github.com/krum110487/go-htaccess@v0.0.0-20240316004156-60641c8e7598/tests/data/apache_2_4_58/include/mod_ssl_openssl.h

github.com/krum110487/go-htaccess@v0.0.0-20240316004156-60641c8e7598/tests/data/apache_2_4_58/include/mod_ssl_openssl.h (about)

     1  /* Licensed to the Apache Software Foundation (ASF) under one or more
     2   * contributor license agreements.  See the NOTICE file distributed with
     3   * this work for additional information regarding copyright ownership.
     4   * The ASF licenses this file to You under the Apache License, Version 2.0
     5   * (the "License"); you may not use this file except in compliance with
     6   * the License.  You may obtain a copy of the License at
     7   *
     8   *     http://www.apache.org/licenses/LICENSE-2.0
     9   *
    10   * Unless required by applicable law or agreed to in writing, software
    11   * distributed under the License is distributed on an "AS IS" BASIS,
    12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    13   * See the License for the specific language governing permissions and
    14   * limitations under the License.
    15   */
    16  
    17  /**
    18   * @file mod_ssl_openssl.h
    19   * @brief Interface to OpenSSL-specific APIs provided by mod_ssl
    20   *
    21   * @defgroup MOD_SSL mod_ssl_openssl
    22   * @ingroup  APACHE_MODS
    23   * @{
    24   */
    25  
    26  #ifndef __MOD_SSL_OPENSSL_H__
    27  #define __MOD_SSL_OPENSSL_H__
    28  
    29  #include "mod_ssl.h"
    30  
    31  /* OpenSSL headers */
    32  
    33  #ifndef SSL_PRIVATE_H
    34  #include <openssl/opensslv.h>
    35  #if (OPENSSL_VERSION_NUMBER >= 0x10001000)
    36  /* must be defined before including ssl.h */
    37  #define OPENSSL_NO_SSL_INTERN
    38  #endif
    39  #include <openssl/ssl.h>
    40  #endif
    41  
    42  /**
    43   * init_server hook -- allow SSL_CTX-specific initialization to be performed by
    44   * a module for each SSL-enabled server (one at a time)
    45   * @param s SSL-enabled [virtual] server
    46   * @param p pconf pool
    47   * @param is_proxy 1 if this server supports backend connections
    48   * over SSL/TLS, 0 if it supports client connections over SSL/TLS
    49   * @param ctx OpenSSL SSL Context for the server
    50   */
    51  APR_DECLARE_EXTERNAL_HOOK(ssl, SSL, int, init_server,
    52                            (server_rec *s, apr_pool_t *p, int is_proxy, SSL_CTX *ctx))
    53  
    54  /**
    55   * pre_handshake hook
    56   * @param c conn_rec for new connection from client or to backend server
    57   * @param ssl OpenSSL SSL Connection for the client or backend server
    58   * @param is_proxy 1 if this handshake is for a backend connection, 0 otherwise
    59   */
    60  APR_DECLARE_EXTERNAL_HOOK(ssl, SSL, int, pre_handshake,
    61                            (conn_rec *c, SSL *ssl, int is_proxy))
    62  
    63  /**
    64   * proxy_post_handshake hook -- allow module to abort after successful
    65   * handshake with backend server and subsequent peer checks
    66   * @param c conn_rec for connection to backend server
    67   * @param ssl OpenSSL SSL Connection for the client or backend server
    68   */
    69  APR_DECLARE_EXTERNAL_HOOK(ssl, SSL, int, proxy_post_handshake,
    70                            (conn_rec *c, SSL *ssl))
    71  
    72  /** On TLS connections that do not relate to a configured virtual host,
    73   * allow other modules to provide a X509 certificate and EVP_PKEY to
    74   * be used on the connection. This first hook which does not
    75   * return DECLINED will determine the outcome. */
    76  APR_DECLARE_EXTERNAL_HOOK(ssl, SSL, int, answer_challenge,
    77                            (conn_rec *c, const char *server_name, 
    78                            X509 **pcert, EVP_PKEY **pkey))
    79  
    80  /** During post_config phase, ask around if someone wants to provide
    81   * OCSP stapling status information for the given cert (with the also
    82   * provided issuer certificate). The first hook which does not
    83   * return DECLINED promises to take responsibility (and respond
    84   * in later calls via hook ssl_get_stapling_status).
    85   * If no hook takes over, mod_ssl's own stapling implementation will
    86   * be applied (if configured).
    87   */
    88  APR_DECLARE_EXTERNAL_HOOK(ssl, SSL, int, init_stapling_status,
    89                            (server_rec *s, apr_pool_t *p, 
    90                            X509 *cert, X509 *issuer))
    91  
    92  /** Anyone answering positive to ssl_init_stapling_status for a 
    93   * certificate, needs to register here and supply the actual OCSP stapling
    94   * status data (OCSP_RESP) for a new connection.
    95   * A hook supplying the response data must return APR_SUCCESS.
    96   * The data is returned in DER encoded bytes via pder and pderlen. The
    97   * returned pointer may be NULL, which indicates that data is (currently)
    98   * unavailable.
    99   * If DER data is returned, it MUST come from a response with
   100   * status OCSP_RESPONSE_STATUS_SUCCESSFUL and V_OCSP_CERTSTATUS_GOOD
   101   * or V_OCSP_CERTSTATUS_REVOKED, not V_OCSP_CERTSTATUS_UNKNOWN. This means
   102   * errors in OCSP retrieval are to be handled/logged by the hook and
   103   * are not done by mod_ssl.
   104   * Any DER bytes returned MUST be allocated via malloc() and ownership
   105   * passes to mod_ssl. Meaning, the hook must return a malloced copy of
   106   * the data it has. mod_ssl (or OpenSSL) will free it. 
   107   */
   108  APR_DECLARE_EXTERNAL_HOOK(ssl, SSL, int, get_stapling_status,
   109                            (unsigned char **pder, int *pderlen, 
   110                            conn_rec *c, server_rec *s, X509 *cert))
   111                            
   112  #endif /* __MOD_SSL_OPENSSL_H__ */
   113  /** @} */