www/apache
1
0
Fork 0
mirror of https://github.com/apache/httpd.git synced 2025-08-08 15:02:10 +03:00
Code Activity

start moving c->notes usage to a new SSLConnRec structure hanging off of

Browse Source 
c->conn_config
PR:
Obtained from:
Submitted by:
Reviewed by: rbb, madhu


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@92093 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Doug MacEachern
2001-11-21 17:45:24 +00:00
parent f13fbbaa70
commit 6a641aae9c
4 changed files with 41 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
modules/ssl/mod_ssl.c
View File

@@ -224,11 +224,12 @@ static int ssl_hook_pre_connection(conn_rec *c)
SSL *ssl;
unsigned char *cpVHostID;
char *cpVHostMD5;
SSLConnRec *sslconn = apr_pcalloc(c->pool, sizeof(*sslconn));
/*
* Create SSL context
*/
apr_table_setn(c->notes, "ssl", NULL);
myConnConfigSet(c, sslconn);
/*
* Immediately stop processing if SSL is disabled for this connection
@@ -258,7 +259,6 @@ static int ssl_hook_pre_connection(conn_rec *c)
if ((ssl = SSL_new(sc->pSSLCtx)) == NULL) {
ssl_log(c->base_server, SSL_LOG_ERROR|SSL_ADD_SSLERR,
"Unable to create a new SSL connection from the SSL context");
apr_table_setn(c->notes, "ssl", NULL);
c->aborted = 1;
return DECLINED; /* XXX */
}
@@ -268,7 +268,6 @@ static int ssl_hook_pre_connection(conn_rec *c)
strlen(cpVHostMD5))) {
ssl_log(c->base_server, SSL_LOG_ERROR|SSL_ADD_SSLERR,
"Unable to set session id context to `%s'", cpVHostMD5);
apr_table_setn(c->notes, "ssl", NULL);
c->aborted = 1;
return DECLINED; /* XXX */
}
@@ -278,7 +277,7 @@ static int ssl_hook_pre_connection(conn_rec *c)
apr_table_setn(apctx, "ssl::verify::depth", AP_CTX_NUM2PTR(0));
SSL_set_app_data2(ssl, apctx);
apr_table_setn(c->notes, "ssl", (const char *)ssl);
sslconn->ssl = ssl;
/*
* Configure callbacks for SSL connection
@@ -308,6 +307,7 @@ static int ssl_hook_pre_connection(conn_rec *c)
static apr_status_t ssl_abort(SSLFilterRec *pRec, conn_rec *c)
{
SSLConnRec *sslconn = myConnConfig(c);
/*
* try to gracefully shutdown the connection:
* - send an own shutdown message (be gracefully)
@@ -320,7 +320,7 @@ static apr_status_t ssl_abort(SSLFilterRec *pRec, conn_rec *c)
SSL_smart_shutdown(pRec->pssl);
SSL_free(pRec->pssl);
pRec->pssl = NULL; /* so filters know we've been shutdown */
apr_table_setn(c->notes, "ssl", NULL);
sslconn->ssl = NULL;
c->aborted = 1;
return APR_EGENERAL;

8
modules/ssl/mod_ssl.h
View File

@@ -196,6 +196,10 @@
#define cfgMergeBool(el) cfgMerge(el, UNSET)
#define cfgMergeInt(el) cfgMerge(el, UNSET)
#define myConnConfig(c) \
(SSLConnRec *)ap_get_module_config(c->conn_config, &ssl_module)
#define myConnConfigSet(c, val) \
ap_set_module_config(c->conn_config, &ssl_module, val)
#define myModConfig(srv) (SSLModConfigRec *)ssl_util_getmodconfig(srv, "ssl_module")
#define mySrvConfig(srv) (SSLSrvConfigRec *)ap_get_module_config(srv->module_config, &ssl_module)
#define myDirConfig(req) (SSLDirConfigRec *)ap_get_module_config(req->per_dir_config, &ssl_module)
@@ -446,6 +450,10 @@ typedef struct {
apr_bucket_brigade *b; /* decrypted input */
} SSLFilterRec;
typedef struct {
SSL *ssl;
} SSLConnRec;
typedef struct {
apr_pool_t *pPool;
BOOL bFixed;

23
modules/ssl/ssl_engine_kernel.c
View File

@@ -146,7 +146,7 @@ apr_status_t ssl_hook_CloseConnection(SSLFilterRec *filter)
/* deallocate the SSL connection */
SSL_free(ssl);
apr_table_setn(conn->notes, "ssl", NULL);
sslconn->ssl = NULL;
filter->pssl = NULL; /* so filters know we've been shutdown */
return APR_SUCCESS;
@@ -157,6 +157,7 @@ apr_status_t ssl_hook_CloseConnection(SSLFilterRec *filter)
*/
int ssl_hook_ReadReq(request_rec *r)
{
SSLConnRec *sslconn = myConnConfig(r->connection);
SSL *ssl;
apr_table_t *apctx;
@@ -164,7 +165,7 @@ int ssl_hook_ReadReq(request_rec *r)
* Get the SSL connection structure and perform the
* delayed interlinking from SSL back to request_rec
*/
ssl = (SSL *)apr_table_get(r->connection->notes, "ssl");
ssl = sslconn->ssl;
if (ssl != NULL) {
apctx = (apr_table_t *)SSL_get_app_data2(ssl);
apr_table_setn(apctx, "ssl::request_rec", (const char *)r);
@@ -191,7 +192,9 @@ int ssl_hook_ReadReq(request_rec *r)
*/
int ssl_hook_Translate(request_rec *r)
{
if (apr_table_get(r->connection->notes, "ssl") == NULL)
SSLConnRec *sslconn = myConnConfig(r->connection);
if (sslconn->ssl == NULL)
return DECLINED;
/*
@@ -289,13 +292,13 @@ static long ssl_renegotiate_hook(BIO *bio, int cmd, const char *argp,
int argi, long argl, long rc)
{
request_rec *r = (request_rec *)BIO_get_callback_arg(bio);
SSL *ssl;
SSLConnRec *sslconn = myConnConfig(r->connection);
SSL *ssl = sslconn->ssl;
int is_failed_read = (cmd == (BIO_CB_READ|BIO_CB_RETURN) && (rc == -1));
int is_flush = ((cmd == BIO_CB_CTRL) && (argi == BIO_CTRL_FLUSH));
if (is_flush || is_failed_read) {
ssl = (SSL *)apr_table_get(r->connection->notes, "ssl");
/* disable this callback to prevent recursion
* and leave a "note" so the input filter leaves the rbio
* as-as
@@ -340,6 +343,7 @@ int ssl_hook_Access(request_rec *r)
{
SSLDirConfigRec *dc;
SSLSrvConfigRec *sc;
SSLConnRec *sslconn;
SSL *ssl;
SSL_CTX *ctx = NULL;
apr_array_header_t *apRequirement;
@@ -373,7 +377,8 @@ int ssl_hook_Access(request_rec *r)
dc = myDirConfig(r);
sc = mySrvConfig(r->server);
ssl = (SSL *)apr_table_get(r->connection->notes, "ssl");
sslconn = myConnConfig(r->connection);
ssl = sslconn->ssl;
if (ssl != NULL)
ctx = SSL_get_SSL_CTX(ssl);
@@ -868,6 +873,7 @@ int ssl_hook_Access(request_rec *r)
*/
int ssl_hook_UserCheck(request_rec *r)
{
SSLConnRec *sslconn = myConnConfig(r->connection);
SSLSrvConfigRec *sc = mySrvConfig(r->server);
SSLDirConfigRec *dc = myDirConfig(r);
char b1[MAX_STRING_LEN], b2[MAX_STRING_LEN];
@@ -907,7 +913,7 @@ int ssl_hook_UserCheck(request_rec *r)
*/
if (!sc->bEnabled)
return DECLINED;
if (apr_table_get(r->connection->notes, "ssl") == NULL)
if (sslconn->ssl == NULL)
return DECLINED;
if (!(dc->nOptions & SSL_OPT_FAKEBASICAUTH))
return DECLINED;
@@ -1040,6 +1046,7 @@ static const char *ssl_hook_Fixup_vars[] = {
int ssl_hook_Fixup(request_rec *r)
{
SSLConnRec *sslconn = myConnConfig(r->connection);
SSLSrvConfigRec *sc = mySrvConfig(r->server);
SSLDirConfigRec *dc = myDirConfig(r);
apr_table_t *e = r->subprocess_env;
@@ -1054,7 +1061,7 @@ int ssl_hook_Fixup(request_rec *r)
*/
if (!sc->bEnabled)
return DECLINED;
if ((ssl = (SSL *)apr_table_get(r->connection->notes, "ssl")) == NULL)
if ((ssl = sslconn->ssl) == NULL)
return DECLINED;
/*

19
modules/ssl/ssl_engine_vars.c
View File

@@ -89,6 +89,7 @@ void ssl_var_register(void)
char *ssl_var_lookup(apr_pool_t *p, server_rec *s, conn_rec *c, request_rec *r, char *var)
{
SSLConnRec *sslconn;
SSLModConfigRec *mc = myModConfig(s);
char *result;
BOOL resdup;
@@ -169,6 +170,7 @@ char *ssl_var_lookup(apr_pool_t *p, server_rec *s, conn_rec *c, request_rec *r,
* Connection stuff
*/
if (result == NULL && c != NULL) {
sslconn = myConnConfig(c);
if (strcEQ(var, "REMOTE_ADDR"))
result = c->remote_ip;
else if (strcEQ(var, "REMOTE_USER"))
@@ -178,7 +180,7 @@ char *ssl_var_lookup(apr_pool_t *p, server_rec *s, conn_rec *c, request_rec *r,
else if (strlen(var) > 4 && strcEQn(var, "SSL_", 4))
result = ssl_var_lookup_ssl(p, c, var+4);
else if (strcEQ(var, "HTTPS")) {
if (apr_table_get(c->notes, "ssl") != NULL)
if (sslconn->ssl != NULL)
result = "on";
else
result = "off";
@@ -264,6 +266,7 @@ static char *ssl_var_lookup_header(apr_pool_t *p, request_rec *r, const char *na
static char *ssl_var_lookup_ssl(apr_pool_t *p, conn_rec *c, char *var)
{
SSLConnRec *sslconn = myConnConfig(c);
char *result;
X509 *xs;
STACK_OF(X509) *sk;
@@ -271,7 +274,7 @@ static char *ssl_var_lookup_ssl(apr_pool_t *p, conn_rec *c, char *var)
result = NULL;
ssl = (SSL *)apr_table_get(c->notes, "ssl");
ssl = sslconn->ssl;
if (strlen(var) > 8 && strcEQn(var, "VERSION_", 8)) {
result = ssl_var_lookup_ssl_version(p, var+8);
}
@@ -493,6 +496,7 @@ static char *ssl_var_lookup_ssl_cert_PEM(apr_pool_t *p, X509 *xs)
static char *ssl_var_lookup_ssl_cert_verify(apr_pool_t *p, conn_rec *c)
{
SSLConnRec *sslconn = myConnConfig(c);
char *result;
long vrc;
char *verr;
@@ -501,7 +505,7 @@ static char *ssl_var_lookup_ssl_cert_verify(apr_pool_t *p, conn_rec *c)
X509 *xs;
result = NULL;
ssl = (SSL *) apr_table_get(c->notes, "ssl");
ssl = sslconn->ssl;
verr = (char *)apr_table_get(c->notes, "ssl::verify::error");
vinfo = (char *)apr_table_get(c->notes, "ssl::verify::info");
vrc = SSL_get_verify_result(ssl);
@@ -524,6 +528,7 @@ static char *ssl_var_lookup_ssl_cert_verify(apr_pool_t *p, conn_rec *c)
static char *ssl_var_lookup_ssl_cipher(apr_pool_t *p, conn_rec *c, char *var)
{
SSLConnRec *sslconn = myConnConfig(c);
char *result;
BOOL resdup;
int usekeysize, algkeysize;
@@ -532,7 +537,7 @@ static char *ssl_var_lookup_ssl_cipher(apr_pool_t *p, conn_rec *c, char *var)
result = NULL;
resdup = TRUE;
ssl = (SSL *)apr_table_get(c->notes, "ssl");
ssl = sslconn->ssl;
ssl_var_lookup_ssl_cipher_bits(ssl, &usekeysize, &algkeysize);
if (strEQ(var, ""))
@@ -627,9 +632,10 @@ void ssl_var_log_config_register(apr_pool_t *p)
*/
static const char *ssl_var_log_handler_c(request_rec *r, char *a)
{
SSLConnRec *sslconn = myConnConfig(r->connection);
char *result;
if (apr_table_get(r->connection->notes, "ssl") == NULL)
if (sslconn->ssl == NULL)
return NULL;
result = NULL;
if (strEQ(a, "version"))
@@ -655,10 +661,11 @@ static const char *ssl_var_log_handler_c(request_rec *r, char *a)
*/
static const char *ssl_var_log_handler_x(request_rec *r, char *a)
{
SSLConnRec *sslconn = myConnConfig(r->connection);
char *result;
result = NULL;
if (apr_table_get(r->connection->notes, "ssl") != NULL)
if (sslconn->ssl != NULL)
result = ssl_var_lookup(r->pool, r->server, r->connection, r, a);
if (result != NULL && result[0] == NUL)
result = NULL;