httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From r..@apache.org
Subject cvs commit: httpd-2.0/modules/ssl README mod_ssl.c mod_ssl.h ssl_engine_config.c ssl_engine_ds.c ssl_engine_init.c ssl_engine_io.c ssl_engine_kernel.c ssl_engine_log.c ssl_engine_mutex.c ssl_engine_pphrase.c ssl_engine_rand.c ssl_engine_vars.c ssl_scache.c ssl_scache_dbm.c ssl_util.c ssl_util_ssl.c ssl_util_ssl.h
Date Thu, 19 Jul 2001 16:08:03 GMT
rse         01/07/19 09:08:03

  Modified:    modules/ssl README mod_ssl.c mod_ssl.h ssl_engine_config.c
                        ssl_engine_ds.c ssl_engine_init.c ssl_engine_io.c
                        ssl_engine_kernel.c ssl_engine_log.c
                        ssl_engine_mutex.c ssl_engine_pphrase.c
                        ssl_engine_rand.c ssl_engine_vars.c ssl_scache.c
                        ssl_scache_dbm.c ssl_util.c ssl_util_ssl.c
                        ssl_util_ssl.h
  Log:
  Apply mod_ssl MEGA porting patch. This is a cleaned up version of the
  latest patches from Madhusudan which makes mod_ssl 95% working inside
  Apache 2.0. There is still a lot of more work (both porting and cleanup)
  to do be done. See modules/ssl/README for details.
  
  Submitted by: Madhusudan Mathihalli <madhusudan_mathihalli@hp.com>
  
  Revision  Changes    Path
  1.20      +27 -13    httpd-2.0/modules/ssl/README
  
  Index: README
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/modules/ssl/README,v
  retrieving revision 1.19
  retrieving revision 1.20
  diff -u -r1.19 -r1.20
  --- README	2001/07/17 17:26:48	1.19
  +++ README	2001/07/19 16:08:01	1.20
  @@ -23,22 +23,23 @@
   
    Here is a short overview of the source files:
   
  + * README .................. This file ;)
    # Makefile.in ............. Makefile template for Unix platform
    # config.m4 ............... Autoconf stub for the Apache config mechanism
    # mod_ssl.c ............... main source file containing API structures
  - - mod_ssl.h ............... common header file of mod_ssl
  - - ssl_engine_config.c ..... module configuration handling
  + # mod_ssl.h ............... common header file of mod_ssl
  + # ssl_engine_config.c ..... module configuration handling
    # ssl_engine_dh.c ......... DSA/DH support
    # ssl_engine_ds.c ......... data structures
    - ssl_engine_ext.c ........ Extensions to other Apache parts
  - - ssl_engine_init.c ....... module initialization
  - - ssl_engine_io.c ......... I/O support
  - - ssl_engine_kernel.c ..... SSL engine kernel
  - - ssl_engine_log.c ........ logfile support
  + # ssl_engine_init.c ....... module initialization
  + * ssl_engine_io.c ......... I/O support
  + # ssl_engine_kernel.c ..... SSL engine kernel
  + # ssl_engine_log.c ........ logfile support
    # ssl_engine_mutex.c ...... mutual exclusion support
  - - ssl_engine_pphrase.c .... pass-phrase handling
  - - ssl_engine_rand.c ....... PRNG support
  - - ssl_engine_vars.c ....... Variable Expansion support
  + # ssl_engine_pphrase.c .... pass-phrase handling
  + # ssl_engine_rand.c ....... PRNG support
  + # ssl_engine_vars.c ....... Variable Expansion support
    # ssl_expr.c .............. expression handling main source
    # ssl_expr.h .............. expression handling common header
    - ssl_expr_scan.c ......... expression scanner automaton (pre-generated)
  @@ -47,8 +48,8 @@
    - ssl_expr_parse.h ........ expression parser header     (pre-generated)
    - ssl_expr_parse.y ........ expression parser source
    # ssl_expr_eval.c ......... expression machine evaluation
  - - ssl_scache.c ............ session cache abstraction layer
  - - ssl_scache_dbm.c ........ session cache via DBM file
  + # ssl_scache.c ............ session cache abstraction layer
  + # ssl_scache_dbm.c ........ session cache via DBM file
    - ssl_scache_shmcb.c ...... session cache via shared memory cyclic buffer
    - ssl_scache_shmht.c ...... session cache via shared memory hash table
    # ssl_util.c .............. utility functions
  @@ -57,7 +58,8 @@
    # ssl_util_table.c ........ the hash table library source
    # ssl_util_table.h ........ the hash table library header
   
  - Legend: # = already ported to Apache 2.0
  + Legend: # = already ported to Apache 2.0 and is cleaned up
  +         * = ported to Apache 2.0 but still needs cleaning up
            - = port still not finished
   
    The source files are written in clean ANSI C and pass the ``gcc -O -g
  @@ -100,6 +102,7 @@
      SSL_SESSION ............. OpenSSL Session
      SSL ..................... OpenSSL Connection
      BIO ..................... OpenSSL Connection Buffer
  +   SSLFilterRec ............ mod_ssl Filter Context
   
    For an overview how these are related and chained together have a look at the
    page in README.dsov.{fig,ps}. It contains overview diagrams for those data
  @@ -158,12 +161,23 @@
    from Apache 1.3 and this mod_ssl version for Apache 2.0:
   
    o The DBM based session cache is now based on APR's DBM API only.
  + o Introduced Filter logic (similar to mod_tls)
  + o Eliminated ap_global_ctx. Storing Persistant information in 
  +   process_rec->pool->user_data. The ssl_pphrase_Handle_CB() and 
  +   ssl_config_global_* () functions have an extra parameter now - 
  +   "server_rec *" -  which is used to retrieve the SSLModConfigRec.
    
    TODO
   
  + o use ssl_var_lookup?
    o Whether to unregister and how to unregister?
      ssl_var_unregister();
      ssl_ext_unregister();
      ssl_io_unregister();
    o We certainly need CRYPTO_set_locking_callback() now also under Unix!
  -
  + o Eliminate APR_BLOCK_READ from churn (). The APR_NONBLOCK_READ doesn't work
  +   currently. The filter logic has to be changed to handle situations when 
  +   the data is not available immediately.
  + o Enable the use of ssl_var_* and ssl_ext_* functionalities.
  + o Enable use of MM, SHMCB and SHMHT.
  + o Try to use APR routines in ssl_util_ssl.c for performing FILE operations.
  
  
  
  1.8       +263 -60   httpd-2.0/modules/ssl/mod_ssl.c
  
  Index: mod_ssl.c
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/modules/ssl/mod_ssl.c,v
  retrieving revision 1.7
  retrieving revision 1.8
  diff -u -r1.7 -r1.8
  --- mod_ssl.c	2001/07/17 16:36:15	1.7
  +++ mod_ssl.c	2001/07/19 16:08:01	1.8
  @@ -58,6 +58,8 @@
    */
   
   #include "mod_ssl.h"
  +#include "util_md5.h"
  +#include <assert.h>
   
   /*
    *  the table of configuration directives we provide
  @@ -202,116 +204,318 @@
    *  the various processing hooks
    */
   
  -static void ssl_hook_pre_config(
  +static int ssl_hook_pre_config(
       apr_pool_t *pconf, apr_pool_t *plog, apr_pool_t *ptemp)
   {
       /* unused */
  -    return;
  -}
  -
  -
  -static void ssl_hook_post_config(
  -    apr_pool_t *pconf, apr_pool_t *plog, apr_pool_t *ptemp, server_rec *s)
  -{
  -    /* ssl_init_Module() */
  -    return;
  -}
  -
  -static int ssl_hook_pre_connection(conn_rec *r)
  -{
  -    /* unused */
       return DECLINED;
   }
   
  -static int ssl_hook_process_connection(conn_rec *r)
  +static int ssl_hook_post_read_request(request_rec *r)
   {
  -    /* call ssl_hook_NewConnection */
  -    /* hook ssl_hook_CloseConnection() */
  +    /* ssl_hook_ReadReq() */
       return DECLINED;
   }
   
  -static int ssl_hook_handler(request_rec *r)
  +static int ssl_hook_pre_connection(conn_rec *c)
   {
  -    /* ssl_hook_Handler() */
  -    return DECLINED;
  +    SSLSrvConfigRec *sc = mySrvConfig(c->base_server);
  +    apr_table_t *apctx;
  +    SSL *ssl;
  +    unsigned char *cpVHostID;
  +    char *cpVHostMD5;
  +
  +    /*
  +     * Create SSL context
  +     */
  +    apr_table_setn(c->notes, "ssl", NULL);
  +
  +    /*
  +     * Immediately stop processing if SSL is disabled for this connection
  +     */
  +    if (sc == NULL || !sc->bEnabled)
  +        return DECLINED;
  +
  +    /*
  +     * Remember the connection information for
  +     * later access inside callback functions
  +     */
  +    cpVHostID = (unsigned char *)ssl_util_vhostid(c->pool,c->base_server);
  +    ssl_log(c->base_server, SSL_LOG_INFO, "Connection to child %d established "
  +            "(server %s, client %s)", c->id, cpVHostID, 
  +            c->remote_ip != NULL ? c->remote_ip : "unknown");
  +
  +    /*
  +     * Seed the Pseudo Random Number Generator (PRNG)
  +     */
  +    ssl_rand_seed(c->base_server, c->pool, SSL_RSCTX_CONNECT, "");
  +
  +    /*
  +     * Create a new SSL connection with the configured server SSL context and
  +     * attach this to the socket. Additionally we register this attachment
  +     * so we can detach later.
  +     */
  +    if ((ssl = SSL_new(sc->pSSLCtx)) == NULL) {
  +        ssl_log(c->base_server, SSL_LOG_ERROR|SSL_ADD_SSLERR,
  +                "Unable to create a new SSL connection from the SSL context");
  +        apr_table_setn(c->notes, "ssl", NULL);
  +        c->aborted = 1;
  +        return DECLINED; /* XXX */
  +    }
  +    SSL_clear(ssl);
  +    cpVHostMD5 = ap_md5(c->pool, cpVHostID);
  +    if (!SSL_set_session_id_context(ssl, (unsigned char *)cpVHostMD5,
  +            strlen(cpVHostMD5))) {
  +        ssl_log(c->base_server, SSL_LOG_ERROR|SSL_ADD_SSLERR,
  +                "Unable to set session id context to `%s'", cpVHostMD5);
  +        apr_table_setn(c->notes, "ssl", NULL);
  +        c->aborted = 1;
  +        return DECLINED; /* XXX */
  +    }
  +    SSL_set_app_data(ssl, c);
  +    apctx = apr_table_make(c->pool, AP_CTX_MAX_ENTRIES);
  +    apr_table_setn(apctx, "ssl::request_rec", NULL);
  +    apr_table_setn(apctx, "ssl::verify::depth", AP_CTX_NUM2PTR(0));
  +    SSL_set_app_data2(ssl, apctx);
  +
  +    apr_table_setn(c->notes, "ssl", (const char *)ssl);
  +
  +    /*
  +     *  Configure callbacks for SSL connection
  +     */
  +    SSL_set_tmp_rsa_callback(ssl, ssl_callback_TmpRSA);
  +    SSL_set_tmp_dh_callback(ssl,  ssl_callback_TmpDH);
  +#if 0 /* XXX */
  +    if (sc->nLogLevel >= SSL_LOG_DEBUG) {
  +        BIO_set_callback(SSL_get_rbio(ssl), ssl_io_data_cb);
  +        BIO_set_callback_arg(SSL_get_rbio(ssl), ssl);
  +    }
  +#endif
  +    /*
  +     * Predefine some client verification results
  +     */
  +    apr_table_setn(c->notes, "ssl::client::dn", NULL);
  +    apr_table_setn(c->notes, "ssl::verify::error", NULL);
  +    apr_table_setn(c->notes, "ssl::verify::info", NULL);
  +    SSL_set_verify_result(ssl, X509_V_OK);
  +
  +    /*
  +     * We have to manage a I/O timeout ourself, because Apache
  +     * does it the first time when reading the request, but we're
  +     * working some time before this happens.
  +     */
  +    ssl_util_setmodconfig(c->base_server, "ssl::handshake::timeout", (void *)FALSE);
  +#if 0 /* XXX */
  +    ap_set_callback_and_alarm(ssl_hook_TimeoutConnection, c->base_server->timeout);
  +#endif
  +    ssl_io_filter_init(c, ssl);
  +
  +    return APR_SUCCESS;
   }
   
  -static int ssl_hook_translate_name(request_rec *r)
  +/*
  + * The hook is NOT registered with ap_hook_process_connection. Instead, it is
  + * called manually from the churn () before it tries to read any data.
  + * There is some problem if I accept conn_rec *. Still investigating..
  + * Adv. if conn_rec * can be accepted is we can hook this function using the
  + * ap_hook_process_connection hook.
  + */
  +static int ssl_hook_process_connection(SSLFilterRec *pRec)
   {
  -    /* ssl_hook_Translate() */
  -    return DECLINED;
  +    int n, err;
  +    conn_rec *c = SSL_get_app_data (pRec->pssl);
  +
  +    if (!SSL_is_init_finished(pRec->pssl))
  +    {
  +        if ((n = SSL_accept(pRec->pssl)) <= 0) {
  +
  +            if ((err = SSL_get_error(pRec->pssl, n)) == SSL_ERROR_ZERO_RETURN) {
  +                /*
  +                 * The case where the connection was closed before any data
  +                 * was transferred. That's not a real error and can occur
  +                 * sporadically with some clients.
  +                 */
  +                ssl_log(c->base_server, SSL_LOG_INFO,
  +                        "SSL handshake stopped: connection was closed");
  +            }
  +            else if (err == SSL_ERROR_WANT_READ) {
  +                /*
  +                 * This is in addition to what was present earlier. It is 
  +                 * borrowed from openssl_state_machine.c [mod_tls].
  +                 * TBD.
  +                 */
  +                return 0;
  +            }
  +            else if (ERR_GET_REASON(ERR_peek_error()) == SSL_R_HTTP_REQUEST) {
  +                /*
  +                 * The case where OpenSSL has recognized a HTTP request:
  +                 * This means the client speaks plain HTTP on our HTTPS port.
  +                 * Hmmmm...  At least for this error we can be more friendly
  +                 * and try to provide him with a HTML error page. We have only
  +                 * one problem:OpenSSL has already read some bytes from the HTTP
  +                 * request. So we have to skip the request line manually and
  +                 * instead provide a faked one in order to continue the internal
  +                 * Apache processing.
  +                 *
  +                 */
  +
  +#if 0 /* XXX */
  +                /*
  +                 * Still need to be ported to Apache 2.0 style
  +                 */
  +                char ca[2];
  +                int rv;
  +
  +                /* log the situation */
  +                ssl_log(c->base_server, SSL_LOG_ERROR|SSL_ADD_SSLERR,
  +                        "SSL handshake failed: HTTP spoken on HTTPS port; "
  +                        "trying to send HTML error page");
  +                /* first: skip the remaining bytes of the request line */
  +                do {
  +                    do {
  +                        rv = read(fb->fd, ca, 1);
  +                    } while (rv == -1 && errno == EINTR);
  +                } while (rv > 0 && ca[0] != '\012' /*LF*/);
  +
  +                /* second: fake the request line */
  +                fb->inbase = ap_palloc(fb->pool, fb->bufsiz);
  +                ap_cpystrn((char *)fb->inbase, "GET /mod_ssl:error:HTTP-request HTTP/1.0\r\n",
  +                           fb->bufsiz);
  +                fb->inptr = fb->inbase;
  +                fb->incnt = strlen((char *)fb->inptr);
  +#endif
  +            }
  +            else if (ssl_util_getmodconfig_ssl(pRec->pssl, "ssl::handshake::timeout")
  +               == (void *)TRUE) {
  +                ssl_log(c->base_server, SSL_LOG_ERROR,
  +                        "SSL handshake timed out (client %s, server %s)",
  +                        c->remote_ip != NULL ? c->remote_ip : "unknown", 
  +                        ssl_util_vhostid(c->pool,c->base_server));
  +            }
  +            else if ((SSL_get_error(pRec->pssl, n) == SSL_ERROR_SYSCALL) 
  +                && (errno != EINTR)) {
  +                if (errno > 0)
  +                    ssl_log(c->base_server,
  +                             SSL_LOG_ERROR|SSL_ADD_SSLERR|SSL_ADD_ERRNO,
  +                            "SSL handshake interrupted by system "
  +                            "[Hint: Stop button pressed in browser?!]");
  +                else
  +                    ssl_log(c->base_server,
  +                        SSL_LOG_INFO|SSL_ADD_SSLERR|SSL_ADD_ERRNO,
  +                        "Spurious SSL handshake interrupt [Hint: "
  +                        "Usually just one of those OpenSSL confusions!?]");
  +            }
  +            else {
  +                /*
  +                 * Ok, anything else is a fatal error
  +                 */
  +                ssl_log(c->base_server,
  +                        SSL_LOG_ERROR|SSL_ADD_SSLERR|SSL_ADD_ERRNO,
  +                        "SSL handshake failed (server %s, client %s)",
  +                        ssl_util_vhostid(c->pool,c->base_server),
  +                        c->remote_ip != NULL ? c->remote_ip : "unknown");
  +            }
  +            /*
  +             * try to gracefully shutdown the connection:
  +             * - send an own shutdown message (be gracefully)
  +             * - don't wait for peer's shutdown message (deadloop)
  +             * - kick away the SSL stuff immediately
  +             * - block the socket, so Apache cannot operate any more
  +             */
  +            SSL_set_shutdown(pRec->pssl, SSL_RECEIVED_SHUTDOWN);
  +            SSL_smart_shutdown(pRec->pssl);
  +            SSL_free(pRec->pssl);
  +            apr_table_setn(c->notes, "ssl", NULL);
  +            c->aborted = 1;
  +            return APR_EGENERAL;
  +        }
  +    }
  +    return APR_SUCCESS;
   }
   
  -static void ssl_hook_init_child(apr_pool_t *pchild, server_rec *s)
  +static void ssl_hook_open_logs(apr_pool_t *p, apr_pool_t *plog,
  +        apr_pool_t *ptemp, server_rec *s)
   {
  -    /* ssl_init_Child() */
       return;
   }
   
  -static int ssl_hook_auth_checker(request_rec *r)
  +static int ssl_hook_quick_handler (request_rec *r)
   {
       /* ssl_hook_Auth() */
       return DECLINED;
   }
   
  -static int ssl_hook_check_user_id(request_rec *r)
  +static int ssl_hook_fixer_upper (request_rec *r)
   {
       /* ssl_hook_UserCheck */
       return DECLINED;
   }
   
  -static int ssl_hook_access_checker(request_rec *r)
  +static const char *ssl_hook_http_method (const request_rec *r)
   {
  -    /* ssl_hook_Access() */
  -    return DECLINED;
  +    SSLSrvConfigRec *sc = mySrvConfig(r->server);
  +
  +    if (sc->bEnabled == FALSE)
  +        return NULL;
  +
  +    return "https";
   }
   
  -static int ssl_hook_fixups(request_rec *r)
  +static apr_port_t ssl_hook_default_port (const request_rec *r)
   {
  -    /* ssl_hook_Fixup() */
  -    return DECLINED;
  +    SSLSrvConfigRec *sc = mySrvConfig(r->server);
  +
  +    if (sc->bEnabled == FALSE)
  +        return 0;
  +    return 443;
   }
   
  -static int ssl_hook_post_read_request(request_rec *r)
  +static int ssl_hook_insert_filter (request_rec *r)
   {
       /* ssl_hook_ReadReq() */
       return DECLINED;
   }
   
  -static void ssl_hook_child_init(apr_pool_t *pchild, server_rec *s)
  -{
  -    /* ssl_init_Child() */
  -    return;
  -}
  -
   /*
    *  the module registration phase
    */
  +
   static void ssl_register_hooks(apr_pool_t *p)
   {
  -    ap_hook_pre_config        (ssl_hook_pre_config,         NULL, NULL, APR_HOOK_MIDDLE);
  -    ap_hook_post_config       (ssl_hook_post_config,        NULL, NULL, APR_HOOK_MIDDLE);
  -    ap_hook_handler           (ssl_hook_handler,            NULL, NULL, APR_HOOK_MIDDLE);
  -    ap_hook_translate_name    (ssl_hook_translate_name,     NULL, NULL, APR_HOOK_MIDDLE);
  -    ap_hook_child_init        (ssl_hook_child_init,         NULL, NULL, APR_HOOK_MIDDLE);
  -    ap_hook_auth_checker      (ssl_hook_auth_checker,       NULL, NULL, APR_HOOK_MIDDLE);
  -    ap_hook_check_user_id     (ssl_hook_check_user_id,      NULL, NULL, APR_HOOK_MIDDLE);
  -    ap_hook_access_checker    (ssl_hook_access_checker,     NULL, NULL, APR_HOOK_MIDDLE);
  -    ap_hook_fixups            (ssl_hook_fixups,             NULL, NULL, APR_HOOK_MIDDLE);
  -    ap_hook_post_read_request (ssl_hook_post_read_request,  NULL, NULL, APR_HOOK_MIDDLE);
  -    ap_hook_pre_connection    (ssl_hook_pre_connection,     NULL, NULL, APR_HOOK_MIDDLE);
  -    ap_hook_process_connection(ssl_hook_process_connection, NULL, NULL, APR_HOOK_MIDDLE);
  -
  +    ssl_io_filter_register(p);
  +    ap_hook_pre_connection(ssl_hook_pre_connection,NULL,NULL, APR_HOOK_MIDDLE);
  +    ap_hook_post_config   (ssl_init_Module,        NULL,NULL, APR_HOOK_MIDDLE);
  +    ap_hook_http_method   (ssl_hook_http_method,   NULL,NULL, APR_HOOK_MIDDLE);
  +    ap_hook_default_port  (ssl_hook_default_port,  NULL,NULL, APR_HOOK_MIDDLE);
  +    ap_hook_handler       (ssl_hook_Handler,       NULL,NULL, APR_HOOK_MIDDLE);
  +
  +#if 0 /* XXX - Work in progress */
  +    ap_hook_pre_config    (ssl_hook_pre_config,    NULL,NULL, APR_HOOK_MIDDLE);
  +    ap_hook_child_init    (ssl_init_Child,         NULL,NULL, APR_HOOK_MIDDLE);
  +    ap_hook_process_connection (ssl_hook_process_connection, 
  +                                                   NULL,NULL, APR_HOOK_MIDDLE);
  +    ap_hook_post_read_request  (ssl_hook_post_read_request, 
  +                                                   NULL,NULL, APR_HOOK_MIDDLE);
  +    ap_hook_translate_name(ssl_hook_Translate,     NULL,NULL, APR_HOOK_MIDDLE);
  +    ap_hook_check_user_id (ssl_hook_UserCheck,     NULL,NULL, APR_HOOK_MIDDLE);
  +    ap_hook_fixups        (ssl_hook_Fixup,         NULL,NULL, APR_HOOK_MIDDLE);
  +    ap_hook_access_checker(ssl_hook_Access,        NULL,NULL, APR_HOOK_MIDDLE);
  +    ap_hook_auth_checker  (ssl_hook_Auth,          NULL,NULL, APR_HOOK_MIDDLE);
  +
  +    ap_hook_open_logs     (ssl_hook_open_logs,     NULL,NULL, APR_HOOK_MIDDLE);
  +    ap_hook_quick_handler (ssl_hook_quick_handler, NULL,NULL, APR_HOOK_MIDDLE);
  +    ap_hook_log_transaction(ssl_hook_fixer_upper,  NULL,NULL, APR_HOOK_MIDDLE);
  +    ap_hook_create_request(ssl_hook_fixer_upper,   NULL,NULL, APR_HOOK_MIDDLE);
  +    ap_hook_type_checker  (ssl_hook_fixer_upper,   NULL,NULL, APR_HOOK_MIDDLE);
  +    ap_hook_insert_filter (ssl_hook_insert_filter, NULL,NULL, APR_HOOK_MIDDLE);
  +#endif
  +#if 0 /* XXX */
       ssl_var_register();
       ssl_ext_register();
       ssl_io_register();
  -
  -    return;
  +#endif
   }
   
  -/*
  - *  the main module structure
  - */
   module AP_MODULE_DECLARE_DATA ssl_module = {
       STANDARD20_MODULE_STUFF,
       ssl_config_perdir_create,   /* create per-dir    config structures */
  @@ -321,4 +525,3 @@
       ssl_config_cmds,            /* table of configuration directives   */
       ssl_register_hooks          /* register hooks */
   };
  -
  
  
  
  1.18      +95 -89    httpd-2.0/modules/ssl/mod_ssl.h
  
  Index: mod_ssl.h
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/modules/ssl/mod_ssl.h,v
  retrieving revision 1.17
  retrieving revision 1.18
  diff -u -r1.17 -r1.18
  --- mod_ssl.h	2001/07/17 14:57:30	1.17
  +++ mod_ssl.h	2001/07/19 16:08:01	1.18
  @@ -64,12 +64,13 @@
   #ifndef __MOD_SSL_H__
   #define __MOD_SSL_H__
   
  +#define MOD_SSL_VERSION "3.0a0"
  +
   /* 
    * Optionally enable the experimental stuff, but allow the user to
    * override the decision which experimental parts are included by using
    * CFLAGS="-DSSL_EXPERIMENTAL_xxxx_IGNORE".
    */
  -#if 0 /* XXX */
   #ifdef SSL_EXPERIMENTAL
   #ifndef SSL_EXPERIMENTAL_PERDIRCA_IGNORE
   #define SSL_EXPERIMENTAL_PERDIRCA
  @@ -83,7 +84,6 @@
   #endif
   #endif
   #endif /* SSL_EXPERIMENTAL */
  -#endif /* XXX */
   
   /*
    * Power up our brain...
  @@ -116,23 +116,24 @@
   
   /* Apache headers */
   #define CORE_PRIVATE
  -#include "ap_config.h"
   #include "httpd.h"
   #include "http_config.h"
  -#include "http_protocol.h"
  -#include "http_request.h"
  -#include "http_main.h"
   #include "http_core.h"
   #include "http_log.h"
  +#include "http_main.h"
  +#include "http_connection.h"
  +#include "http_request.h"
  +#include "http_protocol.h"
  +#include "util_script.h"
  +#include "util_filter.h"
   #include "scoreboard.h"
  -#include "util_md5.h"
  -#include "apr.h"
  +#include "unixd.h"
  +#include "apr_strings.h"
  +#include "apr_tables.h"
   #include "apr_lib.h"
   #include "apr_fnmatch.h"
   #include "apr_strings.h"
  -#include "apr_pools.h"
  -#include "apr_tables.h"
  -#include "apr_file_info.h"
  +#include "apr_dbm.h"
   #undef CORE_PRIVATE
   
   /* mod_ssl headers */
  @@ -191,27 +192,26 @@
   
   #define strIsEmpty(s)    (s == NULL || s[0] == NUL)
   
  -#if 0 /* XXX */
   #define cfgMerge(el,unset)  new->el = add->el == unset ? base->el : add->el
  -#define cfgMergeArray(el)   new->el = ap_append_arrays(p, add->el, base->el)
  -#define cfgMergeTable(el)   new->el = ap_overlay_tables(p, add->el, base->el)
  -#define cfgMergeCtx(el)     new->el = ap_ctx_overlay(p, add->el, base->el)
  +#define cfgMergeArray(el)   new->el = apr_array_append(p, add->el, base->el)
  +#define cfgMergeTable(el)   new->el = apr_table_overlay(p, add->el, base->el)
  +#define cfgMergeCtx(el)     new->el = apr_table_overlay(p, add->el, base->el)
   #define cfgMergeString(el)  cfgMerge(el, NULL)
   #define cfgMergeBool(el)    cfgMerge(el, UNSET)
   #define cfgMergeInt(el)     cfgMerge(el, UNSET)
  -#endif /* XXX */
   
  -#if 0 /* XXX */
  -#define myModConfig()    (SSLModConfigRec *)ap_ctx_get(ap_global_ctx, "ssl_module")
  -#endif /* XXX */
  +#define myModConfig(srv) (SSLModConfigRec *)ssl_util_getmodconfig(srv, "ssl_module")
   #define mySrvConfig(srv) (SSLSrvConfigRec *)ap_get_module_config(srv->module_config,  &ssl_module)
   #define myDirConfig(req) (SSLDirConfigRec *)ap_get_module_config(req->per_dir_config, &ssl_module)
   
  -#if 0 /* XXX */
   #define myCtxVarSet(mc,num,val)  mc->rCtx.pV##num = val
   #define myCtxVarGet(mc,num,type) (type)(mc->rCtx.pV##num)
  -#endif /* XXX */
   
  +#define AP_CTX_NUM2PTR(n) (void *)(((unsigned long)(n))+1)
  +#define AP_CTX_PTR2NUM(p) (unsigned long)(((char *)(p))-1)
  +
  +#define AP_CTX_MAX_ENTRIES 1024
  +
   /*
    * SSL Logging
    */
  @@ -240,12 +240,12 @@
   /*
    * Support for MM library
    */
  -#define SSL_MM_FILE_MODE ( S_IRUSR|S_IWUSR )
  +#define SSL_MM_FILE_MODE ( APR_UREAD | APR_UWRITE | APR_GREAD | APR_WREAD )
   
   /*
    * Support for DBM library
    */
  -#define SSL_DBM_FILE_MODE ( S_IRUSR|S_IWUSR )
  +#define SSL_DBM_FILE_MODE ( APR_UREAD | APR_UWRITE | APR_GREAD | APR_WREAD )
   
   #if !defined(SSL_DBM_FILE_SUFFIX_DIR) && !defined(SSL_DBM_FILE_SUFFIX_PAG)
   #if defined(DBM_SUFFIX)
  @@ -298,7 +298,6 @@
   #define SSL_AIDX_DSA     (1)
   #define SSL_AIDX_MAX     (2)
   
  -#if 0 /* XXX */
   
   /*
    * Define IDs for the temporary RSA keys and DH params
  @@ -357,7 +356,6 @@
       SSL_PPTYPE_BUILTIN = 0,
       SSL_PPTYPE_FILTER  = 1
   } ssl_pphrase_t;
  -#endif /* XXX */
   
   /*
    * Define the Path Checking modes
  @@ -368,8 +366,6 @@
   #define SSL_PCM_ISNONZERO  8
   typedef unsigned int ssl_pathcheck_t;
   
  -#if 0 /* XXX */
  -
   /*
    * Define the SSL session cache modes and structures
    */
  @@ -433,19 +429,31 @@
    * (i.e. the global configuration for each httpd process)
    */
   
  +typedef struct {
  +    SSL                *pssl;
  +    BIO                *pbioRead;
  +    BIO                *pbioWrite;
  +    ap_filter_t        *pInputFilter;
  +    ap_filter_t        *pOutputFilter;
  +    apr_bucket_brigade *pbbInput;        /* encrypted input */
  +    apr_bucket_brigade *pbbPendingInput; /* decrypted input */
  +} SSLFilterRec;
  +
   typedef struct {
  -    pool           *pPool;
  +    apr_pool_t     *pPool;
       BOOL            bFixed;
       int             nInitCount;
       int             nSessionCacheMode;
       char           *szSessionCacheDataFile;
       int             nSessionCacheDataSize;
  +#if 0 /* XXX */
       AP_MM          *pSessionCacheDataMM;
  -    table_t        *tSessionCacheDataTable;
  +#endif
  +    apr_table_t    *tSessionCacheDataTable;
       ssl_mutexmode_t nMutexMode;
       char           *szMutexFile;
       apr_lock_t     *pMutex;
  -    array_header   *aRandSeed;
  +    apr_array_header_t   *aRandSeed;
       ssl_ds_table   *tTmpKeys;
       void           *pTmpKeys[SSL_TKPIDX_MAX];
       ssl_ds_table   *tPublicCert;
  @@ -463,10 +471,9 @@
    * (i.e. the configuration for the main server
    *  and all <VirtualHost> contexts)
    */
  -#endif /* XXX */
   typedef struct {
       BOOL         bEnabled;
  -#if 0 /* XXX */
  +    apr_table_t *ap_server_ctx;
       char        *szPublicCertFile[SSL_AIDX_MAX];
       char        *szPrivateKeyFile[SSL_AIDX_MAX];
       char        *szCertificateChain;
  @@ -474,7 +481,7 @@
       char        *szCACertificateFile;
       char        *szLogFile;
       char        *szCipherSuite;
  -    FILE        *fileLogFile;
  +    apr_file_t  *fileLogFile;
       int          nLogLevel;
       int          nVerifyDepth;
       ssl_verify_t nVerifyClient;
  @@ -501,20 +508,16 @@
       SSL_CTX     *pSSLProxyCtx;
       STACK_OF(X509_INFO) *skProxyClientCerts;
   #endif
  -#endif /* XXX */
   } SSLSrvConfigRec;
   
  -#if 0 /* XXX */
   /*
    * Define the mod_ssl per-directory configuration structure
    * (i.e. the local configuration for all <Directory>
    *  and .htaccess contexts)
    */
  -#endif /* XXX */
   typedef struct {
       BOOL          bSSLRequired;
  -#if 0 /* XXX */
  -    array_header *aRequirement;
  +    apr_array_header_t *aRequirement;
       ssl_opt_t     nOptions;
       ssl_opt_t     nOptionsAdd;
       ssl_opt_t     nOptionsDel;
  @@ -525,7 +528,6 @@
       char         *szCACertificatePath;
       char         *szCACertificateFile;
   #endif
  -#endif /* XXX */
   } SSLDirConfigRec;
   
   /*
  @@ -536,36 +538,36 @@
   extern module AP_MODULE_DECLARE_DATA ssl_module;
   
   /*  configuration handling   */
  -void         ssl_config_global_create(void);
  -void         ssl_config_global_fix(void);
  -BOOL         ssl_config_global_isfixed(void);
  +void         ssl_config_global_create(server_rec *);
  +void         ssl_config_global_fix(SSLModConfigRec *);
  +BOOL         ssl_config_global_isfixed(SSLModConfigRec *);
   void        *ssl_config_server_create(apr_pool_t *, server_rec *);
   void        *ssl_config_server_merge(apr_pool_t *, void *, void *);
   void        *ssl_config_perdir_create(apr_pool_t *, char *);
   void        *ssl_config_perdir_merge(apr_pool_t *, void *, void *);
  -const char  *ssl_cmd_SSLMutex(cmd_parms *, char *, char *);
  -const char  *ssl_cmd_SSLPassPhraseDialog(cmd_parms *, char *, char *);
  -const char  *ssl_cmd_SSLCryptoDevice(cmd_parms *, char *, char *);
  -const char  *ssl_cmd_SSLRandomSeed(cmd_parms *, char *, char *, char *, char *);
  -const char  *ssl_cmd_SSLEngine(cmd_parms *, char *, int);
  -const char  *ssl_cmd_SSLCipherSuite(cmd_parms *, SSLDirConfigRec *, char *);
  -const char  *ssl_cmd_SSLCertificateFile(cmd_parms *, char *, char *);
  -const char  *ssl_cmd_SSLCertificateKeyFile(cmd_parms *, char *, char *);
  -const char  *ssl_cmd_SSLCertificateChainFile(cmd_parms *, char *, char *);
  -const char  *ssl_cmd_SSLCACertificatePath(cmd_parms *, SSLDirConfigRec *, char *);
  -const char  *ssl_cmd_SSLCACertificateFile(cmd_parms *, SSLDirConfigRec *, char *);
  -const char  *ssl_cmd_SSLCARevocationPath(cmd_parms *, SSLDirConfigRec *, char *);
  -const char  *ssl_cmd_SSLCARevocationFile(cmd_parms *, SSLDirConfigRec *, char *);
  -const char  *ssl_cmd_SSLVerifyClient(cmd_parms *, SSLDirConfigRec *, char *);
  -const char  *ssl_cmd_SSLVerifyDepth(cmd_parms *, SSLDirConfigRec *, char *);
  -const char  *ssl_cmd_SSLSessionCache(cmd_parms *, char *, char *);
  -const char  *ssl_cmd_SSLSessionCacheTimeout(cmd_parms *, char *, char *);
  -const char  *ssl_cmd_SSLLog(cmd_parms *, char *, char *);
  -const char  *ssl_cmd_SSLLogLevel(cmd_parms *, char *, char *);
  -const char  *ssl_cmd_SSLProtocol(cmd_parms *, char *, const char *);
  -const char  *ssl_cmd_SSLOptions(cmd_parms *, SSLDirConfigRec *, const char *);
  -const char  *ssl_cmd_SSLRequireSSL(cmd_parms *, SSLDirConfigRec *, char *);
  -const char  *ssl_cmd_SSLRequire(cmd_parms *, SSLDirConfigRec *, char *);
  +const char  *ssl_cmd_SSLMutex(cmd_parms *, void *, const char *);
  +const char  *ssl_cmd_SSLPassPhraseDialog(cmd_parms *, void *, const char *);
  +const char  *ssl_cmd_SSLCryptoDevice(cmd_parms *, void *, const char *);
  +const char  *ssl_cmd_SSLRandomSeed(cmd_parms *, void *, const char *, const char *, const char *);
  +const char  *ssl_cmd_SSLEngine(cmd_parms *, void *, int);
  +const char  *ssl_cmd_SSLCipherSuite(cmd_parms *, void *, const char *);
  +const char  *ssl_cmd_SSLCertificateFile(cmd_parms *, void *, const char *);
  +const char  *ssl_cmd_SSLCertificateKeyFile(cmd_parms *, void *, const char *);
  +const char  *ssl_cmd_SSLCertificateChainFile(cmd_parms *, void *, const char *);
  +const char  *ssl_cmd_SSLCACertificatePath(cmd_parms *, void *, const char *);
  +const char  *ssl_cmd_SSLCACertificateFile(cmd_parms *, void *, const char *);
  +const char  *ssl_cmd_SSLCARevocationPath(cmd_parms *, void *, const char *);
  +const char  *ssl_cmd_SSLCARevocationFile(cmd_parms *, void *, const char *);
  +const char  *ssl_cmd_SSLVerifyClient(cmd_parms *, void *, const char *);
  +const char  *ssl_cmd_SSLVerifyDepth(cmd_parms *, void *, const char *);
  +const char  *ssl_cmd_SSLSessionCache(cmd_parms *, void *, const char *);
  +const char  *ssl_cmd_SSLSessionCacheTimeout(cmd_parms *, void *, const char *);
  +const char  *ssl_cmd_SSLLog(cmd_parms *, void *, const char *);
  +const char  *ssl_cmd_SSLLogLevel(cmd_parms *, void *, const char *);
  +const char  *ssl_cmd_SSLProtocol(cmd_parms *, void *, const char *);
  +const char  *ssl_cmd_SSLOptions(cmd_parms *, void *, const char *);
  +const char  *ssl_cmd_SSLRequireSSL(cmd_parms *, void *);
  +const char  *ssl_cmd_SSLRequire(cmd_parms *, void *, const char *);
   #ifdef SSL_EXPERIMENTAL_PROXY
   const char  *ssl_cmd_SSLProxyProtocol(cmd_parms *, char *, const char *);
   const char  *ssl_cmd_SSLProxyCipherSuite(cmd_parms *, char *, char *);
  @@ -576,25 +578,24 @@
   const char  *ssl_cmd_SSLProxyMachineCertificatePath(cmd_parms *, char *, char *);
   const char  *ssl_cmd_SSLProxyMachineCertificateFile(cmd_parms *, char *, char *);
   #endif
  -#if 0 /* XXX */
   
   /*  module initialization  */
  -void         ssl_init_Module(server_rec *, pool *);
  +void         ssl_init_Module(apr_pool_t *, apr_pool_t *, apr_pool_t *, server_rec *);
   void         ssl_init_SSLLibrary(void);
  -void         ssl_init_Engine(server_rec *, pool *);
  -void         ssl_init_TmpKeysHandle(int, server_rec *, pool *);
  -void         ssl_init_ConfigureServer(server_rec *, pool *, SSLSrvConfigRec *);
  -void         ssl_init_CheckServers(server_rec *, pool *);
  +void         ssl_init_Engine(server_rec *, apr_pool_t *);
  +void         ssl_init_TmpKeysHandle(int, server_rec *, apr_pool_t *);
  +void         ssl_init_ConfigureServer(server_rec *, apr_pool_t *, SSLSrvConfigRec *);
  +void         ssl_init_CheckServers(server_rec *, apr_pool_t *);
   STACK_OF(X509_NAME) 
  -            *ssl_init_FindCAList(server_rec *, pool *, char *, char *);
  -void         ssl_init_Child(server_rec *, pool *);
  -void         ssl_init_ChildKill(void *);
  -void         ssl_init_ModuleKill(void *);
  +            *ssl_init_FindCAList(server_rec *, apr_pool_t *, char *, char *);
  +void         ssl_init_Child(apr_pool_t *, server_rec *);
  +apr_status_t ssl_init_ChildKill(void *data);
  +apr_status_t ssl_init_ModuleKill(void *data);
   
   /*  Apache API hooks  */
   void         ssl_hook_NewConnection(conn_rec *);
   void         ssl_hook_TimeoutConnection(int);
  -void         ssl_hook_CloseConnection(conn_rec *);
  +apr_status_t ssl_hook_CloseConnection(SSLFilterRec *);
   int          ssl_hook_Translate(request_rec *);
   int          ssl_hook_Auth(request_rec *);
   int          ssl_hook_UserCheck(request_rec *);
  @@ -614,21 +615,22 @@
   void         ssl_callback_LogTracingState(SSL *, int, int);
   
   /*  Session Cache Support  */
  -void         ssl_scache_init(server_rec *, pool *);
  +void         ssl_scache_init(server_rec *, apr_pool_t *);
   void         ssl_scache_kill(server_rec *);
   BOOL         ssl_scache_store(server_rec *, UCHAR *, int, time_t, SSL_SESSION *);
   SSL_SESSION *ssl_scache_retrieve(server_rec *, UCHAR *, int);
   void         ssl_scache_remove(server_rec *, UCHAR *, int);
   void         ssl_scache_expire(server_rec *);
  -void         ssl_scache_status(server_rec *, pool *, void (*)(char *, void *), void *);
  +void         ssl_scache_status(server_rec *, apr_pool_t *, void (*)(char *, void *), void *);
   char        *ssl_scache_id2sz(UCHAR *, int);
  -void         ssl_scache_dbm_init(server_rec *, pool *);
  +void         ssl_scache_dbm_init(server_rec *, apr_pool_t *);
   void         ssl_scache_dbm_kill(server_rec *);
   BOOL         ssl_scache_dbm_store(server_rec *, UCHAR *, int, time_t, SSL_SESSION *);
   SSL_SESSION *ssl_scache_dbm_retrieve(server_rec *, UCHAR *, int);
   void         ssl_scache_dbm_remove(server_rec *, UCHAR *, int);
   void         ssl_scache_dbm_expire(server_rec *);
  -void         ssl_scache_dbm_status(server_rec *, pool *, void (*)(char *, void *), void *);
  +void         ssl_scache_dbm_status(server_rec *, apr_pool_t *, void (*)(char *, void *), void *);
  +#if 0 /* XXX */
   void         ssl_scache_shmht_init(server_rec *, pool *);
   void         ssl_scache_shmht_kill(server_rec *);
   BOOL         ssl_scache_shmht_store(server_rec *, UCHAR *, int, time_t, SSL_SESSION *);
  @@ -643,10 +645,11 @@
   void         ssl_scache_shmcb_remove(server_rec *, UCHAR *, int);
   void         ssl_scache_shmcb_expire(server_rec *);
   void         ssl_scache_shmcb_status(server_rec *, pool *, void (*)(char *, void *), void *);
  +#endif
   
   /*  Pass Phrase Support  */
  -void         ssl_pphrase_Handle(server_rec *, pool *);
  -int          ssl_pphrase_Handle_CB(char *, int, int);
  +void         ssl_pphrase_Handle(server_rec *, apr_pool_t *);
  +int          ssl_pphrase_Handle_CB(char *, int, int, void *);
   
   /*  Diffie-Hellman Parameter Support  */
   DH           *ssl_dh_GetTmpParam(int);
  @@ -667,40 +670,40 @@
   void          ssl_ds_table_kill(ssl_ds_table *);
   
   /*  Mutex Support  */
  -#endif /* XXX */
   int          ssl_mutex_init(server_rec *, apr_pool_t *);
   int          ssl_mutex_reinit(server_rec *, apr_pool_t *);
   int          ssl_mutex_on(server_rec *);
   int          ssl_mutex_off(server_rec *);
   int          ssl_mutex_kill(server_rec *);
  -#if 0 /* XXX */
   
   /*  Logfile Support  */
  -void         ssl_log_open(server_rec *, server_rec *, pool *);
  +void         ssl_log_open(server_rec *, server_rec *, apr_pool_t *);
   BOOL         ssl_log_applies(server_rec *, int);
   void         ssl_log(server_rec *, int, const char *, ...);
   void         ssl_die(void);
   
   /*  Variables  */
  +#if 0 /* XXX */
   void         ssl_var_register(void);
   void         ssl_var_unregister(void);
   #endif /* XXX */
   char        *ssl_var_lookup(apr_pool_t *, server_rec *, conn_rec *, request_rec *, char *);
   
   /*  I/O  */
  -#if 0 /* XXX */
   void         ssl_io_register(void);
   void         ssl_io_unregister(void);
  +void         ssl_io_filter_init(conn_rec *, SSL *);
  +void         ssl_io_filter_register(apr_pool_t *);
   long         ssl_io_data_cb(BIO *, int, const char *, int, long, long);
   
   /*  PRNG  */
  -int          ssl_rand_seed(server_rec *, pool *, ssl_rsctx_t, char *);
  +int          ssl_rand_seed(server_rec *, apr_pool_t *, ssl_rsctx_t, char *);
   
   /*  Extensions  */
  +#if 0 /* XXX */
   void         ssl_ext_register(void);
   void         ssl_ext_unregister(void);
  -
  -#endif /* XXX */
  +#endif
   
   /*  Utility Functions  */
   char        *ssl_util_vhostid(apr_pool_t *, server_rec *);
  @@ -715,5 +718,8 @@
   char        *ssl_util_algotypestr(ssl_algo_t);
   char        *ssl_util_ptxtsub(apr_pool_t *, const char *, const char *, char *);
   void         ssl_util_thread_setup(void);
  +apr_status_t     ssl_util_setmodconfig(server_rec *, const char *, SSLModConfigRec *);
  +SSLModConfigRec *ssl_util_getmodconfig(server_rec *, const char *);
  +SSLModConfigRec *ssl_util_getmodconfig_ssl(SSL *, const char *);
   
   #endif /* __MOD_SSL_H__ */
  
  
  
  1.12      +141 -191  httpd-2.0/modules/ssl/ssl_engine_config.c
  
  Index: ssl_engine_config.c
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/modules/ssl/ssl_engine_config.c,v
  retrieving revision 1.11
  retrieving revision 1.12
  diff -u -r1.11 -r1.12
  --- ssl_engine_config.c	2001/05/05 21:02:22	1.11
  +++ ssl_engine_config.c	2001/07/19 16:08:01	1.12
  @@ -62,26 +62,23 @@
                                                  -- Unknown        */
   #include "mod_ssl.h"
   
  -#if 0 /* XXX */
  -
   /*  _________________________________________________________________
   **
   **  Support for Global Configuration
   **  _________________________________________________________________
   */
   
  -void ssl_config_global_create(void)
  +void ssl_config_global_create(server_rec *s)
   {
  -    pool *pPool;
  -    SSLModConfigRec *mc;
  +    apr_pool_t *pPool;
  +    SSLModConfigRec *mc = myModConfig(s);
   
  -    mc = ap_ctx_get(ap_global_ctx, "ssl_module");
       if (mc == NULL) {
           /*
            * allocate an own subpool which survives server restarts
            */
  -        pPool = ap_make_sub_pool(NULL);
  -        mc = (SSLModConfigRec *)ap_palloc(pPool, sizeof(SSLModConfigRec));
  +        pPool = s->process->pool;
  +        mc = (SSLModConfigRec *)apr_palloc(pPool, sizeof(SSLModConfigRec));
           mc->pPool = pPool;
           mc->bFixed = FALSE;
   
  @@ -92,12 +89,14 @@
           mc->nSessionCacheMode      = SSL_SCMODE_UNSET;
           mc->szSessionCacheDataFile = NULL;
           mc->nSessionCacheDataSize  = 0;
  +#if 0 /* XXX */
           mc->pSessionCacheDataMM    = NULL;
  +#endif
           mc->tSessionCacheDataTable = NULL;
           mc->nMutexMode             = SSL_MUTEXMODE_UNSET;
           mc->szMutexFile            = NULL;
           mc->pMutex                 = NULL;
  -        mc->aRandSeed              = ap_make_array(pPool, 4, sizeof(ssl_randseed_t));
  +        mc->aRandSeed              = apr_array_make(pPool, 4, sizeof(ssl_randseed_t));
           mc->tPrivateKey            = ssl_ds_table_make(pPool, sizeof(ssl_asn1_t));
           mc->tPublicCert            = ssl_ds_table_make(pPool, sizeof(ssl_asn1_t));
           mc->tTmpKeys               = ssl_ds_table_make(pPool, sizeof(ssl_asn1_t));
  @@ -110,26 +109,22 @@
           /*
            * And push it into Apache's global context
            */
  -        ap_ctx_set(ap_global_ctx, "ssl_module", mc);
  +        ssl_util_setmodconfig(s, "ssl_module", mc);
       }
       return;
   }
   
  -void ssl_config_global_fix(void)
  +void ssl_config_global_fix(SSLModConfigRec *mc)
   {
  -    SSLModConfigRec *mc = myModConfig();
       mc->bFixed = TRUE;
       return;
   }
   
  -BOOL ssl_config_global_isfixed(void)
  +BOOL ssl_config_global_isfixed(SSLModConfigRec *mc)
   {
  -    SSLModConfigRec *mc = myModConfig();
       return (mc->bFixed);
   }
   
  -#endif /* XXX */
  -
   /*  _________________________________________________________________
   **
   **  Configuration handling
  @@ -141,12 +136,11 @@
    */
   void *ssl_config_server_create(apr_pool_t *p, server_rec *s)
   {
  -#if 0 /* XXX */
       SSLSrvConfigRec *sc;
   
  -    ssl_config_global_create();
  +    ssl_config_global_create(s);
   
  -    sc = ap_palloc(p, sizeof(SSLSrvConfigRec));
  +    sc = apr_palloc(p, sizeof(SSLSrvConfigRec));
       sc->bEnabled               = UNSET;
       sc->szCACertificatePath    = NULL;
       sc->szCACertificateFile    = NULL;
  @@ -184,8 +178,6 @@
       (void)memset(sc->pPrivateKey, 0, SSL_AIDX_MAX*sizeof(EVP_PKEY *));
   
       return sc;
  -#endif /* XXX */
  -    return NULL;
   }
   
   /*
  @@ -193,11 +185,10 @@
    */
   void *ssl_config_server_merge(apr_pool_t *p, void *basev, void *addv)
   {
  -#if 0 /* XXX */
  +    int i;
       SSLSrvConfigRec *base = (SSLSrvConfigRec *)basev;
       SSLSrvConfigRec *add  = (SSLSrvConfigRec *)addv;
  -    SSLSrvConfigRec *new  = (SSLSrvConfigRec *)ap_palloc(p, sizeof(SSLSrvConfigRec));
  -    int i;
  +    SSLSrvConfigRec *new  = (SSLSrvConfigRec *)apr_palloc(p, sizeof(SSLSrvConfigRec));
   
       cfgMergeBool(bEnabled);
       cfgMergeString(szCACertificatePath);
  @@ -238,8 +229,6 @@
   #endif
   
       return new;
  -#endif /* XXX */
  -    return NULL;
   }
   
   /*
  @@ -247,11 +236,10 @@
    */
   void *ssl_config_perdir_create(apr_pool_t *p, char *dir)
   {
  -#if 0 /* XXX */
  -    SSLDirConfigRec *dc = ap_palloc(p, sizeof(SSLDirConfigRec));
  +    SSLDirConfigRec *dc = apr_palloc(p, sizeof(SSLDirConfigRec));
   
       dc->bSSLRequired  = FALSE;
  -    dc->aRequirement  = ap_make_array(p, 4, sizeof(ssl_require_t));
  +    dc->aRequirement  = apr_array_make(p, 4, sizeof(ssl_require_t));
       dc->nOptions      = SSL_OPT_NONE|SSL_OPT_RELSET;
       dc->nOptionsAdd   = SSL_OPT_NONE;
       dc->nOptionsDel   = SSL_OPT_NONE;
  @@ -259,14 +247,13 @@
       dc->szCipherSuite          = NULL;
       dc->nVerifyClient          = SSL_CVERIFY_UNSET;
       dc->nVerifyDepth           = UNSET;
  +
   #ifdef SSL_EXPERIMENTAL_PERDIRCA
       dc->szCACertificatePath    = NULL;
       dc->szCACertificateFile    = NULL;
   #endif
   
       return dc;
  -#endif /* XXX */
  -    return NULL;
   }
   
   /*
  @@ -274,11 +261,9 @@
    */
   void *ssl_config_perdir_merge(apr_pool_t *p, void *basev, void *addv)
   {
  -#if 0 /* XXX */
       SSLDirConfigRec *base = (SSLDirConfigRec *)basev;
       SSLDirConfigRec *add  = (SSLDirConfigRec *)addv;
  -    SSLDirConfigRec *new  = (SSLDirConfigRec *)ap_palloc(p,
  -                                               sizeof(SSLDirConfigRec));
  +    SSLDirConfigRec *new  = (SSLDirConfigRec *)apr_palloc(p, sizeof(SSLDirConfigRec));
   
       cfgMerge(bSSLRequired, FALSE);
       cfgMergeArray(aRequirement);
  @@ -297,14 +282,13 @@
       cfgMergeString(szCipherSuite);
       cfgMerge(nVerifyClient, SSL_CVERIFY_UNSET);
       cfgMergeInt(nVerifyDepth);
  +
   #ifdef SSL_EXPERIMENTAL_PERDIRCA
       cfgMergeString(szCACertificatePath);
       cfgMergeString(szCACertificateFile);
   #endif
   
       return new;
  -#endif /* XXX */
  -    return NULL;
   }
   
   
  @@ -313,23 +297,22 @@
    */
   
   const char *ssl_cmd_SSLMutex(
  -    cmd_parms *cmd, char *struct_ptr, char *arg)
  +    cmd_parms *cmd, void *ctx, const char *arg)
   {
  -#if 0 /* XXX */
       const char *err;
  -    SSLModConfigRec *mc = myModConfig();
  +    SSLModConfigRec *mc = myModConfig(cmd->server);
   
       if ((err = ap_check_cmd_context(cmd, GLOBAL_ONLY)) != NULL)
           return err;
  -    if (ssl_config_global_isfixed())
  +    if (ssl_config_global_isfixed(mc))
           return NULL;
       if (strcEQ(arg, "none") || strcEQ(arg, "no")) {
           mc->nMutexMode  = SSL_MUTEXMODE_NONE;
       }
       else if (strlen(arg) > 5 && strcEQn(arg, "file:", 5)) {
           mc->nMutexMode  = SSL_MUTEXMODE_USED;
  -        mc->szMutexFile = ap_psprintf(mc->pPool, "%s.%lu",
  -                                      ap_server_root_relative(cmd->pool, "mutex", arg+5),
  +        mc->szMutexFile = (char *)apr_psprintf(mc->pPool, "%s.%lu",
  +                                      ap_server_root_relative(cmd->pool, arg+5),
                                         (unsigned long)getpid());
       }
       else if (strcEQ(arg, "sem") || strcEQ(arg, "yes")) {
  @@ -338,14 +321,12 @@
       }
       else
           return "SSLMutex: Invalid argument";
  -#endif /* XXX */
       return NULL;
   }
   
   const char *ssl_cmd_SSLPassPhraseDialog(
  -    cmd_parms *cmd, char *struct_ptr, char *arg)
  +    cmd_parms *cmd, void *ctx, const char *arg)
   {
  -#if 0 /* XXX */
       SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
       const char *err;
   
  @@ -357,23 +338,21 @@
       }
       else if (strlen(arg) > 5 && strEQn(arg, "exec:", 5)) {
           sc->nPassPhraseDialogType  = SSL_PPTYPE_FILTER;
  -        sc->szPassPhraseDialogPath = ap_server_root_relative(cmd->pool, "dialog", arg+5);
  +        sc->szPassPhraseDialogPath = (char *)ap_server_root_relative(cmd->pool, arg+5);
           if (!ssl_util_path_check(SSL_PCM_EXISTS, sc->szPassPhraseDialogPath, cmd->pool))
  -            return ap_pstrcat(cmd->pool, "SSLPassPhraseDialog: file '",
  -                              sc->szPassPhraseDialogPath, "' not exists", NULL);
  +            return ((const char *)apr_pstrcat(cmd->pool, "SSLPassPhraseDialog: file '",
  +                    sc->szPassPhraseDialogPath, "' not exists",NULL));
       }
       else
           return "SSLPassPhraseDialog: Invalid argument";
  -#endif /* XXX */
       return NULL;
   }
   
   #ifdef SSL_EXPERIMENTAL_ENGINE
   const char *ssl_cmd_SSLCryptoDevice(
  -    cmd_parms *cmd, char *struct_ptr, char *arg)
  +    cmd_parms *cmd, void *ctx, const char *arg)
   {
  -#if 0 /* XXX */
  -    SSLModConfigRec *mc = myModConfig();
  +    SSLModConfigRec *mc = myModConfig(cmd->server);
       const char *err;
       ENGINE *e;
   #if SSL_LIBRARY_VERSION >= 0x00907000
  @@ -397,43 +376,42 @@
       }
       else
           return "SSLCryptoDevice: Invalid argument";
  -#endif /* XXX */
       return NULL;
   }
   #endif
   
   const char *ssl_cmd_SSLRandomSeed(
  -    cmd_parms *cmd, char *struct_ptr, char *arg1, char *arg2, char *arg3)
  +    cmd_parms *cmd, void *ctx, const char *arg1, 
  +        const char *arg2, const char *arg3)
   {
  -#if 0 /* XXX */
  -    SSLModConfigRec *mc = myModConfig();
  +    SSLModConfigRec *mc = myModConfig(cmd->server);
       const char *err;
       ssl_randseed_t *pRS;
   
       if ((err = ap_check_cmd_context(cmd, GLOBAL_ONLY)) != NULL)
           return err;
  -    if (ssl_config_global_isfixed())
  +    if (ssl_config_global_isfixed(mc))
           return NULL;
  -    pRS = ap_push_array(mc->aRandSeed);
  +    pRS = apr_array_push(mc->aRandSeed);
       if (strcEQ(arg1, "startup"))
           pRS->nCtx = SSL_RSCTX_STARTUP;
       else if (strcEQ(arg1, "connect"))
           pRS->nCtx = SSL_RSCTX_CONNECT;
       else
  -        return ap_pstrcat(cmd->pool, "SSLRandomSeed: "
  -                          "invalid context: `", arg1, "'");
  +        return apr_pstrcat(cmd->pool, "SSLRandomSeed: "
  +                           "invalid context: `", arg1, "'");
       if (strlen(arg2) > 5 && strEQn(arg2, "file:", 5)) {
           pRS->nSrc   = SSL_RSSRC_FILE;
  -        pRS->cpPath = ap_pstrdup(mc->pPool, ap_server_root_relative(cmd->pool, "random", arg2+5));
  +        pRS->cpPath = apr_pstrdup(mc->pPool, ap_server_root_relative(cmd->pool, arg2+5));
       }
       else if (strlen(arg2) > 5 && strEQn(arg2, "exec:", 5)) {
           pRS->nSrc   = SSL_RSSRC_EXEC;
  -        pRS->cpPath = ap_pstrdup(mc->pPool, ap_server_root_relative(cmd->pool, "random", arg2+5));
  +        pRS->cpPath = apr_pstrdup(mc->pPool, ap_server_root_relative(cmd->pool, arg2+5));
       }
   #if SSL_LIBRARY_VERSION >= 0x00905100
       else if (strlen(arg2) > 4 && strEQn(arg2, "egd:", 4)) {
           pRS->nSrc   = SSL_RSSRC_EGD;
  -        pRS->cpPath = ap_pstrdup(mc->pPool, ap_server_root_relative(cmd->pool, "random", arg2+4));
  +        pRS->cpPath = apr_pstrdup(mc->pPool, ap_server_root_relative(cmd->pool, arg2+4));
       }
   #endif
       else if (strcEQ(arg2, "builtin")) {
  @@ -442,12 +420,12 @@
       }
       else {
           pRS->nSrc   = SSL_RSSRC_FILE;
  -        pRS->cpPath = ap_pstrdup(mc->pPool, ap_server_root_relative(cmd->pool, "random", arg2));
  +        pRS->cpPath = apr_pstrdup(mc->pPool, ap_server_root_relative(cmd->pool, arg2));
       }
       if (pRS->nSrc != SSL_RSSRC_BUILTIN)
           if (!ssl_util_path_check(SSL_PCM_EXISTS, pRS->cpPath, cmd->pool))
  -            return ap_pstrcat(cmd->pool, "SSLRandomSeed: source path '",
  -                              pRS->cpPath, "' not exists", NULL);
  +            return apr_pstrcat(cmd->pool, "SSLRandomSeed: source path '",
  +                               pRS->cpPath, "' not exists", NULL);
       if (arg3 == NULL)
           pRS->nBytes = 0; /* read whole file */
       else {
  @@ -458,108 +436,101 @@
           if (pRS->nBytes < 0)
               return "SSLRandomSeed: invalid number of bytes specified";
       }
  -#endif /* XXX */
       return NULL;
   }
   
   const char *ssl_cmd_SSLEngine(
  -    cmd_parms *cmd, char *struct_ptr, int flag)
  +    cmd_parms *cmd, void *ctx, int flag)
   {
  -#if 0 /* XXX */
       SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
   
       sc->bEnabled = (flag ? TRUE : FALSE);
  -#endif /* XXX */
       return NULL;
   }
   
   const char *ssl_cmd_SSLCipherSuite(
  -    cmd_parms *cmd, SSLDirConfigRec *dc, char *arg)
  +    cmd_parms *cmd, void *ctx, const char *arg)
   {
  -#if 0 /* XXX */
       SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
  +    SSLDirConfigRec *dc = (SSLDirConfigRec *)ctx;
   
       if (cmd->path == NULL || dc == NULL)
  -        sc->szCipherSuite = arg;
  +        sc->szCipherSuite = (char *)arg;
       else
  -        dc->szCipherSuite = arg;
  -#endif /* XXX */
  +        dc->szCipherSuite = (char *)arg;
       return NULL;
   }
   
   const char *ssl_cmd_SSLCertificateFile(
  -    cmd_parms *cmd, char *struct_ptr, char *arg)
  +    cmd_parms *cmd, void *ctx, const char *arg)
   {
  -#if 0 /* XXX */
       SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
       char *cpPath;
       int i;
   
  -    cpPath = ap_server_root_relative(cmd->pool, "certkey", arg);
  +    cpPath = (char *)ap_server_root_relative(cmd->pool, arg);
       if (!ssl_util_path_check(SSL_PCM_EXISTS|SSL_PCM_ISREG|SSL_PCM_ISNONZERO, cpPath, cmd->pool))
  -        return ap_pstrcat(cmd->pool, "SSLCertificateFile: file '",
  +        return apr_pstrcat(cmd->pool, "SSLCertificateFile: file '",
                             cpPath, "' not exists or empty", NULL);
       for (i = 0; i < SSL_AIDX_MAX && sc->szPublicCertFile[i] != NULL; i++)
           ;
       if (i == SSL_AIDX_MAX)
  -        return ap_psprintf(cmd->pool, "SSLCertificateFile: only up to %d "
  +        return apr_psprintf(cmd->pool, "SSLCertificateFile: only up to %d "
                             "different certificates per virtual host allowed", 
                             SSL_AIDX_MAX);
       sc->szPublicCertFile[i] = cpPath;
  -#endif /* XXX */
       return NULL;
   }
   
   const char *ssl_cmd_SSLCertificateKeyFile(
  -    cmd_parms *cmd, char *struct_ptr, char *arg)
  +    cmd_parms *cmd, void *ctx, const char *arg)
   {
  -#if 0 /* XXX */
       SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
       char *cpPath;
       int i;
   
  -    cpPath = ap_server_root_relative(cmd->pool, "certkey", arg);
  +    cpPath = (char *)ap_server_root_relative(cmd->pool, arg);
       if (!ssl_util_path_check(SSL_PCM_EXISTS|SSL_PCM_ISREG|SSL_PCM_ISNONZERO, cpPath, cmd->pool))
  -        return ap_pstrcat(cmd->pool, "SSLCertificateKeyFile: file '",
  +        return apr_pstrcat(cmd->pool, "SSLCertificateKeyFile: file '",
                             cpPath, "' not exists or empty", NULL);
  -    for (i = 0; i < SSL_AIDX_MAX && sc->szPrivateKeyFile[i] != NULL; i++)
  +    for (i = 0; i < SSL_AIDX_MAX && (sc->szPrivateKeyFile[i] != NULL) &&
  +                                    (strlen(sc->szPrivateKeyFile[i]) != 0); i++)
           ;
       if (i == SSL_AIDX_MAX)
  -        return ap_psprintf(cmd->pool, "SSLCertificateKeyFile: only up to %d "
  +        return apr_psprintf(cmd->pool, "SSLCertificateKeyFile: only up to %d "
                             "different private keys per virtual host allowed", 
                             SSL_AIDX_MAX);
       sc->szPrivateKeyFile[i] = cpPath;
  -#endif /* XXX */
       return NULL;
   }
   
   const char *ssl_cmd_SSLCertificateChainFile(
  -    cmd_parms *cmd, char *struct_ptr, char *arg)
  +    cmd_parms *cmd, void *ctx, const char *arg)
   {
  -#if 0 /* XXX */
       SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
       char *cpPath;
   
  -    cpPath = ap_server_root_relative(cmd->pool, "certkey", arg);
  +    cpPath = (char *)ap_server_root_relative(cmd->pool, arg);
       if (!ssl_util_path_check(SSL_PCM_EXISTS|SSL_PCM_ISREG|SSL_PCM_ISNONZERO, cpPath, cmd->pool))
  -        return ap_pstrcat(cmd->pool, "SSLCertificateChainFile: file '",
  +        return apr_pstrcat(cmd->pool, "SSLCertificateChainFile: file '",
                             cpPath, "' not exists or empty", NULL);
       sc->szCertificateChain = cpPath;
  -#endif /* XXX */
       return NULL;
   }
   
   const char *ssl_cmd_SSLCACertificatePath(
  -    cmd_parms *cmd, SSLDirConfigRec *dc, char *arg)
  +    cmd_parms *cmd, void *ctx, const char *arg)
   {
  -#if 0 /* XXX */
  +#ifdef SSL_EXPERIMENTAL_PERDIRCA
  +    SSLDirConfigRec *dc = (SSLDirConfigRec *)ctx;
  +#endif
       SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
       char *cpPath;
   
  -    cpPath = ap_server_root_relative(cmd->pool, "certkey", arg);
  +    cpPath = (char *)ap_server_root_relative(cmd->pool, arg);
       if (!ssl_util_path_check(SSL_PCM_EXISTS|SSL_PCM_ISDIR, cpPath, cmd->pool))
  -        return ap_pstrcat(cmd->pool, "SSLCACertificatePath: directory '",
  -                          cpPath, "' not exists", NULL);
  +        return apr_pstrcat(cmd->pool, "SSLCACertificatePath: directory '",
  +                           cpPath, "' not exists", NULL);
   #ifdef SSL_EXPERIMENTAL_PERDIRCA
       if (cmd->path == NULL || dc == NULL)
           sc->szCACertificatePath = cpPath;
  @@ -568,21 +539,22 @@
   #else
       sc->szCACertificatePath = cpPath;
   #endif
  -#endif /* XXX */
       return NULL;
   }
   
   const char *ssl_cmd_SSLCACertificateFile(
  -    cmd_parms *cmd, SSLDirConfigRec *dc, char *arg)
  +    cmd_parms *cmd, void *ctx, const char *arg)
   {
  -#if 0 /* XXX */
  +#ifdef SSL_EXPERIMENTAL_PERDIRCA
  +    SSLDirConfigRec *dc = (SSLDirConfigRec *)ctx;
  +#endif
       SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
       char *cpPath;
   
  -    cpPath = ap_server_root_relative(cmd->pool, "certkey", arg);
  +    cpPath = (char *)ap_server_root_relative(cmd->pool, arg);
       if (!ssl_util_path_check(SSL_PCM_EXISTS|SSL_PCM_ISREG|SSL_PCM_ISNONZERO, cpPath, cmd->pool))
  -        return ap_pstrcat(cmd->pool, "SSLCACertificateFile: file '",
  -                          cpPath, "' not exists or empty", NULL);
  +        return apr_pstrcat(cmd->pool, "SSLCACertificateFile: file '",
  +                           cpPath, "' not exists or empty", NULL);
   #ifdef SSL_EXPERIMENTAL_PERDIRCA
       if (cmd->path == NULL || dc == NULL)
           sc->szCACertificateFile = cpPath;
  @@ -591,46 +563,41 @@
   #else
       sc->szCACertificateFile = cpPath;
   #endif
  -#endif /* XXX */
       return NULL;
   }
   
   const char *ssl_cmd_SSLCARevocationPath(
  -    cmd_parms *cmd, SSLDirConfigRec *dc, char *arg)
  +    cmd_parms *cmd, void *ctx, const char *arg)
   {
  -#if 0 /* XXX */
       SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
       char *cpPath;
   
  -    cpPath = ap_server_root_relative(cmd->pool, "certkey", arg);
  +    cpPath = (char *)ap_server_root_relative(cmd->pool, arg);
       if (!ssl_util_path_check(SSL_PCM_EXISTS|SSL_PCM_ISDIR, cpPath, cmd->pool))
  -        return ap_pstrcat(cmd->pool, "SSLCARecocationPath: directory '",
  -                          cpPath, "' not exists", NULL);
  +        return apr_pstrcat(cmd->pool, "SSLCARecocationPath: directory '",
  +                           cpPath, "' not exists", NULL);
       sc->szCARevocationPath = cpPath;
  -#endif /* XXX */
       return NULL;
   }
   
   const char *ssl_cmd_SSLCARevocationFile(
  -    cmd_parms *cmd, SSLDirConfigRec *dc, char *arg)
  +    cmd_parms *cmd, void *ctx, const char *arg)
   {
  -#if 0 /* XXX */
       SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
       char *cpPath;
   
  -    cpPath = ap_server_root_relative(cmd->pool, "certkey", arg);
  +    cpPath = (char *)ap_server_root_relative(cmd->pool, arg);
       if (!ssl_util_path_check(SSL_PCM_EXISTS|SSL_PCM_ISREG|SSL_PCM_ISNONZERO, cpPath, cmd->pool))
  -        return ap_pstrcat(cmd->pool, "SSLCARevocationFile: file '",
  -                          cpPath, "' not exists or empty", NULL);
  +        return apr_pstrcat(cmd->pool, "SSLCARevocationFile: file '",
  +                           cpPath, "' not exists or empty", NULL);
       sc->szCARevocationFile = cpPath;
  -#endif /* XXX */
       return NULL;
   }
   
   const char *ssl_cmd_SSLVerifyClient(
  -    cmd_parms *cmd, SSLDirConfigRec *dc, char *level)
  +    cmd_parms *cmd, void *ctx, const char *level)
   {
  -#if 0 /* XXX */
  +    SSLDirConfigRec *dc = (SSLDirConfigRec *)ctx;
       SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
       ssl_verify_t id;
   
  @@ -648,14 +615,13 @@
           sc->nVerifyClient = id;
       else
           dc->nVerifyClient = id;
  -#endif /* XXX */
       return NULL;
   }
   
   const char *ssl_cmd_SSLVerifyDepth(
  -    cmd_parms *cmd, SSLDirConfigRec *dc, char *arg)
  +    cmd_parms *cmd, void *ctx, const char *arg)
   {
  -#if 0 /* XXX */
  +    SSLDirConfigRec *dc = (SSLDirConfigRec *)ctx;
       SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
       int d;
   
  @@ -666,40 +632,41 @@
           sc->nVerifyDepth = d;
       else
           dc->nVerifyDepth = d;
  -#endif /* XXX */
       return NULL;
   }
   
   const char *ssl_cmd_SSLSessionCache(
  -    cmd_parms *cmd, char *struct_ptr, char *arg)
  +    cmd_parms *cmd, void *ctx, const char *arg)
   {
  -#if 0 /* XXX */
  +    SSLModConfigRec *mc = myModConfig(cmd->server);
       const char *err;
  -    SSLModConfigRec *mc = myModConfig();
       char *cp, *cp2;
       int maxsize;
   
       if ((err = ap_check_cmd_context(cmd, GLOBAL_ONLY)) != NULL)
           return err;
  -    if (ssl_config_global_isfixed())
  +    if (ssl_config_global_isfixed(mc))
           return NULL;
  +
       if (strcEQ(arg, "none")) {
           mc->nSessionCacheMode      = SSL_SCMODE_NONE;
           mc->szSessionCacheDataFile = NULL;
       }
       else if (strlen(arg) > 4 && strcEQn(arg, "dbm:", 4)) {
           mc->nSessionCacheMode      = SSL_SCMODE_DBM;
  -        mc->szSessionCacheDataFile = ap_pstrdup(mc->pPool,
  -                                     ap_server_root_relative(cmd->pool, "scache", arg+4));
  +        mc->szSessionCacheDataFile = apr_pstrdup(mc->pPool,
  +                                     ap_server_root_relative(cmd->pool, arg+4));
       }
       else if (   (strlen(arg) > 4 && strcEQn(arg, "shm:",   4)) 
                || (strlen(arg) > 6 && strcEQn(arg, "shmht:", 6))) {
  +#if 0 /* XXX */
           if (!ap_mm_useable())
               return "SSLSessionCache: shared memory cache not useable on this platform";
  +#endif
           mc->nSessionCacheMode      = SSL_SCMODE_SHMHT;
           cp = strchr(arg, ':');
  -        mc->szSessionCacheDataFile = ap_pstrdup(mc->pPool,
  -                                     ap_server_root_relative(cmd->pool, "scache", cp+1));
  +        mc->szSessionCacheDataFile = (char *)apr_pstrdup(mc->pPool,
  +                                     ap_server_root_relative(cmd->pool, cp+1));
           mc->tSessionCacheDataTable = NULL;
           mc->nSessionCacheDataSize  = 1024*512; /* 512KB */
           if ((cp = strchr(mc->szSessionCacheDataFile, '(')) != NULL) {
  @@ -710,17 +677,23 @@
               mc->nSessionCacheDataSize = atoi(cp);
               if (mc->nSessionCacheDataSize <= 8192)
                   return "SSLSessionCache: Invalid argument: size has to be >= 8192 bytes";
  +#if 0 /* XXX */
               maxsize = ap_mm_core_maxsegsize();
  +#else
  +            maxsize = 1024 * 512;
  +#endif
               if (mc->nSessionCacheDataSize >= maxsize)
  -                return ap_psprintf(cmd->pool, "SSLSessionCache: Invalid argument: "
  +                return apr_psprintf(cmd->pool, "SSLSessionCache: Invalid argument: "
                                      "size has to be < %d bytes on this platform", maxsize);
           }
       }
       else if (strlen(arg) > 6 && strcEQn(arg, "shmcb:", 6)) {
  +#if 0 /* XXX */
           if (!ap_mm_useable())
               return "SSLSessionCache: shared memory cache not useable on this platform";
  +#endif
           mc->nSessionCacheMode      = SSL_SCMODE_SHMCB;
  -        mc->szSessionCacheDataFile = ap_pstrdup(mc->pPool,
  +        mc->szSessionCacheDataFile = apr_pstrdup(mc->pPool,
                                        ap_server_root_relative(cmd->pool, arg+6));
           mc->tSessionCacheDataTable = NULL;
           mc->nSessionCacheDataSize  = 1024*512; /* 512KB */
  @@ -732,50 +705,48 @@
               mc->nSessionCacheDataSize = atoi(cp);
               if (mc->nSessionCacheDataSize <= 8192)
                   return "SSLSessionCache: Invalid argument: size has to be >= 8192 bytes";
  +#if 0 /* XXX */
               maxsize = ap_mm_core_maxsegsize();
  +#else
  +            maxsize = 1024 * 512;
  +#endif
               if (mc->nSessionCacheDataSize >= maxsize)
  -                return ap_psprintf(cmd->pool, "SSLSessionCache: Invalid argument: "
  +                return apr_psprintf(cmd->pool, "SSLSessionCache: Invalid argument: "
                                      "size has to be < %d bytes on this platform", maxsize);
           }
       }
   	else
           return "SSLSessionCache: Invalid argument";
  -#endif /* XXX */
       return NULL;
   }
   
   const char *ssl_cmd_SSLSessionCacheTimeout(
  -    cmd_parms *cmd, char *struct_ptr, char *arg)
  +    cmd_parms *cmd, void *ctx, const char *arg)
   {
  -#if 0 /* XXX */
       SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
   
       sc->nSessionCacheTimeout = atoi(arg);
       if (sc->nSessionCacheTimeout < 0)
           return "SSLSessionCacheTimeout: Invalid argument";
  -#endif /* XXX */
       return NULL;
   }
   
   const char *ssl_cmd_SSLLog(
  -    cmd_parms *cmd, char *struct_ptr, char *arg)
  +    cmd_parms *cmd, void *ctx, const char *arg)
   {
  -#if 0 /* XXX */
       SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
       const char *err;
   
       if ((err = ap_check_cmd_context(cmd,  NOT_IN_LIMIT|NOT_IN_DIRECTORY
                                            |NOT_IN_LOCATION|NOT_IN_FILES )) != NULL)
           return err;
  -    sc->szLogFile = arg;
  -#endif /* XXX */
  +    sc->szLogFile = (char *)arg;
       return NULL;
   }
   
   const char *ssl_cmd_SSLLogLevel(
  -    cmd_parms *cmd, char *struct_ptr, char *level)
  +    cmd_parms *cmd, void *ctx, const char *level)
   {
  -#if 0 /* XXX */
       SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
       const char *err;
   
  @@ -796,14 +767,13 @@
           sc->nLogLevel = SSL_LOG_DEBUG;
       else
           return "SSLLogLevel: Invalid argument";
  -#endif /* XXX */
       return NULL;
   }
   
   const char *ssl_cmd_SSLOptions(
  -    cmd_parms *cmd, SSLDirConfigRec *dc, const char *cpLine)
  +    cmd_parms *cmd, void *ctx, const char *cpLine)
   {
  -#if 0 /* XXX */
  +    SSLDirConfigRec *dc = (SSLDirConfigRec *)ctx;
       ssl_opt_t opt;
       int first;
       char action;
  @@ -835,7 +805,7 @@
           else if (strcEQ(w, "OptRenegotiate"))
               opt = SSL_OPT_OPTRENEGOTIATE;
           else
  -            return ap_pstrcat(cmd->pool, "SSLOptions: Illegal option '", w, "'", NULL);
  +            return apr_pstrcat(cmd->pool, "SSLOptions: Illegal option '", w, "'", NULL);
   
           if (action == '-') {
               dc->nOptionsAdd &= ~opt;
  @@ -853,39 +823,35 @@
               dc->nOptionsDel = SSL_OPT_NONE;
           }
       }
  -#endif /* XXX */
       return NULL;
   }
   
   const char *ssl_cmd_SSLRequireSSL(
  -    cmd_parms *cmd, SSLDirConfigRec *dc, char *cipher)
  +    cmd_parms *cmd, void *ctx)
   {
  -#if 0 /* XXX */
  +    SSLDirConfigRec *dc = (SSLDirConfigRec *)ctx;
       dc->bSSLRequired = TRUE;
  -#endif /* XXX */
       return NULL;
   }
   
   const char *ssl_cmd_SSLRequire(
  -    cmd_parms *cmd, SSLDirConfigRec *dc, char *cpExpr)
  +    cmd_parms *cmd, void *ctx, const char *cpExpr)
   {
  -#if 0 /* XXX */
  +    SSLDirConfigRec *dc = (SSLDirConfigRec *)ctx;
       ssl_expr *mpExpr;
       ssl_require_t *pReqRec;
   
  -    if ((mpExpr = ssl_expr_comp(cmd->pool, cpExpr)) == NULL)
  -        return ap_pstrcat(cmd->pool, "SSLRequire: ", ssl_expr_get_error(), NULL);
  -    pReqRec = ap_push_array(dc->aRequirement);
  -    pReqRec->cpExpr = ap_pstrdup(cmd->pool, cpExpr);
  +    if ((mpExpr = ssl_expr_comp(cmd->pool, (char *)cpExpr)) == NULL)
  +        return apr_pstrcat(cmd->pool, "SSLRequire: ", ssl_expr_get_error(), NULL);
  +    pReqRec = apr_array_push(dc->aRequirement);
  +    pReqRec->cpExpr = apr_pstrdup(cmd->pool, cpExpr);
       pReqRec->mpExpr = mpExpr;
  -#endif /* XXX */
       return NULL;
   }
   
   const char *ssl_cmd_SSLProtocol(
  -    cmd_parms *cmd, char *struct_ptr, const char *opt)
  +    cmd_parms *cmd, void *ctx, const char *opt)
   {
  -#if 0 /* XXX */
       SSLSrvConfigRec *sc;
       ssl_proto_t options, thisopt;
       char action;
  @@ -909,7 +875,8 @@
           else if (strcEQ(w, "all"))
               thisopt = SSL_PROTOCOL_ALL;
           else
  -            return ap_pstrcat(cmd->pool, "SSLProtocol: Illegal protocol '", w, "'", NULL);
  +            return apr_pstrcat(cmd->pool, "SSLProtocol: Illegal protocol '",
  +                               w, "'", NULL);
   
           if (action == '-')
               options &= ~thisopt;
  @@ -919,7 +886,6 @@
               options = thisopt;
       }
       sc->nProtocol = options;
  -#endif /* XXX */
       return NULL;
   }
   
  @@ -928,7 +894,6 @@
   const char *ssl_cmd_SSLProxyProtocol(
       cmd_parms *cmd, char *struct_ptr, const char *opt)
   {
  -#if 0 /* XXX */
       SSLSrvConfigRec *sc;
       ssl_proto_t options, thisopt;
       char action;
  @@ -952,7 +917,7 @@
           else if (strcEQ(w, "all"))
               thisopt = SSL_PROTOCOL_ALL;
           else
  -            return ap_pstrcat(cmd->pool, "SSLProxyProtocol: "
  +            return apr_pstrcat(cmd->pool, "SSLProxyProtocol: "
                                 "Illegal protocol '", w, "'", NULL);
           if (action == '-')
               options &= ~thisopt;
  @@ -962,36 +927,30 @@
               options = thisopt;
       }
       sc->nProxyProtocol = options;
  -#endif /* XXX */
       return NULL;
   }
   
   const char *ssl_cmd_SSLProxyCipherSuite(
       cmd_parms *cmd, char *struct_ptr, char *arg)
   {
  -#if 0 /* XXX */
       SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
   
       sc->szProxyCipherSuite = arg;
  -#endif /* XXX */
       return NULL;
   }
   
   const char *ssl_cmd_SSLProxyVerify(
       cmd_parms *cmd, char *struct_ptr, int flag)
   {
  -#if 0 /* XXX */
       SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
   
       sc->bProxyVerify = (flag ? TRUE : FALSE);
  -#endif /* XXX */
       return NULL;
   }
   
   const char *ssl_cmd_SSLProxyVerifyDepth(
       cmd_parms *cmd, char *struct_ptr, char *arg)
   {
  -#if 0 /* XXX */
       SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
       int d;
   
  @@ -999,71 +958,62 @@
       if (d < 0)
           return "SSLProxyVerifyDepth: Invalid argument";
       sc->nProxyVerifyDepth = d;
  -#endif /* XXX */
       return NULL;
   }
   
   const char *ssl_cmd_SSLProxyCACertificateFile(
       cmd_parms *cmd, char *struct_ptr, char *arg)
   {
  -#if 0 /* XXX */
       SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
       char *cpPath;
   
  -    cpPath = ap_server_root_relative(cmd->pool, "certkey", arg);
  +    cpPath = ap_server_root_relative(cmd->pool, arg);
       if (!ssl_util_path_check(SSL_PCM_EXISTS|SSL_PCM_ISREG|SSL_PCM_ISNONZERO, cpPath, cmd->pool))
  -        return ap_pstrcat(cmd->pool, "SSLProxyCACertificateFile: file '",
  +        return apr_pstrcat(cmd->pool, "SSLProxyCACertificateFile: file '",
                             cpPath, "' not exists or empty", NULL);
       sc->szProxyCACertificateFile = cpPath;
  -#endif /* XXX */
       return NULL;
   }
   
   const char *ssl_cmd_SSLProxyCACertificatePath(
       cmd_parms *cmd, char *struct_ptr, char *arg)
   {
  -#if 0 /* XXX */
       SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
       char *cpPath;
   
  -    cpPath = ap_server_root_relative(cmd->pool, "certkey", arg);
  +    cpPath = ap_server_root_relative(cmd->pool, arg);
       if (!ssl_util_path_check(SSL_PCM_EXISTS|SSL_PCM_ISDIR, cpPath, cmd->pool))
  -        return ap_pstrcat(cmd->pool, "SSLProxyCACertificatePath: directory '",
  -                          cpPath, "' does not exists", NULL);
  +        return apr_pstrcat(cmd->pool, "SSLProxyCACertificatePath: directory '",
  +                           cpPath, "' does not exists", NULL);
       sc->szProxyCACertificatePath = cpPath;
  -#endif /* XXX */
       return NULL;
   }
   
   const char *ssl_cmd_SSLProxyMachineCertificateFile(
       cmd_parms *cmd, char *struct_ptr, char *arg)
   {
  -#if 0 /* XXX */
       SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
       char *cpPath;
   
  -    cpPath = ap_server_root_relative(cmd->pool, "certkey", arg);
  +    cpPath = ap_server_root_relative(cmd->pool, arg);
       if (!ssl_util_path_check(SSL_PCM_EXISTS|SSL_PCM_ISREG|SSL_PCM_ISNONZERO, cpPath, cmd->pool))
  -        return ap_pstrcat(cmd->pool, "SSLProxyMachineCertFile: file '",
  -                          cpPath, "' not exists or empty", NULL);
  +        return apr_pstrcat(cmd->pool, "SSLProxyMachineCertFile: file '",
  +                           cpPath, "' not exists or empty", NULL);
       sc->szProxyClientCertificateFile = cpPath;
  -#endif /* XXX */
       return NULL;
   }
   
   const char *ssl_cmd_SSLProxyMachineCertificatePath(
       cmd_parms *cmd, char *struct_ptr, char *arg)
   {
  -#if 0 /* XXX */
       SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
       char *cpPath;
   
  -    cpPath = ap_server_root_relative(cmd->pool, "certkey", arg);
  +    cpPath = ap_server_root_relative(cmd->pool, arg);
       if (!ssl_util_path_check(SSL_PCM_EXISTS|SSL_PCM_ISDIR, cpPath, cmd->pool))
  -        return ap_pstrcat(cmd->pool, "SSLProxyMachineCertPath: directory '",
  -                          cpPath, "' does not exists", NULL);
  +        return apr_pstrcat(cmd->pool, "SSLProxyMachineCertPath: directory '",
  +                           cpPath, "' does not exists", NULL);
       sc->szProxyClientCertificatePath = cpPath;
  -#endif /* XXX */
       return NULL;
   }
   
  
  
  
  1.5       +2 -2      httpd-2.0/modules/ssl/ssl_engine_ds.c
  
  Index: ssl_engine_ds.c
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/modules/ssl/ssl_engine_ds.c,v
  retrieving revision 1.4
  retrieving revision 1.5
  diff -u -r1.4 -r1.5
  --- ssl_engine_ds.c	2001/05/05 19:53:00	1.4
  +++ ssl_engine_ds.c	2001/07/19 16:08:01	1.5
  @@ -76,7 +76,7 @@
       if ((a = (ssl_ds_array *)apr_palloc(p, sizeof(ssl_ds_array))) == NULL)
           return NULL;
       a->pPool = p;
  -    if ((a->pSubPool = apr_pool_sub_make(p, NULL)) != APR_SUCCESS)
  +    if ((a->pSubPool = apr_pool_sub_make(p, NULL)) == NULL)
           return NULL;
       a->aData = apr_array_make(a->pSubPool, 2, size);
       return a;
  @@ -130,7 +130,7 @@
       if ((t = (ssl_ds_table *)apr_palloc(p, sizeof(ssl_ds_table))) == NULL)
           return NULL;
       t->pPool = p;
  -    if ((t->pSubPool = apr_pool_sub_make(p, NULL)) != APR_SUCCESS)
  +    if ((t->pSubPool = apr_pool_sub_make(p, NULL)) == NULL)
           return NULL;
       t->aKey  = apr_array_make(t->pSubPool, 2, MAX_STRING_LEN);
       t->aData = apr_array_make(t->pSubPool, 2, size);
  
  
  
  1.7       +60 -56    httpd-2.0/modules/ssl/ssl_engine_init.c
  
  Index: ssl_engine_init.c
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/modules/ssl/ssl_engine_init.c,v
  retrieving revision 1.6
  retrieving revision 1.7
  diff -u -r1.6 -r1.7
  --- ssl_engine_init.c	2001/05/05 21:02:22	1.6
  +++ ssl_engine_init.c	2001/07/19 16:08:01	1.7
  @@ -61,8 +61,6 @@
                                           -- Unknown   */
   #include "mod_ssl.h"
   
  -#if 0 /* XXX */
  -
   /*  _________________________________________________________________
   **
   **  Module Initialization
  @@ -72,25 +70,25 @@
   /*
    *  Per-module initialization
    */
  -void ssl_init_Module(server_rec *s, pool *p)
  +void ssl_init_Module(apr_pool_t *p, apr_pool_t *plog,
  +    apr_pool_t *ptemp, server_rec *s)
   {
  -    SSLModConfigRec *mc = myModConfig();
  +    SSLModConfigRec *mc = myModConfig(s);
       SSLSrvConfigRec *sc;
       server_rec *s2;
  -    char *cp;
  -
  -    mc->nInitCount++;
   
       /*
        * Let us cleanup on restarts and exists
        */
  -    ap_register_cleanup(p, s, ssl_init_ModuleKill, ssl_init_ChildKill);
  +    apr_pool_cleanup_register(p, s, ssl_init_ModuleKill, ssl_init_ChildKill);
   
       /*
        * Any init round fixes the global config
        */
  -    ssl_config_global_create(); /* just to avoid problems */
  -    ssl_config_global_fix();
  +    ssl_config_global_create(s); /* just to avoid problems */
  +    ssl_config_global_fix(mc);
  +
  +    mc->nInitCount++;
   
       /*
        *  try to fix the configuration and open the dedicated SSL
  @@ -123,10 +121,12 @@
        * Identification
        */
       if (mc->nInitCount == 1) {
  +#if 0 /* XXX */
           ssl_log(s, SSL_LOG_INFO, "Server: %s, Interface: %s, Library: %s",
  -                SERVER_BASEVERSION,
  +                AP_SERVER_BASEVERSION,
                   ssl_var_lookup(p, NULL, NULL, NULL, "SSL_VERSION_INTERFACE"),
                   ssl_var_lookup(p, NULL, NULL, NULL, "SSL_VERSION_LIBRARY"));
  +#endif
       }
   
       /*
  @@ -159,7 +159,7 @@
        *     module segment (code & data) gets unloaded and re-loaded between
        *     the first and the second round. This means no global data survives
        *     between first and the second init round. We overcome this by using
  -     *     an entry ("ssl_module") inside the ap_global_ctx.
  +     *     an entry ("ssl_module") inside the process_rec->pool->user_data.
        *
        *  The situation as a table:
        *
  @@ -257,10 +257,12 @@
        *  Announce mod_ssl and SSL library in HTTP Server field
        *  as ``mod_ssl/X.X.X OpenSSL/X.X.X''
        */
  +#if 0 /* XXX */
       if ((cp = ssl_var_lookup(p, NULL, NULL, NULL, "SSL_VERSION_PRODUCT")) != NULL && cp[0] != NUL)
  -        ap_add_version_component(cp);
  -    ap_add_version_component(ssl_var_lookup(p, NULL, NULL, NULL, "SSL_VERSION_INTERFACE"));
  -    ap_add_version_component(ssl_var_lookup(p, NULL, NULL, NULL, "SSL_VERSION_LIBRARY"));
  +        ap_add_version_component(p, cp);
  +    ap_add_version_component(p, ssl_var_lookup(p, NULL, NULL, NULL, "SSL_VERSION_INTERFACE"));
  +    ap_add_version_component(p, ssl_var_lookup(p, NULL, NULL, NULL, "SSL_VERSION_LIBRARY"));
  +#endif
   
       return;
   }
  @@ -283,9 +285,9 @@
    * a hardware accellerator card for crypto operations.
    */
   #ifdef SSL_EXPERIMENTAL_ENGINE
  -void ssl_init_Engine(server_rec *s, pool *p)
  +void ssl_init_Engine(server_rec *s, apr_pool_t *p)
   {
  -    SSLModConfigRec *mc = myModConfig();
  +    SSLModConfigRec *mc = myModConfig(s);
       ENGINE *e;
   
       if (mc->szCryptoDevice != NULL) {
  @@ -310,9 +312,9 @@
   /*
    * Handle the Temporary RSA Keys and DH Params
    */
  -void ssl_init_TmpKeysHandle(int action, server_rec *s, pool *p)
  +void ssl_init_TmpKeysHandle(int action, server_rec *s, apr_pool_t *p)
   {
  -    SSLModConfigRec *mc = myModConfig();
  +    SSLModConfigRec *mc = myModConfig(s);
       ssl_asn1_t *asn1;
       unsigned char *ucp;
       RSA *rsa;
  @@ -333,7 +335,7 @@
           }
           asn1 = (ssl_asn1_t *)ssl_ds_table_push(mc->tTmpKeys, "RSA:512");
           asn1->nData  = i2d_RSAPrivateKey(rsa, NULL);
  -        asn1->cpData = ap_palloc(mc->pPool, asn1->nData);
  +        asn1->cpData = apr_palloc(mc->pPool, asn1->nData);
           ucp = asn1->cpData; i2d_RSAPrivateKey(rsa, &ucp); /* 2nd arg increments */
           RSA_free(rsa);
   
  @@ -345,7 +347,7 @@
           }
           asn1 = (ssl_asn1_t *)ssl_ds_table_push(mc->tTmpKeys, "RSA:1024");
           asn1->nData  = i2d_RSAPrivateKey(rsa, NULL);
  -        asn1->cpData = ap_palloc(mc->pPool, asn1->nData);
  +        asn1->cpData = apr_palloc(mc->pPool, asn1->nData);
           ucp = asn1->cpData; i2d_RSAPrivateKey(rsa, &ucp); /* 2nd arg increments */
           RSA_free(rsa);
   
  @@ -358,7 +360,7 @@
           }
           asn1 = (ssl_asn1_t *)ssl_ds_table_push(mc->tTmpKeys, "DH:512");
           asn1->nData  = i2d_DHparams(dh, NULL);
  -        asn1->cpData = ap_palloc(mc->pPool, asn1->nData);
  +        asn1->cpData = apr_palloc(mc->pPool, asn1->nData);
           ucp = asn1->cpData; i2d_DHparams(dh, &ucp); /* 2nd arg increments */
           /* no need to free dh, it's static */
   
  @@ -369,7 +371,7 @@
           }
           asn1 = (ssl_asn1_t *)ssl_ds_table_push(mc->tTmpKeys, "DH:1024");
           asn1->nData  = i2d_DHparams(dh, NULL);
  -        asn1->cpData = ap_palloc(mc->pPool, asn1->nData);
  +        asn1->cpData = apr_palloc(mc->pPool, asn1->nData);
           ucp = asn1->cpData; i2d_DHparams(dh, &ucp); /* 2nd arg increments */
           /* no need to free dh, it's static */
       }
  @@ -463,9 +465,9 @@
   /*
    * Configure a particular server
    */
  -void ssl_init_ConfigureServer(server_rec *s, pool *p, SSLSrvConfigRec *sc)
  +void ssl_init_ConfigureServer(server_rec *s, apr_pool_t *p, SSLSrvConfigRec *sc)
   {
  -    SSLModConfigRec *mc = myModConfig();
  +    SSLModConfigRec *mc = myModConfig(s);
       int nVerify;
       char *cpVHostID;
       EVP_PKEY *pKey;
  @@ -515,9 +517,9 @@
                   cpVHostID);
           ssl_die();
       }
  -    cp = ap_pstrcat(p, (sc->nProtocol & SSL_PROTOCOL_SSLV2 ? "SSLv2, " : ""),
  -                       (sc->nProtocol & SSL_PROTOCOL_SSLV3 ? "SSLv3, " : ""),
  -                       (sc->nProtocol & SSL_PROTOCOL_TLSV1 ? "TLSv1, " : ""), NULL);
  +    cp = apr_pstrcat(p, (sc->nProtocol & SSL_PROTOCOL_SSLV2 ? "SSLv2, " : ""),
  +                        (sc->nProtocol & SSL_PROTOCOL_SSLV3 ? "SSLv3, " : ""),
  +                        (sc->nProtocol & SSL_PROTOCOL_TLSV1 ? "TLSv1, " : ""), NULL);
       cp[strlen(cp)-2] = NUL;
       ssl_log(s, SSL_LOG_TRACE,
               "Init: (%s) Creating new SSL context (protocols: %s)", cpVHostID, cp);
  @@ -633,7 +635,7 @@
        *  Configure server certificate(s)
        */
       ok = FALSE;
  -    cp = ap_psprintf(p, "%s:RSA", cpVHostID);
  +    cp = apr_psprintf(p, "%s:RSA", cpVHostID);
       if ((asn1 = (ssl_asn1_t *)ssl_ds_table_get(mc->tPublicCert, cp)) != NULL) {
           ssl_log(s, SSL_LOG_TRACE,
                   "Init: (%s) Configuring RSA server certificate", cpVHostID);
  @@ -652,7 +654,7 @@
           }
           ok = TRUE;
       }
  -    cp = ap_psprintf(p, "%s:DSA", cpVHostID);
  +    cp = apr_psprintf(p, "%s:DSA", cpVHostID);
       if ((asn1 = (ssl_asn1_t *)ssl_ds_table_get(mc->tPublicCert, cp)) != NULL) {
           ssl_log(s, SSL_LOG_TRACE,
                   "Init: (%s) Configuring DSA server certificate", cpVHostID);
  @@ -703,8 +705,8 @@
                           cpVHostID, (i == SSL_AIDX_RSA ? "RSA" : "DSA"), pathlen);
               }
               if (SSL_X509_getCN(p, sc->pPublicCert[i], &cp)) {
  -                if (ap_is_fnmatch(cp) &&
  -                    !ap_fnmatch(cp, s->server_hostname, FNM_PERIOD|FNM_CASE_BLIND)) {
  +                if (apr_is_fnmatch(cp) &&
  +                    !apr_fnmatch(cp, s->server_hostname, FNM_PERIOD|FNM_CASE_BLIND)) {
                       ssl_log(s, SSL_LOG_WARN,
                           "Init: (%s) %s server certificate wildcard CommonName (CN) `%s' "
                           "does NOT match server name!?", cpVHostID, 
  @@ -724,7 +726,7 @@
        *  Configure server private key(s)
        */
       ok = FALSE;
  -    cp = ap_psprintf(p, "%s:RSA", cpVHostID);
  +    cp = apr_psprintf(p, "%s:RSA", cpVHostID);
       if ((asn1 = (ssl_asn1_t *)ssl_ds_table_get(mc->tPrivateKey, cp)) != NULL) {
           ssl_log(s, SSL_LOG_TRACE,
                   "Init: (%s) Configuring RSA server private key", cpVHostID);
  @@ -744,7 +746,7 @@
           }
           ok = TRUE;
       }
  -    cp = ap_psprintf(p, "%s:DSA", cpVHostID);
  +    cp = apr_psprintf(p, "%s:DSA", cpVHostID);
       if ((asn1 = (ssl_asn1_t *)ssl_ds_table_get(mc->tPrivateKey, cp)) != NULL) {
           ssl_log(s, SSL_LOG_TRACE,
                   "Init: (%s) Configuring DSA server private key", cpVHostID);
  @@ -819,13 +821,13 @@
       return;
   }
   
  -void ssl_init_CheckServers(server_rec *sm, pool *p)
  +void ssl_init_CheckServers(server_rec *sm, apr_pool_t *p)
   {
       server_rec *s;
       server_rec **ps;
       SSLSrvConfigRec *sc;
       ssl_ds_table *t;
  -    pool *sp;
  +    apr_pool_t *sp;
       char *key;
       BOOL bConflict;
   
  @@ -851,14 +853,14 @@
        * just the certificate/keys of one virtual host (which one cannot be said
        * easily - but that doesn't matter here).
        */
  -    sp = ap_make_sub_pool(p);
  +    apr_pool_create(&sp, p);
       t = ssl_ds_table_make(sp, sizeof(server_rec *));
       bConflict = FALSE;
       for (s = sm; s != NULL; s = s->next) {
           sc = mySrvConfig(s);
           if (!sc->bEnabled)
               continue;
  -        key = ap_psprintf(sp, "%pA:%u", &s->addrs->host_addr, s->addrs->host_port);
  +        key = apr_psprintf(sp, "%pA:%u", &s->addrs->host_addr, s->addrs->host_port);
           ps = ssl_ds_table_get(t, key);
           if (ps != NULL) {
               ssl_log(sm, SSL_LOG_WARN,
  @@ -876,7 +878,8 @@
           *ps = s;
       }
       ssl_ds_table_kill(t);
  -    ap_destroy_pool(sp);
  +    /* XXX - It was giving some problem earlier - check it out - TBD */
  +    apr_pool_destroy(sp);
       if (bConflict)
           ssl_log(sm, SSL_LOG_WARN,
                   "Init: You should not use name-based virtual hosts in conjunction with SSL!!");
  @@ -889,14 +892,14 @@
       return(X509_NAME_cmp(*a, *b));
   }
   
  -STACK_OF(X509_NAME) *ssl_init_FindCAList(server_rec *s, pool *pp, char *cpCAfile, char *cpCApath)
  +STACK_OF(X509_NAME) *ssl_init_FindCAList(server_rec *s, apr_pool_t *pp, char *cpCAfile, char *cpCApath)
   {
       STACK_OF(X509_NAME) *skCAList;
       STACK_OF(X509_NAME) *sk;
  -    DIR *dir;
  -    struct DIR_TYPE *direntry;
  +    apr_dir_t *dir;
  +    apr_finfo_t direntry;
       char *cp;
  -    pool *p;
  +    apr_pool_t *p;
       int n;
   
       /*
  @@ -904,7 +907,7 @@
        * is remains in memory for the complete operation time of
        * the server.
        */
  -    p = ap_make_sub_pool(pp);
  +    p = apr_pool_sub_make(pp, NULL);
   
       /*
        * Start with a empty stack/list where new
  @@ -930,9 +933,9 @@
        * Process CA certificate path files
        */
       if (cpCApath != NULL) {
  -        dir = ap_popendir(p, cpCApath);
  -        while ((direntry = readdir(dir)) != NULL) {
  -            cp = ap_pstrcat(p, cpCApath, "/", direntry->d_name, NULL);
  +        apr_dir_open(&dir, cpCApath, p);
  +        while ((apr_dir_read(&direntry, APR_FINFO_DIRENT, dir)) != APR_SUCCESS) {
  +            cp = apr_pstrcat(p, cpCApath, "/", direntry.name, NULL);
               sk = SSL_load_client_CA_file(cp);
               for(n = 0; sk != NULL && n < sk_X509_NAME_num(sk); n++) {
                   ssl_log(s, SSL_LOG_TRACE,
  @@ -942,32 +945,33 @@
                       sk_X509_NAME_push(skCAList, sk_X509_NAME_value(sk, n));
               }
           }
  -        ap_pclosedir(p, dir);
  +        apr_dir_close(dir);
       }
   
       /*
        * Cleanup
        */
       sk_X509_NAME_set_cmp_func(skCAList, NULL);
  -    ap_destroy_pool(p);
  +    apr_pool_destroy(p);
   
       return skCAList;
   }
   
  -void ssl_init_Child(server_rec *s, pool *p)
  +void ssl_init_Child(apr_pool_t *p, server_rec *s)
   {
        /* open the mutex lockfile */
        ssl_mutex_reinit(s, p);
        return;
   }
   
  -void ssl_init_ChildKill(void *data)
  +apr_status_t ssl_init_ChildKill(void *data)
   {
  +    /* server_rec *s = (server_rec *)data; */
       /* currently nothing to do */
  -    return;
  +    return APR_SUCCESS;
   }
   
  -void ssl_init_ModuleKill(void *data)
  +apr_status_t ssl_init_ModuleKill(void *data)
   {
       SSLSrvConfigRec *sc;
       server_rec *s = (server_rec *)data;
  @@ -976,7 +980,9 @@
        * Drop the session cache and mutex
        */
       ssl_scache_kill(s);
  +#if 0 /* XXX */
       ssl_mutex_kill(s);
  +#endif
   
       /* 
        * Destroy the temporary keys and params
  @@ -1020,8 +1026,6 @@
       EVP_cleanup();
   #endif
   
  -    return;
  +    return APR_SUCCESS;
   }
  -
  -#endif /* XXX */
   
  
  
  
  1.8       +304 -32   httpd-2.0/modules/ssl/ssl_engine_io.c
  
  Index: ssl_engine_io.c
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/modules/ssl/ssl_engine_io.c,v
  retrieving revision 1.7
  retrieving revision 1.8
  diff -u -r1.7 -r1.8
  --- ssl_engine_io.c	2001/05/05 16:55:28	1.7
  +++ ssl_engine_io.c	2001/07/19 16:08:01	1.8
  @@ -68,10 +68,9 @@
   **  _________________________________________________________________
   */
   
  -#if 0 /* XXX */
  -static int ssl_io_hook_read(BUFF *fb, char *buf, int len);
  -static int ssl_io_hook_write(BUFF *fb, char *buf, int len);
  -#endif /* XXX */
  +/* XXX THIS STUFF NEEDS A MAJOR CLEANUP -RSE XXX */
  +
  +static const char ssl_io_filter[] = "SSL/TLS Filter";
   
   void ssl_io_register(void)
   {
  @@ -91,15 +90,12 @@
       return;
   }
   
  -#if 0 /* XXX */
  -
  -static int ssl_io_hook_read(BUFF *fb, char *buf, int len)
  +static int ssl_io_hook_read(SSL *ssl, unsigned char *buf, int len)
   {
  -    SSL *ssl;
       conn_rec *c;
       int rc;
   
  -    if ((ssl = ap_ctx_get(fb->ctx, "ssl")) != NULL) {
  +    if (ssl != NULL) {
           rc = SSL_read(ssl, buf, len);
           /*
            * Simulate an EINTR in case OpenSSL wants to read more.
  @@ -113,27 +109,30 @@
            */
           if (rc < 0 && SSL_get_error(ssl, rc) == SSL_ERROR_SSL) {
               c = (conn_rec *)SSL_get_app_data(ssl);
  -            ssl_log(c->server, SSL_LOG_ERROR|SSL_ADD_SSLERR,
  +            ssl_log(c->base_server, SSL_LOG_ERROR|SSL_ADD_SSLERR,
                       "SSL error on reading data");
           }
           /*
            * read(2) returns only the generic error number -1
            */
           if (rc < 0)
  -            rc = -1;
  +            /*
  +             * XXX - Just trying to reflect the behaviour in 
  +             * openssl_state_machine.c [mod_tls]. TBD
  +             */
  +            rc = 0;
       }
       else
  -        rc = read(fb->fd_in, buf, len);
  +        rc = -1;
       return rc;
   }
   
  -static int ssl_io_hook_write(BUFF *fb, char *buf, int len)
  +static int ssl_io_hook_write(SSL *ssl, unsigned char *buf, int len)
   {
  -    SSL *ssl;
       conn_rec *c;
       int rc;
   
  -    if ((ssl = ap_ctx_get(fb->ctx, "ssl")) != NULL) {
  +    if (ssl != NULL) {
           rc = SSL_write(ssl, buf, len);
           /*
            * Simulate an EINTR in case OpenSSL wants to write more.
  @@ -145,20 +144,296 @@
            */
           if (rc < 0 && SSL_get_error(ssl, rc) == SSL_ERROR_SSL) {
               c = (conn_rec *)SSL_get_app_data(ssl);
  -            ssl_log(c->server, SSL_LOG_ERROR|SSL_ADD_SSLERR,
  +            ssl_log(c->base_server, SSL_LOG_ERROR|SSL_ADD_SSLERR,
                       "SSL error on writing data");
           }
           /*
            * write(2) returns only the generic error number -1
            */
           if (rc < 0)
  -            rc = -1;
  +            /*
  +             * XXX - Just trying to reflect the behaviour in 
  +             * openssl_state_machine.c [mod_tls]. TBD
  +             */
  +            rc = 0;
       }
       else
  -        rc = write(fb->fd, buf, len);
  +        rc = -1;
       return rc;
   }
   
  +static apr_status_t churn_output(SSLFilterRec *pRec)
  +{
  +    apr_bucket_brigade *pbbOutput=NULL;
  +    int done;
  +
  +    do {
  +	char buf[1024];
  +	int n;
  +	apr_bucket *pbkt;
  +
  +	done=0;
  +
  +	if (BIO_pending(pRec->pbioWrite)) {
  +            n = BIO_read(pRec->pbioWrite,buf,sizeof buf);
  +            if(n > 0) {
  +		char *pbuf;
  +
  +		if(!pbbOutput)
  +		    pbbOutput=apr_brigade_create(pRec->pOutputFilter->c->pool);
  +
  +		pbuf=apr_pmemdup(pRec->pOutputFilter->c->pool,buf,n);
  +		pbkt=apr_bucket_pool_create(pbuf,n,
  +					    pRec->pOutputFilter->c->pool);
  +		APR_BRIGADE_INSERT_TAIL(pbbOutput,pbkt);
  +		done=1;
  +                /*      } else if(n == 0) {
  +                        apr_bucket *pbktEOS=apr_bucket_create_eos();
  +                        APR_BRIGADE_INSERT_TAIL(pbbOutput,pbktEOS);*/
  +	    }
  +            assert (n > 0); /* XXX => Check if required */
  +#if 0 /* XXX */ 
  +            }
  +            else if (n == 0)
  +                done = 1;
  +            else
  +                 assert (n > 0);
  +#endif
  +	}
  +#if 0 /* XXX */
  +        else
  +        {
  +            done = 1;
  +        }
  +#endif
  +    } while(done);
  +    
  +    /* XXX: check for errors */
  +    if(pbbOutput) {
  +	apr_bucket *pbkt;
  +
  +	/* XXX: it may be possible to not always flush */
  +	pbkt=apr_bucket_flush_create();
  +	APR_BRIGADE_INSERT_TAIL(pbbOutput,pbkt);
  +	ap_pass_brigade(pRec->pOutputFilter->next,pbbOutput);
  +    }
  +
  +    return APR_SUCCESS;
  +}
  +
  +static apr_status_t churn (SSLFilterRec *pRec,
  +        apr_read_type_e eReadType, apr_size_t *readbytes)
  +{
  +    apr_bucket *pbktIn;
  +    ap_input_mode_t eMode = (eReadType == APR_BLOCK_READ) 
  +                            ? AP_MODE_BLOCKING : AP_MODE_NONBLOCKING;
  +
  +/* XXX : Errrr... bad way of doing things TBD */
  +eReadType = APR_BLOCK_READ;
  +eMode     = AP_MODE_BLOCKING;
  +
  +    if(APR_BRIGADE_EMPTY(pRec->pbbInput)) {
  +	ap_get_brigade(pRec->pInputFilter->next,pRec->pbbInput,eMode,readbytes);
  +	if(APR_BRIGADE_EMPTY(pRec->pbbInput))
  +	    return APR_EOF;
  +    }
  +
  +    APR_BRIGADE_FOREACH(pbktIn,pRec->pbbInput) {
  +	const char *data;
  +	apr_size_t len;
  +	int n;
  +	char buf[1024];
  +	apr_status_t ret;
  +
  +	if(APR_BUCKET_IS_EOS(pbktIn)) {
  +	    break;
  +	}
  +
  +	/* read filter */
  +	ret=apr_bucket_read(pbktIn,&data,&len,eReadType);
  +
  +	APR_BUCKET_REMOVE(pbktIn);
  +
  +	if(ret == APR_SUCCESS && len == 0 && eReadType == APR_BLOCK_READ)
  +	    ret=APR_EOF;
  +
  +	if(len == 0) {
  +	    /* Lazy frickin browsers just reset instead of shutting down. */
  +            if(ret == APR_EOF || APR_STATUS_IS_ECONNRESET(ret)) {
  +		if(APR_BRIGADE_EMPTY(pRec->pbbPendingInput))
  +		    return APR_EOF;
  +		else
  +		    /* Next time around, the incoming brigade will be empty,
  +		     * so we'll return EOF then
  +		     */
  +		    return APR_SUCCESS;
  +	    }
  +		
  +	    if(eReadType != APR_NONBLOCK_READ)
  +		ap_log_error(APLOG_MARK,APLOG_ERR,ret,NULL,
  +			     "Read failed in tls_in_filter");
  +	    assert(eReadType == APR_NONBLOCK_READ);
  +	    assert(ret == APR_SUCCESS || APR_STATUS_IS_EAGAIN(ret));
  +	    /* In this case, we have data in the output bucket, or we were
  +	     * non-blocking, so returning nothing is fine.
  +	     */
  +	    return APR_SUCCESS;
  +	}
  +
  +	assert(len > 0);
  +
  +        n = BIO_write (pRec->pbioRead, data, len);
  +        assert(n == len);
  +
  +        ssl_hook_process_connection (pRec);
  +
  +        n = ssl_io_hook_read(pRec->pssl, (unsigned char *)buf, sizeof(buf));
  +	if(n > 0) {
  +	    apr_bucket *pbktOut;
  +	    char *pbuf;
  +
  +	    pbuf=apr_pmemdup(pRec->pInputFilter->c->pool,buf,n);
  +	    /* XXX: should we use a heap bucket instead? Or a transient (in
  +	     * which case we need a separate brigade for each bucket)?
  +	     */
  +	    pbktOut=apr_bucket_pool_create(pbuf,n,pRec->pInputFilter->c->pool);
  +	    APR_BRIGADE_INSERT_TAIL(pRec->pbbPendingInput,pbktOut);
  +
  +	    /* Once we've read something, we can move to non-blocking mode (if
  +	     * we weren't already).
  +	     */
  +	    eReadType=APR_NONBLOCK_READ;
  +
  +	    /* XXX: deal with EOF! */
  +	    /*	} else if(n == 0) {
  +	    apr_bucket *pbktEOS=apr_bucket_create_eos();
  +	    APR_BRIGADE_INSERT_TAIL(pbbInput,pbktEOS);*/
  +	}
  +	assert(n >= 0);
  +
  +	ret=churn_output(pRec);
  +	if(ret != APR_SUCCESS)
  +	    return ret;
  +    }
  +
  +    return churn_output(pRec);
  +}
  +
  +apr_status_t ssl_io_filter_Output(ap_filter_t *f,apr_bucket_brigade *pbbIn)
  +{
  +    SSLFilterRec *pRec=f->ctx;
  +    apr_bucket *pbktIn;
  +conn_rec *c = SSL_get_app_data (pRec->pssl);
  +
  +    APR_BRIGADE_FOREACH(pbktIn,pbbIn) {
  +	const char *data;
  +	apr_size_t len, n;
  +	apr_status_t ret;
  +
  +	if(APR_BUCKET_IS_EOS(pbktIn)) {
  +	    /* XXX: demote to debug */
  +            ssl_log(c->base_server, SSL_LOG_INFO, "EOS in output");
  +
  +            if (ssl_hook_CloseConnection (pRec) != APR_SUCCESS)
  +                ssl_log(c->base_server, SSL_LOG_INFO,
  +                    "Error in ssl_hook_CloseConnection");
  +#if 0
  +	    /* XXX: dubious - does this always terminate? Does it return the right thing? */
  +	    for( ; ; ) {
  +		ret=churn_output(pRec);
  +		if(ret != APR_SUCCESS)
  +		    return ret;
  +                /* XXX - Verify if passing &len is okay for churn - TBD */
  +                len = 0;
  +		ret=churn(pRec,APR_NONBLOCK_READ,&len);
  +		if(ret != APR_SUCCESS) {
  +		    if(ret == APR_EOF)
  +			return APR_SUCCESS;
  +		    else
  +			return ret;
  +		}
  +	    }
  +#endif
  +	    break;
  +	}
  +
  +	if(APR_BUCKET_IS_FLUSH(pbktIn)) {
  +	    /* assume that churn will flush (or already has) if there's output */
  +            /* XXX - Verify if passing &len is okay for churn - TBD */
  +            ssl_log(c->base_server, SSL_LOG_INFO, "FLUSH in output");
  +            len = 0;
  +	    ret=churn(pRec,APR_NONBLOCK_READ,&len);
  +	    if(ret != APR_SUCCESS)
  +		return ret;
  +	    continue;
  +	}
  +
  +        ssl_log(c->base_server, SSL_LOG_INFO, "DATA in output");
  +	/* read filter */
  +	apr_bucket_read(pbktIn,&data,&len,APR_BLOCK_READ);
  +
  +	/* write SSL */
  +        n = ssl_io_hook_write(pRec->pssl, (unsigned char *)data, len);
  +        assert (n == len);
  +
  +
  +	/* churn the state machine */
  +	ret=churn_output(pRec);
  +	if(ret != APR_SUCCESS)
  +	    return ret;
  +    }
  +    return APR_SUCCESS;
  +}
  +
  +apr_status_t ssl_io_filter_Input(ap_filter_t *f,apr_bucket_brigade *pbbOut,
  +                          ap_input_mode_t eMode, apr_size_t *readbytes)
  +{
  +    apr_status_t ret;
  +    SSLFilterRec *pRec        = f->ctx;
  +    apr_read_type_e eReadType = 
  +        (eMode == AP_MODE_BLOCKING) ? APR_BLOCK_READ : APR_NONBLOCK_READ;
  +
  +    /* XXX: we don't currently support peek */
  +    assert(eMode != AP_MODE_PEEK);
  +
  +    /* churn the state machine */
  +    ret = churn(pRec,eReadType,readbytes);
  +    if(ret != APR_SUCCESS)
  +	return ret;
  +
  +    /* XXX: shame that APR_BRIGADE_FOREACH doesn't work here */
  +    while(!APR_BRIGADE_EMPTY(pRec->pbbPendingInput)) {
  +	apr_bucket *pbktIn=APR_BRIGADE_FIRST(pRec->pbbPendingInput);
  +	APR_BUCKET_REMOVE(pbktIn);
  +	APR_BRIGADE_INSERT_TAIL(pbbOut,pbktIn);
  +    }
  +
  +    return APR_SUCCESS;
  +}
  +
  +void ssl_io_filter_init(conn_rec *c, SSL *ssl)
  +{
  +    SSLFilterRec *filter;
  +
  +    filter = apr_pcalloc(c->pool, sizeof(SSLFilterRec));
  +    filter->pInputFilter    = ap_add_input_filter(ssl_io_filter, filter, NULL, c);
  +    filter->pOutputFilter   = ap_add_output_filter(ssl_io_filter, filter, NULL, c);
  +    filter->pbbInput        = apr_brigade_create(c->pool);
  +    filter->pbbPendingInput = apr_brigade_create(c->pool);
  +    filter->pbioRead        = BIO_new(BIO_s_mem());
  +    filter->pbioWrite       = BIO_new(BIO_s_mem());
  +    SSL_set_bio(ssl, filter->pbioRead, filter->pbioWrite);
  +    filter->pssl            = ssl;
  +    return;
  +}
  +
  +void ssl_io_filter_register(apr_pool_t *p)
  +{
  +    ap_register_input_filter  (ssl_io_filter, ssl_io_filter_Input,  AP_FTYPE_NETWORK);
  +    ap_register_output_filter (ssl_io_filter, ssl_io_filter_Output, AP_FTYPE_NETWORK);
  +    return;
  +}
  +
   /*  _________________________________________________________________
   **
   **  I/O Data Debugging
  @@ -183,28 +458,28 @@
       ssl_log(srvr, SSL_LOG_DEBUG|SSL_NO_TIMESTAMP|SSL_NO_LEVELID,
               "+-------------------------------------------------------------------------+");
       for(i = 0 ; i< rows; i++) {
  -        ap_snprintf(tmp, sizeof(tmp), "| %04x: ", i * DUMP_WIDTH);
  -        ap_cpystrn(buf, tmp, sizeof(buf));
  +        apr_snprintf(tmp, sizeof(tmp), "| %04x: ", i * DUMP_WIDTH);
  +        apr_cpystrn(buf, tmp, sizeof(buf));
           for (j = 0; j < DUMP_WIDTH; j++) {
               if (((i * DUMP_WIDTH) + j) >= len)
  -                ap_cpystrn(buf+strlen(buf), "   ", sizeof(buf)-strlen(buf));
  +                apr_cpystrn(buf+strlen(buf), "   ", sizeof(buf)-strlen(buf));
               else {
                   ch = ((unsigned char)*((char *)(s) + i * DUMP_WIDTH + j)) & 0xff;
  -                ap_snprintf(tmp, sizeof(tmp), "%02x%c", ch , j==7 ? '-' : ' ');
  -                ap_cpystrn(buf+strlen(buf), tmp, sizeof(buf)-strlen(buf));
  +                apr_snprintf(tmp, sizeof(tmp), "%02x%c", ch , j==7 ? '-' : ' ');
  +                apr_cpystrn(buf+strlen(buf), tmp, sizeof(buf)-strlen(buf));
               }
           }
  -        ap_cpystrn(buf+strlen(buf), " ", sizeof(buf)-strlen(buf));
  +        apr_cpystrn(buf+strlen(buf), " ", sizeof(buf)-strlen(buf));
           for (j = 0; j < DUMP_WIDTH; j++) {
               if (((i * DUMP_WIDTH) + j) >= len)
  -                ap_cpystrn(buf+strlen(buf), " ", sizeof(buf)-strlen(buf));
  +                apr_cpystrn(buf+strlen(buf), " ", sizeof(buf)-strlen(buf));
               else {
                   ch = ((unsigned char)*((char *)(s) + i * DUMP_WIDTH + j)) & 0xff;
  -                ap_snprintf(tmp, sizeof(tmp), "%c", ((ch >= ' ') && (ch <= '~')) ? ch : '.');
  -                ap_cpystrn(buf+strlen(buf), tmp, sizeof(buf)-strlen(buf));
  +                apr_snprintf(tmp, sizeof(tmp), "%c", ((ch >= ' ') && (ch <= '~')) ? ch : '.');
  +                apr_cpystrn(buf+strlen(buf), tmp, sizeof(buf)-strlen(buf));
               }
           }
  -        ap_cpystrn(buf+strlen(buf), " |", sizeof(buf)-strlen(buf));
  +        apr_cpystrn(buf+strlen(buf), " |", sizeof(buf)-strlen(buf));
           ssl_log(srvr, SSL_LOG_DEBUG|SSL_NO_TIMESTAMP|SSL_NO_LEVELID, "%s", buf);
       }
       if (trunc > 0)
  @@ -225,7 +500,7 @@
           return rc;
       if ((c = (conn_rec *)SSL_get_app_data(ssl)) == NULL)
           return rc;
  -    s = c->server;
  +    s = c->base_server;
   
       if (   cmd == (BIO_CB_WRITE|BIO_CB_RETURN)
           || cmd == (BIO_CB_READ |BIO_CB_RETURN) ) {
  @@ -250,6 +525,3 @@
       }
       return rc;
   }
  -
  -#endif /* XXX */
  -
  
  
  
  1.9       +124 -105  httpd-2.0/modules/ssl/ssl_engine_kernel.c
  
  Index: ssl_engine_kernel.c
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/modules/ssl/ssl_engine_kernel.c,v
  retrieving revision 1.8
  retrieving revision 1.9
  diff -u -r1.8 -r1.9
  --- ssl_engine_kernel.c	2001/05/05 16:55:28	1.8
  +++ ssl_engine_kernel.c	2001/07/19 16:08:01	1.9
  @@ -373,19 +373,23 @@
       ap_ctx_set(ap_global_ctx, "ssl::handshake::timeout", (void *)TRUE);
       return;
   }
  +#endif /* XXX */
   
   /*
    *  Close the SSL part of the socket connection
    *  (called immediately _before_ the socket is closed)
    */
  -void ssl_hook_CloseConnection(conn_rec *conn)
  +apr_status_t ssl_hook_CloseConnection(SSLFilterRec *filter)
   {
       SSL *ssl;
       char *cpType;
  +    conn_rec *conn;
  +    
  +    ssl  = filter->pssl;
  +    conn = (conn_rec *)SSL_get_app_data(ssl);
   
  -    ssl = ap_ctx_get(conn->client->ctx, "ssl");
       if (ssl == NULL)
  -        return;
  +        return APR_SUCCESS;
   
       /*
        * First make sure that no more data is pending in Apache's BUFF,
  @@ -393,7 +397,7 @@
        * calls of Apache it would lead to an I/O error in the browser due
        * to the fact that the SSL layer was already removed by us.
        */
  -    ap_bflush(conn->client);
  +    ap_flush_conn(conn);
   
       /*
        * Now close the SSL layer of the connection. We've to take
  @@ -431,13 +435,13 @@
        * exchange close notify messages, but allow the user
        * to force the type of handshake via SetEnvIf directive
        */
  -    if (ap_ctx_get(conn->client->ctx, "ssl::flag::unclean-shutdown") == PTRUE) {
  +    if (apr_table_get(conn->notes, "ssl::flag::unclean-shutdown") == PTRUE) {
           /* perform no close notify handshake at all
              (violates the SSL/TLS standard!) */
           SSL_set_shutdown(ssl, SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
           cpType = "unclean";
       }
  -    else if (ap_ctx_get(conn->client->ctx, "ssl::flag::accurate-shutdown") == PTRUE) {
  +    else if (apr_table_get(conn->notes, "ssl::flag::accurate-shutdown") == PTRUE) {
           /* send close notify and wait for clients close notify
              (standard compliant, but usually causes connection hangs) */
           SSL_set_shutdown(ssl, 0);
  @@ -451,16 +455,17 @@
       }
       SSL_smart_shutdown(ssl);
   
  -    /* deallocate the SSL connection */
  -    SSL_free(ssl);
  -    ap_ctx_set(conn->client->ctx, "ssl", NULL);
  -
       /* and finally log the fact that we've closed the connection */
  -    ssl_log(conn->server, SSL_LOG_INFO,
  +    ssl_log(conn->base_server, SSL_LOG_INFO,
               "Connection to child %d closed with %s shutdown (server %s, client %s)",
  -            conn->child_num, cpType, ssl_util_vhostid(conn->pool, conn->server),
  +            conn->id, cpType, ssl_util_vhostid(conn->pool, conn->base_server),
               conn->remote_ip != NULL ? conn->remote_ip : "unknown");
  -    return;
  +
  +    /* deallocate the SSL connection */
  +    SSL_free(ssl);
  +    apr_table_setn(conn->notes, "ssl", NULL);
  +
  +    return APR_SUCCESS;
   }
   
   /*
  @@ -469,16 +474,16 @@
   int ssl_hook_ReadReq(request_rec *r)
   {
       SSL *ssl;
  -    ap_ctx *apctx;
  +    apr_table_t *apctx;
   
       /*
        * Get the SSL connection structure and perform the
        * delayed interlinking from SSL back to request_rec
        */
  -    ssl = ap_ctx_get(r->connection->client->ctx, "ssl");
  +    ssl = (SSL *)apr_table_get(r->connection->notes, "ssl");
       if (ssl != NULL) {
           apctx = SSL_get_app_data2(ssl);
  -        ap_ctx_set(apctx, "ssl::request_rec", r);
  +        apr_table_setn(apctx, "ssl::request_rec", (const char *)r);
       }
   
       /*
  @@ -487,12 +492,12 @@
       if (strEQn(r->uri, "/mod_ssl:", 9))
           r->handler = "mod_ssl:content-handler";
       if (ssl != NULL) {
  -        ap_ctx_set(r->ctx, "ap::http::method",  "https");
  -        ap_ctx_set(r->ctx, "ap::default::port", "443");
  +        apr_table_setn(r->notes, "ap::http::method",  "https");
  +        apr_table_setn(r->notes, "ap::default::port", "443");
       }
       else {
  -        ap_ctx_set(r->ctx, "ap::http::method",  NULL);
  -        ap_ctx_set(r->ctx, "ap::default::port", NULL);
  +        apr_table_setn(r->notes, "ap::http::method",  NULL);
  +        apr_table_setn(r->notes, "ap::default::port", NULL);
       }
       return DECLINED;
   }
  @@ -502,7 +507,7 @@
    */
   int ssl_hook_Translate(request_rec *r)
   {
  -    if (ap_ctx_get(r->connection->client->ctx, "ssl") == NULL)
  +    if (apr_table_get(r->connection->notes, "ssl") == NULL)
           return DECLINED;
   
       /*
  @@ -513,23 +518,23 @@
                   "%s HTTPS request received for child %d (server %s)",
                   r->connection->keepalives <= 0 ?
                       "Initial (No.1)" :
  -                    ap_psprintf(r->pool, "Subsequent (No.%d)",
  -                                r->connection->keepalives+1),
  -                r->connection->child_num,
  +                    apr_psprintf(r->pool, "Subsequent (No.%d)",
  +                                 r->connection->keepalives+1),
  +                r->connection->id,
                   ssl_util_vhostid(r->pool, r->server));
   
       /*
        * Move SetEnvIf information from request_rec to conn_rec/BUFF
        * to allow the close connection handler to use them.
        */
  -    if (ap_table_get(r->subprocess_env, "ssl-unclean-shutdown") != NULL)
  -        ap_ctx_set(r->connection->client->ctx, "ssl::flag::unclean-shutdown", PTRUE);
  +    if (apr_table_get(r->subprocess_env, "ssl-unclean-shutdown") != NULL)
  +        apr_table_setn(r->connection->notes, "ssl::flag::unclean-shutdown", PTRUE);
       else
  -        ap_ctx_set(r->connection->client->ctx, "ssl::flag::unclean-shutdown", PFALSE);
  -    if (ap_table_get(r->subprocess_env, "ssl-accurate-shutdown") != NULL)
  -        ap_ctx_set(r->connection->client->ctx, "ssl::flag::accurate-shutdown", PTRUE);
  +        apr_table_setn(r->connection->notes, "ssl::flag::unclean-shutdown", PFALSE);
  +    if (apr_table_get(r->subprocess_env, "ssl-accurate-shutdown") != NULL)
  +        apr_table_setn(r->connection->notes, "ssl::flag::accurate-shutdown", PTRUE);
       else
  -        ap_ctx_set(r->connection->client->ctx, "ssl::flag::accurate-shutdown", PFALSE);
  +        apr_table_setn(r->connection->notes, "ssl::flag::accurate-shutdown", PFALSE);
   
       return DECLINED;
   }
  @@ -552,15 +557,15 @@
           thisport = "";
           port = ap_get_server_port(r);
           if (!ap_is_default_port(port, r))
  -            thisport = ap_psprintf(r->pool, ":%u", port);
  -        thisurl = ap_psprintf(r->pool, "https://%s%s/",
  -                              ap_get_server_name(r), thisport);
  -
  -        ap_table_setn(r->notes, "error-notes", ap_psprintf(r->pool,
  -                      "Reason: You're speaking plain HTTP to an SSL-enabled server port.<BR>\n"
  -                      "Instead use the HTTPS scheme to access this URL, please.<BR>\n"
  -                      "<BLOCKQUOTE>Hint: <A HREF=\"%s\"><B>%s</B></A></BLOCKQUOTE>",
  -                      thisurl, thisurl));
  +            thisport = apr_psprintf(r->pool, ":%u", port);
  +        thisurl = apr_psprintf(r->pool, "https://%s%s/",
  +                               ap_get_server_name(r), thisport);
  +
  +        apr_table_setn(r->notes, "error-notes", apr_psprintf(r->pool,
  +                       "Reason: You're speaking plain HTTP to an SSL-enabled server port.<BR>\n"
  +                       "Instead use the HTTPS scheme to access this URL, please.<BR>\n"
  +                       "<BLOCKQUOTE>Hint: <A HREF=\"%s\"><B>%s</B></A></BLOCKQUOTE>",
  +                       thisurl, thisurl));
       }
   
       return HTTP_BAD_REQUEST;
  @@ -575,7 +580,7 @@
       SSLSrvConfigRec *sc;
       SSL *ssl;
       SSL_CTX *ctx = NULL;
  -    array_header *apRequirement;
  +    apr_array_header_t *apRequirement;
       ssl_require_t *pRequirements;
       ssl_require_t *pRequirement;
       char *cp;
  @@ -597,7 +602,7 @@
       STACK_OF(SSL_CIPHER) *skCipherOld;
       STACK_OF(SSL_CIPHER) *skCipher;
       SSL_CIPHER *pCipher;
  -    ap_ctx *apctx;
  +    apr_table_t *apctx;
       int nVerifyOld;
       int nVerify;
       int n;
  @@ -606,7 +611,7 @@
   
       dc  = myDirConfig(r);
       sc  = mySrvConfig(r->server);
  -    ssl = ap_ctx_get(r->connection->client->ctx, "ssl");
  +    ssl = (SSL *)apr_table_get(r->connection->notes, "ssl");
       if (ssl != NULL)
           ctx = SSL_get_SSL_CTX(ssl);
   
  @@ -614,10 +619,13 @@
        * Support for SSLRequireSSL directive
        */
       if (dc->bSSLRequired && ssl == NULL) {
  -        ap_log_reason("SSL connection required", r->filename, r);
  +        ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r, 
  +            "access to %s failed for %s, reason: %s", r->filename,
  +            ap_get_remote_host(r->connection, r->per_dir_config, REMOTE_NAME, NULL),
  +            "SSL connection required");
           /* remember forbidden access for strict require option */
  -        ap_table_setn(r->notes, "ssl-access-forbidden", (void *)1);
  -        return FORBIDDEN;
  +        apr_table_setn(r->notes, "ssl-access-forbidden", (void *)1);
  +        return HTTP_FORBIDDEN;
       }
   
       /*
  @@ -692,7 +700,7 @@
                       "Unable to reconfigure (per-directory) permitted SSL ciphers");
               if (skCipherOld != NULL)
                   sk_SSL_CIPHER_free(skCipherOld);
  -            return FORBIDDEN;
  +            return HTTP_FORBIDDEN;
           }
           /* determine whether a renegotiation has to be forced */
           skCipher = SSL_get_ciphers(ssl);
  @@ -745,12 +753,12 @@
        */
       if (dc->nVerifyDepth != UNSET) {
           apctx = SSL_get_app_data2(ssl);
  -        if ((vp = ap_ctx_get(apctx, "ssl::verify::depth")) != NULL)
  +        if ((vp = (void *)apr_table_get(apctx, "ssl::verify::depth")) != NULL)
               n = (int)AP_CTX_PTR2NUM(vp);
           else
               n = sc->nVerifyDepth;
  -        ap_ctx_set(apctx, "ssl::verify::depth",
  -                   AP_CTX_NUM2PTR(dc->nVerifyDepth));
  +        apr_table_setn(apctx, "ssl::verify::depth",
  +                   (const char *)AP_CTX_NUM2PTR(dc->nVerifyDepth));
           /* determine whether a renegotiation has to be forced */
           if (dc->nVerifyDepth < n) {
               renegotiate = TRUE;
  @@ -838,14 +846,14 @@
               ssl_log(r->server, SSL_LOG_ERROR|SSL_ADD_SSLERR,
                       "Unable to reconfigure verify locations "
                       "for client authentication");
  -            return FORBIDDEN;
  +            return HTTP_FORBIDDEN;
           }
           if ((skCAList = ssl_init_FindCAList(r->server, r->pool,
                                               cpCAFile, cpCAPath)) == NULL) {
               ssl_log(r->server, SSL_LOG_ERROR,
                       "Unable to determine list of available "
                       "CA certificates for client authentication");
  -            return FORBIDDEN;
  +            return HTTP_FORBIDDEN;
           }
           SSL_set_client_CA_list(ssl, skCAList);
           renegotiate = TRUE;
  @@ -918,7 +926,7 @@
       if (renegotiate && r->method_number == M_POST) {
           ssl_log(r->server, SSL_LOG_ERROR,
                   "SSL Re-negotiation in conjunction with POST method not supported!");
  -        return METHOD_NOT_ALLOWED;
  +        return HTTP_METHOD_NOT_ALLOWED;
       }
   
       /*
  @@ -944,12 +952,12 @@
               certstore = SSL_CTX_get_cert_store(ctx);
               if (certstore == NULL) {
                   ssl_log(r->server, SSL_LOG_ERROR, "Cannot find certificate storage");
  -                return FORBIDDEN;
  +                return HTTP_FORBIDDEN;
               }
               certstack = SSL_get_peer_cert_chain(ssl);
               if (certstack == NULL || sk_X509_num(certstack) == 0) {
                   ssl_log(r->server, SSL_LOG_ERROR, "Cannot find peer certificate chain");
  -                return FORBIDDEN;
  +                return HTTP_FORBIDDEN;
               }
               cert = sk_X509_value(certstack, 0);
               X509_STORE_CTX_init(&certstorectx, certstore, cert, certstack);
  @@ -976,7 +984,7 @@
               SSL_do_handshake(ssl);
               if (SSL_get_state(ssl) != SSL_ST_OK) {
                   ssl_log(r->server, SSL_LOG_ERROR, "Re-negotiation request failed");
  -                return FORBIDDEN;
  +                return HTTP_FORBIDDEN;
               }
               ssl_log(r->server, SSL_LOG_INFO, "Awaiting re-negotiation handshake");
               SSL_set_state(ssl, SSL_ST_ACCEPT);
  @@ -984,7 +992,7 @@
               if (SSL_get_state(ssl) != SSL_ST_OK) {
                   ssl_log(r->server, SSL_LOG_ERROR,
                           "Re-negotiation handshake failed: Not accepted by client!?");
  -                return FORBIDDEN;
  +                return HTTP_FORBIDDEN;
               }
           }
   
  @@ -993,8 +1001,8 @@
            */
           if ((cert = SSL_get_peer_certificate(ssl)) != NULL) {
               cp = X509_NAME_oneline(X509_get_subject_name(cert), NULL, 0);
  -            ap_ctx_set(r->connection->client->ctx, "ssl::client::dn", 
  -                       ap_pstrdup(r->connection->pool, cp));
  +            apr_table_setn(r->connection->notes, "ssl::client::dn", 
  +                           apr_pstrdup(r->connection->pool, cp));
               free(cp);
           }
   
  @@ -1006,13 +1014,13 @@
                   && SSL_get_verify_result(ssl) != X509_V_OK  ) {
                   ssl_log(r->server, SSL_LOG_ERROR,
                           "Re-negotiation handshake failed: Client verification failed");
  -                return FORBIDDEN;
  +                return HTTP_FORBIDDEN;
               }
               if (   dc->nVerifyClient == SSL_CVERIFY_REQUIRE
                   && SSL_get_peer_certificate(ssl) == NULL   ) {
                   ssl_log(r->server, SSL_LOG_ERROR,
                           "Re-negotiation handshake failed: Client certificate missing");
  -                return FORBIDDEN;
  +                return HTTP_FORBIDDEN;
               }
           }
       }
  @@ -1030,7 +1038,7 @@
               ssl_log(r->server, SSL_LOG_ERROR|SSL_ADD_SSLERR,
                       "Unable to reconfigure verify locations "
                       "to per-server configuration parameters");
  -            return FORBIDDEN;
  +            return HTTP_FORBIDDEN;
           }
       }
   #endif /* SSL_EXPERIMENTAL_PERDIRCA */
  @@ -1044,12 +1052,14 @@
           pRequirement = &pRequirements[i];
           ok = ssl_expr_exec(r, pRequirement->mpExpr);
           if (ok < 0) {
  -            cp = ap_psprintf(r->pool, "Failed to execute SSL requirement expression: %s",
  -                             ssl_expr_get_error());
  -            ap_log_reason(cp, r->filename, r);
  +            cp = apr_psprintf(r->pool, "Failed to execute SSL requirement expression: %s",
  +                              ssl_expr_get_error());
  +            ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r, 
  +                          "access to %s failed for %s, reason: %s", r->filename,
  +                          ap_get_remote_host(r->connection, r->per_dir_config, 1, NULL), cp);
               /* remember forbidden access for strict require option */
  -            ap_table_setn(r->notes, "ssl-access-forbidden", (void *)1);
  -            return FORBIDDEN;
  +            apr_table_setn(r->notes, "ssl-access-forbidden", (void *)1);
  +            return HTTP_FORBIDDEN;
           }
           if (ok != 1) {
               ssl_log(r->server, SSL_LOG_INFO,
  @@ -1057,11 +1067,14 @@
                       r->filename, r->connection->remote_ip);
               ssl_log(r->server, SSL_LOG_INFO,
                       "Failed expression: %s", pRequirement->cpExpr);
  -            ap_log_reason("SSL requirement expression not fulfilled "
  -                          "(see SSL logfile for more details)", r->filename, r);
  +            ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r, 
  +                "access to %s failed for %s, reason: %s", r->filename,
  +                ap_get_remote_host(r->connection, r->per_dir_config, 1, NULL),
  +                "SSL requirement expression not fulfilled "
  +                "(see SSL logfile for more details)");
               /* remember forbidden access for strict require option */
  -            ap_table_setn(r->notes, "ssl-access-forbidden", (void *)1);
  -            return FORBIDDEN;
  +            apr_table_setn(r->notes, "ssl-access-forbidden", (void *)1);
  +            return HTTP_FORBIDDEN;
           }
       }
   
  @@ -1099,8 +1112,8 @@
        * when strict require option is used.
        */
       if (   (dc->nOptions & SSL_OPT_STRICTREQUIRE)
  -        && (ap_table_get(r->notes, "ssl-access-forbidden") != NULL))
  -        return FORBIDDEN;
  +        && (apr_table_get(r->notes, "ssl-access-forbidden") != NULL))
  +        return HTTP_FORBIDDEN;
   
       /*
        * Make sure the user is not able to fake the client certificate
  @@ -1108,7 +1121,7 @@
        * ("/XX=YYY/XX=YYY/..") as the username and "password" as the
        * password.
        */
  -    if ((cpAL = ap_table_get(r->headers_in, "Authorization")) != NULL) {
  +    if ((cpAL = apr_table_get(r->headers_in, "Authorization")) != NULL) {
           if (strcEQ(ap_getword(r->pool, &cpAL, ' '), "Basic")) {
               while (*cpAL == ' ' || *cpAL == '\t')
                   cpAL++;
  @@ -1116,7 +1129,7 @@
               cpUN = ap_getword_nulls(r->pool, &cpAL, ':');
               cpPW = cpAL;
               if (cpUN[0] == '/' && strEQ(cpPW, "password"))
  -                return FORBIDDEN;
  +                return HTTP_FORBIDDEN;
           }
       }
   
  @@ -1125,13 +1138,13 @@
        */
       if (!sc->bEnabled)
           return DECLINED;
  -    if (ap_ctx_get(r->connection->client->ctx, "ssl") == NULL)
  +    if (apr_table_get(r->connection->notes, "ssl") == NULL)
           return DECLINED;
       if (!(dc->nOptions & SSL_OPT_FAKEBASICAUTH))
           return DECLINED;
  -    if (r->connection->user)
  +    if (r->user)
           return DECLINED;
  -    if ((clientdn = (char *)ap_ctx_get(r->connection->client->ctx, "ssl::client::dn")) == NULL)
  +    if ((clientdn = (char *)apr_table_get(r->connection->notes, "ssl::client::dn")) == NULL)
           return DECLINED;
   
       /*
  @@ -1145,10 +1158,10 @@
        * adding the string "xxj31ZMTZzkVA" as the password in the user file.
        * This is just the crypted variant of the word "password" ;-)
        */
  -    ap_snprintf(b1, sizeof(b1), "%s:password", clientdn);
  +    apr_snprintf(b1, sizeof(b1), "%s:password", clientdn);
       ssl_util_uuencode(b2, b1, FALSE);
  -    ap_snprintf(b1, sizeof(b1), "Basic %s", b2);
  -    ap_table_set(r->headers_in, "Authorization", b1);
  +    apr_snprintf(b1, sizeof(b1), "Basic %s", b2);
  +    apr_table_set(r->headers_in, "Authorization", b1);
       ssl_log(r->server, SSL_LOG_INFO,
               "Faking HTTP Basic Auth header: \"Authorization: %s\"", b1);
   
  @@ -1164,8 +1177,8 @@
        * when strict require option is used.
        */
       if (   (dc->nOptions & SSL_OPT_STRICTREQUIRE)
  -        && (ap_table_get(r->notes, "ssl-access-forbidden") != NULL))
  -        return FORBIDDEN;
  +        && (apr_table_get(r->notes, "ssl-access-forbidden") != NULL))
  +        return HTTP_FORBIDDEN;
   
       return DECLINED;
   }
  @@ -1259,7 +1272,7 @@
   {
       SSLSrvConfigRec *sc = mySrvConfig(r->server);
       SSLDirConfigRec *dc = myDirConfig(r);
  -    table *e = r->subprocess_env;
  +    apr_table_t *e = r->subprocess_env;
       char *var;
       char *val;
       STACK_OF(X509) *sk;
  @@ -1271,21 +1284,23 @@
        */
       if (!sc->bEnabled)
           return DECLINED;
  -    if ((ssl = ap_ctx_get(r->connection->client->ctx, "ssl")) == NULL)
  +    if ((ssl = (SSL *)apr_table_get(r->connection->notes, "ssl")) == NULL)
           return DECLINED;
   
       /*
        * Annotate the SSI/CGI environment with standard SSL information
        */
       /* the always present HTTPS (=HTTP over SSL) flag! */
  -    ap_table_set(e, "HTTPS", "on"); 
  +    apr_table_set(e, "HTTPS", "on"); 
       /* standard SSL environment variables */
       if (dc->nOptions & SSL_OPT_STDENVVARS) {
           for (i = 0; ssl_hook_Fixup_vars[i] != NULL; i++) {
               var = (char *)ssl_hook_Fixup_vars[i];
  +#if 0 /* XXX */
               val = ssl_var_lookup(r->pool, r->server, r->connection, r, var);
  +#endif
               if (!strIsEmpty(val))
  -                ap_table_set(e, var, val);
  +                apr_table_set(e, var, val);
           }
       }
   
  @@ -1293,16 +1308,20 @@
        * On-demand bloat up the SSI/CGI environment with certificate data
        */
       if (dc->nOptions & SSL_OPT_EXPORTCERTDATA) {
  +#if 0 /* XXX */
           val = ssl_var_lookup(r->pool, r->server, r->connection, r, "SSL_SERVER_CERT");
  -        ap_table_set(e, "SSL_SERVER_CERT", val);
  +        apr_table_set(e, "SSL_SERVER_CERT", val);
           val = ssl_var_lookup(r->pool, r->server, r->connection, r, "SSL_CLIENT_CERT");
  -        ap_table_set(e, "SSL_CLIENT_CERT", val);
  +        apr_table_set(e, "SSL_CLIENT_CERT", val);
  +#endif
           if ((sk = SSL_get_peer_cert_chain(ssl)) != NULL) {
               for (i = 0; i < sk_X509_num(sk); i++) {
  -                var = ap_psprintf(r->pool, "SSL_CLIENT_CERT_CHAIN_%d", i);
  +                var = apr_psprintf(r->pool, "SSL_CLIENT_CERT_CHAIN_%d", i);
  +#if 0 /* XXX */
                   val = ssl_var_lookup(r->pool, r->server, r->connection, r, var);
  +#endif
                   if (val != NULL)
  -                     ap_table_set(e, var, val);
  +                     apr_table_setn(e, var, val);
               }
           }
       }
  @@ -1351,7 +1370,7 @@
    */
   RSA *ssl_callback_TmpRSA(SSL *pSSL, int nExport, int nKeyLen)
   {
  -    SSLModConfigRec *mc = myModConfig();
  +    SSLModConfigRec *mc = ssl_util_getmodconfig_ssl(pSSL, "ssl_module");
       RSA *rsa;
   
       rsa = NULL;
  @@ -1377,7 +1396,7 @@
    */
   DH *ssl_callback_TmpDH(SSL *pSSL, int nExport, int nKeyLen)
   {
  -    SSLModConfigRec *mc = myModConfig();
  +    SSLModConfigRec *mc = ssl_util_getmodconfig_ssl(pSSL, "ssl_module");
       DH *dh;
   
       dh = NULL;
  @@ -1410,7 +1429,7 @@
       request_rec *r;
       SSLSrvConfigRec *sc;
       SSLDirConfigRec *dc;
  -    ap_ctx *actx;
  +    apr_table_t *actx;
       X509 *xs;
       int errnum;
       int errdepth;
  @@ -1424,9 +1443,9 @@
        */
       ssl  = (SSL *)X509_STORE_CTX_get_app_data(ctx);
       conn = (conn_rec *)SSL_get_app_data(ssl);
  -    actx = (ap_ctx *)SSL_get_app_data2(ssl);
  -    r    = (request_rec *)ap_ctx_get(actx, "ssl::request_rec");
  -    s    = conn->server;
  +    actx = (apr_table_t *)SSL_get_app_data2(ssl);
  +    r    = (request_rec *)apr_table_get(actx, "ssl::request_rec");
  +    s    = conn->base_server;
       sc   = mySrvConfig(s);
       dc   = (r != NULL ? myDirConfig(r) : NULL);
   
  @@ -1469,7 +1488,7 @@
           ssl_log(s, SSL_LOG_TRACE,
                   "Certificate Verification: Verifiable Issuer is configured as "
                   "optional, therefore we're accepting the certificate");
  -        ap_ctx_set(conn->client->ctx, "ssl::verify::info", "GENEROUS");
  +        apr_table_setn(conn->notes, "ssl::verify::info", "GENEROUS");
           ok = TRUE;
       }
   
  @@ -1488,8 +1507,8 @@
       if (!ok) {
           ssl_log(s, SSL_LOG_ERROR, "Certificate Verification: Error (%d): %s",
                   errnum, X509_verify_cert_error_string(errnum));
  -        ap_ctx_set(conn->client->ctx, "ssl::client::dn", NULL);
  -        ap_ctx_set(conn->client->ctx, "ssl::verify::error",
  +        apr_table_setn(conn->notes, "ssl::client::dn", NULL);
  +        apr_table_setn(conn->notes, "ssl::verify::error",
                      (void *)X509_verify_cert_error_string(errnum));
       }
   
  @@ -1505,7 +1524,7 @@
                   "Certificate Verification: Certificate Chain too long "
                   "(chain has %d certificates, but maximum allowed are only %d)",
                   errdepth, depth);
  -        ap_ctx_set(conn->client->ctx, "ssl::verify::error",
  +        apr_table_setn(conn->notes, "ssl::verify::error",
                      (void *)X509_verify_cert_error_string(X509_V_ERR_CERT_CHAIN_TOO_LONG));
           ok = FALSE;
       }
  @@ -1698,7 +1717,7 @@
        * Get Apache context back through OpenSSL context
        */
       conn = (conn_rec *)SSL_get_app_data(ssl);
  -    s    = conn->server;
  +    s    = conn->base_server;
       sc   = mySrvConfig(s);
   
       /*
  @@ -1749,7 +1768,7 @@
        * Get Apache context back through OpenSSL context
        */
       conn = (conn_rec *)SSL_get_app_data(ssl);
  -    s    = conn->server;
  +    s    = conn->base_server;
   
       /*
        * Try to retrieve the SSL_SESSION from the inter-process cache
  @@ -1829,7 +1848,7 @@
        */
       if ((c = (conn_rec *)SSL_get_app_data(ssl)) == NULL)
           return;
  -    s = c->server;
  +    s = c->base_server;
       if ((sc = mySrvConfig(s)) == NULL)
           return;
   
  @@ -1873,6 +1892,7 @@
        * right after a finished handshake.
        */
       if (where & SSL_CB_HANDSHAKE_DONE) {
  +#if 0 /* XXX */
           ssl_log(s, SSL_LOG_INFO,
                   "Connection: Client IP: %s, Protocol: %s, Cipher: %s (%s/%s bits)",
                   ssl_var_lookup(NULL, s, c, NULL, "REMOTE_ADDR"),
  @@ -1880,10 +1900,9 @@
                   ssl_var_lookup(NULL, s, c, NULL, "SSL_CIPHER"),
                   ssl_var_lookup(NULL, s, c, NULL, "SSL_CIPHER_USEKEYSIZE"),
                   ssl_var_lookup(NULL, s, c, NULL, "SSL_CIPHER_ALGKEYSIZE"));
  +#endif
       }
   
       return;
   }
  -
  -#endif /* XXX */
   
  
  
  
  1.5       +32 -35    httpd-2.0/modules/ssl/ssl_engine_log.c
  
  Index: ssl_engine_log.c
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/modules/ssl/ssl_engine_log.c,v
  retrieving revision 1.4
  retrieving revision 1.5
  diff -u -r1.4 -r1.5
  --- ssl_engine_log.c	2001/05/05 15:02:13	1.4
  +++ ssl_engine_log.c	2001/07/19 16:08:01	1.5
  @@ -62,8 +62,6 @@
                                            -- Ralf S. Engelschall     */
   #include "mod_ssl.h"
   
  -#if 0 /* XXX */
  -
   /*  _________________________________________________________________
   **
   **  Logfile Support
  @@ -73,9 +71,9 @@
   /*
    * Open the SSL logfile
    */
  -void ssl_log_open(server_rec *s_main, server_rec *s, pool *p)
  +void ssl_log_open(server_rec *s_main, server_rec *s, apr_pool_t *p)
   {
  -    char *szLogFile;
  +    const char *szLogFile;
       SSLSrvConfigRec *sc_main = mySrvConfig(s_main);
       SSLSrvConfigRec *sc = mySrvConfig(s);
       piped_log *pl;
  @@ -97,23 +95,23 @@
           if (strEQ(sc->szLogFile, "/dev/null"))
               return;
           else if (sc->szLogFile[0] == '|') {
  -            szLogFile = ap_server_root_relative(p, "log", sc->szLogFile+1);
  +            szLogFile = ap_server_root_relative(p, sc->szLogFile+1);
               if ((pl = ap_open_piped_log(p, szLogFile)) == NULL) {
                   ssl_log(s, SSL_LOG_ERROR|SSL_ADD_ERRNO,
                           "Cannot open reliable pipe to SSL logfile filter %s", szLogFile);
                   ssl_die();
               }
  -            sc->fileLogFile = ap_pfdopen(p, ap_piped_log_write_fd(pl), "a");
  -            setbuf(sc->fileLogFile, NULL);
  +            sc->fileLogFile = ap_piped_log_write_fd(pl); 
           }
           else {
  -            szLogFile = ap_server_root_relative(p, "log", sc->szLogFile);
  -            if ((sc->fileLogFile = ap_pfopen(p, szLogFile, "a")) == NULL) {
  +            szLogFile = ap_server_root_relative(p, sc->szLogFile);
  +            if ((apr_file_open(&(sc->fileLogFile), szLogFile, 
  +                               APR_WRITE|APR_APPEND|APR_CREATE, APR_OS_DEFAULT, p)) 
  +                               != APR_SUCCESS) {
                   ssl_log(s, SSL_LOG_ERROR|SSL_ADD_ERRNO,
                           "Cannot open SSL logfile %s", szLogFile);
                   ssl_die();
               }
  -            setbuf(sc->fileLogFile, NULL);
           }
       }
       return;
  @@ -184,8 +182,8 @@
       char vstr[1024];
       char str[1024];
       char nstr[2];
  -    int timz;
  -    struct tm *t;
  +    apr_size_t len;
  +    apr_exploded_time_t t;
       va_list ap;
       int add;
       int i;
  @@ -223,10 +221,10 @@
       if (add & SSL_NO_TIMESTAMP)
           tstr[0] = NUL;
       else {
  -        t = ap_get_gmtoff(&timz);
  -        strftime(tstr, 80, "[%d/%b/%Y %H:%M:%S", t);
  -        i = strlen(tstr);
  -        ap_snprintf(tstr+i, 80-i, " %05d] ", (unsigned int)getpid());
  +        apr_explode_localtime(&t, apr_time_now());
  +        apr_strftime(tstr, &len, 80, "[%d/%b/%Y %H:%M:%S", &t);
  +        apr_snprintf(tstr + strlen(tstr), 80 - strlen(tstr), " %05d] ", 
  +                     (unsigned int)getpid());
       }
   
       /*  determine whether newline should be written */
  @@ -242,7 +240,7 @@
       if (!(add & SSL_NO_LEVELID)) {
           for (i = 0; ssl_log_level2string[i].nLevel != 0; i++) {
               if (ssl_log_level2string[i].nLevel == level) {
  -                ap_snprintf(lstr, sizeof(lstr), "[%s]", ssl_log_level2string[i].szLevel);
  +                apr_snprintf(lstr, sizeof(lstr), "[%s]", ssl_log_level2string[i].szLevel);
                   break;
               }
           }
  @@ -252,7 +250,7 @@
       }
   
       /*  create custom message  */
  -    ap_vsnprintf(vstr, sizeof(vstr), msg, ap);
  +    apr_vsnprintf(vstr, sizeof(vstr), msg, ap);
   
       /*  write out SSLog message  */
       if ((add & SSL_ADD_ERRNO) && (add & SSL_ADD_SSLERR))
  @@ -264,22 +262,23 @@
       else
           astr = "";
       if (level <= sc->nLogLevel && sc->fileLogFile != NULL) {
  -        ap_snprintf(str, sizeof(str), "%s%s%s%s%s", tstr, lstr, vstr, astr, nstr);
  -        fprintf(sc->fileLogFile, "%s", str);
  +        apr_snprintf(str, sizeof(str), "%s%s%s%s%s", 
  +                     tstr, lstr, vstr, astr, nstr);
  +        apr_file_printf(sc->fileLogFile, "%s", str);
       }
       if (level & SSL_LOG_ERROR)
  -        ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, s,
  +        ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s,
                        "mod_ssl: %s%s", vstr, astr);
   
       /*  write out additional attachment messages  */
       if (add & SSL_ADD_ERRNO) {
           if (level <= sc->nLogLevel && sc->fileLogFile != NULL) {
  -            ap_snprintf(str, sizeof(str), "%s%sSystem: %s (errno: %d)%s",
  -                        tstr, lstr, strerror(safe_errno), safe_errno, nstr);
  -            fprintf(sc->fileLogFile, "%s", str);
  +            apr_snprintf(str, sizeof(str), "%s%sSystem: %s (errno: %d)%s",
  +                         tstr, lstr, strerror(safe_errno), safe_errno, nstr);
  +            apr_file_printf(sc->fileLogFile, "%s", str);
           }
           if (level & SSL_LOG_ERROR)
  -            ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, s,
  +            ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s,
                            "System: %s (errno: %d)",
                            strerror(safe_errno), safe_errno);
       }
  @@ -288,15 +287,15 @@
               cpE = ERR_error_string(e, NULL);
               cpA = ssl_log_annotation(cpE);
               if (level <= sc->nLogLevel && sc->fileLogFile != NULL) {
  -                ap_snprintf(str, sizeof(str), "%s%s%s: %s%s%s%s%s",
  -                            tstr, lstr, SSL_LIBRARY_NAME, cpE,
  -                            cpA != NULL ? " [Hint: " : "",
  -                            cpA != NULL ? cpA : "", cpA != NULL ? "]" : "",
  -                            nstr);
  -                fprintf(sc->fileLogFile, "%s", str);
  +                apr_snprintf(str, sizeof(str), "%s%s%s: %s%s%s%s%s",
  +                             tstr, lstr, SSL_LIBRARY_NAME, cpE,
  +                             cpA != NULL ? " [Hint: " : "",
  +                             cpA != NULL ? cpA : "", cpA != NULL ? "]" : "",
  +                             nstr);
  +                apr_file_printf(sc->fileLogFile, "%s", str);
               }
               if (level & SSL_LOG_ERROR)
  -                ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, s,
  +                ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s,
                                "%s: %s%s%s%s", SSL_LIBRARY_NAME, cpE,
                                cpA != NULL ? " [Hint: " : "",
                                cpA != NULL ? cpA : "", cpA != NULL ? "]" : "");
  @@ -307,7 +306,7 @@
   
       /*  cleanup and return  */
       if (sc->fileLogFile != NULL)
  -        fflush(sc->fileLogFile);
  +        apr_file_flush(sc->fileLogFile);
       errno = safe_errno;
       va_end(ap);
       return;
  @@ -322,6 +321,4 @@
        */
       exit(1);
   }
  -
  -#endif /* XXX */
   
  
  
  
  1.6       +5 -9      httpd-2.0/modules/ssl/ssl_engine_mutex.c
  
  Index: ssl_engine_mutex.c
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/modules/ssl/ssl_engine_mutex.c,v
  retrieving revision 1.5
  retrieving revision 1.6
  diff -u -r1.5 -r1.6
  --- ssl_engine_mutex.c	2001/05/05 19:09:37	1.5
  +++ ssl_engine_mutex.c	2001/07/19 16:08:01	1.6
  @@ -62,11 +62,9 @@
                                                -- Unknown     */
   #include "mod_ssl.h"
   
  -#if 0 /* XXX */
  -
   int ssl_mutex_init(server_rec *s, apr_pool_t *p)
   {
  -    SSLModConfigRec *mc = myModConfig();
  +    SSLModConfigRec *mc = myModConfig(s);
   
       if (mc->nMutexMode == SSL_MUTEXMODE_NONE) 
           return TRUE;
  @@ -78,7 +76,7 @@
   
   int ssl_mutex_reinit(server_rec *s, apr_pool_t *p)
   {
  -    SSLModConfigRec *mc = myModConfig();
  +    SSLModConfigRec *mc = myModConfig(s);
   
       if (mc->nMutexMode == SSL_MUTEXMODE_NONE)
           return TRUE;
  @@ -89,7 +87,7 @@
   
   int ssl_mutex_on(server_rec *s)
   {
  -    SSLModConfigRec *mc = myModConfig();
  +    SSLModConfigRec *mc = myModConfig(s);
   
       if (mc->nMutexMode == SSL_MUTEXMODE_NONE)
           return TRUE;
  @@ -102,7 +100,7 @@
   
   int ssl_mutex_off(server_rec *s)
   {
  -    SSLModConfigRec *mc = myModConfig();
  +    SSLModConfigRec *mc = myModConfig(s);
   
       if (mc->nMutexMode == SSL_MUTEXMODE_NONE)
           return TRUE;
  @@ -115,7 +113,7 @@
   
   int ssl_mutex_kill(server_rec *s)
   {
  -    SSLModConfigRec *mc = myModConfig();
  +    SSLModConfigRec *mc = myModConfig(s);
   
       if (mc->nMutexMode == SSL_MUTEXMODE_NONE)
           return TRUE;
  @@ -123,6 +121,4 @@
           return FALSE;
       return TRUE;
   }
  -
  -#endif /* XXX */
   
  
  
  
  1.4       +35 -23    httpd-2.0/modules/ssl/ssl_engine_pphrase.c
  
  Index: ssl_engine_pphrase.c
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/modules/ssl/ssl_engine_pphrase.c,v
  retrieving revision 1.3
  retrieving revision 1.4
  diff -u -r1.3 -r1.4
  --- ssl_engine_pphrase.c	2001/05/05 10:12:04	1.3
  +++ ssl_engine_pphrase.c	2001/07/19 16:08:01	1.4
  @@ -63,8 +63,6 @@
                                              -- Clifford Stoll     */
   #include "mod_ssl.h"
   
  -#if 0 /* XXX */
  -
   /*  _________________________________________________________________
   **
   **  Pass Phrase and Private Key Handling
  @@ -75,9 +73,9 @@
   #define BUILTIN_DIALOG_BACKOFF 2
   #define BUILTIN_DIALOG_RETRIES 5
   
  -void ssl_pphrase_Handle(server_rec *s, pool *p)
  +void ssl_pphrase_Handle(server_rec *s, apr_pool_t *p)
   {
  -    SSLModConfigRec *mc = myModConfig();
  +    SSLModConfigRec *mc = myModConfig(s);
       SSLSrvConfigRec *sc;
       server_rec *pServ;
       char *cpVHostID;
  @@ -137,8 +135,12 @@
           algoKey  = SSL_ALGO_UNKNOWN;
           for (i = 0, j = 0; i < SSL_AIDX_MAX && sc->szPublicCertFile[i] != NULL; i++) {
   
  -            ap_cpystrn(szPath, sc->szPublicCertFile[i], sizeof(szPath));
  +            apr_cpystrn(szPath, sc->szPublicCertFile[i], sizeof(szPath));
  +#if 0 /* XXX */
               if ((fp = ap_pfopen(p, szPath, "r")) == NULL) {
  +#else
  +            if ((fp = fopen(szPath, "r")) == NULL) {
  +#endif
                   ssl_log(s, SSL_LOG_ERROR|SSL_ADD_ERRNO,
                           "Init: Can't open server certificate file %s", szPath);
                   ssl_die();
  @@ -148,7 +150,11 @@
                           "Init: Unable to read server certificate from file %s", szPath);
                   ssl_die();
               }
  +#if 0 /* XXX */
               ap_pfclose(p, fp);
  +#else
  +            fclose(fp);
  +#endif
   
               /*
                * check algorithm type of certificate and make
  @@ -170,10 +176,10 @@
                * certificate is actually used to configure mod_ssl's per-server
                * configuration structures).
                */
  -            cp = ap_psprintf(mc->pPool, "%s:%s", cpVHostID, an);
  +            cp = apr_psprintf(mc->pPool, "%s:%s", cpVHostID, an);
               asn1 = (ssl_asn1_t *)ssl_ds_table_push(mc->tPublicCert, cp);
               asn1->nData  = i2d_X509(pX509Cert, NULL);
  -            asn1->cpData = ap_palloc(mc->pPool, asn1->nData);
  +            asn1->cpData = apr_palloc(mc->pPool, asn1->nData);
               ucp = asn1->cpData; i2d_X509(pX509Cert, &ucp); /* 2nd arg increments */
   
               /*
  @@ -199,7 +205,7 @@
                * by trying to re-use already known/entered pass phrases.
                */
               if (sc->szPrivateKeyFile[j] != NULL)
  -                ap_cpystrn(szPath, sc->szPrivateKeyFile[j++], sizeof(szPath));
  +                apr_cpystrn(szPath, sc->szPrivateKeyFile[j++], sizeof(szPath));
   
               /*
                * Try to read the private key file with the help of
  @@ -230,15 +236,23 @@
                    * the callback function which serves the pass
                    * phrases to OpenSSL
                    */
  +#if 0 /* XXX */
                   if ((fp = ap_pfopen(p, szPath, "r")) == NULL) {
  +#else
  +                if ((fp = fopen(szPath, "r")) == NULL) {
  +#endif
                       ssl_log(s, SSL_LOG_ERROR|SSL_ADD_ERRNO,
                               "Init: Can't open server private key file %s", szPath);
                       ssl_die();
                   }
                   cpPassPhraseCur = NULL;
                   bReadable = ((pPrivateKey = SSL_read_PrivateKey(fp, NULL,
  -                             ssl_pphrase_Handle_CB)) != NULL ? TRUE : FALSE);
  +		         ssl_pphrase_Handle_CB, s)) != NULL ? TRUE : FALSE);
  +#if 0 /* XXX */
                   ap_pfclose(p, fp);
  +#else
  +                fclose(fp);
  +#endif
   
                   /*
                    * when the private key file now was readable,
  @@ -348,10 +362,10 @@
                * because the SSL library uses static variables inside a
                * RSA structure which do not survive DSO reloads!)
                */
  -            cp = ap_psprintf(mc->pPool, "%s:%s", cpVHostID, an);
  +            cp = apr_psprintf(mc->pPool, "%s:%s", cpVHostID, an);
               asn1 = (ssl_asn1_t *)ssl_ds_table_push(mc->tPrivateKey, cp);
               asn1->nData  = i2d_PrivateKey(pPrivateKey, NULL);
  -            asn1->cpData = ap_palloc(mc->pPool, asn1->nData);
  +            asn1->cpData = apr_palloc(mc->pPool, asn1->nData);
               ucp = asn1->cpData; i2d_PrivateKey(pPrivateKey, &ucp); /* 2nd arg increments */
   
               /*
  @@ -385,11 +399,11 @@
       return;
   }
   
  -int ssl_pphrase_Handle_CB(char *buf, int bufsize, int verify)
  +int ssl_pphrase_Handle_CB(char *buf, int bufsize, int verify, void *srv)
   {
  -    SSLModConfigRec *mc = myModConfig();
  +    SSLModConfigRec *mc = myModConfig((server_rec *)srv);
       server_rec *s;
  -    pool *p;
  +    apr_pool_t *p;
       ssl_ds_array *aPassPhrase;
       SSLSrvConfigRec *sc;
       int *pnPassPhraseCur;
  @@ -407,7 +421,7 @@
        * Reconnect to the context of ssl_phrase_Handle()
        */
       s                      = myCtxVarGet(mc,  1, server_rec *);
  -    p                      = myCtxVarGet(mc,  2, pool *);
  +    p                      = myCtxVarGet(mc,  2, apr_pool_t *);
       aPassPhrase            = myCtxVarGet(mc,  3, ssl_ds_array *);
       pnPassPhraseCur        = myCtxVarGet(mc,  4, int *);
       cppPassPhraseCur       = myCtxVarGet(mc,  5, char **);
  @@ -425,7 +439,7 @@
        * When remembered pass phrases are available use them...
        */
       if ((cpp = (char **)ssl_ds_array_get(aPassPhrase, *pnPassPhraseCur)) != NULL) {
  -        ap_cpystrn(buf, *cpp, bufsize);
  +        apr_cpystrn(buf, *cpp, bufsize);
           len = strlen(buf);
           return len;
       }
  @@ -472,7 +486,7 @@
            */
           if (*pnPassPhraseDialog == 1) {
               fprintf(stderr, "%s mod_ssl/%s (Pass Phrase Dialog)\n",
  -                    SERVER_BASEVERSION, MOD_SSL_VERSION);
  +                    AP_SERVER_BASEVERSION, MOD_SSL_VERSION);
               fprintf(stderr, "Some of your private key files are encrypted for security reasons.\n");
               fprintf(stderr, "In order to read them you have to provide us with the pass phrases.\n");
           }
  @@ -523,24 +537,22 @@
                   sc->szPassPhraseDialogPath);
   
           if (strchr(sc->szPassPhraseDialogPath, ' ') != NULL)
  -            cmd = ap_psprintf(p, "\"%s\" %s %s", sc->szPassPhraseDialogPath, cpVHostID, cpAlgoType);
  +            cmd = apr_psprintf(p, "\"%s\" %s %s", sc->szPassPhraseDialogPath, cpVHostID, cpAlgoType);
           else
  -            cmd = ap_psprintf(p, "%s %s %s", sc->szPassPhraseDialogPath, cpVHostID, cpAlgoType);
  +            cmd = apr_psprintf(p, "%s %s %s", sc->szPassPhraseDialogPath, cpVHostID, cpAlgoType);
           result = ssl_util_readfilter(s, p, cmd);
  -        ap_cpystrn(buf, result, bufsize);
  +        apr_cpystrn(buf, result, bufsize);
           len = strlen(buf);
       }
   
       /*
        * Ok, we now have the pass phrase, so give it back
        */
  -    *cppPassPhraseCur = ap_pstrdup(p, buf);
  +    *cppPassPhraseCur = apr_pstrdup(p, buf);
   
       /*
        * And return it's length to OpenSSL...
        */
       return (len);
   }
  -
  -#endif /* XXX */
   
  
  
  
  1.4       +18 -20    httpd-2.0/modules/ssl/ssl_engine_rand.c
  
  Index: ssl_engine_rand.c
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/modules/ssl/ssl_engine_rand.c,v
  retrieving revision 1.3
  retrieving revision 1.4
  diff -u -r1.3 -r1.4
  --- ssl_engine_rand.c	2001/05/05 10:12:04	1.3
  +++ ssl_engine_rand.c	2001/07/19 16:08:01	1.4
  @@ -62,8 +62,6 @@
   
   #include "mod_ssl.h"
   
  -#if 0 /* XXX */
  -
   /*  _________________________________________________________________
   **
   **  Support for better seeding of SSL library's RNG
  @@ -71,22 +69,22 @@
   */
   
   static int ssl_rand_choosenum(int, int);
  -static int ssl_rand_feedfp(pool *, FILE *, int);
  +static int ssl_rand_feedfp(apr_pool_t *, apr_file_t *, int);
   
  -int ssl_rand_seed(server_rec *s, pool *p, ssl_rsctx_t nCtx, char *prefix)
  +int ssl_rand_seed(server_rec *s, apr_pool_t *p, ssl_rsctx_t nCtx, char *prefix)
   {
       SSLModConfigRec *mc;
  -    array_header *apRandSeed;
  +    apr_array_header_t *apRandSeed;
       ssl_randseed_t *pRandSeeds;
       ssl_randseed_t *pRandSeed;
       unsigned char stackdata[256];
       int nReq, nDone;
  -    FILE *fp;
  +    apr_file_t *fp;
       int i, n, l;
       time_t t;
       pid_t pid;
   
  -    mc = myModConfig();
  +    mc = myModConfig(s);
       nReq  = 0;
       nDone = 0;
       apRandSeed = mc->aRandSeed;
  @@ -99,16 +97,17 @@
                   /*
                    * seed in contents of an external file
                    */
  -                if ((fp = ap_pfopen(p, pRandSeed->cpPath, "r")) == NULL)
  +                if (apr_file_open(&fp, pRandSeed->cpPath, 
  +                                  APR_READ, APR_OS_DEFAULT, p) != APR_SUCCESS)
                       continue;
                   nDone += ssl_rand_feedfp(p, fp, pRandSeed->nBytes);
  -                ap_pfclose(p, fp);
  +                apr_file_close(fp);
               }
               else if (pRandSeed->nSrc == SSL_RSSRC_EXEC) {
                   /*
                    * seed in contents generated by an external program
                    */
  -                if ((fp = ssl_util_ppopen(s, p, ap_psprintf(p, "%s %d",
  +                if ((fp = ssl_util_ppopen(s, p, apr_psprintf(p, "%s %d",
                                             pRandSeed->cpPath, pRandSeed->nBytes))) == NULL)
                       continue;
                   nDone += ssl_rand_feedfp(p, fp, pRandSeed->nBytes);
  @@ -171,13 +170,13 @@
   
   #define BUFSIZE 8192
   
  -static int ssl_rand_feedfp(pool *p, FILE *fp, int nReq)
  +static int ssl_rand_feedfp(apr_pool_t *p, apr_file_t *fp, int nReq)
   {
  -    int nDone;
  +    apr_size_t nDone;
       unsigned char caBuf[BUFSIZE];
  -    int nBuf;
  -    int nRead;
  -    int nTodo;
  +    apr_size_t nBuf;
  +    apr_size_t nRead;
  +    apr_size_t nTodo;
   
       nDone = 0;
       nRead = BUFSIZE;
  @@ -185,7 +184,8 @@
       while (1) {
           if (nReq > 0)
               nRead = (nTodo < BUFSIZE ? nTodo : BUFSIZE);
  -        if ((nBuf = (int)fread(caBuf, 1, nRead, fp)) <= 0)
  +        nBuf = nRead;
  +        if (apr_file_read(fp, caBuf, &nBuf) != APR_SUCCESS)
               break;
           RAND_seed(caBuf, nBuf);
           nDone += nBuf;
  @@ -204,13 +204,11 @@
       char buf[50];
   
       srand((unsigned int)time(NULL));
  -    ap_snprintf(buf, sizeof(buf), "%.0f",
  -                (((double)(rand()%RAND_MAX)/RAND_MAX)*(h-l)));
  +    apr_snprintf(buf, sizeof(buf), "%.0f",
  +                 (((double)(rand()%RAND_MAX)/RAND_MAX)*(h-l)));
       i = atoi(buf)+1;
       if (i < l) i = l;
       if (i > h) i = h;
       return i;
   }
  -
  -#endif /* XXX */
   
  
  
  
  1.6       +64 -80    httpd-2.0/modules/ssl/ssl_engine_vars.c
  
  Index: ssl_engine_vars.c
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/modules/ssl/ssl_engine_vars.c,v
  retrieving revision 1.5
  retrieving revision 1.6
  diff -u -r1.5 -r1.6
  --- ssl_engine_vars.c	2001/07/17 14:57:26	1.5
  +++ ssl_engine_vars.c	2001/07/19 16:08:01	1.6
  @@ -68,20 +68,18 @@
   **  _________________________________________________________________
   */
   
  -#if 0 /* XXX */
  -static char *ssl_var_lookup_header(pool *p, request_rec *r, const char *name);
  -static char *ssl_var_lookup_ssl(pool *p, conn_rec *c, char *var);
  -static char *ssl_var_lookup_ssl_cert(pool *p, X509 *xs, char *var);
  -static char *ssl_var_lookup_ssl_cert_dn(pool *p, X509_NAME *xsname, char *var);
  -static char *ssl_var_lookup_ssl_cert_valid(pool *p, ASN1_UTCTIME *tm);
  -static char *ssl_var_lookup_ssl_cert_serial(pool *p, X509 *xs);
  -static char *ssl_var_lookup_ssl_cert_chain(pool *p, STACK_OF(X509) *sk, char *var);
  -static char *ssl_var_lookup_ssl_cert_PEM(pool *p, X509 *xs);
  -static char *ssl_var_lookup_ssl_cert_verify(pool *p, conn_rec *c);
  -static char *ssl_var_lookup_ssl_cipher(pool *p, conn_rec *c, char *var);
  +static char *ssl_var_lookup_header(apr_pool_t *p, request_rec *r, const char *name);
  +static char *ssl_var_lookup_ssl(apr_pool_t *p, conn_rec *c, char *var);
  +static char *ssl_var_lookup_ssl_cert(apr_pool_t *p, X509 *xs, char *var);
  +static char *ssl_var_lookup_ssl_cert_dn(apr_pool_t *p, X509_NAME *xsname, char *var);
  +static char *ssl_var_lookup_ssl_cert_valid(apr_pool_t *p, ASN1_UTCTIME *tm);
  +static char *ssl_var_lookup_ssl_cert_serial(apr_pool_t *p, X509 *xs);
  +static char *ssl_var_lookup_ssl_cert_chain(apr_pool_t *p, STACK_OF(X509) *sk, char *var);
  +static char *ssl_var_lookup_ssl_cert_PEM(apr_pool_t *p, X509 *xs);
  +static char *ssl_var_lookup_ssl_cert_verify(apr_pool_t *p, conn_rec *c);
  +static char *ssl_var_lookup_ssl_cipher(apr_pool_t *p, conn_rec *c, char *var);
   static void  ssl_var_lookup_ssl_cipher_bits(SSL *ssl, int *usekeysize, int *algkeysize);
  -static char *ssl_var_lookup_ssl_version(pool *p, char *var);
  -#endif /* XXX */
  +static char *ssl_var_lookup_ssl_version(apr_pool_t *p, char *var);
   
   void ssl_var_register(void)
   {
  @@ -102,11 +100,9 @@
       return;
   }
   
  -#if 0 /* XXX */
  -
   char *ssl_var_lookup(apr_pool_t *p, server_rec *s, conn_rec *c, request_rec *r, char *var)
   {
  -    SSLModConfigRec *mc = myModConfig();
  +    SSLModConfigRec *mc = myModConfig(s);
       char *result;
       BOOL resdup;
       time_t tc;
  @@ -153,7 +149,7 @@
           else if (strcEQ(var, "REQUEST_METHOD"))
               result = (char *)(r->method);
           else if (strcEQ(var, "REQUEST_SCHEME"))
  -            result = ap_http_method(r);
  +            result = (char *)ap_http_method(r);
           else if (strcEQ(var, "REQUEST_URI"))
               result = r->uri;
           else if (strcEQ(var, "SCRIPT_FILENAME") ||
  @@ -165,7 +161,7 @@
               result = r->args;
           else if (strcEQ(var, "REMOTE_HOST"))
               result = (char *)ap_get_remote_host(r->connection,
  -                                                r->per_dir_config, REMOTE_NAME);
  +					r->per_dir_config, REMOTE_NAME, NULL);
           else if (strcEQ(var, "REMOTE_IDENT"))
               result = (char *)ap_get_remote_logname(r);
           else if (strcEQ(var, "IS_SUBREQ"))
  @@ -177,7 +173,7 @@
           else if (strcEQ(var, "SERVER_NAME"))
               result = (char *)ap_get_server_name(r);
           else if (strcEQ(var, "SERVER_PORT"))
  -            result = ap_psprintf(p, "%u", ap_get_server_port(r));
  +            result = apr_psprintf(p, "%u", ap_get_server_port(r));
           else if (strcEQ(var, "SERVER_PROTOCOL"))
               result = r->protocol;
       }
  @@ -189,13 +185,13 @@
           if (strcEQ(var, "REMOTE_ADDR"))
               result = c->remote_ip;
           else if (strcEQ(var, "REMOTE_USER"))
  -            result = c->user;
  +            result = r->user;
           else if (strcEQ(var, "AUTH_TYPE"))
  -            result = c->ap_auth_type;
  +            result = r->ap_auth_type;
           else if (strlen(var) > 4 && strcEQn(var, "SSL_", 4))
               result = ssl_var_lookup_ssl(p, c, var+4);
           else if (strcEQ(var, "HTTPS")) {
  -            if (ap_ctx_get(c->client->ctx, "ssl") != NULL)
  +            if (apr_table_get(c->notes, "ssl") != NULL)
                   result = "on";
               else
                   result = "off";
  @@ -211,20 +207,20 @@
           else if (strcEQ(var, "SERVER_SOFTWARE"))
               result = (char *)ap_get_server_version();
           else if (strcEQ(var, "API_VERSION")) {
  -            result = ap_psprintf(p, "%d", MODULE_MAGIC_NUMBER);
  +            result = apr_psprintf(p, "%d", MODULE_MAGIC_NUMBER);
               resdup = FALSE;
           }
           else if (strcEQ(var, "TIME_YEAR")) {
               tc = time(NULL);
               tm = localtime(&tc);
  -            result = ap_psprintf(p, "%02d%02d",
  +            result = apr_psprintf(p, "%02d%02d",
                                    (tm->tm_year / 100) + 19, tm->tm_year % 100);
               resdup = FALSE;
           }
   #define MKTIMESTR(format, tmfield) \
               tc = time(NULL); \
               tm = localtime(&tc); \
  -            result = ap_psprintf(p, format, tm->tmfield); \
  +            result = apr_psprintf(p, format, tm->tmfield); \
               resdup = FALSE;
           else if (strcEQ(var, "TIME_MON")) {
               MKTIMESTR("%02d", tm_mon+1)
  @@ -247,7 +243,7 @@
           else if (strcEQ(var, "TIME")) {
               tc = time(NULL);
               tm = localtime(&tc);
  -            result = ap_psprintf(p,
  +            result = apr_psprintf(p,
                           "%02d%02d%02d%02d%02d%02d%02d", (tm->tm_year / 100) + 19,
                           (tm->tm_year % 100), tm->tm_mon+1, tm->tm_mday,
                           tm->tm_hour, tm->tm_min, tm->tm_sec);
  @@ -255,39 +251,31 @@
           }
           /* all other env-variables from the parent Apache process */
           else if (strlen(var) > 4 && strcEQn(var, "ENV:", 4)) {
  -            result = (char *)ap_table_get(r->notes, var+4);
  +            result = (char *)apr_table_get(r->notes, var+4);
               if (result == NULL)
  -                result = (char *)ap_table_get(r->subprocess_env, var+4);
  +                result = (char *)apr_table_get(r->subprocess_env, var+4);
               if (result == NULL)
                   result = getenv(var+4);
           }
       }
   
       if (result != NULL && resdup)
  -        result = ap_pstrdup(p, result);
  +        result = apr_pstrdup(p, result);
       if (result == NULL)
           result = "";
       return result;
   }
   
  -static char *ssl_var_lookup_header(pool *p, request_rec *r, const char *name)
  +static char *ssl_var_lookup_header(apr_pool_t *p, request_rec *r, const char *name)
   {
  -    array_header *hdrs_arr;
  -    table_entry *hdrs;
  -    int i;
  +    char *hdr = NULL;
   
  -    hdrs_arr = ap_table_elts(r->headers_in);
  -    hdrs = (table_entry *)hdrs_arr->elts;
  -    for (i = 0; i < hdrs_arr->nelts; ++i) {
  -        if (hdrs[i].key == NULL)
  -            continue;
  -        if (strcEQ(hdrs[i].key, name))
  -            return ap_pstrdup(p, hdrs[i].val);
  -    }
  -    return NULL;
  +    if ((hdr = (char *)apr_table_get(r->headers_in, name)) != NULL)
  +        hdr = apr_pstrdup(p, hdr);
  +    return hdr;
   }
   
  -static char *ssl_var_lookup_ssl(pool *p, conn_rec *c, char *var)
  +static char *ssl_var_lookup_ssl(apr_pool_t *p, conn_rec *c, char *var)
   {
       char *result;
       X509 *xs;
  @@ -296,7 +284,7 @@
   
       result = NULL;
   
  -    ssl = ap_ctx_get(c->client->ctx, "ssl");
  +    ssl = (SSL *)apr_table_get(c->notes, "ssl");
       if (strlen(var) > 8 && strcEQn(var, "VERSION_", 8)) {
           result = ssl_var_lookup_ssl_version(p, var+8);
       }
  @@ -305,7 +293,7 @@
       }
       else if (ssl != NULL && strcEQ(var, "SESSION_ID")) {
           SSL_SESSION *pSession = SSL_get_session(ssl);
  -        result = ap_pstrdup(p, SSL_SESSION_id2sz(pSession->session_id, 
  +        result = apr_pstrdup(p, SSL_SESSION_id2sz(pSession->session_id, 
                                                    pSession->session_id_length));
       }
       else if (ssl != NULL && strlen(var) >= 6 && strcEQn(var, "CIPHER", 6)) {
  @@ -329,7 +317,7 @@
       return result;
   }
   
  -static char *ssl_var_lookup_ssl_cert(pool *p, X509 *xs, char *var)
  +static char *ssl_var_lookup_ssl_cert(apr_pool_t *p, X509 *xs, char *var)
   {
       char *result;
       BOOL resdup;
  @@ -341,7 +329,7 @@
       resdup = TRUE;
   
       if (strcEQ(var, "M_VERSION")) {
  -        result = ap_psprintf(p, "%lu", X509_get_version(xs)+1);
  +        result = apr_psprintf(p, "%lu", X509_get_version(xs)+1);
           resdup = FALSE;
       }
       else if (strcEQ(var, "M_SERIAL")) {
  @@ -356,7 +344,7 @@
       else if (strcEQ(var, "S_DN")) {
           xsname = X509_get_subject_name(xs);
           cp = X509_NAME_oneline(xsname, NULL, 0);
  -        result = ap_pstrdup(p, cp);
  +        result = apr_pstrdup(p, cp);
           free(cp);
           resdup = FALSE;
       }
  @@ -368,7 +356,7 @@
       else if (strcEQ(var, "I_DN")) {
           xsname = X509_get_issuer_name(xs);
           cp = X509_NAME_oneline(xsname, NULL, 0);
  -        result = ap_pstrdup(p, cp);
  +        result = apr_pstrdup(p, cp);
           free(cp);
           resdup = FALSE;
       }
  @@ -379,12 +367,12 @@
       }
       else if (strcEQ(var, "A_SIG")) {
           nid = OBJ_obj2nid(xs->cert_info->signature->algorithm);
  -        result = ap_pstrdup(p, (nid == NID_undef) ? "UNKNOWN" : OBJ_nid2ln(nid));
  +        result = apr_pstrdup(p, (nid == NID_undef) ? "UNKNOWN" : OBJ_nid2ln(nid));
           resdup = FALSE;
       }
       else if (strcEQ(var, "A_KEY")) {
           nid = OBJ_obj2nid(xs->cert_info->key->algor->algorithm);
  -        result = ap_pstrdup(p, (nid == NID_undef) ? "UNKNOWN" : OBJ_nid2ln(nid));
  +        result = apr_pstrdup(p, (nid == NID_undef) ? "UNKNOWN" : OBJ_nid2ln(nid));
           resdup = FALSE;
       }
       else if (strcEQ(var, "CERT")) {
  @@ -392,7 +380,7 @@
       }
   
       if (result != NULL && resdup)
  -        result = ap_pstrdup(p, result);
  +        result = apr_pstrdup(p, result);
       return result;
   }
   
  @@ -417,7 +405,7 @@
       { NULL,    0                          }
   };
   
  -static char *ssl_var_lookup_ssl_cert_dn(pool *p, X509_NAME *xsname, char *var)
  +static char *ssl_var_lookup_ssl_cert_dn(apr_pool_t *p, X509_NAME *xsname, char *var)
   {
       char *result;
       X509_NAME_ENTRY *xsne;
  @@ -431,8 +419,8 @@
                   xsne = sk_X509_NAME_ENTRY_value(xsname->entries, j);
                   n = OBJ_obj2nid(xsne->object);
                   if (n == ssl_var_lookup_ssl_cert_dn_rec[i].nid) {
  -                    result = ap_palloc(p, xsne->value->length+1);
  -                    ap_cpystrn(result, (char *)xsne->value->data, xsne->value->length+1);
  +                    result = apr_palloc(p, xsne->value->length+1);
  +                    apr_cpystrn(result, (char *)xsne->value->data, xsne->value->length+1);
   #ifdef CHARSET_EBCDIC
                       ascii2ebcdic(result, result, xsne->value->length);
   #endif /* CHARSET_EBCDIC */
  @@ -446,7 +434,7 @@
       return result;
   }
   
  -static char *ssl_var_lookup_ssl_cert_valid(pool *p, ASN1_UTCTIME *tm)
  +static char *ssl_var_lookup_ssl_cert_valid(apr_pool_t *p, ASN1_UTCTIME *tm)
   {
       char *result;
       BIO* bio;
  @@ -456,14 +444,14 @@
           return NULL;
       ASN1_UTCTIME_print(bio, tm);
       n = BIO_pending(bio);
  -    result = ap_pcalloc(p, n+1);
  +    result = apr_pcalloc(p, n+1);
       n = BIO_read(bio, result, n);
       result[n] = NUL;
       BIO_free(bio);
       return result;
   }
   
  -static char *ssl_var_lookup_ssl_cert_serial(pool *p, X509 *xs)
  +static char *ssl_var_lookup_ssl_cert_serial(apr_pool_t *p, X509 *xs)
   {
       char *result;
       BIO *bio;
  @@ -473,14 +461,14 @@
           return NULL;
       i2a_ASN1_INTEGER(bio, X509_get_serialNumber(xs));
       n = BIO_pending(bio);
  -    result = ap_pcalloc(p, n+1);
  +    result = apr_pcalloc(p, n+1);
       n = BIO_read(bio, result, n);
       result[n] = NUL;
       BIO_free(bio);
       return result;
   }
   
  -static char *ssl_var_lookup_ssl_cert_chain(pool *p, STACK_OF(X509) *sk, char *var)
  +static char *ssl_var_lookup_ssl_cert_chain(apr_pool_t *p, STACK_OF(X509) *sk, char *var)
   {
       char *result;
       X509 *xs;
  @@ -499,7 +487,7 @@
       return result;
   }
   
  -static char *ssl_var_lookup_ssl_cert_PEM(pool *p, X509 *xs)
  +static char *ssl_var_lookup_ssl_cert_PEM(apr_pool_t *p, X509 *xs)
   {
       char *result;
       BIO *bio;
  @@ -509,14 +497,14 @@
           return NULL;
       PEM_write_bio_X509(bio, xs);
       n = BIO_pending(bio);
  -    result = ap_pcalloc(p, n+1);
  +    result = apr_pcalloc(p, n+1);
       n = BIO_read(bio, result, n);
       result[n] = NUL;
       BIO_free(bio);
       return result;
   }
   
  -static char *ssl_var_lookup_ssl_cert_verify(pool *p, conn_rec *c)
  +static char *ssl_var_lookup_ssl_cert_verify(apr_pool_t *p, conn_rec *c)
   {
       char *result;
       long vrc;
  @@ -526,9 +514,9 @@
       X509 *xs;
   
       result = NULL;
  -    ssl   = ap_ctx_get(c->client->ctx, "ssl");
  -    verr  = ap_ctx_get(c->client->ctx, "ssl::verify::error");
  -    vinfo = ap_ctx_get(c->client->ctx, "ssl::verify::info");
  +    ssl   = (SSL *) apr_table_get(c->notes, "ssl");
  +    verr  = (char *)apr_table_get(c->notes, "ssl::verify::error");
  +    vinfo = (char *)apr_table_get(c->notes, "ssl::verify::info");
       vrc   = SSL_get_verify_result(ssl);
       xs    = SSL_get_peer_certificate(ssl);
   
  @@ -543,11 +531,11 @@
           result = "GENEROUS";
       else
           /* client verification failed */
  -        result = ap_psprintf(p, "FAILED:%s", verr);
  +        result = apr_psprintf(p, "FAILED:%s", verr);
       return result;
   }
   
  -static char *ssl_var_lookup_ssl_cipher(pool *p, conn_rec *c, char *var)
  +static char *ssl_var_lookup_ssl_cipher(apr_pool_t *p, conn_rec *c, char *var)
   {
       char *result;
       BOOL resdup;
  @@ -557,7 +545,7 @@
       result = NULL;
       resdup = TRUE;
   
  -    ssl = ap_ctx_get(c->client->ctx, "ssl");
  +    ssl = (SSL *)apr_table_get(c->notes, "ssl");
       ssl_var_lookup_ssl_cipher_bits(ssl, &usekeysize, &algkeysize);
   
       if (strEQ(var, ""))
  @@ -565,16 +553,16 @@
       else if (strcEQ(var, "_EXPORT"))
           result = (usekeysize < 56 ? "true" : "false");
       else if (strcEQ(var, "_USEKEYSIZE")) {
  -        result = ap_psprintf(p, "%d", usekeysize);
  +        result = apr_psprintf(p, "%d", usekeysize);
           resdup = FALSE;
       }
       else if (strcEQ(var, "_ALGKEYSIZE")) {
  -        result = ap_psprintf(p, "%d", algkeysize);
  +        result = apr_psprintf(p, "%d", algkeysize);
           resdup = FALSE;
       }
   
       if (result != NULL && resdup)
  -        result = ap_pstrdup(p, result);
  +        result = apr_pstrdup(p, result);
       return result;
   }
   
  @@ -590,7 +578,7 @@
       return;
   }
   
  -static char *ssl_var_lookup_ssl_version(pool *p, char *var)
  +static char *ssl_var_lookup_ssl_version(apr_pool_t *p, char *var)
   {
       char *result;
       char *cp, *cp2;
  @@ -599,16 +587,16 @@
   
       if (strEQ(var, "PRODUCT")) {
   #if defined(SSL_PRODUCT_NAME) && defined(SSL_PRODUCT_VERSION)
  -        result = ap_psprintf(p, "%s/%s", SSL_PRODUCT_NAME, SSL_PRODUCT_VERSION);
  +        result = apr_psprintf(p, "%s/%s", SSL_PRODUCT_NAME, SSL_PRODUCT_VERSION);
   #else
           result = NULL;
   #endif
       }
       else if (strEQ(var, "INTERFACE")) {
  -        result = ap_psprintf(p, "mod_ssl/%s", MOD_SSL_VERSION);
  +        result = apr_psprintf(p, "mod_ssl/%s", MOD_SSL_VERSION);
       }
       else if (strEQ(var, "LIBRARY")) {
  -        result = ap_pstrdup(p, SSL_LIBRARY_TEXT);
  +        result = apr_pstrdup(p, SSL_LIBRARY_TEXT);
           if ((cp = strchr(result, ' ')) != NULL) {
               *cp = '/';
               if ((cp2 = strchr(cp, ' ')) != NULL)
  @@ -617,7 +605,3 @@
       }
       return result;
   }
  -
  -#endif /* XXX */
  -
  -
  
  
  
  1.5       +23 -14    httpd-2.0/modules/ssl/ssl_scache.c
  
  Index: ssl_scache.c
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/modules/ssl/ssl_scache.c,v
  retrieving revision 1.4
  retrieving revision 1.5
  diff -u -r1.4 -r1.5
  --- ssl_scache.c	2001/05/05 15:02:13	1.4
  +++ ssl_scache.c	2001/07/19 16:08:01	1.5
  @@ -63,106 +63,115 @@
                                                    -- Unknown         */
   #include "mod_ssl.h"
   
  -#if 0 /* XXX */
  -
   /*  _________________________________________________________________
   **
   **  Session Cache: Common Abstraction Layer
   **  _________________________________________________________________
   */
   
  -void ssl_scache_init(server_rec *s, pool *p)
  +void ssl_scache_init(server_rec *s, apr_pool_t *p)
   {
  -    SSLModConfigRec *mc = myModConfig();
  +    SSLModConfigRec *mc = myModConfig(s);
   
       if (mc->nSessionCacheMode == SSL_SCMODE_DBM)
           ssl_scache_dbm_init(s, p);
  +#if 0 /* XXX */
       else if (mc->nSessionCacheMode == SSL_SCMODE_SHMHT)
           ssl_scache_shmht_init(s, p);
       else if (mc->nSessionCacheMode == SSL_SCMODE_SHMCB)
           ssl_scache_shmcb_init(s, p);
  +#endif
       return;
   }
   
   void ssl_scache_kill(server_rec *s)
   {
  -    SSLModConfigRec *mc = myModConfig();
  +    SSLModConfigRec *mc = myModConfig(s);
   
       if (mc->nSessionCacheMode == SSL_SCMODE_DBM)
           ssl_scache_dbm_kill(s);
  +#if 0 /* XXX */
       else if (mc->nSessionCacheMode == SSL_SCMODE_SHMHT)
           ssl_scache_shmht_kill(s);
       else if (mc->nSessionCacheMode == SSL_SCMODE_SHMCB)
           ssl_scache_shmcb_kill(s);
  +#endif
       return;
   }
   
   BOOL ssl_scache_store(server_rec *s, UCHAR *id, int idlen, time_t expiry, SSL_SESSION *sess)
   {
  -    SSLModConfigRec *mc = myModConfig();
  +    SSLModConfigRec *mc = myModConfig(s);
       BOOL rv = FALSE;
   
       if (mc->nSessionCacheMode == SSL_SCMODE_DBM)
           rv = ssl_scache_dbm_store(s, id, idlen, expiry, sess);
  +#if 0 /* XXX */
       else if (mc->nSessionCacheMode == SSL_SCMODE_SHMHT)
           rv = ssl_scache_shmht_store(s, id, idlen, expiry, sess);
       else if (mc->nSessionCacheMode == SSL_SCMODE_SHMCB)
           rv = ssl_scache_shmcb_store(s, id, idlen, expiry, sess);
  +#endif
       return rv;
   }
   
   SSL_SESSION *ssl_scache_retrieve(server_rec *s, UCHAR *id, int idlen)
   {
  -    SSLModConfigRec *mc = myModConfig();
  +    SSLModConfigRec *mc = myModConfig(s);
       SSL_SESSION *sess = NULL;
   
       if (mc->nSessionCacheMode == SSL_SCMODE_DBM)
           sess = ssl_scache_dbm_retrieve(s, id, idlen);
  +#if 0 /* XXX */
       else if (mc->nSessionCacheMode == SSL_SCMODE_SHMHT)
           sess = ssl_scache_shmht_retrieve(s, id, idlen);
       else if (mc->nSessionCacheMode == SSL_SCMODE_SHMCB)
           sess = ssl_scache_shmcb_retrieve(s, id, idlen);
  +#endif
       return sess;
   }
   
   void ssl_scache_remove(server_rec *s, UCHAR *id, int idlen)
   {
  -    SSLModConfigRec *mc = myModConfig();
  +    SSLModConfigRec *mc = myModConfig(s);
   
       if (mc->nSessionCacheMode == SSL_SCMODE_DBM)
           ssl_scache_dbm_remove(s, id, idlen);
  +#if 0 /* XXX */
       else if (mc->nSessionCacheMode == SSL_SCMODE_SHMHT)
           ssl_scache_shmht_remove(s, id, idlen);
       else if (mc->nSessionCacheMode == SSL_SCMODE_SHMCB)
           ssl_scache_shmcb_remove(s, id, idlen);
  +#endif
       return;
   }
   
  -void ssl_scache_status(server_rec *s, pool *p, void (*func)(char *, void *), void *arg)
  +void ssl_scache_status(server_rec *s, apr_pool_t *p, void (*func)(char *, void *), void *arg)
   {
  -    SSLModConfigRec *mc = myModConfig();
  +    SSLModConfigRec *mc = myModConfig(s);
   
       if (mc->nSessionCacheMode == SSL_SCMODE_DBM)
           ssl_scache_dbm_status(s, p, func, arg);
  +#if 0 /* XXX */
       else if (mc->nSessionCacheMode == SSL_SCMODE_SHMHT)
           ssl_scache_shmht_status(s, p, func, arg);
       else if (mc->nSessionCacheMode == SSL_SCMODE_SHMCB)
           ssl_scache_shmcb_status(s, p, func, arg);
  +#endif
       return;
   }
   
   void ssl_scache_expire(server_rec *s)
   {
  -    SSLModConfigRec *mc = myModConfig();
  +    SSLModConfigRec *mc = myModConfig(s);
   
       if (mc->nSessionCacheMode == SSL_SCMODE_DBM)
           ssl_scache_dbm_expire(s);
  +#if 0 /* XXX */
       else if (mc->nSessionCacheMode == SSL_SCMODE_SHMHT)
           ssl_scache_shmht_expire(s);
       else if (mc->nSessionCacheMode == SSL_SCMODE_SHMCB)
           ssl_scache_shmcb_expire(s);
  +#endif
       return;
   }
  -
  -#endif /* XXX */
  -
  
  
  
  1.5       +72 -67    httpd-2.0/modules/ssl/ssl_scache_dbm.c
  
  Index: ssl_scache_dbm.c
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/modules/ssl/ssl_scache_dbm.c,v
  retrieving revision 1.4
  retrieving revision 1.5
  diff -u -r1.4 -r1.5
  --- ssl_scache_dbm.c	2001/05/05 15:26:06	1.4
  +++ ssl_scache_dbm.c	2001/07/19 16:08:01	1.5
  @@ -59,11 +59,9 @@
   
   #include "mod_ssl.h"
   
  -#if 0 /* XXX */
  -
  -void ssl_scache_dbm_init(server_rec *s, pool *p)
  +void ssl_scache_dbm_init(server_rec *s, apr_pool_t *p)
   {
  -    SSLModConfigRec *mc = myModConfig();
  +    SSLModConfigRec *mc = myModConfig(s);
       apr_dbm_t *dbm;
   
       /* for the DBM we need the data file */
  @@ -74,8 +72,8 @@
   
       /* open it once to create it and to make sure it _can_ be created */
       ssl_mutex_on(s);
  -    if ((dbm = apr_dbm_open(mc->szSessionCacheDataFile,
  -                            O_RDWR|O_CREAT, SSL_DBM_FILE_MODE)) == NULL) {
  +    if (apr_dbm_open(&dbm, mc->szSessionCacheDataFile,
  +	    APR_DBM_RWCREATE, SSL_DBM_FILE_MODE, mc->pPool) != APR_SUCCESS) {
           ssl_log(s, SSL_LOG_ERROR|SSL_ADD_ERRNO,
                   "Cannot create SSLSessionCache DBM file `%s'",
                   mc->szSessionCacheDataFile);
  @@ -91,20 +89,20 @@
        * cannot exactly determine the suffixes we try all possibilities.
        */
       if (geteuid() == 0 /* is superuser */) {
  -        chown(mc->szSessionCacheDataFile, ap_user_id, -1 /* no gid change */);
  -        if (chown(ap_pstrcat(p, mc->szSessionCacheDataFile, SSL_DBM_FILE_SUFFIX_DIR, NULL),
  -                  ap_user_id, -1) == -1) {
  -            if (chown(ap_pstrcat(p, mc->szSessionCacheDataFile, ".db", NULL),
  -                      ap_user_id, -1) == -1)
  -                chown(ap_pstrcat(p, mc->szSessionCacheDataFile, ".dir", NULL),
  -                      ap_user_id, -1);
  +        chown(mc->szSessionCacheDataFile, unixd_config.user_id, -1 /* no gid change */);
  +        if (chown(apr_pstrcat(p, mc->szSessionCacheDataFile, SSL_DBM_FILE_SUFFIX_DIR, NULL),
  +                  unixd_config.user_id, -1) == -1) {
  +            if (chown(apr_pstrcat(p, mc->szSessionCacheDataFile, ".db", NULL),
  +                      unixd_config.user_id, -1) == -1)
  +                chown(apr_pstrcat(p, mc->szSessionCacheDataFile, ".dir", NULL),
  +                      unixd_config.user_id, -1);
           }
  -        if (chown(ap_pstrcat(p, mc->szSessionCacheDataFile, SSL_DBM_FILE_SUFFIX_PAG, NULL),
  -                  ap_user_id, -1) == -1) {
  -            if (chown(ap_pstrcat(p, mc->szSessionCacheDataFile, ".db", NULL),
  -                      ap_user_id, -1) == -1)
  -                chown(ap_pstrcat(p, mc->szSessionCacheDataFile, ".pag", NULL),
  -                      ap_user_id, -1);
  +        if (chown(apr_pstrcat(p, mc->szSessionCacheDataFile, SSL_DBM_FILE_SUFFIX_PAG, NULL),
  +                  unixd_config.user_id, -1) == -1) {
  +            if (chown(apr_pstrcat(p, mc->szSessionCacheDataFile, ".db", NULL),
  +                      unixd_config.user_id, -1) == -1)
  +                chown(apr_pstrcat(p, mc->szSessionCacheDataFile, ".pag", NULL),
  +                      unixd_config.user_id, -1);
           }
       }
   #endif
  @@ -115,26 +113,26 @@
   
   void ssl_scache_dbm_kill(server_rec *s)
   {
  -    SSLModConfigRec *mc = myModConfig();
  -    pool *p;
  +    SSLModConfigRec *mc = myModConfig(s);
  +    apr_pool_t *p;
   
  -    if ((p = ap_make_sub_pool(NULL)) != NULL) {
  +    if ((p = apr_pool_sub_make(mc->pPool, NULL)) != NULL) {
           /* the correct way */
  -        unlink(ap_pstrcat(p, mc->szSessionCacheDataFile, SSL_DBM_FILE_SUFFIX_DIR, NULL));
  -        unlink(ap_pstrcat(p, mc->szSessionCacheDataFile, SSL_DBM_FILE_SUFFIX_PAG, NULL));
  +        unlink(apr_pstrcat(p, mc->szSessionCacheDataFile, SSL_DBM_FILE_SUFFIX_DIR, NULL));
  +        unlink(apr_pstrcat(p, mc->szSessionCacheDataFile, SSL_DBM_FILE_SUFFIX_PAG, NULL));
           /* the additional ways to be sure */
  -        unlink(ap_pstrcat(p, mc->szSessionCacheDataFile, ".dir", NULL));
  -        unlink(ap_pstrcat(p, mc->szSessionCacheDataFile, ".pag", NULL));
  -        unlink(ap_pstrcat(p, mc->szSessionCacheDataFile, ".db", NULL));
  +        unlink(apr_pstrcat(p, mc->szSessionCacheDataFile, ".dir", NULL));
  +        unlink(apr_pstrcat(p, mc->szSessionCacheDataFile, ".pag", NULL));
  +        unlink(apr_pstrcat(p, mc->szSessionCacheDataFile, ".db", NULL));
           unlink(mc->szSessionCacheDataFile);
  -        ap_destroy_pool(p);
  +        apr_pool_destroy(p);
       }
       return;
   }
   
   BOOL ssl_scache_dbm_store(server_rec *s, UCHAR *id, int idlen, time_t expiry, SSL_SESSION *sess)
   {
  -    SSLModConfigRec *mc = myModConfig();
  +    SSLModConfigRec *mc = myModConfig(s);
       apr_dbm_t *dbm;
       apr_datum_t dbmkey;
       apr_datum_t dbmval;
  @@ -169,8 +167,8 @@
   
       /* and store it to the DBM file */
       ssl_mutex_on(s);
  -    if ((dbm = apr_dbm_open(mc->szSessionCacheDataFile,
  -                            O_RDWR, SSL_DBM_FILE_MODE)) == NULL) {
  +    if (apr_dbm_open(&dbm, mc->szSessionCacheDataFile,
  +	    APR_DBM_RWCREATE, SSL_DBM_FILE_MODE, mc->pPool) != APR_SUCCESS) {
           ssl_log(s, SSL_LOG_ERROR|SSL_ADD_ERRNO,
                   "Cannot open SSLSessionCache DBM file `%s' for writing (store)",
                   mc->szSessionCacheDataFile);
  @@ -178,7 +176,7 @@
           free(dbmval.dptr);
           return FALSE;
       }
  -    if (apr_dbm_store(dbm, dbmkey, dbmval, DBM_INSERT) < 0) {
  +    if (apr_dbm_store(dbm, dbmkey, dbmval) < 0) {
           ssl_log(s, SSL_LOG_ERROR|SSL_ADD_ERRNO,
                   "Cannot store SSL session to DBM file `%s'",
                   mc->szSessionCacheDataFile);
  @@ -201,7 +199,7 @@
   
   SSL_SESSION *ssl_scache_dbm_retrieve(server_rec *s, UCHAR *id, int idlen)
   {
  -    SSLModConfigRec *mc = myModConfig();
  +    SSLModConfigRec *mc = myModConfig(s);
       apr_dbm_t *dbm;
       apr_datum_t dbmkey;
       apr_datum_t dbmval;
  @@ -210,6 +208,7 @@
       int nData;
       time_t expiry;
       time_t now;
  +    apr_status_t rc;
   
       /* allow the regular expiring to occur */
       ssl_scache_dbm_expire(s);
  @@ -220,19 +219,21 @@
   
       /* and fetch it from the DBM file */
       ssl_mutex_on(s);
  -    if ((dbm = apr_dbm_open(mc->szSessionCacheDataFile,
  -                            O_RDONLY, SSL_DBM_FILE_MODE)) == NULL) {
  +    if (apr_dbm_open(&dbm, mc->szSessionCacheDataFile,
  +	    APR_DBM_RWCREATE, SSL_DBM_FILE_MODE, mc->pPool) != APR_SUCCESS) {
           ssl_log(s, SSL_LOG_ERROR|SSL_ADD_ERRNO,
                   "Cannot open SSLSessionCache DBM file `%s' for reading (fetch)",
                   mc->szSessionCacheDataFile);
           ssl_mutex_off(s);
           return NULL;
       }
  -    dbmval = apr_dbm_fetch(dbm, dbmkey);
  +    rc = apr_dbm_fetch(dbm, dbmkey, &dbmval);
       apr_dbm_close(dbm);
       ssl_mutex_off(s);
   
       /* immediately return if not found */
  +    if (rc != APR_SUCCESS)
  +        return NULL;
       if (dbmval.dptr == NULL || dbmval.dsize <= sizeof(time_t))
           return NULL;
   
  @@ -259,7 +260,7 @@
   
   void ssl_scache_dbm_remove(server_rec *s, UCHAR *id, int idlen)
   {
  -    SSLModConfigRec *mc = myModConfig();
  +    SSLModConfigRec *mc = myModConfig(s);
       apr_dbm_t *dbm;
       apr_datum_t dbmkey;
   
  @@ -269,8 +270,8 @@
   
       /* and delete it from the DBM file */
       ssl_mutex_on(s);
  -    if ((dbm = apr_dbm_open(mc->szSessionCacheDataFile,
  -                            O_RDWR, SSL_DBM_FILE_MODE)) == NULL) {
  +    if (apr_dbm_open(&dbm, mc->szSessionCacheDataFile,
  +	    APR_DBM_RWCREATE, SSL_DBM_FILE_MODE, mc->pPool) != APR_SUCCESS) {
           ssl_log(s, SSL_LOG_ERROR|SSL_ADD_ERRNO,
                   "Cannot open SSLSessionCache DBM file `%s' for writing (delete)",
                   mc->szSessionCacheDataFile);
  @@ -286,13 +287,13 @@
   
   void ssl_scache_dbm_expire(server_rec *s)
   {
  -    SSLModConfigRec *mc = myModConfig();
  +    SSLModConfigRec *mc = myModConfig(s);
       SSLSrvConfigRec *sc = mySrvConfig(s);
       static time_t tLast = 0;
       apr_dbm_t *dbm;
       apr_datum_t dbmkey;
       apr_datum_t dbmval;
  -    pool *p;
  +    apr_pool_t *p;
       time_t tExpiresAt;
       int nElements = 0;
       int nDeleted = 0;
  @@ -327,28 +328,28 @@
       ssl_mutex_on(s);
       for (;;) {
           /* allocate the key array in a memory sub pool */
  -        if ((p = ap_make_sub_pool(NULL)) == NULL)
  +        if ((p = apr_pool_sub_make(mc->pPool, NULL)) == NULL)
               break;
  -        if ((keylist = ap_palloc(p, sizeof(dbmkey)*KEYMAX)) == NULL) {
  -            ap_destroy_pool(p);
  +        if ((keylist = apr_palloc(p, sizeof(dbmkey)*KEYMAX)) == NULL) {
  +            apr_pool_destroy(p);
               break;
           }
   
           /* pass 1: scan DBM database */
           keyidx = 0;
  -        if ((dbm = apr_dbm_open(mc->szSessionCacheDataFile,
  -                                O_RDWR, SSL_DBM_FILE_MODE)) == NULL) {
  +        if (apr_dbm_open(&dbm, mc->szSessionCacheDataFile,
  +		APR_DBM_RWCREATE,SSL_DBM_FILE_MODE, p) != APR_SUCCESS) {
               ssl_log(s, SSL_LOG_ERROR|SSL_ADD_ERRNO,
                       "Cannot open SSLSessionCache DBM file `%s' for scanning",
                       mc->szSessionCacheDataFile);
  -            ap_destroy_pool(p);
  +            apr_pool_destroy(p);
               break;
           }
  -        dbmkey = apr_dbm_firstkey(dbm);
  +        apr_dbm_firstkey(dbm, &dbmkey);
           while (dbmkey.dptr != NULL) {
               nElements++;
               bDelete = FALSE;
  -            dbmval = apr_dbm_fetch(dbm, dbmkey);
  +            apr_dbm_fetch(dbm, dbmkey, &dbmval);
               if (dbmval.dsize <= sizeof(time_t) || dbmval.dptr == NULL)
                   bDelete = TRUE;
               else {
  @@ -357,7 +358,7 @@
                       bDelete = TRUE;
               }
               if (bDelete) {
  -                if ((keylist[keyidx].dptr = ap_palloc(p, dbmkey.dsize)) != NULL) {
  +                if ((keylist[keyidx].dptr = apr_palloc(p, dbmkey.dsize)) != NULL) {
                       memcpy(keylist[keyidx].dptr, dbmkey.dptr, dbmkey.dsize);
                       keylist[keyidx].dsize = dbmkey.dsize;
                       keyidx++;
  @@ -365,17 +366,17 @@
                           break;
                   }
               }
  -            dbmkey = apr_dbm_nextkey(dbm);
  +            apr_dbm_nextkey(dbm, &dbmkey);
           }
           apr_dbm_close(dbm);
   
           /* pass 2: delete expired elements */
  -        if ((dbm = apr_dbm_open(mc->szSessionCacheDataFile,
  -                                O_RDWR, SSL_DBM_FILE_MODE)) == NULL) {
  +        if (apr_dbm_open(&dbm, mc->szSessionCacheDataFile,
  +		APR_DBM_RWCREATE,SSL_DBM_FILE_MODE, p) != APR_SUCCESS) {
               ssl_log(s, SSL_LOG_ERROR|SSL_ADD_ERRNO,
                       "Cannot re-open SSLSessionCache DBM file `%s' for expiring",
                       mc->szSessionCacheDataFile);
  -            ap_destroy_pool(p);
  +            apr_pool_destroy(p);
               break;
           }
           for (i = 0; i < keyidx; i++) {
  @@ -385,7 +386,7 @@
           apr_dbm_close(dbm);
   
           /* destroy temporary pool */
  -        ap_destroy_pool(p);
  +        apr_pool_destroy(p);
   
           if (keyidx < KEYMAX)
               break;
  @@ -397,9 +398,9 @@
       return;
   }
   
  -void ssl_scache_dbm_status(server_rec *s, pool *p, void (*func)(char *, void *), void *arg)
  +void ssl_scache_dbm_status(server_rec *s, apr_pool_t *p, void (*func)(char *, void *), void *arg)
   {
  -    SSLModConfigRec *mc = myModConfig();
  +    SSLModConfigRec *mc = myModConfig(s);
       apr_dbm_t *dbm;
       apr_datum_t dbmkey;
       apr_datum_t dbmval;
  @@ -410,17 +411,23 @@
       nElem = 0;
       nSize = 0;
       ssl_mutex_on(s);
  -    if ((dbm = apr_dbm_open(mc->szSessionCacheDataFile,
  -                            O_RDONLY, SSL_DBM_FILE_MODE)) == NULL) {
  +    /*
  +     * XXX - Check what pool is to be used - TBD
  +     */
  +    if (apr_dbm_open(&dbm, mc->szSessionCacheDataFile,
  +	                 APR_DBM_RWCREATE, SSL_DBM_FILE_MODE, mc->pPool) != APR_SUCCESS) {
           ssl_log(s, SSL_LOG_ERROR|SSL_ADD_ERRNO,
                   "Cannot open SSLSessionCache DBM file `%s' for status retrival",
                   mc->szSessionCacheDataFile);
           ssl_mutex_off(s);
           return;
       }
  -    dbmkey = apr_dbm_firstkey(dbm);
  -    for ( ; dbmkey.dptr != NULL; dbmkey = apr_dbm_nextkey(dbm)) {
  -        dbmval = apr_dbm_fetch(dbm, dbmkey);
  +    /*
  +     * XXX - Check the return value of apr_dbm_firstkey, apr_dbm_fetch - TBD
  +     */
  +    apr_dbm_firstkey(dbm, &dbmkey);
  +    for ( ; dbmkey.dptr != NULL; apr_dbm_nextkey(dbm, &dbmkey)) {
  +        apr_dbm_fetch(dbm, dbmkey, &dbmval);
           if (dbmval.dptr == NULL)
               continue;
           nElem += 1;
  @@ -432,11 +439,9 @@
           nAverage = nSize / nElem;
       else
           nAverage = 0;
  -    func(ap_psprintf(p, "cache type: <b>DBM</b>, maximum size: <b>unlimited</b><br>"), arg);
  -    func(ap_psprintf(p, "current sessions: <b>%d</b>, current size: <b>%d</b> bytes<br>", nElem, nSize), arg);
  -    func(ap_psprintf(p, "average session size: <b>%d</b> bytes<br>", nAverage), arg);
  +    func(apr_psprintf(p, "cache type: <b>DBM</b>, maximum size: <b>unlimited</b><br>"), arg);
  +    func(apr_psprintf(p, "current sessions: <b>%d</b>, current size: <b>%d</b> bytes<br>", nElem, nSize), arg);
  +    func(apr_psprintf(p, "average session size: <b>%d</b> bytes<br>", nAverage), arg);
       return;
   }
  -
  -#endif /* XXX */
   
  
  
  
  1.9       +31 -0     httpd-2.0/modules/ssl/ssl_util.c
  
  Index: ssl_util.c
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/modules/ssl/ssl_util.c,v
  retrieving revision 1.8
  retrieving revision 1.9
  diff -u -r1.8 -r1.9
  --- ssl_util.c	2001/07/17 14:38:06	1.8
  +++ ssl_util.c	2001/07/19 16:08:01	1.9
  @@ -298,3 +298,34 @@
       return cpResult;
   }
   
  +apr_status_t
  +ssl_util_setmodconfig(
  +    server_rec *s, const char *key, SSLModConfigRec *mc)
  +{
  +    return apr_pool_userdata_set((void *)mc, key, apr_pool_cleanup_null, s->process->pool);
  +}
  +
  +SSLModConfigRec *
  +ssl_util_getmodconfig(
  +    server_rec *s, const char *key)
  +{
  +    SSLModConfigRec *mc = NULL;
  +
  +    if (apr_pool_userdata_get((void **)&mc, key, s->process->pool) != APR_SUCCESS)
  +        ssl_log(s, SSL_LOG_TRACE, "Unable to retrieve SSLModConfig from global pool");
  +    return mc;
  +}
  +
  +SSLModConfigRec *
  +ssl_util_getmodconfig_ssl(
  +    SSL *ssl, const char *key)
  +{
  +    conn_rec *c;
  +    SSLModConfigRec *mc = NULL;
  +     
  +    c = SSL_get_app_data(ssl);
  +    if (c != NULL)
  +        mc = ssl_util_getmodconfig(c->base_server, key);
  +    return mc;
  +}
  +
  
  
  
  1.6       +2 -2      httpd-2.0/modules/ssl/ssl_util_ssl.c
  
  Index: ssl_util_ssl.c
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/modules/ssl/ssl_util_ssl.c,v
  retrieving revision 1.5
  retrieving revision 1.6
  diff -u -r1.5 -r1.6
  --- ssl_util_ssl.c	2001/06/28 01:14:04	1.5
  +++ ssl_util_ssl.c	2001/07/19 16:08:01	1.6
  @@ -148,7 +148,7 @@
   }
   #endif
   
  -EVP_PKEY *SSL_read_PrivateKey(FILE *fp, EVP_PKEY **key, int (*cb)(char*,int,int,void*))
  +EVP_PKEY *SSL_read_PrivateKey(FILE *fp, EVP_PKEY **key, int (*cb)(char*,int,int,void*), void *s)
   {
       EVP_PKEY *rc;
       BIO *bioS;
  @@ -158,7 +158,7 @@
   #if SSL_LIBRARY_VERSION < 0x00904000
       rc = PEM_read_PrivateKey(fp, key, cb);
   #else
  -    rc = PEM_read_PrivateKey(fp, key, cb, NULL);
  +    rc = PEM_read_PrivateKey(fp, key, cb, s);
   #endif
       if (rc == NULL) {
           /* 2. try DER+Base64 */
  
  
  
  1.8       +1 -1      httpd-2.0/modules/ssl/ssl_util_ssl.h
  
  Index: ssl_util_ssl.h
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/modules/ssl/ssl_util_ssl.h,v
  retrieving revision 1.7
  retrieving revision 1.8
  diff -u -r1.7 -r1.8
  --- ssl_util_ssl.h	2001/06/28 01:14:03	1.7
  +++ ssl_util_ssl.h	2001/07/19 16:08:01	1.8
  @@ -95,7 +95,7 @@
   void       *SSL_get_app_data2(SSL *);
   void        SSL_set_app_data2(SSL *, void *);
   X509       *SSL_read_X509(FILE *, X509 **, int (*)(char*,int,int,void*));
  -EVP_PKEY   *SSL_read_PrivateKey(FILE *, EVP_PKEY **, int (*)(char*,int,int,void*));
  +EVP_PKEY   *SSL_read_PrivateKey(FILE *, EVP_PKEY **, int (*)(char*,int,int,void*), void *);
   int         SSL_smart_shutdown(SSL *ssl);
   X509_STORE *SSL_X509_STORE_create(char *, char *);
   int         SSL_X509_STORE_lookup(X509_STORE *, int, X509_NAME *, X509_OBJECT *);
  
  
  

Mime
View raw message