You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by do...@apache.org on 2001/11/21 20:22:46 UTC
cvs commit: httpd-2.0/modules/ssl mod_ssl.h ssl_engine_kernel.c
dougm 01/11/21 11:22:46
Modified: modules/ssl mod_ssl.h ssl_engine_kernel.c
Log:
move c->notes.ssl::flag::{unclean,accurate}-shutdown to SSLConnRec.shutdown_type
Revision Changes Path
1.37 +7 -0 httpd-2.0/modules/ssl/mod_ssl.h
Index: mod_ssl.h
===================================================================
RCS file: /home/cvs/httpd-2.0/modules/ssl/mod_ssl.h,v
retrieving revision 1.36
retrieving revision 1.37
diff -u -r1.36 -r1.37
--- mod_ssl.h 2001/11/21 18:08:33 1.36
+++ mod_ssl.h 2001/11/21 19:22:46 1.37
@@ -450,9 +450,16 @@
apr_bucket_brigade *b; /* decrypted input */
} SSLFilterRec;
+typedef enum {
+ SSL_SHUTDOWN_TYPE_STANDARD,
+ SSL_SHUTDOWN_TYPE_UNCLEAN,
+ SSL_SHUTDOWN_TYPE_ACCURATE
+} ssl_shutdown_type_e;
+
typedef struct {
SSL *ssl;
const char *client_dn;
+ ssl_shutdown_type_e shutdown_type;
} SSLConnRec;
typedef struct {
1.23 +16 -16 httpd-2.0/modules/ssl/ssl_engine_kernel.c
Index: ssl_engine_kernel.c
===================================================================
RCS file: /home/cvs/httpd-2.0/modules/ssl/ssl_engine_kernel.c,v
retrieving revision 1.22
retrieving revision 1.23
diff -u -r1.22 -r1.23
--- ssl_engine_kernel.c 2001/11/21 18:08:33 1.22
+++ ssl_engine_kernel.c 2001/11/21 19:22:46 1.23
@@ -121,24 +121,27 @@
* exchange close notify messages, but allow the user
* to force the type of handshake via SetEnvIf directive
*/
- if (apr_table_get(conn->notes, "ssl::flag::unclean-shutdown") == PTRUE) {
+ switch (sslconn->shutdown_type) {
+ case SSL_SHUTDOWN_TYPE_STANDARD:
+ /* send close notify, but don't wait for clients close notify
+ (standard compliant and safe, so it's the DEFAULT!) */
+ SSL_set_shutdown(ssl, SSL_RECEIVED_SHUTDOWN);
+ cpType = "standard";
+ break;
+ case SSL_SHUTDOWN_TYPE_UNCLEAN:
/* perform no close notify handshake at all
(violates the SSL/TLS standard!) */
SSL_set_shutdown(ssl, SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
cpType = "unclean";
- }
- else if (apr_table_get(conn->notes, "ssl::flag::accurate-shutdown") == PTRUE) {
+ break;
+ case SSL_SHUTDOWN_TYPE_ACCURATE:
/* send close notify and wait for clients close notify
(standard compliant, but usually causes connection hangs) */
SSL_set_shutdown(ssl, 0);
cpType = "accurate";
- }
- else {
- /* send close notify, but don't wait for clients close notify
- (standard compliant and safe, so it's the DEFAULT!) */
- SSL_set_shutdown(ssl, SSL_RECEIVED_SHUTDOWN);
- cpType = "standard";
+ break;
}
+
SSL_smart_shutdown(ssl);
/* and finally log the fact that we've closed the connection */
@@ -218,14 +221,11 @@
* to allow the close connection handler to use them.
*/
if (apr_table_get(r->subprocess_env, "ssl-unclean-shutdown") != NULL)
- apr_table_setn(r->connection->notes, "ssl::flag::unclean-shutdown", PTRUE);
- else
- apr_table_setn(r->connection->notes, "ssl::flag::unclean-shutdown", PFALSE);
- if (apr_table_get(r->subprocess_env, "ssl-accurate-shutdown") != NULL)
- apr_table_setn(r->connection->notes, "ssl::flag::accurate-shutdown", PTRUE);
+ sslconn->shutdown_type = SSL_SHUTDOWN_TYPE_UNCLEAN;
+ else if (apr_table_get(r->subprocess_env, "ssl-accurate-shutdown") != NULL)
+ sslconn->shutdown_type = SSL_SHUTDOWN_TYPE_ACCURATE;
else
- apr_table_setn(r->connection->notes, "ssl::flag::accurate-shutdown", PFALSE);
-
+ sslconn->shutdown_type = SSL_SHUTDOWN_TYPE_STANDARD;
return DECLINED;
}