Annotation of embedaddon/nginx/src/event/ngx_event_openssl.h, revision 1.1.1.1
1.1 misho 1:
2: /*
3: * Copyright (C) Igor Sysoev
4: * Copyright (C) Nginx, Inc.
5: */
6:
7:
8: #ifndef _NGX_EVENT_OPENSSL_H_INCLUDED_
9: #define _NGX_EVENT_OPENSSL_H_INCLUDED_
10:
11:
12: #include <ngx_config.h>
13: #include <ngx_core.h>
14:
15: #include <openssl/ssl.h>
16: #include <openssl/err.h>
17: #include <openssl/conf.h>
18: #include <openssl/engine.h>
19: #include <openssl/evp.h>
20: #include <openssl/ocsp.h>
21:
22: #define NGX_SSL_NAME "OpenSSL"
23:
24:
25: #define ngx_ssl_session_t SSL_SESSION
26: #define ngx_ssl_conn_t SSL
27:
28:
29: typedef struct {
30: SSL_CTX *ctx;
31: ngx_log_t *log;
32: } ngx_ssl_t;
33:
34:
35: typedef struct {
36: ngx_ssl_conn_t *connection;
37:
38: ngx_int_t last;
39: ngx_buf_t *buf;
40:
41: ngx_connection_handler_pt handler;
42:
43: ngx_event_handler_pt saved_read_handler;
44: ngx_event_handler_pt saved_write_handler;
45:
46: unsigned handshaked:1;
47: unsigned renegotiation:1;
48: unsigned buffer:1;
49: unsigned no_wait_shutdown:1;
50: unsigned no_send_shutdown:1;
51: } ngx_ssl_connection_t;
52:
53:
54: #define NGX_SSL_NO_SCACHE -2
55: #define NGX_SSL_NONE_SCACHE -3
56: #define NGX_SSL_NO_BUILTIN_SCACHE -4
57: #define NGX_SSL_DFLT_BUILTIN_SCACHE -5
58:
59:
60: #define NGX_SSL_MAX_SESSION_SIZE 4096
61:
62: typedef struct ngx_ssl_sess_id_s ngx_ssl_sess_id_t;
63:
64: struct ngx_ssl_sess_id_s {
65: ngx_rbtree_node_t node;
66: u_char *id;
67: size_t len;
68: u_char *session;
69: ngx_queue_t queue;
70: time_t expire;
71: #if (NGX_PTR_SIZE == 8)
72: void *stub;
73: u_char sess_id[32];
74: #endif
75: };
76:
77:
78: typedef struct {
79: ngx_rbtree_t session_rbtree;
80: ngx_rbtree_node_t sentinel;
81: ngx_queue_t expire_queue;
82: } ngx_ssl_session_cache_t;
83:
84:
85:
86: #define NGX_SSL_SSLv2 0x0002
87: #define NGX_SSL_SSLv3 0x0004
88: #define NGX_SSL_TLSv1 0x0008
89: #define NGX_SSL_TLSv1_1 0x0010
90: #define NGX_SSL_TLSv1_2 0x0020
91:
92:
93: #define NGX_SSL_BUFFER 1
94: #define NGX_SSL_CLIENT 2
95:
96: #define NGX_SSL_BUFSIZE 16384
97:
98:
99: ngx_int_t ngx_ssl_init(ngx_log_t *log);
100: ngx_int_t ngx_ssl_create(ngx_ssl_t *ssl, ngx_uint_t protocols, void *data);
101: ngx_int_t ngx_ssl_certificate(ngx_conf_t *cf, ngx_ssl_t *ssl,
102: ngx_str_t *cert, ngx_str_t *key);
103: ngx_int_t ngx_ssl_client_certificate(ngx_conf_t *cf, ngx_ssl_t *ssl,
104: ngx_str_t *cert, ngx_int_t depth);
105: ngx_int_t ngx_ssl_trusted_certificate(ngx_conf_t *cf, ngx_ssl_t *ssl,
106: ngx_str_t *cert, ngx_int_t depth);
107: ngx_int_t ngx_ssl_crl(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *crl);
108: ngx_int_t ngx_ssl_stapling(ngx_conf_t *cf, ngx_ssl_t *ssl,
109: ngx_str_t *file, ngx_str_t *responder, ngx_uint_t verify);
110: ngx_int_t ngx_ssl_stapling_resolver(ngx_conf_t *cf, ngx_ssl_t *ssl,
111: ngx_resolver_t *resolver, ngx_msec_t resolver_timeout);
112: RSA *ngx_ssl_rsa512_key_callback(SSL *ssl, int is_export, int key_length);
113: ngx_int_t ngx_ssl_dhparam(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *file);
114: ngx_int_t ngx_ssl_ecdh_curve(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *name);
115: ngx_int_t ngx_ssl_session_cache(ngx_ssl_t *ssl, ngx_str_t *sess_ctx,
116: ssize_t builtin_session_cache, ngx_shm_zone_t *shm_zone, time_t timeout);
117: ngx_int_t ngx_ssl_session_cache_init(ngx_shm_zone_t *shm_zone, void *data);
118: ngx_int_t ngx_ssl_create_connection(ngx_ssl_t *ssl, ngx_connection_t *c,
119: ngx_uint_t flags);
120:
121: void ngx_ssl_remove_cached_session(SSL_CTX *ssl, ngx_ssl_session_t *sess);
122: ngx_int_t ngx_ssl_set_session(ngx_connection_t *c, ngx_ssl_session_t *session);
123: #define ngx_ssl_get_session(c) SSL_get1_session(c->ssl->connection)
124: #define ngx_ssl_free_session SSL_SESSION_free
125: #define ngx_ssl_get_connection(ssl_conn) \
126: SSL_get_ex_data(ssl_conn, ngx_ssl_connection_index)
127: #define ngx_ssl_get_server_conf(ssl_ctx) \
128: SSL_CTX_get_ex_data(ssl_ctx, ngx_ssl_server_conf_index)
129:
130: #define ngx_ssl_verify_error_optional(n) \
131: (n == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT \
132: || n == X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN \
133: || n == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY \
134: || n == X509_V_ERR_CERT_UNTRUSTED \
135: || n == X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE)
136:
137:
138: ngx_int_t ngx_ssl_get_protocol(ngx_connection_t *c, ngx_pool_t *pool,
139: ngx_str_t *s);
140: ngx_int_t ngx_ssl_get_cipher_name(ngx_connection_t *c, ngx_pool_t *pool,
141: ngx_str_t *s);
142: ngx_int_t ngx_ssl_get_session_id(ngx_connection_t *c, ngx_pool_t *pool,
143: ngx_str_t *s);
144: ngx_int_t ngx_ssl_get_raw_certificate(ngx_connection_t *c, ngx_pool_t *pool,
145: ngx_str_t *s);
146: ngx_int_t ngx_ssl_get_certificate(ngx_connection_t *c, ngx_pool_t *pool,
147: ngx_str_t *s);
148: ngx_int_t ngx_ssl_get_subject_dn(ngx_connection_t *c, ngx_pool_t *pool,
149: ngx_str_t *s);
150: ngx_int_t ngx_ssl_get_issuer_dn(ngx_connection_t *c, ngx_pool_t *pool,
151: ngx_str_t *s);
152: ngx_int_t ngx_ssl_get_serial_number(ngx_connection_t *c, ngx_pool_t *pool,
153: ngx_str_t *s);
154: ngx_int_t ngx_ssl_get_client_verify(ngx_connection_t *c, ngx_pool_t *pool,
155: ngx_str_t *s);
156:
157:
158: ngx_int_t ngx_ssl_handshake(ngx_connection_t *c);
159: ssize_t ngx_ssl_recv(ngx_connection_t *c, u_char *buf, size_t size);
160: ssize_t ngx_ssl_write(ngx_connection_t *c, u_char *data, size_t size);
161: ssize_t ngx_ssl_recv_chain(ngx_connection_t *c, ngx_chain_t *cl);
162: ngx_chain_t *ngx_ssl_send_chain(ngx_connection_t *c, ngx_chain_t *in,
163: off_t limit);
164: void ngx_ssl_free_buffer(ngx_connection_t *c);
165: ngx_int_t ngx_ssl_shutdown(ngx_connection_t *c);
166: void ngx_cdecl ngx_ssl_error(ngx_uint_t level, ngx_log_t *log, ngx_err_t err,
167: char *fmt, ...);
168: void ngx_ssl_cleanup_ctx(void *data);
169:
170:
171: extern int ngx_ssl_connection_index;
172: extern int ngx_ssl_server_conf_index;
173: extern int ngx_ssl_session_cache_index;
174: extern int ngx_ssl_certificate_index;
175: extern int ngx_ssl_stapling_index;
176:
177:
178: #endif /* _NGX_EVENT_OPENSSL_H_INCLUDED_ */
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>