VladPolskiy/apache-http-server
1
0
Fork 0
mirror of https://github.com/apache/httpd.git synced 2025-08-10 02:56:11 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
f88e3ce367f922464421d05f41b246e25c7fb63a
apache-http-server/modules/ssl/ssl_util_ssl.h
Kaspar Brand 4a431da73b Merge r1650047 from trunk: 
Add support for extracting subjectAltName entries of type
rfc822Name and dNSName into SSL_{CLIENT,SERVER}_SAN_{Email,DNS}_n
variables.

* docs/manual/mod/mod_ssl.xml: add SSL_*_SAN_*_n entries to the
  environment variables table

* modules/ssl/ssl_engine_kernel.c: in ssl_hook_Fixup, add extraction
  of subjectAltName entries for the "StdEnvVars" case

* modules/ssl/ssl_engine_vars.c: add support for retrieving the
  SSL_{CLIENT,SERVER}_SAN_{Email,DNS}_n variables, either with
  individual on-demand lookup (ssl_var_lookup_ssl_cert_san),
  or with full-list extraction to the environment ("StdEnvVars")

* modules/ssl/ssl_private.h: add modssl_var_extract_san_entries prototype

* modules/ssl/ssl_util_ssl.c: implement SSL_X509_getSAN and
  SSL_ASN1_STRING_to_utf8 helper functions, with factoring out common
  code from SSL_X509_getIDs and SSL_X509_NAME_ENTRY_to_string where
  suitable. Limit SSL_X509_getSAN to the two most common subjectAltName
  entry types appearing in user or server certificates (i.e., rfc822Name
  and dNSName), for the time being.

* modules/ssl/ssl_util_ssl.h: add SSL_ASN1_STRING_to_utf8
  and SSL_X509_getSAN prototypes


Proposed by: kbrand
Reviewed by: ylavic, druggeri


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1676087 13f79535-47bb-0310-9956-ffa450edef68
2015-04-26 07:03:31 +00:00

80 lines
3.0 KiB
C
Raw Blame History

/* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
/**
* @verbatim
_ _
_ __ ___ ___ __| | ___ ___| | mod_ssl
| '_ ` _ \ / _ \ / _` | / __/ __| | Apache Interface to OpenSSL
| | | | | | (_) | (_| | \__ \__ \ |
|_| |_| |_|\___/ \__,_|___|___/___/_|
|_____|
@endverbatim
* @file ssl_util_ssl.h
* @brief Additional Utility Functions for OpenSSL
*
* @defgroup MOD_SSL_UTIL Utilities
* @ingroup MOD_SSL
* @{
*/
#ifndef __SSL_UTIL_SSL_H__
#define __SSL_UTIL_SSL_H__
/**
* SSL library version number
*/
#define SSL_LIBRARY_VERSION OPENSSL_VERSION_NUMBER
#define SSL_LIBRARY_NAME "OpenSSL"
#define SSL_LIBRARY_TEXT OPENSSL_VERSION_TEXT
#define SSL_LIBRARY_DYNTEXT SSLeay_version(SSLEAY_VERSION)
/**
* Maximum length of a DER encoded session.
* FIXME: There is no define in OpenSSL, but OpenSSL uses 1024*10,
* so this value should be ok. Although we have no warm feeling.
*/
#define SSL_SESSION_MAX_DER 1024*10
/** max length for SSL_SESSION_id2sz */
#define SSL_SESSION_ID_STRING_LEN \
((SSL_MAX_SSL_SESSION_ID_LENGTH + 1) * 2)
/**
* Additional Functions
*/
void SSL_init_app_data2_idx(void);
void *SSL_get_app_data2(SSL *);
void SSL_set_app_data2(SSL *, void *);
EVP_PKEY *SSL_read_PrivateKey(const char *, EVP_PKEY **, pem_password_cb *, void *);
int SSL_smart_shutdown(SSL *ssl);
BOOL SSL_X509_getBC(X509 *, int *, int *);
char *SSL_ASN1_STRING_to_utf8(apr_pool_t *, ASN1_STRING *);
char *SSL_X509_NAME_ENTRY_to_string(apr_pool_t *p, X509_NAME_ENTRY *xsne);
char *SSL_X509_NAME_to_string(apr_pool_t *, X509_NAME *, int);
BOOL SSL_X509_getSAN(apr_pool_t *, X509 *, int, int, apr_array_header_t **);
BOOL SSL_X509_getIDs(apr_pool_t *, X509 *, apr_array_header_t **);
BOOL SSL_X509_match_name(apr_pool_t *, X509 *, const char *, BOOL, server_rec *);
BOOL SSL_X509_INFO_load_file(apr_pool_t *, STACK_OF(X509_INFO) *, const char *);
BOOL SSL_X509_INFO_load_path(apr_pool_t *, STACK_OF(X509_INFO) *, const char *);
int SSL_CTX_use_certificate_chain(SSL_CTX *, char *, int, pem_password_cb *);
char *SSL_SESSION_id2sz(unsigned char *, int, char *, int);
#endif /* __SSL_UTIL_SSL_H__ */
/** @} */
Reference in New Issue View Git Blame Copy Permalink