You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by do...@apache.org on 2002/03/29 18:56:34 UTC
cvs commit: httpd-2.0/modules/ssl mod_ssl.c mod_ssl.h ssl_engine_config.c ssl_engine_init.c
dougm 02/03/29 09:56:34
Modified: modules/ssl mod_ssl.c mod_ssl.h ssl_engine_config.c
ssl_engine_init.c
Log:
add SSLProxyEngine directive. this was not required in the 1.x based
mod_ssl because the SSL_CTX was created and configured for *every*
request. unlike in 2.0 where we configure the proxy SSL_CTX at
startup time, which is much better for performance. but we don't want
to configure a proxy context for every vhost if it isn't going to be
used, for the same reasons we don't create a server context for every
vhost unless SSLEngine is on.
Revision Changes Path
1.60 +13 -0 httpd-2.0/modules/ssl/mod_ssl.c
Index: mod_ssl.c
===================================================================
RCS file: /home/cvs/httpd-2.0/modules/ssl/mod_ssl.c,v
retrieving revision 1.59
retrieving revision 1.60
diff -u -r1.59 -r1.60
--- mod_ssl.c 29 Mar 2002 07:36:01 -0000 1.59
+++ mod_ssl.c 29 Mar 2002 17:56:33 -0000 1.60
@@ -154,6 +154,9 @@
/*
* Proxy configuration for remote SSL connections
*/
+ SSL_CMD_SRV(ProxyEngine, FLAG,
+ "SSL switch for the proxy protocol engine "
+ "(`on', `off')")
SSL_CMD_SRV(ProxyProtocol, RAW_ARGS,
"SSL Proxy: enable or disable SSL protocol flavors "
"(`[+-][SSLv2|SSLv3|TLSv1] ...' - see manual)")
@@ -230,7 +233,17 @@
int ssl_proxy_enable(conn_rec *c)
{
+ SSLSrvConfigRec *sc = mySrvConfig(c->base_server);
+
SSLConnRec *sslconn = ssl_init_connection_ctx(c);
+
+ if (!sc->proxy_enabled) {
+ ssl_log(c->base_server, SSL_LOG_ERROR,
+ "SSL Proxy requested for %s but not enabled "
+ "[Hint: SSLProxyEngine]", sc->vhost_id);
+
+ return 0;
+ }
sslconn->is_proxy = 1;
1.106 +2 -0 httpd-2.0/modules/ssl/mod_ssl.h
Index: mod_ssl.h
===================================================================
RCS file: /home/cvs/httpd-2.0/modules/ssl/mod_ssl.h,v
retrieving revision 1.105
retrieving revision 1.106
diff -u -r1.105 -r1.106
--- mod_ssl.h 29 Mar 2002 04:50:37 -0000 1.105
+++ mod_ssl.h 29 Mar 2002 17:56:33 -0000 1.106
@@ -522,6 +522,7 @@
struct SSLSrvConfigRec {
SSLModConfigRec *mc;
BOOL enabled;
+ BOOL proxy_enabled;
const char *vhost_id;
int vhost_id_len;
const char *log_file_name;
@@ -589,6 +590,7 @@
const char *ssl_cmd_SSLRequireSSL(cmd_parms *, void *);
const char *ssl_cmd_SSLRequire(cmd_parms *, void *, const char *);
+const char *ssl_cmd_SSLProxyEngine(cmd_parms *cmd, void *dcfg, int flag);
const char *ssl_cmd_SSLProxyProtocol(cmd_parms *, void *, const char *);
const char *ssl_cmd_SSLProxyCipherSuite(cmd_parms *, void *, const char *);
const char *ssl_cmd_SSLProxyVerify(cmd_parms *, void *, const char *);
1.63 +11 -0 httpd-2.0/modules/ssl/ssl_engine_config.c
Index: ssl_engine_config.c
===================================================================
RCS file: /home/cvs/httpd-2.0/modules/ssl/ssl_engine_config.c,v
retrieving revision 1.62
retrieving revision 1.63
diff -u -r1.62 -r1.63
--- ssl_engine_config.c 29 Mar 2002 03:19:12 -0000 1.62
+++ ssl_engine_config.c 29 Mar 2002 17:56:33 -0000 1.63
@@ -206,6 +206,7 @@
sc->mc = NULL;
sc->enabled = UNSET;
+ sc->proxy_enabled = UNSET;
sc->vhost_id = NULL; /* set during module init */
sc->vhost_id_len = 0; /* set during module init */
sc->log_file_name = NULL;
@@ -294,6 +295,7 @@
cfgMerge(mc, NULL);
cfgMergeBool(enabled);
+ cfgMergeBool(proxy_enabled);
cfgMergeString(log_file_name);
cfgMerge(log_level, SSL_LOG_NONE);
cfgMergeInt(session_cache_timeout);
@@ -1255,6 +1257,15 @@
SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
return ssl_cmd_protocol_parse(cmd, arg, &sc->server->protocol);
+}
+
+const char *ssl_cmd_SSLProxyEngine(cmd_parms *cmd, void *dcfg, int flag)
+{
+ SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
+
+ sc->proxy_enabled = flag ? TRUE : FALSE;
+
+ return NULL;
}
const char *ssl_cmd_SSLProxyProtocol(cmd_parms *cmd,
1.90 +5 -1 httpd-2.0/modules/ssl/ssl_engine_init.c
Index: ssl_engine_init.c
===================================================================
RCS file: /home/cvs/httpd-2.0/modules/ssl/ssl_engine_init.c,v
retrieving revision 1.89
retrieving revision 1.90
diff -u -r1.89 -r1.90
--- ssl_engine_init.c 29 Mar 2002 04:48:01 -0000 1.89
+++ ssl_engine_init.c 29 Mar 2002 17:56:33 -0000 1.90
@@ -243,6 +243,10 @@
sc->enabled = FALSE;
}
+ if (sc->proxy_enabled == UNSET) {
+ sc->proxy_enabled = FALSE;
+ }
+
if (sc->session_cache_timeout == UNSET) {
sc->session_cache_timeout = SSL_SESSION_CACHE_TIMEOUT;
}
@@ -929,7 +933,7 @@
ssl_init_server_ctx(s, p, ptemp, sc);
}
- if (1) { /* XXX: add directive */
+ if (sc->proxy_enabled) {
ssl_init_proxy_ctx(s, p, ptemp, sc);
}
}