ssl_engine_config.c revision e4b96ba15dc8b2b27d251d53e29b86da32cd5066
967e5f3c25249c779575864692935627004d3f9eChristian Maeder/* Licensed to the Apache Software Foundation (ASF) under one or more
967e5f3c25249c779575864692935627004d3f9eChristian Maeder * contributor license agreements. See the NOTICE file distributed with
f11f713bebd8e1e623a0a4361065df256033de47Christian Maeder * this work for additional information regarding copyright ownership.
97018cf5fa25b494adffd7e9b4e87320dae6bf47Christian Maeder * The ASF licenses this file to You under the Apache License, Version 2.0
967e5f3c25249c779575864692935627004d3f9eChristian Maeder * (the "License"); you may not use this file except in compliance with
3f69b6948966979163bdfe8331c38833d5d90ecdChristian Maeder * the License. You may obtain a copy of the License at
89054b2b95a3f92e78324dc852f3d34704e2ca49Christian Maeder * http://www.apache.org/licenses/LICENSE-2.0
717686b54b9650402e2ebfbaadf433eab8ba5171Christian Maeder * Unless required by applicable law or agreed to in writing, software
717686b54b9650402e2ebfbaadf433eab8ba5171Christian Maeder * distributed under the License is distributed on an "AS IS" BASIS,
967e5f3c25249c779575864692935627004d3f9eChristian Maeder * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
967e5f3c25249c779575864692935627004d3f9eChristian Maeder * See the License for the specific language governing permissions and
967e5f3c25249c779575864692935627004d3f9eChristian Maeder * limitations under the License.
650bafe7709533bc5f82bb9daf8fa06f431cd963Christian Maeder * _ __ ___ ___ __| | ___ ___| | mod_ssl
9cb4aa4ea6685489a38f9b609f5dbe5d37f25bc7Christian Maeder * | '_ ` _ \ / _ \ / _` | / __/ __| | Apache Interface to OpenSSL
7221c71b38c871ce66eee4537cb681d468308dfbChristian Maeder * | | | | | | (_) | (_| | \__ \__ \ |
ac19f8695aa1b2d2d1cd1319da2530edd8f46a96Christian Maeder * |_| |_| |_|\___/ \__,_|___|___/___/_|
4ef2a978e66e2246ff0b7f00c77deb7aabb28b8eChristian Maeder * Apache Configuration Directives
967e5f3c25249c779575864692935627004d3f9eChristian Maeder /* ``Damned if you do,
ad270004874ce1d0697fb30d7309f180553bb315Christian Maeder damned if you don't.''
4ef2a978e66e2246ff0b7f00c77deb7aabb28b8eChristian Maeder -- Unknown */
717686b54b9650402e2ebfbaadf433eab8ba5171Christian Maeder/* _________________________________________________________________
0a8ea95bcf0e3f84fed0b725c049ec2a956a4a28Christian Maeder** Support for Global Configuration
4fb19f237193a3bd6778f8aee3b6dd8da5856665Christian Maeder** _________________________________________________________________
7a879b08ae0ca30006f9be887a73212b07f10204Christian MaederSSLModConfigRec *ssl_config_global_create(server_rec *s)
6e39bfd041946fce4982ac89834be73fd1bfb39aChristian Maeder apr_pool_userdata_get(&vmc, SSL_MOD_CONFIG_KEY, pool);
62ecb1e7f8fd9573eea8369657de12c7bf9f4f25Christian Maeder return vmc; /* reused for lifetime of the server */
588c0c022a0f4e129a89c3bc569daf6a835e182dChristian Maeder * allocate an own subpool which survives server restarts
588c0c022a0f4e129a89c3bc569daf6a835e182dChristian Maeder mc = (SSLModConfigRec *)apr_palloc(pool, sizeof(*mc));
e7ce154edb906685b3fa7f6c0a764e18a4658068Christian Maeder * initialize per-module configuration
e7ce154edb906685b3fa7f6c0a764e18a4658068Christian Maeder#if defined(HAVE_OPENSSL_ENGINE_H) && defined(HAVE_ENGINE_INIT)
588c0c022a0f4e129a89c3bc569daf6a835e182dChristian Maeder memset(mc->pTmpKeys, 0, sizeof(mc->pTmpKeys));
e7ce154edb906685b3fa7f6c0a764e18a4658068Christian Maeder apr_pool_userdata_set(mc, SSL_MOD_CONFIG_KEY,
a578ec30cded5e396a7ce9a3b469e8cd3a88246aChristian Maedervoid ssl_config_global_fix(SSLModConfigRec *mc)
e1839fb37a3a2ccd457464cb0dcc5efd466dbe22Christian MaederBOOL ssl_config_global_isfixed(SSLModConfigRec *mc)
e1839fb37a3a2ccd457464cb0dcc5efd466dbe22Christian Maeder/* _________________________________________________________________
47355d1ba4e212c5fd34c089f71a319cde53c4c8Christian Maeder** Configuration handling
47355d1ba4e212c5fd34c089f71a319cde53c4c8Christian Maeder** _________________________________________________________________
47355d1ba4e212c5fd34c089f71a319cde53c4c8Christian Maederstatic void modssl_ctx_init(modssl_ctx_t *mctx)
47355d1ba4e212c5fd34c089f71a319cde53c4c8Christian Maeder mctx->sc = NULL; /* set during module init */
a89e661aad28f1b39f4fc9f9f9a4d46074234123Christian Maeder mctx->ssl_ctx = NULL; /* set during module init */
47355d1ba4e212c5fd34c089f71a319cde53c4c8Christian Maeder mctx->pphrase_dialog_type = SSL_PPTYPE_UNSET;
a89e661aad28f1b39f4fc9f9f9a4d46074234123Christian Maeder mctx->crl = NULL; /* set during module init */
588c0c022a0f4e129a89c3bc569daf6a835e182dChristian Maeder mctx->auth.verify_mode = SSL_CVERIFY_UNSET;
842eedc62639561781b6c33533d1949693ef6cc5Christian Maederstatic void modssl_ctx_init_proxy(SSLSrvConfigRec *sc,
842eedc62639561781b6c33533d1949693ef6cc5Christian Maeder mctx = sc->proxy = apr_palloc(p, sizeof(*sc->proxy));
967e5f3c25249c779575864692935627004d3f9eChristian Maeder mctx->pkp = apr_palloc(p, sizeof(*mctx->pkp));
2dfc7b04f2db681992ca04175f2beb0f127c9844Christian Maederstatic void modssl_ctx_init_server(SSLSrvConfigRec *sc,
2dfc7b04f2db681992ca04175f2beb0f127c9844Christian Maeder mctx = sc->server = apr_palloc(p, sizeof(*sc->server));
588c0c022a0f4e129a89c3bc569daf6a835e182dChristian Maeder mctx->pks = apr_pcalloc(p, sizeof(*mctx->pks));
deb7bff126ec547bd812d0c8683ad6e785a45abbChristian Maeder /* mctx->pks->... certs/keys are set during module init */
deb7bff126ec547bd812d0c8683ad6e785a45abbChristian Maederstatic SSLSrvConfigRec *ssl_config_server_new(apr_pool_t *p)
4ef2a978e66e2246ff0b7f00c77deb7aabb28b8eChristian Maeder SSLSrvConfigRec *sc = apr_palloc(p, sizeof(*sc));
deb7bff126ec547bd812d0c8683ad6e785a45abbChristian Maeder sc->vhost_id = NULL; /* set during module init */
588c0c022a0f4e129a89c3bc569daf6a835e182dChristian Maeder sc->vhost_id_len = 0; /* set during module init */
2dfc7b04f2db681992ca04175f2beb0f127c9844Christian Maeder * Create per-server SSL configuration
588c0c022a0f4e129a89c3bc569daf6a835e182dChristian Maedervoid *ssl_config_server_create(apr_pool_t *p, server_rec *s)
deb7bff126ec547bd812d0c8683ad6e785a45abbChristian Maeder SSLSrvConfigRec *sc = ssl_config_server_new(p);
588c0c022a0f4e129a89c3bc569daf6a835e182dChristian Maeder#define cfgMerge(el,unset) mrg->el = (add->el == (unset)) ? base->el : add->el
2dfc7b04f2db681992ca04175f2beb0f127c9844Christian Maeder#define cfgMergeArray(el) mrg->el = apr_array_append(p, add->el, base->el)
588c0c022a0f4e129a89c3bc569daf6a835e182dChristian Maeder#define cfgMergeString(el) cfgMerge(el, NULL)
588c0c022a0f4e129a89c3bc569daf6a835e182dChristian Maeder#define cfgMergeBool(el) cfgMerge(el, UNSET)
588c0c022a0f4e129a89c3bc569daf6a835e182dChristian Maederstatic void modssl_ctx_cfg_merge(modssl_ctx_t *base,
967e5f3c25249c779575864692935627004d3f9eChristian Maeder cfgMerge(pphrase_dialog_type, SSL_PPTYPE_UNSET);
2dfc7b04f2db681992ca04175f2beb0f127c9844Christian Maeder cfgMerge(auth.verify_mode, SSL_CVERIFY_UNSET);
dedabc954aa15f6ad0764472a9434dc6dafe3db2Christian Maederstatic void modssl_ctx_cfg_merge_proxy(modssl_ctx_t *base,
for (i = 0; i < SSL_AIDX_MAX; i++) {
return mrg;
return dc;
return mrg;
void *dcfg,
const char *arg_)
const char *err;
return err;
return NULL;
return NULL;
return NULL;
void *dcfg,
const char *arg)
const char *err;
return err;
return NULL;
void *dcfg,
const char *arg)
const char *err;
ENGINE *e;
return err;
ENGINE_free(e);
e = ENGINE_get_first();
ENGINE_free(e);
e = en;
return err;
return NULL;
void *dcfg,
const char *arg1,
const char *arg2,
const char *arg3)
const char *err;
return err;
return NULL;
NULL);
#ifdef HAVE_SSL_RAND_EGD
if (!arg3) {
return NULL;
return NULL;
return NULL;
return NULL;
void *dcfg,
const char *arg)
return NULL;
#define SSL_FLAGS_CHECK_FILE \
#define SSL_FLAGS_CHECK_DIR \
const char **file)
if (!filepath) {
return NULL;
return NULL;
const char **dir)
if (!dirpath) {
return NULL;
const char *arg,
int idx)
return err;
switch (idx) {
case SSL_AIDX_CERTS:
case SSL_AIDX_KEYS:
for (i = 0; i < SSL_AIDX_MAX; i++) {
if (!files[i]) {
return NULL;
void *dcfg,
const char *arg)
const char *err;
return err;
return NULL;
void *dcfg,
const char *arg)
const char *err;
return err;
return NULL;
void *dcfg,
const char *arg)
const char *err;
return err;
return NULL;
void *dcfg,
const char *arg)
const char *err;
return err;
return NULL;
#define NO_PER_DIR_SSL_CA \
#ifdef HAVE_SSL_SET_CERT_STORE
# define MODSSL_HAVE_SSL_SET_CERT_STORE 0
#define MODSSL_SET_CA(f) \
return NO_PER_DIR_SSL_CA; \
void *dcfg,
const char *arg)
const char *err;
return err;
return NULL;
void *dcfg,
const char *arg)
const char *err;
return err;
return NULL;
const char *arg)
const char *err;
return err;
return NULL;
const char *arg)
const char *err;
return err;
return NULL;
void *dcfg,
const char *arg)
const char *err;
return err;
return NULL;
void *dcfg,
const char *arg)
const char *err;
return err;
return NULL;
const char *arg,
NULL);
return NULL;
void *dcfg,
const char *arg)
const char *err;
return err;
return NULL;
const char *arg,
int *depth)
return NULL;
NULL);
void *dcfg,
const char *arg)
int depth;
const char *err;
return err;
return NULL;
#define MODSSL_NO_SHARED_MEMORY_ERROR \
void *dcfg,
const char *arg)
return err;
return NULL;
return MODSSL_NO_SHARED_MEMORY_ERROR;
#ifdef HAVE_DISTCACHE
#ifdef HAVE_SSL_CACHE_MEMCACHE
return NULL;
void *dcfg,
const char *arg)
return NULL;
void *dcfg,
const char *arg)
NULL);
return NULL;
void *dcfg,
const char *arg)
char action, *w;
while (*arg) {
action = *(w++);
else if (first) {
NULL);
return NULL;
return NULL;
void *dcfg,
const char *arg)
return NULL;
const char *arg,
while (*arg) {
action = *(w++);
return NULL;
void *dcfg,
const char *arg)
return NULL;
void *dcfg,
const char *arg)
void *dcfg,
const char *arg)
return NULL;
void *dcfg,
const char *arg)
const char *err;
return err;
return NULL;
void *dcfg,
const char *arg)
int depth;
const char *err;
return err;
return NULL;
void *dcfg,
const char *arg)
const char *err;
return err;
return NULL;
void *dcfg,
const char *arg)
const char *err;
return err;
return NULL;
void *dcfg,
const char *arg)
const char *err;
return err;
return NULL;
void *dcfg,
const char *arg)
const char *err;
return err;
return NULL;
void *dcfg,
const char *arg)
const char *err;
return err;
return NULL;
void *dcfg,
const char *arg)
const char *err;
return err;
return NULL;
const char *arg)
return NULL;
s = s->next;