* modules/ssl/ssl_util.c (modssl_request_is_tls): Adjust

  to take SSLConnRec * out parameter rather than SSL *.

* modules/ssl/ssl_engine_kernel.c (ssl_hook_UserCheck): Use it here.
  (ssl_hook_Fixup): Adjust use.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1829263 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/modules/ssl/ssl_engine_kernel.c b/modules/ssl/ssl_engine_kernel.c
index 6e8c59f23d007c421f767b33480d6b2a8ac77465..ae16f91ada7b54137923a266c0770d177c7484db 100644 (file)
--- a/modules/ssl/ssl_engine_kernel.c
+++ b/modules/ssl/ssl_engine_kernel.c
@@ -1326,8 +1326,7 @@ int ssl_hook_Access(request_rec *r)
  */
 int ssl_hook_UserCheck(request_rec *r)
 {
-    SSLConnRec *sslconn = myConnConfig(r->connection);
-    SSLSrvConfigRec *sc = mySrvConfig(r->server);
+    SSLConnRec *sslconn;
     SSLDirConfigRec *dc = myDirConfig(r);
     const char *user, *auth_line, *username, *password;
 
@@ -1375,15 +1374,15 @@ int ssl_hook_UserCheck(request_rec *r)
 
     /*
      * We decline operation in various situations...
+     * - TLS not enabled
+     * - client did not present a certificate
      * - SSLOptions +FakeBasicAuth not configured
      * - r->user already authenticated
-     * - ssl not enabled
-     * - client did not present a certificate
      */
-    if (!((sc->enabled == SSL_ENABLED_TRUE || sc->enabled == SSL_ENABLED_OPTIONAL)
-          && sslconn && sslconn->ssl && sslconn->client_cert) ||
-        !(dc->nOptions & SSL_OPT_FAKEBASICAUTH) || r->user)
-    {
+    if (!modssl_request_is_tls(r, &sslconn)
+        || !sslconn->client_cert
+        || !(dc->nOptions & SSL_OPT_FAKEBASICAUTH)
+        || r->user) {
         return DECLINED;
     }
 
@@ -1509,12 +1508,14 @@ int ssl_hook_Fixup(request_rec *r)
     const char *servername;
 #endif
     STACK_OF(X509) *peer_certs;
+    SSLConnRec *sslconn;
     SSL *ssl;
     int i;
 
-    if (!modssl_request_is_tls(r, &ssl)) {
+    if (!modssl_request_is_tls(r, &sslconn)) {
         return DECLINED;
     }
+    ssl = sslconn->ssl;
 
     /*
      * Annotate the SSI/CGI environment with standard SSL information

diff --git a/modules/ssl/ssl_private.h b/modules/ssl/ssl_private.h
index 517eead5eca5e8e093560663a338293973e8ee77..c5182469a57cd8d41156115ff2fc2ebf734c7c14 100644 (file)
--- a/modules/ssl/ssl_private.h
+++ b/modules/ssl/ssl_private.h
@@ -1096,10 +1096,10 @@ void ssl_init_ocsp_certificates(server_rec *s, modssl_ctx_t *mctx);
  * memory. */
 DH *modssl_get_dh_params(unsigned keylen);
 
-/* Returns non-zero if the request is using SSL/TLS.  If ssl is
- * non-NULL and the request is using SSL/TLS, sets *ssl to the
- * corresponding SSL structure for the connectbion. */
-int modssl_request_is_tls(const request_rec *r, SSL **ssl);
+/* Returns non-zero if the request was made over SSL/TLS.  If sslconn
+ * is non-NULL and the request is using SSL/TLS, sets *sslconn to the
+ * corresponding SSLConnRec structure for the connection. */
+int modssl_request_is_tls(const request_rec *r, SSLConnRec **sslconn);
 
 #if HAVE_VALGRIND
 extern int ssl_running_on_valgrind;

diff --git a/modules/ssl/ssl_util.c b/modules/ssl/ssl_util.c
index 9a8a9f2f3a4b42e2a6878a89d152589a4a90966b..098ae6a33766059c631306e84308d100e442e0ae 100644 (file)
--- a/modules/ssl/ssl_util.c
+++ b/modules/ssl/ssl_util.c
@@ -100,7 +100,7 @@ BOOL ssl_util_vhost_matches(const char *servername, server_rec *s)
     return FALSE;
 }
 
-int modssl_request_is_tls(const request_rec *r, SSL **ssl)
+int modssl_request_is_tls(const request_rec *r, SSLConnRec **scout)
 {
     SSLConnRec *sslconn = myConnConfig(r->connection);
     SSLSrvConfigRec *sc = mySrvConfig(r->server);
@@ -112,7 +112,7 @@ int modssl_request_is_tls(const request_rec *r, SSL **ssl)
     if (sc->enabled == SSL_ENABLED_FALSE || !sslconn || !sslconn->ssl)
         return 0;
     
-    if (ssl) *ssl = sslconn->ssl;
+    if (scout) *scout = sslconn;
 
     return 1;
 }