Factor out logic to determine if request is using SSL/TLS and use it

consistently.

* modules/ssl/ssl_util.c (modssl_request_is_tls): New function.

* modules/ssl/ssl_engine_kernel.c (ssl_hook_Fixup): Use it.

* modules/ssl/mod_ssl.c (ssl_hook_http_scheme, ssl_hook_default_port):
  Use it.

PR: 61519

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1829250 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/modules/ssl/mod_ssl.c b/modules/ssl/mod_ssl.c
index a7f481697ef173f17a391c22ea0dc0ec424ffc41..2f538ef4b3260be0d4b705871ddd0eae2d02dedb 100644 (file)
--- a/modules/ssl/mod_ssl.c
+++ b/modules/ssl/mod_ssl.c
@@ -627,24 +627,12 @@ int ssl_init_ssl_connection(conn_rec *c, request_rec *r)
 
 static const char *ssl_hook_http_scheme(const request_rec *r)
 {
-    SSLSrvConfigRec *sc = mySrvConfig(r->server);
-
-    if (sc->enabled == SSL_ENABLED_FALSE || sc->enabled == SSL_ENABLED_OPTIONAL) {
-        return NULL;
-    }
-
-    return "https";
+    return modssl_request_is_tls(r, NULL) ? "https" : NULL;
 }
 
 static apr_port_t ssl_hook_default_port(const request_rec *r)
 {
-    SSLSrvConfigRec *sc = mySrvConfig(r->server);
-
-    if (sc->enabled == SSL_ENABLED_FALSE || sc->enabled == SSL_ENABLED_OPTIONAL) {
-        return 0;
-    }
-
-    return 443;
+    return modssl_request_is_tls(r, NULL) ? 443 : 0;
 }
 
 static int ssl_hook_pre_connection(conn_rec *c, void *csd)

diff --git a/modules/ssl/ssl_engine_kernel.c b/modules/ssl/ssl_engine_kernel.c
index 5f2190a2e2f4a8fbe905080a223c7977b332d204..6e8c59f23d007c421f767b33480d6b2a8ac77465 100644 (file)
--- a/modules/ssl/ssl_engine_kernel.c
+++ b/modules/ssl/ssl_engine_kernel.c
@@ -1502,8 +1502,6 @@ static const char *const ssl_hook_Fixup_vars[] = {
 
 int ssl_hook_Fixup(request_rec *r)
 {
-    SSLConnRec *sslconn = myConnConfig(r->connection);
-    SSLSrvConfigRec *sc = mySrvConfig(r->server);
     SSLDirConfigRec *dc = myDirConfig(r);
     apr_table_t *env = r->subprocess_env;
     char *var, *val = "";
@@ -1514,14 +1512,7 @@ int ssl_hook_Fixup(request_rec *r)
     SSL *ssl;
     int i;
 
-    if (!(sslconn && sslconn->ssl) && r->connection->master) {
-        sslconn = myConnConfig(r->connection->master);
-    }
-
-    /*
-     * Check to see if SSL is on
-     */
-    if (!(((sc->enabled == SSL_ENABLED_TRUE) || (sc->enabled == SSL_ENABLED_OPTIONAL)) && sslconn && (ssl = sslconn->ssl))) {
+    if (!modssl_request_is_tls(r, &ssl)) {
         return DECLINED;
     }
 

diff --git a/modules/ssl/ssl_private.h b/modules/ssl/ssl_private.h
index c8f8c549f7f44eb9cc0f0e20dc1d15a9af54bf7e..517eead5eca5e8e093560663a338293973e8ee77 100644 (file)
--- a/modules/ssl/ssl_private.h
+++ b/modules/ssl/ssl_private.h
@@ -1096,6 +1096,11 @@ void ssl_init_ocsp_certificates(server_rec *s, modssl_ctx_t *mctx);
  * memory. */
 DH *modssl_get_dh_params(unsigned keylen);
 
+/* Returns non-zero if the request is using SSL/TLS.  If ssl is
+ * non-NULL and the request is using SSL/TLS, sets *ssl to the
+ * corresponding SSL structure for the connectbion. */
+int modssl_request_is_tls(const request_rec *r, SSL **ssl);
+
 #if HAVE_VALGRIND
 extern int ssl_running_on_valgrind;
 #endif

diff --git a/modules/ssl/ssl_util.c b/modules/ssl/ssl_util.c
index 2f431f8334463224dce4abeb7239f5dba84846bc..9a8a9f2f3a4b42e2a6878a89d152589a4a90966b 100644 (file)
--- a/modules/ssl/ssl_util.c
+++ b/modules/ssl/ssl_util.c
@@ -100,6 +100,23 @@ BOOL ssl_util_vhost_matches(const char *servername, server_rec *s)
     return FALSE;
 }
 
+int modssl_request_is_tls(const request_rec *r, SSL **ssl)
+{
+    SSLConnRec *sslconn = myConnConfig(r->connection);
+    SSLSrvConfigRec *sc = mySrvConfig(r->server);
+
+    if (!(sslconn && sslconn->ssl) && r->connection->master) {
+        sslconn = myConnConfig(r->connection->master);
+    }
+
+    if (sc->enabled == SSL_ENABLED_FALSE || !sslconn || !sslconn->ssl)
+        return 0;
+    
+    if (ssl) *ssl = sslconn->ssl;
+
+    return 1;
+}
+
 apr_file_t *ssl_util_ppopen(server_rec *s, apr_pool_t *p, const char *cmd,
                             const char * const *argv)
 {