mod_ssl.h

mod_ssl-2.8.31-1.3.41.tar.gz 好用的ssl工具

#define SSL_OPT_RELSET         (1<<0)
#define SSL_OPT_STDENVVARS     (1<<1)
#define SSL_OPT_COMPATENVVARS  (1<<2)
#define SSL_OPT_EXPORTCERTDATA (1<<3)
#define SSL_OPT_FAKEBASICAUTH  (1<<4)
#define SSL_OPT_STRICTREQUIRE  (1<<5)
#define SSL_OPT_OPTRENEGOTIATE (1<<6)
#define SSL_OPT_ALL            (SSL_OPT_STDENVVARS|SSL_OPT_COMPATENVVAR|SSL_OPT_EXPORTCERTDATA|SSL_OPT_FAKEBASICAUTH|SSL_OPT_STRICTREQUIRE|SSL_OPT_OPTRENEGOTIATE)
typedef int ssl_opt_t;

/*
 * Define the SSL Protocol options
 */
#define SSL_PROTOCOL_NONE  (0)
#define SSL_PROTOCOL_SSLV2 (1<<0)
#define SSL_PROTOCOL_SSLV3 (1<<1)
#define SSL_PROTOCOL_TLSV1 (1<<2)
#define SSL_PROTOCOL_ALL   (SSL_PROTOCOL_SSLV2|SSL_PROTOCOL_SSLV3|SSL_PROTOCOL_TLSV1)
typedef int ssl_proto_t;

/*
 * Define the SSL verify levels
 */
typedef enum {
    SSL_CVERIFY_UNSET           = UNSET,
    SSL_CVERIFY_NONE            = 0,
    SSL_CVERIFY_OPTIONAL        = 1,
    SSL_CVERIFY_REQUIRE         = 2,
    SSL_CVERIFY_OPTIONAL_NO_CA  = 3
} ssl_verify_t;

/*
 * Define the SSL pass phrase dialog types
 */
typedef enum {
    SSL_PPTYPE_UNSET   = UNSET,
    SSL_PPTYPE_BUILTIN = 0,
    SSL_PPTYPE_FILTER  = 1
} ssl_pphrase_t;

/*
 * Define the Path Checking modes
 */
#define SSL_PCM_EXISTS     1
#define SSL_PCM_ISREG      2
#define SSL_PCM_ISDIR      4
#define SSL_PCM_ISNONZERO  8
typedef unsigned int ssl_pathcheck_t;

/*
 * Define the SSL session cache modes and structures
 */
typedef enum {
    SSL_SCMODE_UNSET = UNSET,
    SSL_SCMODE_NONE  = 0,
    SSL_SCMODE_DBM   = 1,
    SSL_SCMODE_SHMHT = 2,
    SSL_SCMODE_SHMCB = 3
} ssl_scmode_t;

/*
 * Define the SSL mutex modes
 */
typedef enum {
    SSL_MUTEXMODE_UNSET  = UNSET,
    SSL_MUTEXMODE_NONE   = 0,
    SSL_MUTEXMODE_FILE   = 1,
    SSL_MUTEXMODE_SEM    = 2
} ssl_mutexmode_t;

/*
 * Define the SSL requirement structure
 */
typedef struct {
    char     *cpExpr;
    ssl_expr *mpExpr;
} ssl_require_t;

/*
 * Define the SSL random number generator seeding source
 */
typedef enum {
    SSL_RSCTX_STARTUP = 1,
    SSL_RSCTX_CONNECT = 2
} ssl_rsctx_t;
typedef enum {
    SSL_RSSRC_BUILTIN = 1,
    SSL_RSSRC_FILE    = 2,
    SSL_RSSRC_EXEC    = 3
#if SSL_LIBRARY_VERSION >= 0x00905100
   ,SSL_RSSRC_EGD     = 4
#endif
} ssl_rssrc_t;
typedef struct {
    ssl_rsctx_t  nCtx;
    ssl_rssrc_t  nSrc;
    char        *cpPath;
    int          nBytes;
} ssl_randseed_t;

/*
 * Define the structure of an ASN.1 anything
 */
typedef struct {
    long int       nData;
    unsigned char *cpData;
} ssl_asn1_t;

/*
 * Define the mod_ssl per-module configuration structure
 * (i.e. the global configuration for each httpd process)
 */

typedef struct {
    pool           *pPool;
    BOOL            bFixed;
    int             nInitCount;
    int             nSessionCacheMode;
    char           *szSessionCacheDataFile;
    int             nSessionCacheDataSize;
    AP_MM          *pSessionCacheDataMM;
    table_t        *tSessionCacheDataTable;
    ssl_mutexmode_t nMutexMode;
    char           *szMutexFile;
    int             nMutexFD;
    int             nMutexSEMID;
    array_header   *aRandSeed;
    ssl_ds_table   *tTmpKeys;
    void           *pTmpKeys[SSL_TKPIDX_MAX];
    ssl_ds_table   *tPublicCert;
    ssl_ds_table   *tPrivateKey;
#ifdef SSL_EXPERIMENTAL_ENGINE
    char           *szCryptoDevice;
#endif
    struct {
        void *pV1, *pV2, *pV3, *pV4, *pV5, *pV6, *pV7, *pV8, *pV9, *pV10;
    } rCtx;
#ifdef SSL_VENDOR
    ap_ctx         *ctx;
#endif
} SSLModConfigRec;

/*
 * Define the mod_ssl per-server configuration structure
 * (i.e. the configuration for the main server
 *  and all <VirtualHost> contexts)
 */
typedef struct {
    BOOL         bEnabled;
    char        *szPublicCertFile[SSL_AIDX_MAX];
    char        *szPrivateKeyFile[SSL_AIDX_MAX];
    char        *szCertificateChain;
    char        *szCACertificatePath;
    char        *szCACertificateFile;
    char        *szLogFile;
    char        *szCipherSuite;
    FILE        *fileLogFile;
    int          nLogLevel;
    int          nVerifyDepth;
    ssl_verify_t nVerifyClient;
    X509        *pPublicCert[SSL_AIDX_MAX];
    EVP_PKEY    *pPrivateKey[SSL_AIDX_MAX];
    SSL_CTX     *pSSLCtx;
    int          nSessionCacheTimeout;
    int          nPassPhraseDialogType;
    char        *szPassPhraseDialogPath;
    ssl_proto_t  nProtocol;
    char        *szCARevocationPath;
    char        *szCARevocationFile;
    X509_STORE  *pRevocationStore;
#ifdef SSL_EXPERIMENTAL_PROXY
    /* Configuration details for proxy operation */
    ssl_proto_t  nProxyProtocol;
    int          bProxyVerify;
    int          nProxyVerifyDepth;
    char        *szProxyCACertificatePath;
    char        *szProxyCACertificateFile;
    char        *szProxyClientCertificateFile;
    char        *szProxyClientCertificatePath;
    char        *szProxyCipherSuite;
    SSL_CTX     *pSSLProxyCtx;
    STACK_OF(X509_INFO) *skProxyClientCerts;
#endif
#ifdef SSL_VENDOR
    ap_ctx      *ctx;
#endif
} SSLSrvConfigRec;

/*
 * Define the mod_ssl per-directory configuration structure
 * (i.e. the local configuration for all <Directory>
 *  and .htaccess contexts)
 */
typedef struct {
    BOOL          bSSLRequired;
    array_header *aRequirement;
    ssl_opt_t     nOptions;
    ssl_opt_t     nOptionsAdd;
    ssl_opt_t     nOptionsDel;
    char         *szCipherSuite;
    ssl_verify_t  nVerifyClient;
    int           nVerifyDepth;
#ifdef SSL_EXPERIMENTAL_PERDIRCA
    char         *szCACertificatePath;
    char         *szCACertificateFile;
#endif
#ifdef SSL_VENDOR
    ap_ctx       *ctx;
#endif
} SSLDirConfigRec;

/*
 *  function prototypes
 */

/*  API glue structures  */
extern module MODULE_VAR_EXPORT ssl_module;

/*  configuration handling   */
void         ssl_config_global_create(void);
void         ssl_config_global_fix(void);
BOOL         ssl_config_global_isfixed(void);
void        *ssl_config_server_create(pool *, server_rec *);
void        *ssl_config_server_merge(pool *, void *, void *);
void        *ssl_config_perdir_create(pool *, char *);
void        *ssl_config_perdir_merge(pool *, void *, void *);
const char  *ssl_cmd_SSLMutex(cmd_parms *, char *, char *);
const char  *ssl_cmd_SSLPassPhraseDialog(cmd_parms *, char *, char *);
const char  *ssl_cmd_SSLCryptoDevice(cmd_parms *, char *, char *);
const char  *ssl_cmd_SSLRandomSeed(cmd_parms *, char *, char *, char *, char *);
const char  *ssl_cmd_SSLEngine(cmd_parms *, char *, int);
const char  *ssl_cmd_SSLCipherSuite(cmd_parms *, SSLDirConfigRec *, char *);
const char  *ssl_cmd_SSLCertificateFile(cmd_parms *, char *, char *);
const char  *ssl_cmd_SSLCertificateKeyFile(cmd_parms *, char *, char *);
const char  *ssl_cmd_SSLCertificateChainFile(cmd_parms *, char *, char *);
const char  *ssl_cmd_SSLCACertificatePath(cmd_parms *, SSLDirConfigRec *, char *);
const char  *ssl_cmd_SSLCACertificateFile(cmd_parms *, SSLDirConfigRec *, char *);
const char  *ssl_cmd_SSLCARevocationPath(cmd_parms *, SSLDirConfigRec *, char *);
const char  *ssl_cmd_SSLCARevocationFile(cmd_parms *, SSLDirConfigRec *, char *);
const char  *ssl_cmd_SSLVerifyClient(cmd_parms *, SSLDirConfigRec *, char *);
const char  *ssl_cmd_SSLVerifyDepth(cmd_parms *, SSLDirConfigRec *, char *);
const char  *ssl_cmd_SSLSessionCache(cmd_parms *, char *, char *);
const char  *ssl_cmd_SSLSessionCacheTimeout(cmd_parms *, char *, char *);
const char  *ssl_cmd_SSLLog(cmd_parms *, char *, char *);
const char  *ssl_cmd_SSLLogLevel(cmd_parms *, char *, char *);
const char  *ssl_cmd_SSLProtocol(cmd_parms *, char *, const char *);
const char  *ssl_cmd_SSLOptions(cmd_parms *, SSLDirConfigRec *, const char *);
const char  *ssl_cmd_SSLRequireSSL(cmd_parms *, SSLDirConfigRec *, char *);
const char  *ssl_cmd_SSLRequire(cmd_parms *, SSLDirConfigRec *, char *);
#ifdef SSL_EXPERIMENTAL_PROXY
const char  *ssl_cmd_SSLProxyProtocol(cmd_parms *, char *, const char *);
const char  *ssl_cmd_SSLProxyCipherSuite(cmd_parms *, char *, char *);
const char  *ssl_cmd_SSLProxyVerify(cmd_parms *, char *, int);
const char  *ssl_cmd_SSLProxyVerifyDepth(cmd_parms *, char *, char *);
const char  *ssl_cmd_SSLProxyCACertificatePath(cmd_parms *, char *, char *);
const char  *ssl_cmd_SSLProxyCACertificateFile(cmd_parms *, char *, char *);
const char  *ssl_cmd_SSLProxyMachineCertificatePath(cmd_parms *, char *, char *);
const char  *ssl_cmd_SSLProxyMachineCertificateFile(cmd_parms *, char *, char *);
#endif

/*  module initialization  */
void         ssl_init_Module(server_rec *, pool *);
void         ssl_init_SSLLibrary(void);
void         ssl_init_Engine(server_rec *, pool *);
void         ssl_init_TmpKeysHandle(int, server_rec *, pool *);
void         ssl_init_ConfigureServer(server_rec *, pool *, SSLSrvConfigRec *);
void         ssl_init_CheckServers(server_rec *, pool *);
STACK_OF(X509_NAME) 
            *ssl_init_FindCAList(server_rec *, pool *, char *, char *);
void         ssl_init_Child(server_rec *, pool *);
void         ssl_init_ChildKill(void *);
void         ssl_init_ModuleKill(void *);

/*  Apache API hooks  */
void         ssl_hook_AddModule(module *);
void         ssl_hook_RemoveModule(module *);
char        *ssl_hook_RewriteCommand(cmd_parms *, void *, const char *);
void         ssl_hook_NewConnection(conn_rec *);
void         ssl_hook_TimeoutConnection(int);
void         ssl_hook_CloseConnection(conn_rec *);
int          ssl_hook_Translate(request_rec *);
int          ssl_hook_Auth(request_rec *);
int          ssl_hook_UserCheck(request_rec *);
int          ssl_hook_Access(request_rec *);
int          ssl_hook_Fixup(request_rec *);
int          ssl_hook_ReadReq(request_rec *);
int          ssl_hook_Handler(request_rec *);

/*  OpenSSL callbacks */
RSA         *ssl_callback_TmpRSA(SSL *, int, int);
DH          *ssl_callback_TmpDH(SSL *, int, int);
int          ssl_callback_SSLVerify(int, X509_STORE_CTX *);
int          ssl_callback_SSLVerify_CRL(int, X509_STORE_CTX *, server_rec *);
int          ssl_callback_NewSessionCacheEntry(SSL *, SSL_SESSION *);
SSL_SESSION *ssl_callback_GetSessionCacheEntry(SSL *, unsigned char *, int, int *);
void         ssl_callback_DelSessionCacheEntry(SSL_CTX *, SSL_SESSION *);
#if SSL_LIBRARY_VERSION >= 0x00907000
void         ssl_callback_LogTracingState(const SSL *, int, int);
#else
void         ssl_callback_LogTracingState(SSL *, int, int);
#endif

/*  Session Cache Support  */
void         ssl_scache_init(server_rec *, pool *);
void         ssl_scache_kill(server_rec *);
BOOL         ssl_scache_store(server_rec *, UCHAR *, int, time_t, SSL_SESSION *);
SSL_SESSION *ssl_scache_retrieve(server_rec *, UCHAR *, int);
void         ssl_scache_remove(server_rec *, UCHAR *, int);
void         ssl_scache_expire(server_rec *);
void         ssl_scache_status(server_rec *, pool *, void (*)(char *, void *), void *);
char        *ssl_scache_id2sz(UCHAR *, int);
void         ssl_scache_dbm_init(server_rec *, pool *);
void         ssl_scache_dbm_kill(server_rec *);
BOOL         ssl_scache_dbm_store(server_rec *, UCHAR *, int, time_t, SSL_SESSION *);
SSL_SESSION *ssl_scache_dbm_retrieve(server_rec *, UCHAR *, int);
void         ssl_scache_dbm_remove(server_rec *, UCHAR *, int);
void         ssl_scache_dbm_expire(server_rec *);
void         ssl_scache_dbm_status(server_rec *, pool *, void (*)(char *, void *), void *);
void         ssl_scache_shmht_init(server_rec *, pool *);
void         ssl_scache_shmht_kill(server_rec *);
BOOL         ssl_scache_shmht_store(server_rec *, UCHAR *, int, time_t, SSL_SESSION *);
SSL_SESSION *ssl_scache_shmht_retrieve(server_rec *, UCHAR *, int);
void         ssl_scache_shmht_remove(server_rec *, UCHAR *, int);
void         ssl_scache_shmht_expire(server_rec *);
void         ssl_scache_shmht_status(server_rec *, pool *, void (*)(char *, void *), void *);
void         ssl_scache_shmcb_init(server_rec *, pool *);
void         ssl_scache_shmcb_kill(server_rec *);
BOOL         ssl_scache_shmcb_store(server_rec *, UCHAR *, int, time_t, SSL_SESSION *);
SSL_SESSION *ssl_scache_shmcb_retrieve(server_rec *, UCHAR *, int);
void         ssl_scache_shmcb_remove(server_rec *, UCHAR *, int);
void         ssl_scache_shmcb_expire(server_rec *);
void         ssl_scache_shmcb_status(server_rec *, pool *, void (*)(char *, void *), void *);

/*  Pass Phrase Support  */
void         ssl_pphrase_Handle(server_rec *, pool *);
#if SSL_LIBRARY_VERSION < 0x00904000
int          ssl_pphrase_Handle_CB(char *, int, int);
#else
int          ssl_pphrase_Handle_CB(char *, int, int, void *);
#endif

/*  Diffie-Hellman Parameter Support  */
DH           *ssl_dh_GetTmpParam(int);
DH           *ssl_dh_GetParamFromFile(char *);

/*  Data Structures */
ssl_ds_array *ssl_ds_array_make(pool *, int);
BOOL          ssl_ds_array_isempty(ssl_ds_array *);
void         *ssl_ds_array_push(ssl_ds_array *);
void         *ssl_ds_array_get(ssl_ds_array *, int);
void          ssl_ds_array_wipeout(ssl_ds_array *);
void          ssl_ds_array_kill(ssl_ds_array *);
ssl_ds_table *ssl_ds_table_make(pool *, int);
BOOL          ssl_ds_table_isempty(ssl_ds_table *);
void         *ssl_ds_table_push(ssl_ds_table *, char *);
void         *ssl_ds_table_get(ssl_ds_table *, char *);
void          ssl_ds_table_wipeout(ssl_ds_table *);
void          ssl_ds_table_kill(ssl_ds_table *);

/*  Mutex Support  */
void         ssl_mutex_init(server_rec *, pool *);
void         ssl_mutex_reinit(server_rec *, pool *);
void         ssl_mutex_on(server_rec *);
void         ssl_mutex_off(server_rec *);
void         ssl_mutex_kill(server_rec *s);
void         ssl_mutex_file_create(server_rec *, pool *);
void         ssl_mutex_file_open(server_rec *, pool *);
void         ssl_mutex_file_remove(void *);
BOOL         ssl_mutex_file_acquire(void);
BOOL         ssl_mutex_file_release(void);
void         ssl_mutex_sem_create(server_rec *, pool *);
void         ssl_mutex_sem_open(server_rec *, pool *);
void         ssl_mutex_sem_remove(void *);
BOOL         ssl_mutex_sem_acquire(void);
BOOL         ssl_mutex_sem_release(void);

/*  Logfile Support  */
void         ssl_log_open(server_rec *, server_rec *, pool *);
BOOL         ssl_log_applies(server_rec *, int);
void         ssl_log(server_rec *, int, const char *, ...);
void         ssl_die(void);

/*  Variables  */
void         ssl_var_register(void);
void         ssl_var_unregister(void);
char        *ssl_var_lookup(pool *, server_rec *, conn_rec *, request_rec *, char *);

/*  I/O  */
void         ssl_io_register(void);
void         ssl_io_unregister(void);
long         ssl_io_data_cb(BIO *, int, const char *, int, long, long);
#ifndef SSL_CONSERVATIVE
void         ssl_io_suck(request_rec *, SSL *);
#endif

/*  PRNG  */
int          ssl_rand_seed(server_rec *, pool *, ssl_rsctx_t, char *);

/*  Extensions  */
void         ssl_ext_register(void);
void         ssl_ext_unregister(void);

/*  Compatibility  */
#ifdef SSL_COMPAT
char        *ssl_compat_directive(server_rec *, pool *, const char *);
void         ssl_compat_variables(request_rec *);
#endif

/*  Utility Functions  */
char        *ssl_util_server_root_relative(pool *, char *, char *);
char        *ssl_util_vhostid(pool *, server_rec *);
FILE        *ssl_util_ppopen(server_rec *, pool *, char *);
int          ssl_util_ppopen_child(void *, child_info *);
void         ssl_util_ppclose(server_rec *, pool *, FILE *);
char        *ssl_util_readfilter(server_rec *, pool *, char *);
BOOL         ssl_util_path_check(ssl_pathcheck_t, char *);
ssl_algo_t   ssl_util_algotypeof(X509 *, EVP_PKEY *); 
char        *ssl_util_algotypestr(ssl_algo_t);
char        *ssl_util_ptxtsub(pool *, const char *, const char *, char *);
void         ssl_util_thread_setup(void);
void         ssl_util_thread_cleanup(void);

/*  Vendor extension support  */
#if defined(SSL_VENDOR) && defined(SSL_VENDOR_OBJS)
void         ssl_vendor_register(void);
void         ssl_vendor_unregister(void);
#endif

#endif /* MOD_SSL_H */