From: Joe Orton Date: Mon, 16 Apr 2018 10:14:25 +0000 (+0000) Subject: Factor out logic to determine if request is using SSL/TLS and use it X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=fb92787465b7b116e32ba99e676973c7513f6d0d;p=apache Factor out logic to determine if request is using SSL/TLS and use it consistently. * modules/ssl/ssl_util.c (modssl_request_is_tls): New function. * modules/ssl/ssl_engine_kernel.c (ssl_hook_Fixup): Use it. * modules/ssl/mod_ssl.c (ssl_hook_http_scheme, ssl_hook_default_port): Use it. PR: 61519 git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1829250 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/modules/ssl/mod_ssl.c b/modules/ssl/mod_ssl.c index a7f481697e..2f538ef4b3 100644 --- a/modules/ssl/mod_ssl.c +++ b/modules/ssl/mod_ssl.c @@ -627,24 +627,12 @@ int ssl_init_ssl_connection(conn_rec *c, request_rec *r) static const char *ssl_hook_http_scheme(const request_rec *r) { - SSLSrvConfigRec *sc = mySrvConfig(r->server); - - if (sc->enabled == SSL_ENABLED_FALSE || sc->enabled == SSL_ENABLED_OPTIONAL) { - return NULL; - } - - return "https"; + return modssl_request_is_tls(r, NULL) ? "https" : NULL; } static apr_port_t ssl_hook_default_port(const request_rec *r) { - SSLSrvConfigRec *sc = mySrvConfig(r->server); - - if (sc->enabled == SSL_ENABLED_FALSE || sc->enabled == SSL_ENABLED_OPTIONAL) { - return 0; - } - - return 443; + return modssl_request_is_tls(r, NULL) ? 443 : 0; } static int ssl_hook_pre_connection(conn_rec *c, void *csd) diff --git a/modules/ssl/ssl_engine_kernel.c b/modules/ssl/ssl_engine_kernel.c index 5f2190a2e2..6e8c59f23d 100644 --- a/modules/ssl/ssl_engine_kernel.c +++ b/modules/ssl/ssl_engine_kernel.c @@ -1502,8 +1502,6 @@ static const char *const ssl_hook_Fixup_vars[] = { int ssl_hook_Fixup(request_rec *r) { - SSLConnRec *sslconn = myConnConfig(r->connection); - SSLSrvConfigRec *sc = mySrvConfig(r->server); SSLDirConfigRec *dc = myDirConfig(r); apr_table_t *env = r->subprocess_env; char *var, *val = ""; @@ -1514,14 +1512,7 @@ int ssl_hook_Fixup(request_rec *r) SSL *ssl; int i; - if (!(sslconn && sslconn->ssl) && r->connection->master) { - sslconn = myConnConfig(r->connection->master); - } - - /* - * Check to see if SSL is on - */ - if (!(((sc->enabled == SSL_ENABLED_TRUE) || (sc->enabled == SSL_ENABLED_OPTIONAL)) && sslconn && (ssl = sslconn->ssl))) { + if (!modssl_request_is_tls(r, &ssl)) { return DECLINED; } diff --git a/modules/ssl/ssl_private.h b/modules/ssl/ssl_private.h index c8f8c549f7..517eead5ec 100644 --- a/modules/ssl/ssl_private.h +++ b/modules/ssl/ssl_private.h @@ -1096,6 +1096,11 @@ void ssl_init_ocsp_certificates(server_rec *s, modssl_ctx_t *mctx); * memory. */ DH *modssl_get_dh_params(unsigned keylen); +/* Returns non-zero if the request is using SSL/TLS. If ssl is + * non-NULL and the request is using SSL/TLS, sets *ssl to the + * corresponding SSL structure for the connectbion. */ +int modssl_request_is_tls(const request_rec *r, SSL **ssl); + #if HAVE_VALGRIND extern int ssl_running_on_valgrind; #endif diff --git a/modules/ssl/ssl_util.c b/modules/ssl/ssl_util.c index 2f431f8334..9a8a9f2f3a 100644 --- a/modules/ssl/ssl_util.c +++ b/modules/ssl/ssl_util.c @@ -100,6 +100,23 @@ BOOL ssl_util_vhost_matches(const char *servername, server_rec *s) return FALSE; } +int modssl_request_is_tls(const request_rec *r, SSL **ssl) +{ + SSLConnRec *sslconn = myConnConfig(r->connection); + SSLSrvConfigRec *sc = mySrvConfig(r->server); + + if (!(sslconn && sslconn->ssl) && r->connection->master) { + sslconn = myConnConfig(r->connection->master); + } + + if (sc->enabled == SSL_ENABLED_FALSE || !sslconn || !sslconn->ssl) + return 0; + + if (ssl) *ssl = sslconn->ssl; + + return 1; +} + apr_file_t *ssl_util_ppopen(server_rec *s, apr_pool_t *p, const char *cmd, const char * const *argv) {