httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ian Holsman <i...@cnet.com>
Subject RE: [patch] mod_ssl + c->notes--
Date Wed, 21 Nov 2001 17:07:47 GMT
On Tue, 2001-11-20 at 20:46, MATHIHALLI,MADHUSUDAN (HP-Cupertino,ex1)
wrote:
> +1.. This is great !!.. The only reason I'd started off with c->notes was
> that I wanted something to be persistant thru' the multiple requests.. This
> solution would be ideal..
> 
> -Madhu

I'm looking at the patch, and it looks like you are trying to store
a non-string in the notes table.

why aren't you using apr_pool_userdate_get/set 
http://docx.webperf.org/group__APR__Pool.html#a9 
instead of using the notes table?

> 
> 
> -----Original Message-----
> From: Doug MacEachern [mailto:dougm@covalent.net]
> Sent: Tuesday, November 20, 2001 8:30 PM
> To: dev@httpd.apache.org
> Subject: [patch] mod_ssl + c->notes--
> 
> 
> mod_ssl currently does quite a bit of apr_table_{get,set}s.  it would be
> much faster to use c->conn_config instead.  the patch below attaches a new
> SSLConnRec structure to the c->conn_config and replaces all usage of
> apr_table_{get,set}(c->notes, "ssl") with conn_config.  if this approach 
> is ok, there are a few more c->notes table entries that could be moved to
> the conn_config.
> 
> Index: modules/ssl/mod_ssl.c
> ===================================================================
> RCS file: /home/cvs/httpd-2.0/modules/ssl/mod_ssl.c,v
> retrieving revision 1.31
> diff -u -r1.31 mod_ssl.c
> --- modules/ssl/mod_ssl.c	2001/10/11 01:49:21	1.31
> +++ modules/ssl/mod_ssl.c	2001/11/21 04:02:00
> @@ -224,11 +224,12 @@
>      SSL *ssl;
>      unsigned char *cpVHostID;
>      char *cpVHostMD5;
> +    SSLConnRec *sslconn = apr_pcalloc(c->pool, sizeof(*sslconn));
>  
>      /*
>       * Create SSL context
>       */
> -    apr_table_setn(c->notes, "ssl", NULL);
> +    myConnConfigSet(c, sslconn);
>  
>      /*
>       * Immediately stop processing if SSL is disabled for this connection
> @@ -258,7 +259,6 @@
>      if ((ssl = SSL_new(sc->pSSLCtx)) == NULL) {
>          ssl_log(c->base_server, SSL_LOG_ERROR|SSL_ADD_SSLERR,
>                  "Unable to create a new SSL connection from the SSL
> context");
> -        apr_table_setn(c->notes, "ssl", NULL);
>          c->aborted = 1;
>          return DECLINED; /* XXX */
>      }
> @@ -268,7 +268,6 @@
>              strlen(cpVHostMD5))) {
>          ssl_log(c->base_server, SSL_LOG_ERROR|SSL_ADD_SSLERR,
>                  "Unable to set session id context to `%s'", cpVHostMD5);
> -        apr_table_setn(c->notes, "ssl", NULL);
>          c->aborted = 1;
>          return DECLINED; /* XXX */
>      }
> @@ -278,7 +277,7 @@
>      apr_table_setn(apctx, "ssl::verify::depth", AP_CTX_NUM2PTR(0));
>      SSL_set_app_data2(ssl, apctx);
>  
> -    apr_table_setn(c->notes, "ssl", (const char *)ssl);
> +    sslconn->ssl = ssl;
>  
>      /*
>       *  Configure callbacks for SSL connection
> @@ -308,6 +307,7 @@
>  
>  static apr_status_t ssl_abort(SSLFilterRec *pRec, conn_rec *c)
>  {
> +    SSLConnRec *sslconn = myConnConfig(c);
>      /*
>       * try to gracefully shutdown the connection:
>       * - send an own shutdown message (be gracefully)
> @@ -320,7 +320,7 @@
>      SSL_smart_shutdown(pRec->pssl);
>      SSL_free(pRec->pssl);
>      pRec->pssl = NULL; /* so filters know we've been shutdown */
> -    apr_table_setn(c->notes, "ssl", NULL);
> +    sslconn->ssl = NULL;
>      c->aborted = 1;
>  
>      return APR_EGENERAL;
> Index: modules/ssl/mod_ssl.h
> ===================================================================
> RCS file: /home/cvs/httpd-2.0/modules/ssl/mod_ssl.h,v
> retrieving revision 1.34
> diff -u -r1.34 mod_ssl.h
> --- modules/ssl/mod_ssl.h	2001/10/11 01:49:21	1.34
> +++ modules/ssl/mod_ssl.h	2001/11/21 04:02:00
> @@ -196,6 +196,10 @@
>  #define cfgMergeBool(el)    cfgMerge(el, UNSET)
>  #define cfgMergeInt(el)     cfgMerge(el, UNSET)
>  
> +#define myConnConfig(c) \
> +(SSLConnRec *)ap_get_module_config(c->conn_config, &ssl_module)
> +#define myConnConfigSet(c, val) \
> +ap_set_module_config(c->conn_config, &ssl_module, val)
>  #define myModConfig(srv) (SSLModConfigRec *)ssl_util_getmodconfig(srv,
> "ssl_module")
>  #define mySrvConfig(srv) (SSLSrvConfigRec
> *)ap_get_module_config(srv->module_config,  &ssl_module)
>  #define myDirConfig(req) (SSLDirConfigRec
> *)ap_get_module_config(req->per_dir_config, &ssl_module)
> @@ -445,6 +449,10 @@
>      apr_bucket_brigade *rawb;               /* encrypted input */
>      apr_bucket_brigade *b;                  /* decrypted input */
>  } SSLFilterRec;
> +
> +typedef struct {
> +    SSL *ssl;
> +} SSLConnRec;
>  
>  typedef struct {
>      apr_pool_t     *pPool;
> Index: modules/ssl/ssl_engine_kernel.c
> ===================================================================
> RCS file: /home/cvs/httpd-2.0/modules/ssl/ssl_engine_kernel.c,v
> retrieving revision 1.20
> diff -u -r1.20 ssl_engine_kernel.c
> --- modules/ssl/ssl_engine_kernel.c	2001/11/12 22:01:14	1.20
> +++ modules/ssl/ssl_engine_kernel.c	2001/11/21 04:02:02
> @@ -146,7 +146,7 @@
>  
>      /* deallocate the SSL connection */
>      SSL_free(ssl);
> -    apr_table_setn(conn->notes, "ssl", NULL);
> +    sslconn->ssl = NULL;
>      filter->pssl = NULL; /* so filters know we've been shutdown */
>  
>      return APR_SUCCESS;
> @@ -157,6 +157,7 @@
>   */
>  int ssl_hook_ReadReq(request_rec *r)
>  {
> +    SSLConnRec *sslconn = myConnConfig(r->connection);
>      SSL *ssl;
>      apr_table_t *apctx;
>  
> @@ -164,7 +165,7 @@
>       * Get the SSL connection structure and perform the
>       * delayed interlinking from SSL back to request_rec
>       */
> -    ssl = (SSL *)apr_table_get(r->connection->notes, "ssl");
> +    ssl = sslconn->ssl;
>      if (ssl != NULL) {
>          apctx = (apr_table_t *)SSL_get_app_data2(ssl);
>          apr_table_setn(apctx, "ssl::request_rec", (const char *)r);
> @@ -191,7 +192,9 @@
>   */
>  int ssl_hook_Translate(request_rec *r)
>  {
> -    if (apr_table_get(r->connection->notes, "ssl") == NULL)
> +    SSLConnRec *sslconn = myConnConfig(r->connection);
> +
> +    if (sslconn->ssl == NULL)
>          return DECLINED;
>  
>      /*
> @@ -289,13 +292,13 @@
>                                   int argi, long argl, long rc)
>  {
>      request_rec *r = (request_rec *)BIO_get_callback_arg(bio);
> -    SSL *ssl;
> +    SSLConnRec *sslconn = myConnConfig(r->connection);
> +    SSL *ssl = sslconn->ssl;
>  
>      int is_failed_read = (cmd == (BIO_CB_READ|BIO_CB_RETURN) && (rc ==
> -1));
>      int is_flush       = ((cmd == BIO_CB_CTRL) && (argi ==
> BIO_CTRL_FLUSH));
>  
>      if (is_flush || is_failed_read) {
> -        ssl = (SSL *)apr_table_get(r->connection->notes, "ssl");
>          /* disable this callback to prevent recursion
>           * and leave a "note" so the input filter leaves the rbio
>           * as-as
> @@ -340,6 +343,7 @@
>  {
>      SSLDirConfigRec *dc;
>      SSLSrvConfigRec *sc;
> +    SSLConnRec *sslconn;
>      SSL *ssl;
>      SSL_CTX *ctx = NULL;
>      apr_array_header_t *apRequirement;
> @@ -373,7 +377,8 @@
>  
>      dc  = myDirConfig(r);
>      sc  = mySrvConfig(r->server);
> -    ssl = (SSL *)apr_table_get(r->connection->notes, "ssl");
> +    sslconn = myConnConfig(r->connection);
> +    ssl = sslconn->ssl;
>      if (ssl != NULL)
>          ctx = SSL_get_SSL_CTX(ssl);
>  
> @@ -868,6 +873,7 @@
>   */
>  int ssl_hook_UserCheck(request_rec *r)
>  {
> +    SSLConnRec *sslconn = myConnConfig(r->connection);
>      SSLSrvConfigRec *sc = mySrvConfig(r->server);
>      SSLDirConfigRec *dc = myDirConfig(r);
>      char b1[MAX_STRING_LEN], b2[MAX_STRING_LEN];
> @@ -907,7 +913,7 @@
>       */
>      if (!sc->bEnabled)
>          return DECLINED;
> -    if (apr_table_get(r->connection->notes, "ssl") == NULL)
> +    if (sslconn->ssl == NULL)
>          return DECLINED;
>      if (!(dc->nOptions & SSL_OPT_FAKEBASICAUTH))
>          return DECLINED;
> @@ -1040,6 +1046,7 @@
>  
>  int ssl_hook_Fixup(request_rec *r)
>  {
> +    SSLConnRec *sslconn = myConnConfig(r->connection);
>      SSLSrvConfigRec *sc = mySrvConfig(r->server);
>      SSLDirConfigRec *dc = myDirConfig(r);
>      apr_table_t *e = r->subprocess_env;
> @@ -1054,7 +1061,7 @@
>       */
>      if (!sc->bEnabled)
>          return DECLINED;
> -    if ((ssl = (SSL *)apr_table_get(r->connection->notes, "ssl")) == NULL)
> +    if ((ssl = sslconn->ssl) == NULL)
>          return DECLINED;
>  
>      /*
> Index: modules/ssl/ssl_engine_vars.c
> ===================================================================
> RCS file: /home/cvs/httpd-2.0/modules/ssl/ssl_engine_vars.c,v
> retrieving revision 1.8
> diff -u -r1.8 ssl_engine_vars.c
> --- modules/ssl/ssl_engine_vars.c	2001/08/23 02:46:23	1.8
> +++ modules/ssl/ssl_engine_vars.c	2001/11/21 04:02:02
> @@ -89,6 +89,7 @@
>  
>  char *ssl_var_lookup(apr_pool_t *p, server_rec *s, conn_rec *c, request_rec
> *r, char *var)
>  {
> +    SSLConnRec *sslconn;
>      SSLModConfigRec *mc = myModConfig(s);
>      char *result;
>      BOOL resdup;
> @@ -169,6 +170,7 @@
>       * Connection stuff
>       */
>      if (result == NULL && c != NULL) {
> +        sslconn = myConnConfig(c);
>          if (strcEQ(var, "REMOTE_ADDR"))
>              result = c->remote_ip;
>          else if (strcEQ(var, "REMOTE_USER"))
> @@ -178,7 +180,7 @@
>          else if (strlen(var) > 4 && strcEQn(var, "SSL_", 4))
>              result = ssl_var_lookup_ssl(p, c, var+4);
>          else if (strcEQ(var, "HTTPS")) {
> -            if (apr_table_get(c->notes, "ssl") != NULL)
> +            if (sslconn->ssl != NULL)
>                  result = "on";
>              else
>                  result = "off";
> @@ -264,6 +266,7 @@
>  
>  static char *ssl_var_lookup_ssl(apr_pool_t *p, conn_rec *c, char *var)
>  {
> +    SSLConnRec *sslconn = myConnConfig(c);
>      char *result;
>      X509 *xs;
>      STACK_OF(X509) *sk;
> @@ -271,7 +274,7 @@
>  
>      result = NULL;
>  
> -    ssl = (SSL *)apr_table_get(c->notes, "ssl");
> +    ssl = sslconn->ssl;
>      if (strlen(var) > 8 && strcEQn(var, "VERSION_", 8)) {
>          result = ssl_var_lookup_ssl_version(p, var+8);
>      }
> @@ -493,6 +496,7 @@
>  
>  static char *ssl_var_lookup_ssl_cert_verify(apr_pool_t *p, conn_rec *c)
>  {
> +    SSLConnRec *sslconn = myConnConfig(c);
>      char *result;
>      long vrc;
>      char *verr;
> @@ -501,7 +505,7 @@
>      X509 *xs;
>  
>      result = NULL;
> -    ssl   = (SSL *) apr_table_get(c->notes, "ssl");
> +    ssl   = sslconn->ssl;
>      verr  = (char *)apr_table_get(c->notes, "ssl::verify::error");
>      vinfo = (char *)apr_table_get(c->notes, "ssl::verify::info");
>      vrc   = SSL_get_verify_result(ssl);
> @@ -524,6 +528,7 @@
>  
>  static char *ssl_var_lookup_ssl_cipher(apr_pool_t *p, conn_rec *c, char
> *var)
>  {
> +    SSLConnRec *sslconn = myConnConfig(c);    
>      char *result;
>      BOOL resdup;
>      int usekeysize, algkeysize;
> @@ -532,7 +537,7 @@
>      result = NULL;
>      resdup = TRUE;
>  
> -    ssl = (SSL *)apr_table_get(c->notes, "ssl");
> +    ssl = sslconn->ssl;
>      ssl_var_lookup_ssl_cipher_bits(ssl, &usekeysize, &algkeysize);
>  
>      if (strEQ(var, ""))
> @@ -627,9 +632,10 @@
>   */
>  static const char *ssl_var_log_handler_c(request_rec *r, char *a)
>  {
> +    SSLConnRec *sslconn = myConnConfig(r->connection);
>      char *result;
>  
> -    if (apr_table_get(r->connection->notes, "ssl") == NULL)
> +    if (sslconn->ssl == NULL)
>          return NULL;
>      result = NULL;
>      if (strEQ(a, "version"))
> @@ -655,10 +661,11 @@
>   */
>  static const char *ssl_var_log_handler_x(request_rec *r, char *a)
>  {
> +    SSLConnRec *sslconn = myConnConfig(r->connection);
>      char *result;
>  
>      result = NULL;
> -    if (apr_table_get(r->connection->notes, "ssl") != NULL)
> +    if (sslconn->ssl != NULL)
>          result = ssl_var_lookup(r->pool, r->server, r->connection, r, a);
>      if (result != NULL && result[0] == NUL)
>          result = NULL;
-- 
Ian Holsman          IanH@cnet.com
Performance Measurement & Analysis
CNET Networks   -   (415) 344-2608


Mime
View raw message