src/modules/rlm_eap/types/rlm_eap_tls/rlm_eap_tls.h

   1 /*
   2  * rlm_eap_tls.h
   3  *
   4  * Version:     $Id$
   5  *
   6  *   This program is free software; you can redistribute it and/or modify
   7  *   it under the terms of the GNU General Public License as published by
   8  *   the Free Software Foundation; either version 2 of the License, or
   9  *   (at your option) any later version.
  10  *
  11  *   This program is distributed in the hope that it will be useful,
  12  *   but WITHOUT ANY WARRANTY; without even the implied warranty of
  13  *   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  14  *   GNU General Public License for more details.
  15  *
  16  *   You should have received a copy of the GNU General Public License
  17  *   along with this program; if not, write to the Free Software
  18  *   Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
  19  *
  20  * Copyright 2001  hereUare Communications, Inc. <raghud@hereuare.com>
  21  * Copyright 2003  Alan DeKok <aland@freeradius.org>
  22  * Copyright 2006  The FreeRADIUS server project
  23  */
  24 #ifndef _RLM_EAP_TLS_H
  25 #define _RLM_EAP_TLS_H
  26
  27 #include <freeradius-devel/ident.h>
  28 RCSIDH(rlm_eap_tls_h, "$Id$")
  29
  30 #include "eap_tls.h"
  31
  32 #include <freeradius-devel/radiusd.h>
  33 #include <freeradius-devel/modules.h>
  34
  35 /* configured values goes right here */
  36 typedef struct eap_tls_conf {
  37         char            *private_key_password;
  38         char            *private_key_file;
  39         char            *certificate_file;
  40         char            *random_file;
  41         char            *ca_path;
  42         char            *ca_file;
  43         char            *dh_file;
  44         char            *rsa_file;
  45         char            *make_cert_command;
  46         char            *virtual_server;
  47         int             rsa_key;
  48         int             dh_key;
  49         int             rsa_key_length;
  50         int             dh_key_length;
  51         int             verify_depth;
  52         int             file_type;
  53         int             include_length;
  54
  55         /*
  56          *      Always < 4096 (due to radius limit), 0 by default = 2048
  57          */
  58         int             fragment_size;
  59         int             check_crl;
  60         int             allow_expired_crl;
  61         char            *check_cert_cn;
  62         char            *cipher_list;
  63         char            *check_cert_issuer;
  64
  65         int             session_cache_enable;
  66         int             session_timeout;
  67         int             session_cache_size;
  68         char            *session_id_name;
  69         char            session_context_id[SSL_MAX_SSL_SESSION_ID_LENGTH];
  70         time_t          session_last_flushed;
  71
  72         char            *verify_tmp_dir;
  73         char            *verify_client_cert_cmd;
  74
  75 #ifdef HAVE_OPENSSL_OCSP_H
  76         /*
  77          * OCSP Configuration
  78          */
  79         int             ocsp_enable;
  80         int             ocsp_override_url;
  81         char            *ocsp_url;
  82         int             ocsp_use_nonce;
  83         int             ocsp_timeout;
  84         int             ocsp_softfail;
  85 #endif
  86
  87 #if OPENSSL_VERSION_NUMBER >= 0x0090800fL
  88 #ifndef OPENSSL_NO_ECDH
  89         char            *ecdh_curve;
  90 #endif
  91 #endif
  92 } EAP_TLS_CONF;
  93
  94 /* This structure gets stored in arg */
  95 typedef struct _eap_tls_t {
  96         EAP_TLS_CONF    conf;
  97         SSL_CTX         *ctx;
  98 #ifdef HAVE_OPENSSL_OCSP_H
  99         X509_STORE      *store; /* OCSP Revocation Store */
 100 #endif
 101 } eap_tls_t;
 102
 103
 104 #endif /* _RLM_EAP_TLS_H */