mturk / rpms / httpd

Forked from rpms/httpd 3 years ago
Clone
Source Code
GIT

Blame httpd-2.4.43-sslmultiproxy.patch

f10 f11 f12 f13 f14 f15 f16 f17 f18 f19 f20 f21 f22 f23 f24 f25 f26 f27 f28 f29 f30 f31 f32 f33 f7 f8 f9 master sscg stream-2.4
  1.   b2e312a36c3cb324c9692c02aed328007698b8d1
  2.   httpd-2.4.43-sslmultiproxy.patch
Blob History Raw
935fcac 
diff --git a/modules/ssl/mod_ssl.c b/modules/ssl/mod_ssl.c
76f6dc7 
index 12617b2..0fe7464 100644
76f6dc7 
--- a/modules/ssl/mod_ssl.c
76f6dc7 
+++ b/modules/ssl/mod_ssl.c
76f6dc7 
@@ -459,6 +459,10 @@ static int ssl_hook_pre_config(apr_pool_t *pconf,
935fcac 
     return OK;
935fcac 
 }
935fcac
935fcac 
+static APR_OPTIONAL_FN_TYPE(ssl_engine_disable) *othermod_engine_disable;
935fcac 
+static APR_OPTIONAL_FN_TYPE(ssl_engine_set) *othermod_engine_set;
e41c006 
+
76f6dc7 
+
935fcac 
 static SSLConnRec *ssl_init_connection_ctx(conn_rec *c,
76f6dc7 
                                            ap_conf_vector_t *per_dir_config,
76f6dc7 
                                            int new_proxy)
76f6dc7 
@@ -466,6 +470,10 @@ static SSLConnRec *ssl_init_connection_ctx(conn_rec *c,
935fcac 
     SSLConnRec *sslconn = myConnConfig(c);
76f6dc7 
     int need_setup = 0;
935fcac
935fcac 
+    if (othermod_engine_disable) {
935fcac 
+        othermod_engine_disable(c);
935fcac 
+    }
e41c006 
+
76f6dc7 
     /* mod_proxy's (r->)per_dir_config has the lifetime of the request, thus
76f6dc7 
      * it uses ssl_engine_set() to reset sslconn->dc when reusing SSL backend
76f6dc7 
      * connections, so we must fall through here. But in the case where we are
76f6dc7 
@@ -544,6 +552,10 @@ static int ssl_engine_set(conn_rec *c,
935fcac 
 {
935fcac 
     SSLConnRec *sslconn;
935fcac 
     int status;
e41c006 
+
935fcac 
+    if (othermod_engine_set) {
935fcac 
+        return othermod_engine_set(c, per_dir_config, proxy, enable);
935fcac 
+    }
935fcac
935fcac 
     if (proxy) {
76f6dc7 
         sslconn = ssl_init_connection_ctx(c, per_dir_config, 1);
76f6dc7 
@@ -572,12 +584,18 @@ static int ssl_engine_set(conn_rec *c,
935fcac
935fcac 
 static int ssl_proxy_enable(conn_rec *c)
935fcac 
 {
935fcac 
-    return ssl_engine_set(c, NULL, 1, 1);
935fcac 
+    if (othermod_engine_set)
935fcac 
+        return othermod_engine_set(c, NULL, 1, 1);
935fcac 
+    else
935fcac 
+        return ssl_engine_set(c, NULL, 1, 1);
935fcac 
 }
935fcac
935fcac 
 static int ssl_engine_disable(conn_rec *c)
935fcac 
 {
935fcac 
-    return ssl_engine_set(c, NULL, 0, 0);
935fcac 
+    if (othermod_engine_set)
935fcac 
+        return othermod_engine_set(c, NULL, 0, 0);
935fcac 
+    else
935fcac 
+        return ssl_engine_set(c, NULL, 0, 0);
935fcac 
 }
935fcac
935fcac 
 int ssl_init_ssl_connection(conn_rec *c, request_rec *r)
76f6dc7 
@@ -753,6 +771,9 @@ static void ssl_register_hooks(apr_pool_t *p)
935fcac 
                       APR_HOOK_MIDDLE);
935fcac
935fcac 
     ssl_var_register(p);
935fcac 
+
935fcac 
+    othermod_engine_disable = APR_RETRIEVE_OPTIONAL_FN(ssl_engine_disable);
935fcac 
+    othermod_engine_set = APR_RETRIEVE_OPTIONAL_FN(ssl_engine_set);
935fcac
935fcac 
     APR_REGISTER_OPTIONAL_FN(ssl_proxy_enable);
935fcac 
     APR_REGISTER_OPTIONAL_FN(ssl_engine_disable);
76f6dc7 
diff --git a/modules/ssl/ssl_engine_vars.c b/modules/ssl/ssl_engine_vars.c
76f6dc7 
index 5724f18..81c56ba 100644
76f6dc7 
--- a/modules/ssl/ssl_engine_vars.c
76f6dc7 
+++ b/modules/ssl/ssl_engine_vars.c
76f6dc7 
@@ -54,6 +54,8 @@ static char *ssl_var_lookup_ssl_cipher(apr_pool_t *p, SSLConnRec *sslconn, char
935fcac 
 static void  ssl_var_lookup_ssl_cipher_bits(SSL *ssl, int *usekeysize, int *algkeysize);
935fcac 
 static char *ssl_var_lookup_ssl_version(apr_pool_t *p, char *var);
935fcac 
 static char *ssl_var_lookup_ssl_compress_meth(SSL *ssl);
935fcac 
+static APR_OPTIONAL_FN_TYPE(ssl_is_https) *othermod_is_https;
935fcac 
+static APR_OPTIONAL_FN_TYPE(ssl_var_lookup) *othermod_var_lookup;
935fcac
935fcac 
 static SSLConnRec *ssl_get_effective_config(conn_rec *c)
935fcac 
 {
76f6dc7 
@@ -68,7 +70,9 @@ static SSLConnRec *ssl_get_effective_config(conn_rec *c)
935fcac 
 static int ssl_is_https(conn_rec *c)
935fcac 
 {
935fcac 
     SSLConnRec *sslconn = ssl_get_effective_config(c);
935fcac 
-    return sslconn && sslconn->ssl;
935fcac 
+
935fcac 
+    return (sslconn && sslconn->ssl)
935fcac 
+        || (othermod_is_https && othermod_is_https(c));
935fcac 
 }
935fcac
935fcac 
 static const char var_interface[] = "mod_ssl/" AP_SERVER_BASEREVISION;
76f6dc7 
@@ -137,6 +141,9 @@ void ssl_var_register(apr_pool_t *p)
935fcac 
 {
935fcac 
     char *cp, *cp2;
935fcac
935fcac 
+    othermod_is_https = APR_RETRIEVE_OPTIONAL_FN(ssl_is_https);
935fcac 
+    othermod_var_lookup = APR_RETRIEVE_OPTIONAL_FN(ssl_var_lookup);
935fcac 
+
935fcac 
     APR_REGISTER_OPTIONAL_FN(ssl_is_https);
935fcac 
     APR_REGISTER_OPTIONAL_FN(ssl_var_lookup);
935fcac 
     APR_REGISTER_OPTIONAL_FN(ssl_ext_list);
76f6dc7 
@@ -271,6 +278,15 @@ char *ssl_var_lookup(apr_pool_t *p, server_rec *s, conn_rec *c, request_rec *r,
935fcac 
      */
935fcac 
     if (result == NULL && c != NULL) {
935fcac 
         SSLConnRec *sslconn = ssl_get_effective_config(c);
935fcac 
+
935fcac 
+        if (strlen(var) > 4 && strcEQn(var, "SSL_", 4)
935fcac 
+            && (!sslconn || !sslconn->ssl) && othermod_var_lookup) {
935fcac 
+            /* For an SSL_* variable, if mod_ssl is not enabled for
935fcac 
+             * this connection and another SSL module is present, pass
935fcac 
+             * through to that module. */
935fcac 
+            return othermod_var_lookup(p, s, c, r, var);
935fcac 
+        }
935fcac 
+
935fcac 
         if (strlen(var) > 4 && strcEQn(var, "SSL_", 4)
935fcac 
             && sslconn && sslconn->ssl)
935fcac 
             result = ssl_var_lookup_ssl(p, sslconn, r, var+4);
Powered by Pagure 5.13.3
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.