www/apache
1
0
Fork 0
mirror of https://github.com/apache/httpd.git synced 2026-01-26 19:01:35 +03:00
Code Activity
8,172 Commits 62 Branches 306 Tags
94de8923dba848c60553c4f3cd594f45875cc428
Commit Graph

2792 Commits

Author SHA1 Message Date
Doug MacEachern
140006b5b1 add/use EVP_PKEY_reference_inc and X509_reference_inc compat macros 
to get these changes working with sslc


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94341 13f79535-47bb-0310-9956-ffa450edef68
 2002-03-30 08:11:44 +00:00
Doug MacEachern
d019ceb174 add sslc compat for sk_X509_INFO_free 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94340 13f79535-47bb-0310-9956-ffa450edef68
 2002-03-30 07:42:30 +00:00
Doug MacEachern
3fa9f2ba65 add SSLProxyCARevocation{File,Path} directives to support CRLs in the proxy 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94338 13f79535-47bb-0310-9956-ffa450edef68
 2002-03-30 06:46:24 +00:00
Doug MacEachern
663baf331b pass sc to myCtxConfig macro 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94337 13f79535-47bb-0310-9956-ffa450edef68
 2002-03-30 06:38:10 +00:00
Doug MacEachern
97b59112b8 make it possible for proxy to use CRL callback 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94336 13f79535-47bb-0310-9956-ffa450edef68
 2002-03-30 06:36:56 +00:00
Doug MacEachern
51bbfbacd5 enable the verify callback for proxy 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94334 13f79535-47bb-0310-9956-ffa450edef68
 2002-03-30 06:20:16 +00:00
Doug MacEachern
51ee9a749e ap_proxy_http_request needs to check the return status of ap_pass_brigade 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94333 13f79535-47bb-0310-9956-ffa450edef68
 2002-03-30 06:19:14 +00:00
Doug MacEachern
0d93dc2686 change sc->server references to myCtxConfig, so proxy can use the 
verify callback.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94332 13f79535-47bb-0310-9956-ffa450edef68
 2002-03-30 06:03:08 +00:00
Doug MacEachern
a456732c3f add myCtxConfig macro 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94331 13f79535-47bb-0310-9956-ffa450edef68
 2002-03-30 05:57:59 +00:00
Doug MacEachern
9ee8bc12b5 implement proxy client certificate callback 
(uses SSLProxyMachineCertificate{File,Cert} when downstream server
requires a client certificate)


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94329 13f79535-47bb-0310-9956-ffa450edef68
 2002-03-30 05:40:02 +00:00
Doug MacEachern
ada316e24b input filter should not return failure when ssl runtime wants to read more 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94328 13f79535-47bb-0310-9956-ffa450edef68
 2002-03-30 05:16:55 +00:00
Doug MacEachern
a12425c133 ssl_io_input_read needs to return something other than APR_SUCCESS 
when bucket read from socket was successful,
but there was an error within the ssl runtime.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94327 13f79535-47bb-0310-9956-ffa450edef68
 2002-03-30 04:52:48 +00:00
Doug MacEachern
5021db7bd6 load SSLProxyMachineCertificate{File,Path} 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94324 13f79535-47bb-0310-9956-ffa450edef68
 2002-03-30 01:50:10 +00:00
Doug MacEachern
e430071911 enable/cleanup SSL_X509_INFO_load_{file,path} functions for use in 
proxy context


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94323 13f79535-47bb-0310-9956-ffa450edef68
 2002-03-30 01:41:35 +00:00
Cliff Woolley
5b5cccc4ae Fix the version string. We want to end up with "mod_ssl/2.0.xx", not 
"mod_ssl/Apache/2.0.xx".


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94320 13f79535-47bb-0310-9956-ffa450edef68
 2002-03-30 00:00:21 +00:00
Doug MacEachern
5e1c0e2c15 add SSLProxyEngine directive. this was not required in the 1.x based 
mod_ssl because the SSL_CTX was created and configured for *every*
request.  unlike in 2.0 where we configure the proxy SSL_CTX at
startup time, which is much better for performance.  but we don't want
to configure a proxy context for every vhost if it isn't going to be
used, for the same reasons we don't create a server context for every
vhost unless SSLEngine is on.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94314 13f79535-47bb-0310-9956-ffa450edef68
 2002-03-29 17:56:33 +00:00
Doug MacEachern
f4d0e50e00 check the return value of ap_proxy_ssl_enable 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94313 13f79535-47bb-0310-9956-ffa450edef68
 2002-03-29 17:48:28 +00:00
Cliff Woolley
3e2ce19baf BUCKET FREELISTS 
Add an allocator-passing mechanism throughout the bucket brigades API.

From Apache's standpoint, the apr_bucket_alloc_t* used throughout a given
connection is stored in the conn_rec by the create_connection hook.  That
means it's the MPM's job to optimize recycling of apr_bucket_alloc_t's --
the MPM must ensure that no two threads can ever use the same one at the
same time, for instance.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94304 13f79535-47bb-0310-9956-ffa450edef68
 2002-03-29 08:17:26 +00:00
Doug MacEachern
b699ec0f91 import ssl_proxy_enable in the post config phase, otherwise LoadModule 
order may leave us without the function.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94303 13f79535-47bb-0310-9956-ffa450edef68
 2002-03-29 08:04:04 +00:00
Doug MacEachern
bd13d51f35 remove ssl_engine_ext.c 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94302 13f79535-47bb-0310-9956-ffa450edef68
 2002-03-29 07:37:28 +00:00
Doug MacEachern
1d739333a1 removing old proxy extension code 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94301 13f79535-47bb-0310-9956-ffa450edef68
 2002-03-29 07:36:01 +00:00
Doug MacEachern
c3e2155dca hook into mod_ssl for https support 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94300 13f79535-47bb-0310-9956-ffa450edef68
 2002-03-29 07:29:11 +00:00
Doug MacEachern
c0797583d1 need to flush output buffer before reading in proxy mode 
need to call ssl_hook_process_connection in the output filter in proxy
mode, since proxy hits the output filter before the input filter


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94299 13f79535-47bb-0310-9956-ffa450edef68
 2002-03-29 07:23:09 +00:00
Doug MacEachern
5d625d916c in proxy mode we need to SSL_connect rather than SSL_accept in 
ssl_hook_process_connection.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94298 13f79535-47bb-0310-9956-ffa450edef68
 2002-03-29 07:22:43 +00:00
Cliff Woolley
0129e9c9e2 These two variables were left uninitialized accidentally. 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94297 13f79535-47bb-0310-9956-ffa450edef68
 2002-03-29 07:12:01 +00:00
Brian Pane
7d55deceea Allow variable expansion within in the "var" arg to <!--#echo 
and <!--#set, so that people can do things like this:
  <!--#echo var="${foo}_${bar}" -->


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94294 13f79535-47bb-0310-9956-ffa450edef68
 2002-03-29 05:58:39 +00:00
Doug MacEachern
722125d944 add optional function (ssl_proxy_enable) to turn on ssl proxy 
choose SSL_CTX based on SSLConnRec.is_proxy


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94293 13f79535-47bb-0310-9956-ffa450edef68
 2002-03-29 04:50:37 +00:00
Doug MacEachern
f8ce625de8 init proxy context 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94292 13f79535-47bb-0310-9956-ffa450edef68
 2002-03-29 04:48:01 +00:00
Brian Pane
54ae6c947e Replaced my fix for the is_only_below() bug with Cliff's faster 
and simpler version.
Submitted by:	Cliff Woolley


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94291 13f79535-47bb-0310-9956-ffa450edef68
 2002-03-29 04:47:10 +00:00
Doug MacEachern
409e7fed52 s/id/mode/ in ssl_cmd_SSLProxyVerify 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94290 13f79535-47bb-0310-9956-ffa450edef68
 2002-03-29 03:19:12 +00:00
Doug MacEachern
f9f62ab460 use ssl_cmd_verify_parse for SSLProxyVerify directive handler 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94289 13f79535-47bb-0310-9956-ffa450edef68
 2002-03-29 03:05:49 +00:00
Doug MacEachern
a24fd6a181 cleanup the proxy context 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94288 13f79535-47bb-0310-9956-ffa450edef68
 2002-03-29 02:59:27 +00:00
Doug MacEachern
987edc67d2 s/ctx/dcfg/g in ssl directive handlers 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94287 13f79535-47bb-0310-9956-ffa450edef68
 2002-03-29 02:48:20 +00:00
Doug MacEachern
b31faa5036 enable proxy directives 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94286 13f79535-47bb-0310-9956-ffa450edef68
 2002-03-29 02:43:33 +00:00
Doug MacEachern
7b86fe98a0 change existing ssl_init_ctx() to ssl_init_ctx_protocol() 
new ssl_init_ctx() inits the lot: protocol, session_cache, callbacks,
verify, cipher suite, crl, cert_chain

new ssl_init_server_ctx function inits everything for sc->server


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94285 13f79535-47bb-0310-9956-ffa450edef68
 2002-03-29 02:20:58 +00:00
Brian Pane
440d5f0751 Fixes for three problems in mod_include: 
* The ctx->tag_length computation in find_end_sequence() was a bit
    broken in cases where there was a "false alarm" match on a partial
    "-->"
  * The ap_ssi_get_tag_and_value() function needs to avoid walking off
    the end of the string.  After debugging this some more, I ended up
    using Cliff's original patch.
  * Infinite loop in is_only_below()


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94284 13f79535-47bb-0310-9956-ffa450edef68
 2002-03-29 02:14:45 +00:00
Doug MacEachern
6d42555a01 proxy will have a different verify callback 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94283 13f79535-47bb-0310-9956-ffa450edef68
 2002-03-29 02:09:59 +00:00
Doug MacEachern
192828c57c proxy needs to use client ssl method 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94282 13f79535-47bb-0310-9956-ffa450edef68
 2002-03-29 02:06:57 +00:00
Doug MacEachern
ea4cfaae7c setup sc->proxy->sc 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94281 13f79535-47bb-0310-9956-ffa450edef68
 2002-03-29 02:01:49 +00:00
Doug MacEachern
543660842b add ssl_config_server_new function to fold some duplication in server 
create/merge and to make sure merge config is fully inititialized


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94280 13f79535-47bb-0310-9956-ffa450edef68
 2002-03-29 02:00:20 +00:00
Doug MacEachern
3539d5de18 inititialize and merge proxy config 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94279 13f79535-47bb-0310-9956-ffa450edef68
 2002-03-29 01:56:40 +00:00
Doug MacEachern
6b105970df no point in merging things which are not set until after merge happens. 
make a note of those which are set during module init.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94278 13f79535-47bb-0310-9956-ffa450edef68
 2002-03-29 01:42:04 +00:00
Doug MacEachern
d5116bceb9 'ctx' traditionally refers to an SSL_CTX. change modssl_ctx_t 
instances to 'mctx'


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94277 13f79535-47bb-0310-9956-ffa450edef68
 2002-03-29 01:24:10 +00:00
Bradley Nicholes
1f31c48ce1 Stop the while loop from incrementing twice per iteration before checking for 
the NULL terminator.  This was causing the while loop to walk off the end of any
string with an odd number of characters.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94276 13f79535-47bb-0310-9956-ffa450edef68
 2002-03-29 00:39:56 +00:00
Doug MacEachern
b08517ce8e ctx->sc is set during init 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94275 13f79535-47bb-0310-9956-ffa450edef68
 2002-03-28 19:50:48 +00:00
Doug MacEachern
78b02f8110 switch from SSLSrvConfigRec* to modssl_ctx_t* in the ssl_init_ctx* 
functions


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94274 13f79535-47bb-0310-9956-ffa450edef68
 2002-03-28 19:48:31 +00:00
Doug MacEachern
038f201cbb make merging of modssl_ctx_t's generic 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94273 13f79535-47bb-0310-9956-ffa450edef68
 2002-03-28 19:15:03 +00:00
Doug MacEachern
0679fa7bf1 moving cfgMerge macros to ssl_engine_config.c, they are not used anywhere else 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94271 13f79535-47bb-0310-9956-ffa450edef68
 2002-03-28 18:58:06 +00:00
Doug MacEachern
045abcfbbd remove unused cfgMerge{Table,Ctx} macros 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94269 13f79535-47bb-0310-9956-ffa450edef68
 2002-03-28 18:54:52 +00:00
Doug MacEachern
0569a2a622 moving protocol location 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94268 13f79535-47bb-0310-9956-ffa450edef68
 2002-03-28 18:53:54 +00:00