| [94cb972] | 1 | /** |
|---|
| 2 | * Copyright 2016 Thomas Klute |
|---|
| 3 | * |
|---|
| 4 | * Licensed under the Apache License, Version 2.0 (the "License"); |
|---|
| 5 | * you may not use this file except in compliance with the License. |
|---|
| 6 | * You may obtain a copy of the License at |
|---|
| 7 | * |
|---|
| 8 | * http://www.apache.org/licenses/LICENSE-2.0 |
|---|
| 9 | * |
|---|
| 10 | * Unless required by applicable law or agreed to in writing, software |
|---|
| 11 | * distributed under the License is distributed on an "AS IS" BASIS, |
|---|
| 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
|---|
| 13 | * See the License for the specific language governing permissions and |
|---|
| 14 | * limitations under the License. |
|---|
| 15 | */ |
|---|
| 16 | |
|---|
| 17 | #ifndef __MOD_GNUTLS_OCSP_H__ |
|---|
| 18 | #define __MOD_GNUTLS_OCSP_H__ |
|---|
| 19 | |
|---|
| 20 | #include "gnutls/gnutls.h" |
|---|
| [2a1ffd6] | 21 | #include "gnutls/x509.h" |
|---|
| [94cb972] | 22 | #include "httpd.h" |
|---|
| 23 | #include "http_config.h" |
|---|
| 24 | |
|---|
| 25 | const char *mgs_store_ocsp_response_path(cmd_parms * parms, |
|---|
| 26 | void *dummy __attribute__((unused)), |
|---|
| 27 | const char *arg); |
|---|
| 28 | |
|---|
| [2a1ffd6] | 29 | /* |
|---|
| 30 | * Create a trust list from a certificate chain (one or more |
|---|
| 31 | * certificates). |
|---|
| 32 | * |
|---|
| 33 | * tl: This trust list will be initialized and filled with the |
|---|
| 34 | * specified certificate(s) |
|---|
| 35 | * |
|---|
| 36 | * chain: certificate chain, must contain at least num certifictes |
|---|
| 37 | * |
|---|
| 38 | * num: number of certificates to load from chain |
|---|
| 39 | * |
|---|
| 40 | * Chain is supposed to be static (the trust chain of the server |
|---|
| 41 | * certificate), so when gnutls_x509_trust_list_deinit() is called on |
|---|
| 42 | * tl later, the "all" parameter should be zero. |
|---|
| 43 | * |
|---|
| 44 | * Returns GNUTLS_E_SUCCESS or a GnuTLS error code. In case of error |
|---|
| 45 | * tl will be uninitialized. |
|---|
| 46 | */ |
|---|
| 47 | int mgs_create_ocsp_trust_list(gnutls_x509_trust_list_t *tl, |
|---|
| 48 | const gnutls_x509_crt_t *chain, |
|---|
| 49 | const int num); |
|---|
| 50 | |
|---|
| [fad7695] | 51 | /** |
|---|
| 52 | * Pool cleanup function that deinits the trust list without |
|---|
| 53 | * deinitializing certificates. |
|---|
| 54 | */ |
|---|
| 55 | apr_status_t mgs_cleanup_trust_list(void *data); |
|---|
| 56 | |
|---|
| 57 | /** |
|---|
| 58 | * Initialize server config for OCSP, supposed to be called in the |
|---|
| 59 | * post_config hook for each server where OCSP stapling is enabled, |
|---|
| 60 | * after certificates have been loaded. |
|---|
| 61 | * |
|---|
| 62 | * @return OK or DECLINED on success, any other value on error (like |
|---|
| 63 | * the post_config hook itself) |
|---|
| 64 | */ |
|---|
| 65 | int mgs_ocsp_post_config_server(apr_pool_t *pconf, server_rec *server); |
|---|
| 66 | |
|---|
| [94cb972] | 67 | int mgs_get_ocsp_response(gnutls_session_t session, void *ptr, |
|---|
| 68 | gnutls_datum_t *ocsp_response); |
|---|
| 69 | |
|---|
| 70 | #endif /* __MOD_GNUTLS_OCSP_H__ */ |
|---|
