httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From r..@apache.org
Subject cvs commit: httpd-2.0/modules/ssl mod_ssl.c mod_ssl.h ssl_engine_io.c ssl_engine_kernel.c
Date Tue, 04 Jun 2002 07:12:27 GMT
rbb         2002/06/04 00:12:27

  Modified:    .        CHANGES
               modules/ssl mod_ssl.c mod_ssl.h ssl_engine_io.c
                        ssl_engine_kernel.c
  Log:
  Remove all special mod_ssl URIs.  This also fixes the bug where
  redirecting (.*) will allow an SSL protected page to be viewed
  without SSL.
  
  Revision  Changes    Path
  1.807     +4 -0      httpd-2.0/CHANGES
  
  Index: CHANGES
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/CHANGES,v
  retrieving revision 1.806
  retrieving revision 1.807
  diff -u -r1.806 -r1.807
  --- CHANGES	3 Jun 2002 18:06:26 -0000	1.806
  +++ CHANGES	4 Jun 2002 07:12:25 -0000	1.807
  @@ -1,5 +1,9 @@
   Changes with Apache 2.0.37
   
  +  *) Remove all special mod_ssl URIs.  This also fixes the bug where
  +     redirecting (.*) will allow an SSL protected page to be viewed
  +     without SSL.  [Ryan Bloom]
  +
     *) Fix the binary build install script so that the build logic
        created by "apxs -g" will work when the user has a binary
        build.  [Jeff Trawick]
  
  
  
  1.69      +0 -1      httpd-2.0/modules/ssl/mod_ssl.c
  
  Index: mod_ssl.c
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/modules/ssl/mod_ssl.c,v
  retrieving revision 1.68
  retrieving revision 1.69
  diff -u -r1.68 -r1.69
  --- mod_ssl.c	17 May 2002 11:24:17 -0000	1.68
  +++ mod_ssl.c	4 Jun 2002 07:12:26 -0000	1.69
  @@ -583,7 +583,6 @@
       ap_hook_post_config   (ssl_init_Module,        NULL,NULL, APR_HOOK_MIDDLE);
       ap_hook_http_method   (ssl_hook_http_method,   NULL,NULL, APR_HOOK_MIDDLE);
       ap_hook_default_port  (ssl_hook_default_port,  NULL,NULL, APR_HOOK_MIDDLE);
  -    ap_hook_handler       (ssl_hook_Handler,       NULL,NULL, APR_HOOK_MIDDLE);
       ap_hook_pre_config    (ssl_hook_pre_config,    NULL,NULL, APR_HOOK_MIDDLE);
       ap_hook_child_init    (ssl_init_Child,         NULL,NULL, APR_HOOK_MIDDLE);
       ap_hook_translate_name(ssl_hook_Translate,     NULL,NULL, APR_HOOK_MIDDLE);
  
  
  
  1.119     +1 -0      httpd-2.0/modules/ssl/mod_ssl.h
  
  Index: mod_ssl.h
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/modules/ssl/mod_ssl.h,v
  retrieving revision 1.118
  retrieving revision 1.119
  diff -u -r1.118 -r1.119
  --- mod_ssl.h	4 Jun 2002 02:19:32 -0000	1.118
  +++ mod_ssl.h	4 Jun 2002 07:12:26 -0000	1.119
  @@ -414,6 +414,7 @@
       int verify_depth;
       int is_proxy;
       int disabled;
  +    int non_ssl_request;
   } SSLConnRec;
   
   typedef struct {
  
  
  
  1.78      +14 -2     httpd-2.0/modules/ssl/ssl_engine_io.c
  
  Index: ssl_engine_io.c
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/modules/ssl/ssl_engine_io.c,v
  retrieving revision 1.77
  retrieving revision 1.78
  diff -u -r1.77 -r1.78
  --- ssl_engine_io.c	17 May 2002 11:24:17 -0000	1.77
  +++ ssl_engine_io.c	4 Jun 2002 07:12:26 -0000	1.78
  @@ -741,8 +741,17 @@
       return APR_SUCCESS;
   }
   
  +/* Just use a simple request.  Any request will work for this, because
  + * we use a flag in the conn_rec->conn_vector now.  The fake request just
  + * gets the request back to the Apache core so that a response can be sent.
  + *
  + * We should probably use a 0.9 request, but the BIO bucket code is calling
  + * socket_bucket_read one extra time with all 0.9 requests from the client.
  + * Until that is resolved, continue to use a 1.0 request, just like we
  + * always have.
  + */
   #define HTTP_ON_HTTPS_PORT \
  -    "GET /mod_ssl:error:HTTP-request HTTP/1.0"
  +    "GET / HTTP/1.0"
   
   #define HTTP_ON_HTTPS_PORT_BUCKET(alloc) \
       apr_bucket_immortal_create(HTTP_ON_HTTPS_PORT, \
  @@ -760,6 +769,7 @@
                                           apr_bucket_brigade *bb,
                                           apr_status_t status)
   {
  +    SSLConnRec *sslconn = myConnConfig(f->c);
       apr_bucket *bucket;
   
       switch (status) {
  @@ -771,9 +781,11 @@
                            "trying to send HTML error page");
               ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, f->c->base_server);
   
  +            sslconn->non_ssl_request = 1;
  +            ssl_io_filter_disable(f);
  +
               /* fake the request line */
               bucket = HTTP_ON_HTTPS_PORT_BUCKET(f->c->bucket_alloc);
  -            ssl_io_filter_disable(f);
               break;
   
         default:
  
  
  
  1.72      +28 -50    httpd-2.0/modules/ssl/ssl_engine_kernel.c
  
  Index: ssl_engine_kernel.c
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/modules/ssl/ssl_engine_kernel.c,v
  retrieving revision 1.71
  retrieving revision 1.72
  diff -u -r1.71 -r1.72
  --- ssl_engine_kernel.c	17 May 2002 11:24:17 -0000	1.71
  +++ ssl_engine_kernel.c	4 Jun 2002 07:12:26 -0000	1.72
  @@ -174,6 +174,34 @@
           return DECLINED;
       }
   
  +    if (sslconn->non_ssl_request) {
  +        const char *errmsg;
  +        char *thisurl;
  +        char *thisport = "";
  +        int port = ap_get_server_port(r);
  +
  +        if (!ap_is_default_port(port, r)) {
  +            thisport = apr_psprintf(r->pool, ":%u", port);
  +        }
  +
  +        thisurl = ap_escape_html(r->pool,
  +                                 apr_psprintf(r->pool, "https://%s%s/",
  +                                              ap_get_server_name(r),
  +                                              thisport));
  +
  +        errmsg = apr_psprintf(r->pool,
  +                              "Reason: You're speaking plain HTTP "
  +                              "to an SSL-enabled server port.<br />\n"
  +                              "Instead use the HTTPS scheme to access "
  +                              "this URL, please.<br />\n"
  +                              "<blockquote>Hint: "
  +                              "<a href=\"%s\"><b>%s</b></a></blockquote>",
  +                              thisurl, thisurl);
  +
  +        apr_table_setn(r->notes, "error-notes", errmsg);
  +        return HTTP_BAD_REQUEST;
  +    }
  +
       /*
        * Get the SSL connection structure and perform the
        * delayed interlinking from SSL back to request_rec
  @@ -182,13 +210,6 @@
           SSL_set_app_data2(ssl, r);
       }
   
  -    /*
  -     * Force the mod_ssl content handler when URL indicates this
  -     */
  -    if (strEQn(r->uri, "/mod_ssl:", 9)) {
  -        r->handler = "mod_ssl:content-handler";
  -    }
  -
       return DECLINED;
   }
   
  @@ -262,49 +283,6 @@
       }
   
       return DECLINED;
  -}
  -
  -/*
  - *  Content Handler
  - */
  -int ssl_hook_Handler(request_rec *r)
  -{
  -    if (strNE(r->handler, "mod_ssl:content-handler")) {
  -        return DECLINED;
  -    }
  -
  -    if (strNEn(r->uri, "/mod_ssl:", 9)) {
  -        return DECLINED;
  -    }
  -
  -    if (strEQ(r->uri, "/mod_ssl:error:HTTP-request")) {
  -        const char *errmsg;
  -        char *thisurl;
  -        char *thisport = "";
  -        int port = ap_get_server_port(r);
  -
  -        if (!ap_is_default_port(port, r)) {
  -            thisport = apr_psprintf(r->pool, ":%u", port);
  -        }
  -
  -        thisurl = ap_escape_html(r->pool,
  -                                 apr_psprintf(r->pool, "https://%s%s/",
  -                                              ap_get_server_name(r),
  -                                              thisport));
  -
  -        errmsg = apr_psprintf(r->pool,
  -                              "Reason: You're speaking plain HTTP "
  -                              "to an SSL-enabled server port.<br />\n"
  -                              "Instead use the HTTPS scheme to access "
  -                              "this URL, please.<br />\n"
  -                              "<blockquote>Hint: "
  -                              "<a href=\"%s\"><b>%s</b></a></blockquote>",
  -                              thisurl, thisurl);
  -
  -        apr_table_setn(r->notes, "error-notes", errmsg);
  -    }
  -
  -    return HTTP_BAD_REQUEST;
   }
   
   /*
  
  
  

Mime
View raw message