SSLSrvConfigRec *sc = apr_palloc(p, sizeof(*sc));
sc->mc = NULL;
- sc->enabled = FALSE;
+ sc->enabled = SSL_ENABLED_FALSE;
sc->proxy_enabled = UNSET;
sc->vhost_id = NULL; /* set during module init */
sc->vhost_id_len = 0; /* set during module init */
SSLSrvConfigRec *mrg = ssl_config_server_new(p);
cfgMerge(mc, NULL);
- cfgMergeBool(enabled);
+ cfgMerge(enabled, SSL_ENABLED_UNSET);
cfgMergeBool(proxy_enabled);
cfgMergeInt(session_cache_timeout);
SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
if (!strcasecmp(arg, "On")) {
- sc->enabled = TRUE;
+ sc->enabled = SSL_ENABLED_TRUE;
return NULL;
}
else if (!strcasecmp(arg, "Off")) {
- sc->enabled = FALSE;
+ sc->enabled = SSL_ENABLED_FALSE;
return NULL;
}
else if (!strcasecmp(arg, "Optional")) {
- sc->enabled = UNSET;
+ sc->enabled = SSL_ENABLED_OPTIONAL;
return NULL;
}
sc->vhost_id = ssl_util_vhostid(p, s);
sc->vhost_id_len = strlen(sc->vhost_id);
-#if 0
/* If sc->enabled is UNSET, then SSL is optional on this vhost */
/* Fix up stuff that may not have been set */
- if (sc->enabled == UNSET) {
- sc->enabled = FALSE;
+ if (sc->enabled == SSL_ENABLED_UNSET) {
+ sc->enabled = SSL_ENABLED_FALSE;
}
-#endif
if (sc->proxy_enabled == UNSET) {
sc->proxy_enabled = FALSE;
}
apr_pool_t *ptemp,
SSLSrvConfigRec *sc)
{
- /* A bit of a hack, but initialize the server if SSL is optional or
- * not.
+ /* Initialize the server if SSL is enabled or optional.
*/
- if (sc->enabled) {
+ if ((sc->enabled == SSL_ENABLED_TRUE) || (sc->enabled == SSL_ENABLED_OPTIONAL)) {
ap_log_error(APLOG_MARK, APLOG_INFO, 0, s,
"Configuring server for SSL protocol");
ssl_init_server_ctx(s, p, ptemp, sc);
for (s = base_server; s; s = s->next) {
sc = mySrvConfig(s);
- if ((sc->enabled == TRUE) && (s->port == DEFAULT_HTTP_PORT)) {
+ if ((sc->enabled == SSL_ENABLED_TRUE) && (s->port == DEFAULT_HTTP_PORT)) {
ap_log_error(APLOG_MARK, APLOG_WARNING, 0,
base_server,
"Init: (%s) You configured HTTPS(%d) "
DEFAULT_HTTPS_PORT, DEFAULT_HTTP_PORT);
}
- if (!sc->enabled && (s->port == DEFAULT_HTTPS_PORT)) {
+ if ((sc->enabled == SSL_ENABLED_FALSE) && (s->port == DEFAULT_HTTPS_PORT)) {
ap_log_error(APLOG_MARK, APLOG_WARNING, 0,
base_server,
"Init: (%s) You configured HTTP(%d) "
for (s = base_server; s; s = s->next) {
sc = mySrvConfig(s);
- if (!(sc->enabled && s->addrs)) {
+ if (!((sc->enabled == SSL_ENABLED_TRUE) && s->addrs)) {
continue;
}
* Support for SSLRequireSSL directive
*/
if (dc->bSSLRequired && !ssl) {
- if (sc->enabled == UNSET) {
+ if (sc->enabled == SSL_ENABLED_OPTIONAL) {
/* This vhost was configured for optional SSL, just tell the
* client that we need to upgrade.
*/
/*
* Check to see if SSL protocol is on
*/
- if (!(sc->enabled || ssl)) {
+ if (!((sc->enabled == SSL_ENABLED_TRUE) || (sc->enabled == SSL_ENABLED_OPTIONAL) || ssl)) {
return DECLINED;
}
/*
* - ssl not enabled
* - client did not present a certificate
*/
- if (!(sc->enabled && sslconn->ssl && sslconn->client_cert) ||
+ if (!((sc->enabled == SSL_ENABLED_TRUE || sc->enabled == SSL_ENABLED_OPTIONAL) && sslconn->ssl && sslconn->client_cert) ||
!(dc->nOptions & SSL_OPT_FAKEBASICAUTH) || r->user)
{
return DECLINED;
SSL *ssl;
int i;
- if (sc->enabled == UNSET) {
+ if (sc->enabled == SSL_ENABLED_OPTIONAL) {
apr_table_setn(r->headers_out, "Upgrade", "TLS/1.0, HTTP/1.1");
}
/*
* Check to see if SSL is on
*/
- if (!(sc->enabled && sslconn && (ssl = sslconn->ssl))) {
+ if (!(((sc->enabled == SSL_ENABLED_TRUE) || (sc->enabled == SSL_ENABLED_OPTIONAL)) && sslconn && (ssl = sslconn->ssl))) {
return DECLINED;
}
SSL_MUTEXMODE_USED = 1
} ssl_mutexmode_t;
+/*
+ * Define the SSL enabled state
+ */
+typedef enum {
+ SSL_ENABLED_UNSET = UNSET,
+ SSL_ENABLED_FALSE = 0,
+ SSL_ENABLED_TRUE = 1,
+ SSL_ENABLED_OPTIONAL = 3
+} ssl_enabled_t;
+
/*
* Define the SSL requirement structure
*/
struct SSLSrvConfigRec {
SSLModConfigRec *mc;
- BOOL enabled;
+ ssl_enabled_t enabled;
BOOL proxy_enabled;
const char *vhost_id;
int vhost_id_len;
projects / apache / commitdiff