www/apache
1
0
Fork 0
mirror of https://github.com/apache/httpd.git synced 2026-01-26 19:01:35 +03:00
Code Activity
8,549 Commits 62 Branches 306 Tags
47f300e86b2fd39fed848ec63caf79a9b2fcbfec
Commit Graph

449 Commits

Author SHA1 Message Date
Justin Erenkrantz
ba6cf79dee Fix so that we can compile with OpenSSL 0.9.8-dev. 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94696 13f79535-47bb-0310-9956-ffa450edef68
 2002-04-18 08:45:34 +00:00
Sander Striker
6e8efec657 Adapt to the rename of apr_explode_localtime to apr_time_exp_lt in APR. 
Submitted by: Thom May <thom@planetarytramp.net>


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94631 13f79535-47bb-0310-9956-ffa450edef68
 2002-04-13 12:02:38 +00:00
Cliff Woolley
131658da39 Touch these files so that their datestamps are newer than the corresponding 
.y and .l files.  These must be kept newer than those at all times to avoid
introducing a dependency on flex and yacc.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94623 13f79535-47bb-0310-9956-ffa450edef68
 2002-04-12 17:46:09 +00:00
Aaron Bannert
9ff0d84088 Convert mod_ssl to the new apr_global_mutex.h API and remove all 
uses of apr_lock.h [deprecated]. Tested that I could serve simple
SSL (v3) pages.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94583 13f79535-47bb-0310-9956-ffa450edef68
 2002-04-09 15:53:09 +00:00
Doug MacEachern
e34ebac504 another todo 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94547 13f79535-47bb-0310-9956-ffa450edef68
 2002-04-08 19:07:58 +00:00
Doug MacEachern
bb2d86e811 PR: 7802 
Obtained from:
Submitted by:
Reviewed by:
fix compilation problem in ssl_engine_kernel.c
if SSL_LIBRARY_VERSION >= 0x00907000


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94527 13f79535-47bb-0310-9956-ffa450edef68
 2002-04-07 21:58:25 +00:00
Doug MacEachern
5653644f78 PR: 
Obtained from:
Submitted by:
Reviewed by:
ssl_io_input_read now returns APR_EOF if ssl_io_hook_read returns 0
bytes for a reason other than SSL_ERROR_WANT_READ.  this should
prevent a possible endless loop.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94519 13f79535-47bb-0310-9956-ffa450edef68
 2002-04-07 06:32:21 +00:00
Doug MacEachern
1138615486 fix ProxyPass when frontend is https and backend is http 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94515 13f79535-47bb-0310-9956-ffa450edef68
 2002-04-07 03:37:35 +00:00
Cliff Woolley
c1c583494e Get the HTTP-on-HTTPS hint to come through again. We're in AP_MODE_GETLINE 
at this point, so the \r\n\r\n just confuses the http input filter.

One concern: this patch is only correct as long as we only ever call this
function while in AP_MODE_GETLINE.  Ideally we would account for the mode
and return the newlines if not in GETLINE mode, but at the moment it doesn't
seem to matter.

Reviewed by: Doug MacEachern


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94453 13f79535-47bb-0310-9956-ffa450edef68
 2002-04-05 07:31:44 +00:00
Doug MacEachern
7bb6d7d1ee PR: 
Obtained from:
Submitted by:
Reviewed by:
avoid the error_log message: [error] mod_ssl: Certificate Verification: Error ...
if SSLProxyVerify is not configured or set to "none".
the verify callback does not happen in the server context when
SSLVerify is not configured or set to "none".


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94444 13f79535-47bb-0310-9956-ffa450edef68
 2002-04-05 02:31:04 +00:00
Doug MacEachern
8c1cf821b8 fix SSL_X509_INFO_load_path so SSLProxyMachineCertificatePath works 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94406 13f79535-47bb-0310-9956-ffa450edef68
 2002-04-02 22:07:09 +00:00
Doug MacEachern
78ee6051f8 copy-n-pasto: need to use SSL_X509_INFO_load_*path* on pkp->cert_path 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94405 13f79535-47bb-0310-9956-ffa450edef68
 2002-04-02 21:57:31 +00:00
Doug MacEachern
d07edc0f48 copy-n-pasto: ssl_cmd_SSLProxyMachineCertificatePath needs to set cert_path 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94404 13f79535-47bb-0310-9956-ffa450edef68
 2002-04-02 21:56:12 +00:00
Doug MacEachern
26a5b7fc7c fix copy-n-pasto: ssl_cmd_SSLProxyCACertificatePath needs to use 
ssl_cmd_check_dir rather than ssl_cmd_check_file


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94403 13f79535-47bb-0310-9956-ffa450edef68
 2002-04-02 21:32:35 +00:00
Doug MacEachern
1accb1b247 another todo 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94400 13f79535-47bb-0310-9956-ffa450edef68
 2002-04-02 20:53:17 +00:00
Doug MacEachern
266bd151d1 PR: 
Obtained from:
Submitted by:
Reviewed by:    Ryan Bloom
ap_remove_output_filter no longer works for connection filters.
change logic in the case of "HTTP spoken on HTTPS port" to disable the
ssl filters rather than attempt to remove the filters.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94393 13f79535-47bb-0310-9956-ffa450edef68
 2002-04-02 17:30:08 +00:00
Doug MacEachern
8fd9a81b41 various updates 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94392 13f79535-47bb-0310-9956-ffa450edef68
 2002-04-02 17:23:41 +00:00
Doug MacEachern
140006b5b1 add/use EVP_PKEY_reference_inc and X509_reference_inc compat macros 
to get these changes working with sslc


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94341 13f79535-47bb-0310-9956-ffa450edef68
 2002-03-30 08:11:44 +00:00
Doug MacEachern
d019ceb174 add sslc compat for sk_X509_INFO_free 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94340 13f79535-47bb-0310-9956-ffa450edef68
 2002-03-30 07:42:30 +00:00
Doug MacEachern
3fa9f2ba65 add SSLProxyCARevocation{File,Path} directives to support CRLs in the proxy 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94338 13f79535-47bb-0310-9956-ffa450edef68
 2002-03-30 06:46:24 +00:00
Doug MacEachern
663baf331b pass sc to myCtxConfig macro 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94337 13f79535-47bb-0310-9956-ffa450edef68
 2002-03-30 06:38:10 +00:00
Doug MacEachern
97b59112b8 make it possible for proxy to use CRL callback 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94336 13f79535-47bb-0310-9956-ffa450edef68
 2002-03-30 06:36:56 +00:00
Doug MacEachern
51bbfbacd5 enable the verify callback for proxy 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94334 13f79535-47bb-0310-9956-ffa450edef68
 2002-03-30 06:20:16 +00:00
Doug MacEachern
0d93dc2686 change sc->server references to myCtxConfig, so proxy can use the 
verify callback.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94332 13f79535-47bb-0310-9956-ffa450edef68
 2002-03-30 06:03:08 +00:00
Doug MacEachern
a456732c3f add myCtxConfig macro 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94331 13f79535-47bb-0310-9956-ffa450edef68
 2002-03-30 05:57:59 +00:00
Doug MacEachern
9ee8bc12b5 implement proxy client certificate callback 
(uses SSLProxyMachineCertificate{File,Cert} when downstream server
requires a client certificate)


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94329 13f79535-47bb-0310-9956-ffa450edef68
 2002-03-30 05:40:02 +00:00
Doug MacEachern
ada316e24b input filter should not return failure when ssl runtime wants to read more 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94328 13f79535-47bb-0310-9956-ffa450edef68
 2002-03-30 05:16:55 +00:00
Doug MacEachern
a12425c133 ssl_io_input_read needs to return something other than APR_SUCCESS 
when bucket read from socket was successful,
but there was an error within the ssl runtime.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94327 13f79535-47bb-0310-9956-ffa450edef68
 2002-03-30 04:52:48 +00:00
Doug MacEachern
5021db7bd6 load SSLProxyMachineCertificate{File,Path} 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94324 13f79535-47bb-0310-9956-ffa450edef68
 2002-03-30 01:50:10 +00:00
Doug MacEachern
e430071911 enable/cleanup SSL_X509_INFO_load_{file,path} functions for use in 
proxy context


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94323 13f79535-47bb-0310-9956-ffa450edef68
 2002-03-30 01:41:35 +00:00
Cliff Woolley
5b5cccc4ae Fix the version string. We want to end up with "mod_ssl/2.0.xx", not 
"mod_ssl/Apache/2.0.xx".


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94320 13f79535-47bb-0310-9956-ffa450edef68
 2002-03-30 00:00:21 +00:00
Doug MacEachern
5e1c0e2c15 add SSLProxyEngine directive. this was not required in the 1.x based 
mod_ssl because the SSL_CTX was created and configured for *every*
request.  unlike in 2.0 where we configure the proxy SSL_CTX at
startup time, which is much better for performance.  but we don't want
to configure a proxy context for every vhost if it isn't going to be
used, for the same reasons we don't create a server context for every
vhost unless SSLEngine is on.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94314 13f79535-47bb-0310-9956-ffa450edef68
 2002-03-29 17:56:33 +00:00
Cliff Woolley
3e2ce19baf BUCKET FREELISTS 
Add an allocator-passing mechanism throughout the bucket brigades API.

From Apache's standpoint, the apr_bucket_alloc_t* used throughout a given
connection is stored in the conn_rec by the create_connection hook.  That
means it's the MPM's job to optimize recycling of apr_bucket_alloc_t's --
the MPM must ensure that no two threads can ever use the same one at the
same time, for instance.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94304 13f79535-47bb-0310-9956-ffa450edef68
 2002-03-29 08:17:26 +00:00
Doug MacEachern
bd13d51f35 remove ssl_engine_ext.c 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94302 13f79535-47bb-0310-9956-ffa450edef68
 2002-03-29 07:37:28 +00:00
Doug MacEachern
1d739333a1 removing old proxy extension code 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94301 13f79535-47bb-0310-9956-ffa450edef68
 2002-03-29 07:36:01 +00:00
Doug MacEachern
c0797583d1 need to flush output buffer before reading in proxy mode 
need to call ssl_hook_process_connection in the output filter in proxy
mode, since proxy hits the output filter before the input filter


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94299 13f79535-47bb-0310-9956-ffa450edef68
 2002-03-29 07:23:09 +00:00
Doug MacEachern
5d625d916c in proxy mode we need to SSL_connect rather than SSL_accept in 
ssl_hook_process_connection.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94298 13f79535-47bb-0310-9956-ffa450edef68
 2002-03-29 07:22:43 +00:00
Cliff Woolley
0129e9c9e2 These two variables were left uninitialized accidentally. 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94297 13f79535-47bb-0310-9956-ffa450edef68
 2002-03-29 07:12:01 +00:00
Doug MacEachern
722125d944 add optional function (ssl_proxy_enable) to turn on ssl proxy 
choose SSL_CTX based on SSLConnRec.is_proxy


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94293 13f79535-47bb-0310-9956-ffa450edef68
 2002-03-29 04:50:37 +00:00
Doug MacEachern
f8ce625de8 init proxy context 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94292 13f79535-47bb-0310-9956-ffa450edef68
 2002-03-29 04:48:01 +00:00
Doug MacEachern
409e7fed52 s/id/mode/ in ssl_cmd_SSLProxyVerify 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94290 13f79535-47bb-0310-9956-ffa450edef68
 2002-03-29 03:19:12 +00:00
Doug MacEachern
f9f62ab460 use ssl_cmd_verify_parse for SSLProxyVerify directive handler 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94289 13f79535-47bb-0310-9956-ffa450edef68
 2002-03-29 03:05:49 +00:00
Doug MacEachern
a24fd6a181 cleanup the proxy context 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94288 13f79535-47bb-0310-9956-ffa450edef68
 2002-03-29 02:59:27 +00:00
Doug MacEachern
987edc67d2 s/ctx/dcfg/g in ssl directive handlers 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94287 13f79535-47bb-0310-9956-ffa450edef68
 2002-03-29 02:48:20 +00:00
Doug MacEachern
b31faa5036 enable proxy directives 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94286 13f79535-47bb-0310-9956-ffa450edef68
 2002-03-29 02:43:33 +00:00
Doug MacEachern
7b86fe98a0 change existing ssl_init_ctx() to ssl_init_ctx_protocol() 
new ssl_init_ctx() inits the lot: protocol, session_cache, callbacks,
verify, cipher suite, crl, cert_chain

new ssl_init_server_ctx function inits everything for sc->server


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94285 13f79535-47bb-0310-9956-ffa450edef68
 2002-03-29 02:20:58 +00:00
Doug MacEachern
6d42555a01 proxy will have a different verify callback 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94283 13f79535-47bb-0310-9956-ffa450edef68
 2002-03-29 02:09:59 +00:00
Doug MacEachern
192828c57c proxy needs to use client ssl method 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94282 13f79535-47bb-0310-9956-ffa450edef68
 2002-03-29 02:06:57 +00:00
Doug MacEachern
ea4cfaae7c setup sc->proxy->sc 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94281 13f79535-47bb-0310-9956-ffa450edef68
 2002-03-29 02:01:49 +00:00
Doug MacEachern
543660842b add ssl_config_server_new function to fold some duplication in server 
create/merge and to make sure merge config is fully inititialized


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94280 13f79535-47bb-0310-9956-ffa450edef68
 2002-03-29 02:00:20 +00:00