From: Marcel Poul <marcel.poul@cern.ch>
Date: Thu, 13 Sep 2012 11:22:34 +0000 (+0000)
Subject: Use this header file for canl adoption (major changes in canl_mod_gridsite.c)
X-Git-Tag: gridsite-core_R_2_0_0~14
X-Git-Url: http://scientific.zcu.cz/git/?a=commitdiff_plain;h=b68718314cfa240da522c9706c831f3d23e4b74a;p=jra1mw.git

Use this header file for canl adoption (major changes in canl_mod_gridsite.c)
---

diff --git a/org.gridsite.core/src/canl_mod_ssl-private.h b/org.gridsite.core/src/canl_mod_ssl-private.h
new file mode 100644
index 0000000..d6e47f6
--- /dev/null
+++ b/org.gridsite.core/src/canl_mod_ssl-private.h
@@ -0,0 +1,204 @@
+/*
+   Copyright (c) 2003-8, Andrew McNab, University of Manchester
+   All rights reserved.
+
+   Redistribution and use in source and binary forms, with or
+   without modification, are permitted provided that the following
+   conditions are met:
+
+     o Redistributions of source code must retain the above
+       copyright notice, this list of conditions and the following
+       disclaimer. 
+     o Redistributions in binary form must reproduce the above
+       copyright notice, this list of conditions and the following
+       disclaimer in the documentation and/or other materials
+       provided with the distribution. 
+
+   THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
+   CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
+   INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+   MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+   DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+   BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+   EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+   TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+   DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
+   ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+   OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+   OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+   POSSIBILITY OF SUCH DAMAGE.
+*/
+
+/*
+
+ Portions of this code are derived from Apache mod_ssl, and are covered
+ by the Apache Software License:
+
+ * Copyright 2001-2004 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/*
+   This work has been partially funded by the EU Commission (contract 
+   INFSO-RI-222667) under the EGEE-III collaboration.
+*/
+
+/*------------------------------------------------------------------*
+ * This program is part of GridSite: http://www.gridsite.org/       *
+ *------------------------------------------------------------------*/
+
+
+/*
+ * After 2.0.49, Apache mod_ssl has most of the mod_ssl structures defined
+ * in ssl_private.h, which is not installed along with httpd-devel (eg in
+ * the FC2 RPM.) This include file provides SIMPLIFIED structures for use
+ * by mod_gridsite: for example, pointers to unused structures are replaced
+ * by  void *  and some of the structures are truncated when only the early
+ * members are used.
+ *
+ * CLEARLY, THIS WILL BREAK IF THERE ARE MAJOR CHANGES TO ssl_private.h!!!
+ */
+
+#include <openssl/ssl.h>
+
+#ifndef BOOL
+#define BOOL unsigned int
+#endif
+
+typedef enum {
+    SSL_SHUTDOWN_TYPE_UNSET,
+    SSL_SHUTDOWN_TYPE_STANDARD,
+    SSL_SHUTDOWN_TYPE_UNCLEAN,
+    SSL_SHUTDOWN_TYPE_ACCURATE
+} ssl_shutdown_type_e;
+
+typedef enum {
+    SSL_ENABLED_UNSET    = -1,
+    SSL_ENABLED_FALSE    = 0,
+    SSL_ENABLED_TRUE     = 1,
+    SSL_ENABLED_OPTIONAL = 3
+} ssl_enabled_t;
+
+#if AP_MODULE_MAGIC_AT_LEAST(20051115,0)
+typedef enum {
+    SSL_CVERIFY_UNSET           = -1,
+    SSL_CVERIFY_NONE            = 0,
+    SSL_CVERIFY_OPTIONAL        = 1,
+    SSL_CVERIFY_REQUIRE         = 2,
+    SSL_CVERIFY_OPTIONAL_NO_CA  = 3
+} ssl_verify_t;
+
+#endif
+
+typedef struct {
+  SSL *ssl;
+  const char *client_dn;
+  X509 *client_cert;
+  ssl_shutdown_type_e shutdown_type;
+  const char *verify_info;
+  const char *verify_error;
+  int verify_depth;
+  int is_proxy;
+  int disabled;
+  int non_ssl_request;
+} SSLConnRec;
+
+#if AP_MODULE_MAGIC_AT_LEAST(20051115,0)
+typedef struct {
+    const char  *ca_cert_path;
+    const char  *ca_cert_file;
+
+    const char  *cipher_suite;
+
+    int          verify_depth;
+    ssl_verify_t verify_mode;
+} modssl_auth_ctx_t;
+#endif
+
+typedef struct {
+  void    *sc; /* pointer back to server config */
+  SSL_CTX *ssl_ctx;
+#if AP_MODULE_MAGIC_AT_LEAST(20051115,0)
+  void *pks;
+  void *pkp;
+
+  int  protocol;
+
+  int           pphrase_dialog_type;
+  const char   *pphrase_dialog_path;
+
+  const char  *cert_chain;
+
+  const char  *crl_path;
+  const char  *crl_file;
+  X509_STORE  *crl;
+
+  modssl_auth_ctx_t auth;
+#endif
+} modssl_ctx_t;
+
+/* original SSLSrvConfigRec */
+typedef struct {
+  void            *mc;
+  BOOL		   enabled;
+  BOOL		   proxy_enabled;
+  const char      *vhost_id;
+  int              vhost_id_len;
+  int              session_cache_timeout;
+#if AP_MODULE_MAGIC_AT_LEAST(20051115,0)
+  BOOL             cipher_server_pref;
+#endif
+  modssl_ctx_t    *server;
+  modssl_ctx_t    *proxy;
+} SSLSrvConfigRec;
+
+/* SSLSrvConfigRec after mod_ssl patch for CVE-2009-3555 */
+typedef struct {
+  void            *mc;
+  unsigned int     enabled;
+  unsigned int     proxy_enabled;
+  const char      *vhost_id;
+  int              vhost_id_len;
+  int              session_cache_timeout;
+#if AP_MODULE_MAGIC_AT_LEAST(20051115,0)
+  BOOL             cipher_server_pref;
+#endif
+  /* this is the member that was added */
+  int              insecure_reneg;
+  modssl_ctx_t    *server;
+  modssl_ctx_t    *proxy;
+} SSLSrvConfigRec2;
+
+/* The server and proxy members of SSLSrvConfigRec must only be accessed
+   using these macros: */
+#define SSLSrvConfigRec_server(sc) (mod_ssl_with_insecure_reneg ? (((SSLSrvConfigRec2 *) sc)->server) : (((SSLSrvConfigRec *) sc)->server))
+#define SSLSrvConfigRec_proxy(sc) (mod_ssl_with_insecure_reneg ? (((SSLSrvConfigRec2 *) sc)->proxy) : (((SSLSrvConfigRec *) sc)->proxy))
+
+#if AP_MODULE_MAGIC_AT_LEAST(20051115,0)
+typedef struct {
+    BOOL          bSSLRequired;
+    apr_array_header_t *aRequirement;
+    int		  nOptions;
+    int           nOptionsAdd;
+    int           nOptionsDel;
+    const char   *szCipherSuite;
+    ssl_verify_t  nVerifyClient;
+    int           nVerifyDepth;
+    const char   *szCACertificatePath;
+    const char   *szCACertificateFile;
+    const char   *szUserName;
+} SSLDirConfigRec;
+#endif
+
+extern module AP_MODULE_DECLARE_DATA ssl_module;