1 /* 2 * include/types/ssl_sock.h 3 * SSL settings for listeners and servers 4 * 5 * Copyright (C) 2012 EXCELIANCE, Emeric Brun <ebrun@exceliance.fr> 6 * 7 * This library is free software; you can redistribute it and/or 8 * modify it under the terms of the GNU Lesser General Public 9 * License as published by the Free Software Foundation, version 2.1 10 * exclusively. 11 * 12 * This library is distributed in the hope that it will be useful, 13 * but WITHOUT ANY WARRANTY; without even the implied warranty of 14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 15 * Lesser General Public License for more details. 16 * 17 * You should have received a copy of the GNU Lesser General Public 18 * License along with this library; if not, write to the Free Software 19 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA 20 */ 21 22 #ifndef _TYPES_SSL_SOCK_H 23 #define _TYPES_SSL_SOCK_H 24 #ifdef USE_OPENSSL 25 26 #include <ebmbtree.h> 27 28 #include <common/hathreads.h> 29 #include <common/openssl-compat.h> 30 31 struct pkey_info { 32 uint8_t sig; /* TLSEXT_signature_[rsa,ecdsa,...] */ 33 uint16_t bits; /* key size in bits */ 34 }; 35 36 struct sni_ctx { 37 SSL_CTX *ctx; /* context associated to the certificate */ 38 int order; /* load order for the certificate */ 39 uint8_t neg; /* reject if match */ 40 struct pkey_info kinfo; /* pkey info */ 41 struct ssl_bind_conf *conf; /* ssl "bind" conf for the certificate */ 42 struct ebmb_node name; /* node holding the servername value */ 43 }; 44 45 struct tls_version_filter { 46 uint16_t flags; /* ssl options */ 47 uint8_t min; /* min TLS version */ 48 uint8_t max; /* max TLS version */ 49 }; 50 51 extern struct list tlskeys_reference; 52 53 struct tls_sess_key_128 { 54 unsigned char name[16]; 55 unsigned char aes_key[16]; 56 unsigned char hmac_key[16]; 57 } __attribute__((packed)); 58 59 struct tls_sess_key_256 { 60 unsigned char name[16]; 61 unsigned char aes_key[32]; 62 unsigned char hmac_key[32]; 63 } __attribute__((packed)); 64 65 union tls_sess_key{ 66 unsigned char name[16]; 67 struct tls_sess_key_128 key_128; 68 struct tls_sess_key_256 key_256; 69 } __attribute__((packed)); 70 71 struct tls_keys_ref { 72 struct list list; /* Used to chain refs. */ 73 char *filename; 74 int unique_id; /* Each pattern reference have unique id. */ 75 int refcount; /* number of users of this tls_keys_ref. */ 76 union tls_sess_key *tlskeys; 77 int tls_ticket_enc_index; 78 int key_size_bits; 79 __decl_hathreads(HA_RWLOCK_T lock); /* lock used to protect the ref */ 80 }; 81 82 /* shared ssl session */ 83 struct sh_ssl_sess_hdr { 84 struct ebmb_node key; 85 unsigned char key_data[SSL_MAX_SSL_SESSION_ID_LENGTH]; 86 }; 87 88 #endif /* USE_OPENSSL */ 89 #endif /* _TYPES_SSL_SOCK_H */ 90