/usr/include/evhtp/sslutils.h is in libevhtp-dev 1.2.16-1build1.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 | /**
* @file sslutils.h
*/
#ifndef __EVHTP_SSLUTILS_H__
#define __EVHTP_SSLUTILS_H__
#include <evhtp/config.h>
#ifdef __cplusplus
extern "C" {
#endif
/**
* @defgroup htp_sslutils SSL utility functions
*/
/**
* @brief converts the client certificate DNAME information (CN=<cert>, OU=.....)
* @ingroup htp_sslutils
*
* @param ssl the client SSL context
*
* @return heap allocated str representation, NULL on error.
*/
EVHTP_EXPORT unsigned char * htp_sslutil_subject_tostr(evhtp_ssl_t * ssl);
/**
* @brief converts the DN (issuer of cert from the client)
* @ingroup htp_sslutils
*
* @param ssl client SSL context
*
* @return heap allocated str representation, NULL on error
*/
EVHTP_EXPORT unsigned char * htp_sslutil_issuer_tostr(evhtp_ssl_t * ssl);
/**
* @brief converts the `notbefore` date of the cert from the client
* @ingroup htp_sslutils
*
* @param ssl client SSL context
*
* @return heap allocated str (YYMMDDhhmmss) of the notbefore, NULL on error.
*/
EVHTP_EXPORT unsigned char * htp_sslutil_notbefore_tostr(evhtp_ssl_t * ssl);
/**
* @brief converts the `notafter` date of the cert from the client
* @ingroup htp_sslutils
*
* @param ssl ssl client SSL context
*
* @return heap allocated str (YYMMDDhhmmss) of notafter, NULL on error.
*/
EVHTP_EXPORT unsigned char * htp_sslutil_notafter_tostr(evhtp_ssl_t * ssl);
/**
* @brief converts the SHA1 digest in str from the client
* @ingroup htp_sslutils
*
* @param ssl SSL context from client
*
* @return NULL on error
*/
EVHTP_EXPORT unsigned char * htp_sslutil_sha1_tostr(evhtp_ssl_t * ssl);
/**
* @brief convert serial number to string
* @ingroup htp_sslutils
*
* @param ssl SSL context from client
*
* @return NULL on error
*/
EVHTP_EXPORT unsigned char * htp_sslutil_serial_tostr(evhtp_ssl_t * ssl);
/**
* @brief convert the used for this SSL context
* @ingroup htp_sslutils
*
* @param ssl SSL context
*
* @return heap allocated cipher str, NULL on error
*/
EVHTP_EXPORT unsigned char * htp_sslutil_cipher_tostr(evhtp_ssl_t * ssl);
/**
* @brief convert the client cert into a multiline string
* @ingroup htp_sslutils
*
* @param ssl client SSL context
*
* @return heap allocated string, NULL on error
*/
EVHTP_EXPORT unsigned char * htp_sslutil_cert_tostr(evhtp_ssl_t * ssl);
/**
* @brief convert X509 extentions to string
* @ingroup htp_sslutils
*
* @param ssl SSL context
* @param oid
*
* @return
*/
EVHTP_EXPORT unsigned char * htp_sslutil_x509_ext_tostr(evhtp_ssl_t * ssl, const char * oid);
/**
* @brief convert a string to the proper verify opts
* @ingroup htp_sslutils
*
* @param opts_str ("on" / "optional" / "off" )
* where:
* "on" : client must present a valid cert (otherwise rejected)
* "off" : no client cert required at all
* "optional" : client MAY present a valid certificate (but not rejected)
*
* @note if `opts_str` is NULL, defaults to "off"
*
* @return OR'd mask SSL_VERIFY_* flags, -1 on error
*/
EVHTP_EXPORT int htp_sslutil_verify2opts(const char * opts_str);
/*
* @ingroup htp_sslutils
* @ {
*/
#define HTP_SSLUTILS_XHDR_SUBJ (1 << 0)
#define HTP_SSLUTILS_XHDR_ISSR (1 << 1)
#define HTP_SSLUTILS_XHDR_NBFR (1 << 2)
#define HTP_SSLUTILS_XHDR_NAFR (1 << 3)
#define HTP_SSLUTILS_XHDR_SERL (1 << 4)
#define HTP_SSLUTILS_XHDR_SHA1 (1 << 5)
#define HTP_SSLUTILS_XHDR_CERT (1 << 6)
#define HTP_SSLUTILS_XHDR_CIPH (1 << 7)
#define HTP_SSLUTILS_XHDR_ALL \
HTP_SSLUTILS_XHDR_SUBJ \
| HTP_SSLUTILS_XHDR_ISSR \
| HTP_SSLUTILS_XHDR_NBFR \
| HTP_SSLUTILS_XHDR_NAFR \
| HTP_SSLUTILS_XHDR_SERL \
| HTP_SSLUTILS_XHDR_SHA1 \
| HTP_SSLUTILS_XHDR_CERT \
| HTP_SSLUTILS_XHDR_CIPH
/** @} */
/**
* @brief add SSL-type X-Header flags to an evhtp_headers_t context
* @ingroup htp_sslutils
*
* @param hdrs headers structure to append into
* @param ssl the SSL context
* HTP_SSLUTILS_XHDR_SUBJ: `X-SSL-Subject`
* HTP_SSLUTILS_XHDR_ISSR: `X-SSL-Issuer`
* HTP_SSLUTILS_XHDR_NBFR: `X-SSL-Notbefore`
* HTP_SSLUTILS_XHDR_NAFR: `X-SSL-Notafter`
* HTP_SSLUTILS_XHDR_SERL: `X-SSL-Serial`
* HTP_SSLUTILS_XHDR_CIPH: `X-SSL-Cipher`
* HTP_SSLUTILS_XHDR_CERT: `X-SSL-Certificate`
* HTP_SSLUTILS_XHDR_SHA1: `X-SSL-SHA1`
*
* @param flags flags (See XHDR defines above)
*
* @return 0 on success, -1 on error
*/
EVHTP_EXPORT int htp_sslutil_add_xheaders(evhtp_headers_t * hdrs, evhtp_ssl_t * ssl, short flags);
#ifdef __cplusplus
}
#endif
#endif
|