1
2 /*
3 * Copyright (C) Igor Sysoev
4 */
5
6
7 #ifndef _NGX_EVENT_OPENSSL_H_INCLUDED_
8 #define _NGX_EVENT_OPENSSL_H_INCLUDED_
9
10
11 #include <ngx_config.h>
12 #include <ngx_core.h>
13
14 #include <openssl/ssl.h>
15 #include <openssl/err.h>
16 #include <openssl/conf.h>
17 #include <openssl/engine.h>
18
19 #define NGX_SSL_NAME "OpenSSL"
20
21
22 #define ngx_ssl_session_t SSL_SESSION
23 #define ngx_ssl_conn_t SSL
24
25
26 typedef struct {
27 SSL_CTX *ctx;
28 ngx_log_t *log;
29 } ngx_ssl_t;
30
31
32 typedef struct {
33 ngx_ssl_conn_t *connection;
34
35 ngx_int_t last;
36 ngx_buf_t *buf;
37
38 ngx_connection_handler_pt handler;
39
40 ngx_event_handler_pt saved_read_handler;
41 ngx_event_handler_pt saved_write_handler;
42
43 unsigned handshaked:1;
44 unsigned buffer:1;
45 unsigned no_wait_shutdown:1;
46 unsigned no_send_shutdown:1;
47 } ngx_ssl_connection_t;
48
49
50 #define NGX_SSL_NO_SCACHE -2
51 #define NGX_SSL_NONE_SCACHE -3
52 #define NGX_SSL_NO_BUILTIN_SCACHE -4
53 #define NGX_SSL_DFLT_BUILTIN_SCACHE -5
54
55
56 #define NGX_SSL_MAX_SESSION_SIZE 4096
57
58 typedef struct ngx_ssl_sess_id_s ngx_ssl_sess_id_t;
59
60 struct ngx_ssl_sess_id_s {
61 ngx_rbtree_node_t node;
62 u_char *id;
63 size_t len;
64 u_char *session;
65 ngx_queue_t queue;
66 time_t expire;
67 #if (NGX_PTR_SIZE == 8)
68 void *stub;
69 u_char sess_id[32];
70 #endif
71 };
72
73
74 typedef struct {
75 ngx_rbtree_t session_rbtree;
76 ngx_rbtree_node_t sentinel;
77 ngx_queue_t expire_queue;
78 } ngx_ssl_session_cache_t;
79
80
81
82 #define NGX_SSL_SSLv2 2
83 #define NGX_SSL_SSLv3 4
84 #define NGX_SSL_TLSv1 8
85
86
87 #define NGX_SSL_BUFFER 1
88 #define NGX_SSL_CLIENT 2
89
90 #define NGX_SSL_BUFSIZE 16384
91
92
93 ngx_int_t ngx_ssl_init(ngx_log_t *log);
94 ngx_int_t ngx_ssl_create(ngx_ssl_t *ssl, ngx_uint_t protocols, void *data);
95 ngx_int_t ngx_ssl_certificate(ngx_conf_t *cf, ngx_ssl_t *ssl,
96 ngx_str_t *cert, ngx_str_t *key);
97 ngx_int_t ngx_ssl_client_certificate(ngx_conf_t *cf, ngx_ssl_t *ssl,
98 ngx_str_t *cert, ngx_int_t depth);
99 ngx_int_t ngx_ssl_crl(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *crl);
100 ngx_int_t ngx_ssl_generate_rsa512_key(ngx_ssl_t *ssl);
101 ngx_int_t ngx_ssl_dhparam(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *file);
102 ngx_int_t ngx_ssl_session_cache(ngx_ssl_t *ssl, ngx_str_t *sess_ctx,
103 ssize_t builtin_session_cache, ngx_shm_zone_t *shm_zone, time_t timeout);
104 ngx_int_t ngx_ssl_create_connection(ngx_ssl_t *ssl, ngx_connection_t *c,
105 ngx_uint_t flags);
106
107 void ngx_ssl_remove_cached_session(SSL_CTX *ssl, ngx_ssl_session_t *sess);
108 ngx_int_t ngx_ssl_set_session(ngx_connection_t *c, ngx_ssl_session_t *session);
109 #define ngx_ssl_get_session(c) SSL_get1_session(c->ssl->connection)
110 #define ngx_ssl_free_session SSL_SESSION_free
111 #define ngx_ssl_get_connection(ssl_conn) \
112 SSL_get_ex_data(ssl_conn, ngx_ssl_connection_index)
113 #define ngx_ssl_get_server_conf(ssl_ctx) \
114 SSL_CTX_get_ex_data(ssl_ctx, ngx_ssl_server_conf_index)
115
116
117 ngx_int_t ngx_ssl_get_protocol(ngx_connection_t *c, ngx_pool_t *pool,
118 ngx_str_t *s);
119 ngx_int_t ngx_ssl_get_cipher_name(ngx_connection_t *c, ngx_pool_t *pool,
120 ngx_str_t *s);
121 ngx_int_t ngx_ssl_get_session_id(ngx_connection_t *c, ngx_pool_t *pool,
122 ngx_str_t *s);
123 ngx_int_t ngx_ssl_get_raw_certificate(ngx_connection_t *c, ngx_pool_t *pool,
124 ngx_str_t *s);
125 ngx_int_t ngx_ssl_get_certificate(ngx_connection_t *c, ngx_pool_t *pool,
126 ngx_str_t *s);
127 ngx_int_t ngx_ssl_get_subject_dn(ngx_connection_t *c, ngx_pool_t *pool,
128 ngx_str_t *s);
129 ngx_int_t ngx_ssl_get_issuer_dn(ngx_connection_t *c, ngx_pool_t *pool,
130 ngx_str_t *s);
131 ngx_int_t ngx_ssl_get_serial_number(ngx_connection_t *c, ngx_pool_t *pool,
132 ngx_str_t *s);
133 ngx_int_t ngx_ssl_get_client_verify(ngx_connection_t *c, ngx_pool_t *pool,
134 ngx_str_t *s);
135
136
137 ngx_int_t ngx_ssl_handshake(ngx_connection_t *c);
138 ssize_t ngx_ssl_recv(ngx_connection_t *c, u_char *buf, size_t size);
139 ssize_t ngx_ssl_write(ngx_connection_t *c, u_char *data, size_t size);
140 ssize_t ngx_ssl_recv_chain(ngx_connection_t *c, ngx_chain_t *cl);
141 ngx_chain_t *ngx_ssl_send_chain(ngx_connection_t *c, ngx_chain_t *in,
142 off_t limit);
143 void ngx_ssl_free_buffer(ngx_connection_t *c);
144 ngx_int_t ngx_ssl_shutdown(ngx_connection_t *c);
145 void ngx_cdecl ngx_ssl_error(ngx_uint_t level, ngx_log_t *log, ngx_err_t err,
146 char *fmt, ...);
147 void ngx_ssl_cleanup_ctx(void *data);
148
149
150 extern int ngx_ssl_connection_index;
151 extern int ngx_ssl_server_conf_index;
152 extern int ngx_ssl_session_cache_index;
153
154
155 #endif /* _NGX_EVENT_OPENSSL_H_INCLUDED_ */
156
This page was automatically generated by the
LXR engine.
Visit the LXR main site for more
information.