]> Raphaƫl G. Git Repositories - ihttpd/blob - SOURCES/httpd-2.4.18-sslmultiproxy.patch
Add dependencies to avoid race conditions and be sure we start in time
[ihttpd] / SOURCES / httpd-2.4.18-sslmultiproxy.patch
1 diff --git a/modules/ssl/mod_ssl.c b/modules/ssl/mod_ssl.c
2 index 717a694..a3ce718 100644
3 --- a/modules/ssl/mod_ssl.c
4 +++ b/modules/ssl/mod_ssl.c
5 @@ -395,6 +395,9 @@ static SSLConnRec *ssl_init_connection_ctx(conn_rec *c)
6 return sslconn;
7 }
8
9 +static typeof(ssl_proxy_enable) *othermod_proxy_enable;
10 +static typeof(ssl_engine_disable) *othermod_engine_disable;
11 +
12 int ssl_proxy_enable(conn_rec *c)
13 {
14 SSLSrvConfigRec *sc;
15 @@ -403,6 +406,12 @@ int ssl_proxy_enable(conn_rec *c)
16 sc = mySrvConfig(sslconn->server);
17
18 if (!sc->proxy_enabled) {
19 + if (othermod_proxy_enable) {
20 + ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, c,
21 + "mod_ssl proxy not configured, passing through to other module.");
22 + return othermod_proxy_enable(c);
23 + }
24 +
25 ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, c, APLOGNO(01961)
26 "SSL Proxy requested for %s but not enabled "
27 "[Hint: SSLProxyEngine]", sc->vhost_id);
28 @@ -422,6 +431,10 @@ int ssl_engine_disable(conn_rec *c)
29
30 SSLConnRec *sslconn = myConnConfig(c);
31
32 + if (othermod_engine_disable) {
33 + othermod_engine_disable(c);
34 + }
35 +
36 if (sslconn) {
37 sc = mySrvConfig(sslconn->server);
38 }
39 @@ -621,6 +634,9 @@ static void ssl_register_hooks(apr_pool_t *p)
40 ap_hook_post_read_request(ssl_hook_ReadReq, pre_prr,NULL, APR_HOOK_MIDDLE);
41
42 ssl_var_register(p);
43 +
44 + othermod_proxy_enable = APR_RETRIEVE_OPTIONAL_FN(ssl_proxy_enable);
45 + othermod_engine_disable = APR_RETRIEVE_OPTIONAL_FN(ssl_engine_disable);
46
47 APR_REGISTER_OPTIONAL_FN(ssl_proxy_enable);
48 APR_REGISTER_OPTIONAL_FN(ssl_engine_disable);
49 diff --git a/modules/ssl/ssl_engine_vars.c b/modules/ssl/ssl_engine_vars.c
50 index a6b0d0d..24fd8c7 100644
51 --- a/modules/ssl/ssl_engine_vars.c
52 +++ b/modules/ssl/ssl_engine_vars.c
53 @@ -54,6 +54,8 @@ static char *ssl_var_lookup_ssl_cipher(apr_pool_t *p, SSLConnRec *sslconn, char
54 static void ssl_var_lookup_ssl_cipher_bits(SSL *ssl, int *usekeysize, int *algkeysize);
55 static char *ssl_var_lookup_ssl_version(apr_pool_t *p, char *var);
56 static char *ssl_var_lookup_ssl_compress_meth(SSL *ssl);
57 +static APR_OPTIONAL_FN_TYPE(ssl_is_https) *othermod_is_https;
58 +static APR_OPTIONAL_FN_TYPE(ssl_var_lookup) *othermod_var_lookup;
59
60 static SSLConnRec *ssl_get_effective_config(conn_rec *c)
61 {
62 @@ -68,7 +70,9 @@ static SSLConnRec *ssl_get_effective_config(conn_rec *c)
63 static int ssl_is_https(conn_rec *c)
64 {
65 SSLConnRec *sslconn = ssl_get_effective_config(c);
66 - return sslconn && sslconn->ssl;
67 +
68 + return (sslconn && sslconn->ssl)
69 + || (othermod_is_https && othermod_is_https(c));
70 }
71
72 static const char var_interface[] = "mod_ssl/" AP_SERVER_BASEREVISION;
73 @@ -137,6 +141,9 @@ void ssl_var_register(apr_pool_t *p)
74 {
75 char *cp, *cp2;
76
77 + othermod_is_https = APR_RETRIEVE_OPTIONAL_FN(ssl_is_https);
78 + othermod_var_lookup = APR_RETRIEVE_OPTIONAL_FN(ssl_var_lookup);
79 +
80 APR_REGISTER_OPTIONAL_FN(ssl_is_https);
81 APR_REGISTER_OPTIONAL_FN(ssl_var_lookup);
82 APR_REGISTER_OPTIONAL_FN(ssl_ext_list);
83 @@ -272,6 +279,15 @@ char *ssl_var_lookup(apr_pool_t *p, server_rec *s, conn_rec *c, request_rec *r,
84 */
85 if (result == NULL && c != NULL) {
86 SSLConnRec *sslconn = ssl_get_effective_config(c);
87 +
88 + if (strlen(var) > 4 && strcEQn(var, "SSL_", 4)
89 + && (!sslconn || !sslconn->ssl) && othermod_var_lookup) {
90 + /* For an SSL_* variable, if mod_ssl is not enabled for
91 + * this connection and another SSL module is present, pass
92 + * through to that module. */
93 + return othermod_var_lookup(p, s, c, r, var);
94 + }
95 +
96 if (strlen(var) > 4 && strcEQn(var, "SSL_", 4)
97 && sslconn && sslconn->ssl)
98 result = ssl_var_lookup_ssl(p, sslconn, r, var+4);