00001
00002
00003
00004
00005
00006
00007
00008
00009
00010
00011
00012
00013
00014
00015
00016
00017 #ifndef SSL_PRIVATE_H
00018 #define SSL_PRIVATE_H
00019
00030 #include "httpd.h"
00031 #include "http_config.h"
00032 #include "http_core.h"
00033 #include "http_log.h"
00034 #include "http_main.h"
00035 #include "http_connection.h"
00036 #include "http_request.h"
00037 #include "http_protocol.h"
00038 #include "util_script.h"
00039 #include "util_filter.h"
00040 #include "util_ebcdic.h"
00041 #include "mpm.h"
00042 #include "apr.h"
00043 #include "apr_strings.h"
00044 #define APR_WANT_STRFUNC
00045 #include "apr_want.h"
00046 #include "apr_tables.h"
00047 #include "apr_lib.h"
00048 #include "apr_fnmatch.h"
00049 #include "apr_strings.h"
00050 #include "apr_dbm.h"
00051 #include "apr_rmm.h"
00052 #include "apr_shm.h"
00053 #include "apr_global_mutex.h"
00054 #include "apr_optional.h"
00055
00056 #define MOD_SSL_VERSION AP_SERVER_BASEREVISION
00057
00059 #include "ssl_toolkit_compat.h"
00060 #include "ssl_expr.h"
00061 #include "ssl_util_ssl.h"
00062
00066 #if APR_HAVE_SYS_TIME_H
00067 #include <sys/time.h>
00068 #endif
00069 #if APR_HAVE_UNISTD_H
00070 #include <unistd.h>
00071 #endif
00072
00076 #ifndef FALSE
00077 #define FALSE (0)
00078 #endif
00079 #ifndef TRUE
00080 #define TRUE (!FALSE)
00081 #endif
00082 #ifndef PFALSE
00083 #define PFALSE ((void *)FALSE)
00084 #endif
00085 #ifndef PTRUE
00086 #define PTRUE ((void *)TRUE)
00087 #endif
00088 #ifndef UNSET
00089 #define UNSET (-1)
00090 #endif
00091 #ifndef NUL
00092 #define NUL '\0'
00093 #endif
00094 #ifndef RAND_MAX
00095 #include <limits.h>
00096 #define RAND_MAX INT_MAX
00097 #endif
00098
00102 #ifndef BOOL
00103 #define BOOL unsigned int
00104 #endif
00105 #ifndef UCHAR
00106 #define UCHAR unsigned char
00107 #endif
00108
00112 #define strEQ(s1,s2) (strcmp(s1,s2) == 0)
00113 #define strNE(s1,s2) (strcmp(s1,s2) != 0)
00114 #define strEQn(s1,s2,n) (strncmp(s1,s2,n) == 0)
00115 #define strNEn(s1,s2,n) (strncmp(s1,s2,n) != 0)
00116
00117 #define strcEQ(s1,s2) (strcasecmp(s1,s2) == 0)
00118 #define strcNE(s1,s2) (strcasecmp(s1,s2) != 0)
00119 #define strcEQn(s1,s2,n) (strncasecmp(s1,s2,n) == 0)
00120 #define strcNEn(s1,s2,n) (strncasecmp(s1,s2,n) != 0)
00121
00122 #define strIsEmpty(s) (s == NULL || s[0] == NUL)
00123
00124 #define myConnConfig(c) \
00125 (SSLConnRec *)ap_get_module_config(c->conn_config, &ssl_module)
00126 #define myCtxConfig(sslconn, sc) (sslconn->is_proxy ? sc->proxy : sc->server)
00127 #define myConnConfigSet(c, val) \
00128 ap_set_module_config(c->conn_config, &ssl_module, val)
00129 #define mySrvConfig(srv) (SSLSrvConfigRec *)ap_get_module_config(srv->module_config, &ssl_module)
00130 #define myDirConfig(req) (SSLDirConfigRec *)ap_get_module_config(req->per_dir_config, &ssl_module)
00131 #define myModConfig(srv) (mySrvConfig((srv)))->mc
00132
00133 #define myCtxVarSet(mc,num,val) mc->rCtx.pV##num = val
00134 #define myCtxVarGet(mc,num,type) (type)(mc->rCtx.pV##num)
00135
00139 #ifndef SSL_SESSION_CACHE_TIMEOUT
00140 #define SSL_SESSION_CACHE_TIMEOUT 300
00141 #endif
00142
00146 #define SSL_MM_FILE_MODE ( APR_UREAD | APR_UWRITE | APR_GREAD | APR_WREAD )
00147
00151 #define SSL_DBM_FILE_MODE ( APR_UREAD | APR_UWRITE | APR_GREAD | APR_WREAD )
00152
00153 #if !defined(SSL_DBM_FILE_SUFFIX_DIR) && !defined(SSL_DBM_FILE_SUFFIX_PAG)
00154 #if defined(DBM_SUFFIX)
00155 #define SSL_DBM_FILE_SUFFIX_DIR DBM_SUFFIX
00156 #define SSL_DBM_FILE_SUFFIX_PAG DBM_SUFFIX
00157 #elif defined(__FreeBSD__) || (defined(DB_LOCK) && defined(DB_SHMEM))
00158 #define SSL_DBM_FILE_SUFFIX_DIR ".db"
00159 #define SSL_DBM_FILE_SUFFIX_PAG ".db"
00160 #else
00161 #define SSL_DBM_FILE_SUFFIX_DIR ".dir"
00162 #define SSL_DBM_FILE_SUFFIX_PAG ".pag"
00163 #endif
00164 #endif
00165
00170 typedef int ssl_algo_t;
00171
00172 #define SSL_ALGO_UNKNOWN (0)
00173 #define SSL_ALGO_RSA (1<<0)
00174 #define SSL_ALGO_DSA (1<<1)
00175 #define SSL_ALGO_ALL (SSL_ALGO_RSA|SSL_ALGO_DSA)
00176
00177 #define SSL_AIDX_RSA (0)
00178 #define SSL_AIDX_DSA (1)
00179 #define SSL_AIDX_MAX (2)
00180
00181
00186 #define SSL_TMP_KEY_RSA_512 (0)
00187 #define SSL_TMP_KEY_RSA_1024 (1)
00188 #define SSL_TMP_KEY_DH_512 (2)
00189 #define SSL_TMP_KEY_DH_1024 (3)
00190 #define SSL_TMP_KEY_MAX (4)
00191
00195 #define SSL_OPT_NONE (0)
00196 #define SSL_OPT_RELSET (1<<0)
00197 #define SSL_OPT_STDENVVARS (1<<1)
00198 #define SSL_OPT_EXPORTCERTDATA (1<<3)
00199 #define SSL_OPT_FAKEBASICAUTH (1<<4)
00200 #define SSL_OPT_STRICTREQUIRE (1<<5)
00201 #define SSL_OPT_OPTRENEGOTIATE (1<<6)
00202 #define SSL_OPT_ALL (SSL_OPT_STDENVVARS|SSL_OPT_EXPORTCERTDATA|SSL_OPT_FAKEBASICAUTH|SSL_OPT_STRICTREQUIRE|SSL_OPT_OPTRENEGOTIATE)
00203 typedef int ssl_opt_t;
00204
00208 #define SSL_PROTOCOL_NONE (0)
00209 #define SSL_PROTOCOL_SSLV2 (1<<0)
00210 #define SSL_PROTOCOL_SSLV3 (1<<1)
00211 #define SSL_PROTOCOL_TLSV1 (1<<2)
00212 #define SSL_PROTOCOL_ALL (SSL_PROTOCOL_SSLV2|SSL_PROTOCOL_SSLV3|SSL_PROTOCOL_TLSV1)
00213 typedef int ssl_proto_t;
00214
00218 typedef enum {
00219 SSL_CVERIFY_UNSET = UNSET,
00220 SSL_CVERIFY_NONE = 0,
00221 SSL_CVERIFY_OPTIONAL = 1,
00222 SSL_CVERIFY_REQUIRE = 2,
00223 SSL_CVERIFY_OPTIONAL_NO_CA = 3
00224 } ssl_verify_t;
00225
00226 #define SSL_VERIFY_PEER_STRICT \
00227 (SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT)
00228
00229 #ifndef X509_V_ERR_CERT_UNTRUSTED
00230 #define X509_V_ERR_CERT_UNTRUSTED 27
00231 #endif
00232
00233 #define ssl_verify_error_is_optional(errnum) \
00234 ((errnum == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT) \
00235 || (errnum == X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN) \
00236 || (errnum == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY) \
00237 || (errnum == X509_V_ERR_CERT_UNTRUSTED) \
00238 || (errnum == X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE))
00239
00243 typedef enum {
00244 SSL_PPTYPE_UNSET = UNSET,
00245 SSL_PPTYPE_BUILTIN = 0,
00246 SSL_PPTYPE_FILTER = 1,
00247 SSL_PPTYPE_PIPE = 2
00248 } ssl_pphrase_t;
00249
00253 #define SSL_PCM_EXISTS 1
00254 #define SSL_PCM_ISREG 2
00255 #define SSL_PCM_ISDIR 4
00256 #define SSL_PCM_ISNONZERO 8
00257 typedef unsigned int ssl_pathcheck_t;
00258
00262 typedef enum {
00263 SSL_SCMODE_UNSET = UNSET,
00264 SSL_SCMODE_NONE = 0,
00265 SSL_SCMODE_DBM = 1,
00266 SSL_SCMODE_SHMCB = 3,
00267 SSL_SCMODE_DC = 4,
00268 SSL_SCMODE_NONE_NOT_NULL = 5
00269 } ssl_scmode_t;
00270
00274 typedef enum {
00275 SSL_MUTEXMODE_UNSET = UNSET,
00276 SSL_MUTEXMODE_NONE = 0,
00277 SSL_MUTEXMODE_USED = 1
00278 } ssl_mutexmode_t;
00279
00283 typedef enum {
00284 SSL_ENABLED_UNSET = UNSET,
00285 SSL_ENABLED_FALSE = 0,
00286 SSL_ENABLED_TRUE = 1,
00287 SSL_ENABLED_OPTIONAL = 3
00288 } ssl_enabled_t;
00289
00293 typedef struct {
00294 char *cpExpr;
00295 ssl_expr *mpExpr;
00296 } ssl_require_t;
00297
00301 typedef enum {
00302 SSL_RSCTX_STARTUP = 1,
00303 SSL_RSCTX_CONNECT = 2
00304 } ssl_rsctx_t;
00305 typedef enum {
00306 SSL_RSSRC_BUILTIN = 1,
00307 SSL_RSSRC_FILE = 2,
00308 SSL_RSSRC_EXEC = 3,
00309 SSL_RSSRC_EGD = 4
00310 } ssl_rssrc_t;
00311 typedef struct {
00312 ssl_rsctx_t nCtx;
00313 ssl_rssrc_t nSrc;
00314 char *cpPath;
00315 int nBytes;
00316 } ssl_randseed_t;
00317
00321 typedef struct {
00322 long int nData;
00323 unsigned char *cpData;
00324 apr_time_t source_mtime;
00325 } ssl_asn1_t;
00326
00332 typedef enum {
00333 SSL_SHUTDOWN_TYPE_UNSET,
00334 SSL_SHUTDOWN_TYPE_STANDARD,
00335 SSL_SHUTDOWN_TYPE_UNCLEAN,
00336 SSL_SHUTDOWN_TYPE_ACCURATE
00337 } ssl_shutdown_type_e;
00338
00339 typedef struct {
00340 SSL *ssl;
00341 const char *client_dn;
00342 X509 *client_cert;
00343 ssl_shutdown_type_e shutdown_type;
00344 const char *verify_info;
00345 const char *verify_error;
00346 int verify_depth;
00347 int is_proxy;
00348 int disabled;
00349 int non_ssl_request;
00350 } SSLConnRec;
00351
00352 typedef struct {
00353 pid_t pid;
00354 apr_pool_t *pPool;
00355 BOOL bFixed;
00356 int nSessionCacheMode;
00357 char *szSessionCacheDataFile;
00358 int nSessionCacheDataSize;
00359 apr_shm_t *pSessionCacheDataMM;
00360 apr_rmm_t *pSessionCacheDataRMM;
00361 void *tSessionCacheDataTable;
00362 ssl_mutexmode_t nMutexMode;
00363 apr_lockmech_e nMutexMech;
00364 const char *szMutexFile;
00365 apr_global_mutex_t *pMutex;
00366 apr_array_header_t *aRandSeed;
00367 apr_hash_t *tVHostKeys;
00368 void *pTmpKeys[SSL_TMP_KEY_MAX];
00369 apr_hash_t *tPublicCert;
00370 apr_hash_t *tPrivateKey;
00371 #if defined(HAVE_OPENSSL_ENGINE_H) && defined(HAVE_ENGINE_INIT)
00372 const char *szCryptoDevice;
00373 #endif
00374 struct {
00375 void *pV1, *pV2, *pV3, *pV4, *pV5, *pV6, *pV7, *pV8, *pV9, *pV10;
00376 } rCtx;
00377 } SSLModConfigRec;
00378
00380 typedef struct {
00385 const char *cert_files[SSL_AIDX_MAX];
00386 const char *key_files[SSL_AIDX_MAX];
00387 X509 *certs[SSL_AIDX_MAX];
00388 EVP_PKEY *keys[SSL_AIDX_MAX];
00389
00392 const char *ca_name_path;
00393 const char *ca_name_file;
00394 } modssl_pk_server_t;
00395
00396 typedef struct {
00398 const char *cert_file;
00399 const char *cert_path;
00400 STACK_OF(X509_INFO) *certs;
00401 } modssl_pk_proxy_t;
00402
00404 typedef struct {
00406 const char *ca_cert_path;
00407 const char *ca_cert_file;
00408
00409 const char *cipher_suite;
00410
00412 int verify_depth;
00413 ssl_verify_t verify_mode;
00414 } modssl_auth_ctx_t;
00415
00416 typedef struct SSLSrvConfigRec SSLSrvConfigRec;
00417
00418 typedef struct {
00419 SSLSrvConfigRec *sc;
00420 SSL_CTX *ssl_ctx;
00421
00423 modssl_pk_server_t *pks;
00424 modssl_pk_proxy_t *pkp;
00425
00426 ssl_proto_t protocol;
00427
00429 ssl_pphrase_t pphrase_dialog_type;
00430 const char *pphrase_dialog_path;
00431
00432 const char *cert_chain;
00433
00435 const char *crl_path;
00436 const char *crl_file;
00437 X509_STORE *crl;
00438
00439 modssl_auth_ctx_t auth;
00440 } modssl_ctx_t;
00441
00442 struct SSLSrvConfigRec {
00443 SSLModConfigRec *mc;
00444 ssl_enabled_t enabled;
00445 BOOL proxy_enabled;
00446 const char *vhost_id;
00447 int vhost_id_len;
00448 int session_cache_timeout;
00449 BOOL cipher_server_pref;
00450 modssl_ctx_t *server;
00451 modssl_ctx_t *proxy;
00452 };
00453
00459 typedef struct {
00460 BOOL bSSLRequired;
00461 apr_array_header_t *aRequirement;
00462 ssl_opt_t nOptions;
00463 ssl_opt_t nOptionsAdd;
00464 ssl_opt_t nOptionsDel;
00465 const char *szCipherSuite;
00466 ssl_verify_t nVerifyClient;
00467 int nVerifyDepth;
00468 const char *szCACertificatePath;
00469 const char *szCACertificateFile;
00470 const char *szUserName;
00471 } SSLDirConfigRec;
00472
00478 extern module AP_MODULE_DECLARE_DATA ssl_module;
00479
00481 extern const char ssl_valid_ssl_mutex_string[];
00482
00484 SSLModConfigRec *ssl_config_global_create(server_rec *);
00485 void ssl_config_global_fix(SSLModConfigRec *);
00486 BOOL ssl_config_global_isfixed(SSLModConfigRec *);
00487 void *ssl_config_server_create(apr_pool_t *, server_rec *);
00488 void *ssl_config_server_merge(apr_pool_t *, void *, void *);
00489 void *ssl_config_perdir_create(apr_pool_t *, char *);
00490 void *ssl_config_perdir_merge(apr_pool_t *, void *, void *);
00491 const char *ssl_cmd_SSLMutex(cmd_parms *, void *, const char *);
00492 const char *ssl_cmd_SSLPassPhraseDialog(cmd_parms *, void *, const char *);
00493 const char *ssl_cmd_SSLCryptoDevice(cmd_parms *, void *, const char *);
00494 const char *ssl_cmd_SSLRandomSeed(cmd_parms *, void *, const char *, const char *, const char *);
00495 const char *ssl_cmd_SSLEngine(cmd_parms *, void *, const char *);
00496 const char *ssl_cmd_SSLCipherSuite(cmd_parms *, void *, const char *);
00497 const char *ssl_cmd_SSLCertificateFile(cmd_parms *, void *, const char *);
00498 const char *ssl_cmd_SSLCertificateKeyFile(cmd_parms *, void *, const char *);
00499 const char *ssl_cmd_SSLCertificateChainFile(cmd_parms *, void *, const char *);
00500 const char *ssl_cmd_SSLCACertificatePath(cmd_parms *, void *, const char *);
00501 const char *ssl_cmd_SSLCACertificateFile(cmd_parms *, void *, const char *);
00502 const char *ssl_cmd_SSLCADNRequestPath(cmd_parms *, void *, const char *);
00503 const char *ssl_cmd_SSLCADNRequestFile(cmd_parms *, void *, const char *);
00504 const char *ssl_cmd_SSLCARevocationPath(cmd_parms *, void *, const char *);
00505 const char *ssl_cmd_SSLCARevocationFile(cmd_parms *, void *, const char *);
00506 const char *ssl_cmd_SSLHonorCipherOrder(cmd_parms *cmd, void *dcfg, int flag);
00507 const char *ssl_cmd_SSLVerifyClient(cmd_parms *, void *, const char *);
00508 const char *ssl_cmd_SSLVerifyDepth(cmd_parms *, void *, const char *);
00509 const char *ssl_cmd_SSLSessionCache(cmd_parms *, void *, const char *);
00510 const char *ssl_cmd_SSLSessionCacheTimeout(cmd_parms *, void *, const char *);
00511 const char *ssl_cmd_SSLProtocol(cmd_parms *, void *, const char *);
00512 const char *ssl_cmd_SSLOptions(cmd_parms *, void *, const char *);
00513 const char *ssl_cmd_SSLRequireSSL(cmd_parms *, void *);
00514 const char *ssl_cmd_SSLRequire(cmd_parms *, void *, const char *);
00515 const char *ssl_cmd_SSLUserName(cmd_parms *, void *, const char *);
00516
00517 const char *ssl_cmd_SSLProxyEngine(cmd_parms *cmd, void *dcfg, int flag);
00518 const char *ssl_cmd_SSLProxyProtocol(cmd_parms *, void *, const char *);
00519 const char *ssl_cmd_SSLProxyCipherSuite(cmd_parms *, void *, const char *);
00520 const char *ssl_cmd_SSLProxyVerify(cmd_parms *, void *, const char *);
00521 const char *ssl_cmd_SSLProxyVerifyDepth(cmd_parms *, void *, const char *);
00522 const char *ssl_cmd_SSLProxyCACertificatePath(cmd_parms *, void *, const char *);
00523 const char *ssl_cmd_SSLProxyCACertificateFile(cmd_parms *, void *, const char *);
00524 const char *ssl_cmd_SSLProxyCARevocationPath(cmd_parms *, void *, const char *);
00525 const char *ssl_cmd_SSLProxyCARevocationFile(cmd_parms *, void *, const char *);
00526 const char *ssl_cmd_SSLProxyMachineCertificatePath(cmd_parms *, void *, const char *);
00527 const char *ssl_cmd_SSLProxyMachineCertificateFile(cmd_parms *, void *, const char *);
00528
00530 int ssl_init_Module(apr_pool_t *, apr_pool_t *, apr_pool_t *, server_rec *);
00531 void ssl_init_Engine(server_rec *, apr_pool_t *);
00532 void ssl_init_ConfigureServer(server_rec *, apr_pool_t *, apr_pool_t *, SSLSrvConfigRec *);
00533 void ssl_init_CheckServers(server_rec *, apr_pool_t *);
00534 STACK_OF(X509_NAME)
00535 *ssl_init_FindCAList(server_rec *, apr_pool_t *, const char *, const char *);
00536 void ssl_init_Child(apr_pool_t *, server_rec *);
00537 apr_status_t ssl_init_ModuleKill(void *data);
00538
00540 int ssl_hook_Auth(request_rec *);
00541 int ssl_hook_UserCheck(request_rec *);
00542 int ssl_hook_Access(request_rec *);
00543 int ssl_hook_Fixup(request_rec *);
00544 int ssl_hook_ReadReq(request_rec *);
00545 int ssl_hook_Upgrade(request_rec *);
00546 void ssl_hook_ConfigTest(apr_pool_t *pconf, server_rec *s);
00547
00549 RSA *ssl_callback_TmpRSA(SSL *, int, int);
00550 DH *ssl_callback_TmpDH(SSL *, int, int);
00551 int ssl_callback_SSLVerify(int, X509_STORE_CTX *);
00552 int ssl_callback_SSLVerify_CRL(int, X509_STORE_CTX *, conn_rec *);
00553 int ssl_callback_proxy_cert(SSL *ssl, MODSSL_CLIENT_CERT_CB_ARG_TYPE **x509, EVP_PKEY **pkey);
00554 int ssl_callback_NewSessionCacheEntry(SSL *, SSL_SESSION *);
00555 SSL_SESSION *ssl_callback_GetSessionCacheEntry(SSL *, unsigned char *, int, int *);
00556 void ssl_callback_DelSessionCacheEntry(SSL_CTX *, SSL_SESSION *);
00557 void ssl_callback_LogTracingState(MODSSL_INFO_CB_ARG_TYPE, int, int);
00558
00560 void ssl_scache_init(server_rec *, apr_pool_t *);
00561 void ssl_scache_status_register(apr_pool_t *p);
00562 void ssl_scache_kill(server_rec *);
00563 BOOL ssl_scache_store(server_rec *, UCHAR *, int, time_t, SSL_SESSION *);
00564 SSL_SESSION *ssl_scache_retrieve(server_rec *, UCHAR *, int);
00565 void ssl_scache_remove(server_rec *, UCHAR *, int);
00566
00567 char *ssl_scache_id2sz(UCHAR *, int);
00568 void ssl_scache_dbm_init(server_rec *, apr_pool_t *);
00569 void ssl_scache_dbm_kill(server_rec *);
00570 BOOL ssl_scache_dbm_store(server_rec *, UCHAR *, int, time_t, SSL_SESSION *);
00571 SSL_SESSION *ssl_scache_dbm_retrieve(server_rec *, UCHAR *, int);
00572 void ssl_scache_dbm_remove(server_rec *, UCHAR *, int);
00573 void ssl_scache_dbm_status(request_rec *r, int flags, apr_pool_t *pool);
00574
00575 void ssl_scache_shmcb_init(server_rec *, apr_pool_t *);
00576 void ssl_scache_shmcb_kill(server_rec *);
00577 BOOL ssl_scache_shmcb_store(server_rec *, UCHAR *, int, time_t, SSL_SESSION *);
00578 SSL_SESSION *ssl_scache_shmcb_retrieve(server_rec *, UCHAR *, int);
00579 void ssl_scache_shmcb_remove(server_rec *, UCHAR *, int);
00580 void ssl_scache_shmcb_status(request_rec *r, int flags, apr_pool_t *pool);
00581
00582 void ssl_scache_dc_init(server_rec *, apr_pool_t *);
00583 void ssl_scache_dc_kill(server_rec *);
00584 BOOL ssl_scache_dc_store(server_rec *, UCHAR *, int, time_t, SSL_SESSION *);
00585 SSL_SESSION *ssl_scache_dc_retrieve(server_rec *, UCHAR *, int);
00586 void ssl_scache_dc_remove(server_rec *, UCHAR *, int);
00587 void ssl_scache_dc_status(request_rec *r, int flags, apr_pool_t *pool);
00588
00590 int ssl_proxy_enable(conn_rec *c);
00591 int ssl_engine_disable(conn_rec *c);
00592
00594 void ssl_io_filter_init(conn_rec *, SSL *);
00595 void ssl_io_filter_register(apr_pool_t *);
00596 long ssl_io_data_cb(BIO *, int, MODSSL_BIO_CB_ARG_TYPE *, int, long, long);
00597
00598
00599
00600 int ssl_io_buffer_fill(request_rec *r);
00601
00602
00603 int ssl_rand_seed(server_rec *, apr_pool_t *, ssl_rsctx_t, char *);
00604
00606 char *ssl_util_vhostid(apr_pool_t *, server_rec *);
00607 apr_file_t *ssl_util_ppopen(server_rec *, apr_pool_t *, const char *,
00608 const char * const *);
00609 void ssl_util_ppclose(server_rec *, apr_pool_t *, apr_file_t *);
00610 char *ssl_util_readfilter(server_rec *, apr_pool_t *, const char *,
00611 const char * const *);
00612 BOOL ssl_util_path_check(ssl_pathcheck_t, const char *, apr_pool_t *);
00613 ssl_algo_t ssl_util_algotypeof(X509 *, EVP_PKEY *);
00614 char *ssl_util_algotypestr(ssl_algo_t);
00615 void ssl_util_thread_setup(apr_pool_t *);
00616 int ssl_init_ssl_connection(conn_rec *c);
00617
00619 void ssl_pphrase_Handle(server_rec *, apr_pool_t *);
00620
00622 DH *ssl_dh_GetTmpParam(int);
00623 DH *ssl_dh_GetParamFromFile(char *);
00624
00625 unsigned char *ssl_asn1_table_set(apr_hash_t *table,
00626 const char *key,
00627 long int length);
00628
00629 ssl_asn1_t *ssl_asn1_table_get(apr_hash_t *table,
00630 const char *key);
00631
00632 void ssl_asn1_table_unset(apr_hash_t *table,
00633 const char *key);
00634
00635 const char *ssl_asn1_keystr(int keytype);
00636
00637 const char *ssl_asn1_table_keyfmt(apr_pool_t *p,
00638 const char *id,
00639 int keytype);
00641 int ssl_mutex_init(server_rec *, apr_pool_t *);
00642 int ssl_mutex_reinit(server_rec *, apr_pool_t *);
00643 int ssl_mutex_on(server_rec *);
00644 int ssl_mutex_off(server_rec *);
00645
00647 void ssl_die(void);
00648 void ssl_log_ssl_error(const char *, int, int, server_rec *);
00649
00651 void ssl_var_register(void);
00652 char *ssl_var_lookup(apr_pool_t *, server_rec *, conn_rec *, request_rec *, char *);
00653 const char *ssl_ext_lookup(apr_pool_t *p, conn_rec *c, int peer, const char *oid);
00654
00655 extern apr_array_header_t *ssl_extlist_by_oid(request_rec *r, const char *oidstr);
00656
00657 void ssl_var_log_config_register(apr_pool_t *p);
00658
00659 #define APR_SHM_MAXSIZE (64 * 1024 * 1024)
00660
00661 #endif
00662