Changeset 71e9a5c in mod_gnutls for include/mod_gnutls.h.in


Ignore:
Timestamp:
Aug 22, 2015, 3:53:31 PM (6 years ago)
Author:
Daniel Kahn Gillmor <dkg@…>
Branches:
debian/master, debian/stretch-backports, jessie-backports
Children:
b837187
Parents:
2db6923 (diff), 4addf74 (diff)
Note: this is a merge changeset, the changes displayed below correspond to the merge itself.
Use the (diff) links above to see all the changes relative to each parent.
Message:

Merge tag 'upstream/0.7' into debian

Upstream version 0.7

File:
1 edited

Legend:

Unmodified
Added
Removed
  • include/mod_gnutls.h.in

    r2db6923 r71e9a5c  
    11/**
    22 *  Copyright 2004-2005 Paul Querna
     3 *  Copyright 2014 Nikos Mavrogiannopoulos
     4 *  Copyright 2015 Thomas Klute
    35 *
    46 *  Licensed under the Apache License, Version 2.0 (the "License");
     
    3436#include <gnutls/extra.h>
    3537#endif
     38#include <gnutls/abstract.h>
    3639#include <gnutls/openpgp.h>
    3740#include <gnutls/x509.h>
     
    104107/* Server Configuration Record */
    105108typedef struct {
    106         /* x509 Certificate Structure */
    107     gnutls_certificate_credentials_t certs;
    108         /* SRP Certificate Structure*/
    109     gnutls_srp_server_credentials_t srp_creds;
    110         /* Annonymous Certificate Structure */
    111     gnutls_anon_server_credentials_t anon_creds;
    112         /* Current x509 Certificate CN [Common Name] */
    113     char* cert_cn;
    114         /* Current x509 Certificate SAN [Subject Alternate Name]s*/
    115         char* cert_san[MAX_CERT_SAN];
    116         /* A x509 Certificate Chain */
    117     gnutls_x509_crt_t *certs_x509_chain;
    118         /* Current x509 Certificate Private Key */
    119     gnutls_x509_privkey_t privkey_x509;
    120         /* OpenPGP Certificate */
    121     gnutls_openpgp_crt_t cert_pgp;
    122         /* OpenPGP Certificate Private Key */
    123     gnutls_openpgp_privkey_t privkey_pgp;
    124         /* Number of Certificates in Chain */
    125     unsigned int certs_x509_chain_num;
     109    /* --- Configuration values --- */
    126110        /* Is the module enabled? */
    127111    int enabled;
    128     /* Export full certificates to CGI environment: */
    129     int export_certificates_enabled;
    130         /* GnuTLS Priorities */
    131     gnutls_priority_t priorities;
    132         /* GnuTLS DH Parameters */
    133     gnutls_dh_params_t dh_params;
     112        /* Is mod_proxy enabled? */
     113    int proxy_enabled;
     114        /* A Plain HTTP request */
     115    int non_ssl_request;
     116
     117    /* Additional PKCS #11 provider module to load, only valid in the
     118     * base config, ignored in virtual hosts */
     119    char *p11_module;
     120
     121    /* PIN used for PKCS #11 operations */
     122    char *pin;
     123
     124    /* the SRK PIN used in TPM operations */
     125    char *srk_pin;
     126
     127    char *x509_cert_file;
     128    char *x509_key_file;
     129    char *x509_ca_file;
     130
     131    char *pgp_cert_file;
     132    char *pgp_key_file;
     133    char *pgp_ring_file;
     134
     135    char *dh_file;
     136
     137    char *priorities_str;
     138    char *proxy_priorities_str;
     139
     140    const char* srp_tpasswd_file;
     141    const char* srp_tpasswd_conf_file;
     142
    134143        /* Cache timeout value */
    135144    int cache_timeout;
     
    137146    mgs_cache_e cache_type;
    138147    const char* cache_config;
    139     const char* srp_tpasswd_file;
    140     const char* srp_tpasswd_conf_file;
     148
     149        /* GnuTLS uses Session Tickets */
     150    int tickets;
     151
     152    /* --- Things initialized at _child_init --- */
     153
     154    /* x509 Certificate Structure */
     155    gnutls_certificate_credentials_t certs;
     156    /* x509 credentials for proxy connections */
     157    gnutls_certificate_credentials_t proxy_x509_creds;
     158    /* trust list for proxy_x509_creds */
     159    gnutls_x509_trust_list_t proxy_x509_tl;
     160    const char* proxy_x509_key_file;
     161    const char* proxy_x509_cert_file;
     162    const char* proxy_x509_ca_file;
     163    const char* proxy_x509_crl_file;
     164    /* GnuTLS priorities for proxy connections */
     165    gnutls_priority_t proxy_priorities;
     166    /* SRP Certificate Structure*/
     167    gnutls_srp_server_credentials_t srp_creds;
     168    /* Anonymous Certificate Structure */
     169    gnutls_anon_server_credentials_t anon_creds;
     170    /* Anonymous Client Certificate Structure, used for proxy
     171     * connections */
     172    gnutls_anon_client_credentials_t anon_client_creds;
     173        /* Current x509 Certificate CN [Common Name] */
     174    char* cert_cn;
     175        /* Current x509 Certificate SAN [Subject Alternate Name]s*/
     176    char* cert_san[MAX_CERT_SAN];
     177        /* An x509 Certificate Chain */
     178    gnutls_pcert_st *certs_x509_chain;
     179    gnutls_x509_crt_t *certs_x509_crt_chain;
     180        /* Number of Certificates in Chain */
     181    unsigned int certs_x509_chain_num;
     182
     183        /* Current x509 Certificate Private Key */
     184    gnutls_privkey_t privkey_x509;
     185
     186        /* OpenPGP Certificate */
     187    gnutls_pcert_st *cert_pgp;
     188    gnutls_openpgp_crt_t *cert_crt_pgp;
     189
     190        /* OpenPGP Certificate Private Key */
     191    gnutls_privkey_t privkey_pgp;
     192#if GNUTLS_VERSION_NUMBER < 0x030312
     193    /* Internal structure for the OpenPGP private key, used in the
     194     * workaround for a bug in gnutls_privkey_import_openpgp_raw that
     195     * frees memory that is still needed. DO NOT USE for any other
     196     * purpose. */
     197    gnutls_openpgp_privkey_t privkey_pgp_internal;
     198#endif
     199
     200    /* Export full certificates to CGI environment: */
     201    int export_certificates_size;
     202        /* GnuTLS Priorities */
     203    gnutls_priority_t priorities;
     204        /* GnuTLS DH Parameters */
     205    gnutls_dh_params_t dh_params;
    141206        /* A list of CA Certificates */
    142207    gnutls_x509_crt_t *ca_list;
     
    151216        /* Last Cache timestamp */
    152217    apr_time_t last_cache_check;
    153         /* GnuTLS uses Session Tickets */
    154     int tickets;
    155         /* Is mod_proxy enabled? */
    156     int proxy_enabled;
    157         /* A Plain HTTP request */
    158     int non_ssl_request;
    159218} mgs_srvconf_rec;
    160219
     
    171230        /* Connection record */
    172231    conn_rec* c;
     232        /* Is TLS enabled for this connection? */
     233    int enabled;
     234    /* Is this a proxy connection? */
     235    int is_proxy;
    173236        /* GnuTLS Session handle */
    174237    gnutls_session_t session;
     
    302365
    303366/**
     367 * Perform any reinitialization required in PKCS #11
     368 */
     369int mgs_pkcs11_reinit(server_rec * s);
     370
     371/**
    304372 * Convert a SSL Session ID into a Null Terminated Hex Encoded String
    305373 * @param id raw SSL Session ID
     
    321389
    322390/* Configuration Functions */
     391
     392/* Loads all files set in the configuration */
     393int mgs_load_files(apr_pool_t * p, server_rec * s);
    323394
    324395const char *mgs_set_srp_tpasswd_conf_file(cmd_parms * parms, void *dummy,
     
    355426                                   const char *arg);
    356427
     428const char *mgs_set_p11_module(cmd_parms * parms, void *dummy,
     429                               const char *arg);
     430
     431const char *mgs_set_pin(cmd_parms * parms, void *dummy,
     432                                   const char *arg);
     433
     434const char *mgs_set_srk_pin(cmd_parms * parms, void *dummy,
     435                                   const char *arg);
     436
    357437const char *mgs_set_keyring_file(cmd_parms * parms, void *dummy,
    358438                                   const char *arg);
     
    360440const char *mgs_set_enabled(cmd_parms * parms, void *dummy,
    361441                            const char *arg);
    362 const char *mgs_set_export_certificates_enabled(cmd_parms * parms, void *dummy,
     442const char *mgs_set_export_certificates_size(cmd_parms * parms, void *dummy,
    363443                            const char *arg);
    364444const char *mgs_set_priorities(cmd_parms * parms, void *dummy,
     
    381461mgs_srvconf_rec* mgs_find_sni_server(gnutls_session_t session);
    382462
     463const char *mgs_store_cred_path(cmd_parms * parms,
     464                                void *dummy __attribute__((unused)),
     465                                const char *arg);
     466
    383467/* mod_gnutls Hooks. */
    384468
Note: See TracChangeset for help on using the changeset viewer.