src/modules/rlm_eap/types/rlm_eap_tls/rlm_eap_tls.h

   1 /*
   2  * rlm_eap_tls.h
   3  *
   4  * Version:     $Id$
   5  *
   6  *   This program is free software; you can redistribute it and/or modify
   7  *   it under the terms of the GNU General Public License as published by
   8  *   the Free Software Foundation; either version 2 of the License, or
   9  *   (at your option) any later version.
  10  *
  11  *   This program is distributed in the hope that it will be useful,
  12  *   but WITHOUT ANY WARRANTY; without even the implied warranty of
  13  *   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  14  *   GNU General Public License for more details.
  15  *
  16  *   You should have received a copy of the GNU General Public License
  17  *   along with this program; if not, write to the Free Software
  18  *   Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
  19  *
  20  * Copyright 2001  hereUare Communications, Inc. <raghud@hereuare.com>
  21  * Copyright 2003  Alan DeKok <aland@freeradius.org>
  22  * Copyright 2006  The FreeRADIUS server project
  23  */
  24 #ifndef _RLM_EAP_TLS_H
  25 #define _RLM_EAP_TLS_H
  26
  27 #include <freeradius-devel/ident.h>
  28 RCSIDH(rlm_eap_tls_h, "$Id$")
  29
  30 #include "eap_tls.h"
  31
  32 #include <freeradius-devel/radiusd.h>
  33 #include <freeradius-devel/modules.h>
  34
  35 /* configured values goes right here */
  36 typedef struct eap_tls_conf {
  37         char            *private_key_password;
  38         char            *private_key_file;
  39         char            *certificate_file;
  40         char            *random_file;
  41         char            *ca_path;
  42         char            *ca_file;
  43         char            *dh_file;
  44         char            *rsa_file;
  45         char            *make_cert_command;
  46         char            *virtual_server;
  47         int             rsa_key;
  48         int             dh_key;
  49         int             rsa_key_length;
  50         int             dh_key_length;
  51         int             verify_depth;
  52         int             file_type;
  53         int             include_length;
  54         int             disable_tlsv1_1;
  55         int             disable_tlsv1_2;
  56
  57         /*
  58          *      Always < 4096 (due to radius limit), 0 by default = 2048
  59          */
  60         int             fragment_size;
  61         int             check_crl;
  62         int             allow_expired_crl;
  63         char            *check_cert_cn;
  64         char            *cipher_list;
  65         char            *check_cert_issuer;
  66
  67         int             session_cache_enable;
  68         int             session_timeout;
  69         int             session_cache_size;
  70         char            *session_id_name;
  71         char            session_context_id[SSL_MAX_SSL_SESSION_ID_LENGTH];
  72         time_t          session_last_flushed;
  73
  74         char            *verify_tmp_dir;
  75         char            *verify_client_cert_cmd;
  76
  77 #ifdef HAVE_OPENSSL_OCSP_H
  78         /*
  79          * OCSP Configuration
  80          */
  81         int             ocsp_enable;
  82         int             ocsp_override_url;
  83         char            *ocsp_url;
  84         int             ocsp_use_nonce;
  85         int             ocsp_timeout;
  86         int             ocsp_softfail;
  87 #endif
  88
  89 #if OPENSSL_VERSION_NUMBER >= 0x0090800fL
  90 #ifndef OPENSSL_NO_ECDH
  91         char            *ecdh_curve;
  92 #endif
  93 #endif
  94 } EAP_TLS_CONF;
  95
  96 /* This structure gets stored in arg */
  97 typedef struct _eap_tls_t {
  98         EAP_TLS_CONF    conf;
  99         SSL_CTX         *ctx;
 100 #ifdef HAVE_OPENSSL_OCSP_H
 101         X509_STORE      *store; /* OCSP Revocation Store */
 102 #endif
 103 } eap_tls_t;
 104
 105
 106 #endif /* _RLM_EAP_TLS_H */