|
Packit |
90a5c9 |
/* Licensed to the Apache Software Foundation (ASF) under one or more
|
|
Packit |
90a5c9 |
* contributor license agreements. See the NOTICE file distributed with
|
|
Packit |
90a5c9 |
* this work for additional information regarding copyright ownership.
|
|
Packit |
90a5c9 |
* The ASF licenses this file to You under the Apache License, Version 2.0
|
|
Packit |
90a5c9 |
* (the "License"); you may not use this file except in compliance with
|
|
Packit |
90a5c9 |
* the License. You may obtain a copy of the License at
|
|
Packit |
90a5c9 |
*
|
|
Packit |
90a5c9 |
* http://www.apache.org/licenses/LICENSE-2.0
|
|
Packit |
90a5c9 |
*
|
|
Packit |
90a5c9 |
* Unless required by applicable law or agreed to in writing, software
|
|
Packit |
90a5c9 |
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
Packit |
90a5c9 |
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
Packit |
90a5c9 |
* See the License for the specific language governing permissions and
|
|
Packit |
90a5c9 |
* limitations under the License.
|
|
Packit |
90a5c9 |
*/
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
/**
|
|
Packit |
90a5c9 |
* @file mod_ssl.h
|
|
Packit |
90a5c9 |
* @brief SSL extension module for Apache
|
|
Packit |
90a5c9 |
*
|
|
Packit |
90a5c9 |
* @defgroup MOD_SSL mod_ssl
|
|
Packit |
90a5c9 |
* @ingroup APACHE_MODS
|
|
Packit |
90a5c9 |
* @{
|
|
Packit |
90a5c9 |
*/
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
#ifndef __MOD_SSL_H__
|
|
Packit |
90a5c9 |
#define __MOD_SSL_H__
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
#include "httpd.h"
|
|
Packit |
90a5c9 |
#include "http_config.h"
|
|
Packit |
90a5c9 |
#include "apr_optional.h"
|
|
Packit |
20f7c8 |
#include "apr_tables.h" /* for apr_array_header_t */
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
/* Create a set of SSL_DECLARE(type), SSL_DECLARE_NONSTD(type) and
|
|
Packit |
90a5c9 |
* SSL_DECLARE_DATA with appropriate export and import tags for the platform
|
|
Packit |
90a5c9 |
*/
|
|
Packit |
90a5c9 |
#if !defined(WIN32)
|
|
Packit |
90a5c9 |
#define SSL_DECLARE(type) type
|
|
Packit |
90a5c9 |
#define SSL_DECLARE_NONSTD(type) type
|
|
Packit |
90a5c9 |
#define SSL_DECLARE_DATA
|
|
Packit |
90a5c9 |
#elif defined(SSL_DECLARE_STATIC)
|
|
Packit |
90a5c9 |
#define SSL_DECLARE(type) type __stdcall
|
|
Packit |
90a5c9 |
#define SSL_DECLARE_NONSTD(type) type
|
|
Packit |
90a5c9 |
#define SSL_DECLARE_DATA
|
|
Packit |
90a5c9 |
#elif defined(SSL_DECLARE_EXPORT)
|
|
Packit |
90a5c9 |
#define SSL_DECLARE(type) __declspec(dllexport) type __stdcall
|
|
Packit |
90a5c9 |
#define SSL_DECLARE_NONSTD(type) __declspec(dllexport) type
|
|
Packit |
90a5c9 |
#define SSL_DECLARE_DATA __declspec(dllexport)
|
|
Packit |
90a5c9 |
#else
|
|
Packit |
90a5c9 |
#define SSL_DECLARE(type) __declspec(dllimport) type __stdcall
|
|
Packit |
90a5c9 |
#define SSL_DECLARE_NONSTD(type) __declspec(dllimport) type
|
|
Packit |
90a5c9 |
#define SSL_DECLARE_DATA __declspec(dllimport)
|
|
Packit |
90a5c9 |
#endif
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
/** The ssl_var_lookup() optional function retrieves SSL environment
|
|
Packit |
90a5c9 |
* variables. */
|
|
Packit |
90a5c9 |
APR_DECLARE_OPTIONAL_FN(char *, ssl_var_lookup,
|
|
Packit |
90a5c9 |
(apr_pool_t *, server_rec *,
|
|
Packit |
90a5c9 |
conn_rec *, request_rec *,
|
|
Packit |
90a5c9 |
char *));
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
/** The ssl_ext_list() optional function attempts to build an array
|
|
Packit |
90a5c9 |
* of all the values contained in the named X.509 extension. The
|
|
Packit |
90a5c9 |
* returned array will be created in the supplied pool.
|
|
Packit |
90a5c9 |
* The client certificate is used if peer is non-zero; the server
|
|
Packit |
90a5c9 |
* certificate is used otherwise.
|
|
Packit |
90a5c9 |
* Extension specifies the extensions to use as a string. This can be
|
|
Packit |
90a5c9 |
* one of the "known" long or short names, or a numeric OID,
|
|
Packit |
90a5c9 |
* e.g. "1.2.3.4", 'nsComment' and 'DN' are all valid.
|
|
Packit |
90a5c9 |
* A pointer to an apr_array_header_t structure is returned if at
|
|
Packit |
90a5c9 |
* least one matching extension is found, NULL otherwise.
|
|
Packit |
90a5c9 |
*/
|
|
Packit |
90a5c9 |
APR_DECLARE_OPTIONAL_FN(apr_array_header_t *, ssl_ext_list,
|
|
Packit |
90a5c9 |
(apr_pool_t *p, conn_rec *c, int peer,
|
|
Packit |
90a5c9 |
const char *extension));
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
/** An optional function which returns non-zero if the given connection
|
|
Packit |
90a5c9 |
* is using SSL/TLS. */
|
|
Packit |
90a5c9 |
APR_DECLARE_OPTIONAL_FN(int, ssl_is_https, (conn_rec *));
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
/** The ssl_proxy_enable() and ssl_engine_{set,disable}() optional
|
|
Packit |
90a5c9 |
* functions are used by mod_proxy to enable use of SSL for outgoing
|
|
Packit |
90a5c9 |
* connections. */
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
APR_DECLARE_OPTIONAL_FN(int, ssl_proxy_enable, (conn_rec *));
|
|
Packit |
90a5c9 |
APR_DECLARE_OPTIONAL_FN(int, ssl_engine_disable, (conn_rec *));
|
|
Packit |
90a5c9 |
APR_DECLARE_OPTIONAL_FN(int, ssl_engine_set, (conn_rec *,
|
|
Packit |
90a5c9 |
ap_conf_vector_t *,
|
|
Packit |
90a5c9 |
int proxy, int enable));
|
|
Packit |
20f7c8 |
|
|
Packit |
20f7c8 |
/* Check for availability of new hooks */
|
|
Packit |
20f7c8 |
#define SSL_CERT_HOOKS
|
|
Packit |
20f7c8 |
#ifdef SSL_CERT_HOOKS
|
|
Packit |
20f7c8 |
|
|
Packit |
20f7c8 |
/** Lets others add certificate and key files to the given server.
|
|
Packit |
20f7c8 |
* For each cert a key must also be added.
|
|
Packit |
20f7c8 |
* @param cert_file and array of const char* with the path to the certificate chain
|
|
Packit |
20f7c8 |
* @param key_file and array of const char* with the path to the private key file
|
|
Packit |
20f7c8 |
*/
|
|
Packit |
20f7c8 |
APR_DECLARE_EXTERNAL_HOOK(ssl, SSL, int, add_cert_files,
|
|
Packit |
20f7c8 |
(server_rec *s, apr_pool_t *p,
|
|
Packit |
20f7c8 |
apr_array_header_t *cert_files,
|
|
Packit |
20f7c8 |
apr_array_header_t *key_files))
|
|
Packit |
20f7c8 |
|
|
Packit |
20f7c8 |
/** In case no certificates are available for a server, this
|
|
Packit |
20f7c8 |
* lets other modules add a fallback certificate for the time
|
|
Packit |
20f7c8 |
* being. Regular requests against this server will be answered
|
|
Packit |
20f7c8 |
* with a 503.
|
|
Packit |
20f7c8 |
* @param cert_file and array of const char* with the path to the certificate chain
|
|
Packit |
20f7c8 |
* @param key_file and array of const char* with the path to the private key file
|
|
Packit |
20f7c8 |
*/
|
|
Packit |
20f7c8 |
APR_DECLARE_EXTERNAL_HOOK(ssl, SSL, int, add_fallback_cert_files,
|
|
Packit |
20f7c8 |
(server_rec *s, apr_pool_t *p,
|
|
Packit |
20f7c8 |
apr_array_header_t *cert_files,
|
|
Packit |
20f7c8 |
apr_array_header_t *key_files))
|
|
Packit |
20f7c8 |
|
|
Packit |
20f7c8 |
#endif /* SSL_CERT_HOOKS */
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
#endif /* __MOD_SSL_H__ */
|
|
Packit |
90a5c9 |
/** @} */
|