#include <assert.h>
#include <apr_lib.h>
#include <apr_encode.h>
#include <apr_strings.h>
#include <httpd.h>
#include <http_connection.h>
#include <http_core.h>
#include <http_log.h>
#include <rustls.h>
#include "tls_cert.h"
#include "tls_util.h"
Go to the source code of this file.
|
| apr_status_t | tls_cert_load_pem (apr_pool_t *p, const tls_cert_spec_t *cert, tls_cert_pem_t **ppem) |
| |
| static apr_status_t | tls_der_to_pem (const char **ppem, apr_pool_t *p, const unsigned char *der_data, apr_size_t der_len, const char *header, const char *footer) |
| |
| apr_status_t | tls_cert_to_pem (const char **ppem, apr_pool_t *p, const rustls_certificate *cert) |
| |
| static void | nullify_key_pem (tls_cert_pem_t *pems) |
| |
| static apr_status_t | make_certified_key (apr_pool_t *p, const char *name, const tls_data_t *cert_pem, const tls_data_t *pkey_pem, const rustls_certified_key **pckey) |
| |
| apr_status_t | tls_cert_load_cert_key (apr_pool_t *p, const tls_cert_spec_t *spec, const char **pcert_pem, const rustls_certified_key **pckey) |
| |
| static int | reg_entry_cleanup (void *ctx, const void *key, apr_ssize_t klen, const void *val) |
| |
| static apr_status_t | reg_cleanup (void *data) |
| |
| tls_cert_reg_t * | tls_cert_reg_make (apr_pool_t *p) |
| |
| apr_size_t | tls_cert_reg_count (tls_cert_reg_t *reg) |
| |
| static const char * | cert_spec_to_id (const tls_cert_spec_t *spec) |
| |
| apr_status_t | tls_cert_reg_get_certified_key (tls_cert_reg_t *reg, server_rec *s, const tls_cert_spec_t *spec, const rustls_certified_key **pckey) |
| |
| static int | reg_visit (void *vctx, const void *key, apr_ssize_t klen, const void *val) |
| |
| void | tls_cert_reg_do (tls_cert_reg_visitor *visitor, void *userdata, tls_cert_reg_t *reg) |
| |
| const char * | tls_cert_reg_get_id (tls_cert_reg_t *reg, const rustls_certified_key *certified_key) |
| |
| apr_status_t | tls_cert_load_root_store (apr_pool_t *p, const char *store_file, const rustls_root_cert_store **pstore) |
| |
| static int | stores_entry_cleanup (void *ctx, const void *key, apr_ssize_t klen, const void *val) |
| |
| static apr_status_t | stores_cleanup (void *data) |
| |
| tls_cert_root_stores_t * | tls_cert_root_stores_make (apr_pool_t *p) |
| |
| void | tls_cert_root_stores_clear (tls_cert_root_stores_t *stores) |
| |
| apr_status_t | tls_cert_root_stores_get (tls_cert_root_stores_t *stores, const char *store_file, const rustls_root_cert_store **pstore) |
| |
| static int | verifiers_entry_cleanup (void *ctx, const void *key, apr_ssize_t klen, const void *val) |
| |
| static apr_status_t | verifiers_cleanup (void *data) |
| |
| tls_cert_verifiers_t * | tls_cert_verifiers_make (apr_pool_t *p, tls_cert_root_stores_t *stores) |
| |
| void | tls_cert_verifiers_clear (tls_cert_verifiers_t *verifiers) |
| |
| static tls_cert_verifiers_entry_t * | verifiers_get_or_make_entry (tls_cert_verifiers_t *verifiers, const char *store_file) |
| |
| static apr_status_t | tls_cert_client_verifiers_get_internal (tls_cert_verifiers_t *verifiers, const char *store_file, const rustls_client_cert_verifier **pverifier, bool allow_unauthenticated) |
| |
| apr_status_t | tls_cert_client_verifiers_get (tls_cert_verifiers_t *verifiers, const char *store_file, const rustls_client_cert_verifier **pverifier) |
| |
| apr_status_t | tls_cert_client_verifiers_get_optional (tls_cert_verifiers_t *verifiers, const char *store_file, const rustls_client_cert_verifier **pverifier) |
| |
◆ PEM_CERT_FT
◆ PEM_CERT_HD
◆ PEM_IN_CHUNK
◆ cert_spec_to_id()
◆ make_certified_key()
◆ nullify_key_pem()
◆ reg_cleanup()
◆ reg_entry_cleanup()
◆ reg_visit()
◆ stores_cleanup()
◆ stores_entry_cleanup()
◆ tls_cert_client_verifiers_get()
Get the mandatory client certificate verifier for the root certificate store in store_file. Will create the verifier if not already known.
- Parameters
-
| verifiers | the registry of certificate verifiers |
| store_file | the (server relative) path of the PEM file with certificates |
| pverifiers | the verifier on success |
Definition at line 569 of file tls_cert.c.
◆ tls_cert_client_verifiers_get_internal()
◆ tls_cert_client_verifiers_get_optional()
Get the optional client certificate verifier for the root certificate store in store_file. Will create the verifier if not already known.
- Parameters
-
| verifiers | the registry of certificate verifiers |
| store_file | the (server relative) path of the PEM file with certificates |
| pverifiers | the verifier on success |
Definition at line 577 of file tls_cert.c.
◆ tls_cert_load_cert_key()
Load a rustls certified key from a certificate specification. The returned rustls_certified_key is owned by the caller.
- Parameters
-
| p | the memory pool to use |
| spec | the specification for the certificate (file or PEM data) |
| cert_pem | return the PEM data used for loading the certificates, optional |
| pckey | the loaded certified key on return |
Definition at line 177 of file tls_cert.c.
◆ tls_cert_load_pem()
Load the PEM data for a certificate file and key file as given in cert.
Definition at line 35 of file tls_cert.c.
◆ tls_cert_load_root_store()
Load all root certificates from a PEM file into a rustls_root_cert_store.
- Parameters
-
| p | the memory pool to use |
| store_file | the (server relative) path of the PEM file |
| pstore | the loaded root store on success |
Definition at line 333 of file tls_cert.c.
◆ tls_cert_reg_count()
Return the number of certified keys in the registry.
Definition at line 254 of file tls_cert.c.
◆ tls_cert_reg_do()
Visit all certified_key entries in the registry.
- Parameters
-
| visitor | callback invoked on each entry until it returns 0. |
| userdata | passed to callback |
| reg | the registry to iterate over |
Definition at line 316 of file tls_cert.c.
◆ tls_cert_reg_get_certified_key()
Get a the rustls_certified_key identified by spec from the registry. This will load the key the first time it is requested. The returned rustls_certified_key is owned by the registry.
- Parameters
-
| reg | the certified key registry |
| s | the server_rec this is loaded into, useful for error logging |
| spec | the specification of the certified key |
| pckey | the certified key instance on return |
Definition at line 266 of file tls_cert.c.
◆ tls_cert_reg_get_id()
Get the identity assigned to a loaded, certified key. Returns NULL, if the key is not part of the registry. The returned bytes are owned by the registry entry.
- Parameters
-
| reg | the registry to look in. |
| certified_key | the key to get the identifier for |
Definition at line 325 of file tls_cert.c.
◆ tls_cert_reg_make()
Create a new registry with lifetime based on the memory pool. The registry will take care of its memory and allocated keys when the pool is destroyed.
Definition at line 242 of file tls_cert.c.
◆ tls_cert_root_stores_clear()
Clear the root stores registry, freeing all stores.
Definition at line 420 of file tls_cert.c.
◆ tls_cert_root_stores_get()
Load all root certificates from a PEM file into a rustls_root_cert_store.
- Parameters
-
| p | the memory pool to use |
| store_file | the (server relative) path of the PEM file |
| pstore | the loaded root store on success |
Definition at line 428 of file tls_cert.c.
◆ tls_cert_root_stores_make()
Create a new root stores registry with lifetime based on the memory pool. The registry will take care of its memory and allocated stores when the pool is destroyed.
Definition at line 409 of file tls_cert.c.
◆ tls_cert_to_pem()
◆ tls_cert_verifiers_clear()
Clear the verifiers registry, freeing all verifiers.
Definition at line 498 of file tls_cert.c.
◆ tls_cert_verifiers_make()
Create a new registry for certificate verifiers with lifetime based on the memory pool. The registry will take care of its memory and allocated verifiers when the pool is destroyed.
- Parameters
-
| p | the memory pool to use |
| stores | the store registry for lookups |
Definition at line 485 of file tls_cert.c.
◆ tls_der_to_pem()
◆ verifiers_cleanup()
◆ verifiers_entry_cleanup()
◆ verifiers_get_or_make_entry()
◆ aplog_module_index
| int* const aplog_module_index = &( tls_module.module_index) |
|
static |
