Emeric Brun | fc0421f | 2012-09-07 17:30:07 +0200 | [diff] [blame] | 1 | /* |
| 2 | * include/types/ssl_sock.h |
| 3 | * SSL settings for listeners and servers |
| 4 | * |
| 5 | * Copyright (C) 2012 EXCELIANCE, Emeric Brun <ebrun@exceliance.fr> |
| 6 | * |
| 7 | * This library is free software; you can redistribute it and/or |
| 8 | * modify it under the terms of the GNU Lesser General Public |
| 9 | * License as published by the Free Software Foundation, version 2.1 |
| 10 | * exclusively. |
| 11 | * |
| 12 | * This library is distributed in the hope that it will be useful, |
| 13 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
| 14 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU |
| 15 | * Lesser General Public License for more details. |
| 16 | * |
| 17 | * You should have received a copy of the GNU Lesser General Public |
| 18 | * License along with this library; if not, write to the Free Software |
| 19 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA |
| 20 | */ |
| 21 | |
| 22 | #ifndef _TYPES_SSL_SOCK_H |
| 23 | #define _TYPES_SSL_SOCK_H |
| 24 | |
| 25 | #include <openssl/ssl.h> |
| 26 | #include <ebmbtree.h> |
| 27 | |
Christopher Faulet | 16f45c8 | 2018-02-16 11:23:49 +0100 | [diff] [blame] | 28 | #include <common/hathreads.h> |
| 29 | |
Emmanuel Hocdet | ddc090b | 2017-10-27 18:43:29 +0200 | [diff] [blame] | 30 | struct pkey_info { |
| 31 | uint8_t sig; /* TLSEXT_signature_[rsa,ecdsa,...] */ |
| 32 | uint16_t bits; /* key size in bits */ |
| 33 | }; |
| 34 | |
Emeric Brun | fc0421f | 2012-09-07 17:30:07 +0200 | [diff] [blame] | 35 | struct sni_ctx { |
| 36 | SSL_CTX *ctx; /* context associated to the certificate */ |
| 37 | int order; /* load order for the certificate */ |
Emmanuel Hocdet | 0594211 | 2017-02-20 16:11:50 +0100 | [diff] [blame] | 38 | uint8_t neg; /* reject if match */ |
Emmanuel Hocdet | ddc090b | 2017-10-27 18:43:29 +0200 | [diff] [blame] | 39 | struct pkey_info kinfo; /* pkey info */ |
Emmanuel Hocdet | 9826329 | 2016-12-29 18:26:15 +0100 | [diff] [blame] | 40 | struct ssl_bind_conf *conf; /* ssl "bind" conf for the certificate */ |
Emeric Brun | fc0421f | 2012-09-07 17:30:07 +0200 | [diff] [blame] | 41 | struct ebmb_node name; /* node holding the servername value */ |
| 42 | }; |
| 43 | |
Emmanuel Hocdet | 5db33cb | 2017-03-30 19:19:37 +0200 | [diff] [blame] | 44 | struct tls_version_filter { |
| 45 | uint16_t flags; /* ssl options */ |
| 46 | uint8_t min; /* min TLS version */ |
| 47 | uint8_t max; /* max TLS version */ |
| 48 | }; |
| 49 | |
Nenad Merdanovic | 200b0fa | 2015-05-09 08:46:01 +0200 | [diff] [blame] | 50 | extern struct list tlskeys_reference; |
| 51 | |
Nenad Merdanovic | 05552d4 | 2015-02-27 19:56:49 +0100 | [diff] [blame] | 52 | struct tls_sess_key { |
| 53 | unsigned char name[16]; |
| 54 | unsigned char aes_key[16]; |
| 55 | unsigned char hmac_key[16]; |
| 56 | } __attribute__((packed)); |
| 57 | |
Nenad Merdanovic | 146defa | 2015-05-09 08:46:00 +0200 | [diff] [blame] | 58 | struct tls_keys_ref { |
| 59 | struct list list; /* Used to chain refs. */ |
| 60 | char *filename; |
| 61 | int unique_id; /* Each pattern reference have unique id. */ |
Willy Tarreau | 17b4aa1 | 2018-07-17 10:05:32 +0200 | [diff] [blame] | 62 | int refcount; /* number of users of this tls_keys_ref. */ |
Nenad Merdanovic | 146defa | 2015-05-09 08:46:00 +0200 | [diff] [blame] | 63 | struct tls_sess_key *tlskeys; |
| 64 | int tls_ticket_enc_index; |
Christopher Faulet | 16f45c8 | 2018-02-16 11:23:49 +0100 | [diff] [blame] | 65 | __decl_hathreads(HA_RWLOCK_T lock); /* lock used to protect the ref */ |
Nenad Merdanovic | 146defa | 2015-05-09 08:46:00 +0200 | [diff] [blame] | 66 | }; |
| 67 | |
William Lallemand | 4f45bb9 | 2017-10-30 20:08:51 +0100 | [diff] [blame] | 68 | /* shared ssl session */ |
| 69 | struct sh_ssl_sess_hdr { |
| 70 | struct ebmb_node key; |
| 71 | unsigned char key_data[SSL_MAX_SSL_SESSION_ID_LENGTH]; |
| 72 | }; |
| 73 | |
Emeric Brun | fc0421f | 2012-09-07 17:30:07 +0200 | [diff] [blame] | 74 | #endif /* _TYPES_SSL_SOCK_H */ |