www/apache
1
0
Fork 0
mirror of https://github.com/apache/httpd.git synced 2025-08-08 15:02:10 +03:00
Code Activity

* modules/ssl/ssl_util.c (modssl_request_is_tls): Adjust

Browse Source 
to take SSLConnRec * out parameter rather than SSL *.

* modules/ssl/ssl_engine_kernel.c (ssl_hook_UserCheck): Use it here.
  (ssl_hook_Fixup): Adjust use.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1829263 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Joe Orton
2018-04-16 12:36:42 +00:00
parent fb92787465
commit c16933db8c
3 changed files with 16 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
modules/ssl/ssl_engine_kernel.c
View File

@@ -1326,8 +1326,7 @@ int ssl_hook_Access(request_rec *r)
*/ */
int ssl_hook_UserCheck(request_rec *r) int ssl_hook_UserCheck(request_rec *r)
{ {
SSLConnRec *sslconn = myConnConfig(r->connection); SSLConnRec *sslconn;
SSLSrvConfigRec *sc = mySrvConfig(r->server);
SSLDirConfigRec *dc = myDirConfig(r); SSLDirConfigRec *dc = myDirConfig(r);
const char *user, *auth_line, *username, *password; const char *user, *auth_line, *username, *password;
@@ -1375,15 +1374,15 @@ int ssl_hook_UserCheck(request_rec *r)
/* /*
* We decline operation in various situations... * We decline operation in various situations...
* - TLS not enabled
* - client did not present a certificate
* - SSLOptions +FakeBasicAuth not configured * - SSLOptions +FakeBasicAuth not configured
* - r->user already authenticated * - r->user already authenticated
* - ssl not enabled
* - client did not present a certificate
*/ */
if (!((sc->enabled == SSL_ENABLED_TRUE || sc->enabled == SSL_ENABLED_OPTIONAL) if (!modssl_request_is_tls(r, &sslconn)
&& sslconn && sslconn->ssl && sslconn->client_cert) || || !sslconn->client_cert
!(dc->nOptions & SSL_OPT_FAKEBASICAUTH) || r->user) || !(dc->nOptions & SSL_OPT_FAKEBASICAUTH)
{ || r->user) {
return DECLINED; return DECLINED;
} }
@@ -1509,12 +1508,14 @@ int ssl_hook_Fixup(request_rec *r)
const char *servername; const char *servername;
#endif #endif
STACK_OF(X509) *peer_certs; STACK_OF(X509) *peer_certs;
SSLConnRec *sslconn;
SSL *ssl; SSL *ssl;
int i; int i;
if (!modssl_request_is_tls(r, &ssl)) { if (!modssl_request_is_tls(r, &sslconn)) {
return DECLINED; return DECLINED;
} }
ssl = sslconn->ssl;
/* /*
* Annotate the SSI/CGI environment with standard SSL information * Annotate the SSI/CGI environment with standard SSL information

8
modules/ssl/ssl_private.h
View File

@@ -1096,10 +1096,10 @@ void ssl_init_ocsp_certificates(server_rec *s, modssl_ctx_t *mctx);
* memory. */ * memory. */
DH *modssl_get_dh_params(unsigned keylen); DH *modssl_get_dh_params(unsigned keylen);
/* Returns non-zero if the request is using SSL/TLS. If ssl is /* Returns non-zero if the request was made over SSL/TLS. If sslconn
* non-NULL and the request is using SSL/TLS, sets *ssl to the * is non-NULL and the request is using SSL/TLS, sets *sslconn to the
* corresponding SSL structure for the connectbion. */ * corresponding SSLConnRec structure for the connection. */
int modssl_request_is_tls(const request_rec *r, SSL **ssl); int modssl_request_is_tls(const request_rec *r, SSLConnRec **sslconn);
#if HAVE_VALGRIND #if HAVE_VALGRIND
extern int ssl_running_on_valgrind; extern int ssl_running_on_valgrind;

4
modules/ssl/ssl_util.c
View File

@@ -100,7 +100,7 @@ BOOL ssl_util_vhost_matches(const char *servername, server_rec *s)
return FALSE; return FALSE;
} }
int modssl_request_is_tls(const request_rec *r, SSL **ssl) int modssl_request_is_tls(const request_rec *r, SSLConnRec **scout)
{ {
SSLConnRec *sslconn = myConnConfig(r->connection); SSLConnRec *sslconn = myConnConfig(r->connection);
SSLSrvConfigRec *sc = mySrvConfig(r->server); SSLSrvConfigRec *sc = mySrvConfig(r->server);
@@ -112,7 +112,7 @@ int modssl_request_is_tls(const request_rec *r, SSL **ssl)
if (sc->enabled == SSL_ENABLED_FALSE || !sslconn || !sslconn->ssl) if (sc->enabled == SSL_ENABLED_FALSE || !sslconn || !sslconn->ssl)
return 0; return 0;
if (ssl) *ssl = sslconn->ssl; if (scout) *scout = sslconn;
return 1; return 1;
} }