14
15
#include <openssl/ssl.h>
15
16
#include <openssl/err.h>
17
#if OPENSSL_VERSION_NUMBER >= 0x00907000
18
17
#include <openssl/conf.h>
19
18
#include <openssl/engine.h>
20
#define NGX_SSL_ENGINE 1
19
#include <openssl/evp.h>
20
#include <openssl/ocsp.h>
23
22
#define NGX_SSL_NAME "OpenSSL"
86
#define NGX_SSL_SSLv2 2
87
#define NGX_SSL_SSLv3 4
88
#define NGX_SSL_TLSv1 8
86
#define NGX_SSL_SSLv2 0x0002
87
#define NGX_SSL_SSLv3 0x0004
88
#define NGX_SSL_TLSv1 0x0008
89
#define NGX_SSL_TLSv1_1 0x0010
90
#define NGX_SSL_TLSv1_2 0x0020
91
93
#define NGX_SSL_BUFFER 1
100
102
ngx_str_t *cert, ngx_str_t *key);
101
103
ngx_int_t ngx_ssl_client_certificate(ngx_conf_t *cf, ngx_ssl_t *ssl,
102
104
ngx_str_t *cert, ngx_int_t depth);
103
ngx_int_t ngx_ssl_generate_rsa512_key(ngx_ssl_t *ssl);
105
ngx_int_t ngx_ssl_trusted_certificate(ngx_conf_t *cf, ngx_ssl_t *ssl,
106
ngx_str_t *cert, ngx_int_t depth);
107
ngx_int_t ngx_ssl_crl(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *crl);
108
ngx_int_t ngx_ssl_stapling(ngx_conf_t *cf, ngx_ssl_t *ssl,
109
ngx_str_t *file, ngx_str_t *responder, ngx_uint_t verify);
110
ngx_int_t ngx_ssl_stapling_resolver(ngx_conf_t *cf, ngx_ssl_t *ssl,
111
ngx_resolver_t *resolver, ngx_msec_t resolver_timeout);
112
RSA *ngx_ssl_rsa512_key_callback(SSL *ssl, int is_export, int key_length);
113
ngx_int_t ngx_ssl_dhparam(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *file);
114
ngx_int_t ngx_ssl_ecdh_curve(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *name);
104
115
ngx_int_t ngx_ssl_session_cache(ngx_ssl_t *ssl, ngx_str_t *sess_ctx,
105
116
ssize_t builtin_session_cache, ngx_shm_zone_t *shm_zone, time_t timeout);
117
ngx_int_t ngx_ssl_session_cache_init(ngx_shm_zone_t *shm_zone, void *data);
106
118
ngx_int_t ngx_ssl_create_connection(ngx_ssl_t *ssl, ngx_connection_t *c,
107
119
ngx_uint_t flags);
115
127
#define ngx_ssl_get_server_conf(ssl_ctx) \
116
128
SSL_CTX_get_ex_data(ssl_ctx, ngx_ssl_server_conf_index)
130
#define ngx_ssl_verify_error_optional(n) \
131
(n == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT \
132
|| n == X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN \
133
|| n == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY \
134
|| n == X509_V_ERR_CERT_UNTRUSTED \
135
|| n == X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE)
119
138
ngx_int_t ngx_ssl_get_protocol(ngx_connection_t *c, ngx_pool_t *pool,
121
140
ngx_int_t ngx_ssl_get_cipher_name(ngx_connection_t *c, ngx_pool_t *pool,
142
ngx_int_t ngx_ssl_get_session_id(ngx_connection_t *c, ngx_pool_t *pool,
144
ngx_int_t ngx_ssl_get_raw_certificate(ngx_connection_t *c, ngx_pool_t *pool,
146
ngx_int_t ngx_ssl_get_certificate(ngx_connection_t *c, ngx_pool_t *pool,
123
148
ngx_int_t ngx_ssl_get_subject_dn(ngx_connection_t *c, ngx_pool_t *pool,
125
150
ngx_int_t ngx_ssl_get_issuer_dn(ngx_connection_t *c, ngx_pool_t *pool,
127
152
ngx_int_t ngx_ssl_get_serial_number(ngx_connection_t *c, ngx_pool_t *pool,
154
ngx_int_t ngx_ssl_get_client_verify(ngx_connection_t *c, ngx_pool_t *pool,
131
158
ngx_int_t ngx_ssl_handshake(ngx_connection_t *c);
144
171
extern int ngx_ssl_connection_index;
145
172
extern int ngx_ssl_server_conf_index;
146
173
extern int ngx_ssl_session_cache_index;
174
extern int ngx_ssl_certificate_index;
175
extern int ngx_ssl_stapling_index;
149
178
#endif /* _NGX_EVENT_OPENSSL_H_INCLUDED_ */