ssl_engine_config.c revision db7b4973dd384db0481c9b38d62a47b023bb4225
/* _ _
** _ __ ___ ___ __| | ___ ___| | mod_ssl
** | '_ ` _ \ / _ \ / _` | / __/ __| | Apache Interface to OpenSSL
** | | | | | | (_) | (_| | \__ \__ \ | www.modssl.org
** |_| |_| |_|\___/ \__,_|___|___/___/_| ftp.modssl.org
** |_____|
** Apache Configuration Directives
*/
/* ====================================================================
* The Apache Software License, Version 1.1
*
* Copyright (c) 2000-2001 The Apache Software Foundation. All rights
* reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* distribution.
*
* 3. The end-user documentation included with the redistribution,
* if any, must include the following acknowledgment:
* "This product includes software developed by the
* Apache Software Foundation (http://www.apache.org/)."
* Alternately, this acknowledgment may appear in the software itself,
* if and wherever such third-party acknowledgments normally appear.
*
* 4. The names "Apache" and "Apache Software Foundation" must
* not be used to endorse or promote products derived from this
* software without prior written permission. For written
* permission, please contact apache@apache.org.
*
* 5. Products derived from this software may not be called "Apache",
* nor may "Apache" appear in their name, without prior written
* permission of the Apache Software Foundation.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
* WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
* USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
* ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
* OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
* ====================================================================
*/
/* ``Damned if you do,
damned if you don't.''
-- Unknown */
#include "mod_ssl.h"
/* _________________________________________________________________
**
** Support for Global Configuration
** _________________________________________________________________
*/
#define SSL_MOD_CONFIG_KEY "ssl_module"
{
pool);
if (mc) {
return mc; /* reused for lifetime of the server */
}
/*
* allocate an own subpool which survives server restarts
*/
/*
* initialize per-module configuration
*/
mc->nSessionCacheDataSize = 0;
#if 0 /* XXX */
#endif
sizeof(ssl_randseed_t));
#ifdef SSL_EXPERIMENTAL_ENGINE
#endif
pool);
return mc;
}
{
}
{
}
/* _________________________________________________________________
**
** Configuration handling
** _________________________________________________________________
*/
/*
* Create per-server SSL configuration
*/
{
#ifdef SSL_EXPERIMENTAL_PROXY
#endif
return sc;
}
/*
* Merge per-server SSL configurations
*/
{
int i;
for (i = 0; i < SSL_AIDX_MAX; i++) {
}
#ifdef SSL_EXPERIMENTAL_PROXY
#endif
return new;
}
/*
* Create per-directory SSL configuration
*/
{
#ifdef SSL_EXPERIMENTAL_PERDIRCA
#endif
return dc;
}
/*
* Merge per-directory SSL configurations
*/
{
new->nOptionsAdd =
new->nOptionsDel =
}
else {
}
#ifdef SSL_EXPERIMENTAL_PERDIRCA
#endif
return new;
}
/*
* Configuration functions for particular directives
*/
const char *arg)
{
const char *err;
return err;
}
if (ssl_config_global_isfixed(mc)) {
return NULL;
}
}
mc->szMutexFile =
(unsigned long)getpid());
}
}
else {
return "SSLMutex: Invalid argument";
}
return NULL;
}
const char *arg)
{
const char *err;
return err;
}
}
/* XXX This is broken, exec: may contain args! */
{
"SSLPassPhraseDialog: file '",
"' does not exist", NULL);
}
}
}
else {
return "SSLPassPhraseDialog: Invalid argument";
}
return NULL;
}
#ifdef SSL_EXPERIMENTAL_ENGINE
const char *arg)
{
const char *err;
ENGINE *e;
#if SSL_LIBRARY_VERSION >= 0x00907000
static int loaded_engines = FALSE;
/* early loading to make sure the engines are already
available for ENGINE_by_id() above... */
if (!loaded_engines) {
}
#endif
return err;
}
}
else if ((e = ENGINE_by_id(arg))) {
ENGINE_free(e);
}
else {
return "SSLCryptoDevice: Invalid argument";
}
return NULL;
}
#endif
const char *arg1,
const char *arg2,
const char *arg3)
{
const char *err;
return err;
}
if (ssl_config_global_isfixed(mc)) {
return NULL;
}
}
}
else {
NULL);
}
}
}
}
}
else {
}
"SSLRandomSeed: source path '",
}
}
if (!arg3) {
}
else {
return "SSLRandomSeed: byte specification not "
"allowed for builtin seed source";
}
return "SSLRandomSeed: invalid number of bytes specified";
}
}
return NULL;
}
{
return NULL;
}
const char *arg)
{
}
else {
}
return NULL;
}
#define SSL_FLAGS_CHECK_FILE \
#define SSL_FLAGS_CHECK_DIR \
const char **file)
{
return NULL;
}
": file '", *file,
"' does not exist or is empty", NULL);
}
const char **dir)
{
return NULL;
}
": directory '", *dir,
"' does not exist", NULL);
}
#define SSL_AIDX_CERTS 1
#define SSL_AIDX_KEYS 2
const char *arg,
int idx)
{
int i;
return err;
}
switch (idx) {
case SSL_AIDX_CERTS:
desc = "certificates";
break;
case SSL_AIDX_KEYS:
desc = "private keys";
break;
}
for (i = 0; i < SSL_AIDX_MAX; i++) {
if (!files[i]) {
return NULL;
}
}
"%s: only up to %d "
"different %s per virtual host allowed",
}
const char *arg)
{
const char *err;
return err;
}
return NULL;
}
const char *arg)
{
const char *err;
return err;
}
return NULL;
}
const char *arg)
{
const char *err;
return err;
}
return NULL;
}
const char *arg)
{
#ifdef SSL_EXPERIMENTAL_PERDIRCA
#endif
const char *err;
return err;
}
#ifdef SSL_EXPERIMENTAL_PERDIRCA
}
else {
}
#else
#endif
return NULL;
}
const char *arg)
{
#ifdef SSL_EXPERIMENTAL_PERDIRCA
#endif
const char *err;
return err;
}
#ifdef SSL_EXPERIMENTAL_PERDIRCA
}
else {
}
#else
#endif
return NULL;
}
const char *arg)
{
const char *err;
return err;
}
return NULL;
}
const char *arg)
{
const char *err;
return err;
}
return NULL;
}
const char *arg,
{
*id = SSL_CVERIFY_NONE;
}
}
}
}
else {
NULL);
}
return NULL;
}
const char *arg)
{
const char *err;
return err;
}
}
else {
}
return NULL;
}
const char *arg,
int *depth)
{
return NULL;
}
NULL);
}
const char *arg)
{
int depth;
const char *err;
return err;
}
}
else {
}
return NULL;
}
const char *arg)
{
int maxsize;
return err;
}
if (ssl_config_global_isfixed(mc)) {
return NULL;
}
}
}
{
#if 0 /* XXX */
if (!ap_mm_useable()) {
return "SSLSessionCache: shared memory cache "
"not useable on this platform";
}
#endif
return "SSLSessionCache: Invalid argument: "
"no closing parenthesis";
}
return "SSLSessionCache: Invalid argument: "
"size has to be >= 8192 bytes";
}
#if 0 /* XXX */
#else
#endif
"SSLSessionCache: Invalid argument: "
"size has to be < %d bytes on this "
"platform", maxsize);
}
}
}
#if 0 /* XXX */
if (!ap_mm_useable()) {
return "SSLSessionCache: shared memory cache "
"not useable on this platform";
}
#endif
return "SSLSessionCache: Invalid argument: "
"no closing parenthesis";
}
return "SSLSessionCache: Invalid argument: "
"size has to be >= 8192 bytes";
}
#if 0 /* XXX */
#else
#endif
"SSLSessionCache: Invalid argument: "
"size has to be < %d bytes on this "
"platform", maxsize);
}
}
else {
return "SSLSessionCache: Invalid argument";
}
}
return NULL;
}
const char *arg)
{
if (sc->nSessionCacheTimeout < 0) {
return "SSLSessionCacheTimeout: Invalid argument";
}
return NULL;
}
#define SSL_FLAGS_LOG_CONTEXT \
const char *arg)
{
const char *err;
return err;
}
return NULL;
}
const char *level)
{
const char *err;
return err;
}
}
}
}
}
}
}
else {
return "SSLLogLevel: Invalid argument";
}
return NULL;
}
const char *arg)
{
char action, *w;
while (*arg) {
if ((*w == '+') || (*w == '-')) {
action = *(w++);
}
else if (first) {
}
if (strcEQ(w, "StdEnvVars")) {
}
else if (strcEQ(w, "CompatEnvVars")) {
}
else if (strcEQ(w, "ExportCertData")) {
}
else if (strcEQ(w, "FakeBasicAuth")) {
}
else if (strcEQ(w, "StrictRequire")) {
}
else if (strcEQ(w, "OptRenegotiate")) {
}
else {
"SSLOptions: Illegal option '", w, "'",
NULL);
}
if (action == '-') {
}
else if (action == '+') {
}
else {
}
}
return NULL;
}
{
return NULL;
}
const char *arg)
{
ssl_expr_get_error(), NULL);
}
return NULL;
}
const char *arg,
{
while (*arg) {
char action = '\0';
if ((*w == '+') || (*w == '-')) {
action = *(w++);
}
if (strcEQ(w, "SSLv2")) {
}
else if (strcEQ(w, "SSLv3")) {
}
else if (strcEQ(w, "TLSv1")) {
}
else if (strcEQ(w, "all")) {
}
else {
": Illegal protocol '",
w, "'", NULL);
}
if (action == '-') {
}
else if (action == '+') {
}
else {
}
}
return NULL;
}
const char *opt)
{
}
#ifdef SSL_EXPERIMENTAL_PROXY
const char *opt)
{
}
char *arg)
{
return NULL;
}
int flag)
{
return NULL;
}
char *arg)
{
int depth;
const char *err;
return err;
}
return NULL;
}
char *struct_ptr,
char *arg)
{
const char *err;
return err;
}
return NULL;
}
char *struct_ptr,
char *arg)
{
const char *err;
return err;
}
return NULL;
}
char *struct_ptr,
char *arg)
{
const char *err;
return err;
}
return NULL;
}
char *struct_ptr,
char *arg)
{
const char *err;
return err;
}
return NULL;
}
#endif /* SSL_EXPERIMENTAL_PROXY */