|
Apache HTTPD
|
#include <assert.h>#include <stdio.h>#include <stdlib.h>#include <apr_lib.h>#include <apr_buckets.h>#include <apr_file_io.h>#include <apr_strings.h>#include <httpd.h>#include <http_core.h>#include <openssl/err.h>#include <openssl/evp.h>#include <openssl/hmac.h>#include <openssl/pem.h>#include <openssl/rand.h>#include <openssl/rsa.h>#include <openssl/x509v3.h>#include "md.h"#include "md_crypt.h"#include "md_json.h"#include "md_log.h"#include "md_http.h"#include "md_time.h"#include "md_util.h"Go to the source code of this file.
Classes | |
| struct | md_pkey_t |
| struct | passwd_ctx |
| struct | md_cert_t |
Macros | |
| #define | MD_GET_NID(x) get_nid(MD_OID_##x##_NUM, MD_OID_##x##_SNAME, MD_OID_##x##_LNAME) |
| #define | MD_OID_MUST_STAPLE_NUM "1.3.6.1.5.5.7.1.24" |
| #define | MD_OID_MUST_STAPLE_SNAME "tlsfeature" |
| #define | MD_OID_MUST_STAPLE_LNAME "TLS Feature" |
| #define | MD_OID_ACME_VALIDATION_NUM "1.3.6.1.5.5.7.1.31" |
| #define | MD_OID_ACME_VALIDATION_SNAME "pe-acmeIdentifier" |
| #define | MD_OID_ACME_VALIDATION_LNAME "ACME Identifier" |
| #define | MD_OID_CT_SCTS_NUM "1.3.6.1.4.1.11129.2.4.2" |
| #define | MD_OID_CT_SCTS_SNAME "CT-SCTs" |
| #define | MD_OID_CT_SCTS_LNAME "CT Certificate SCTs" |
Variables | |
| static int | initialized |
| static md_pkey_spec_t | PkeySpecDef = { MD_PKEY_TYPE_DEFAULT, {{ 0 }} } |
Definition at line 276 of file md_crypt.c.
| #define MD_OID_ACME_VALIDATION_LNAME "ACME Identifier" |
Definition at line 1988 of file md_crypt.c.
| #define MD_OID_ACME_VALIDATION_NUM "1.3.6.1.5.5.7.1.31" |
Definition at line 1986 of file md_crypt.c.
| #define MD_OID_ACME_VALIDATION_SNAME "pe-acmeIdentifier" |
Definition at line 1987 of file md_crypt.c.
| #define MD_OID_CT_SCTS_LNAME "CT Certificate SCTs" |
Definition at line 2042 of file md_crypt.c.
| #define MD_OID_CT_SCTS_NUM "1.3.6.1.4.1.11129.2.4.2" |
Definition at line 2040 of file md_crypt.c.
Definition at line 2041 of file md_crypt.c.
Definition at line 1749 of file md_crypt.c.
| #define MD_OID_MUST_STAPLE_NUM "1.3.6.1.5.5.7.1.24" |
Definition at line 1747 of file md_crypt.c.
| #define MD_OID_MUST_STAPLE_SNAME "tlsfeature" |
Definition at line 1748 of file md_crypt.c.
|
static |
Definition at line 1705 of file md_crypt.c.
|
static |
Definition at line 1758 of file md_crypt.c.
|
static |
Definition at line 1692 of file md_crypt.c.
Definition at line 965 of file md_crypt.c.
|
static |
Definition at line 1150 of file md_crypt.c.
|
static |
Definition at line 1377 of file md_crypt.c.
|
static |
Definition at line 796 of file md_crypt.c.
|
static |
Definition at line 153 of file md_crypt.c.
|
static |
Definition at line 820 of file md_crypt.c.
|
static |
Definition at line 771 of file md_crypt.c.
Definition at line 1990 of file md_crypt.c.
Definition at line 2045 of file md_crypt.c.
Definition at line 264 of file md_crypt.c.
|
static |
Definition at line 573 of file md_crypt.c.
| apr_time_t md_asn1_generalized_time_get | ( | void * | ASN1_GENERALIZEDTIME | ) |
Definition at line 256 of file md_crypt.c.
|
static |
Definition at line 204 of file md_crypt.c.
| apr_status_t md_cert_chain_read_http | ( | struct apr_array_header_t * | chain, |
| apr_pool_t * | pool, | ||
| const struct md_http_response_t * | res | ||
| ) |
Read one or even a chain of certificates from a http response. Will return APR_ENOENT if content-type is not recognized (currently supports only "application/pem-certificate-chain" and "application/pkix-cert").
| chain | must be non-NULL, retrieved certificates will be added. |
Definition at line 1540 of file md_crypt.c.
Definition at line 1230 of file md_crypt.c.
Definition at line 1241 of file md_crypt.c.
| apr_status_t md_cert_fload | ( | md_cert_t ** | pcert, |
| apr_pool_t * | p, | ||
| const char * | fname | ||
| ) |
Definition at line 1353 of file md_crypt.c.
| apr_status_t md_cert_fsave | ( | md_cert_t * | cert, |
| apr_pool_t * | p, | ||
| const char * | fname, | ||
| apr_fileperms_t | perms | ||
| ) |
Definition at line 1403 of file md_crypt.c.
| apr_status_t md_cert_get_alt_names | ( | apr_array_header_t ** | pnames, |
| const md_cert_t * | cert, | ||
| apr_pool_t * | p | ||
| ) |
Definition at line 1295 of file md_crypt.c.
| apr_status_t md_cert_get_ct_scts | ( | apr_array_header_t * | scts, |
| apr_pool_t * | p, | ||
| const md_cert_t * | cert | ||
| ) |
Definition at line 2066 of file md_crypt.c.
| apr_status_t md_cert_get_issuers_uri | ( | const char ** | puri, |
| const md_cert_t * | cert, | ||
| apr_pool_t * | p | ||
| ) |
Definition at line 1268 of file md_crypt.c.
| apr_time_t md_cert_get_not_after | ( | const md_cert_t * | cert | ) |
Definition at line 1212 of file md_crypt.c.
| apr_time_t md_cert_get_not_before | ( | const md_cert_t * | cert | ) |
Definition at line 1217 of file md_crypt.c.
| apr_status_t md_cert_get_ocsp_responder_url | ( | const char ** | purl, |
| apr_pool_t * | p, | ||
| const md_cert_t * | cert | ||
| ) |
Definition at line 2111 of file md_crypt.c.
| const char * md_cert_get_serial_number | ( | const md_cert_t * | cert, |
| apr_pool_t * | p | ||
| ) |
Definition at line 1180 of file md_crypt.c.
| md_timeperiod_t md_cert_get_valid | ( | const md_cert_t * | cert | ) |
Definition at line 1222 of file md_crypt.c.
Definition at line 1175 of file md_crypt.c.
Definition at line 1207 of file md_crypt.c.
Definition at line 1201 of file md_crypt.c.
| md_cert_t * md_cert_make | ( | apr_pool_t * | p, |
| void * | x509 | ||
| ) |
Create a holder of the certificate that will free its memory when the pool is destroyed.
Definition at line 1168 of file md_crypt.c.
| apr_status_t md_cert_make_tls_alpn_01 | ( | md_cert_t ** | pcert, |
| const char * | domain, | ||
| const char * | acme_id, | ||
| md_pkey_t * | pkey, | ||
| apr_interval_time_t | valid_for, | ||
| apr_pool_t * | p | ||
| ) |
Create a certificate for answering "tls-alpn-01" ACME challenges (see https://tools.ietf.org/html/draft-ietf-acme-tls-alpn-01).
Definition at line 2000 of file md_crypt.c.
Definition at line 1751 of file md_crypt.c.
| apr_status_t md_cert_read_chain | ( | apr_array_header_t * | chain, |
| apr_pool_t * | p, | ||
| const char * | pem, | ||
| apr_size_t | pem_len | ||
| ) |
Read at least one certificate from the given PEM data.
Definition at line 1472 of file md_crypt.c.
| apr_status_t md_cert_read_http | ( | md_cert_t ** | pcert, |
| apr_pool_t * | p, | ||
| const md_http_response_t * | res | ||
| ) |
Definition at line 1498 of file md_crypt.c.
|
static |
Definition at line 1456 of file md_crypt.c.
| apr_status_t md_cert_req_create | ( | const char ** | pcsr_der_64, |
| const char * | name, | ||
| apr_array_header_t * | domains, | ||
| int | must_staple, | ||
| md_pkey_t * | pkey, | ||
| apr_pool_t * | p | ||
| ) |
Definition at line 1779 of file md_crypt.c.
| apr_status_t md_cert_self_sign | ( | md_cert_t ** | pcert, |
| const char * | cn, | ||
| struct apr_array_header_t * | domains, | ||
| md_pkey_t * | pkey, | ||
| apr_interval_time_t | valid_for, | ||
| apr_pool_t * | p | ||
| ) |
Create a self-signed cerftificate with the given cn, key and list of alternate domain names.
Definition at line 1942 of file md_crypt.c.
| md_cert_state_t md_cert_state_get | ( | const md_cert_t * | cert | ) |
Definition at line 1593 of file md_crypt.c.
| apr_status_t md_cert_to_base64url | ( | const char ** | ps64, |
| const md_cert_t * | cert, | ||
| apr_pool_t * | p | ||
| ) |
Definition at line 1416 of file md_crypt.c.
| apr_status_t md_cert_to_sha256_digest | ( | md_data_t ** | pdigest, |
| const md_cert_t * | cert, | ||
| apr_pool_t * | p | ||
| ) |
Definition at line 1430 of file md_crypt.c.
| apr_status_t md_cert_to_sha256_fingerprint | ( | const char ** | pfinger, |
| const md_cert_t * | cert, | ||
| apr_pool_t * | p | ||
| ) |
Definition at line 1443 of file md_crypt.c.
| md_cert_t * md_cert_wrap | ( | apr_pool_t * | p, |
| void * | x509 | ||
| ) |
Wrap a x509 certificate into our own structure, without taking ownership of its memory. The caller remains responsible.
Definition at line 1160 of file md_crypt.c.
Return != 0 iff the hash values of the certificates are equal.
Definition at line 1196 of file md_crypt.c.
| apr_status_t md_chain_fappend | ( | struct apr_array_header_t * | certs, |
| apr_pool_t * | p, | ||
| const char * | fname | ||
| ) |
< Size of the file
Definition at line 1601 of file md_crypt.c.
| apr_status_t md_chain_fload | ( | apr_array_header_t ** | pcerts, |
| apr_pool_t * | p, | ||
| const char * | fname | ||
| ) |
Definition at line 1645 of file md_crypt.c.
| apr_status_t md_chain_fsave | ( | apr_array_header_t * | certs, |
| apr_pool_t * | p, | ||
| const char * | fname, | ||
| apr_fileperms_t | perms | ||
| ) |
Definition at line 1656 of file md_crypt.c.
| apr_status_t md_check_cert_and_pkey | ( | struct apr_array_header_t * | certs, |
| md_pkey_t * | pkey | ||
| ) |
Definition at line 2131 of file md_crypt.c.
| apr_status_t md_crypt_hmac64 | ( | const char ** | pmac64, |
| const md_data_t * | hmac_key, | ||
| apr_pool_t * | p, | ||
| const char * | d, | ||
| size_t | dlen | ||
| ) |
Definition at line 1116 of file md_crypt.c.
| apr_status_t md_crypt_init | ( | apr_pool_t * | pool | ) |
Definition at line 133 of file md_crypt.c.
| apr_status_t md_crypt_sha256_digest64 | ( | const char ** | pdigest64, |
| apr_pool_t * | p, | ||
| const md_data_t * | d | ||
| ) |
Definition at line 1088 of file md_crypt.c.
| apr_status_t md_crypt_sha256_digest_hex | ( | const char ** | pdigesthex, |
| apr_pool_t * | p, | ||
| const md_data_t * | data | ||
| ) |
Definition at line 1103 of file md_crypt.c.
| apr_status_t md_crypt_sign64 | ( | const char ** | psign64, |
| md_pkey_t * | pkey, | ||
| apr_pool_t * | p, | ||
| const char * | d, | ||
| size_t | dlen | ||
| ) |
Definition at line 1019 of file md_crypt.c.
Definition at line 2061 of file md_crypt.c.
Definition at line 2056 of file md_crypt.c.
| apr_status_t md_pkey_fload | ( | md_pkey_t ** | ppkey, |
| apr_pool_t * | p, | ||
| const char * | key, | ||
| apr_size_t | key_len, | ||
| const char * | fname | ||
| ) |
Definition at line 600 of file md_crypt.c.
| void md_pkey_free | ( | md_pkey_t * | pkey | ) |
Definition at line 590 of file md_crypt.c.
| apr_status_t md_pkey_fsave | ( | md_pkey_t * | pkey, |
| apr_pool_t * | p, | ||
| const char * | pass_phrase, | ||
| apr_size_t | pass_len, | ||
| const char * | fname, | ||
| apr_fileperms_t | perms | ||
| ) |
Definition at line 691 of file md_crypt.c.
| apr_status_t md_pkey_gen | ( | md_pkey_t ** | ppkey, |
| apr_pool_t * | p, | ||
| md_pkey_spec_t * | spec | ||
| ) |
Definition at line 933 of file md_crypt.c.
Definition at line 595 of file md_crypt.c.
| const char * md_pkey_get_rsa_e64 | ( | md_pkey_t * | pkey, |
| apr_pool_t * | p | ||
| ) |
Definition at line 979 of file md_crypt.c.
| const char * md_pkey_get_rsa_n64 | ( | md_pkey_t * | pkey, |
| apr_pool_t * | p | ||
| ) |
Definition at line 999 of file md_crypt.c.
| apr_status_t md_pkey_read_http | ( | md_pkey_t ** | ppkey, |
| apr_pool_t * | pool, | ||
| const struct md_http_response_t * | res | ||
| ) |
Read a private key from a http response.
Definition at line 706 of file md_crypt.c.
| md_pkey_spec_t * md_pkey_spec_from_json | ( | struct md_json_t * | json, |
| apr_pool_t * | p | ||
| ) |
Definition at line 397 of file md_crypt.c.
| const char * md_pkey_spec_name | ( | const md_pkey_spec_t * | spec | ) |
Definition at line 520 of file md_crypt.c.
| md_json_t * md_pkey_spec_to_json | ( | const md_pkey_spec_t * | spec, |
| apr_pool_t * | p | ||
| ) |
Definition at line 348 of file md_crypt.c.
| void md_pkeys_spec_add | ( | md_pkeys_spec_t * | pks, |
| md_pkey_spec_t * | spec | ||
| ) |
Definition at line 291 of file md_crypt.c.
| void md_pkeys_spec_add_default | ( | md_pkeys_spec_t * | pks | ) |
Definition at line 296 of file md_crypt.c.
| void md_pkeys_spec_add_ec | ( | md_pkeys_spec_t * | pks, |
| const char * | curve | ||
| ) |
Definition at line 338 of file md_crypt.c.
| void md_pkeys_spec_add_rsa | ( | md_pkeys_spec_t * | pks, |
| unsigned int | bits | ||
| ) |
Definition at line 316 of file md_crypt.c.
| md_pkeys_spec_t * md_pkeys_spec_clone | ( | apr_pool_t * | p, |
| const md_pkeys_spec_t * | pks | ||
| ) |
Definition at line 538 of file md_crypt.c.
| int md_pkeys_spec_contains_ec | ( | md_pkeys_spec_t * | pks, |
| const char * | curve | ||
| ) |
Definition at line 326 of file md_crypt.c.
| int md_pkeys_spec_contains_rsa | ( | md_pkeys_spec_t * | pks | ) |
Definition at line 305 of file md_crypt.c.
| int md_pkeys_spec_count | ( | const md_pkeys_spec_t * | pks | ) |
Definition at line 555 of file md_crypt.c.
| int md_pkeys_spec_eq | ( | md_pkeys_spec_t * | pks1, |
| md_pkeys_spec_t * | pks2 | ||
| ) |
Definition at line 482 of file md_crypt.c.
| md_pkeys_spec_t * md_pkeys_spec_from_json | ( | struct md_json_t * | json, |
| apr_pool_t * | p | ||
| ) |
Definition at line 439 of file md_crypt.c.
| md_pkey_spec_t * md_pkeys_spec_get | ( | const md_pkeys_spec_t * | pks, |
| int | index | ||
| ) |
Definition at line 562 of file md_crypt.c.
| int md_pkeys_spec_is_empty | ( | const md_pkeys_spec_t * | pks | ) |
Definition at line 533 of file md_crypt.c.
| md_pkeys_spec_t * md_pkeys_spec_make | ( | apr_pool_t * | p | ) |
Definition at line 281 of file md_crypt.c.
| md_json_t * md_pkeys_spec_to_json | ( | const md_pkeys_spec_t * | pks, |
| apr_pool_t * | p | ||
| ) |
Definition at line 385 of file md_crypt.c.
| apr_status_t md_rand_bytes | ( | unsigned char * | buf, |
| apr_size_t | len, | ||
| apr_pool_t * | p | ||
| ) |
Definition at line 162 of file md_crypt.c.
|
static |
Definition at line 1875 of file md_crypt.c.
Definition at line 180 of file md_crypt.c.
|
static |
Definition at line 580 of file md_crypt.c.
Definition at line 755 of file md_crypt.c.
|
static |
Definition at line 501 of file md_crypt.c.
|
static |
Definition at line 455 of file md_crypt.c.
|
static |
Definition at line 634 of file md_crypt.c.
|
static |
Definition at line 952 of file md_crypt.c.
Definition at line 101 of file md_crypt.c.
|
static |
Definition at line 1060 of file md_crypt.c.
|
static |
Definition at line 1732 of file md_crypt.c.
|
static |
Definition at line 432 of file md_crypt.c.
|
static |
Definition at line 376 of file md_crypt.c.
|
static |
Definition at line 68 of file md_crypt.c.
|
static |
Definition at line 560 of file md_crypt.c.
1.9.8