1 /* 2 * Copyright (c) 2015-2016 Graham Edgecombe <gpe@grahamedgecombe.com> 3 * 4 * Permission to use, copy, modify, and/or distribute this software for any 5 * purpose with or without fee is hereby granted, provided that the above 6 * copyright notice and this permission notice appear in all copies. 7 * 8 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 9 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 10 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 11 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 12 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 13 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 14 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 15 */ 16 17 #ifndef _NGX_SSL_CT_H_INCLUDED_ 18 #define _NGX_SSL_CT_H_INCLUDED_ 19 20 #include <ngx_config.h> 21 #include <ngx_core.h> 22 23 #define NGX_SSL_CT_EXT 18 /* from RFC 6962 */ 24 #define NGX_SSL_CT_EXT_MAX_LEN 0xFFFF 25 #define ngx_strrchr(s1, c) strrchr((const char *) s1, (int) c) 26 27 typedef struct 28 { 29 ngx_flag_t enable; 30 ngx_array_t *sct_dirs; 31 } ngx_ssl_ct_srv_conf_t; 32 33 typedef struct 34 { 35 u_char buf[NGX_SSL_CT_EXT_MAX_LEN]; 36 size_t len; 37 } ngx_ssl_ct_ext; 38 39 ngx_int_t ngx_ssl_ct_init(ngx_log_t *log); 40 #ifndef OPENSSL_IS_BORINGSSL 41 int ngx_ssl_ct_ext_cb(SSL *s, unsigned int ext_type, const unsigned char **out, 42 size_t *outlen, int *al, void *add_arg); 43 #endif 44 ngx_ssl_ct_ext *ngx_ssl_ct_read_static_scts(ngx_conf_t *cf, ngx_str_t *path); 45 void *ngx_ssl_ct_create_srv_conf(ngx_conf_t *cf); 46 char *ngx_ssl_ct_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child, 47 SSL_CTX *ssl_ctx, ngx_array_t *certificates); 48 49 #endif 50