You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by rj...@apache.org on 2015/10/06 13:30:03 UTC
svn commit: r1707002 - in /httpd/httpd/trunk: CHANGES
docs/manual/mod/mod_ssl.xml modules/ssl/ssl_engine_vars.c
Author: rjung
Date: Tue Oct 6 11:30:01 2015
New Revision: 1707002
URL: http://svn.apache.org/viewvc?rev=1707002&view=rev
Log:
mod_ssl: Extend expression parser registration
to support ssl variables in any expression
using mod_rewrite syntax "%{SSL:VARNAME}" or
function syntax "ssl(VARIABLE)".
Modified:
httpd/httpd/trunk/CHANGES
httpd/httpd/trunk/docs/manual/mod/mod_ssl.xml
httpd/httpd/trunk/modules/ssl/ssl_engine_vars.c
Modified: httpd/httpd/trunk/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?rev=1707002&r1=1707001&r2=1707002&view=diff
==============================================================================
--- httpd/httpd/trunk/CHANGES [utf-8] (original)
+++ httpd/httpd/trunk/CHANGES [utf-8] Tue Oct 6 11:30:01 2015
@@ -1,6 +1,10 @@
-*- coding: utf-8 -*-
Changes with Apache 2.5.0
+ *) mod_ssl: Extend expression parser registration to support ssl variables
+ in any expression using mod_rewrite syntax "%{SSL:VARNAME}" or function
+ syntax "ssl(VARIABLE)". [Rainer Jung]
+
*) core: Extend support for asynchronous write completion from the
network filter to any connection or request filter. [Graham Leggett]
Modified: httpd/httpd/trunk/docs/manual/mod/mod_ssl.xml
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/mod/mod_ssl.xml?rev=1707002&r1=1707001&r2=1707002&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/mod/mod_ssl.xml (original)
+++ httpd/httpd/trunk/docs/manual/mod/mod_ssl.xml Tue Oct 6 11:30:01 2015
@@ -216,6 +216,30 @@ string in <module>mod_log_config</module
</section>
+<section id="expressionparser"><title>Expression Parser Extension</title>
+
+<p>When <module>mod_ssl</module> is built into Apache or at least
+loaded (under DSO situation) any <a name="envvars">variables</a>
+provided by <module>mod_ssl</module> can be used in expressions
+for the <a href="../expr.html">ap_expr Expression Parser</a>.
+The variables can be referenced using the syntax
+``<code>%{</code><em>varname</em><code>}</code>''. Starting
+with version 2.4.17 one can also use the
+<module>mod_rewrite</module> style syntax
+``<code>%{SSL:</code><em>varname</em><code>}</code>'' or
+the function style syntax
+``<code>ssl(</code><em>varname</em><code>)</code>''.</p>
+<example><title>Example (using <module>mod_headers</module>)</title>
+<highlight language="config">
+Header set X-SSL-PROTOCOL "expr=%{SSL_PROTOCOL}"
+Header set X-SSL-CIPHER "expr=%{SSL:SSL_CIPHER}"
+</highlight>
+</example>
+<p>This feature even works without setting the <code>StdEnvVars</code>
+option of the <directive module="mod_ssl">SSLOptions</directive>
+directive.</p>
+</section>
+
<section id="authzproviders"><title>Authorization providers for use with Require</title>
<p><module>mod_ssl</module> provides a few authentication providers for use
Modified: httpd/httpd/trunk/modules/ssl/ssl_engine_vars.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/ssl_engine_vars.c?rev=1707002&r1=1707001&r2=1707002&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/ssl/ssl_engine_vars.c (original)
+++ httpd/httpd/trunk/modules/ssl/ssl_engine_vars.c Tue Oct 6 11:30:01 2015
@@ -149,6 +149,14 @@ static const char *expr_var_fn(ap_expr_e
return sslconn ? ssl_var_lookup_ssl(ctx->p, ctx->c, ctx->r, var) : NULL;
}
+static const char *expr_func_fn(ap_expr_eval_ctx_t *ctx, const void *data,
+ const char *arg)
+{
+ char *var = (char *)arg;
+
+ return var ? ssl_var_lookup(ctx->p, ctx->s, ctx->c, ctx->r, var) : NULL;
+}
+
static int ssl_expr_lookup(ap_expr_lookup_parms *parms)
{
switch (parms->type) {
@@ -163,6 +171,15 @@ static int ssl_expr_lookup(ap_expr_looku
return OK;
}
break;
+ case AP_EXPR_FUNC_STRING:
+ /* Function SSL() is implemented by us.
+ */
+ if (strcEQ(parms->name, "SSL")) {
+ *parms->func = expr_func_fn;
+ *parms->data = NULL;
+ return OK;
+ }
+ break;
case AP_EXPR_FUNC_LIST:
if (strcEQ(parms->name, "PeerExtList")) {
*parms->func = expr_peer_ext_list_fn;