Move mod_ssl-internal interfaces into ssl_private.h; allow mod_ssl.h

to be included even when mod_ssl is not enabled.

* Makefile.in (install-include): Only install mod_ssl.h.

* modules/ssl/ssl_private.h: New file.

* modules/ssl/mod_ssl.h: Move everything apart from than the optional
hook definitions into ssl_private.h.

* modules/ssl/*.c: Include ssl_private.h not mod_ssl.h

* modules/ssl/config.m4: Always add the mod_ssl directory to the
include path so other modules can find mod_ssl.h.

* modules/proxy/mod_proxy.c: Include mod_ssl.h to pick up the optional
hook definitions rather than copy'n'pasting them.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@102803 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/Makefile.in b/Makefile.in
index 52a144fc86230a843c0c0cd8befd7cdb84550fc5..4747bcb48ef38302b62d7a44ffc6dc87dd36db10 100644 (file)
--- a/Makefile.in
+++ b/Makefile.in
@@ -179,7 +179,7 @@ install-include:
        @cp -p $(srcdir)/modules/loggers/mod_log_config.h $(DESTDIR)$(includedir)
        @cp -p $(srcdir)/modules/http/mod_core.h $(DESTDIR)$(includedir)
        @cp -p $(srcdir)/modules/proxy/mod_proxy.h $(DESTDIR)$(includedir)
-       @cp -p $(srcdir)/modules/ssl/*.h $(DESTDIR)$(includedir)
+       @cp -p $(srcdir)/modules/ssl/mod_ssl.h $(DESTDIR)$(includedir)
        @cp -p $(srcdir)/srclib/pcre/pcre*.h $(DESTDIR)$(includedir)
        @cp -p $(srcdir)/os/$(OS_DIR)/*.h $(DESTDIR)$(includedir)
        @chmod 644 $(DESTDIR)$(includedir)/*.h

diff --git a/modules/proxy/mod_proxy.c b/modules/proxy/mod_proxy.c
index 78a0e12ce454751140b5bc55a63f77c2725b9077..2bb4b41cac1b4900e155e218028d6be8a71d9b7c 100644 (file)
--- a/modules/proxy/mod_proxy.c
+++ b/modules/proxy/mod_proxy.c
@@ -19,6 +19,7 @@
 #include "mod_core.h"
 
 #include "apr_optional.h"
+#include "mod_ssl.h"
 
 #ifndef MAX
 #define MAX(x,y) ((x) >= (y) ? (x) : (y))
@@ -1027,9 +1028,6 @@ static const command_rec proxy_cmds[] =
     {NULL}
 };
 
-APR_DECLARE_OPTIONAL_FN(int, ssl_proxy_enable, (conn_rec *));
-APR_DECLARE_OPTIONAL_FN(int, ssl_engine_disable, (conn_rec *));
-
 static APR_OPTIONAL_FN_TYPE(ssl_proxy_enable) *proxy_ssl_enable = NULL;
 static APR_OPTIONAL_FN_TYPE(ssl_engine_disable) *proxy_ssl_disable = NULL;
 

diff --git a/modules/ssl/config.m4 b/modules/ssl/config.m4
index b7313e951abd8c54d44c7e258087453a451f9fe5..9795f1c5dde38a30b2726d555ac98598499baa7a 100644 (file)
--- a/modules/ssl/config.m4
+++ b/modules/ssl/config.m4
@@ -115,9 +115,11 @@ dnl #  hook module into the Autoconf mechanism (--enable-ssl option)
 APACHE_MODULE(ssl, [SSL/TLS support (mod_ssl)], $ssl_objs, , no, [
     APACHE_CHECK_SSL_TOOLKIT
     CHECK_DISTCACHE
-    APR_ADDTO(INCLUDES, [-I\$(top_srcdir)/$modpath_current])
 ])
 
+# Ensure that other modules can pick up mod_ssl.h
+APR_ADDTO(INCLUDES, [-I\$(top_srcdir)/$modpath_current])
+
 dnl #  end of module specific part
 APACHE_MODPATH_FINISH
 

diff --git a/modules/ssl/mod_ssl.c b/modules/ssl/mod_ssl.c
index 49df762cd10e9bd7a003a9151a5473b6faed20a8..06e475d93bbc8883cacf2a4b96f832e2cb8e9d77 100644 (file)
--- a/modules/ssl/mod_ssl.c
+++ b/modules/ssl/mod_ssl.c
@@ -23,6 +23,7 @@
  *  Apache API interface structures
  */
 
+#include "ssl_private.h"
 #include "mod_ssl.h"
 #include "util_md5.h"
 #include <assert.h>

diff --git a/modules/ssl/mod_ssl.dsp b/modules/ssl/mod_ssl.dsp
index 091539ead1da09b42ee6edf3398253ae2b27f548..0e8cc44f9c3e47481f5e5b909876d8cd36943f20 100644 (file)
--- a/modules/ssl/mod_ssl.dsp
+++ b/modules/ssl/mod_ssl.dsp
@@ -188,6 +188,10 @@ SOURCE=.\ssl_expr.h
 # End Source File
 # Begin Source File
 
+SOURCE=.\ssl_private.h
+# End Source File
+# Begin Source File
+
 SOURCE=.\ssl_expr_parse.h
 # End Source File
 # Begin Source File

diff --git a/modules/ssl/mod_ssl.h b/modules/ssl/mod_ssl.h
index 32ade98038ddc8988dab32104e6428c42abecd9c..3c8f39a30f19416842752ab6fc7c37d3c51d069a 100644 (file)
--- a/modules/ssl/mod_ssl.h
+++ b/modules/ssl/mod_ssl.h
@@ -13,645 +13,25 @@
  * limitations under the License.
  */
 
-/*                      _             _
- *  _ __ ___   ___   __| |    ___ ___| |  mod_ssl
- * | '_ ` _ \ / _ \ / _` |   / __/ __| |  Apache Interface to OpenSSL
- * | | | | | | (_) | (_| |   \__ \__ \ |
- * |_| |_| |_|\___/ \__,_|___|___/___/_|
- *                      |_____|
- *  mod_ssl.h
- *  Global header
- */
-                             /* ``The Apache Group: a collection
-                                  of talented individuals who are
-                                  trying to perfect the art of
-                                  never finishing something.''
-                                             -- Rob Hartill         */
 #ifndef __MOD_SSL_H__
 #define __MOD_SSL_H__
 
-/*
- * Power up our brain...
- */
-
-/* Apache headers */
 #include "httpd.h"
-#include "http_config.h"
-#include "http_core.h"
-#include "http_log.h"
-#include "http_main.h"
-#include "http_connection.h"
-#include "http_request.h"
-#include "http_protocol.h"
-#include "util_script.h"
-#include "util_filter.h"
-#include "util_ebcdic.h"
-#include "mpm.h"
-#include "apr.h"
-#include "apr_strings.h"
-#define APR_WANT_STRFUNC
-#include "apr_want.h"
-#include "apr_tables.h"
-#include "apr_lib.h"
-#include "apr_fnmatch.h"
-#include "apr_strings.h"
-#include "apr_dbm.h"
-#include "apr_rmm.h"
-#include "apr_shm.h"
-#include "apr_global_mutex.h"
 #include "apr_optional.h"
 
-#define MOD_SSL_VERSION AP_SERVER_BASEREVISION
-
-/* mod_ssl headers */
-#include "ssl_toolkit_compat.h"
-#include "ssl_expr.h"
-#include "ssl_util_ssl.h"
-
-/* The #ifdef macros are only defined AFTER including the above
- * therefore we cannot include these system files at the top  :-(
- */
-#if APR_HAVE_SYS_TIME_H
-#include <sys/time.h>
-#endif
-#if APR_HAVE_UNISTD_H
-#include <unistd.h> /* needed for STDIN_FILENO et.al., at least on FreeBSD */
-#endif
-
-/*
- * Provide reasonable default for some defines
- */
-#ifndef FALSE
-#define FALSE (0)
-#endif
-#ifndef TRUE
-#define TRUE (!FALSE)
-#endif
-#ifndef PFALSE
-#define PFALSE ((void *)FALSE)
-#endif
-#ifndef PTRUE
-#define PTRUE ((void *)TRUE)
-#endif
-#ifndef UNSET
-#define UNSET (-1)
-#endif
-#ifndef NUL
-#define NUL '\0'
-#endif
-#ifndef RAND_MAX
-#include <limits.h>
-#define RAND_MAX INT_MAX
-#endif
-
-/*
- * Provide reasonable defines for some types
- */
-#ifndef BOOL
-#define BOOL unsigned int
-#endif
-#ifndef UCHAR
-#define UCHAR unsigned char
-#endif
-
-/*
- * Provide useful shorthands
- */
-#define strEQ(s1,s2)     (strcmp(s1,s2)        == 0)
-#define strNE(s1,s2)     (strcmp(s1,s2)        != 0)
-#define strEQn(s1,s2,n)  (strncmp(s1,s2,n)     == 0)
-#define strNEn(s1,s2,n)  (strncmp(s1,s2,n)     != 0)
-
-#define strcEQ(s1,s2)    (strcasecmp(s1,s2)    == 0)
-#define strcNE(s1,s2)    (strcasecmp(s1,s2)    != 0)
-#define strcEQn(s1,s2,n) (strncasecmp(s1,s2,n) == 0)
-#define strcNEn(s1,s2,n) (strncasecmp(s1,s2,n) != 0)
-
-#define strIsEmpty(s)    (s == NULL || s[0] == NUL)
-
-#define myConnConfig(c) \
-(SSLConnRec *)ap_get_module_config(c->conn_config, &ssl_module)
-#define myCtxConfig(sslconn, sc) (sslconn->is_proxy ? sc->proxy : sc->server)
-#define myConnConfigSet(c, val) \
-ap_set_module_config(c->conn_config, &ssl_module, val)
-#define mySrvConfig(srv) (SSLSrvConfigRec *)ap_get_module_config(srv->module_config,  &ssl_module)
-#define myDirConfig(req) (SSLDirConfigRec *)ap_get_module_config(req->per_dir_config, &ssl_module)
-#define myModConfig(srv) (mySrvConfig((srv)))->mc
-
-#define myCtxVarSet(mc,num,val)  mc->rCtx.pV##num = val
-#define myCtxVarGet(mc,num,type) (type)(mc->rCtx.pV##num)
-
-/*
- * Defaults for the configuration
- */
-#ifndef SSL_SESSION_CACHE_TIMEOUT
-#define SSL_SESSION_CACHE_TIMEOUT  300
-#endif
-
-/*
- * Support for MM library
- */
-#define SSL_MM_FILE_MODE ( APR_UREAD | APR_UWRITE | APR_GREAD | APR_WREAD )
-
-/*
- * Support for DBM library
- */
-#define SSL_DBM_FILE_MODE ( APR_UREAD | APR_UWRITE | APR_GREAD | APR_WREAD )
-
-#if !defined(SSL_DBM_FILE_SUFFIX_DIR) && !defined(SSL_DBM_FILE_SUFFIX_PAG)
-#if defined(DBM_SUFFIX)
-#define SSL_DBM_FILE_SUFFIX_DIR DBM_SUFFIX
-#define SSL_DBM_FILE_SUFFIX_PAG DBM_SUFFIX
-#elif defined(__FreeBSD__) || (defined(DB_LOCK) && defined(DB_SHMEM))
-#define SSL_DBM_FILE_SUFFIX_DIR ".db"
-#define SSL_DBM_FILE_SUFFIX_PAG ".db"
-#else
-#define SSL_DBM_FILE_SUFFIX_DIR ".dir"
-#define SSL_DBM_FILE_SUFFIX_PAG ".pag"
-#endif
-#endif
-
-/*
- * Define the certificate algorithm types
- */
-
-typedef int ssl_algo_t;
-
-#define SSL_ALGO_UNKNOWN (0)
-#define SSL_ALGO_RSA     (1<<0)
-#define SSL_ALGO_DSA     (1<<1)
-#define SSL_ALGO_ALL     (SSL_ALGO_RSA|SSL_ALGO_DSA)
-
-#define SSL_AIDX_RSA     (0)
-#define SSL_AIDX_DSA     (1)
-#define SSL_AIDX_MAX     (2)
-
-
-/*
- * Define IDs for the temporary RSA keys and DH params
- */
-
-#define SSL_TMP_KEY_RSA_512  (0)
-#define SSL_TMP_KEY_RSA_1024 (1)
-#define SSL_TMP_KEY_DH_512   (2)
-#define SSL_TMP_KEY_DH_1024  (3)
-#define SSL_TMP_KEY_MAX      (4)
-
-/*
- * Define the SSL options
- */
-#define SSL_OPT_NONE           (0)
-#define SSL_OPT_RELSET         (1<<0)
-#define SSL_OPT_STDENVVARS     (1<<1)
-#define SSL_OPT_COMPATENVVARS  (1<<2)
-#define SSL_OPT_EXPORTCERTDATA (1<<3)
-#define SSL_OPT_FAKEBASICAUTH  (1<<4)
-#define SSL_OPT_STRICTREQUIRE  (1<<5)
-#define SSL_OPT_OPTRENEGOTIATE (1<<6)
-#define SSL_OPT_ALL            (SSL_OPT_STDENVVARS|SSL_OPT_COMPATENVVAR|SSL_OPT_EXPORTCERTDATA|SSL_OPT_FAKEBASICAUTH|SSL_OPT_STRICTREQUIRE|SSL_OPT_OPTRENEGOTIATE)
-typedef int ssl_opt_t;
-
-/*
- * Define the SSL Protocol options
- */
-#define SSL_PROTOCOL_NONE  (0)
-#define SSL_PROTOCOL_SSLV2 (1<<0)
-#define SSL_PROTOCOL_SSLV3 (1<<1)
-#define SSL_PROTOCOL_TLSV1 (1<<2)
-#define SSL_PROTOCOL_ALL   (SSL_PROTOCOL_SSLV2|SSL_PROTOCOL_SSLV3|SSL_PROTOCOL_TLSV1)
-typedef int ssl_proto_t;
-
-/*
- * Define the SSL verify levels
- */
-typedef enum {
-    SSL_CVERIFY_UNSET           = UNSET,
-    SSL_CVERIFY_NONE            = 0,
-    SSL_CVERIFY_OPTIONAL        = 1,
-    SSL_CVERIFY_REQUIRE         = 2,
-    SSL_CVERIFY_OPTIONAL_NO_CA  = 3
-} ssl_verify_t;
-
-#define SSL_VERIFY_PEER_STRICT \
-     (SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT)
-
-#ifndef X509_V_ERR_CERT_UNTRUSTED
-#define X509_V_ERR_CERT_UNTRUSTED 27
-#endif
-
-#define ssl_verify_error_is_optional(errnum) \
-   ((errnum == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT) \
-    || (errnum == X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN) \
-    || (errnum == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY) \
-    || (errnum == X509_V_ERR_CERT_UNTRUSTED) \
-    || (errnum == X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE))
-
-/*
- * Define the SSL pass phrase dialog types
- */
-typedef enum {
-    SSL_PPTYPE_UNSET   = UNSET,
-    SSL_PPTYPE_BUILTIN = 0,
-    SSL_PPTYPE_FILTER  = 1,
-       SSL_PPTYPE_PIPE    = 2
-} ssl_pphrase_t;
-
-/*
- * Define the Path Checking modes
- */
-#define SSL_PCM_EXISTS     1
-#define SSL_PCM_ISREG      2
-#define SSL_PCM_ISDIR      4
-#define SSL_PCM_ISNONZERO  8
-typedef unsigned int ssl_pathcheck_t;
-
-/*
- * Define the SSL session cache modes and structures
- */
-typedef enum {
-    SSL_SCMODE_UNSET = UNSET,
-    SSL_SCMODE_NONE  = 0,
-    SSL_SCMODE_DBM   = 1,
-    SSL_SCMODE_SHMCB = 3,
-    SSL_SCMODE_DC    = 4
-} ssl_scmode_t;
-
-/*
- * Define the SSL mutex modes
- */
-typedef enum {
-    SSL_MUTEXMODE_UNSET  = UNSET,
-    SSL_MUTEXMODE_NONE   = 0,
-    SSL_MUTEXMODE_USED   = 1
-} ssl_mutexmode_t;
-
-/*
- * Define the SSL requirement structure
- */
-typedef struct {
-    char     *cpExpr;
-    ssl_expr *mpExpr;
-} ssl_require_t;
-
-/*
- * Define the SSL random number generator seeding source
- */
-typedef enum {
-    SSL_RSCTX_STARTUP = 1,
-    SSL_RSCTX_CONNECT = 2
-} ssl_rsctx_t;
-typedef enum {
-    SSL_RSSRC_BUILTIN = 1,
-    SSL_RSSRC_FILE    = 2,
-    SSL_RSSRC_EXEC    = 3,
-    SSL_RSSRC_EGD     = 4
-} ssl_rssrc_t;
-typedef struct {
-    ssl_rsctx_t  nCtx;
-    ssl_rssrc_t  nSrc;
-    char        *cpPath;
-    int          nBytes;
-} ssl_randseed_t;
-
-/*
- * Define the structure of an ASN.1 anything
- */
-typedef struct {
-    long int       nData;
-    unsigned char *cpData;
-    apr_time_t     source_mtime;
-} ssl_asn1_t;
-
-/*
- * Define the mod_ssl per-module configuration structure
- * (i.e. the global configuration for each httpd process)
- */
-
-typedef enum {
-    SSL_SHUTDOWN_TYPE_UNSET,
-    SSL_SHUTDOWN_TYPE_STANDARD,
-    SSL_SHUTDOWN_TYPE_UNCLEAN,
-    SSL_SHUTDOWN_TYPE_ACCURATE
-} ssl_shutdown_type_e;
-
-typedef struct {
-    SSL *ssl;
-    const char *client_dn;
-    X509 *client_cert;
-    ssl_shutdown_type_e shutdown_type;
-    const char *verify_info;
-    const char *verify_error;
-    int verify_depth;
-    int is_proxy;
-    int disabled;
-    int non_ssl_request;
-} SSLConnRec;
-
-typedef struct {
-    pid_t           pid;
-    apr_pool_t     *pPool;
-    BOOL            bFixed;
-    int             nSessionCacheMode;
-    char           *szSessionCacheDataFile;
-    int             nSessionCacheDataSize;
-    apr_shm_t      *pSessionCacheDataMM;
-    apr_rmm_t      *pSessionCacheDataRMM;
-    void           *tSessionCacheDataTable;
-    ssl_mutexmode_t nMutexMode;
-    apr_lockmech_e  nMutexMech;
-    const char     *szMutexFile;
-    apr_global_mutex_t   *pMutex;
-    apr_array_header_t   *aRandSeed;
-    apr_hash_t     *tVHostKeys;
-    void           *pTmpKeys[SSL_TMP_KEY_MAX];
-    apr_hash_t     *tPublicCert;
-    apr_hash_t     *tPrivateKey;
-#if defined(HAVE_OPENSSL_ENGINE_H) && defined(HAVE_ENGINE_INIT)
-    const char     *szCryptoDevice;
-#endif
-    struct {
-        void *pV1, *pV2, *pV3, *pV4, *pV5, *pV6, *pV7, *pV8, *pV9, *pV10;
-    } rCtx;
-} SSLModConfigRec;
-
-/* public cert/private key */
-typedef struct {
-    /* 
-     * server only has 1-2 certs/keys
-     * 1 RSA and/or 1 DSA
-     */
-    const char  *cert_files[SSL_AIDX_MAX];
-    const char  *key_files[SSL_AIDX_MAX];
-    X509        *certs[SSL_AIDX_MAX];
-    EVP_PKEY    *keys[SSL_AIDX_MAX];
-} modssl_pk_server_t;
-
-typedef struct {
-    /* proxy can have any number of cert/key pairs */
-    const char  *cert_file;
-    const char  *cert_path;
-    STACK_OF(X509_INFO) *certs;
-} modssl_pk_proxy_t;
-
-/* stuff related to authentication that can also be per-dir */
-typedef struct {
-    /* known/trusted CAs */
-    const char  *ca_cert_path;
-    const char  *ca_cert_file;
-
-    const char  *cipher_suite;
-
-    /* for client or downstream server authentication */
-    int          verify_depth;
-    ssl_verify_t verify_mode;
-} modssl_auth_ctx_t;
-
-typedef struct SSLSrvConfigRec SSLSrvConfigRec;
-
-typedef struct {
-    SSLSrvConfigRec *sc; /* pointer back to server config */
-    SSL_CTX *ssl_ctx;
-
-    /* we are one or the other */
-    modssl_pk_server_t *pks;
-    modssl_pk_proxy_t  *pkp;
-
-    ssl_proto_t  protocol;
-
-    /* config for handling encrypted keys */
-    ssl_pphrase_t pphrase_dialog_type;
-    const char   *pphrase_dialog_path;
-
-    const char  *cert_chain;
-
-    /* certificate revocation list */
-    const char  *crl_path;
-    const char  *crl_file;
-    X509_STORE  *crl;
-
-    modssl_auth_ctx_t auth;
-} modssl_ctx_t;
-
-struct SSLSrvConfigRec {
-    SSLModConfigRec *mc;
-    BOOL             enabled;
-    BOOL             proxy_enabled;
-    const char      *vhost_id;
-    int              vhost_id_len;
-    int              session_cache_timeout;
-    modssl_ctx_t    *server;
-    modssl_ctx_t    *proxy;
-};
-
-/*
- * Define the mod_ssl per-directory configuration structure
- * (i.e. the local configuration for all <Directory>
- *  and .htaccess contexts)
- */
-typedef struct {
-    BOOL          bSSLRequired;
-    apr_array_header_t *aRequirement;
-    ssl_opt_t     nOptions;
-    ssl_opt_t     nOptionsAdd;
-    ssl_opt_t     nOptionsDel;
-    const char   *szCipherSuite;
-    ssl_verify_t  nVerifyClient;
-    int           nVerifyDepth;
-    const char   *szCACertificatePath;
-    const char   *szCACertificateFile;
-} SSLDirConfigRec;
-
-/*
- *  function prototypes
- */
-
-/*  API glue structures  */
-extern module AP_MODULE_DECLARE_DATA ssl_module;
-
-/* "global" stuff */
-extern const char ssl_valid_ssl_mutex_string[];
-
-/*  configuration handling   */
-SSLModConfigRec *ssl_config_global_create(server_rec *);
-void         ssl_config_global_fix(SSLModConfigRec *);
-BOOL         ssl_config_global_isfixed(SSLModConfigRec *);
-void        *ssl_config_server_create(apr_pool_t *, server_rec *);
-void        *ssl_config_server_merge(apr_pool_t *, void *, void *);
-void        *ssl_config_perdir_create(apr_pool_t *, char *);
-void        *ssl_config_perdir_merge(apr_pool_t *, void *, void *);
-const char  *ssl_cmd_SSLMutex(cmd_parms *, void *, const char *);
-const char  *ssl_cmd_SSLPassPhraseDialog(cmd_parms *, void *, const char *);
-const char  *ssl_cmd_SSLCryptoDevice(cmd_parms *, void *, const char *);
-const char  *ssl_cmd_SSLRandomSeed(cmd_parms *, void *, const char *, const char *, const char *);
-const char  *ssl_cmd_SSLEngine(cmd_parms *, void *, const char *);
-const char  *ssl_cmd_SSLCipherSuite(cmd_parms *, void *, const char *);
-const char  *ssl_cmd_SSLCertificateFile(cmd_parms *, void *, const char *);
-const char  *ssl_cmd_SSLCertificateKeyFile(cmd_parms *, void *, const char *);
-const char  *ssl_cmd_SSLCertificateChainFile(cmd_parms *, void *, const char *);
-const char  *ssl_cmd_SSLCACertificatePath(cmd_parms *, void *, const char *);
-const char  *ssl_cmd_SSLCACertificateFile(cmd_parms *, void *, const char *);
-const char  *ssl_cmd_SSLCARevocationPath(cmd_parms *, void *, const char *);
-const char  *ssl_cmd_SSLCARevocationFile(cmd_parms *, void *, const char *);
-const char  *ssl_cmd_SSLVerifyClient(cmd_parms *, void *, const char *);
-const char  *ssl_cmd_SSLVerifyDepth(cmd_parms *, void *, const char *);
-const char  *ssl_cmd_SSLSessionCache(cmd_parms *, void *, const char *);
-const char  *ssl_cmd_SSLSessionCacheTimeout(cmd_parms *, void *, const char *);
-const char  *ssl_cmd_SSLProtocol(cmd_parms *, void *, const char *);
-const char  *ssl_cmd_SSLOptions(cmd_parms *, void *, const char *);
-const char  *ssl_cmd_SSLRequireSSL(cmd_parms *, void *);
-const char  *ssl_cmd_SSLRequire(cmd_parms *, void *, const char *);
-
-const char *ssl_cmd_SSLProxyEngine(cmd_parms *cmd, void *dcfg, int flag);
-const char  *ssl_cmd_SSLProxyProtocol(cmd_parms *, void *, const char *);
-const char  *ssl_cmd_SSLProxyCipherSuite(cmd_parms *, void *, const char *);
-const char  *ssl_cmd_SSLProxyVerify(cmd_parms *, void *, const char *);
-const char  *ssl_cmd_SSLProxyVerifyDepth(cmd_parms *, void *, const char *);
-const char  *ssl_cmd_SSLProxyCACertificatePath(cmd_parms *, void *, const char *);
-const char  *ssl_cmd_SSLProxyCACertificateFile(cmd_parms *, void *, const char *);
-const char  *ssl_cmd_SSLProxyCARevocationPath(cmd_parms *, void *, const char *);
-const char  *ssl_cmd_SSLProxyCARevocationFile(cmd_parms *, void *, const char *);
-const char  *ssl_cmd_SSLProxyMachineCertificatePath(cmd_parms *, void *, const char *);
-const char  *ssl_cmd_SSLProxyMachineCertificateFile(cmd_parms *, void *, const char *);
-
-/*  module initialization  */
-int          ssl_init_Module(apr_pool_t *, apr_pool_t *, apr_pool_t *, server_rec *);
-void         ssl_init_Engine(server_rec *, apr_pool_t *);
-void         ssl_init_ConfigureServer(server_rec *, apr_pool_t *, apr_pool_t *, SSLSrvConfigRec *);
-void         ssl_init_CheckServers(server_rec *, apr_pool_t *);
-STACK_OF(X509_NAME) 
-            *ssl_init_FindCAList(server_rec *, apr_pool_t *, const char *, const char *);
-void         ssl_init_Child(apr_pool_t *, server_rec *);
-apr_status_t ssl_init_ModuleKill(void *data);
-
-/*  Apache API hooks  */
-int          ssl_hook_Translate(request_rec *);
-int          ssl_hook_Auth(request_rec *);
-int          ssl_hook_UserCheck(request_rec *);
-int          ssl_hook_Access(request_rec *);
-int          ssl_hook_Fixup(request_rec *);
-int          ssl_hook_ReadReq(request_rec *);
-int          ssl_hook_Upgrade(request_rec *);
-
-/*  OpenSSL callbacks */
-RSA         *ssl_callback_TmpRSA(SSL *, int, int);
-DH          *ssl_callback_TmpDH(SSL *, int, int);
-int          ssl_callback_SSLVerify(int, X509_STORE_CTX *);
-int          ssl_callback_SSLVerify_CRL(int, X509_STORE_CTX *, conn_rec *);
-int          ssl_callback_proxy_cert(SSL *ssl, MODSSL_CLIENT_CERT_CB_ARG_TYPE **x509, EVP_PKEY **pkey);
-int          ssl_callback_NewSessionCacheEntry(SSL *, SSL_SESSION *);
-SSL_SESSION *ssl_callback_GetSessionCacheEntry(SSL *, unsigned char *, int, int *);
-void         ssl_callback_DelSessionCacheEntry(SSL_CTX *, SSL_SESSION *);
-void         ssl_callback_LogTracingState(MODSSL_INFO_CB_ARG_TYPE, int, int);
-
-/*  Session Cache Support  */
-void         ssl_scache_init(server_rec *, apr_pool_t *);
-void         ssl_scache_status_register(apr_pool_t *p);
-void         ssl_scache_kill(server_rec *);
-BOOL         ssl_scache_store(server_rec *, UCHAR *, int, time_t, SSL_SESSION *);
-SSL_SESSION *ssl_scache_retrieve(server_rec *, UCHAR *, int);
-void         ssl_scache_remove(server_rec *, UCHAR *, int);
-void         ssl_scache_expire(server_rec *);
-
-char        *ssl_scache_id2sz(UCHAR *, int);
-void         ssl_scache_dbm_init(server_rec *, apr_pool_t *);
-void         ssl_scache_dbm_kill(server_rec *);
-BOOL         ssl_scache_dbm_store(server_rec *, UCHAR *, int, time_t, SSL_SESSION *);
-SSL_SESSION *ssl_scache_dbm_retrieve(server_rec *, UCHAR *, int);
-void         ssl_scache_dbm_remove(server_rec *, UCHAR *, int);
-void         ssl_scache_dbm_expire(server_rec *);
-void         ssl_scache_dbm_status(request_rec *r, int flags, apr_pool_t *pool);
-
-void         ssl_scache_shmcb_init(server_rec *, apr_pool_t *);
-void         ssl_scache_shmcb_kill(server_rec *);
-BOOL         ssl_scache_shmcb_store(server_rec *, UCHAR *, int, time_t, SSL_SESSION *);
-SSL_SESSION *ssl_scache_shmcb_retrieve(server_rec *, UCHAR *, int);
-void         ssl_scache_shmcb_remove(server_rec *, UCHAR *, int);
-void         ssl_scache_shmcb_expire(server_rec *);
-void         ssl_scache_shmcb_status(request_rec *r, int flags, apr_pool_t *pool);
-
-void         ssl_scache_dc_init(server_rec *, apr_pool_t *);
-void         ssl_scache_dc_kill(server_rec *);
-BOOL         ssl_scache_dc_store(server_rec *, UCHAR *, int, time_t, SSL_SESSION *);
-SSL_SESSION *ssl_scache_dc_retrieve(server_rec *, UCHAR *, int);
-void         ssl_scache_dc_remove(server_rec *, UCHAR *, int);
-void         ssl_scache_dc_expire(server_rec *);
-void         ssl_scache_dc_status(request_rec *r, int flags, apr_pool_t *pool);
-
-/*  Pass Phrase Support  */
-void         ssl_pphrase_Handle(server_rec *, apr_pool_t *);
-
-/*  Diffie-Hellman Parameter Support  */
-DH           *ssl_dh_GetTmpParam(int);
-DH           *ssl_dh_GetParamFromFile(char *);
-
-unsigned char *ssl_asn1_table_set(apr_hash_t *table,
-                                  const char *key,
-                                  long int length);
-
-ssl_asn1_t *ssl_asn1_table_get(apr_hash_t *table,
-                               const char *key);
-
-void ssl_asn1_table_unset(apr_hash_t *table,
-                          const char *key);
-
-const char *ssl_asn1_keystr(int keytype);
-
-const char *ssl_asn1_table_keyfmt(apr_pool_t *p,
-                                  const char *id,
-                                  int keytype);
-/*  Mutex Support  */
-int          ssl_mutex_init(server_rec *, apr_pool_t *);
-int          ssl_mutex_reinit(server_rec *, apr_pool_t *);
-int          ssl_mutex_on(server_rec *);
-int          ssl_mutex_off(server_rec *);
-
-/*  Logfile Support  */
-void         ssl_die(void);
-void         ssl_log_ssl_error(const char *, int, int, server_rec *);
-
-/*  Variables  */
-void         ssl_var_register(void);
-char        *ssl_var_lookup(apr_pool_t *, server_rec *, conn_rec *, request_rec *, char *);
-void         ssl_var_log_config_register(apr_pool_t *p);
-
+/* The ssl_var_lookup() optional function retrieves SSL environment
+ * variables. */
 APR_DECLARE_OPTIONAL_FN(char *, ssl_var_lookup,
                         (apr_pool_t *, server_rec *,
                          conn_rec *, request_rec *,
                          char *));
 
-/* Proxy Support */
-int ssl_proxy_enable(conn_rec *c);
-int ssl_engine_disable(conn_rec *c);
+/* The ssl_proxy_enable() and ssl_engine_disable() optional functions
+ * are used by mod_proxy to enable use of SSL for outgoing
+ * connections. */
 
 APR_DECLARE_OPTIONAL_FN(int, ssl_proxy_enable, (conn_rec *));
 
 APR_DECLARE_OPTIONAL_FN(int, ssl_engine_disable, (conn_rec *));
 
-/*  I/O  */
-void         ssl_io_filter_init(conn_rec *, SSL *);
-void         ssl_io_filter_register(apr_pool_t *);
-long         ssl_io_data_cb(BIO *, int, MODSSL_BIO_CB_ARG_TYPE *, int, long, long);
-
-/*  PRNG  */
-int          ssl_rand_seed(server_rec *, apr_pool_t *, ssl_rsctx_t, char *);
-
-/*  Utility Functions  */
-char        *ssl_util_vhostid(apr_pool_t *, server_rec *);
-void         ssl_util_strupper(char *);
-void         ssl_util_uuencode(char *, const char *, BOOL);
-void         ssl_util_uuencode_binary(unsigned char *, const unsigned char *, int, BOOL);
-apr_file_t  *ssl_util_ppopen(server_rec *, apr_pool_t *, const char *,
-                             const char * const *);
-void         ssl_util_ppclose(server_rec *, apr_pool_t *, apr_file_t *);
-char        *ssl_util_readfilter(server_rec *, apr_pool_t *, const char *,
-                                 const char * const *);
-BOOL         ssl_util_path_check(ssl_pathcheck_t, const char *, apr_pool_t *);
-ssl_algo_t   ssl_util_algotypeof(X509 *, EVP_PKEY *); 
-char        *ssl_util_algotypestr(ssl_algo_t);
-char        *ssl_util_ptxtsub(apr_pool_t *, const char *, const char *, char *);
-void         ssl_util_thread_setup(apr_pool_t *);
-int          ssl_init_ssl_connection(conn_rec *c);
-
-
-#define APR_SHM_MAXSIZE (64 * 1024 * 1024)
 #endif /* __MOD_SSL_H__ */

diff --git a/modules/ssl/ssl_engine_config.c b/modules/ssl/ssl_engine_config.c
index 68e5810c2b66e6ef84b57003e8a982653adbeb54..d52e9d1d6af5f35c2baf8c9dc0c6e62e7ca77a65 100644 (file)
--- a/modules/ssl/ssl_engine_config.c
+++ b/modules/ssl/ssl_engine_config.c
@@ -25,7 +25,7 @@
                                       /* ``Damned if you do,
                                            damned if you don't.''
                                                -- Unknown        */
-#include "mod_ssl.h"
+#include "ssl_private.h"
 
 /*  _________________________________________________________________
 **

diff --git a/modules/ssl/ssl_engine_dh.c b/modules/ssl/ssl_engine_dh.c
index c321db946ead410c6dc5ad707aa0e7762256047e..3121b65631b446ffe7051d6d314c56788e3dcd6f 100644 (file)
--- a/modules/ssl/ssl_engine_dh.c
+++ b/modules/ssl/ssl_engine_dh.c
@@ -27,7 +27,7 @@
  * Diffie-Hellman Built-in Temporary Parameters
  */
 
-#include "mod_ssl.h"
+#include "ssl_private.h"
 
 /* ----BEGIN GENERATED SECTION-------- */
 

diff --git a/modules/ssl/ssl_engine_init.c b/modules/ssl/ssl_engine_init.c
index 770116cf6d00382d34ebfee321db7c5079abf511..c504abcc2b3f615a9553dd787e8452ac029751d9 100644 (file)
--- a/modules/ssl/ssl_engine_init.c
+++ b/modules/ssl/ssl_engine_init.c
@@ -25,7 +25,7 @@
                              /* ``Recursive, adj.;
                                   see Recursive.''
                                         -- Unknown   */
-#include "mod_ssl.h"
+#include "ssl_private.h"
 
 /*  _________________________________________________________________
 **

diff --git a/modules/ssl/ssl_engine_io.c b/modules/ssl/ssl_engine_io.c
index 19f763fb3b4dcd520d7a36a7c4ee16aadbc6ce74..b4e7cd4105f801444948e5668549881fbbba4b21 100644 (file)
--- a/modules/ssl/ssl_engine_io.c
+++ b/modules/ssl/ssl_engine_io.c
@@ -26,7 +26,7 @@
                                   Just one little problem:
                                   core keeps dumping.''
                                             -- Unknown    */
-#include "mod_ssl.h"
+#include "ssl_private.h"
 
 /*  _________________________________________________________________
 **

diff --git a/modules/ssl/ssl_engine_kernel.c b/modules/ssl/ssl_engine_kernel.c
index 2e607289b009cfb45e45493d552fd7d30af38a6f..a2898dd0dd19dfc9f90f992fb576c1dd96843880 100644 (file)
--- a/modules/ssl/ssl_engine_kernel.c
+++ b/modules/ssl/ssl_engine_kernel.c
@@ -27,7 +27,7 @@
                                   I couldn't give it up because by that
                                   time I was too famous.''
                                             -- Unknown                */
-#include "mod_ssl.h"
+#include "ssl_private.h"
 
 /*
  *  Post Read Request Handler

diff --git a/modules/ssl/ssl_engine_log.c b/modules/ssl/ssl_engine_log.c
index 0c15fd2926c90159a25da2140a09ac223078196f..914055c4545ab7d82efc782ecf8f5716f24a19a3 100644 (file)
--- a/modules/ssl/ssl_engine_log.c
+++ b/modules/ssl/ssl_engine_log.c
@@ -26,7 +26,7 @@
                                   industry job and open-source software
                                   hacking is about 30 hours a week.''
                                          -- Ralf S. Engelschall     */
-#include "mod_ssl.h"
+#include "ssl_private.h"
 
 /*  _________________________________________________________________
 **

diff --git a/modules/ssl/ssl_engine_mutex.c b/modules/ssl/ssl_engine_mutex.c
index 84ce9b20694c6fe63a2d9342ab29d1c41617613c..2756107c3235f5a8e04f3b6ea83d040b4a3bb523 100644 (file)
--- a/modules/ssl/ssl_engine_mutex.c
+++ b/modules/ssl/ssl_engine_mutex.c
@@ -27,7 +27,7 @@
                                   because DEC 25 = OCT 31.''
                                              -- Unknown     */
 
-#include "mod_ssl.h"
+#include "ssl_private.h"
 #if !defined(OS2) && !defined(WIN32) && !defined(BEOS) && !defined(NETWARE)
 #include "unixd.h"
 #define MOD_SSL_SET_MUTEX_PERMS /* XXX Apache should define something */

diff --git a/modules/ssl/ssl_engine_pphrase.c b/modules/ssl/ssl_engine_pphrase.c
index a0e4c198f42979eac81ab2e69b036961ff4549de..af8bc72a2fe1d1cede617e83c26cb8e9de617dd1 100644 (file)
--- a/modules/ssl/ssl_engine_pphrase.c
+++ b/modules/ssl/ssl_engine_pphrase.c
@@ -27,7 +27,7 @@
                                   else use it, and get a new one
                                   every six months.''
                                            -- Clifford Stoll     */
-#include "mod_ssl.h"
+#include "ssl_private.h"
 
 /*
  * Return true if the named file exists and is readable

diff --git a/modules/ssl/ssl_engine_rand.c b/modules/ssl/ssl_engine_rand.c
index b2df9873783eb1aaa2d12c9dbc1b4d6e4e21cdc9..6836d76caf5a6f0f9b60d8eb395e559a3fae46f3 100644 (file)
--- a/modules/ssl/ssl_engine_rand.c
+++ b/modules/ssl/ssl_engine_rand.c
@@ -26,7 +26,7 @@
                                   numbers is too important
                                   to be left to chance.'' */
 
-#include "mod_ssl.h"
+#include "ssl_private.h"
 
 /*  _________________________________________________________________
 **

diff --git a/modules/ssl/ssl_engine_vars.c b/modules/ssl/ssl_engine_vars.c
index 76b35461a6817118481d709673630878d37eeea2..6a5013f21d080c2aee5b9bd91e8b57a4b3aa3ab9 100644 (file)
--- a/modules/ssl/ssl_engine_vars.c
+++ b/modules/ssl/ssl_engine_vars.c
@@ -26,6 +26,7 @@
                                   know everything are very annoying
                                   to those of us who do.''
                                                   -- Unknown       */
+#include "ssl_private.h"
 #include "mod_ssl.h"
 
 /*  _________________________________________________________________

diff --git a/modules/ssl/ssl_expr.c b/modules/ssl/ssl_expr.c
index 15a58f0d16488d456cfe1c84c44b1cfaf2fbbfdf..6da0c6eb0ffb44a511bcff6de8425255bf5e5f76 100644 (file)
--- a/modules/ssl/ssl_expr.c
+++ b/modules/ssl/ssl_expr.c
@@ -26,7 +26,7 @@
                                   the eagles when you work
                                   with the turkeys.''
                                           -- Unknown  */
-#include "mod_ssl.h"
+#include "ssl_private.h"
 
 /*  _________________________________________________________________
 **

diff --git a/modules/ssl/ssl_expr_eval.c b/modules/ssl/ssl_expr_eval.c
index da576e5273f6199c3a65846f84adf7b81cc018ad..8e3275803f41dd909174134a141f0bc522686c18 100644 (file)
--- a/modules/ssl/ssl_expr_eval.c
+++ b/modules/ssl/ssl_expr_eval.c
@@ -25,7 +25,7 @@
                              /* ``Make love,
                                   not software!''
                                         -- Unknown */
-#include "mod_ssl.h"
+#include "ssl_private.h"
 
 /*  _________________________________________________________________
 **

diff --git a/modules/ssl/ssl_expr_parse.c b/modules/ssl/ssl_expr_parse.c
index 6f3f990e636a63374bd37dd98b482cde34c89889..967d4da4dd459ab3923baa4a6ee7b184aaa58f26 100644 (file)
--- a/modules/ssl/ssl_expr_parse.c
+++ b/modules/ssl/ssl_expr_parse.c
@@ -27,7 +27,7 @@
 
 #line 68 "ssl_expr_parse.y"
 
-#include "mod_ssl.h"
+#include "ssl_private.h"
 
 #line 72 "ssl_expr_parse.y"
 typedef union {

diff --git a/modules/ssl/ssl_expr_parse.y b/modules/ssl/ssl_expr_parse.y
index f0c9db5f3be45ce986c675a65e3842c7c791e57f..dab095f0dc985a9bffe44a9bb8586220180d6686 100644 (file)
--- a/modules/ssl/ssl_expr_parse.y
+++ b/modules/ssl/ssl_expr_parse.y
@@ -32,7 +32,7 @@
 */
 
 %{
-#include "mod_ssl.h"
+#include "ssl_private.h"
 %}
 
 %union {

diff --git a/modules/ssl/ssl_expr_scan.c b/modules/ssl/ssl_expr_scan.c
index 912aed60123135922e11d34b00668e4012ed6e2a..3e4f0af1dcb8459ab860a4a8688f37ca39ec4a3b 100644 (file)
--- a/modules/ssl/ssl_expr_scan.c
+++ b/modules/ssl/ssl_expr_scan.c
@@ -18,7 +18,7 @@
 /* A lexical scanner generated by flex */
 
 /* Scanner skeleton version:
- * $Header: /home/striker/cvs2svn/dumps/httpd-2.0/../../httpd-2.0/modules/ssl/ssl_expr_scan.c,v 1.18 2004/02/09 20:29:22 nd Exp $
+ * $Header: /home/striker/cvs2svn/dumps/httpd-2.0/../../httpd-2.0/modules/ssl/ssl_expr_scan.c,v 1.19 2004/02/28 18:06:35 jorton Exp $
  */
 
 #define FLEX_SCANNER
@@ -480,7 +480,7 @@ char *yytext;
 **  _________________________________________________________________
 */
 #line 38 "ssl_expr_scan.l"
-#include "mod_ssl.h"
+#include "ssl_private.h"
 
 #include "ssl_expr_parse.h"
 

diff --git a/modules/ssl/ssl_expr_scan.l b/modules/ssl/ssl_expr_scan.l
index 4fc559e77a2f5a4b1a063b46880f4ca4b522fcc0..da172fd3a59eab8df7291d270dd8eee456592cea 100644 (file)
--- a/modules/ssl/ssl_expr_scan.l
+++ b/modules/ssl/ssl_expr_scan.l
@@ -33,7 +33,7 @@
 */
 
 %{
-#include "mod_ssl.h"
+#include "ssl_private.h"
 
 #include "ssl_expr_parse.h"
 

diff --git a/modules/ssl/ssl_private.h b/modules/ssl/ssl_private.h
new file mode 100644 (file)
index 0000000..5deef71
--- /dev/null
+++ b/modules/ssl/ssl_private.h
@@ -0,0 +1,634 @@
+/* Copyright 2001-2004 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef SSL_PRIVATE_H
+#define SSL_PRIVATE_H
+
+/*
+ * Internal interfaces private to mod_ssl.
+ */
+
+/* Apache headers */
+#include "httpd.h"
+#include "http_config.h"
+#include "http_core.h"
+#include "http_log.h"
+#include "http_main.h"
+#include "http_connection.h"
+#include "http_request.h"
+#include "http_protocol.h"
+#include "util_script.h"
+#include "util_filter.h"
+#include "util_ebcdic.h"
+#include "mpm.h"
+#include "apr.h"
+#include "apr_strings.h"
+#define APR_WANT_STRFUNC
+#include "apr_want.h"
+#include "apr_tables.h"
+#include "apr_lib.h"
+#include "apr_fnmatch.h"
+#include "apr_strings.h"
+#include "apr_dbm.h"
+#include "apr_rmm.h"
+#include "apr_shm.h"
+#include "apr_global_mutex.h"
+#include "apr_optional.h"
+
+#define MOD_SSL_VERSION AP_SERVER_BASEREVISION
+
+/* mod_ssl headers */
+#include "ssl_toolkit_compat.h"
+#include "ssl_expr.h"
+#include "ssl_util_ssl.h"
+
+/* The #ifdef macros are only defined AFTER including the above
+ * therefore we cannot include these system files at the top  :-(
+ */
+#if APR_HAVE_SYS_TIME_H
+#include <sys/time.h>
+#endif
+#if APR_HAVE_UNISTD_H
+#include <unistd.h> /* needed for STDIN_FILENO et.al., at least on FreeBSD */
+#endif
+
+/*
+ * Provide reasonable default for some defines
+ */
+#ifndef FALSE
+#define FALSE (0)
+#endif
+#ifndef TRUE
+#define TRUE (!FALSE)
+#endif
+#ifndef PFALSE
+#define PFALSE ((void *)FALSE)
+#endif
+#ifndef PTRUE
+#define PTRUE ((void *)TRUE)
+#endif
+#ifndef UNSET
+#define UNSET (-1)
+#endif
+#ifndef NUL
+#define NUL '\0'
+#endif
+#ifndef RAND_MAX
+#include <limits.h>
+#define RAND_MAX INT_MAX
+#endif
+
+/*
+ * Provide reasonable defines for some types
+ */
+#ifndef BOOL
+#define BOOL unsigned int
+#endif
+#ifndef UCHAR
+#define UCHAR unsigned char
+#endif
+
+/*
+ * Provide useful shorthands
+ */
+#define strEQ(s1,s2)     (strcmp(s1,s2)        == 0)
+#define strNE(s1,s2)     (strcmp(s1,s2)        != 0)
+#define strEQn(s1,s2,n)  (strncmp(s1,s2,n)     == 0)
+#define strNEn(s1,s2,n)  (strncmp(s1,s2,n)     != 0)
+
+#define strcEQ(s1,s2)    (strcasecmp(s1,s2)    == 0)
+#define strcNE(s1,s2)    (strcasecmp(s1,s2)    != 0)
+#define strcEQn(s1,s2,n) (strncasecmp(s1,s2,n) == 0)
+#define strcNEn(s1,s2,n) (strncasecmp(s1,s2,n) != 0)
+
+#define strIsEmpty(s)    (s == NULL || s[0] == NUL)
+
+#define myConnConfig(c) \
+(SSLConnRec *)ap_get_module_config(c->conn_config, &ssl_module)
+#define myCtxConfig(sslconn, sc) (sslconn->is_proxy ? sc->proxy : sc->server)
+#define myConnConfigSet(c, val) \
+ap_set_module_config(c->conn_config, &ssl_module, val)
+#define mySrvConfig(srv) (SSLSrvConfigRec *)ap_get_module_config(srv->module_config,  &ssl_module)
+#define myDirConfig(req) (SSLDirConfigRec *)ap_get_module_config(req->per_dir_config, &ssl_module)
+#define myModConfig(srv) (mySrvConfig((srv)))->mc
+
+#define myCtxVarSet(mc,num,val)  mc->rCtx.pV##num = val
+#define myCtxVarGet(mc,num,type) (type)(mc->rCtx.pV##num)
+
+/*
+ * Defaults for the configuration
+ */
+#ifndef SSL_SESSION_CACHE_TIMEOUT
+#define SSL_SESSION_CACHE_TIMEOUT  300
+#endif
+
+/*
+ * Support for MM library
+ */
+#define SSL_MM_FILE_MODE ( APR_UREAD | APR_UWRITE | APR_GREAD | APR_WREAD )
+
+/*
+ * Support for DBM library
+ */
+#define SSL_DBM_FILE_MODE ( APR_UREAD | APR_UWRITE | APR_GREAD | APR_WREAD )
+
+#if !defined(SSL_DBM_FILE_SUFFIX_DIR) && !defined(SSL_DBM_FILE_SUFFIX_PAG)
+#if defined(DBM_SUFFIX)
+#define SSL_DBM_FILE_SUFFIX_DIR DBM_SUFFIX
+#define SSL_DBM_FILE_SUFFIX_PAG DBM_SUFFIX
+#elif defined(__FreeBSD__) || (defined(DB_LOCK) && defined(DB_SHMEM))
+#define SSL_DBM_FILE_SUFFIX_DIR ".db"
+#define SSL_DBM_FILE_SUFFIX_PAG ".db"
+#else
+#define SSL_DBM_FILE_SUFFIX_DIR ".dir"
+#define SSL_DBM_FILE_SUFFIX_PAG ".pag"
+#endif
+#endif
+
+/*
+ * Define the certificate algorithm types
+ */
+
+typedef int ssl_algo_t;
+
+#define SSL_ALGO_UNKNOWN (0)
+#define SSL_ALGO_RSA     (1<<0)
+#define SSL_ALGO_DSA     (1<<1)
+#define SSL_ALGO_ALL     (SSL_ALGO_RSA|SSL_ALGO_DSA)
+
+#define SSL_AIDX_RSA     (0)
+#define SSL_AIDX_DSA     (1)
+#define SSL_AIDX_MAX     (2)
+
+
+/*
+ * Define IDs for the temporary RSA keys and DH params
+ */
+
+#define SSL_TMP_KEY_RSA_512  (0)
+#define SSL_TMP_KEY_RSA_1024 (1)
+#define SSL_TMP_KEY_DH_512   (2)
+#define SSL_TMP_KEY_DH_1024  (3)
+#define SSL_TMP_KEY_MAX      (4)
+
+/*
+ * Define the SSL options
+ */
+#define SSL_OPT_NONE           (0)
+#define SSL_OPT_RELSET         (1<<0)
+#define SSL_OPT_STDENVVARS     (1<<1)
+#define SSL_OPT_COMPATENVVARS  (1<<2)
+#define SSL_OPT_EXPORTCERTDATA (1<<3)
+#define SSL_OPT_FAKEBASICAUTH  (1<<4)
+#define SSL_OPT_STRICTREQUIRE  (1<<5)
+#define SSL_OPT_OPTRENEGOTIATE (1<<6)
+#define SSL_OPT_ALL            (SSL_OPT_STDENVVARS|SSL_OPT_COMPATENVVAR|SSL_OPT_EXPORTCERTDATA|SSL_OPT_FAKEBASICAUTH|SSL_OPT_STRICTREQUIRE|SSL_OPT_OPTRENEGOTIATE)
+typedef int ssl_opt_t;
+
+/*
+ * Define the SSL Protocol options
+ */
+#define SSL_PROTOCOL_NONE  (0)
+#define SSL_PROTOCOL_SSLV2 (1<<0)
+#define SSL_PROTOCOL_SSLV3 (1<<1)
+#define SSL_PROTOCOL_TLSV1 (1<<2)
+#define SSL_PROTOCOL_ALL   (SSL_PROTOCOL_SSLV2|SSL_PROTOCOL_SSLV3|SSL_PROTOCOL_TLSV1)
+typedef int ssl_proto_t;
+
+/*
+ * Define the SSL verify levels
+ */
+typedef enum {
+    SSL_CVERIFY_UNSET           = UNSET,
+    SSL_CVERIFY_NONE            = 0,
+    SSL_CVERIFY_OPTIONAL        = 1,
+    SSL_CVERIFY_REQUIRE         = 2,
+    SSL_CVERIFY_OPTIONAL_NO_CA  = 3
+} ssl_verify_t;
+
+#define SSL_VERIFY_PEER_STRICT \
+     (SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT)
+
+#ifndef X509_V_ERR_CERT_UNTRUSTED
+#define X509_V_ERR_CERT_UNTRUSTED 27
+#endif
+
+#define ssl_verify_error_is_optional(errnum) \
+   ((errnum == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT) \
+    || (errnum == X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN) \
+    || (errnum == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY) \
+    || (errnum == X509_V_ERR_CERT_UNTRUSTED) \
+    || (errnum == X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE))
+
+/*
+ * Define the SSL pass phrase dialog types
+ */
+typedef enum {
+    SSL_PPTYPE_UNSET   = UNSET,
+    SSL_PPTYPE_BUILTIN = 0,
+    SSL_PPTYPE_FILTER  = 1,
+       SSL_PPTYPE_PIPE    = 2
+} ssl_pphrase_t;
+
+/*
+ * Define the Path Checking modes
+ */
+#define SSL_PCM_EXISTS     1
+#define SSL_PCM_ISREG      2
+#define SSL_PCM_ISDIR      4
+#define SSL_PCM_ISNONZERO  8
+typedef unsigned int ssl_pathcheck_t;
+
+/*
+ * Define the SSL session cache modes and structures
+ */
+typedef enum {
+    SSL_SCMODE_UNSET = UNSET,
+    SSL_SCMODE_NONE  = 0,
+    SSL_SCMODE_DBM   = 1,
+    SSL_SCMODE_SHMCB = 3,
+    SSL_SCMODE_DC    = 4
+} ssl_scmode_t;
+
+/*
+ * Define the SSL mutex modes
+ */
+typedef enum {
+    SSL_MUTEXMODE_UNSET  = UNSET,
+    SSL_MUTEXMODE_NONE   = 0,
+    SSL_MUTEXMODE_USED   = 1
+} ssl_mutexmode_t;
+
+/*
+ * Define the SSL requirement structure
+ */
+typedef struct {
+    char     *cpExpr;
+    ssl_expr *mpExpr;
+} ssl_require_t;
+
+/*
+ * Define the SSL random number generator seeding source
+ */
+typedef enum {
+    SSL_RSCTX_STARTUP = 1,
+    SSL_RSCTX_CONNECT = 2
+} ssl_rsctx_t;
+typedef enum {
+    SSL_RSSRC_BUILTIN = 1,
+    SSL_RSSRC_FILE    = 2,
+    SSL_RSSRC_EXEC    = 3,
+    SSL_RSSRC_EGD     = 4
+} ssl_rssrc_t;
+typedef struct {
+    ssl_rsctx_t  nCtx;
+    ssl_rssrc_t  nSrc;
+    char        *cpPath;
+    int          nBytes;
+} ssl_randseed_t;
+
+/*
+ * Define the structure of an ASN.1 anything
+ */
+typedef struct {
+    long int       nData;
+    unsigned char *cpData;
+    apr_time_t     source_mtime;
+} ssl_asn1_t;
+
+/*
+ * Define the mod_ssl per-module configuration structure
+ * (i.e. the global configuration for each httpd process)
+ */
+
+typedef enum {
+    SSL_SHUTDOWN_TYPE_UNSET,
+    SSL_SHUTDOWN_TYPE_STANDARD,
+    SSL_SHUTDOWN_TYPE_UNCLEAN,
+    SSL_SHUTDOWN_TYPE_ACCURATE
+} ssl_shutdown_type_e;
+
+typedef struct {
+    SSL *ssl;
+    const char *client_dn;
+    X509 *client_cert;
+    ssl_shutdown_type_e shutdown_type;
+    const char *verify_info;
+    const char *verify_error;
+    int verify_depth;
+    int is_proxy;
+    int disabled;
+    int non_ssl_request;
+} SSLConnRec;
+
+typedef struct {
+    pid_t           pid;
+    apr_pool_t     *pPool;
+    BOOL            bFixed;
+    int             nSessionCacheMode;
+    char           *szSessionCacheDataFile;
+    int             nSessionCacheDataSize;
+    apr_shm_t      *pSessionCacheDataMM;
+    apr_rmm_t      *pSessionCacheDataRMM;
+    void           *tSessionCacheDataTable;
+    ssl_mutexmode_t nMutexMode;
+    apr_lockmech_e  nMutexMech;
+    const char     *szMutexFile;
+    apr_global_mutex_t   *pMutex;
+    apr_array_header_t   *aRandSeed;
+    apr_hash_t     *tVHostKeys;
+    void           *pTmpKeys[SSL_TMP_KEY_MAX];
+    apr_hash_t     *tPublicCert;
+    apr_hash_t     *tPrivateKey;
+#if defined(HAVE_OPENSSL_ENGINE_H) && defined(HAVE_ENGINE_INIT)
+    const char     *szCryptoDevice;
+#endif
+    struct {
+        void *pV1, *pV2, *pV3, *pV4, *pV5, *pV6, *pV7, *pV8, *pV9, *pV10;
+    } rCtx;
+} SSLModConfigRec;
+
+/* public cert/private key */
+typedef struct {
+    /* 
+     * server only has 1-2 certs/keys
+     * 1 RSA and/or 1 DSA
+     */
+    const char  *cert_files[SSL_AIDX_MAX];
+    const char  *key_files[SSL_AIDX_MAX];
+    X509        *certs[SSL_AIDX_MAX];
+    EVP_PKEY    *keys[SSL_AIDX_MAX];
+} modssl_pk_server_t;
+
+typedef struct {
+    /* proxy can have any number of cert/key pairs */
+    const char  *cert_file;
+    const char  *cert_path;
+    STACK_OF(X509_INFO) *certs;
+} modssl_pk_proxy_t;
+
+/* stuff related to authentication that can also be per-dir */
+typedef struct {
+    /* known/trusted CAs */
+    const char  *ca_cert_path;
+    const char  *ca_cert_file;
+
+    const char  *cipher_suite;
+
+    /* for client or downstream server authentication */
+    int          verify_depth;
+    ssl_verify_t verify_mode;
+} modssl_auth_ctx_t;
+
+typedef struct SSLSrvConfigRec SSLSrvConfigRec;
+
+typedef struct {
+    SSLSrvConfigRec *sc; /* pointer back to server config */
+    SSL_CTX *ssl_ctx;
+
+    /* we are one or the other */
+    modssl_pk_server_t *pks;
+    modssl_pk_proxy_t  *pkp;
+
+    ssl_proto_t  protocol;
+
+    /* config for handling encrypted keys */
+    ssl_pphrase_t pphrase_dialog_type;
+    const char   *pphrase_dialog_path;
+
+    const char  *cert_chain;
+
+    /* certificate revocation list */
+    const char  *crl_path;
+    const char  *crl_file;
+    X509_STORE  *crl;
+
+    modssl_auth_ctx_t auth;
+} modssl_ctx_t;
+
+struct SSLSrvConfigRec {
+    SSLModConfigRec *mc;
+    BOOL             enabled;
+    BOOL             proxy_enabled;
+    const char      *vhost_id;
+    int              vhost_id_len;
+    int              session_cache_timeout;
+    modssl_ctx_t    *server;
+    modssl_ctx_t    *proxy;
+};
+
+/*
+ * Define the mod_ssl per-directory configuration structure
+ * (i.e. the local configuration for all <Directory>
+ *  and .htaccess contexts)
+ */
+typedef struct {
+    BOOL          bSSLRequired;
+    apr_array_header_t *aRequirement;
+    ssl_opt_t     nOptions;
+    ssl_opt_t     nOptionsAdd;
+    ssl_opt_t     nOptionsDel;
+    const char   *szCipherSuite;
+    ssl_verify_t  nVerifyClient;
+    int           nVerifyDepth;
+    const char   *szCACertificatePath;
+    const char   *szCACertificateFile;
+} SSLDirConfigRec;
+
+/*
+ *  function prototypes
+ */
+
+/*  API glue structures  */
+extern module AP_MODULE_DECLARE_DATA ssl_module;
+
+/* "global" stuff */
+extern const char ssl_valid_ssl_mutex_string[];
+
+/*  configuration handling   */
+SSLModConfigRec *ssl_config_global_create(server_rec *);
+void         ssl_config_global_fix(SSLModConfigRec *);
+BOOL         ssl_config_global_isfixed(SSLModConfigRec *);
+void        *ssl_config_server_create(apr_pool_t *, server_rec *);
+void        *ssl_config_server_merge(apr_pool_t *, void *, void *);
+void        *ssl_config_perdir_create(apr_pool_t *, char *);
+void        *ssl_config_perdir_merge(apr_pool_t *, void *, void *);
+const char  *ssl_cmd_SSLMutex(cmd_parms *, void *, const char *);
+const char  *ssl_cmd_SSLPassPhraseDialog(cmd_parms *, void *, const char *);
+const char  *ssl_cmd_SSLCryptoDevice(cmd_parms *, void *, const char *);
+const char  *ssl_cmd_SSLRandomSeed(cmd_parms *, void *, const char *, const char *, const char *);
+const char  *ssl_cmd_SSLEngine(cmd_parms *, void *, const char *);
+const char  *ssl_cmd_SSLCipherSuite(cmd_parms *, void *, const char *);
+const char  *ssl_cmd_SSLCertificateFile(cmd_parms *, void *, const char *);
+const char  *ssl_cmd_SSLCertificateKeyFile(cmd_parms *, void *, const char *);
+const char  *ssl_cmd_SSLCertificateChainFile(cmd_parms *, void *, const char *);
+const char  *ssl_cmd_SSLCACertificatePath(cmd_parms *, void *, const char *);
+const char  *ssl_cmd_SSLCACertificateFile(cmd_parms *, void *, const char *);
+const char  *ssl_cmd_SSLCARevocationPath(cmd_parms *, void *, const char *);
+const char  *ssl_cmd_SSLCARevocationFile(cmd_parms *, void *, const char *);
+const char  *ssl_cmd_SSLVerifyClient(cmd_parms *, void *, const char *);
+const char  *ssl_cmd_SSLVerifyDepth(cmd_parms *, void *, const char *);
+const char  *ssl_cmd_SSLSessionCache(cmd_parms *, void *, const char *);
+const char  *ssl_cmd_SSLSessionCacheTimeout(cmd_parms *, void *, const char *);
+const char  *ssl_cmd_SSLProtocol(cmd_parms *, void *, const char *);
+const char  *ssl_cmd_SSLOptions(cmd_parms *, void *, const char *);
+const char  *ssl_cmd_SSLRequireSSL(cmd_parms *, void *);
+const char  *ssl_cmd_SSLRequire(cmd_parms *, void *, const char *);
+
+const char *ssl_cmd_SSLProxyEngine(cmd_parms *cmd, void *dcfg, int flag);
+const char  *ssl_cmd_SSLProxyProtocol(cmd_parms *, void *, const char *);
+const char  *ssl_cmd_SSLProxyCipherSuite(cmd_parms *, void *, const char *);
+const char  *ssl_cmd_SSLProxyVerify(cmd_parms *, void *, const char *);
+const char  *ssl_cmd_SSLProxyVerifyDepth(cmd_parms *, void *, const char *);
+const char  *ssl_cmd_SSLProxyCACertificatePath(cmd_parms *, void *, const char *);
+const char  *ssl_cmd_SSLProxyCACertificateFile(cmd_parms *, void *, const char *);
+const char  *ssl_cmd_SSLProxyCARevocationPath(cmd_parms *, void *, const char *);
+const char  *ssl_cmd_SSLProxyCARevocationFile(cmd_parms *, void *, const char *);
+const char  *ssl_cmd_SSLProxyMachineCertificatePath(cmd_parms *, void *, const char *);
+const char  *ssl_cmd_SSLProxyMachineCertificateFile(cmd_parms *, void *, const char *);
+
+/*  module initialization  */
+int          ssl_init_Module(apr_pool_t *, apr_pool_t *, apr_pool_t *, server_rec *);
+void         ssl_init_Engine(server_rec *, apr_pool_t *);
+void         ssl_init_ConfigureServer(server_rec *, apr_pool_t *, apr_pool_t *, SSLSrvConfigRec *);
+void         ssl_init_CheckServers(server_rec *, apr_pool_t *);
+STACK_OF(X509_NAME) 
+            *ssl_init_FindCAList(server_rec *, apr_pool_t *, const char *, const char *);
+void         ssl_init_Child(apr_pool_t *, server_rec *);
+apr_status_t ssl_init_ModuleKill(void *data);
+
+/*  Apache API hooks  */
+int          ssl_hook_Translate(request_rec *);
+int          ssl_hook_Auth(request_rec *);
+int          ssl_hook_UserCheck(request_rec *);
+int          ssl_hook_Access(request_rec *);
+int          ssl_hook_Fixup(request_rec *);
+int          ssl_hook_ReadReq(request_rec *);
+int          ssl_hook_Upgrade(request_rec *);
+
+/*  OpenSSL callbacks */
+RSA         *ssl_callback_TmpRSA(SSL *, int, int);
+DH          *ssl_callback_TmpDH(SSL *, int, int);
+int          ssl_callback_SSLVerify(int, X509_STORE_CTX *);
+int          ssl_callback_SSLVerify_CRL(int, X509_STORE_CTX *, conn_rec *);
+int          ssl_callback_proxy_cert(SSL *ssl, MODSSL_CLIENT_CERT_CB_ARG_TYPE **x509, EVP_PKEY **pkey);
+int          ssl_callback_NewSessionCacheEntry(SSL *, SSL_SESSION *);
+SSL_SESSION *ssl_callback_GetSessionCacheEntry(SSL *, unsigned char *, int, int *);
+void         ssl_callback_DelSessionCacheEntry(SSL_CTX *, SSL_SESSION *);
+void         ssl_callback_LogTracingState(MODSSL_INFO_CB_ARG_TYPE, int, int);
+
+/*  Session Cache Support  */
+void         ssl_scache_init(server_rec *, apr_pool_t *);
+void         ssl_scache_status_register(apr_pool_t *p);
+void         ssl_scache_kill(server_rec *);
+BOOL         ssl_scache_store(server_rec *, UCHAR *, int, time_t, SSL_SESSION *);
+SSL_SESSION *ssl_scache_retrieve(server_rec *, UCHAR *, int);
+void         ssl_scache_remove(server_rec *, UCHAR *, int);
+void         ssl_scache_expire(server_rec *);
+
+char        *ssl_scache_id2sz(UCHAR *, int);
+void         ssl_scache_dbm_init(server_rec *, apr_pool_t *);
+void         ssl_scache_dbm_kill(server_rec *);
+BOOL         ssl_scache_dbm_store(server_rec *, UCHAR *, int, time_t, SSL_SESSION *);
+SSL_SESSION *ssl_scache_dbm_retrieve(server_rec *, UCHAR *, int);
+void         ssl_scache_dbm_remove(server_rec *, UCHAR *, int);
+void         ssl_scache_dbm_expire(server_rec *);
+void         ssl_scache_dbm_status(request_rec *r, int flags, apr_pool_t *pool);
+
+void         ssl_scache_shmcb_init(server_rec *, apr_pool_t *);
+void         ssl_scache_shmcb_kill(server_rec *);
+BOOL         ssl_scache_shmcb_store(server_rec *, UCHAR *, int, time_t, SSL_SESSION *);
+SSL_SESSION *ssl_scache_shmcb_retrieve(server_rec *, UCHAR *, int);
+void         ssl_scache_shmcb_remove(server_rec *, UCHAR *, int);
+void         ssl_scache_shmcb_expire(server_rec *);
+void         ssl_scache_shmcb_status(request_rec *r, int flags, apr_pool_t *pool);
+
+void         ssl_scache_dc_init(server_rec *, apr_pool_t *);
+void         ssl_scache_dc_kill(server_rec *);
+BOOL         ssl_scache_dc_store(server_rec *, UCHAR *, int, time_t, SSL_SESSION *);
+SSL_SESSION *ssl_scache_dc_retrieve(server_rec *, UCHAR *, int);
+void         ssl_scache_dc_remove(server_rec *, UCHAR *, int);
+void         ssl_scache_dc_expire(server_rec *);
+void         ssl_scache_dc_status(request_rec *r, int flags, apr_pool_t *pool);
+
+/* Proxy Support */
+int ssl_proxy_enable(conn_rec *c);
+int ssl_engine_disable(conn_rec *c);
+
+/*  I/O  */
+void         ssl_io_filter_init(conn_rec *, SSL *);
+void         ssl_io_filter_register(apr_pool_t *);
+long         ssl_io_data_cb(BIO *, int, MODSSL_BIO_CB_ARG_TYPE *, int, long, long);
+
+/*  PRNG  */
+int          ssl_rand_seed(server_rec *, apr_pool_t *, ssl_rsctx_t, char *);
+
+/*  Utility Functions  */
+char        *ssl_util_vhostid(apr_pool_t *, server_rec *);
+void         ssl_util_strupper(char *);
+void         ssl_util_uuencode(char *, const char *, BOOL);
+void         ssl_util_uuencode_binary(unsigned char *, const unsigned char *, int, BOOL);
+apr_file_t  *ssl_util_ppopen(server_rec *, apr_pool_t *, const char *,
+                             const char * const *);
+void         ssl_util_ppclose(server_rec *, apr_pool_t *, apr_file_t *);
+char        *ssl_util_readfilter(server_rec *, apr_pool_t *, const char *,
+                                 const char * const *);
+BOOL         ssl_util_path_check(ssl_pathcheck_t, const char *, apr_pool_t *);
+ssl_algo_t   ssl_util_algotypeof(X509 *, EVP_PKEY *); 
+char        *ssl_util_algotypestr(ssl_algo_t);
+char        *ssl_util_ptxtsub(apr_pool_t *, const char *, const char *, char *);
+void         ssl_util_thread_setup(apr_pool_t *);
+int          ssl_init_ssl_connection(conn_rec *c);
+
+/*  Pass Phrase Support  */
+void         ssl_pphrase_Handle(server_rec *, apr_pool_t *);
+
+/*  Diffie-Hellman Parameter Support  */
+DH           *ssl_dh_GetTmpParam(int);
+DH           *ssl_dh_GetParamFromFile(char *);
+
+unsigned char *ssl_asn1_table_set(apr_hash_t *table,
+                                  const char *key,
+                                  long int length);
+
+ssl_asn1_t *ssl_asn1_table_get(apr_hash_t *table,
+                               const char *key);
+
+void ssl_asn1_table_unset(apr_hash_t *table,
+                          const char *key);
+
+const char *ssl_asn1_keystr(int keytype);
+
+const char *ssl_asn1_table_keyfmt(apr_pool_t *p,
+                                  const char *id,
+                                  int keytype);
+/*  Mutex Support  */
+int          ssl_mutex_init(server_rec *, apr_pool_t *);
+int          ssl_mutex_reinit(server_rec *, apr_pool_t *);
+int          ssl_mutex_on(server_rec *);
+int          ssl_mutex_off(server_rec *);
+
+/*  Logfile Support  */
+void         ssl_die(void);
+void         ssl_log_ssl_error(const char *, int, int, server_rec *);
+
+/*  Variables  */
+void         ssl_var_register(void);
+char        *ssl_var_lookup(apr_pool_t *, server_rec *, conn_rec *, request_rec *, char *);
+void         ssl_var_log_config_register(apr_pool_t *p);
+
+#define APR_SHM_MAXSIZE (64 * 1024 * 1024)
+
+#endif /* SSL_PRIVATE_H */

diff --git a/modules/ssl/ssl_scache.c b/modules/ssl/ssl_scache.c
index b39da8b6210e38ab0200bada231e4697982ff3af..fee449888d013d20b50a433da92d14c54684d7bb 100644 (file)
--- a/modules/ssl/ssl_scache.c
+++ b/modules/ssl/ssl_scache.c
@@ -27,7 +27,7 @@
                                   join forces to help you shoot
                                   yourself in the foot for free.''
                                                  -- Unknown         */
-#include "mod_ssl.h"
+#include "ssl_private.h"
 #include "mod_status.h"
 
 /*  _________________________________________________________________

diff --git a/modules/ssl/ssl_scache_dbm.c b/modules/ssl/ssl_scache_dbm.c
index 95f4ba898cc96d5ff15a8bdc8f3102fc3fd43741..0c08318592d7810bcf5a42b24506c9f44f28b2c2 100644 (file)
--- a/modules/ssl/ssl_scache_dbm.c
+++ b/modules/ssl/ssl_scache_dbm.c
@@ -23,7 +23,7 @@
  *  Session Cache via DBM
  */
 
-#include "mod_ssl.h"
+#include "ssl_private.h"
 
 void ssl_scache_dbm_init(server_rec *s, apr_pool_t *p)
 {

diff --git a/modules/ssl/ssl_scache_dc.c b/modules/ssl/ssl_scache_dc.c
index ef152605cb84d5c04bc222edd2591d84b86c6d48..281bf8a5114530d6956ad5f420ff34bcc385ccc6 100644 (file)
--- a/modules/ssl/ssl_scache_dc.c
+++ b/modules/ssl/ssl_scache_dc.c
@@ -23,7 +23,7 @@
  *  Distributed Session Cache (client support)
  */
 
-#include "mod_ssl.h"
+#include "ssl_private.h"
 
 /* Only build this code if it's enabled at configure-time. */
 #ifdef HAVE_DISTCACHE

diff --git a/modules/ssl/ssl_scache_shmcb.c b/modules/ssl/ssl_scache_shmcb.c
index ee870cc101f0bad0a9989ebd1320d9a8dbf7558e..5d5e75c70bba659011a93a4b12bde33d4a805e5c 100644 (file)
--- a/modules/ssl/ssl_scache_shmcb.c
+++ b/modules/ssl/ssl_scache_shmcb.c
@@ -23,7 +23,7 @@
  *  Session Cache via Shared Memory (Cyclic Buffer Variant)
  */
 
-#include "mod_ssl.h"
+#include "ssl_private.h"
 
 /* 
  * This shared memory based SSL session cache implementation was

diff --git a/modules/ssl/ssl_util.c b/modules/ssl/ssl_util.c
index 9346332058d65a2ae309b1f421965729672b02b6..585360adea1e4d8c1213b99343aa83d60ca9ac62 100644 (file)
--- a/modules/ssl/ssl_util.c
+++ b/modules/ssl/ssl_util.c
@@ -28,7 +28,7 @@
                                   who piss me off!''
                                             -- Calvin          */
 
-#include "mod_ssl.h"
+#include "ssl_private.h"
 #include "ap_mpm.h"
 #include "apr_thread_mutex.h"
 

diff --git a/modules/ssl/ssl_util_ssl.c b/modules/ssl/ssl_util_ssl.c
index 1917e62d510fc48f5413c2e9dce7dcf7db7ddfec..b5d36ba2a58d4440162f5dad5d86dc7a7abf3b4b 100644 (file)
--- a/modules/ssl/ssl_util_ssl.c
+++ b/modules/ssl/ssl_util_ssl.c
@@ -23,7 +23,7 @@
  *  Additional Utility Functions for OpenSSL
  */
 
-#include "mod_ssl.h"
+#include "ssl_private.h"
 
 /*  _________________________________________________________________
 **