www/apache
1
0
Fork 0
mirror of https://github.com/apache/httpd.git synced 2025-08-08 15:02:10 +03:00
Code Activity

Factor out logic to determine if request is using SSL/TLS and use it

Browse Source 
consistently.

* modules/ssl/ssl_util.c (modssl_request_is_tls): New function.

* modules/ssl/ssl_engine_kernel.c (ssl_hook_Fixup): Use it.

* modules/ssl/mod_ssl.c (ssl_hook_http_scheme, ssl_hook_default_port):
  Use it.

PR: 61519


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1829250 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Joe Orton
2018-04-16 10:14:25 +00:00
parent d72c4bb783
commit fb92787465
4 changed files with 25 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
modules/ssl/mod_ssl.c
View File

@@ -627,24 +627,12 @@ int ssl_init_ssl_connection(conn_rec *c, request_rec *r)
static const char *ssl_hook_http_scheme(const request_rec *r)
{
SSLSrvConfigRec *sc = mySrvConfig(r->server);
if (sc->enabled == SSL_ENABLED_FALSE || sc->enabled == SSL_ENABLED_OPTIONAL) {
return NULL;
}
return "https";
return modssl_request_is_tls(r, NULL) ? "https" : NULL;
}
static apr_port_t ssl_hook_default_port(const request_rec *r)
{
SSLSrvConfigRec *sc = mySrvConfig(r->server);
if (sc->enabled == SSL_ENABLED_FALSE || sc->enabled == SSL_ENABLED_OPTIONAL) {
return 0;
}
return 443;
return modssl_request_is_tls(r, NULL) ? 443 : 0;
}
static int ssl_hook_pre_connection(conn_rec *c, void *csd)

11
modules/ssl/ssl_engine_kernel.c
View File

@@ -1502,8 +1502,6 @@ static const char *const ssl_hook_Fixup_vars[] = {
int ssl_hook_Fixup(request_rec *r)
{
SSLConnRec *sslconn = myConnConfig(r->connection);
SSLSrvConfigRec *sc = mySrvConfig(r->server);
SSLDirConfigRec *dc = myDirConfig(r);
apr_table_t *env = r->subprocess_env;
char *var, *val = "";
@@ -1514,14 +1512,7 @@ int ssl_hook_Fixup(request_rec *r)
SSL *ssl;
int i;
if (!(sslconn && sslconn->ssl) && r->connection->master) {
sslconn = myConnConfig(r->connection->master);
}
/*
* Check to see if SSL is on
*/
if (!(((sc->enabled == SSL_ENABLED_TRUE) || (sc->enabled == SSL_ENABLED_OPTIONAL)) && sslconn && (ssl = sslconn->ssl))) {
if (!modssl_request_is_tls(r, &ssl)) {
return DECLINED;
}

5
modules/ssl/ssl_private.h
View File

@@ -1096,6 +1096,11 @@ void ssl_init_ocsp_certificates(server_rec *s, modssl_ctx_t *mctx);
* memory. */
DH *modssl_get_dh_params(unsigned keylen);
/* Returns non-zero if the request is using SSL/TLS. If ssl is
* non-NULL and the request is using SSL/TLS, sets *ssl to the
* corresponding SSL structure for the connectbion. */
int modssl_request_is_tls(const request_rec *r, SSL **ssl);
#if HAVE_VALGRIND
extern int ssl_running_on_valgrind;
#endif

17
modules/ssl/ssl_util.c
View File

@@ -100,6 +100,23 @@ BOOL ssl_util_vhost_matches(const char *servername, server_rec *s)
return FALSE;
}
int modssl_request_is_tls(const request_rec *r, SSL **ssl)
{
SSLConnRec *sslconn = myConnConfig(r->connection);
SSLSrvConfigRec *sc = mySrvConfig(r->server);
if (!(sslconn && sslconn->ssl) && r->connection->master) {
sslconn = myConnConfig(r->connection->master);
}
if (sc->enabled == SSL_ENABLED_FALSE || !sslconn || !sslconn->ssl)
return 0;
if (ssl) *ssl = sslconn->ssl;
return 1;
}
apr_file_t *ssl_util_ppopen(server_rec *s, apr_pool_t *p, const char *cmd,
const char * const *argv)
{