From: Bradley Nicholes <bnicholes@apache.org>
Date: Fri, 5 Mar 2004 02:44:40 +0000 (+0000)
Subject: Allow the enabled flag to be set to more than just TRUE or FALSE so that
X-Git-Tag: pre_ajp_proxy~581
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=74c5908625298214006685b6f4e7b1ce0a8c324d;p=apache

Allow the enabled flag to be set to more than just TRUE or FALSE so that
the OPTIONAL flag can be correctly merged within the
ssl_config_server_merge() function.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@102860 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/modules/ssl/ssl_engine_config.c b/modules/ssl/ssl_engine_config.c
index d52e9d1d6a..8f66eba4ea 100644
--- a/modules/ssl/ssl_engine_config.c
+++ b/modules/ssl/ssl_engine_config.c
@@ -171,7 +171,7 @@ static SSLSrvConfigRec *ssl_config_server_new(apr_pool_t *p)
     SSLSrvConfigRec *sc = apr_palloc(p, sizeof(*sc));
 
     sc->mc                     = NULL;
-    sc->enabled                = FALSE;
+    sc->enabled                = SSL_ENABLED_FALSE;
     sc->proxy_enabled          = UNSET;
     sc->vhost_id               = NULL;  /* set during module init */
     sc->vhost_id_len           = 0;     /* set during module init */
@@ -257,7 +257,7 @@ void *ssl_config_server_merge(apr_pool_t *p, void *basev, void *addv)
     SSLSrvConfigRec *mrg  = ssl_config_server_new(p);
 
     cfgMerge(mc, NULL);
-    cfgMergeBool(enabled);
+    cfgMerge(enabled, SSL_ENABLED_UNSET);
     cfgMergeBool(proxy_enabled);
     cfgMergeInt(session_cache_timeout);
 
@@ -606,15 +606,15 @@ const char *ssl_cmd_SSLEngine(cmd_parms *cmd, void *dcfg, const char *arg)
     SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
 
     if (!strcasecmp(arg, "On")) {
-        sc->enabled = TRUE;
+        sc->enabled = SSL_ENABLED_TRUE;
     return NULL;
     }
     else if (!strcasecmp(arg, "Off")) {
-        sc->enabled = FALSE;
+        sc->enabled = SSL_ENABLED_FALSE;
         return NULL;
     }
     else if (!strcasecmp(arg, "Optional")) {
-        sc->enabled = UNSET;
+        sc->enabled = SSL_ENABLED_OPTIONAL;
         return NULL;
     }
 
diff --git a/modules/ssl/ssl_engine_init.c b/modules/ssl/ssl_engine_init.c
index 17aa6e06ac..95d3b5be58 100644
--- a/modules/ssl/ssl_engine_init.c
+++ b/modules/ssl/ssl_engine_init.c
@@ -206,13 +206,11 @@ int ssl_init_Module(apr_pool_t *p, apr_pool_t *plog,
         sc->vhost_id = ssl_util_vhostid(p, s);
         sc->vhost_id_len = strlen(sc->vhost_id);
 
-#if 0
        /* If sc->enabled is UNSET, then SSL is optional on this vhost  */
         /* Fix up stuff that may not have been set */
-        if (sc->enabled == UNSET) {
-            sc->enabled = FALSE;
+        if (sc->enabled == SSL_ENABLED_UNSET) {
+            sc->enabled = SSL_ENABLED_FALSE;
         }
-#endif
         if (sc->proxy_enabled == UNSET) {
             sc->proxy_enabled = FALSE;
         }
@@ -960,10 +958,9 @@ void ssl_init_ConfigureServer(server_rec *s,
                               apr_pool_t *ptemp,
                               SSLSrvConfigRec *sc)
 {
-    /* A bit of a hack, but initialize the server if SSL is optional or
-     * not.
+    /* Initialize the server if SSL is enabled or optional.
      */
-    if (sc->enabled) {
+    if ((sc->enabled == SSL_ENABLED_TRUE) || (sc->enabled == SSL_ENABLED_OPTIONAL)) {
         ap_log_error(APLOG_MARK, APLOG_INFO, 0, s,
                      "Configuring server for SSL protocol");
         ssl_init_server_ctx(s, p, ptemp, sc);
@@ -991,7 +988,7 @@ void ssl_init_CheckServers(server_rec *base_server, apr_pool_t *p)
     for (s = base_server; s; s = s->next) {
         sc = mySrvConfig(s);
 
-        if ((sc->enabled == TRUE) && (s->port == DEFAULT_HTTP_PORT)) {
+        if ((sc->enabled == SSL_ENABLED_TRUE) && (s->port == DEFAULT_HTTP_PORT)) {
             ap_log_error(APLOG_MARK, APLOG_WARNING, 0,
                          base_server,
                          "Init: (%s) You configured HTTPS(%d) "
@@ -1000,7 +997,7 @@ void ssl_init_CheckServers(server_rec *base_server, apr_pool_t *p)
                          DEFAULT_HTTPS_PORT, DEFAULT_HTTP_PORT);
         }
 
-        if (!sc->enabled && (s->port == DEFAULT_HTTPS_PORT)) {
+        if ((sc->enabled == SSL_ENABLED_FALSE) && (s->port == DEFAULT_HTTPS_PORT)) {
             ap_log_error(APLOG_MARK, APLOG_WARNING, 0,
                          base_server,
                          "Init: (%s) You configured HTTP(%d) "
@@ -1021,7 +1018,7 @@ void ssl_init_CheckServers(server_rec *base_server, apr_pool_t *p)
     for (s = base_server; s; s = s->next) {
         sc = mySrvConfig(s);
 
-        if (!(sc->enabled && s->addrs)) {
+        if (!((sc->enabled == SSL_ENABLED_TRUE) && s->addrs)) {
             continue;
         }
 
diff --git a/modules/ssl/ssl_engine_kernel.c b/modules/ssl/ssl_engine_kernel.c
index a2898dd0dd..7a234da63a 100644
--- a/modules/ssl/ssl_engine_kernel.c
+++ b/modules/ssl/ssl_engine_kernel.c
@@ -190,7 +190,7 @@ int ssl_hook_Access(request_rec *r)
      * Support for SSLRequireSSL directive
      */
     if (dc->bSSLRequired && !ssl) {
-        if (sc->enabled == UNSET) {
+        if (sc->enabled == SSL_ENABLED_OPTIONAL) {
             /* This vhost was configured for optional SSL, just tell the
              * client that we need to upgrade.
              */
@@ -213,7 +213,7 @@ int ssl_hook_Access(request_rec *r)
     /*
      * Check to see if SSL protocol is on
      */
-    if (!(sc->enabled || ssl)) {
+    if (!((sc->enabled == SSL_ENABLED_TRUE) || (sc->enabled == SSL_ENABLED_OPTIONAL) || ssl)) {
         return DECLINED;
     }
     /*
@@ -860,7 +860,7 @@ int ssl_hook_UserCheck(request_rec *r)
      * - ssl not enabled
      * - client did not present a certificate
      */
-    if (!(sc->enabled && sslconn->ssl && sslconn->client_cert) ||
+    if (!((sc->enabled == SSL_ENABLED_TRUE || sc->enabled == SSL_ENABLED_OPTIONAL) && sslconn->ssl && sslconn->client_cert) ||
         !(dc->nOptions & SSL_OPT_FAKEBASICAUTH) || r->user)
     {
         return DECLINED;
@@ -1012,14 +1012,14 @@ int ssl_hook_Fixup(request_rec *r)
     SSL *ssl;
     int i;
 
-    if (sc->enabled == UNSET) {
+    if (sc->enabled == SSL_ENABLED_OPTIONAL) {
         apr_table_setn(r->headers_out, "Upgrade", "TLS/1.0, HTTP/1.1");
     }
 
     /*
      * Check to see if SSL is on
      */
-    if (!(sc->enabled && sslconn && (ssl = sslconn->ssl))) {
+    if (!(((sc->enabled == SSL_ENABLED_TRUE) || (sc->enabled == SSL_ENABLED_OPTIONAL)) && sslconn && (ssl = sslconn->ssl))) {
         return DECLINED;
     }
 
diff --git a/modules/ssl/ssl_private.h b/modules/ssl/ssl_private.h
index 5deef71967..d756ee3495 100644
--- a/modules/ssl/ssl_private.h
+++ b/modules/ssl/ssl_private.h
@@ -271,6 +271,16 @@ typedef enum {
     SSL_MUTEXMODE_USED   = 1
 } ssl_mutexmode_t;
 
+/*
+ * Define the SSL enabled state
+ */
+typedef enum {
+    SSL_ENABLED_UNSET    = UNSET,
+    SSL_ENABLED_FALSE    = 0,
+    SSL_ENABLED_TRUE     = 1,
+	SSL_ENABLED_OPTIONAL = 3
+} ssl_enabled_t;
+
 /*
  * Define the SSL requirement structure
  */
@@ -420,7 +430,7 @@ typedef struct {
 
 struct SSLSrvConfigRec {
     SSLModConfigRec *mc;
-    BOOL             enabled;
+    ssl_enabled_t    enabled;
     BOOL             proxy_enabled;
     const char      *vhost_id;
     int              vhost_id_len;