You are viewing a plain text version of this content. The canonical link for it is here.
Posted to bugs@httpd.apache.org by bu...@apache.org on 2002/09/13 19:20:19 UTC
DO NOT REPLY [Bug 12625] New: -
[PATCH] Restoration of mod_ssl compatibility env vars.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=12625>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND
INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=12625
[PATCH] Restoration of mod_ssl compatibility env vars.
Summary: [PATCH] Restoration of mod_ssl compatibility env vars.
Product: Apache httpd-2.0
Version: 2.0.40
Platform: All
OS/Version: All
Status: NEW
Severity: Enhancement
Priority: Other
Component: mod_ssl
AssignedTo: bugs@httpd.apache.org
ReportedBy: anthonyu@killa.net
This patch restores the compatibility variables as advertised in the manual and
the stock httpd.conf.
Enjoy,
Anthony
diff -Nurd httpd-2.0.40-orig/modules/ssl/ssl_engine_kernel.c
httpd-2.0.40/modules/ssl/ssl_engine_kernel.c
--- httpd-2.0.40-orig/modules/ssl/ssl_engine_kernel.c Mon Jun 10 21:54:01 2002+++ httpd-2.0.40/modules/ssl/ssl_engine_kernel.c Fri Sep 13 10:08:33 2002@@ -1099,6 +1099,61 @@
NULL
};
+static const char *ssl_hook_Compat_vars[][2] = {
+ "SSL_PROTOCOL_VERSION", "SSL_PROTOCOL",
+ "SSLEAY_VERSION", "SSL_VERSION_LIBRARY",
+ "HTTPS_SECRETKEYSIZE", "SSL_CIPHER_USEKEYSIZE",
+ "HTTPS_KEYSIZE", "SSL_CIPHER_ALGKEYSIZE",
+ "HTTPS_CIPHER", "SSL_CIPHER",
+ "HTTPS_EXPORT", "SSL_CIPHER_EXPORT",
+ "SSL_SERVER_KEY_SIZE", "SSL_CIPHER_ALGKEYSIZE",
+ "SSL_SERVER_CERT_START", "SSL_SERVER_V_START",
+ "SSL_SERVER_CERT_END", "SSL_SERVER_V_END",
+ "SSL_SERVER_CERT_SERIAL", "SSL_SERVER_M_SERIAL",
+ "SSL_SERVER_SIGNATURE_ALGORITHM", "SSL_SERVER_A_SIG",
+ "SSL_SERVER_DN", "SSL_SERVER_S_DN",
+ "SSL_SERVER_CN", "SSL_SERVER_S_DN_CN",
+ "SSL_SERVER_EMAIL", "SSL_SERVER_S_DN_Email",
+ "SSL_SERVER_O", "SSL_SERVER_S_DN_O",
+ "SSL_SERVER_OU", "SSL_SERVER_S_DN_OU",
+ "SSL_SERVER_C", "SSL_SERVER_S_DN_C",
+ "SSL_SERVER_SP", "SSL_SERVER_S_DN_SP",
+ "SSL_SERVER_L", "SSL_SERVER_S_DN_L",
+ "SSL_SERVER_IDN", "SSL_SERVER_I_DN",
+ "SSL_SERVER_ICN", "SSL_SERVER_I_DN_CN",
+ "SSL_SERVER_IEMAIL", "SSL_SERVER_I_DN_Email",
+ "SSL_SERVER_IO", "SSL_SERVER_I_DN_O",
+ "SSL_SERVER_IOU", "SSL_SERVER_I_DN_OU",
+ "SSL_SERVER_IC", "SSL_SERVER_I_DN_C",
+ "SSL_SERVER_ISP", "SSL_SERVER_I_DN_SP",
+ "SSL_SERVER_IL", "SSL_SERVER_I_DN_L",
+ "SSL_CLIENT_CERT_START", "SSL_CLIENT_V_START",
+ "SSL_CLIENT_CERT_END", "SSL_CLIENT_V_END",
+ "SSL_CLIENT_CERT_SERIAL", "SSL_CLIENT_M_SERIAL",
+ "SSL_CLIENT_SIGNATURE_ALGORITHM", "SSL_CLIENT_A_SIG",
+ "SSL_CLIENT_DN", "SSL_CLIENT_S_DN",
+ "SSL_CLIENT_CN", "SSL_CLIENT_S_DN_CN",
+ "SSL_CLIENT_EMAIL", "SSL_CLIENT_S_DN_Email",
+ "SSL_CLIENT_O", "SSL_CLIENT_S_DN_O",
+ "SSL_CLIENT_OU", "SSL_CLIENT_S_DN_OU",
+ "SSL_CLIENT_C", "SSL_CLIENT_S_DN_C",
+ "SSL_CLIENT_SP", "SSL_CLIENT_S_DN_SP",
+ "SSL_CLIENT_L", "SSL_CLIENT_S_DN_L",
+ "SSL_CLIENT_IDN", "SSL_CLIENT_I_DN",
+ "SSL_CLIENT_ICN", "SSL_CLIENT_I_DN_CN",
+ "SSL_CLIENT_IEMAIL", "SSL_CLIENT_I_DN_Email",
+ "SSL_CLIENT_IO", "SSL_CLIENT_I_DN_O",
+ "SSL_CLIENT_IOU", "SSL_CLIENT_I_DN_OU",
+ "SSL_CLIENT_IC", "SSL_CLIENT_I_DN_C",
+ "SSL_CLIENT_ISP", "SSL_CLIENT_I_DN_SP",
+ "SSL_CLIENT_IL", "SSL_CLIENT_I_DN_L",
+ "SSL_EXPORT", "SSL_CIPHER_EXPORT",
+ "SSL_KEYSIZE", "SSL_CIPHER_ALGKEYSIZE",
+ "SSL_SECKEYSIZE", "SSL_CIPHER_USEKEYSIZE",
+ "SSL_SSLEAY_VERSION", "SSL_VERSION_LIBRARY",
+ NULL, NULL
+};
+
int ssl_hook_Fixup(request_rec *r)
{
SSLConnRec *sslconn = myConnConfig(r->connection);
@@ -1143,11 +1198,17 @@
apr_table_setn(env, "SSL_SERVER_CERT", val);
+ if (dc->nOptions & SSL_OPT_COMPATENVVARS)
+ apr_table_setn(env, "SSL_SERVER_CERTIFICATE", val);
+
val = ssl_var_lookup(r->pool, r->server, r->connection,
r, "SSL_CLIENT_CERT");
apr_table_setn(env, "SSL_CLIENT_CERT", val);
+ if (dc->nOptions & SSL_OPT_COMPATENVVARS)
+ apr_table_setn(env, "SSL_CLIENT_CERTIFICATE", val);
+
if ((peer_certs = (STACK_OF(X509) *)SSL_get_peer_cert_chain(ssl))) {
for (i = 0; i < sk_X509_num(peer_certs); i++) {
var = apr_psprintf(r->pool, "SSL_CLIENT_CERT_CHAIN_%d", i);
@@ -1159,6 +1220,16 @@
}
}
}
+
+ if (dc->nOptions & SSL_OPT_COMPATENVVARS) {
+ for (i = 0; ssl_hook_Compat_vars[i][0]; i++) {
+ val = ssl_var_lookup(r->pool, r->server, r->connection, r,
+
(char *)ssl_hook_Compat_vars[i][1]);
+ if (!strIsEmpty(val)) {
+ apr_table_setn(env, ssl_hook_Compat_vars[i][0], val);
+ }
+ }
+ }
return DECLINED;
}
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org