httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bnicho...@apache.org
Subject cvs commit: httpd-2.0/modules/arch/netware mod_nw_ssl.c
Date Tue, 02 Nov 2004 23:47:41 GMT
bnicholes    2004/11/02 15:47:41

  Modified:    modules/arch/netware Tag: APACHE_2_0_BRANCH mod_nw_ssl.c
  Log:
  Track the status of an upgradeable socket so that the http_method and default_port hooks
will report the correct information.  Also add the check for an upgraded https connection
when responding to the state of a connection.
  
  Revision  Changes    Path
  No                   revision
  No                   revision
  1.7.2.13  +40 -11    httpd-2.0/modules/arch/netware/mod_nw_ssl.c
  
  Index: mod_nw_ssl.c
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/modules/arch/netware/mod_nw_ssl.c,v
  retrieving revision 1.7.2.12
  retrieving revision 1.7.2.13
  diff -u -r1.7.2.12 -r1.7.2.13
  --- mod_nw_ssl.c	25 Aug 2004 20:03:17 -0000	1.7.2.12
  +++ mod_nw_ssl.c	2 Nov 2004 23:47:41 -0000	1.7.2.13
  @@ -61,6 +61,10 @@
                            conn_rec *, request_rec *,
                            char *));
   
  +/* An optional function which returns non-zero if the given connection
  + * is using SSL/TLS. */
  +APR_DECLARE_OPTIONAL_FN(int, ssl_is_https, (conn_rec *));
  +
   /* The ssl_proxy_enable() and ssl_engine_disable() optional functions
    * are used by mod_proxy to enable use of SSL for outgoing
    * connections. */
  @@ -85,6 +89,7 @@
   typedef struct NWSSLSrvConfigRec NWSSLSrvConfigRec;
   typedef struct seclisten_rec seclisten_rec;
   typedef struct seclistenup_rec seclistenup_rec;
  +typedef struct secsocket_data secsocket_data;
   
   struct seclisten_rec {
       seclisten_rec *next;
  @@ -110,6 +115,11 @@
   	apr_pool_t *pPool;
   };
   
  +struct secsocket_data {
  +    apr_socket_t* csd;
  +    int is_secure;
  +};
  +
   static apr_array_header_t *certlist = NULL;
   static unicode_t** certarray = NULL;
   static int numcerts = 0;
  @@ -589,7 +599,11 @@
           convert_secure_socket(c, (apr_socket_t*)csd);
       }
       else {
  -        ap_set_module_config(c->conn_config, &nwssl_module, csd);
  +        secsocket_data *csd_data = apr_palloc(c->pool, sizeof(secsocket_data));
  +
  +        csd_data->csd = (apr_socket_t*)csd;
  +        csd_data->is_secure = 0;
  +        ap_set_module_config(c->conn_config, &nwssl_module, (void*)csd_data);
       }
       
       return OK;
  @@ -726,11 +740,18 @@
   	return isSecureConnUpgradeable (r->server, r->connection);
   }
   
  +static int isSecureUpgraded (const request_rec *r)
  +{
  +    secsocket_data *csd_data = (secsocket_data*)ap_get_module_config(r->connection->conn_config,
&nwssl_module);
  +
  +	return csd_data->is_secure;
  +}
  +
   static int nwssl_hook_Fixup(request_rec *r)
   {
       int i;
   
  -    if (!isSecure(r))
  +    if (!isSecure(r) && !isSecureUpgraded(r))
           return DECLINED;
   
       apr_table_set(r->subprocess_env, "HTTPS", "on");
  @@ -740,7 +761,7 @@
   
   static const char *nwssl_hook_http_method (const request_rec *r)
   {
  -    if (isSecure(r))
  +    if (isSecure(r) && !isSecureUpgraded(r))
           return "https";
   
       return NULL;
  @@ -768,7 +789,9 @@
   
   static int ssl_is_https(conn_rec *c)
   {
  -    return isSecureConn (c->base_server, c);
  +    secsocket_data *csd_data = (secsocket_data*)ap_get_module_config(c->conn_config,
&nwssl_module);
  +
  +    return isSecureConn (c->base_server, c) || (csd_data && csd_data->is_secure);
   }
   
   /* This function must remain safe to use for a non-SSL connection. */
  @@ -815,6 +838,12 @@
                   result = apr_table_get(r->headers_in, "Proxy-Connection");
               else if (strcEQ(var, "HTTP_ACCEPT"))
                   result = apr_table_get(r->headers_in, "Accept");
  +            else if (strcEQ(var, "HTTPS")) {
  +                if (isSecure(r) || isSecureUpgraded(r))
  +                    result = "on";
  +                else
  +                    result = "off";
  +            }
               else if (strlen(var) > 5 && strcEQn(var, "HTTP:", 5))
                   /* all other headers from which we are still not know about */
                   result = apr_table_get(r->headers_in, var+5);
  @@ -887,12 +916,6 @@
   			result = NULL;
           else if (strcEQ(var, "REMOTE_ADDR"))
               result = c->remote_ip;
  -        else if (strcEQ(var, "HTTPS")) {
  -			if (isSecureConn (s, c))
  -                result = "on";
  -            else
  -                result = "off";
  -        }
       }
   
       /*
  @@ -980,6 +1003,7 @@
       char *token_string;
       char *token;
       char *token_state;
  +    secsocket_data *csd_data;
   
       /* Just remove the filter, if it doesn't work the first time, it won't
        * work at all for this request.
  @@ -1018,7 +1042,8 @@
       apr_table_unset(r->headers_out, "Upgrade");
   
       if (r) {
  -        csd = (apr_socket_t*)ap_get_module_config(r->connection->conn_config, &nwssl_module);
  +        csd_data = (secsocket_data*)ap_get_module_config(r->connection->conn_config,
&nwssl_module);
  +        csd = csd_data->csd;
       }
       else {
           ap_log_error(APLOG_MARK, APLOG_ERR, 0, r->server,
  @@ -1055,6 +1080,9 @@
   
   
           ret = SSLize_Socket(sockdes, key, r);
  +        if (!ret) {
  +            csd_data->is_secure = 1;
  +        }
       }
       else {
           ap_log_error(APLOG_MARK, APLOG_ERR, 0, r->server,
  @@ -1102,6 +1130,7 @@
       ap_hook_default_port  (nwssl_hook_default_port,  NULL,NULL, APR_HOOK_MIDDLE);
       ap_hook_insert_filter (ssl_hook_Insert_Filter, NULL,NULL, APR_HOOK_MIDDLE);
   
  +    APR_REGISTER_OPTIONAL_FN(ssl_is_https);
       APR_REGISTER_OPTIONAL_FN(ssl_var_lookup);
       
       APR_REGISTER_OPTIONAL_FN(ssl_proxy_enable);
  
  
  

Mime
View raw message