From c0a1206db728075700cc7bd1afcdab9c78ec6626 Mon Sep 17 00:00:00 2001 From: Rainer Jung Date: Sun, 25 Oct 2015 11:57:28 +0000 Subject: [PATCH] Extend expression parser registration to support ssl variables in any expression using mod_rewrite syntax "%{SSL:VARNAME}" or function syntax "ssl(VARNAME)". Backport of r1707002 and r1709596 from trunk. Committed By: rjung Backported By: rjung Reviewed by: rjung, ylavic, sf git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1710433 13f79535-47bb-0310-9956-ffa450edef68 --- CHANGES | 3 +++ STATUS | 7 ------- docs/manual/mod/mod_ssl.xml | 24 ++++++++++++++++++++++++ modules/ssl/ssl_engine_vars.c | 17 +++++++++++++++++ 4 files changed, 44 insertions(+), 7 deletions(-) diff --git a/CHANGES b/CHANGES index c7e204f9b0..f2a2ff5722 100644 --- a/CHANGES +++ b/CHANGES @@ -2,6 +2,9 @@ Changes with Apache 2.4.18 + *) mod_ssl: Extend expression parser registration to support ssl variables + in any expression using mod_rewrite syntax "%{SSL:VARNAME}" or function + syntax "ssl(VARNAME)". [Rainer Jung] Changes with Apache 2.4.17 diff --git a/STATUS b/STATUS index 8383be8d23..2de4290a02 100644 --- a/STATUS +++ b/STATUS @@ -110,13 +110,6 @@ RELEASE SHOWSTOPPERS: PATCHES ACCEPTED TO BACKPORT FROM TRUNK: [ start all new proposals below, under PATCHES PROPOSED. ] - * mod_ssl: Extend expression parser registration to support ssl variables - in any expression using mod_rewrite syntax "%{SSL:VARNAME}" or function - syntax "ssl(VARIABLE)". - trunk patch: http://svn.apache.org/r1707002 - 2.4.x patch: trunk works (modulo CHANGES) - +1: rjung, ylavic, sf (plus doc fix pointed out by minfrin) - minfrin: Tiny nit: http://svn.apache.org/r1709596 * httpd.conf.in: Remove commented config regarding DNT because the spec now has CR status (confirming our interpretation) and MS has committed diff --git a/docs/manual/mod/mod_ssl.xml b/docs/manual/mod/mod_ssl.xml index 7fd703333d..9fd654b573 100644 --- a/docs/manual/mod/mod_ssl.xml +++ b/docs/manual/mod/mod_ssl.xml @@ -216,6 +216,30 @@ string in mod_log_config.

+
Expression Parser Extension + +

When mod_ssl is built into Apache or at least +loaded (under DSO situation) any variables +provided by mod_ssl can be used in expressions +for the ap_expr Expression Parser. +The variables can be referenced using the syntax +``%{varname}''. Starting +with version 2.4.18 one can also use the +mod_rewrite style syntax +``%{SSL:varname}'' or +the function style syntax +``ssl(varname)''.

+Example (using <module>mod_headers</module>) + +Header set X-SSL-PROTOCOL "expr=%{SSL_PROTOCOL}" +Header set X-SSL-CIPHER "expr=%{SSL:SSL_CIPHER}" + + +

This feature even works without setting the StdEnvVars +option of the SSLOptions +directive.

+
+
Authorization providers for use with Require

mod_ssl provides a few authentication providers for use diff --git a/modules/ssl/ssl_engine_vars.c b/modules/ssl/ssl_engine_vars.c index 0530eea4a3..8026a578a3 100644 --- a/modules/ssl/ssl_engine_vars.c +++ b/modules/ssl/ssl_engine_vars.c @@ -80,6 +80,14 @@ static const char *expr_var_fn(ap_expr_eval_ctx_t *ctx, const void *data) return sslconn ? ssl_var_lookup_ssl(ctx->p, ctx->c, ctx->r, var) : NULL; } +static const char *expr_func_fn(ap_expr_eval_ctx_t *ctx, const void *data, + const char *arg) +{ + char *var = (char *)arg; + + return var ? ssl_var_lookup(ctx->p, ctx->s, ctx->c, ctx->r, var) : NULL; +} + static int ssl_expr_lookup(ap_expr_lookup_parms *parms) { switch (parms->type) { @@ -94,6 +102,15 @@ static int ssl_expr_lookup(ap_expr_lookup_parms *parms) return OK; } break; + case AP_EXPR_FUNC_STRING: + /* Function SSL() is implemented by us. + */ + if (strcEQ(parms->name, "SSL")) { + *parms->func = expr_func_fn; + *parms->data = NULL; + return OK; + } + break; case AP_EXPR_FUNC_LIST: if (strcEQ(parms->name, "PeerExtList")) { *parms->func = expr_peer_ext_list_fn; -- 2.40.0