You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by Joe Orton <jo...@redhat.com> on 2005/04/18 15:21:08 UTC

[PATCH] mod_ssl: merge ssl_hook_Translate into ssl_hook_ReadReq

Is there any good reason why the ssl_hook_Translate functionality really
has to be in a translate_name hook?  PR 34452 is a nice snafu where the
ssl-unclean-shutdown setting is not taking effect if using a reverse
proxy, because the mod_ssl translate_hook never gets run.  mod_proxy is
only one common module which will trigger this, of course...

(this is a regression since 2.0.49 where mod_ssl started doing proper
SSL shutdowns, but it looks like it would affect 1.3+mod_ssl 2.8 too)

Moving this code to the post_read_request hook seems like a clean
solution; making sure the hook runs after mod_setenvif's match_headers.

Am I missing anything?

Index: modules/ssl/ssl_private.h
===================================================================
--- modules/ssl/ssl_private.h	(revision 161430)
+++ modules/ssl/ssl_private.h	(working copy)
@@ -531,7 +531,6 @@
 apr_status_t ssl_init_ModuleKill(void *data);
 
 /*  Apache API hooks  */
-int          ssl_hook_Translate(request_rec *);
 int          ssl_hook_Auth(request_rec *);
 int          ssl_hook_UserCheck(request_rec *);
 int          ssl_hook_Access(request_rec *);
Index: modules/ssl/ssl_engine_kernel.c
===================================================================
--- modules/ssl/ssl_engine_kernel.c	(revision 161430)
+++ modules/ssl/ssl_engine_kernel.c	(working copy)
@@ -30,6 +30,8 @@
                                             -- Unknown                */
 #include "ssl_private.h"
 
+static void ssl_configure_env(request_rec *r, SSLConnRec *sslconn);
+
 /*
  *  Post Read Request Handler
  */
@@ -84,7 +86,31 @@
     if ((ssl = sslconn->ssl)) {
         SSL_set_app_data2(ssl, r);
     }
+    else {
+        return DECLINED;
+    }
 
+    /*
+     * Log information about incoming HTTPS requests
+     */
+    if (r->server->loglevel >= APLOG_INFO && ap_is_initial_req(r)) {
+        ap_log_error(APLOG_MARK, APLOG_INFO, 0, r->server,
+                     "%s HTTPS request received for child %ld (server %s)",
+                     (r->connection->keepalives <= 0 ?
+                     "Initial (No.1)" :
+                     apr_psprintf(r->pool, "Subsequent (No.%d)",
+                                  r->connection->keepalives+1)),
+                     r->connection->id,
+                     ssl_util_vhostid(r->pool, r->server));
+    }
+
+    /* SetEnvIf ssl-*-shutdown flags can only be per-server,
+     * so they won't change across keepalive requests
+     */
+    if (sslconn->shutdown_type == SSL_SHUTDOWN_TYPE_UNSET) {
+        ssl_configure_env(r, sslconn);
+    }
+
     return DECLINED;
 }
 
@@ -126,41 +152,6 @@
 }
 
 /*
- *  URL Translation Handler
- */
-int ssl_hook_Translate(request_rec *r)
-{
-    SSLConnRec *sslconn = myConnConfig(r->connection);
-
-    if (!(sslconn && sslconn->ssl)) {
-        return DECLINED;
-    }
-
-    /*
-     * Log information about incoming HTTPS requests
-     */
-    if (r->server->loglevel >= APLOG_INFO && ap_is_initial_req(r)) {
-        ap_log_error(APLOG_MARK, APLOG_INFO, 0, r->server,
-                     "%s HTTPS request received for child %ld (server %s)",
-                     (r->connection->keepalives <= 0 ?
-                     "Initial (No.1)" :
-                     apr_psprintf(r->pool, "Subsequent (No.%d)",
-                                  r->connection->keepalives+1)),
-                     r->connection->id,
-                     ssl_util_vhostid(r->pool, r->server));
-    }
-
-    /* SetEnvIf ssl-*-shutdown flags can only be per-server,
-     * so they won't change across keepalive requests
-     */
-    if (sslconn->shutdown_type == SSL_SHUTDOWN_TYPE_UNSET) {
-        ssl_configure_env(r, sslconn);
-    }
-
-    return DECLINED;
-}
-
-/*
  *  Access Handler
  */
 int ssl_hook_Access(request_rec *r)
Index: modules/ssl/mod_ssl.c
===================================================================
--- modules/ssl/mod_ssl.c	(revision 161430)
+++ modules/ssl/mod_ssl.c	(working copy)
@@ -478,6 +478,10 @@
 
 static void ssl_register_hooks(apr_pool_t *p)
 {
+    /* ssl_hook_ReadReq needs to use the BrowserMatch settings so must
+     * run after mod_setenvif's post_read_request hook. */ 
+    static const char *pre_prr[] = { "mod_setenvif.c", NULL };
+
     ssl_io_filter_register(p);
 
     ap_hook_pre_connection(ssl_hook_pre_connection,NULL,NULL, APR_HOOK_MIDDLE);
@@ -487,12 +491,11 @@
     ap_hook_default_port  (ssl_hook_default_port,  NULL,NULL, APR_HOOK_MIDDLE);
     ap_hook_pre_config    (ssl_hook_pre_config,    NULL,NULL, APR_HOOK_MIDDLE);
     ap_hook_child_init    (ssl_init_Child,         NULL,NULL, APR_HOOK_MIDDLE);
-    ap_hook_translate_name(ssl_hook_Translate,     NULL,NULL, APR_HOOK_MIDDLE);
     ap_hook_check_user_id (ssl_hook_UserCheck,     NULL,NULL, APR_HOOK_FIRST);
     ap_hook_fixups        (ssl_hook_Fixup,         NULL,NULL, APR_HOOK_MIDDLE);
     ap_hook_access_checker(ssl_hook_Access,        NULL,NULL, APR_HOOK_MIDDLE);
     ap_hook_auth_checker  (ssl_hook_Auth,          NULL,NULL, APR_HOOK_MIDDLE);
-    ap_hook_post_read_request(ssl_hook_ReadReq,    NULL,NULL, APR_HOOK_MIDDLE);
+    ap_hook_post_read_request(ssl_hook_ReadReq, pre_prr,NULL, APR_HOOK_MIDDLE);
     ap_hook_insert_filter (ssl_hook_Insert_Filter, NULL,NULL, APR_HOOK_MIDDLE);
 /*    ap_hook_handler       (ssl_hook_Upgrade,       NULL,NULL, APR_HOOK_MIDDLE); */