Return-Path: Delivered-To: apmail-httpd-cvs-archive@www.apache.org Received: (qmail 99345 invoked from network); 28 Feb 2004 18:06:38 -0000 Received: from daedalus.apache.org (HELO mail.apache.org) (208.185.179.12) by minotaur-2.apache.org with SMTP; 28 Feb 2004 18:06:38 -0000 Received: (qmail 8099 invoked by uid 500); 28 Feb 2004 18:06:29 -0000 Delivered-To: apmail-httpd-cvs-archive@httpd.apache.org Received: (qmail 8070 invoked by uid 500); 28 Feb 2004 18:06:29 -0000 Mailing-List: contact cvs-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: dev@httpd.apache.org list-help: list-unsubscribe: list-post: Delivered-To: mailing list cvs@httpd.apache.org Received: (qmail 8057 invoked by uid 500); 28 Feb 2004 18:06:28 -0000 Delivered-To: apmail-httpd-2.0-cvs@apache.org Received: (qmail 8054 invoked from network); 28 Feb 2004 18:06:28 -0000 Received: from unknown (HELO minotaur.apache.org) (209.237.227.194) by daedalus.apache.org with SMTP; 28 Feb 2004 18:06:28 -0000 Received: (qmail 99328 invoked by uid 1582); 28 Feb 2004 18:06:35 -0000 Date: 28 Feb 2004 18:06:35 -0000 Message-ID: <20040228180635.99327.qmail@minotaur.apache.org> From: jorton@apache.org To: httpd-2.0-cvs@apache.org Subject: cvs commit: httpd-2.0/modules/ssl ssl_private.h config.m4 mod_ssl.c mod_ssl.dsp mod_ssl.h ssl_engine_config.c ssl_engine_dh.c ssl_engine_init.c ssl_engine_io.c ssl_engine_kernel.c ssl_engine_log.c ssl_engine_mutex.c ssl_engine_pphrase.c ssl_engine_rand.c ssl_engine_vars.c ssl_expr.c ssl_expr_eval.c ssl_expr_parse.c ssl_expr_parse.y ssl_expr_scan.c ssl_expr_scan.l ssl_scache.c ssl_scache_dbm.c ssl_scache_dc.c ssl_scache_shmcb.c ssl_util.c ssl_util_ssl.c X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N X-Spam-Rating: minotaur-2.apache.org 1.6.2 0/1000/N jorton 2004/02/28 10:06:35 Modified: . Makefile.in modules/proxy mod_proxy.c modules/ssl config.m4 mod_ssl.c mod_ssl.dsp mod_ssl.h ssl_engine_config.c ssl_engine_dh.c ssl_engine_init.c ssl_engine_io.c ssl_engine_kernel.c ssl_engine_log.c ssl_engine_mutex.c ssl_engine_pphrase.c ssl_engine_rand.c ssl_engine_vars.c ssl_expr.c ssl_expr_eval.c ssl_expr_parse.c ssl_expr_parse.y ssl_expr_scan.c ssl_expr_scan.l ssl_scache.c ssl_scache_dbm.c ssl_scache_dc.c ssl_scache_shmcb.c ssl_util.c ssl_util_ssl.c Added: modules/ssl ssl_private.h Log: Move mod_ssl-internal interfaces into ssl_private.h; allow mod_ssl.h to be included even when mod_ssl is not enabled. * Makefile.in (install-include): Only install mod_ssl.h. * modules/ssl/ssl_private.h: New file. * modules/ssl/mod_ssl.h: Move everything apart from than the optional hook definitions into ssl_private.h. * modules/ssl/*.c: Include ssl_private.h not mod_ssl.h * modules/ssl/config.m4: Always add the mod_ssl directory to the include path so other modules can find mod_ssl.h. * modules/proxy/mod_proxy.c: Include mod_ssl.h to pick up the optional hook definitions rather than copy'n'pasting them. Revision Changes Path 1.138 +1 -1 httpd-2.0/Makefile.in Index: Makefile.in =================================================================== RCS file: /home/cvs/httpd-2.0/Makefile.in,v retrieving revision 1.137 retrieving revision 1.138 diff -w -d -u -r1.137 -r1.138 --- Makefile.in 9 Jan 2004 12:19:55 -0000 1.137 +++ Makefile.in 28 Feb 2004 18:06:34 -0000 1.138 @@ -179,7 +179,7 @@ @cp -p $(srcdir)/modules/loggers/mod_log_config.h $(DESTDIR)$(includedir) @cp -p $(srcdir)/modules/http/mod_core.h $(DESTDIR)$(includedir) @cp -p $(srcdir)/modules/proxy/mod_proxy.h $(DESTDIR)$(includedir) - @cp -p $(srcdir)/modules/ssl/*.h $(DESTDIR)$(includedir) + @cp -p $(srcdir)/modules/ssl/mod_ssl.h $(DESTDIR)$(includedir) @cp -p $(srcdir)/srclib/pcre/pcre*.h $(DESTDIR)$(includedir) @cp -p $(srcdir)/os/$(OS_DIR)/*.h $(DESTDIR)$(includedir) @chmod 644 $(DESTDIR)$(includedir)/*.h 1.98 +1 -3 httpd-2.0/modules/proxy/mod_proxy.c Index: mod_proxy.c =================================================================== RCS file: /home/cvs/httpd-2.0/modules/proxy/mod_proxy.c,v retrieving revision 1.97 retrieving revision 1.98 diff -w -d -u -r1.97 -r1.98 --- mod_proxy.c 9 Feb 2004 20:29:21 -0000 1.97 +++ mod_proxy.c 28 Feb 2004 18:06:34 -0000 1.98 @@ -19,6 +19,7 @@ #include "mod_core.h" #include "apr_optional.h" +#include "mod_ssl.h" #ifndef MAX #define MAX(x,y) ((x) >= (y) ? (x) : (y)) @@ -1026,9 +1027,6 @@ {NULL} }; - -APR_DECLARE_OPTIONAL_FN(int, ssl_proxy_enable, (conn_rec *)); -APR_DECLARE_OPTIONAL_FN(int, ssl_engine_disable, (conn_rec *)); static APR_OPTIONAL_FN_TYPE(ssl_proxy_enable) *proxy_ssl_enable = NULL; static APR_OPTIONAL_FN_TYPE(ssl_engine_disable) *proxy_ssl_disable = NULL; 1.22 +3 -1 httpd-2.0/modules/ssl/config.m4 Index: config.m4 =================================================================== RCS file: /home/cvs/httpd-2.0/modules/ssl/config.m4,v retrieving revision 1.21 retrieving revision 1.22 diff -w -d -u -r1.21 -r1.22 --- config.m4 28 Feb 2004 11:55:46 -0000 1.21 +++ config.m4 28 Feb 2004 18:06:34 -0000 1.22 @@ -115,8 +115,10 @@ APACHE_MODULE(ssl, [SSL/TLS support (mod_ssl)], $ssl_objs, , no, [ APACHE_CHECK_SSL_TOOLKIT CHECK_DISTCACHE - APR_ADDTO(INCLUDES, [-I\$(top_srcdir)/$modpath_current]) ]) + +# Ensure that other modules can pick up mod_ssl.h +APR_ADDTO(INCLUDES, [-I\$(top_srcdir)/$modpath_current]) dnl # end of module specific part APACHE_MODPATH_FINISH 1.96 +1 -0 httpd-2.0/modules/ssl/mod_ssl.c Index: mod_ssl.c =================================================================== RCS file: /home/cvs/httpd-2.0/modules/ssl/mod_ssl.c,v retrieving revision 1.95 retrieving revision 1.96 diff -w -d -u -r1.95 -r1.96 --- mod_ssl.c 9 Feb 2004 20:29:22 -0000 1.95 +++ mod_ssl.c 28 Feb 2004 18:06:34 -0000 1.96 @@ -23,6 +23,7 @@ * Apache API interface structures */ +#include "ssl_private.h" #include "mod_ssl.h" #include "util_md5.h" #include 1.28 +4 -0 httpd-2.0/modules/ssl/mod_ssl.dsp Index: mod_ssl.dsp =================================================================== RCS file: /home/cvs/httpd-2.0/modules/ssl/mod_ssl.dsp,v retrieving revision 1.27 retrieving revision 1.28 diff -w -d -u -r1.27 -r1.28 --- mod_ssl.dsp 8 Jan 2004 16:26:53 -0000 1.27 +++ mod_ssl.dsp 28 Feb 2004 18:06:34 -0000 1.28 @@ -188,6 +188,10 @@ # End Source File # Begin Source File +SOURCE=.\ssl_private.h +# End Source File +# Begin Source File + SOURCE=.\ssl_expr_parse.h # End Source File # Begin Source File 1.149 +5 -625 httpd-2.0/modules/ssl/mod_ssl.h Index: mod_ssl.h =================================================================== RCS file: /home/cvs/httpd-2.0/modules/ssl/mod_ssl.h,v retrieving revision 1.148 retrieving revision 1.149 diff -w -d -u -r1.148 -r1.149 --- mod_ssl.h 9 Feb 2004 20:29:22 -0000 1.148 +++ mod_ssl.h 28 Feb 2004 18:06:34 -0000 1.149 @@ -13,645 +13,25 @@ * limitations under the License. */ -/* _ _ - * _ __ ___ ___ __| | ___ ___| | mod_ssl - * | '_ ` _ \ / _ \ / _` | / __/ __| | Apache Interface to OpenSSL - * | | | | | | (_) | (_| | \__ \__ \ | - * |_| |_| |_|\___/ \__,_|___|___/___/_| - * |_____| - * mod_ssl.h - * Global header - */ - /* ``The Apache Group: a collection - of talented individuals who are - trying to perfect the art of - never finishing something.'' - -- Rob Hartill */ #ifndef __MOD_SSL_H__ #define __MOD_SSL_H__ -/* - * Power up our brain... - */ - -/* Apache headers */ #include "httpd.h" -#include "http_config.h" -#include "http_core.h" -#include "http_log.h" -#include "http_main.h" -#include "http_connection.h" -#include "http_request.h" -#include "http_protocol.h" -#include "util_script.h" -#include "util_filter.h" -#include "util_ebcdic.h" -#include "mpm.h" -#include "apr.h" -#include "apr_strings.h" -#define APR_WANT_STRFUNC -#include "apr_want.h" -#include "apr_tables.h" -#include "apr_lib.h" -#include "apr_fnmatch.h" -#include "apr_strings.h" -#include "apr_dbm.h" -#include "apr_rmm.h" -#include "apr_shm.h" -#include "apr_global_mutex.h" #include "apr_optional.h" -#define MOD_SSL_VERSION AP_SERVER_BASEREVISION - -/* mod_ssl headers */ -#include "ssl_toolkit_compat.h" -#include "ssl_expr.h" -#include "ssl_util_ssl.h" - -/* The #ifdef macros are only defined AFTER including the above - * therefore we cannot include these system files at the top :-( - */ -#if APR_HAVE_SYS_TIME_H -#include -#endif -#if APR_HAVE_UNISTD_H -#include /* needed for STDIN_FILENO et.al., at least on FreeBSD */ -#endif - -/* - * Provide reasonable default for some defines - */ -#ifndef FALSE -#define FALSE (0) -#endif -#ifndef TRUE -#define TRUE (!FALSE) -#endif -#ifndef PFALSE -#define PFALSE ((void *)FALSE) -#endif -#ifndef PTRUE -#define PTRUE ((void *)TRUE) -#endif -#ifndef UNSET -#define UNSET (-1) -#endif -#ifndef NUL -#define NUL '\0' -#endif -#ifndef RAND_MAX -#include -#define RAND_MAX INT_MAX -#endif - -/* - * Provide reasonable defines for some types - */ -#ifndef BOOL -#define BOOL unsigned int -#endif -#ifndef UCHAR -#define UCHAR unsigned char -#endif - -/* - * Provide useful shorthands - */ -#define strEQ(s1,s2) (strcmp(s1,s2) == 0) -#define strNE(s1,s2) (strcmp(s1,s2) != 0) -#define strEQn(s1,s2,n) (strncmp(s1,s2,n) == 0) -#define strNEn(s1,s2,n) (strncmp(s1,s2,n) != 0) - -#define strcEQ(s1,s2) (strcasecmp(s1,s2) == 0) -#define strcNE(s1,s2) (strcasecmp(s1,s2) != 0) -#define strcEQn(s1,s2,n) (strncasecmp(s1,s2,n) == 0) -#define strcNEn(s1,s2,n) (strncasecmp(s1,s2,n) != 0) - -#define strIsEmpty(s) (s == NULL || s[0] == NUL) - -#define myConnConfig(c) \ -(SSLConnRec *)ap_get_module_config(c->conn_config, &ssl_module) -#define myCtxConfig(sslconn, sc) (sslconn->is_proxy ? sc->proxy : sc->server) -#define myConnConfigSet(c, val) \ -ap_set_module_config(c->conn_config, &ssl_module, val) -#define mySrvConfig(srv) (SSLSrvConfigRec *)ap_get_module_config(srv->module_config, &ssl_module) -#define myDirConfig(req) (SSLDirConfigRec *)ap_get_module_config(req->per_dir_config, &ssl_module) -#define myModConfig(srv) (mySrvConfig((srv)))->mc - -#define myCtxVarSet(mc,num,val) mc->rCtx.pV##num = val -#define myCtxVarGet(mc,num,type) (type)(mc->rCtx.pV##num) - -/* - * Defaults for the configuration - */ -#ifndef SSL_SESSION_CACHE_TIMEOUT -#define SSL_SESSION_CACHE_TIMEOUT 300 -#endif - -/* - * Support for MM library - */ -#define SSL_MM_FILE_MODE ( APR_UREAD | APR_UWRITE | APR_GREAD | APR_WREAD ) - -/* - * Support for DBM library - */ -#define SSL_DBM_FILE_MODE ( APR_UREAD | APR_UWRITE | APR_GREAD | APR_WREAD ) - -#if !defined(SSL_DBM_FILE_SUFFIX_DIR) && !defined(SSL_DBM_FILE_SUFFIX_PAG) -#if defined(DBM_SUFFIX) -#define SSL_DBM_FILE_SUFFIX_DIR DBM_SUFFIX -#define SSL_DBM_FILE_SUFFIX_PAG DBM_SUFFIX -#elif defined(__FreeBSD__) || (defined(DB_LOCK) && defined(DB_SHMEM)) -#define SSL_DBM_FILE_SUFFIX_DIR ".db" -#define SSL_DBM_FILE_SUFFIX_PAG ".db" -#else -#define SSL_DBM_FILE_SUFFIX_DIR ".dir" -#define SSL_DBM_FILE_SUFFIX_PAG ".pag" -#endif -#endif - -/* - * Define the certificate algorithm types - */ - -typedef int ssl_algo_t; - -#define SSL_ALGO_UNKNOWN (0) -#define SSL_ALGO_RSA (1<<0) -#define SSL_ALGO_DSA (1<<1) -#define SSL_ALGO_ALL (SSL_ALGO_RSA|SSL_ALGO_DSA) - -#define SSL_AIDX_RSA (0) -#define SSL_AIDX_DSA (1) -#define SSL_AIDX_MAX (2) - - -/* - * Define IDs for the temporary RSA keys and DH params - */ - -#define SSL_TMP_KEY_RSA_512 (0) -#define SSL_TMP_KEY_RSA_1024 (1) -#define SSL_TMP_KEY_DH_512 (2) -#define SSL_TMP_KEY_DH_1024 (3) -#define SSL_TMP_KEY_MAX (4) - -/* - * Define the SSL options - */ -#define SSL_OPT_NONE (0) -#define SSL_OPT_RELSET (1<<0) -#define SSL_OPT_STDENVVARS (1<<1) -#define SSL_OPT_COMPATENVVARS (1<<2) -#define SSL_OPT_EXPORTCERTDATA (1<<3) -#define SSL_OPT_FAKEBASICAUTH (1<<4) -#define SSL_OPT_STRICTREQUIRE (1<<5) -#define SSL_OPT_OPTRENEGOTIATE (1<<6) -#define SSL_OPT_ALL (SSL_OPT_STDENVVARS|SSL_OPT_COMPATENVVAR|SSL_OPT_EXPORTCERTDATA|SSL_OPT_FAKEBASICAUTH|SSL_OPT_STRICTREQUIRE|SSL_OPT_OPTRENEGOTIATE) -typedef int ssl_opt_t; - -/* - * Define the SSL Protocol options - */ -#define SSL_PROTOCOL_NONE (0) -#define SSL_PROTOCOL_SSLV2 (1<<0) -#define SSL_PROTOCOL_SSLV3 (1<<1) -#define SSL_PROTOCOL_TLSV1 (1<<2) -#define SSL_PROTOCOL_ALL (SSL_PROTOCOL_SSLV2|SSL_PROTOCOL_SSLV3|SSL_PROTOCOL_TLSV1) -typedef int ssl_proto_t; - -/* - * Define the SSL verify levels - */ -typedef enum { - SSL_CVERIFY_UNSET = UNSET, - SSL_CVERIFY_NONE = 0, - SSL_CVERIFY_OPTIONAL = 1, - SSL_CVERIFY_REQUIRE = 2, - SSL_CVERIFY_OPTIONAL_NO_CA = 3 -} ssl_verify_t; - -#define SSL_VERIFY_PEER_STRICT \ - (SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT) - -#ifndef X509_V_ERR_CERT_UNTRUSTED -#define X509_V_ERR_CERT_UNTRUSTED 27 -#endif - -#define ssl_verify_error_is_optional(errnum) \ - ((errnum == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT) \ - || (errnum == X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN) \ - || (errnum == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY) \ - || (errnum == X509_V_ERR_CERT_UNTRUSTED) \ - || (errnum == X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE)) - -/* - * Define the SSL pass phrase dialog types - */ -typedef enum { - SSL_PPTYPE_UNSET = UNSET, - SSL_PPTYPE_BUILTIN = 0, - SSL_PPTYPE_FILTER = 1, - SSL_PPTYPE_PIPE = 2 -} ssl_pphrase_t; - -/* - * Define the Path Checking modes - */ -#define SSL_PCM_EXISTS 1 -#define SSL_PCM_ISREG 2 -#define SSL_PCM_ISDIR 4 -#define SSL_PCM_ISNONZERO 8 -typedef unsigned int ssl_pathcheck_t; - -/* - * Define the SSL session cache modes and structures - */ -typedef enum { - SSL_SCMODE_UNSET = UNSET, - SSL_SCMODE_NONE = 0, - SSL_SCMODE_DBM = 1, - SSL_SCMODE_SHMCB = 3, - SSL_SCMODE_DC = 4 -} ssl_scmode_t; - -/* - * Define the SSL mutex modes - */ -typedef enum { - SSL_MUTEXMODE_UNSET = UNSET, - SSL_MUTEXMODE_NONE = 0, - SSL_MUTEXMODE_USED = 1 -} ssl_mutexmode_t; - -/* - * Define the SSL requirement structure - */ -typedef struct { - char *cpExpr; - ssl_expr *mpExpr; -} ssl_require_t; - -/* - * Define the SSL random number generator seeding source - */ -typedef enum { - SSL_RSCTX_STARTUP = 1, - SSL_RSCTX_CONNECT = 2 -} ssl_rsctx_t; -typedef enum { - SSL_RSSRC_BUILTIN = 1, - SSL_RSSRC_FILE = 2, - SSL_RSSRC_EXEC = 3, - SSL_RSSRC_EGD = 4 -} ssl_rssrc_t; -typedef struct { - ssl_rsctx_t nCtx; - ssl_rssrc_t nSrc; - char *cpPath; - int nBytes; -} ssl_randseed_t; - -/* - * Define the structure of an ASN.1 anything - */ -typedef struct { - long int nData; - unsigned char *cpData; - apr_time_t source_mtime; -} ssl_asn1_t; - -/* - * Define the mod_ssl per-module configuration structure - * (i.e. the global configuration for each httpd process) - */ - -typedef enum { - SSL_SHUTDOWN_TYPE_UNSET, - SSL_SHUTDOWN_TYPE_STANDARD, - SSL_SHUTDOWN_TYPE_UNCLEAN, - SSL_SHUTDOWN_TYPE_ACCURATE -} ssl_shutdown_type_e; - -typedef struct { - SSL *ssl; - const char *client_dn; - X509 *client_cert; - ssl_shutdown_type_e shutdown_type; - const char *verify_info; - const char *verify_error; - int verify_depth; - int is_proxy; - int disabled; - int non_ssl_request; -} SSLConnRec; - -typedef struct { - pid_t pid; - apr_pool_t *pPool; - BOOL bFixed; - int nSessionCacheMode; - char *szSessionCacheDataFile; - int nSessionCacheDataSize; - apr_shm_t *pSessionCacheDataMM; - apr_rmm_t *pSessionCacheDataRMM; - void *tSessionCacheDataTable; - ssl_mutexmode_t nMutexMode; - apr_lockmech_e nMutexMech; - const char *szMutexFile; - apr_global_mutex_t *pMutex; - apr_array_header_t *aRandSeed; - apr_hash_t *tVHostKeys; - void *pTmpKeys[SSL_TMP_KEY_MAX]; - apr_hash_t *tPublicCert; - apr_hash_t *tPrivateKey; -#if defined(HAVE_OPENSSL_ENGINE_H) && defined(HAVE_ENGINE_INIT) - const char *szCryptoDevice; -#endif - struct { - void *pV1, *pV2, *pV3, *pV4, *pV5, *pV6, *pV7, *pV8, *pV9, *pV10; - } rCtx; -} SSLModConfigRec; - -/* public cert/private key */ -typedef struct { - /* - * server only has 1-2 certs/keys - * 1 RSA and/or 1 DSA - */ - const char *cert_files[SSL_AIDX_MAX]; - const char *key_files[SSL_AIDX_MAX]; - X509 *certs[SSL_AIDX_MAX]; - EVP_PKEY *keys[SSL_AIDX_MAX]; -} modssl_pk_server_t; - -typedef struct { - /* proxy can have any number of cert/key pairs */ - const char *cert_file; - const char *cert_path; - STACK_OF(X509_INFO) *certs; -} modssl_pk_proxy_t; - -/* stuff related to authentication that can also be per-dir */ -typedef struct { - /* known/trusted CAs */ - const char *ca_cert_path; - const char *ca_cert_file; - - const char *cipher_suite; - - /* for client or downstream server authentication */ - int verify_depth; - ssl_verify_t verify_mode; -} modssl_auth_ctx_t; - -typedef struct SSLSrvConfigRec SSLSrvConfigRec; - -typedef struct { - SSLSrvConfigRec *sc; /* pointer back to server config */ - SSL_CTX *ssl_ctx; - - /* we are one or the other */ - modssl_pk_server_t *pks; - modssl_pk_proxy_t *pkp; - - ssl_proto_t protocol; - - /* config for handling encrypted keys */ - ssl_pphrase_t pphrase_dialog_type; - const char *pphrase_dialog_path; - - const char *cert_chain; - - /* certificate revocation list */ - const char *crl_path; - const char *crl_file; - X509_STORE *crl; - - modssl_auth_ctx_t auth; -} modssl_ctx_t; - -struct SSLSrvConfigRec { - SSLModConfigRec *mc; - BOOL enabled; - BOOL proxy_enabled; - const char *vhost_id; - int vhost_id_len; - int session_cache_timeout; - modssl_ctx_t *server; - modssl_ctx_t *proxy; -}; - -/* - * Define the mod_ssl per-directory configuration structure - * (i.e. the local configuration for all - * and .htaccess contexts) - */ -typedef struct { - BOOL bSSLRequired; - apr_array_header_t *aRequirement; - ssl_opt_t nOptions; - ssl_opt_t nOptionsAdd; - ssl_opt_t nOptionsDel; - const char *szCipherSuite; - ssl_verify_t nVerifyClient; - int nVerifyDepth; - const char *szCACertificatePath; - const char *szCACertificateFile; -} SSLDirConfigRec; - -/* - * function prototypes - */ - -/* API glue structures */ -extern module AP_MODULE_DECLARE_DATA ssl_module; - -/* "global" stuff */ -extern const char ssl_valid_ssl_mutex_string[]; - -/* configuration handling */ -SSLModConfigRec *ssl_config_global_create(server_rec *); -void ssl_config_global_fix(SSLModConfigRec *); -BOOL ssl_config_global_isfixed(SSLModConfigRec *); -void *ssl_config_server_create(apr_pool_t *, server_rec *); -void *ssl_config_server_merge(apr_pool_t *, void *, void *); -void *ssl_config_perdir_create(apr_pool_t *, char *); -void *ssl_config_perdir_merge(apr_pool_t *, void *, void *); -const char *ssl_cmd_SSLMutex(cmd_parms *, void *, const char *); -const char *ssl_cmd_SSLPassPhraseDialog(cmd_parms *, void *, const char *); -const char *ssl_cmd_SSLCryptoDevice(cmd_parms *, void *, const char *); -const char *ssl_cmd_SSLRandomSeed(cmd_parms *, void *, const char *, const char *, const char *); -const char *ssl_cmd_SSLEngine(cmd_parms *, void *, const char *); -const char *ssl_cmd_SSLCipherSuite(cmd_parms *, void *, const char *); -const char *ssl_cmd_SSLCertificateFile(cmd_parms *, void *, const char *); -const char *ssl_cmd_SSLCertificateKeyFile(cmd_parms *, void *, const char *); -const char *ssl_cmd_SSLCertificateChainFile(cmd_parms *, void *, const char *); -const char *ssl_cmd_SSLCACertificatePath(cmd_parms *, void *, const char *); -const char *ssl_cmd_SSLCACertificateFile(cmd_parms *, void *, const char *); -const char *ssl_cmd_SSLCARevocationPath(cmd_parms *, void *, const char *); -const char *ssl_cmd_SSLCARevocationFile(cmd_parms *, void *, const char *); -const char *ssl_cmd_SSLVerifyClient(cmd_parms *, void *, const char *); -const char *ssl_cmd_SSLVerifyDepth(cmd_parms *, void *, const char *); -const char *ssl_cmd_SSLSessionCache(cmd_parms *, void *, const char *); -const char *ssl_cmd_SSLSessionCacheTimeout(cmd_parms *, void *, const char *); -const char *ssl_cmd_SSLProtocol(cmd_parms *, void *, const char *); -const char *ssl_cmd_SSLOptions(cmd_parms *, void *, const char *); -const char *ssl_cmd_SSLRequireSSL(cmd_parms *, void *); -const char *ssl_cmd_SSLRequire(cmd_parms *, void *, const char *); - -const char *ssl_cmd_SSLProxyEngine(cmd_parms *cmd, void *dcfg, int flag); -const char *ssl_cmd_SSLProxyProtocol(cmd_parms *, void *, const char *); -const char *ssl_cmd_SSLProxyCipherSuite(cmd_parms *, void *, const char *); -const char *ssl_cmd_SSLProxyVerify(cmd_parms *, void *, const char *); -const char *ssl_cmd_SSLProxyVerifyDepth(cmd_parms *, void *, const char *); -const char *ssl_cmd_SSLProxyCACertificatePath(cmd_parms *, void *, const char *); -const char *ssl_cmd_SSLProxyCACertificateFile(cmd_parms *, void *, const char *); -const char *ssl_cmd_SSLProxyCARevocationPath(cmd_parms *, void *, const char *); -const char *ssl_cmd_SSLProxyCARevocationFile(cmd_parms *, void *, const char *); -const char *ssl_cmd_SSLProxyMachineCertificatePath(cmd_parms *, void *, const char *); -const char *ssl_cmd_SSLProxyMachineCertificateFile(cmd_parms *, void *, const char *); - -/* module initialization */ -int ssl_init_Module(apr_pool_t *, apr_pool_t *, apr_pool_t *, server_rec *); -void ssl_init_Engine(server_rec *, apr_pool_t *); -void ssl_init_ConfigureServer(server_rec *, apr_pool_t *, apr_pool_t *, SSLSrvConfigRec *); -void ssl_init_CheckServers(server_rec *, apr_pool_t *); -STACK_OF(X509_NAME) - *ssl_init_FindCAList(server_rec *, apr_pool_t *, const char *, const char *); -void ssl_init_Child(apr_pool_t *, server_rec *); -apr_status_t ssl_init_ModuleKill(void *data); - -/* Apache API hooks */ -int ssl_hook_Translate(request_rec *); -int ssl_hook_Auth(request_rec *); -int ssl_hook_UserCheck(request_rec *); -int ssl_hook_Access(request_rec *); -int ssl_hook_Fixup(request_rec *); -int ssl_hook_ReadReq(request_rec *); -int ssl_hook_Upgrade(request_rec *); - -/* OpenSSL callbacks */ -RSA *ssl_callback_TmpRSA(SSL *, int, int); -DH *ssl_callback_TmpDH(SSL *, int, int); -int ssl_callback_SSLVerify(int, X509_STORE_CTX *); -int ssl_callback_SSLVerify_CRL(int, X509_STORE_CTX *, conn_rec *); -int ssl_callback_proxy_cert(SSL *ssl, MODSSL_CLIENT_CERT_CB_ARG_TYPE **x509, EVP_PKEY **pkey); -int ssl_callback_NewSessionCacheEntry(SSL *, SSL_SESSION *); -SSL_SESSION *ssl_callback_GetSessionCacheEntry(SSL *, unsigned char *, int, int *); -void ssl_callback_DelSessionCacheEntry(SSL_CTX *, SSL_SESSION *); -void ssl_callback_LogTracingState(MODSSL_INFO_CB_ARG_TYPE, int, int); - -/* Session Cache Support */ -void ssl_scache_init(server_rec *, apr_pool_t *); -void ssl_scache_status_register(apr_pool_t *p); -void ssl_scache_kill(server_rec *); -BOOL ssl_scache_store(server_rec *, UCHAR *, int, time_t, SSL_SESSION *); -SSL_SESSION *ssl_scache_retrieve(server_rec *, UCHAR *, int); -void ssl_scache_remove(server_rec *, UCHAR *, int); -void ssl_scache_expire(server_rec *); - -char *ssl_scache_id2sz(UCHAR *, int); -void ssl_scache_dbm_init(server_rec *, apr_pool_t *); -void ssl_scache_dbm_kill(server_rec *); -BOOL ssl_scache_dbm_store(server_rec *, UCHAR *, int, time_t, SSL_SESSION *); -SSL_SESSION *ssl_scache_dbm_retrieve(server_rec *, UCHAR *, int); -void ssl_scache_dbm_remove(server_rec *, UCHAR *, int); -void ssl_scache_dbm_expire(server_rec *); -void ssl_scache_dbm_status(request_rec *r, int flags, apr_pool_t *pool); - -void ssl_scache_shmcb_init(server_rec *, apr_pool_t *); -void ssl_scache_shmcb_kill(server_rec *); -BOOL ssl_scache_shmcb_store(server_rec *, UCHAR *, int, time_t, SSL_SESSION *); -SSL_SESSION *ssl_scache_shmcb_retrieve(server_rec *, UCHAR *, int); -void ssl_scache_shmcb_remove(server_rec *, UCHAR *, int); -void ssl_scache_shmcb_expire(server_rec *); -void ssl_scache_shmcb_status(request_rec *r, int flags, apr_pool_t *pool); - -void ssl_scache_dc_init(server_rec *, apr_pool_t *); -void ssl_scache_dc_kill(server_rec *); -BOOL ssl_scache_dc_store(server_rec *, UCHAR *, int, time_t, SSL_SESSION *); -SSL_SESSION *ssl_scache_dc_retrieve(server_rec *, UCHAR *, int); -void ssl_scache_dc_remove(server_rec *, UCHAR *, int); -void ssl_scache_dc_expire(server_rec *); -void ssl_scache_dc_status(request_rec *r, int flags, apr_pool_t *pool); - -/* Pass Phrase Support */ -void ssl_pphrase_Handle(server_rec *, apr_pool_t *); - -/* Diffie-Hellman Parameter Support */ -DH *ssl_dh_GetTmpParam(int); -DH *ssl_dh_GetParamFromFile(char *); - -unsigned char *ssl_asn1_table_set(apr_hash_t *table, - const char *key, - long int length); - -ssl_asn1_t *ssl_asn1_table_get(apr_hash_t *table, - const char *key); - -void ssl_asn1_table_unset(apr_hash_t *table, - const char *key); - -const char *ssl_asn1_keystr(int keytype); - -const char *ssl_asn1_table_keyfmt(apr_pool_t *p, - const char *id, - int keytype); -/* Mutex Support */ -int ssl_mutex_init(server_rec *, apr_pool_t *); -int ssl_mutex_reinit(server_rec *, apr_pool_t *); -int ssl_mutex_on(server_rec *); -int ssl_mutex_off(server_rec *); - -/* Logfile Support */ -void ssl_die(void); -void ssl_log_ssl_error(const char *, int, int, server_rec *); - -/* Variables */ -void ssl_var_register(void); -char *ssl_var_lookup(apr_pool_t *, server_rec *, conn_rec *, request_rec *, char *); -void ssl_var_log_config_register(apr_pool_t *p); - +/* The ssl_var_lookup() optional function retrieves SSL environment + * variables. */ APR_DECLARE_OPTIONAL_FN(char *, ssl_var_lookup, (apr_pool_t *, server_rec *, conn_rec *, request_rec *, char *)); -/* Proxy Support */ -int ssl_proxy_enable(conn_rec *c); -int ssl_engine_disable(conn_rec *c); +/* The ssl_proxy_enable() and ssl_engine_disable() optional functions + * are used by mod_proxy to enable use of SSL for outgoing + * connections. */ APR_DECLARE_OPTIONAL_FN(int, ssl_proxy_enable, (conn_rec *)); APR_DECLARE_OPTIONAL_FN(int, ssl_engine_disable, (conn_rec *)); -/* I/O */ -void ssl_io_filter_init(conn_rec *, SSL *); -void ssl_io_filter_register(apr_pool_t *); -long ssl_io_data_cb(BIO *, int, MODSSL_BIO_CB_ARG_TYPE *, int, long, long); - -/* PRNG */ -int ssl_rand_seed(server_rec *, apr_pool_t *, ssl_rsctx_t, char *); - -/* Utility Functions */ -char *ssl_util_vhostid(apr_pool_t *, server_rec *); -void ssl_util_strupper(char *); -void ssl_util_uuencode(char *, const char *, BOOL); -void ssl_util_uuencode_binary(unsigned char *, const unsigned char *, int, BOOL); -apr_file_t *ssl_util_ppopen(server_rec *, apr_pool_t *, const char *, - const char * const *); -void ssl_util_ppclose(server_rec *, apr_pool_t *, apr_file_t *); -char *ssl_util_readfilter(server_rec *, apr_pool_t *, const char *, - const char * const *); -BOOL ssl_util_path_check(ssl_pathcheck_t, const char *, apr_pool_t *); -ssl_algo_t ssl_util_algotypeof(X509 *, EVP_PKEY *); -char *ssl_util_algotypestr(ssl_algo_t); -char *ssl_util_ptxtsub(apr_pool_t *, const char *, const char *, char *); -void ssl_util_thread_setup(apr_pool_t *); -int ssl_init_ssl_connection(conn_rec *c); - - -#define APR_SHM_MAXSIZE (64 * 1024 * 1024) #endif /* __MOD_SSL_H__ */ 1.89 +1 -1 httpd-2.0/modules/ssl/ssl_engine_config.c Index: ssl_engine_config.c =================================================================== RCS file: /home/cvs/httpd-2.0/modules/ssl/ssl_engine_config.c,v retrieving revision 1.88 retrieving revision 1.89 diff -w -d -u -r1.88 -r1.89 --- ssl_engine_config.c 9 Feb 2004 20:29:22 -0000 1.88 +++ ssl_engine_config.c 28 Feb 2004 18:06:34 -0000 1.89 @@ -25,7 +25,7 @@ /* ``Damned if you do, damned if you don't.'' -- Unknown */ -#include "mod_ssl.h" +#include "ssl_private.h" /* _________________________________________________________________ ** 1.14 +1 -1 httpd-2.0/modules/ssl/ssl_engine_dh.c Index: ssl_engine_dh.c =================================================================== RCS file: /home/cvs/httpd-2.0/modules/ssl/ssl_engine_dh.c,v retrieving revision 1.13 retrieving revision 1.14 diff -w -d -u -r1.13 -r1.14 --- ssl_engine_dh.c 9 Feb 2004 20:29:22 -0000 1.13 +++ ssl_engine_dh.c 28 Feb 2004 18:06:34 -0000 1.14 @@ -27,7 +27,7 @@ * Diffie-Hellman Built-in Temporary Parameters */ -#include "mod_ssl.h" +#include "ssl_private.h" /* ----BEGIN GENERATED SECTION-------- */ 1.124 +1 -1 httpd-2.0/modules/ssl/ssl_engine_init.c Index: ssl_engine_init.c =================================================================== RCS file: /home/cvs/httpd-2.0/modules/ssl/ssl_engine_init.c,v retrieving revision 1.123 retrieving revision 1.124 diff -w -d -u -r1.123 -r1.124 --- ssl_engine_init.c 9 Feb 2004 20:29:22 -0000 1.123 +++ ssl_engine_init.c 28 Feb 2004 18:06:34 -0000 1.124 @@ -25,7 +25,7 @@ /* ``Recursive, adj.; see Recursive.'' -- Unknown */ -#include "mod_ssl.h" +#include "ssl_private.h" /* _________________________________________________________________ ** 1.120 +1 -1 httpd-2.0/modules/ssl/ssl_engine_io.c Index: ssl_engine_io.c =================================================================== RCS file: /home/cvs/httpd-2.0/modules/ssl/ssl_engine_io.c,v retrieving revision 1.119 retrieving revision 1.120 diff -w -d -u -r1.119 -r1.120 --- ssl_engine_io.c 28 Feb 2004 00:45:26 -0000 1.119 +++ ssl_engine_io.c 28 Feb 2004 18:06:34 -0000 1.120 @@ -26,7 +26,7 @@ Just one little problem: core keeps dumping.'' -- Unknown */ -#include "mod_ssl.h" +#include "ssl_private.h" /* _________________________________________________________________ ** 1.104 +1 -1 httpd-2.0/modules/ssl/ssl_engine_kernel.c Index: ssl_engine_kernel.c =================================================================== RCS file: /home/cvs/httpd-2.0/modules/ssl/ssl_engine_kernel.c,v retrieving revision 1.103 retrieving revision 1.104 diff -w -d -u -r1.103 -r1.104 --- ssl_engine_kernel.c 9 Feb 2004 20:29:22 -0000 1.103 +++ ssl_engine_kernel.c 28 Feb 2004 18:06:34 -0000 1.104 @@ -27,7 +27,7 @@ I couldn't give it up because by that time I was too famous.'' -- Unknown */ -#include "mod_ssl.h" +#include "ssl_private.h" /* * Post Read Request Handler 1.28 +1 -1 httpd-2.0/modules/ssl/ssl_engine_log.c Index: ssl_engine_log.c =================================================================== RCS file: /home/cvs/httpd-2.0/modules/ssl/ssl_engine_log.c,v retrieving revision 1.27 retrieving revision 1.28 diff -w -d -u -r1.27 -r1.28 --- ssl_engine_log.c 9 Feb 2004 20:29:22 -0000 1.27 +++ ssl_engine_log.c 28 Feb 2004 18:06:34 -0000 1.28 @@ -26,7 +26,7 @@ industry job and open-source software hacking is about 30 hours a week.'' -- Ralf S. Engelschall */ -#include "mod_ssl.h" +#include "ssl_private.h" /* _________________________________________________________________ ** 1.31 +1 -1 httpd-2.0/modules/ssl/ssl_engine_mutex.c Index: ssl_engine_mutex.c =================================================================== RCS file: /home/cvs/httpd-2.0/modules/ssl/ssl_engine_mutex.c,v retrieving revision 1.30 retrieving revision 1.31 diff -w -d -u -r1.30 -r1.31 --- ssl_engine_mutex.c 9 Feb 2004 20:29:22 -0000 1.30 +++ ssl_engine_mutex.c 28 Feb 2004 18:06:34 -0000 1.31 @@ -27,7 +27,7 @@ because DEC 25 = OCT 31.'' -- Unknown */ -#include "mod_ssl.h" +#include "ssl_private.h" #if !defined(OS2) && !defined(WIN32) && !defined(BEOS) && !defined(NETWARE) #include "unixd.h" #define MOD_SSL_SET_MUTEX_PERMS /* XXX Apache should define something */ 1.52 +1 -1 httpd-2.0/modules/ssl/ssl_engine_pphrase.c Index: ssl_engine_pphrase.c =================================================================== RCS file: /home/cvs/httpd-2.0/modules/ssl/ssl_engine_pphrase.c,v retrieving revision 1.51 retrieving revision 1.52 diff -w -d -u -r1.51 -r1.52 --- ssl_engine_pphrase.c 22 Feb 2004 10:27:21 -0000 1.51 +++ ssl_engine_pphrase.c 28 Feb 2004 18:06:34 -0000 1.52 @@ -27,7 +27,7 @@ else use it, and get a new one every six months.'' -- Clifford Stoll */ -#include "mod_ssl.h" +#include "ssl_private.h" /* * Return true if the named file exists and is readable 1.26 +1 -1 httpd-2.0/modules/ssl/ssl_engine_rand.c Index: ssl_engine_rand.c =================================================================== RCS file: /home/cvs/httpd-2.0/modules/ssl/ssl_engine_rand.c,v retrieving revision 1.25 retrieving revision 1.26 diff -w -d -u -r1.25 -r1.26 --- ssl_engine_rand.c 9 Feb 2004 20:29:22 -0000 1.25 +++ ssl_engine_rand.c 28 Feb 2004 18:06:34 -0000 1.26 @@ -26,7 +26,7 @@ numbers is too important to be left to chance.'' */ -#include "mod_ssl.h" +#include "ssl_private.h" /* _________________________________________________________________ ** 1.34 +1 -0 httpd-2.0/modules/ssl/ssl_engine_vars.c Index: ssl_engine_vars.c =================================================================== RCS file: /home/cvs/httpd-2.0/modules/ssl/ssl_engine_vars.c,v retrieving revision 1.33 retrieving revision 1.34 diff -w -d -u -r1.33 -r1.34 --- ssl_engine_vars.c 9 Feb 2004 20:29:22 -0000 1.33 +++ ssl_engine_vars.c 28 Feb 2004 18:06:34 -0000 1.34 @@ -26,6 +26,7 @@ know everything are very annoying to those of us who do.'' -- Unknown */ +#include "ssl_private.h" #include "mod_ssl.h" /* _________________________________________________________________ 1.11 +1 -1 httpd-2.0/modules/ssl/ssl_expr.c Index: ssl_expr.c =================================================================== RCS file: /home/cvs/httpd-2.0/modules/ssl/ssl_expr.c,v retrieving revision 1.10 retrieving revision 1.11 diff -w -d -u -r1.10 -r1.11 --- ssl_expr.c 9 Feb 2004 20:29:22 -0000 1.10 +++ ssl_expr.c 28 Feb 2004 18:06:34 -0000 1.11 @@ -26,7 +26,7 @@ the eagles when you work with the turkeys.'' -- Unknown */ -#include "mod_ssl.h" +#include "ssl_private.h" /* _________________________________________________________________ ** 1.13 +1 -1 httpd-2.0/modules/ssl/ssl_expr_eval.c Index: ssl_expr_eval.c =================================================================== RCS file: /home/cvs/httpd-2.0/modules/ssl/ssl_expr_eval.c,v retrieving revision 1.12 retrieving revision 1.13 diff -w -d -u -r1.12 -r1.13 --- ssl_expr_eval.c 9 Feb 2004 20:29:22 -0000 1.12 +++ ssl_expr_eval.c 28 Feb 2004 18:06:34 -0000 1.13 @@ -25,7 +25,7 @@ /* ``Make love, not software!'' -- Unknown */ -#include "mod_ssl.h" +#include "ssl_private.h" /* _________________________________________________________________ ** 1.9 +1 -1 httpd-2.0/modules/ssl/ssl_expr_parse.c Index: ssl_expr_parse.c =================================================================== RCS file: /home/cvs/httpd-2.0/modules/ssl/ssl_expr_parse.c,v retrieving revision 1.8 retrieving revision 1.9 diff -w -d -u -r1.8 -r1.9 --- ssl_expr_parse.c 10 May 2002 03:55:41 -0000 1.8 +++ ssl_expr_parse.c 28 Feb 2004 18:06:35 -0000 1.9 @@ -27,7 +27,7 @@ #line 68 "ssl_expr_parse.y" -#include "mod_ssl.h" +#include "ssl_private.h" #line 72 "ssl_expr_parse.y" typedef union { 1.12 +1 -1 httpd-2.0/modules/ssl/ssl_expr_parse.y Index: ssl_expr_parse.y =================================================================== RCS file: /home/cvs/httpd-2.0/modules/ssl/ssl_expr_parse.y,v retrieving revision 1.11 retrieving revision 1.12 diff -w -d -u -r1.11 -r1.12 --- ssl_expr_parse.y 9 Feb 2004 20:29:22 -0000 1.11 +++ ssl_expr_parse.y 28 Feb 2004 18:06:35 -0000 1.12 @@ -32,7 +32,7 @@ */ %{ -#include "mod_ssl.h" +#include "ssl_private.h" %} %union { 1.19 +2 -2 httpd-2.0/modules/ssl/ssl_expr_scan.c Index: ssl_expr_scan.c =================================================================== RCS file: /home/cvs/httpd-2.0/modules/ssl/ssl_expr_scan.c,v retrieving revision 1.18 retrieving revision 1.19 diff -w -d -u -r1.18 -r1.19 --- ssl_expr_scan.c 9 Feb 2004 20:29:22 -0000 1.18 +++ ssl_expr_scan.c 28 Feb 2004 18:06:35 -0000 1.19 @@ -480,7 +480,7 @@ ** _________________________________________________________________ */ #line 38 "ssl_expr_scan.l" -#include "mod_ssl.h" +#include "ssl_private.h" #include "ssl_expr_parse.h" 1.11 +1 -1 httpd-2.0/modules/ssl/ssl_expr_scan.l Index: ssl_expr_scan.l =================================================================== RCS file: /home/cvs/httpd-2.0/modules/ssl/ssl_expr_scan.l,v retrieving revision 1.10 retrieving revision 1.11 diff -w -d -u -r1.10 -r1.11 --- ssl_expr_scan.l 9 Feb 2004 20:29:22 -0000 1.10 +++ ssl_expr_scan.l 28 Feb 2004 18:06:35 -0000 1.11 @@ -33,7 +33,7 @@ */ %{ -#include "mod_ssl.h" +#include "ssl_private.h" #include "ssl_expr_parse.h" 1.23 +1 -1 httpd-2.0/modules/ssl/ssl_scache.c Index: ssl_scache.c =================================================================== RCS file: /home/cvs/httpd-2.0/modules/ssl/ssl_scache.c,v retrieving revision 1.22 retrieving revision 1.23 diff -w -d -u -r1.22 -r1.23 --- ssl_scache.c 9 Feb 2004 20:29:22 -0000 1.22 +++ ssl_scache.c 28 Feb 2004 18:06:35 -0000 1.23 @@ -27,7 +27,7 @@ join forces to help you shoot yourself in the foot for free.'' -- Unknown */ -#include "mod_ssl.h" +#include "ssl_private.h" #include "mod_status.h" /* _________________________________________________________________ 1.27 +1 -1 httpd-2.0/modules/ssl/ssl_scache_dbm.c Index: ssl_scache_dbm.c =================================================================== RCS file: /home/cvs/httpd-2.0/modules/ssl/ssl_scache_dbm.c,v retrieving revision 1.26 retrieving revision 1.27 diff -w -d -u -r1.26 -r1.27 --- ssl_scache_dbm.c 9 Feb 2004 20:29:22 -0000 1.26 +++ ssl_scache_dbm.c 28 Feb 2004 18:06:35 -0000 1.27 @@ -23,7 +23,7 @@ * Session Cache via DBM */ -#include "mod_ssl.h" +#include "ssl_private.h" void ssl_scache_dbm_init(server_rec *s, apr_pool_t *p) { 1.5 +1 -1 httpd-2.0/modules/ssl/ssl_scache_dc.c Index: ssl_scache_dc.c =================================================================== RCS file: /home/cvs/httpd-2.0/modules/ssl/ssl_scache_dc.c,v retrieving revision 1.4 retrieving revision 1.5 diff -w -d -u -r1.4 -r1.5 --- ssl_scache_dc.c 9 Feb 2004 20:29:22 -0000 1.4 +++ ssl_scache_dc.c 28 Feb 2004 18:06:35 -0000 1.5 @@ -23,7 +23,7 @@ * Distributed Session Cache (client support) */ -#include "mod_ssl.h" +#include "ssl_private.h" /* Only build this code if it's enabled at configure-time. */ #ifdef HAVE_DISTCACHE 1.25 +1 -1 httpd-2.0/modules/ssl/ssl_scache_shmcb.c Index: ssl_scache_shmcb.c =================================================================== RCS file: /home/cvs/httpd-2.0/modules/ssl/ssl_scache_shmcb.c,v retrieving revision 1.24 retrieving revision 1.25 diff -w -d -u -r1.24 -r1.25 --- ssl_scache_shmcb.c 22 Feb 2004 10:23:01 -0000 1.24 +++ ssl_scache_shmcb.c 28 Feb 2004 18:06:35 -0000 1.25 @@ -23,7 +23,7 @@ * Session Cache via Shared Memory (Cyclic Buffer Variant) */ -#include "mod_ssl.h" +#include "ssl_private.h" /* * This shared memory based SSL session cache implementation was 1.46 +1 -1 httpd-2.0/modules/ssl/ssl_util.c Index: ssl_util.c =================================================================== RCS file: /home/cvs/httpd-2.0/modules/ssl/ssl_util.c,v retrieving revision 1.45 retrieving revision 1.46 diff -w -d -u -r1.45 -r1.46 --- ssl_util.c 9 Feb 2004 20:29:22 -0000 1.45 +++ ssl_util.c 28 Feb 2004 18:06:35 -0000 1.46 @@ -28,7 +28,7 @@ who piss me off!'' -- Calvin */ -#include "mod_ssl.h" +#include "ssl_private.h" #include "ap_mpm.h" #include "apr_thread_mutex.h" 1.32 +1 -1 httpd-2.0/modules/ssl/ssl_util_ssl.c Index: ssl_util_ssl.c =================================================================== RCS file: /home/cvs/httpd-2.0/modules/ssl/ssl_util_ssl.c,v retrieving revision 1.31 retrieving revision 1.32 diff -w -d -u -r1.31 -r1.32 --- ssl_util_ssl.c 9 Feb 2004 20:29:22 -0000 1.31 +++ ssl_util_ssl.c 28 Feb 2004 18:06:35 -0000 1.32 @@ -23,7 +23,7 @@ * Additional Utility Functions for OpenSSL */ -#include "mod_ssl.h" +#include "ssl_private.h" /* _________________________________________________________________ ** 1.1 httpd-2.0/modules/ssl/ssl_private.h Index: ssl_private.h =================================================================== /* Copyright 2001-2004 The Apache Software Foundation * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ #ifndef SSL_PRIVATE_H #define SSL_PRIVATE_H /* * Internal interfaces private to mod_ssl. */ /* Apache headers */ #include "httpd.h" #include "http_config.h" #include "http_core.h" #include "http_log.h" #include "http_main.h" #include "http_connection.h" #include "http_request.h" #include "http_protocol.h" #include "util_script.h" #include "util_filter.h" #include "util_ebcdic.h" #include "mpm.h" #include "apr.h" #include "apr_strings.h" #define APR_WANT_STRFUNC #include "apr_want.h" #include "apr_tables.h" #include "apr_lib.h" #include "apr_fnmatch.h" #include "apr_strings.h" #include "apr_dbm.h" #include "apr_rmm.h" #include "apr_shm.h" #include "apr_global_mutex.h" #include "apr_optional.h" #define MOD_SSL_VERSION AP_SERVER_BASEREVISION /* mod_ssl headers */ #include "ssl_toolkit_compat.h" #include "ssl_expr.h" #include "ssl_util_ssl.h" /* The #ifdef macros are only defined AFTER including the above * therefore we cannot include these system files at the top :-( */ #if APR_HAVE_SYS_TIME_H #include #endif #if APR_HAVE_UNISTD_H #include /* needed for STDIN_FILENO et.al., at least on FreeBSD */ #endif /* * Provide reasonable default for some defines */ #ifndef FALSE #define FALSE (0) #endif #ifndef TRUE #define TRUE (!FALSE) #endif #ifndef PFALSE #define PFALSE ((void *)FALSE) #endif #ifndef PTRUE #define PTRUE ((void *)TRUE) #endif #ifndef UNSET #define UNSET (-1) #endif #ifndef NUL #define NUL '\0' #endif #ifndef RAND_MAX #include #define RAND_MAX INT_MAX #endif /* * Provide reasonable defines for some types */ #ifndef BOOL #define BOOL unsigned int #endif #ifndef UCHAR #define UCHAR unsigned char #endif /* * Provide useful shorthands */ #define strEQ(s1,s2) (strcmp(s1,s2) == 0) #define strNE(s1,s2) (strcmp(s1,s2) != 0) #define strEQn(s1,s2,n) (strncmp(s1,s2,n) == 0) #define strNEn(s1,s2,n) (strncmp(s1,s2,n) != 0) #define strcEQ(s1,s2) (strcasecmp(s1,s2) == 0) #define strcNE(s1,s2) (strcasecmp(s1,s2) != 0) #define strcEQn(s1,s2,n) (strncasecmp(s1,s2,n) == 0) #define strcNEn(s1,s2,n) (strncasecmp(s1,s2,n) != 0) #define strIsEmpty(s) (s == NULL || s[0] == NUL) #define myConnConfig(c) \ (SSLConnRec *)ap_get_module_config(c->conn_config, &ssl_module) #define myCtxConfig(sslconn, sc) (sslconn->is_proxy ? sc->proxy : sc->server) #define myConnConfigSet(c, val) \ ap_set_module_config(c->conn_config, &ssl_module, val) #define mySrvConfig(srv) (SSLSrvConfigRec *)ap_get_module_config(srv->module_config, &ssl_module) #define myDirConfig(req) (SSLDirConfigRec *)ap_get_module_config(req->per_dir_config, &ssl_module) #define myModConfig(srv) (mySrvConfig((srv)))->mc #define myCtxVarSet(mc,num,val) mc->rCtx.pV##num = val #define myCtxVarGet(mc,num,type) (type)(mc->rCtx.pV##num) /* * Defaults for the configuration */ #ifndef SSL_SESSION_CACHE_TIMEOUT #define SSL_SESSION_CACHE_TIMEOUT 300 #endif /* * Support for MM library */ #define SSL_MM_FILE_MODE ( APR_UREAD | APR_UWRITE | APR_GREAD | APR_WREAD ) /* * Support for DBM library */ #define SSL_DBM_FILE_MODE ( APR_UREAD | APR_UWRITE | APR_GREAD | APR_WREAD ) #if !defined(SSL_DBM_FILE_SUFFIX_DIR) && !defined(SSL_DBM_FILE_SUFFIX_PAG) #if defined(DBM_SUFFIX) #define SSL_DBM_FILE_SUFFIX_DIR DBM_SUFFIX #define SSL_DBM_FILE_SUFFIX_PAG DBM_SUFFIX #elif defined(__FreeBSD__) || (defined(DB_LOCK) && defined(DB_SHMEM)) #define SSL_DBM_FILE_SUFFIX_DIR ".db" #define SSL_DBM_FILE_SUFFIX_PAG ".db" #else #define SSL_DBM_FILE_SUFFIX_DIR ".dir" #define SSL_DBM_FILE_SUFFIX_PAG ".pag" #endif #endif /* * Define the certificate algorithm types */ typedef int ssl_algo_t; #define SSL_ALGO_UNKNOWN (0) #define SSL_ALGO_RSA (1<<0) #define SSL_ALGO_DSA (1<<1) #define SSL_ALGO_ALL (SSL_ALGO_RSA|SSL_ALGO_DSA) #define SSL_AIDX_RSA (0) #define SSL_AIDX_DSA (1) #define SSL_AIDX_MAX (2) /* * Define IDs for the temporary RSA keys and DH params */ #define SSL_TMP_KEY_RSA_512 (0) #define SSL_TMP_KEY_RSA_1024 (1) #define SSL_TMP_KEY_DH_512 (2) #define SSL_TMP_KEY_DH_1024 (3) #define SSL_TMP_KEY_MAX (4) /* * Define the SSL options */ #define SSL_OPT_NONE (0) #define SSL_OPT_RELSET (1<<0) #define SSL_OPT_STDENVVARS (1<<1) #define SSL_OPT_COMPATENVVARS (1<<2) #define SSL_OPT_EXPORTCERTDATA (1<<3) #define SSL_OPT_FAKEBASICAUTH (1<<4) #define SSL_OPT_STRICTREQUIRE (1<<5) #define SSL_OPT_OPTRENEGOTIATE (1<<6) #define SSL_OPT_ALL (SSL_OPT_STDENVVARS|SSL_OPT_COMPATENVVAR|SSL_OPT_EXPORTCERTDATA|SSL_OPT_FAKEBASICAUTH|SSL_OPT_STRICTREQUIRE|SSL_OPT_OPTRENEGOTIATE) typedef int ssl_opt_t; /* * Define the SSL Protocol options */ #define SSL_PROTOCOL_NONE (0) #define SSL_PROTOCOL_SSLV2 (1<<0) #define SSL_PROTOCOL_SSLV3 (1<<1) #define SSL_PROTOCOL_TLSV1 (1<<2) #define SSL_PROTOCOL_ALL (SSL_PROTOCOL_SSLV2|SSL_PROTOCOL_SSLV3|SSL_PROTOCOL_TLSV1) typedef int ssl_proto_t; /* * Define the SSL verify levels */ typedef enum { SSL_CVERIFY_UNSET = UNSET, SSL_CVERIFY_NONE = 0, SSL_CVERIFY_OPTIONAL = 1, SSL_CVERIFY_REQUIRE = 2, SSL_CVERIFY_OPTIONAL_NO_CA = 3 } ssl_verify_t; #define SSL_VERIFY_PEER_STRICT \ (SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT) #ifndef X509_V_ERR_CERT_UNTRUSTED #define X509_V_ERR_CERT_UNTRUSTED 27 #endif #define ssl_verify_error_is_optional(errnum) \ ((errnum == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT) \ || (errnum == X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN) \ || (errnum == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY) \ || (errnum == X509_V_ERR_CERT_UNTRUSTED) \ || (errnum == X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE)) /* * Define the SSL pass phrase dialog types */ typedef enum { SSL_PPTYPE_UNSET = UNSET, SSL_PPTYPE_BUILTIN = 0, SSL_PPTYPE_FILTER = 1, SSL_PPTYPE_PIPE = 2 } ssl_pphrase_t; /* * Define the Path Checking modes */ #define SSL_PCM_EXISTS 1 #define SSL_PCM_ISREG 2 #define SSL_PCM_ISDIR 4 #define SSL_PCM_ISNONZERO 8 typedef unsigned int ssl_pathcheck_t; /* * Define the SSL session cache modes and structures */ typedef enum { SSL_SCMODE_UNSET = UNSET, SSL_SCMODE_NONE = 0, SSL_SCMODE_DBM = 1, SSL_SCMODE_SHMCB = 3, SSL_SCMODE_DC = 4 } ssl_scmode_t; /* * Define the SSL mutex modes */ typedef enum { SSL_MUTEXMODE_UNSET = UNSET, SSL_MUTEXMODE_NONE = 0, SSL_MUTEXMODE_USED = 1 } ssl_mutexmode_t; /* * Define the SSL requirement structure */ typedef struct { char *cpExpr; ssl_expr *mpExpr; } ssl_require_t; /* * Define the SSL random number generator seeding source */ typedef enum { SSL_RSCTX_STARTUP = 1, SSL_RSCTX_CONNECT = 2 } ssl_rsctx_t; typedef enum { SSL_RSSRC_BUILTIN = 1, SSL_RSSRC_FILE = 2, SSL_RSSRC_EXEC = 3, SSL_RSSRC_EGD = 4 } ssl_rssrc_t; typedef struct { ssl_rsctx_t nCtx; ssl_rssrc_t nSrc; char *cpPath; int nBytes; } ssl_randseed_t; /* * Define the structure of an ASN.1 anything */ typedef struct { long int nData; unsigned char *cpData; apr_time_t source_mtime; } ssl_asn1_t; /* * Define the mod_ssl per-module configuration structure * (i.e. the global configuration for each httpd process) */ typedef enum { SSL_SHUTDOWN_TYPE_UNSET, SSL_SHUTDOWN_TYPE_STANDARD, SSL_SHUTDOWN_TYPE_UNCLEAN, SSL_SHUTDOWN_TYPE_ACCURATE } ssl_shutdown_type_e; typedef struct { SSL *ssl; const char *client_dn; X509 *client_cert; ssl_shutdown_type_e shutdown_type; const char *verify_info; const char *verify_error; int verify_depth; int is_proxy; int disabled; int non_ssl_request; } SSLConnRec; typedef struct { pid_t pid; apr_pool_t *pPool; BOOL bFixed; int nSessionCacheMode; char *szSessionCacheDataFile; int nSessionCacheDataSize; apr_shm_t *pSessionCacheDataMM; apr_rmm_t *pSessionCacheDataRMM; void *tSessionCacheDataTable; ssl_mutexmode_t nMutexMode; apr_lockmech_e nMutexMech; const char *szMutexFile; apr_global_mutex_t *pMutex; apr_array_header_t *aRandSeed; apr_hash_t *tVHostKeys; void *pTmpKeys[SSL_TMP_KEY_MAX]; apr_hash_t *tPublicCert; apr_hash_t *tPrivateKey; #if defined(HAVE_OPENSSL_ENGINE_H) && defined(HAVE_ENGINE_INIT) const char *szCryptoDevice; #endif struct { void *pV1, *pV2, *pV3, *pV4, *pV5, *pV6, *pV7, *pV8, *pV9, *pV10; } rCtx; } SSLModConfigRec; /* public cert/private key */ typedef struct { /* * server only has 1-2 certs/keys * 1 RSA and/or 1 DSA */ const char *cert_files[SSL_AIDX_MAX]; const char *key_files[SSL_AIDX_MAX]; X509 *certs[SSL_AIDX_MAX]; EVP_PKEY *keys[SSL_AIDX_MAX]; } modssl_pk_server_t; typedef struct { /* proxy can have any number of cert/key pairs */ const char *cert_file; const char *cert_path; STACK_OF(X509_INFO) *certs; } modssl_pk_proxy_t; /* stuff related to authentication that can also be per-dir */ typedef struct { /* known/trusted CAs */ const char *ca_cert_path; const char *ca_cert_file; const char *cipher_suite; /* for client or downstream server authentication */ int verify_depth; ssl_verify_t verify_mode; } modssl_auth_ctx_t; typedef struct SSLSrvConfigRec SSLSrvConfigRec; typedef struct { SSLSrvConfigRec *sc; /* pointer back to server config */ SSL_CTX *ssl_ctx; /* we are one or the other */ modssl_pk_server_t *pks; modssl_pk_proxy_t *pkp; ssl_proto_t protocol; /* config for handling encrypted keys */ ssl_pphrase_t pphrase_dialog_type; const char *pphrase_dialog_path; const char *cert_chain; /* certificate revocation list */ const char *crl_path; const char *crl_file; X509_STORE *crl; modssl_auth_ctx_t auth; } modssl_ctx_t; struct SSLSrvConfigRec { SSLModConfigRec *mc; BOOL enabled; BOOL proxy_enabled; const char *vhost_id; int vhost_id_len; int session_cache_timeout; modssl_ctx_t *server; modssl_ctx_t *proxy; }; /* * Define the mod_ssl per-directory configuration structure * (i.e. the local configuration for all * and .htaccess contexts) */ typedef struct { BOOL bSSLRequired; apr_array_header_t *aRequirement; ssl_opt_t nOptions; ssl_opt_t nOptionsAdd; ssl_opt_t nOptionsDel; const char *szCipherSuite; ssl_verify_t nVerifyClient; int nVerifyDepth; const char *szCACertificatePath; const char *szCACertificateFile; } SSLDirConfigRec; /* * function prototypes */ /* API glue structures */ extern module AP_MODULE_DECLARE_DATA ssl_module; /* "global" stuff */ extern const char ssl_valid_ssl_mutex_string[]; /* configuration handling */ SSLModConfigRec *ssl_config_global_create(server_rec *); void ssl_config_global_fix(SSLModConfigRec *); BOOL ssl_config_global_isfixed(SSLModConfigRec *); void *ssl_config_server_create(apr_pool_t *, server_rec *); void *ssl_config_server_merge(apr_pool_t *, void *, void *); void *ssl_config_perdir_create(apr_pool_t *, char *); void *ssl_config_perdir_merge(apr_pool_t *, void *, void *); const char *ssl_cmd_SSLMutex(cmd_parms *, void *, const char *); const char *ssl_cmd_SSLPassPhraseDialog(cmd_parms *, void *, const char *); const char *ssl_cmd_SSLCryptoDevice(cmd_parms *, void *, const char *); const char *ssl_cmd_SSLRandomSeed(cmd_parms *, void *, const char *, const char *, const char *); const char *ssl_cmd_SSLEngine(cmd_parms *, void *, const char *); const char *ssl_cmd_SSLCipherSuite(cmd_parms *, void *, const char *); const char *ssl_cmd_SSLCertificateFile(cmd_parms *, void *, const char *); const char *ssl_cmd_SSLCertificateKeyFile(cmd_parms *, void *, const char *); const char *ssl_cmd_SSLCertificateChainFile(cmd_parms *, void *, const char *); const char *ssl_cmd_SSLCACertificatePath(cmd_parms *, void *, const char *); const char *ssl_cmd_SSLCACertificateFile(cmd_parms *, void *, const char *); const char *ssl_cmd_SSLCARevocationPath(cmd_parms *, void *, const char *); const char *ssl_cmd_SSLCARevocationFile(cmd_parms *, void *, const char *); const char *ssl_cmd_SSLVerifyClient(cmd_parms *, void *, const char *); const char *ssl_cmd_SSLVerifyDepth(cmd_parms *, void *, const char *); const char *ssl_cmd_SSLSessionCache(cmd_parms *, void *, const char *); const char *ssl_cmd_SSLSessionCacheTimeout(cmd_parms *, void *, const char *); const char *ssl_cmd_SSLProtocol(cmd_parms *, void *, const char *); const char *ssl_cmd_SSLOptions(cmd_parms *, void *, const char *); const char *ssl_cmd_SSLRequireSSL(cmd_parms *, void *); const char *ssl_cmd_SSLRequire(cmd_parms *, void *, const char *); const char *ssl_cmd_SSLProxyEngine(cmd_parms *cmd, void *dcfg, int flag); const char *ssl_cmd_SSLProxyProtocol(cmd_parms *, void *, const char *); const char *ssl_cmd_SSLProxyCipherSuite(cmd_parms *, void *, const char *); const char *ssl_cmd_SSLProxyVerify(cmd_parms *, void *, const char *); const char *ssl_cmd_SSLProxyVerifyDepth(cmd_parms *, void *, const char *); const char *ssl_cmd_SSLProxyCACertificatePath(cmd_parms *, void *, const char *); const char *ssl_cmd_SSLProxyCACertificateFile(cmd_parms *, void *, const char *); const char *ssl_cmd_SSLProxyCARevocationPath(cmd_parms *, void *, const char *); const char *ssl_cmd_SSLProxyCARevocationFile(cmd_parms *, void *, const char *); const char *ssl_cmd_SSLProxyMachineCertificatePath(cmd_parms *, void *, const char *); const char *ssl_cmd_SSLProxyMachineCertificateFile(cmd_parms *, void *, const char *); /* module initialization */ int ssl_init_Module(apr_pool_t *, apr_pool_t *, apr_pool_t *, server_rec *); void ssl_init_Engine(server_rec *, apr_pool_t *); void ssl_init_ConfigureServer(server_rec *, apr_pool_t *, apr_pool_t *, SSLSrvConfigRec *); void ssl_init_CheckServers(server_rec *, apr_pool_t *); STACK_OF(X509_NAME) *ssl_init_FindCAList(server_rec *, apr_pool_t *, const char *, const char *); void ssl_init_Child(apr_pool_t *, server_rec *); apr_status_t ssl_init_ModuleKill(void *data); /* Apache API hooks */ int ssl_hook_Translate(request_rec *); int ssl_hook_Auth(request_rec *); int ssl_hook_UserCheck(request_rec *); int ssl_hook_Access(request_rec *); int ssl_hook_Fixup(request_rec *); int ssl_hook_ReadReq(request_rec *); int ssl_hook_Upgrade(request_rec *); /* OpenSSL callbacks */ RSA *ssl_callback_TmpRSA(SSL *, int, int); DH *ssl_callback_TmpDH(SSL *, int, int); int ssl_callback_SSLVerify(int, X509_STORE_CTX *); int ssl_callback_SSLVerify_CRL(int, X509_STORE_CTX *, conn_rec *); int ssl_callback_proxy_cert(SSL *ssl, MODSSL_CLIENT_CERT_CB_ARG_TYPE **x509, EVP_PKEY **pkey); int ssl_callback_NewSessionCacheEntry(SSL *, SSL_SESSION *); SSL_SESSION *ssl_callback_GetSessionCacheEntry(SSL *, unsigned char *, int, int *); void ssl_callback_DelSessionCacheEntry(SSL_CTX *, SSL_SESSION *); void ssl_callback_LogTracingState(MODSSL_INFO_CB_ARG_TYPE, int, int); /* Session Cache Support */ void ssl_scache_init(server_rec *, apr_pool_t *); void ssl_scache_status_register(apr_pool_t *p); void ssl_scache_kill(server_rec *); BOOL ssl_scache_store(server_rec *, UCHAR *, int, time_t, SSL_SESSION *); SSL_SESSION *ssl_scache_retrieve(server_rec *, UCHAR *, int); void ssl_scache_remove(server_rec *, UCHAR *, int); void ssl_scache_expire(server_rec *); char *ssl_scache_id2sz(UCHAR *, int); void ssl_scache_dbm_init(server_rec *, apr_pool_t *); void ssl_scache_dbm_kill(server_rec *); BOOL ssl_scache_dbm_store(server_rec *, UCHAR *, int, time_t, SSL_SESSION *); SSL_SESSION *ssl_scache_dbm_retrieve(server_rec *, UCHAR *, int); void ssl_scache_dbm_remove(server_rec *, UCHAR *, int); void ssl_scache_dbm_expire(server_rec *); void ssl_scache_dbm_status(request_rec *r, int flags, apr_pool_t *pool); void ssl_scache_shmcb_init(server_rec *, apr_pool_t *); void ssl_scache_shmcb_kill(server_rec *); BOOL ssl_scache_shmcb_store(server_rec *, UCHAR *, int, time_t, SSL_SESSION *); SSL_SESSION *ssl_scache_shmcb_retrieve(server_rec *, UCHAR *, int); void ssl_scache_shmcb_remove(server_rec *, UCHAR *, int); void ssl_scache_shmcb_expire(server_rec *); void ssl_scache_shmcb_status(request_rec *r, int flags, apr_pool_t *pool); void ssl_scache_dc_init(server_rec *, apr_pool_t *); void ssl_scache_dc_kill(server_rec *); BOOL ssl_scache_dc_store(server_rec *, UCHAR *, int, time_t, SSL_SESSION *); SSL_SESSION *ssl_scache_dc_retrieve(server_rec *, UCHAR *, int); void ssl_scache_dc_remove(server_rec *, UCHAR *, int); void ssl_scache_dc_expire(server_rec *); void ssl_scache_dc_status(request_rec *r, int flags, apr_pool_t *pool); /* Proxy Support */ int ssl_proxy_enable(conn_rec *c); int ssl_engine_disable(conn_rec *c); /* I/O */ void ssl_io_filter_init(conn_rec *, SSL *); void ssl_io_filter_register(apr_pool_t *); long ssl_io_data_cb(BIO *, int, MODSSL_BIO_CB_ARG_TYPE *, int, long, long); /* PRNG */ int ssl_rand_seed(server_rec *, apr_pool_t *, ssl_rsctx_t, char *); /* Utility Functions */ char *ssl_util_vhostid(apr_pool_t *, server_rec *); void ssl_util_strupper(char *); void ssl_util_uuencode(char *, const char *, BOOL); void ssl_util_uuencode_binary(unsigned char *, const unsigned char *, int, BOOL); apr_file_t *ssl_util_ppopen(server_rec *, apr_pool_t *, const char *, const char * const *); void ssl_util_ppclose(server_rec *, apr_pool_t *, apr_file_t *); char *ssl_util_readfilter(server_rec *, apr_pool_t *, const char *, const char * const *); BOOL ssl_util_path_check(ssl_pathcheck_t, const char *, apr_pool_t *); ssl_algo_t ssl_util_algotypeof(X509 *, EVP_PKEY *); char *ssl_util_algotypestr(ssl_algo_t); char *ssl_util_ptxtsub(apr_pool_t *, const char *, const char *, char *); void ssl_util_thread_setup(apr_pool_t *); int ssl_init_ssl_connection(conn_rec *c); /* Pass Phrase Support */ void ssl_pphrase_Handle(server_rec *, apr_pool_t *); /* Diffie-Hellman Parameter Support */ DH *ssl_dh_GetTmpParam(int); DH *ssl_dh_GetParamFromFile(char *); unsigned char *ssl_asn1_table_set(apr_hash_t *table, const char *key, long int length); ssl_asn1_t *ssl_asn1_table_get(apr_hash_t *table, const char *key); void ssl_asn1_table_unset(apr_hash_t *table, const char *key); const char *ssl_asn1_keystr(int keytype); const char *ssl_asn1_table_keyfmt(apr_pool_t *p, const char *id, int keytype); /* Mutex Support */ int ssl_mutex_init(server_rec *, apr_pool_t *); int ssl_mutex_reinit(server_rec *, apr_pool_t *); int ssl_mutex_on(server_rec *); int ssl_mutex_off(server_rec *); /* Logfile Support */ void ssl_die(void); void ssl_log_ssl_error(const char *, int, int, server_rec *); /* Variables */ void ssl_var_register(void); char *ssl_var_lookup(apr_pool_t *, server_rec *, conn_rec *, request_rec *, char *); void ssl_var_log_config_register(apr_pool_t *p); #define APR_SHM_MAXSIZE (64 * 1024 * 1024) #endif /* SSL_PRIVATE_H */