modules/ssl/mod_ssl.c

	mod_ssl.c revision da0e8dabb745dce2c403f2aa9aded8045c646c29
1a38107941725211e7c3f051f7a8f5e12199f03acmaeder/* Licensed to the Apache Software Foundation (ASF) under one or more
53bd0c89aa4743dc41a6394db5a90717c1ca4517Liam O'Reilly * contributor license agreements.  See the NOTICE file distributed with
e9458b1a7a19a63aa4c179f9ab20f4d50681c168Jens Elkner * this work for additional information regarding copyright ownership.
53bd0c89aa4743dc41a6394db5a90717c1ca4517Liam O'Reilly * The ASF licenses this file to You under the Apache License, Version 2.0
53bd0c89aa4743dc41a6394db5a90717c1ca4517Liam O'Reilly * (the "License"); you may not use this file except in compliance with
98890889ffb2e8f6f722b00e265a211f13b5a861Corneliu-Claudiu Prodescu * the License.  You may obtain a copy of the License at
53bd0c89aa4743dc41a6394db5a90717c1ca4517Liam O'Reilly *
53bd0c89aa4743dc41a6394db5a90717c1ca4517Liam O'Reilly *     http://www.apache.org/licenses/LICENSE-2.0
53bd0c89aa4743dc41a6394db5a90717c1ca4517Liam O'Reilly *
53bd0c89aa4743dc41a6394db5a90717c1ca4517Liam O'Reilly * Unless required by applicable law or agreed to in writing, software
53bd0c89aa4743dc41a6394db5a90717c1ca4517Liam O'Reilly * distributed under the License is distributed on an "AS IS" BASIS,
33bdce26495121cdbce30331ef90a1969126a840Liam O'Reilly * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
53bd0c89aa4743dc41a6394db5a90717c1ca4517Liam O'Reilly * See the License for the specific language governing permissions and
53bd0c89aa4743dc41a6394db5a90717c1ca4517Liam O'Reilly * limitations under the License.
33bdce26495121cdbce30331ef90a1969126a840Liam O'Reilly */
9aeda2b3ae8ce0b018955521e4ca835a8ba8a27bLiam O'Reilly
57221209d11b05aa0373cc3892d5df89ba96ebf9Christian Maeder/*                      _             _
66bc8d6e69cde43f1ccbeb76104cf7b8038acd6cChristian Maeder *  _ __ ___   ___   __| |    ___ ___| |  mod_ssl
66bc8d6e69cde43f1ccbeb76104cf7b8038acd6cChristian Maeder * | '_ ` _ \ / _ \ / _` |   / __/ __| |  Apache Interface to OpenSSL
e90dc723887d541f809007ae81c9bb73ced9592eChristian Maeder * | | | | | | (_) | (_| |   \__ \__ \ |
d5833d2ee7bafcbf2fdd2bdfd9a728c769b100c7Christian Maeder * |_| |_| |_|\___/ \__,_|___|___/___/_|
33bdce26495121cdbce30331ef90a1969126a840Liam O'Reilly *                      |_____|
56899f6457976a2ee20f6a23f088cb5655b15715Liam O'Reilly *  mod_ssl.c
66bc8d6e69cde43f1ccbeb76104cf7b8038acd6cChristian Maeder *  Apache API interface structures
a00461fcf7432205a79a0f12dbe6c1ebc58bc000Christian Maeder */
33bdce26495121cdbce30331ef90a1969126a840Liam O'Reilly
33bdce26495121cdbce30331ef90a1969126a840Liam O'Reilly#include "ssl_private.h"
53bd0c89aa4743dc41a6394db5a90717c1ca4517Liam O'Reilly#include "mod_ssl.h"
33bdce26495121cdbce30331ef90a1969126a840Liam O'Reilly#include "mod_ssl_openssl.h"
53bd0c89aa4743dc41a6394db5a90717c1ca4517Liam O'Reilly#include "util_md5.h"
7830e8fa7442fb7452af7ecdba102bc297ae367eChristian Maeder#include "util_mutex.h"
f21c7417bdd1c0282025cba0f5cb0ff5bc5c98eeLiam O'Reilly#include "ap_provider.h"
648fe1220044aac847acbdfbc4155af5556063ebChristian Maeder
50c62c8c45643f09bcb2f4a99b07bf1d072ecf40Christian Maeder#include <assert.h>
33bdce26495121cdbce30331ef90a1969126a840Liam O'Reilly
c0833539c8cf577dd3f2497792fbdd818442744cChristian Maeder#if HAVE_VALGRIND
33bdce26495121cdbce30331ef90a1969126a840Liam O'Reilly#include <valgrind.h>
33bdce26495121cdbce30331ef90a1969126a840Liam O'Reillyint ssl_running_on_valgrind = 0;
7830e8fa7442fb7452af7ecdba102bc297ae367eChristian Maeder#endif
33bdce26495121cdbce30331ef90a1969126a840Liam O'Reilly
fa373bc327620e08861294716b4454be8d25669fChristian MaederAPR_IMPLEMENT_OPTIONAL_HOOK_RUN_ALL(ssl, SSL, int, pre_handshake,
036ecbd8f721096321f47cf6a354a9d1bf3d032fChristian Maeder                                    (conn_rec *c,SSL *ssl,int is_proxy),
aa4d26536fffe0153cd81d28925985892ac2f300Christian Maeder                                    (c,ssl,is_proxy), OK, DECLINED);
2a5b885d9350ec6dd8bc4992ee91d2f68aa592f4Christian Maeder
f21c7417bdd1c0282025cba0f5cb0ff5bc5c98eeLiam O'Reilly/*
53bd0c89aa4743dc41a6394db5a90717c1ca4517Liam O'Reilly *  the table of configuration directives we provide
b1f12c962a6fb28a298b36cf6a1dcf2ad788fb58Christian Maeder */
b1f12c962a6fb28a298b36cf6a1dcf2ad788fb58Christian Maeder
1a38107941725211e7c3f051f7a8f5e12199f03acmaeder#define SSL_CMD_ALL(name, args, desc) \
53bd0c89aa4743dc41a6394db5a90717c1ca4517Liam O'Reilly        AP_INIT_##args("SSL"#name, ssl_cmd_SSL##name, \
53bd0c89aa4743dc41a6394db5a90717c1ca4517Liam O'Reilly                       NULL, RSRC_CONF|OR_AUTHCFG, desc),
53bd0c89aa4743dc41a6394db5a90717c1ca4517Liam O'Reilly
33bdce26495121cdbce30331ef90a1969126a840Liam O'Reilly#define SSL_CMD_SRV(name, args, desc) \
33bdce26495121cdbce30331ef90a1969126a840Liam O'Reilly        AP_INIT_##args("SSL"#name, ssl_cmd_SSL##name, \
9e5f4073e948104307d43c3962d624b8416f191fLiam O'Reilly                       NULL, RSRC_CONF, desc),
648fe1220044aac847acbdfbc4155af5556063ebChristian Maeder
648fe1220044aac847acbdfbc4155af5556063ebChristian Maeder#define SSL_CMD_DIR(name, type, args, desc) \
648fe1220044aac847acbdfbc4155af5556063ebChristian Maeder        AP_INIT_##args("SSL"#name, ssl_cmd_SSL##name, \
648fe1220044aac847acbdfbc4155af5556063ebChristian Maeder                       NULL, OR_##type, desc),
648fe1220044aac847acbdfbc4155af5556063ebChristian Maeder
648fe1220044aac847acbdfbc4155af5556063ebChristian Maeder#define AP_END_CMD { NULL }
648fe1220044aac847acbdfbc4155af5556063ebChristian Maeder
648fe1220044aac847acbdfbc4155af5556063ebChristian Maederstatic const command_rec ssl_config_cmds[] = {
648fe1220044aac847acbdfbc4155af5556063ebChristian Maeder    /*
648fe1220044aac847acbdfbc4155af5556063ebChristian Maeder     * Global (main-server) context configuration directives
648fe1220044aac847acbdfbc4155af5556063ebChristian Maeder     */
ebd23ec61635b0bebf7969d14f65b9d1e39f2b26Liam O'Reilly    SSL_CMD_SRV(PassPhraseDialog, TAKE1,
d5833d2ee7bafcbf2fdd2bdfd9a728c769b100c7Christian Maeder                "SSL dialog mechanism for the pass phrase query "
d5833d2ee7bafcbf2fdd2bdfd9a728c769b100c7Christian Maeder                "('builtin', '|/path/to/pipe_program', "
9aeda2b3ae8ce0b018955521e4ca835a8ba8a27bLiam O'Reilly                "or 'exec:/path/to/cgi_program')")
9aeda2b3ae8ce0b018955521e4ca835a8ba8a27bLiam O'Reilly    SSL_CMD_SRV(SessionCache, TAKE1,
33bdce26495121cdbce30331ef90a1969126a840Liam O'Reilly                "SSL Session Cache storage "
648fe1220044aac847acbdfbc4155af5556063ebChristian Maeder                "('none', 'nonenotnull', 'dbm:/path/to/file')")
648fe1220044aac847acbdfbc4155af5556063ebChristian Maeder#if defined(HAVE_OPENSSL_ENGINE_H) && defined(HAVE_ENGINE_INIT)
648fe1220044aac847acbdfbc4155af5556063ebChristian Maeder    SSL_CMD_SRV(CryptoDevice, TAKE1,
648fe1220044aac847acbdfbc4155af5556063ebChristian Maeder                "SSL external Crypto Device usage "
d5833d2ee7bafcbf2fdd2bdfd9a728c769b100c7Christian Maeder                "('builtin', '...')")
648fe1220044aac847acbdfbc4155af5556063ebChristian Maeder#endif
1a38107941725211e7c3f051f7a8f5e12199f03acmaeder    SSL_CMD_SRV(RandomSeed, TAKE23,
33bdce26495121cdbce30331ef90a1969126a840Liam O'Reilly                "SSL Pseudo Random Number Generator (PRNG) seeding source "
33bdce26495121cdbce30331ef90a1969126a840Liam O'Reilly                "('startup|connect builtin|file:/path|exec:/path [bytes]')")
33bdce26495121cdbce30331ef90a1969126a840Liam O'Reilly
fa373bc327620e08861294716b4454be8d25669fChristian Maeder    /*
648fe1220044aac847acbdfbc4155af5556063ebChristian Maeder     * Per-server context configuration directives
648fe1220044aac847acbdfbc4155af5556063ebChristian Maeder     */
648fe1220044aac847acbdfbc4155af5556063ebChristian Maeder    SSL_CMD_SRV(Engine, TAKE1,
648fe1220044aac847acbdfbc4155af5556063ebChristian Maeder                "SSL switch for the protocol engine "
fa373bc327620e08861294716b4454be8d25669fChristian Maeder                "('on', 'off')")
fa373bc327620e08861294716b4454be8d25669fChristian Maeder    SSL_CMD_SRV(FIPS, FLAG,
fa373bc327620e08861294716b4454be8d25669fChristian Maeder                "Enable FIPS-140 mode "
fa373bc327620e08861294716b4454be8d25669fChristian Maeder                "(`on', `off')")
648fe1220044aac847acbdfbc4155af5556063ebChristian Maeder    SSL_CMD_ALL(CipherSuite, TAKE1,
648fe1220044aac847acbdfbc4155af5556063ebChristian Maeder                "Colon-delimited list of permitted SSL Ciphers "
d5833d2ee7bafcbf2fdd2bdfd9a728c769b100c7Christian Maeder                "('XXX:...:XXX' - see manual)")
e8d99f05c231b379be702a1aa8c7dd0b3c666928Liam O'Reilly    SSL_CMD_SRV(CertificateFile, TAKE1,
e8d99f05c231b379be702a1aa8c7dd0b3c666928Liam O'Reilly                "SSL Server Certificate file "
7857a35e3af533dfbd0f0e18638ebd211e6358a0Christian Maeder                "('/path/to/file' - PEM or DER encoded)")
7857a35e3af533dfbd0f0e18638ebd211e6358a0Christian Maeder    SSL_CMD_SRV(CertificateKeyFile, TAKE1,
9aeda2b3ae8ce0b018955521e4ca835a8ba8a27bLiam O'Reilly                "SSL Server Private Key file "
e8d99f05c231b379be702a1aa8c7dd0b3c666928Liam O'Reilly                "('/path/to/file' - PEM or DER encoded)")
e7cd36335f0f7be9ed5005e71d94c2856b588d62Christian Maeder    SSL_CMD_SRV(CertificateChainFile, TAKE1,
e7cd36335f0f7be9ed5005e71d94c2856b588d62Christian Maeder                "SSL Server CA Certificate Chain file "
e7cd36335f0f7be9ed5005e71d94c2856b588d62Christian Maeder                "('/path/to/file' - PEM encoded)")
e7cd36335f0f7be9ed5005e71d94c2856b588d62Christian Maeder#ifdef HAVE_TLS_SESSION_TICKETS
e8d99f05c231b379be702a1aa8c7dd0b3c666928Liam O'Reilly    SSL_CMD_SRV(SessionTicketKeyFile, TAKE1,
648fe1220044aac847acbdfbc4155af5556063ebChristian Maeder                "TLS session ticket encryption/decryption key file (RFC 5077) "
648fe1220044aac847acbdfbc4155af5556063ebChristian Maeder                "('/path/to/file' - file with 48 bytes of random data)")
7857a35e3af533dfbd0f0e18638ebd211e6358a0Christian Maeder#endif
33bdce26495121cdbce30331ef90a1969126a840Liam O'Reilly    SSL_CMD_ALL(CACertificatePath, TAKE1,
33bdce26495121cdbce30331ef90a1969126a840Liam O'Reilly                "SSL CA Certificate path "
648fe1220044aac847acbdfbc4155af5556063ebChristian Maeder                "('/path/to/dir' - contains PEM encoded files)")
648fe1220044aac847acbdfbc4155af5556063ebChristian Maeder    SSL_CMD_ALL(CACertificateFile, TAKE1,
648fe1220044aac847acbdfbc4155af5556063ebChristian Maeder                "SSL CA Certificate file "
c0833539c8cf577dd3f2497792fbdd818442744cChristian Maeder                "('/path/to/file' - PEM encoded)")
d5833d2ee7bafcbf2fdd2bdfd9a728c769b100c7Christian Maeder    SSL_CMD_SRV(CADNRequestPath, TAKE1,
c0833539c8cf577dd3f2497792fbdd818442744cChristian Maeder                "SSL CA Distinguished Name path "
c0833539c8cf577dd3f2497792fbdd818442744cChristian Maeder                "('/path/to/dir' - symlink hashes to PEM of acceptable CA names to request)")
648fe1220044aac847acbdfbc4155af5556063ebChristian Maeder    SSL_CMD_SRV(CADNRequestFile, TAKE1,
648fe1220044aac847acbdfbc4155af5556063ebChristian Maeder                "SSL CA Distinguished Name file "
648fe1220044aac847acbdfbc4155af5556063ebChristian Maeder                "('/path/to/file' - PEM encoded to derive acceptable CA names to request)")
33bdce26495121cdbce30331ef90a1969126a840Liam O'Reilly    SSL_CMD_SRV(CARevocationPath, TAKE1,
eb48217dfa67ddb87b8fbd846de293d0636bd578Christian Maeder                "SSL CA Certificate Revocation List (CRL) path "
c0833539c8cf577dd3f2497792fbdd818442744cChristian Maeder                "('/path/to/dir' - contains PEM encoded files)")
33bdce26495121cdbce30331ef90a1969126a840Liam O'Reilly    SSL_CMD_SRV(CARevocationFile, TAKE1,
7830e8fa7442fb7452af7ecdba102bc297ae367eChristian Maeder                "SSL CA Certificate Revocation List (CRL) file "
eb48217dfa67ddb87b8fbd846de293d0636bd578Christian Maeder                "('/path/to/file' - PEM encoded)")
7830e8fa7442fb7452af7ecdba102bc297ae367eChristian Maeder    SSL_CMD_SRV(CARevocationCheck, TAKE1,
33bdce26495121cdbce30331ef90a1969126a840Liam O'Reilly                "SSL CA Certificate Revocation List (CRL) checking mode")
eb48217dfa67ddb87b8fbd846de293d0636bd578Christian Maeder    SSL_CMD_ALL(VerifyClient, TAKE1,
eb48217dfa67ddb87b8fbd846de293d0636bd578Christian Maeder                "SSL Client verify type "
7830e8fa7442fb7452af7ecdba102bc297ae367eChristian Maeder                "('none', 'optional', 'require', 'optional_no_ca')")
648fe1220044aac847acbdfbc4155af5556063ebChristian Maeder    SSL_CMD_ALL(VerifyDepth, TAKE1,
648fe1220044aac847acbdfbc4155af5556063ebChristian Maeder                "SSL Client verify depth "
7830e8fa7442fb7452af7ecdba102bc297ae367eChristian Maeder                "('N' - number of intermediate certificates)")
648fe1220044aac847acbdfbc4155af5556063ebChristian Maeder    SSL_CMD_SRV(SessionCacheTimeout, TAKE1,
648fe1220044aac847acbdfbc4155af5556063ebChristian Maeder                "SSL Session Cache object lifetime "
4314e26a12954cb1c9be4dea10aa8103edac5bbbChristian Maeder                "('N' - number of seconds)")
648fe1220044aac847acbdfbc4155af5556063ebChristian Maeder#ifdef HAVE_TLSV1_X
ebd23ec61635b0bebf7969d14f65b9d1e39f2b26Liam O'Reilly#define SSL_PROTOCOLS "SSLv3|TLSv1|TLSv1.1|TLSv1.2"
648fe1220044aac847acbdfbc4155af5556063ebChristian Maeder#else
648fe1220044aac847acbdfbc4155af5556063ebChristian Maeder#define SSL_PROTOCOLS "SSLv3|TLSv1"
ebd23ec61635b0bebf7969d14f65b9d1e39f2b26Liam O'Reilly#endif
648fe1220044aac847acbdfbc4155af5556063ebChristian Maeder    SSL_CMD_SRV(Protocol, RAW_ARGS,
648fe1220044aac847acbdfbc4155af5556063ebChristian Maeder                "Enable or disable various SSL protocols "
4314e26a12954cb1c9be4dea10aa8103edac5bbbChristian Maeder                "('[+-][" SSL_PROTOCOLS "] ...' - see manual)")
648fe1220044aac847acbdfbc4155af5556063ebChristian Maeder    SSL_CMD_SRV(HonorCipherOrder, FLAG,
648fe1220044aac847acbdfbc4155af5556063ebChristian Maeder                "Use the server's cipher ordering preference")
648fe1220044aac847acbdfbc4155af5556063ebChristian Maeder    SSL_CMD_SRV(Compression, FLAG,
33bdce26495121cdbce30331ef90a1969126a840Liam O'Reilly                "Enable SSL level compression "
d5833d2ee7bafcbf2fdd2bdfd9a728c769b100c7Christian Maeder                "(`on', `off')")
d5833d2ee7bafcbf2fdd2bdfd9a728c769b100c7Christian Maeder    SSL_CMD_SRV(SessionTickets, FLAG,
648fe1220044aac847acbdfbc4155af5556063ebChristian Maeder                "Enable or disable TLS session tickets"
648fe1220044aac847acbdfbc4155af5556063ebChristian Maeder                "(`on', `off')")
648fe1220044aac847acbdfbc4155af5556063ebChristian Maeder    SSL_CMD_SRV(InsecureRenegotiation, FLAG,
e0f1794e365dd347e97b37d7d22b2fce27296fa1Christian Maeder                "Enable support for insecure renegotiation")
648fe1220044aac847acbdfbc4155af5556063ebChristian Maeder    SSL_CMD_ALL(UserName, TAKE1,
648fe1220044aac847acbdfbc4155af5556063ebChristian Maeder                "Set user name to SSL variable value")
2a5b885d9350ec6dd8bc4992ee91d2f68aa592f4Christian Maeder    SSL_CMD_SRV(StrictSNIVHostCheck, FLAG,
7857a35e3af533dfbd0f0e18638ebd211e6358a0Christian Maeder                "Strict SNI virtual host checking")
7857a35e3af533dfbd0f0e18638ebd211e6358a0Christian Maeder
2a5b885d9350ec6dd8bc4992ee91d2f68aa592f4Christian Maeder#ifdef HAVE_SRP
648fe1220044aac847acbdfbc4155af5556063ebChristian Maeder    SSL_CMD_SRV(SRPVerifierFile, TAKE1,
2a5b885d9350ec6dd8bc4992ee91d2f68aa592f4Christian Maeder                "SRP verifier file "
7857a35e3af533dfbd0f0e18638ebd211e6358a0Christian Maeder                "('/path/to/file' - created by srptool)")
7857a35e3af533dfbd0f0e18638ebd211e6358a0Christian Maeder    SSL_CMD_SRV(SRPUnknownUserSeed, TAKE1,
7857a35e3af533dfbd0f0e18638ebd211e6358a0Christian Maeder                "SRP seed for unknown users (to avoid leaking a user's existence) "
7830e8fa7442fb7452af7ecdba102bc297ae367eChristian Maeder                "('some secret text')")
648fe1220044aac847acbdfbc4155af5556063ebChristian Maeder#endif
aa4d26536fffe0153cd81d28925985892ac2f300Christian Maeder
648fe1220044aac847acbdfbc4155af5556063ebChristian Maeder    /*
648fe1220044aac847acbdfbc4155af5556063ebChristian Maeder     * Proxy configuration for remote SSL connections
648fe1220044aac847acbdfbc4155af5556063ebChristian Maeder     */
648fe1220044aac847acbdfbc4155af5556063ebChristian Maeder    SSL_CMD_SRV(ProxyEngine, FLAG,
648fe1220044aac847acbdfbc4155af5556063ebChristian Maeder                "SSL switch for the proxy protocol engine "
648fe1220044aac847acbdfbc4155af5556063ebChristian Maeder                "('on', 'off')")
648fe1220044aac847acbdfbc4155af5556063ebChristian Maeder    SSL_CMD_SRV(ProxyProtocol, RAW_ARGS,
bcd914850de931848b86d7728192a149f9c0108bChristian Maeder               "SSL Proxy: enable or disable SSL protocol flavors "
33bdce26495121cdbce30331ef90a1969126a840Liam O'Reilly                "('[+-][" SSL_PROTOCOLS "] ...' - see manual)")
bc350328e6ac2d9074317e222b4207a6aa49afeaLiam O'Reilly    SSL_CMD_SRV(ProxyCipherSuite, TAKE1,
bc350328e6ac2d9074317e222b4207a6aa49afeaLiam O'Reilly               "SSL Proxy: colon-delimited list of permitted SSL ciphers "
580f1724640a78be687e79d0ec95dd2665e77e91Liam O'Reilly               "('XXX:...:XXX' - see manual)")
b1f12c962a6fb28a298b36cf6a1dcf2ad788fb58Christian Maeder    SSL_CMD_SRV(ProxyVerify, TAKE1,
b1f12c962a6fb28a298b36cf6a1dcf2ad788fb58Christian Maeder               "SSL Proxy: whether to verify the remote certificate "
b1f12c962a6fb28a298b36cf6a1dcf2ad788fb58Christian Maeder               "('on' or 'off')")
b1f12c962a6fb28a298b36cf6a1dcf2ad788fb58Christian Maeder    SSL_CMD_SRV(ProxyVerifyDepth, TAKE1,
b1f12c962a6fb28a298b36cf6a1dcf2ad788fb58Christian Maeder               "SSL Proxy: maximum certificate verification depth "
f19dc06364e8d6ea36f7c170e1f7a0677de63184Liam O'Reilly               "('N' - number of intermediate certificates)")
f21c7417bdd1c0282025cba0f5cb0ff5bc5c98eeLiam O'Reilly    SSL_CMD_SRV(ProxyCACertificateFile, TAKE1,
f21c7417bdd1c0282025cba0f5cb0ff5bc5c98eeLiam O'Reilly               "SSL Proxy: file containing server certificates "
3d3889e0cefcdce9b3f43c53aaa201943ac2e895Jonathan von Schroeder               "('/path/to/file' - PEM encoded certificates)")
3d3889e0cefcdce9b3f43c53aaa201943ac2e895Jonathan von Schroeder    SSL_CMD_SRV(ProxyCACertificatePath, TAKE1,
3d3889e0cefcdce9b3f43c53aaa201943ac2e895Jonathan von Schroeder               "SSL Proxy: directory containing server certificates "
b1f12c962a6fb28a298b36cf6a1dcf2ad788fb58Christian Maeder               "('/path/to/dir' - contains PEM encoded certificates)")
3d3889e0cefcdce9b3f43c53aaa201943ac2e895Jonathan von Schroeder    SSL_CMD_SRV(ProxyCARevocationPath, TAKE1,
3d3889e0cefcdce9b3f43c53aaa201943ac2e895Jonathan von Schroeder                "SSL Proxy: CA Certificate Revocation List (CRL) path "
ee48a7a67da604356b665e51aa7545536a09b737Christian Maeder                "('/path/to/dir' - contains PEM encoded files)")
ee48a7a67da604356b665e51aa7545536a09b737Christian Maeder    SSL_CMD_SRV(ProxyCARevocationFile, TAKE1,
d381ab99d6e2e56e09030577d65d9a118f246d35Christian Maeder                "SSL Proxy: CA Certificate Revocation List (CRL) file "
d381ab99d6e2e56e09030577d65d9a118f246d35Christian Maeder                "('/path/to/file' - PEM encoded)")
ee48a7a67da604356b665e51aa7545536a09b737Christian Maeder    SSL_CMD_SRV(ProxyCARevocationCheck, TAKE1,
ee48a7a67da604356b665e51aa7545536a09b737Christian Maeder                "SSL Proxy: CA Certificate Revocation List (CRL) checking mode")
b1f12c962a6fb28a298b36cf6a1dcf2ad788fb58Christian Maeder    SSL_CMD_SRV(ProxyMachineCertificateFile, TAKE1,
b1f12c962a6fb28a298b36cf6a1dcf2ad788fb58Christian Maeder               "SSL Proxy: file containing client certificates "
b1f12c962a6fb28a298b36cf6a1dcf2ad788fb58Christian Maeder               "('/path/to/file' - PEM encoded certificates)")
bc350328e6ac2d9074317e222b4207a6aa49afeaLiam O'Reilly    SSL_CMD_SRV(ProxyMachineCertificatePath, TAKE1,
bc350328e6ac2d9074317e222b4207a6aa49afeaLiam O'Reilly               "SSL Proxy: directory containing client certificates "
bc350328e6ac2d9074317e222b4207a6aa49afeaLiam O'Reilly               "('/path/to/dir' - contains PEM encoded certificates)")
bc350328e6ac2d9074317e222b4207a6aa49afeaLiam O'Reilly    SSL_CMD_SRV(ProxyMachineCertificateChainFile, TAKE1,
bc350328e6ac2d9074317e222b4207a6aa49afeaLiam O'Reilly               "SSL Proxy: file containing issuing certificates "
bc350328e6ac2d9074317e222b4207a6aa49afeaLiam O'Reilly               "of the client certificate "
580f1724640a78be687e79d0ec95dd2665e77e91Liam O'Reilly               "(`/path/to/file' - PEM encoded certificates)")
b1f12c962a6fb28a298b36cf6a1dcf2ad788fb58Christian Maeder    SSL_CMD_SRV(ProxyCheckPeerExpire, FLAG,
b1f12c962a6fb28a298b36cf6a1dcf2ad788fb58Christian Maeder                "SSL Proxy: check the peer certificate's expiration date")
b1f12c962a6fb28a298b36cf6a1dcf2ad788fb58Christian Maeder    SSL_CMD_SRV(ProxyCheckPeerCN, FLAG,
b1f12c962a6fb28a298b36cf6a1dcf2ad788fb58Christian Maeder                "SSL Proxy: check the peer certificate's CN")
b1f12c962a6fb28a298b36cf6a1dcf2ad788fb58Christian Maeder    SSL_CMD_SRV(ProxyCheckPeerName, FLAG,
7d96b1ef2b8597330aedee6713615ec15508edcfLiam O'Reilly                "SSL Proxy: check the peer certificate's name "
7d96b1ef2b8597330aedee6713615ec15508edcfLiam O'Reilly                "(must be present in subjectAltName extension or CN")
7d96b1ef2b8597330aedee6713615ec15508edcfLiam O'Reilly
7d96b1ef2b8597330aedee6713615ec15508edcfLiam O'Reilly    /*
7d96b1ef2b8597330aedee6713615ec15508edcfLiam O'Reilly     * Per-directory context configuration directives
bc350328e6ac2d9074317e222b4207a6aa49afeaLiam O'Reilly     */
bc350328e6ac2d9074317e222b4207a6aa49afeaLiam O'Reilly    SSL_CMD_DIR(Options, OPTIONS, RAW_ARGS,
bc350328e6ac2d9074317e222b4207a6aa49afeaLiam O'Reilly               "Set one or more options to configure the SSL engine"
bc350328e6ac2d9074317e222b4207a6aa49afeaLiam O'Reilly               "('[+-]option[=value] ...' - see manual)")
f19dc06364e8d6ea36f7c170e1f7a0677de63184Liam O'Reilly    SSL_CMD_DIR(RequireSSL, AUTHCFG, NO_ARGS,
f19dc06364e8d6ea36f7c170e1f7a0677de63184Liam O'Reilly               "Require the SSL protocol for the per-directory context "
f19dc06364e8d6ea36f7c170e1f7a0677de63184Liam O'Reilly               "(no arguments)")
bc350328e6ac2d9074317e222b4207a6aa49afeaLiam O'Reilly    SSL_CMD_DIR(Require, AUTHCFG, RAW_ARGS,
f19dc06364e8d6ea36f7c170e1f7a0677de63184Liam O'Reilly               "Require a boolean expression to evaluate to true for granting access"
bc350328e6ac2d9074317e222b4207a6aa49afeaLiam O'Reilly               "(arbitrary complex boolean expression - see manual)")
f19dc06364e8d6ea36f7c170e1f7a0677de63184Liam O'Reilly    SSL_CMD_DIR(RenegBufferSize, AUTHCFG, TAKE1,
f19dc06364e8d6ea36f7c170e1f7a0677de63184Liam O'Reilly                "Configure the amount of memory that will be used for buffering the "
b1f12c962a6fb28a298b36cf6a1dcf2ad788fb58Christian Maeder                "request body if a per-location SSL renegotiation is required due to "
3d3889e0cefcdce9b3f43c53aaa201943ac2e895Jonathan von Schroeder                "changed access control requirements")
3d3889e0cefcdce9b3f43c53aaa201943ac2e895Jonathan von Schroeder
ee48a7a67da604356b665e51aa7545536a09b737Christian Maeder    SSL_CMD_SRV(OCSPEnable, FLAG,
ee48a7a67da604356b665e51aa7545536a09b737Christian Maeder               "Enable use of OCSP to verify certificate revocation ('on', 'off')")
ee48a7a67da604356b665e51aa7545536a09b737Christian Maeder    SSL_CMD_SRV(OCSPDefaultResponder, TAKE1,
ee48a7a67da604356b665e51aa7545536a09b737Christian Maeder               "URL of the default OCSP Responder")
ee48a7a67da604356b665e51aa7545536a09b737Christian Maeder    SSL_CMD_SRV(OCSPOverrideResponder, FLAG,
dc403ff45531bc75a7544b8b5fc52a5217a1a54aChristian Maeder               "Force use of the default responder URL ('on', 'off')")
ee48a7a67da604356b665e51aa7545536a09b737Christian Maeder    SSL_CMD_SRV(OCSPResponseTimeSkew, TAKE1,
45e2bc90dd11147156ddd7f9651ce8b2ec00f2a1Christian Maeder                "Maximum time difference in OCSP responses")
45e2bc90dd11147156ddd7f9651ce8b2ec00f2a1Christian Maeder    SSL_CMD_SRV(OCSPResponseMaxAge, TAKE1,
ee48a7a67da604356b665e51aa7545536a09b737Christian Maeder                "Maximum age of OCSP responses")
b1f12c962a6fb28a298b36cf6a1dcf2ad788fb58Christian Maeder    SSL_CMD_SRV(OCSPResponderTimeout, TAKE1,
b1f12c962a6fb28a298b36cf6a1dcf2ad788fb58Christian Maeder                "OCSP responder query timeout")
b1f12c962a6fb28a298b36cf6a1dcf2ad788fb58Christian Maeder    SSL_CMD_SRV(OCSPUseRequestNonce, FLAG,
f19dc06364e8d6ea36f7c170e1f7a0677de63184Liam O'Reilly                "Whether OCSP queries use a nonce or not ('on', 'off')")
2a5b885d9350ec6dd8bc4992ee91d2f68aa592f4Christian Maeder
fa373bc327620e08861294716b4454be8d25669fChristian Maeder#ifdef HAVE_OCSP_STAPLING
fa373bc327620e08861294716b4454be8d25669fChristian Maeder    /*
fa373bc327620e08861294716b4454be8d25669fChristian Maeder     * OCSP Stapling options
fa373bc327620e08861294716b4454be8d25669fChristian Maeder     */
fa373bc327620e08861294716b4454be8d25669fChristian Maeder    SSL_CMD_SRV(StaplingCache, TAKE1,
fa373bc327620e08861294716b4454be8d25669fChristian Maeder                "SSL Stapling Response Cache storage "
fa373bc327620e08861294716b4454be8d25669fChristian Maeder                "(`dbm:/path/to/file')")
fa373bc327620e08861294716b4454be8d25669fChristian Maeder    SSL_CMD_SRV(UseStapling, FLAG,
fa373bc327620e08861294716b4454be8d25669fChristian Maeder                "SSL switch for the OCSP Stapling protocol " "(`on', `off')")
b1f12c962a6fb28a298b36cf6a1dcf2ad788fb58Christian Maeder    SSL_CMD_SRV(StaplingResponseTimeSkew, TAKE1,
fa373bc327620e08861294716b4454be8d25669fChristian Maeder                "SSL stapling option for maximum time difference in OCSP responses")
fa373bc327620e08861294716b4454be8d25669fChristian Maeder    SSL_CMD_SRV(StaplingResponderTimeout, TAKE1,
2a5b885d9350ec6dd8bc4992ee91d2f68aa592f4Christian Maeder                "SSL stapling option for OCSP responder timeout")
fa373bc327620e08861294716b4454be8d25669fChristian Maeder    SSL_CMD_SRV(StaplingResponseMaxAge, TAKE1,
fa373bc327620e08861294716b4454be8d25669fChristian Maeder                "SSL stapling option for maximum age of OCSP responses")
b1f12c962a6fb28a298b36cf6a1dcf2ad788fb58Christian Maeder    SSL_CMD_SRV(StaplingStandardCacheTimeout, TAKE1,


Error!


        Full Search


        Definition


        Symbol


        File Path


        History


    In Project(s)


    There was an error!

        null
        java.lang.NullPointerException


Indexes created Tue Jul 24 14:28:13 CEST 2018
ast
bind-9.11.3
bind-9.6-ESV-R11
dovecot
ec
forgerock
gkrellm-k10addon
glassfish
glassfish-3.1.2
glassfish.hg
hets
httpd
illumos-gate
inkscape
javamail
k10sensor
libmicro
lucene-3.6.0
lxc
ontohub
opengrok
opengrok-jel
opengrok-sun
openjdk7
osnet-11
owl-s
pkg
scfdot
sendmail
solaris-desktop
solaris-userland
solaris-userland-s11u3
solaris-x11-s11
solaris-x11-s12
sssd
sssd-io
systemd
vbox
yui3