1 2 #include "ac-hdrs.h" 3 4 #ifdef HAVE_OPENSSL_SSL_H 5 #define USE_SSL 6 #endif 7 8 #ifndef SSL_H 9 #define SSL_H 10 11 #ifdef USE_SSL 12 13 #include <openssl/ssl.h> 14 #include <openssl/err.h> 15 #include <openssl/conf.h> 16 #include <openssl/engine.h> 17 #include <openssl/evp.h> 18 19 /* ssl error codes, must match ssl_err_labels order */ 20 #define SSL_VALIDATE_INTERNAL_ERROR -1 21 #define SSL_VALIDATE_CLIENT_CERT_UNVERIFIED -2 22 #define SSL_VALIDATE_NO_CLIENT_CERT -3 23 #define SSL_VALIDATE_CERT_NO_SUBJECT -4 24 #define SSL_VALIDATE_CERT_NO_CALLSIGN -5 25 #define SSL_VALIDATE_CERT_CALLSIGN_MISMATCH -6 26 27 struct client_t; 28 struct worker_t; 29 30 struct ssl_t { 31 SSL_CTX *ctx; 32 33 unsigned validate; 34 }; 35 36 struct ssl_connection_t { 37 SSL *connection; 38 39 unsigned handshaked:1; 40 41 unsigned renegotiation:1; 42 unsigned buffer:1; 43 unsigned no_wait_shutdown:1; 44 unsigned no_send_shutdown:1; 45 46 unsigned validate; 47 int ssl_err_code; 48 }; 49 50 #define NGX_SSL_SSLv2 0x0002 51 #define NGX_SSL_SSLv3 0x0004 52 #define NGX_SSL_TLSv1 0x0008 53 #define NGX_SSL_TLSv1_1 0x0010 54 #define NGX_SSL_TLSv1_2 0x0020 55 56 57 #define NGX_SSL_BUFFER 1 58 #define NGX_SSL_CLIENT 2 59 60 #define NGX_SSL_BUFSIZE 16384 61 62 /* string representations for error codes */ 63 extern const char *ssl_strerror(int code); 64 65 /* initialize and deinit the library */ 66 extern int ssl_init(void); 67 extern void ssl_atend(void); 68 69 /* per-listener structure allocators */ 70 extern struct ssl_t *ssl_alloc(void); 71 extern void ssl_free(struct ssl_t *ssl); 72 73 /* create context for listener, load certs */ 74 extern int ssl_create(struct ssl_t *ssl, void *data); 75 extern int ssl_certificate(struct ssl_t *ssl, const char *certfile, const char *keyfile); 76 extern int ssl_ca_certificate(struct ssl_t *ssl, const char *cafile, int depth); 77 78 /* create / free connection */ 79 extern int ssl_create_connection(struct ssl_t *ssl, struct client_t *c, int i_am_client); 80 extern void ssl_free_connection(struct client_t *c); 81 82 /* validate a client certificate */ 83 extern int ssl_validate_peer_cert_phase1(struct client_t *c); 84 extern int ssl_validate_peer_cert_phase2(struct client_t *c); 85 86 extern int ssl_write(struct worker_t *self, struct client_t *c); 87 extern int ssl_writable(struct worker_t *self, struct client_t *c); 88 extern int ssl_readable(struct worker_t *self, struct client_t *c); 89 90 91 #else 92 93 struct ssl_t { 94 }; 95 96 97 #define ssl_init(...) { } 98 #define ssl_atend(...) { } 99 100 #endif /* USE_SSL */ 101 #endif /* SSL_H */ 102 103