You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by bn...@apache.org on 2004/11/03 00:47:41 UTC
cvs commit: httpd-2.0/modules/arch/netware mod_nw_ssl.c
bnicholes 2004/11/02 15:47:41
Modified: modules/arch/netware Tag: APACHE_2_0_BRANCH mod_nw_ssl.c
Log:
Track the status of an upgradeable socket so that the http_method and default_port hooks will report the correct information. Also add the check for an upgraded https connection when responding to the state of a connection.
Revision Changes Path
No revision
No revision
1.7.2.13 +40 -11 httpd-2.0/modules/arch/netware/mod_nw_ssl.c
Index: mod_nw_ssl.c
===================================================================
RCS file: /home/cvs/httpd-2.0/modules/arch/netware/mod_nw_ssl.c,v
retrieving revision 1.7.2.12
retrieving revision 1.7.2.13
diff -u -r1.7.2.12 -r1.7.2.13
--- mod_nw_ssl.c 25 Aug 2004 20:03:17 -0000 1.7.2.12
+++ mod_nw_ssl.c 2 Nov 2004 23:47:41 -0000 1.7.2.13
@@ -61,6 +61,10 @@
conn_rec *, request_rec *,
char *));
+/* An optional function which returns non-zero if the given connection
+ * is using SSL/TLS. */
+APR_DECLARE_OPTIONAL_FN(int, ssl_is_https, (conn_rec *));
+
/* The ssl_proxy_enable() and ssl_engine_disable() optional functions
* are used by mod_proxy to enable use of SSL for outgoing
* connections. */
@@ -85,6 +89,7 @@
typedef struct NWSSLSrvConfigRec NWSSLSrvConfigRec;
typedef struct seclisten_rec seclisten_rec;
typedef struct seclistenup_rec seclistenup_rec;
+typedef struct secsocket_data secsocket_data;
struct seclisten_rec {
seclisten_rec *next;
@@ -110,6 +115,11 @@
apr_pool_t *pPool;
};
+struct secsocket_data {
+ apr_socket_t* csd;
+ int is_secure;
+};
+
static apr_array_header_t *certlist = NULL;
static unicode_t** certarray = NULL;
static int numcerts = 0;
@@ -589,7 +599,11 @@
convert_secure_socket(c, (apr_socket_t*)csd);
}
else {
- ap_set_module_config(c->conn_config, &nwssl_module, csd);
+ secsocket_data *csd_data = apr_palloc(c->pool, sizeof(secsocket_data));
+
+ csd_data->csd = (apr_socket_t*)csd;
+ csd_data->is_secure = 0;
+ ap_set_module_config(c->conn_config, &nwssl_module, (void*)csd_data);
}
return OK;
@@ -726,11 +740,18 @@
return isSecureConnUpgradeable (r->server, r->connection);
}
+static int isSecureUpgraded (const request_rec *r)
+{
+ secsocket_data *csd_data = (secsocket_data*)ap_get_module_config(r->connection->conn_config, &nwssl_module);
+
+ return csd_data->is_secure;
+}
+
static int nwssl_hook_Fixup(request_rec *r)
{
int i;
- if (!isSecure(r))
+ if (!isSecure(r) && !isSecureUpgraded(r))
return DECLINED;
apr_table_set(r->subprocess_env, "HTTPS", "on");
@@ -740,7 +761,7 @@
static const char *nwssl_hook_http_method (const request_rec *r)
{
- if (isSecure(r))
+ if (isSecure(r) && !isSecureUpgraded(r))
return "https";
return NULL;
@@ -768,7 +789,9 @@
static int ssl_is_https(conn_rec *c)
{
- return isSecureConn (c->base_server, c);
+ secsocket_data *csd_data = (secsocket_data*)ap_get_module_config(c->conn_config, &nwssl_module);
+
+ return isSecureConn (c->base_server, c) || (csd_data && csd_data->is_secure);
}
/* This function must remain safe to use for a non-SSL connection. */
@@ -815,6 +838,12 @@
result = apr_table_get(r->headers_in, "Proxy-Connection");
else if (strcEQ(var, "HTTP_ACCEPT"))
result = apr_table_get(r->headers_in, "Accept");
+ else if (strcEQ(var, "HTTPS")) {
+ if (isSecure(r) || isSecureUpgraded(r))
+ result = "on";
+ else
+ result = "off";
+ }
else if (strlen(var) > 5 && strcEQn(var, "HTTP:", 5))
/* all other headers from which we are still not know about */
result = apr_table_get(r->headers_in, var+5);
@@ -887,12 +916,6 @@
result = NULL;
else if (strcEQ(var, "REMOTE_ADDR"))
result = c->remote_ip;
- else if (strcEQ(var, "HTTPS")) {
- if (isSecureConn (s, c))
- result = "on";
- else
- result = "off";
- }
}
/*
@@ -980,6 +1003,7 @@
char *token_string;
char *token;
char *token_state;
+ secsocket_data *csd_data;
/* Just remove the filter, if it doesn't work the first time, it won't
* work at all for this request.
@@ -1018,7 +1042,8 @@
apr_table_unset(r->headers_out, "Upgrade");
if (r) {
- csd = (apr_socket_t*)ap_get_module_config(r->connection->conn_config, &nwssl_module);
+ csd_data = (secsocket_data*)ap_get_module_config(r->connection->conn_config, &nwssl_module);
+ csd = csd_data->csd;
}
else {
ap_log_error(APLOG_MARK, APLOG_ERR, 0, r->server,
@@ -1055,6 +1080,9 @@
ret = SSLize_Socket(sockdes, key, r);
+ if (!ret) {
+ csd_data->is_secure = 1;
+ }
}
else {
ap_log_error(APLOG_MARK, APLOG_ERR, 0, r->server,
@@ -1102,6 +1130,7 @@
ap_hook_default_port (nwssl_hook_default_port, NULL,NULL, APR_HOOK_MIDDLE);
ap_hook_insert_filter (ssl_hook_Insert_Filter, NULL,NULL, APR_HOOK_MIDDLE);
+ APR_REGISTER_OPTIONAL_FN(ssl_is_https);
APR_REGISTER_OPTIONAL_FN(ssl_var_lookup);
APR_REGISTER_OPTIONAL_FN(ssl_proxy_enable);