1 files changed, 0 insertions, 184 deletions
diff --git a/modules/tls/tls_core.h b/modules/tls/tls_core.h
deleted file mode 100644
index 6ee1713b5e..0000000000
--- a/modules/tls/tls_core.h
+++ /dev/null
@@ -1,184 +0,0 @@
-/* Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements.  See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-#ifndef tls_core_h
-#define tls_core_h
-
-/* The module's state handling of a connection in normal chronological order,
- */
-typedef enum {
-    TLS_CONN_ST_INIT,             /* being initialized */
-    TLS_CONN_ST_DISABLED,         /* TLS is disabled here */
-    TLS_CONN_ST_CLIENT_HELLO,    /* TLS is enabled, prep handshake */
-    TLS_CONN_ST_HANDSHAKE,        /* TLS is enabled, handshake ongonig */
-    TLS_CONN_ST_TRAFFIC,          /* TLS is enabled, handshake done */
-    TLS_CONN_ST_NOTIFIED,         /* TLS is enabled, notification to end sent */
-    TLS_CONN_ST_DONE,             /* TLS is enabled, TLS has shut down */
-} tls_conn_state_t;
-
-#define TLS_CONN_ST_IS_ENABLED(cc)  (cc && cc->state >= TLS_CONN_ST_CLIENT_HELLO)
-
-struct tls_filter_ctx_t;
-
-/* The modules configuration for a connection. Created at connection
- * start and mutable during the lifetime of the connection.
- * (A conn_rec is only ever processed by one thread at a time.)
- */
-typedef struct {
-    server_rec *server;               /* the server_rec selected for this connection,
-                                       * initially c->base_server, to be negotiated via SNI. */
-    tls_conf_dir_t *dc;               /* directory config applying here */
-    tls_conn_state_t state;
-    int outgoing;                     /* != 0 iff outgoing connection (redundant once c->outgoing is everywhere) */
-    int service_unavailable;          /* we 503 all requests on this connection */
-    tls_client_auth_t client_auth;    /* how client authentication with certificates is used */
-    int client_hello_seen;            /* the client hello has been inspected */
-
-    rustls_connection *rustls_connection; /* the session used on this connection or NULL */
-    const rustls_server_config *rustls_server_config; /* the config made for this connection (incoming) or NULL */
-    const rustls_client_config *rustls_client_config; /* the config made for this connection (outgoing) or NULL */
-    struct tls_filter_ctx_t *filter_ctx; /* the context used by this connection's tls filters */
-
-    apr_array_header_t *local_keys;   /* rustls_certified_key* array of connection specific keys */
-    const rustls_certified_key *key;  /* the key selected for the session */
-    int key_cloned;                   /* != 0 iff the key is a unique clone, to be freed */
-    apr_array_header_t *peer_certs;   /* handshaked peer ceritificates or NULL */
-    const char *sni_hostname;         /* the SNI value from the client hello, or NULL */
-    const apr_array_header_t *alpn;   /* the protocols proposed via ALPN by the client */
-    const char *application_protocol;    /* the ALPN selected protocol or NULL */
-
-    int session_id_cache_hit;         /* if a submitted session id was found in our cache */
-
-    apr_uint16_t tls_protocol_id;      /* the TLS version negotiated */
-    const char *tls_protocol_name;     /* the name of the TLS version negotiated */
-    apr_uint16_t tls_cipher_id;       /* the TLS cipher suite negotiated */
-    const char *tls_cipher_name;      /* the name of TLS cipher suite negotiated */
-
-    const char *user_name;            /* != NULL if we derived a TLSUserName from the client_cert */
-    apr_table_t *subprocess_env;      /* common TLS variables for this connection */
-
-    rustls_result last_error;
-    const char *last_error_descr;
-
-} tls_conf_conn_t;
-
-/* Get the connection specific module configuration. */
-tls_conf_conn_t *tls_conf_conn_get(conn_rec *c);
-
-/* Set the module configuration for a connection. */
-void tls_conf_conn_set(conn_rec *c, tls_conf_conn_t *cc);
-
-/* Return OK iff this connection is a TSL connection (or a secondary on a TLS connection). */
-int tls_conn_check_ssl(conn_rec *c);
-
-/**
- * Initialize the module's global and server specific settings. This runs
- * in Apache's "post-config" phase, meaning the configuration has been read
- * and checked for syntactic and other easily verifiable errors and now
- * it is time to load everything in and make it ready for traffic.
- * <p>      a memory pool staying with us the whole time until the server stops/reloads.
- * <ptemp>  a temporary pool as a scratch buffer that will be destroyed shortly after.
- * <base_server> the server for the global configuration which links -> next to
- *          all contained virtual hosts configured.
- */
-apr_status_t tls_core_init(apr_pool_t *p, apr_pool_t *ptemp, server_rec *base_server);
-
-/**
- * Initialize the module's outgoing connection settings. This runs
- * in Apache's "post-config" phase after mod_proxy.
- */
-apr_status_t tls_core_init_outgoing(apr_pool_t *p, apr_pool_t *ptemp, server_rec *base_server);
-
-/**
- * Supply a directory configuration for the connection to work with. This
- * maybe NULL. This can be called several times during the lifetime of a
- * connection and must not change the current TLS state.
- * @param c the connection
- * @param dir_conf optional directory configuration that applies
- */
-void tls_core_conn_bind(conn_rec *c, ap_conf_vector_t *dir_conf);
-
-/**
- * Disable TLS on a new connection. Will do nothing on already initialized
- * connections.
- * @param c a new connection
- */
-void tls_core_conn_disable(conn_rec *c);
-
-/**
- * Initialize the tls_conf_connt_t for the connection
- * and decide if TLS is enabled or not.
- * @return OK if enabled, DECLINED otherwise
- */
-int tls_core_pre_conn_init(conn_rec *c);
-
-/**
- * Initialize the module for a TLS enabled connection.
- * @param c a new connection
- */
-apr_status_t tls_core_conn_init(conn_rec *c);
-
-/**
- * Called when the ClientHello has been received and values from it
- * have been extracted into the `tls_conf_conn_t` of the connection.
- *
- * Decides:
- * - which `server_rec` this connection is for (SNI)
- * - which application protocol to use (ALPN)
- * This may be unsuccessful for several reasons. The SNI
- * from the client may not be known or the selected server
- * has not certificates available. etc.
- * On success, a proper `rustls_connection` will have been
- * created and set in the `tls_conf_conn_t` of the connection.
- */
-apr_status_t tls_core_conn_seen_client_hello(conn_rec *c);
-
-/**
- * The TLS handshake for the connection has been successfully performed.
- * This means that TLS related properties, such as TLS version and cipher,
- * are known and the props in `tls_conf_conn_t` of the connection
- * can be set.
- */
-apr_status_t tls_core_conn_post_handshake(conn_rec *c);
-
-/**
- * After a request has been read, but before processing is started, we
- * check if everything looks good to us:
- * - was an SNI hostname provided by the client when we have vhosts to choose from?
- *   if not, we deny it.
- * - if the SNI hostname and request host are not the same, are they - from TLS
- *   point of view - 'compatible' enough? For example, if one server requires
- *   client certificates and the other not (or with different settings), such
- *   a request will also be denied.
- * returns DECLINED if everything is ok, otherwise an HTTP response code to
- *   generate an error page for.
- */
-int tls_core_request_check(request_rec *r);
-
-/**
- * A Rustls error happened while processing the connection. Look up an
- * error description, determine the apr_status_t to use for it and remember
- * this as the last error at tls_conf_conn_t.
- */
-apr_status_t tls_core_error(conn_rec *c, rustls_result rr, const char **perrstr);
-
-/**
- * Determine if we handle the TLS for an outgoing connection or not.
- * @param c the connection
- * @return OK if we handle the TLS, DECLINED otherwise.
- */
-int tls_core_setup_outgoing(conn_rec *c);
-
-#endif /* tls_core_h */