|
 |
f0c688 |
diff --git a/modules/ssl/mod_ssl.c b/modules/ssl/mod_ssl.c
|
|
|
f0c688 |
index 0d7c906..be2ee9f 100644
|
|
|
f0c688 |
--- a/modules/ssl/mod_ssl.c
|
|
|
f0c688 |
+++ b/modules/ssl/mod_ssl.c
|
|
|
f0c688 |
@@ -395,6 +395,9 @@ static SSLConnRec *ssl_init_connection_ctx(conn_rec *c)
|
|
|
af9b8b |
return sslconn;
|
|
|
af9b8b |
}
|
|
|
af9b8b |
|
|
|
af9b8b |
+static typeof(ssl_proxy_enable) *othermod_proxy_enable;
|
|
|
af9b8b |
+static typeof(ssl_engine_disable) *othermod_engine_disable;
|
|
|
af9b8b |
+
|
|
|
af9b8b |
int ssl_proxy_enable(conn_rec *c)
|
|
|
af9b8b |
{
|
|
|
af9b8b |
SSLSrvConfigRec *sc;
|
|
|
f0c688 |
@@ -403,6 +406,12 @@ int ssl_proxy_enable(conn_rec *c)
|
|
|
af9b8b |
sc = mySrvConfig(sslconn->server);
|
|
|
af9b8b |
|
|
|
af9b8b |
if (!sc->proxy_enabled) {
|
|
|
af9b8b |
+ if (othermod_proxy_enable) {
|
|
|
af9b8b |
+ ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, c,
|
|
|
af9b8b |
+ "mod_ssl proxy not configured, passing through to other module.");
|
|
|
af9b8b |
+ return othermod_proxy_enable(c);
|
|
|
af9b8b |
+ }
|
|
|
af9b8b |
+
|
|
|
af9b8b |
ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, c, APLOGNO(01961)
|
|
|
af9b8b |
"SSL Proxy requested for %s but not enabled "
|
|
|
af9b8b |
"[Hint: SSLProxyEngine]", sc->vhost_id);
|
|
|
f0c688 |
@@ -422,6 +431,10 @@ int ssl_engine_disable(conn_rec *c)
|
|
|
af9b8b |
|
|
|
af9b8b |
SSLConnRec *sslconn = myConnConfig(c);
|
|
|
af9b8b |
|
|
|
af9b8b |
+ if (othermod_engine_disable) {
|
|
|
af9b8b |
+ othermod_engine_disable(c);
|
|
|
af9b8b |
+ }
|
|
|
af9b8b |
+
|
|
|
af9b8b |
if (sslconn) {
|
|
|
af9b8b |
sc = mySrvConfig(sslconn->server);
|
|
|
af9b8b |
}
|
|
|
f0c688 |
@@ -652,6 +665,9 @@ static void ssl_register_hooks(apr_pool_t *p)
|
|
|
af9b8b |
ap_hook_post_read_request(ssl_hook_ReadReq, pre_prr,NULL, APR_HOOK_MIDDLE);
|
|
|
af9b8b |
|
|
|
af9b8b |
ssl_var_register(p);
|
|
|
af9b8b |
+
|
|
|
af9b8b |
+ othermod_proxy_enable = APR_RETRIEVE_OPTIONAL_FN(ssl_proxy_enable);
|
|
|
af9b8b |
+ othermod_engine_disable = APR_RETRIEVE_OPTIONAL_FN(ssl_engine_disable);
|
|
|
af9b8b |
|
|
|
af9b8b |
APR_REGISTER_OPTIONAL_FN(ssl_proxy_enable);
|
|
|
af9b8b |
APR_REGISTER_OPTIONAL_FN(ssl_engine_disable);
|
|
|
f0c688 |
diff --git a/modules/ssl/ssl_engine_vars.c b/modules/ssl/ssl_engine_vars.c
|
|
|
f0c688 |
index a6b0d0d..5a415b9 100644
|
|
|
f0c688 |
--- a/modules/ssl/ssl_engine_vars.c
|
|
|
f0c688 |
+++ b/modules/ssl/ssl_engine_vars.c
|
|
|
f0c688 |
@@ -55,6 +55,10 @@ static void ssl_var_lookup_ssl_cipher_bits(SSL *ssl, int *usekeysize, int *algk
|
|
|
af9b8b |
static char *ssl_var_lookup_ssl_version(apr_pool_t *p, char *var);
|
|
|
af9b8b |
static char *ssl_var_lookup_ssl_compress_meth(SSL *ssl);
|
|
|
af9b8b |
|
|
|
af9b8b |
+static APR_OPTIONAL_FN_TYPE(ssl_is_https) *othermod_is_https;
|
|
|
af9b8b |
+static APR_OPTIONAL_FN_TYPE(ssl_var_lookup) *othermod_var_lookup;
|
|
|
af9b8b |
+
|
|
|
f0c688 |
+
|
|
|
f0c688 |
static SSLConnRec *ssl_get_effective_config(conn_rec *c)
|
|
|
af9b8b |
{
|
|
|
af9b8b |
SSLConnRec *sslconn = myConnConfig(c);
|
|
|
f0c688 |
@@ -68,7 +72,9 @@ static SSLConnRec *ssl_get_effective_config(conn_rec *c)
|
|
|
f0c688 |
static int ssl_is_https(conn_rec *c)
|
|
|
f0c688 |
{
|
|
|
f0c688 |
SSLConnRec *sslconn = ssl_get_effective_config(c);
|
|
|
af9b8b |
- return sslconn && sslconn->ssl;
|
|
|
af9b8b |
+
|
|
|
af9b8b |
+ return (sslconn && sslconn->ssl)
|
|
|
af9b8b |
+ || (othermod_is_https && othermod_is_https(c));
|
|
|
af9b8b |
}
|
|
|
af9b8b |
|
|
|
af9b8b |
static const char var_interface[] = "mod_ssl/" AP_SERVER_BASEREVISION;
|
|
|
f0c688 |
@@ -137,6 +143,9 @@ void ssl_var_register(apr_pool_t *p)
|
|
|
af9b8b |
{
|
|
|
af9b8b |
char *cp, *cp2;
|
|
|
af9b8b |
|
|
|
af9b8b |
+ othermod_is_https = APR_RETRIEVE_OPTIONAL_FN(ssl_is_https);
|
|
|
af9b8b |
+ othermod_var_lookup = APR_RETRIEVE_OPTIONAL_FN(ssl_var_lookup);
|
|
|
af9b8b |
+
|
|
|
af9b8b |
APR_REGISTER_OPTIONAL_FN(ssl_is_https);
|
|
|
af9b8b |
APR_REGISTER_OPTIONAL_FN(ssl_var_lookup);
|
|
|
af9b8b |
APR_REGISTER_OPTIONAL_FN(ssl_ext_list);
|
|
|
f0c688 |
@@ -272,6 +281,15 @@ char *ssl_var_lookup(apr_pool_t *p, server_rec *s, conn_rec *c, request_rec *r,
|
|
|
af9b8b |
*/
|
|
|
af9b8b |
if (result == NULL && c != NULL) {
|
|
|
f0c688 |
SSLConnRec *sslconn = ssl_get_effective_config(c);
|
|
|
af9b8b |
+
|
|
|
af9b8b |
+ if (strlen(var) > 4 && strcEQn(var, "SSL_", 4)
|
|
|
af9b8b |
+ && (!sslconn || !sslconn->ssl) && othermod_var_lookup) {
|
|
|
af9b8b |
+ /* For an SSL_* variable, if mod_ssl is not enabled for
|
|
|
af9b8b |
+ * this connection and another SSL module is present, pass
|
|
|
af9b8b |
+ * through to that module. */
|
|
|
af9b8b |
+ return othermod_var_lookup(p, s, c, r, var);
|
|
|
af9b8b |
+ }
|
|
|
af9b8b |
+
|
|
|
af9b8b |
if (strlen(var) > 4 && strcEQn(var, "SSL_", 4)
|
|
|
af9b8b |
&& sslconn && sslconn->ssl)
|
|
|
f0c688 |
result = ssl_var_lookup_ssl(p, sslconn, r, var+4);
|