You are viewing a plain text version of this content. The canonical link for it is here.
Posted to bugs@httpd.apache.org by bu...@apache.org on 2002/09/13 19:20:19 UTC

DO NOT REPLY [Bug 12625] New: - [PATCH] Restoration of mod_ssl compatibility env vars.

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=12625>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=12625

[PATCH] Restoration of mod_ssl compatibility env vars.

           Summary: [PATCH] Restoration of mod_ssl compatibility env vars.
           Product: Apache httpd-2.0
           Version: 2.0.40
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: Enhancement
          Priority: Other
         Component: mod_ssl
        AssignedTo: bugs@httpd.apache.org
        ReportedBy: anthonyu@killa.net


This patch restores the compatibility variables as advertised in the manual and
the stock httpd.conf.

Enjoy,
Anthony

diff -Nurd httpd-2.0.40-orig/modules/ssl/ssl_engine_kernel.c
httpd-2.0.40/modules/ssl/ssl_engine_kernel.c
--- httpd-2.0.40-orig/modules/ssl/ssl_engine_kernel.c	Mon Jun 10 21:54:01 2002+++ httpd-2.0.40/modules/ssl/ssl_engine_kernel.c	Fri Sep 13 10:08:33 2002@@ -1099,6 +1099,61 @@
     NULL
 };
 
+static const char *ssl_hook_Compat_vars[][2] = {
+    "SSL_PROTOCOL_VERSION", "SSL_PROTOCOL",
+    "SSLEAY_VERSION", "SSL_VERSION_LIBRARY",
+    "HTTPS_SECRETKEYSIZE", "SSL_CIPHER_USEKEYSIZE",
+    "HTTPS_KEYSIZE", "SSL_CIPHER_ALGKEYSIZE",
+    "HTTPS_CIPHER", "SSL_CIPHER",
+    "HTTPS_EXPORT", "SSL_CIPHER_EXPORT",
+    "SSL_SERVER_KEY_SIZE", "SSL_CIPHER_ALGKEYSIZE",
+    "SSL_SERVER_CERT_START", "SSL_SERVER_V_START",
+    "SSL_SERVER_CERT_END", "SSL_SERVER_V_END",
+    "SSL_SERVER_CERT_SERIAL", "SSL_SERVER_M_SERIAL",
+    "SSL_SERVER_SIGNATURE_ALGORITHM", "SSL_SERVER_A_SIG",
+    "SSL_SERVER_DN", "SSL_SERVER_S_DN",
+    "SSL_SERVER_CN", "SSL_SERVER_S_DN_CN",
+    "SSL_SERVER_EMAIL", "SSL_SERVER_S_DN_Email",
+    "SSL_SERVER_O", "SSL_SERVER_S_DN_O",
+    "SSL_SERVER_OU", "SSL_SERVER_S_DN_OU",
+    "SSL_SERVER_C", "SSL_SERVER_S_DN_C",
+    "SSL_SERVER_SP", "SSL_SERVER_S_DN_SP",
+    "SSL_SERVER_L", "SSL_SERVER_S_DN_L",
+    "SSL_SERVER_IDN", "SSL_SERVER_I_DN",
+    "SSL_SERVER_ICN", "SSL_SERVER_I_DN_CN",
+    "SSL_SERVER_IEMAIL", "SSL_SERVER_I_DN_Email",
+    "SSL_SERVER_IO", "SSL_SERVER_I_DN_O",
+    "SSL_SERVER_IOU", "SSL_SERVER_I_DN_OU",
+    "SSL_SERVER_IC", "SSL_SERVER_I_DN_C",
+    "SSL_SERVER_ISP", "SSL_SERVER_I_DN_SP",
+    "SSL_SERVER_IL", "SSL_SERVER_I_DN_L",
+    "SSL_CLIENT_CERT_START", "SSL_CLIENT_V_START",
+    "SSL_CLIENT_CERT_END", "SSL_CLIENT_V_END",
+    "SSL_CLIENT_CERT_SERIAL", "SSL_CLIENT_M_SERIAL",
+    "SSL_CLIENT_SIGNATURE_ALGORITHM", "SSL_CLIENT_A_SIG",
+    "SSL_CLIENT_DN", "SSL_CLIENT_S_DN",
+    "SSL_CLIENT_CN", "SSL_CLIENT_S_DN_CN",
+    "SSL_CLIENT_EMAIL", "SSL_CLIENT_S_DN_Email",
+    "SSL_CLIENT_O", "SSL_CLIENT_S_DN_O",
+    "SSL_CLIENT_OU", "SSL_CLIENT_S_DN_OU",
+    "SSL_CLIENT_C", "SSL_CLIENT_S_DN_C",
+    "SSL_CLIENT_SP", "SSL_CLIENT_S_DN_SP",
+    "SSL_CLIENT_L", "SSL_CLIENT_S_DN_L",
+    "SSL_CLIENT_IDN", "SSL_CLIENT_I_DN",
+    "SSL_CLIENT_ICN", "SSL_CLIENT_I_DN_CN",
+    "SSL_CLIENT_IEMAIL", "SSL_CLIENT_I_DN_Email",
+    "SSL_CLIENT_IO", "SSL_CLIENT_I_DN_O",
+    "SSL_CLIENT_IOU", "SSL_CLIENT_I_DN_OU",
+    "SSL_CLIENT_IC", "SSL_CLIENT_I_DN_C",
+    "SSL_CLIENT_ISP", "SSL_CLIENT_I_DN_SP",
+    "SSL_CLIENT_IL", "SSL_CLIENT_I_DN_L",
+    "SSL_EXPORT", "SSL_CIPHER_EXPORT",
+    "SSL_KEYSIZE", "SSL_CIPHER_ALGKEYSIZE",
+    "SSL_SECKEYSIZE", "SSL_CIPHER_USEKEYSIZE",
+    "SSL_SSLEAY_VERSION", "SSL_VERSION_LIBRARY",
+    NULL, NULL
+};
+
 int ssl_hook_Fixup(request_rec *r)
 {
     SSLConnRec *sslconn = myConnConfig(r->connection);
@@ -1143,11 +1198,17 @@
 
         apr_table_setn(env, "SSL_SERVER_CERT", val);
 
+        if (dc->nOptions & SSL_OPT_COMPATENVVARS)
+            apr_table_setn(env, "SSL_SERVER_CERTIFICATE", val);
+
         val = ssl_var_lookup(r->pool, r->server, r->connection,
                              r, "SSL_CLIENT_CERT");
 
         apr_table_setn(env, "SSL_CLIENT_CERT", val);
 
+        if (dc->nOptions & SSL_OPT_COMPATENVVARS)
+            apr_table_setn(env, "SSL_CLIENT_CERTIFICATE", val);
+
         if ((peer_certs = (STACK_OF(X509) *)SSL_get_peer_cert_chain(ssl))) {
             for (i = 0; i < sk_X509_num(peer_certs); i++) {
                 var = apr_psprintf(r->pool, "SSL_CLIENT_CERT_CHAIN_%d", i);
@@ -1159,6 +1220,16 @@
             }
         }
     }
+
+    if (dc->nOptions & SSL_OPT_COMPATENVVARS) {
+        for (i = 0; ssl_hook_Compat_vars[i][0]; i++) {
+            val = ssl_var_lookup(r->pool, r->server, r->connection, r,
+
		    (char *)ssl_hook_Compat_vars[i][1]);
+            if (!strIsEmpty(val)) {
+                apr_table_setn(env, ssl_hook_Compat_vars[i][0], val);
+            }
+        }
+    }
 
     return DECLINED;
 }

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org