Tomcat example source code file (ssl_private.h)
The Tomcat ssl_private.h source code/* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
/*
*
* @author Mladen Turk
* @version $Revision: 466585 $, $Date: 2006-10-22 00:16:34 +0200 (dim., 22 oct. 2006) $
*/
#ifndef SSL_PRIVATE_H
#define SSL_PRIVATE_H
/* Exclude unused OpenSSL features
* even if the OpenSSL supports them
*/
#ifndef OPENSSL_NO_IDEA
#define OPENSSL_NO_IDEA
#endif
#ifndef OPENSSL_NO_KRB5
#define OPENSSL_NO_KRB5
#endif
#ifndef OPENSSL_NO_MDC2
#define OPENSSL_NO_MDC2
#endif
#ifndef OPENSSL_NO_RC5
#define OPENSSL_NO_RC5
#endif
/* OpenSSL headers */
#include <openssl/ssl.h>
#include <openssl/err.h>
#include <openssl/x509.h>
#include <openssl/pem.h>
#include <openssl/crypto.h>
#include <openssl/evp.h>
#include <openssl/rand.h>
#include <openssl/x509v3.h>
#include <openssl/md5.h>
/* Avoid tripping over an engine build installed globally and detected
* when the user points at an explicit non-engine flavor of OpenSSL
*/
#ifndef OPENSSL_NO_ENGINE
#include <openssl/engine.h>
#endif
#ifndef RAND_MAX
#include <limits.h>
#define RAND_MAX INT_MAX
#endif
#define SSL_ALGO_UNKNOWN (0)
#define SSL_ALGO_RSA (1<<0)
#define SSL_ALGO_DSA (1<<1)
#define SSL_ALGO_ALL (SSL_ALGO_RSA|SSL_ALGO_DSA)
#define SSL_AIDX_RSA (0)
#define SSL_AIDX_DSA (1)
#define SSL_AIDX_MAX (2)
/*
* Define IDs for the temporary RSA keys and DH params
*/
#define SSL_TMP_KEY_RSA_512 (0)
#define SSL_TMP_KEY_RSA_1024 (1)
#define SSL_TMP_KEY_RSA_2048 (2)
#define SSL_TMP_KEY_RSA_4096 (3)
#define SSL_TMP_KEY_DH_512 (4)
#define SSL_TMP_KEY_DH_1024 (5)
#define SSL_TMP_KEY_DH_2048 (6)
#define SSL_TMP_KEY_DH_4096 (7)
#define SSL_TMP_KEY_MAX (8)
#define SSL_CRT_FORMAT_UNDEF (0)
#define SSL_CRT_FORMAT_ASN1 (1)
#define SSL_CRT_FORMAT_TEXT (2)
#define SSL_CRT_FORMAT_PEM (3)
#define SSL_CRT_FORMAT_NETSCAPE (4)
#define SSL_CRT_FORMAT_PKCS12 (5)
#define SSL_CRT_FORMAT_SMIME (6)
#define SSL_CRT_FORMAT_ENGINE (7)
/* XXX this stupid macro helps us to avoid
* adding yet another param to load_*key()
*/
#define SSL_KEY_FORMAT_IISSGC (8)
/*
* Define the SSL options
*/
#define SSL_OPT_NONE (0)
#define SSL_OPT_RELSET (1<<0)
#define SSL_OPT_STDENVVARS (1<<1)
#define SSL_OPT_EXPORTCERTDATA (1<<3)
#define SSL_OPT_FAKEBASICAUTH (1<<4)
#define SSL_OPT_STRICTREQUIRE (1<<5)
#define SSL_OPT_OPTRENEGOTIATE (1<<6)
#define SSL_OPT_ALL (SSL_OPT_STDENVVARS|SSL_OPT_EXPORTCERTDATA|SSL_OPT_FAKEBASICAUTH|SSL_OPT_STRICTREQUIRE|SSL_OPT_OPTRENEGOTIATE)
/*
* Define the SSL Protocol options
*/
#define SSL_PROTOCOL_NONE (0)
#define SSL_PROTOCOL_SSLV2 (1<<0)
#define SSL_PROTOCOL_SSLV3 (1<<1)
#define SSL_PROTOCOL_TLSV1 (1<<2)
#define SSL_PROTOCOL_ALL (SSL_PROTOCOL_SSLV2|SSL_PROTOCOL_SSLV3|SSL_PROTOCOL_TLSV1)
#define SSL_MODE_CLIENT (0)
#define SSL_MODE_SERVER (1)
#define SSL_MODE_COMBINED (2)
#define SSL_BIO_FLAG_RDONLY (1<<0)
#define SSL_BIO_FLAG_CALLBACK (1<<1)
#define SSL_DEFAULT_CACHE_SIZE (256)
#define SSL_DEFAULT_VHOST_NAME ("_default_:443")
#define SSL_MAX_STR_LEN (2048)
#define SSL_MAX_PASSWORD_LEN (256)
#define SSL_CVERIFY_UNSET (-1)
#define SSL_CVERIFY_NONE (0)
#define SSL_CVERIFY_OPTIONAL (1)
#define SSL_CVERIFY_REQUIRE (2)
#define SSL_CVERIFY_OPTIONAL_NO_CA (3)
#define SSL_VERIFY_PEER_STRICT (SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT)
#define SSL_SHUTDOWN_TYPE_UNSET (0)
#define SSL_SHUTDOWN_TYPE_STANDARD (1)
#define SSL_SHUTDOWN_TYPE_UNCLEAN (2)
#define SSL_SHUTDOWN_TYPE_ACCURATE (3)
#define SSL_TO_APR_ERROR(X) (APR_OS_START_USERERR + 1000 + X)
#define SSL_INFO_SESSION_ID (0x0001)
#define SSL_INFO_CIPHER (0x0002)
#define SSL_INFO_CIPHER_USEKEYSIZE (0x0003)
#define SSL_INFO_CIPHER_ALGKEYSIZE (0x0004)
#define SSL_INFO_CIPHER_VERSION (0x0005)
#define SSL_INFO_CIPHER_DESCRIPTION (0x0006)
#define SSL_INFO_PROTOCOL (0x0007)
#define SSL_INFO_CLIENT_S_DN (0x0010)
#define SSL_INFO_CLIENT_I_DN (0x0020)
#define SSL_INFO_SERVER_S_DN (0x0040)
#define SSL_INFO_SERVER_I_DN (0x0080)
#define SSL_INFO_DN_COUNTRYNAME (0x0001)
#define SSL_INFO_DN_STATEORPROVINCENAME (0x0002)
#define SSL_INFO_DN_LOCALITYNAME (0x0003)
#define SSL_INFO_DN_ORGANIZATIONNAME (0x0004)
#define SSL_INFO_DN_ORGANIZATIONALUNITNAME (0x0005)
#define SSL_INFO_DN_COMMONNAME (0x0006)
#define SSL_INFO_DN_TITLE (0x0007)
#define SSL_INFO_DN_INITIALS (0x0008)
#define SSL_INFO_DN_GIVENNAME (0x0009)
#define SSL_INFO_DN_SURNAME (0x000A)
#define SSL_INFO_DN_DESCRIPTION (0x000B)
#define SSL_INFO_DN_UNIQUEIDENTIFIER (0x000C)
#define SSL_INFO_DN_EMAILADDRESS (0x000D)
#define SSL_INFO_CLIENT_MASK (0x0100)
#define SSL_INFO_CLIENT_M_VERSION (0x0101)
#define SSL_INFO_CLIENT_M_SERIAL (0x0102)
#define SSL_INFO_CLIENT_V_START (0x0103)
#define SSL_INFO_CLIENT_V_END (0x0104)
#define SSL_INFO_CLIENT_A_SIG (0x0105)
#define SSL_INFO_CLIENT_A_KEY (0x0106)
#define SSL_INFO_CLIENT_CERT (0x0107)
#define SSL_INFO_CLIENT_V_REMAIN (0x0108)
#define SSL_INFO_SERVER_MASK (0x0200)
#define SSL_INFO_SERVER_M_VERSION (0x0201)
#define SSL_INFO_SERVER_M_SERIAL (0x0202)
#define SSL_INFO_SERVER_V_START (0x0203)
#define SSL_INFO_SERVER_V_END (0x0204)
#define SSL_INFO_SERVER_A_SIG (0x0205)
#define SSL_INFO_SERVER_A_KEY (0x0206)
#define SSL_INFO_SERVER_CERT (0x0207)
#define SSL_INFO_CLIENT_CERT_CHAIN (0x0400)
#define SSL_VERIFY_ERROR_IS_OPTIONAL(errnum) \
((errnum == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT) \
|| (errnum == X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN) \
|| (errnum == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY) \
|| (errnum == X509_V_ERR_CERT_UNTRUSTED) \
|| (errnum == X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE))
#define SSL_DEFAULT_PASS_PROMPT "Some of your private key files are encrypted for security reasons.\n" \
"In order to read them you have to provide the pass phrases.\n" \
"Enter password :"
extern void *SSL_temp_keys[SSL_TMP_KEY_MAX];
typedef struct {
/* client can have any number of cert/key pairs */
const char *cert_file;
const char *cert_path;
STACK_OF(X509_INFO) *certs;
} ssl_pkc_t;
typedef struct tcn_ssl_ctxt_t tcn_ssl_ctxt_t;
typedef struct {
char password[SSL_MAX_PASSWORD_LEN];
const char *prompt;
tcn_callback_t cb;
} tcn_pass_cb_t;
extern tcn_pass_cb_t tcn_password_callback;
struct tcn_ssl_ctxt_t {
apr_pool_t *pool;
SSL_CTX *ctx;
BIO *bio_os;
BIO *bio_is;
unsigned char context_id[MD5_DIGEST_LENGTH];
int protocol;
/* we are one or the other */
int mode;
/* certificate revocation list */
X509_STORE *crl;
/* pointer to the context verify store */
X509_STORE *store;
const char *cert_files[SSL_AIDX_MAX];
const char *key_files[SSL_AIDX_MAX];
X509 *certs[SSL_AIDX_MAX];
EVP_PKEY *keys[SSL_AIDX_MAX];
int ca_certs;
int shutdown_type;
char *rand_file;
const char *cipher_suite;
/* for client or downstream server authentication */
int verify_depth;
int verify_mode;
tcn_pass_cb_t *cb_data;
};
typedef struct {
apr_pool_t *pool;
tcn_ssl_ctxt_t *ctx;
SSL *ssl;
X509 *peer;
int shutdown_type;
apr_socket_t *sock;
apr_pollset_t *pollset;
} tcn_ssl_conn_t;
#define SSL_CTX_get_extra_certs(ctx) ((ctx)->extra_certs)
#define SSL_CTX_set_extra_certs(ctx, value) \
TCN_BEGIN_MACRO \
(ctx)->extra_certs = (value); \
TCN_END_MACRO
/*
* Additional Functions
*/
void SSL_init_app_data2_idx(void);
void *SSL_get_app_data2(SSL *);
void SSL_set_app_data2(SSL *, void *);
int SSL_password_prompt(tcn_pass_cb_t *);
int SSL_password_callback(char *, int, int, void *);
void SSL_BIO_close(BIO *);
void SSL_BIO_doref(BIO *);
DH *SSL_dh_get_tmp_param(int);
DH *SSL_dh_get_param_from_file(const char *);
RSA *SSL_callback_tmp_RSA(SSL *, int, int);
DH *SSL_callback_tmp_DH(SSL *, int, int);
void SSL_vhost_algo_id(const unsigned char *, unsigned char *, int);
int SSL_CTX_use_certificate_chain(SSL_CTX *, const char *, int);
int SSL_callback_SSL_verify(int, X509_STORE_CTX *);
int SSL_rand_seed(const char *file);
#endif /* SSL_PRIVATE_H */
Other Tomcat examples (source code examples)Here is a short list of links related to this Tomcat ssl_private.h source code file: |
The search page
Other Tomcat source code examples at this package level
Click here to learn more about this project
