From 61242dd6c939f1f37f61db150ceed86257c6375f Mon Sep 17 00:00:00 2001 From: "William A. Rowe Jr" Date: Sat, 14 Dec 2002 07:46:45 +0000 Subject: [PATCH] After some productive feedback and no negative feedback, introduce SSLEngine upgrade so that we can begin and continue to support these facilities. This makes it simpler to keep this effort (while we have no known clients that support Connection: upgrade at this time), and begin refactoring more of SSL into smaller and tighter (and then optional) components. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@97913 13f79535-47bb-0310-9956-ffa450edef68 --- modules/ssl/mod_ssl.c | 84 +++++++++++++++++++++++++++---------------- 1 file changed, 54 insertions(+), 30 deletions(-) diff --git a/modules/ssl/mod_ssl.c b/modules/ssl/mod_ssl.c index b310c9aeb9..9aa52a99dd 100644 --- a/modules/ssl/mod_ssl.c +++ b/modules/ssl/mod_ssl.c @@ -105,7 +105,7 @@ static const command_rec ssl_config_cmds[] = { /* * Per-server context configuration directives */ - SSL_CMD_SRV(Engine, FLAG, + SSL_CMD_SRV(Engine, TAKE1, "SSL switch for the protocol engine " "(`on', `off')") SSL_CMD_ALL(CipherSuite, TAKE1, @@ -274,7 +274,7 @@ int ssl_engine_disable(conn_rec *c) return 1; } -static int ssl_hook_pre_connection(conn_rec *c, void *csd) +int ssl_init_ssl_connection(conn_rec *c) { SSLSrvConfigRec *sc = mySrvConfig(c->base_server); SSL *ssl; @@ -283,40 +283,14 @@ static int ssl_hook_pre_connection(conn_rec *c, void *csd) modssl_ctx_t *mctx; /* - * Immediately stop processing if SSL is disabled for this connection + * Seed the Pseudo Random Number Generator (PRNG) */ - if (!(sc && (sc->enabled || - (sslconn && sslconn->is_proxy)))) - { - return DECLINED; - } + ssl_rand_seed(c->base_server, c->pool, SSL_RSCTX_CONNECT, ""); - /* - * Create SSL context - */ if (!sslconn) { sslconn = ssl_init_connection_ctx(c); } - if (sslconn->disabled) { - return DECLINED; - } - - /* - * Remember the connection information for - * later access inside callback functions - */ - - ap_log_error(APLOG_MARK, APLOG_INFO, 0, c->base_server, - "Connection to child %ld established " - "(server %s, client %s)", c->id, sc->vhost_id, - c->remote_ip ? c->remote_ip : "unknown"); - - /* - * Seed the Pseudo Random Number Generator (PRNG) - */ - ssl_rand_seed(c->base_server, c->pool, SSL_RSCTX_CONNECT, ""); - mctx = sslconn->is_proxy ? sc->proxy : sc->server; /* @@ -390,6 +364,54 @@ static apr_port_t ssl_hook_default_port(const request_rec *r) return 443; } +static int ssl_hook_pre_connection(conn_rec *c, void *csd) +{ + SSLSrvConfigRec *sc = mySrvConfig(c->base_server); + SSLConnRec *sslconn = myConnConfig(c); + + /* + * Immediately stop processing if SSL is disabled for this connection + */ + if (!(sc && (sc->enabled == TRUE || + (sslconn && sslconn->is_proxy)))) + { + return DECLINED; + } + + /* + * Create SSL context + */ + if (!sslconn) { + sslconn = ssl_init_connection_ctx(c); + } + + if (sslconn->disabled) { + return DECLINED; + } + + /* + * Remember the connection information for + * later access inside callback functions + */ + + ap_log_error(APLOG_MARK, APLOG_INFO, 0, c->base_server, + "Connection to child %ld established " + "(server %s, client %s)", c->id, sc->vhost_id, + c->remote_ip ? c->remote_ip : "unknown"); + + return ssl_init_ssl_connection(c); +} + + +static void ssl_hook_Insert_Filter(request_rec *r) +{ + SSLSrvConfigRec *sc = mySrvConfig(r->server); + + if (sc->enabled == UNSET) { + ap_add_output_filter("UPGRADE_FILTER", NULL, r, r->connection); + } +} + /* * the module registration phase */ @@ -410,6 +432,8 @@ static void ssl_register_hooks(apr_pool_t *p) ap_hook_access_checker(ssl_hook_Access, NULL,NULL, APR_HOOK_MIDDLE); ap_hook_auth_checker (ssl_hook_Auth, NULL,NULL, APR_HOOK_MIDDLE); ap_hook_post_read_request(ssl_hook_ReadReq, NULL,NULL, APR_HOOK_MIDDLE); + ap_hook_insert_filter (ssl_hook_Insert_Filter, NULL,NULL, APR_HOOK_MIDDLE); +/* ap_hook_handler (ssl_hook_Upgrade, NULL,NULL, APR_HOOK_MIDDLE); */ ssl_var_register(); -- 2.40.0