From: Doug MacEachern Date: Wed, 21 Nov 2001 17:45:24 +0000 (+0000) Subject: start moving c->notes usage to a new SSLConnRec structure hanging off of X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=d21e05768b4ce68bc55340fc300f84056a05038d;p=apache start moving c->notes usage to a new SSLConnRec structure hanging off of c->conn_config PR: Obtained from: Submitted by: Reviewed by: rbb, madhu git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@92093 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/modules/ssl/mod_ssl.c b/modules/ssl/mod_ssl.c index cbb2ea19a4..a6418e7744 100644 --- a/modules/ssl/mod_ssl.c +++ b/modules/ssl/mod_ssl.c @@ -224,11 +224,12 @@ static int ssl_hook_pre_connection(conn_rec *c) SSL *ssl; unsigned char *cpVHostID; char *cpVHostMD5; + SSLConnRec *sslconn = apr_pcalloc(c->pool, sizeof(*sslconn)); /* * Create SSL context */ - apr_table_setn(c->notes, "ssl", NULL); + myConnConfigSet(c, sslconn); /* * Immediately stop processing if SSL is disabled for this connection @@ -258,7 +259,6 @@ static int ssl_hook_pre_connection(conn_rec *c) if ((ssl = SSL_new(sc->pSSLCtx)) == NULL) { ssl_log(c->base_server, SSL_LOG_ERROR|SSL_ADD_SSLERR, "Unable to create a new SSL connection from the SSL context"); - apr_table_setn(c->notes, "ssl", NULL); c->aborted = 1; return DECLINED; /* XXX */ } @@ -268,7 +268,6 @@ static int ssl_hook_pre_connection(conn_rec *c) strlen(cpVHostMD5))) { ssl_log(c->base_server, SSL_LOG_ERROR|SSL_ADD_SSLERR, "Unable to set session id context to `%s'", cpVHostMD5); - apr_table_setn(c->notes, "ssl", NULL); c->aborted = 1; return DECLINED; /* XXX */ } @@ -278,7 +277,7 @@ static int ssl_hook_pre_connection(conn_rec *c) apr_table_setn(apctx, "ssl::verify::depth", AP_CTX_NUM2PTR(0)); SSL_set_app_data2(ssl, apctx); - apr_table_setn(c->notes, "ssl", (const char *)ssl); + sslconn->ssl = ssl; /* * Configure callbacks for SSL connection @@ -308,6 +307,7 @@ static int ssl_hook_pre_connection(conn_rec *c) static apr_status_t ssl_abort(SSLFilterRec *pRec, conn_rec *c) { + SSLConnRec *sslconn = myConnConfig(c); /* * try to gracefully shutdown the connection: * - send an own shutdown message (be gracefully) @@ -320,7 +320,7 @@ static apr_status_t ssl_abort(SSLFilterRec *pRec, conn_rec *c) SSL_smart_shutdown(pRec->pssl); SSL_free(pRec->pssl); pRec->pssl = NULL; /* so filters know we've been shutdown */ - apr_table_setn(c->notes, "ssl", NULL); + sslconn->ssl = NULL; c->aborted = 1; return APR_EGENERAL; diff --git a/modules/ssl/mod_ssl.h b/modules/ssl/mod_ssl.h index 07c7c77691..347e84ffec 100644 --- a/modules/ssl/mod_ssl.h +++ b/modules/ssl/mod_ssl.h @@ -196,6 +196,10 @@ #define cfgMergeBool(el) cfgMerge(el, UNSET) #define cfgMergeInt(el) cfgMerge(el, UNSET) +#define myConnConfig(c) \ +(SSLConnRec *)ap_get_module_config(c->conn_config, &ssl_module) +#define myConnConfigSet(c, val) \ +ap_set_module_config(c->conn_config, &ssl_module, val) #define myModConfig(srv) (SSLModConfigRec *)ssl_util_getmodconfig(srv, "ssl_module") #define mySrvConfig(srv) (SSLSrvConfigRec *)ap_get_module_config(srv->module_config, &ssl_module) #define myDirConfig(req) (SSLDirConfigRec *)ap_get_module_config(req->per_dir_config, &ssl_module) @@ -446,6 +450,10 @@ typedef struct { apr_bucket_brigade *b; /* decrypted input */ } SSLFilterRec; +typedef struct { + SSL *ssl; +} SSLConnRec; + typedef struct { apr_pool_t *pPool; BOOL bFixed; diff --git a/modules/ssl/ssl_engine_kernel.c b/modules/ssl/ssl_engine_kernel.c index f255658710..7ad5602950 100644 --- a/modules/ssl/ssl_engine_kernel.c +++ b/modules/ssl/ssl_engine_kernel.c @@ -146,7 +146,7 @@ apr_status_t ssl_hook_CloseConnection(SSLFilterRec *filter) /* deallocate the SSL connection */ SSL_free(ssl); - apr_table_setn(conn->notes, "ssl", NULL); + sslconn->ssl = NULL; filter->pssl = NULL; /* so filters know we've been shutdown */ return APR_SUCCESS; @@ -157,6 +157,7 @@ apr_status_t ssl_hook_CloseConnection(SSLFilterRec *filter) */ int ssl_hook_ReadReq(request_rec *r) { + SSLConnRec *sslconn = myConnConfig(r->connection); SSL *ssl; apr_table_t *apctx; @@ -164,7 +165,7 @@ int ssl_hook_ReadReq(request_rec *r) * Get the SSL connection structure and perform the * delayed interlinking from SSL back to request_rec */ - ssl = (SSL *)apr_table_get(r->connection->notes, "ssl"); + ssl = sslconn->ssl; if (ssl != NULL) { apctx = (apr_table_t *)SSL_get_app_data2(ssl); apr_table_setn(apctx, "ssl::request_rec", (const char *)r); @@ -191,7 +192,9 @@ int ssl_hook_ReadReq(request_rec *r) */ int ssl_hook_Translate(request_rec *r) { - if (apr_table_get(r->connection->notes, "ssl") == NULL) + SSLConnRec *sslconn = myConnConfig(r->connection); + + if (sslconn->ssl == NULL) return DECLINED; /* @@ -289,13 +292,13 @@ static long ssl_renegotiate_hook(BIO *bio, int cmd, const char *argp, int argi, long argl, long rc) { request_rec *r = (request_rec *)BIO_get_callback_arg(bio); - SSL *ssl; + SSLConnRec *sslconn = myConnConfig(r->connection); + SSL *ssl = sslconn->ssl; int is_failed_read = (cmd == (BIO_CB_READ|BIO_CB_RETURN) && (rc == -1)); int is_flush = ((cmd == BIO_CB_CTRL) && (argi == BIO_CTRL_FLUSH)); if (is_flush || is_failed_read) { - ssl = (SSL *)apr_table_get(r->connection->notes, "ssl"); /* disable this callback to prevent recursion * and leave a "note" so the input filter leaves the rbio * as-as @@ -340,6 +343,7 @@ int ssl_hook_Access(request_rec *r) { SSLDirConfigRec *dc; SSLSrvConfigRec *sc; + SSLConnRec *sslconn; SSL *ssl; SSL_CTX *ctx = NULL; apr_array_header_t *apRequirement; @@ -373,7 +377,8 @@ int ssl_hook_Access(request_rec *r) dc = myDirConfig(r); sc = mySrvConfig(r->server); - ssl = (SSL *)apr_table_get(r->connection->notes, "ssl"); + sslconn = myConnConfig(r->connection); + ssl = sslconn->ssl; if (ssl != NULL) ctx = SSL_get_SSL_CTX(ssl); @@ -868,6 +873,7 @@ int ssl_hook_Access(request_rec *r) */ int ssl_hook_UserCheck(request_rec *r) { + SSLConnRec *sslconn = myConnConfig(r->connection); SSLSrvConfigRec *sc = mySrvConfig(r->server); SSLDirConfigRec *dc = myDirConfig(r); char b1[MAX_STRING_LEN], b2[MAX_STRING_LEN]; @@ -907,7 +913,7 @@ int ssl_hook_UserCheck(request_rec *r) */ if (!sc->bEnabled) return DECLINED; - if (apr_table_get(r->connection->notes, "ssl") == NULL) + if (sslconn->ssl == NULL) return DECLINED; if (!(dc->nOptions & SSL_OPT_FAKEBASICAUTH)) return DECLINED; @@ -1040,6 +1046,7 @@ static const char *ssl_hook_Fixup_vars[] = { int ssl_hook_Fixup(request_rec *r) { + SSLConnRec *sslconn = myConnConfig(r->connection); SSLSrvConfigRec *sc = mySrvConfig(r->server); SSLDirConfigRec *dc = myDirConfig(r); apr_table_t *e = r->subprocess_env; @@ -1054,7 +1061,7 @@ int ssl_hook_Fixup(request_rec *r) */ if (!sc->bEnabled) return DECLINED; - if ((ssl = (SSL *)apr_table_get(r->connection->notes, "ssl")) == NULL) + if ((ssl = sslconn->ssl) == NULL) return DECLINED; /* diff --git a/modules/ssl/ssl_engine_vars.c b/modules/ssl/ssl_engine_vars.c index 00aa0a43b2..7ded33a239 100644 --- a/modules/ssl/ssl_engine_vars.c +++ b/modules/ssl/ssl_engine_vars.c @@ -89,6 +89,7 @@ void ssl_var_register(void) char *ssl_var_lookup(apr_pool_t *p, server_rec *s, conn_rec *c, request_rec *r, char *var) { + SSLConnRec *sslconn; SSLModConfigRec *mc = myModConfig(s); char *result; BOOL resdup; @@ -169,6 +170,7 @@ char *ssl_var_lookup(apr_pool_t *p, server_rec *s, conn_rec *c, request_rec *r, * Connection stuff */ if (result == NULL && c != NULL) { + sslconn = myConnConfig(c); if (strcEQ(var, "REMOTE_ADDR")) result = c->remote_ip; else if (strcEQ(var, "REMOTE_USER")) @@ -178,7 +180,7 @@ char *ssl_var_lookup(apr_pool_t *p, server_rec *s, conn_rec *c, request_rec *r, else if (strlen(var) > 4 && strcEQn(var, "SSL_", 4)) result = ssl_var_lookup_ssl(p, c, var+4); else if (strcEQ(var, "HTTPS")) { - if (apr_table_get(c->notes, "ssl") != NULL) + if (sslconn->ssl != NULL) result = "on"; else result = "off"; @@ -264,6 +266,7 @@ static char *ssl_var_lookup_header(apr_pool_t *p, request_rec *r, const char *na static char *ssl_var_lookup_ssl(apr_pool_t *p, conn_rec *c, char *var) { + SSLConnRec *sslconn = myConnConfig(c); char *result; X509 *xs; STACK_OF(X509) *sk; @@ -271,7 +274,7 @@ static char *ssl_var_lookup_ssl(apr_pool_t *p, conn_rec *c, char *var) result = NULL; - ssl = (SSL *)apr_table_get(c->notes, "ssl"); + ssl = sslconn->ssl; if (strlen(var) > 8 && strcEQn(var, "VERSION_", 8)) { result = ssl_var_lookup_ssl_version(p, var+8); } @@ -493,6 +496,7 @@ static char *ssl_var_lookup_ssl_cert_PEM(apr_pool_t *p, X509 *xs) static char *ssl_var_lookup_ssl_cert_verify(apr_pool_t *p, conn_rec *c) { + SSLConnRec *sslconn = myConnConfig(c); char *result; long vrc; char *verr; @@ -501,7 +505,7 @@ static char *ssl_var_lookup_ssl_cert_verify(apr_pool_t *p, conn_rec *c) X509 *xs; result = NULL; - ssl = (SSL *) apr_table_get(c->notes, "ssl"); + ssl = sslconn->ssl; verr = (char *)apr_table_get(c->notes, "ssl::verify::error"); vinfo = (char *)apr_table_get(c->notes, "ssl::verify::info"); vrc = SSL_get_verify_result(ssl); @@ -524,6 +528,7 @@ static char *ssl_var_lookup_ssl_cert_verify(apr_pool_t *p, conn_rec *c) static char *ssl_var_lookup_ssl_cipher(apr_pool_t *p, conn_rec *c, char *var) { + SSLConnRec *sslconn = myConnConfig(c); char *result; BOOL resdup; int usekeysize, algkeysize; @@ -532,7 +537,7 @@ static char *ssl_var_lookup_ssl_cipher(apr_pool_t *p, conn_rec *c, char *var) result = NULL; resdup = TRUE; - ssl = (SSL *)apr_table_get(c->notes, "ssl"); + ssl = sslconn->ssl; ssl_var_lookup_ssl_cipher_bits(ssl, &usekeysize, &algkeysize); if (strEQ(var, "")) @@ -627,9 +632,10 @@ void ssl_var_log_config_register(apr_pool_t *p) */ static const char *ssl_var_log_handler_c(request_rec *r, char *a) { + SSLConnRec *sslconn = myConnConfig(r->connection); char *result; - if (apr_table_get(r->connection->notes, "ssl") == NULL) + if (sslconn->ssl == NULL) return NULL; result = NULL; if (strEQ(a, "version")) @@ -655,10 +661,11 @@ static const char *ssl_var_log_handler_c(request_rec *r, char *a) */ static const char *ssl_var_log_handler_x(request_rec *r, char *a) { + SSLConnRec *sslconn = myConnConfig(r->connection); char *result; result = NULL; - if (apr_table_get(r->connection->notes, "ssl") != NULL) + if (sslconn->ssl != NULL) result = ssl_var_lookup(r->pool, r->server, r->connection, r, a); if (result != NULL && result[0] == NUL) result = NULL;