httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jor...@apache.org
Subject cvs commit: httpd-2.0/modules/ssl ssl_private.h config.m4 mod_ssl.c mod_ssl.dsp mod_ssl.h ssl_engine_config.c ssl_engine_dh.c ssl_engine_init.c ssl_engine_io.c ssl_engine_kernel.c ssl_engine_log.c ssl_engine_mutex.c ssl_engine_pphrase.c ssl_engine_rand.c ssl_engine_vars.c ssl_expr.c ssl_expr_eval.c ssl_expr_parse.c ssl_expr_parse.y ssl_expr_scan.c ssl_expr_scan.l ssl_scache.c ssl_scache_dbm.c ssl_scache_dc.c ssl_scache_shmcb.c ssl_util.c ssl_util_ssl.c
Date Sat, 28 Feb 2004 18:06:35 GMT
jorton      2004/02/28 10:06:35

  Modified:    .        Makefile.in
               modules/proxy mod_proxy.c
               modules/ssl config.m4 mod_ssl.c mod_ssl.dsp mod_ssl.h
                        ssl_engine_config.c ssl_engine_dh.c
                        ssl_engine_init.c ssl_engine_io.c
                        ssl_engine_kernel.c ssl_engine_log.c
                        ssl_engine_mutex.c ssl_engine_pphrase.c
                        ssl_engine_rand.c ssl_engine_vars.c ssl_expr.c
                        ssl_expr_eval.c ssl_expr_parse.c ssl_expr_parse.y
                        ssl_expr_scan.c ssl_expr_scan.l ssl_scache.c
                        ssl_scache_dbm.c ssl_scache_dc.c ssl_scache_shmcb.c
                        ssl_util.c ssl_util_ssl.c
  Added:       modules/ssl ssl_private.h
  Log:
  Move mod_ssl-internal interfaces into ssl_private.h; allow mod_ssl.h
  to be included even when mod_ssl is not enabled.
  
  * Makefile.in (install-include): Only install mod_ssl.h.
  
  * modules/ssl/ssl_private.h: New file.
  
  * modules/ssl/mod_ssl.h: Move everything apart from than the optional
  hook definitions into ssl_private.h.
  
  * modules/ssl/*.c: Include ssl_private.h not mod_ssl.h
  
  * modules/ssl/config.m4: Always add the mod_ssl directory to the
  include path so other modules can find mod_ssl.h.
  
  * modules/proxy/mod_proxy.c: Include mod_ssl.h to pick up the optional
  hook definitions rather than copy'n'pasting them.
  
  Revision  Changes    Path
  1.138     +1 -1      httpd-2.0/Makefile.in
  
  Index: Makefile.in
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/Makefile.in,v
  retrieving revision 1.137
  retrieving revision 1.138
  diff -w -d -u -r1.137 -r1.138
  --- Makefile.in	9 Jan 2004 12:19:55 -0000	1.137
  +++ Makefile.in	28 Feb 2004 18:06:34 -0000	1.138
  @@ -179,7 +179,7 @@
   	@cp -p $(srcdir)/modules/loggers/mod_log_config.h $(DESTDIR)$(includedir)
   	@cp -p $(srcdir)/modules/http/mod_core.h $(DESTDIR)$(includedir)
   	@cp -p $(srcdir)/modules/proxy/mod_proxy.h $(DESTDIR)$(includedir)
  -	@cp -p $(srcdir)/modules/ssl/*.h $(DESTDIR)$(includedir)
  +	@cp -p $(srcdir)/modules/ssl/mod_ssl.h $(DESTDIR)$(includedir)
   	@cp -p $(srcdir)/srclib/pcre/pcre*.h $(DESTDIR)$(includedir)
   	@cp -p $(srcdir)/os/$(OS_DIR)/*.h $(DESTDIR)$(includedir)
   	@chmod 644 $(DESTDIR)$(includedir)/*.h
  
  
  
  1.98      +1 -3      httpd-2.0/modules/proxy/mod_proxy.c
  
  Index: mod_proxy.c
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/modules/proxy/mod_proxy.c,v
  retrieving revision 1.97
  retrieving revision 1.98
  diff -w -d -u -r1.97 -r1.98
  --- mod_proxy.c	9 Feb 2004 20:29:21 -0000	1.97
  +++ mod_proxy.c	28 Feb 2004 18:06:34 -0000	1.98
  @@ -19,6 +19,7 @@
   #include "mod_core.h"
   
   #include "apr_optional.h"
  +#include "mod_ssl.h"
   
   #ifndef MAX
   #define MAX(x,y) ((x) >= (y) ? (x) : (y))
  @@ -1026,9 +1027,6 @@
    
       {NULL}
   };
  -
  -APR_DECLARE_OPTIONAL_FN(int, ssl_proxy_enable, (conn_rec *));
  -APR_DECLARE_OPTIONAL_FN(int, ssl_engine_disable, (conn_rec *));
   
   static APR_OPTIONAL_FN_TYPE(ssl_proxy_enable) *proxy_ssl_enable = NULL;
   static APR_OPTIONAL_FN_TYPE(ssl_engine_disable) *proxy_ssl_disable = NULL;
  
  
  
  1.22      +3 -1      httpd-2.0/modules/ssl/config.m4
  
  Index: config.m4
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/modules/ssl/config.m4,v
  retrieving revision 1.21
  retrieving revision 1.22
  diff -w -d -u -r1.21 -r1.22
  --- config.m4	28 Feb 2004 11:55:46 -0000	1.21
  +++ config.m4	28 Feb 2004 18:06:34 -0000	1.22
  @@ -115,8 +115,10 @@
   APACHE_MODULE(ssl, [SSL/TLS support (mod_ssl)], $ssl_objs, , no, [
       APACHE_CHECK_SSL_TOOLKIT
       CHECK_DISTCACHE
  -    APR_ADDTO(INCLUDES, [-I\$(top_srcdir)/$modpath_current])
   ])
  +
  +# Ensure that other modules can pick up mod_ssl.h
  +APR_ADDTO(INCLUDES, [-I\$(top_srcdir)/$modpath_current])
   
   dnl #  end of module specific part
   APACHE_MODPATH_FINISH
  
  
  
  1.96      +1 -0      httpd-2.0/modules/ssl/mod_ssl.c
  
  Index: mod_ssl.c
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/modules/ssl/mod_ssl.c,v
  retrieving revision 1.95
  retrieving revision 1.96
  diff -w -d -u -r1.95 -r1.96
  --- mod_ssl.c	9 Feb 2004 20:29:22 -0000	1.95
  +++ mod_ssl.c	28 Feb 2004 18:06:34 -0000	1.96
  @@ -23,6 +23,7 @@
    *  Apache API interface structures
    */
   
  +#include "ssl_private.h"
   #include "mod_ssl.h"
   #include "util_md5.h"
   #include <assert.h>
  
  
  
  1.28      +4 -0      httpd-2.0/modules/ssl/mod_ssl.dsp
  
  Index: mod_ssl.dsp
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/modules/ssl/mod_ssl.dsp,v
  retrieving revision 1.27
  retrieving revision 1.28
  diff -w -d -u -r1.27 -r1.28
  --- mod_ssl.dsp	8 Jan 2004 16:26:53 -0000	1.27
  +++ mod_ssl.dsp	28 Feb 2004 18:06:34 -0000	1.28
  @@ -188,6 +188,10 @@
   # End Source File
   # Begin Source File
   
  +SOURCE=.\ssl_private.h
  +# End Source File
  +# Begin Source File
  +
   SOURCE=.\ssl_expr_parse.h
   # End Source File
   # Begin Source File
  
  
  
  1.149     +5 -625    httpd-2.0/modules/ssl/mod_ssl.h
  
  Index: mod_ssl.h
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/modules/ssl/mod_ssl.h,v
  retrieving revision 1.148
  retrieving revision 1.149
  diff -w -d -u -r1.148 -r1.149
  --- mod_ssl.h	9 Feb 2004 20:29:22 -0000	1.148
  +++ mod_ssl.h	28 Feb 2004 18:06:34 -0000	1.149
  @@ -13,645 +13,25 @@
    * limitations under the License.
    */
   
  -/*                      _             _
  - *  _ __ ___   ___   __| |    ___ ___| |  mod_ssl
  - * | '_ ` _ \ / _ \ / _` |   / __/ __| |  Apache Interface to OpenSSL
  - * | | | | | | (_) | (_| |   \__ \__ \ |
  - * |_| |_| |_|\___/ \__,_|___|___/___/_|
  - *                      |_____|
  - *  mod_ssl.h
  - *  Global header
  - */
  -                             /* ``The Apache Group: a collection
  -                                  of talented individuals who are
  -                                  trying to perfect the art of
  -                                  never finishing something.''
  -                                             -- Rob Hartill         */
   #ifndef __MOD_SSL_H__
   #define __MOD_SSL_H__
   
  -/*
  - * Power up our brain...
  - */
  -
  -/* Apache headers */
   #include "httpd.h"
  -#include "http_config.h"
  -#include "http_core.h"
  -#include "http_log.h"
  -#include "http_main.h"
  -#include "http_connection.h"
  -#include "http_request.h"
  -#include "http_protocol.h"
  -#include "util_script.h"
  -#include "util_filter.h"
  -#include "util_ebcdic.h"
  -#include "mpm.h"
  -#include "apr.h"
  -#include "apr_strings.h"
  -#define APR_WANT_STRFUNC
  -#include "apr_want.h"
  -#include "apr_tables.h"
  -#include "apr_lib.h"
  -#include "apr_fnmatch.h"
  -#include "apr_strings.h"
  -#include "apr_dbm.h"
  -#include "apr_rmm.h"
  -#include "apr_shm.h"
  -#include "apr_global_mutex.h"
   #include "apr_optional.h"
   
  -#define MOD_SSL_VERSION AP_SERVER_BASEREVISION
  -
  -/* mod_ssl headers */
  -#include "ssl_toolkit_compat.h"
  -#include "ssl_expr.h"
  -#include "ssl_util_ssl.h"
  -
  -/* The #ifdef macros are only defined AFTER including the above
  - * therefore we cannot include these system files at the top  :-(
  - */
  -#if APR_HAVE_SYS_TIME_H
  -#include <sys/time.h>
  -#endif
  -#if APR_HAVE_UNISTD_H
  -#include <unistd.h> /* needed for STDIN_FILENO et.al., at least on FreeBSD */
  -#endif
  -
  -/*
  - * Provide reasonable default for some defines
  - */
  -#ifndef FALSE
  -#define FALSE (0)
  -#endif
  -#ifndef TRUE
  -#define TRUE (!FALSE)
  -#endif
  -#ifndef PFALSE
  -#define PFALSE ((void *)FALSE)
  -#endif
  -#ifndef PTRUE
  -#define PTRUE ((void *)TRUE)
  -#endif
  -#ifndef UNSET
  -#define UNSET (-1)
  -#endif
  -#ifndef NUL
  -#define NUL '\0'
  -#endif
  -#ifndef RAND_MAX
  -#include <limits.h>
  -#define RAND_MAX INT_MAX
  -#endif
  -
  -/*
  - * Provide reasonable defines for some types
  - */
  -#ifndef BOOL
  -#define BOOL unsigned int
  -#endif
  -#ifndef UCHAR
  -#define UCHAR unsigned char
  -#endif
  -
  -/*
  - * Provide useful shorthands
  - */
  -#define strEQ(s1,s2)     (strcmp(s1,s2)        == 0)
  -#define strNE(s1,s2)     (strcmp(s1,s2)        != 0)
  -#define strEQn(s1,s2,n)  (strncmp(s1,s2,n)     == 0)
  -#define strNEn(s1,s2,n)  (strncmp(s1,s2,n)     != 0)
  -
  -#define strcEQ(s1,s2)    (strcasecmp(s1,s2)    == 0)
  -#define strcNE(s1,s2)    (strcasecmp(s1,s2)    != 0)
  -#define strcEQn(s1,s2,n) (strncasecmp(s1,s2,n) == 0)
  -#define strcNEn(s1,s2,n) (strncasecmp(s1,s2,n) != 0)
  -
  -#define strIsEmpty(s)    (s == NULL || s[0] == NUL)
  -
  -#define myConnConfig(c) \
  -(SSLConnRec *)ap_get_module_config(c->conn_config, &ssl_module)
  -#define myCtxConfig(sslconn, sc) (sslconn->is_proxy ? sc->proxy : sc->server)
  -#define myConnConfigSet(c, val) \
  -ap_set_module_config(c->conn_config, &ssl_module, val)
  -#define mySrvConfig(srv) (SSLSrvConfigRec *)ap_get_module_config(srv->module_config,  &ssl_module)
  -#define myDirConfig(req) (SSLDirConfigRec *)ap_get_module_config(req->per_dir_config, &ssl_module)
  -#define myModConfig(srv) (mySrvConfig((srv)))->mc
  -
  -#define myCtxVarSet(mc,num,val)  mc->rCtx.pV##num = val
  -#define myCtxVarGet(mc,num,type) (type)(mc->rCtx.pV##num)
  -
  -/*
  - * Defaults for the configuration
  - */
  -#ifndef SSL_SESSION_CACHE_TIMEOUT
  -#define SSL_SESSION_CACHE_TIMEOUT  300
  -#endif
  -
  -/*
  - * Support for MM library
  - */
  -#define SSL_MM_FILE_MODE ( APR_UREAD | APR_UWRITE | APR_GREAD | APR_WREAD )
  -
  -/*
  - * Support for DBM library
  - */
  -#define SSL_DBM_FILE_MODE ( APR_UREAD | APR_UWRITE | APR_GREAD | APR_WREAD )
  -
  -#if !defined(SSL_DBM_FILE_SUFFIX_DIR) && !defined(SSL_DBM_FILE_SUFFIX_PAG)
  -#if defined(DBM_SUFFIX)
  -#define SSL_DBM_FILE_SUFFIX_DIR DBM_SUFFIX
  -#define SSL_DBM_FILE_SUFFIX_PAG DBM_SUFFIX
  -#elif defined(__FreeBSD__) || (defined(DB_LOCK) && defined(DB_SHMEM))
  -#define SSL_DBM_FILE_SUFFIX_DIR ".db"
  -#define SSL_DBM_FILE_SUFFIX_PAG ".db"
  -#else
  -#define SSL_DBM_FILE_SUFFIX_DIR ".dir"
  -#define SSL_DBM_FILE_SUFFIX_PAG ".pag"
  -#endif
  -#endif
  -
  -/*
  - * Define the certificate algorithm types
  - */
  -
  -typedef int ssl_algo_t;
  -
  -#define SSL_ALGO_UNKNOWN (0)
  -#define SSL_ALGO_RSA     (1<<0)
  -#define SSL_ALGO_DSA     (1<<1)
  -#define SSL_ALGO_ALL     (SSL_ALGO_RSA|SSL_ALGO_DSA)
  -
  -#define SSL_AIDX_RSA     (0)
  -#define SSL_AIDX_DSA     (1)
  -#define SSL_AIDX_MAX     (2)
  -
  -
  -/*
  - * Define IDs for the temporary RSA keys and DH params
  - */
  -
  -#define SSL_TMP_KEY_RSA_512  (0)
  -#define SSL_TMP_KEY_RSA_1024 (1)
  -#define SSL_TMP_KEY_DH_512   (2)
  -#define SSL_TMP_KEY_DH_1024  (3)
  -#define SSL_TMP_KEY_MAX      (4)
  -
  -/*
  - * Define the SSL options
  - */
  -#define SSL_OPT_NONE           (0)
  -#define SSL_OPT_RELSET         (1<<0)
  -#define SSL_OPT_STDENVVARS     (1<<1)
  -#define SSL_OPT_COMPATENVVARS  (1<<2)
  -#define SSL_OPT_EXPORTCERTDATA (1<<3)
  -#define SSL_OPT_FAKEBASICAUTH  (1<<4)
  -#define SSL_OPT_STRICTREQUIRE  (1<<5)
  -#define SSL_OPT_OPTRENEGOTIATE (1<<6)
  -#define SSL_OPT_ALL            (SSL_OPT_STDENVVARS|SSL_OPT_COMPATENVVAR|SSL_OPT_EXPORTCERTDATA|SSL_OPT_FAKEBASICAUTH|SSL_OPT_STRICTREQUIRE|SSL_OPT_OPTRENEGOTIATE)
  -typedef int ssl_opt_t;
  -
  -/*
  - * Define the SSL Protocol options
  - */
  -#define SSL_PROTOCOL_NONE  (0)
  -#define SSL_PROTOCOL_SSLV2 (1<<0)
  -#define SSL_PROTOCOL_SSLV3 (1<<1)
  -#define SSL_PROTOCOL_TLSV1 (1<<2)
  -#define SSL_PROTOCOL_ALL   (SSL_PROTOCOL_SSLV2|SSL_PROTOCOL_SSLV3|SSL_PROTOCOL_TLSV1)
  -typedef int ssl_proto_t;
  -
  -/*
  - * Define the SSL verify levels
  - */
  -typedef enum {
  -    SSL_CVERIFY_UNSET           = UNSET,
  -    SSL_CVERIFY_NONE            = 0,
  -    SSL_CVERIFY_OPTIONAL        = 1,
  -    SSL_CVERIFY_REQUIRE         = 2,
  -    SSL_CVERIFY_OPTIONAL_NO_CA  = 3
  -} ssl_verify_t;
  -
  -#define SSL_VERIFY_PEER_STRICT \
  -     (SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT)
  -
  -#ifndef X509_V_ERR_CERT_UNTRUSTED
  -#define X509_V_ERR_CERT_UNTRUSTED 27
  -#endif
  -
  -#define ssl_verify_error_is_optional(errnum) \
  -   ((errnum == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT) \
  -    || (errnum == X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN) \
  -    || (errnum == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY) \
  -    || (errnum == X509_V_ERR_CERT_UNTRUSTED) \
  -    || (errnum == X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE))
  -
  -/*
  - * Define the SSL pass phrase dialog types
  - */
  -typedef enum {
  -    SSL_PPTYPE_UNSET   = UNSET,
  -    SSL_PPTYPE_BUILTIN = 0,
  -    SSL_PPTYPE_FILTER  = 1,
  -	SSL_PPTYPE_PIPE    = 2
  -} ssl_pphrase_t;
  -
  -/*
  - * Define the Path Checking modes
  - */
  -#define SSL_PCM_EXISTS     1
  -#define SSL_PCM_ISREG      2
  -#define SSL_PCM_ISDIR      4
  -#define SSL_PCM_ISNONZERO  8
  -typedef unsigned int ssl_pathcheck_t;
  -
  -/*
  - * Define the SSL session cache modes and structures
  - */
  -typedef enum {
  -    SSL_SCMODE_UNSET = UNSET,
  -    SSL_SCMODE_NONE  = 0,
  -    SSL_SCMODE_DBM   = 1,
  -    SSL_SCMODE_SHMCB = 3,
  -    SSL_SCMODE_DC    = 4
  -} ssl_scmode_t;
  -
  -/*
  - * Define the SSL mutex modes
  - */
  -typedef enum {
  -    SSL_MUTEXMODE_UNSET  = UNSET,
  -    SSL_MUTEXMODE_NONE   = 0,
  -    SSL_MUTEXMODE_USED   = 1
  -} ssl_mutexmode_t;
  -
  -/*
  - * Define the SSL requirement structure
  - */
  -typedef struct {
  -    char     *cpExpr;
  -    ssl_expr *mpExpr;
  -} ssl_require_t;
  -
  -/*
  - * Define the SSL random number generator seeding source
  - */
  -typedef enum {
  -    SSL_RSCTX_STARTUP = 1,
  -    SSL_RSCTX_CONNECT = 2
  -} ssl_rsctx_t;
  -typedef enum {
  -    SSL_RSSRC_BUILTIN = 1,
  -    SSL_RSSRC_FILE    = 2,
  -    SSL_RSSRC_EXEC    = 3,
  -    SSL_RSSRC_EGD     = 4
  -} ssl_rssrc_t;
  -typedef struct {
  -    ssl_rsctx_t  nCtx;
  -    ssl_rssrc_t  nSrc;
  -    char        *cpPath;
  -    int          nBytes;
  -} ssl_randseed_t;
  -
  -/*
  - * Define the structure of an ASN.1 anything
  - */
  -typedef struct {
  -    long int       nData;
  -    unsigned char *cpData;
  -    apr_time_t     source_mtime;
  -} ssl_asn1_t;
  -
  -/*
  - * Define the mod_ssl per-module configuration structure
  - * (i.e. the global configuration for each httpd process)
  - */
  -
  -typedef enum {
  -    SSL_SHUTDOWN_TYPE_UNSET,
  -    SSL_SHUTDOWN_TYPE_STANDARD,
  -    SSL_SHUTDOWN_TYPE_UNCLEAN,
  -    SSL_SHUTDOWN_TYPE_ACCURATE
  -} ssl_shutdown_type_e;
  -
  -typedef struct {
  -    SSL *ssl;
  -    const char *client_dn;
  -    X509 *client_cert;
  -    ssl_shutdown_type_e shutdown_type;
  -    const char *verify_info;
  -    const char *verify_error;
  -    int verify_depth;
  -    int is_proxy;
  -    int disabled;
  -    int non_ssl_request;
  -} SSLConnRec;
  -
  -typedef struct {
  -    pid_t           pid;
  -    apr_pool_t     *pPool;
  -    BOOL            bFixed;
  -    int             nSessionCacheMode;
  -    char           *szSessionCacheDataFile;
  -    int             nSessionCacheDataSize;
  -    apr_shm_t      *pSessionCacheDataMM;
  -    apr_rmm_t      *pSessionCacheDataRMM;
  -    void           *tSessionCacheDataTable;
  -    ssl_mutexmode_t nMutexMode;
  -    apr_lockmech_e  nMutexMech;
  -    const char     *szMutexFile;
  -    apr_global_mutex_t   *pMutex;
  -    apr_array_header_t   *aRandSeed;
  -    apr_hash_t     *tVHostKeys;
  -    void           *pTmpKeys[SSL_TMP_KEY_MAX];
  -    apr_hash_t     *tPublicCert;
  -    apr_hash_t     *tPrivateKey;
  -#if defined(HAVE_OPENSSL_ENGINE_H) && defined(HAVE_ENGINE_INIT)
  -    const char     *szCryptoDevice;
  -#endif
  -    struct {
  -        void *pV1, *pV2, *pV3, *pV4, *pV5, *pV6, *pV7, *pV8, *pV9, *pV10;
  -    } rCtx;
  -} SSLModConfigRec;
  -
  -/* public cert/private key */
  -typedef struct {
  -    /* 
  -     * server only has 1-2 certs/keys
  -     * 1 RSA and/or 1 DSA
  -     */
  -    const char  *cert_files[SSL_AIDX_MAX];
  -    const char  *key_files[SSL_AIDX_MAX];
  -    X509        *certs[SSL_AIDX_MAX];
  -    EVP_PKEY    *keys[SSL_AIDX_MAX];
  -} modssl_pk_server_t;
  -
  -typedef struct {
  -    /* proxy can have any number of cert/key pairs */
  -    const char  *cert_file;
  -    const char  *cert_path;
  -    STACK_OF(X509_INFO) *certs;
  -} modssl_pk_proxy_t;
  -
  -/* stuff related to authentication that can also be per-dir */
  -typedef struct {
  -    /* known/trusted CAs */
  -    const char  *ca_cert_path;
  -    const char  *ca_cert_file;
  -
  -    const char  *cipher_suite;
  -
  -    /* for client or downstream server authentication */
  -    int          verify_depth;
  -    ssl_verify_t verify_mode;
  -} modssl_auth_ctx_t;
  -
  -typedef struct SSLSrvConfigRec SSLSrvConfigRec;
  -
  -typedef struct {
  -    SSLSrvConfigRec *sc; /* pointer back to server config */
  -    SSL_CTX *ssl_ctx;
  -
  -    /* we are one or the other */
  -    modssl_pk_server_t *pks;
  -    modssl_pk_proxy_t  *pkp;
  -
  -    ssl_proto_t  protocol;
  -
  -    /* config for handling encrypted keys */
  -    ssl_pphrase_t pphrase_dialog_type;
  -    const char   *pphrase_dialog_path;
  -
  -    const char  *cert_chain;
  -
  -    /* certificate revocation list */
  -    const char  *crl_path;
  -    const char  *crl_file;
  -    X509_STORE  *crl;
  -
  -    modssl_auth_ctx_t auth;
  -} modssl_ctx_t;
  -
  -struct SSLSrvConfigRec {
  -    SSLModConfigRec *mc;
  -    BOOL             enabled;
  -    BOOL             proxy_enabled;
  -    const char      *vhost_id;
  -    int              vhost_id_len;
  -    int              session_cache_timeout;
  -    modssl_ctx_t    *server;
  -    modssl_ctx_t    *proxy;
  -};
  -
  -/*
  - * Define the mod_ssl per-directory configuration structure
  - * (i.e. the local configuration for all <Directory>
  - *  and .htaccess contexts)
  - */
  -typedef struct {
  -    BOOL          bSSLRequired;
  -    apr_array_header_t *aRequirement;
  -    ssl_opt_t     nOptions;
  -    ssl_opt_t     nOptionsAdd;
  -    ssl_opt_t     nOptionsDel;
  -    const char   *szCipherSuite;
  -    ssl_verify_t  nVerifyClient;
  -    int           nVerifyDepth;
  -    const char   *szCACertificatePath;
  -    const char   *szCACertificateFile;
  -} SSLDirConfigRec;
  -
  -/*
  - *  function prototypes
  - */
  -
  -/*  API glue structures  */
  -extern module AP_MODULE_DECLARE_DATA ssl_module;
  -
  -/* "global" stuff */
  -extern const char ssl_valid_ssl_mutex_string[];
  -
  -/*  configuration handling   */
  -SSLModConfigRec *ssl_config_global_create(server_rec *);
  -void         ssl_config_global_fix(SSLModConfigRec *);
  -BOOL         ssl_config_global_isfixed(SSLModConfigRec *);
  -void        *ssl_config_server_create(apr_pool_t *, server_rec *);
  -void        *ssl_config_server_merge(apr_pool_t *, void *, void *);
  -void        *ssl_config_perdir_create(apr_pool_t *, char *);
  -void        *ssl_config_perdir_merge(apr_pool_t *, void *, void *);
  -const char  *ssl_cmd_SSLMutex(cmd_parms *, void *, const char *);
  -const char  *ssl_cmd_SSLPassPhraseDialog(cmd_parms *, void *, const char *);
  -const char  *ssl_cmd_SSLCryptoDevice(cmd_parms *, void *, const char *);
  -const char  *ssl_cmd_SSLRandomSeed(cmd_parms *, void *, const char *, const char *, const char *);
  -const char  *ssl_cmd_SSLEngine(cmd_parms *, void *, const char *);
  -const char  *ssl_cmd_SSLCipherSuite(cmd_parms *, void *, const char *);
  -const char  *ssl_cmd_SSLCertificateFile(cmd_parms *, void *, const char *);
  -const char  *ssl_cmd_SSLCertificateKeyFile(cmd_parms *, void *, const char *);
  -const char  *ssl_cmd_SSLCertificateChainFile(cmd_parms *, void *, const char *);
  -const char  *ssl_cmd_SSLCACertificatePath(cmd_parms *, void *, const char *);
  -const char  *ssl_cmd_SSLCACertificateFile(cmd_parms *, void *, const char *);
  -const char  *ssl_cmd_SSLCARevocationPath(cmd_parms *, void *, const char *);
  -const char  *ssl_cmd_SSLCARevocationFile(cmd_parms *, void *, const char *);
  -const char  *ssl_cmd_SSLVerifyClient(cmd_parms *, void *, const char *);
  -const char  *ssl_cmd_SSLVerifyDepth(cmd_parms *, void *, const char *);
  -const char  *ssl_cmd_SSLSessionCache(cmd_parms *, void *, const char *);
  -const char  *ssl_cmd_SSLSessionCacheTimeout(cmd_parms *, void *, const char *);
  -const char  *ssl_cmd_SSLProtocol(cmd_parms *, void *, const char *);
  -const char  *ssl_cmd_SSLOptions(cmd_parms *, void *, const char *);
  -const char  *ssl_cmd_SSLRequireSSL(cmd_parms *, void *);
  -const char  *ssl_cmd_SSLRequire(cmd_parms *, void *, const char *);
  -
  -const char *ssl_cmd_SSLProxyEngine(cmd_parms *cmd, void *dcfg, int flag);
  -const char  *ssl_cmd_SSLProxyProtocol(cmd_parms *, void *, const char *);
  -const char  *ssl_cmd_SSLProxyCipherSuite(cmd_parms *, void *, const char *);
  -const char  *ssl_cmd_SSLProxyVerify(cmd_parms *, void *, const char *);
  -const char  *ssl_cmd_SSLProxyVerifyDepth(cmd_parms *, void *, const char *);
  -const char  *ssl_cmd_SSLProxyCACertificatePath(cmd_parms *, void *, const char *);
  -const char  *ssl_cmd_SSLProxyCACertificateFile(cmd_parms *, void *, const char *);
  -const char  *ssl_cmd_SSLProxyCARevocationPath(cmd_parms *, void *, const char *);
  -const char  *ssl_cmd_SSLProxyCARevocationFile(cmd_parms *, void *, const char *);
  -const char  *ssl_cmd_SSLProxyMachineCertificatePath(cmd_parms *, void *, const char *);
  -const char  *ssl_cmd_SSLProxyMachineCertificateFile(cmd_parms *, void *, const char *);
  -
  -/*  module initialization  */
  -int          ssl_init_Module(apr_pool_t *, apr_pool_t *, apr_pool_t *, server_rec *);
  -void         ssl_init_Engine(server_rec *, apr_pool_t *);
  -void         ssl_init_ConfigureServer(server_rec *, apr_pool_t *, apr_pool_t *, SSLSrvConfigRec *);
  -void         ssl_init_CheckServers(server_rec *, apr_pool_t *);
  -STACK_OF(X509_NAME) 
  -            *ssl_init_FindCAList(server_rec *, apr_pool_t *, const char *, const char *);
  -void         ssl_init_Child(apr_pool_t *, server_rec *);
  -apr_status_t ssl_init_ModuleKill(void *data);
  -
  -/*  Apache API hooks  */
  -int          ssl_hook_Translate(request_rec *);
  -int          ssl_hook_Auth(request_rec *);
  -int          ssl_hook_UserCheck(request_rec *);
  -int          ssl_hook_Access(request_rec *);
  -int          ssl_hook_Fixup(request_rec *);
  -int          ssl_hook_ReadReq(request_rec *);
  -int          ssl_hook_Upgrade(request_rec *);
  -
  -/*  OpenSSL callbacks */
  -RSA         *ssl_callback_TmpRSA(SSL *, int, int);
  -DH          *ssl_callback_TmpDH(SSL *, int, int);
  -int          ssl_callback_SSLVerify(int, X509_STORE_CTX *);
  -int          ssl_callback_SSLVerify_CRL(int, X509_STORE_CTX *, conn_rec *);
  -int          ssl_callback_proxy_cert(SSL *ssl, MODSSL_CLIENT_CERT_CB_ARG_TYPE **x509, EVP_PKEY **pkey);
  -int          ssl_callback_NewSessionCacheEntry(SSL *, SSL_SESSION *);
  -SSL_SESSION *ssl_callback_GetSessionCacheEntry(SSL *, unsigned char *, int, int *);
  -void         ssl_callback_DelSessionCacheEntry(SSL_CTX *, SSL_SESSION *);
  -void         ssl_callback_LogTracingState(MODSSL_INFO_CB_ARG_TYPE, int, int);
  -
  -/*  Session Cache Support  */
  -void         ssl_scache_init(server_rec *, apr_pool_t *);
  -void         ssl_scache_status_register(apr_pool_t *p);
  -void         ssl_scache_kill(server_rec *);
  -BOOL         ssl_scache_store(server_rec *, UCHAR *, int, time_t, SSL_SESSION *);
  -SSL_SESSION *ssl_scache_retrieve(server_rec *, UCHAR *, int);
  -void         ssl_scache_remove(server_rec *, UCHAR *, int);
  -void         ssl_scache_expire(server_rec *);
  -
  -char        *ssl_scache_id2sz(UCHAR *, int);
  -void         ssl_scache_dbm_init(server_rec *, apr_pool_t *);
  -void         ssl_scache_dbm_kill(server_rec *);
  -BOOL         ssl_scache_dbm_store(server_rec *, UCHAR *, int, time_t, SSL_SESSION *);
  -SSL_SESSION *ssl_scache_dbm_retrieve(server_rec *, UCHAR *, int);
  -void         ssl_scache_dbm_remove(server_rec *, UCHAR *, int);
  -void         ssl_scache_dbm_expire(server_rec *);
  -void         ssl_scache_dbm_status(request_rec *r, int flags, apr_pool_t *pool);
  -
  -void         ssl_scache_shmcb_init(server_rec *, apr_pool_t *);
  -void         ssl_scache_shmcb_kill(server_rec *);
  -BOOL         ssl_scache_shmcb_store(server_rec *, UCHAR *, int, time_t, SSL_SESSION *);
  -SSL_SESSION *ssl_scache_shmcb_retrieve(server_rec *, UCHAR *, int);
  -void         ssl_scache_shmcb_remove(server_rec *, UCHAR *, int);
  -void         ssl_scache_shmcb_expire(server_rec *);
  -void         ssl_scache_shmcb_status(request_rec *r, int flags, apr_pool_t *pool);
  -
  -void         ssl_scache_dc_init(server_rec *, apr_pool_t *);
  -void         ssl_scache_dc_kill(server_rec *);
  -BOOL         ssl_scache_dc_store(server_rec *, UCHAR *, int, time_t, SSL_SESSION *);
  -SSL_SESSION *ssl_scache_dc_retrieve(server_rec *, UCHAR *, int);
  -void         ssl_scache_dc_remove(server_rec *, UCHAR *, int);
  -void         ssl_scache_dc_expire(server_rec *);
  -void         ssl_scache_dc_status(request_rec *r, int flags, apr_pool_t *pool);
  -
  -/*  Pass Phrase Support  */
  -void         ssl_pphrase_Handle(server_rec *, apr_pool_t *);
  -
  -/*  Diffie-Hellman Parameter Support  */
  -DH           *ssl_dh_GetTmpParam(int);
  -DH           *ssl_dh_GetParamFromFile(char *);
  -
  -unsigned char *ssl_asn1_table_set(apr_hash_t *table,
  -                                  const char *key,
  -                                  long int length);
  -
  -ssl_asn1_t *ssl_asn1_table_get(apr_hash_t *table,
  -                               const char *key);
  -
  -void ssl_asn1_table_unset(apr_hash_t *table,
  -                          const char *key);
  -
  -const char *ssl_asn1_keystr(int keytype);
  -
  -const char *ssl_asn1_table_keyfmt(apr_pool_t *p,
  -                                  const char *id,
  -                                  int keytype);
  -/*  Mutex Support  */
  -int          ssl_mutex_init(server_rec *, apr_pool_t *);
  -int          ssl_mutex_reinit(server_rec *, apr_pool_t *);
  -int          ssl_mutex_on(server_rec *);
  -int          ssl_mutex_off(server_rec *);
  -
  -/*  Logfile Support  */
  -void         ssl_die(void);
  -void         ssl_log_ssl_error(const char *, int, int, server_rec *);
  -
  -/*  Variables  */
  -void         ssl_var_register(void);
  -char        *ssl_var_lookup(apr_pool_t *, server_rec *, conn_rec *, request_rec *, char *);
  -void         ssl_var_log_config_register(apr_pool_t *p);
  -
  +/* The ssl_var_lookup() optional function retrieves SSL environment
  + * variables. */
   APR_DECLARE_OPTIONAL_FN(char *, ssl_var_lookup,
                           (apr_pool_t *, server_rec *,
                            conn_rec *, request_rec *,
                            char *));
   
  -/* Proxy Support */
  -int ssl_proxy_enable(conn_rec *c);
  -int ssl_engine_disable(conn_rec *c);
  +/* The ssl_proxy_enable() and ssl_engine_disable() optional functions
  + * are used by mod_proxy to enable use of SSL for outgoing
  + * connections. */
   
   APR_DECLARE_OPTIONAL_FN(int, ssl_proxy_enable, (conn_rec *));
   
   APR_DECLARE_OPTIONAL_FN(int, ssl_engine_disable, (conn_rec *));
   
  -/*  I/O  */
  -void         ssl_io_filter_init(conn_rec *, SSL *);
  -void         ssl_io_filter_register(apr_pool_t *);
  -long         ssl_io_data_cb(BIO *, int, MODSSL_BIO_CB_ARG_TYPE *, int, long, long);
  -
  -/*  PRNG  */
  -int          ssl_rand_seed(server_rec *, apr_pool_t *, ssl_rsctx_t, char *);
  -
  -/*  Utility Functions  */
  -char        *ssl_util_vhostid(apr_pool_t *, server_rec *);
  -void         ssl_util_strupper(char *);
  -void         ssl_util_uuencode(char *, const char *, BOOL);
  -void         ssl_util_uuencode_binary(unsigned char *, const unsigned char *, int, BOOL);
  -apr_file_t  *ssl_util_ppopen(server_rec *, apr_pool_t *, const char *,
  -                             const char * const *);
  -void         ssl_util_ppclose(server_rec *, apr_pool_t *, apr_file_t *);
  -char        *ssl_util_readfilter(server_rec *, apr_pool_t *, const char *,
  -                                 const char * const *);
  -BOOL         ssl_util_path_check(ssl_pathcheck_t, const char *, apr_pool_t *);
  -ssl_algo_t   ssl_util_algotypeof(X509 *, EVP_PKEY *); 
  -char        *ssl_util_algotypestr(ssl_algo_t);
  -char        *ssl_util_ptxtsub(apr_pool_t *, const char *, const char *, char *);
  -void         ssl_util_thread_setup(apr_pool_t *);
  -int          ssl_init_ssl_connection(conn_rec *c);
  -
  -
  -#define APR_SHM_MAXSIZE (64 * 1024 * 1024)
   #endif /* __MOD_SSL_H__ */
  
  
  
  1.89      +1 -1      httpd-2.0/modules/ssl/ssl_engine_config.c
  
  Index: ssl_engine_config.c
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/modules/ssl/ssl_engine_config.c,v
  retrieving revision 1.88
  retrieving revision 1.89
  diff -w -d -u -r1.88 -r1.89
  --- ssl_engine_config.c	9 Feb 2004 20:29:22 -0000	1.88
  +++ ssl_engine_config.c	28 Feb 2004 18:06:34 -0000	1.89
  @@ -25,7 +25,7 @@
                                         /* ``Damned if you do,
                                              damned if you don't.''
                                                  -- Unknown        */
  -#include "mod_ssl.h"
  +#include "ssl_private.h"
   
   /*  _________________________________________________________________
   **
  
  
  
  1.14      +1 -1      httpd-2.0/modules/ssl/ssl_engine_dh.c
  
  Index: ssl_engine_dh.c
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/modules/ssl/ssl_engine_dh.c,v
  retrieving revision 1.13
  retrieving revision 1.14
  diff -w -d -u -r1.13 -r1.14
  --- ssl_engine_dh.c	9 Feb 2004 20:29:22 -0000	1.13
  +++ ssl_engine_dh.c	28 Feb 2004 18:06:34 -0000	1.14
  @@ -27,7 +27,7 @@
    * Diffie-Hellman Built-in Temporary Parameters
    */
   
  -#include "mod_ssl.h"
  +#include "ssl_private.h"
   
   /* ----BEGIN GENERATED SECTION-------- */
   
  
  
  
  1.124     +1 -1      httpd-2.0/modules/ssl/ssl_engine_init.c
  
  Index: ssl_engine_init.c
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/modules/ssl/ssl_engine_init.c,v
  retrieving revision 1.123
  retrieving revision 1.124
  diff -w -d -u -r1.123 -r1.124
  --- ssl_engine_init.c	9 Feb 2004 20:29:22 -0000	1.123
  +++ ssl_engine_init.c	28 Feb 2004 18:06:34 -0000	1.124
  @@ -25,7 +25,7 @@
                                /* ``Recursive, adj.;
                                     see Recursive.''
                                           -- Unknown   */
  -#include "mod_ssl.h"
  +#include "ssl_private.h"
   
   /*  _________________________________________________________________
   **
  
  
  
  1.120     +1 -1      httpd-2.0/modules/ssl/ssl_engine_io.c
  
  Index: ssl_engine_io.c
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/modules/ssl/ssl_engine_io.c,v
  retrieving revision 1.119
  retrieving revision 1.120
  diff -w -d -u -r1.119 -r1.120
  --- ssl_engine_io.c	28 Feb 2004 00:45:26 -0000	1.119
  +++ ssl_engine_io.c	28 Feb 2004 18:06:34 -0000	1.120
  @@ -26,7 +26,7 @@
                                     Just one little problem:
                                     core keeps dumping.''
                                               -- Unknown    */
  -#include "mod_ssl.h"
  +#include "ssl_private.h"
   
   /*  _________________________________________________________________
   **
  
  
  
  1.104     +1 -1      httpd-2.0/modules/ssl/ssl_engine_kernel.c
  
  Index: ssl_engine_kernel.c
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/modules/ssl/ssl_engine_kernel.c,v
  retrieving revision 1.103
  retrieving revision 1.104
  diff -w -d -u -r1.103 -r1.104
  --- ssl_engine_kernel.c	9 Feb 2004 20:29:22 -0000	1.103
  +++ ssl_engine_kernel.c	28 Feb 2004 18:06:34 -0000	1.104
  @@ -27,7 +27,7 @@
                                     I couldn't give it up because by that
                                     time I was too famous.''
                                               -- Unknown                */
  -#include "mod_ssl.h"
  +#include "ssl_private.h"
   
   /*
    *  Post Read Request Handler
  
  
  
  1.28      +1 -1      httpd-2.0/modules/ssl/ssl_engine_log.c
  
  Index: ssl_engine_log.c
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/modules/ssl/ssl_engine_log.c,v
  retrieving revision 1.27
  retrieving revision 1.28
  diff -w -d -u -r1.27 -r1.28
  --- ssl_engine_log.c	9 Feb 2004 20:29:22 -0000	1.27
  +++ ssl_engine_log.c	28 Feb 2004 18:06:34 -0000	1.28
  @@ -26,7 +26,7 @@
                                     industry job and open-source software
                                     hacking is about 30 hours a week.''
                                            -- Ralf S. Engelschall     */
  -#include "mod_ssl.h"
  +#include "ssl_private.h"
   
   /*  _________________________________________________________________
   **
  
  
  
  1.31      +1 -1      httpd-2.0/modules/ssl/ssl_engine_mutex.c
  
  Index: ssl_engine_mutex.c
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/modules/ssl/ssl_engine_mutex.c,v
  retrieving revision 1.30
  retrieving revision 1.31
  diff -w -d -u -r1.30 -r1.31
  --- ssl_engine_mutex.c	9 Feb 2004 20:29:22 -0000	1.30
  +++ ssl_engine_mutex.c	28 Feb 2004 18:06:34 -0000	1.31
  @@ -27,7 +27,7 @@
                                     because DEC 25 = OCT 31.''
                                                -- Unknown     */
   
  -#include "mod_ssl.h"
  +#include "ssl_private.h"
   #if !defined(OS2) && !defined(WIN32) && !defined(BEOS) && !defined(NETWARE)
   #include "unixd.h"
   #define MOD_SSL_SET_MUTEX_PERMS /* XXX Apache should define something */
  
  
  
  1.52      +1 -1      httpd-2.0/modules/ssl/ssl_engine_pphrase.c
  
  Index: ssl_engine_pphrase.c
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/modules/ssl/ssl_engine_pphrase.c,v
  retrieving revision 1.51
  retrieving revision 1.52
  diff -w -d -u -r1.51 -r1.52
  --- ssl_engine_pphrase.c	22 Feb 2004 10:27:21 -0000	1.51
  +++ ssl_engine_pphrase.c	28 Feb 2004 18:06:34 -0000	1.52
  @@ -27,7 +27,7 @@
                                     else use it, and get a new one
                                     every six months.''
                                              -- Clifford Stoll     */
  -#include "mod_ssl.h"
  +#include "ssl_private.h"
   
   /*
    * Return true if the named file exists and is readable
  
  
  
  1.26      +1 -1      httpd-2.0/modules/ssl/ssl_engine_rand.c
  
  Index: ssl_engine_rand.c
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/modules/ssl/ssl_engine_rand.c,v
  retrieving revision 1.25
  retrieving revision 1.26
  diff -w -d -u -r1.25 -r1.26
  --- ssl_engine_rand.c	9 Feb 2004 20:29:22 -0000	1.25
  +++ ssl_engine_rand.c	28 Feb 2004 18:06:34 -0000	1.26
  @@ -26,7 +26,7 @@
                                     numbers is too important
                                     to be left to chance.'' */
   
  -#include "mod_ssl.h"
  +#include "ssl_private.h"
   
   /*  _________________________________________________________________
   **
  
  
  
  1.34      +1 -0      httpd-2.0/modules/ssl/ssl_engine_vars.c
  
  Index: ssl_engine_vars.c
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/modules/ssl/ssl_engine_vars.c,v
  retrieving revision 1.33
  retrieving revision 1.34
  diff -w -d -u -r1.33 -r1.34
  --- ssl_engine_vars.c	9 Feb 2004 20:29:22 -0000	1.33
  +++ ssl_engine_vars.c	28 Feb 2004 18:06:34 -0000	1.34
  @@ -26,6 +26,7 @@
                                     know everything are very annoying
                                     to those of us who do.''
                                                     -- Unknown       */
  +#include "ssl_private.h"
   #include "mod_ssl.h"
   
   /*  _________________________________________________________________
  
  
  
  1.11      +1 -1      httpd-2.0/modules/ssl/ssl_expr.c
  
  Index: ssl_expr.c
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/modules/ssl/ssl_expr.c,v
  retrieving revision 1.10
  retrieving revision 1.11
  diff -w -d -u -r1.10 -r1.11
  --- ssl_expr.c	9 Feb 2004 20:29:22 -0000	1.10
  +++ ssl_expr.c	28 Feb 2004 18:06:34 -0000	1.11
  @@ -26,7 +26,7 @@
                                     the eagles when you work
                                     with the turkeys.''
                                             -- Unknown  */
  -#include "mod_ssl.h"
  +#include "ssl_private.h"
   
   /*  _________________________________________________________________
   **
  
  
  
  1.13      +1 -1      httpd-2.0/modules/ssl/ssl_expr_eval.c
  
  Index: ssl_expr_eval.c
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/modules/ssl/ssl_expr_eval.c,v
  retrieving revision 1.12
  retrieving revision 1.13
  diff -w -d -u -r1.12 -r1.13
  --- ssl_expr_eval.c	9 Feb 2004 20:29:22 -0000	1.12
  +++ ssl_expr_eval.c	28 Feb 2004 18:06:34 -0000	1.13
  @@ -25,7 +25,7 @@
                                /* ``Make love,
                                     not software!''
                                           -- Unknown */
  -#include "mod_ssl.h"
  +#include "ssl_private.h"
   
   /*  _________________________________________________________________
   **
  
  
  
  1.9       +1 -1      httpd-2.0/modules/ssl/ssl_expr_parse.c
  
  Index: ssl_expr_parse.c
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/modules/ssl/ssl_expr_parse.c,v
  retrieving revision 1.8
  retrieving revision 1.9
  diff -w -d -u -r1.8 -r1.9
  --- ssl_expr_parse.c	10 May 2002 03:55:41 -0000	1.8
  +++ ssl_expr_parse.c	28 Feb 2004 18:06:35 -0000	1.9
  @@ -27,7 +27,7 @@
   
   #line 68 "ssl_expr_parse.y"
   
  -#include "mod_ssl.h"
  +#include "ssl_private.h"
   
   #line 72 "ssl_expr_parse.y"
   typedef union {
  
  
  
  1.12      +1 -1      httpd-2.0/modules/ssl/ssl_expr_parse.y
  
  Index: ssl_expr_parse.y
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/modules/ssl/ssl_expr_parse.y,v
  retrieving revision 1.11
  retrieving revision 1.12
  diff -w -d -u -r1.11 -r1.12
  --- ssl_expr_parse.y	9 Feb 2004 20:29:22 -0000	1.11
  +++ ssl_expr_parse.y	28 Feb 2004 18:06:35 -0000	1.12
  @@ -32,7 +32,7 @@
   */
   
   %{
  -#include "mod_ssl.h"
  +#include "ssl_private.h"
   %}
   
   %union {
  
  
  
  1.19      +2 -2      httpd-2.0/modules/ssl/ssl_expr_scan.c
  
  Index: ssl_expr_scan.c
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/modules/ssl/ssl_expr_scan.c,v
  retrieving revision 1.18
  retrieving revision 1.19
  diff -w -d -u -r1.18 -r1.19
  --- ssl_expr_scan.c	9 Feb 2004 20:29:22 -0000	1.18
  +++ ssl_expr_scan.c	28 Feb 2004 18:06:35 -0000	1.19
  @@ -480,7 +480,7 @@
   **  _________________________________________________________________
   */
   #line 38 "ssl_expr_scan.l"
  -#include "mod_ssl.h"
  +#include "ssl_private.h"
   
   #include "ssl_expr_parse.h"
   
  
  
  
  1.11      +1 -1      httpd-2.0/modules/ssl/ssl_expr_scan.l
  
  Index: ssl_expr_scan.l
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/modules/ssl/ssl_expr_scan.l,v
  retrieving revision 1.10
  retrieving revision 1.11
  diff -w -d -u -r1.10 -r1.11
  --- ssl_expr_scan.l	9 Feb 2004 20:29:22 -0000	1.10
  +++ ssl_expr_scan.l	28 Feb 2004 18:06:35 -0000	1.11
  @@ -33,7 +33,7 @@
   */
   
   %{
  -#include "mod_ssl.h"
  +#include "ssl_private.h"
   
   #include "ssl_expr_parse.h"
   
  
  
  
  1.23      +1 -1      httpd-2.0/modules/ssl/ssl_scache.c
  
  Index: ssl_scache.c
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/modules/ssl/ssl_scache.c,v
  retrieving revision 1.22
  retrieving revision 1.23
  diff -w -d -u -r1.22 -r1.23
  --- ssl_scache.c	9 Feb 2004 20:29:22 -0000	1.22
  +++ ssl_scache.c	28 Feb 2004 18:06:35 -0000	1.23
  @@ -27,7 +27,7 @@
                                     join forces to help you shoot
                                     yourself in the foot for free.''
                                                    -- Unknown         */
  -#include "mod_ssl.h"
  +#include "ssl_private.h"
   #include "mod_status.h"
   
   /*  _________________________________________________________________
  
  
  
  1.27      +1 -1      httpd-2.0/modules/ssl/ssl_scache_dbm.c
  
  Index: ssl_scache_dbm.c
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/modules/ssl/ssl_scache_dbm.c,v
  retrieving revision 1.26
  retrieving revision 1.27
  diff -w -d -u -r1.26 -r1.27
  --- ssl_scache_dbm.c	9 Feb 2004 20:29:22 -0000	1.26
  +++ ssl_scache_dbm.c	28 Feb 2004 18:06:35 -0000	1.27
  @@ -23,7 +23,7 @@
    *  Session Cache via DBM
    */
   
  -#include "mod_ssl.h"
  +#include "ssl_private.h"
   
   void ssl_scache_dbm_init(server_rec *s, apr_pool_t *p)
   {
  
  
  
  1.5       +1 -1      httpd-2.0/modules/ssl/ssl_scache_dc.c
  
  Index: ssl_scache_dc.c
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/modules/ssl/ssl_scache_dc.c,v
  retrieving revision 1.4
  retrieving revision 1.5
  diff -w -d -u -r1.4 -r1.5
  --- ssl_scache_dc.c	9 Feb 2004 20:29:22 -0000	1.4
  +++ ssl_scache_dc.c	28 Feb 2004 18:06:35 -0000	1.5
  @@ -23,7 +23,7 @@
    *  Distributed Session Cache (client support)
    */
   
  -#include "mod_ssl.h"
  +#include "ssl_private.h"
   
   /* Only build this code if it's enabled at configure-time. */
   #ifdef HAVE_DISTCACHE
  
  
  
  1.25      +1 -1      httpd-2.0/modules/ssl/ssl_scache_shmcb.c
  
  Index: ssl_scache_shmcb.c
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/modules/ssl/ssl_scache_shmcb.c,v
  retrieving revision 1.24
  retrieving revision 1.25
  diff -w -d -u -r1.24 -r1.25
  --- ssl_scache_shmcb.c	22 Feb 2004 10:23:01 -0000	1.24
  +++ ssl_scache_shmcb.c	28 Feb 2004 18:06:35 -0000	1.25
  @@ -23,7 +23,7 @@
    *  Session Cache via Shared Memory (Cyclic Buffer Variant)
    */
   
  -#include "mod_ssl.h"
  +#include "ssl_private.h"
   
   /* 
    * This shared memory based SSL session cache implementation was
  
  
  
  1.46      +1 -1      httpd-2.0/modules/ssl/ssl_util.c
  
  Index: ssl_util.c
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/modules/ssl/ssl_util.c,v
  retrieving revision 1.45
  retrieving revision 1.46
  diff -w -d -u -r1.45 -r1.46
  --- ssl_util.c	9 Feb 2004 20:29:22 -0000	1.45
  +++ ssl_util.c	28 Feb 2004 18:06:35 -0000	1.46
  @@ -28,7 +28,7 @@
                                     who piss me off!''
                                               -- Calvin          */
   
  -#include "mod_ssl.h"
  +#include "ssl_private.h"
   #include "ap_mpm.h"
   #include "apr_thread_mutex.h"
   
  
  
  
  1.32      +1 -1      httpd-2.0/modules/ssl/ssl_util_ssl.c
  
  Index: ssl_util_ssl.c
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/modules/ssl/ssl_util_ssl.c,v
  retrieving revision 1.31
  retrieving revision 1.32
  diff -w -d -u -r1.31 -r1.32
  --- ssl_util_ssl.c	9 Feb 2004 20:29:22 -0000	1.31
  +++ ssl_util_ssl.c	28 Feb 2004 18:06:35 -0000	1.32
  @@ -23,7 +23,7 @@
    *  Additional Utility Functions for OpenSSL
    */
   
  -#include "mod_ssl.h"
  +#include "ssl_private.h"
   
   /*  _________________________________________________________________
   **
  
  
  
  1.1                  httpd-2.0/modules/ssl/ssl_private.h
  
  Index: ssl_private.h
  ===================================================================
  /* Copyright 2001-2004 The Apache Software Foundation
   *
   * Licensed under the Apache License, Version 2.0 (the "License");
   * you may not use this file except in compliance with the License.
   * You may obtain a copy of the License at
   *
   *     http://www.apache.org/licenses/LICENSE-2.0
   *
   * Unless required by applicable law or agreed to in writing, software
   * distributed under the License is distributed on an "AS IS" BASIS,
   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
   * See the License for the specific language governing permissions and
   * limitations under the License.
   */
  
  #ifndef SSL_PRIVATE_H
  #define SSL_PRIVATE_H
  
  /*
   * Internal interfaces private to mod_ssl.
   */
  
  /* Apache headers */
  #include "httpd.h"
  #include "http_config.h"
  #include "http_core.h"
  #include "http_log.h"
  #include "http_main.h"
  #include "http_connection.h"
  #include "http_request.h"
  #include "http_protocol.h"
  #include "util_script.h"
  #include "util_filter.h"
  #include "util_ebcdic.h"
  #include "mpm.h"
  #include "apr.h"
  #include "apr_strings.h"
  #define APR_WANT_STRFUNC
  #include "apr_want.h"
  #include "apr_tables.h"
  #include "apr_lib.h"
  #include "apr_fnmatch.h"
  #include "apr_strings.h"
  #include "apr_dbm.h"
  #include "apr_rmm.h"
  #include "apr_shm.h"
  #include "apr_global_mutex.h"
  #include "apr_optional.h"
  
  #define MOD_SSL_VERSION AP_SERVER_BASEREVISION
  
  /* mod_ssl headers */
  #include "ssl_toolkit_compat.h"
  #include "ssl_expr.h"
  #include "ssl_util_ssl.h"
  
  /* The #ifdef macros are only defined AFTER including the above
   * therefore we cannot include these system files at the top  :-(
   */
  #if APR_HAVE_SYS_TIME_H
  #include <sys/time.h>
  #endif
  #if APR_HAVE_UNISTD_H
  #include <unistd.h> /* needed for STDIN_FILENO et.al., at least on FreeBSD */
  #endif
  
  /*
   * Provide reasonable default for some defines
   */
  #ifndef FALSE
  #define FALSE (0)
  #endif
  #ifndef TRUE
  #define TRUE (!FALSE)
  #endif
  #ifndef PFALSE
  #define PFALSE ((void *)FALSE)
  #endif
  #ifndef PTRUE
  #define PTRUE ((void *)TRUE)
  #endif
  #ifndef UNSET
  #define UNSET (-1)
  #endif
  #ifndef NUL
  #define NUL '\0'
  #endif
  #ifndef RAND_MAX
  #include <limits.h>
  #define RAND_MAX INT_MAX
  #endif
  
  /*
   * Provide reasonable defines for some types
   */
  #ifndef BOOL
  #define BOOL unsigned int
  #endif
  #ifndef UCHAR
  #define UCHAR unsigned char
  #endif
  
  /*
   * Provide useful shorthands
   */
  #define strEQ(s1,s2)     (strcmp(s1,s2)        == 0)
  #define strNE(s1,s2)     (strcmp(s1,s2)        != 0)
  #define strEQn(s1,s2,n)  (strncmp(s1,s2,n)     == 0)
  #define strNEn(s1,s2,n)  (strncmp(s1,s2,n)     != 0)
  
  #define strcEQ(s1,s2)    (strcasecmp(s1,s2)    == 0)
  #define strcNE(s1,s2)    (strcasecmp(s1,s2)    != 0)
  #define strcEQn(s1,s2,n) (strncasecmp(s1,s2,n) == 0)
  #define strcNEn(s1,s2,n) (strncasecmp(s1,s2,n) != 0)
  
  #define strIsEmpty(s)    (s == NULL || s[0] == NUL)
  
  #define myConnConfig(c) \
  (SSLConnRec *)ap_get_module_config(c->conn_config, &ssl_module)
  #define myCtxConfig(sslconn, sc) (sslconn->is_proxy ? sc->proxy : sc->server)
  #define myConnConfigSet(c, val) \
  ap_set_module_config(c->conn_config, &ssl_module, val)
  #define mySrvConfig(srv) (SSLSrvConfigRec *)ap_get_module_config(srv->module_config,  &ssl_module)
  #define myDirConfig(req) (SSLDirConfigRec *)ap_get_module_config(req->per_dir_config, &ssl_module)
  #define myModConfig(srv) (mySrvConfig((srv)))->mc
  
  #define myCtxVarSet(mc,num,val)  mc->rCtx.pV##num = val
  #define myCtxVarGet(mc,num,type) (type)(mc->rCtx.pV##num)
  
  /*
   * Defaults for the configuration
   */
  #ifndef SSL_SESSION_CACHE_TIMEOUT
  #define SSL_SESSION_CACHE_TIMEOUT  300
  #endif
  
  /*
   * Support for MM library
   */
  #define SSL_MM_FILE_MODE ( APR_UREAD | APR_UWRITE | APR_GREAD | APR_WREAD )
  
  /*
   * Support for DBM library
   */
  #define SSL_DBM_FILE_MODE ( APR_UREAD | APR_UWRITE | APR_GREAD | APR_WREAD )
  
  #if !defined(SSL_DBM_FILE_SUFFIX_DIR) && !defined(SSL_DBM_FILE_SUFFIX_PAG)
  #if defined(DBM_SUFFIX)
  #define SSL_DBM_FILE_SUFFIX_DIR DBM_SUFFIX
  #define SSL_DBM_FILE_SUFFIX_PAG DBM_SUFFIX
  #elif defined(__FreeBSD__) || (defined(DB_LOCK) && defined(DB_SHMEM))
  #define SSL_DBM_FILE_SUFFIX_DIR ".db"
  #define SSL_DBM_FILE_SUFFIX_PAG ".db"
  #else
  #define SSL_DBM_FILE_SUFFIX_DIR ".dir"
  #define SSL_DBM_FILE_SUFFIX_PAG ".pag"
  #endif
  #endif
  
  /*
   * Define the certificate algorithm types
   */
  
  typedef int ssl_algo_t;
  
  #define SSL_ALGO_UNKNOWN (0)
  #define SSL_ALGO_RSA     (1<<0)
  #define SSL_ALGO_DSA     (1<<1)
  #define SSL_ALGO_ALL     (SSL_ALGO_RSA|SSL_ALGO_DSA)
  
  #define SSL_AIDX_RSA     (0)
  #define SSL_AIDX_DSA     (1)
  #define SSL_AIDX_MAX     (2)
  
  
  /*
   * Define IDs for the temporary RSA keys and DH params
   */
  
  #define SSL_TMP_KEY_RSA_512  (0)
  #define SSL_TMP_KEY_RSA_1024 (1)
  #define SSL_TMP_KEY_DH_512   (2)
  #define SSL_TMP_KEY_DH_1024  (3)
  #define SSL_TMP_KEY_MAX      (4)
  
  /*
   * Define the SSL options
   */
  #define SSL_OPT_NONE           (0)
  #define SSL_OPT_RELSET         (1<<0)
  #define SSL_OPT_STDENVVARS     (1<<1)
  #define SSL_OPT_COMPATENVVARS  (1<<2)
  #define SSL_OPT_EXPORTCERTDATA (1<<3)
  #define SSL_OPT_FAKEBASICAUTH  (1<<4)
  #define SSL_OPT_STRICTREQUIRE  (1<<5)
  #define SSL_OPT_OPTRENEGOTIATE (1<<6)
  #define SSL_OPT_ALL            (SSL_OPT_STDENVVARS|SSL_OPT_COMPATENVVAR|SSL_OPT_EXPORTCERTDATA|SSL_OPT_FAKEBASICAUTH|SSL_OPT_STRICTREQUIRE|SSL_OPT_OPTRENEGOTIATE)
  typedef int ssl_opt_t;
  
  /*
   * Define the SSL Protocol options
   */
  #define SSL_PROTOCOL_NONE  (0)
  #define SSL_PROTOCOL_SSLV2 (1<<0)
  #define SSL_PROTOCOL_SSLV3 (1<<1)
  #define SSL_PROTOCOL_TLSV1 (1<<2)
  #define SSL_PROTOCOL_ALL   (SSL_PROTOCOL_SSLV2|SSL_PROTOCOL_SSLV3|SSL_PROTOCOL_TLSV1)
  typedef int ssl_proto_t;
  
  /*
   * Define the SSL verify levels
   */
  typedef enum {
      SSL_CVERIFY_UNSET           = UNSET,
      SSL_CVERIFY_NONE            = 0,
      SSL_CVERIFY_OPTIONAL        = 1,
      SSL_CVERIFY_REQUIRE         = 2,
      SSL_CVERIFY_OPTIONAL_NO_CA  = 3
  } ssl_verify_t;
  
  #define SSL_VERIFY_PEER_STRICT \
       (SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT)
  
  #ifndef X509_V_ERR_CERT_UNTRUSTED
  #define X509_V_ERR_CERT_UNTRUSTED 27
  #endif
  
  #define ssl_verify_error_is_optional(errnum) \
     ((errnum == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT) \
      || (errnum == X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN) \
      || (errnum == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY) \
      || (errnum == X509_V_ERR_CERT_UNTRUSTED) \
      || (errnum == X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE))
  
  /*
   * Define the SSL pass phrase dialog types
   */
  typedef enum {
      SSL_PPTYPE_UNSET   = UNSET,
      SSL_PPTYPE_BUILTIN = 0,
      SSL_PPTYPE_FILTER  = 1,
  	SSL_PPTYPE_PIPE    = 2
  } ssl_pphrase_t;
  
  /*
   * Define the Path Checking modes
   */
  #define SSL_PCM_EXISTS     1
  #define SSL_PCM_ISREG      2
  #define SSL_PCM_ISDIR      4
  #define SSL_PCM_ISNONZERO  8
  typedef unsigned int ssl_pathcheck_t;
  
  /*
   * Define the SSL session cache modes and structures
   */
  typedef enum {
      SSL_SCMODE_UNSET = UNSET,
      SSL_SCMODE_NONE  = 0,
      SSL_SCMODE_DBM   = 1,
      SSL_SCMODE_SHMCB = 3,
      SSL_SCMODE_DC    = 4
  } ssl_scmode_t;
  
  /*
   * Define the SSL mutex modes
   */
  typedef enum {
      SSL_MUTEXMODE_UNSET  = UNSET,
      SSL_MUTEXMODE_NONE   = 0,
      SSL_MUTEXMODE_USED   = 1
  } ssl_mutexmode_t;
  
  /*
   * Define the SSL requirement structure
   */
  typedef struct {
      char     *cpExpr;
      ssl_expr *mpExpr;
  } ssl_require_t;
  
  /*
   * Define the SSL random number generator seeding source
   */
  typedef enum {
      SSL_RSCTX_STARTUP = 1,
      SSL_RSCTX_CONNECT = 2
  } ssl_rsctx_t;
  typedef enum {
      SSL_RSSRC_BUILTIN = 1,
      SSL_RSSRC_FILE    = 2,
      SSL_RSSRC_EXEC    = 3,
      SSL_RSSRC_EGD     = 4
  } ssl_rssrc_t;
  typedef struct {
      ssl_rsctx_t  nCtx;
      ssl_rssrc_t  nSrc;
      char        *cpPath;
      int          nBytes;
  } ssl_randseed_t;
  
  /*
   * Define the structure of an ASN.1 anything
   */
  typedef struct {
      long int       nData;
      unsigned char *cpData;
      apr_time_t     source_mtime;
  } ssl_asn1_t;
  
  /*
   * Define the mod_ssl per-module configuration structure
   * (i.e. the global configuration for each httpd process)
   */
  
  typedef enum {
      SSL_SHUTDOWN_TYPE_UNSET,
      SSL_SHUTDOWN_TYPE_STANDARD,
      SSL_SHUTDOWN_TYPE_UNCLEAN,
      SSL_SHUTDOWN_TYPE_ACCURATE
  } ssl_shutdown_type_e;
  
  typedef struct {
      SSL *ssl;
      const char *client_dn;
      X509 *client_cert;
      ssl_shutdown_type_e shutdown_type;
      const char *verify_info;
      const char *verify_error;
      int verify_depth;
      int is_proxy;
      int disabled;
      int non_ssl_request;
  } SSLConnRec;
  
  typedef struct {
      pid_t           pid;
      apr_pool_t     *pPool;
      BOOL            bFixed;
      int             nSessionCacheMode;
      char           *szSessionCacheDataFile;
      int             nSessionCacheDataSize;
      apr_shm_t      *pSessionCacheDataMM;
      apr_rmm_t      *pSessionCacheDataRMM;
      void           *tSessionCacheDataTable;
      ssl_mutexmode_t nMutexMode;
      apr_lockmech_e  nMutexMech;
      const char     *szMutexFile;
      apr_global_mutex_t   *pMutex;
      apr_array_header_t   *aRandSeed;
      apr_hash_t     *tVHostKeys;
      void           *pTmpKeys[SSL_TMP_KEY_MAX];
      apr_hash_t     *tPublicCert;
      apr_hash_t     *tPrivateKey;
  #if defined(HAVE_OPENSSL_ENGINE_H) && defined(HAVE_ENGINE_INIT)
      const char     *szCryptoDevice;
  #endif
      struct {
          void *pV1, *pV2, *pV3, *pV4, *pV5, *pV6, *pV7, *pV8, *pV9, *pV10;
      } rCtx;
  } SSLModConfigRec;
  
  /* public cert/private key */
  typedef struct {
      /* 
       * server only has 1-2 certs/keys
       * 1 RSA and/or 1 DSA
       */
      const char  *cert_files[SSL_AIDX_MAX];
      const char  *key_files[SSL_AIDX_MAX];
      X509        *certs[SSL_AIDX_MAX];
      EVP_PKEY    *keys[SSL_AIDX_MAX];
  } modssl_pk_server_t;
  
  typedef struct {
      /* proxy can have any number of cert/key pairs */
      const char  *cert_file;
      const char  *cert_path;
      STACK_OF(X509_INFO) *certs;
  } modssl_pk_proxy_t;
  
  /* stuff related to authentication that can also be per-dir */
  typedef struct {
      /* known/trusted CAs */
      const char  *ca_cert_path;
      const char  *ca_cert_file;
  
      const char  *cipher_suite;
  
      /* for client or downstream server authentication */
      int          verify_depth;
      ssl_verify_t verify_mode;
  } modssl_auth_ctx_t;
  
  typedef struct SSLSrvConfigRec SSLSrvConfigRec;
  
  typedef struct {
      SSLSrvConfigRec *sc; /* pointer back to server config */
      SSL_CTX *ssl_ctx;
  
      /* we are one or the other */
      modssl_pk_server_t *pks;
      modssl_pk_proxy_t  *pkp;
  
      ssl_proto_t  protocol;
  
      /* config for handling encrypted keys */
      ssl_pphrase_t pphrase_dialog_type;
      const char   *pphrase_dialog_path;
  
      const char  *cert_chain;
  
      /* certificate revocation list */
      const char  *crl_path;
      const char  *crl_file;
      X509_STORE  *crl;
  
      modssl_auth_ctx_t auth;
  } modssl_ctx_t;
  
  struct SSLSrvConfigRec {
      SSLModConfigRec *mc;
      BOOL             enabled;
      BOOL             proxy_enabled;
      const char      *vhost_id;
      int              vhost_id_len;
      int              session_cache_timeout;
      modssl_ctx_t    *server;
      modssl_ctx_t    *proxy;
  };
  
  /*
   * Define the mod_ssl per-directory configuration structure
   * (i.e. the local configuration for all <Directory>
   *  and .htaccess contexts)
   */
  typedef struct {
      BOOL          bSSLRequired;
      apr_array_header_t *aRequirement;
      ssl_opt_t     nOptions;
      ssl_opt_t     nOptionsAdd;
      ssl_opt_t     nOptionsDel;
      const char   *szCipherSuite;
      ssl_verify_t  nVerifyClient;
      int           nVerifyDepth;
      const char   *szCACertificatePath;
      const char   *szCACertificateFile;
  } SSLDirConfigRec;
  
  /*
   *  function prototypes
   */
  
  /*  API glue structures  */
  extern module AP_MODULE_DECLARE_DATA ssl_module;
  
  /* "global" stuff */
  extern const char ssl_valid_ssl_mutex_string[];
  
  /*  configuration handling   */
  SSLModConfigRec *ssl_config_global_create(server_rec *);
  void         ssl_config_global_fix(SSLModConfigRec *);
  BOOL         ssl_config_global_isfixed(SSLModConfigRec *);
  void        *ssl_config_server_create(apr_pool_t *, server_rec *);
  void        *ssl_config_server_merge(apr_pool_t *, void *, void *);
  void        *ssl_config_perdir_create(apr_pool_t *, char *);
  void        *ssl_config_perdir_merge(apr_pool_t *, void *, void *);
  const char  *ssl_cmd_SSLMutex(cmd_parms *, void *, const char *);
  const char  *ssl_cmd_SSLPassPhraseDialog(cmd_parms *, void *, const char *);
  const char  *ssl_cmd_SSLCryptoDevice(cmd_parms *, void *, const char *);
  const char  *ssl_cmd_SSLRandomSeed(cmd_parms *, void *, const char *, const char *, const char *);
  const char  *ssl_cmd_SSLEngine(cmd_parms *, void *, const char *);
  const char  *ssl_cmd_SSLCipherSuite(cmd_parms *, void *, const char *);
  const char  *ssl_cmd_SSLCertificateFile(cmd_parms *, void *, const char *);
  const char  *ssl_cmd_SSLCertificateKeyFile(cmd_parms *, void *, const char *);
  const char  *ssl_cmd_SSLCertificateChainFile(cmd_parms *, void *, const char *);
  const char  *ssl_cmd_SSLCACertificatePath(cmd_parms *, void *, const char *);
  const char  *ssl_cmd_SSLCACertificateFile(cmd_parms *, void *, const char *);
  const char  *ssl_cmd_SSLCARevocationPath(cmd_parms *, void *, const char *);
  const char  *ssl_cmd_SSLCARevocationFile(cmd_parms *, void *, const char *);
  const char  *ssl_cmd_SSLVerifyClient(cmd_parms *, void *, const char *);
  const char  *ssl_cmd_SSLVerifyDepth(cmd_parms *, void *, const char *);
  const char  *ssl_cmd_SSLSessionCache(cmd_parms *, void *, const char *);
  const char  *ssl_cmd_SSLSessionCacheTimeout(cmd_parms *, void *, const char *);
  const char  *ssl_cmd_SSLProtocol(cmd_parms *, void *, const char *);
  const char  *ssl_cmd_SSLOptions(cmd_parms *, void *, const char *);
  const char  *ssl_cmd_SSLRequireSSL(cmd_parms *, void *);
  const char  *ssl_cmd_SSLRequire(cmd_parms *, void *, const char *);
  
  const char *ssl_cmd_SSLProxyEngine(cmd_parms *cmd, void *dcfg, int flag);
  const char  *ssl_cmd_SSLProxyProtocol(cmd_parms *, void *, const char *);
  const char  *ssl_cmd_SSLProxyCipherSuite(cmd_parms *, void *, const char *);
  const char  *ssl_cmd_SSLProxyVerify(cmd_parms *, void *, const char *);
  const char  *ssl_cmd_SSLProxyVerifyDepth(cmd_parms *, void *, const char *);
  const char  *ssl_cmd_SSLProxyCACertificatePath(cmd_parms *, void *, const char *);
  const char  *ssl_cmd_SSLProxyCACertificateFile(cmd_parms *, void *, const char *);
  const char  *ssl_cmd_SSLProxyCARevocationPath(cmd_parms *, void *, const char *);
  const char  *ssl_cmd_SSLProxyCARevocationFile(cmd_parms *, void *, const char *);
  const char  *ssl_cmd_SSLProxyMachineCertificatePath(cmd_parms *, void *, const char *);
  const char  *ssl_cmd_SSLProxyMachineCertificateFile(cmd_parms *, void *, const char *);
  
  /*  module initialization  */
  int          ssl_init_Module(apr_pool_t *, apr_pool_t *, apr_pool_t *, server_rec *);
  void         ssl_init_Engine(server_rec *, apr_pool_t *);
  void         ssl_init_ConfigureServer(server_rec *, apr_pool_t *, apr_pool_t *, SSLSrvConfigRec *);
  void         ssl_init_CheckServers(server_rec *, apr_pool_t *);
  STACK_OF(X509_NAME) 
              *ssl_init_FindCAList(server_rec *, apr_pool_t *, const char *, const char *);
  void         ssl_init_Child(apr_pool_t *, server_rec *);
  apr_status_t ssl_init_ModuleKill(void *data);
  
  /*  Apache API hooks  */
  int          ssl_hook_Translate(request_rec *);
  int          ssl_hook_Auth(request_rec *);
  int          ssl_hook_UserCheck(request_rec *);
  int          ssl_hook_Access(request_rec *);
  int          ssl_hook_Fixup(request_rec *);
  int          ssl_hook_ReadReq(request_rec *);
  int          ssl_hook_Upgrade(request_rec *);
  
  /*  OpenSSL callbacks */
  RSA         *ssl_callback_TmpRSA(SSL *, int, int);
  DH          *ssl_callback_TmpDH(SSL *, int, int);
  int          ssl_callback_SSLVerify(int, X509_STORE_CTX *);
  int          ssl_callback_SSLVerify_CRL(int, X509_STORE_CTX *, conn_rec *);
  int          ssl_callback_proxy_cert(SSL *ssl, MODSSL_CLIENT_CERT_CB_ARG_TYPE **x509, EVP_PKEY **pkey);
  int          ssl_callback_NewSessionCacheEntry(SSL *, SSL_SESSION *);
  SSL_SESSION *ssl_callback_GetSessionCacheEntry(SSL *, unsigned char *, int, int *);
  void         ssl_callback_DelSessionCacheEntry(SSL_CTX *, SSL_SESSION *);
  void         ssl_callback_LogTracingState(MODSSL_INFO_CB_ARG_TYPE, int, int);
  
  /*  Session Cache Support  */
  void         ssl_scache_init(server_rec *, apr_pool_t *);
  void         ssl_scache_status_register(apr_pool_t *p);
  void         ssl_scache_kill(server_rec *);
  BOOL         ssl_scache_store(server_rec *, UCHAR *, int, time_t, SSL_SESSION *);
  SSL_SESSION *ssl_scache_retrieve(server_rec *, UCHAR *, int);
  void         ssl_scache_remove(server_rec *, UCHAR *, int);
  void         ssl_scache_expire(server_rec *);
  
  char        *ssl_scache_id2sz(UCHAR *, int);
  void         ssl_scache_dbm_init(server_rec *, apr_pool_t *);
  void         ssl_scache_dbm_kill(server_rec *);
  BOOL         ssl_scache_dbm_store(server_rec *, UCHAR *, int, time_t, SSL_SESSION *);
  SSL_SESSION *ssl_scache_dbm_retrieve(server_rec *, UCHAR *, int);
  void         ssl_scache_dbm_remove(server_rec *, UCHAR *, int);
  void         ssl_scache_dbm_expire(server_rec *);
  void         ssl_scache_dbm_status(request_rec *r, int flags, apr_pool_t *pool);
  
  void         ssl_scache_shmcb_init(server_rec *, apr_pool_t *);
  void         ssl_scache_shmcb_kill(server_rec *);
  BOOL         ssl_scache_shmcb_store(server_rec *, UCHAR *, int, time_t, SSL_SESSION *);
  SSL_SESSION *ssl_scache_shmcb_retrieve(server_rec *, UCHAR *, int);
  void         ssl_scache_shmcb_remove(server_rec *, UCHAR *, int);
  void         ssl_scache_shmcb_expire(server_rec *);
  void         ssl_scache_shmcb_status(request_rec *r, int flags, apr_pool_t *pool);
  
  void         ssl_scache_dc_init(server_rec *, apr_pool_t *);
  void         ssl_scache_dc_kill(server_rec *);
  BOOL         ssl_scache_dc_store(server_rec *, UCHAR *, int, time_t, SSL_SESSION *);
  SSL_SESSION *ssl_scache_dc_retrieve(server_rec *, UCHAR *, int);
  void         ssl_scache_dc_remove(server_rec *, UCHAR *, int);
  void         ssl_scache_dc_expire(server_rec *);
  void         ssl_scache_dc_status(request_rec *r, int flags, apr_pool_t *pool);
  
  /* Proxy Support */
  int ssl_proxy_enable(conn_rec *c);
  int ssl_engine_disable(conn_rec *c);
  
  /*  I/O  */
  void         ssl_io_filter_init(conn_rec *, SSL *);
  void         ssl_io_filter_register(apr_pool_t *);
  long         ssl_io_data_cb(BIO *, int, MODSSL_BIO_CB_ARG_TYPE *, int, long, long);
  
  /*  PRNG  */
  int          ssl_rand_seed(server_rec *, apr_pool_t *, ssl_rsctx_t, char *);
  
  /*  Utility Functions  */
  char        *ssl_util_vhostid(apr_pool_t *, server_rec *);
  void         ssl_util_strupper(char *);
  void         ssl_util_uuencode(char *, const char *, BOOL);
  void         ssl_util_uuencode_binary(unsigned char *, const unsigned char *, int, BOOL);
  apr_file_t  *ssl_util_ppopen(server_rec *, apr_pool_t *, const char *,
                               const char * const *);
  void         ssl_util_ppclose(server_rec *, apr_pool_t *, apr_file_t *);
  char        *ssl_util_readfilter(server_rec *, apr_pool_t *, const char *,
                                   const char * const *);
  BOOL         ssl_util_path_check(ssl_pathcheck_t, const char *, apr_pool_t *);
  ssl_algo_t   ssl_util_algotypeof(X509 *, EVP_PKEY *); 
  char        *ssl_util_algotypestr(ssl_algo_t);
  char        *ssl_util_ptxtsub(apr_pool_t *, const char *, const char *, char *);
  void         ssl_util_thread_setup(apr_pool_t *);
  int          ssl_init_ssl_connection(conn_rec *c);
  
  /*  Pass Phrase Support  */
  void         ssl_pphrase_Handle(server_rec *, apr_pool_t *);
  
  /*  Diffie-Hellman Parameter Support  */
  DH           *ssl_dh_GetTmpParam(int);
  DH           *ssl_dh_GetParamFromFile(char *);
  
  unsigned char *ssl_asn1_table_set(apr_hash_t *table,
                                    const char *key,
                                    long int length);
  
  ssl_asn1_t *ssl_asn1_table_get(apr_hash_t *table,
                                 const char *key);
  
  void ssl_asn1_table_unset(apr_hash_t *table,
                            const char *key);
  
  const char *ssl_asn1_keystr(int keytype);
  
  const char *ssl_asn1_table_keyfmt(apr_pool_t *p,
                                    const char *id,
                                    int keytype);
  /*  Mutex Support  */
  int          ssl_mutex_init(server_rec *, apr_pool_t *);
  int          ssl_mutex_reinit(server_rec *, apr_pool_t *);
  int          ssl_mutex_on(server_rec *);
  int          ssl_mutex_off(server_rec *);
  
  /*  Logfile Support  */
  void         ssl_die(void);
  void         ssl_log_ssl_error(const char *, int, int, server_rec *);
  
  /*  Variables  */
  void         ssl_var_register(void);
  char        *ssl_var_lookup(apr_pool_t *, server_rec *, conn_rec *, request_rec *, char *);
  void         ssl_var_log_config_register(apr_pool_t *p);
  
  #define APR_SHM_MAXSIZE (64 * 1024 * 1024)
  
  #endif /* SSL_PRIVATE_H */
  
  
  

Mime
View raw message