From 72814e709a659cb9ee200b1f710f44351c9028d3 Mon Sep 17 00:00:00 2001 From: Doug MacEachern Date: Tue, 12 Mar 2002 04:41:57 +0000 Subject: [PATCH] dropping hungarian notation git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93851 13f79535-47bb-0310-9956-ffa450edef68 --- modules/ssl/ssl_engine_config.c | 179 ++++++++++---------- modules/ssl/ssl_engine_init.c | 247 ++++++++++++++------------- modules/ssl/ssl_engine_kernel.c | 287 ++++++++++++++++---------------- 3 files changed, 355 insertions(+), 358 deletions(-) diff --git a/modules/ssl/ssl_engine_config.c b/modules/ssl/ssl_engine_config.c index e1dee26ee5..23ae51e9f1 100644 --- a/modules/ssl/ssl_engine_config.c +++ b/modules/ssl/ssl_engine_config.c @@ -72,11 +72,11 @@ SSLModConfigRec *ssl_config_global_create(server_rec *s) { - apr_pool_t *pPool; + apr_pool_t *pool = s->process->pool; SSLModConfigRec *mc; apr_pool_userdata_get((void **)&mc, SSL_MOD_CONFIG_KEY, - s->process->pool); + pool); if (mc) { return mc; /* reused for lifetime of the server */ @@ -85,9 +85,8 @@ SSLModConfigRec *ssl_config_global_create(server_rec *s) /* * allocate an own subpool which survives server restarts */ - pPool = s->process->pool; - mc = (SSLModConfigRec *)apr_palloc(pPool, sizeof(*mc)); - mc->pPool = pPool; + mc = (SSLModConfigRec *)apr_palloc(pool, sizeof(*mc)); + mc->pPool = pool; mc->bFixed = FALSE; /* @@ -103,12 +102,12 @@ SSLModConfigRec *ssl_config_global_create(server_rec *s) mc->nMutexMode = SSL_MUTEXMODE_UNSET; mc->szMutexFile = NULL; mc->pMutex = NULL; - mc->aRandSeed = apr_array_make(pPool, 4, + mc->aRandSeed = apr_array_make(pool, 4, sizeof(ssl_randseed_t)); - mc->tVHostKeys = apr_hash_make(pPool); - mc->tPrivateKey = apr_hash_make(pPool); - mc->tPublicCert = apr_hash_make(pPool); - mc->tTmpKeys = apr_hash_make(pPool); + mc->tVHostKeys = apr_hash_make(pool); + mc->tPrivateKey = apr_hash_make(pool); + mc->tPublicCert = apr_hash_make(pool); + mc->tTmpKeys = apr_hash_make(pool); #ifdef SSL_EXPERIMENTAL_ENGINE mc->szCryptoDevice = NULL; #endif @@ -117,7 +116,7 @@ SSLModConfigRec *ssl_config_global_create(server_rec *s) apr_pool_userdata_set(mc, SSL_MOD_CONFIG_KEY, apr_pool_cleanup_null, - s->process->pool); + pool); return mc; } @@ -426,7 +425,7 @@ const char *ssl_cmd_SSLRandomSeed(cmd_parms *cmd, void *ctx, { SSLModConfigRec *mc = myModConfig(cmd->server); const char *err; - ssl_randseed_t *pRS; + ssl_randseed_t *seed; int arg2len = strlen(arg2); if ((err = ap_check_cmd_context(cmd, GLOBAL_ONLY))) { @@ -437,13 +436,13 @@ const char *ssl_cmd_SSLRandomSeed(cmd_parms *cmd, void *ctx, return NULL; } - pRS = apr_array_push(mc->aRandSeed); + seed = apr_array_push(mc->aRandSeed); if (strcEQ(arg1, "startup")) { - pRS->nCtx = SSL_RSCTX_STARTUP; + seed->nCtx = SSL_RSCTX_STARTUP; } else if (strcEQ(arg1, "connect")) { - pRS->nCtx = SSL_RSCTX_CONNECT; + seed->nCtx = SSL_RSCTX_CONNECT; } else { return apr_pstrcat(cmd->pool, "SSLRandomSeed: " @@ -452,46 +451,46 @@ const char *ssl_cmd_SSLRandomSeed(cmd_parms *cmd, void *ctx, } if ((arg2len > 5) && strEQn(arg2, "file:", 5)) { - pRS->nSrc = SSL_RSSRC_FILE; - pRS->cpPath = ap_server_root_relative(mc->pPool, arg2+5); + seed->nSrc = SSL_RSSRC_FILE; + seed->cpPath = ap_server_root_relative(mc->pPool, arg2+5); } else if ((arg2len > 5) && strEQn(arg2, "exec:", 5)) { - pRS->nSrc = SSL_RSSRC_EXEC; - pRS->cpPath = ap_server_root_relative(mc->pPool, arg2+5); + seed->nSrc = SSL_RSSRC_EXEC; + seed->cpPath = ap_server_root_relative(mc->pPool, arg2+5); } else if ((arg2len > 4) && strEQn(arg2, "egd:", 4)) { - pRS->nSrc = SSL_RSSRC_EGD; - pRS->cpPath = ap_server_root_relative(mc->pPool, arg2+4); + seed->nSrc = SSL_RSSRC_EGD; + seed->cpPath = ap_server_root_relative(mc->pPool, arg2+4); } else if (strcEQ(arg2, "builtin")) { - pRS->nSrc = SSL_RSSRC_BUILTIN; - pRS->cpPath = NULL; + seed->nSrc = SSL_RSSRC_BUILTIN; + seed->cpPath = NULL; } else { - pRS->nSrc = SSL_RSSRC_FILE; - pRS->cpPath = ap_server_root_relative(mc->pPool, arg2); + seed->nSrc = SSL_RSSRC_FILE; + seed->cpPath = ap_server_root_relative(mc->pPool, arg2); } - if (pRS->nSrc != SSL_RSSRC_BUILTIN) { - if (!ssl_util_path_check(SSL_PCM_EXISTS, pRS->cpPath, cmd->pool)) { + if (seed->nSrc != SSL_RSSRC_BUILTIN) { + if (!ssl_util_path_check(SSL_PCM_EXISTS, seed->cpPath, cmd->pool)) { return apr_pstrcat(cmd->pool, "SSLRandomSeed: source path '", - pRS->cpPath, "' does not exist", NULL); + seed->cpPath, "' does not exist", NULL); } } if (!arg3) { - pRS->nBytes = 0; /* read whole file */ + seed->nBytes = 0; /* read whole file */ } else { - if (pRS->nSrc == SSL_RSSRC_BUILTIN) { + if (seed->nSrc == SSL_RSSRC_BUILTIN) { return "SSLRandomSeed: byte specification not " "allowed for builtin seed source"; } - pRS->nBytes = atoi(arg3); + seed->nBytes = atoi(arg3); - if (pRS->nBytes < 0) { + if (seed->nBytes < 0) { return "SSLRandomSeed: invalid number of bytes specified"; } } @@ -534,18 +533,18 @@ const char *ssl_cmd_SSLCertificateFile(cmd_parms *cmd, void *ctx, const char *arg) { SSLSrvConfigRec *sc = mySrvConfig(cmd->server); - const char *cpPath = ap_server_root_relative(cmd->pool, arg); + const char *path = ap_server_root_relative(cmd->pool, arg); int i; - if (!ssl_util_path_check(SSL_FLAGS_CHECK_FILE, cpPath, cmd->pool)) { + if (!ssl_util_path_check(SSL_FLAGS_CHECK_FILE, path, cmd->pool)) { return apr_pstrcat(cmd->pool, "SSLCertificateFile: file '", - cpPath, "' does not exist or is empty", NULL); + path, "' does not exist or is empty", NULL); } for (i = 0; i < SSL_AIDX_MAX; i++) { if (!sc->szPublicCertFile[i]) { - sc->szPublicCertFile[i] = cpPath; + sc->szPublicCertFile[i] = path; return NULL; } } @@ -560,18 +559,18 @@ const char *ssl_cmd_SSLCertificateKeyFile(cmd_parms *cmd, void *ctx, const char *arg) { SSLSrvConfigRec *sc = mySrvConfig(cmd->server); - const char *cpPath = ap_server_root_relative(cmd->pool, arg); + const char *path = ap_server_root_relative(cmd->pool, arg); int i; - if (!ssl_util_path_check(SSL_FLAGS_CHECK_FILE, cpPath, cmd->pool)) { + if (!ssl_util_path_check(SSL_FLAGS_CHECK_FILE, path, cmd->pool)) { return apr_pstrcat(cmd->pool, "SSLCertificateKeyFile: file '", - cpPath, "' does not exist or is empty", NULL); + path, "' does not exist or is empty", NULL); } for (i = 0; i < SSL_AIDX_MAX; i++) { if (!sc->szPrivateKeyFile[i]) { - sc->szPrivateKeyFile[i] = cpPath; + sc->szPrivateKeyFile[i] = path; return NULL; } } @@ -586,15 +585,15 @@ const char *ssl_cmd_SSLCertificateChainFile(cmd_parms *cmd, void *ctx, const char *arg) { SSLSrvConfigRec *sc = mySrvConfig(cmd->server); - const char *cpPath = ap_server_root_relative(cmd->pool, arg); + const char *path = ap_server_root_relative(cmd->pool, arg); - if (!ssl_util_path_check(SSL_FLAGS_CHECK_FILE, cpPath, cmd->pool)) { + if (!ssl_util_path_check(SSL_FLAGS_CHECK_FILE, path, cmd->pool)) { return apr_pstrcat(cmd->pool, "SSLCertificateChainFile: file '", - cpPath, "' does not exist or is empty", NULL); + path, "' does not exist or is empty", NULL); } - sc->szCertificateChain = cpPath; + sc->szCertificateChain = path; return NULL; } @@ -606,23 +605,23 @@ const char *ssl_cmd_SSLCACertificatePath(cmd_parms *cmd, void *ctx, SSLDirConfigRec *dc = (SSLDirConfigRec *)ctx; #endif SSLSrvConfigRec *sc = mySrvConfig(cmd->server); - const char *cpPath = ap_server_root_relative(cmd->pool, arg); + const char *path = ap_server_root_relative(cmd->pool, arg); - if (!ssl_util_path_check(SSL_FLAGS_CHECK_DIR, cpPath, cmd->pool)) { + if (!ssl_util_path_check(SSL_FLAGS_CHECK_DIR, path, cmd->pool)) { return apr_pstrcat(cmd->pool, "SSLCACertificatePath: directory '", - cpPath, "' does not exist", NULL); + path, "' does not exist", NULL); } #ifdef SSL_EXPERIMENTAL_PERDIRCA if (!(cmd->path || dc)) { - sc->szCACertificatePath = cpPath; + sc->szCACertificatePath = path; } else { - dc->szCACertificatePath = cpPath; + dc->szCACertificatePath = path; } #else - sc->szCACertificatePath = cpPath; + sc->szCACertificatePath = path; #endif return NULL; @@ -635,23 +634,23 @@ const char *ssl_cmd_SSLCACertificateFile(cmd_parms *cmd, void *ctx, SSLDirConfigRec *dc = (SSLDirConfigRec *)ctx; #endif SSLSrvConfigRec *sc = mySrvConfig(cmd->server); - const char *cpPath = ap_server_root_relative(cmd->pool, arg); + const char *path = ap_server_root_relative(cmd->pool, arg); - if (!ssl_util_path_check(SSL_FLAGS_CHECK_FILE, cpPath, cmd->pool)) { + if (!ssl_util_path_check(SSL_FLAGS_CHECK_FILE, path, cmd->pool)) { return apr_pstrcat(cmd->pool, "SSLCACertificateFile: file '", - cpPath, "' does not exist or is empty", NULL); + path, "' does not exist or is empty", NULL); } #ifdef SSL_EXPERIMENTAL_PERDIRCA if (!(cmd->path || dc)) { - sc->szCACertificateFile = cpPath; + sc->szCACertificateFile = path; } else { - dc->szCACertificateFile = cpPath; + dc->szCACertificateFile = path; } #else - sc->szCACertificateFile = cpPath; + sc->szCACertificateFile = path; #endif return NULL; @@ -661,15 +660,15 @@ const char *ssl_cmd_SSLCARevocationPath(cmd_parms *cmd, void *ctx, const char *arg) { SSLSrvConfigRec *sc = mySrvConfig(cmd->server); - const char *cpPath = ap_server_root_relative(cmd->pool, arg); + const char *path = ap_server_root_relative(cmd->pool, arg); - if (!ssl_util_path_check(SSL_FLAGS_CHECK_DIR, cpPath, cmd->pool)) { + if (!ssl_util_path_check(SSL_FLAGS_CHECK_DIR, path, cmd->pool)) { return apr_pstrcat(cmd->pool, "SSLCARevcocationPath: directory '", - cpPath, "' does not exist", NULL); + path, "' does not exist", NULL); } - sc->szCARevocationPath = cpPath; + sc->szCARevocationPath = path; return NULL; } @@ -678,15 +677,15 @@ const char *ssl_cmd_SSLCARevocationFile(cmd_parms *cmd, void *ctx, const char *arg) { SSLSrvConfigRec *sc = mySrvConfig(cmd->server); - const char *cpPath = ap_server_root_relative(cmd->pool, arg); + const char *path = ap_server_root_relative(cmd->pool, arg); - if (!ssl_util_path_check(SSL_FLAGS_CHECK_FILE, cpPath, cmd->pool)) { + if (!ssl_util_path_check(SSL_FLAGS_CHECK_FILE, path, cmd->pool)) { return apr_pstrcat(cmd->pool, "SSLCARevocationFile: file '", - cpPath, "' does not exist or is empty", NULL); + path, "' does not exist or is empty", NULL); } - sc->szCARevocationFile = cpPath; + sc->szCARevocationFile = path; return NULL; } @@ -938,15 +937,15 @@ const char *ssl_cmd_SSLLogLevel(cmd_parms *cmd, void *ctx, } const char *ssl_cmd_SSLOptions(cmd_parms *cmd, void *ctx, - const char *cpLine) + const char *arg) { SSLDirConfigRec *dc = (SSLDirConfigRec *)ctx; ssl_opt_t opt; int first = TRUE; char action, *w; - while (*cpLine) { - w = ap_getword_conf(cmd->pool, &cpLine); + while (*arg) { + w = ap_getword_conf(cmd->pool, &arg); action = NUL; if ((*w == '+') || (*w == '-')) { @@ -1011,20 +1010,20 @@ const char *ssl_cmd_SSLRequireSSL(cmd_parms *cmd, void *ctx) } const char *ssl_cmd_SSLRequire(cmd_parms *cmd, void *ctx, - const char *cpExpr) + const char *arg) { SSLDirConfigRec *dc = (SSLDirConfigRec *)ctx; - ssl_expr *mpExpr; - ssl_require_t *pReqRec; + ssl_expr *expr; + ssl_require_t *require; - if (!(mpExpr = ssl_expr_comp(cmd->pool, (char *)cpExpr))) { + if (!(expr = ssl_expr_comp(cmd->pool, (char *)arg))) { return apr_pstrcat(cmd->pool, "SSLRequire: ", ssl_expr_get_error(), NULL); } - pReqRec = apr_array_push(dc->aRequirement); - pReqRec->cpExpr = apr_pstrdup(cmd->pool, cpExpr); - pReqRec->mpExpr = mpExpr; + require = apr_array_push(dc->aRequirement); + require->cpExpr = apr_pstrdup(cmd->pool, arg); + require->mpExpr = expr; return NULL; } @@ -1167,15 +1166,15 @@ const char *ssl_cmd_SSLProxyCACertificateFile(cmd_parms *cmd, char *arg) { SSLSrvConfigRec *sc = mySrvConfig(cmd->server); - const char *cpPath = ap_server_root_relative(cmd->pool, arg); + const char *path = ap_server_root_relative(cmd->pool, arg); - if (!ssl_util_path_check(SSL_FLAGS_CHECK_FILE, cpPath, cmd->pool)) { + if (!ssl_util_path_check(SSL_FLAGS_CHECK_FILE, path, cmd->pool)) { return apr_pstrcat(cmd->pool, "SSLProxyCACertificateFile: file '", - cpPath, "' does not exist or is empty", NULL); + path, "' does not exist or is empty", NULL); } - sc->szProxyCACertificateFile = cpPath; + sc->szProxyCACertificateFile = path; return NULL; } @@ -1185,15 +1184,15 @@ const char *ssl_cmd_SSLProxyCACertificatePath(cmd_parms *cmd, char *arg) { SSLSrvConfigRec *sc = mySrvConfig(cmd->server); - const char *cpPath = ap_server_root_relative(cmd->pool, arg); + const char *path = ap_server_root_relative(cmd->pool, arg); - if (!ssl_util_path_check(SSL_FLAGS_CHECK_DIR, cpPath, cmd->pool)) { + if (!ssl_util_path_check(SSL_FLAGS_CHECK_DIR, path, cmd->pool)) { return apr_pstrcat(cmd->pool, "SSLProxyCACertificatePath: directory '", - cpPath, "' does not exist", NULL); + path, "' does not exist", NULL); } - sc->szProxyCACertificatePath = cpPath; + sc->szProxyCACertificatePath = path; return NULL; } @@ -1203,15 +1202,15 @@ const char *ssl_cmd_SSLProxyMachineCertificateFile(cmd_parms *cmd, char *arg) { SSLSrvConfigRec *sc = mySrvConfig(cmd->server); - const char *cpPath = ap_server_root_relative(cmd->pool, arg); + const char *path = ap_server_root_relative(cmd->pool, arg); - if (!ssl_util_path_check(SSL_FLAGS_CHECK_FILE, cpPath, cmd->pool)) { + if (!ssl_util_path_check(SSL_FLAGS_CHECK_FILE, path, cmd->pool)) { return apr_pstrcat(cmd->pool, "SSLProxyMachineCertFile: file '", - cpPath, "' does not exist or is empty", NULL); + path, "' does not exist or is empty", NULL); } - sc->szProxyClientCertificateFile = cpPath; + sc->szProxyClientCertificateFile = path; return NULL; } @@ -1221,15 +1220,15 @@ const char *ssl_cmd_SSLProxyMachineCertificatePath(cmd_parms *cmd, char *arg) { SSLSrvConfigRec *sc = mySrvConfig(cmd->server); - const char *cpPath = ap_server_root_relative(cmd->pool, arg); + const char *path = ap_server_root_relative(cmd->pool, arg); - if (!ssl_util_path_check(SSL_FLAGS_CHECK_DIR, cpPath, cmd->pool)) { + if (!ssl_util_path_check(SSL_FLAGS_CHECK_DIR, path, cmd->pool)) { return apr_pstrcat(cmd->pool, "SSLProxyMachineCertPath: directory '", - cpPath, "' does not exist", NULL); + path, "' does not exist", NULL); } - sc->szProxyClientCertificatePath = cpPath; + sc->szProxyClientCertificatePath = path; return NULL; } diff --git a/modules/ssl/ssl_engine_init.c b/modules/ssl/ssl_engine_init.c index ee95e7a964..9e98e0abf4 100644 --- a/modules/ssl/ssl_engine_init.c +++ b/modules/ssl/ssl_engine_init.c @@ -307,7 +307,7 @@ void ssl_init_TmpKeysHandle(int action, server_rec *s, apr_pool_t *p) { SSLModConfigRec *mc = myModConfig(s); ssl_asn1_t *asn1; - unsigned char *ucp; + unsigned char *ptr; long int length; RSA *rsa; DH *dh; @@ -328,8 +328,8 @@ void ssl_init_TmpKeysHandle(int action, server_rec *s, apr_pool_t *p) } length = i2d_RSAPrivateKey(rsa, NULL); - ucp = ssl_asn1_table_set(mc->tTmpKeys, "RSA:512", length); - (void)i2d_RSAPrivateKey(rsa, &ucp); /* 2nd arg increments */ + ptr = ssl_asn1_table_set(mc->tTmpKeys, "RSA:512", length); + (void)i2d_RSAPrivateKey(rsa, &ptr); /* 2nd arg increments */ RSA_free(rsa); /* generate 1024 bit RSA key */ @@ -341,8 +341,8 @@ void ssl_init_TmpKeysHandle(int action, server_rec *s, apr_pool_t *p) } length = i2d_RSAPrivateKey(rsa, NULL); - ucp = ssl_asn1_table_set(mc->tTmpKeys, "RSA:1024", length); - (void)i2d_RSAPrivateKey(rsa, &ucp); /* 2nd arg increments */ + ptr = ssl_asn1_table_set(mc->tTmpKeys, "RSA:1024", length); + (void)i2d_RSAPrivateKey(rsa, &ptr); /* 2nd arg increments */ RSA_free(rsa); ssl_log(s, SSL_LOG_INFO, @@ -357,8 +357,8 @@ void ssl_init_TmpKeysHandle(int action, server_rec *s, apr_pool_t *p) } length = i2d_DHparams(dh, NULL); - ucp = ssl_asn1_table_set(mc->tTmpKeys, "DH:512", length); - (void)i2d_DHparams(dh, &ucp); /* 2nd arg increments */ + ptr = ssl_asn1_table_set(mc->tTmpKeys, "DH:512", length); + (void)i2d_DHparams(dh, &ptr); /* 2nd arg increments */ DH_free(dh); /* import 1024 bit DH param */ @@ -370,8 +370,8 @@ void ssl_init_TmpKeysHandle(int action, server_rec *s, apr_pool_t *p) } length = i2d_DHparams(dh, NULL); - ucp = ssl_asn1_table_set(mc->tTmpKeys, "DH:1024", length); - (void)i2d_DHparams(dh, &ucp); /* 2nd arg increments */ + ptr = ssl_asn1_table_set(mc->tTmpKeys, "DH:1024", length); + (void)i2d_DHparams(dh, &ptr); /* 2nd arg increments */ DH_free(dh); } else if (action == SSL_TKP_ALLOC) { /* Allocate Keys and Params */ @@ -381,9 +381,9 @@ void ssl_init_TmpKeysHandle(int action, server_rec *s, apr_pool_t *p) /* allocate 512 bit RSA key */ if ((asn1 = ssl_asn1_table_get(mc->tTmpKeys, "RSA:512"))) { - ucp = asn1->cpData; + ptr = asn1->cpData; if (!(mc->pTmpKeys[SSL_TKPIDX_RSA512] = - d2i_RSAPrivateKey(NULL, &ucp, asn1->nData))) + d2i_RSAPrivateKey(NULL, &ptr, asn1->nData))) { ssl_log(s, SSL_LOG_ERROR, "Init: Failed to load temporary " @@ -394,9 +394,9 @@ void ssl_init_TmpKeysHandle(int action, server_rec *s, apr_pool_t *p) /* allocate 1024 bit RSA key */ if ((asn1 = ssl_asn1_table_get(mc->tTmpKeys, "RSA:1024"))) { - ucp = asn1->cpData; + ptr = asn1->cpData; if (!(mc->pTmpKeys[SSL_TKPIDX_RSA1024] = - d2i_RSAPrivateKey(NULL, &ucp, asn1->nData))) + d2i_RSAPrivateKey(NULL, &ptr, asn1->nData))) { ssl_log(s, SSL_LOG_ERROR, "Init: Failed to load temporary " @@ -411,9 +411,9 @@ void ssl_init_TmpKeysHandle(int action, server_rec *s, apr_pool_t *p) /* allocate 512 bit DH param */ if ((asn1 = ssl_asn1_table_get(mc->tTmpKeys, "DH:512"))) { - ucp = asn1->cpData; + ptr = asn1->cpData; if (!(mc->pTmpKeys[SSL_TKPIDX_DH512] = - d2i_DHparams(NULL, &ucp, asn1->nData))) + d2i_DHparams(NULL, &ptr, asn1->nData))) { ssl_log(s, SSL_LOG_ERROR, "Init: Failed to load temporary " @@ -424,9 +424,9 @@ void ssl_init_TmpKeysHandle(int action, server_rec *s, apr_pool_t *p) /* allocate 1024 bit DH param */ if ((asn1 = ssl_asn1_table_get(mc->tTmpKeys, "DH:1024"))) { - ucp = asn1->cpData; + ptr = asn1->cpData; if (!(mc->pTmpKeys[SSL_TKPIDX_DH1024] = - d2i_DHparams(NULL, &ucp, asn1->nData))) + d2i_DHparams(NULL, &ptr, asn1->nData))) { ssl_log(s, SSL_LOG_ERROR, "Init: Failed to load temporary " @@ -448,22 +448,22 @@ void ssl_init_ConfigureServer(server_rec *s, apr_pool_t *p, SSLSrvConfigRec *sc) { SSLModConfigRec *mc = myModConfig(s); - int nVerify = SSL_VERIFY_NONE; - char *cp, *cpVHostID; - EVP_PKEY *pKey; + int verify = SSL_VERIFY_NONE; + char *cp, *vhost_id; + EVP_PKEY *pkey; SSL_CTX *ctx; - STACK_OF(X509_NAME) *skCAList; + STACK_OF(X509_NAME) *ca_list; ssl_asn1_t *asn1; - unsigned char *ucp; + unsigned char *ptr; BOOL ok = FALSE; - int isca, pathlen; + int is_ca, pathlen; int i, n; long cache_mode; /* * Create the server host:port string because we need it a lot */ - sc->szVHostID = cpVHostID = ssl_util_vhostid(p, s); + sc->szVHostID = vhost_id = ssl_util_vhostid(p, s); sc->nVHostID_length = strlen(sc->szVHostID); /* @@ -473,7 +473,7 @@ void ssl_init_ConfigureServer(server_rec *s, apr_pool_t *p, if (!sc->szPublicCertFile[0]) { ssl_log(s, SSL_LOG_ERROR, "Init: (%s) No SSL Certificate set [hint: SSLCertificateFile]", - cpVHostID); + vhost_id); ssl_die(); } @@ -485,7 +485,7 @@ void ssl_init_ConfigureServer(server_rec *s, apr_pool_t *p, { ssl_log(s, SSL_LOG_ERROR, "Init: (%s) Illegal attempt to re-initialise SSL for server " - "(theoretically shouldn't happen!)", cpVHostID); + "(theoretically shouldn't happen!)", vhost_id); ssl_die(); } @@ -495,7 +495,7 @@ void ssl_init_ConfigureServer(server_rec *s, apr_pool_t *p, if (sc->nProtocol == SSL_PROTOCOL_NONE) { ssl_log(s, SSL_LOG_ERROR, "Init: (%s) No SSL protocols available [hint: SSLProtocol]", - cpVHostID); + vhost_id); ssl_die(); } @@ -508,7 +508,7 @@ void ssl_init_ConfigureServer(server_rec *s, apr_pool_t *p, ssl_log(s, SSL_LOG_TRACE, "Init: (%s) Creating new SSL context (protocols: %s)", - cpVHostID, cp); + vhost_id, cp); if (sc->nProtocol == SSL_PROTOCOL_SSLV2) { ctx = SSL_CTX_new(SSLv2_server_method()); /* only SSLv2 is left */ @@ -556,16 +556,16 @@ void ssl_init_ConfigureServer(server_rec *s, apr_pool_t *p, * Configure callbacks for SSL context */ if (sc->nVerifyClient == SSL_CVERIFY_REQUIRE) { - nVerify |= SSL_VERIFY_PEER_STRICT; + verify |= SSL_VERIFY_PEER_STRICT; } if ((sc->nVerifyClient == SSL_CVERIFY_OPTIONAL) || (sc->nVerifyClient == SSL_CVERIFY_OPTIONAL_NO_CA)) { - nVerify |= SSL_VERIFY_PEER; + verify |= SSL_VERIFY_PEER; } - SSL_CTX_set_verify(ctx, nVerify, ssl_callback_SSLVerify); + SSL_CTX_set_verify(ctx, verify, ssl_callback_SSLVerify); SSL_CTX_sess_set_new_cb(ctx, ssl_callback_NewSessionCacheEntry); SSL_CTX_sess_set_get_cb(ctx, ssl_callback_GetSessionCacheEntry); @@ -585,12 +585,12 @@ void ssl_init_ConfigureServer(server_rec *s, apr_pool_t *p, if (sc->szCipherSuite) { ssl_log(s, SSL_LOG_TRACE, "Init: (%s) Configuring permitted SSL ciphers [%s]", - cpVHostID, sc->szCipherSuite); + vhost_id, sc->szCipherSuite); if (!SSL_CTX_set_cipher_list(ctx, sc->szCipherSuite)) { ssl_log(s, SSL_LOG_ERROR|SSL_ADD_SSLERR, "Init: (%s) Unable to configure permitted SSL ciphers", - cpVHostID); + vhost_id); ssl_die(); } } @@ -600,7 +600,7 @@ void ssl_init_ConfigureServer(server_rec *s, apr_pool_t *p, */ if (sc->szCACertificateFile || sc->szCACertificatePath) { ssl_log(s, SSL_LOG_TRACE, - "Init: (%s) Configuring client authentication", cpVHostID); + "Init: (%s) Configuring client authentication", vhost_id); if (!SSL_CTX_load_verify_locations(ctx, sc->szCACertificateFile, @@ -608,22 +608,22 @@ void ssl_init_ConfigureServer(server_rec *s, apr_pool_t *p, { ssl_log(s, SSL_LOG_ERROR|SSL_ADD_SSLERR, "Init: (%s) Unable to configure verify locations " - "for client authentication", cpVHostID); + "for client authentication", vhost_id); ssl_die(); } - skCAList = ssl_init_FindCAList(s, p, - sc->szCACertificateFile, - sc->szCACertificatePath); - if (!skCAList) { + ca_list = ssl_init_FindCAList(s, p, + sc->szCACertificateFile, + sc->szCACertificatePath); + if (!ca_list) { ssl_log(s, SSL_LOG_ERROR, "Init: (%s) Unable to determine list of available " "CA certificates for client authentication", - cpVHostID); + vhost_id); ssl_die(); } - SSL_CTX_set_client_CA_list(sc->pSSLCtx, (STACK *)skCAList); + SSL_CTX_set_client_CA_list(sc->pSSLCtx, (STACK *)ca_list); } /* @@ -632,7 +632,7 @@ void ssl_init_ConfigureServer(server_rec *s, apr_pool_t *p, if (sc->szCARevocationFile || sc->szCARevocationPath) { ssl_log(s, SSL_LOG_TRACE, "Init: (%s) Configuring certificate revocation facility", - cpVHostID); + vhost_id); sc->pRevocationStore = SSL_X509_STORE_create((char *)sc->szCARevocationFile, @@ -642,7 +642,7 @@ void ssl_init_ConfigureServer(server_rec *s, apr_pool_t *p, ssl_log(s, SSL_LOG_ERROR|SSL_ADD_SSLERR, "Init: (%s) Unable to configure X.509 CRL storage " "for certificate revocation", - cpVHostID); + vhost_id); ssl_die(); } } @@ -652,9 +652,9 @@ void ssl_init_ConfigureServer(server_rec *s, apr_pool_t *p, * should take place. This cannot work. */ if (sc->nVerifyClient == SSL_CVERIFY_REQUIRE) { - skCAList = (STACK_OF(X509_NAME) *)SSL_CTX_get_client_CA_list(ctx); + ca_list = (STACK_OF(X509_NAME) *)SSL_CTX_get_client_CA_list(ctx); - if (sk_X509_NAME_num(skCAList) == 0) { + if (sk_X509_NAME_num(ca_list) == 0) { ssl_log(s, SSL_LOG_WARN, "Init: Ops, you want to request client authentication, " "but no CAs are known for verification!? " @@ -665,54 +665,54 @@ void ssl_init_ConfigureServer(server_rec *s, apr_pool_t *p, /* * Configure server certificate(s) */ - cp = apr_psprintf(p, "%s:RSA", cpVHostID); + cp = apr_psprintf(p, "%s:RSA", vhost_id); if ((asn1 = ssl_asn1_table_get(mc->tPublicCert, cp))) { ssl_log(s, SSL_LOG_TRACE, "Init: (%s) Configuring RSA server certificate", - cpVHostID); + vhost_id); - ucp = asn1->cpData; + ptr = asn1->cpData; if (!(sc->pPublicCert[SSL_AIDX_RSA] = - d2i_X509(NULL, &ucp, asn1->nData))) + d2i_X509(NULL, &ptr, asn1->nData))) { ssl_log(s, SSL_LOG_ERROR|SSL_ADD_SSLERR, "Init: (%s) Unable to import RSA server certificate", - cpVHostID); + vhost_id); ssl_die(); } if (SSL_CTX_use_certificate(ctx, sc->pPublicCert[SSL_AIDX_RSA]) <= 0) { ssl_log(s, SSL_LOG_ERROR|SSL_ADD_SSLERR, "Init: (%s) Unable to configure RSA server certificate", - cpVHostID); + vhost_id); ssl_die(); } ok = TRUE; } - cp = apr_psprintf(p, "%s:DSA", cpVHostID); + cp = apr_psprintf(p, "%s:DSA", vhost_id); if ((asn1 = ssl_asn1_table_get(mc->tPublicCert, cp))) { ssl_log(s, SSL_LOG_TRACE, "Init: (%s) Configuring DSA server certificate", - cpVHostID); + vhost_id); - ucp = asn1->cpData; + ptr = asn1->cpData; if (!(sc->pPublicCert[SSL_AIDX_DSA] = - d2i_X509(NULL, &ucp, asn1->nData))) + d2i_X509(NULL, &ptr, asn1->nData))) { ssl_log(s, SSL_LOG_ERROR|SSL_ADD_SSLERR, "Init: (%s) Unable to import DSA server certificate", - cpVHostID); + vhost_id); ssl_die(); } if (SSL_CTX_use_certificate(ctx, sc->pPublicCert[SSL_AIDX_DSA]) <= 0) { ssl_log(s, SSL_LOG_ERROR|SSL_ADD_SSLERR, "Init: (%s) Unable to configure DSA server certificate", - cpVHostID); + vhost_id); ssl_die(); } @@ -722,11 +722,11 @@ void ssl_init_ConfigureServer(server_rec *s, apr_pool_t *p, if (!ok) { ssl_log(s, SSL_LOG_ERROR, "Init: (%s) Ops, no RSA or DSA server certificate found?!", - cpVHostID); + vhost_id); ssl_log(s, SSL_LOG_ERROR, "Init: (%s) You have to perform a *full* server restart " "when you added or removed a certificate and/or key file", - cpVHostID); + vhost_id); ssl_die(); } @@ -739,16 +739,16 @@ void ssl_init_ConfigureServer(server_rec *s, apr_pool_t *p, ssl_log(s, SSL_LOG_INFO, "Init: (%s) %s server certificate enables " "Server Gated Cryptography (SGC)", - cpVHostID, (i == SSL_AIDX_RSA ? "RSA" : "DSA")); + vhost_id, (i == SSL_AIDX_RSA ? "RSA" : "DSA")); } - if (SSL_X509_getBC(sc->pPublicCert[i], &isca, &pathlen)) { - if (isca) { + if (SSL_X509_getBC(sc->pPublicCert[i], &is_ca, &pathlen)) { + if (is_ca) { ssl_log(s, SSL_LOG_WARN, "Init: (%s) %s server certificate " "is a CA certificate " "(BasicConstraints: CA == TRUE !?)", - cpVHostID, (i == SSL_AIDX_RSA ? "RSA" : "DSA")); + vhost_id, (i == SSL_AIDX_RSA ? "RSA" : "DSA")); } if (pathlen > 0) { @@ -756,7 +756,7 @@ void ssl_init_ConfigureServer(server_rec *s, apr_pool_t *p, "Init: (%s) %s server certificate " "is not a leaf certificate " "(BasicConstraints: pathlen == %d > 0 !?)", - cpVHostID, (i == SSL_AIDX_RSA ? "RSA" : "DSA"), + vhost_id, (i == SSL_AIDX_RSA ? "RSA" : "DSA"), pathlen); } } @@ -772,7 +772,7 @@ void ssl_init_ConfigureServer(server_rec *s, apr_pool_t *p, "Init: (%s) %s server certificate " "wildcard CommonName (CN) `%s' " "does NOT match server name!?", - cpVHostID, (i == SSL_AIDX_RSA ? "RSA" : "DSA"), + vhost_id, (i == SSL_AIDX_RSA ? "RSA" : "DSA"), cp); } else if (strNE(s->server_hostname, cp)) { @@ -780,7 +780,7 @@ void ssl_init_ConfigureServer(server_rec *s, apr_pool_t *p, "Init: (%s) %s server certificate " "CommonName (CN) `%s' " "does NOT match server name!?", - cpVHostID, (i == SSL_AIDX_RSA ? "RSA" : "DSA"), + vhost_id, (i == SSL_AIDX_RSA ? "RSA" : "DSA"), cp); } } @@ -791,54 +791,54 @@ void ssl_init_ConfigureServer(server_rec *s, apr_pool_t *p, * Configure server private key(s) */ ok = FALSE; - cp = apr_psprintf(p, "%s:RSA", cpVHostID); + cp = apr_psprintf(p, "%s:RSA", vhost_id); if ((asn1 = ssl_asn1_table_get(mc->tPrivateKey, cp))) { ssl_log(s, SSL_LOG_TRACE, "Init: (%s) Configuring RSA server private key", - cpVHostID); + vhost_id); - ucp = asn1->cpData; + ptr = asn1->cpData; if (!(sc->pPrivateKey[SSL_AIDX_RSA] = - d2i_PrivateKey(EVP_PKEY_RSA, NULL, &ucp, asn1->nData))) + d2i_PrivateKey(EVP_PKEY_RSA, NULL, &ptr, asn1->nData))) { ssl_log(s, SSL_LOG_ERROR|SSL_ADD_SSLERR, "Init: (%s) Unable to import RSA server private key", - cpVHostID); + vhost_id); ssl_die(); } if (SSL_CTX_use_PrivateKey(ctx, sc->pPrivateKey[SSL_AIDX_RSA]) <= 0) { ssl_log(s, SSL_LOG_ERROR|SSL_ADD_SSLERR, "Init: (%s) Unable to configure RSA server private key", - cpVHostID); + vhost_id); ssl_die(); } ok = TRUE; } - cp = apr_psprintf(p, "%s:DSA", cpVHostID); + cp = apr_psprintf(p, "%s:DSA", vhost_id); if ((asn1 = ssl_asn1_table_get(mc->tPrivateKey, cp))) { ssl_log(s, SSL_LOG_TRACE, "Init: (%s) Configuring DSA server private key", - cpVHostID); + vhost_id); - ucp = asn1->cpData; + ptr = asn1->cpData; if (!(sc->pPrivateKey[SSL_AIDX_DSA] = - d2i_PrivateKey(EVP_PKEY_DSA, NULL, &ucp, asn1->nData))) + d2i_PrivateKey(EVP_PKEY_DSA, NULL, &ptr, asn1->nData))) { ssl_log(s, SSL_LOG_ERROR|SSL_ADD_SSLERR, "Init: (%s) Unable to import DSA server private key", - cpVHostID); + vhost_id); ssl_die(); } if (SSL_CTX_use_PrivateKey(ctx, sc->pPrivateKey[SSL_AIDX_DSA]) <= 0) { ssl_log(s, SSL_LOG_ERROR|SSL_ADD_SSLERR, "Init: (%s) Unable to configure DSA server private key", - cpVHostID); + vhost_id); ssl_die(); } @@ -848,7 +848,7 @@ void ssl_init_ConfigureServer(server_rec *s, apr_pool_t *p, if (!ok) { ssl_log(s, SSL_LOG_ERROR, "Init: (%s) Ops, no RSA or DSA server private key found?!", - cpVHostID); + vhost_id); ssl_die(); } @@ -859,12 +859,12 @@ void ssl_init_ConfigureServer(server_rec *s, apr_pool_t *p, if (sc->pPublicCert[SSL_AIDX_DSA] && sc->pPrivateKey[SSL_AIDX_DSA]) { - pKey = X509_get_pubkey(sc->pPublicCert[SSL_AIDX_DSA]); + pkey = X509_get_pubkey(sc->pPublicCert[SSL_AIDX_DSA]); - if (pKey && (EVP_PKEY_key_type(pKey) == EVP_PKEY_DSA) && - EVP_PKEY_missing_parameters(pKey)) + if (pkey && (EVP_PKEY_key_type(pkey) == EVP_PKEY_DSA) && + EVP_PKEY_missing_parameters(pkey)) { - EVP_PKEY_copy_parameters(pKey, + EVP_PKEY_copy_parameters(pkey, sc->pPrivateKey[SSL_AIDX_DSA]); } } @@ -884,41 +884,40 @@ void ssl_init_ConfigureServer(server_rec *s, apr_pool_t *p, * used only for the server certificate chain. */ if (sc->szCertificateChain) { - BOOL bSkipFirst = FALSE; + BOOL skip_first = FALSE; for (i = 0; (i < SSL_AIDX_MAX) && sc->szPublicCertFile[i]; i++) { if (strEQ(sc->szPublicCertFile[i], sc->szCertificateChain)) { - bSkipFirst = TRUE; + skip_first = TRUE; break; } } n = SSL_CTX_use_certificate_chain(ctx, (char *)sc->szCertificateChain, - bSkipFirst, NULL); + skip_first, NULL); if (n < 0) { ssl_log(s, SSL_LOG_ERROR, "Init: (%s) Failed to configure CA certificate chain!", - cpVHostID); + vhost_id); ssl_die(); } ssl_log(s, SSL_LOG_TRACE, "Init: (%s) Configuring server certificate chain " "(%d CA certificate%s)", - cpVHostID, n, n == 1 ? "" : "s"); + vhost_id, n, n == 1 ? "" : "s"); } } void ssl_init_CheckServers(server_rec *base_server, apr_pool_t *p) { - server_rec *s; - server_rec **ps; + server_rec *s, **ps; SSLSrvConfigRec *sc; - ssl_ds_table *t; - apr_pool_t *sp; + ssl_ds_table *table; + apr_pool_t *subpool; char *key; - BOOL bConflict = FALSE; + BOOL conflict = FALSE; /* * Give out warnings when a server has HTTPS configured @@ -950,8 +949,8 @@ void ssl_init_CheckServers(server_rec *base_server, apr_pool_t *p) * just the certificate/keys of one virtual host (which one cannot be said * easily - but that doesn't matter here). */ - apr_pool_create(&sp, p); - t = ssl_ds_table_make(sp, sizeof(server_rec *)); + apr_pool_create(&subpool, p); + table = ssl_ds_table_make(subpool, sizeof(server_rec *)); for (s = base_server; s; s = s->next) { sc = mySrvConfig(s); @@ -960,10 +959,10 @@ void ssl_init_CheckServers(server_rec *base_server, apr_pool_t *p) continue; } - key = apr_psprintf(sp, "%pA:%u", + key = apr_psprintf(subpool, "%pA:%u", &s->addrs->host_addr, s->addrs->host_port); - if ((ps = ssl_ds_table_get(t, key))) { + if ((ps = ssl_ds_table_get(table, key))) { ssl_log(base_server, SSL_LOG_WARN, "Init: SSL server IP/port conflict: " "%s (%s:%d) vs. %s (%s:%d)", @@ -973,19 +972,19 @@ void ssl_init_CheckServers(server_rec *base_server, apr_pool_t *p) ssl_util_vhostid(p, *ps), ((*ps)->defn_name ? (*ps)->defn_name : "unknown"), (*ps)->defn_line_number); - bConflict = TRUE; + conflict = TRUE; continue; } - ps = ssl_ds_table_push(t, key); + ps = ssl_ds_table_push(table, key); *ps = s; } - ssl_ds_table_kill(t); + ssl_ds_table_kill(table); /* XXX - It was giving some problem earlier - check it out - TBD */ - apr_pool_destroy(sp); + apr_pool_destroy(subpool); - if (bConflict) { + if (conflict) { ssl_log(base_server, SSL_LOG_WARN, "Init: You should not use name-based " "virtual hosts in conjunction with SSL!!"); @@ -997,7 +996,7 @@ static int ssl_init_FindCAList_X509NameCmp(X509_NAME **a, X509_NAME **b) return(X509_NAME_cmp(*a, *b)); } -static void ssl_init_PushCAList(STACK_OF(X509_NAME) *skCAList, +static void ssl_init_PushCAList(STACK_OF(X509_NAME) *ca_list, server_rec *s, const char *file) { int n; @@ -1023,9 +1022,9 @@ static void ssl_init_PushCAList(STACK_OF(X509_NAME) *skCAList, * we must also check for duplicates ourselves. */ - if (sk_X509_NAME_find(skCAList, name) < 0) { - /* this will be freed when skCAList is */ - sk_X509_NAME_push(skCAList, name); + if (sk_X509_NAME_find(ca_list, name) < 0) { + /* this will be freed when ca_list is */ + sk_X509_NAME_push(ca_list, name); } else { /* need to free this ourselves, else it will leak */ @@ -1037,55 +1036,55 @@ static void ssl_init_PushCAList(STACK_OF(X509_NAME) *skCAList, } STACK_OF(X509_NAME) *ssl_init_FindCAList(server_rec *s, - apr_pool_t *pp, - const char *cpCAfile, - const char *cpCApath) + apr_pool_t *p, + const char *ca_file, + const char *ca_path) { - STACK_OF(X509_NAME) *skCAList; - apr_pool_t *p; + STACK_OF(X509_NAME) *ca_list; + apr_pool_t *subpool; /* * Use a subpool so we don't bloat up the server pool which * is remains in memory for the complete operation time of * the server. */ - apr_pool_sub_make(&p, pp, NULL); + apr_pool_sub_make(&subpool, p, NULL); /* * Start with a empty stack/list where new * entries get added in sorted order. */ - skCAList = sk_X509_NAME_new(ssl_init_FindCAList_X509NameCmp); + ca_list = sk_X509_NAME_new(ssl_init_FindCAList_X509NameCmp); /* * Process CA certificate bundle file */ - if (cpCAfile) { - ssl_init_PushCAList(skCAList, s, cpCAfile); + if (ca_file) { + ssl_init_PushCAList(ca_list, s, ca_file); } /* * Process CA certificate path files */ - if (cpCApath) { + if (ca_path) { apr_dir_t *dir; apr_finfo_t direntry; apr_int32_t finfo_flags = APR_FINFO_MIN|APR_FINFO_NAME; - if (apr_dir_open(&dir, cpCApath, p) != APR_SUCCESS) { + if (apr_dir_open(&dir, ca_path, subpool) != APR_SUCCESS) { ssl_log(s, SSL_LOG_ERROR|SSL_ADD_ERRNO, "Init: Failed to open SSLCACertificatePath `%s'", - cpCApath); + ca_path); ssl_die(); } while ((apr_dir_read(&direntry, finfo_flags, dir)) == APR_SUCCESS) { - const char *cp; + const char *file; if (direntry.filetype == APR_DIR) { continue; /* don't try to load directories */ } - cp = apr_pstrcat(p, cpCApath, "/", direntry.name, NULL); - ssl_init_PushCAList(skCAList, s, cp); + file = apr_pstrcat(subpool, ca_path, "/", direntry.name, NULL); + ssl_init_PushCAList(ca_list, s, file); } apr_dir_close(dir); @@ -1094,10 +1093,10 @@ STACK_OF(X509_NAME) *ssl_init_FindCAList(server_rec *s, /* * Cleanup */ - sk_X509_NAME_set_cmp_func(skCAList, NULL); - apr_pool_destroy(p); + sk_X509_NAME_set_cmp_func(ca_list, NULL); + apr_pool_destroy(subpool); - return skCAList; + return ca_list; } void ssl_init_Child(apr_pool_t *p, server_rec *s) diff --git a/modules/ssl/ssl_engine_kernel.c b/modules/ssl/ssl_engine_kernel.c index 95d899f00b..4cb56d3651 100644 --- a/modules/ssl/ssl_engine_kernel.c +++ b/modules/ssl/ssl_engine_kernel.c @@ -73,7 +73,7 @@ apr_status_t ssl_hook_CloseConnection(SSLFilterRec *filter) { SSL *ssl = filter->pssl; - const char *cpType = ""; + const char *type = ""; conn_rec *conn; SSLConnRec *sslconn; @@ -126,19 +126,19 @@ apr_status_t ssl_hook_CloseConnection(SSLFilterRec *filter) /* send close notify, but don't wait for clients close notify (standard compliant and safe, so it's the DEFAULT!) */ SSL_set_shutdown(ssl, SSL_RECEIVED_SHUTDOWN); - cpType = "standard"; + type = "standard"; break; case SSL_SHUTDOWN_TYPE_UNCLEAN: /* perform no close notify handshake at all (violates the SSL/TLS standard!) */ SSL_set_shutdown(ssl, SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN); - cpType = "unclean"; + type = "unclean"; break; case SSL_SHUTDOWN_TYPE_ACCURATE: /* send close notify and wait for clients close notify (standard compliant, but usually causes connection hangs) */ SSL_set_shutdown(ssl, 0); - cpType = "accurate"; + type = "accurate"; break; } @@ -149,7 +149,7 @@ apr_status_t ssl_hook_CloseConnection(SSLFilterRec *filter) ssl_log(conn->base_server, SSL_LOG_INFO, "Connection to child %d closed with %s shutdown" "(server %s, client %s)", - conn->id, cpType, + conn->id, type, ssl_util_vhostid(conn->pool, conn->base_server), conn->remote_ip ? conn->remote_ip : "unknown"); } @@ -317,23 +317,23 @@ int ssl_hook_Access(request_rec *r) SSLConnRec *sslconn = myConnConfig(r->connection); SSL *ssl = sslconn ? sslconn->ssl : NULL; SSL_CTX *ctx = NULL; - apr_array_header_t *apRequirement; - ssl_require_t *pRequirements, *pRequirement; + apr_array_header_t *requires; + ssl_require_t *ssl_requires; char *cp; int ok, i; BOOL renegotiate = FALSE, renegotiate_quick = FALSE; #ifdef SSL_EXPERIMENTAL_PERDIRCA BOOL reconfigured_locations = FALSE; - STACK_OF(X509_NAME) *skCAList; - char *cpCAPath, *cpCAFile; + STACK_OF(X509_NAME) *ca_list; + char *ca_path, *ca_file; #endif X509 *cert; - STACK_OF(X509) *certstack; - X509_STORE *certstore; - X509_STORE_CTX certstorectx; - STACK_OF(SSL_CIPHER) *skCipherOld, *skCipher = NULL; - SSL_CIPHER *pCipher = NULL; - int depth, nVerifyOld, nVerify, n; + STACK_OF(X509) *cert_stack; + X509_STORE *cert_store; + X509_STORE_CTX cert_store_ctx; + STACK_OF(SSL_CIPHER) *cipher_list_old, *cipher_list = NULL; + SSL_CIPHER *cipher = NULL; + int depth, verify_old, verify, n; if (ssl) { ctx = SSL_get_SSL_CTX(ssl); @@ -405,13 +405,13 @@ int ssl_hook_Access(request_rec *r) /* remember old state */ if (dc->nOptions & SSL_OPT_OPTRENEGOTIATE) { - pCipher = SSL_get_current_cipher(ssl); + cipher = SSL_get_current_cipher(ssl); } else { - skCipherOld = (STACK_OF(SSL_CIPHER) *)SSL_get_ciphers(ssl); + cipher_list_old = (STACK_OF(SSL_CIPHER) *)SSL_get_ciphers(ssl); - if (skCipherOld) { - skCipherOld = sk_SSL_CIPHER_dup(skCipherOld); + if (cipher_list_old) { + cipher_list_old = sk_SSL_CIPHER_dup(cipher_list_old); } } @@ -421,55 +421,55 @@ int ssl_hook_Access(request_rec *r) "Unable to reconfigure (per-directory) " "permitted SSL ciphers"); - if (skCipherOld) { - sk_SSL_CIPHER_free(skCipherOld); + if (cipher_list_old) { + sk_SSL_CIPHER_free(cipher_list_old); } return HTTP_FORBIDDEN; } /* determine whether a renegotiation has to be forced */ - skCipher = (STACK_OF(SSL_CIPHER) *)SSL_get_ciphers(ssl); + cipher_list = (STACK_OF(SSL_CIPHER) *)SSL_get_ciphers(ssl); if (dc->nOptions & SSL_OPT_OPTRENEGOTIATE) { /* optimized way */ - if ((!pCipher && skCipher) || - (pCipher && !skCipher)) + if ((!cipher && cipher_list) || + (cipher && !cipher_list)) { renegotiate = TRUE; } - else if (pCipher && skCipher && - (sk_SSL_CIPHER_find(skCipher, pCipher) < 0)) + else if (cipher && cipher_list && + (sk_SSL_CIPHER_find(cipher_list, cipher) < 0)) { renegotiate = TRUE; } } else { /* paranoid way */ - if ((!skCipherOld && skCipher) || - (skCipherOld && !skCipher)) + if ((!cipher_list_old && cipher_list) || + (cipher_list_old && !cipher_list)) { renegotiate = TRUE; } - else if (skCipherOld && skCipher) { + else if (cipher_list_old && cipher_list) { for (n = 0; - !renegotiate && (n < sk_SSL_CIPHER_num(skCipher)); + !renegotiate && (n < sk_SSL_CIPHER_num(cipher_list)); n++) { - SSL_CIPHER *value = sk_SSL_CIPHER_value(skCipher, n); + SSL_CIPHER *value = sk_SSL_CIPHER_value(cipher_list, n); - if (sk_SSL_CIPHER_find(skCipherOld, value) < 0) { + if (sk_SSL_CIPHER_find(cipher_list_old, value) < 0) { renegotiate = TRUE; } } for (n = 0; - !renegotiate && (n < sk_SSL_CIPHER_num(skCipherOld)); + !renegotiate && (n < sk_SSL_CIPHER_num(cipher_list_old)); n++) { - SSL_CIPHER *value = sk_SSL_CIPHER_value(skCipherOld, n); + SSL_CIPHER *value = sk_SSL_CIPHER_value(cipher_list_old, n); - if (sk_SSL_CIPHER_find(skCipher, value) < 0) { + if (sk_SSL_CIPHER_find(cipher_list, value) < 0) { renegotiate = TRUE; } } @@ -477,8 +477,8 @@ int ssl_hook_Access(request_rec *r) } /* cleanup */ - if (skCipherOld) { - sk_SSL_CIPHER_free(skCipherOld); + if (cipher_list_old) { + sk_SSL_CIPHER_free(cipher_list_old); } /* tracing */ @@ -531,39 +531,39 @@ int ssl_hook_Access(request_rec *r) */ if (dc->nVerifyClient != SSL_CVERIFY_UNSET) { /* remember old state */ - nVerifyOld = SSL_get_verify_mode(ssl); + verify_old = SSL_get_verify_mode(ssl); /* configure new state */ - nVerify = SSL_VERIFY_NONE; + verify = SSL_VERIFY_NONE; if (dc->nVerifyClient == SSL_CVERIFY_REQUIRE) { - nVerify |= SSL_VERIFY_PEER_STRICT; + verify |= SSL_VERIFY_PEER_STRICT; } if ((dc->nVerifyClient == SSL_CVERIFY_OPTIONAL) || (dc->nVerifyClient == SSL_CVERIFY_OPTIONAL_NO_CA)) { - nVerify |= SSL_VERIFY_PEER; + verify |= SSL_VERIFY_PEER; } - SSL_set_verify(ssl, nVerify, ssl_callback_SSLVerify); + SSL_set_verify(ssl, verify, ssl_callback_SSLVerify); SSL_set_verify_result(ssl, X509_V_OK); /* determine whether we've to force a renegotiation */ - if (nVerify != nVerifyOld) { - if (((nVerifyOld == SSL_VERIFY_NONE) && - (nVerify != SSL_VERIFY_NONE)) || + if (verify != verify_old) { + if (((verify_old == SSL_VERIFY_NONE) && + (verify != SSL_VERIFY_NONE)) || - (!(nVerifyOld & SSL_VERIFY_PEER) && - (nVerify & SSL_VERIFY_PEER)) || + (!(verify_old & SSL_VERIFY_PEER) && + (verify & SSL_VERIFY_PEER)) || - (!(nVerifyOld & SSL_VERIFY_PEER_STRICT) && - (nVerify & SSL_VERIFY_PEER_STRICT))) + (!(verify_old & SSL_VERIFY_PEER_STRICT) && + (verify & SSL_VERIFY_PEER_STRICT))) { renegotiate = TRUE; /* optimization */ if ((dc->nOptions & SSL_OPT_OPTRENEGOTIATE) && - (nVerifyOld == SSL_VERIFY_NONE) && + (verify_old == SSL_VERIFY_NONE) && SSL_get_peer_certificate(ssl)) { renegotiate_quick = TRUE; @@ -600,18 +600,18 @@ int ssl_hook_Access(request_rec *r) if (MODSSL_CFG_NE(szCACertificateFile) || MODSSL_CFG_NE(szCACertificatePath)) { - cpCAFile = dc->szCACertificateFile ? + ca_file = dc->szCACertificateFile ? dc->szCACertificateFile : sc->szCACertificateFile; - cpCAPath = dc->szCACertificatePath ? + ca_path = dc->szCACertificatePath ? dc->szCACertificatePath : sc->szCACertificatePath; /* FIXME: This should be... - if (!SSL_load_verify_locations(ssl, cpCAFile, cpCAPath)) { + if (!SSL_load_verify_locations(ssl, ca_file, ca_path)) { ...but OpenSSL still doesn't provide this! */ - if (!SSL_CTX_load_verify_locations(ctx, cpCAFile, cpCAPath)) { + if (!SSL_CTX_load_verify_locations(ctx, ca_file, ca_path)) { ssl_log(r->server, SSL_LOG_ERROR|SSL_ADD_SSLERR, "Unable to reconfigure verify locations " "for client authentication"); @@ -619,8 +619,8 @@ int ssl_hook_Access(request_rec *r) return HTTP_FORBIDDEN; } - if (!(skCAList = ssl_init_FindCAList(r->server, r->pool, - cpCAFile, cpCAPath))) + if (!(ca_list = ssl_init_FindCAList(r->server, r->pool, + ca_file, ca_path))) { ssl_log(r->server, SSL_LOG_ERROR, "Unable to determine list of available " @@ -629,7 +629,7 @@ int ssl_hook_Access(request_rec *r) return HTTP_FORBIDDEN; } - SSL_set_client_CA_list(ssl, skCAList); + SSL_set_client_CA_list(ssl, ca_list); renegotiate = TRUE; reconfigured_locations = TRUE; @@ -731,41 +731,41 @@ int ssl_hook_Access(request_rec *r) "Performing quick renegotiation: " "just re-verifying the peer"); - if (!(certstore = SSL_CTX_get_cert_store(ctx))) { + if (!(cert_store = SSL_CTX_get_cert_store(ctx))) { ssl_log(r->server, SSL_LOG_ERROR, "Cannot find certificate storage"); return HTTP_FORBIDDEN; } - certstack = (STACK_OF(X509) *)SSL_get_peer_cert_chain(ssl); + cert_stack = (STACK_OF(X509) *)SSL_get_peer_cert_chain(ssl); - if (!certstack || (sk_X509_num(certstack) == 0)) { + if (!cert_stack || (sk_X509_num(cert_stack) == 0)) { ssl_log(r->server, SSL_LOG_ERROR, "Cannot find peer certificate chain"); return HTTP_FORBIDDEN; } - cert = sk_X509_value(certstack, 0); - X509_STORE_CTX_init(&certstorectx, certstore, cert, certstack); + cert = sk_X509_value(cert_stack, 0); + X509_STORE_CTX_init(&cert_store_ctx, cert_store, cert, cert_stack); depth = SSL_get_verify_depth(ssl); if (depth >= 0) { - X509_STORE_CTX_set_depth(&certstorectx, depth); + X509_STORE_CTX_set_depth(&cert_store_ctx, depth); } - X509_STORE_CTX_set_ex_data(&certstorectx, + X509_STORE_CTX_set_ex_data(&cert_store_ctx, SSL_get_ex_data_X509_STORE_CTX_idx(), (char *)ssl); - if (!X509_verify_cert(&certstorectx)) { + if (!X509_verify_cert(&cert_store_ctx)) { ssl_log(r->server, SSL_LOG_ERROR|SSL_ADD_SSLERR, "Re-negotiation verification step failed"); } - SSL_set_verify_result(ssl, certstorectx.error); - X509_STORE_CTX_cleanup(&certstorectx); + SSL_set_verify_result(ssl, cert_store_ctx.error); + X509_STORE_CTX_cleanup(&cert_store_ctx); } else { request_rec *id = r->main ? r->main : r; @@ -816,9 +816,9 @@ int ssl_hook_Access(request_rec *r) * Finally check for acceptable renegotiation results */ if (dc->nVerifyClient != SSL_CVERIFY_NONE) { - BOOL verify = (dc->nVerifyClient == SSL_CVERIFY_REQUIRE); + BOOL do_verify = (dc->nVerifyClient == SSL_CVERIFY_REQUIRE); - if (verify && (SSL_get_verify_result(ssl) != X509_V_OK)) { + if (do_verify && (SSL_get_verify_result(ssl) != X509_V_OK)) { ssl_log(r->server, SSL_LOG_ERROR, "Re-negotiation handshake failed: " "Client verification failed"); @@ -826,7 +826,7 @@ int ssl_hook_Access(request_rec *r) return HTTP_FORBIDDEN; } - if (verify && !SSL_get_peer_certificate(ssl)) { + if (do_verify && !SSL_get_peer_certificate(ssl)) { ssl_log(r->server, SSL_LOG_ERROR, "Re-negotiation handshake failed: " "Client certificate missing"); @@ -860,12 +860,12 @@ int ssl_hook_Access(request_rec *r) /* * Check SSLRequire boolean expressions */ - apRequirement = dc->aRequirement; - pRequirements = (ssl_require_t *)apRequirement->elts; + requires = dc->aRequirement; + ssl_requires = (ssl_require_t *)requires->elts; - for (i = 0; i < apRequirement->nelts; i++) { - pRequirement = &pRequirements[i]; - ok = ssl_expr_exec(r, pRequirement->mpExpr); + for (i = 0; i < requires->nelts; i++) { + ssl_require_t *req = &ssl_requires[i]; + ok = ssl_expr_exec(r, req->mpExpr); if (ok < 0) { cp = apr_psprintf(r->pool, @@ -890,7 +890,7 @@ int ssl_hook_Access(request_rec *r) r->filename, r->connection->remote_ip); ssl_log(r->server, SSL_LOG_INFO, - "Failed expression: %s", pRequirement->cpExpr); + "Failed expression: %s", req->cpExpr); ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r, "access to %s failed, reason: %s", @@ -929,9 +929,9 @@ int ssl_hook_UserCheck(request_rec *r) SSLConnRec *sslconn = myConnConfig(r->connection); SSLSrvConfigRec *sc = mySrvConfig(r->server); SSLDirConfigRec *dc = myDirConfig(r); - char b1[MAX_STRING_LEN], b2[MAX_STRING_LEN]; + char buf1[MAX_STRING_LEN], buf2[MAX_STRING_LEN]; char *clientdn; - const char *cpAL, *cpUN, *cpPW; + const char *auth_line, *username, *password; /* * Additionally forbid access (again) @@ -949,17 +949,17 @@ int ssl_hook_UserCheck(request_rec *r) * ("/XX=YYY/XX=YYY/..") as the username and "password" as the * password. */ - if ((cpAL = apr_table_get(r->headers_in, "Authorization"))) { - if (strcEQ(ap_getword(r->pool, &cpAL, ' '), "Basic")) { - while ((*cpAL == ' ') || (*cpAL == '\t')) { - cpAL++; + if ((auth_line = apr_table_get(r->headers_in, "Authorization"))) { + if (strcEQ(ap_getword(r->pool, &auth_line, ' '), "Basic")) { + while ((*auth_line == ' ') || (*auth_line == '\t')) { + auth_line++; } - cpAL = ap_pbase64decode(r->pool, cpAL); - cpUN = ap_getword_nulls(r->pool, &cpAL, ':'); - cpPW = cpAL; + auth_line = ap_pbase64decode(r->pool, auth_line); + username = ap_getword_nulls(r->pool, &auth_line, ':'); + password = auth_line; - if ((cpUN[0] == '/') && strEQ(cpPW, "password")) { + if ((username[0] == '/') && strEQ(password, "password")) { return HTTP_FORBIDDEN; } } @@ -998,14 +998,14 @@ int ssl_hook_UserCheck(request_rec *r) * adding the string "xxj31ZMTZzkVA" as the password in the user file. * This is just the crypted variant of the word "password" ;-) */ - apr_snprintf(b1, sizeof(b1), "%s:password", clientdn); - ssl_util_uuencode(b2, b1, FALSE); + apr_snprintf(buf1, sizeof(buf1), "%s:password", clientdn); + ssl_util_uuencode(buf2, buf1, FALSE); - apr_snprintf(b1, sizeof(b1), "Basic %s", b2); - apr_table_set(r->headers_in, "Authorization", b1); + apr_snprintf(buf1, sizeof(buf1), "Basic %s", buf2); + apr_table_set(r->headers_in, "Authorization", buf1); ssl_log(r->server, SSL_LOG_INFO, - "Faking HTTP Basic Auth header: \"Authorization: %s\"", b1); + "Faking HTTP Basic Auth header: \"Authorization: %s\"", buf1); return DECLINED; } @@ -1118,9 +1118,9 @@ int ssl_hook_Fixup(request_rec *r) SSLConnRec *sslconn = myConnConfig(r->connection); SSLSrvConfigRec *sc = mySrvConfig(r->server); SSLDirConfigRec *dc = myDirConfig(r); - apr_table_t *e = r->subprocess_env; + apr_table_t *env = r->subprocess_env; char *var, *val = ""; - STACK_OF(X509) *sk; + STACK_OF(X509) *peer_certs; SSL *ssl; int i; @@ -1135,7 +1135,7 @@ int ssl_hook_Fixup(request_rec *r) * Annotate the SSI/CGI environment with standard SSL information */ /* the always present HTTPS (=HTTP over SSL) flag! */ - apr_table_setn(e, "HTTPS", "on"); + apr_table_setn(env, "HTTPS", "on"); /* standard SSL environment variables */ if (dc->nOptions & SSL_OPT_STDENVVARS) { @@ -1143,7 +1143,7 @@ int ssl_hook_Fixup(request_rec *r) var = (char *)ssl_hook_Fixup_vars[i]; val = ssl_var_lookup(r->pool, r->server, r->connection, r, var); if (!strIsEmpty(val)) { - apr_table_set(e, var, val); + apr_table_setn(env, var, val); } } } @@ -1155,20 +1155,20 @@ int ssl_hook_Fixup(request_rec *r) val = ssl_var_lookup(r->pool, r->server, r->connection, r, "SSL_SERVER_CERT"); - apr_table_setn(e, "SSL_SERVER_CERT", val); + apr_table_setn(env, "SSL_SERVER_CERT", val); val = ssl_var_lookup(r->pool, r->server, r->connection, r, "SSL_CLIENT_CERT"); - apr_table_setn(e, "SSL_CLIENT_CERT", val); + apr_table_setn(env, "SSL_CLIENT_CERT", val); - if ((sk = (STACK_OF(X509) *)SSL_get_peer_cert_chain(ssl))) { - for (i = 0; i < sk_X509_num(sk); i++) { + if ((peer_certs = (STACK_OF(X509) *)SSL_get_peer_cert_chain(ssl))) { + for (i = 0; i < sk_X509_num(peer_certs); i++) { var = apr_psprintf(r->pool, "SSL_CLIENT_CERT_CHAIN_%d", i); val = ssl_var_lookup(r->pool, r->server, r->connection, r, var); if (val) { - apr_table_setn(e, var, val); + apr_table_setn(env, var, val); } } } @@ -1217,18 +1217,18 @@ int ssl_hook_Fixup(request_rec *r) * which we now just handle out on demand.... */ -RSA *ssl_callback_TmpRSA(SSL *pSSL, int nExport, int nKeyLen) +RSA *ssl_callback_TmpRSA(SSL *ssl, int export, int keylen) { - conn_rec *c = (conn_rec *)SSL_get_app_data(pSSL); + conn_rec *c = (conn_rec *)SSL_get_app_data(ssl); SSLModConfigRec *mc = myModConfig(c->base_server); RSA *rsa = NULL; - if (nExport) { + if (export) { /* It's because an export cipher is used */ - if (nKeyLen == 512) { + if (keylen == 512) { rsa = (RSA *)mc->pTmpKeys[SSL_TKPIDX_RSA512]; } - else if (nKeyLen == 1024) { + else if (keylen == 1024) { rsa = (RSA *)mc->pTmpKeys[SSL_TKPIDX_RSA1024]; } else { @@ -1247,18 +1247,18 @@ RSA *ssl_callback_TmpRSA(SSL *pSSL, int nExport, int nKeyLen) /* * Handle out the already generated DH parameters... */ -DH *ssl_callback_TmpDH(SSL *pSSL, int nExport, int nKeyLen) +DH *ssl_callback_TmpDH(SSL *ssl, int export, int keylen) { - conn_rec *c = (conn_rec *)SSL_get_app_data(pSSL); + conn_rec *c = (conn_rec *)SSL_get_app_data(ssl); SSLModConfigRec *mc = myModConfig(c->base_server); DH *dh = NULL; - if (nExport) { + if (export) { /* It's because an export cipher is used */ - if (nKeyLen == 512) { + if (keylen == 512) { dh = (DH *)mc->pTmpKeys[SSL_TKPIDX_DH512]; } - else if (nKeyLen == 1024) { + else if (keylen == 1024) { dh = (DH *)mc->pTmpKeys[SSL_TKPIDX_DH1024]; } else { @@ -1291,7 +1291,6 @@ int ssl_callback_SSLVerify(int ok, X509_STORE_CTX *ctx) SSLConnRec *sslconn = myConnConfig(conn); /* Get verify ingredients */ - X509 *xs = X509_STORE_CTX_get_current_cert(ctx); int errnum = X509_STORE_CTX_get_error(ctx); int errdepth = X509_STORE_CTX_get_error_depth(ctx); int depth, verify; @@ -1300,21 +1299,22 @@ int ssl_callback_SSLVerify(int ok, X509_STORE_CTX *ctx) * Log verification information */ if (sc->nLogLevel >= SSL_LOG_TRACE) { - char *cp = X509_NAME_oneline(X509_get_subject_name(xs), NULL, 0); - char *cp2 = X509_NAME_oneline(X509_get_issuer_name(xs), NULL, 0); + X509 *cert = X509_STORE_CTX_get_current_cert(ctx); + char *sname = X509_NAME_oneline(X509_get_subject_name(cert), NULL, 0); + char *iname = X509_NAME_oneline(X509_get_issuer_name(cert), NULL, 0); ssl_log(s, SSL_LOG_TRACE, "Certificate Verification: depth: %d, subject: %s, issuer: %s", errdepth, - cp ? cp : "-unknown-", - cp2 ? cp2 : "-unknown-"); + sname ? sname : "-unknown-", + iname ? iname : "-unknown-"); - if (cp) { - free(cp); + if (sname) { + free(sname); } - if (cp2) { - free(cp2); + if (iname) { + free(iname); } } @@ -1394,7 +1394,7 @@ int ssl_callback_SSLVerify_CRL(int ok, X509_STORE_CTX *ctx, server_rec *s) SSLSrvConfigRec *sc = mySrvConfig(s); X509_OBJECT obj; X509_NAME *subject, *issuer; - X509 *xs; + X509 *cert; X509_CRL *crl; BIO *bio; int i, n, rc; @@ -1410,9 +1410,9 @@ int ssl_callback_SSLVerify_CRL(int ok, X509_STORE_CTX *ctx, server_rec *s) /* * Determine certificate ingredients in advance */ - xs = X509_STORE_CTX_get_current_cert(ctx); - subject = X509_get_subject_name(xs); - issuer = X509_get_issuer_name(xs); + cert = X509_STORE_CTX_get_current_cert(ctx); + subject = X509_get_subject_name(cert); + issuer = X509_get_issuer_name(cert); /* * OpenSSL provides the general mechanism to deal with CRLs but does not @@ -1487,7 +1487,7 @@ int ssl_callback_SSLVerify_CRL(int ok, X509_STORE_CTX *ctx, server_rec *s) /* * Verify the signature on this CRL */ - if (X509_CRL_verify(crl, X509_get_pubkey(xs)) <= 0) { + if (X509_CRL_verify(crl, X509_get_pubkey(cert)) <= 0) { ssl_log(s, SSL_LOG_WARN, "Invalid signature on CRL"); X509_STORE_CTX_set_error(ctx, X509_V_ERR_CRL_SIGNATURE_FAILURE); @@ -1547,7 +1547,7 @@ int ssl_callback_SSLVerify_CRL(int ok, X509_STORE_CTX *ctx, server_rec *s) ASN1_INTEGER *sn = X509_REVOKED_get_serialNumber(revoked); - if (!ASN1_INTEGER_cmp(sn, X509_get_serialNumber(xs))) { + if (!ASN1_INTEGER_cmp(sn, X509_get_serialNumber(cert))) { if (sc->nLogLevel >= SSL_LOG_INFO) { char *cp = X509_NAME_oneline(issuer, NULL, 0); long serial = ASN1_INTEGER_get(sn); @@ -1578,7 +1578,7 @@ int ssl_callback_SSLVerify_CRL(int ok, X509_STORE_CTX *ctx, server_rec *s) * SSL_SESSION also to the inter-process disk-cache to make share it with our * other Apache pre-forked server processes. */ -int ssl_callback_NewSessionCacheEntry(SSL *ssl, SSL_SESSION *pNew) +int ssl_callback_NewSessionCacheEntry(SSL *ssl, SSL_SESSION *session) { /* Get Apache context back through OpenSSL context */ conn_rec *conn = (conn_rec *)SSL_get_app_data(ssl); @@ -1593,18 +1593,18 @@ int ssl_callback_NewSessionCacheEntry(SSL *ssl, SSL_SESSION *pNew) * Set the timeout also for the internal OpenSSL cache, because this way * our inter-process cache is consulted only when it's really necessary. */ - SSL_set_timeout(pNew, timeout); + SSL_set_timeout(session, timeout); /* * Store the SSL_SESSION in the inter-process cache with the * same expire time, so it expires automatically there, too. */ - session_id = SSL_SESSION_get_session_id(pNew); - session_id_length = SSL_SESSION_get_session_id_length(pNew); + session_id = SSL_SESSION_get_session_id(session); + session_id_length = SSL_SESSION_get_session_id_length(session); - timeout += SSL_get_time(pNew); + timeout += SSL_get_time(session); rc = ssl_scache_store(s, session_id, session_id_length, - timeout, pNew); + timeout, session); /* * Log this cache operation @@ -1617,7 +1617,7 @@ int ssl_callback_NewSessionCacheEntry(SSL *ssl, SSL_SESSION *pNew) (timeout - time(NULL))); /* - * return 0 which means to OpenSSL that the pNew is still + * return 0 which means to OpenSSL that the session is still * valid and was not freed by us with SSL_SESSION_free(). */ return 0; @@ -1632,22 +1632,22 @@ int ssl_callback_NewSessionCacheEntry(SSL *ssl, SSL_SESSION *pNew) */ SSL_SESSION *ssl_callback_GetSessionCacheEntry(SSL *ssl, unsigned char *id, - int idlen, int *pCopy) + int idlen, int *do_copy) { /* Get Apache context back through OpenSSL context */ conn_rec *conn = (conn_rec *)SSL_get_app_data(ssl); server_rec *s = conn->base_server; - SSL_SESSION *pSession; + SSL_SESSION *session; /* * Try to retrieve the SSL_SESSION from the inter-process cache */ - pSession = ssl_scache_retrieve(s, id, idlen); + session = ssl_scache_retrieve(s, id, idlen); /* * Log this cache operation */ - if (pSession) { + if (session) { ssl_log(s, SSL_LOG_TRACE, "Inter-Process Session Cache: " "request=GET status=FOUND id=%s (session reuse)", SSL_SESSION_id2sz(id, idlen)); @@ -1659,13 +1659,13 @@ SSL_SESSION *ssl_callback_GetSessionCacheEntry(SSL *ssl, } /* * Return NULL or the retrieved SSL_SESSION. But indicate (by - * setting pCopy to 0) that the reference count on the + * setting do_copy to 0) that the reference count on the * SSL_SESSION should not be incremented by the SSL library, * because we will no longer hold a reference to it ourself. */ - *pCopy = 0; + *do_copy = 0; - return pSession; + return session; } /* @@ -1675,7 +1675,7 @@ SSL_SESSION *ssl_callback_GetSessionCacheEntry(SSL *ssl, * disk-cache, too. */ void ssl_callback_DelSessionCacheEntry(SSL_CTX *ctx, - SSL_SESSION *pSession) + SSL_SESSION *session) { server_rec *s; unsigned char *session_id; @@ -1691,8 +1691,8 @@ void ssl_callback_DelSessionCacheEntry(SSL_CTX *ctx, /* * Remove the SSL_SESSION from the inter-process cache */ - session_id = SSL_SESSION_get_session_id(pSession); - session_id_length = SSL_SESSION_get_session_id_length(pSession); + session_id = SSL_SESSION_get_session_id(session); + session_id_length = SSL_SESSION_get_session_id_length(session); ssl_scache_remove(s, session_id, session_id_length); @@ -1716,7 +1716,6 @@ void ssl_callback_LogTracingState(SSL *ssl, int where, int rc) conn_rec *c; server_rec *s; SSLSrvConfigRec *sc; - char *str; /* * find corresponding server @@ -1755,7 +1754,7 @@ void ssl_callback_LogTracingState(SSL *ssl, int where, int rc) SSL_LIBRARY_NAME, SSL_state_string_long(ssl)); } else if (where & SSL_CB_ALERT) { - str = (where & SSL_CB_READ) ? "read" : "write"; + char *str = (where & SSL_CB_READ) ? "read" : "write"; ssl_log(s, SSL_LOG_TRACE, "%s: Alert: %s:%s:%s\n", SSL_LIBRARY_NAME, str, SSL_alert_type_string_long(rc), -- 2.40.0