libzorp-dev 3.9.2-3ubuntu1 / usr / include / zorp / proxyssl.h

This file is indexed.

/usr/include/zorp/proxyssl.h is in libzorp-dev 3.9.2-3ubuntu1.

This file is owned by root:root, with mode 0o644.

The actual contents of the file can be viewed below. 

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
/***************************************************************************
 *
 * Copyright (c) 2009, 2010 BalaBit IT Ltd, Budapest, Hungary
 * All rights reserved.
 *
 * Author: Laszlo Attila Toth
 *
 ***************************************************************************/

#ifndef ZORP_PROXY_SSL_H_INCLUDED
#define ZORP_PROXY_SSL_H_INCLUDED

#include <zorp/proxycommon.h>
#include <zorp/ssl.h>

typedef enum
{
  PROXY_SSL_VERIFY_NONE                = 0,
  PROXY_SSL_VERIFY_OPTIONAL_UNTRUSTED  = 1,
#define PROXY_SSL_VERIFY_OPTIONAL PROXY_SSL_VERIFY_OPTIONAL_UNTRUSTED
  PROXY_SSL_VERIFY_OPTIONAL_TRUSTED    = 2,
  PROXY_SSL_VERIFY_REQUIRED_UNTRUSTED  = 3,
  PROXY_SSL_VERIFY_REQUIRED_TRUSTED    = 4,
} proxy_ssl_verify_type;

#define PROXY_SSL_HS_CLIENT_SERVER 0
#define PROXY_SSL_HS_SERVER_CLIENT 1

#define PROXY_SSL_HS_POLICY ZV_POLICY
#define PROXY_SSL_HS_ACCEPT ZV_ACCEPT
#define PROXY_SSL_HS_VERIFIED 10

typedef enum
{
  PROXY_SSL_SEC_NONE                    = 0,
  PROXY_SSL_SEC_FORCE_SSL               = 1,
  PROXY_SSL_SEC_ACCEPT_STARTTLS         = 2,
  PROXY_SSL_SEC_FORWARD_STARTTLS        = 3,
} proxy_ssl_security_type;

typedef struct _ZProxySsl {
  ZPolicyDict *dict;
  ZPolicyObj *ssl_struct;

  proxy_ssl_security_type security[EP_MAX];

  GString *ssl_method[EP_MAX];
  GString *ssl_cipher[EP_MAX];

  ZSSLSession *ssl_sessions[EP_MAX];

  ZPolicyObj *server_setup_key_cb, *server_setup_ca_list_cb, *server_setup_crl_list_cb, *server_verify_cert_cb;
  ZPolicyObj *client_setup_key_cb, *client_setup_ca_list_cb, *client_setup_crl_list_cb, *client_verify_cert_cb;

  EVP_PKEY *local_privkey[EP_MAX];
  X509 *peer_cert[EP_MAX];
  X509 *local_cert[EP_MAX];
  STACK_OF(X509) *local_ca_list[EP_MAX];
  STACK_OF(X509_NAME) *server_peer_ca_list;
  STACK_OF(X509_CRL) *local_crl_list[EP_MAX];

  gboolean force_connect_at_handshake;
  gint handshake_timeout;
  gint handshake_seq;
  gboolean handshake_pending[EP_MAX];
  GHashTable *handshake_hash[EP_MAX];

  proxy_ssl_verify_type verify_type[EP_MAX];
  int verify_depth[EP_MAX];
  gboolean disable_proto_sslv2[EP_MAX];
  gboolean disable_proto_sslv3[EP_MAX];
  gboolean disable_proto_tlsv1[EP_MAX];

  gboolean permit_invalid_certificates;
  gboolean server_check_subject;
  GString  *local_privkey_passphrase[EP_MAX];

  /* List of handshake objects. Unfortunately OpenSSL callbacks cannot be
   * handed a destroy_notify callback so we generally cannot use
   * refcounting to manage the lifetime of handshake objects.
   *
   * Instead, we do store all handshake objects in this linked list in the
   * associated proxy and make sure we delete these when we can guarantee that
   * the handshake is no longer needed (referenced).
   *
   * Right now this means we delete handshake objects only from the proxy
   * destroy method.
   */
  GList *handshakes;
} ZProxySsl;

struct _ZProxySSLHandshake;
typedef void (*ZProxySSLCallbackFunc)(struct _ZProxySSLHandshake *hs, gpointer user_data);
typedef struct _ZProxySSLHandshake {
  ZSSLSession *session;
  ZStream *stream;
  ZProxy *proxy;
  gint side;

  /* result */
  gint ssl_err;
  gchar ssl_err_str[512];

  /* internals */
  GSource *timeout;

  ZStreamContext stream_context;
  ZProxySSLCallbackFunc completion_cb;
  gpointer completion_user_data;
  GDestroyNotify completion_user_data_notify;

  SSL_CTX *ssl_context;
} ZProxySSLHandshake;

ZProxySSLHandshake *z_proxy_ssl_handshake_new(ZProxy *proxy, ZStream *stream, gint side);

void z_proxy_ssl_config_defaults(ZProxy *self);
void z_proxy_ssl_register_vars(ZProxy *self);
void z_proxy_ssl_free_vars(ZProxy *self);
gboolean z_proxy_ssl_perform_handshake(ZProxySSLHandshake *handshake);
gboolean z_proxy_ssl_init_stream(ZProxy *self, gint side);
gboolean z_proxy_ssl_init_stream_nonblocking(ZProxy *self, gint side);
gboolean z_proxy_ssl_request_handshake(ZProxy *self, gint side, gboolean forced);
void z_proxy_ssl_clear_session(ZProxy *self, gint side);
void z_proxy_ssl_set_force_connect_at_handshake(ZProxy *self, gboolean val);

#endif

APT Browse - Built by Thomas Orozco.