www/apache
1
0
Fork 0
mirror of https://github.com/apache/httpd.git synced 2025-11-05 05:30:39 +03:00
Code Activity
22,500 Commits 62 Branches 304 Tags
c7f1896fa72eafc46943b51a07b72634fda93ca3
Commit Graph

159 Commits

Author SHA1 Message Date
Doug MacEachern
a456732c3f add myCtxConfig macro 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94331 13f79535-47bb-0310-9956-ffa450edef68
 2002-03-30 05:57:59 +00:00
Doug MacEachern
9ee8bc12b5 implement proxy client certificate callback 
(uses SSLProxyMachineCertificate{File,Cert} when downstream server
requires a client certificate)


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94329 13f79535-47bb-0310-9956-ffa450edef68
 2002-03-30 05:40:02 +00:00
Cliff Woolley
5b5cccc4ae Fix the version string. We want to end up with "mod_ssl/2.0.xx", not 
"mod_ssl/Apache/2.0.xx".


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94320 13f79535-47bb-0310-9956-ffa450edef68
 2002-03-30 00:00:21 +00:00
Doug MacEachern
5e1c0e2c15 add SSLProxyEngine directive. this was not required in the 1.x based 
mod_ssl because the SSL_CTX was created and configured for *every*
request.  unlike in 2.0 where we configure the proxy SSL_CTX at
startup time, which is much better for performance.  but we don't want
to configure a proxy context for every vhost if it isn't going to be
used, for the same reasons we don't create a server context for every
vhost unless SSLEngine is on.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94314 13f79535-47bb-0310-9956-ffa450edef68
 2002-03-29 17:56:33 +00:00
Doug MacEachern
722125d944 add optional function (ssl_proxy_enable) to turn on ssl proxy 
choose SSL_CTX based on SSLConnRec.is_proxy


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94293 13f79535-47bb-0310-9956-ffa450edef68
 2002-03-29 04:50:37 +00:00
Doug MacEachern
f9f62ab460 use ssl_cmd_verify_parse for SSLProxyVerify directive handler 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94289 13f79535-47bb-0310-9956-ffa450edef68
 2002-03-29 03:05:49 +00:00
Doug MacEachern
b31faa5036 enable proxy directives 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94286 13f79535-47bb-0310-9956-ffa450edef68
 2002-03-29 02:43:33 +00:00
Doug MacEachern
0679fa7bf1 moving cfgMerge macros to ssl_engine_config.c, they are not used anywhere else 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94271 13f79535-47bb-0310-9956-ffa450edef68
 2002-03-28 18:58:06 +00:00
Doug MacEachern
045abcfbbd remove unused cfgMerge{Table,Ctx} macros 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94269 13f79535-47bb-0310-9956-ffa450edef68
 2002-03-28 18:54:52 +00:00
Doug MacEachern
0569a2a622 moving protocol location 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94268 13f79535-47bb-0310-9956-ffa450edef68
 2002-03-28 18:53:54 +00:00
Doug MacEachern
1d76ab39ff breakup SSLSrvConfigRec in preparation for proxy support: 
+ modssl_pk_server_t - certs/keys for the server
+ modssl_pk_proxy_t  - certs/keys for the proxy
+ modssl_auth_ctx_t  - stuff related to authentication that can also
                       be per-dir, used by both server and proxy
+ modssl_ctx_t       - context that can be used by both server and proxy
+ SSLSrvConfigRec    - now contains original stuff specific to the
                       server config and modssl_ctx_t *server, *proxy


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94267 13f79535-47bb-0310-9956-ffa450edef68
 2002-03-28 18:50:07 +00:00
Doug MacEachern
e90c7fb27f ripping out some proxy stuff that isn't currently in use and is going 
to change anyhow.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94266 13f79535-47bb-0310-9956-ffa450edef68
 2002-03-28 17:23:50 +00:00
Doug MacEachern
388657af76 already added configure check for SSL_set_cert_store 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94265 13f79535-47bb-0310-9956-ffa450edef68
 2002-03-28 17:16:41 +00:00
Doug MacEachern
d5c395f0e7 de-hungarian-ize server config member names which are going to stay 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94264 13f79535-47bb-0310-9956-ffa450edef68
 2002-03-28 17:11:12 +00:00
Doug MacEachern
bb986b6b22 reorder a bit of the server config structure, moving items that are 
going to stay there to the top.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94263 13f79535-47bb-0310-9956-ffa450edef68
 2002-03-28 16:47:36 +00:00
Doug MacEachern
249519625c there is a heaping pile of: 
ssl_log(s, flags, "Init: (%s) ...", sc->szVHostID)
add SSL_INIT flag to cut down some noise and end up with:
 ssl_log(s, flags, "...")


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94247 13f79535-47bb-0310-9956-ffa450edef68
 2002-03-28 00:34:13 +00:00
Doug MacEachern
8bf48c5959 "new" is a c++ keyword; s/new/mrg/g in config merge functions 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94244 13f79535-47bb-0310-9956-ffa450edef68
 2002-03-27 23:35:31 +00:00
Doug MacEachern
f3e92e1cde bringing back MOD_SSL_VERSION macro, define it to AP_SERVER_BASEVERSION 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94231 13f79535-47bb-0310-9956-ffa450edef68
 2002-03-27 19:38:05 +00:00
Doug MacEachern
b425a0f8c4 move prototype for modssl_session_get_time to ssl_util_ssl.h 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94226 13f79535-47bb-0310-9956-ffa450edef68
 2002-03-27 18:20:37 +00:00
Doug MacEachern
33922c86be sslc 1.x does not have an x509v3.h 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94217 13f79535-47bb-0310-9956-ffa450edef68
 2002-03-27 05:58:31 +00:00
Doug MacEachern
1d2a39531c moving OpenSSL+sslc compat foo to ssl_toolkit_compat.h 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94199 13f79535-47bb-0310-9956-ffa450edef68
 2002-03-27 02:28:15 +00:00
Doug MacEachern
5bfe936911 3rd arg of BIO callbacks in 'const char' in OpenSSL and 'char' in sslc, 
make both happy.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94198 13f79535-47bb-0310-9956-ffa450edef68
 2002-03-27 01:58:15 +00:00
Doug MacEachern
ebe92b6f8b add modssl_session_get_time() function to give mod_ssl what it needs 
from SSL_SESSION_get_time() if using OpenSSL or sslc.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94195 13f79535-47bb-0310-9956-ffa450edef68
 2002-03-27 01:28:20 +00:00
Doug MacEachern
0fb13a8b4a another step towards compatiblity with rsa sslc: 
define the STACK_OF macro if not already defined.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94194 13f79535-47bb-0310-9956-ffa450edef68
 2002-03-27 00:46:07 +00:00
Doug MacEachern
d37bf62cd7 configure already checks OpenSSL version so dont bother here 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94193 13f79535-47bb-0310-9956-ffa450edef68
 2002-03-27 00:32:07 +00:00
Doug MacEachern
7c1521f253 per-dir SSLCACertificate{File,Path} cannot use SSL_CTX_set_cert_store 
as the 1.x based module does, since the function is not thread-safe.
a patch has been submitted to OpenSSL to support SSL_set_cert_store
which is thread safe.  this feature is enabled by default in the
current 1.x based module, we only enable it if the SSL_set_cert_store
function is available.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94179 13f79535-47bb-0310-9956-ffa450edef68
 2002-03-26 16:57:49 +00:00
Doug MacEachern
9303382216 constificationization of some char * config items 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94177 13f79535-47bb-0310-9956-ffa450edef68
 2002-03-26 15:49:37 +00:00
Jeff Trawick
3400f03621 the mod_ssl provided with Apache >= 2.0 no longer has an independent 
version number


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94111 13f79535-47bb-0310-9956-ffa450edef68
 2002-03-22 00:59:23 +00:00
William A. Rowe Jr
05ae021cfd Clear up a const warning, and recognize some arrays by changing the 
variable names to the plural [rather than aszFoo, which I hope continues
  to be cleaned up as folks have time.]


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93982 13f79535-47bb-0310-9956-ffa450edef68
 2002-03-17 17:32:24 +00:00
Doug MacEachern
97b148c3b5 PR: 
Obtained from:
Submitted by:   Madhusudan Mathihalli <madhusudan_mathihalli@hp.com>
Reviewed by:	dougm
implement SSLSessionCache shmht and shmcb based on apr_rmm and apr_shm


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93942 13f79535-47bb-0310-9956-ffa450edef68
 2002-03-14 23:31:23 +00:00
Roy T. Fielding
845cbfd508 Update our copyright for this year. 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93918 13f79535-47bb-0310-9956-ffa450edef68
 2002-03-13 20:48:07 +00:00
Doug MacEachern
07965e685f add ssl_asn1_keystr() util function that returns string representation 
(RSA or DSA) of the key index.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93912 13f79535-47bb-0310-9956-ffa450edef68
 2002-03-13 18:56:07 +00:00
Doug MacEachern
cc09059d11 add ssl_asn1_table_keyfmt() function for clarity 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93909 13f79535-47bb-0310-9956-ffa450edef68
 2002-03-13 18:42:05 +00:00
Doug MacEachern
55294115e5 use ptemp in ssl_init_FindCAList() rather than creating a subpool. 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93895 13f79535-47bb-0310-9956-ffa450edef68
 2002-03-13 04:59:19 +00:00
Doug MacEachern
cc61103ca6 remove obsolete ssl_ds_{table,array} api 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93891 13f79535-47bb-0310-9956-ffa450edef68
 2002-03-13 04:14:43 +00:00
Doug MacEachern
d9d26c6b82 for the sake of readablity, 
change: SSL_TKPIDX_{DH,RSA}{512,1024}
to:     SSL_TMP_KEY_{DH,RSA}_{512,1024}


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93883 13f79535-47bb-0310-9956-ffa450edef68
 2002-03-12 23:05:33 +00:00
Doug MacEachern
52ff7b736e split ssl_init_TmpKeysHandle function to init/free functions, 
and make them static to ssl_engine_init.c


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93882 13f79535-47bb-0310-9956-ffa450edef68
 2002-03-12 22:50:38 +00:00
Doug MacEachern
15d581b6fe it is not required that temporary keys survive restarts, since they 
are generated and destroyed on every restart.

so get rid of SSLModConfigRec.tTmpKeys table and mess that was
managing it.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93881 13f79535-47bb-0310-9956-ffa450edef68
 2002-03-12 22:34:31 +00:00
Doug MacEachern
bed8256dc1 remove version checks for using EGD 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93879 13f79535-47bb-0310-9956-ffa450edef68
 2002-03-12 22:11:51 +00:00
Doug MacEachern
47c4501000 we require OpenSSL 0.9.6+ 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93877 13f79535-47bb-0310-9956-ffa450edef68
 2002-03-12 22:07:12 +00:00
Doug MacEachern
4e2c5954f9 making ssl_init_SSLLibrary() static 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93874 13f79535-47bb-0310-9956-ffa450edef68
 2002-03-12 21:53:44 +00:00
Doug MacEachern
2e7c1f17cc add SSL_VERIFY_PEER_STRICT shortcut for often used flags 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93846 13f79535-47bb-0310-9956-ffa450edef68
 2002-03-12 00:06:06 +00:00
Doug MacEachern
e359ecfc06 remove unused ap_server_ctx member from SSLSrvConfigRec 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93785 13f79535-47bb-0310-9956-ffa450edef68
 2002-03-08 00:03:50 +00:00
Doug MacEachern
f702218cea s/const void/const char/g in ssl_asn1_table api 
pointed out by gstein


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93653 13f79535-47bb-0310-9956-ffa450edef68
 2002-03-01 05:24:06 +00:00
Cliff Woolley
8097066e90 Consensus is that we should not use the scoreboard as a source of entropy. 
Reviewed by: OtherBill, Justin, Madhu


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93652 13f79535-47bb-0310-9956-ffa450edef68
 2002-03-01 04:35:17 +00:00
Doug MacEachern
0d2e1d0893 reuse vhost keys for asn1 tables where keys are allocated out 
of s->process->pool to prevent "leaking" each time we format
a vhost key.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93616 13f79535-47bb-0310-9956-ffa450edef68
 2002-02-28 01:30:18 +00:00
Doug MacEachern
b4f77dcf27 switch SSLModConfigRec.tPublicCert to ssl_asn1_table api to prevent 
leakage on restarts.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93615 13f79535-47bb-0310-9956-ffa450edef68
 2002-02-28 00:28:05 +00:00
Doug MacEachern
e778179d1f switch SSLModConfigRec.tPrivateKey to ssl_asn1_table api to prevent 
leakage on restarts.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93614 13f79535-47bb-0310-9956-ffa450edef68
 2002-02-28 00:23:32 +00:00
Doug MacEachern
01b903dfc4 add ssl_asn1_table_get() wrapper and change ssl_init_TmpKeysHandle() 
to use it.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93613 13f79535-47bb-0310-9956-ffa450edef68
 2002-02-28 00:10:52 +00:00
Doug MacEachern
d6a76369d5 mod_ssl was "leaking" on restart since mc->tTmpKeys table entries 
were allocated using apr_palloc out of s->process->pool and pushed
into an apr_array_header_t.
solve the problem by moving from apr_array_header_t's to an apr_hash_t.
also add ssl_asn1_table_{set,unset} wrappers to use malloc/free so we
do not "leak" from s->process->pool.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93612 13f79535-47bb-0310-9956-ffa450edef68
 2002-02-28 00:01:57 +00:00