httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From do...@apache.org
Subject cvs commit: httpd-2.0/modules/ssl mod_ssl.c mod_ssl.h ssl_engine_kernel.c
Date Wed, 21 Nov 2001 18:08:34 GMT
dougm       01/11/21 10:08:34

  Modified:    modules/ssl mod_ssl.c mod_ssl.h ssl_engine_kernel.c
  Log:
  move c->notes.ssl::client::dn to SSLConnRec.client_dn
  
  Revision  Changes    Path
  1.33      +3 -3      httpd-2.0/modules/ssl/mod_ssl.c
  
  Index: mod_ssl.c
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/modules/ssl/mod_ssl.c,v
  retrieving revision 1.32
  retrieving revision 1.33
  diff -u -r1.32 -r1.33
  --- mod_ssl.c	2001/11/21 17:45:24	1.32
  +++ mod_ssl.c	2001/11/21 18:08:33	1.33
  @@ -288,7 +288,6 @@
       /*
        * Predefine some client verification results
        */
  -    apr_table_setn(c->notes, "ssl::client::dn", NULL);
       apr_table_setn(c->notes, "ssl::verify::error", NULL);
       apr_table_setn(c->notes, "ssl::verify::info", NULL);
       SSL_set_verify_result(ssl, X509_V_OK);
  @@ -339,6 +338,7 @@
       X509 *xs;
       char *cp = NULL;
       conn_rec *c = (conn_rec*)SSL_get_app_data (pRec->pssl);
  +    SSLConnRec *sslconn = myConnConfig(c);
       SSLSrvConfigRec *sc = mySrvConfig(c->base_server);
       long verify_result;
   
  @@ -447,7 +447,7 @@
            */
           if ((xs = SSL_get_peer_certificate(pRec->pssl)) != NULL) {
               cp = X509_NAME_oneline(X509_get_subject_name(xs), NULL, 0);
  -            apr_table_setn(c->notes,"ssl::client::dn",apr_pstrdup(c->pool, cp));
  +            sslconn->client_dn = apr_pstrdup(c->pool, cp);
               free(cp);
           }
   
  @@ -456,7 +456,7 @@
            * is required we really got one... (be paranoid)
            */
           if (sc->nVerifyClient == SSL_CVERIFY_REQUIRE
  -            && apr_table_get(c->notes, "ssl::client::dn") == NULL) {
  +            && sslconn->client_dn == NULL) {
               ssl_log(c->base_server, SSL_LOG_ERROR,
                       "No acceptable peer certificate available");
               return ssl_abort(pRec, c);
  
  
  
  1.36      +1 -0      httpd-2.0/modules/ssl/mod_ssl.h
  
  Index: mod_ssl.h
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/modules/ssl/mod_ssl.h,v
  retrieving revision 1.35
  retrieving revision 1.36
  diff -u -r1.35 -r1.36
  --- mod_ssl.h	2001/11/21 17:45:24	1.35
  +++ mod_ssl.h	2001/11/21 18:08:33	1.36
  @@ -452,6 +452,7 @@
   
   typedef struct {
       SSL *ssl;
  +    const char *client_dn;
   } SSLConnRec;
   
   typedef struct {
  
  
  
  1.22      +9 -5      httpd-2.0/modules/ssl/ssl_engine_kernel.c
  
  Index: ssl_engine_kernel.c
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/modules/ssl/ssl_engine_kernel.c,v
  retrieving revision 1.21
  retrieving revision 1.22
  diff -u -r1.21 -r1.22
  --- ssl_engine_kernel.c	2001/11/21 17:45:24	1.21
  +++ ssl_engine_kernel.c	2001/11/21 18:08:33	1.22
  @@ -75,13 +75,16 @@
       SSL *ssl;
       char *cpType;
       conn_rec *conn;
  -    
  +    SSLConnRec *sslconn;
  +
       ssl  = filter->pssl;
       conn = (conn_rec *)SSL_get_app_data(ssl);
   
       if (ssl == NULL)
           return APR_SUCCESS;
   
  +    sslconn = myConnConfig(conn);
  +
       /*
        * Now close the SSL layer of the connection. We've to take
        * the TLSv1 standard into account here:
  @@ -775,8 +778,7 @@
            */
           if ((cert = SSL_get_peer_certificate(ssl)) != NULL) {
               cp = X509_NAME_oneline(X509_get_subject_name(cert), NULL, 0);
  -            apr_table_setn(r->connection->notes, "ssl::client::dn", 
  -                           apr_pstrdup(r->connection->pool, cp));
  +            sslconn->client_dn = apr_pstrdup(r->connection->pool, cp);
               free(cp);
           }
   
  @@ -919,7 +921,7 @@
           return DECLINED;
       if (r->user)
           return DECLINED;
  -    if ((clientdn = (char *)apr_table_get(r->connection->notes, "ssl::client::dn"))
== NULL)
  +    if ((clientdn = (char *)sslconn->client_dn) == NULL)
           return DECLINED;
   
       /*
  @@ -1200,6 +1202,7 @@
       request_rec *r;
       SSLSrvConfigRec *sc;
       SSLDirConfigRec *dc;
  +    SSLConnRec *sslconn;
       apr_table_t *actx;
       X509 *xs;
       int errnum;
  @@ -1214,6 +1217,7 @@
        */
       ssl  = (SSL *)X509_STORE_CTX_get_app_data(ctx);
       conn = (conn_rec *)SSL_get_app_data(ssl);
  +    sslconn = myConnConfig(conn);
       actx = (apr_table_t *)SSL_get_app_data2(ssl);
       r    = (request_rec *)apr_table_get(actx, "ssl::request_rec");
       s    = conn->base_server;
  @@ -1273,7 +1277,7 @@
       if (!ok) {
           ssl_log(s, SSL_LOG_ERROR, "Certificate Verification: Error (%d): %s",
                   errnum, X509_verify_cert_error_string(errnum));
  -        apr_table_setn(conn->notes, "ssl::client::dn", NULL);
  +        sslconn->client_dn = NULL;
           apr_table_setn(conn->notes, "ssl::verify::error",
                      (void *)X509_verify_cert_error_string(errnum));
       }
  
  
  

Mime
View raw message