From: Doug MacEachern <dougm@apache.org>
Date: Wed, 21 Nov 2001 18:08:33 +0000 (+0000)
Subject: move c->notes.ssl::client::dn to SSLConnRec.client_dn
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=1404503447c649e1473218ec267697b31db7226b;p=apache

move c->notes.ssl::client::dn to SSLConnRec.client_dn
PR:
Obtained from:
Submitted by:
Reviewed by:


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@92094 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/modules/ssl/mod_ssl.c b/modules/ssl/mod_ssl.c
index a6418e7744..2ed5962187 100644
--- a/modules/ssl/mod_ssl.c
+++ b/modules/ssl/mod_ssl.c
@@ -288,7 +288,6 @@ static int ssl_hook_pre_connection(conn_rec *c)
     /*
      * Predefine some client verification results
      */
-    apr_table_setn(c->notes, "ssl::client::dn", NULL);
     apr_table_setn(c->notes, "ssl::verify::error", NULL);
     apr_table_setn(c->notes, "ssl::verify::info", NULL);
     SSL_set_verify_result(ssl, X509_V_OK);
@@ -339,6 +338,7 @@ int ssl_hook_process_connection(SSLFilterRec *pRec)
     X509 *xs;
     char *cp = NULL;
     conn_rec *c = (conn_rec*)SSL_get_app_data (pRec->pssl);
+    SSLConnRec *sslconn = myConnConfig(c);
     SSLSrvConfigRec *sc = mySrvConfig(c->base_server);
     long verify_result;
 
@@ -447,7 +447,7 @@ int ssl_hook_process_connection(SSLFilterRec *pRec)
          */
         if ((xs = SSL_get_peer_certificate(pRec->pssl)) != NULL) {
             cp = X509_NAME_oneline(X509_get_subject_name(xs), NULL, 0);
-            apr_table_setn(c->notes,"ssl::client::dn",apr_pstrdup(c->pool, cp));
+            sslconn->client_dn = apr_pstrdup(c->pool, cp);
             free(cp);
         }
 
@@ -456,7 +456,7 @@ int ssl_hook_process_connection(SSLFilterRec *pRec)
          * is required we really got one... (be paranoid)
          */
         if (sc->nVerifyClient == SSL_CVERIFY_REQUIRE
-            && apr_table_get(c->notes, "ssl::client::dn") == NULL) {
+            && sslconn->client_dn == NULL) {
             ssl_log(c->base_server, SSL_LOG_ERROR,
                     "No acceptable peer certificate available");
             return ssl_abort(pRec, c);
diff --git a/modules/ssl/mod_ssl.h b/modules/ssl/mod_ssl.h
index 347e84ffec..07a7f854d1 100644
--- a/modules/ssl/mod_ssl.h
+++ b/modules/ssl/mod_ssl.h
@@ -452,6 +452,7 @@ typedef struct {
 
 typedef struct {
     SSL *ssl;
+    const char *client_dn;
 } SSLConnRec;
 
 typedef struct {
diff --git a/modules/ssl/ssl_engine_kernel.c b/modules/ssl/ssl_engine_kernel.c
index 7ad5602950..9df7e1c8b6 100644
--- a/modules/ssl/ssl_engine_kernel.c
+++ b/modules/ssl/ssl_engine_kernel.c
@@ -75,13 +75,16 @@ apr_status_t ssl_hook_CloseConnection(SSLFilterRec *filter)
     SSL *ssl;
     char *cpType;
     conn_rec *conn;
-    
+    SSLConnRec *sslconn;
+
     ssl  = filter->pssl;
     conn = (conn_rec *)SSL_get_app_data(ssl);
 
     if (ssl == NULL)
         return APR_SUCCESS;
 
+    sslconn = myConnConfig(conn);
+
     /*
      * Now close the SSL layer of the connection. We've to take
      * the TLSv1 standard into account here:
@@ -775,8 +778,7 @@ int ssl_hook_Access(request_rec *r)
          */
         if ((cert = SSL_get_peer_certificate(ssl)) != NULL) {
             cp = X509_NAME_oneline(X509_get_subject_name(cert), NULL, 0);
-            apr_table_setn(r->connection->notes, "ssl::client::dn", 
-                           apr_pstrdup(r->connection->pool, cp));
+            sslconn->client_dn = apr_pstrdup(r->connection->pool, cp);
             free(cp);
         }
 
@@ -919,7 +921,7 @@ int ssl_hook_UserCheck(request_rec *r)
         return DECLINED;
     if (r->user)
         return DECLINED;
-    if ((clientdn = (char *)apr_table_get(r->connection->notes, "ssl::client::dn")) == NULL)
+    if ((clientdn = (char *)sslconn->client_dn) == NULL)
         return DECLINED;
 
     /*
@@ -1200,6 +1202,7 @@ int ssl_callback_SSLVerify(int ok, X509_STORE_CTX *ctx)
     request_rec *r;
     SSLSrvConfigRec *sc;
     SSLDirConfigRec *dc;
+    SSLConnRec *sslconn;
     apr_table_t *actx;
     X509 *xs;
     int errnum;
@@ -1214,6 +1217,7 @@ int ssl_callback_SSLVerify(int ok, X509_STORE_CTX *ctx)
      */
     ssl  = (SSL *)X509_STORE_CTX_get_app_data(ctx);
     conn = (conn_rec *)SSL_get_app_data(ssl);
+    sslconn = myConnConfig(conn);
     actx = (apr_table_t *)SSL_get_app_data2(ssl);
     r    = (request_rec *)apr_table_get(actx, "ssl::request_rec");
     s    = conn->base_server;
@@ -1273,7 +1277,7 @@ int ssl_callback_SSLVerify(int ok, X509_STORE_CTX *ctx)
     if (!ok) {
         ssl_log(s, SSL_LOG_ERROR, "Certificate Verification: Error (%d): %s",
                 errnum, X509_verify_cert_error_string(errnum));
-        apr_table_setn(conn->notes, "ssl::client::dn", NULL);
+        sslconn->client_dn = NULL;
         apr_table_setn(conn->notes, "ssl::verify::error",
                    (void *)X509_verify_cert_error_string(errnum));
     }