SSL *ssl;
unsigned char *cpVHostID;
char *cpVHostMD5;
+ SSLConnRec *sslconn = apr_pcalloc(c->pool, sizeof(*sslconn));
/*
* Create SSL context
*/
- apr_table_setn(c->notes, "ssl", NULL);
+ myConnConfigSet(c, sslconn);
/*
* Immediately stop processing if SSL is disabled for this connection
if ((ssl = SSL_new(sc->pSSLCtx)) == NULL) {
ssl_log(c->base_server, SSL_LOG_ERROR|SSL_ADD_SSLERR,
"Unable to create a new SSL connection from the SSL context");
- apr_table_setn(c->notes, "ssl", NULL);
c->aborted = 1;
return DECLINED; /* XXX */
}
strlen(cpVHostMD5))) {
ssl_log(c->base_server, SSL_LOG_ERROR|SSL_ADD_SSLERR,
"Unable to set session id context to `%s'", cpVHostMD5);
- apr_table_setn(c->notes, "ssl", NULL);
c->aborted = 1;
return DECLINED; /* XXX */
}
apr_table_setn(apctx, "ssl::verify::depth", AP_CTX_NUM2PTR(0));
SSL_set_app_data2(ssl, apctx);
- apr_table_setn(c->notes, "ssl", (const char *)ssl);
+ sslconn->ssl = ssl;
/*
* Configure callbacks for SSL connection
static apr_status_t ssl_abort(SSLFilterRec *pRec, conn_rec *c)
{
+ SSLConnRec *sslconn = myConnConfig(c);
/*
* try to gracefully shutdown the connection:
* - send an own shutdown message (be gracefully)
SSL_smart_shutdown(pRec->pssl);
SSL_free(pRec->pssl);
pRec->pssl = NULL; /* so filters know we've been shutdown */
- apr_table_setn(c->notes, "ssl", NULL);
+ sslconn->ssl = NULL;
c->aborted = 1;
return APR_EGENERAL;
#define cfgMergeBool(el) cfgMerge(el, UNSET)
#define cfgMergeInt(el) cfgMerge(el, UNSET)
+#define myConnConfig(c) \
+(SSLConnRec *)ap_get_module_config(c->conn_config, &ssl_module)
+#define myConnConfigSet(c, val) \
+ap_set_module_config(c->conn_config, &ssl_module, val)
#define myModConfig(srv) (SSLModConfigRec *)ssl_util_getmodconfig(srv, "ssl_module")
#define mySrvConfig(srv) (SSLSrvConfigRec *)ap_get_module_config(srv->module_config, &ssl_module)
#define myDirConfig(req) (SSLDirConfigRec *)ap_get_module_config(req->per_dir_config, &ssl_module)
apr_bucket_brigade *b; /* decrypted input */
} SSLFilterRec;
+typedef struct {
+ SSL *ssl;
+} SSLConnRec;
+
typedef struct {
apr_pool_t *pPool;
BOOL bFixed;
/* deallocate the SSL connection */
SSL_free(ssl);
- apr_table_setn(conn->notes, "ssl", NULL);
+ sslconn->ssl = NULL;
filter->pssl = NULL; /* so filters know we've been shutdown */
return APR_SUCCESS;
*/
int ssl_hook_ReadReq(request_rec *r)
{
+ SSLConnRec *sslconn = myConnConfig(r->connection);
SSL *ssl;
apr_table_t *apctx;
* Get the SSL connection structure and perform the
* delayed interlinking from SSL back to request_rec
*/
- ssl = (SSL *)apr_table_get(r->connection->notes, "ssl");
+ ssl = sslconn->ssl;
if (ssl != NULL) {
apctx = (apr_table_t *)SSL_get_app_data2(ssl);
apr_table_setn(apctx, "ssl::request_rec", (const char *)r);
*/
int ssl_hook_Translate(request_rec *r)
{
- if (apr_table_get(r->connection->notes, "ssl") == NULL)
+ SSLConnRec *sslconn = myConnConfig(r->connection);
+
+ if (sslconn->ssl == NULL)
return DECLINED;
/*
int argi, long argl, long rc)
{
request_rec *r = (request_rec *)BIO_get_callback_arg(bio);
- SSL *ssl;
+ SSLConnRec *sslconn = myConnConfig(r->connection);
+ SSL *ssl = sslconn->ssl;
int is_failed_read = (cmd == (BIO_CB_READ|BIO_CB_RETURN) && (rc == -1));
int is_flush = ((cmd == BIO_CB_CTRL) && (argi == BIO_CTRL_FLUSH));
if (is_flush || is_failed_read) {
- ssl = (SSL *)apr_table_get(r->connection->notes, "ssl");
/* disable this callback to prevent recursion
* and leave a "note" so the input filter leaves the rbio
* as-as
{
SSLDirConfigRec *dc;
SSLSrvConfigRec *sc;
+ SSLConnRec *sslconn;
SSL *ssl;
SSL_CTX *ctx = NULL;
apr_array_header_t *apRequirement;
dc = myDirConfig(r);
sc = mySrvConfig(r->server);
- ssl = (SSL *)apr_table_get(r->connection->notes, "ssl");
+ sslconn = myConnConfig(r->connection);
+ ssl = sslconn->ssl;
if (ssl != NULL)
ctx = SSL_get_SSL_CTX(ssl);
*/
int ssl_hook_UserCheck(request_rec *r)
{
+ SSLConnRec *sslconn = myConnConfig(r->connection);
SSLSrvConfigRec *sc = mySrvConfig(r->server);
SSLDirConfigRec *dc = myDirConfig(r);
char b1[MAX_STRING_LEN], b2[MAX_STRING_LEN];
*/
if (!sc->bEnabled)
return DECLINED;
- if (apr_table_get(r->connection->notes, "ssl") == NULL)
+ if (sslconn->ssl == NULL)
return DECLINED;
if (!(dc->nOptions & SSL_OPT_FAKEBASICAUTH))
return DECLINED;
int ssl_hook_Fixup(request_rec *r)
{
+ SSLConnRec *sslconn = myConnConfig(r->connection);
SSLSrvConfigRec *sc = mySrvConfig(r->server);
SSLDirConfigRec *dc = myDirConfig(r);
apr_table_t *e = r->subprocess_env;
*/
if (!sc->bEnabled)
return DECLINED;
- if ((ssl = (SSL *)apr_table_get(r->connection->notes, "ssl")) == NULL)
+ if ((ssl = sslconn->ssl) == NULL)
return DECLINED;
/*
char *ssl_var_lookup(apr_pool_t *p, server_rec *s, conn_rec *c, request_rec *r, char *var)
{
+ SSLConnRec *sslconn;
SSLModConfigRec *mc = myModConfig(s);
char *result;
BOOL resdup;
* Connection stuff
*/
if (result == NULL && c != NULL) {
+ sslconn = myConnConfig(c);
if (strcEQ(var, "REMOTE_ADDR"))
result = c->remote_ip;
else if (strcEQ(var, "REMOTE_USER"))
else if (strlen(var) > 4 && strcEQn(var, "SSL_", 4))
result = ssl_var_lookup_ssl(p, c, var+4);
else if (strcEQ(var, "HTTPS")) {
- if (apr_table_get(c->notes, "ssl") != NULL)
+ if (sslconn->ssl != NULL)
result = "on";
else
result = "off";
static char *ssl_var_lookup_ssl(apr_pool_t *p, conn_rec *c, char *var)
{
+ SSLConnRec *sslconn = myConnConfig(c);
char *result;
X509 *xs;
STACK_OF(X509) *sk;
result = NULL;
- ssl = (SSL *)apr_table_get(c->notes, "ssl");
+ ssl = sslconn->ssl;
if (strlen(var) > 8 && strcEQn(var, "VERSION_", 8)) {
result = ssl_var_lookup_ssl_version(p, var+8);
}
static char *ssl_var_lookup_ssl_cert_verify(apr_pool_t *p, conn_rec *c)
{
+ SSLConnRec *sslconn = myConnConfig(c);
char *result;
long vrc;
char *verr;
X509 *xs;
result = NULL;
- ssl = (SSL *) apr_table_get(c->notes, "ssl");
+ ssl = sslconn->ssl;
verr = (char *)apr_table_get(c->notes, "ssl::verify::error");
vinfo = (char *)apr_table_get(c->notes, "ssl::verify::info");
vrc = SSL_get_verify_result(ssl);
static char *ssl_var_lookup_ssl_cipher(apr_pool_t *p, conn_rec *c, char *var)
{
+ SSLConnRec *sslconn = myConnConfig(c);
char *result;
BOOL resdup;
int usekeysize, algkeysize;
result = NULL;
resdup = TRUE;
- ssl = (SSL *)apr_table_get(c->notes, "ssl");
+ ssl = sslconn->ssl;
ssl_var_lookup_ssl_cipher_bits(ssl, &usekeysize, &algkeysize);
if (strEQ(var, ""))
*/
static const char *ssl_var_log_handler_c(request_rec *r, char *a)
{
+ SSLConnRec *sslconn = myConnConfig(r->connection);
char *result;
- if (apr_table_get(r->connection->notes, "ssl") == NULL)
+ if (sslconn->ssl == NULL)
return NULL;
result = NULL;
if (strEQ(a, "version"))
*/
static const char *ssl_var_log_handler_x(request_rec *r, char *a)
{
+ SSLConnRec *sslconn = myConnConfig(r->connection);
char *result;
result = NULL;
- if (apr_table_get(r->connection->notes, "ssl") != NULL)
+ if (sslconn->ssl != NULL)
result = ssl_var_lookup(r->pool, r->server, r->connection, r, a);
if (result != NULL && result[0] == NUL)
result = NULL;