Changeset ae29683 in mod_gnutls for include/mod_gnutls.h.in


Ignore:
Timestamp:
Feb 21, 2014, 12:15:56 AM (6 years ago)
Author:
Daniel Kahn Gillmor <dkg@…>
Branches:
debian/master, debian/stretch-backports, jessie-backports, upstream
Children:
4addf74, 62f781c
Parents:
180e49f (diff), 1a99240 (diff)
Note: this is a merge changeset, the changes displayed below correspond to the merge itself.
Use the (diff) links above to see all the changes relative to each parent.
Message:

Imported Upstream version 0.6

File:
1 edited

Legend:

Unmodified
Added
Removed
  • include/mod_gnutls.h.in

    r180e49f rae29683  
    1616 */
    1717
     18/* Apache Runtime Headers */
    1819#include "httpd.h"
    1920#include "http_config.h"
     
    2728#include "apr_tables.h"
    2829#include "ap_release.h"
    29 
     30#include "apr_fnmatch.h"
     31/* GnuTLS Library Headers */
    3032#include <gnutls/gnutls.h>
     33#if GNUTLS_VERSION_MAJOR == 2
    3134#include <gnutls/extra.h>
     35#endif
    3236#include <gnutls/openpgp.h>
    3337#include <gnutls/x509.h>
     
    4044extern module AP_MODULE_DECLARE_DATA gnutls_module;
    4145
     46/* IO Filter names */
    4247#define GNUTLS_OUTPUT_FILTER_NAME "gnutls_output_filter"
    4348#define GNUTLS_INPUT_FILTER_NAME "gnutls_input_filter"
    44 
     49/* GnuTLS Constants */
    4550#define GNUTLS_ENABLED_FALSE 0
    4651#define GNUTLS_ENABLED_TRUE  1
    47 
     52#define GNUTLS_ENABLED_UNSET  2
     53/* Current module version */
    4854#define MOD_GNUTLS_VERSION "@MOD_GNUTLS_VERSION@"
    4955
     56/* Module Debug Mode */
    5057#define MOD_GNUTLS_DEBUG @OOO_MAINTAIN@
    5158
    52 /* Recent Versions of 2.1 renamed several hooks. This allows us to
    53    compile on 2.0.xx  */
     59/*
     60 * Recent Versions of 2.1 renamed several hooks.
     61 * This allows us to compile on 2.0.xx
     62 */
    5463#if AP_SERVER_MINORVERSION_NUMBER >= 2 || (AP_SERVER_MINORVERSION_NUMBER == 1 && AP_SERVER_PATCHLEVEL_NUMBER >= 3)
    55 #define USING_2_1_RECENT 1
    56 #endif
    57 
    58 #ifndef USING_2_1_RECENT
    59 #define USING_2_1_RECENT 0
     64        #define USING_2_1_RECENT 1
     65#else
     66        #define USING_2_1_RECENT 0
    6067#endif
    6168
    62 typedef enum
    63 {
     69/* mod_gnutls Cache Types */
     70typedef enum {
     71        /* No Cache */
    6472    mgs_cache_none,
     73        /* Use Old Berkley DB */
    6574    mgs_cache_dbm,
     75        /* Use Gnu's version of Berkley DB */
    6676    mgs_cache_gdbm,
    6777#if HAVE_APR_MEMCACHE
    68     mgs_cache_memcache
     78        /* Use Memcache */
     79    mgs_cache_memcache,
    6980#endif
     81    mgs_cache_unset
    7082} mgs_cache_e;
    7183
    72 typedef struct
    73 {
     84typedef enum {
     85    mgs_cvm_unset,
     86    mgs_cvm_cartel,
     87    mgs_cvm_msva
     88} mgs_client_verification_method_e;
     89
     90
     91/* Directory Configuration Record */
     92typedef struct {
    7493    int client_verify_mode;
    7594    const char* lua_bytecode;
     
    7897
    7998
    80 /* The maximum number of certificates to send in a chain
    81  */
     99/* The maximum number of certificates to send in a chain */
    82100#define MAX_CHAIN_SIZE 8
    83 
    84 typedef struct
    85 {
     101/* The maximum number of SANs to read from a x509 certificate */
     102#define MAX_CERT_SAN 5
     103
     104/* Server Configuration Record */
     105typedef struct {
     106        /* x509 Certificate Structure */
    86107    gnutls_certificate_credentials_t certs;
     108        /* SRP Certificate Structure*/
    87109    gnutls_srp_server_credentials_t srp_creds;
     110        /* Annonymous Certificate Structure */
    88111    gnutls_anon_server_credentials_t anon_creds;
     112        /* Current x509 Certificate CN [Common Name] */
    89113    char* cert_cn;
    90     gnutls_x509_crt_t certs_x509[MAX_CHAIN_SIZE]; /* A certificate chain */
    91     unsigned int certs_x509_num;
     114        /* Current x509 Certificate SAN [Subject Alternate Name]s*/
     115        char* cert_san[MAX_CERT_SAN];
     116        /* A x509 Certificate Chain */
     117    gnutls_x509_crt_t *certs_x509_chain;
     118        /* Current x509 Certificate Private Key */
    92119    gnutls_x509_privkey_t privkey_x509;
    93     gnutls_openpgp_crt_t cert_pgp; /* A certificate chain */
     120        /* OpenPGP Certificate */
     121    gnutls_openpgp_crt_t cert_pgp;
     122        /* OpenPGP Certificate Private Key */
    94123    gnutls_openpgp_privkey_t privkey_pgp;
     124        /* Number of Certificates in Chain */
     125    unsigned int certs_x509_chain_num;
     126        /* Is the module enabled? */
    95127    int enabled;
    96     /* whether to send the PEM encoded certificates
    97      * to CGIs
    98      */
     128    /* Export full certificates to CGI environment: */
    99129    int export_certificates_enabled;
     130        /* GnuTLS Priorities */
    100131    gnutls_priority_t priorities;
    101     gnutls_rsa_params_t rsa_params;
     132        /* GnuTLS DH Parameters */
    102133    gnutls_dh_params_t dh_params;
     134        /* Cache timeout value */
    103135    int cache_timeout;
     136        /* Chose Cache Type */
    104137    mgs_cache_e cache_type;
    105138    const char* cache_config;
    106139    const char* srp_tpasswd_file;
    107140    const char* srp_tpasswd_conf_file;
     141        /* A list of CA Certificates */
    108142    gnutls_x509_crt_t *ca_list;
     143        /* OpenPGP Key Ring */
    109144    gnutls_openpgp_keyring_t pgp_list;
     145        /* CA Certificate list size */
    110146    unsigned int ca_list_size;
     147        /* Client Certificate Verification Mode */
    111148    int client_verify_mode;
     149        /* Client Certificate Verification Method */
     150    mgs_client_verification_method_e client_verify_method;
     151        /* Last Cache timestamp */
    112152    apr_time_t last_cache_check;
    113     int tickets; /* whether session tickets are allowed */
     153        /* GnuTLS uses Session Tickets */
     154    int tickets;
     155        /* Is mod_proxy enabled? */
     156    int proxy_enabled;
     157        /* A Plain HTTP request */
     158    int non_ssl_request;
    114159} mgs_srvconf_rec;
    115160
     161/* Character Buffer */
    116162typedef struct {
    117163    int length;
     
    119165} mgs_char_buffer_t;
    120166
    121 typedef struct
    122 {
     167/* GnuTLS Handle */
     168typedef struct {
     169        /* Server configuration record */
    123170    mgs_srvconf_rec *sc;
     171        /* Connection record */
    124172    conn_rec* c;
     173        /* GnuTLS Session handle */
    125174    gnutls_session_t session;
    126 
     175        /* module input status */
    127176    apr_status_t input_rc;
     177        /* Input filter */
    128178    ap_filter_t *input_filter;
     179        /* Input Bucket Brigade */
    129180    apr_bucket_brigade *input_bb;
     181        /* Input Read Type */
    130182    apr_read_type_e input_block;
     183        /* Input Mode */
    131184    ap_input_mode_t input_mode;
     185        /* Input Character Buffer */
    132186    mgs_char_buffer_t input_cbuf;
     187        /* Input Character Array */
    133188    char input_buffer[AP_IOBUFSIZE];
    134 
     189        /* module Output status */
    135190    apr_status_t output_rc;
     191        /* Output filter */
    136192    ap_filter_t *output_filter;
     193        /* Output Bucket Brigade */
    137194    apr_bucket_brigade *output_bb;
     195        /* Output character array */
    138196    char output_buffer[AP_IOBUFSIZE];
     197        /* Output buffer length */
    139198    apr_size_t output_blen;
     199        /* Output length */
    140200    apr_size_t output_length;
    141 
     201        /* General Status */
    142202    int status;
    143     int non_https;
    144203} mgs_handle_t;
    145204
     205
     206
    146207/** Functions in gnutls_io.c **/
    147208
    148 /**
    149  * write_flush will flush data
    150  */
    151 static ssize_t write_flush(mgs_handle_t * ctxt);
     209/* apr_signal_block() for blocking SIGPIPE */
     210apr_status_t apr_signal_block(int signum);
     211
     212 /* Proxy Support */
     213/* An optional function which returns non-zero if the given connection
     214is using SSL/TLS. */
     215APR_DECLARE_OPTIONAL_FN(int, ssl_is_https, (conn_rec *));
     216/* The ssl_proxy_enable() and ssl_engine_disable() optional functions
     217 * are used by mod_proxy to enable use of SSL for outgoing
     218 * connections. */
     219APR_DECLARE_OPTIONAL_FN(int, ssl_proxy_enable, (conn_rec *));
     220APR_DECLARE_OPTIONAL_FN(int, ssl_engine_disable, (conn_rec *));
     221int ssl_is_https(conn_rec *c);
     222int ssl_proxy_enable(conn_rec *c);
     223int ssl_engine_disable(conn_rec *c);
     224const char *mgs_set_proxy_engine(cmd_parms * parms, void *dummy,
     225    const char *arg);
     226apr_status_t mgs_cleanup_pre_config(void *data);
    152227
    153228/**
     
    180255
    181256/**
    182  * mgs_transport_read is called from GnuTLS to provide encrypted 
     257 * mgs_transport_read is called from GnuTLS to provide encrypted
    183258 * data from the client.
    184259 *
     
    192267
    193268/**
    194  * mgs_transport_write is called from GnuTLS to 
     269 * mgs_transport_write is called from GnuTLS to
    195270 * write data to the client.
    196271 *
     
    211286 * Init the Cache after Configuration is done
    212287 */
    213 int mgs_cache_post_config(apr_pool_t *p, server_rec *s, 
     288int mgs_cache_post_config(apr_pool_t *p, server_rec *s,
    214289                                 mgs_srvconf_rec *sc);
    215290/**
    216291 * Init the Cache inside each Process
    217292 */
    218 int mgs_cache_child_init(apr_pool_t *p, server_rec *s, 
     293int mgs_cache_child_init(apr_pool_t *p, server_rec *s,
    219294                                mgs_srvconf_rec *sc);
    220295/**
     
    225300#define GNUTLS_SESSION_ID_STRING_LEN \
    226301    ((GNUTLS_MAX_SESSION_ID + 1) * 2)
    227    
     302
    228303/**
    229304 * Convert a SSL Session ID into a Null Terminated Hex Encoded String
     
    253328const char *mgs_set_dh_file(cmd_parms * parms, void *dummy,
    254329                                        const char *arg);
    255 const char *mgs_set_rsa_export_file(cmd_parms * parms, void *dummy,
    256                                         const char *arg);
    257330const char *mgs_set_cert_file(cmd_parms * parms, void *dummy,
    258331                                        const char *arg);
     
    275348const char *mgs_set_client_verify(cmd_parms * parms, void *dummy,
    276349                                  const char *arg);
     350
     351const char *mgs_set_client_verify_method(cmd_parms * parms, void *dummy,
     352                                         const char *arg);
    277353
    278354const char *mgs_set_client_ca_file(cmd_parms * parms, void *dummy,
     
    290366const char *mgs_set_tickets(cmd_parms * parms, void *dummy,
    291367                            const char *arg);
    292                            
    293 const char *mgs_set_require_section(cmd_parms *cmd, 
     368
     369const char *mgs_set_require_section(cmd_parms *cmd,
    294370                                    void *mconfig, const char *arg);
    295371void *mgs_config_server_create(apr_pool_t * p, server_rec * s);
     372void *mgs_config_server_merge(apr_pool_t *p, void *BASE, void *ADD);
    296373
    297374void *mgs_config_dir_merge(apr_pool_t *p, void *basev, void *addv);
     
    299376void *mgs_config_dir_create(apr_pool_t *p, char *dir);
    300377
    301 const char *mgs_set_require_bytecode(cmd_parms *cmd, 
     378const char *mgs_set_require_bytecode(cmd_parms *cmd,
    302379                                    void *mconfig, const char *arg);
    303380
     
    325402int mgs_hook_authz(request_rec *r);
    326403
    327 int mgs_authz_lua(request_rec* r);
    328 
    329404#endif /*  __mod_gnutls_h_inc */
Note: See TracChangeset for help on using the changeset viewer.