ApacheTrafficServer: P_SSLUtils.h Source File

Go to the documentation of this file.
00001 /** @file
00002 
00003   @section license License
00004 
00005   Licensed to the Apache Software Foundation (ASF) under one
00006   or more contributor license agreements.  See the NOTICE file
00007   distributed with this work for additional information
00008   regarding copyright ownership.  The ASF licenses this file
00009   to you under the Apache License, Version 2.0 (the
00010   "License"); you may not use this file except in compliance
00011   with the License.  You may obtain a copy of the License at
00012 
00013       http://www.apache.org/licenses/LICENSE-2.0
00014 
00015   Unless required by applicable law or agreed to in writing, software
00016   distributed under the License is distributed on an "AS IS" BASIS,
00017   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
00018   See the License for the specific language governing permissions and
00019   limitations under the License.
00020  */
00021 
00022 #ifndef __P_SSLUTILS_H__
00023 #define __P_SSLUTILS_H__
00024 
00025 #include "ink_config.h"
00026 #include "Diags.h"
00027 
00028 #define OPENSSL_THREAD_DEFINES
00029 #include <openssl/opensslconf.h>
00030 #include <openssl/ssl.h>
00031 
00032 #if !defined(OPENSSL_THREADS)
00033 #error Traffic Server requires a OpenSSL library that support threads
00034 #endif
00035 
00036 struct SSLConfigParams;
00037 struct SSLCertLookup;
00038 class SSLNetVConnection;
00039 struct RecRawStatBlock;
00040 
00041 enum SSL_Stats
00042 {
00043   ssl_origin_server_expired_cert_stat,
00044   ssl_user_agent_expired_cert_stat,
00045   ssl_origin_server_revoked_cert_stat,
00046   ssl_user_agent_revoked_cert_stat,
00047   ssl_origin_server_unknown_cert_stat,
00048   ssl_user_agent_unknown_cert_stat,
00049   ssl_origin_server_cert_verify_failed_stat,
00050   ssl_user_agent_cert_verify_failed_stat,
00051   ssl_origin_server_bad_cert_stat,
00052   ssl_user_agent_bad_cert_stat,
00053   ssl_origin_server_decryption_failed_stat,
00054   ssl_user_agent_decryption_failed_stat,
00055   ssl_origin_server_wrong_version_stat,
00056   ssl_user_agent_wrong_version_stat,
00057   ssl_origin_server_other_errors_stat,
00058   ssl_user_agent_other_errors_stat,
00059   ssl_origin_server_unknown_ca_stat,
00060   ssl_user_agent_unknown_ca_stat,
00061   ssl_user_agent_sessions_stat,
00062   ssl_user_agent_session_hit_stat,
00063   ssl_user_agent_session_miss_stat,
00064   ssl_user_agent_session_timeout_stat,
00065   ssl_total_handshake_time_stat,
00066   ssl_total_success_handshake_count_stat,
00067   ssl_total_tickets_created_stat,
00068   ssl_total_tickets_verified_stat,
00069   ssl_total_tickets_not_found_stat,
00070   ssl_total_tickets_renewed_stat,
00071 
00072   /* error stats */
00073   ssl_error_want_write,
00074   ssl_error_want_read,
00075   ssl_error_want_x509_lookup,
00076   ssl_error_syscall,
00077   ssl_error_read_eos,
00078   ssl_error_zero_return,
00079   ssl_error_ssl,
00080   ssl_sni_name_set_failure,
00081 
00082   ssl_cipher_stats_start = 100,
00083   ssl_cipher_stats_end = 300,
00084 
00085   Ssl_Stat_Count
00086 };
00087 
00088 extern RecRawStatBlock *ssl_rsb;
00089 
00090 /* Stats should only be accessed using these macros */
00091 #define SSL_INCREMENT_DYN_STAT(x) RecIncrRawStat(ssl_rsb, NULL, (int) x, 1)
00092 #define SSL_DECREMENT_DYN_STAT(x) RecIncrRawStat(ssl_rsb, NULL, (int) x, -1)
00093 #define SSL_SET_COUNT_DYN_STAT(x,count) RecSetRawStatCount(ssl_rsb, x, count)
00094 #define SSL_INCREMENT_DYN_STAT_EX(x, y) RecIncrRawStat(ssl_rsb, NULL, (int) x, y)
00095 #define SSL_CLEAR_DYN_STAT(x) \
00096   do { \
00097     RecSetRawStatSum(ssl_rsb, (x), 0); \
00098     RecSetRawStatCount(ssl_rsb, (x), 0); \
00099   } while (0);
00100 
00101 // Create a default SSL server context.
00102 SSL_CTX * SSLDefaultServerContext();
00103 
00104 // Create and initialize a SSL client context.
00105 SSL_CTX * SSLInitClientContext(const SSLConfigParams * param);
00106 
00107 // Initialize the SSL library.
00108 void SSLInitializeLibrary();
00109 
00110 // Initialize SSL statistics.
00111 void SSLInitializeStatistics();
00112 
00113 // Release SSL_CTX and the associated data
00114 void SSLReleaseContext(SSL_CTX* ctx);
00115 
00116 // Log an SSL error.
00117 #define SSLError(fmt, ...) SSLDiagnostic(DiagsMakeLocation(), false, NULL, fmt, ##__VA_ARGS__)
00118 #define SSLErrorVC(vc,fmt, ...) SSLDiagnostic(DiagsMakeLocation(), false, vc, fmt, ##__VA_ARGS__)
00119 // Log a SSL diagnostic using the "ssl" diagnostic tag.
00120 #define SSLDebug(fmt, ...) SSLDiagnostic(DiagsMakeLocation(), true, NULL, fmt, ##__VA_ARGS__)
00121 #define SSLDebugVC(vc,fmt, ...) SSLDiagnostic(DiagsMakeLocation(), true, vc, fmt, ##__VA_ARGS__)
00122 
00123 void SSLDiagnostic(const SrcLoc& loc, bool debug, SSLNetVConnection * vc, const char * fmt, ...) TS_PRINTFLIKE(4, 5);
00124 
00125 // Return a static string name for a SSL_ERROR constant.
00126 const char * SSLErrorName(int ssl_error);
00127 
00128 // Log a SSL network buffer.
00129 void SSLDebugBufferPrint(const char * tag, const char * buffer, unsigned buflen, const char * message);
00130 
00131 // Load the SSL certificate configuration.
00132 bool SSLParseCertificateConfiguration(const SSLConfigParams * params, SSLCertLookup * lookup);
00133 
00134 #endif /* __P_SSLUTILS_H__ */