From c54018b07a9085c0a3aedbc2bd01a85a3b3e20cf Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Sat, 25 May 2024 06:41:27 +0200 Subject: Merging upstream version 2.4.59. Signed-off-by: Daniel Baumann --- modules/tls/tls_ocsp.h | 47 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 47 insertions(+) create mode 100644 modules/tls/tls_ocsp.h (limited to 'modules/tls/tls_ocsp.h') diff --git a/modules/tls/tls_ocsp.h b/modules/tls/tls_ocsp.h new file mode 100644 index 0000000..60770a9 --- /dev/null +++ b/modules/tls/tls_ocsp.h @@ -0,0 +1,47 @@ +/* Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +#ifndef tls_ocsp_h +#define tls_ocsp_h + +/** + * Prime the collected certified keys for OCSP response provisioning (aka. Stapling). + * + * To be called in the post-config phase of the server before connections are handled. + * @param gc the global module configuration with the certified_key registry + * @param p the pool to use for allocations + * @param s the base server record + */ +apr_status_t tls_ocsp_prime_certs(tls_conf_global_t *gc, apr_pool_t *p, server_rec *s); + +/** + * Provide the OCSP response data for the certified_key into the offered buffer, + * so available. + * If not data is available `out_n` is set to 0. Same, if the offered buffer + * is not large enough to hold the complete response. + * If OCSP response DER data is copied, the number of copied bytes is given in `out_n`. + * + * Note that only keys that have been primed initially will have OCSP data available. + * @param c the current connection + * @param certified_key the key to get the OCSP response data for + * @param buf a buffer which can hold up to `buf_len` bytes + * @param buf_len the length of `buf` + * @param out_n the number of OCSP response DER bytes copied or 0. + */ +apr_status_t tls_ocsp_update_key( + conn_rec *c, const rustls_certified_key *certified_key, + const rustls_certified_key **key_out); + +#endif /* tls_ocsp_h */ -- cgit v1.2.3