modules/ssl/mod_ssl.h


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120

/* Licensed to the Apache Software Foundation (ASF) under one or more
 * contributor license agreements.  See the NOTICE file distributed with
 * this work for additional information regarding copyright ownership.
 * The ASF licenses this file to You under the Apache License, Version 2.0
 * (the "License"); you may not use this file except in compliance with
 * the License.  You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

/**
 * @file mod_ssl.h
 * @brief SSL extension module for Apache
 *
 * @defgroup MOD_SSL mod_ssl
 * @ingroup  APACHE_MODS
 * @{
 */

#ifndef __MOD_SSL_H__
#define __MOD_SSL_H__

#include "httpd.h"
#include "http_config.h"
#include "apr_optional.h"
#include "apr_tables.h" /* for apr_array_header_t */

/* Create a set of SSL_DECLARE(type), SSL_DECLARE_NONSTD(type) and
 * SSL_DECLARE_DATA with appropriate export and import tags for the platform
 */
#if !defined(WIN32)
#define SSL_DECLARE(type)            type
#define SSL_DECLARE_NONSTD(type)     type
#define SSL_DECLARE_DATA
#elif defined(SSL_DECLARE_STATIC)
#define SSL_DECLARE(type)            type __stdcall
#define SSL_DECLARE_NONSTD(type)     type
#define SSL_DECLARE_DATA
#elif defined(SSL_DECLARE_EXPORT)
#define SSL_DECLARE(type)            __declspec(dllexport) type __stdcall
#define SSL_DECLARE_NONSTD(type)     __declspec(dllexport) type
#define SSL_DECLARE_DATA             __declspec(dllexport)
#else
#define SSL_DECLARE(type)            __declspec(dllimport) type __stdcall
#define SSL_DECLARE_NONSTD(type)     __declspec(dllimport) type
#define SSL_DECLARE_DATA             __declspec(dllimport)
#endif

/** The ssl_var_lookup() optional function retrieves SSL environment
 * variables. */
APR_DECLARE_OPTIONAL_FN(char *, ssl_var_lookup,
                        (apr_pool_t *, server_rec *,
                         conn_rec *, request_rec *,
                         char *));

/** The ssl_ext_list() optional function attempts to build an array
 * of all the values contained in the named X.509 extension. The
 * returned array will be created in the supplied pool.
 * The client certificate is used if peer is non-zero; the server
 * certificate is used otherwise.
 * Extension specifies the extensions to use as a string. This can be
 * one of the "known" long or short names, or a numeric OID,
 * e.g. "1.2.3.4", 'nsComment' and 'DN' are all valid.
 * A pointer to an apr_array_header_t structure is returned if at
 * least one matching extension is found, NULL otherwise.
 */
APR_DECLARE_OPTIONAL_FN(apr_array_header_t *, ssl_ext_list,
                        (apr_pool_t *p, conn_rec *c, int peer,
                         const char *extension));

/** An optional function which returns non-zero if the given connection
 * is using SSL/TLS. */
APR_DECLARE_OPTIONAL_FN(int, ssl_is_https, (conn_rec *));

/** The ssl_proxy_enable() and ssl_engine_{set,disable}() optional
 * functions are used by mod_proxy to enable use of SSL for outgoing
 * connections. */

APR_DECLARE_OPTIONAL_FN(int, ssl_proxy_enable, (conn_rec *));
APR_DECLARE_OPTIONAL_FN(int, ssl_engine_disable, (conn_rec *));
APR_DECLARE_OPTIONAL_FN(int, ssl_engine_set, (conn_rec *,
                                              ap_conf_vector_t *,
                                              int proxy, int enable));
                                              
/* Check for availability of new hooks */
#define SSL_CERT_HOOKS
#ifdef SSL_CERT_HOOKS

/** Lets others add certificate and key files to the given server.
 * For each cert a key must also be added.
 * @param cert_file and array of const char* with the path to the certificate chain
 * @param key_file and array of const char* with the path to the private key file
 */
APR_DECLARE_EXTERNAL_HOOK(ssl, SSL, int, add_cert_files,
                          (server_rec *s, apr_pool_t *p, 
                           apr_array_header_t *cert_files,
                           apr_array_header_t *key_files))

/** In case no certificates are available for a server, this
 * lets other modules add a fallback certificate for the time
 * being. Regular requests against this server will be answered
 * with a 503. 
 * @param cert_file and array of const char* with the path to the certificate chain
 * @param key_file and array of const char* with the path to the private key file
 */
APR_DECLARE_EXTERNAL_HOOK(ssl, SSL, int, add_fallback_cert_files,
                          (server_rec *s, apr_pool_t *p, 
                           apr_array_header_t *cert_files,
                           apr_array_header_t *key_files))

#endif /* SSL_CERT_HOOKS */

#endif /* __MOD_SSL_H__ */
/** @} */