www/apache
1
0
Fork 0
mirror of https://github.com/apache/httpd.git synced 2025-08-08 15:02:10 +03:00
Code Activity

start moving c->notes usage to a new SSLConnRec structure hanging off of

Browse Source 
c->conn_config
PR:
Obtained from:
Submitted by:
Reviewed by: rbb, madhu


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@92093 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Doug MacEachern
2001-11-21 17:45:24 +00:00
parent f13fbbaa70
commit 6a641aae9c
4 changed files with 41 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
modules/ssl/mod_ssl.c
View File

@@ -224,11 +224,12 @@ static int ssl_hook_pre_connection(conn_rec *c)
SSL *ssl; SSL *ssl;
unsigned char *cpVHostID; unsigned char *cpVHostID;
char *cpVHostMD5; char *cpVHostMD5;
SSLConnRec *sslconn = apr_pcalloc(c->pool, sizeof(*sslconn));
/* /*
* Create SSL context * Create SSL context
*/ */
apr_table_setn(c->notes, "ssl", NULL); myConnConfigSet(c, sslconn);
/* /*
* Immediately stop processing if SSL is disabled for this connection * Immediately stop processing if SSL is disabled for this connection
@@ -258,7 +259,6 @@ static int ssl_hook_pre_connection(conn_rec *c)
if ((ssl = SSL_new(sc->pSSLCtx)) == NULL) { if ((ssl = SSL_new(sc->pSSLCtx)) == NULL) {
ssl_log(c->base_server, SSL_LOG_ERROR|SSL_ADD_SSLERR, ssl_log(c->base_server, SSL_LOG_ERROR|SSL_ADD_SSLERR,
"Unable to create a new SSL connection from the SSL context"); "Unable to create a new SSL connection from the SSL context");
apr_table_setn(c->notes, "ssl", NULL);
c->aborted = 1; c->aborted = 1;
return DECLINED; /* XXX */ return DECLINED; /* XXX */
} }
@@ -268,7 +268,6 @@ static int ssl_hook_pre_connection(conn_rec *c)
strlen(cpVHostMD5))) { strlen(cpVHostMD5))) {
ssl_log(c->base_server, SSL_LOG_ERROR|SSL_ADD_SSLERR, ssl_log(c->base_server, SSL_LOG_ERROR|SSL_ADD_SSLERR,
"Unable to set session id context to `%s'", cpVHostMD5); "Unable to set session id context to `%s'", cpVHostMD5);
apr_table_setn(c->notes, "ssl", NULL);
c->aborted = 1; c->aborted = 1;
return DECLINED; /* XXX */ return DECLINED; /* XXX */
} }
@@ -278,7 +277,7 @@ static int ssl_hook_pre_connection(conn_rec *c)
apr_table_setn(apctx, "ssl::verify::depth", AP_CTX_NUM2PTR(0)); apr_table_setn(apctx, "ssl::verify::depth", AP_CTX_NUM2PTR(0));
SSL_set_app_data2(ssl, apctx); SSL_set_app_data2(ssl, apctx);
apr_table_setn(c->notes, "ssl", (const char *)ssl); sslconn->ssl = ssl;
/* /*
* Configure callbacks for SSL connection * Configure callbacks for SSL connection
@@ -308,6 +307,7 @@ static int ssl_hook_pre_connection(conn_rec *c)
static apr_status_t ssl_abort(SSLFilterRec *pRec, conn_rec *c) static apr_status_t ssl_abort(SSLFilterRec *pRec, conn_rec *c)
{ {
SSLConnRec *sslconn = myConnConfig(c);
/* /*
* try to gracefully shutdown the connection: * try to gracefully shutdown the connection:
* - send an own shutdown message (be gracefully) * - send an own shutdown message (be gracefully)
@@ -320,7 +320,7 @@ static apr_status_t ssl_abort(SSLFilterRec *pRec, conn_rec *c)
SSL_smart_shutdown(pRec->pssl); SSL_smart_shutdown(pRec->pssl);
SSL_free(pRec->pssl); SSL_free(pRec->pssl);
pRec->pssl = NULL; /* so filters know we've been shutdown */ pRec->pssl = NULL; /* so filters know we've been shutdown */
apr_table_setn(c->notes, "ssl", NULL); sslconn->ssl = NULL;
c->aborted = 1; c->aborted = 1;
return APR_EGENERAL; return APR_EGENERAL;

8
modules/ssl/mod_ssl.h
View File

@@ -196,6 +196,10 @@
#define cfgMergeBool(el) cfgMerge(el, UNSET) #define cfgMergeBool(el) cfgMerge(el, UNSET)
#define cfgMergeInt(el) cfgMerge(el, UNSET) #define cfgMergeInt(el) cfgMerge(el, UNSET)
#define myConnConfig(c) \
(SSLConnRec *)ap_get_module_config(c->conn_config, &ssl_module)
#define myConnConfigSet(c, val) \
ap_set_module_config(c->conn_config, &ssl_module, val)
#define myModConfig(srv) (SSLModConfigRec *)ssl_util_getmodconfig(srv, "ssl_module") #define myModConfig(srv) (SSLModConfigRec *)ssl_util_getmodconfig(srv, "ssl_module")
#define mySrvConfig(srv) (SSLSrvConfigRec *)ap_get_module_config(srv->module_config, &ssl_module) #define mySrvConfig(srv) (SSLSrvConfigRec *)ap_get_module_config(srv->module_config, &ssl_module)
#define myDirConfig(req) (SSLDirConfigRec *)ap_get_module_config(req->per_dir_config, &ssl_module) #define myDirConfig(req) (SSLDirConfigRec *)ap_get_module_config(req->per_dir_config, &ssl_module)
@@ -446,6 +450,10 @@ typedef struct {
apr_bucket_brigade *b; /* decrypted input */ apr_bucket_brigade *b; /* decrypted input */
} SSLFilterRec; } SSLFilterRec;
typedef struct {
SSL *ssl;
} SSLConnRec;
typedef struct { typedef struct {
apr_pool_t *pPool; apr_pool_t *pPool;
BOOL bFixed; BOOL bFixed;

23
modules/ssl/ssl_engine_kernel.c
View File

@@ -146,7 +146,7 @@ apr_status_t ssl_hook_CloseConnection(SSLFilterRec *filter)
/* deallocate the SSL connection */ /* deallocate the SSL connection */
SSL_free(ssl); SSL_free(ssl);
apr_table_setn(conn->notes, "ssl", NULL); sslconn->ssl = NULL;
filter->pssl = NULL; /* so filters know we've been shutdown */ filter->pssl = NULL; /* so filters know we've been shutdown */
return APR_SUCCESS; return APR_SUCCESS;
@@ -157,6 +157,7 @@ apr_status_t ssl_hook_CloseConnection(SSLFilterRec *filter)
*/ */
int ssl_hook_ReadReq(request_rec *r) int ssl_hook_ReadReq(request_rec *r)
{ {
SSLConnRec *sslconn = myConnConfig(r->connection);
SSL *ssl; SSL *ssl;
apr_table_t *apctx; apr_table_t *apctx;
@@ -164,7 +165,7 @@ int ssl_hook_ReadReq(request_rec *r)
* Get the SSL connection structure and perform the * Get the SSL connection structure and perform the
* delayed interlinking from SSL back to request_rec * delayed interlinking from SSL back to request_rec
*/ */
ssl = (SSL *)apr_table_get(r->connection->notes, "ssl"); ssl = sslconn->ssl;
if (ssl != NULL) { if (ssl != NULL) {
apctx = (apr_table_t *)SSL_get_app_data2(ssl); apctx = (apr_table_t *)SSL_get_app_data2(ssl);
apr_table_setn(apctx, "ssl::request_rec", (const char *)r); apr_table_setn(apctx, "ssl::request_rec", (const char *)r);
@@ -191,7 +192,9 @@ int ssl_hook_ReadReq(request_rec *r)
*/ */
int ssl_hook_Translate(request_rec *r) int ssl_hook_Translate(request_rec *r)
{ {
if (apr_table_get(r->connection->notes, "ssl") == NULL) SSLConnRec *sslconn = myConnConfig(r->connection);
if (sslconn->ssl == NULL)
return DECLINED; return DECLINED;
/* /*
@@ -289,13 +292,13 @@ static long ssl_renegotiate_hook(BIO *bio, int cmd, const char *argp,
int argi, long argl, long rc) int argi, long argl, long rc)
{ {
request_rec *r = (request_rec *)BIO_get_callback_arg(bio); request_rec *r = (request_rec *)BIO_get_callback_arg(bio);
SSL *ssl; SSLConnRec *sslconn = myConnConfig(r->connection);
SSL *ssl = sslconn->ssl;
int is_failed_read = (cmd == (BIO_CB_READ|BIO_CB_RETURN) && (rc == -1)); int is_failed_read = (cmd == (BIO_CB_READ|BIO_CB_RETURN) && (rc == -1));
int is_flush = ((cmd == BIO_CB_CTRL) && (argi == BIO_CTRL_FLUSH)); int is_flush = ((cmd == BIO_CB_CTRL) && (argi == BIO_CTRL_FLUSH));
if (is_flush || is_failed_read) { if (is_flush || is_failed_read) {
ssl = (SSL *)apr_table_get(r->connection->notes, "ssl");
/* disable this callback to prevent recursion /* disable this callback to prevent recursion
* and leave a "note" so the input filter leaves the rbio * and leave a "note" so the input filter leaves the rbio
* as-as * as-as
@@ -340,6 +343,7 @@ int ssl_hook_Access(request_rec *r)
{ {
SSLDirConfigRec *dc; SSLDirConfigRec *dc;
SSLSrvConfigRec *sc; SSLSrvConfigRec *sc;
SSLConnRec *sslconn;
SSL *ssl; SSL *ssl;
SSL_CTX *ctx = NULL; SSL_CTX *ctx = NULL;
apr_array_header_t *apRequirement; apr_array_header_t *apRequirement;
@@ -373,7 +377,8 @@ int ssl_hook_Access(request_rec *r)
dc = myDirConfig(r); dc = myDirConfig(r);
sc = mySrvConfig(r->server); sc = mySrvConfig(r->server);
ssl = (SSL *)apr_table_get(r->connection->notes, "ssl"); sslconn = myConnConfig(r->connection);
ssl = sslconn->ssl;
if (ssl != NULL) if (ssl != NULL)
ctx = SSL_get_SSL_CTX(ssl); ctx = SSL_get_SSL_CTX(ssl);
@@ -868,6 +873,7 @@ int ssl_hook_Access(request_rec *r)
*/ */
int ssl_hook_UserCheck(request_rec *r) int ssl_hook_UserCheck(request_rec *r)
{ {
SSLConnRec *sslconn = myConnConfig(r->connection);
SSLSrvConfigRec *sc = mySrvConfig(r->server); SSLSrvConfigRec *sc = mySrvConfig(r->server);
SSLDirConfigRec *dc = myDirConfig(r); SSLDirConfigRec *dc = myDirConfig(r);
char b1[MAX_STRING_LEN], b2[MAX_STRING_LEN]; char b1[MAX_STRING_LEN], b2[MAX_STRING_LEN];
@@ -907,7 +913,7 @@ int ssl_hook_UserCheck(request_rec *r)
*/ */
if (!sc->bEnabled) if (!sc->bEnabled)
return DECLINED; return DECLINED;
if (apr_table_get(r->connection->notes, "ssl") == NULL) if (sslconn->ssl == NULL)
return DECLINED; return DECLINED;
if (!(dc->nOptions & SSL_OPT_FAKEBASICAUTH)) if (!(dc->nOptions & SSL_OPT_FAKEBASICAUTH))
return DECLINED; return DECLINED;
@@ -1040,6 +1046,7 @@ static const char *ssl_hook_Fixup_vars[] = {
int ssl_hook_Fixup(request_rec *r) int ssl_hook_Fixup(request_rec *r)
{ {
SSLConnRec *sslconn = myConnConfig(r->connection);
SSLSrvConfigRec *sc = mySrvConfig(r->server); SSLSrvConfigRec *sc = mySrvConfig(r->server);
SSLDirConfigRec *dc = myDirConfig(r); SSLDirConfigRec *dc = myDirConfig(r);
apr_table_t *e = r->subprocess_env; apr_table_t *e = r->subprocess_env;
@@ -1054,7 +1061,7 @@ int ssl_hook_Fixup(request_rec *r)
*/ */
if (!sc->bEnabled) if (!sc->bEnabled)
return DECLINED; return DECLINED;
if ((ssl = (SSL *)apr_table_get(r->connection->notes, "ssl")) == NULL) if ((ssl = sslconn->ssl) == NULL)
return DECLINED; return DECLINED;
/* /*

19
modules/ssl/ssl_engine_vars.c
View File

@@ -89,6 +89,7 @@ void ssl_var_register(void)
char *ssl_var_lookup(apr_pool_t *p, server_rec *s, conn_rec *c, request_rec *r, char *var) char *ssl_var_lookup(apr_pool_t *p, server_rec *s, conn_rec *c, request_rec *r, char *var)
{ {
SSLConnRec *sslconn;
SSLModConfigRec *mc = myModConfig(s); SSLModConfigRec *mc = myModConfig(s);
char *result; char *result;
BOOL resdup; BOOL resdup;
@@ -169,6 +170,7 @@ char *ssl_var_lookup(apr_pool_t *p, server_rec *s, conn_rec *c, request_rec *r,
* Connection stuff * Connection stuff
*/ */
if (result == NULL && c != NULL) { if (result == NULL && c != NULL) {
sslconn = myConnConfig(c);
if (strcEQ(var, "REMOTE_ADDR")) if (strcEQ(var, "REMOTE_ADDR"))
result = c->remote_ip; result = c->remote_ip;
else if (strcEQ(var, "REMOTE_USER")) else if (strcEQ(var, "REMOTE_USER"))
@@ -178,7 +180,7 @@ char *ssl_var_lookup(apr_pool_t *p, server_rec *s, conn_rec *c, request_rec *r,
else if (strlen(var) > 4 && strcEQn(var, "SSL_", 4)) else if (strlen(var) > 4 && strcEQn(var, "SSL_", 4))
result = ssl_var_lookup_ssl(p, c, var+4); result = ssl_var_lookup_ssl(p, c, var+4);
else if (strcEQ(var, "HTTPS")) { else if (strcEQ(var, "HTTPS")) {
if (apr_table_get(c->notes, "ssl") != NULL) if (sslconn->ssl != NULL)
result = "on"; result = "on";
else else
result = "off"; result = "off";
@@ -264,6 +266,7 @@ static char *ssl_var_lookup_header(apr_pool_t *p, request_rec *r, const char *na
static char *ssl_var_lookup_ssl(apr_pool_t *p, conn_rec *c, char *var) static char *ssl_var_lookup_ssl(apr_pool_t *p, conn_rec *c, char *var)
{ {
SSLConnRec *sslconn = myConnConfig(c);
char *result; char *result;
X509 *xs; X509 *xs;
STACK_OF(X509) *sk; STACK_OF(X509) *sk;
@@ -271,7 +274,7 @@ static char *ssl_var_lookup_ssl(apr_pool_t *p, conn_rec *c, char *var)
result = NULL; result = NULL;
ssl = (SSL *)apr_table_get(c->notes, "ssl"); ssl = sslconn->ssl;
if (strlen(var) > 8 && strcEQn(var, "VERSION_", 8)) { if (strlen(var) > 8 && strcEQn(var, "VERSION_", 8)) {
result = ssl_var_lookup_ssl_version(p, var+8); result = ssl_var_lookup_ssl_version(p, var+8);
} }
@@ -493,6 +496,7 @@ static char *ssl_var_lookup_ssl_cert_PEM(apr_pool_t *p, X509 *xs)
static char *ssl_var_lookup_ssl_cert_verify(apr_pool_t *p, conn_rec *c) static char *ssl_var_lookup_ssl_cert_verify(apr_pool_t *p, conn_rec *c)
{ {
SSLConnRec *sslconn = myConnConfig(c);
char *result; char *result;
long vrc; long vrc;
char *verr; char *verr;
@@ -501,7 +505,7 @@ static char *ssl_var_lookup_ssl_cert_verify(apr_pool_t *p, conn_rec *c)
X509 *xs; X509 *xs;
result = NULL; result = NULL;
ssl = (SSL *) apr_table_get(c->notes, "ssl"); ssl = sslconn->ssl;
verr = (char *)apr_table_get(c->notes, "ssl::verify::error"); verr = (char *)apr_table_get(c->notes, "ssl::verify::error");
vinfo = (char *)apr_table_get(c->notes, "ssl::verify::info"); vinfo = (char *)apr_table_get(c->notes, "ssl::verify::info");
vrc = SSL_get_verify_result(ssl); vrc = SSL_get_verify_result(ssl);
@@ -524,6 +528,7 @@ static char *ssl_var_lookup_ssl_cert_verify(apr_pool_t *p, conn_rec *c)
static char *ssl_var_lookup_ssl_cipher(apr_pool_t *p, conn_rec *c, char *var) static char *ssl_var_lookup_ssl_cipher(apr_pool_t *p, conn_rec *c, char *var)
{ {
SSLConnRec *sslconn = myConnConfig(c);
char *result; char *result;
BOOL resdup; BOOL resdup;
int usekeysize, algkeysize; int usekeysize, algkeysize;
@@ -532,7 +537,7 @@ static char *ssl_var_lookup_ssl_cipher(apr_pool_t *p, conn_rec *c, char *var)
result = NULL; result = NULL;
resdup = TRUE; resdup = TRUE;
ssl = (SSL *)apr_table_get(c->notes, "ssl"); ssl = sslconn->ssl;
ssl_var_lookup_ssl_cipher_bits(ssl, &usekeysize, &algkeysize); ssl_var_lookup_ssl_cipher_bits(ssl, &usekeysize, &algkeysize);
if (strEQ(var, "")) if (strEQ(var, ""))
@@ -627,9 +632,10 @@ void ssl_var_log_config_register(apr_pool_t *p)
*/ */
static const char *ssl_var_log_handler_c(request_rec *r, char *a) static const char *ssl_var_log_handler_c(request_rec *r, char *a)
{ {
SSLConnRec *sslconn = myConnConfig(r->connection);
char *result; char *result;
if (apr_table_get(r->connection->notes, "ssl") == NULL) if (sslconn->ssl == NULL)
return NULL; return NULL;
result = NULL; result = NULL;
if (strEQ(a, "version")) if (strEQ(a, "version"))
@@ -655,10 +661,11 @@ static const char *ssl_var_log_handler_c(request_rec *r, char *a)
*/ */
static const char *ssl_var_log_handler_x(request_rec *r, char *a) static const char *ssl_var_log_handler_x(request_rec *r, char *a)
{ {
SSLConnRec *sslconn = myConnConfig(r->connection);
char *result; char *result;
result = NULL; result = NULL;
if (apr_table_get(r->connection->notes, "ssl") != NULL) if (sslconn->ssl != NULL)
result = ssl_var_lookup(r->pool, r->server, r->connection, r, a); result = ssl_var_lookup(r->pool, r->server, r->connection, r, a);
if (result != NULL && result[0] == NUL) if (result != NULL && result[0] == NUL)
result = NULL; result = NULL;