From notifications-return-418-archive-asf-public=cust-asf.ponee.io@httpd.apache.org  Thu Sep  9 14:41:22 2021
Return-Path: <notifications-return-418-archive-asf-public=cust-asf.ponee.io@httpd.apache.org>
X-Original-To: archive-asf-public@cust-asf.ponee.io
Delivered-To: archive-asf-public@cust-asf.ponee.io
Received: from mxout1-ec2-va.apache.org (mxout1-ec2-va.apache.org [3.227.148.255])
	by mx-eu-01.ponee.io (Postfix) with ESMTPS id 368D8180652
	for <archive-asf-public@cust-asf.ponee.io>; Thu,  9 Sep 2021 16:41:22 +0200 (CEST)
Received: from mail.apache.org (mailroute1-lw-us.apache.org [207.244.88.153])
	by mxout1-ec2-va.apache.org (ASF Mail Server at mxout1-ec2-va.apache.org) with SMTP id 641023EDF3
	for <archive-asf-public@cust-asf.ponee.io>; Thu,  9 Sep 2021 14:41:21 +0000 (UTC)
Received: (qmail 58880 invoked by uid 500); 9 Sep 2021 14:41:21 -0000
Mailing-List: contact notifications-help@httpd.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:notifications-help@httpd.apache.org>
List-Unsubscribe: <mailto:notifications-unsubscribe@httpd.apache.org>
List-Post: <mailto:notifications@httpd.apache.org>
List-Id: <notifications.httpd.apache.org>
Reply-To: dev@httpd.apache.org
Delivered-To: mailing list notifications@httpd.apache.org
Received: (qmail 58868 invoked by uid 99); 9 Sep 2021 14:41:21 -0000
Received: from ec2-52-202-80-70.compute-1.amazonaws.com (HELO gitbox.apache.org) (52.202.80.70)
    by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 09 Sep 2021 14:41:21 +0000
From: =?utf-8?q?GitBox?= <git@apache.org>
To: notifications@httpd.apache.org
Subject: =?utf-8?q?=5BGitHub=5D_=5Bhttpd=5D_icing_commented_on_a_change_in_pull_reque?=
 =?utf-8?q?st_=23203=3A_new_ap=5Fssl=5Fbind=5Foutgoing_for_multi_ssl_support?=
 =?utf-8?q?_in_proxy_connections?=
Message-ID: <163119848116.16310.17962262179949464227.asfpy@gitbox.apache.org>
Date: Thu, 09 Sep 2021 14:41:21 -0000
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
References: <httpd.203.MDExOlB1bGxSZXF1ZXN0Njg0MzIwOTg0.gitbox@gitbox.apache.org>
In-Reply-To: <httpd.203.MDExOlB1bGxSZXF1ZXN0Njg0MzIwOTg0.gitbox@gitbox.apache.org>


icing commented on a change in pull request #203:
URL: https://github.com/apache/httpd/pull/203#discussion_r705412937



##########
File path: server/ssl.c
##########
@@ -85,6 +96,77 @@ AP_DECLARE(int) ap_ssl_conn_is_ssl(conn_rec *c)
     return r;
 }
 
+static int ssl_engine_set(conn_rec *c,
+                          ap_conf_vector_t *per_dir_config,
+                          int proxy, int enable)
+{
+    if (proxy) {
+        return ap_ssl_bind_outgoing(c, per_dir_config, enable) == OK;
+    }
+    else if (module_ssl_engine_set) {
+        return module_ssl_engine_set(c, per_dir_config, 0, enable);
+    }
+    else if (enable && module_ssl_proxy_enable) {
+        return module_ssl_proxy_enable(c);
+    }
+    else if (!enable && module_ssl_engine_disable) {
+        return module_ssl_engine_disable(c);
+    }
+    return 0;
+}
+
+static int ssl_proxy_enable(conn_rec *c)
+{
+    return ap_ssl_bind_outgoing(c, NULL, 1);
+}
+
+static int ssl_engine_disable(conn_rec *c)
+{
+    return ap_ssl_bind_outgoing(c, NULL, 0);
+}
+
+AP_DECLARE(int) ap_ssl_bind_outgoing(conn_rec *c, struct ap_conf_vector_t *dir_conf,
+                                     int enable_ssl)
+{
+    int rv, enabled = 0;
+
+    c->outgoing = 1;
+    rv = ap_run_ssl_bind_outgoing(c, dir_conf, enable_ssl);
+    enabled = (rv == OK);
+    if (enable_ssl && !enabled) {
+        /* the hooks did not take over. Is there an old skool optional that will? */
+        if (module_ssl_engine_set) {
+            enabled = module_ssl_engine_set(c, dir_conf, 1, 1);
+        }
+        else if (module_ssl_proxy_enable) {
+            enabled = module_ssl_proxy_enable(c);
+        }
+    }
+    else {
+        /* !enable_ssl || enabled
+         * any existing optional funcs need to not enable here */
+        if (module_ssl_engine_set) {
+            module_ssl_engine_set(c, dir_conf, 1, 0);
+        }
+        else if (module_ssl_engine_disable) {
+            module_ssl_engine_disable(c);
+        }
+    }
+    if (enable_ssl && !enabled) {
+        ap_log_cerror(APLOG_MARK, APLOG_ERR, 0,
+                      c, APLOGNO(01961) " failed to enable ssl support "
+                      "[Hint: if using mod_ssl, see SSLProxyEngine]");
+        return DECLINED;
+    }
+    return OK;
+}
+
+AP_DECLARE(int) ap_ssl_has_outgoing_handlers(void)
+{
+    return (ap_hook_get_ssl_bind_outgoing() && ap_hook_get_ssl_bind_outgoing()->nelts > 0)
+        || module_ssl_engine_set || module_ssl_proxy_enable;

Review comment:
       Looks good.




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@httpd.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@httpd.apache.org
For additional commands, e-mail: notifications-help@httpd.apache.org