mirror of
https://github.com/apache/httpd.git
synced 2025-08-01 07:26:57 +03:00
b77cd8dfde
a) constify return value and variable name passed-in b) require that pool argument is non-NULL c) add gcc warning attributes for NULL arguments or ignored result. This allows removal of inefficient internal duplication of constant strings which was necessary only to allow non-const char *, and removal of unsafe casts to/from const in various places. * modules/ssl/ssl_engine_vars.c (ssl_var_lookup): Assume pool is non-NULL; return constant and remove apr_pstrdup of constant result string. Also constify variable name. (ssl_var_lookup_*): Update to return const char * and avoid duplication where now possible. * modules/ssl/mod_ssl.h: Update ssl_var_lookup() optional function API description and add GCC warning attributes as per private API. * modules/ssl/ssl_engine_init.c (ssl_add_version_components): Adjust for const return value. * modules/ssl/ssl_engine_io.c (ssl_io_filter_handshake): Pass c->pool to ssl_var_lookup. * modules/ssl/ssl_engine_kernel.c (ssl_hook_Access): Pass r->pool to ssl_var_lookup, expect const return and dup the string since r->user is char *. (log_tracing_state): Pass c->pool to ssl_var_lookup. * modules/http2/h2_h2.c (h2_is_acceptable_connection): Assume return value of ssl_var_lookup is const. Github: closes #120 git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1877475 13f79535-47bb-0310-9956-ffa450edef68
132 lines
5.6 KiB
C
132 lines
5.6 KiB
C
/* Licensed to the Apache Software Foundation (ASF) under one or more
|
|
* contributor license agreements. See the NOTICE file distributed with
|
|
* this work for additional information regarding copyright ownership.
|
|
* The ASF licenses this file to You under the Apache License, Version 2.0
|
|
* (the "License"); you may not use this file except in compliance with
|
|
* the License. You may obtain a copy of the License at
|
|
*
|
|
* http://www.apache.org/licenses/LICENSE-2.0
|
|
*
|
|
* Unless required by applicable law or agreed to in writing, software
|
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
* See the License for the specific language governing permissions and
|
|
* limitations under the License.
|
|
*/
|
|
|
|
/**
|
|
* @file mod_ssl.h
|
|
* @brief SSL extension module for Apache
|
|
*
|
|
* @defgroup MOD_SSL mod_ssl
|
|
* @ingroup APACHE_MODS
|
|
* @{
|
|
*/
|
|
|
|
#ifndef __MOD_SSL_H__
|
|
#define __MOD_SSL_H__
|
|
|
|
#include "httpd.h"
|
|
#include "http_config.h"
|
|
#include "apr_optional.h"
|
|
#include "apr_tables.h" /* for apr_array_header_t */
|
|
|
|
/* Create a set of SSL_DECLARE(type), SSL_DECLARE_NONSTD(type) and
|
|
* SSL_DECLARE_DATA with appropriate export and import tags for the platform
|
|
*/
|
|
#if !defined(WIN32)
|
|
#define SSL_DECLARE(type) type
|
|
#define SSL_DECLARE_NONSTD(type) type
|
|
#define SSL_DECLARE_DATA
|
|
#elif defined(SSL_DECLARE_STATIC)
|
|
#define SSL_DECLARE(type) type __stdcall
|
|
#define SSL_DECLARE_NONSTD(type) type
|
|
#define SSL_DECLARE_DATA
|
|
#elif defined(SSL_DECLARE_EXPORT)
|
|
#define SSL_DECLARE(type) __declspec(dllexport) type __stdcall
|
|
#define SSL_DECLARE_NONSTD(type) __declspec(dllexport) type
|
|
#define SSL_DECLARE_DATA __declspec(dllexport)
|
|
#else
|
|
#define SSL_DECLARE(type) __declspec(dllimport) type __stdcall
|
|
#define SSL_DECLARE_NONSTD(type) __declspec(dllimport) type
|
|
#define SSL_DECLARE_DATA __declspec(dllimport)
|
|
#endif
|
|
|
|
/** The ssl_var_lookup() optional function retrieves SSL environment
|
|
* variables. The pool in which to allocate the return value must be
|
|
* non-NULL since httpd 2.5.1. c and/or r may be NULL. */
|
|
APR_DECLARE_OPTIONAL_FN(const char *, ssl_var_lookup,
|
|
(apr_pool_t *p, server_rec *s,
|
|
conn_rec *c, request_rec *r,
|
|
const char *name))
|
|
AP_FN_ATTR_NONNULL((1, 2, 5)) AP_FN_ATTR_WARN_UNUSED_RESULT;
|
|
|
|
/** The ssl_ext_list() optional function attempts to build an array
|
|
* of all the values contained in the named X.509 extension. The
|
|
* returned array will be created in the supplied pool.
|
|
* The client certificate is used if peer is non-zero; the server
|
|
* certificate is used otherwise.
|
|
* Extension specifies the extensions to use as a string. This can be
|
|
* one of the "known" long or short names, or a numeric OID,
|
|
* e.g. "1.2.3.4", 'nsComment' and 'DN' are all valid.
|
|
* A pointer to an apr_array_header_t structure is returned if at
|
|
* least one matching extension is found, NULL otherwise.
|
|
*/
|
|
APR_DECLARE_OPTIONAL_FN(apr_array_header_t *, ssl_ext_list,
|
|
(apr_pool_t *p, conn_rec *c, int peer,
|
|
const char *extension));
|
|
|
|
/** An optional function which returns non-zero if the given connection
|
|
* is using SSL/TLS. */
|
|
APR_DECLARE_OPTIONAL_FN(int, ssl_is_https, (conn_rec *));
|
|
|
|
/** A function that returns the TLS channel binding data as per
|
|
* RFC5929. A buffer containing the Channel Binding Token for the
|
|
* given type will be allocated from the pool and returned to the
|
|
* caller, along with the size. Returns APR_SUCCESS on success; buf
|
|
* and size are not adjusted on error. */
|
|
APR_DECLARE_OPTIONAL_FN(apr_status_t, ssl_get_tls_cb,
|
|
(apr_pool_t *p, conn_rec *c, const char *type,
|
|
unsigned char **buf, apr_size_t *size));
|
|
|
|
/** The ssl_proxy_enable() and ssl_engine_{set,disable}() optional
|
|
* functions are used by mod_proxy to enable use of SSL for outgoing
|
|
* connections. */
|
|
|
|
APR_DECLARE_OPTIONAL_FN(int, ssl_proxy_enable, (conn_rec *));
|
|
APR_DECLARE_OPTIONAL_FN(int, ssl_engine_disable, (conn_rec *));
|
|
APR_DECLARE_OPTIONAL_FN(int, ssl_engine_set, (conn_rec *,
|
|
ap_conf_vector_t *,
|
|
int proxy, int enable));
|
|
|
|
/* Check for availability of new hooks */
|
|
#define SSL_CERT_HOOKS
|
|
#ifdef SSL_CERT_HOOKS
|
|
|
|
/** Lets others add certificate and key files to the given server.
|
|
* For each cert a key must also be added.
|
|
* @param cert_file and array of const char* with the path to the certificate chain
|
|
* @param key_file and array of const char* with the path to the private key file
|
|
*/
|
|
APR_DECLARE_EXTERNAL_HOOK(ssl, SSL, int, add_cert_files,
|
|
(server_rec *s, apr_pool_t *p,
|
|
apr_array_header_t *cert_files,
|
|
apr_array_header_t *key_files))
|
|
|
|
/** In case no certificates are available for a server, this
|
|
* lets other modules add a fallback certificate for the time
|
|
* being. Regular requests against this server will be answered
|
|
* with a 503.
|
|
* @param cert_file and array of const char* with the path to the certificate chain
|
|
* @param key_file and array of const char* with the path to the private key file
|
|
*/
|
|
APR_DECLARE_EXTERNAL_HOOK(ssl, SSL, int, add_fallback_cert_files,
|
|
(server_rec *s, apr_pool_t *p,
|
|
apr_array_header_t *cert_files,
|
|
apr_array_header_t *key_files))
|
|
|
|
#endif /* SSL_CERT_HOOKS */
|
|
|
|
#endif /* __MOD_SSL_H__ */
|
|
/** @} */
|