httpd-notifications mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From GitBox <...@apache.org>
Subject [GitHub] [httpd] icing commented on a change in pull request #203: new ap_ssl_bind_outgoing for multi ssl support in proxy connections
Date Tue, 07 Sep 2021 08:39:53 GMT

icing commented on a change in pull request #203:
URL: https://github.com/apache/httpd/pull/203#discussion_r703304311



##########
File path: server/ssl.c
##########
@@ -85,6 +96,77 @@ AP_DECLARE(int) ap_ssl_conn_is_ssl(conn_rec *c)
     return r;
 }
 
+static int ssl_engine_set(conn_rec *c,
+                          ap_conf_vector_t *per_dir_config,
+                          int proxy, int enable)
+{
+    if (proxy) {
+        return ap_ssl_bind_outgoing(c, per_dir_config, enable) == OK;
+    }
+    else if (module_ssl_engine_set) {
+        return module_ssl_engine_set(c, per_dir_config, 0, enable);
+    }
+    else if (enable && module_ssl_proxy_enable) {
+        return module_ssl_proxy_enable(c);
+    }
+    else if (!enable && module_ssl_engine_disable) {
+        return module_ssl_engine_disable(c);
+    }
+    return 0;
+}
+
+static int ssl_proxy_enable(conn_rec *c)
+{
+    return ap_ssl_bind_outgoing(c, NULL, 1);
+}
+
+static int ssl_engine_disable(conn_rec *c)
+{
+    return ap_ssl_bind_outgoing(c, NULL, 0);
+}
+
+AP_DECLARE(int) ap_ssl_bind_outgoing(conn_rec *c, struct ap_conf_vector_t *dir_conf,
+                                     int enable_ssl)
+{
+    int rv, enabled = 0;
+
+    c->outgoing = 1;
+    rv = ap_run_ssl_bind_outgoing(c, dir_conf, enable_ssl);
+    enabled = (rv == OK);
+    if (enable_ssl && !enabled) {
+        /* the hooks did not take over. Is there an old skool optional that will? */
+        if (module_ssl_engine_set) {
+            enabled = module_ssl_engine_set(c, dir_conf, 1, 1);
+        }
+        else if (module_ssl_proxy_enable) {
+            enabled = module_ssl_proxy_enable(c);
+        }
+    }
+    else {
+        /* !enable_ssl || enabled
+         * any existing optional funcs need to not enable here */
+        if (module_ssl_engine_set) {
+            module_ssl_engine_set(c, dir_conf, 1, 0);
+        }
+        else if (module_ssl_engine_disable) {
+            module_ssl_engine_disable(c);
+        }
+    }
+    if (enable_ssl && !enabled) {
+        ap_log_cerror(APLOG_MARK, APLOG_ERR, 0,
+                      c, APLOGNO(01961) " failed to enable ssl support "
+                      "[Hint: if using mod_ssl, see SSLProxyEngine]");
+        return DECLINED;
+    }
+    return OK;
+}
+
+AP_DECLARE(int) ap_ssl_has_outgoing_handlers(void)
+{
+    return (_hooks.link_ssl_bind_outgoing && _hooks.link_ssl_bind_outgoing->nelts
> 0)

Review comment:
       There are checks in mod_proxy and friends on a NULL connection to see if ssl can be
possibly enabled at all or if not ssl module is present. Is there a better way to check if
any callbacks have registered at the hook?




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@httpd.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@httpd.apache.org
For additional commands, e-mail: notifications-help@httpd.apache.org


Mime
View raw message