hitch  1.5.2
About: Hitch is a libev-based high performance SSL/TLS proxy that terminates TLS/SSL connections and forwards the unencrypted traffic to some backend.
  Fossies Dox: hitch-1.5.2.tar.gz  ("unofficial" and yet experimental doxygen-generated source code documentation)  

hitch.h
Go to the documentation of this file.
1 
32 #ifndef HITCH_H_INCLUDED
33 #define HITCH_H_INCLUDED
34 
35 #include "config.h"
36 
37 #include <arpa/inet.h>
38 
39 #include <ev.h>
40 #include <stdio.h>
41 #include <syslog.h>
42 #include <sys/types.h>
43 #include <sys/ioctl.h>
44 #include <openssl/asn1.h>
45 #include <openssl/engine.h>
46 #include <openssl/evp.h>
47 #include <openssl/err.h>
48 #include <openssl/ssl.h>
49 #include <openssl/ocsp.h>
50 #include <openssl/x509.h>
51 #include <openssl/x509v3.h>
52 
53 #include "configuration.h"
54 #include "ringbuffer.h"
55 #include "foreign/asn_gentm.h"
56 #include "foreign/miniobj.h"
57 #include "foreign/vas.h"
58 #include "foreign/vqueue.h"
59 #include "foreign/vsb.h"
60 
61 
62 typedef struct sslstaple_s sslstaple;
63 
64 struct sni_name_s;
66 
67 /* SSL contexts. */
68 struct sslctx_s {
69  unsigned magic;
70 #define SSLCTX_MAGIC 0xcd1ce5ff
71  char *filename;
72  SSL_CTX *ctx;
73  double mtim;
76  char *staple_fn;
77  X509 *x509;
78  ev_stat *ev_staple;
81 };
82 typedef struct sslctx_s sslctx;
83 
84 #ifndef OPENSSL_NO_TLSEXT
85 
86 struct sslstaple_s {
87  unsigned magic;
88 #define SSLSTAPLE_MAGIC 0x20fe53fd
89  unsigned char *staple;
90  double mtim;
91  double nextupd;
92  int len;
93 };
94 
95 /* SNI lookup objects */
96 typedef struct sni_name_s {
97  unsigned magic;
98 #define SNI_NAME_MAGIC 0xb0626581
99  char *servername;
100  char *sni_key;
105 } sni_name;
106 
108 
109 #endif /* OPENSSL_NO_TLSEXT */
110 
111 struct backend;
112 
113 /*
114  * Proxied State
115  *
116  * All state associated with one proxied connection
117  */
118 typedef struct proxystate {
119  unsigned magic;
120 #define PROXYSTATE_MAGIC 0xcf877ed9
121  ringbuffer ring_ssl2clear; /* Pushing bytes from
122  * secure to clear
123  * stream */
124  ringbuffer ring_clear2ssl; /* Pushing bytes from
125  * clear to secure
126  * stream */
127  ev_io ev_r_ssl; /* Secure stream write event */
128  ev_io ev_w_ssl; /* Secure stream read event */
129  ev_io ev_r_handshake; /* Secure stream handshake
130  * write event */
131  ev_io ev_w_handshake; /* Secure stream handshake
132  * read event */
133  ev_timer ev_t_handshake; /* handshake timer */
134  ev_io ev_w_connect; /* Backend connect event */
135  ev_timer ev_t_connect; /* backend connect timer */
136 
137  ev_io ev_r_clear; /* Clear stream write event */
138  ev_io ev_w_clear; /* Clear stream read event */
139  ev_io ev_proxy; /* proxy read event */
140 
141  int fd_up; /* Upstream (client) socket */
142  int fd_down; /* Downstream (backend)
143  * socket */
144  struct backend *backend;
145 
146  int want_shutdown:1; /* Connection is
147  * half-shutdown */
148  int handshaked:1; /* Initial handshake happened */
149  int clear_connected:1; /* Clear stream is
150  * connected */
151  int renegotiation:1; /* Renegotation is
152  * occuring */
153  int npn_alpn_tried:1;/* NPN or ALPN was tried */
154 
155  SSL *ssl; /* OpenSSL SSL state */
156 
157  struct sockaddr_storage remote_ip; /* Remote ip returned
158  * from `accept` */
159  int connect_port; /* local port for connection */
160 } proxystate;
161 
162 
163 X509 * Find_issuer(X509 *subj, STACK_OF(X509) *chain);
164 
165 #endif /* HITCH_H_INCLUDED */
vas.h
VTAILQ_HEAD
#define VTAILQ_HEAD(name, type)
Definition: vqueue.h:423
vsb.h
proxystate::fd_down
int fd_down
Definition: hitch.h:142
proxystate::ev_w_ssl
ev_io ev_w_ssl
Definition: hitch.h:128
ringbuffer.h
proxystate
Definition: hitch.h:118
sni_name_s::is_wildcard
int is_wildcard
Definition: hitch.h:102
proxystate::ssl
SSL * ssl
Definition: hitch.h:155
ringbuffer
Definition: ringbuffer.h:46
sni_name_head
Definition: hitch.h:65
proxystate::fd_up
int fd_up
Definition: hitch.h:141
proxystate::npn_alpn_tried
int npn_alpn_tried
Definition: hitch.h:153
sni_name
struct sni_name_s sni_name
sni_name_s::servername
char * servername
Definition: hitch.h:99
proxystate::ev_r_clear
ev_io ev_r_clear
Definition: hitch.h:137
sslctx_s::hh
UT_hash_handle hh
Definition: hitch.h:80
sslctx_s::staple_fn
char * staple_fn
Definition: hitch.h:76
sslstaple_s::mtim
double mtim
Definition: hitch.h:90
sslstaple_s
Definition: hitch.h:86
proxystate::ring_ssl2clear
ringbuffer ring_ssl2clear
Definition: hitch.h:121
sni_name_s
Definition: hitch.h:96
proxystate::ev_w_clear
ev_io ev_w_clear
Definition: hitch.h:138
sslstaple_s::magic
unsigned magic
Definition: hitch.h:87
sslctx_s::filename
char * filename
Definition: hitch.h:71
proxystate::magic
unsigned magic
Definition: hitch.h:119
proxystate::ev_r_ssl
ev_io ev_r_ssl
Definition: hitch.h:127
sslctx_s::sni_list
struct sni_name_head sni_list
Definition: hitch.h:79
proxystate::ev_proxy
ev_io ev_proxy
Definition: hitch.h:139
proxystate::backend
struct backend * backend
Definition: hitch.h:144
proxystate::ev_r_handshake
ev_io ev_r_handshake
Definition: hitch.h:129
sni_name_s::hh
UT_hash_handle hh
Definition: hitch.h:104
backend
Definition: hitch.c:136
sslstaple_s::nextupd
double nextupd
Definition: hitch.h:91
sslctx_s::ctx
SSL_CTX * ctx
Definition: hitch.h:72
sslctx_s::staple
sslstaple * staple
Definition: hitch.h:74
proxystate::renegotiation
int renegotiation
Definition: hitch.h:151
proxystate::handshaked
int handshaked
Definition: hitch.h:148
proxystate::ev_t_handshake
ev_timer ev_t_handshake
Definition: hitch.h:133
sslctx_s
Definition: hitch.h:68
sslstaple_s::len
int len
Definition: hitch.h:92
proxystate::want_shutdown
int want_shutdown
Definition: hitch.h:146
proxystate::ring_clear2ssl
ringbuffer ring_clear2ssl
Definition: hitch.h:124
sslctx_s::x509
X509 * x509
Definition: hitch.h:77
Find_issuer
X509 * Find_issuer(X509 *subj, STACK_OF(X509) *chain)
Definition: hitch.c:877
sslctx_s::ev_staple
ev_stat * ev_staple
Definition: hitch.h:78
sslstaple_s::staple
unsigned char * staple
Definition: hitch.h:89
asn_gentm.h
sni_name_s::sctx
sslctx * sctx
Definition: hitch.h:101
proxystate::clear_connected
int clear_connected
Definition: hitch.h:149
miniobj.h
sni_names
sni_name * sni_names
Definition: hitch.h:107
proxystate::connect_port
int connect_port
Definition: hitch.h:159
proxystate::remote_ip
struct sockaddr_storage remote_ip
Definition: hitch.h:157
UT_hash_handle
Definition: uthash.h:952
proxystate::ev_t_connect
ev_timer ev_t_connect
Definition: hitch.h:135
sni_name_s::list
struct sni_name_s::@6 list
sslctx_s::mtim
double mtim
Definition: hitch.h:73
proxystate::ev_w_handshake
ev_io ev_w_handshake
Definition: hitch.h:131
configuration.h
vqueue.h
sni_name_s::sni_key
char * sni_key
Definition: hitch.h:100
sslctx_s::staple_vfy
int staple_vfy
Definition: hitch.h:75
proxystate
struct proxystate proxystate
sslctx_s::magic
unsigned magic
Definition: hitch.h:69
proxystate::ev_w_connect
ev_io ev_w_connect
Definition: hitch.h:134
VTAILQ_ENTRY
#define VTAILQ_ENTRY(type)
Definition: vqueue.h:433
sni_name_s::magic
unsigned magic
Definition: hitch.h:97