/*
* Immediately stop processing if SSL is disabled for this connection
*/
- if (!(sc && sc->bEnabled)) {
+ if (!(sc && sc->enabled)) {
return DECLINED;
}
*/
sslconn = apr_pcalloc(c->pool, sizeof(*sslconn));
myConnConfigSet(c, sslconn);
- sslconn->log_level = sc->nLogLevel;
+ sslconn->log_level = sc->log_level;
/*
* Remember the connection information for
ssl_log(c->base_server, SSL_LOG_INFO,
"Connection to child %d established "
- "(server %s, client %s)", c->id, sc->szVHostID,
+ "(server %s, client %s)", c->id, sc->vhost_id,
c->remote_ip ? c->remote_ip : "unknown");
/*
}
if (!SSL_set_session_id_context(ssl,
- (unsigned char *)sc->szVHostID,
- sc->nVHostID_length))
+ (unsigned char *)sc->vhost_id,
+ sc->vhost_id_len))
{
ssl_log(c->base_server, SSL_LOG_ERROR|SSL_ADD_SSLERR,
- "Unable to set session id context to `%s'", sc->szVHostID);
+ "Unable to set session id context to `%s'", sc->vhost_id);
c->aborted = 1;
{
SSLSrvConfigRec *sc = mySrvConfig(r->server);
- if (sc->bEnabled == FALSE) {
+ if (sc->enabled == FALSE) {
return NULL;
}
{
SSLSrvConfigRec *sc = mySrvConfig(r->server);
- if (sc->bEnabled == FALSE) {
+ if (sc->enabled == FALSE) {
return 0;
}
*/
typedef struct {
SSLModConfigRec *mc;
- BOOL bEnabled;
- const char *szVHostID;
- int nVHostID_length;
- const char *szLogFile;
- apr_file_t *fileLogFile;
- int nLogLevel;
- int nSessionCacheTimeout;
+ BOOL enabled;
+ const char *vhost_id;
+ int vhost_id_len;
+ const char *log_file_name;
+ apr_file_t *log_file;
+ int log_level;
+ int session_cache_timeout;
const char *szPublicCertFiles[SSL_AIDX_MAX];
const char *szPrivateKeyFiles[SSL_AIDX_MAX];
SSLSrvConfigRec *sc = apr_palloc(p, sizeof(*sc));
sc->mc = ssl_config_global_create(s);
- sc->bEnabled = UNSET;
- sc->szVHostID = NULL;
- sc->nVHostID_length = 0;
- sc->szLogFile = NULL;
- sc->fileLogFile = NULL;
- sc->nLogLevel = SSL_LOG_NONE;
- sc->nSessionCacheTimeout = UNSET;
+ sc->enabled = UNSET;
+ sc->vhost_id = NULL;
+ sc->vhost_id_len = 0;
+ sc->log_file_name = NULL;
+ sc->log_file = NULL;
+ sc->log_level = SSL_LOG_NONE;
+ sc->session_cache_timeout = UNSET;
sc->szCACertificatePath = NULL;
sc->szCACertificateFile = NULL;
SSLSrvConfigRec *mrg = (SSLSrvConfigRec *)apr_palloc(p, sizeof(*mrg));
cfgMerge(mc, NULL);
- cfgMergeBool(bEnabled);
- cfgMergeString(szVHostID);
- cfgMergeString(szLogFile);
- cfgMerge(fileLogFile, NULL);
- cfgMerge(nLogLevel, SSL_LOG_NONE);
- cfgMergeInt(nSessionCacheTimeout);
+ cfgMergeBool(enabled);
+ cfgMergeString(vhost_id);
+ cfgMergeString(log_file_name);
+ cfgMerge(log_file, NULL);
+ cfgMerge(log_level, SSL_LOG_NONE);
+ cfgMergeInt(session_cache_timeout);
cfgMergeString(szCACertificatePath);
cfgMergeString(szCACertificateFile);
{
SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
- sc->bEnabled = flag ? TRUE : FALSE;
+ sc->enabled = flag ? TRUE : FALSE;
return NULL;
}
{
SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
- sc->nSessionCacheTimeout = atoi(arg);
+ sc->session_cache_timeout = atoi(arg);
- if (sc->nSessionCacheTimeout < 0) {
+ if (sc->session_cache_timeout < 0) {
return "SSLSessionCacheTimeout: Invalid argument";
}
return err;
}
- sc->szLogFile = arg;
+ sc->log_file_name = arg;
return NULL;
}
}
if (strcEQ(level, "none")) {
- sc->nLogLevel = SSL_LOG_NONE;
+ sc->log_level = SSL_LOG_NONE;
}
else if (strcEQ(level, "error")) {
- sc->nLogLevel = SSL_LOG_ERROR;
+ sc->log_level = SSL_LOG_ERROR;
}
else if (strcEQ(level, "warn")) {
- sc->nLogLevel = SSL_LOG_WARN;
+ sc->log_level = SSL_LOG_WARN;
}
else if (strcEQ(level, "info")) {
- sc->nLogLevel = SSL_LOG_INFO;
+ sc->log_level = SSL_LOG_INFO;
}
else if (strcEQ(level, "trace")) {
- sc->nLogLevel = SSL_LOG_TRACE;
+ sc->log_level = SSL_LOG_TRACE;
}
else if (strcEQ(level, "debug")) {
- sc->nLogLevel = SSL_LOG_DEBUG;
+ sc->log_level = SSL_LOG_DEBUG;
}
else {
return "SSLLogLevel: Invalid argument";
/*
* Create the server host:port string because we need it a lot
*/
- sc->szVHostID = ssl_util_vhostid(p, s);
- sc->nVHostID_length = strlen(sc->szVHostID);
+ sc->vhost_id = ssl_util_vhostid(p, s);
+ sc->vhost_id_len = strlen(sc->vhost_id);
/* Fix up stuff that may not have been set */
- if (sc->bEnabled == UNSET) {
- sc->bEnabled = FALSE;
+ if (sc->enabled == UNSET) {
+ sc->enabled = FALSE;
}
- if (sc->nSessionCacheTimeout == UNSET) {
- sc->nSessionCacheTimeout = SSL_SESSION_CACHE_TIMEOUT;
+ if (sc->session_cache_timeout == UNSET) {
+ sc->session_cache_timeout = SSL_SESSION_CACHE_TIMEOUT;
}
if (sc->nPassPhraseDialogType == SSL_PPTYPE_UNSET) {
* it or give out some information about what we're
* configuring.
*/
- if (!sc->bEnabled) {
+ if (!sc->enabled) {
continue;
}
SSL_CTX_set_tmp_rsa_callback(ctx, ssl_callback_TmpRSA);
SSL_CTX_set_tmp_dh_callback(ctx, ssl_callback_TmpDH);
- if (sc->nLogLevel >= SSL_LOG_INFO) {
+ if (sc->log_level >= SSL_LOG_INFO) {
/* this callback only logs if SSLLogLevel >= info */
SSL_CTX_set_info_callback(ctx, ssl_callback_LogTracingState);
}
SSLSrvConfigRec *sc)
{
const char *rsa_id, *dsa_id;
- const char *vhost_id = sc->szVHostID;
+ const char *vhost_id = sc->vhost_id;
int i;
int have_rsa, have_dsa;
for (s = base_server; s; s = s->next) {
sc = mySrvConfig(s);
- if (sc->bEnabled && (s->port == DEFAULT_HTTP_PORT)) {
+ if (sc->enabled && (s->port == DEFAULT_HTTP_PORT)) {
ssl_log(base_server, SSL_LOG_WARN,
"Init: (%s) You configured HTTPS(%d) "
"on the standard HTTP(%d) port!",
DEFAULT_HTTPS_PORT, DEFAULT_HTTP_PORT);
}
- if (!sc->bEnabled && (s->port == DEFAULT_HTTPS_PORT)) {
+ if (!sc->enabled && (s->port == DEFAULT_HTTPS_PORT)) {
ssl_log(base_server, SSL_LOG_WARN,
"Init: (%s) You configured HTTP(%d) "
"on the standard HTTPS(%d) port!",
for (s = base_server; s; s = s->next) {
sc = mySrvConfig(s);
- if (!sc->bEnabled) {
+ if (!sc->enabled) {
continue;
}
apr_pool_cleanup_register(c->pool, (void*)filter,
ssl_io_filter_cleanup, apr_pool_cleanup_null);
- if (sc->nLogLevel >= SSL_LOG_DEBUG) {
+ if (sc->log_level >= SSL_LOG_DEBUG) {
BIO_set_callback(SSL_get_rbio(ssl), ssl_io_data_cb);
BIO_set_callback_arg(SSL_get_rbio(ssl), (void *)ssl);
}
/*
* Check to see if SSL protocol is on
*/
- if (!(sc->bEnabled || ssl)) {
+ if (!(sc->enabled || ssl)) {
return DECLINED;
}
/*
* - ssl not enabled
* - client did not present a certificate
*/
- if (!(sc->bEnabled && sslconn->ssl && sslconn->client_cert) ||
+ if (!(sc->enabled && sslconn->ssl && sslconn->client_cert) ||
!(dc->nOptions & SSL_OPT_FAKEBASICAUTH) || r->user)
{
return DECLINED;
/*
* Check to see if SSL is on
*/
- if (!(sc->bEnabled && sslconn && (ssl = sslconn->ssl))) {
+ if (!(sc->enabled && sslconn && (ssl = sslconn->ssl))) {
return DECLINED;
}
/*
* Log verification information
*/
- if (sc->nLogLevel >= SSL_LOG_TRACE) {
+ if (sc->log_level >= SSL_LOG_TRACE) {
X509 *cert = X509_STORE_CTX_get_current_cert(ctx);
char *sname = X509_NAME_oneline(X509_get_subject_name(cert), NULL, 0);
char *iname = X509_NAME_oneline(X509_get_issuer_name(cert), NULL, 0);
* Log information about CRL
* (A little bit complicated because of ASN.1 and BIOs...)
*/
- if (sc->nLogLevel >= SSL_LOG_TRACE) {
+ if (sc->log_level >= SSL_LOG_TRACE) {
char buff[512]; /* should be plenty */
BIO *bio = BIO_new(BIO_s_mem());
ASN1_INTEGER *sn = X509_REVOKED_get_serialNumber(revoked);
if (!ASN1_INTEGER_cmp(sn, X509_get_serialNumber(cert))) {
- if (sc->nLogLevel >= SSL_LOG_INFO) {
+ if (sc->log_level >= SSL_LOG_INFO) {
char *cp = X509_NAME_oneline(issuer, NULL, 0);
long serial = ASN1_INTEGER_get(sn);
char buf[SSL_SESSION_ID_STRING_LEN];
char timeout_str[56] = {'\0'};
- if (sc->nLogLevel < SSL_LOG_TRACE) {
+ if (sc->log_level < SSL_LOG_TRACE) {
return;
}
conn_rec *conn = (conn_rec *)SSL_get_app_data(ssl);
server_rec *s = conn->base_server;
SSLSrvConfigRec *sc = mySrvConfig(s);
- long timeout = sc->nSessionCacheTimeout;
+ long timeout = sc->session_cache_timeout;
BOOL rc;
unsigned char *id;
unsigned int idlen;
/*
* create the various trace messages
*/
- if (sc->nLogLevel >= SSL_LOG_TRACE) {
+ if (sc->log_level >= SSL_LOG_TRACE) {
if (where & SSL_CB_HANDSHAKE_START) {
ssl_log(s, SSL_LOG_TRACE,
"%s: Handshake: start", SSL_LIBRARY_NAME);
* filedescriptors in mass-vhost situation. Be careful, this works
* fine because the close happens implicitly by the pool facility.
*/
- if ( s != s_main
- && sc_main->fileLogFile != NULL
- && ( (sc->szLogFile == NULL)
- || ( sc->szLogFile != NULL
- && sc_main->szLogFile != NULL
- && strEQ(sc->szLogFile, sc_main->szLogFile)))) {
- sc->fileLogFile = sc_main->fileLogFile;
+ if ((s != s_main) &&
+ (sc_main->log_file != NULL) &&
+ ((sc->log_file_name == NULL) ||
+ ((sc->log_file_name != NULL) &&
+ (sc_main->log_file_name != NULL) &&
+ strEQ(sc->log_file_name, sc_main->log_file_name))))
+ {
+ sc->log_file = sc_main->log_file;
}
- else if (sc->szLogFile != NULL) {
- if (strEQ(sc->szLogFile, "/dev/null"))
+ else if (sc->log_file_name != NULL) {
+ if (strEQ(sc->log_file_name, "/dev/null"))
return;
- else if (sc->szLogFile[0] == '|') {
- szLogFile = sc->szLogFile + 1;
+ else if (sc->log_file_name[0] == '|') {
+ szLogFile = sc->log_file_name + 1;
if ((pl = ap_open_piped_log(p, szLogFile)) == NULL) {
ssl_log(s, SSL_LOG_ERROR|SSL_ADD_ERRNO,
"Cannot open reliable pipe to SSL logfile filter %s", szLogFile);
ssl_die();
}
- sc->fileLogFile = ap_piped_log_write_fd(pl);
+ sc->log_file = ap_piped_log_write_fd(pl);
}
else {
- szLogFile = ap_server_root_relative(p, sc->szLogFile);
+ szLogFile = ap_server_root_relative(p, sc->log_file_name);
if (!szLogFile) {
ssl_log(s, SSL_LOG_ERROR|SSL_ADD_ERRNO,
- "Invalid SSL logfile path %s", sc->szLogFile);
+ "Invalid SSL logfile path %s", sc->log_file_name);
ssl_die();
}
- if ((apr_file_open(&(sc->fileLogFile), szLogFile,
+ if ((apr_file_open(&(sc->log_file), szLogFile,
APR_WRITE|APR_APPEND|APR_CREATE, APR_OS_DEFAULT, p))
!= APR_SUCCESS) {
ssl_log(s, SSL_LOG_ERROR|SSL_ADD_ERRNO,
add &= ~SSL_ADD_SSLERR;
/* we log only levels below, except for errors */
- if ( sc->fileLogFile == NULL
+ if ( sc->log_file == NULL
&& !(level & SSL_LOG_ERROR))
return;
- if ( level > sc->nLogLevel
+ if ( level > sc->log_level
&& !(level & SSL_LOG_ERROR))
return;
if (add & SSL_INIT) {
len = strlen(lstr);
apr_snprintf(&lstr[len], sizeof(lstr) - len,
- "Init: (%s) ", sc->szVHostID);
+ "Init: (%s) ", sc->vhost_id);
}
/* create custom message */
astr = " (" SSL_LIBRARY_NAME " library error follows)";
else
astr = "";
- if (level <= sc->nLogLevel && sc->fileLogFile != NULL) {
+ if (level <= sc->log_level && sc->log_file != NULL) {
apr_snprintf(str, sizeof(str), "%s%s%s%s%s",
tstr, lstr, vstr, astr, nstr);
- apr_file_printf(sc->fileLogFile, "%s", str);
+ apr_file_printf(sc->log_file, "%s", str);
}
if (level & SSL_LOG_ERROR)
ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s,
/* write out additional attachment messages */
if (add & SSL_ADD_ERRNO) {
- if (level <= sc->nLogLevel && sc->fileLogFile != NULL) {
+ if (level <= sc->log_level && sc->log_file != NULL) {
apr_snprintf(str, sizeof(str), "%s%sSystem: %s (errno: %d)%s",
tstr, lstr, strerror(safe_errno), safe_errno, nstr);
- apr_file_printf(sc->fileLogFile, "%s", str);
+ apr_file_printf(sc->log_file, "%s", str);
}
if (level & SSL_LOG_ERROR)
ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s,
while ((e = ERR_get_error())) {
cpE = ERR_error_string(e, NULL);
cpA = ssl_log_annotation(cpE);
- if (level <= sc->nLogLevel && sc->fileLogFile != NULL) {
+ if (level <= sc->log_level && sc->log_file != NULL) {
apr_snprintf(str, sizeof(str), "%s%s%s: %s%s%s%s%s",
tstr, lstr, SSL_LIBRARY_NAME, cpE,
cpA != NULL ? " [Hint: " : "",
cpA != NULL ? cpA : "", cpA != NULL ? "]" : "",
nstr);
- apr_file_printf(sc->fileLogFile, "%s", str);
+ apr_file_printf(sc->log_file, "%s", str);
}
if (level & SSL_LOG_ERROR)
ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s,
/* ERR_clear_error(); */
/* cleanup and return */
- if (sc->fileLogFile != NULL)
- apr_file_flush(sc->fileLogFile);
+ if (sc->log_file != NULL)
+ apr_file_flush(sc->log_file);
errno = safe_errno;
return;
}
for (pServ = s; pServ != NULL; pServ = pServ->next) {
sc = mySrvConfig(pServ);
- if (!sc->bEnabled)
+ if (!sc->enabled)
continue;
cpVHostID = ssl_util_vhostid(p, pServ);
* cache entries is done only from time to time
*/
tNow = time(NULL);
- if (tNow < tLast+sc->nSessionCacheTimeout)
+ if (tNow < tLast+sc->session_cache_timeout)
return;
tLast = tNow;
* cache entries is done only from time to time
*/
tNow = time(NULL);
- if (tNow < tLast+sc->nSessionCacheTimeout)
+ if (tNow < tLast+sc->session_cache_timeout)
return;
tLast = tNow;
port = s->port;
else {
sc = mySrvConfig(s);
- if (sc->bEnabled)
+ if (sc->enabled)
port = DEFAULT_HTTPS_PORT;
else
port = DEFAULT_HTTP_PORT;
projects / apache / commitdiff