mirror of
http://git.haproxy.org/git/haproxy.git/
synced 2024-12-28 15:42:30 +00:00
d75f57e94c
Parsing of an alpn string has been moved in a dedicated function and exposed to be used from outside the ssl_sock module.
115 lines
4.5 KiB
C
115 lines
4.5 KiB
C
/*
|
|
* include/proto/ssl_sock.h
|
|
* This file contains definition for ssl stream socket operations
|
|
*
|
|
* Copyright (C) 2012 EXCELIANCE, Emeric Brun <ebrun@exceliance.fr>
|
|
*
|
|
* This library is free software; you can redistribute it and/or
|
|
* modify it under the terms of the GNU Lesser General Public
|
|
* License as published by the Free Software Foundation, version 2.1
|
|
* exclusively.
|
|
*
|
|
* This library is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
* Lesser General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU Lesser General Public
|
|
* License along with this library; if not, write to the Free Software
|
|
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
|
|
*/
|
|
|
|
#ifndef _PROTO_SSL_SOCK_H
|
|
#define _PROTO_SSL_SOCK_H
|
|
#ifdef USE_OPENSSL
|
|
|
|
#include <common/openssl-compat.h>
|
|
|
|
#include <types/connection.h>
|
|
#include <types/listener.h>
|
|
#include <types/proxy.h>
|
|
#include <types/stream_interface.h>
|
|
|
|
#include <proto/connection.h>
|
|
|
|
extern int sslconns;
|
|
extern int totalsslconns;
|
|
|
|
/* boolean, returns true if connection is over SSL */
|
|
static inline
|
|
int ssl_sock_is_ssl(struct connection *conn)
|
|
{
|
|
if (!conn || conn->xprt != xprt_get(XPRT_SSL) || !conn->xprt_ctx)
|
|
return 0;
|
|
else
|
|
return 1;
|
|
}
|
|
|
|
int ssl_sock_prepare_ctx(struct bind_conf *bind_conf, struct ssl_bind_conf *, SSL_CTX *ctx, char **err);
|
|
int ssl_sock_prepare_all_ctx(struct bind_conf *bind_conf);
|
|
int ssl_sock_prepare_bind_conf(struct bind_conf *bind_conf);
|
|
int ssl_sock_prepare_srv_ctx(struct server *srv);
|
|
void ssl_sock_free_srv_ctx(struct server *srv);
|
|
void ssl_sock_free_all_ctx(struct bind_conf *bind_conf);
|
|
int ssl_sock_load_ca(struct bind_conf *bind_conf);
|
|
void ssl_sock_free_ca(struct bind_conf *bind_conf);
|
|
const char *ssl_sock_get_sni(struct connection *conn);
|
|
const char *ssl_sock_get_cert_sig(struct connection *conn);
|
|
const char *ssl_sock_get_cipher_name(struct connection *conn);
|
|
const char *ssl_sock_get_proto_version(struct connection *conn);
|
|
int ssl_sock_parse_alpn(char *arg, char **alpn_str, int *alpn_len, char **err);
|
|
void ssl_sock_set_alpn(struct connection *conn, const unsigned char *, int);
|
|
void ssl_sock_set_servername(struct connection *conn, const char *hostname);
|
|
|
|
int ssl_sock_get_cert_used_sess(struct connection *conn);
|
|
int ssl_sock_get_cert_used_conn(struct connection *conn);
|
|
int ssl_sock_get_remote_common_name(struct connection *conn,
|
|
struct buffer *out);
|
|
int ssl_sock_get_pkey_algo(struct connection *conn, struct buffer *out);
|
|
unsigned int ssl_sock_get_verify_result(struct connection *conn);
|
|
#if (defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP)
|
|
int ssl_sock_update_ocsp_response(struct buffer *ocsp_response, char **err);
|
|
#endif
|
|
#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
|
|
int ssl_sock_update_tlskey_ref(struct tls_keys_ref *ref,
|
|
struct buffer *tlskey);
|
|
int ssl_sock_update_tlskey(char *filename, struct buffer *tlskey, char **err);
|
|
struct tls_keys_ref *tlskeys_ref_lookup(const char *filename);
|
|
struct tls_keys_ref *tlskeys_ref_lookupid(int unique_id);
|
|
#endif
|
|
#ifndef OPENSSL_NO_DH
|
|
int ssl_sock_load_global_dh_param_from_file(const char *filename);
|
|
void ssl_free_dh(void);
|
|
#endif
|
|
void ssl_free_engines(void);
|
|
|
|
SSL_CTX *ssl_sock_create_cert(struct connection *conn, const char *servername, unsigned int key);
|
|
SSL_CTX *ssl_sock_assign_generated_cert(unsigned int key, struct bind_conf *bind_conf, SSL *ssl);
|
|
SSL_CTX *ssl_sock_get_generated_cert(unsigned int key, struct bind_conf *bind_conf);
|
|
int ssl_sock_set_generated_cert(SSL_CTX *ctx, unsigned int key, struct bind_conf *bind_conf);
|
|
unsigned int ssl_sock_generated_cert_key(const void *data, size_t len);
|
|
|
|
#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC) && !defined(LIBRESSL_VERSION_NUMBER)
|
|
void ssl_async_fd_handler(int fd);
|
|
void ssl_async_fd_free(int fd);
|
|
#endif
|
|
|
|
/* ssl shctx macro */
|
|
|
|
#define sh_ssl_sess_tree_delete(s) ebmb_delete(&(s)->key);
|
|
|
|
#define sh_ssl_sess_tree_insert(s) (struct sh_ssl_sess_hdr *)ebmb_insert(sh_ssl_sess_tree, \
|
|
&(s)->key, SSL_MAX_SSL_SESSION_ID_LENGTH);
|
|
|
|
#define sh_ssl_sess_tree_lookup(k) (struct sh_ssl_sess_hdr *)ebmb_lookup(sh_ssl_sess_tree, \
|
|
(k), SSL_MAX_SSL_SESSION_ID_LENGTH);
|
|
#endif /* USE_OPENSSL */
|
|
#endif /* _PROTO_SSL_SOCK_H */
|
|
|
|
/*
|
|
* Local variables:
|
|
* c-indent-level: 8
|
|
* c-basic-offset: 8
|
|
* End:
|
|
*/
|