to be included even when mod_ssl is not enabled.
* Makefile.in (install-include): Only install mod_ssl.h.
* modules/ssl/ssl_private.h: New file.
* modules/ssl/mod_ssl.h: Move everything apart from than the optional
hook definitions into ssl_private.h.
* modules/ssl/*.c: Include ssl_private.h not mod_ssl.h
* modules/ssl/config.m4: Always add the mod_ssl directory to the
include path so other modules can find mod_ssl.h.
* modules/proxy/mod_proxy.c: Include mod_ssl.h to pick up the optional
hook definitions rather than copy'n'pasting them.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@102803 13f79535-47bb-0310-9956-ffa450edef68
required creating a new EOC (End-Of-Connection) bucket type to notify mod_ssl
that the connection is about to be closed.
Reviewed by: Joe Orton, Justin Erenkrantz
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@102793 13f79535-47bb-0310-9956-ffa450edef68
* modules/ssl/ssl_engine_kernel.c (ssl_hook_Access): Set aborted flag
after renegotiation failure.
* modules/ssl/ssl_engine_io.c (ssl_filter_write, ssl_io_filter_output):
Don't dereference BIOs in filter_ctx when filter_ctx->pssl is NULL.
(ssl_filter_io_shutdown): Set aborted flag on abortive shutdown.
PR: 21370
Submitted by: Hartmut Keil <Hartmut.Keil@adnovum.ch>
Cleaned up by: Jeff Trawick, Joe Orton
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@100720 13f79535-47bb-0310-9956-ffa450edef68
Some additional work or research is required in order to pass the
perl-framework regressions, but I don't have the cycles and don't
care to leave the broken code in cvs HEAD.
REVERTING: wrowe 2003/05/19 08:13:19
Modified: modules/ssl config.m4 ssl_engine_io.c ssl_engine_kernel.c
ssl_toolkit_compat.h
Log:
Drop SSL_set_state() in favor of a proper SSL_renegotiate() to begin
rehandshaking the SSL connection, vis-a-vis ApacheSSL.
Revision Changes Path
1.15 +0 -1 httpd-2.0/modules/ssl/config.m4
1.108 +1 -1 httpd-2.0/modules/ssl/ssl_engine_io.c
1.93 +1 -1 httpd-2.0/modules/ssl/ssl_engine_kernel.c
1.34 +0 -6 httpd-2.0/modules/ssl/ssl_toolkit_compat.h
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@100004 13f79535-47bb-0310-9956-ffa450edef68
first-use cases (via ssl_io_input_add_filter) and when we are writing and
need response from the client (via ssl_io_filter_output). Both of these
cases are always blocking. [
PR: 19242
Submitted by: David Deaves <David.Deaves@dd.id.au>, William Rowe
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@99863 13f79535-47bb-0310-9956-ffa450edef68
all assignments and the final SSL_free(), free ssl_conn->client_cert
to avoid leaks of this refcounted X509*. Prereleasing refcounted
objects is unsafe programming; fix applied to both branches.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@99252 13f79535-47bb-0310-9956-ffa450edef68
SSLEngine upgrade so that we can begin and continue to support these
facilities. This makes it simpler to keep this effort (while we have
no known clients that support Connection: upgrade at this time), and
begin refactoring more of SSL into smaller and tighter (and then optional)
components.
Submitted by: Ryan Bloom
Reviewed by: William Rowe, Joe Orton
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@97912 13f79535-47bb-0310-9956-ffa450edef68
isn't necessarily blocking. Should not have changed this in the prior
commit, and adding the same retry to the -1/EAGAIN|EINTR case.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@97423 13f79535-47bb-0310-9956-ffa450edef68
ssl_io_filter_connect code to follow the filter read and write.
Notice that it's buck ugly, but we will extract an rc first from
the input BIO if it was written, and then try the output bio if
it was APR_SUCCESS, during _connect processing.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@97422 13f79535-47bb-0310-9956-ffa450edef68
ssl_abort into what was ssl_hook_CloseConnection, clean out a bunch of
now-static or private headers from mod_ssl.h, and final fix a very small
but potent segfault if ->pssl is destroyed within our read loop.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@97411 13f79535-47bb-0310-9956-ffa450edef68
appropriate amount of tumolt and turmoil if our client has 'gone away'
on us, sparing us of further processing (and potential 'renegotiations'
with a non-existant client.)
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@97400 13f79535-47bb-0310-9956-ffa450edef68
wbio to bio_out, BIO new and free to create and destroy (to match OpenSSL),
refactor the bio write code to stash errors in outctx->rc,
fix the blocking read at EOF if we have some data to return,
and preempt the nonblock read on GETLINE if we have the newline already.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@97393 13f79535-47bb-0310-9956-ffa450edef68
Stick a comment in there as a 'Waldo was here' so that if I ever see this
again, I realize that I've actually thought about it and didn't think >
was necessary.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@97372 13f79535-47bb-0310-9956-ffa450edef68
especially eliminating all of 'our' capitalized identifiers that were
easily confused with library symbols; go with APR_STATUS_IS_EOF() just
in case there is a platform result; fix a bogus *len = 0; reassignment
and fold the two flavors of input context tracking into one.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@97368 13f79535-47bb-0310-9956-ffa450edef68
Also, uncomment a line of code that the last commit should have uncommented.
Randall found this line and the fix, but I forgot to uncomment this line
along with the fix.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@97179 13f79535-47bb-0310-9956-ffa450edef68
arbitrary code before the handlers are invoked.
This resolves an issue with incorrect 304s on If-Modified-Since mod_include
requests since ap_meets_conditions() is not aware that this is a dynamic
request and it is not possible to satisfy 304 for these requests (unless
xbithack full is on, of course). When mod_include runs as a filter, it is
too late to set any flag since the handler is responsible for calling
ap_meets_conditions(), which it should do before generating any data.
If a module doesn't need to run such arbitrary code, it can just pass NULL
as the argument and all is well.
PR: 9673
Reviewed by: Ryan Bloom and others
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@95906 13f79535-47bb-0310-9956-ffa450edef68
