Apache HTTPD
Classes | Functions | Variables
tls_ocsp.c File Reference
module tls_module
#include <assert.h>
#include <apr_lib.h>
#include <apr_strings.h>
#include <httpd.h>
#include <http_connection.h>
#include <http_core.h>
#include <http_log.h>
#include <http_ssl.h>
#include <rustls.h>
#include "tls_cert.h"
#include "tls_conf.h"
#include "tls_core.h"
#include "tls_proto.h"
#include "tls_ocsp.h"

Go to the source code of this file.

Classes

struct  ocsp_copy_ctx_t
 

Functions

static int prime_cert (void *userdata, server_rec *s, const char *cert_id, const char *cert_pem, const rustls_certified_key *certified_key)
 
apr_status_t tls_ocsp_prime_certs (tls_conf_global_t *gc, apr_pool_t *p, server_rec *s)
 
static void ocsp_clone_key (const unsigned char *der, apr_size_t der_len, void *userdata)
 
apr_status_t tls_ocsp_update_key (conn_rec *c, const rustls_certified_key *certified_key, const rustls_certified_key **pkey_out)
 

Variables

static int *const aplog_module_index = &( tls_module.module_index)
 

Function Documentation

◆ ocsp_clone_key()

static void ocsp_clone_key ( const unsigned char der,
apr_size_t  der_len,
void *  userdata 
)
static

Definition at line 66 of file tls_ocsp.c.

◆ prime_cert()

static int prime_cert ( void *  userdata,
server_rec s,
const char cert_id,
const char cert_pem,
const rustls_certified_key certified_key 
)
static

Definition at line 38 of file tls_ocsp.c.

◆ tls_ocsp_prime_certs()

apr_status_t tls_ocsp_prime_certs ( tls_conf_global_t gc,
apr_pool_t p,
server_rec s 
)

Prime the collected certified keys for OCSP response provisioning (aka. Stapling).

To be called in the post-config phase of the server before connections are handled.

Parameters
gcthe global module configuration with the certified_key registry
pthe pool to use for allocations
sthe base server record

Definition at line 52 of file tls_ocsp.c.

◆ tls_ocsp_update_key()

apr_status_t tls_ocsp_update_key ( conn_rec c,
const rustls_certified_key certified_key,
const rustls_certified_key **  key_out 
)

Provide the OCSP response data for the certified_key into the offered buffer, so available. If not data is available out_n is set to 0. Same, if the offered buffer is not large enough to hold the complete response. If OCSP response DER data is copied, the number of copied bytes is given in out_n.

Note that only keys that have been primed initially will have OCSP data available.

Parameters
cthe current connection
certified_keythe key to get the OCSP response data for
bufa buffer which can hold up to buf_len bytes
buf_lenthe length of buf
out_nthe number of OCSP response DER bytes copied or 0.

Definition at line 88 of file tls_ocsp.c.

Variable Documentation

◆ aplog_module_index

int* const aplog_module_index = &( tls_module.module_index)
static

Definition at line 35 of file tls_ocsp.c.

Generated by doxygen 1.9.8