PNG  IHDR* pHYs+ IDATx]n#; cdLb Ǚ[at¤_:uP}>!Usă cag޿ ֵNu`ݼTâabO7uL&y^wFٝA"l[|ŲHLN밪4*sG3|Dv}?+y߉{OuOAt4Jj.u]Gz*҉sP'VQKbA1u\`& Af;HWj hsO;ogTu uj7S3/QzUr&wS`M$X_L7r2;aE+ώ%vikDA:dR+%KzƉo>eOth$z%: :{WwaQ:wz%4foɹE[9<]#ERINƻv溂E%P1i01 |Jvҗ&{b?9g=^wζXn/lK::90KwrюO\!ջ3uzuGv^;騢wq<Iatv09:tt~hEG`v;3@MNZD.1]L:{ծI3`L(÷ba")Y.iljCɄae#I"1 `3*Bdz>j<fU40⨬%O$3cGt]j%Fߠ_twJ;ABU8vP3uEԑwQ V:h%))LfraqX-ۿX]v-\9I gl8tzX ]ecm)-cgʒ#Uw=Wlێn(0hPP/ӨtQ“&J35 $=]r1{tLuǮ*i0_;NƝ8;-vݏr8+U-kruȕYr0RnC]*ެ(M:]gE;{]tg(#ZJ9y>utRDRMdr9㪩̞zֹb<ģ&wzJM"iI( .ꮅX)Qw:9,i좜\Ԛi7&N0:asϓc];=ΗOӣ APqz93 y $)A*kVHZwBƺnWNaby>XMN*45~ղM6Nvm;A=jֲ.~1}(9`KJ/V F9[=`~[;sRuk]rєT!)iQO)Y$V ی ۤmzWz5IM Zb )ˆC`6 rRa}qNmUfDsWuˤV{ Pݝ'=Kֳbg,UҘVz2ﴻnjNgBb{? ߮tcsͻQuxVCIY۠:(V뺕 ٥2;t`@Fo{Z9`;]wMzU~%UA蛚dI vGq\r82iu +St`cR.6U/M9IENDB`/* * ProFTPD - mod_tls API * Copyright (c) 2002-2016 TJ Saunders * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street, Suite 500, Boston, MA 02110-1335, USA. * * As a special exemption, TJ Saunders and other respective copyright holders * give permission to link this program with OpenSSL, and distribute the * resulting executable, without including the source code for OpenSSL in the * source distribution. */ #ifndef MOD_TLS_H #define MOD_TLS_H #include "conf.h" #include #include #include #if defined(PR_USE_OPENSSL_OCSP) # include #endif /* PR_USE_OPENSSL_OCSP */ /* For mod_tls-related modules wishing to log info to the TLSLog file. */ int tls_log(const char *, ...) #ifdef __GNUC__ __attribute__ ((format (printf, 1, 2))); #else ; #endif /* API for modules that which to register SSL session cache handlers. */ #if OPENSSL_VERSION_NUMBER >= 0x0090707f # define TLS_D2I_SSL_SESSION_CONST const #else # define TLS_D2I_SSL_SESSION_CONST #endif typedef struct sess_cache_st { const char *cache_name; /* Memory pool for this cache. */ pool *cache_pool; /* Arbitrary cache-specific data */ void *cache_data; /* Timeout (in secs) of entries in this cache. */ long cache_timeout; /* Additional OpenSSL session caching flags desired by the session cache * handler. These will be OR'd with SSL_SESS_CACHE_SERVER. See * SSL_CTX_set_session_cache_mode(3) for details. */ long cache_mode; /* Initialize the cache handler. Returns zero on success, -1 otherwise (with * errno set appropriately). */ int (*open)(struct sess_cache_st *cache, char *info, long timeout); /* Destroy the cache handler, cleaning up any associated resources. Returns * zero on success, -1 otherwise (with errno set appropriately). */ int (*close)(struct sess_cache_st *cache); /* Add a new session entry to the cache. The provided sess_id is effectively * the cache lookup key. */ int (*add)(struct sess_cache_st *cache, const unsigned char *sess_id, unsigned int sess_id_len, time_t expires, SSL_SESSION *sess); /* Retrieve a session from the cache, using the provided sess_id key. */ SSL_SESSION *(*get)(struct sess_cache_st *cache, const unsigned char *sess_id, unsigned int sess_id_len); /* Remove the specified session from the cache. */ int (*delete)(struct sess_cache_st *cache, const unsigned char *sess_id, unsigned int sess_id_len); /* Clear the cache of all sessions, regardless of their normal expiration * time. Returns the number of cleared sessions on success, -1 otherwise * (with errno set appropriately). */ int (*clear)(struct sess_cache_st *cache); /* Remove the entire cache. Returns zero on success, -1 otherwise (with * errno set appropriately). */ int (*remove)(struct sess_cache_st *cache); /* Query the cache for information: count of sessions currently cached, * hits/misses/expirations, etc. Returns zero on success, -1 otherwise * (with errno set appropriately). */ int (*status)(struct sess_cache_st *cache, void (*writef)(void *, const char *, ...), void *arg, int flags); } tls_sess_cache_t; /* Use this flag to indicate to the status callback that details on all * sessions in the cache are to be shown. These details include the * session ID, session ID context, session creation time, session expiration * time, session protocol (SSLv3, TLSv1, etc), and ciphersuite. */ #define TLS_SESS_CACHE_STATUS_FL_SHOW_SESSIONS 0x001 int tls_sess_cache_register(const char *name, tls_sess_cache_t *handler); int tls_sess_cache_unregister(const char *name); /* API for modules that which to register OCSP response cache handlers. */ typedef struct ocsp_cache_st { const char *cache_name; /* Memory pool for this cache. */ pool *cache_pool; /* Arbitrary cache-specific data */ void *cache_data; /* Initialize the cache handler. Returns zero on success, -1 otherwise (with * errno set appropriately). */ int (*open)(struct ocsp_cache_st *cache, char *info); /* Destroy the cache handler, cleaning up any associated resources. Returns * zero on success, -1 otherwise (with errno set appropriately). */ int (*close)(struct ocsp_cache_st *cache); #if defined(PR_USE_OPENSSL_OCSP) /* Add a new OCSP response to the cache. The provided cert_fingerprint * (a hex-encoded, NUL-terminated string) is effectively the cache lookup key. */ int (*add)(struct ocsp_cache_st *cache, const char *cert_fingerprint, OCSP_RESPONSE *resp, time_t age); /* Retrieve an OCSP response from the cache, using the provided lookup key. */ OCSP_RESPONSE *(*get)(struct ocsp_cache_st *cache, const char *cert_fingerprint, time_t *age); #endif /* PR_USE_OPENSSL_OCSP */ /* Remove the specified certificate's response from the cache. */ int (*delete)(struct ocsp_cache_st *cache, const char *cert_fingerprint); /* Clear the cache of all OCSP responses, regardless of their normal * expiration time. Returns the number of cleared responses on success, * -1 otherwise (with errno set appropriately). */ int (*clear)(struct ocsp_cache_st *cache); /* Remove the entire cache. Returns zero on success, -1 otherwise (with * errno set appropriately). */ int (*remove)(struct ocsp_cache_st *cache); /* Query the cache for information: count of responses currently cached, * hits/misses/expirations, etc. Returns zero on success, -1 otherwise * (with errno set appropriately). */ int (*status)(struct ocsp_cache_st *cache, void (*writef)(void *, const char *, ...), void *arg, int flags); } tls_ocsp_cache_t; int tls_ocsp_cache_register(const char *name, tls_ocsp_cache_t *handler); int tls_ocsp_cache_unregister(const char *name); #endif /* MOD_TLS_H */