You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by rj...@apache.org on 2015/10/06 13:30:03 UTC

svn commit: r1707002 - in /httpd/httpd/trunk: CHANGES docs/manual/mod/mod_ssl.xml modules/ssl/ssl_engine_vars.c

Author: rjung
Date: Tue Oct  6 11:30:01 2015
New Revision: 1707002

URL: http://svn.apache.org/viewvc?rev=1707002&view=rev
Log:
mod_ssl: Extend expression parser registration
to support ssl variables in any expression
using mod_rewrite syntax "%{SSL:VARNAME}" or
function syntax "ssl(VARIABLE)".

Modified:
    httpd/httpd/trunk/CHANGES
    httpd/httpd/trunk/docs/manual/mod/mod_ssl.xml
    httpd/httpd/trunk/modules/ssl/ssl_engine_vars.c

Modified: httpd/httpd/trunk/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?rev=1707002&r1=1707001&r2=1707002&view=diff
==============================================================================
--- httpd/httpd/trunk/CHANGES [utf-8] (original)
+++ httpd/httpd/trunk/CHANGES [utf-8] Tue Oct  6 11:30:01 2015
@@ -1,6 +1,10 @@
                                                          -*- coding: utf-8 -*-
 Changes with Apache 2.5.0
 
+  *) mod_ssl: Extend expression parser registration to support ssl variables
+     in any expression using mod_rewrite syntax "%{SSL:VARNAME}" or function
+     syntax "ssl(VARIABLE)". [Rainer Jung]
+
   *) core: Extend support for asynchronous write completion from the
      network filter to any connection or request filter. [Graham Leggett]
 

Modified: httpd/httpd/trunk/docs/manual/mod/mod_ssl.xml
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/mod/mod_ssl.xml?rev=1707002&r1=1707001&r2=1707002&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/mod/mod_ssl.xml (original)
+++ httpd/httpd/trunk/docs/manual/mod/mod_ssl.xml Tue Oct  6 11:30:01 2015
@@ -216,6 +216,30 @@ string in <module>mod_log_config</module
 
 </section>
 
+<section id="expressionparser"><title>Expression Parser Extension</title>
+
+<p>When <module>mod_ssl</module> is built into Apache or at least
+loaded (under DSO situation) any <a name="envvars">variables</a>
+provided by <module>mod_ssl</module> can be used in expressions
+for the <a href="../expr.html">ap_expr Expression Parser</a>.
+The variables can be referenced using the syntax
+``<code>%{</code><em>varname</em><code>}</code>''. Starting
+with version 2.4.17 one can also use the
+<module>mod_rewrite</module> style syntax
+``<code>%{SSL:</code><em>varname</em><code>}</code>'' or
+the function style syntax
+``<code>ssl(</code><em>varname</em><code>)</code>''.</p>
+<example><title>Example (using <module>mod_headers</module>)</title>
+<highlight language="config">
+Header set X-SSL-PROTOCOL "expr=%{SSL_PROTOCOL}"
+Header set X-SSL-CIPHER "expr=%{SSL:SSL_CIPHER}"
+</highlight>
+</example>
+<p>This feature even works without setting the <code>StdEnvVars</code>
+option of the <directive module="mod_ssl">SSLOptions</directive>
+directive.</p>
+</section>
+
 <section id="authzproviders"><title>Authorization providers for use with Require</title>
 
   <p><module>mod_ssl</module> provides a few authentication providers for use

Modified: httpd/httpd/trunk/modules/ssl/ssl_engine_vars.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/ssl_engine_vars.c?rev=1707002&r1=1707001&r2=1707002&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/ssl/ssl_engine_vars.c (original)
+++ httpd/httpd/trunk/modules/ssl/ssl_engine_vars.c Tue Oct  6 11:30:01 2015
@@ -149,6 +149,14 @@ static const char *expr_var_fn(ap_expr_e
     return sslconn ? ssl_var_lookup_ssl(ctx->p, ctx->c, ctx->r, var) : NULL;
 }
 
+static const char *expr_func_fn(ap_expr_eval_ctx_t *ctx, const void *data,
+                                const char *arg)
+{
+    char *var = (char *)arg;
+
+    return var ? ssl_var_lookup(ctx->p, ctx->s, ctx->c, ctx->r, var) : NULL;
+}
+
 static int ssl_expr_lookup(ap_expr_lookup_parms *parms)
 {
     switch (parms->type) {
@@ -163,6 +171,15 @@ static int ssl_expr_lookup(ap_expr_looku
             return OK;
         }
         break;
+    case AP_EXPR_FUNC_STRING:
+        /* Function SSL() is implemented by us.
+         */
+        if (strcEQ(parms->name, "SSL")) {
+            *parms->func = expr_func_fn;
+            *parms->data = NULL;
+            return OK;
+        }
+        break;
     case AP_EXPR_FUNC_LIST:
         if (strcEQ(parms->name, "PeerExtList")) {
             *parms->func = expr_peer_ext_list_fn;