2 ** _ __ ___ ___ __| | ___ ___| | mod_ssl
3 ** | '_ ` _ \ / _ \ / _` | / __/ __| | Apache Interface to OpenSSL
4 ** | | | | | | (_) | (_| | \__ \__ \ | www.modssl.org
5 ** |_| |_| |_|\___/ \__,_|___|___/___/_| ftp.modssl.org
11 /* ====================================================================
12 * The Apache Software License, Version 1.1
14 * Copyright (c) 2000-2002 The Apache Software Foundation. All rights
17 * Redistribution and use in source and binary forms, with or without
18 * modification, are permitted provided that the following conditions
21 * 1. Redistributions of source code must retain the above copyright
22 * notice, this list of conditions and the following disclaimer.
24 * 2. Redistributions in binary form must reproduce the above copyright
25 * notice, this list of conditions and the following disclaimer in
26 * the documentation and/or other materials provided with the
29 * 3. The end-user documentation included with the redistribution,
30 * if any, must include the following acknowledgment:
31 * "This product includes software developed by the
32 * Apache Software Foundation (http://www.apache.org/)."
33 * Alternately, this acknowledgment may appear in the software itself,
34 * if and wherever such third-party acknowledgments normally appear.
36 * 4. The names "Apache" and "Apache Software Foundation" must
37 * not be used to endorse or promote products derived from this
38 * software without prior written permission. For written
39 * permission, please contact apache@apache.org.
41 * 5. Products derived from this software may not be called "Apache",
42 * nor may "Apache" appear in their name, without prior written
43 * permission of the Apache Software Foundation.
45 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
46 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
47 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
48 * DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
49 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
50 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
51 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
52 * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
53 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
54 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
55 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
57 * ====================================================================
59 /* ``The Apache Group: a collection
60 of talented individuals who are
61 trying to perfect the art of
62 never finishing something.''
67 #define MOD_SSL_VERSION "3.0a0"
70 * Optionally enable the experimental stuff, but allow the user to
71 * override the decision which experimental parts are included by using
72 * CFLAGS="-DSSL_EXPERIMENTAL_xxxx_IGNORE".
74 #ifdef SSL_EXPERIMENTAL
75 #ifndef SSL_EXPERIMENTAL_PERDIRCA_IGNORE
76 #define SSL_EXPERIMENTAL_PERDIRCA
78 #ifndef SSL_EXPERIMENTAL_PROXY_IGNORE
79 #define SSL_EXPERIMENTAL_PROXY
82 #ifndef SSL_EXPERIMENTAL_ENGINE_IGNORE
83 #define SSL_EXPERIMENTAL_ENGINE
86 #endif /* SSL_EXPERIMENTAL */
89 * Power up our brain...
94 #include "http_config.h"
95 #include "http_core.h"
97 #include "http_main.h"
98 #include "http_connection.h"
99 #include "http_request.h"
100 #include "http_protocol.h"
101 #include "util_script.h"
102 #include "util_filter.h"
105 #include "apr_strings.h"
106 #include "apr_tables.h"
108 #include "apr_fnmatch.h"
109 #include "apr_strings.h"
113 #include "apr_optional.h"
115 /* OpenSSL headers */
124 #ifdef SSL_EXPERIMENTAL_ENGINE
128 /* mod_ssl headers */
129 #include "ssl_expr.h"
130 #include "ssl_util_ssl.h"
131 #include "ssl_util_table.h"
133 /* The #ifdef macros are only defined AFTER including the above
134 * therefore we cannot include these system files at the top :-(
136 #if APR_HAVE_SYS_TIME_H
137 #include <sys/time.h>
139 #if APR_HAVE_UNISTD_H
140 #include <unistd.h> /* needed for STDIN_FILENO et.al., at least on FreeBSD */
144 * Provide reasonable default for some defines
150 #define TRUE (!FALSE)
153 #define PFALSE ((void *)FALSE)
156 #define PTRUE ((void *)TRUE)
166 #define RAND_MAX INT_MAX
170 * Provide reasonable defines for some types
173 #define BOOL unsigned int
176 #define UCHAR unsigned char
180 * Provide useful shorthands
182 #define strEQ(s1,s2) (strcmp(s1,s2) == 0)
183 #define strNE(s1,s2) (strcmp(s1,s2) != 0)
184 #define strEQn(s1,s2,n) (strncmp(s1,s2,n) == 0)
185 #define strNEn(s1,s2,n) (strncmp(s1,s2,n) != 0)
187 #define strcEQ(s1,s2) (strcasecmp(s1,s2) == 0)
188 #define strcNE(s1,s2) (strcasecmp(s1,s2) != 0)
189 #define strcEQn(s1,s2,n) (strncasecmp(s1,s2,n) == 0)
190 #define strcNEn(s1,s2,n) (strncasecmp(s1,s2,n) != 0)
192 #define strIsEmpty(s) (s == NULL || s[0] == NUL)
194 #define cfgMerge(el,unset) new->el = (add->el == (unset)) ? base->el : add->el
195 #define cfgMergeArray(el) new->el = apr_array_append(p, add->el, base->el)
196 #define cfgMergeTable(el) new->el = apr_table_overlay(p, add->el, base->el)
197 #define cfgMergeCtx(el) new->el = apr_table_overlay(p, add->el, base->el)
198 #define cfgMergeString(el) cfgMerge(el, NULL)
199 #define cfgMergeBool(el) cfgMerge(el, UNSET)
200 #define cfgMergeInt(el) cfgMerge(el, UNSET)
202 #define myConnConfig(c) \
203 (SSLConnRec *)ap_get_module_config(c->conn_config, &ssl_module)
204 #define myConnConfigSet(c, val) \
205 ap_set_module_config(c->conn_config, &ssl_module, val)
206 #define mySrvConfig(srv) (SSLSrvConfigRec *)ap_get_module_config(srv->module_config, &ssl_module)
207 #define myDirConfig(req) (SSLDirConfigRec *)ap_get_module_config(req->per_dir_config, &ssl_module)
208 #define myModConfig(srv) (mySrvConfig((srv)))->mc
210 #define myCtxVarSet(mc,num,val) mc->rCtx.pV##num = val
211 #define myCtxVarGet(mc,num,type) (type)(mc->rCtx.pV##num)
216 #define SSL_LOG_NONE (1<<0)
217 #define SSL_LOG_ERROR (1<<1)
218 #define SSL_LOG_WARN (1<<2)
219 #define SSL_LOG_INFO (1<<3)
220 #define SSL_LOG_TRACE (1<<4)
221 #define SSL_LOG_DEBUG (1<<5)
222 #define SSL_LOG_MASK (SSL_LOG_ERROR|SSL_LOG_WARN|SSL_LOG_INFO|SSL_LOG_TRACE|SSL_LOG_DEBUG)
224 #define SSL_ADD_NONE (1<<8)
225 #define SSL_ADD_ERRNO (1<<9)
226 #define SSL_ADD_SSLERR (1<<10)
227 #define SSL_NO_TIMESTAMP (1<<11)
228 #define SSL_NO_LEVELID (1<<12)
229 #define SSL_NO_NEWLINE (1<<13)
232 * Defaults for the configuration
234 #ifndef SSL_SESSION_CACHE_TIMEOUT
235 #define SSL_SESSION_CACHE_TIMEOUT 300
239 * Support for MM library
241 #define SSL_MM_FILE_MODE ( APR_UREAD | APR_UWRITE | APR_GREAD | APR_WREAD )
244 * Support for DBM library
246 #define SSL_DBM_FILE_MODE ( APR_UREAD | APR_UWRITE | APR_GREAD | APR_WREAD )
248 #if !defined(SSL_DBM_FILE_SUFFIX_DIR) && !defined(SSL_DBM_FILE_SUFFIX_PAG)
249 #if defined(DBM_SUFFIX)
250 #define SSL_DBM_FILE_SUFFIX_DIR DBM_SUFFIX
251 #define SSL_DBM_FILE_SUFFIX_PAG DBM_SUFFIX
252 #elif defined(__FreeBSD__) || (defined(DB_LOCK) && defined(DB_SHMEM))
253 #define SSL_DBM_FILE_SUFFIX_DIR ".db"
254 #define SSL_DBM_FILE_SUFFIX_PAG ".db"
256 #define SSL_DBM_FILE_SUFFIX_DIR ".dir"
257 #define SSL_DBM_FILE_SUFFIX_PAG ".pag"
262 * Check for OpenSSL version
264 #if SSL_LIBRARY_VERSION < 0x00906000
265 #error "mod_ssl requires OpenSSL 0.9.6 or higher"
269 * Define the certificate algorithm types
272 typedef int ssl_algo_t;
274 #define SSL_ALGO_UNKNOWN (0)
275 #define SSL_ALGO_RSA (1<<0)
276 #define SSL_ALGO_DSA (1<<1)
277 #define SSL_ALGO_ALL (SSL_ALGO_RSA|SSL_ALGO_DSA)
279 #define SSL_AIDX_RSA (0)
280 #define SSL_AIDX_DSA (1)
281 #define SSL_AIDX_MAX (2)
285 * Define IDs for the temporary RSA keys and DH params
288 #define SSL_TMP_KEY_RSA_512 (0)
289 #define SSL_TMP_KEY_RSA_1024 (1)
290 #define SSL_TMP_KEY_DH_512 (2)
291 #define SSL_TMP_KEY_DH_1024 (3)
292 #define SSL_TMP_KEY_MAX (4)
295 * Define the SSL options
297 #define SSL_OPT_NONE (0)
298 #define SSL_OPT_RELSET (1<<0)
299 #define SSL_OPT_STDENVVARS (1<<1)
300 #define SSL_OPT_COMPATENVVARS (1<<2)
301 #define SSL_OPT_EXPORTCERTDATA (1<<3)
302 #define SSL_OPT_FAKEBASICAUTH (1<<4)
303 #define SSL_OPT_STRICTREQUIRE (1<<5)
304 #define SSL_OPT_OPTRENEGOTIATE (1<<6)
305 #define SSL_OPT_ALL (SSL_OPT_STDENVVARS|SSL_OPT_COMPATENVVAR|SSL_OPT_EXPORTCERTDATA|SSL_OPT_FAKEBASICAUTH|SSL_OPT_STRICTREQUIRE|SSL_OPT_OPTRENEGOTIATE)
306 typedef int ssl_opt_t;
309 * Define the SSL Protocol options
311 #define SSL_PROTOCOL_NONE (0)
312 #define SSL_PROTOCOL_SSLV2 (1<<0)
313 #define SSL_PROTOCOL_SSLV3 (1<<1)
314 #define SSL_PROTOCOL_TLSV1 (1<<2)
315 #define SSL_PROTOCOL_ALL (SSL_PROTOCOL_SSLV2|SSL_PROTOCOL_SSLV3|SSL_PROTOCOL_TLSV1)
316 typedef int ssl_proto_t;
319 * Define the SSL verify levels
322 SSL_CVERIFY_UNSET = UNSET,
323 SSL_CVERIFY_NONE = 0,
324 SSL_CVERIFY_OPTIONAL = 1,
325 SSL_CVERIFY_REQUIRE = 2,
326 SSL_CVERIFY_OPTIONAL_NO_CA = 3
329 #define SSL_VERIFY_PEER_STRICT \
330 (SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT)
332 #ifndef X509_V_ERR_CERT_UNTRUSTED
333 #define X509_V_ERR_CERT_UNTRUSTED 27
337 #ifdef OPENSSL_VERSION_NUMBER
339 #define EVP_PKEY_key_type(k) (EVP_PKEY_type(k->type))
341 #define X509_NAME_get_entries(xs) (xs->entries)
342 #define X509_REVOKED_get_serialNumber(xs) (xs->serialNumber)
344 #define X509_get_signature_algorithm(xs) (xs->cert_info->signature->algorithm)
345 #define X509_get_key_algorithm(xs) (xs->cert_info->key->algor->algorithm)
347 #define X509_NAME_ENTRY_get_data_ptr(xs) (xs->value->data)
348 #define X509_NAME_ENTRY_get_data_len(xs) (xs->value->length)
350 #define SSL_CTX_get_extra_certs(ctx) (ctx->extra_certs)
351 #define SSL_CTX_set_extra_certs(ctx,value) {ctx->extra_certs = value;}
353 #define SSL_CIPHER_get_name(s) (s->name)
354 #define SSL_CIPHER_get_valid(s) (s->valid)
356 #define SSL_SESSION_get_session_id(s) (s->session_id)
357 #define SSL_SESSION_get_session_id_length(s) (s->session_id_length)
360 * Support for retrieving/overriding states
362 #ifndef SSL_get_state
363 #define SSL_get_state(ssl) SSL_state(ssl)
366 #define SSL_set_state(ssl,val) (ssl)->state = val
370 #define ssl_verify_error_is_optional(errnum) \
371 ((errnum == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT) \
372 || (errnum == X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN) \
373 || (errnum == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY) \
374 || (errnum == X509_V_ERR_CERT_UNTRUSTED) \
375 || (errnum == X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE))
378 * Define the SSL pass phrase dialog types
381 SSL_PPTYPE_UNSET = UNSET,
382 SSL_PPTYPE_BUILTIN = 0,
383 SSL_PPTYPE_FILTER = 1,
388 * Define the Path Checking modes
390 #define SSL_PCM_EXISTS 1
391 #define SSL_PCM_ISREG 2
392 #define SSL_PCM_ISDIR 4
393 #define SSL_PCM_ISNONZERO 8
394 typedef unsigned int ssl_pathcheck_t;
397 * Define the SSL session cache modes and structures
400 SSL_SCMODE_UNSET = UNSET,
403 SSL_SCMODE_SHMHT = 2,
408 * Define the SSL mutex modes
411 SSL_MUTEXMODE_UNSET = UNSET,
412 SSL_MUTEXMODE_NONE = 0,
413 SSL_MUTEXMODE_USED = 1
417 * Define the SSL requirement structure
425 * Define the SSL random number generator seeding source
428 SSL_RSCTX_STARTUP = 1,
429 SSL_RSCTX_CONNECT = 2
432 SSL_RSSRC_BUILTIN = 1,
445 * Define the structure of an ASN.1 anything
449 unsigned char *cpData;
450 apr_time_t source_mtime;
454 * Define the mod_ssl per-module configuration structure
455 * (i.e. the global configuration for each httpd process)
462 ap_filter_t *pInputFilter;
463 ap_filter_t *pOutputFilter;
467 SSL_SHUTDOWN_TYPE_UNSET,
468 SSL_SHUTDOWN_TYPE_STANDARD,
469 SSL_SHUTDOWN_TYPE_UNCLEAN,
470 SSL_SHUTDOWN_TYPE_ACCURATE
471 } ssl_shutdown_type_e;
475 const char *client_dn;
477 ssl_shutdown_type_e shutdown_type;
478 const char *verify_info;
479 const char *verify_error;
481 int log_level; /* for avoiding expensive logging */
484 #define SSLConnLogApplies(sslconn, level) (sslconn->log_level >= level)
490 int nSessionCacheMode;
491 char *szSessionCacheDataFile;
492 int nSessionCacheDataSize;
493 apr_shm_t *pSessionCacheDataMM;
494 apr_rmm_t *pSessionCacheDataRMM;
495 apr_table_t *tSessionCacheDataTable;
496 ssl_mutexmode_t nMutexMode;
499 apr_array_header_t *aRandSeed;
500 apr_hash_t *tVHostKeys;
501 void *pTmpKeys[SSL_TMP_KEY_MAX];
502 apr_hash_t *tPublicCert;
503 apr_hash_t *tPrivateKey;
504 #ifdef SSL_EXPERIMENTAL_ENGINE
505 char *szCryptoDevice;
508 void *pV1, *pV2, *pV3, *pV4, *pV5, *pV6, *pV7, *pV8, *pV9, *pV10;
513 * Define the mod_ssl per-server configuration structure
514 * (i.e. the configuration for the main server
515 * and all <VirtualHost> contexts)
519 const char *szVHostID;
522 const char *szPublicCertFile[SSL_AIDX_MAX];
523 const char *szPrivateKeyFile[SSL_AIDX_MAX];
524 const char *szCertificateChain;
525 const char *szCACertificatePath;
526 const char *szCACertificateFile;
527 const char *szLogFile;
528 const char *szCipherSuite;
529 apr_file_t *fileLogFile;
532 ssl_verify_t nVerifyClient;
533 X509 *pPublicCert[SSL_AIDX_MAX];
534 EVP_PKEY *pPrivateKey[SSL_AIDX_MAX];
536 int nSessionCacheTimeout;
537 int nPassPhraseDialogType;
538 const char *szPassPhraseDialogPath;
539 ssl_proto_t nProtocol;
540 const char *szCARevocationPath;
541 const char *szCARevocationFile;
542 X509_STORE *pRevocationStore;
543 #ifdef SSL_EXPERIMENTAL_PROXY
544 /* Configuration details for proxy operation */
545 ssl_proto_t nProxyProtocol;
547 int nProxyVerifyDepth;
548 const char *szProxyCACertificatePath;
549 const char *szProxyCACertificateFile;
550 const char *szProxyClientCertificateFile;
551 const char *szProxyClientCertificatePath;
552 const char *szProxyCipherSuite;
553 SSL_CTX *pSSLProxyCtx;
554 STACK_OF(X509_INFO) *skProxyClientCerts;
559 * Define the mod_ssl per-directory configuration structure
560 * (i.e. the local configuration for all <Directory>
561 * and .htaccess contexts)
565 apr_array_header_t *aRequirement;
567 ssl_opt_t nOptionsAdd;
568 ssl_opt_t nOptionsDel;
570 ssl_verify_t nVerifyClient;
572 #ifdef SSL_EXPERIMENTAL_PERDIRCA
573 char *szCACertificatePath;
574 char *szCACertificateFile;
579 * function prototypes
582 /* API glue structures */
583 extern module AP_MODULE_DECLARE_DATA ssl_module;
585 /* configuration handling */
586 SSLModConfigRec *ssl_config_global_create(server_rec *);
587 void ssl_config_global_fix(SSLModConfigRec *);
588 BOOL ssl_config_global_isfixed(SSLModConfigRec *);
589 void *ssl_config_server_create(apr_pool_t *, server_rec *);
590 void *ssl_config_server_merge(apr_pool_t *, void *, void *);
591 void *ssl_config_perdir_create(apr_pool_t *, char *);
592 void *ssl_config_perdir_merge(apr_pool_t *, void *, void *);
593 const char *ssl_cmd_SSLMutex(cmd_parms *, void *, const char *);
594 const char *ssl_cmd_SSLPassPhraseDialog(cmd_parms *, void *, const char *);
595 const char *ssl_cmd_SSLCryptoDevice(cmd_parms *, void *, const char *);
596 const char *ssl_cmd_SSLRandomSeed(cmd_parms *, void *, const char *, const char *, const char *);
597 const char *ssl_cmd_SSLEngine(cmd_parms *, void *, int);
598 const char *ssl_cmd_SSLCipherSuite(cmd_parms *, void *, const char *);
599 const char *ssl_cmd_SSLCertificateFile(cmd_parms *, void *, const char *);
600 const char *ssl_cmd_SSLCertificateKeyFile(cmd_parms *, void *, const char *);
601 const char *ssl_cmd_SSLCertificateChainFile(cmd_parms *, void *, const char *);
602 const char *ssl_cmd_SSLCACertificatePath(cmd_parms *, void *, const char *);
603 const char *ssl_cmd_SSLCACertificateFile(cmd_parms *, void *, const char *);
604 const char *ssl_cmd_SSLCARevocationPath(cmd_parms *, void *, const char *);
605 const char *ssl_cmd_SSLCARevocationFile(cmd_parms *, void *, const char *);
606 const char *ssl_cmd_SSLVerifyClient(cmd_parms *, void *, const char *);
607 const char *ssl_cmd_SSLVerifyDepth(cmd_parms *, void *, const char *);
608 const char *ssl_cmd_SSLSessionCache(cmd_parms *, void *, const char *);
609 const char *ssl_cmd_SSLSessionCacheTimeout(cmd_parms *, void *, const char *);
610 const char *ssl_cmd_SSLLog(cmd_parms *, void *, const char *);
611 const char *ssl_cmd_SSLLogLevel(cmd_parms *, void *, const char *);
612 const char *ssl_cmd_SSLProtocol(cmd_parms *, void *, const char *);
613 const char *ssl_cmd_SSLOptions(cmd_parms *, void *, const char *);
614 const char *ssl_cmd_SSLRequireSSL(cmd_parms *, void *);
615 const char *ssl_cmd_SSLRequire(cmd_parms *, void *, const char *);
616 #ifdef SSL_EXPERIMENTAL_PROXY
617 const char *ssl_cmd_SSLProxyProtocol(cmd_parms *, char *, const char *);
618 const char *ssl_cmd_SSLProxyCipherSuite(cmd_parms *, char *, char *);
619 const char *ssl_cmd_SSLProxyVerify(cmd_parms *, char *, int);
620 const char *ssl_cmd_SSLProxyVerifyDepth(cmd_parms *, char *, char *);
621 const char *ssl_cmd_SSLProxyCACertificatePath(cmd_parms *, char *, char *);
622 const char *ssl_cmd_SSLProxyCACertificateFile(cmd_parms *, char *, char *);
623 const char *ssl_cmd_SSLProxyMachineCertificatePath(cmd_parms *, char *, char *);
624 const char *ssl_cmd_SSLProxyMachineCertificateFile(cmd_parms *, char *, char *);
627 /* module initialization */
628 int ssl_init_Module(apr_pool_t *, apr_pool_t *, apr_pool_t *, server_rec *);
629 void ssl_init_Engine(server_rec *, apr_pool_t *);
630 void ssl_init_ConfigureServer(server_rec *, apr_pool_t *, apr_pool_t *, SSLSrvConfigRec *);
631 void ssl_init_CheckServers(server_rec *, apr_pool_t *);
633 *ssl_init_FindCAList(server_rec *, apr_pool_t *, const char *, const char *);
634 void ssl_init_Child(apr_pool_t *, server_rec *);
635 apr_status_t ssl_init_ModuleKill(void *data);
637 /* Apache API hooks */
638 void ssl_hook_NewConnection(conn_rec *);
639 void ssl_hook_TimeoutConnection(int);
640 int ssl_hook_process_connection(SSLFilterRec *pRec);
641 apr_status_t ssl_hook_CloseConnection(SSLFilterRec *);
642 int ssl_hook_Translate(request_rec *);
643 int ssl_hook_Auth(request_rec *);
644 int ssl_hook_UserCheck(request_rec *);
645 int ssl_hook_Access(request_rec *);
646 int ssl_hook_Fixup(request_rec *);
647 int ssl_hook_ReadReq(request_rec *);
648 int ssl_hook_Handler(request_rec *);
650 /* OpenSSL callbacks */
651 RSA *ssl_callback_TmpRSA(SSL *, int, int);
652 DH *ssl_callback_TmpDH(SSL *, int, int);
653 int ssl_callback_SSLVerify(int, X509_STORE_CTX *);
654 int ssl_callback_SSLVerify_CRL(int, X509_STORE_CTX *, server_rec *);
655 int ssl_callback_NewSessionCacheEntry(SSL *, SSL_SESSION *);
656 SSL_SESSION *ssl_callback_GetSessionCacheEntry(SSL *, unsigned char *, int, int *);
657 void ssl_callback_DelSessionCacheEntry(SSL_CTX *, SSL_SESSION *);
658 #if SSL_LIBRARY_VERSION >= 0x00907000
659 void ssl_callback_LogTracingState(const SSL *, int, int);
661 void ssl_callback_LogTracingState(SSL *, int, int);
664 /* Session Cache Support */
665 void ssl_scache_init(server_rec *, apr_pool_t *);
667 void ssl_scache_status_register(apr_pool_t *p);
669 void ssl_scache_kill(server_rec *);
670 BOOL ssl_scache_store(server_rec *, UCHAR *, int, time_t, SSL_SESSION *);
671 SSL_SESSION *ssl_scache_retrieve(server_rec *, UCHAR *, int);
672 void ssl_scache_remove(server_rec *, UCHAR *, int);
673 void ssl_scache_expire(server_rec *);
674 void ssl_scache_status(server_rec *, apr_pool_t *, void (*)(char *, void *), void *);
675 char *ssl_scache_id2sz(UCHAR *, int);
676 void ssl_scache_dbm_init(server_rec *, apr_pool_t *);
677 void ssl_scache_dbm_kill(server_rec *);
678 BOOL ssl_scache_dbm_store(server_rec *, UCHAR *, int, time_t, SSL_SESSION *);
679 SSL_SESSION *ssl_scache_dbm_retrieve(server_rec *, UCHAR *, int);
680 void ssl_scache_dbm_remove(server_rec *, UCHAR *, int);
681 void ssl_scache_dbm_expire(server_rec *);
682 void ssl_scache_dbm_status(server_rec *, apr_pool_t *, void (*)(char *, void *), void *);
684 void ssl_scache_shmht_init(server_rec *, apr_pool_t *);
685 void ssl_scache_shmht_kill(server_rec *);
686 BOOL ssl_scache_shmht_store(server_rec *, UCHAR *, int, time_t, SSL_SESSION *);
687 SSL_SESSION *ssl_scache_shmht_retrieve(server_rec *, UCHAR *, int);
688 void ssl_scache_shmht_remove(server_rec *, UCHAR *, int);
689 void ssl_scache_shmht_expire(server_rec *);
690 void ssl_scache_shmht_status(server_rec *, apr_pool_t *, void (*)(char *, void *), void *);
692 void ssl_scache_shmcb_init(server_rec *, apr_pool_t *);
693 void ssl_scache_shmcb_kill(server_rec *);
694 BOOL ssl_scache_shmcb_store(server_rec *, UCHAR *, int, time_t, SSL_SESSION *);
695 SSL_SESSION *ssl_scache_shmcb_retrieve(server_rec *, UCHAR *, int);
696 void ssl_scache_shmcb_remove(server_rec *, UCHAR *, int);
697 void ssl_scache_shmcb_expire(server_rec *);
698 void ssl_scache_shmcb_status(server_rec *, apr_pool_t *, void (*)(char *, void *), void *);
700 /* Pass Phrase Support */
701 void ssl_pphrase_Handle(server_rec *, apr_pool_t *);
703 /* Diffie-Hellman Parameter Support */
704 DH *ssl_dh_GetTmpParam(int);
705 DH *ssl_dh_GetParamFromFile(char *);
707 unsigned char *ssl_asn1_table_set(apr_hash_t *table,
711 ssl_asn1_t *ssl_asn1_table_get(apr_hash_t *table,
714 void ssl_asn1_table_unset(apr_hash_t *table,
717 const char *ssl_asn1_keystr(int keytype);
719 const char *ssl_asn1_table_keyfmt(apr_pool_t *p,
723 int ssl_mutex_init(server_rec *, apr_pool_t *);
724 int ssl_mutex_reinit(server_rec *, apr_pool_t *);
725 int ssl_mutex_on(server_rec *);
726 int ssl_mutex_off(server_rec *);
728 /* Logfile Support */
729 void ssl_log_open(server_rec *, server_rec *, apr_pool_t *);
730 void ssl_log(server_rec *, int, const char *, ...);
734 void ssl_var_register(void);
735 char *ssl_var_lookup(apr_pool_t *, server_rec *, conn_rec *, request_rec *, char *);
736 void ssl_var_log_config_register(apr_pool_t *p);
738 APR_DECLARE_OPTIONAL_FN(char *, ssl_var_lookup,
739 (apr_pool_t *, server_rec *,
740 conn_rec *, request_rec *,
743 /* Proxy Extensions */
745 void ssl_ext_proxy_register(apr_pool_t *p);
749 void ssl_io_filter_init(conn_rec *, SSL *);
750 void ssl_io_filter_register(apr_pool_t *);
751 long ssl_io_data_cb(BIO *, int, const char *, int, long, long);
754 int ssl_rand_seed(server_rec *, apr_pool_t *, ssl_rsctx_t, char *);
756 /* Utility Functions */
757 char *ssl_util_vhostid(apr_pool_t *, server_rec *);
758 void ssl_util_strupper(char *);
759 void ssl_util_uuencode(char *, const char *, BOOL);
760 void ssl_util_uuencode_binary(unsigned char *, const unsigned char *, int, BOOL);
761 apr_file_t *ssl_util_ppopen(server_rec *, apr_pool_t *, const char *,
762 const char * const *);
763 void ssl_util_ppclose(server_rec *, apr_pool_t *, apr_file_t *);
764 char *ssl_util_readfilter(server_rec *, apr_pool_t *, const char *,
765 const char * const *);
766 BOOL ssl_util_path_check(ssl_pathcheck_t, const char *, apr_pool_t *);
767 ssl_algo_t ssl_util_algotypeof(X509 *, EVP_PKEY *);
768 char *ssl_util_algotypestr(ssl_algo_t);
769 char *ssl_util_ptxtsub(apr_pool_t *, const char *, const char *, char *);
770 void ssl_util_thread_setup(server_rec *, apr_pool_t *);
772 #define APR_SHM_MAXSIZE (64 * 1024 * 1024)
773 #endif /* __MOD_SSL_H__ */