Annotation of embedaddon/nginx/src/event/ngx_event_openssl.h, revision 1.1
1.1 ! misho 1:
! 2: /*
! 3: * Copyright (C) Igor Sysoev
! 4: * Copyright (C) Nginx, Inc.
! 5: */
! 6:
! 7:
! 8: #ifndef _NGX_EVENT_OPENSSL_H_INCLUDED_
! 9: #define _NGX_EVENT_OPENSSL_H_INCLUDED_
! 10:
! 11:
! 12: #include <ngx_config.h>
! 13: #include <ngx_core.h>
! 14:
! 15: #include <openssl/ssl.h>
! 16: #include <openssl/err.h>
! 17: #include <openssl/conf.h>
! 18: #include <openssl/engine.h>
! 19: #include <openssl/evp.h>
! 20: #include <openssl/ocsp.h>
! 21:
! 22: #define NGX_SSL_NAME "OpenSSL"
! 23:
! 24:
! 25: #define ngx_ssl_session_t SSL_SESSION
! 26: #define ngx_ssl_conn_t SSL
! 27:
! 28:
! 29: typedef struct {
! 30: SSL_CTX *ctx;
! 31: ngx_log_t *log;
! 32: } ngx_ssl_t;
! 33:
! 34:
! 35: typedef struct {
! 36: ngx_ssl_conn_t *connection;
! 37:
! 38: ngx_int_t last;
! 39: ngx_buf_t *buf;
! 40:
! 41: ngx_connection_handler_pt handler;
! 42:
! 43: ngx_event_handler_pt saved_read_handler;
! 44: ngx_event_handler_pt saved_write_handler;
! 45:
! 46: unsigned handshaked:1;
! 47: unsigned renegotiation:1;
! 48: unsigned buffer:1;
! 49: unsigned no_wait_shutdown:1;
! 50: unsigned no_send_shutdown:1;
! 51: } ngx_ssl_connection_t;
! 52:
! 53:
! 54: #define NGX_SSL_NO_SCACHE -2
! 55: #define NGX_SSL_NONE_SCACHE -3
! 56: #define NGX_SSL_NO_BUILTIN_SCACHE -4
! 57: #define NGX_SSL_DFLT_BUILTIN_SCACHE -5
! 58:
! 59:
! 60: #define NGX_SSL_MAX_SESSION_SIZE 4096
! 61:
! 62: typedef struct ngx_ssl_sess_id_s ngx_ssl_sess_id_t;
! 63:
! 64: struct ngx_ssl_sess_id_s {
! 65: ngx_rbtree_node_t node;
! 66: u_char *id;
! 67: size_t len;
! 68: u_char *session;
! 69: ngx_queue_t queue;
! 70: time_t expire;
! 71: #if (NGX_PTR_SIZE == 8)
! 72: void *stub;
! 73: u_char sess_id[32];
! 74: #endif
! 75: };
! 76:
! 77:
! 78: typedef struct {
! 79: ngx_rbtree_t session_rbtree;
! 80: ngx_rbtree_node_t sentinel;
! 81: ngx_queue_t expire_queue;
! 82: } ngx_ssl_session_cache_t;
! 83:
! 84:
! 85:
! 86: #define NGX_SSL_SSLv2 0x0002
! 87: #define NGX_SSL_SSLv3 0x0004
! 88: #define NGX_SSL_TLSv1 0x0008
! 89: #define NGX_SSL_TLSv1_1 0x0010
! 90: #define NGX_SSL_TLSv1_2 0x0020
! 91:
! 92:
! 93: #define NGX_SSL_BUFFER 1
! 94: #define NGX_SSL_CLIENT 2
! 95:
! 96: #define NGX_SSL_BUFSIZE 16384
! 97:
! 98:
! 99: ngx_int_t ngx_ssl_init(ngx_log_t *log);
! 100: ngx_int_t ngx_ssl_create(ngx_ssl_t *ssl, ngx_uint_t protocols, void *data);
! 101: ngx_int_t ngx_ssl_certificate(ngx_conf_t *cf, ngx_ssl_t *ssl,
! 102: ngx_str_t *cert, ngx_str_t *key);
! 103: ngx_int_t ngx_ssl_client_certificate(ngx_conf_t *cf, ngx_ssl_t *ssl,
! 104: ngx_str_t *cert, ngx_int_t depth);
! 105: ngx_int_t ngx_ssl_trusted_certificate(ngx_conf_t *cf, ngx_ssl_t *ssl,
! 106: ngx_str_t *cert, ngx_int_t depth);
! 107: ngx_int_t ngx_ssl_crl(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *crl);
! 108: ngx_int_t ngx_ssl_stapling(ngx_conf_t *cf, ngx_ssl_t *ssl,
! 109: ngx_str_t *file, ngx_str_t *responder, ngx_uint_t verify);
! 110: ngx_int_t ngx_ssl_stapling_resolver(ngx_conf_t *cf, ngx_ssl_t *ssl,
! 111: ngx_resolver_t *resolver, ngx_msec_t resolver_timeout);
! 112: RSA *ngx_ssl_rsa512_key_callback(SSL *ssl, int is_export, int key_length);
! 113: ngx_int_t ngx_ssl_dhparam(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *file);
! 114: ngx_int_t ngx_ssl_ecdh_curve(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *name);
! 115: ngx_int_t ngx_ssl_session_cache(ngx_ssl_t *ssl, ngx_str_t *sess_ctx,
! 116: ssize_t builtin_session_cache, ngx_shm_zone_t *shm_zone, time_t timeout);
! 117: ngx_int_t ngx_ssl_session_cache_init(ngx_shm_zone_t *shm_zone, void *data);
! 118: ngx_int_t ngx_ssl_create_connection(ngx_ssl_t *ssl, ngx_connection_t *c,
! 119: ngx_uint_t flags);
! 120:
! 121: void ngx_ssl_remove_cached_session(SSL_CTX *ssl, ngx_ssl_session_t *sess);
! 122: ngx_int_t ngx_ssl_set_session(ngx_connection_t *c, ngx_ssl_session_t *session);
! 123: #define ngx_ssl_get_session(c) SSL_get1_session(c->ssl->connection)
! 124: #define ngx_ssl_free_session SSL_SESSION_free
! 125: #define ngx_ssl_get_connection(ssl_conn) \
! 126: SSL_get_ex_data(ssl_conn, ngx_ssl_connection_index)
! 127: #define ngx_ssl_get_server_conf(ssl_ctx) \
! 128: SSL_CTX_get_ex_data(ssl_ctx, ngx_ssl_server_conf_index)
! 129:
! 130: #define ngx_ssl_verify_error_optional(n) \
! 131: (n == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT \
! 132: || n == X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN \
! 133: || n == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY \
! 134: || n == X509_V_ERR_CERT_UNTRUSTED \
! 135: || n == X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE)
! 136:
! 137:
! 138: ngx_int_t ngx_ssl_get_protocol(ngx_connection_t *c, ngx_pool_t *pool,
! 139: ngx_str_t *s);
! 140: ngx_int_t ngx_ssl_get_cipher_name(ngx_connection_t *c, ngx_pool_t *pool,
! 141: ngx_str_t *s);
! 142: ngx_int_t ngx_ssl_get_session_id(ngx_connection_t *c, ngx_pool_t *pool,
! 143: ngx_str_t *s);
! 144: ngx_int_t ngx_ssl_get_raw_certificate(ngx_connection_t *c, ngx_pool_t *pool,
! 145: ngx_str_t *s);
! 146: ngx_int_t ngx_ssl_get_certificate(ngx_connection_t *c, ngx_pool_t *pool,
! 147: ngx_str_t *s);
! 148: ngx_int_t ngx_ssl_get_subject_dn(ngx_connection_t *c, ngx_pool_t *pool,
! 149: ngx_str_t *s);
! 150: ngx_int_t ngx_ssl_get_issuer_dn(ngx_connection_t *c, ngx_pool_t *pool,
! 151: ngx_str_t *s);
! 152: ngx_int_t ngx_ssl_get_serial_number(ngx_connection_t *c, ngx_pool_t *pool,
! 153: ngx_str_t *s);
! 154: ngx_int_t ngx_ssl_get_client_verify(ngx_connection_t *c, ngx_pool_t *pool,
! 155: ngx_str_t *s);
! 156:
! 157:
! 158: ngx_int_t ngx_ssl_handshake(ngx_connection_t *c);
! 159: ssize_t ngx_ssl_recv(ngx_connection_t *c, u_char *buf, size_t size);
! 160: ssize_t ngx_ssl_write(ngx_connection_t *c, u_char *data, size_t size);
! 161: ssize_t ngx_ssl_recv_chain(ngx_connection_t *c, ngx_chain_t *cl);
! 162: ngx_chain_t *ngx_ssl_send_chain(ngx_connection_t *c, ngx_chain_t *in,
! 163: off_t limit);
! 164: void ngx_ssl_free_buffer(ngx_connection_t *c);
! 165: ngx_int_t ngx_ssl_shutdown(ngx_connection_t *c);
! 166: void ngx_cdecl ngx_ssl_error(ngx_uint_t level, ngx_log_t *log, ngx_err_t err,
! 167: char *fmt, ...);
! 168: void ngx_ssl_cleanup_ctx(void *data);
! 169:
! 170:
! 171: extern int ngx_ssl_connection_index;
! 172: extern int ngx_ssl_server_conf_index;
! 173: extern int ngx_ssl_session_cache_index;
! 174: extern int ngx_ssl_certificate_index;
! 175: extern int ngx_ssl_stapling_index;
! 176:
! 177:
! 178: #endif /* _NGX_EVENT_OPENSSL_H_INCLUDED_ */
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>