in 3 different places. the old code did nothing special in the case
of the export flag either.
add an ssl_log in each to trace when keys are being handed out.
add some XXX comments.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93885 13f79535-47bb-0310-9956-ffa450edef68
is happening. so avoid calling that unless needed and just stash a
pointer to the client cert for the boolean checks that the client
provided a cert.
PR:
Obtained from:
Submitted by:
Reviewed by:
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@92240 13f79535-47bb-0310-9956-ffa450edef68
function and free() of the return value twice each, for logging
regardless of SSLLogLevel. changed to happen only if SSLLogLevel >= trace
PR:
Obtained from:
Submitted by:
Reviewed by:
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@92236 13f79535-47bb-0310-9956-ffa450edef68
in the gprof profile. there's no need for the "global" SSLModConfigRec
to live in the s->process->pool userdata table. we now just point the
SSLSrvConfigRec in each server_rec.module_config to the SSLModConfigRec
so we can access it directly which is much faster.
PR:
Obtained from:
Submitted by:
Reviewed by:
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@92234 13f79535-47bb-0310-9956-ffa450edef68
- only look through the table once, rather than 2 apr_table_gets()
- case-sensitive and use strcmp() as little as possible
- only lookup once per-connection, as the flags will not change across
keepalive requests
PR:
Obtained from:
Submitted by:
Reviewed by:
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@92121 13f79535-47bb-0310-9956-ffa450edef68
else there are 5 (expensive!) calls made to ssl_var_lookup on every request
for info that will never be logged
PR:
Obtained from:
Submitted by:
Reviewed by:
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@92119 13f79535-47bb-0310-9956-ffa450edef68
change app_data2 to be the request_rec itself.
if something needs per-request context in the future,
it can use r->request_config
PR:
Obtained from:
Submitted by:
Reviewed by:
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@92113 13f79535-47bb-0310-9956-ffa450edef68
note: may actually be removed unless somebody can figure out why it is in
there to begin with
PR:
Obtained from:
Submitted by:
Reviewed by:
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@92111 13f79535-47bb-0310-9956-ffa450edef68
need to set SSLFilterRec.pssl = NULL when ssl_hook_CloseConnection is called
otherwise, ap_lingering_close -> ap_flush_conn will call ssl_io_filter_Output
which thinks it can still use the SSLFilterRec.pssl
PR:
Obtained from:
Submitted by:
Reviewed by:
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@91886 13f79535-47bb-0310-9956-ffa450edef68
add support for renegotiation during the Access hook
this requires hooking into the read and write SSL BIOs in order to
flush data to the client and read from the filter chain
this also requires that the ssl filters become "aware" that
renegotitation is in progress so that the BIOs are left alone for
SSL_renegotiate/SSL_do_handshake in ssl_hook_Access to deal with
PR:
Obtained from:
Submitted by:
Reviewed by:
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@90185 13f79535-47bb-0310-9956-ffa450edef68
since the conn_rec will no longer be valid.
- eliminated the "for (;;)" processing loop in ssl_io_filter_Output() -
we'll have to do that in churn_output() if required, so that any remaining
OpenSSL data (if available) is transferred before we call the
CloseConnection.
- Any remaining data in SSL should be cleaned up ideally in the
APR_BUCKET_IS_EOS() processing stage itself, as we close the SSL connection
here.
Submitted by: Madhusudan Mathihalli <madhusudan_mathihalli@hp.com>
Reviewed by: William Rowe
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@89816 13f79535-47bb-0310-9956-ffa450edef68
latest patches from Madhusudan which makes mod_ssl 95% working inside
Apache 2.0. There is still a lot of more work (both porting and cleanup)
to do be done. See modules/ssl/README for details.
Submitted by: Madhusudan Mathihalli <madhusudan_mathihalli@hp.com>
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@89618 13f79535-47bb-0310-9956-ffa450edef68
later for this or we don't do it at all. But we certainly no longer want
to see any platform specific things inside a module.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@89018 13f79535-47bb-0310-9956-ffa450edef68
pre-sucking on POST requests and I/O re-injection in case of SSL
renegotiations. This all either cannot be solved any longer or at least
has to be implemented totally different through I/O layering/filtering.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@89017 13f79535-47bb-0310-9956-ffa450edef68
incompatible at many places to Apache 1.3 we also don't want this stuff
anymore. Apache 2.0's mod_ssl will be mostly compatibile with Apache
1.3's mod_ssl, of course. But we really no longer want to be compatible
to Sioux and other obsolete SSL things...
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@89012 13f79535-47bb-0310-9956-ffa450edef68
If we want this later again, we have to do it differently anyway. So,
for now we try to strip down mod_ssl as heavy as possible and hence we
kick out this stuff at all.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@89010 13f79535-47bb-0310-9956-ffa450edef68
