From: Guenter Knauf <fuankg@apache.org>
Date: Sat, 29 Dec 2007 14:40:09 +0000 (+0000)
Subject: fixed code style, missing prototype warnings, disabled init for proxy, removed obsole... 
X-Git-Tag: 2.3.0~1083
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=2d9f0a819237e1ee7916f4448a5ad4ce468d0f25;p=apache

fixed code style, missing prototype warnings, disabled init for proxy, removed obsolete cast.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@607420 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/modules/ssl/ssl_engine_init.c b/modules/ssl/ssl_engine_init.c
index 3da87cea38..e40295eeb7 100644
--- a/modules/ssl/ssl_engine_init.c
+++ b/modules/ssl/ssl_engine_init.c
@@ -152,9 +152,10 @@ static int set_ssl_vhost(void *servername, conn_rec *c, server_rec *s)
     if (!found) {
         names = s->names;
         if (names) {
-            char **name = (char **) names->elts;
+            char **name = (char **)names->elts;
             for (i = 0; i < names->nelts; ++i) {
-                if(!name[i]) continue;
+                if (!name[i])
+                    continue;
                 if (!strcasecmp(servername, name[i])) {
                     found = TRUE;
                     break;
@@ -167,9 +168,10 @@ static int set_ssl_vhost(void *servername, conn_rec *c, server_rec *s)
     if (!found) {
         names = s->wild_names;
         if (names) {
-            char **name = (char **) names->elts;
+            char **name = (char **)names->elts;
             for (i = 0; i < names->nelts; ++i) {
-                if(!name[i]) continue;
+                if (!name[i])
+                    continue;
                 if (!ap_strcasecmp_match(servername, name[i])) {
                     found = TRUE;
                     break;
@@ -180,11 +182,11 @@ static int set_ssl_vhost(void *servername, conn_rec *c, server_rec *s)
 
     /* set SSL_CTX (if matched) */
     if (found) {
-        if ((ssl = ((SSLConnRec *)myConnConfig(c))->ssl) == NULL) 
+        if ((ssl = ((SSLConnRec *)myConnConfig(c))->ssl) == NULL)
             return 0;
         if (!(sc = mySrvConfig(s)))
-            return 0;	
-        SSL_set_SSL_CTX(ssl,sc->server->ssl_ctx);
+            return 0;
+        SSL_set_SSL_CTX(ssl, sc->server->ssl_ctx);
         return 1;
     }
     return 0;
@@ -196,22 +198,19 @@ int ssl_set_vhost_ctx(SSL *ssl, const char *servername)
 
     if (servername == NULL)   /* should not occur. */
         return 0;
-
-    SSL_set_SSL_CTX(ssl,NULL);
-
-    if (!(c = (conn_rec *)SSL_get_app_data(ssl))) 
+    SSL_set_SSL_CTX(ssl, NULL);
+    if (!(c = (conn_rec *)SSL_get_app_data(ssl)))
         return 0;
-
-    return ap_vhost_iterate_given_conn(c,set_ssl_vhost,servername);
+    return ap_vhost_iterate_given_conn(c, set_ssl_vhost, (void *)servername);
 }
 
-int ssl_servername_cb(SSL *s, int *al, modssl_ctx_t *mctx)
+int ssl_servername_cb(SSL *ssl, int *al, modssl_ctx_t *mctx)
 {
-    const char *servername = SSL_get_servername(s,TLSEXT_NAMETYPE_host_name);
-
-    if (servername) {
-        return ssl_set_vhost_ctx(s,servername)?SSL_TLSEXT_ERR_OK:SSL_TLSEXT_ERR_ALERT_FATAL;
-    }
+    const char *servername =
+                SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name);
+    if (servername)
+        return ssl_set_vhost_ctx(ssl, servername) ? 
+                SSL_TLSEXT_ERR_OK : SSL_TLSEXT_ERR_ALERT_FATAL;
     return SSL_TLSEXT_ERR_NOACK;
 }
 #endif
@@ -437,22 +436,23 @@ static void ssl_init_server_check(server_rec *s,
 }
 
 static void ssl_init_server_extensions(server_rec *s,
-                             apr_pool_t *p,
-                             apr_pool_t *ptemp,
-                             modssl_ctx_t *mctx)
+                                       apr_pool_t *p,
+                                       apr_pool_t *ptemp,
+                                       modssl_ctx_t *mctx)
 {
     /*
      * Configure TLS extensions support
      */
-
 #ifndef OPENSSL_NO_TLSEXT
     ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
                  "Configuring TLS extensions facility");
 
-    if (!SSL_CTX_set_tlsext_servername_callback(mctx->ssl_ctx, ssl_servername_cb) ||
+    if (!SSL_CTX_set_tlsext_servername_callback(mctx->ssl_ctx,
+                                                ssl_servername_cb) ||
         !SSL_CTX_set_tlsext_servername_arg(mctx->ssl_ctx, mctx)) {
         ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
-                "Unable to initialize servername callback, bad openssl version.");
+                     "Unable to initialize servername callback - "
+                     "bad OpenSSL version.");
         ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s);
         ssl_die();
     }
@@ -815,9 +815,8 @@ static void ssl_init_ctx(server_rec *s,
     if (mctx->pks) {
         /* XXX: proxy support? */
         ssl_init_ctx_cert_chain(s, p, ptemp, mctx);
+        ssl_init_server_extensions(s, p, ptemp, mctx);
     }
-
-    ssl_init_server_extensions(s, p, ptemp, mctx);
 }
 
 static int ssl_server_import_cert(server_rec *s,
@@ -1110,13 +1109,16 @@ void ssl_init_ConfigureServer(server_rec *s,
 
 void ssl_init_CheckServers(server_rec *base_server, apr_pool_t *p)
 {
-    server_rec *s, *ps;
     SSLSrvConfigRec *sc;
+    server_rec *s;
+#ifdef OPENSSL_NO_TLSEXT
+    server_rec *ps;
     apr_hash_t *table;
     const char *key;
     apr_ssize_t klen;
 
     BOOL conflict = FALSE;
+#endif
 
     /*
      * Give out warnings when a server has HTTPS configured
diff --git a/modules/ssl/ssl_engine_kernel.c b/modules/ssl/ssl_engine_kernel.c
index 5d741af54a..84a4806860 100644
--- a/modules/ssl/ssl_engine_kernel.c
+++ b/modules/ssl/ssl_engine_kernel.c
@@ -299,13 +299,10 @@ int ssl_hook_Access(request_rec *r)
 
 #ifndef OPENSSL_NO_TLSEXT
     /*
-     * We will switch to another virtualhost and to its ssl_ctx
-     * if changed, we will force a renegotiation.
+     * We will force a renegotiation if we switch to another virtualhost.
      */
     if (r->hostname && !SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name)) {
-        SSL_CTX *ctx = SSL_get_SSL_CTX(ssl);
-        if (ssl_set_vhost_ctx(ssl,(char *)r->hostname) &&
-                      ctx != SSL_get_SSL_CTX(ssl))
+        if (ssl_set_vhost_ctx(ssl, r->hostname) && ctx != SSL_get_SSL_CTX(ssl))
             renegotiate = TRUE;
     }
 #endif
@@ -1107,7 +1104,7 @@ int ssl_hook_Fixup(request_rec *r)
 
 #ifndef OPENSSL_NO_TLSEXT
     /* add content of SNI TLS extension (if supplied with ClientHello) */
-    if (servername = SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name)) {
+    if ((servername = SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name))) {
         apr_table_set(env, "SSL_TLS_SNI", servername);
     }
 #endif
diff --git a/modules/ssl/ssl_private.h b/modules/ssl/ssl_private.h
index 46d37c6312..5243df80d5 100644
--- a/modules/ssl/ssl_private.h
+++ b/modules/ssl/ssl_private.h
@@ -35,6 +35,7 @@
 #include "http_connection.h"
 #include "http_request.h"
 #include "http_protocol.h"
+#include "http_vhost.h"
 #include "util_script.h"
 #include "util_filter.h"
 #include "util_ebcdic.h"
@@ -726,6 +727,11 @@ OCSP_RESPONSE *modssl_dispatch_ocsp_request(const apr_uri_t *uri,
                                             conn_rec *c, apr_pool_t *p);
 #endif
 
+#ifndef OPENSSL_NO_TLSEXT
+int ssl_servername_cb(SSL *ssl, int *al, modssl_ctx_t *mctx);
+int ssl_set_vhost_ctx(SSL *ssl, const char *servername); 
+#endif
+
 #endif /* SSL_PRIVATE_H */
 /** @} */