summaryrefslogtreecommitdiffstats
path: root/modules/tls/tls_ocsp.h
diff options
context:
space:
mode:
Diffstat (limited to 'modules/tls/tls_ocsp.h')
-rw-r--r--modules/tls/tls_ocsp.h47
1 files changed, 47 insertions, 0 deletions
diff --git a/modules/tls/tls_ocsp.h b/modules/tls/tls_ocsp.h
new file mode 100644
index 0000000..60770a9
--- /dev/null
+++ b/modules/tls/tls_ocsp.h
@@ -0,0 +1,47 @@
+/* Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#ifndef tls_ocsp_h
+#define tls_ocsp_h
+
+/**
+ * Prime the collected certified keys for OCSP response provisioning (aka. Stapling).
+ *
+ * To be called in the post-config phase of the server before connections are handled.
+ * @param gc the global module configuration with the certified_key registry
+ * @param p the pool to use for allocations
+ * @param s the base server record
+ */
+apr_status_t tls_ocsp_prime_certs(tls_conf_global_t *gc, apr_pool_t *p, server_rec *s);
+
+/**
+ * Provide the OCSP response data for the certified_key into the offered buffer,
+ * so available.
+ * If not data is available `out_n` is set to 0. Same, if the offered buffer
+ * is not large enough to hold the complete response.
+ * If OCSP response DER data is copied, the number of copied bytes is given in `out_n`.
+ *
+ * Note that only keys that have been primed initially will have OCSP data available.
+ * @param c the current connection
+ * @param certified_key the key to get the OCSP response data for
+ * @param buf a buffer which can hold up to `buf_len` bytes
+ * @param buf_len the length of `buf`
+ * @param out_n the number of OCSP response DER bytes copied or 0.
+ */
+apr_status_t tls_ocsp_update_key(
+ conn_rec *c, const rustls_certified_key *certified_key,
+ const rustls_certified_key **key_out);
+
+#endif /* tls_ocsp_h */