1 
2 #include "ac-hdrs.h"
3 
4 #ifdef HAVE_OPENSSL_SSL_H
5 #define USE_SSL
6 #endif
7 
8 #ifndef SSL_H
9 #define SSL_H
10 
11 #ifdef USE_SSL
12 
13 #include <openssl/ssl.h>
14 #include <openssl/err.h>
15 #include <openssl/conf.h>
16 #include <openssl/engine.h>
17 #include <openssl/evp.h>
18 
19 /* ssl error codes, must match ssl_err_labels order */
20 #define SSL_VALIDATE_INTERNAL_ERROR -1
21 #define SSL_VALIDATE_CLIENT_CERT_UNVERIFIED -2
22 #define SSL_VALIDATE_NO_CLIENT_CERT -3
23 #define SSL_VALIDATE_CERT_NO_SUBJECT -4
24 #define SSL_VALIDATE_CERT_NO_CALLSIGN -5
25 #define SSL_VALIDATE_CERT_CALLSIGN_MISMATCH -6
26 
27 struct client_t;
28 struct worker_t;
29 
30 struct ssl_t {
31 	SSL_CTX *ctx;
32 
33 	unsigned	validate;
34 };
35 
36 struct ssl_connection_t {
37 	SSL             *connection;
38 
39 	unsigned	handshaked:1;
40 
41 	unsigned	renegotiation:1;
42 	unsigned	buffer:1;
43 	unsigned	no_wait_shutdown:1;
44 	unsigned	no_send_shutdown:1;
45 
46 	unsigned	validate;
47 	int		ssl_err_code;
48 };
49 
50 #define NGX_SSL_SSLv2    0x0002
51 #define NGX_SSL_SSLv3    0x0004
52 #define NGX_SSL_TLSv1    0x0008
53 #define NGX_SSL_TLSv1_1  0x0010
54 #define NGX_SSL_TLSv1_2  0x0020
55 
56 
57 #define NGX_SSL_BUFFER   1
58 #define NGX_SSL_CLIENT   2
59 
60 #define NGX_SSL_BUFSIZE  16384
61 
62 /* string representations for error codes */
63 extern const char *ssl_strerror(int code);
64 
65 /* initialize and deinit the library */
66 extern int ssl_init(void);
67 extern void ssl_atend(void);
68 
69 /* per-listener structure allocators */
70 extern struct ssl_t *ssl_alloc(void);
71 extern void ssl_free(struct ssl_t *ssl);
72 
73 /* create context for listener, load certs */
74 extern int ssl_create(struct ssl_t *ssl, void *data);
75 extern int ssl_certificate(struct ssl_t *ssl, const char *certfile, const char *keyfile);
76 extern int ssl_ca_certificate(struct ssl_t *ssl, const char *cafile, int depth);
77 
78 /* create / free connection */
79 extern int ssl_create_connection(struct ssl_t *ssl, struct client_t *c, int i_am_client);
80 extern void ssl_free_connection(struct client_t *c);
81 
82 /* validate a client certificate */
83 extern int ssl_validate_peer_cert_phase1(struct client_t *c);
84 extern int ssl_validate_peer_cert_phase2(struct client_t *c);
85 
86 extern int ssl_write(struct worker_t *self, struct client_t *c);
87 extern int ssl_writable(struct worker_t *self, struct client_t *c);
88 extern int ssl_readable(struct worker_t *self, struct client_t *c);
89 
90 
91 #else
92 
93 struct ssl_t {
94 };
95 
96 
97 #define ssl_init(...) { }
98 #define ssl_atend(...) { }
99 
100 #endif /* USE_SSL */
101 #endif /* SSL_H */
102 
103