www/apache
1
0
Fork 0
mirror of https://github.com/apache/httpd.git synced 2025-08-08 15:02:10 +03:00
Code Activity

After some productive feedback and no negative feedback, introduce

Browse Source 
SSLEngine upgrade so that we can begin and continue to support these
  facilities.  This makes it simpler to keep this effort (while we have
  no known clients that support Connection: upgrade at this time), and
  begin refactoring more of SSL into smaller and tighter (and then optional)
  components.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@97913 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
William A. Rowe Jr
2002-12-14 07:46:45 +00:00
parent 2f62c790c7
commit 61242dd6c9
1 changed files with 56 additions and 32 deletions
Download Patch File Download Diff File Expand all files Collapse all files

88
modules/ssl/mod_ssl.c
View File

@@ -105,7 +105,7 @@ static const command_rec ssl_config_cmds[] = {
/*
* Per-server context configuration directives
*/
SSL_CMD_SRV(Engine, FLAG,
SSL_CMD_SRV(Engine, TAKE1,
"SSL switch for the protocol engine "
"(`on', `off')")
SSL_CMD_ALL(CipherSuite, TAKE1,
@@ -274,7 +274,7 @@ int ssl_engine_disable(conn_rec *c)
return 1;
}
static int ssl_hook_pre_connection(conn_rec *c, void *csd)
int ssl_init_ssl_connection(conn_rec *c)
{
SSLSrvConfigRec *sc = mySrvConfig(c->base_server);
SSL *ssl;
@@ -282,41 +282,15 @@ static int ssl_hook_pre_connection(conn_rec *c, void *csd)
char *vhost_md5;
modssl_ctx_t *mctx;
/*
* Immediately stop processing if SSL is disabled for this connection
*/
if (!(sc && (sc->enabled ||
(sslconn && sslconn->is_proxy))))
{
return DECLINED;
}
/*
* Create SSL context
*/
if (!sslconn) {
sslconn = ssl_init_connection_ctx(c);
}
if (sslconn->disabled) {
return DECLINED;
}
/*
* Remember the connection information for
* later access inside callback functions
*/
ap_log_error(APLOG_MARK, APLOG_INFO, 0, c->base_server,
"Connection to child %ld established "
"(server %s, client %s)", c->id, sc->vhost_id,
c->remote_ip ? c->remote_ip : "unknown");
/*
* Seed the Pseudo Random Number Generator (PRNG)
*/
ssl_rand_seed(c->base_server, c->pool, SSL_RSCTX_CONNECT, "");
if (!sslconn) {
sslconn = ssl_init_connection_ctx(c);
}
mctx = sslconn->is_proxy ? sc->proxy : sc->server;
/*
@@ -390,6 +364,54 @@ static apr_port_t ssl_hook_default_port(const request_rec *r)
return 443;
}
static int ssl_hook_pre_connection(conn_rec *c, void *csd)
{
SSLSrvConfigRec *sc = mySrvConfig(c->base_server);
SSLConnRec *sslconn = myConnConfig(c);
/*
* Immediately stop processing if SSL is disabled for this connection
*/
if (!(sc && (sc->enabled == TRUE ||
(sslconn && sslconn->is_proxy))))
{
return DECLINED;
}
/*
* Create SSL context
*/
if (!sslconn) {
sslconn = ssl_init_connection_ctx(c);
}
if (sslconn->disabled) {
return DECLINED;
}
/*
* Remember the connection information for
* later access inside callback functions
*/
ap_log_error(APLOG_MARK, APLOG_INFO, 0, c->base_server,
"Connection to child %ld established "
"(server %s, client %s)", c->id, sc->vhost_id,
c->remote_ip ? c->remote_ip : "unknown");
return ssl_init_ssl_connection(c);
}
static void ssl_hook_Insert_Filter(request_rec *r)
{
SSLSrvConfigRec *sc = mySrvConfig(r->server);
if (sc->enabled == UNSET) {
ap_add_output_filter("UPGRADE_FILTER", NULL, r, r->connection);
}
}
/*
* the module registration phase
*/
@@ -410,6 +432,8 @@ static void ssl_register_hooks(apr_pool_t *p)
ap_hook_access_checker(ssl_hook_Access, NULL,NULL, APR_HOOK_MIDDLE);
ap_hook_auth_checker (ssl_hook_Auth, NULL,NULL, APR_HOOK_MIDDLE);
ap_hook_post_read_request(ssl_hook_ReadReq, NULL,NULL, APR_HOOK_MIDDLE);
ap_hook_insert_filter (ssl_hook_Insert_Filter, NULL,NULL, APR_HOOK_MIDDLE);
/* ap_hook_handler (ssl_hook_Upgrade, NULL,NULL, APR_HOOK_MIDDLE); */
ssl_var_register();