source-git / httpd

Clone
Source Code
GIT

Files

  1.   8ce744ba6a6ab15fc3d0ccaedf3bf0c8015e0c7b
  2.   modules
  3.   md
  4.   mod_md_config.h
Blob Blame History Raw 
/* Licensed to the Apache Software Foundation (ASF) under one or more
 * contributor license agreements.  See the NOTICE file distributed with
 * this work for additional information regarding copyright ownership.
 * The ASF licenses this file to You under the Apache License, Version 2.0
 * (the "License"); you may not use this file except in compliance with
 * the License.  You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

#ifndef mod_md_md_config_h
#define mod_md_md_config_h

struct md_store_t;
struct md_reg_t;
struct md_pkey_spec_t;

typedef enum {
    MD_CONFIG_CA_URL,
    MD_CONFIG_CA_PROTO,
    MD_CONFIG_BASE_DIR,
    MD_CONFIG_CA_AGREEMENT,
    MD_CONFIG_DRIVE_MODE,
    MD_CONFIG_LOCAL_80,
    MD_CONFIG_LOCAL_443,
    MD_CONFIG_RENEW_NORM,
    MD_CONFIG_RENEW_WINDOW,
    MD_CONFIG_TRANSITIVE,
    MD_CONFIG_PROXY,
    MD_CONFIG_REQUIRE_HTTPS,
    MD_CONFIG_MUST_STAPLE,
    MD_CONFIG_NOTIFY_CMD,
} md_config_var_t;

typedef struct {
    apr_array_header_t *mds;           /* all md_t* defined in the config, shared */
    const char *base_dir;              /* base dir for store */
    const char *proxy_url;             /* proxy url to use (or NULL) */
    struct md_reg_t *reg;              /* md registry instance, singleton, shared */

    int local_80;                      /* On which port http:80 arrives */
    int local_443;                     /* On which port https:443 arrives */
    int can_http;                      /* Does someone listen to the local port 80 equivalent? */
    int can_https;                     /* Does someone listen to the local port 443 equivalent? */
    int manage_base_server;            /* If base server outside vhost may be managed */
    int hsts_max_age;                  /* max-age of HSTS (rfc6797) header */
    const char *hsts_header;           /* computed HTST header to use or NULL */
    apr_array_header_t *unused_names;  /* post config, names of all MDs not assigned to a vhost */

    const char *notify_cmd;            /* notification command to execute on signup/renew */
} md_mod_conf_t;

typedef struct md_srv_conf_t {
    const char *name;
    const server_rec *s;               /* server this config belongs to */
    md_mod_conf_t *mc;                 /* global config settings */
    
    int transitive;                    /* != 0 iff VirtualHost names/aliases are auto-added */
    md_require_t require_https;        /* If MDs require https: access */
    int drive_mode;                    /* mode of obtaining credentials */
    int must_staple;                   /* certificates should set the OCSP Must Staple extension */
    struct md_pkey_spec_t *pkey_spec;  /* specification for generating private keys */
    apr_interval_time_t renew_norm;    /* If > 0, use as normalizing value for cert lifetime
                                        * Example: renew_norm=90d renew_win=30d, cert lives
                                        * for 12 days => renewal 4 days before */
    apr_interval_time_t renew_window;  /* time before expiration that starts renewal */
    
    const char *ca_url;                /* url of CA certificate service */
    const char *ca_proto;              /* protocol used vs CA (e.g. ACME) */
    const char *ca_agreement;          /* accepted agreement uri between CA and user */ 
    struct apr_array_header_t *ca_challenges; /* challenge types configured */

    md_t *current;                     /* md currently defined in <MDomainSet xxx> section */
    md_t *assigned;                    /* post_config: MD that applies to this server or NULL */
} md_srv_conf_t;

void *md_config_create_svr(apr_pool_t *pool, server_rec *s);
void *md_config_merge_svr(apr_pool_t *pool, void *basev, void *addv);

extern const command_rec md_cmds[];

apr_status_t md_config_post_config(server_rec *s, apr_pool_t *p);

/* Get the effective md configuration for the connection */
md_srv_conf_t *md_config_cget(conn_rec *c);
/* Get the effective md configuration for the server */
md_srv_conf_t *md_config_get(server_rec *s);
/* Get the effective md configuration for the server, but make it
 * unique to this server_rec, so that any changes only affect this server */
md_srv_conf_t *md_config_get_unique(server_rec *s, apr_pool_t *p);

const char *md_config_gets(const md_srv_conf_t *config, md_config_var_t var);
int md_config_geti(const md_srv_conf_t *config, md_config_var_t var);
apr_interval_time_t md_config_get_interval(const md_srv_conf_t *config, md_config_var_t var);

#endif /* md_config_h */

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation