mirror of
https://github.com/apache/httpd.git
synced 2025-08-01 07:26:57 +03:00
c51e4d9cbc
Transparency (RFC 6962) for httpd. mod_ssl_ct requires OpenSSL 1.0.2 (in beta) and must be explicitly enabled via configure. Note that support/ctauditscts is purposefully not installed; it does not properly function due to a dependency on a certificate-transparency open source project tool which itself is not sufficiently complete at this time. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1588987 13f79535-47bb-0310-9956-ffa450edef68
65 lines
2.0 KiB
C
65 lines
2.0 KiB
C
/* Licensed to the Apache Software Foundation (ASF) under one or more
|
|
* contributor license agreements. See the NOTICE file distributed with
|
|
* this work for additional information regarding copyright ownership.
|
|
* The ASF licenses this file to You under the Apache License, Version 2.0
|
|
* (the "License"); you may not use this file except in compliance with
|
|
* the License. You may obtain a copy of the License at
|
|
*
|
|
* http://www.apache.org/licenses/LICENSE-2.0
|
|
*
|
|
* Unless required by applicable law or agreed to in writing, software
|
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
* See the License for the specific language governing permissions and
|
|
* limitations under the License.
|
|
*/
|
|
|
|
#ifndef SSL_CT_SCT_H
|
|
#define SSL_CT_SCT_H
|
|
|
|
#include "apr_pools.h"
|
|
#include "apr_tables.h"
|
|
|
|
#include "httpd.h"
|
|
#include "mod_ssl.h"
|
|
|
|
#include "ssl_ct_log_config.h"
|
|
|
|
#define LOG_ID_SIZE 32
|
|
|
|
typedef struct cert_chain {
|
|
apr_pool_t *p;
|
|
apr_array_header_t *cert_arr; /* array of X509 * */
|
|
X509 *leaf;
|
|
} cert_chain;
|
|
|
|
typedef struct {
|
|
unsigned char version;
|
|
unsigned char logid[LOG_ID_SIZE];
|
|
apr_uint64_t timestamp;
|
|
apr_time_t time;
|
|
char timestr[APR_RFC822_DATE_LEN];
|
|
const unsigned char *extensions;
|
|
apr_uint16_t extlen;
|
|
unsigned char hash_alg;
|
|
unsigned char sig_alg;
|
|
apr_uint16_t siglen;
|
|
const unsigned char *sig;
|
|
const unsigned char *signed_data;
|
|
apr_size_t signed_data_len;
|
|
} sct_fields_t;
|
|
|
|
apr_status_t sct_parse(const char *source,
|
|
server_rec *s, const unsigned char *sct,
|
|
apr_size_t len, cert_chain *cc,
|
|
sct_fields_t *fields);
|
|
|
|
void sct_release(sct_fields_t *sctf);
|
|
|
|
apr_status_t sct_verify_signature(conn_rec *c, sct_fields_t *sctf,
|
|
apr_array_header_t *log_config);
|
|
|
|
apr_status_t sct_verify_timestamp(conn_rec *c, sct_fields_t *sctf);
|
|
|
|
#endif /* SSL_CT_SCT_H */
|