mirror of
https://git.haproxy.org/git/haproxy.git/
synced 2025-08-07 07:37:02 +02:00
3f771f5118
Due to the possibility of calling a control process after adding CRLs, the ssl_commit_crlfile_cb variable was added. It is actually a pointer to the callback function, which is called if defined after initial loading of CRL data from disk and after committing CRL data via CLI command 'commit ssl crl-file ..'. If the callback function returns an error, then the CLI commit operation is terminated. Also, one case was added to the CLI context used by "commit cafile" and "commit crlfile": CACRL_ST_CRLCB in which the callback function is called. Signed-off-by: William Lallemand <wlallemand@haproxy.com>
77 lines
3.8 KiB
C
77 lines
3.8 KiB
C
/*
|
|
* include/haproxy/ssl_ckch.h
|
|
* ckch function prototypes
|
|
*
|
|
* Copyright (C) 2020 HAProxy Technologies, William Lallemand <wlallemand@haproxy.com>
|
|
*
|
|
* This library is free software; you can redistribute it and/or
|
|
* modify it under the terms of the GNU Lesser General Public
|
|
* License as published by the Free Software Foundation, version 2.1
|
|
* exclusively.
|
|
*
|
|
* This library is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
* Lesser General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU Lesser General Public
|
|
* License along with this library; if not, write to the Free Software
|
|
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
|
|
*/
|
|
|
|
#ifndef _HAPROXY_SSL_CKCH_H
|
|
#define _HAPROXY_SSL_CKCH_H
|
|
#ifdef USE_OPENSSL
|
|
|
|
#include <haproxy/ssl_ckch-t.h>
|
|
|
|
/* cert_key_and_chain functions */
|
|
|
|
int ssl_sock_load_files_into_ckch(const char *path, struct ckch_data *data, char **err);
|
|
int ssl_sock_load_pem_into_ckch(const char *path, char *buf, struct ckch_data *datackch , char **err);
|
|
void ssl_sock_free_cert_key_and_chain_contents(struct ckch_data *data);
|
|
|
|
int ssl_sock_load_key_into_ckch(const char *path, char *buf, struct ckch_data *data , char **err);
|
|
int ssl_sock_load_ocsp_response_from_file(const char *ocsp_path, char *buf, struct ckch_data *data, char **err);
|
|
int ssl_sock_load_sctl_from_file(const char *sctl_path, char *buf, struct ckch_data *data, char **err);
|
|
int ssl_sock_load_issuer_file_into_ckch(const char *path, char *buf, struct ckch_data *data, char **err);
|
|
|
|
/* ckch_store functions */
|
|
struct ckch_store *ckchs_load_cert_file(char *path, char **err);
|
|
struct ckch_store *ckchs_lookup(char *path);
|
|
struct ckch_store *ckchs_dup(const struct ckch_store *src);
|
|
struct ckch_store *ckch_store_new(const char *filename);
|
|
void ckch_store_free(struct ckch_store *store);
|
|
void ckch_store_replace(struct ckch_store *old_ckchs, struct ckch_store *new_ckchs);
|
|
|
|
/* ckch_inst functions */
|
|
void ckch_inst_free(struct ckch_inst *inst);
|
|
struct ckch_inst *ckch_inst_new();
|
|
int ckch_inst_new_load_store(const char *path, struct ckch_store *ckchs, struct bind_conf *bind_conf,
|
|
struct ssl_bind_conf *ssl_conf, char **sni_filter, int fcount, int is_default, struct ckch_inst **ckchi, char **err);
|
|
int ckch_inst_new_load_srv_store(const char *path, struct ckch_store *ckchs,
|
|
struct ckch_inst **ckchi, char **err);
|
|
int ckch_inst_rebuild(struct ckch_store *ckch_store, struct ckch_inst *ckchi,
|
|
struct ckch_inst **new_inst, char **err);
|
|
|
|
void ckch_deinit();
|
|
void ckch_inst_add_cafile_link(struct ckch_inst *ckch_inst, struct bind_conf *bind_conf,
|
|
struct ssl_bind_conf *ssl_conf, const struct server *srv);
|
|
|
|
/* ssl_store functions */
|
|
struct cafile_entry *ssl_store_get_cafile_entry(char *path, int oldest_entry);
|
|
X509_STORE* ssl_store_get0_locations_file(char *path);
|
|
int ssl_store_add_uncommitted_cafile_entry(struct cafile_entry *entry);
|
|
struct cafile_entry *ssl_store_create_cafile_entry(char *path, X509_STORE *store, enum cafile_type type);
|
|
struct cafile_entry *ssl_store_dup_cafile_entry(struct cafile_entry *src);
|
|
void ssl_store_delete_cafile_entry(struct cafile_entry *ca_e);
|
|
int ssl_store_load_ca_from_buf(struct cafile_entry *ca_e, char *cert_buf, int append);
|
|
int ssl_store_load_locations_file(char *path, int create_if_none, enum cafile_type type);
|
|
int __ssl_store_load_locations_file(char *path, int create_if_none, enum cafile_type type, int shuterror);
|
|
|
|
extern struct cert_exts cert_exts[];
|
|
extern int (*ssl_commit_crlfile_cb)(const char *path, X509_STORE *ctx, char **err);
|
|
|
|
#endif /* USE_OPENSSL */
|
|
#endif /* _HAPROXY_SSL_CRTLIST_H */
|