Changes in include/mod_gnutls.h.in [2aaf4f5:e391197] in mod_gnutls


Ignore:
File:
1 edited

Legend:

Unmodified
Added
Removed
  • include/mod_gnutls.h.in

    r2aaf4f5 re391197  
    11/**
    22 *  Copyright 2004-2005 Paul Querna
     3 *  Copyright 2015 Thomas Klute
    34 *
    45 *  Licensed under the Apache License, Version 2.0 (the "License");
     
    3435#include <gnutls/extra.h>
    3536#endif
     37#include <gnutls/abstract.h>
    3638#include <gnutls/openpgp.h>
    3739#include <gnutls/x509.h>
     
    104106/* Server Configuration Record */
    105107typedef struct {
    106         /* x509 Certificate Structure */
     108    /* --- Configuration values --- */
     109        /* Is the module enabled? */
     110    int enabled;
     111        /* Is mod_proxy enabled? */
     112    int proxy_enabled;
     113        /* A Plain HTTP request */
     114    int non_ssl_request;
     115
     116    /* Additional PKCS #11 provider module to load, only valid in the
     117     * base config, ignored in virtual hosts */
     118    char *p11_module;
     119
     120    /* PIN used for PKCS #11 operations */
     121    char *pin;
     122
     123    /* the SRK PIN used in TPM operations */
     124    char *srk_pin;
     125
     126    char *x509_cert_file;
     127    char *x509_key_file;
     128    char *x509_ca_file;
     129
     130    char *pgp_cert_file;
     131    char *pgp_key_file;
     132    char *pgp_ring_file;
     133
     134    char *dh_file;
     135
     136    char *priorities_str;
     137    char *proxy_priorities_str;
     138
     139    const char* srp_tpasswd_file;
     140    const char* srp_tpasswd_conf_file;
     141
     142        /* Cache timeout value */
     143    int cache_timeout;
     144        /* Chose Cache Type */
     145    mgs_cache_e cache_type;
     146    const char* cache_config;
     147
     148        /* GnuTLS uses Session Tickets */
     149    int tickets;
     150
     151    /* --- Things initialized at _child_init --- */
     152
     153    /* x509 Certificate Structure */
    107154    gnutls_certificate_credentials_t certs;
    108         /* SRP Certificate Structure*/
     155    /* x509 credentials for proxy connections */
     156    gnutls_certificate_credentials_t proxy_x509_creds;
     157    /* trust list for proxy_x509_creds */
     158    gnutls_x509_trust_list_t proxy_x509_tl;
     159    const char* proxy_x509_key_file;
     160    const char* proxy_x509_cert_file;
     161    const char* proxy_x509_ca_file;
     162    const char* proxy_x509_crl_file;
     163    /* GnuTLS priorities for proxy connections */
     164    gnutls_priority_t proxy_priorities;
     165    /* SRP Certificate Structure*/
    109166    gnutls_srp_server_credentials_t srp_creds;
    110         /* Annonymous Certificate Structure */
     167    /* Anonymous Certificate Structure */
    111168    gnutls_anon_server_credentials_t anon_creds;
     169    /* Anonymous Client Certificate Structure, used for proxy
     170     * connections */
     171    gnutls_anon_client_credentials_t anon_client_creds;
    112172        /* Current x509 Certificate CN [Common Name] */
    113173    char* cert_cn;
    114174        /* Current x509 Certificate SAN [Subject Alternate Name]s*/
    115         char* cert_san[MAX_CERT_SAN];
    116         /* A x509 Certificate Chain */
    117     gnutls_x509_crt_t *certs_x509_chain;
    118         /* Current x509 Certificate Private Key */
    119     gnutls_x509_privkey_t privkey_x509;
    120         /* OpenPGP Certificate */
    121     gnutls_openpgp_crt_t cert_pgp;
    122         /* OpenPGP Certificate Private Key */
    123     gnutls_openpgp_privkey_t privkey_pgp;
     175    char* cert_san[MAX_CERT_SAN];
     176        /* An x509 Certificate Chain */
     177    gnutls_pcert_st *certs_x509_chain;
     178    gnutls_x509_crt_t *certs_x509_crt_chain;
    124179        /* Number of Certificates in Chain */
    125180    unsigned int certs_x509_chain_num;
    126         /* Is the module enabled? */
    127     int enabled;
     181
     182        /* Current x509 Certificate Private Key */
     183    gnutls_privkey_t privkey_x509;
     184
     185        /* OpenPGP Certificate */
     186    gnutls_pcert_st *cert_pgp;
     187    gnutls_openpgp_crt_t *cert_crt_pgp;
     188
     189        /* OpenPGP Certificate Private Key */
     190    gnutls_privkey_t privkey_pgp;
     191#if GNUTLS_VERSION_NUMBER < 0x030312
     192    /* Internal structure for the OpenPGP private key, used in the
     193     * workaround for a bug in gnutls_privkey_import_openpgp_raw that
     194     * frees memory that is still needed. DO NOT USE for any other
     195     * purpose. */
     196    gnutls_openpgp_privkey_t privkey_pgp_internal;
     197#endif
     198
    128199    /* Export full certificates to CGI environment: */
    129200    int export_certificates_size;
     
    132203        /* GnuTLS DH Parameters */
    133204    gnutls_dh_params_t dh_params;
    134         /* Cache timeout value */
    135     int cache_timeout;
    136         /* Chose Cache Type */
    137     mgs_cache_e cache_type;
    138     const char* cache_config;
    139     const char* srp_tpasswd_file;
    140     const char* srp_tpasswd_conf_file;
    141205        /* A list of CA Certificates */
    142206    gnutls_x509_crt_t *ca_list;
     
    151215        /* Last Cache timestamp */
    152216    apr_time_t last_cache_check;
    153         /* GnuTLS uses Session Tickets */
    154     int tickets;
    155         /* Is mod_proxy enabled? */
    156     int proxy_enabled;
    157         /* A Plain HTTP request */
    158     int non_ssl_request;
    159217} mgs_srvconf_rec;
    160218
     
    171229        /* Connection record */
    172230    conn_rec* c;
     231        /* Is TLS enabled for this connection? */
     232    int enabled;
     233    /* Is this a proxy connection? */
     234    int is_proxy;
    173235        /* GnuTLS Session handle */
    174236    gnutls_session_t session;
     
    302364
    303365/**
     366 * Perform any reinitialization required in PKCS #11
     367 */
     368int mgs_pkcs11_reinit(server_rec * s);
     369
     370/**
    304371 * Convert a SSL Session ID into a Null Terminated Hex Encoded String
    305372 * @param id raw SSL Session ID
     
    321388
    322389/* Configuration Functions */
     390
     391/* Loads all files set in the configuration */
     392int mgs_load_files(apr_pool_t * p, server_rec * s);
    323393
    324394const char *mgs_set_srp_tpasswd_conf_file(cmd_parms * parms, void *dummy,
     
    355425                                   const char *arg);
    356426
     427const char *mgs_set_p11_module(cmd_parms * parms, void *dummy,
     428                               const char *arg);
     429
     430const char *mgs_set_pin(cmd_parms * parms, void *dummy,
     431                                   const char *arg);
     432
     433const char *mgs_set_srk_pin(cmd_parms * parms, void *dummy,
     434                                   const char *arg);
     435
    357436const char *mgs_set_keyring_file(cmd_parms * parms, void *dummy,
    358437                                   const char *arg);
     
    381460mgs_srvconf_rec* mgs_find_sni_server(gnutls_session_t session);
    382461
     462const char *mgs_store_cred_path(cmd_parms * parms,
     463                                void *dummy __attribute__((unused)),
     464                                const char *arg);
     465
    383466/* mod_gnutls Hooks. */
    384467
Note: See TracChangeset for help on using the changeset viewer.