mod_ssl.c revision cc003103e52ff9d5fe9bed567ef9438613ab4fbf
b53688bfed888214b485cf76439d57262d80e0a7Christian Maeder** _ __ ___ ___ __| | ___ ___| | mod_ssl
e6d40133bc9f858308654afb1262b8b483ec5922Till Mossakowski** | '_ ` _ \ / _ \ / _` | / __/ __| | Apache Interface to OpenSSL
7968d3a131e5a684ec1ff0c6d88aae638549153dChristian Maeder** | | | | | | (_) | (_| | \__ \__ \ | www.modssl.org
97018cf5fa25b494adffd7e9b4e87320dae6bf47Christian Maeder** |_| |_| |_|\___/ \__,_|___|___/___/_| ftp.modssl.org
b53688bfed888214b485cf76439d57262d80e0a7Christian Maeder** Apache API interface structures
f3a94a197960e548ecd6520bb768cb0d547457bbChristian Maeder/* ====================================================================
b53688bfed888214b485cf76439d57262d80e0a7Christian Maeder * Copyright (c) 1998-2001 Ralf S. Engelschall. All rights reserved.
b53688bfed888214b485cf76439d57262d80e0a7Christian Maeder * Redistribution and use in source and binary forms, with or without
109a53dbf4c9233f869f63ba7a7f3fece49973c3Christian Maeder * modification, are permitted provided that the following conditions
109a53dbf4c9233f869f63ba7a7f3fece49973c3Christian Maeder * 1. Redistributions of source code must retain the above copyright
109a53dbf4c9233f869f63ba7a7f3fece49973c3Christian Maeder * notice, this list of conditions and the following disclaimer.
109a53dbf4c9233f869f63ba7a7f3fece49973c3Christian Maeder * 2. Redistributions in binary form must reproduce the above copyright
109a53dbf4c9233f869f63ba7a7f3fece49973c3Christian Maeder * notice, this list of conditions and the following
109a53dbf4c9233f869f63ba7a7f3fece49973c3Christian Maeder * disclaimer in the documentation and/or other materials
109a53dbf4c9233f869f63ba7a7f3fece49973c3Christian Maeder * provided with the distribution.
109a53dbf4c9233f869f63ba7a7f3fece49973c3Christian Maeder * 3. All advertising materials mentioning features or use of this
109a53dbf4c9233f869f63ba7a7f3fece49973c3Christian Maeder * software must display the following acknowledgment:
109a53dbf4c9233f869f63ba7a7f3fece49973c3Christian Maeder * "This product includes software developed by
109a53dbf4c9233f869f63ba7a7f3fece49973c3Christian Maeder * Ralf S. Engelschall <rse@engelschall.com> for use in the
109a53dbf4c9233f869f63ba7a7f3fece49973c3Christian Maeder * mod_ssl project (http://www.modssl.org/)."
109a53dbf4c9233f869f63ba7a7f3fece49973c3Christian Maeder * 4. The names "mod_ssl" must not be used to endorse or promote
109a53dbf4c9233f869f63ba7a7f3fece49973c3Christian Maeder * products derived from this software without prior written
109a53dbf4c9233f869f63ba7a7f3fece49973c3Christian Maeder * permission. For written permission, please contact
109a53dbf4c9233f869f63ba7a7f3fece49973c3Christian Maeder * rse@engelschall.com.
109a53dbf4c9233f869f63ba7a7f3fece49973c3Christian Maeder * 5. Products derived from this software may not be called "mod_ssl"
109a53dbf4c9233f869f63ba7a7f3fece49973c3Christian Maeder * nor may "mod_ssl" appear in their names without prior
109a53dbf4c9233f869f63ba7a7f3fece49973c3Christian Maeder * written permission of Ralf S. Engelschall.
bbba6dd86153aacb0f662b182b128df0eb09fd54Christian Maeder * 6. Redistributions of any form whatsoever must retain the following
109a53dbf4c9233f869f63ba7a7f3fece49973c3Christian Maeder * acknowledgment:
109a53dbf4c9233f869f63ba7a7f3fece49973c3Christian Maeder * "This product includes software developed by
b53688bfed888214b485cf76439d57262d80e0a7Christian Maeder * Ralf S. Engelschall <rse@engelschall.com> for use in the
b53688bfed888214b485cf76439d57262d80e0a7Christian Maeder * mod_ssl project (http://www.modssl.org/)."
f39b8dd9651dfcc38b06191cda23cacbfc298323Christian Maeder * THIS SOFTWARE IS PROVIDED BY RALF S. ENGELSCHALL ``AS IS'' AND ANY
b53688bfed888214b485cf76439d57262d80e0a7Christian Maeder * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
7f7460e7095628f3437b116ee78d3043d11f8febChristian Maeder * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
3a9d784341454573b50b32fa1b494e7418df3086Christian Maeder * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL RALF S. ENGELSCHALL OR
b53688bfed888214b485cf76439d57262d80e0a7Christian Maeder * HIS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
b53688bfed888214b485cf76439d57262d80e0a7Christian Maeder * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
9d6562465b41f17c7967d4e5678f34811d958cb2Christian Maeder * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
fbc7d11880751ef87862b1f4650b16c01c6763f1Klaus Luettich * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
b53688bfed888214b485cf76439d57262d80e0a7Christian Maeder * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
b53688bfed888214b485cf76439d57262d80e0a7Christian Maeder * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
7f7460e7095628f3437b116ee78d3043d11f8febChristian Maeder * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
b53688bfed888214b485cf76439d57262d80e0a7Christian Maeder * OF THE POSSIBILITY OF SUCH DAMAGE.
b53688bfed888214b485cf76439d57262d80e0a7Christian Maeder * ====================================================================
38c817b94e0a5b1ae94178b1075c187e07bcc5e1Christian Maeder /* ``I'll be surprised if
38c817b94e0a5b1ae94178b1075c187e07bcc5e1Christian Maeder others think that what you
38c817b94e0a5b1ae94178b1075c187e07bcc5e1Christian Maeder are doing is honourable.''
b53688bfed888214b485cf76439d57262d80e0a7Christian Maeder -- Ben Laurie, Apache-SSL author */
b53688bfed888214b485cf76439d57262d80e0a7Christian Maeder/* _________________________________________________________________
a3a7d8b3cdf05c8040c62dbcf9a15dc5042cd721Christian Maeder** Apache API glue structures
91ba5d95b2472cb075646b6120a559dc6581a867Christian Maeder** _________________________________________________________________
b53688bfed888214b485cf76439d57262d80e0a7Christian Maeder * identify the module to SCCS `what' and RCS `ident' commands
b53688bfed888214b485cf76439d57262d80e0a7Christian Maederstatic char const sccsid[] = "@(#) mod_ssl/" MOD_SSL_VERSION " >";
b53688bfed888214b485cf76439d57262d80e0a7Christian Maederstatic char const rcsid[] = "$Id: mod_ssl.c,v 1.1 2001/05/04 21:54:42 rse Exp $";
b53688bfed888214b485cf76439d57262d80e0a7Christian Maeder * the table of configuration directives we provide
083bc1972a66d73749760eab3a90bf4eb9ca7951Christian Maeder * Global (main-server) context configuration directives
b324cda6178c49ddeead3ce62b832ccf644cbcabRazvan Pascanu "SSL lock for handling internal mutual exclusions "
fefee7e1dee1ee5f0768a03a4abae88d1ca2c3fdRazvan Pascanu "(`none', `file:/path/to/file')")
8865728716566f42fa73e7e0bc080ba3225df764Christian Maeder "SSL dialog mechanism for the pass phrase query "
b53688bfed888214b485cf76439d57262d80e0a7Christian Maeder "(`builtin', `exec:/path/to/program')")
b53688bfed888214b485cf76439d57262d80e0a7Christian Maeder "SSL Session Cache storage "
b53688bfed888214b485cf76439d57262d80e0a7Christian Maeder "(`none', `dbm:/path/to/file')")
b53688bfed888214b485cf76439d57262d80e0a7Christian Maeder "SSL external Crypto Device usage "
b53688bfed888214b485cf76439d57262d80e0a7Christian Maeder "(`builtin', `...')")
fdac680252d7347858bd67b4c2a2aaa52e623815Christian Maeder "SSL Pseudo Random Number Generator (PRNG) seeding source "
a9e804dbec424ec36e34bab955cbe90edac5baa6Christian Maeder "(`startup|connect builtin|file:/path|exec:/path [bytes]')")
b76d27eba526ecac2a20400fa505ec5c642ae7d2Dominik Luecke * Per-server context configuration directives
8a5c05062ef501bf725a86a370a5145a198e81fdKlaus Luettich "SSL switch for the protocol engine "
2353f65833a3da763392f771223250cd50b8d873Christian Maeder "(`on', `off')")
b53688bfed888214b485cf76439d57262d80e0a7Christian Maeder "Colon-delimited list of permitted SSL Ciphers "
2353f65833a3da763392f771223250cd50b8d873Christian Maeder "(`XXX:...:XXX' - see manual)")
b53688bfed888214b485cf76439d57262d80e0a7Christian Maeder "SSL Server Certificate file "
b53688bfed888214b485cf76439d57262d80e0a7Christian Maeder "(`/path/to/file' - PEM or DER encoded)")
b53688bfed888214b485cf76439d57262d80e0a7Christian Maeder "SSL Server Private Key file "
a3a7d8b3cdf05c8040c62dbcf9a15dc5042cd721Christian Maeder "(`/path/to/file' - PEM or DER encoded)")
a3a7d8b3cdf05c8040c62dbcf9a15dc5042cd721Christian Maeder "SSL Server CA Certificate Chain file "
a3a7d8b3cdf05c8040c62dbcf9a15dc5042cd721Christian Maeder "(`/path/to/file' - PEM encoded)")
a3a7d8b3cdf05c8040c62dbcf9a15dc5042cd721Christian Maeder "SSL CA Certificate path "
a3a7d8b3cdf05c8040c62dbcf9a15dc5042cd721Christian Maeder "(`/path/to/dir' - contains PEM encoded files)")
a3a7d8b3cdf05c8040c62dbcf9a15dc5042cd721Christian Maeder "SSL CA Certificate file "
a3a7d8b3cdf05c8040c62dbcf9a15dc5042cd721Christian Maeder "(`/path/to/file' - PEM encoded)")
a3a7d8b3cdf05c8040c62dbcf9a15dc5042cd721Christian Maeder "SSL CA Certificate path "
a3a7d8b3cdf05c8040c62dbcf9a15dc5042cd721Christian Maeder "(`/path/to/dir' - contains PEM encoded files)")
a3a7d8b3cdf05c8040c62dbcf9a15dc5042cd721Christian Maeder "SSL CA Certificate file "
a3a7d8b3cdf05c8040c62dbcf9a15dc5042cd721Christian Maeder "(`/path/to/file' - PEM encoded)")
a3a7d8b3cdf05c8040c62dbcf9a15dc5042cd721Christian Maeder "SSL CA Certificate Revocation List (CRL) path "
bbba6dd86153aacb0f662b182b128df0eb09fd54Christian Maeder "(`/path/to/dir' - contains PEM encoded files)")
a3a7d8b3cdf05c8040c62dbcf9a15dc5042cd721Christian Maeder "SSL CA Certificate Revocation List (CRL) file "
a3a7d8b3cdf05c8040c62dbcf9a15dc5042cd721Christian Maeder "(`/path/to/file' - PEM encoded)")
a3a7d8b3cdf05c8040c62dbcf9a15dc5042cd721Christian Maeder "SSL Client verify type "
a3a7d8b3cdf05c8040c62dbcf9a15dc5042cd721Christian Maeder "(`none', `optional', `require', `optional_no_ca')")
a3a7d8b3cdf05c8040c62dbcf9a15dc5042cd721Christian Maeder "SSL Client verify depth "
a3a7d8b3cdf05c8040c62dbcf9a15dc5042cd721Christian Maeder "(`N' - number of intermediate certificates)")
a3a7d8b3cdf05c8040c62dbcf9a15dc5042cd721Christian Maeder "SSL Session Cache object lifetime "
a3a7d8b3cdf05c8040c62dbcf9a15dc5042cd721Christian Maeder "(`N' - number of seconds)")
a3a7d8b3cdf05c8040c62dbcf9a15dc5042cd721Christian Maeder "SSL logfile for SSL-related messages "
a3a7d8b3cdf05c8040c62dbcf9a15dc5042cd721Christian Maeder "SSL logfile verbosity level "
a3a7d8b3cdf05c8040c62dbcf9a15dc5042cd721Christian Maeder "(`none', `error', `warn', `info', `debug')")
a3a7d8b3cdf05c8040c62dbcf9a15dc5042cd721Christian Maeder "Enable or disable various SSL protocols"
a3a7d8b3cdf05c8040c62dbcf9a15dc5042cd721Christian Maeder "(`[+-][SSLv2|SSLv3|TLSv1] ...' - see manual)")
a3a7d8b3cdf05c8040c62dbcf9a15dc5042cd721Christian Maeder * Proxy configuration for remote SSL connections
a3a7d8b3cdf05c8040c62dbcf9a15dc5042cd721Christian Maeder "SSL Proxy: enable or disable SSL protocol flavors "
b53688bfed888214b485cf76439d57262d80e0a7Christian Maeder "(`[+-][SSLv2|SSLv3|TLSv1] ...' - see manual)")
a3a7d8b3cdf05c8040c62dbcf9a15dc5042cd721Christian Maeder "SSL Proxy: colon-delimited list of permitted SSL ciphers "
a3a7d8b3cdf05c8040c62dbcf9a15dc5042cd721Christian Maeder "(`XXX:...:XXX' - see manual)")
a3a7d8b3cdf05c8040c62dbcf9a15dc5042cd721Christian Maeder "SSL Proxy: whether to verify the remote certificate "
a3a7d8b3cdf05c8040c62dbcf9a15dc5042cd721Christian Maeder "(`on' or `off')")
bbba6dd86153aacb0f662b182b128df0eb09fd54Christian Maeder "SSL Proxy: maximum certificate verification depth "
a3a7d8b3cdf05c8040c62dbcf9a15dc5042cd721Christian Maeder "(`N' - number of intermediate certificates)")
a3a7d8b3cdf05c8040c62dbcf9a15dc5042cd721Christian Maeder "SSL Proxy: file containing server certificates "
a3a7d8b3cdf05c8040c62dbcf9a15dc5042cd721Christian Maeder "(`/path/to/file' - PEM encoded certificates)")
a3a7d8b3cdf05c8040c62dbcf9a15dc5042cd721Christian Maeder "SSL Proxy: directory containing server certificates "
a3a7d8b3cdf05c8040c62dbcf9a15dc5042cd721Christian Maeder "(`/path/to/dir' - contains PEM encoded certificates)")
a3a7d8b3cdf05c8040c62dbcf9a15dc5042cd721Christian Maeder AP_SRV_CMD(ProxyMachineCertificateFile, TAKE1,
a3a7d8b3cdf05c8040c62dbcf9a15dc5042cd721Christian Maeder "SSL Proxy: file containing client certificates "
a3a7d8b3cdf05c8040c62dbcf9a15dc5042cd721Christian Maeder "(`/path/to/file' - PEM encoded certificates)")
b53688bfed888214b485cf76439d57262d80e0a7Christian Maeder AP_SRV_CMD(ProxyMachineCertificatePath, TAKE1,
b53688bfed888214b485cf76439d57262d80e0a7Christian Maeder "SSL Proxy: directory containing client certificates "
b53688bfed888214b485cf76439d57262d80e0a7Christian Maeder "(`/path/to/dir' - contains PEM encoded certificates)")
a3a7d8b3cdf05c8040c62dbcf9a15dc5042cd721Christian Maeder * Per-directory context configuration directives
a3a7d8b3cdf05c8040c62dbcf9a15dc5042cd721Christian Maeder "Set one of more options to configure the SSL engine"
a3a7d8b3cdf05c8040c62dbcf9a15dc5042cd721Christian Maeder "(`[+-]option[=value] ...' - see manual)")
a3a7d8b3cdf05c8040c62dbcf9a15dc5042cd721Christian Maeder "Require the SSL protocol for the per-directory context "
a3a7d8b3cdf05c8040c62dbcf9a15dc5042cd721Christian Maeder "(no arguments)")
a3a7d8b3cdf05c8040c62dbcf9a15dc5042cd721Christian Maeder "Require a boolean expresion to evaluate to true for granting access"
a3a7d8b3cdf05c8040c62dbcf9a15dc5042cd721Christian Maeder "(arbitrary complex boolean expression - see manual)")
a3a7d8b3cdf05c8040c62dbcf9a15dc5042cd721Christian Maederstatic const handler_rec ssl_config_handler[] = {
a3a7d8b3cdf05c8040c62dbcf9a15dc5042cd721Christian Maeder { "mod_ssl:content-handler", ssl_hook_Handler },
bbba6dd86153aacb0f662b182b128df0eb09fd54Christian Maeder * the main Apache API config structure
f39b8dd9651dfcc38b06191cda23cacbfc298323Christian Maeder /* Standard API (always present) */
fefee7e1dee1ee5f0768a03a4abae88d1ca2c3fdRazvan Pascanu ssl_config_perdir_create, /* create per-dir config structures */
a3a7d8b3cdf05c8040c62dbcf9a15dc5042cd721Christian Maeder ssl_config_perdir_merge, /* merge per-dir config structures */
f39b8dd9651dfcc38b06191cda23cacbfc298323Christian Maeder ssl_config_server_create, /* create per-server config structures */
a3a7d8b3cdf05c8040c62dbcf9a15dc5042cd721Christian Maeder ssl_config_server_merge, /* merge per-server config structures */
f39b8dd9651dfcc38b06191cda23cacbfc298323Christian Maeder ssl_config_cmds, /* table of config file commands */
f39b8dd9651dfcc38b06191cda23cacbfc298323Christian Maeder ssl_config_handler, /* [#8] MIME-typed-dispatched handlers */
d81905a5b924415c524d702df26204683c82c12eChristian Maeder ssl_hook_Translate, /* [#1] URI to filename translation */
f39b8dd9651dfcc38b06191cda23cacbfc298323Christian Maeder ssl_hook_Auth, /* [#4] validate user id from request */
f39b8dd9651dfcc38b06191cda23cacbfc298323Christian Maeder ssl_hook_UserCheck, /* [#5] check if the user is ok _here_ */
0ae7a79e865d4a6022d705d160530682b3c1f825Christian Maeder ssl_hook_Access, /* [#3] check access by host address */
5b5f3190cc8d51a7942dda33a1ec45345cca5028Thiemo Wiedemeyer ssl_hook_ReadReq, /* [#0] post read-request */
f39b8dd9651dfcc38b06191cda23cacbfc298323Christian Maeder /* Extended API (forced to be enabled with mod_ssl) */
b53688bfed888214b485cf76439d57262d80e0a7Christian Maeder ssl_hook_AddModule, /* after modules was added to core */
b53688bfed888214b485cf76439d57262d80e0a7Christian Maeder ssl_hook_RemoveModule, /* before module is removed from core */
b53688bfed888214b485cf76439d57262d80e0a7Christian Maeder ssl_hook_RewriteCommand, /* configuration command rewriting */
b53688bfed888214b485cf76439d57262d80e0a7Christian Maeder ssl_hook_NewConnection, /* socket connection open */
b53688bfed888214b485cf76439d57262d80e0a7Christian Maeder ssl_hook_CloseConnection /* socket connection close */