#include <proto/proxy.h>
#include <haproxy/sample.h>
#include <proto/server.h>
-#include <proto/ssl_sock.h>
+#include <haproxy/ssl_sock.h>
#include <haproxy/stats.h>
#include <proto/stream.h>
#include <proto/stream_interface.h>
/*
- * include/types/ssl_sock.h
+ * include/haproxy/ssl_sock-t.h
* SSL settings for listeners and servers
*
* Copyright (C) 2012 EXCELIANCE, Emeric Brun <ebrun@exceliance.fr>
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
*/
-#ifndef _TYPES_SSL_SOCK_H
-#define _TYPES_SSL_SOCK_H
+#ifndef _HAPROXY_SSL_SOCK_T_H
+#define _HAPROXY_SSL_SOCK_T_H
#ifdef USE_OPENSSL
-#include <import/ebpttree.h>
-#include <import/ebmbtree.h>
#include <import/eb64tree.h>
-
-#include <haproxy/connection-t.h> /* struct wait_event */
+#include <import/ebmbtree.h>
+#include <import/ebpttree.h>
#include <haproxy/buf-t.h>
-#include <haproxy/thread.h>
+#include <haproxy/connection-t.h> /* struct wait_event */
+#include <haproxy/thread-t.h>
#include <haproxy/list-t.h>
#include <haproxy/listener-t.h>
#include <haproxy/openssl-compat.h>
CONF_TLSV_MAX = 5,
};
+/* server and bind verify method, it uses a global value as default */
+enum {
+ SSL_SOCK_VERIFY_DEFAULT = 0,
+ SSL_SOCK_VERIFY_REQUIRED = 1,
+ SSL_SOCK_VERIFY_OPTIONAL = 2,
+ SSL_SOCK_VERIFY_NONE = 3,
+};
+
+/* states of the CLI IO handler for 'set ssl cert' */
+enum {
+ SETCERT_ST_INIT = 0,
+ SETCERT_ST_GEN,
+ SETCERT_ST_INSERT,
+ SETCERT_ST_FIN,
+};
+
#if (HA_OPENSSL_VERSION_NUMBER < 0x1010000fL)
typedef enum { SET_CLIENT, SET_SERVER } set_context_func;
#else /* openssl >= 1.1.0 */
const char *name;
};
-/* server and bind verify method, it uses a global value as default */
-enum {
- SSL_SOCK_VERIFY_DEFAULT = 0,
- SSL_SOCK_VERIFY_REQUIRED = 1,
- SSL_SOCK_VERIFY_OPTIONAL = 2,
- SSL_SOCK_VERIFY_NONE = 3,
-};
-
struct pkey_info {
uint8_t sig; /* TLSEXT_signature_[rsa,ecdsa,...] */
uint16_t bits; /* key size in bits */
struct ebmb_node name; /* node holding the servername value */
};
-extern struct list tlskeys_reference;
-
struct tls_sess_key_128 {
unsigned char name[16];
unsigned char aes_key[16];
unsigned char key_data[SSL_MAX_SSL_SESSION_ID_LENGTH];
};
-/* states of the CLI IO handler for 'set ssl cert' */
-enum {
- SETCERT_ST_INIT = 0,
- SETCERT_ST_GEN,
- SETCERT_ST_INSERT,
- SETCERT_ST_FIN,
-};
-
#if HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL
#define SSL_SOCK_POSSIBLE_KT_COMBOS (1<<(SSL_SOCK_NUM_KEYTYPES))
#endif
#endif /* USE_OPENSSL */
-#endif /* _TYPES_SSL_SOCK_H */
+#endif /* _HAPROXY_SSL_SOCK_T_H */
/*
- * include/proto/ssl_sock.h
+ * include/haproxy/ssl_sock.h
* This file contains definition for ssl stream socket operations
*
* Copyright (C) 2012 EXCELIANCE, Emeric Brun <ebrun@exceliance.fr>
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
*/
-#ifndef _PROTO_SSL_SOCK_H
-#define _PROTO_SSL_SOCK_H
+#ifndef _HAPROXY_SSL_SOCK_H
+#define _HAPROXY_SSL_SOCK_H
#ifdef USE_OPENSSL
+
#include <haproxy/connection.h>
#include <haproxy/openssl-compat.h>
+#include <haproxy/ssl_sock-t.h>
+#include <haproxy/pool-t.h>
+#include <haproxy/thread.h>
#include <types/proxy.h>
-#include <types/ssl_sock.h>
-#include <types/stream_interface.h>
-
+extern struct list tlskeys_reference;
extern int sslconns;
extern int totalsslconns;
extern struct eb_root ckchs_tree;
extern struct xprt_ops ssl_sock;
extern int ssl_capture_ptr_index;
-/* boolean, returns true if connection is over SSL */
-static inline
-int ssl_sock_is_ssl(struct connection *conn)
-{
- if (!conn || conn->xprt != xprt_get(XPRT_SSL) || !conn->xprt_ctx)
- return 0;
- else
- return 1;
-}
-
int ssl_sock_prepare_ctx(struct bind_conf *bind_conf, struct ssl_bind_conf *, SSL_CTX *ctx, char **err);
int ssl_sock_prepare_all_ctx(struct bind_conf *bind_conf);
int ssl_sock_prepare_bind_conf(struct bind_conf *bind_conf);
SSL *ssl_sock_get_ssl_object(struct connection *conn);
+/* boolean, returns true if connection is over SSL */
+static inline
+int ssl_sock_is_ssl(struct connection *conn)
+{
+ if (!conn || conn->xprt != xprt_get(XPRT_SSL) || !conn->xprt_ctx)
+ return 0;
+ else
+ return 1;
+}
+
+
#endif /* USE_OPENSSL */
-#endif /* _PROTO_SSL_SOCK_H */
+#endif /* _HAPROXY_SSL_SOCK_H */
/*
* Local variables:
#include <haproxy/list-t.h>
#include <haproxy/listener-t.h>
#include <haproxy/obj_type-t.h>
+#include <haproxy/ssl_sock-t.h>
#include <haproxy/thread.h>
#include <haproxy/openssl-compat.h>
#include <haproxy/connection-t.h>
#include <haproxy/freq_ctr-t.h>
#include <types/queue.h>
-#include <types/ssl_sock.h>
#include <haproxy/task-t.h>
#include <haproxy/obj_type.h>
#include <haproxy/payload.h>
#include <haproxy/session.h>
+#include <haproxy/ssl_sock.h>
#include <haproxy/task.h>
#include <haproxy/ticks.h>
#include <haproxy/time.h>
#include <proto/server.h>
#include <proto/stream.h>
#include <proto/stream_interface.h>
-#include <proto/ssl_sock.h>
#define TRACE_SOURCE &trace_strm
#include <common/cfgparse.h>
#include <haproxy/listener.h>
#include <haproxy/openssl-compat.h>
-
-#include <types/ssl_sock.h>
-
-#include <proto/ssl_sock.h>
+#include <haproxy/ssl_sock.h>
/****************** Global Section Parsing ********************************************/
#include <haproxy/h1.h>
#include <haproxy/htx.h>
#include <haproxy/signal.h>
+#include <haproxy/ssl_sock.h>
#include <haproxy/stats-t.h>
#include <haproxy/task.h>
#include <haproxy/vars.h>
#include <proto/stream_interface.h>
#include <proto/log.h>
#include <haproxy/proto_udp.h>
-#include <proto/ssl_sock.h>
#include <haproxy/sample.h>
static int tcpcheck_get_step_id(struct check *, struct tcpcheck_rule *);
#include <haproxy/proto_tcp.h>
#include <proto/stream_interface.h>
#include <haproxy/sample.h>
-#include <proto/ssl_sock.h>
+#include <haproxy/ssl_sock.h>
DECLARE_POOL(pool_head_connection, "connection", sizeof(struct connection));
#include <haproxy/regex.h>
#include <haproxy/session.h>
#include <haproxy/signal.h>
+#include <haproxy/ssl_sock.h>
#include <haproxy/tools.h>
#include <haproxy/time.h>
#include <haproxy/uri_auth-t.h>
#include <proto/queue.h>
#include <proto/server.h>
#include <proto/stream.h>
-#include <proto/ssl_sock.h>
/* array of init calls for older platforms */
DECLARE_INIT_STAGES;
#include <haproxy/cli.h>
#include <haproxy/frontend.h>
#include <haproxy/http.h>
+#include <haproxy/ssl_sock.h>
#include <haproxy/tools.h>
#include <haproxy/time.h>
#include <haproxy/version.h>
#include <haproxy/ring.h>
#include <haproxy/sample.h>
#include <haproxy/sink.h>
-#include <proto/ssl_sock.h>
#include <proto/stream.h>
#include <proto/stream_interface.h>
#include <haproxy/net_helper.h>
#include <haproxy/regex.h>
#include <haproxy/session-t.h>
+#include <haproxy/ssl_sock.h>
#include <types/proxy.h>
#include <proto/fcgi-app.h>
#include <proto/log.h>
-#include <proto/ssl_sock.h>
#include <proto/stream.h>
#include <proto/stream_interface.h>
#include <haproxy/trace.h>
#include <haproxy/cli.h>
#include <haproxy/errors.h>
#include <haproxy/ssl_ckch.h>
+#include <haproxy/ssl_sock.h>
#include <haproxy/ssl_utils.h>
#include <haproxy/tools.h>
#include <import/ebsttree.h>
-#include <types/ssl_sock.h>
-
#include <proto/channel.h>
-#include <proto/ssl_sock.h>
#include <proto/stream_interface.h>
/* Uncommitted CKCH transaction */
#include <haproxy/errors.h>
#include <haproxy/ssl_ckch.h>
#include <haproxy/ssl_crtlist.h>
+#include <haproxy/ssl_sock.h>
#include <haproxy/tools.h>
#include <dirent.h>
#include <import/ebpttree.h>
#include <import/ebsttree.h>
-#include <types/ssl_sock.h>
-
#include <proto/channel.h>
#include <proto/stream_interface.h>
-#include <proto/ssl_sock.h>
/* release ssl bind conf */
void ssl_sock_free_ssl_conf(struct ssl_bind_conf *conf)
#include <haproxy/obj_type.h>
#include <haproxy/openssl-compat.h>
#include <haproxy/sample.h>
+#include <haproxy/ssl_sock.h>
#include <haproxy/ssl_utils.h>
#include <haproxy/tools.h>
-#include <types/ssl_sock.h>
-
#include <haproxy/arg.h>
-#include <proto/ssl_sock.h>
/***** Below are some sample fetching functions for ACL/patterns *****/
#include <haproxy/shctx.h>
#include <haproxy/ssl_ckch.h>
#include <haproxy/ssl_crtlist.h>
+#include <haproxy/ssl_sock.h>
#include <haproxy/ssl_utils.h>
#include <haproxy/stats-t.h>
#include <haproxy/task.h>
#include <import/ebpttree.h>
#include <import/ebsttree.h>
-#include <types/ssl_sock.h>
-
#include <haproxy/arg.h>
#include <proto/channel.h>
#include <haproxy/fd.h>
#include <proto/stream_interface.h>
#include <proto/log.h>
#include <proto/proxy.h>
-#include <proto/ssl_sock.h>
#include <proto/stream.h>
/* ***** READ THIS before adding code here! *****
#include <haproxy/api.h>
#include <haproxy/buf-t.h>
#include <haproxy/openssl-compat.h>
-
-#include <proto/ssl_sock.h>
-
-#include <types/ssl_sock.h>
+#include <haproxy/ssl_sock.h>
/* fill a buffer with the algorithm and size of a public key */
int cert_get_pkey_algo(X509 *crt, struct buffer *out)
#include <haproxy/map-t.h>
#include <haproxy/pattern-t.h>
#include <haproxy/session.h>
+#include <haproxy/ssl_sock.h>
#include <haproxy/stats.h>
#include <haproxy/task.h>
#include <haproxy/tools.h>
#include <proto/log.h>
#include <haproxy/pipe.h>
#include <proto/proxy.h>
-#include <proto/ssl_sock.h>
#include <proto/stream.h>
#include <proto/server.h>
#include <proto/stream_interface.h>
#include <haproxy/hlua.h>
#include <haproxy/listener.h>
#include <haproxy/namespace.h>
+#include <haproxy/ssl_sock.h>
#include <haproxy/task.h>
#include <haproxy/tools.h>
#include <haproxy/proto_udp.h>
-#include <proto/ssl_sock.h>
#include <proto/stream_interface.h>
/* This macro returns false if the test __x is false. Many
projects / thirdparty / haproxy.git / commitdiff
