canl_mod_ssl-private.h
Go to the documentation of this file.
1 /*
2  Copyright (c) 2003-8, Andrew McNab, University of Manchester
3  All rights reserved.
4 
5  Redistribution and use in source and binary forms, with or
6  without modification, are permitted provided that the following
7  conditions are met:
8 
9  o Redistributions of source code must retain the above
10  copyright notice, this list of conditions and the following
11  disclaimer.
12  o Redistributions in binary form must reproduce the above
13  copyright notice, this list of conditions and the following
14  disclaimer in the documentation and/or other materials
15  provided with the distribution.
16 
17  THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
18  CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
19  INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
20  MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
21  DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
22  BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
23  EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
24  TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
25  DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
26  ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
27  OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
28  OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
29  POSSIBILITY OF SUCH DAMAGE.
30 */
31 
32 /*
33 
34  Portions of this code are derived from Apache mod_ssl, and are covered
35  by the Apache Software License:
36 
37  * Copyright 2001-2004 The Apache Software Foundation
38  *
39  * Licensed under the Apache License, Version 2.0 (the "License");
40  * you may not use this file except in compliance with the License.
41  * You may obtain a copy of the License at
42  *
43  * http://www.apache.org/licenses/LICENSE-2.0
44  *
45  * Unless required by applicable law or agreed to in writing, software
46  * distributed under the License is distributed on an "AS IS" BASIS,
47  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
48  * See the License for the specific language governing permissions and
49  * limitations under the License.
50  */
51 
52 /*
53  This work has been partially funded by the EU Commission (contract
54  INFSO-RI-222667) under the EGEE-III collaboration.
55 */
56 
57 /*------------------------------------------------------------------*
58  * This program is part of GridSite: http://www.gridsite.org/ *
59  *------------------------------------------------------------------*/
60 
61 
62 /*
63  * After 2.0.49, Apache mod_ssl has most of the mod_ssl structures defined
64  * in ssl_private.h, which is not installed along with httpd-devel (eg in
65  * the FC2 RPM.) This include file provides SIMPLIFIED structures for use
66  * by mod_gridsite: for example, pointers to unused structures are replaced
67  * by void * and some of the structures are truncated when only the early
68  * members are used.
69  *
70  * CLEARLY, THIS WILL BREAK IF THERE ARE MAJOR CHANGES TO ssl_private.h!!!
71  */
72 
73 #include <openssl/ssl.h>
74 
75 #ifndef BOOL
76 #define BOOL unsigned int
77 #endif
78 
79 typedef enum {
85 
86 typedef enum {
92 
93 #if AP_MODULE_MAGIC_AT_LEAST(20051115,0)
94 typedef enum {
100 } ssl_verify_t;
101 
102 #endif
103 
104 typedef struct {
105  SSL *ssl;
106  const char *client_dn;
107  X509 *client_cert;
109  const char *verify_info;
110  const char *verify_error;
112  int is_proxy;
113  int disabled;
115 } SSLConnRec;
116 
117 #if AP_MODULE_MAGIC_AT_LEAST(20051115,0)
118 typedef struct {
119  const char *ca_cert_path;
120  const char *ca_cert_file;
121 
122  const char *cipher_suite;
123 
127 #endif
128 
129 typedef struct {
130  void *sc; /* pointer back to server config */
131  SSL_CTX *ssl_ctx;
132 #if AP_MODULE_MAGIC_AT_LEAST(20051115,0)
133  void *pks;
134  void *pkp;
135 
136  int protocol;
137 
139  const char *pphrase_dialog_path;
140 
141  const char *cert_chain;
142 
143  const char *crl_path;
144  const char *crl_file;
145  X509_STORE *crl;
146 
148 #endif
149 } modssl_ctx_t;
150 
151 /* original SSLSrvConfigRec */
152 typedef struct {
153  void *mc;
154  BOOL enabled;
156  const char *vhost_id;
159 #if AP_MODULE_MAGIC_AT_LEAST(20051115,0)
161 #endif
165 
166 /* SSLSrvConfigRec after mod_ssl patch for CVE-2009-3555 */
167 typedef struct {
168  void *mc;
169  unsigned int enabled;
170  unsigned int proxy_enabled;
171  const char *vhost_id;
174 #if AP_MODULE_MAGIC_AT_LEAST(20051115,0)
176 #endif
177  /* this is the member that was added */
182 
183 /* The server and proxy members of SSLSrvConfigRec must only be accessed
184  using these macros: */
185 #define SSLSrvConfigRec_server(sc) (mod_ssl_with_insecure_reneg ? (((SSLSrvConfigRec2 *) sc)->server) : (((SSLSrvConfigRec *) sc)->server))
186 #define SSLSrvConfigRec_proxy(sc) (mod_ssl_with_insecure_reneg ? (((SSLSrvConfigRec2 *) sc)->proxy) : (((SSLSrvConfigRec *) sc)->proxy))
187 
188 #if AP_MODULE_MAGIC_AT_LEAST(20051115,0)
189 typedef struct {
191  apr_array_header_t *aRequirement;
192  int nOptions;
195  const char *szCipherSuite;
198  const char *szCACertificatePath;
199  const char *szCACertificateFile;
200  const char *szUserName;
202 #endif
203 
204 extern module AP_MODULE_DECLARE_DATA ssl_module;
int insecure_reneg
Definition: canl_mod_ssl-private.h:178
void * mc
Definition: canl_mod_ssl-private.h:153
int pphrase_dialog_type
Definition: canl_mod_ssl-private.h:138
ssl_enabled_t
Definition: canl_mod_ssl-private.h:86
int verify_depth
Definition: canl_mod_ssl-private.h:111
int is_proxy
Definition: canl_mod_ssl-private.h:112
apr_array_header_t * aRequirement
Definition: canl_mod_ssl-private.h:191
BOOL proxy_enabled
Definition: canl_mod_ssl-private.h:155
unsigned int proxy_enabled
Definition: canl_mod_ssl-private.h:170
void * pks
Definition: canl_mod_ssl-private.h:133
Definition: canl_mod_ssl-private.h:98
modssl_ctx_t * proxy
Definition: canl_mod_ssl-private.h:180
ssl_verify_t nVerifyClient
Definition: canl_mod_ssl-private.h:196
ssl_verify_t verify_mode
Definition: canl_mod_ssl-private.h:125
void * pkp
Definition: canl_mod_ssl-private.h:134
Definition: canl_mod_ssl-private.h:89
modssl_ctx_t * server
Definition: canl_mod_ssl-private.h:162
const char * crl_file
Definition: canl_mod_ssl-private.h:144
const char * client_dn
Definition: canl_mod_ssl-private.h:106
ssl_shutdown_type_e shutdown_type
Definition: canl_mod_ssl-private.h:108
Definition: canl_mod_ssl-private.h:88
int nVerifyDepth
Definition: canl_mod_ssl-private.h:197
int non_ssl_request
Definition: canl_mod_ssl-private.h:114
Definition: canl_mod_ssl-private.h:167
const char * crl_path
Definition: canl_mod_ssl-private.h:143
int vhost_id_len
Definition: canl_mod_ssl-private.h:157
const char * cipher_suite
Definition: canl_mod_ssl-private.h:122
Definition: canl_mod_ssl-private.h:189
int verify_depth
Definition: canl_mod_ssl-private.h:124
X509 * client_cert
Definition: canl_mod_ssl-private.h:107
Definition: canl_mod_ssl-private.h:95
BOOL cipher_server_pref
Definition: canl_mod_ssl-private.h:175
int vhost_id_len
Definition: canl_mod_ssl-private.h:172
modssl_auth_ctx_t auth
Definition: canl_mod_ssl-private.h:147
int nOptionsAdd
Definition: canl_mod_ssl-private.h:193
Definition: canl_mod_ssl-private.h:118
SSL_CTX * ssl_ctx
Definition: canl_mod_ssl-private.h:131
const char * verify_error
Definition: canl_mod_ssl-private.h:110
unsigned int enabled
Definition: canl_mod_ssl-private.h:169
SSL * ssl
Definition: canl_mod_ssl-private.h:105
modssl_ctx_t * server
Definition: canl_mod_ssl-private.h:179
module AP_MODULE_DECLARE_DATA ssl_module
const char * ca_cert_path
Definition: canl_mod_ssl-private.h:119
int session_cache_timeout
Definition: canl_mod_ssl-private.h:173
X509_STORE * crl
Definition: canl_mod_ssl-private.h:145
Definition: canl_mod_ssl-private.h:129
BOOL cipher_server_pref
Definition: canl_mod_ssl-private.h:160
const char * szCACertificateFile
Definition: canl_mod_ssl-private.h:199
const char * szCipherSuite
Definition: canl_mod_ssl-private.h:195
Definition: canl_mod_ssl-private.h:96
int disabled
Definition: canl_mod_ssl-private.h:113
const char * cert_chain
Definition: canl_mod_ssl-private.h:141
const char * szUserName
Definition: canl_mod_ssl-private.h:200
Definition: canl_mod_ssl-private.h:97
Definition: canl_mod_ssl-private.h:152
Definition: canl_mod_ssl-private.h:81
const char * vhost_id
Definition: canl_mod_ssl-private.h:156
const char * vhost_id
Definition: canl_mod_ssl-private.h:171
Definition: canl_mod_ssl-private.h:82
const char * verify_info
Definition: canl_mod_ssl-private.h:109
BOOL enabled
Definition: canl_mod_ssl-private.h:154
int protocol
Definition: canl_mod_ssl-private.h:136
Definition: canl_mod_ssl-private.h:87
void * mc
Definition: canl_mod_ssl-private.h:168
modssl_ctx_t * proxy
Definition: canl_mod_ssl-private.h:163
Definition: canl_mod_ssl-private.h:83
ssl_shutdown_type_e
Definition: canl_mod_ssl-private.h:79
Definition: canl_mod_ssl-private.h:90
int nOptions
Definition: canl_mod_ssl-private.h:192
const char * pphrase_dialog_path
Definition: canl_mod_ssl-private.h:139
Definition: canl_mod_ssl-private.h:80
void * sc
Definition: canl_mod_ssl-private.h:130
int session_cache_timeout
Definition: canl_mod_ssl-private.h:158
ssl_verify_t
Definition: canl_mod_ssl-private.h:94
Definition: canl_mod_ssl-private.h:99
int nOptionsDel
Definition: canl_mod_ssl-private.h:194
const char * szCACertificatePath
Definition: canl_mod_ssl-private.h:198
BOOL bSSLRequired
Definition: canl_mod_ssl-private.h:190
Definition: canl_mod_ssl-private.h:104
const char * ca_cert_file
Definition: canl_mod_ssl-private.h:120