Lines Matching refs:ssl
51 SSL *ssl;
76 ssl = sslconn->ssl;
79 SSL_set_accept_state(ssl);
80 SSL_do_handshake(ssl);
82 if (SSL_get_state(ssl) != SSL_ST_OK) {
127 SSL *ssl;
163 ssl = sslconn->ssl;
164 if (!ssl) {
175 if ((servername = SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name))) {
232 SSL_set_app_data2(ssl, r);
248 /* SetEnvIf ssl-*-shutdown flags can only be per-server,
288 return; /* should only ever be one ssl-*-shutdown */
303 SSL *ssl = sslconn ? sslconn->ssl : NULL;
318 if (ssl) {
326 if (SSL_get_state(ssl) != SSL_ST_OK) {
329 ctx = SSL_get_SSL_CTX(ssl);
335 if (dc->bSSLRequired && !ssl) {
351 apr_table_setn(r->notes, "ssl-access-forbidden", "1");
361 if (sc->enabled == SSL_ENABLED_FALSE || !ssl) {
373 if (SSL_get_srp_username(ssl)) {
424 cipher = SSL_get_current_cipher(ssl);
427 cipher_list_old = (STACK_OF(SSL_CIPHER) *)SSL_get_ciphers(ssl);
436 !SSL_set_cipher_list(ssl, dc->szCipherSuite ?
452 cipher_list = (STACK_OF(SSL_CIPHER) *)SSL_get_ciphers(ssl);
507 SSL_set_options(ssl, SSL_OP_CIPHER_SERVER_PREFERENCE);
558 verify_old = SSL_get_verify_mode(ssl);
575 SSL_set_verify(ssl, verify, ssl_callback_SSLVerify);
576 SSL_set_verify_result(ssl, X509_V_OK);
594 ((peercert = SSL_get_peer_certificate(ssl)) != NULL))
635 SSL_set_verify(ssl, verify_old, NULL);
713 cert_stack = (STACK_OF(X509) *)SSL_get_peer_cert_chain(ssl);
715 cert = SSL_get_peer_certificate(ssl);
748 depth = SSL_get_verify_depth(ssl);
756 (char *)ssl);
764 SSL_set_verify_result(ssl, cert_store_ctx.error);
767 if (cert_stack != SSL_get_peer_cert_chain(ssl)) {
794 reneg_support = SSL_get_secure_renegotiation_support(ssl) ?
805 SSL_set_session_id_context(ssl,
813 SSL_renegotiate(ssl);
814 SSL_do_handshake(ssl);
816 if (SSL_get_state(ssl) != SSL_ST_OK) {
828 /* XXX: Should replace setting state with SSL_renegotiate(ssl);
833 SSL_set_state(ssl, SSL_ST_ACCEPT);
835 ssl->state = SSL_ST_ACCEPT;
837 SSL_do_handshake(ssl);
841 if (SSL_get_state(ssl) != SSL_ST_OK) {
854 if ((cert = SSL_get_peer_certificate(ssl))) {
870 if (do_verify && (SSL_get_verify_result(ssl) != X509_V_OK)) {
879 if ((peercert = SSL_get_peer_certificate(ssl)) == NULL) {
895 cipher = SSL_get_current_cipher(ssl);
942 apr_table_setn(r->notes, "ssl-access-forbidden", "1");
962 apr_table_setn(r->notes, "ssl-access-forbidden", "1");
1000 (apr_table_get(r->notes, "ssl-access-forbidden")))
1041 * - ssl not enabled
1045 && sslconn && sslconn->ssl && sslconn->client_cert) ||
1107 (apr_table_get(r->notes, "ssl-access-forbidden")))
1168 SSL *ssl;
1174 if (sc->enabled == SSL_ENABLED_OPTIONAL && !(sslconn && sslconn->ssl)
1183 if (!(((sc->enabled == SSL_ENABLED_TRUE) || (sc->enabled == SSL_ENABLED_OPTIONAL)) && sslconn && (ssl = sslconn->ssl))) {
1195 if ((servername = SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name))) {
1202 modssl_var_extract_dns(env, sslconn->ssl, r->pool);
1203 modssl_var_extract_san_entries(env, sslconn->ssl, r->pool);
1228 if ((peer_certs = (STACK_OF(X509) *)SSL_get_peer_cert_chain(ssl))) {
1242 apr_table_setn(r->notes, "ssl-secure-reneg",
1243 SSL_get_secure_renegotiation_support(ssl) ? "1" : "0");
1260 SSL *ssl = sslconn ? sslconn->ssl : NULL;
1262 if (ssl)
1273 return "'Require ssl' does not take arguments";
1289 SSL *ssl = sslconn ? sslconn->ssl : NULL;
1291 if (!ssl)
1296 SSL_get_verify_result(ssl) == X509_V_OK)
1298 X509 *xs = SSL_get_peer_certificate(ssl);
1317 return "'Require ssl-verify-client' does not take arguments";
1339 DH *ssl_callback_TmpDH(SSL *ssl, int export, int keylen)
1341 conn_rec *c = (conn_rec *)SSL_get_app_data(ssl);
1351 SSL_set_current_cert(ssl, SSL_CERT_SET_SERVER);
1353 pkey = SSL_get_privatekey(ssl);
1385 SSL *ssl = X509_STORE_CTX_get_ex_data(ctx,
1387 conn_rec *conn = (conn_rec *)SSL_get_app_data(ssl);
1388 request_rec *r = (request_rec *)SSL_get_app_data2(ssl);
1559 int ssl_callback_proxy_cert(SSL *ssl, X509 **x509, EVP_PKEY **pkey)
1561 conn_rec *c = (conn_rec *)SSL_get_app_data(ssl);
1585 ca_list = SSL_get_client_CA_list(ssl);
1683 int ssl_callback_NewSessionCacheEntry(SSL *ssl, SSL_SESSION *session)
1686 conn_rec *conn = (conn_rec *)SSL_get_app_data(ssl);
1734 SSL_SESSION *ssl_callback_GetSessionCacheEntry(SSL *ssl,
1739 conn_rec *conn = (conn_rec *)SSL_get_app_data(ssl);
1806 static void log_tracing_state(const SSL *ssl, conn_rec *c,
1823 MODSSL_LIBRARY_NAME, SSL_state_string_long(ssl));
1828 MODSSL_LIBRARY_NAME, SSL_state_string_long(ssl));
1833 MODSSL_LIBRARY_NAME, SSL_state_string_long(ssl));
1847 MODSSL_LIBRARY_NAME, SSL_state_string_long(ssl));
1852 MODSSL_LIBRARY_NAME, SSL_state_string_long(ssl));
1877 void ssl_callback_Info(const SSL *ssl, int where, int rc)
1884 if ((c = (conn_rec *)SSL_get_app_data((SSL *)ssl)) == NULL) {
1896 int state = SSL_get_state((SSL *)ssl);
1913 log_tracing_state(ssl, c, s, where, rc);
1922 int ssl_callback_ServerNameIndication(SSL *ssl, int *al, modssl_ctx_t *mctx)
1925 SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name);
1926 conn_rec *c = (conn_rec *)SSL_get_app_data(ssl);
1977 SSL *ssl;
2025 if (found && (ssl = sslcon->ssl) &&
2027 SSL_CTX *ctx = SSL_set_SSL_CTX(ssl, sc->server->ssl_ctx);
2033 SSL_set_options(ssl, SSL_CTX_get_options(ctx));
2034 if ((SSL_get_verify_mode(ssl) == SSL_VERIFY_NONE) ||
2035 (SSL_num_renegotiations(ssl) == 0)) {
2043 SSL_set_verify(ssl, SSL_CTX_get_verify_mode(ctx),
2056 if (SSL_num_renegotiations(ssl) == 0) {
2061 SSL_set_session_id_context(ssl, sid_ctx, APR_MD5_DIGESTSIZE*2);
2078 BIO *rbio = SSL_get_rbio(ssl),
2079 *wbio = SSL_get_wbio(ssl);
2081 BIO_set_callback_arg(rbio, (void *)ssl);
2084 BIO_set_callback_arg(wbio, (void *)ssl);
2101 int ssl_callback_SessionTicket(SSL *ssl,
2108 conn_rec *c = (conn_rec *)SSL_get_app_data(ssl);
2216 int ssl_callback_alpn_select(SSL *ssl,
2220 conn_rec *c = (conn_rec*)SSL_get_app_data(ssl);
2318 int ssl_callback_AdvertiseNextProtos(SSL *ssl, const unsigned char **data_out,
2321 conn_rec *c = (conn_rec*)SSL_get_app_data(ssl);
2403 int ssl_callback_SRPServerParams(SSL *ssl, int *ad, void *arg)
2406 char *username = SSL_get_srp_username(ssl);
2415 if (SSL_set_srp_server_param(ssl, u->N, u->g, u->s, u->v, u->info) < 0) {
2421 SSL_set_verify(ssl, SSL_VERIFY_NONE, ssl_callback_SSLVerify);