diff options
Diffstat (limited to 'modules/ssl/mod_ssl.c')
-rw-r--r-- | modules/ssl/mod_ssl.c | 248 |
1 files changed, 0 insertions, 248 deletions
diff --git a/modules/ssl/mod_ssl.c b/modules/ssl/mod_ssl.c deleted file mode 100644 index 2d1b5e1b0a..0000000000 --- a/modules/ssl/mod_ssl.c +++ /dev/null @@ -1,248 +0,0 @@ -/* _ _ -** _ __ ___ ___ __| | ___ ___| | mod_ssl -** | '_ ` _ \ / _ \ / _` | / __/ __| | Apache Interface to OpenSSL -** | | | | | | (_) | (_| | \__ \__ \ | www.modssl.org -** |_| |_| |_|\___/ \__,_|___|___/___/_| ftp.modssl.org -** |_____| -** mod_ssl.c -** Apache API interface structures -*/ - -/* ==================================================================== - * Copyright (c) 1998-2001 Ralf S. Engelschall. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following - * disclaimer in the documentation and/or other materials - * provided with the distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by - * Ralf S. Engelschall <rse@engelschall.com> for use in the - * mod_ssl project (http://www.modssl.org/)." - * - * 4. The names "mod_ssl" must not be used to endorse or promote - * products derived from this software without prior written - * permission. For written permission, please contact - * rse@engelschall.com. - * - * 5. Products derived from this software may not be called "mod_ssl" - * nor may "mod_ssl" appear in their names without prior - * written permission of Ralf S. Engelschall. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by - * Ralf S. Engelschall <rse@engelschall.com> for use in the - * mod_ssl project (http://www.modssl.org/)." - * - * THIS SOFTWARE IS PROVIDED BY RALF S. ENGELSCHALL ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL RALF S. ENGELSCHALL OR - * HIS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - */ - /* ``I'll be surprised if - others think that what you - are doing is honourable.'' - -- Ben Laurie, Apache-SSL author */ -#include "mod_ssl.h" - -/* _________________________________________________________________ -** -** Apache API glue structures -** _________________________________________________________________ -*/ - -/* - * identify the module to SCCS `what' and RCS `ident' commands - */ -static char const sccsid[] = "@(#) mod_ssl/" MOD_SSL_VERSION " >"; -static char const rcsid[] = "$Id: mod_ssl.c,v 1.1 2001/05/04 21:54:42 rse Exp $"; - -/* - * the table of configuration directives we provide - */ -static command_rec ssl_config_cmds[] = { - /* - * Global (main-server) context configuration directives - */ - AP_SRV_CMD(Mutex, TAKE1, - "SSL lock for handling internal mutual exclusions " - "(`none', `file:/path/to/file')") - AP_SRV_CMD(PassPhraseDialog, TAKE1, - "SSL dialog mechanism for the pass phrase query " - "(`builtin', `exec:/path/to/program')") - AP_SRV_CMD(SessionCache, TAKE1, - "SSL Session Cache storage " - "(`none', `dbm:/path/to/file')") -#ifdef SSL_EXPERIMENTAL_ENGINE - AP_SRV_CMD(CryptoDevice, TAKE1, - "SSL external Crypto Device usage " - "(`builtin', `...')") -#endif - AP_SRV_CMD(RandomSeed, TAKE23, - "SSL Pseudo Random Number Generator (PRNG) seeding source " - "(`startup|connect builtin|file:/path|exec:/path [bytes]')") - - /* - * Per-server context configuration directives - */ - AP_SRV_CMD(Engine, FLAG, - "SSL switch for the protocol engine " - "(`on', `off')") - AP_ALL_CMD(CipherSuite, TAKE1, - "Colon-delimited list of permitted SSL Ciphers " - "(`XXX:...:XXX' - see manual)") - AP_SRV_CMD(CertificateFile, TAKE1, - "SSL Server Certificate file " - "(`/path/to/file' - PEM or DER encoded)") - AP_SRV_CMD(CertificateKeyFile, TAKE1, - "SSL Server Private Key file " - "(`/path/to/file' - PEM or DER encoded)") - AP_SRV_CMD(CertificateChainFile, TAKE1, - "SSL Server CA Certificate Chain file " - "(`/path/to/file' - PEM encoded)") -#ifdef SSL_EXPERIMENTAL_PERDIRCA - AP_ALL_CMD(CACertificatePath, TAKE1, - "SSL CA Certificate path " - "(`/path/to/dir' - contains PEM encoded files)") - AP_ALL_CMD(CACertificateFile, TAKE1, - "SSL CA Certificate file " - "(`/path/to/file' - PEM encoded)") -#else - AP_SRV_CMD(CACertificatePath, TAKE1, - "SSL CA Certificate path " - "(`/path/to/dir' - contains PEM encoded files)") - AP_SRV_CMD(CACertificateFile, TAKE1, - "SSL CA Certificate file " - "(`/path/to/file' - PEM encoded)") -#endif - AP_SRV_CMD(CARevocationPath, TAKE1, - "SSL CA Certificate Revocation List (CRL) path " - "(`/path/to/dir' - contains PEM encoded files)") - AP_SRV_CMD(CARevocationFile, TAKE1, - "SSL CA Certificate Revocation List (CRL) file " - "(`/path/to/file' - PEM encoded)") - AP_ALL_CMD(VerifyClient, TAKE1, - "SSL Client verify type " - "(`none', `optional', `require', `optional_no_ca')") - AP_ALL_CMD(VerifyDepth, TAKE1, - "SSL Client verify depth " - "(`N' - number of intermediate certificates)") - AP_SRV_CMD(SessionCacheTimeout, TAKE1, - "SSL Session Cache object lifetime " - "(`N' - number of seconds)") - AP_SRV_CMD(Log, TAKE1, - "SSL logfile for SSL-related messages " - "(`/path/to/file', `|/path/to/program')") - AP_SRV_CMD(LogLevel, TAKE1, - "SSL logfile verbosity level " - "(`none', `error', `warn', `info', `debug')") - AP_SRV_CMD(Protocol, RAW_ARGS, - "Enable or disable various SSL protocols" - "(`[+-][SSLv2|SSLv3|TLSv1] ...' - see manual)") - -#ifdef SSL_EXPERIMENTAL_PROXY - /* - * Proxy configuration for remote SSL connections - */ - AP_SRV_CMD(ProxyProtocol, RAW_ARGS, - "SSL Proxy: enable or disable SSL protocol flavors " - "(`[+-][SSLv2|SSLv3|TLSv1] ...' - see manual)") - AP_SRV_CMD(ProxyCipherSuite, TAKE1, - "SSL Proxy: colon-delimited list of permitted SSL ciphers " - "(`XXX:...:XXX' - see manual)") - AP_SRV_CMD(ProxyVerify, FLAG, - "SSL Proxy: whether to verify the remote certificate " - "(`on' or `off')") - AP_SRV_CMD(ProxyVerifyDepth, TAKE1, - "SSL Proxy: maximum certificate verification depth " - "(`N' - number of intermediate certificates)") - AP_SRV_CMD(ProxyCACertificateFile, TAKE1, - "SSL Proxy: file containing server certificates " - "(`/path/to/file' - PEM encoded certificates)") - AP_SRV_CMD(ProxyCACertificatePath, TAKE1, - "SSL Proxy: directory containing server certificates " - "(`/path/to/dir' - contains PEM encoded certificates)") - AP_SRV_CMD(ProxyMachineCertificateFile, TAKE1, - "SSL Proxy: file containing client certificates " - "(`/path/to/file' - PEM encoded certificates)") - AP_SRV_CMD(ProxyMachineCertificatePath, TAKE1, - "SSL Proxy: directory containing client certificates " - "(`/path/to/dir' - contains PEM encoded certificates)") -#endif - - /* - * Per-directory context configuration directives - */ - AP_DIR_CMD(Options, OPTIONS, RAW_ARGS, - "Set one of more options to configure the SSL engine" - "(`[+-]option[=value] ...' - see manual)") - AP_DIR_CMD(RequireSSL, AUTHCFG, NO_ARGS, - "Require the SSL protocol for the per-directory context " - "(no arguments)") - AP_DIR_CMD(Require, AUTHCFG, RAW_ARGS, - "Require a boolean expresion to evaluate to true for granting access" - "(arbitrary complex boolean expression - see manual)") - - AP_END_CMD -}; - -static const handler_rec ssl_config_handler[] = { - { "mod_ssl:content-handler", ssl_hook_Handler }, - { NULL, NULL } -}; - -/* - * the main Apache API config structure - */ -module MODULE_VAR_EXPORT ssl_module = { - STANDARD_MODULE_STUFF, - - /* Standard API (always present) */ - - ssl_init_Module, /* module initializer */ - ssl_config_perdir_create, /* create per-dir config structures */ - ssl_config_perdir_merge, /* merge per-dir config structures */ - ssl_config_server_create, /* create per-server config structures */ - ssl_config_server_merge, /* merge per-server config structures */ - ssl_config_cmds, /* table of config file commands */ - ssl_config_handler, /* [#8] MIME-typed-dispatched handlers */ - ssl_hook_Translate, /* [#1] URI to filename translation */ - ssl_hook_Auth, /* [#4] validate user id from request */ - ssl_hook_UserCheck, /* [#5] check if the user is ok _here_ */ - ssl_hook_Access, /* [#3] check access by host address */ - NULL, /* [#6] determine MIME type */ - ssl_hook_Fixup, /* [#7] pre-run fixups */ - NULL, /* [#9] log a transaction */ - NULL, /* [#2] header parser */ - ssl_init_Child, /* child_init */ - NULL, /* child_exit */ - ssl_hook_ReadReq, /* [#0] post read-request */ - - /* Extended API (forced to be enabled with mod_ssl) */ - - ssl_hook_AddModule, /* after modules was added to core */ - ssl_hook_RemoveModule, /* before module is removed from core */ - ssl_hook_RewriteCommand, /* configuration command rewriting */ - ssl_hook_NewConnection, /* socket connection open */ - ssl_hook_CloseConnection /* socket connection close */ -}; - |