httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "MATHIHALLI,MADHUSUDAN (HP-Cupertino,ex1)" <madhusudan_mathiha...@hp.com>
Subject RE: [patch] mod_ssl + c->notes--
Date Wed, 21 Nov 2001 04:46:27 GMT
+1.. This is great !!.. The only reason I'd started off with c->notes was
that I wanted something to be persistant thru' the multiple requests.. This
solution would be ideal..

-Madhu


-----Original Message-----
From: Doug MacEachern [mailto:dougm@covalent.net]
Sent: Tuesday, November 20, 2001 8:30 PM
To: dev@httpd.apache.org
Subject: [patch] mod_ssl + c->notes--


mod_ssl currently does quite a bit of apr_table_{get,set}s.  it would be
much faster to use c->conn_config instead.  the patch below attaches a new
SSLConnRec structure to the c->conn_config and replaces all usage of
apr_table_{get,set}(c->notes, "ssl") with conn_config.  if this approach 
is ok, there are a few more c->notes table entries that could be moved to
the conn_config.

Index: modules/ssl/mod_ssl.c
===================================================================
RCS file: /home/cvs/httpd-2.0/modules/ssl/mod_ssl.c,v
retrieving revision 1.31
diff -u -r1.31 mod_ssl.c
--- modules/ssl/mod_ssl.c	2001/10/11 01:49:21	1.31
+++ modules/ssl/mod_ssl.c	2001/11/21 04:02:00
@@ -224,11 +224,12 @@
     SSL *ssl;
     unsigned char *cpVHostID;
     char *cpVHostMD5;
+    SSLConnRec *sslconn = apr_pcalloc(c->pool, sizeof(*sslconn));
 
     /*
      * Create SSL context
      */
-    apr_table_setn(c->notes, "ssl", NULL);
+    myConnConfigSet(c, sslconn);
 
     /*
      * Immediately stop processing if SSL is disabled for this connection
@@ -258,7 +259,6 @@
     if ((ssl = SSL_new(sc->pSSLCtx)) == NULL) {
         ssl_log(c->base_server, SSL_LOG_ERROR|SSL_ADD_SSLERR,
                 "Unable to create a new SSL connection from the SSL
context");
-        apr_table_setn(c->notes, "ssl", NULL);
         c->aborted = 1;
         return DECLINED; /* XXX */
     }
@@ -268,7 +268,6 @@
             strlen(cpVHostMD5))) {
         ssl_log(c->base_server, SSL_LOG_ERROR|SSL_ADD_SSLERR,
                 "Unable to set session id context to `%s'", cpVHostMD5);
-        apr_table_setn(c->notes, "ssl", NULL);
         c->aborted = 1;
         return DECLINED; /* XXX */
     }
@@ -278,7 +277,7 @@
     apr_table_setn(apctx, "ssl::verify::depth", AP_CTX_NUM2PTR(0));
     SSL_set_app_data2(ssl, apctx);
 
-    apr_table_setn(c->notes, "ssl", (const char *)ssl);
+    sslconn->ssl = ssl;
 
     /*
      *  Configure callbacks for SSL connection
@@ -308,6 +307,7 @@
 
 static apr_status_t ssl_abort(SSLFilterRec *pRec, conn_rec *c)
 {
+    SSLConnRec *sslconn = myConnConfig(c);
     /*
      * try to gracefully shutdown the connection:
      * - send an own shutdown message (be gracefully)
@@ -320,7 +320,7 @@
     SSL_smart_shutdown(pRec->pssl);
     SSL_free(pRec->pssl);
     pRec->pssl = NULL; /* so filters know we've been shutdown */
-    apr_table_setn(c->notes, "ssl", NULL);
+    sslconn->ssl = NULL;
     c->aborted = 1;
 
     return APR_EGENERAL;
Index: modules/ssl/mod_ssl.h
===================================================================
RCS file: /home/cvs/httpd-2.0/modules/ssl/mod_ssl.h,v
retrieving revision 1.34
diff -u -r1.34 mod_ssl.h
--- modules/ssl/mod_ssl.h	2001/10/11 01:49:21	1.34
+++ modules/ssl/mod_ssl.h	2001/11/21 04:02:00
@@ -196,6 +196,10 @@
 #define cfgMergeBool(el)    cfgMerge(el, UNSET)
 #define cfgMergeInt(el)     cfgMerge(el, UNSET)
 
+#define myConnConfig(c) \
+(SSLConnRec *)ap_get_module_config(c->conn_config, &ssl_module)
+#define myConnConfigSet(c, val) \
+ap_set_module_config(c->conn_config, &ssl_module, val)
 #define myModConfig(srv) (SSLModConfigRec *)ssl_util_getmodconfig(srv,
"ssl_module")
 #define mySrvConfig(srv) (SSLSrvConfigRec
*)ap_get_module_config(srv->module_config,  &ssl_module)
 #define myDirConfig(req) (SSLDirConfigRec
*)ap_get_module_config(req->per_dir_config, &ssl_module)
@@ -445,6 +449,10 @@
     apr_bucket_brigade *rawb;               /* encrypted input */
     apr_bucket_brigade *b;                  /* decrypted input */
 } SSLFilterRec;
+
+typedef struct {
+    SSL *ssl;
+} SSLConnRec;
 
 typedef struct {
     apr_pool_t     *pPool;
Index: modules/ssl/ssl_engine_kernel.c
===================================================================
RCS file: /home/cvs/httpd-2.0/modules/ssl/ssl_engine_kernel.c,v
retrieving revision 1.20
diff -u -r1.20 ssl_engine_kernel.c
--- modules/ssl/ssl_engine_kernel.c	2001/11/12 22:01:14	1.20
+++ modules/ssl/ssl_engine_kernel.c	2001/11/21 04:02:02
@@ -146,7 +146,7 @@
 
     /* deallocate the SSL connection */
     SSL_free(ssl);
-    apr_table_setn(conn->notes, "ssl", NULL);
+    sslconn->ssl = NULL;
     filter->pssl = NULL; /* so filters know we've been shutdown */
 
     return APR_SUCCESS;
@@ -157,6 +157,7 @@
  */
 int ssl_hook_ReadReq(request_rec *r)
 {
+    SSLConnRec *sslconn = myConnConfig(r->connection);
     SSL *ssl;
     apr_table_t *apctx;
 
@@ -164,7 +165,7 @@
      * Get the SSL connection structure and perform the
      * delayed interlinking from SSL back to request_rec
      */
-    ssl = (SSL *)apr_table_get(r->connection->notes, "ssl");
+    ssl = sslconn->ssl;
     if (ssl != NULL) {
         apctx = (apr_table_t *)SSL_get_app_data2(ssl);
         apr_table_setn(apctx, "ssl::request_rec", (const char *)r);
@@ -191,7 +192,9 @@
  */
 int ssl_hook_Translate(request_rec *r)
 {
-    if (apr_table_get(r->connection->notes, "ssl") == NULL)
+    SSLConnRec *sslconn = myConnConfig(r->connection);
+
+    if (sslconn->ssl == NULL)
         return DECLINED;
 
     /*
@@ -289,13 +292,13 @@
                                  int argi, long argl, long rc)
 {
     request_rec *r = (request_rec *)BIO_get_callback_arg(bio);
-    SSL *ssl;
+    SSLConnRec *sslconn = myConnConfig(r->connection);
+    SSL *ssl = sslconn->ssl;
 
     int is_failed_read = (cmd == (BIO_CB_READ|BIO_CB_RETURN) && (rc ==
-1));
     int is_flush       = ((cmd == BIO_CB_CTRL) && (argi ==
BIO_CTRL_FLUSH));
 
     if (is_flush || is_failed_read) {
-        ssl = (SSL *)apr_table_get(r->connection->notes, "ssl");
         /* disable this callback to prevent recursion
          * and leave a "note" so the input filter leaves the rbio
          * as-as
@@ -340,6 +343,7 @@
 {
     SSLDirConfigRec *dc;
     SSLSrvConfigRec *sc;
+    SSLConnRec *sslconn;
     SSL *ssl;
     SSL_CTX *ctx = NULL;
     apr_array_header_t *apRequirement;
@@ -373,7 +377,8 @@
 
     dc  = myDirConfig(r);
     sc  = mySrvConfig(r->server);
-    ssl = (SSL *)apr_table_get(r->connection->notes, "ssl");
+    sslconn = myConnConfig(r->connection);
+    ssl = sslconn->ssl;
     if (ssl != NULL)
         ctx = SSL_get_SSL_CTX(ssl);
 
@@ -868,6 +873,7 @@
  */
 int ssl_hook_UserCheck(request_rec *r)
 {
+    SSLConnRec *sslconn = myConnConfig(r->connection);
     SSLSrvConfigRec *sc = mySrvConfig(r->server);
     SSLDirConfigRec *dc = myDirConfig(r);
     char b1[MAX_STRING_LEN], b2[MAX_STRING_LEN];
@@ -907,7 +913,7 @@
      */
     if (!sc->bEnabled)
         return DECLINED;
-    if (apr_table_get(r->connection->notes, "ssl") == NULL)
+    if (sslconn->ssl == NULL)
         return DECLINED;
     if (!(dc->nOptions & SSL_OPT_FAKEBASICAUTH))
         return DECLINED;
@@ -1040,6 +1046,7 @@
 
 int ssl_hook_Fixup(request_rec *r)
 {
+    SSLConnRec *sslconn = myConnConfig(r->connection);
     SSLSrvConfigRec *sc = mySrvConfig(r->server);
     SSLDirConfigRec *dc = myDirConfig(r);
     apr_table_t *e = r->subprocess_env;
@@ -1054,7 +1061,7 @@
      */
     if (!sc->bEnabled)
         return DECLINED;
-    if ((ssl = (SSL *)apr_table_get(r->connection->notes, "ssl")) == NULL)
+    if ((ssl = sslconn->ssl) == NULL)
         return DECLINED;
 
     /*
Index: modules/ssl/ssl_engine_vars.c
===================================================================
RCS file: /home/cvs/httpd-2.0/modules/ssl/ssl_engine_vars.c,v
retrieving revision 1.8
diff -u -r1.8 ssl_engine_vars.c
--- modules/ssl/ssl_engine_vars.c	2001/08/23 02:46:23	1.8
+++ modules/ssl/ssl_engine_vars.c	2001/11/21 04:02:02
@@ -89,6 +89,7 @@
 
 char *ssl_var_lookup(apr_pool_t *p, server_rec *s, conn_rec *c, request_rec
*r, char *var)
 {
+    SSLConnRec *sslconn;
     SSLModConfigRec *mc = myModConfig(s);
     char *result;
     BOOL resdup;
@@ -169,6 +170,7 @@
      * Connection stuff
      */
     if (result == NULL && c != NULL) {
+        sslconn = myConnConfig(c);
         if (strcEQ(var, "REMOTE_ADDR"))
             result = c->remote_ip;
         else if (strcEQ(var, "REMOTE_USER"))
@@ -178,7 +180,7 @@
         else if (strlen(var) > 4 && strcEQn(var, "SSL_", 4))
             result = ssl_var_lookup_ssl(p, c, var+4);
         else if (strcEQ(var, "HTTPS")) {
-            if (apr_table_get(c->notes, "ssl") != NULL)
+            if (sslconn->ssl != NULL)
                 result = "on";
             else
                 result = "off";
@@ -264,6 +266,7 @@
 
 static char *ssl_var_lookup_ssl(apr_pool_t *p, conn_rec *c, char *var)
 {
+    SSLConnRec *sslconn = myConnConfig(c);
     char *result;
     X509 *xs;
     STACK_OF(X509) *sk;
@@ -271,7 +274,7 @@
 
     result = NULL;
 
-    ssl = (SSL *)apr_table_get(c->notes, "ssl");
+    ssl = sslconn->ssl;
     if (strlen(var) > 8 && strcEQn(var, "VERSION_", 8)) {
         result = ssl_var_lookup_ssl_version(p, var+8);
     }
@@ -493,6 +496,7 @@
 
 static char *ssl_var_lookup_ssl_cert_verify(apr_pool_t *p, conn_rec *c)
 {
+    SSLConnRec *sslconn = myConnConfig(c);
     char *result;
     long vrc;
     char *verr;
@@ -501,7 +505,7 @@
     X509 *xs;
 
     result = NULL;
-    ssl   = (SSL *) apr_table_get(c->notes, "ssl");
+    ssl   = sslconn->ssl;
     verr  = (char *)apr_table_get(c->notes, "ssl::verify::error");
     vinfo = (char *)apr_table_get(c->notes, "ssl::verify::info");
     vrc   = SSL_get_verify_result(ssl);
@@ -524,6 +528,7 @@
 
 static char *ssl_var_lookup_ssl_cipher(apr_pool_t *p, conn_rec *c, char
*var)
 {
+    SSLConnRec *sslconn = myConnConfig(c);    
     char *result;
     BOOL resdup;
     int usekeysize, algkeysize;
@@ -532,7 +537,7 @@
     result = NULL;
     resdup = TRUE;
 
-    ssl = (SSL *)apr_table_get(c->notes, "ssl");
+    ssl = sslconn->ssl;
     ssl_var_lookup_ssl_cipher_bits(ssl, &usekeysize, &algkeysize);
 
     if (strEQ(var, ""))
@@ -627,9 +632,10 @@
  */
 static const char *ssl_var_log_handler_c(request_rec *r, char *a)
 {
+    SSLConnRec *sslconn = myConnConfig(r->connection);
     char *result;
 
-    if (apr_table_get(r->connection->notes, "ssl") == NULL)
+    if (sslconn->ssl == NULL)
         return NULL;
     result = NULL;
     if (strEQ(a, "version"))
@@ -655,10 +661,11 @@
  */
 static const char *ssl_var_log_handler_x(request_rec *r, char *a)
 {
+    SSLConnRec *sslconn = myConnConfig(r->connection);
     char *result;
 
     result = NULL;
-    if (apr_table_get(r->connection->notes, "ssl") != NULL)
+    if (sslconn->ssl != NULL)
         result = ssl_var_lookup(r->pool, r->server, r->connection, r, a);
     if (result != NULL && result[0] == NUL)
         result = NULL;

Mime
View raw message