From: Rainer Jung <rjung@apache.org>
Date: Tue, 6 Oct 2015 11:30:01 +0000 (+0000)
Subject: mod_ssl: Extend expression parser registration
X-Git-Tag: 2.5.0-alpha~2757
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=7880ec224c14cf0ad93401ca8c8fc50d2dd39fda;p=apache

mod_ssl: Extend expression parser registration
to support ssl variables in any expression
using mod_rewrite syntax "%{SSL:VARNAME}" or
function syntax "ssl(VARIABLE)".


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1707002 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/CHANGES b/CHANGES
index 9c055a2476..3a02b64cbf 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,6 +1,10 @@
                                                          -*- coding: utf-8 -*-
 Changes with Apache 2.5.0
 
+  *) mod_ssl: Extend expression parser registration to support ssl variables
+     in any expression using mod_rewrite syntax "%{SSL:VARNAME}" or function
+     syntax "ssl(VARIABLE)". [Rainer Jung]
+
   *) core: Extend support for asynchronous write completion from the
      network filter to any connection or request filter. [Graham Leggett]
 
diff --git a/docs/manual/mod/mod_ssl.xml b/docs/manual/mod/mod_ssl.xml
index a640c9f1f5..350a2318b9 100644
--- a/docs/manual/mod/mod_ssl.xml
+++ b/docs/manual/mod/mod_ssl.xml
@@ -216,6 +216,30 @@ string in <module>mod_log_config</module>.</p>
 
 </section>
 
+<section id="expressionparser"><title>Expression Parser Extension</title>
+
+<p>When <module>mod_ssl</module> is built into Apache or at least
+loaded (under DSO situation) any <a name="envvars">variables</a>
+provided by <module>mod_ssl</module> can be used in expressions
+for the <a href="../expr.html">ap_expr Expression Parser</a>.
+The variables can be referenced using the syntax
+``<code>%{</code><em>varname</em><code>}</code>''. Starting
+with version 2.4.17 one can also use the
+<module>mod_rewrite</module> style syntax
+``<code>%{SSL:</code><em>varname</em><code>}</code>'' or
+the function style syntax
+``<code>ssl(</code><em>varname</em><code>)</code>''.</p>
+<example><title>Example (using <module>mod_headers</module>)</title>
+<highlight language="config">
+Header set X-SSL-PROTOCOL "expr=%{SSL_PROTOCOL}"
+Header set X-SSL-CIPHER "expr=%{SSL:SSL_CIPHER}"
+</highlight>
+</example>
+<p>This feature even works without setting the <code>StdEnvVars</code>
+option of the <directive module="mod_ssl">SSLOptions</directive>
+directive.</p>
+</section>
+
 <section id="authzproviders"><title>Authorization providers for use with Require</title>
 
   <p><module>mod_ssl</module> provides a few authentication providers for use
diff --git a/modules/ssl/ssl_engine_vars.c b/modules/ssl/ssl_engine_vars.c
index f97ce590ca..25e6882dc7 100644
--- a/modules/ssl/ssl_engine_vars.c
+++ b/modules/ssl/ssl_engine_vars.c
@@ -149,6 +149,14 @@ static const char *expr_var_fn(ap_expr_eval_ctx_t *ctx, const void *data)
     return sslconn ? ssl_var_lookup_ssl(ctx->p, ctx->c, ctx->r, var) : NULL;
 }
 
+static const char *expr_func_fn(ap_expr_eval_ctx_t *ctx, const void *data,
+                                const char *arg)
+{
+    char *var = (char *)arg;
+
+    return var ? ssl_var_lookup(ctx->p, ctx->s, ctx->c, ctx->r, var) : NULL;
+}
+
 static int ssl_expr_lookup(ap_expr_lookup_parms *parms)
 {
     switch (parms->type) {
@@ -163,6 +171,15 @@ static int ssl_expr_lookup(ap_expr_lookup_parms *parms)
             return OK;
         }
         break;
+    case AP_EXPR_FUNC_STRING:
+        /* Function SSL() is implemented by us.
+         */
+        if (strcEQ(parms->name, "SSL")) {
+            *parms->func = expr_func_fn;
+            *parms->data = NULL;
+            return OK;
+        }
+        break;
     case AP_EXPR_FUNC_LIST:
         if (strcEQ(parms->name, "PeerExtList")) {
             *parms->func = expr_peer_ext_list_fn;