3 * @brief SSLproxy Header
5 * Copyright (C) 2008 NTT COMWARE Corporation.
7 * This program is free software; you can redistribute it and/or
8 * modify it under the terms of the GNU Lesser General Public
9 * License as published by the Free Software Foundation; either
10 * version 2.1 of the License, or (at your option) any later version.
12 * This program is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15 * Lesser General Public License for more details.
17 * You should have received a copy of the GNU Lesser General Public
18 * License along with this library; if not, write to the Free Software
19 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
22 **********************************************************************
24 * Distributed under the Boost Software Licence, Version 1.0
25 * http://www.boost.org/LICENSE_1_0.txt
27 **********************************************************************/
29 #ifndef __SSLPROXY_H__
30 #define __SSLPROXY_H__
32 #include <boost/asio.hpp>
33 #include <boost/asio/ssl.hpp>
35 #include "logger_wrapper.h"
36 #include "parameter_wrapper.h"
38 //! SSLproxy parameter default value.
39 #define DEFAULT_NUM_THREAD 10
40 #define DEFAULT_TIMEOUT_SEC 30
41 #define DEFAULT_CA_DIR "/etc/l7vs/sslproxy/"
42 #define DEFAULT_CERT_CHAIN_DIR "/etc/l7vs/sslproxy/"
43 #define DEFAULT_PRIVATE_KEY_DIR "/etc/l7vs/sslproxy/"
44 #define DEFAULT_PRIVATE_KEY_FILETYPE boost::asio::ssl::context::pem //! SSL_FILETYPE_PEM
45 #define DEFAULT_PRIVATE_KEY_PASSWD_FROM "console"
46 #define DEFAULT_PRIVATE_KEY_PASSWD_DIR "/etc/l7vs/sslproxy/"
47 #define DEFAULT_VERIFY_OPTIONS (SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT)
48 #define DEFAULT_VERIFY_CERT_DEPTH 9
49 #define DEFAULT_SSL_OPTIONS (SSL_OP_ALL | SSL_OP_NO_SSLv2 | SSL_OP_SINGLE_DH_USE)
50 #define DEFAULT_TMP_DH_DIR "/etc/l7vs/sslproxy/"
51 #define DEFAULT_CIPHER_LIST "ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH"
52 #define DEFAULT_CONN_LOG_FLAG "on"
54 #define DEFAULT_SSL_METHOD boost::asio::ssl::context::sslv23 //! SSLv23_method
55 #define DEFAULT_CLIENT_EDIT false
56 #define DEFAULT_SERVER_EDIT false
57 #define MAX_PASSWD_SIZE 256
58 #define MAX_READ_SIZE 4096
59 #define MAX_EDIT_SIZE MAX_READ_SIZE
60 #define MAX_BUFFER_SIZE (MAX_READ_SIZE + MAX_EDIT_SIZE)
61 #define MAX_TARGET_ID_SIZE 256
62 #define TARGET_ID_CHECK_STRING "/bin/ps -C sslproxy -o args --no-headers | /bin/cut -d\" \" -f2"
64 //! SSLproxy session cache parameter default value.
65 #define DEFAULT_SESSION_CACHE_MODE SSL_SESS_CACHE_SERVER //! "on"
66 #define DEFAULT_SESSION_CACHE_SIZE SSL_SESSION_CACHE_MAX_SIZE_DEFAULT //! 20480
67 #define DEFAULT_SESSION_CACHE_TIMEOUT 300
69 //! Defailt max file open num
70 #define DEFAULT_MAX_FILE_NUM 65535
73 extern std::string target_id;
75 //! SSLproxy parameters.
76 extern std::string recv_endpoint;
77 extern std::string target_endpoint;
78 extern int num_thread;
79 extern int timeout_sec;
80 extern std::string ca_dir;
81 extern std::string ca_file;
82 extern std::string cert_chain_dir;
83 extern std::string cert_chain_file;
84 extern std::string private_key_dir;
85 extern std::string private_key_file;
86 extern boost::asio::ssl::context::file_format private_key_filetype;
87 extern std::string private_key_passwd_from;
88 extern std::string private_key_passwd_dir;
89 extern std::string private_key_passwd_file;
90 extern int verify_options;
91 extern int verify_cert_depth;
92 extern long int ssl_options;
93 extern bool tmp_dh_use;
94 extern std::string tmp_dh_dir;
95 extern std::string tmp_dh_file;
96 extern std::string cipher_list;
97 extern long session_cache_mode;
98 extern long session_cache_size;
99 extern long session_cache_timeout;
100 extern std::string conn_log_flag;
101 extern bool client_packet_edit;
102 extern bool server_packet_edit;
103 extern std::list<std::pair<std::string, std::string > > http_request_header;
104 extern std::list<std::pair<std::string, std::string > > http_response_header;
106 #endif //__SSLPROXY_H__