ssl_var_unregister();
ssl_ext_unregister();
ssl_io_unregister();
+ o We certainly need CRYPTO_set_locking_callback() now also under Unix!
#include "scoreboard.h"
#include "util_md5.h"
#include "apr.h"
+#include "apr_lib.h"
#include "apr_fnmatch.h"
#include "apr_strings.h"
#include "apr_pools.h"
#define cfgMergeString(el) cfgMerge(el, NULL)
#define cfgMergeBool(el) cfgMerge(el, UNSET)
#define cfgMergeInt(el) cfgMerge(el, UNSET)
+#endif /* XXX */
+#if 0 /* XXX */
#define myModConfig() (SSLModConfigRec *)ap_ctx_get(ap_global_ctx, "ssl_module")
+#endif /* XXX */
#define mySrvConfig(srv) (SSLSrvConfigRec *)ap_get_module_config(srv->module_config, &ssl_module)
#define myDirConfig(req) (SSLDirConfigRec *)ap_get_module_config(req->per_dir_config, &ssl_module)
+#if 0 /* XXX */
#define myCtxVarSet(mc,num,val) mc->rCtx.pV##num = val
#define myCtxVarGet(mc,num,type) (type)(mc->rCtx.pV##num)
#endif /* XXX */
* Define the certificate algorithm types
*/
-#if 0 /* XXX */
-
typedef int ssl_algo_t;
#define SSL_ALGO_UNKNOWN (0)
#define SSL_AIDX_DSA (1)
#define SSL_AIDX_MAX (2)
+#if 0 /* XXX */
+
/*
* Define IDs for the temporary RSA keys and DH params
*/
SSL_PPTYPE_BUILTIN = 0,
SSL_PPTYPE_FILTER = 1
} ssl_pphrase_t;
+#endif /* XXX */
/*
* Define the Path Checking modes
#define SSL_PCM_ISNONZERO 8
typedef unsigned int ssl_pathcheck_t;
+#if 0 /* XXX */
+
/*
* Define the SSL session cache modes and structures
*/
* (i.e. the configuration for the main server
* and all <VirtualHost> contexts)
*/
+#endif /* XXX */
typedef struct {
BOOL bEnabled;
+#if 0 /* XXX */
char *szPublicCertFile[SSL_AIDX_MAX];
char *szPrivateKeyFile[SSL_AIDX_MAX];
char *szCertificateChain;
SSL_CTX *pSSLProxyCtx;
STACK_OF(X509_INFO) *skProxyClientCerts;
#endif
+#endif /* XXX */
} SSLSrvConfigRec;
+#if 0 /* XXX */
/*
* Define the mod_ssl per-directory configuration structure
* (i.e. the local configuration for all <Directory>
#endif
#endif /* XXX */
} SSLDirConfigRec;
-#if 0 /* XXX */
/*
* function prototypes
*/
/* API glue structures */
-extern module MODULE_VAR_EXPORT ssl_module;
+extern module AP_MODULE_DECLARE_DATA ssl_module;
-#endif /* XXX */
/* configuration handling */
void ssl_config_global_create(void);
void ssl_config_global_fix(void);
void ssl_ext_register(void);
void ssl_ext_unregister(void);
+#endif /* XXX */
+
/* Utility Functions */
-char *ssl_util_vhostid(pool *, server_rec *);
+char *ssl_util_vhostid(apr_pool_t *, server_rec *);
void ssl_util_strupper(char *);
void ssl_util_uuencode(char *, const char *, BOOL);
void ssl_util_uuencode_binary(unsigned char *, const unsigned char *, int, BOOL);
-FILE *ssl_util_ppopen(server_rec *, pool *, char *);
-int ssl_util_ppopen_child(void *, child_info *);
-void ssl_util_ppclose(server_rec *, pool *, FILE *);
-char *ssl_util_readfilter(server_rec *, pool *, char *);
-BOOL ssl_util_path_check(ssl_pathcheck_t, char *);
+apr_file_t *ssl_util_ppopen(server_rec *, apr_pool_t *, char *);
+void ssl_util_ppclose(server_rec *, apr_pool_t *, apr_file_t *);
+char *ssl_util_readfilter(server_rec *, apr_pool_t *, char *);
+BOOL ssl_util_path_check(ssl_pathcheck_t, char *, apr_pool_t *);
ssl_algo_t ssl_util_algotypeof(X509 *, EVP_PKEY *);
char *ssl_util_algotypestr(ssl_algo_t);
-char *ssl_util_ptxtsub(pool *, const char *, const char *, char *);
+char *ssl_util_ptxtsub(apr_pool_t *, const char *, const char *, char *);
void ssl_util_thread_setup(void);
-#endif /* XXX */
-
#endif /* __MOD_SSL_H__ */
else if (strlen(arg) > 5 && strEQn(arg, "exec:", 5)) {
sc->nPassPhraseDialogType = SSL_PPTYPE_FILTER;
sc->szPassPhraseDialogPath = ap_server_root_relative(cmd->pool, "dialog", arg+5);
- if (!ssl_util_path_check(SSL_PCM_EXISTS, sc->szPassPhraseDialogPath))
+ if (!ssl_util_path_check(SSL_PCM_EXISTS, sc->szPassPhraseDialogPath, cmd->pool))
return ap_pstrcat(cmd->pool, "SSLPassPhraseDialog: file '",
sc->szPassPhraseDialogPath, "' not exists", NULL);
}
pRS->cpPath = ap_pstrdup(mc->pPool, ap_server_root_relative(cmd->pool, "random", arg2));
}
if (pRS->nSrc != SSL_RSSRC_BUILTIN)
- if (!ssl_util_path_check(SSL_PCM_EXISTS, pRS->cpPath))
+ if (!ssl_util_path_check(SSL_PCM_EXISTS, pRS->cpPath, cmd->pool))
return ap_pstrcat(cmd->pool, "SSLRandomSeed: source path '",
pRS->cpPath, "' not exists", NULL);
if (arg3 == NULL)
int i;
cpPath = ap_server_root_relative(cmd->pool, "certkey", arg);
- if (!ssl_util_path_check(SSL_PCM_EXISTS|SSL_PCM_ISREG|SSL_PCM_ISNONZERO, cpPath))
+ if (!ssl_util_path_check(SSL_PCM_EXISTS|SSL_PCM_ISREG|SSL_PCM_ISNONZERO, cpPath, cmd->pool))
return ap_pstrcat(cmd->pool, "SSLCertificateFile: file '",
cpPath, "' not exists or empty", NULL);
for (i = 0; i < SSL_AIDX_MAX && sc->szPublicCertFile[i] != NULL; i++)
int i;
cpPath = ap_server_root_relative(cmd->pool, "certkey", arg);
- if (!ssl_util_path_check(SSL_PCM_EXISTS|SSL_PCM_ISREG|SSL_PCM_ISNONZERO, cpPath))
+ if (!ssl_util_path_check(SSL_PCM_EXISTS|SSL_PCM_ISREG|SSL_PCM_ISNONZERO, cpPath, cmd->pool))
return ap_pstrcat(cmd->pool, "SSLCertificateKeyFile: file '",
cpPath, "' not exists or empty", NULL);
for (i = 0; i < SSL_AIDX_MAX && sc->szPrivateKeyFile[i] != NULL; i++)
char *cpPath;
cpPath = ap_server_root_relative(cmd->pool, "certkey", arg);
- if (!ssl_util_path_check(SSL_PCM_EXISTS|SSL_PCM_ISREG|SSL_PCM_ISNONZERO, cpPath))
+ if (!ssl_util_path_check(SSL_PCM_EXISTS|SSL_PCM_ISREG|SSL_PCM_ISNONZERO, cpPath, cmd->pool))
return ap_pstrcat(cmd->pool, "SSLCertificateChainFile: file '",
cpPath, "' not exists or empty", NULL);
sc->szCertificateChain = cpPath;
char *cpPath;
cpPath = ap_server_root_relative(cmd->pool, "certkey", arg);
- if (!ssl_util_path_check(SSL_PCM_EXISTS|SSL_PCM_ISDIR, cpPath))
+ if (!ssl_util_path_check(SSL_PCM_EXISTS|SSL_PCM_ISDIR, cpPath, cmd->pool))
return ap_pstrcat(cmd->pool, "SSLCACertificatePath: directory '",
cpPath, "' not exists", NULL);
#ifdef SSL_EXPERIMENTAL_PERDIRCA
char *cpPath;
cpPath = ap_server_root_relative(cmd->pool, "certkey", arg);
- if (!ssl_util_path_check(SSL_PCM_EXISTS|SSL_PCM_ISREG|SSL_PCM_ISNONZERO, cpPath))
+ if (!ssl_util_path_check(SSL_PCM_EXISTS|SSL_PCM_ISREG|SSL_PCM_ISNONZERO, cpPath, cmd->pool))
return ap_pstrcat(cmd->pool, "SSLCACertificateFile: file '",
cpPath, "' not exists or empty", NULL);
#ifdef SSL_EXPERIMENTAL_PERDIRCA
char *cpPath;
cpPath = ap_server_root_relative(cmd->pool, "certkey", arg);
- if (!ssl_util_path_check(SSL_PCM_EXISTS|SSL_PCM_ISDIR, cpPath))
+ if (!ssl_util_path_check(SSL_PCM_EXISTS|SSL_PCM_ISDIR, cpPath, cmd->pool))
return ap_pstrcat(cmd->pool, "SSLCARecocationPath: directory '",
cpPath, "' not exists", NULL);
sc->szCARevocationPath = cpPath;
char *cpPath;
cpPath = ap_server_root_relative(cmd->pool, "certkey", arg);
- if (!ssl_util_path_check(SSL_PCM_EXISTS|SSL_PCM_ISREG|SSL_PCM_ISNONZERO, cpPath))
+ if (!ssl_util_path_check(SSL_PCM_EXISTS|SSL_PCM_ISREG|SSL_PCM_ISNONZERO, cpPath, cmd->pool))
return ap_pstrcat(cmd->pool, "SSLCARevocationFile: file '",
cpPath, "' not exists or empty", NULL);
sc->szCARevocationFile = cpPath;
char *cpPath;
cpPath = ap_server_root_relative(cmd->pool, "certkey", arg);
- if (!ssl_util_path_check(SSL_PCM_EXISTS|SSL_PCM_ISREG|SSL_PCM_ISNONZERO, cpPath))
+ if (!ssl_util_path_check(SSL_PCM_EXISTS|SSL_PCM_ISREG|SSL_PCM_ISNONZERO, cpPath, cmd->pool))
return ap_pstrcat(cmd->pool, "SSLProxyCACertificateFile: file '",
cpPath, "' not exists or empty", NULL);
sc->szProxyCACertificateFile = cpPath;
char *cpPath;
cpPath = ap_server_root_relative(cmd->pool, "certkey", arg);
- if (!ssl_util_path_check(SSL_PCM_EXISTS|SSL_PCM_ISDIR, cpPath))
+ if (!ssl_util_path_check(SSL_PCM_EXISTS|SSL_PCM_ISDIR, cpPath, cmd->pool))
return ap_pstrcat(cmd->pool, "SSLProxyCACertificatePath: directory '",
cpPath, "' does not exists", NULL);
sc->szProxyCACertificatePath = cpPath;
char *cpPath;
cpPath = ap_server_root_relative(cmd->pool, "certkey", arg);
- if (!ssl_util_path_check(SSL_PCM_EXISTS|SSL_PCM_ISREG|SSL_PCM_ISNONZERO, cpPath))
+ if (!ssl_util_path_check(SSL_PCM_EXISTS|SSL_PCM_ISREG|SSL_PCM_ISNONZERO, cpPath, cmd->pool))
return ap_pstrcat(cmd->pool, "SSLProxyMachineCertFile: file '",
cpPath, "' not exists or empty", NULL);
sc->szProxyClientCertificateFile = cpPath;
char *cpPath;
cpPath = ap_server_root_relative(cmd->pool, "certkey", arg);
- if (!ssl_util_path_check(SSL_PCM_EXISTS|SSL_PCM_ISDIR, cpPath))
+ if (!ssl_util_path_check(SSL_PCM_EXISTS|SSL_PCM_ISDIR, cpPath, cmd->pool))
return ap_pstrcat(cmd->pool, "SSLProxyMachineCertPath: directory '",
cpPath, "' does not exists", NULL);
sc->szProxyClientCertificatePath = cpPath;
*/
void ssl_init_SSLLibrary(void)
{
-#ifdef WIN32
CRYPTO_malloc_init();
-#endif
SSL_load_error_strings();
SSL_library_init();
- ssl_util_thread_setup();
+ /* XXX CRYPTO_set_locking_callback(); */
X509V3_add_standard_extensions();
return;
}
-- Calvin */
#include "mod_ssl.h"
-#if 0 /* XXX */
-
/* _________________________________________________________________
**
** Utility Functions
** _________________________________________________________________
*/
-char *ssl_util_vhostid(pool *p, server_rec *s)
+char *ssl_util_vhostid(apr_pool_t *p, server_rec *s)
{
char *id;
SSLSrvConfigRec *sc;
else
port = DEFAULT_HTTP_PORT;
}
- id = ap_psprintf(p, "%s:%u", host, port);
+ id = apr_psprintf(p, "%s:%u", host, port);
return id;
}
void ssl_util_strupper(char *s)
{
for (; *s; ++s)
- *s = toupper(*s);
+ *s = apr_toupper(*s);
return;
}
return;
}
-FILE *ssl_util_ppopen(server_rec *s, pool *p, char *cmd)
+apr_file_t *ssl_util_ppopen(server_rec *s, apr_pool_t *p, char *cmd)
{
- FILE *fpout;
- int rc;
+ apr_procattr_t *procattr;
+ apr_proc_t *proc;
- fpout = NULL;
- rc = ap_spawn_child(p, ssl_util_ppopen_child,
- (void *)cmd, kill_after_timeout,
- NULL, &fpout, NULL);
- if (rc == 0 || fpout == NULL) {
- ap_log_error(APLOG_MARK, APLOG_ERR, s,
- "ssl_util_ppopen: could not run: %s", cmd);
+ if (apr_procattr_create(&procattr, p) != APR_SUCCESS)
return NULL;
- }
- return (fpout);
-}
-
-int ssl_util_ppopen_child(void *cmd, child_info *pinfo)
-{
- int child_pid = 1;
-
- /*
- * Prepare for exec
- */
- ap_cleanup_for_exec();
-#ifdef SIGHUP
- signal(SIGHUP, SIG_IGN);
-#endif
-
- /*
- * Exec() the child program
- */
- execl(SHELL_PATH, SHELL_PATH, "-c", (char *)cmd, NULL);
- return (child_pid);
+ if (apr_procattr_io_set(procattr, APR_FULL_BLOCK, APR_FULL_BLOCK,
+ APR_FULL_BLOCK) != APR_SUCCESS)
+ return NULL;
+ if (apr_procattr_dir_set(procattr,
+ ap_make_dirstr_parent(p, cmd)) != APR_SUCCESS)
+ return NULL;
+ if (apr_procattr_cmdtype_set(procattr, APR_PROGRAM) != APR_SUCCESS)
+ return NULL;
+ if ((proc = (apr_proc_t *)apr_pcalloc(p, sizeof(apr_proc_t))) == NULL)
+ return NULL;
+ if (apr_proc_create(proc, cmd, NULL, NULL, procattr, p) != APR_SUCCESS)
+ return NULL;
+ return proc->out;
}
-void ssl_util_ppclose(server_rec *s, pool *p, FILE *fp)
+void ssl_util_ppclose(server_rec *s, apr_pool_t *p, apr_file_t *fp)
{
- ap_pfclose(p, fp);
+ apr_file_close(fp);
return;
}
/*
* Run a filter program and read the first line of its stdout output
*/
-char *ssl_util_readfilter(server_rec *s, pool *p, char *cmd)
+char *ssl_util_readfilter(server_rec *s, apr_pool_t *p, char *cmd)
{
static char buf[MAX_STRING_LEN];
- FILE *fp;
+ apr_file_t *fp;
+ apr_size_t nbytes;
char c;
int k;
if ((fp = ssl_util_ppopen(s, p, cmd)) == NULL)
return NULL;
- for (k = 0; read(fileno(fp), &c, 1) == 1
- && (k < MAX_STRING_LEN-1) ; ) {
+ for (k = 0; apr_file_read(fp, &c, &nbytes) == APR_SUCCESS
+ && nbytes == 1 && (k < MAX_STRING_LEN-1) ; ) {
if (c == '\n' || c == '\r')
break;
buf[k++] = c;
return buf;
}
-BOOL ssl_util_path_check(ssl_pathcheck_t pcm, char *path)
+BOOL ssl_util_path_check(ssl_pathcheck_t pcm, char *path, apr_pool_t *p)
{
- struct stat sb;
+ apr_finfo_t finfo;
if (path == NULL)
return FALSE;
- if (pcm & SSL_PCM_EXISTS && stat(path, &sb) != 0)
+ if (pcm & SSL_PCM_EXISTS && apr_stat(&finfo, path,
+ APR_FINFO_TYPE|APR_FINFO_SIZE, p) != 0)
return FALSE;
- if (pcm & SSL_PCM_ISREG && !S_ISREG(sb.st_mode))
+ if (pcm & SSL_PCM_ISREG && finfo.filetype != APR_REG)
return FALSE;
- if (pcm & SSL_PCM_ISDIR && !S_ISDIR(sb.st_mode))
+ if (pcm & SSL_PCM_ISDIR && finfo.filetype != APR_DIR)
return FALSE;
- if (pcm & SSL_PCM_ISNONZERO && sb.st_mode <= 0)
+ if (pcm & SSL_PCM_ISNONZERO && finfo.size <= 0)
return FALSE;
return TRUE;
}
}
char *ssl_util_ptxtsub(
- pool *p, const char *cpLine, const char *cpMatch, char *cpSubst)
+ apr_pool_t *p, const char *cpLine, const char *cpMatch, char *cpSubst)
{
#define MAX_PTXTSUB 100
char *cppMatch[MAX_PTXTSUB];
/*
* Pass 2: allocate memory and assemble result
*/
- cpResult = ap_pcalloc(p, nResult+1);
+ cpResult = apr_pcalloc(p, nResult+1);
for (cpI = (char *)cpLine, cpO = cpResult, i = 0; cppMatch[i] != NULL; i++) {
ap_cpystrn(cpO, cpI, cppMatch[i]-cpI+1);
cpO += (cppMatch[i]-cpI);
cpO += nSubst;
cpI = (cppMatch[i]+nMatch);
}
- ap_cpystrn(cpO, cpI, cpResult+nResult-cpO+1);
+ apr_cpystrn(cpO, cpI, cpResult+nResult-cpO+1);
return cpResult;
}
-/* _________________________________________________________________
-**
-** Special Functions for Win32/OpenSSL
-** _________________________________________________________________
-*/
-
-#ifdef WIN32
-static HANDLE lock_cs[CRYPTO_NUM_LOCKS];
-
-static void win32_locking_callback(int mode, int type, char* file, int line)
-{
- if (mode & CRYPTO_LOCK)
- WaitForSingleObject(lock_cs[type], INFINITE);
- else
- ReleaseMutex(lock_cs[type]);
- return;
-}
-#endif /* WIN32 */
-
-void ssl_util_thread_setup(void)
-{
-#ifdef WIN32
- int i;
-
- for (i = 0; i < CRYPTO_NUM_LOCKS; i++)
- lock_cs[i] = CreateMutex(NULL, FALSE, NULL);
- CRYPTO_set_locking_callback((void(*)(int, int, const char *, int))
- win32_locking_callback);
-#endif /* WIN32 */
- return;
-}
-
-#endif /* XXX */
-
projects / apache / commitdiff