3 * @brief SSLproxy Header
\r
5 * Copyright (C) 2008 NTT COMWARE Corporation.
\r
7 * This program is free software; you can redistribute it and/or
\r
8 * modify it under the terms of the GNU Lesser General Public
\r
9 * License as published by the Free Software Foundation; either
\r
10 * version 2.1 of the License, or (at your option) any later version.
\r
12 * This program is distributed in the hope that it will be useful,
\r
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
\r
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
\r
15 * Lesser General Public License for more details.
\r
17 * You should have received a copy of the GNU Lesser General Public
\r
18 * License along with this library; if not, write to the Free Software
\r
19 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
\r
22 **********************************************************************
\r
24 * Distributed under the Boost Software Licence, Version 1.0
\r
25 * http://www.boost.org/LICENSE_1_0.txt
\r
27 **********************************************************************/
\r
29 #ifndef __SSLPROXY_H__
\r
30 #define __SSLPROXY_H__
\r
32 #include <boost/asio.hpp>
\r
33 #include <boost/asio/ssl.hpp>
\r
35 #include "logger_wrapper.h"
\r
36 #include "parameter_wrapper.h"
\r
38 //! SSLproxy parameter default value.
\r
39 #define DEFAULT_NUM_THREAD 10
\r
40 #define DEFAULT_TIMEOUT_SEC 30
\r
41 #define DEFAULT_CA_DIR "/etc/l7vs/sslproxy/"
\r
42 #define DEFAULT_CERT_CHAIN_DIR "/etc/l7vs/sslproxy/"
\r
43 #define DEFAULT_PRIVATE_KEY_DIR "/etc/l7vs/sslproxy/"
\r
44 #define DEFAULT_PRIVATE_KEY_FILETYPE boost::asio::ssl::context::pem //! SSL_FILETYPE_PEM
\r
45 #define DEFAULT_PRIVATE_KEY_PASSWD_FROM "console"
\r
46 #define DEFAULT_PRIVATE_KEY_PASSWD_DIR "/etc/l7vs/sslproxy/"
\r
47 #define DEFAULT_VERIFY_OPTIONS (SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT)
\r
48 #define DEFAULT_VERIFY_CERT_DEPTH 9
\r
49 #define DEFAULT_SSL_OPTIONS (SSL_OP_ALL | SSL_OP_NO_SSLv2 | SSL_OP_SINGLE_DH_USE)
\r
50 #define DEFAULT_TMP_DH_DIR "/etc/l7vs/sslproxy/"
\r
51 #define DEFAULT_CIPHER_LIST "ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH"
\r
52 #define DEFAULT_CONN_LOG_FLAG "on"
\r
54 #define DEFAULT_SSL_METHOD boost::asio::ssl::context::sslv23 //! SSLv23_method
\r
55 #define MAX_PASSWD_SIZE 256
\r
56 #define MAX_BUFFER_SIZE 4096
\r
57 #define MAX_TARGET_ID_SIZE 256
\r
58 #define TARGET_ID_CHECK_STRING "/bin/ps -C sslproxy -o args --no-headers | /bin/cut -d\" \" -f2"
\r
60 //! SSLproxy session cache parameter default value.
\r
61 #define DEFAULT_SESSION_CACHE_MODE SSL_SESS_CACHE_SERVER //! "on"
\r
62 #define DEFAULT_SESSION_CACHE_SIZE SSL_SESSION_CACHE_MAX_SIZE_DEFAULT //! 20480
\r
63 #define DEFAULT_SESSION_CACHE_TIMEOUT 300
\r
66 extern std::string target_id;
\r
68 //! SSLproxy parameters.
\r
69 extern std::string recv_endpoint;
\r
70 extern std::string target_endpoint;
\r
71 extern int num_thread;
\r
72 extern int timeout_sec;
\r
73 extern std::string ca_dir;
\r
74 extern std::string ca_file;
\r
75 extern std::string cert_chain_dir;
\r
76 extern std::string cert_chain_file;
\r
77 extern std::string private_key_dir;
\r
78 extern std::string private_key_file;
\r
79 extern boost::asio::ssl::context::file_format private_key_filetype;
\r
80 extern std::string private_key_passwd_from;
\r
81 extern std::string private_key_passwd_dir;
\r
82 extern std::string private_key_passwd_file;
\r
83 extern int verify_options;
\r
84 extern int verify_cert_depth;
\r
85 extern long int ssl_options;
\r
86 extern bool tmp_dh_use;
\r
87 extern std::string tmp_dh_dir;
\r
88 extern std::string tmp_dh_file;
\r
89 extern std::string cipher_list;
\r
90 extern long session_cache_mode;
\r
91 extern long session_cache_size;
\r
92 extern long session_cache_timeout;
\r
93 extern std::string conn_log_flag;
\r
95 #endif //__SSLPROXY_H__
\r