFile (cmd_parms *, void *, const char *)
 
const char * ssl_cmd_SSLProxyMachineCertificateChainFile (cmd_parms *, void *, const char *)
 
const char * ssl_cmd_SSLProxyCheckPeerExpire (cmd_parms *cmd, void *dcfg, int flag)
 
const char * ssl_cmd_SSLProxyCheckPeerCN (cmd_parms *cmd, void *dcfg, int flag)
 
const char * ssl_cmd_SSLProxyCheckPeerName (cmd_parms *cmd, void *dcfg, int flag)
 
const char * ssl_cmd_SSLOCSPOverrideResponder (cmd_parms *cmd, void *dcfg, int flag)
 
const char * ssl_cmd_SSLOCSPDefaultResponder (cmd_parms *cmd, void *dcfg, const char *arg)
 
const char * ssl_cmd_SSLOCSPResponseTimeSkew (cmd_parms *cmd, void *dcfg, const char *arg)
 
const char * ssl_cmd_SSLOCSPResponseMaxAge (cmd_parms *cmd, void *dcfg, const char *arg)
 
const char * ssl_cmd_SSLOCSPResponderTimeout (cmd_parms *cmd, void *dcfg, const char *arg)
 
const char * ssl_cmd_SSLOCSPUseRequestNonce (cmd_parms *cmd, void *dcfg, int flag)
 
const char * ssl_cmd_SSLOCSPEnable (cmd_parms *cmd, void *dcfg, const char *arg)
 
const char * ssl_cmd_SSLOCSPProxyURL (cmd_parms *cmd, void *dcfg, const char *arg)
 
const char * ssl_cmd_SSLOCSPNoVerify (cmd_parms *cmd, void *dcfg, int flag)
 
const char * ssl_cmd_SSLOCSPResponderCertificateFile (cmd_parms *cmd, void *dcfg, const char *arg)
 
const char * ssl_cmd_SSLFIPS (cmd_parms *cmd, void *dcfg, int flag)
 
apr_status_t ssl_init_Module (apr_pool_t *, apr_pool_t *, apr_pool_t *, server_rec *)
 
apr_status_t ssl_init_Engine (server_rec *, apr_pool_t *)
 
apr_status_t ssl_init_ConfigureServer (server_rec *, apr_pool_t *, apr_pool_t *, SSLSrvConfigRec *, apr_array_header_t *)
 
apr_status_t ssl_init_CheckServers (server_rec *, apr_pool_t *)
 
int ssl_proxy_section_post_config (apr_pool_t *p, apr_pool_t *plog, apr_pool_t *ptemp, server_rec *s, ap_conf_vector_t *section_config)
 
ssl_init_FindCAList (server_rec *, apr_pool_t *, const char *, const char *)
 
void ssl_init_Child (apr_pool_t *, server_rec *)
 
apr_status_t ssl_init_ModuleKill (void *data)
 
int ssl_hook_Auth (request_rec *)
 
int ssl_hook_UserCheck (request_rec *)
 
int ssl_hook_Access (request_rec *)
 
int ssl_hook_Fixup (request_rec *)
 
int ssl_hook_ReadReq (request_rec *)
 
int ssl_hook_Upgrade (request_rec *)
 
void ssl_hook_ConfigTest (apr_pool_t *pconf, server_rec *s)
 
DH * ssl_callback_TmpDH (SSL *, int, int)
 
int ssl_callback_SSLVerify (int, X509_STORE_CTX *)
 
int ssl_callback_SSLVerify_CRL (int, X509_STORE_CTX *, conn_rec *)
 
int ssl_callback_proxy_cert (SSL *ssl, X509 **x509, EVP_PKEY **pkey)
 
int ssl_callback_NewSessionCacheEntry (SSL *, SSL_SESSION *)
 
SSL_SESSION * ssl_callback_GetSessionCacheEntry (SSL *, IDCONST unsigned char *, int, int *)
 
void ssl_callback_DelSessionCacheEntry (SSL_CTX *, SSL_SESSION *)
 
void ssl_callback_Info (const SSL *, int, int)
 
apr_status_t ssl_scache_init (server_rec *, apr_pool_t *)
 
void ssl_scache_status_register (apr_pool_t *p)
 
void ssl_scache_kill (server_rec *)
 
BOOL ssl_scache_store (server_rec *, IDCONST UCHAR *, int, apr_time_t, SSL_SESSION *, apr_pool_t *)
 
SSL_SESSION * ssl_scache_retrieve (server_rec *, IDCONST UCHAR *, int, apr_pool_t *)
 
void ssl_scache_remove (server_rec *, IDCONST UCHAR *, int, apr_pool_t *)
 
void ssl_io_filter_init (conn_rec *, request_rec *r, SSL *)
 
void ssl_io_filter_register (apr_pool_t *)
 
long ssl_io_data_cb (BIO *, int, const char *, int, long, long)
 
int ssl_io_buffer_fill (request_rec *r, apr_size_t maxlen)
 
int ssl_rand_seed (server_rec *, apr_pool_t *, ssl_rsctx_t, char *)
 
char * ssl_util_vhostid (apr_pool_t *, server_rec *)
 
apr_file_tssl_util_ppopen (server_rec *, apr_pool_t *, const char *, const char *const *)
 
void ssl_util_ppclose (server_rec *, apr_pool_t *, apr_file_t *)
 
char * ssl_util_readfilter (server_rec *, apr_pool_t *, const char *, const char *const *)
 
BOOL ssl_util_path_check (ssl_pathcheck_t, const char *, apr_pool_t *)
 
void ssl_util_thread_setup (apr_pool_t *)
 
void ssl_util_thread_id_setup (apr_pool_t *)
 
int ssl_init_ssl_connection (conn_rec *c, request_rec *r)
 
BOOL ssl_util_vhost_matches (const char *servername, server_rec *s)
 
apr_status_t ssl_load_encrypted_pkey (server_rec *, apr_pool_t *, int, const char *, apr_array_header_t **)
 
DH * ssl_dh_GetParamFromFile (const char *)
 
unsigned char * ssl_asn1_table_set (apr_hash_t *table, const char *key, long int length)
 
ssl_asn1_tssl_asn1_table_get (apr_hash_t *table, const char *key)
 
void ssl_asn1_table_unset (apr_hash_t *table, const char *key)
 
int ssl_mutex_init (server_rec *, apr_pool_t *)
 
int ssl_mutex_reinit (server_rec *, apr_pool_t *)
 
int ssl_mutex_on (server_rec *)
 
int ssl_mutex_off (server_rec *)
 
int ssl_stapling_mutex_reinit (server_rec *, apr_pool_t *)
 
apr_status_t ssl_die (server_rec *)
 
void ssl_log_ssl_error (const char *, int, int, server_rec *)
 
void ssl_log_xerror (const char *file, int line, int level, apr_status_t rv, apr_pool_t *p, server_rec *s, X509 *cert, const char *format,...) __attribute__((format(printf
 
void void ssl_log_cxerror (const char *file, int line, int level, apr_status_t rv, conn_rec *c, X509 *cert, const char *format,...) __attribute__((format(printf
 
void void void ssl_log_rxerror (const char *file, int line, int level, apr_status_t rv, request_rec *r, X509 *cert, const char *format,...) __attribute__((format(printf
 
void ssl_var_register (apr_pool_t *p)
 
char * ssl_var_lookup (apr_pool_t *, server_rec *, conn_rec *, request_rec *, char *)
 
apr_array_header_tssl_ext_list (apr_pool_t *p, conn_rec *c, int peer, const char *extension)
 
void ssl_var_log_config_register (apr_pool_t *p)
 
void modssl_var_extract_dns (apr_table_t *t, SSL *ssl, apr_pool_t *p)
 
void modssl_var_extract_san_entries (apr_table_t *t, SSL *ssl, apr_pool_t *p)
 
int modssl_verify_ocsp (X509_STORE_CTX *ctx, SSLSrvConfigRec *sc, server_rec *s, conn_rec *c, apr_pool_t *pool)
 
OCSP_RESPONSE * modssl_dispatch_ocsp_request (const apr_uri_t *uri, apr_interval_time_t timeout, OCSP_REQUEST *request, conn_rec *c, apr_pool_t *p)
 
void ssl_init_ocsp_certificates (server_rec *s, modssl_ctx_t *mctx)
 
DH * modssl_get_dh_params (unsigned keylen)
 
int modssl_request_is_tls (const request_rec *r, SSLConnRec **sslconn)
 
int ssl_is_challenge (conn_rec *c, const char *servername, X509 **pcert, EVP_PKEY **pkey)
 

Variables

module AP_MODULE_DECLARE_DATA ssl_module
 
const authz_provider ssl_authz_provider_require_ssl
 
const authz_provider ssl_authz_provider_verify_client
 

Detailed Description

Internal interfaces private to mod_ssl.

Macro Definition Documentation

#define SSL_CRLCHECK_FLAGS   (~0x3)