You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by ic...@apache.org on 2021/03/26 11:27:34 UTC
svn commit: r1888083 - in /httpd/httpd/trunk: ./ build/ changes-entries/
include/ modules/filters/ modules/http2/ modules/loggers/ modules/mappers/
modules/md/ modules/metadata/ modules/proxy/ modules/ssl/ server/
Author: icing
Date: Fri Mar 26 11:27:34 2021
New Revision: 1888083
URL: http://svn.apache.org/viewvc?rev=1888083&view=rev
Log:
*) core: provide ap_ssl_* functions in new http_ssl.h header file.
Added:
httpd/httpd/trunk/changes-entries/core_httpd_ssl.txt
httpd/httpd/trunk/include/http_ssl.h
httpd/httpd/trunk/server/ssl.c
Modified:
httpd/httpd/trunk/CMakeLists.txt
httpd/httpd/trunk/build/nw_export.inc
httpd/httpd/trunk/include/ap_mmn.h
httpd/httpd/trunk/include/http_protocol.h
httpd/httpd/trunk/libhttpd.dsp
httpd/httpd/trunk/modules/filters/mod_deflate.c
httpd/httpd/trunk/modules/http2/h2_alt_svc.c
httpd/httpd/trunk/modules/http2/h2_conn_io.c
httpd/httpd/trunk/modules/http2/h2_h2.c
httpd/httpd/trunk/modules/http2/h2_switch.c
httpd/httpd/trunk/modules/loggers/mod_log_json.c
httpd/httpd/trunk/modules/mappers/mod_rewrite.c
httpd/httpd/trunk/modules/md/mod_md.c
httpd/httpd/trunk/modules/metadata/mod_headers.c
httpd/httpd/trunk/modules/proxy/mod_proxy.h
httpd/httpd/trunk/modules/ssl/ssl_private.h
httpd/httpd/trunk/server/Makefile.in
httpd/httpd/trunk/server/core.c
httpd/httpd/trunk/server/protocol.c
httpd/httpd/trunk/server/util_expr_eval.c
Modified: httpd/httpd/trunk/CMakeLists.txt
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/CMakeLists.txt?rev=1888083&r1=1888082&r2=1888083&view=diff
==============================================================================
--- httpd/httpd/trunk/CMakeLists.txt (original)
+++ httpd/httpd/trunk/CMakeLists.txt Fri Mar 26 11:27:34 2021
@@ -712,6 +712,7 @@ SET(LIBHTTPD_SOURCES
server/protocol.c
server/provider.c
server/request.c
+ server/ssl.c
server/scoreboard.c
server/util.c
server/util_cfgtree.c
Modified: httpd/httpd/trunk/build/nw_export.inc
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/build/nw_export.inc?rev=1888083&r1=1888082&r2=1888083&view=diff
==============================================================================
--- httpd/httpd/trunk/build/nw_export.inc (original)
+++ httpd/httpd/trunk/build/nw_export.inc Fri Mar 26 11:27:34 2021
@@ -54,6 +54,7 @@
#include "http_main.h"
#include "http_protocol.h"
#include "http_request.h"
+#include "http_ssl.h"
#include "http_vhost.h"
#include "mpm_common.h"
#include "ap_regex.h"
Added: httpd/httpd/trunk/changes-entries/core_httpd_ssl.txt
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/changes-entries/core_httpd_ssl.txt?rev=1888083&view=auto
==============================================================================
--- httpd/httpd/trunk/changes-entries/core_httpd_ssl.txt (added)
+++ httpd/httpd/trunk/changes-entries/core_httpd_ssl.txt Fri Mar 26 11:27:34 2021
@@ -0,0 +1,2 @@
+ *) core: provide ap_ssl_* functions in new http_ssl.h header file.
+ [Stefan Eissing]
Modified: httpd/httpd/trunk/include/ap_mmn.h
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/include/ap_mmn.h?rev=1888083&r1=1888082&r2=1888083&view=diff
==============================================================================
--- httpd/httpd/trunk/include/ap_mmn.h (original)
+++ httpd/httpd/trunk/include/ap_mmn.h Fri Mar 26 11:27:34 2021
@@ -666,6 +666,7 @@
* 20201214.0 (2.5.1-dev) Axe struct core_net_rec
* 20201214.1 (2.5.1-dev) Add ap_ssl_conn_is_ssl()/ap_ssl_var_lookup() and hooks
* 20201214.2 (2.5.1-dev) Add ap_ssl_add_cert_files, ap_ssl_add_fallback_cert_files
+ * 20201214.3 (2.5.1-dev) Move ap_ssl_* into new http_ssl.h header file
*/
#define MODULE_MAGIC_COOKIE 0x41503235UL /* "AP25" */
@@ -673,7 +674,7 @@
#ifndef MODULE_MAGIC_NUMBER_MAJOR
#define MODULE_MAGIC_NUMBER_MAJOR 20201214
#endif
-#define MODULE_MAGIC_NUMBER_MINOR 2 /* 0...n */
+#define MODULE_MAGIC_NUMBER_MINOR 3 /* 0...n */
/**
* Determine if the server's current MODULE_MAGIC_NUMBER is at least a
Modified: httpd/httpd/trunk/include/http_protocol.h
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/include/http_protocol.h?rev=1888083&r1=1888082&r2=1888083&view=diff
==============================================================================
--- httpd/httpd/trunk/include/http_protocol.h (original)
+++ httpd/httpd/trunk/include/http_protocol.h Fri Mar 26 11:27:34 2021
@@ -1048,162 +1048,6 @@ AP_DECLARE(void) ap_finalize_sub_req_pro
AP_DECLARE(void) ap_send_interim_response(request_rec *r, int send_headers);
-/**
- * Setup optional functions for ssl related queries so that functions
- * registered by old-style SSL module functions are interrogated by the
- * the new ap_is_ssl() and friends. Installs own optional functions, so that
- * old modules looking for these find one and get the correct results (shadowing).
- *
- * Needs to run in core's very early POST_CONFIG hook.
- * Modules providing such functions register their own optionals during
- * register_hooks(). Modules using such functions retrieve them often
- * in their own post-config or in the even later retrieval hook. When shadowing
- * other modules functions, core's early post-config is a good time.
- * @param pool The pool to use for allocations
- */
-AP_DECLARE(void) ap_setup_ssl_optional_fns(apr_pool_t *pool);
-
-/**
- * This hook allows modules that manage SSL connection to register their
- * inquiry function for checking if a connection is using SSL from them.
- * @param c The current connection
- * @return OK if the connection is using SSL, DECLINED if not.
- * @ingroup hooks
- */
-AP_DECLARE_HOOK(int,ssl_conn_is_ssl,(conn_rec *c))
-
-/**
- * This hook allows modules to look up SSL related variables for a
- * server/connection/request, depending on what they inquire. Some
- * variables will only be available for a connection/request, for example.
- * @param p The pool to allocate a returned value in, MUST be provided
- * @param s The server to inquire a value for, maybe NULL
- * @param c The current connection, maybe NULL
- * @param r The current request, maybe NULL
- * @param name The name of the variable to retrieve, MUST be provided
- * @return value or the variable or NULL if not provided/available
- * @ingroup hooks
- */
-AP_DECLARE_HOOK(const char *,ssl_var_lookup,
- (apr_pool_t *p, server_rec *s, conn_rec *c, request_rec *r, const char *name))
-
-/**
- * Return != 0 iff the connection is encrypted with SSL.
- * @param c the connection
- */
-AP_DECLARE(int) ap_ssl_conn_is_ssl(conn_rec *c);
-
-/**
- * Lookup an SSL related variable for the server/connection/request or a global
- * value when all those parameters are set to NULL. Pool and name must always be
- * provided and the returned value (if not NULL) will be allocated fromt he pool.
- * @param p The pool to allocate a returned value in, MUST be provided
- * @param s The server to inquire a value for, maybe NULL
- * @param c The current connection, maybe NULL
- * @param r The current request, maybe NULL
- * @param name The name of the variable to retrieve, MUST be provided
- * @return value or the variable or NULL if not provided/available
- */
-AP_DECLARE(const char *) ap_ssl_var_lookup(apr_pool_t *p, server_rec *s,
- conn_rec *c, request_rec *r,
- const char *name);
-
-/**
- * Register to provide certificate/key files for servers. Certificate files are
- * exepcted to contain the certificate chain, beginning with the server's certificate,
- * excluding the trust anchor, in PEM format.
- * They must be accompanied by a private key file, also in PEM format.
- *
- * @param s the server certificates are collected for
- * @param p the pool to use for allocations
- * @param cert_file and array of const char* with the path to the certificate chain
- * @param key_file and array of const char* with the path to the private key file
- * @return OK if files were added, DECLINED if not, or other for error.
- */
-
-AP_DECLARE_HOOK(int, ssl_add_cert_files, (server_rec *s, apr_pool_t *p,
- apr_array_header_t *cert_files,
- apr_array_header_t *key_files))
-
-/**
- * Collect certificate/key files from all providers registered. This includes
- * providers registered at the global 'ssl_add_cert_files', as well as those
- * installed in the OPTIONAL 'ssl_add_cert_files' hook as may be provided by
- * ssl modules.
- *
- * @param s the server certificates are collected for
- * @param p the pool to use for allocations
- * @param cert_file and array of const char* with the path to the certificate chain
- * @param key_file and array of const char* with the path to the private key file
- */
-AP_DECLARE(apr_status_t) ap_ssl_add_cert_files(server_rec *s, apr_pool_t *p,
- apr_array_header_t *cert_files,
- apr_array_header_t *key_files);
-
-
-/**
- * Register to provide 'fallback' certificates in case no 'real' certificates
- * have been configured/added by other providers. Modules using these certificates
- * are encouraged to answer requests to this server with a 503 response code.
- *
- * @param s the server certificates are collected for
- * @param p the pool to use for allocations
- * @param cert_file and array of const char* with the path to the certificate chain
- * @param key_file and array of const char* with the path to the private key file
- * @return OK if files were added, DECLINED if not, or other for error.
- */
-AP_DECLARE_HOOK(int, ssl_add_fallback_cert_files, (server_rec *s, apr_pool_t *p,
- apr_array_header_t *cert_files,
- apr_array_header_t *key_files))
-
-/**
- * Collect 'fallback' certificate/key files from all registered providers, either
- * in the global 'ssl_add_fallback_cert_files' hook or the optional one of similar
- * name as provided by mod_ssl and sorts.
- * Certificates obtained this way are commonly self signed, temporary crutches.
- * To be used to the time it takes to retrieve a 'read', trusted certificate.
- * A module using fallbacks is encouraged to answer all requests with a 503.
- *
- * @param s the server certificates are collected for
- * @param p the pool to use for allocations
- * @param cert_file and array of const char* with the path to the certificate chain
- * @param key_file and array of const char* with the path to the private key file
- */
-AP_DECLARE(apr_status_t) ap_ssl_add_fallback_cert_files(server_rec *s, apr_pool_t *p,
- apr_array_header_t *cert_files,
- apr_array_header_t *key_files);
-
-
-/**
- * On TLS connections that do not relate to a configured virtual host
- * allow modules to provide a certificate and key to be used on the connection.
- *
- * A Certificate PEM added must be accompanied by a private key PEM. The private
- * key PEM may be given by a NULL pointer, in which case it is expected to be found in
- * the certificate PEM string.
- */
-AP_DECLARE_HOOK(int, ssl_answer_challenge, (conn_rec *c, const char *server_name,
- const char **pcert_pem, const char **pkey_pem))
-
-/**
- * Returns != 0 iff the connection is a challenge to the server, for example
- * as defined in RFC 8555 for the 'tls-alpn-01' domain verification, and needs
- * a specific certificate as answer in the handshake.
- *
- * ALPN protocol negotiation via the hooks 'protocol_propose' and 'protocol_switch'
- * need to have run before this call is made.
- *
- * Certificate PEMs added must be accompanied by a private key PEM. The private
- * key PEM may be given by a NULL pointer, in which case it is expected to be found in
- * the certificate PEM string.
- *
- * A certificate provided this way needs to replace any other certificates selected
- * by configuration or 'ssl_add_cert_pems` on this connection.
- */
-AP_DECLARE(int) ap_ssl_answer_challenge(conn_rec *c, const char *server_name,
- const char **pcert_pem, const char **pkey_pem);
-
-
#ifdef __cplusplus
}
#endif
Added: httpd/httpd/trunk/include/http_ssl.h
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/include/http_ssl.h?rev=1888083&view=auto
==============================================================================
--- httpd/httpd/trunk/include/http_ssl.h (added)
+++ httpd/httpd/trunk/include/http_ssl.h Fri Mar 26 11:27:34 2021
@@ -0,0 +1,199 @@
+/* Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/**
+ * @file http_ssl.h
+ * @brief SSL protocol handling
+ *
+ * @defgroup APACHE_CORE_PROTO SSL Protocol Handling
+ * @ingroup APACHE_CORE
+ * @{
+ */
+
+#ifndef APACHE_HTTP_SSL_H
+#define APACHE_HTTP_SSL_H
+
+#include "httpd.h"
+#include "apr_portable.h"
+#include "apr_mmap.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * This hook allows modules that manage SSL connection to register their
+ * inquiry function for checking if a connection is using SSL from them.
+ * @param c The current connection
+ * @return OK if the connection is using SSL, DECLINED if not.
+ * @ingroup hooks
+ */
+AP_DECLARE_HOOK(int,ssl_conn_is_ssl,(conn_rec *c))
+
+/**
+ * Return != 0 iff the connection is encrypted with SSL.
+ * @param c the connection
+ */
+AP_DECLARE(int) ap_ssl_conn_is_ssl(conn_rec *c);
+
+/**
+ * This hook allows modules to look up SSL related variables for a
+ * server/connection/request, depending on what they inquire. Some
+ * variables will only be available for a connection/request, for example.
+ * @param p The pool to allocate a returned value in, MUST be provided
+ * @param s The server to inquire a value for, maybe NULL
+ * @param c The current connection, maybe NULL
+ * @param r The current request, maybe NULL
+ * @param name The name of the variable to retrieve, MUST be provided
+ * @return value or the variable or NULL if not provided/available
+ * @ingroup hooks
+ */
+AP_DECLARE_HOOK(const char *,ssl_var_lookup,
+ (apr_pool_t *p, server_rec *s, conn_rec *c, request_rec *r, const char *name))
+
+/**
+ * Lookup an SSL related variable for the server/connection/request or a global
+ * value when all those parameters are set to NULL. Pool and name must always be
+ * provided and the returned value (if not NULL) will be allocated fromt he pool.
+ * @param p The pool to allocate a returned value in, MUST be provided
+ * @param s The server to inquire a value for, maybe NULL
+ * @param c The current connection, maybe NULL
+ * @param r The current request, maybe NULL
+ * @param name The name of the variable to retrieve, MUST be provided
+ * @return value or the variable or NULL if not provided/available
+ */
+AP_DECLARE(const char *) ap_ssl_var_lookup(apr_pool_t *p, server_rec *s,
+ conn_rec *c, request_rec *r,
+ const char *name);
+
+/**
+ * Register to provide certificate/key files for servers. Certificate files are
+ * exepcted to contain the certificate chain, beginning with the server's certificate,
+ * excluding the trust anchor, in PEM format.
+ * They must be accompanied by a private key file, also in PEM format.
+ *
+ * @param s the server certificates are collected for
+ * @param p the pool to use for allocations
+ * @param cert_file and array of const char* with the path to the certificate chain
+ * @param key_file and array of const char* with the path to the private key file
+ * @return OK if files were added, DECLINED if not, or other for error.
+ */
+
+AP_DECLARE_HOOK(int, ssl_add_cert_files, (server_rec *s, apr_pool_t *p,
+ apr_array_header_t *cert_files,
+ apr_array_header_t *key_files))
+
+/**
+ * Collect certificate/key files from all providers registered. This includes
+ * providers registered at the global 'ssl_add_cert_files', as well as those
+ * installed in the OPTIONAL 'ssl_add_cert_files' hook as may be provided by
+ * ssl modules.
+ *
+ * @param s the server certificates are collected for
+ * @param p the pool to use for allocations
+ * @param cert_file and array of const char* with the path to the certificate chain
+ * @param key_file and array of const char* with the path to the private key file
+ */
+AP_DECLARE(apr_status_t) ap_ssl_add_cert_files(server_rec *s, apr_pool_t *p,
+ apr_array_header_t *cert_files,
+ apr_array_header_t *key_files);
+
+
+/**
+ * Register to provide 'fallback' certificates in case no 'real' certificates
+ * have been configured/added by other providers. Modules using these certificates
+ * are encouraged to answer requests to this server with a 503 response code.
+ *
+ * @param s the server certificates are collected for
+ * @param p the pool to use for allocations
+ * @param cert_file and array of const char* with the path to the certificate chain
+ * @param key_file and array of const char* with the path to the private key file
+ * @return OK if files were added, DECLINED if not, or other for error.
+ */
+AP_DECLARE_HOOK(int, ssl_add_fallback_cert_files, (server_rec *s, apr_pool_t *p,
+ apr_array_header_t *cert_files,
+ apr_array_header_t *key_files))
+
+/**
+ * Collect 'fallback' certificate/key files from all registered providers, either
+ * in the global 'ssl_add_fallback_cert_files' hook or the optional one of similar
+ * name as provided by mod_ssl and sorts.
+ * Certificates obtained this way are commonly self signed, temporary crutches.
+ * To be used to the time it takes to retrieve a 'read', trusted certificate.
+ * A module using fallbacks is encouraged to answer all requests with a 503.
+ *
+ * @param s the server certificates are collected for
+ * @param p the pool to use for allocations
+ * @param cert_file and array of const char* with the path to the certificate chain
+ * @param key_file and array of const char* with the path to the private key file
+ */
+AP_DECLARE(apr_status_t) ap_ssl_add_fallback_cert_files(server_rec *s, apr_pool_t *p,
+ apr_array_header_t *cert_files,
+ apr_array_header_t *key_files);
+
+
+/**
+ * On TLS connections that do not relate to a configured virtual host
+ * allow modules to provide a certificate and key to be used on the connection.
+ *
+ * A Certificate PEM added must be accompanied by a private key PEM. The private
+ * key PEM may be given by a NULL pointer, in which case it is expected to be found in
+ * the certificate PEM string.
+ */
+AP_DECLARE_HOOK(int, ssl_answer_challenge, (conn_rec *c, const char *server_name,
+ const char **pcert_pem, const char **pkey_pem))
+
+/**
+ * Returns != 0 iff the connection is a challenge to the server, for example
+ * as defined in RFC 8555 for the 'tls-alpn-01' domain verification, and needs
+ * a specific certificate as answer in the handshake.
+ *
+ * ALPN protocol negotiation via the hooks 'protocol_propose' and 'protocol_switch'
+ * need to have run before this call is made.
+ *
+ * Certificate PEMs added must be accompanied by a private key PEM. The private
+ * key PEM may be given by a NULL pointer, in which case it is expected to be found in
+ * the certificate PEM string.
+ *
+ * A certificate provided this way needs to replace any other certificates selected
+ * by configuration or 'ssl_add_cert_pems` on this connection.
+ */
+AP_DECLARE(int) ap_ssl_answer_challenge(conn_rec *c, const char *server_name,
+ const char **pcert_pem, const char **pkey_pem);
+
+
+/**
+ * Setup optional functions for ssl related queries so that functions
+ * registered by old-style SSL module functions are interrogated by the
+ * the new ap_is_ssl() and friends. Installs own optional functions, so that
+ * old modules looking for these find one and get the correct results (shadowing).
+ *
+ * Needs to run in core's very early POST_CONFIG hook.
+ * Modules providing such functions register their own optionals during
+ * register_hooks(). Modules using such functions retrieve them often
+ * in their own post-config or in the even later retrieval hook. When shadowing
+ * other modules functions, core's early post-config is a good time.
+ * @param pool The pool to use for allocations
+ */
+AP_DECLARE(void) ap_setup_ssl_optional_fns(apr_pool_t *pool);
+
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* !APACHE_HTTP_SSL_H */
+/** @} */
Modified: httpd/httpd/trunk/libhttpd.dsp
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/libhttpd.dsp?rev=1888083&r1=1888082&r2=1888083&view=diff
==============================================================================
--- httpd/httpd/trunk/libhttpd.dsp (original)
+++ httpd/httpd/trunk/libhttpd.dsp Fri Mar 26 11:27:34 2021
@@ -193,6 +193,10 @@ SOURCE=.\include\http_request.h
# End Source File
# Begin Source File
+SOURCE=.\include\http_ssl.h
+# End Source File
+# Begin Source File
+
SOURCE=.\include\http_vhost.h
# End Source File
# Begin Source File
@@ -477,6 +481,10 @@ SOURCE=.\server\request.c
# End Source File
# Begin Source File
+SOURCE=.\server\ssl.c
+# End Source File
+# Begin Source File
+
SOURCE=.\server\vhost.c
# End Source File
# End Group
Modified: httpd/httpd/trunk/modules/filters/mod_deflate.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/filters/mod_deflate.c?rev=1888083&r1=1888082&r2=1888083&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/filters/mod_deflate.c (original)
+++ httpd/httpd/trunk/modules/filters/mod_deflate.c Fri Mar 26 11:27:34 2021
@@ -45,6 +45,7 @@
#include "apr_buckets.h"
#include "http_protocol.h"
#include "http_request.h"
+#include "http_ssl.h"
#define APR_WANT_STRFUNC
#include "apr_want.h"
Modified: httpd/httpd/trunk/modules/http2/h2_alt_svc.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/http2/h2_alt_svc.c?rev=1888083&r1=1888082&r2=1888083&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/http2/h2_alt_svc.c (original)
+++ httpd/httpd/trunk/modules/http2/h2_alt_svc.c Fri Mar 26 11:27:34 2021
@@ -19,6 +19,7 @@
#include <http_core.h>
#include <http_connection.h>
#include <http_protocol.h>
+#include <http_ssl.h>
#include <http_log.h>
#include "h2_private.h"
Modified: httpd/httpd/trunk/modules/http2/h2_conn_io.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/http2/h2_conn_io.c?rev=1888083&r1=1888082&r2=1888083&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/http2/h2_conn_io.c (original)
+++ httpd/httpd/trunk/modules/http2/h2_conn_io.c Fri Mar 26 11:27:34 2021
@@ -24,6 +24,7 @@
#include <http_connection.h>
#include <http_protocol.h>
#include <http_request.h>
+#include <http_ssl.h>
#include "h2_private.h"
#include "h2_bucket_eos.h"
Modified: httpd/httpd/trunk/modules/http2/h2_h2.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/http2/h2_h2.c?rev=1888083&r1=1888082&r2=1888083&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/http2/h2_h2.c (original)
+++ httpd/httpd/trunk/modules/http2/h2_h2.c Fri Mar 26 11:27:34 2021
@@ -26,6 +26,7 @@
#include <http_connection.h>
#include <http_protocol.h>
#include <http_request.h>
+#include <http_ssl.h>
#include <http_log.h>
#include "mod_http2.h"
Modified: httpd/httpd/trunk/modules/http2/h2_switch.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/http2/h2_switch.c?rev=1888083&r1=1888082&r2=1888083&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/http2/h2_switch.c (original)
+++ httpd/httpd/trunk/modules/http2/h2_switch.c Fri Mar 26 11:27:34 2021
@@ -25,6 +25,7 @@
#include <http_config.h>
#include <http_connection.h>
#include <http_protocol.h>
+#include <http_ssl.h>
#include <http_log.h>
#include "h2_private.h"
Modified: httpd/httpd/trunk/modules/loggers/mod_log_json.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/loggers/mod_log_json.c?rev=1888083&r1=1888082&r2=1888083&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/loggers/mod_log_json.c (original)
+++ httpd/httpd/trunk/modules/loggers/mod_log_json.c Fri Mar 26 11:27:34 2021
@@ -20,6 +20,7 @@
#include "http_log.h"
#include "http_protocol.h"
#include "http_request.h"
+#include "http_ssl.h"
#include "mod_log_config.h"
Modified: httpd/httpd/trunk/modules/mappers/mod_rewrite.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/mappers/mod_rewrite.c?rev=1888083&r1=1888082&r2=1888083&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/mappers/mod_rewrite.c (original)
+++ httpd/httpd/trunk/modules/mappers/mod_rewrite.c Fri Mar 26 11:27:34 2021
@@ -82,6 +82,7 @@
#include "http_core.h"
#include "http_log.h"
#include "http_protocol.h"
+#include "http_ssl.h"
#include "http_vhost.h"
#include "util_mutex.h"
Modified: httpd/httpd/trunk/modules/md/mod_md.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/md/mod_md.c?rev=1888083&r1=1888082&r2=1888083&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/md/mod_md.c (original)
+++ httpd/httpd/trunk/modules/md/mod_md.c Fri Mar 26 11:27:34 2021
@@ -23,6 +23,7 @@
#include <http_core.h>
#include <http_protocol.h>
#include <http_request.h>
+#include <http_ssl.h>
#include <http_log.h>
#include <http_vhost.h>
#include <ap_listen.h>
Modified: httpd/httpd/trunk/modules/metadata/mod_headers.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/metadata/mod_headers.c?rev=1888083&r1=1888082&r2=1888083&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/metadata/mod_headers.c (original)
+++ httpd/httpd/trunk/modules/metadata/mod_headers.c Fri Mar 26 11:27:34 2021
@@ -78,6 +78,7 @@
#include "httpd.h"
#include "http_config.h"
#include "http_request.h"
+#include "http_ssl.h"
#include "http_log.h"
#include "util_filter.h"
#include "http_protocol.h"
Modified: httpd/httpd/trunk/modules/proxy/mod_proxy.h
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/proxy/mod_proxy.h?rev=1888083&r1=1888082&r2=1888083&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/proxy/mod_proxy.h (original)
+++ httpd/httpd/trunk/modules/proxy/mod_proxy.h Fri Mar 26 11:27:34 2021
@@ -58,6 +58,7 @@
#include "http_main.h"
#include "http_log.h"
#include "http_connection.h"
+#include "http_ssl.h"
#include "util_filter.h"
#include "util_ebcdic.h"
#include "ap_provider.h"
Modified: httpd/httpd/trunk/modules/ssl/ssl_private.h
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/ssl_private.h?rev=1888083&r1=1888082&r2=1888083&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/ssl/ssl_private.h (original)
+++ httpd/httpd/trunk/modules/ssl/ssl_private.h Fri Mar 26 11:27:34 2021
@@ -36,6 +36,7 @@
#include "http_connection.h"
#include "http_request.h"
#include "http_protocol.h"
+#include "http_ssl.h"
#include "http_vhost.h"
#include "util_script.h"
#include "util_filter.h"
Modified: httpd/httpd/trunk/server/Makefile.in
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/server/Makefile.in?rev=1888083&r1=1888082&r2=1888083&view=diff
==============================================================================
--- httpd/httpd/trunk/server/Makefile.in (original)
+++ httpd/httpd/trunk/server/Makefile.in Fri Mar 26 11:27:34 2021
@@ -13,7 +13,7 @@ LTLIBRARY_SOURCES = \
mpm_common.c mpm_unix.c mpm_fdqueue.c \
util_charset.c util_cookies.c util_debug.c util_xml.c \
util_filter.c util_pcre.c util_regex.c $(EXPORTS_DOT_C) \
- scoreboard.c error_bucket.c protocol.c core.c request.c provider.c \
+ scoreboard.c error_bucket.c protocol.c core.c request.c ssl.c provider.c \
eoc_bucket.c eor_bucket.c core_filters.c \
util_expr_parse.c util_expr_scan.c util_expr_eval.c \
apreq_cookie.c apreq_error.c apreq_module.c \
Modified: httpd/httpd/trunk/server/core.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/server/core.c?rev=1888083&r1=1888082&r2=1888083&view=diff
==============================================================================
--- httpd/httpd/trunk/server/core.c (original)
+++ httpd/httpd/trunk/server/core.c Fri Mar 26 11:27:34 2021
@@ -38,6 +38,7 @@
#include "http_core.h"
#include "http_protocol.h" /* For index_of_response(). Grump. */
#include "http_request.h"
+#include "http_ssl.h"
#include "http_vhost.h"
#include "http_main.h" /* For the default_handler below... */
#include "http_log.h"
Modified: httpd/httpd/trunk/server/protocol.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/server/protocol.c?rev=1888083&r1=1888082&r2=1888083&view=diff
==============================================================================
--- httpd/httpd/trunk/server/protocol.c (original)
+++ httpd/httpd/trunk/server/protocol.c Fri Mar 26 11:27:34 2021
@@ -2636,92 +2636,6 @@ AP_DECLARE(int) ap_is_allowed_protocol(c
return !strcmp(AP_PROTOCOL_HTTP1, protocol);
}
-APR_DECLARE_OPTIONAL_FN(int, ssl_is_https, (conn_rec *));
-static APR_OPTIONAL_FN_TYPE(ssl_is_https) *module_ssl_is_https;
-
-static int ssl_is_https(conn_rec *c)
-{
- /* Someone retrieved the optional function., not knowning about the
- * new API. We redirect them to what they should have inoked. */
- return ap_ssl_conn_is_ssl(c);
-}
-
-AP_DECLARE(int) ap_ssl_conn_is_ssl(conn_rec *c)
-{
- int r = (ap_run_ssl_conn_is_ssl(c) == OK);
- if (r == 0 && module_ssl_is_https) {
- r = module_ssl_is_https(c);
- }
- return r;
-}
-
-APR_DECLARE_OPTIONAL_FN(const char *, ssl_var_lookup,
- (apr_pool_t *p, server_rec *s,
- conn_rec *c, request_rec *r,
- const char *name))
- AP_FN_ATTR_NONNULL((1, 2, 5)) AP_FN_ATTR_WARN_UNUSED_RESULT;
-static APR_OPTIONAL_FN_TYPE(ssl_var_lookup) *module_ssl_var_lookup;
-
-static const char *ssl_var_lookup(apr_pool_t *p, server_rec *s,
- conn_rec *c, request_rec *r,
- const char *name)
-{
- /* Someone retrieved the optional function., not knowning about the
- * new API. We redirect them to what they should have inoked. */
- return ap_ssl_var_lookup(p, s, c, r, name);
-}
-
-AP_DECLARE(const char *) ap_ssl_var_lookup(apr_pool_t *p, server_rec *s,
- conn_rec *c, request_rec *r,
- const char *name)
-{
- const char *val = ap_run_ssl_var_lookup(p, s, c, r, name);
- if (val == NULL && module_ssl_is_https) {
- val = module_ssl_var_lookup(p, s, c, r, name);
- }
- return val;
-}
-
-AP_DECLARE(void) ap_setup_ssl_optional_fns(apr_pool_t *pool)
-{
- /* Run as core's very early 'post config' hook, check for any already
- * installed optional functions related to SSL and save them. Install
- * our own instances that invoke the new hooks. */
- APR_OPTIONAL_FN_TYPE(ssl_is_https) *fn_is_https;
- APR_OPTIONAL_FN_TYPE(ssl_var_lookup) *fn_ssl_var_lookup;
-
- fn_is_https = APR_RETRIEVE_OPTIONAL_FN(ssl_is_https);
- module_ssl_is_https = (fn_is_https
- && fn_is_https != ssl_is_https)? fn_is_https : NULL;
- APR_REGISTER_OPTIONAL_FN(ssl_is_https);
-
- fn_ssl_var_lookup = APR_RETRIEVE_OPTIONAL_FN(ssl_var_lookup);
- module_ssl_var_lookup = (fn_ssl_var_lookup
- && fn_ssl_var_lookup != ssl_var_lookup)? fn_ssl_var_lookup : NULL;
- APR_REGISTER_OPTIONAL_FN(ssl_var_lookup);
-}
-
-AP_DECLARE(apr_status_t) ap_ssl_add_cert_files(server_rec *s, apr_pool_t *p,
- apr_array_header_t *cert_files,
- apr_array_header_t *key_files)
-{
- int rv = ap_run_ssl_add_cert_files(s, p, cert_files, key_files);
- return (rv == OK || rv == DECLINED)? APR_SUCCESS : APR_EGENERAL;
-}
-
-AP_DECLARE(apr_status_t) ap_ssl_add_fallback_cert_files(server_rec *s, apr_pool_t *p,
- apr_array_header_t *cert_files,
- apr_array_header_t *key_files)
-{
- int rv = ap_run_ssl_add_fallback_cert_files(s, p, cert_files, key_files);
- return (rv == OK || rv == DECLINED)? APR_SUCCESS : APR_EGENERAL;
-}
-
-AP_DECLARE(int) ap_ssl_answer_challenge(conn_rec *c, const char *server_name,
- const char **pcert_pem, const char **pkey_pem)
-{
- return (ap_run_ssl_answer_challenge(c, server_name, pcert_pem, pkey_pem) == OK);
-}
AP_IMPLEMENT_HOOK_VOID(pre_read_request,
(request_rec *r, conn_rec *c),
@@ -2748,20 +2662,3 @@ AP_IMPLEMENT_HOOK_RUN_FIRST(int,protocol
(c, r, s, protocol), DECLINED)
AP_IMPLEMENT_HOOK_RUN_FIRST(const char *,protocol_get,
(const conn_rec *c), (c), NULL)
-AP_IMPLEMENT_HOOK_RUN_FIRST(int, ssl_conn_is_ssl,
- (conn_rec *c), (c), DECLINED)
-AP_IMPLEMENT_HOOK_RUN_FIRST(const char *,ssl_var_lookup,
- (apr_pool_t *p, server_rec *s, conn_rec *c, request_rec *r, const char *name),
- (p, s, c, r, name), NULL)
-AP_IMPLEMENT_HOOK_RUN_ALL(int, ssl_add_cert_files,
- (server_rec *s, apr_pool_t *p,
- apr_array_header_t *cert_files, apr_array_header_t *key_files),
- (s, p, cert_files, key_files), OK, DECLINED)
-AP_IMPLEMENT_HOOK_RUN_ALL(int, ssl_add_fallback_cert_files,
- (server_rec *s, apr_pool_t *p,
- apr_array_header_t *cert_files, apr_array_header_t *key_files),
- (s, p, cert_files, key_files), OK, DECLINED)
-AP_IMPLEMENT_HOOK_RUN_FIRST(int, ssl_answer_challenge,
- (conn_rec *c, const char *server_name, const char **pcert_pem, const char **pkey_pem),
- (c, server_name, pcert_pem, pkey_pem), DECLINED)
-
Added: httpd/httpd/trunk/server/ssl.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/server/ssl.c?rev=1888083&view=auto
==============================================================================
--- httpd/httpd/trunk/server/ssl.c (added)
+++ httpd/httpd/trunk/server/ssl.c Fri Mar 26 11:27:34 2021
@@ -0,0 +1,164 @@
+/* Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/*
+ * ssl.c --- routines for SSL/TLS server infrastructure.
+ *
+ */
+
+#include "apr.h"
+#include "apr_strings.h"
+#include "apr_lib.h"
+#include "apr_signal.h"
+#include "apr_strmatch.h"
+
+#define APR_WANT_STRFUNC
+#define APR_WANT_MEMFUNC
+#include "apr_want.h"
+
+#include "ap_config.h"
+#include "httpd.h"
+#include "http_core.h"
+#include "http_protocol.h"
+#include "http_request.h"
+#include "http_ssl.h"
+#include "http_log.h" /* For errors detected in basic auth common
+ * support code... */
+#include "mod_core.h"
+
+#if APR_HAVE_STDARG_H
+#include <stdarg.h>
+#endif
+#if APR_HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+
+/* we know core's module_index is 0 */
+#undef APLOG_MODULE_INDEX
+#define APLOG_MODULE_INDEX AP_CORE_MODULE_INDEX
+
+APR_HOOK_STRUCT(
+ APR_HOOK_LINK(ssl_conn_is_ssl)
+ APR_HOOK_LINK(ssl_var_lookup)
+ APR_HOOK_LINK(ssl_add_cert_files)
+ APR_HOOK_LINK(ssl_add_fallback_cert_files)
+ APR_HOOK_LINK(ssl_answer_challenge)
+)
+
+APR_DECLARE_OPTIONAL_FN(int, ssl_is_https, (conn_rec *));
+static APR_OPTIONAL_FN_TYPE(ssl_is_https) *module_ssl_is_https;
+
+static int ssl_is_https(conn_rec *c)
+{
+ /* Someone retrieved the optional function., not knowning about the
+ * new API. We redirect them to what they should have inoked. */
+ return ap_ssl_conn_is_ssl(c);
+}
+
+AP_DECLARE(int) ap_ssl_conn_is_ssl(conn_rec *c)
+{
+ int r = (ap_run_ssl_conn_is_ssl(c) == OK);
+ if (r == 0 && module_ssl_is_https) {
+ r = module_ssl_is_https(c);
+ }
+ return r;
+}
+
+APR_DECLARE_OPTIONAL_FN(const char *, ssl_var_lookup,
+ (apr_pool_t *p, server_rec *s,
+ conn_rec *c, request_rec *r,
+ const char *name))
+ AP_FN_ATTR_NONNULL((1, 2, 5)) AP_FN_ATTR_WARN_UNUSED_RESULT;
+static APR_OPTIONAL_FN_TYPE(ssl_var_lookup) *module_ssl_var_lookup;
+
+static const char *ssl_var_lookup(apr_pool_t *p, server_rec *s,
+ conn_rec *c, request_rec *r,
+ const char *name)
+{
+ /* Someone retrieved the optional function., not knowning about the
+ * new API. We redirect them to what they should have inoked. */
+ return ap_ssl_var_lookup(p, s, c, r, name);
+}
+
+AP_DECLARE(const char *) ap_ssl_var_lookup(apr_pool_t *p, server_rec *s,
+ conn_rec *c, request_rec *r,
+ const char *name)
+{
+ const char *val = ap_run_ssl_var_lookup(p, s, c, r, name);
+ if (val == NULL && module_ssl_is_https) {
+ val = module_ssl_var_lookup(p, s, c, r, name);
+ }
+ return val;
+}
+
+AP_DECLARE(void) ap_setup_ssl_optional_fns(apr_pool_t *pool)
+{
+ /* Run as core's very early 'post config' hook, check for any already
+ * installed optional functions related to SSL and save them. Install
+ * our own instances that invoke the new hooks. */
+ APR_OPTIONAL_FN_TYPE(ssl_is_https) *fn_is_https;
+ APR_OPTIONAL_FN_TYPE(ssl_var_lookup) *fn_ssl_var_lookup;
+
+ fn_is_https = APR_RETRIEVE_OPTIONAL_FN(ssl_is_https);
+ module_ssl_is_https = (fn_is_https
+ && fn_is_https != ssl_is_https)? fn_is_https : NULL;
+ APR_REGISTER_OPTIONAL_FN(ssl_is_https);
+
+ fn_ssl_var_lookup = APR_RETRIEVE_OPTIONAL_FN(ssl_var_lookup);
+ module_ssl_var_lookup = (fn_ssl_var_lookup
+ && fn_ssl_var_lookup != ssl_var_lookup)? fn_ssl_var_lookup : NULL;
+ APR_REGISTER_OPTIONAL_FN(ssl_var_lookup);
+}
+
+AP_DECLARE(apr_status_t) ap_ssl_add_cert_files(server_rec *s, apr_pool_t *p,
+ apr_array_header_t *cert_files,
+ apr_array_header_t *key_files)
+{
+ int rv = ap_run_ssl_add_cert_files(s, p, cert_files, key_files);
+ return (rv == OK || rv == DECLINED)? APR_SUCCESS : APR_EGENERAL;
+}
+
+AP_DECLARE(apr_status_t) ap_ssl_add_fallback_cert_files(server_rec *s, apr_pool_t *p,
+ apr_array_header_t *cert_files,
+ apr_array_header_t *key_files)
+{
+ int rv = ap_run_ssl_add_fallback_cert_files(s, p, cert_files, key_files);
+ return (rv == OK || rv == DECLINED)? APR_SUCCESS : APR_EGENERAL;
+}
+
+AP_DECLARE(int) ap_ssl_answer_challenge(conn_rec *c, const char *server_name,
+ const char **pcert_pem, const char **pkey_pem)
+{
+ return (ap_run_ssl_answer_challenge(c, server_name, pcert_pem, pkey_pem) == OK);
+}
+
+AP_IMPLEMENT_HOOK_RUN_FIRST(int, ssl_conn_is_ssl,
+ (conn_rec *c), (c), DECLINED)
+AP_IMPLEMENT_HOOK_RUN_FIRST(const char *,ssl_var_lookup,
+ (apr_pool_t *p, server_rec *s, conn_rec *c, request_rec *r, const char *name),
+ (p, s, c, r, name), NULL)
+AP_IMPLEMENT_HOOK_RUN_ALL(int, ssl_add_cert_files,
+ (server_rec *s, apr_pool_t *p,
+ apr_array_header_t *cert_files, apr_array_header_t *key_files),
+ (s, p, cert_files, key_files), OK, DECLINED)
+AP_IMPLEMENT_HOOK_RUN_ALL(int, ssl_add_fallback_cert_files,
+ (server_rec *s, apr_pool_t *p,
+ apr_array_header_t *cert_files, apr_array_header_t *key_files),
+ (s, p, cert_files, key_files), OK, DECLINED)
+AP_IMPLEMENT_HOOK_RUN_FIRST(int, ssl_answer_challenge,
+ (conn_rec *c, const char *server_name, const char **pcert_pem, const char **pkey_pem),
+ (c, server_name, pcert_pem, pkey_pem), DECLINED)
+
Modified: httpd/httpd/trunk/server/util_expr_eval.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/server/util_expr_eval.c?rev=1888083&r1=1888082&r2=1888083&view=diff
==============================================================================
--- httpd/httpd/trunk/server/util_expr_eval.c (original)
+++ httpd/httpd/trunk/server/util_expr_eval.c Fri Mar 26 11:27:34 2021
@@ -23,6 +23,7 @@
#include "http_core.h"
#include "http_protocol.h"
#include "http_request.h"
+#include "http_ssl.h"
#include "ap_provider.h"
#include "util_varbuf.h"
#include "util_expr_private.h"