File: ssl.h

package info (click to toggle)
aprx 2.9.0+dfsg-2
  • links: PTS, VCS
  • area: main
  • in suites: bullseye, buster, sid
  • size: 2,352 kB
  • sloc: ansic: 15,809; sh: 598; makefile: 160
file content (102 lines) | stat: -rw-r--r-- 2,372 bytes parent folder | download | duplicates (2)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102

#include "config.h"

#ifdef HAVE_OPENSSL_SSL_H
#define USE_SSL
#endif

#ifndef SSL_H
#define SSL_H

#ifdef USE_SSL

#include <openssl/ssl.h>
#include <openssl/err.h>
#include <openssl/conf.h>
#include <openssl/engine.h>
#include <openssl/evp.h>

/* ssl error codes, must match ssl_err_labels order */
#define SSL_VALIDATE_INTERNAL_ERROR -1
#define SSL_VALIDATE_CLIENT_CERT_UNVERIFIED -2
#define SSL_VALIDATE_NO_CLIENT_CERT -3
#define SSL_VALIDATE_CERT_NO_SUBJECT -4
#define SSL_VALIDATE_CERT_NO_CALLSIGN -5
#define SSL_VALIDATE_CERT_CALLSIGN_MISMATCH -6

struct client_t;
struct worker_t;

struct ssl_t {
	SSL_CTX *ctx;
	
	unsigned	validate;
};

struct ssl_connection_t {
	SSL             *connection;
	
	unsigned	handshaked:1;
	
	unsigned	renegotiation:1;
	unsigned	buffer:1;
	unsigned	no_wait_shutdown:1;
	unsigned	no_send_shutdown:1;
	
	unsigned	validate;
	int		ssl_err_code;
};

#define NGX_SSL_SSLv2    0x0002
#define NGX_SSL_SSLv3    0x0004
#define NGX_SSL_TLSv1    0x0008
#define NGX_SSL_TLSv1_1  0x0010
#define NGX_SSL_TLSv1_2  0x0020


#define NGX_SSL_BUFFER   1
#define NGX_SSL_CLIENT   2

#define NGX_SSL_BUFSIZE  16384

/* string representations for error codes */
extern const char *ssl_strerror(int code);

/* initialize and deinit the library */
extern int ssl_init(void);
extern void ssl_atend(void);

/* per-listener structure allocators */
extern struct ssl_t *ssl_alloc(void);
extern void ssl_free(struct ssl_t *ssl);

/* create context for listener, load certs */
extern int ssl_create(struct ssl_t *ssl, void *data);
extern int ssl_certificate(struct ssl_t *ssl, const char *certfile, const char *keyfile);
extern int ssl_ca_certificate(struct ssl_t *ssl, const char *cafile, int depth);

/* create / free connection */
extern int ssl_create_connection(struct ssl_t *ssl, struct client_t *c, int i_am_client);
extern void ssl_free_connection(struct client_t *c);

/* validate a client certificate */
extern int ssl_validate_peer_cert_phase1(struct client_t *c);
extern int ssl_validate_peer_cert_phase2(struct client_t *c);

extern int ssl_write(struct worker_t *self, struct client_t *c);
extern int ssl_writable(struct worker_t *self, struct client_t *c);
extern int ssl_readable(struct worker_t *self, struct client_t *c);


#else

struct ssl_t {
};


#define ssl_init(...) { }
#define ssl_atend(...) { }

#endif /* USE_SSL */
#endif /* SSL_H */