Apache2
Collaboration diagram for Utilities:

Macros

#define SSL_MOD_POLICIES_KEY   "ssl_module_policies"
 
#define SSL_PROTOCOL_CONSTANTS_SSLV3   SSL_PROTOCOL_SSLV3
 
#define SSL_POLICY_HONOR_ORDER   1
 
#define SSL_POLICY_COMPRESSION   0
 
#define SSL_POLICY_SESSION_TICKETS   0
 
#define SSL_POLICY_MOZILLA_VERSION   4.0
 
#define SSL_POLICY_MODERN   0
 
#define SSL_POLICY_INTERMEDIATE   1
 
#define SSL_POLICY_INTERMEDIATE_SSL_CIPHERS   "ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS"
 
#define SSL_POLICY_INTERMEDIATE_TLS13_CIPHERS   NULL
 
#define SSL_POLICY_INTERMEDIATE_PROTOCOLS   (SSL_PROTOCOL_ALL & ~(SSL_PROTOCOL_TLSV1_3|SSL_PROTOCOL_CONSTANTS_SSLV3))
 
#define SSL_POLICY_OLD   1
 
#define SSL_POLICY_OLD_SSL_CIPHERS   "ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:DES-CBC3-SHA:HIGH:SEED:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!RSAPSK:!aDH:!aECDH:!EDH-DSS-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:!SRP"
 
#define SSL_POLICY_OLD_TLS13_CIPHERS   NULL
 
#define SSL_POLICY_OLD_PROTOCOLS   (SSL_PROTOCOL_ALL & ~(SSL_PROTOCOL_TLSV1_3))
 
#define MODSSL_LIBRARY_VERSION   OPENSSL_VERSION_NUMBER
 
#define MODSSL_LIBRARY_NAME   "OpenSSL"
 
#define MODSSL_LIBRARY_TEXT   OPENSSL_VERSION_TEXT
 
#define MODSSL_LIBRARY_DYNTEXT   OpenSSL_version(OPENSSL_VERSION)
 
#define MODSSL_SESSION_MAX_DER   1024*10
 
#define MODSSL_SESSION_ID_STRING_LEN    ((SSL_MAX_SSL_SESSION_ID_LENGTH + 1) * 2)
 

Functions

void modssl_init_app_data2_idx (void)
 
void * modssl_get_app_data2 (SSL *)
 
void modssl_set_app_data2 (SSL *, void *)
 
EVP_PKEY * modssl_read_privatekey (const char *filename, pem_password_cb *cb, void *ud)
 
int modssl_smart_shutdown (SSL *ssl)
 
BOOL modssl_X509_getBC (X509 *, int *, int *)
 
char * modssl_X509_NAME_ENTRY_to_string (apr_pool_t *p, X509_NAME_ENTRY *xsne, int raw)
 
char * modssl_X509_NAME_to_string (apr_pool_t *, X509_NAME *, int)
 
BOOL modssl_X509_getSAN (apr_pool_t *, X509 *, int, const char *, int, apr_array_header_t **)
 
BOOL modssl_X509_match_name (apr_pool_t *, X509 *, const char *, BOOL, server_rec *)
 
char * modssl_SSL_SESSION_id2sz (IDCONST unsigned char *, int, char *, int)
 
char * modssl_bio_free_read (apr_pool_t *p, BIO *bio)
 
apr_status_t modssl_read_cert (apr_pool_t *p, const char *cert_pem, const char *key_pem, pem_password_cb *cb, void *ud, X509 **pcert, EVP_PKEY **pkey)
 
apr_status_t modssl_cert_get_pem (apr_pool_t *p, X509 *cert1, X509 *cert2, const char **ppem)
 

Detailed Description

Macro Definition Documentation

◆ MODSSL_LIBRARY_DYNTEXT

#define MODSSL_LIBRARY_DYNTEXT   OpenSSL_version(OPENSSL_VERSION)

◆ MODSSL_LIBRARY_NAME

#define MODSSL_LIBRARY_NAME   "OpenSSL"

◆ MODSSL_LIBRARY_TEXT

#define MODSSL_LIBRARY_TEXT   OPENSSL_VERSION_TEXT

◆ MODSSL_LIBRARY_VERSION

#define MODSSL_LIBRARY_VERSION   OPENSSL_VERSION_NUMBER

SSL library version number

◆ MODSSL_SESSION_ID_STRING_LEN

#define MODSSL_SESSION_ID_STRING_LEN    ((SSL_MAX_SSL_SESSION_ID_LENGTH + 1) * 2)

max length for modssl_SSL_SESSION_id2sz

◆ MODSSL_SESSION_MAX_DER

#define MODSSL_SESSION_MAX_DER   1024*10

Maximum length of a DER encoded session. FIXME: There is no define in OpenSSL, but OpenSSL uses 1024*10, so this value should be ok. Although we have no warm feeling.

◆ SSL_MOD_POLICIES_KEY

#define SSL_MOD_POLICIES_KEY   "ssl_module_policies"

◆ SSL_POLICY_COMPRESSION

#define SSL_POLICY_COMPRESSION   0

◆ SSL_POLICY_HONOR_ORDER

#define SSL_POLICY_HONOR_ORDER   1

◆ SSL_POLICY_INTERMEDIATE

#define SSL_POLICY_INTERMEDIATE   1

◆ SSL_POLICY_INTERMEDIATE_PROTOCOLS

#define SSL_POLICY_INTERMEDIATE_PROTOCOLS   (SSL_PROTOCOL_ALL & ~(SSL_PROTOCOL_TLSV1_3|SSL_PROTOCOL_CONSTANTS_SSLV3))

◆ SSL_POLICY_INTERMEDIATE_SSL_CIPHERS

#define SSL_POLICY_INTERMEDIATE_SSL_CIPHERS   "ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS"

◆ SSL_POLICY_INTERMEDIATE_TLS13_CIPHERS

#define SSL_POLICY_INTERMEDIATE_TLS13_CIPHERS   NULL

◆ SSL_POLICY_MODERN

#define SSL_POLICY_MODERN   0

◆ SSL_POLICY_MOZILLA_VERSION

#define SSL_POLICY_MOZILLA_VERSION   4.0

Define a core set of policies that are always there:

◆ SSL_POLICY_OLD

#define SSL_POLICY_OLD   1

◆ SSL_POLICY_OLD_PROTOCOLS

#define SSL_POLICY_OLD_PROTOCOLS   (SSL_PROTOCOL_ALL & ~(SSL_PROTOCOL_TLSV1_3))

◆ SSL_POLICY_OLD_SSL_CIPHERS

#define SSL_POLICY_OLD_SSL_CIPHERS   "ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:DES-CBC3-SHA:HIGH:SEED:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!RSAPSK:!aDH:!aECDH:!EDH-DSS-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:!SRP"

◆ SSL_POLICY_OLD_TLS13_CIPHERS

#define SSL_POLICY_OLD_TLS13_CIPHERS   NULL

◆ SSL_POLICY_SESSION_TICKETS

#define SSL_POLICY_SESSION_TICKETS   0

◆ SSL_PROTOCOL_CONSTANTS_SSLV3

#define SSL_PROTOCOL_CONSTANTS_SSLV3   SSL_PROTOCOL_SSLV3

Function Documentation

◆ modssl_bio_free_read()

char* modssl_bio_free_read ( apr_pool_t p,
BIO *  bio 
)

◆ modssl_cert_get_pem()

apr_status_t modssl_cert_get_pem ( apr_pool_t p,
X509 *  cert1,
X509 *  cert2,
const char **  ppem 
)

◆ modssl_get_app_data2()

void* modssl_get_app_data2 ( SSL *  )

◆ modssl_init_app_data2_idx()

void modssl_init_app_data2_idx ( void  )

Additional Functions

◆ modssl_read_cert()

apr_status_t modssl_read_cert ( apr_pool_t p,
const char *  cert_pem,
const char *  key_pem,
pem_password_cb *  cb,
void *  ud,
X509 **  pcert,
EVP_PKEY **  pkey 
)

◆ modssl_read_privatekey()

EVP_PKEY* modssl_read_privatekey ( const char *  filename,
pem_password_cb *  cb,
void *  ud 
)

◆ modssl_set_app_data2()

void modssl_set_app_data2 ( SSL *  ,
void *   
)

◆ modssl_smart_shutdown()

int modssl_smart_shutdown ( SSL *  ssl)

◆ modssl_SSL_SESSION_id2sz()

char* modssl_SSL_SESSION_id2sz ( IDCONST unsigned char *  ,
int  ,
char *  ,
int   
)

◆ modssl_X509_getBC()

BOOL modssl_X509_getBC ( X509 *  ,
int ,
int  
)

◆ modssl_X509_getSAN()

BOOL modssl_X509_getSAN ( apr_pool_t ,
X509 *  ,
int  ,
const char *  ,
int  ,
apr_array_header_t **   
)

◆ modssl_X509_match_name()

BOOL modssl_X509_match_name ( apr_pool_t ,
X509 *  ,
const char *  ,
BOOL  ,
server_rec  
)

◆ modssl_X509_NAME_ENTRY_to_string()

char* modssl_X509_NAME_ENTRY_to_string ( apr_pool_t p,
X509_NAME_ENTRY *  xsne,
int  raw 
)

◆ modssl_X509_NAME_to_string()

char* modssl_X509_NAME_to_string ( apr_pool_t ,
X509_NAME *  ,
int   
)