2012-05-18 13:47:34 +00:00
|
|
|
/*
|
|
|
|
* include/proto/ssl_sock.h
|
|
|
|
* This file contains definition for ssl stream socket operations
|
|
|
|
*
|
|
|
|
* Copyright (C) 2012 EXCELIANCE, Emeric Brun <ebrun@exceliance.fr>
|
|
|
|
*
|
|
|
|
* This library is free software; you can redistribute it and/or
|
|
|
|
* modify it under the terms of the GNU Lesser General Public
|
|
|
|
* License as published by the Free Software Foundation, version 2.1
|
|
|
|
* exclusively.
|
|
|
|
*
|
|
|
|
* This library is distributed in the hope that it will be useful,
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
|
|
* Lesser General Public License for more details.
|
|
|
|
*
|
|
|
|
* You should have received a copy of the GNU Lesser General Public
|
|
|
|
* License along with this library; if not, write to the Free Software
|
|
|
|
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
|
|
|
|
*/
|
|
|
|
|
|
|
|
#ifndef _PROTO_SSL_SOCK_H
|
|
|
|
#define _PROTO_SSL_SOCK_H
|
2012-09-07 15:30:07 +00:00
|
|
|
#include <openssl/ssl.h>
|
2012-05-18 13:47:34 +00:00
|
|
|
|
2012-09-12 20:58:11 +00:00
|
|
|
#include <types/connection.h>
|
|
|
|
#include <types/listener.h>
|
|
|
|
#include <types/proxy.h>
|
2012-05-18 13:47:34 +00:00
|
|
|
#include <types/stream_interface.h>
|
|
|
|
|
REORG: connection: rename the data layer the "transport layer"
While working on the changes required to make the health checks use the
new connections, it started to become obvious that some naming was not
logical at all in the connections. Specifically, it is not logical to
call the "data layer" the layer which is in charge for all the handshake
and which does not yet provide a data layer once established until a
session has allocated all the required buffers.
In fact, it's more a transport layer, which makes much more sense. The
transport layer offers a medium on which data can transit, and it offers
the functions to move these data when the upper layer requests this. And
it is the upper layer which iterates over the transport layer's functions
to move data which should be called the data layer.
The use case where it's obvious is with embryonic sessions : an incoming
SSL connection is accepted. Only the connection is allocated, not the
buffers nor stream interface, etc... The connection handles the SSL
handshake by itself. Once this handshake is complete, we can't use the
data functions because the buffers and stream interface are not there
yet. Hence we have to first call a specific function to complete the
session initialization, after which we'll be able to use the data
functions. This clearly proves that SSL here is only a transport layer
and that the stream interface constitutes the data layer.
A similar change will be performed to rename app_cb => data, but the
two could not be in the same commit for obvious reasons.
2012-10-02 22:19:48 +00:00
|
|
|
extern struct xprt_ops ssl_sock;
|
2014-01-28 14:19:44 +00:00
|
|
|
extern int sslconns;
|
|
|
|
extern int totalsslconns;
|
|
|
|
|
2014-05-09 03:42:08 +00:00
|
|
|
/* boolean, returns true if connection is over SSL */
|
|
|
|
static inline
|
|
|
|
int ssl_sock_is_ssl(struct connection *conn)
|
|
|
|
{
|
|
|
|
if (!conn || conn->xprt != &ssl_sock || !conn->xprt_ctx)
|
|
|
|
return 0;
|
|
|
|
else
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
|
2012-05-18 13:47:34 +00:00
|
|
|
int ssl_sock_handshake(struct connection *conn, unsigned int flag);
|
2016-12-22 16:08:28 +00:00
|
|
|
int ssl_sock_prepare_ctx(struct bind_conf *bind_conf, SSL_CTX *ctx);
|
|
|
|
int ssl_sock_prepare_all_ctx(struct bind_conf *bind_conf);
|
|
|
|
int ssl_sock_prepare_srv_ctx(struct server *srv);
|
2015-07-29 11:02:40 +00:00
|
|
|
void ssl_sock_free_srv_ctx(struct server *srv);
|
2012-09-13 15:54:29 +00:00
|
|
|
void ssl_sock_free_all_ctx(struct bind_conf *bind_conf);
|
2016-12-22 16:08:28 +00:00
|
|
|
int ssl_sock_load_ca(struct bind_conf *bind_conf);
|
2015-06-09 15:29:50 +00:00
|
|
|
void ssl_sock_free_ca(struct bind_conf *bind_conf);
|
2012-10-12 18:17:54 +00:00
|
|
|
const char *ssl_sock_get_cipher_name(struct connection *conn);
|
|
|
|
const char *ssl_sock_get_proto_version(struct connection *conn);
|
2014-05-09 03:42:08 +00:00
|
|
|
char *ssl_sock_get_version(struct connection *conn);
|
2015-07-10 09:33:32 +00:00
|
|
|
void ssl_sock_set_servername(struct connection *conn, const char *hostname);
|
2014-07-30 14:39:13 +00:00
|
|
|
int ssl_sock_get_cert_used_sess(struct connection *conn);
|
|
|
|
int ssl_sock_get_cert_used_conn(struct connection *conn);
|
2014-06-24 16:26:41 +00:00
|
|
|
int ssl_sock_get_remote_common_name(struct connection *conn, struct chunk *out);
|
2014-05-09 03:42:08 +00:00
|
|
|
unsigned int ssl_sock_get_verify_result(struct connection *conn);
|
2014-12-09 15:32:51 +00:00
|
|
|
#if (defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP)
|
2014-06-16 16:36:30 +00:00
|
|
|
int ssl_sock_update_ocsp_response(struct chunk *ocsp_response, char **err);
|
|
|
|
#endif
|
2015-05-09 06:46:01 +00:00
|
|
|
#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
|
|
|
|
int ssl_sock_update_tlskey(char *filename, struct chunk *tlskey, char **err);
|
|
|
|
struct tls_keys_ref *tlskeys_ref_lookup(const char *filename);
|
|
|
|
struct tls_keys_ref *tlskeys_ref_lookupid(int unique_id);
|
|
|
|
void tlskeys_finalize_config(void);
|
|
|
|
#endif
|
2015-05-29 13:53:22 +00:00
|
|
|
#ifndef OPENSSL_NO_DH
|
|
|
|
int ssl_sock_load_global_dh_param_from_file(const char *filename);
|
|
|
|
#endif
|
2012-05-18 13:47:34 +00:00
|
|
|
|
2015-11-12 10:35:51 +00:00
|
|
|
SSL_CTX *ssl_sock_create_cert(struct connection *conn, const char *servername, unsigned int key);
|
|
|
|
SSL_CTX *ssl_sock_get_generated_cert(unsigned int key, struct bind_conf *bind_conf);
|
|
|
|
int ssl_sock_set_generated_cert(SSL_CTX *ctx, unsigned int key, struct bind_conf *bind_conf);
|
|
|
|
unsigned int ssl_sock_generated_cert_key(const void *data, size_t len);
|
2015-06-11 11:39:32 +00:00
|
|
|
|
2012-05-18 13:47:34 +00:00
|
|
|
#endif /* _PROTO_SSL_SOCK_H */
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Local variables:
|
|
|
|
* c-indent-level: 8
|
|
|
|
* c-basic-offset: 8
|
|
|
|
* End:
|
|
|
|
*/
|