[0001] [0002] [0003] [0004] [0005] [0006] [0007] [0008] [0009] [0010] [0011] [0012] [0013] [0014] [0015] [0016] [0017] [0018] [0019] [0020] [0021] [0022] [0023] [0024] [0025] [0026] [0027] [0028] [0029] [0030] [0031] [0032] [0033] [0034] [0035] [0036] [0037] [0038] [0039] [0040] [0041] [0042] [0043] [0044] [0045] [0046] [0047] [0048] [0049] [0050] [0051] [0052] [0053] [0054] [0055] [0056] [0057] [0058] [0059] [0060] [0061] [0062] [0063] [0064] [0065] [0066] [0067] [0068] [0069] [0070] [0071] [0072] [0073] [0074] [0075] [0076] [0077] [0078] [0079] [0080] [0081] [0082] [0083] [0084] [0085] [0086] [0087] [0088] [0089] [0090] [0091] [0092] [0093] [0094] [0095] [0096] [0097] [0098] [0099] [0100] [0101] [0102] [0103] [0104] [0105] [0106] [0107] [0108] [0109] [0110] [0111] [0112] [0113] [0114] [0115] [0116] [0117] [0118] [0119] [0120] [0121] [0122] [0123] [0124] [0125] [0126] [0127] [0128] [0129] [0130] [0131] [0132] [0133] [0134] [0135] [0136] [0137] [0138] [0139] [0140] [0141] [0142] [0143] [0144] [0145] [0146] [0147] [0148] [0149] [0150] [0151] [0152] [0153] [0154] [0155] [0156] [0157] [0158] [0159] [0160] [0161] [0162] [0163] [0164] [0165] [0166] [0167] [0168] [0169] [0170] [0171] [0172] [0173] [0174] [0175] [0176] [0177] [0178] [0179] [0180] [0181] [0182] [0183] [0184] [0185] [0186] [0187] [0188] [0189] [0190] [0191] [0192] [0193] [0194] [0195] [0196] [0197] [0198] [0199] [0200] [0201] [0202] [0203] [0204] [0205] [0206] [0207] [0208] [0209] [0210] [0211] [0212] [0213] [0214] [0215] [0216] [0217] [0218] [0219] [0220] [0221] [0222] [0223] [0224] [0225] [0226] [0227] [0228] [0229] [0230] [0231] [0232] [0233] [0234] [0235] [0236] [0237] [0238] [0239] [0240] [0241] [0242] [0243] [0244] [0245] [0246] [0247] [0248] [0249] [0250] [0251] [0252] [0253] [0254] [0255] [0256] [0257] [0258] [0259] [0260] [0261] [0262] [0263] [0264] [0265] [0266] [0267] [0268] [0269] [0270] [0271] [0272] [0273] [0274] [0275] [0276] [0277] [0278] [0279] [0280] [0281] [0282] [0283] [0284] [0285] [0286] [0287] [0288] [0289] [0290] [0291] [0292] [0293] [0294] [0295] [0296] [0297] [0298] [0299] [0300] [0301] [0302] [0303] [0304] [0305] [0306] [0307] [0308] [0309] [0310] [0311] [0312] [0313] [0314] [0315] [0316] [0317] [0318] [0319] [0320] [0321] [0322] [0323] [0324] [0325] [0326] [0327] [0328] [0329] [0330] [0331] [0332] [0333] [0334] [0335] [0336] [0337] [0338] [0339] [0340] [0341] [0342] [0343] [0344] [0345] [0346] [0347] [0348] [0349] [0350] [0351] [0352] [0353] [0354] [0355] [0356] [0357] [0358] [0359] [0360] [0361] [0362] [0363] [0364] [0365] [0366] [0367] [0368] [0369] [0370] [0371] [0372] [0373] [0374] [0375] [0376] [0377] [0378] [0379] [0380] [0381] [0382] [0383] [0384] [0385] [0386] [0387] [0388] [0389] [0390] [0391] [0392] [0393] [0394] [0395] [0396] [0397] [0398] [0399] [0400] [0401] [0402] [0403] [0404] [0405] [0406] [0407] [0408] [0409] [0410] [0411] [0412] [0413] [0414] [0415] [0416] [0417] [0418] [0419] [0420] [0421] [0422] [0423] [0424] [0425] [0426] [0427] [0428] [0429] [0430] [0431] [0432] [0433] [0434] [0435] [0436] [0437] [0438] [0439] [0440] [0441] [0442] [0443] [0444] [0445] [0446] [0447] [0448] [0449] [0450] [0451] [0452] [0453] [0454] [0455] [0456] [0457] [0458] [0459] [0460] [0461] [0462] [0463] [0464] [0465] [0466] [0467] [0468] [0469] [0470] [0471] [0472] [0473] [0474] [0475] [0476] [0477] [0478] [0479] [0480] [0481] [0482] [0483] [0484] [0485] [0486] [0487] [0488] [0489] [0490] [0491] [0492] [0493] [0494] [0495] [0496] [0497] [0498] [0499] [0500] [0501] [0502] [0503] [0504] [0505] [0506] [0507] [0508] [0509] [0510] [0511] [0512] [0513] [0514] [0515] [0516] [0517] [0518] [0519] [0520] [0521] [0522] [0523] [0524] [0525] [0526] [0527] [0528] [0529] [0530] [0531] [0532] [0533] [0534] [0535] [0536] [0537] [0538] [0539] [0540] [0541] [0542] [0543] [0544] [0545] [0546] [0547] [0548] [0549] [0550] [0551] [0552] [0553] [0554] [0555] [0556] [0557] [0558] [0559] [0560] [0561] [0562] [0563] [0564] [0565] [0566] [0567] [0568] [0569] [0570] [0571] [0572] [0573] [0574] [0575] [0576] [0577] [0578] [0579] [0580] [0581] [0582] [0583] [0584] [0585] [0586] [0587] [0588] [0589] [0590] [0591] [0592] [0593] [0594] [0595] [0596] [0597] [0598] [0599] [0600] [0601] [0602] [0603] [0604] [0605] [0606] [0607] [0608] [0609] [0610] [0611] [0612] [0613] [0614] [0615] [0616] [0617] [0618] [0619] [0620] [0621] [0622] [0623] [0624] [0625] [0626] [0627] [0628]
/*****************************************************************************/ /* Sesola.h */ /*****************************************************************************/ #ifndef SESOLA_H_LOADED #define SESOLA_H_LOADED 1 #include "wasd.h" /*****************/ /* config macros */ /*****************/ #define SESOLA_MEMORY 1 #ifndef SESOLA_MEMORY #define SESOLA_MEMORY 1 #endif /* being used to assess OpenSSL 3.0 processing durations */ #if WATCH_MOD #define WATCH_OPENSSL_30 1 #else #define WATCH_OPENSSL_30 0 #endif /******************/ /* general macros */ /******************/ #define SESOLA_AFTER_102 OPENSSL_VERSION_NUMBER > 0x1000200fL #define SESOLA_AFTER_110 OPENSSL_VERSION_NUMBER > 0x10100000L #define SESOLA_AFTER_111 OPENSSL_VERSION_NUMBER > 0x10101000L #define SESOLA_AFTER_300 OPENSSL_VERSION_NUMBER > 0x30000000L #define SESOLA_BEFORE_102 OPENSSL_VERSION_NUMBER < 0x1000200fL #define SESOLA_BEFORE_110 OPENSSL_VERSION_NUMBER < 0x10100000L #define SESOLA_BEFORE_111 OPENSSL_VERSION_NUMBER < 0x10101000L #define SESOLA_BEFORE_300 OPENSSL_VERSION_NUMBER < 0x30000000L #define SESOLA_SINCE_102 OPENSSL_VERSION_NUMBER >= 0x1000200fL #define SESOLA_SINCE_110 OPENSSL_VERSION_NUMBER >= 0x10100000L #define SESOLA_SINCE_111 OPENSSL_VERSION_NUMBER >= 0x10101000L #define SESOLA_SINCE_300 OPENSSL_VERSION_NUMBER >= 0x30000000L /* include which variety of SSL CGI variables */ #define SESOLA_CGI_VAR_NONE 1 #define SESOLA_CGI_VAR_APACHE_MOD_SSL 2 #define SESOLA_CGI_VAR_APACHE_MOD_SSL_EXTENS 3 #define SESOLA_CGI_VAR_APACHE_MOD_SSL_CLIENT 4 #define SESOLA_CGI_VAR_APACHE_MOD_SSL_OID 5 #define SESOLA_CGI_VAR_PURVEYOR 6 /* wait a maximum of five minutes for a private key password to be supplied */ #define SESOLA_PKPASSWD_REQUEST_SECONDS 300 /* number of attempts to get correct password */ #define SESOLA_PKPASSWD_ATTEMPTS 3 #define SESOLA_VERIFY_PEER_DATA_MAX_DEFAULT 1024 /* kBytes - i.e. 1MB */ /* local client certificate verification macros (see [.SSL]SSL.H) */ #define SESOLA_VERIFY_PEER_NONE 0x00 /* SSL_VERIFY_PEER */ #define SESOLA_VERIFY_PEER_OPTIONAL 0x01 /* SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT */ #define SESOLA_VERIFY_PEER_REQUIRED 0x03 /* mask off the lower 8 OpenSSL verify bits removing the WASD bits */ #define SESOLA_VERIFY_PEER_MASK 0x0ff /* do not alter certificate processing, just a callback (AST delivery) */ #define SESOLA_VERIFY_AST 0x100 /* use the peer certificate for authentication */ /* SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT | 0x200 */ #define SESOLA_VERIFY_PEER_AUTH 0x203 #define SESOLA_SSL_ACCEPT_MAX 48 #define SESOLA_SSL_CONNECT_MAX 48 #define SESOLA_SSL_SHUTDOWN_MAX 16 /* the fixed keywords used by SesolaCertKeyword() */ #define SESOLA_X509_EXTENSION_KEYWORDS \ "CA:CPS:keyid:Policy:rfc822Name:URI:userPrincipalName:" /* http://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/ The OpenSSL command $ openssl ciphers [-v] [-ssl2] [-ssl3] [-tls1] [cipherlist] can be used to list available ciphers. 18-JAN-2015 MGD !RC4 */ /* the OpenSSL definitions are only required for the SSL modules */ #ifndef SESOLA_REQUIRED # undef SESOLA #endif /*******************************/ /* always used data structures */ /*******************************/ typedef struct SesolaServiceStruct SESOLA_CONTEXT; struct SesolaServiceStruct { BOOL VerifyCA; int SessionLifetime, VerifyDataMax, VerifyDepth, VersionBitmap, VersionOptions, VerifyPeer; char *CaFilePtr, *CertFilePtr, *CipherListPtr, *KeyFilePtr, *OptionsStringPtr, *StrictTransSecPtr, *VersionStringPtr; char CaFile [128], CertFile [128], CipherList [1024], KeyFile [128], OptionsString [256], StrictTransSec [48], VersionString [128]; /* this will be cast using (SSL_CTX*) in Sesola.C */ void *SslCtx; }; /***************************************/ #ifdef SESOLA /* secure sockets layer */ /***************************************/ /* OpenSSL 0.9.6 has a typedef boolean - work around this */ #ifdef boolean # undef boolean # define BOOL int #endif /* boolean */ /* OpenSSL header files (0.9.3ff) */ #include "openssl/err.h" #include "openssl/X509.h" #include "openssl/x509v3.h" #include "openssl/ssl.h" #include "openssl/bio.h" #include "openssl/buffer.h" #include "openssl/crypto.h" #include "openssl/ssl.h" #include "openssl/rand.h" /*** For SNI under HP SSL we want the TLS1 extensions and the HP SSL V1.4-471 OpenSSL 0.9.8y (at least) OPENSSLCONF.H disables that portion of the header! Kludge it in here. ***/ #ifndef SSL_TLSEXT_ERR_OK /* from ssl.h */ #define SSL_CTRL_SET_TLSEXT_SERVERNAME_CB 53 #define SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG 54 #define SSL_CTRL_SET_TLSEXT_HOSTNAME 55 /* from tls1.h */ const char *SSL_get_servername(const SSL *s, const int type); int SSL_get_servername_type(const SSL *s); /* from ssl.h */ const SSL_METHOD *TLSv1_1_method(void); const SSL_METHOD *TLSv1_2_method(void); #define SSL_CTX_set_tlsext_servername_callback(ctx, cb) \ SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TLSEXT_SERVERNAME_CB,(void (*)(void))cb) #define SSL_CTX_set_tlsext_servername_arg(ctx, arg) \ SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG,0, (void *)arg) #define SSL_set_tlsext_host_name(s,name) \ SSL_ctrl(s,SSL_CTRL_SET_TLSEXT_HOSTNAME,TLSEXT_NAMETYPE_host_name,(char *)name) #define SSL_TLSEXT_ERR_OK 0 #define SSL_TLSEXT_ERR_ALERT_WARNING 1 #define SSL_TLSEXT_ERR_ALERT_FATAL 2 #define SSL_TLSEXT_ERR_NOACK 3 #endif /* SSL_TLSEXT_ERR_OK */ /* not defined anywhere in OpenSSL but the "1024*10" seems common %^) */ #define SSL_SESSION_MAX_DER (1024*10) #define SESOLA_DEFAULT_PROTOCOL "TLSvAll" #define SESOLA_DEFAULT_OPTIONS "+OP_CIPHER_SERVER_PREFERENCE" #if OPENSSL_VERSION_NUMBER < 0x10101000L /* Modern compatibility -------------------- For services that don't need backward compatibility, the parameters below provide a higher level of security. This configuration is compatible with Firefox 27, Chrome 30, IE 11 on Windows 7, Edge, Opera 17, Safari 9, Android 5.0, and Java 8. https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_configurations These ciphers required the [LOCAL]DH_PARAM_nnnn.PEM PFS prime files! */ #define SESOLA_DEFAULT_CIPHER_LIST \ "ECDHE-ECDSA-AES256-GCM-SHA384:" \ "ECDHE-RSA-AES256-GCM-SHA384:" \ "ECDHE-ECDSA-CHACHA20-POLY1305:" \ "ECDHE-RSA-CHACHA20-POLY1305:" \ "ECDHE-ECDSA-AES128-GCM-SHA256:" \ "ECDHE-RSA-AES128-GCM-SHA256:" \ "ECDHE-ECDSA-AES256-SHA384:" \ "ECDHE-RSA-AES256-SHA384:" \ "ECDHE-ECDSA-AES128-SHA256:" \ "ECDHE-RSA-AES128-SHA256" #else /* plus the TLSv1.3 ciphers */ #define SESOLA_DEFAULT_CIPHER_LIST \ "TLS13-CHACHA20-POLY1305-SHA256:" \ "TLS13-AES-256-GCM-SHA384:" \ "TLS13-AES-128-GCM-SHA256:" \ "TLS13-AES-128-CCM-SHA256:" \ "TLS13-AES-128-CCM-8-SHA256:" \ "ECDHE-ECDSA-AES256-GCM-SHA384:" \ "ECDHE-RSA-AES256-GCM-SHA384:" \ "ECDHE-ECDSA-CHACHA20-POLY1305:" \ "ECDHE-RSA-CHACHA20-POLY1305:" \ "ECDHE-ECDSA-AES128-GCM-SHA256:" \ "ECDHE-RSA-AES128-GCM-SHA256:" \ "ECDHE-ECDSA-AES256-SHA384:" \ "ECDHE-RSA-AES256-SHA384:" \ "ECDHE-ECDSA-AES128-SHA256:" \ "ECDHE-RSA-AES128-SHA256" #endif /**********/ /* macros */ /**********/ #define SESOLA_DEFAULT_VERIFY_DEPTH 10 #define SESOLA_DEFAULT_CACHE_SIZE 128 /* OpenSSL cache entries */ #define SESOLA_DEFAULT_CACHE_RECORD_MAX 32 /* WASD shared cache entries */ #define SESOLA_DEFAULT_CACHE_RECORD_SIZE 1024 /* bytes */ #define SESOLA_DEFAULT_CACHE_RECORD_X509 2048 /* bytes if X509 auth in use */ #define SESOLA_DEFAULT_CACHE_TIMEOUT 5 /* minutes */ /* bitmap used to specify protocols */ #define SESOLA_SSLV2 0x01 #define SESOLA_SSLV3 0x02 #define SESOLA_TLSV1 0x04 #define SESOLA_TLSV1_1 0x08 #define SESOLA_TLSV1_2 0x10 #define SESOLA_TLSV1_3 0x20 #define APACHE_MOD_SSL_VERSION_INTERFACE SoftwareID #define APACHE_MOD_SSL_SERVER_CERT 0 #define SESOLA_NETIO_IN_PROGRESS(sesptr) \ ((sesptr)->NetIoPtr->ReadAstFunction || \ (sesptr)->NetIoPtr->WriteAstFunction || \ (sesptr)->SslStateFunction) #define SESOLA_NETIO_READ_IN_PROGRESS(sesptr) \ ((sesptr)->NetIoPtr->ReadAstFunction || \ (sesptr)->SslStateFunction) #define SESOLA_NETIO_WRITE_IN_PROGRESS(sesptr) \ ((sesptr)->NetIoPtr->WriteAstFunction || \ (sesptr)->SslStateFunction) /*******************/ /* data structures */ /*******************/ #pragma member_alignment __save #pragma member_alignment typedef struct SesolaStruct SESOLA_STRUCT; struct SesolaStruct { /* OpenSSL structures */ SSL *SslPtr; BIO *BioPtr; SSL_CTX *SslCtx; X509 *ClientCertPtr, *ConnectCertPtr; REQUEST_STRUCT *RequestPtr; PROXY_TASK *ProxyTaskPtr; /* pointer to the NETIO structure */ NETIO_STRUCT *NetIoPtr; BOOL CertVerifyFailed, HTTPduringHandshake, ReadClientCert, ReadInProgress, ReadIsComplete, SNIctxSet, SNIserviceSet, SSHduringHandshake, WriteInProgress, WriteIsComplete, X509CertRequested, X509optionalNoCa; int /* simple count of how many times verify callback has been called */ CertVerifyCallbackCount, /* depth client certificates are to be verified to */ CertVerifyDepth, /* value of verify type initially passed to the function */ CertVerifyMode, /* count of data read so far */ ReadCount, /* size of read data buffer (for AST routine) */ ReadSize, /* sort of a 'state' flag */ ReportClientCertState, /* keep a check on unusual Sesola_read behaviours */ Sesola_read_ErrorCount, /* keep a check on unusual Sesola_write behaviours */ Sesola_write_ErrorCount, /* [LT:integer] value stored until needed */ SessionLifetimeMinutes, /* [TO:integer] value stored until needed */ SessionTimeoutMinutes, /* keep a check on how many times we try */ SslAcceptCount, /* ditto */ SslConnectCount, /* ditto */ SslShutdownCount, /* request data (likely PROPFIND/PUT/POSTed) before renegotiate */ VerifyPeerDataCount, /* count is when emptying and size is the amount of data */ VerifyPeerDataSize, /* when non-zero this status value is returned (e.g. SS$_CANCEL) */ VmsStatus, /* if the parent being WATCHed */ WatchItem, /* number of characters written so far */ WriteCount, /* number of octets to be written to network */ WriteLength; int64 /* number of I/Os (reset with each stats update) */ BlocksTallyRx64, /* number of bytes I/Oed (reset with each stats update) */ BytesTallyRx64, /* number of I/Os (reset with each stats update) */ BlocksTallyTx64, /* number of bytes I/Oed (reset with each stats update) */ BytesTallyTx64; char /* selected ALPN protocol */ *ALPNok, /* read buffer */ *ReadPtr, /* QIO buffer */ *ReadRawPtr, /* request data buffer during renegotiation */ *VerifyPeerDataPtr, /* next request data when being reinserted into application stream */ *VerifyPeerReadPtr, /* write buffer */ *WritePtr, /* QIO buffer */ *WriteRawPtr, /* pointer to hold position when parsing the X509 param="" */ *X509ConditionalPtr; char /* buffer this information when getting a client certificate */ ReportVirtualHostPort [128], /* SNI supplied server name */ SNIServerName [128], /* source of X.509 remote-user, record from subject DN of cert */ X509RemoteUserDnRecord [AUTH_MAX_USERNAME_LENGTH]; IO_SB ReadIOsb, WriteIOsb; /* SSL post-processing, stores the pointer to the AST routine */ GENERAL_AST ClientCertAstFunction, ReportNextTaskFunction, SslStateFunction; }; typedef struct SesolaTicketKeyStruct SESOLA_TICKET_KEY; struct SesolaTicketKeyStruct { uchar AesKey [16], HmacKey [16], NameKey [16]; int64 AtTime64; }; typedef struct SesolaSessionCacheRecordStruct SESOLA_SESSION_CREC; struct SesolaSessionCacheRecordStruct { int SessDataLength, SessIdLength, TimeoutTickSecond; int64 CachedTime64; uchar SessId [SSL_MAX_SSL_SESSION_ID_LENGTH]; /* session DER is stored from here onwards */ char SessData []; }; typedef struct SesolaGblSecStruct SESOLA_GBLSEC; struct SesolaGblSecStruct { ulong GblSecVersion, GblSecLength; int CacheHitCount, CacheMissCount, CacheRecordCount, CacheFullCount, CacheTimeoutCount; int64 SinceTime64; /* session cache records are stored from this point onwards */ char CacheRecordPool []; }; #pragma member_alignment __restore /***********************/ /* function prototypes */ /***********************/ /* SESOLA.C */ #if OPENSSL_VERSION_NUMBER < 0x10101000L #if OPENSSL_VERSION_NUMBER < 0x10100000L # define OPENSSL_VERSION SSLEAY_VERSION # define OPENSSL_CFLAGS SSLEAY_CFLAGS # define OPENSSL_BUILT_ON SSLEAY_BUILT_ON # define OPENSSL_PLATFORM SSLEAY_PLATFORM # define OPENSSL_DIR SSLEAY_DIR const char *OpenSSL_version(int); #endif unsigned long OpenSSL_version_num(void); #endif int SesolaALPNCallback (SSL*, uchar **out, uchar*, uchar*, uint, void*); char* SesolaCertFingerprint (void*, EVP_MD*(*)(void), char*, int); int SesolaGetWatch (SESOLA_STRUCT*); void SesolaInitCertFile (SERVICE_STRUCT*); void SesolaInitContext (char*, SESOLA_CONTEXT*); uint SesolaInitOptions (char*, uint*); void SesolaControlReloadCA (); void SesolaControlReloadCerts (); SesolaError (REQUEST_STRUCT*, char*); int SesolaInitGetServerName(); int SesolaInitGetServerNameHandler(); int SesolaPrivateKeyPasswd (char*, int, int, void*); SesolaInit (); SesolaInitService (SERVICE_STRUCT*); SesolaReport (REQUEST_STRUCT*, char*); SesolaReportCA (REQUEST_STRUCT*, char*); SesolaReportFormatCertName (char*, char*, int); void SesolaMemTrackReset (void); char* SesolaOptionsAsString (ulong*); char* SesolaRequestCipher (SESOLA_STRUCT*); BOOL SesolaRequestSessionReused (SESOLA_STRUCT*); char* SesolaRequestVersion (SESOLA_STRUCT*); int SesolaServiceCount (); int SesolaSessionTicketCallback (SSL*, uchar*, uchar*, EVP_CIPHER_CTX*, HMAC_CTX*, int); uchar* SesolaSessionTicketNewKey (); uchar* SesolaSessionTicketUseKey (uchar*); void* SesolaRequestSesolaPtr (REQUEST_STRUCT*); DH* SesolaTmpDHCallback (SSL*, int, int); RSA* SesolaTmpRSACallback (SSL*, int, int); void SesolaSetWatch (SESOLA_STRUCT*, int); int SesolaSNICallback (SSL*, int*, void*); BOOL SesolaSNIserviceSet (SESOLA_STRUCT*); char* SesolaVersion (BOOL); void SesolaWatchPeek (REQUEST_STRUCT*, void*); int SesolaWatchBioCallback (BIO*, int, char*, int, long, long); SesolaWatchErrors (SESOLA_STRUCT*); SesolaWatchInfoCallback (SSL*, int, int); SesolaWatchSession (SESOLA_STRUCT*); #if SESOLA_MEMORY void SesolaMemoryFree (void*); void SesolaMemoryInit (); void* SesolaMemoryMalloc (size_t); void* SesolaMemoryRealloc (void*, size_t); #endif /* SESOLA_MEMORY */ void SesolaMemoryControl (int, char*, int); void SesolaMemoryEvery (); char* SesolaMemoryReport (); char* SesolaMemTrackReport (void); void SesolaFree (void*); void* SesolaMalloc (int); void* SesolaRealloc (void*, int); /* SESOLACACHE.C */ int SesolaCacheInit (); int SesolaCacheAddRecord (SSL*, SSL_SESSION*); SSL_SESSION* SesolaCacheFindRecord (SSL*, uchar*, int, int*); SesolaCacheGblSecInit (); int SesolaCacheRemoveRecord (SSL_CTX*, SSL_SESSION*); int SesolaCacheStats (REQUEST_STRUCT*); /* SESOLACERT.C */ char* SesolaCertExtension (void*, char*); char* SesolaCertExtension2 (void*, char*); uchar* SesolaCertFind (uchar*, uchar*, uchar**); uchar* SesolaCertKeyword (uchar*); char* SesolaCertName (void*, char*); char* SesolaCertParseDn (char*, char*); int SesolaCertReportDn (char*, char*, int); int SesolaCertReportName (void*, char*, char*, int); int SesolaCertReportExtension (void*, char*, int); int SesolaCertVerifyCallback (int, void*); /* SESOLACGI.C */ SesolaCgiGenerateVariables (REQUEST_STRUCT*, int); SesolaCgiVariablesApacheModSsl (REQUEST_STRUCT*, int); SesolaCgiVariablesExtension (REQUEST_STRUCT*, int); SesolaCgiVariablesPurveyor (REQUEST_STRUCT*, int); /* SESOLACLIENT.C */ int SesolaClientCert (REQUEST_STRUCT*, int, REQUEST_AST); void SesolaClientCertEnd (REQUEST_STRUCT*); int SesolaClientCertConditional (REQUEST_STRUCT*, char*); BOOL SesolaClientCertMetaCon (REQUEST_STRUCT*, METACON_LINE*, int); int SesolaClientCertRequestData (SESOLA_STRUCT*); char* SesolaClientCertRemoteUser (REQUEST_STRUCT*); void SesolaClientCertGet (SESOLA_STRUCT*); /* SESOLAMKCERT.C */ char* SesolaMkCert (char*); /* SESOLANET.C */ SesolaNetAccept (SESOLA_STRUCT*); void SesolaNetBegin (REQUEST_STRUCT*); void SesolaNetBeginFail (SESOLA_STRUCT*); SesolaNetClientBegin (PROXY_TASK*); SesolaNetClientConnect (SESOLA_STRUCT*); SesolaNetClientShutdown (SESOLA_STRUCT*); void SesolaNetEnd (SESOLA_STRUCT*); SesolaNetClientFree (PROXY_TASK*); void SesolaNetFree (SESOLA_STRUCT*); void SesolaNetSetProxyTask (PROXY_TASK*); char* SesolaNetStats (void); void SesolaNetThisIsSSL (SESOLA_STRUCT*); int Sesola_read (BIO*, char*, int); int Sesola_read_ast (SESOLA_STRUCT*); int Sesola_write (BIO*, char*, int); int Sesola_write_ast (SESOLA_STRUCT*); int Sesola_puts (BIO*, char*); int Sesola_gets (BIO*, char*, int); long Sesola_ctrl (BIO*, int, long, char*); BIO_METHOD *BIO_s_Sesola(); /* SESOLANETIO.C */ void SesolaNetIoCancel (NETIO_STRUCT*); BOOL SesolaNetIoInProgress (NETIO_STRUCT*); int SesolaNetIoRead (NETIO_STRUCT*, void*, int); void SesolaNetIoReadAst (NETIO_STRUCT*); void SesolaNetIoReset (NETIO_STRUCT*); int SesolaNetIoWrite (NETIO_STRUCT*, void*, int); void SesolaNetIoWriteAst (NETIO_STRUCT*); int Sesola_netio_read (BIO*, char*, int); int Sesola_netio_read_ex (BIO*, char*, int, int*); int Sesola_netio_write (BIO*, char*, int); int Sesola_netio_write_ex (BIO*, char*, int, int*); void Sesola_netio_read_ast (SESOLA_STRUCT*); void Sesola_netio_write_ast (SESOLA_STRUCT*); /*********************/ #else /* not SESOLA */ /*********************/ #ifdef SESOLA_MEMORY #undef SESOLA_MEMORY #endif BOOL SesolaInitClientService (SERVICE_STRUCT *); SesolaCgiGenerateVariables (REQUEST_STRUCT*, int); /* these need to be here only for WATCH.C to resolve the references */ void SesolaNetIoReadAst (void*); void SesolaNetIoWriteAst (void*); void Sesola_netio_read_ast (void*); void Sesola_netio_write_ast (void*); int SesolaMkCertBegin (); /************************/ #endif /* ifdef SESOLA */ /************************/ #endif /* SESOLA_H_LOADED */ /*****************************************************************************/