www/apache
1
0
Fork 0
mirror of https://github.com/apache/httpd.git synced 2025-08-05 16:55:50 +03:00
Code Activity
34,172 Commits 62 Branches 304 Tags
trunk
Commit Graph

176 Commits

Author SHA1 Message Date
Madhusudan Mathihalli
aea3ed09fb OpenSSL should be included as "openssl/ssl.h" and not "ssl.h" (and rely on the 
INCLUDE path to be defined properly)

PR: 11310
Submitted by: Geoff Thrope <geoff@geoffthrope.net>
Reviewed by: Madhusudan Mathihalli


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@99008 13f79535-47bb-0310-9956-ffa450edef68
 2003-03-14 02:20:50 +00:00
Jim Jagielski
694eb48bae Right now SSLMutex is bogus. It just uses APR_LOCK_DEFAULT no 
matter what. We now allow for the full range of APR mutex
locking mechanims to be used, while maintaining backwards
compatibility.

PR: 8122
Obtained from:
Submitted by:
Reviewed by:	William Rowe


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@98771 13f79535-47bb-0310-9956-ffa450edef68
 2003-02-23 17:12:43 +00:00
André Malo
742af25096 finished that boring job: 
update license to 2003.

Happy New Year! ;-))


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@98573 13f79535-47bb-0310-9956-ffa450edef68
 2003-02-03 17:53:28 +00:00
William A. Rowe Jr
2f62c790c7 After some productive feedback and no negative feedback, introduce 
SSLEngine upgrade so that we can begin and continue to support these
  facilities.  This makes it simpler to keep this effort (while we have
  no known clients that support Connection: upgrade at this time), and
  begin refactoring more of SSL into smaller and tighter (and then optional)
  components.

  Submitted by: Ryan Bloom
  Reviewed by: William Rowe, Joe Orton


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@97912 13f79535-47bb-0310-9956-ffa450edef68
 2002-12-14 07:46:45 +00:00
William A. Rowe Jr
dce6e3383f Merge the last of the 'filtering' functions into ssl_engine_io.c, merge 
ssl_abort into what was ssl_hook_CloseConnection, clean out a bunch of
  now-static or private headers from mod_ssl.h, and final fix a very small
  but potent segfault if ->pssl is destroyed within our read loop.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@97411 13f79535-47bb-0310-9956-ffa450edef68
 2002-11-05 20:47:01 +00:00
Ryan Bloom
658c2437bd This stuff shouldn't have been committed. This is the SSL upgrade stuff, 
and it was included in a commit that shouldn't have touched these files.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@97201 13f79535-47bb-0310-9956-ffa450edef68
 2002-10-14 04:15:58 +00:00
Ryan Bloom
37f9061757 Fix a compile of compiler warnings. I don't know how these slipped past. 
Also, uncomment a line of code that the last commit should have uncommented.
Randall found this line and the fix, but I forgot to uncomment this line
along with the fix.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@97179 13f79535-47bb-0310-9956-ffa450edef68
 2002-10-11 15:29:22 +00:00
Ryan Bloom
37f858acc6 Remove all special mod_ssl URIs. This also fixes the bug where 
redirecting (.*) will allow an SSL protected page to be viewed
without SSL.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@95501 13f79535-47bb-0310-9956-ffa450edef68
 2002-06-04 07:12:26 +00:00
William A. Rowe Jr
4a621ec661 The only remaining question ... are nested or strictly unnested locks 
expected by OpenSSL?  Right now I've left it as _DEFAULT for the platform
  preference.  Very simple code really - the server_rec was superfluous.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@95497 13f79535-47bb-0310-9956-ffa450edef68
 2002-06-04 02:19:33 +00:00
Justin Erenkrantz
fafabb637f Remove SSLLog and SSLLogLevel directives in favor of having mod_ssl use the 
standard ErrorLog directives.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@95129 13f79535-47bb-0310-9956-ffa450edef68
 2002-05-16 06:09:13 +00:00
Justin Erenkrantz
d28c4dae36 Stop using SSL_ADD_SSLERR option in ssl_log() and replace with new 
ssl_log_ssl_error() function that wraps ap_log_error instead.

This begins the migration from ssl_log() -> ap_log_error().  Divorcing
ourselves from the SSL_ADD_SSLERR option is required to make the next
pass easier.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@95122 13f79535-47bb-0310-9956-ffa450edef68
 2002-05-15 23:10:33 +00:00
Aaron Bannert
9ff0d84088 Convert mod_ssl to the new apr_global_mutex.h API and remove all 
uses of apr_lock.h [deprecated]. Tested that I could serve simple
SSL (v3) pages.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94583 13f79535-47bb-0310-9956-ffa450edef68
 2002-04-09 15:53:09 +00:00
Doug MacEachern
bb2d86e811 PR: 7802 
Obtained from:
Submitted by:
Reviewed by:
fix compilation problem in ssl_engine_kernel.c
if SSL_LIBRARY_VERSION >= 0x00907000


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94527 13f79535-47bb-0310-9956-ffa450edef68
 2002-04-07 21:58:25 +00:00
Doug MacEachern
1138615486 fix ProxyPass when frontend is https and backend is http 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94515 13f79535-47bb-0310-9956-ffa450edef68
 2002-04-07 03:37:35 +00:00
Doug MacEachern
3fa9f2ba65 add SSLProxyCARevocation{File,Path} directives to support CRLs in the proxy 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94338 13f79535-47bb-0310-9956-ffa450edef68
 2002-03-30 06:46:24 +00:00
Doug MacEachern
663baf331b pass sc to myCtxConfig macro 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94337 13f79535-47bb-0310-9956-ffa450edef68
 2002-03-30 06:38:10 +00:00
Doug MacEachern
97b59112b8 make it possible for proxy to use CRL callback 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94336 13f79535-47bb-0310-9956-ffa450edef68
 2002-03-30 06:36:56 +00:00
Doug MacEachern
a456732c3f add myCtxConfig macro 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94331 13f79535-47bb-0310-9956-ffa450edef68
 2002-03-30 05:57:59 +00:00
Doug MacEachern
9ee8bc12b5 implement proxy client certificate callback 
(uses SSLProxyMachineCertificate{File,Cert} when downstream server
requires a client certificate)


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94329 13f79535-47bb-0310-9956-ffa450edef68
 2002-03-30 05:40:02 +00:00
Cliff Woolley
5b5cccc4ae Fix the version string. We want to end up with "mod_ssl/2.0.xx", not 
"mod_ssl/Apache/2.0.xx".


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94320 13f79535-47bb-0310-9956-ffa450edef68
 2002-03-30 00:00:21 +00:00
Doug MacEachern
5e1c0e2c15 add SSLProxyEngine directive. this was not required in the 1.x based 
mod_ssl because the SSL_CTX was created and configured for *every*
request.  unlike in 2.0 where we configure the proxy SSL_CTX at
startup time, which is much better for performance.  but we don't want
to configure a proxy context for every vhost if it isn't going to be
used, for the same reasons we don't create a server context for every
vhost unless SSLEngine is on.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94314 13f79535-47bb-0310-9956-ffa450edef68
 2002-03-29 17:56:33 +00:00
Doug MacEachern
722125d944 add optional function (ssl_proxy_enable) to turn on ssl proxy 
choose SSL_CTX based on SSLConnRec.is_proxy


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94293 13f79535-47bb-0310-9956-ffa450edef68
 2002-03-29 04:50:37 +00:00
Doug MacEachern
f9f62ab460 use ssl_cmd_verify_parse for SSLProxyVerify directive handler 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94289 13f79535-47bb-0310-9956-ffa450edef68
 2002-03-29 03:05:49 +00:00
Doug MacEachern
b31faa5036 enable proxy directives 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94286 13f79535-47bb-0310-9956-ffa450edef68
 2002-03-29 02:43:33 +00:00
Doug MacEachern
0679fa7bf1 moving cfgMerge macros to ssl_engine_config.c, they are not used anywhere else 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94271 13f79535-47bb-0310-9956-ffa450edef68
 2002-03-28 18:58:06 +00:00
Doug MacEachern
045abcfbbd remove unused cfgMerge{Table,Ctx} macros 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94269 13f79535-47bb-0310-9956-ffa450edef68
 2002-03-28 18:54:52 +00:00
Doug MacEachern
0569a2a622 moving protocol location 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94268 13f79535-47bb-0310-9956-ffa450edef68
 2002-03-28 18:53:54 +00:00
Doug MacEachern
1d76ab39ff breakup SSLSrvConfigRec in preparation for proxy support: 
+ modssl_pk_server_t - certs/keys for the server
+ modssl_pk_proxy_t  - certs/keys for the proxy
+ modssl_auth_ctx_t  - stuff related to authentication that can also
                       be per-dir, used by both server and proxy
+ modssl_ctx_t       - context that can be used by both server and proxy
+ SSLSrvConfigRec    - now contains original stuff specific to the
                       server config and modssl_ctx_t *server, *proxy


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94267 13f79535-47bb-0310-9956-ffa450edef68
 2002-03-28 18:50:07 +00:00
Doug MacEachern
e90c7fb27f ripping out some proxy stuff that isn't currently in use and is going 
to change anyhow.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94266 13f79535-47bb-0310-9956-ffa450edef68
 2002-03-28 17:23:50 +00:00
Doug MacEachern
388657af76 already added configure check for SSL_set_cert_store 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94265 13f79535-47bb-0310-9956-ffa450edef68
 2002-03-28 17:16:41 +00:00
Doug MacEachern
d5c395f0e7 de-hungarian-ize server config member names which are going to stay 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94264 13f79535-47bb-0310-9956-ffa450edef68
 2002-03-28 17:11:12 +00:00
Doug MacEachern
bb986b6b22 reorder a bit of the server config structure, moving items that are 
going to stay there to the top.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94263 13f79535-47bb-0310-9956-ffa450edef68
 2002-03-28 16:47:36 +00:00
Doug MacEachern
249519625c there is a heaping pile of: 
ssl_log(s, flags, "Init: (%s) ...", sc->szVHostID)
add SSL_INIT flag to cut down some noise and end up with:
 ssl_log(s, flags, "...")


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94247 13f79535-47bb-0310-9956-ffa450edef68
 2002-03-28 00:34:13 +00:00
Doug MacEachern
8bf48c5959 "new" is a c++ keyword; s/new/mrg/g in config merge functions 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94244 13f79535-47bb-0310-9956-ffa450edef68
 2002-03-27 23:35:31 +00:00
Doug MacEachern
f3e92e1cde bringing back MOD_SSL_VERSION macro, define it to AP_SERVER_BASEVERSION 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94231 13f79535-47bb-0310-9956-ffa450edef68
 2002-03-27 19:38:05 +00:00
Doug MacEachern
b425a0f8c4 move prototype for modssl_session_get_time to ssl_util_ssl.h 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94226 13f79535-47bb-0310-9956-ffa450edef68
 2002-03-27 18:20:37 +00:00
Doug MacEachern
33922c86be sslc 1.x does not have an x509v3.h 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94217 13f79535-47bb-0310-9956-ffa450edef68
 2002-03-27 05:58:31 +00:00
Doug MacEachern
1d2a39531c moving OpenSSL+sslc compat foo to ssl_toolkit_compat.h 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94199 13f79535-47bb-0310-9956-ffa450edef68
 2002-03-27 02:28:15 +00:00
Doug MacEachern
5bfe936911 3rd arg of BIO callbacks in 'const char' in OpenSSL and 'char' in sslc, 
make both happy.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94198 13f79535-47bb-0310-9956-ffa450edef68
 2002-03-27 01:58:15 +00:00
Doug MacEachern
ebe92b6f8b add modssl_session_get_time() function to give mod_ssl what it needs 
from SSL_SESSION_get_time() if using OpenSSL or sslc.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94195 13f79535-47bb-0310-9956-ffa450edef68
 2002-03-27 01:28:20 +00:00
Doug MacEachern
0fb13a8b4a another step towards compatiblity with rsa sslc: 
define the STACK_OF macro if not already defined.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94194 13f79535-47bb-0310-9956-ffa450edef68
 2002-03-27 00:46:07 +00:00
Doug MacEachern
d37bf62cd7 configure already checks OpenSSL version so dont bother here 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94193 13f79535-47bb-0310-9956-ffa450edef68
 2002-03-27 00:32:07 +00:00
Doug MacEachern
7c1521f253 per-dir SSLCACertificate{File,Path} cannot use SSL_CTX_set_cert_store 
as the 1.x based module does, since the function is not thread-safe.
a patch has been submitted to OpenSSL to support SSL_set_cert_store
which is thread safe.  this feature is enabled by default in the
current 1.x based module, we only enable it if the SSL_set_cert_store
function is available.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94179 13f79535-47bb-0310-9956-ffa450edef68
 2002-03-26 16:57:49 +00:00
Doug MacEachern
9303382216 constificationization of some char * config items 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94177 13f79535-47bb-0310-9956-ffa450edef68
 2002-03-26 15:49:37 +00:00
Jeff Trawick
3400f03621 the mod_ssl provided with Apache >= 2.0 no longer has an independent 
version number


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94111 13f79535-47bb-0310-9956-ffa450edef68
 2002-03-22 00:59:23 +00:00
William A. Rowe Jr
05ae021cfd Clear up a const warning, and recognize some arrays by changing the 
variable names to the plural [rather than aszFoo, which I hope continues
  to be cleaned up as folks have time.]


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93982 13f79535-47bb-0310-9956-ffa450edef68
 2002-03-17 17:32:24 +00:00
Doug MacEachern
97b148c3b5 PR: 
Obtained from:
Submitted by:   Madhusudan Mathihalli <madhusudan_mathihalli@hp.com>
Reviewed by:	dougm
implement SSLSessionCache shmht and shmcb based on apr_rmm and apr_shm


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93942 13f79535-47bb-0310-9956-ffa450edef68
 2002-03-14 23:31:23 +00:00
Roy T. Fielding
845cbfd508 Update our copyright for this year. 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93918 13f79535-47bb-0310-9956-ffa450edef68
 2002-03-13 20:48:07 +00:00
Doug MacEachern
07965e685f add ssl_asn1_keystr() util function that returns string representation 
(RSA or DSA) of the key index.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93912 13f79535-47bb-0310-9956-ffa450edef68
 2002-03-13 18:56:07 +00:00
Doug MacEachern
cc09059d11 add ssl_asn1_table_keyfmt() function for clarity 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93909 13f79535-47bb-0310-9956-ffa450edef68
 2002-03-13 18:42:05 +00:00