www/apache
1
0
Fork 0
mirror of https://github.com/apache/httpd.git synced 2025-08-08 15:02:10 +03:00
Code Activity

move c->notes.ssl::client::dn to SSLConnRec.client_dn

Browse Source 
PR:
Obtained from:
Submitted by:
Reviewed by:


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@92094 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Doug MacEachern
2001-11-21 18:08:33 +00:00
parent 6a641aae9c
commit 0e5e9c10a2
3 changed files with 13 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
modules/ssl/mod_ssl.c
View File

@@ -288,7 +288,6 @@ static int ssl_hook_pre_connection(conn_rec *c)
/*
* Predefine some client verification results
*/
apr_table_setn(c->notes, "ssl::client::dn", NULL);
apr_table_setn(c->notes, "ssl::verify::error", NULL);
apr_table_setn(c->notes, "ssl::verify::info", NULL);
SSL_set_verify_result(ssl, X509_V_OK);
@@ -339,6 +338,7 @@ int ssl_hook_process_connection(SSLFilterRec *pRec)
X509 *xs;
char *cp = NULL;
conn_rec *c = (conn_rec*)SSL_get_app_data (pRec->pssl);
SSLConnRec *sslconn = myConnConfig(c);
SSLSrvConfigRec *sc = mySrvConfig(c->base_server);
long verify_result;
@@ -447,7 +447,7 @@ int ssl_hook_process_connection(SSLFilterRec *pRec)
*/
if ((xs = SSL_get_peer_certificate(pRec->pssl)) != NULL) {
cp = X509_NAME_oneline(X509_get_subject_name(xs), NULL, 0);
apr_table_setn(c->notes,"ssl::client::dn",apr_pstrdup(c->pool, cp));
sslconn->client_dn = apr_pstrdup(c->pool, cp);
free(cp);
}
@@ -456,7 +456,7 @@ int ssl_hook_process_connection(SSLFilterRec *pRec)
* is required we really got one... (be paranoid)
*/
if (sc->nVerifyClient == SSL_CVERIFY_REQUIRE
&& apr_table_get(c->notes, "ssl::client::dn") == NULL) {
&& sslconn->client_dn == NULL) {
ssl_log(c->base_server, SSL_LOG_ERROR,
"No acceptable peer certificate available");
return ssl_abort(pRec, c);

1
modules/ssl/mod_ssl.h
View File

@@ -452,6 +452,7 @@ typedef struct {
typedef struct {
SSL *ssl;
const char *client_dn;
} SSLConnRec;
typedef struct {

12
modules/ssl/ssl_engine_kernel.c
View File

@@ -75,6 +75,7 @@ apr_status_t ssl_hook_CloseConnection(SSLFilterRec *filter)
SSL *ssl;
char *cpType;
conn_rec *conn;
SSLConnRec *sslconn;
ssl = filter->pssl;
conn = (conn_rec *)SSL_get_app_data(ssl);
@@ -82,6 +83,8 @@ apr_status_t ssl_hook_CloseConnection(SSLFilterRec *filter)
if (ssl == NULL)
return APR_SUCCESS;
sslconn = myConnConfig(conn);
/*
* Now close the SSL layer of the connection. We've to take
* the TLSv1 standard into account here:
@@ -775,8 +778,7 @@ int ssl_hook_Access(request_rec *r)
*/
if ((cert = SSL_get_peer_certificate(ssl)) != NULL) {
cp = X509_NAME_oneline(X509_get_subject_name(cert), NULL, 0);
apr_table_setn(r->connection->notes, "ssl::client::dn",
apr_pstrdup(r->connection->pool, cp));
sslconn->client_dn = apr_pstrdup(r->connection->pool, cp);
free(cp);
}
@@ -919,7 +921,7 @@ int ssl_hook_UserCheck(request_rec *r)
return DECLINED;
if (r->user)
return DECLINED;
if ((clientdn = (char *)apr_table_get(r->connection->notes, "ssl::client::dn")) == NULL)
if ((clientdn = (char *)sslconn->client_dn) == NULL)
return DECLINED;
/*
@@ -1200,6 +1202,7 @@ int ssl_callback_SSLVerify(int ok, X509_STORE_CTX *ctx)
request_rec *r;
SSLSrvConfigRec *sc;
SSLDirConfigRec *dc;
SSLConnRec *sslconn;
apr_table_t *actx;
X509 *xs;
int errnum;
@@ -1214,6 +1217,7 @@ int ssl_callback_SSLVerify(int ok, X509_STORE_CTX *ctx)
*/
ssl = (SSL *)X509_STORE_CTX_get_app_data(ctx);
conn = (conn_rec *)SSL_get_app_data(ssl);
sslconn = myConnConfig(conn);
actx = (apr_table_t *)SSL_get_app_data2(ssl);
r = (request_rec *)apr_table_get(actx, "ssl::request_rec");
s = conn->base_server;
@@ -1273,7 +1277,7 @@ int ssl_callback_SSLVerify(int ok, X509_STORE_CTX *ctx)
if (!ok) {
ssl_log(s, SSL_LOG_ERROR, "Certificate Verification: Error (%d): %s",
errnum, X509_verify_cert_error_string(errnum));
apr_table_setn(conn->notes, "ssl::client::dn", NULL);
sslconn->client_dn = NULL;
apr_table_setn(conn->notes, "ssl::verify::error",
(void *)X509_verify_cert_error_string(errnum));
}