blob: 60770a9f8ef162a3d3ce18679525da9b944c0cb2 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
|
/* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#ifndef tls_ocsp_h
#define tls_ocsp_h
/**
* Prime the collected certified keys for OCSP response provisioning (aka. Stapling).
*
* To be called in the post-config phase of the server before connections are handled.
* @param gc the global module configuration with the certified_key registry
* @param p the pool to use for allocations
* @param s the base server record
*/
apr_status_t tls_ocsp_prime_certs(tls_conf_global_t *gc, apr_pool_t *p, server_rec *s);
/**
* Provide the OCSP response data for the certified_key into the offered buffer,
* so available.
* If not data is available `out_n` is set to 0. Same, if the offered buffer
* is not large enough to hold the complete response.
* If OCSP response DER data is copied, the number of copied bytes is given in `out_n`.
*
* Note that only keys that have been primed initially will have OCSP data available.
* @param c the current connection
* @param certified_key the key to get the OCSP response data for
* @param buf a buffer which can hold up to `buf_len` bytes
* @param buf_len the length of `buf`
* @param out_n the number of OCSP response DER bytes copied or 0.
*/
apr_status_t tls_ocsp_update_key(
conn_rec *c, const rustls_certified_key *certified_key,
const rustls_certified_key **key_out);
#endif /* tls_ocsp_h */
|