|
|
90ca4f |
diff -rupN mod_nss-1.0.8.orig/mod_nss.c mod_nss-1.0.8/mod_nss.c
|
|
|
90ca4f |
--- mod_nss-1.0.8.orig/mod_nss.c 2012-11-09 16:13:26.967022000 -0800
|
|
|
90ca4f |
+++ mod_nss-1.0.8/mod_nss.c 2012-11-09 20:18:39.936927000 -0800
|
|
|
90ca4f |
@@ -192,6 +192,9 @@ static SSLConnRec *nss_init_connection_c
|
|
|
90ca4f |
return sslconn;
|
|
|
90ca4f |
}
|
|
|
90ca4f |
|
|
|
90ca4f |
+static APR_OPTIONAL_FN_TYPE(ssl_proxy_enable) *othermod_proxy_enable;
|
|
|
90ca4f |
+static APR_OPTIONAL_FN_TYPE(ssl_engine_disable) *othermod_engine_disable;
|
|
|
90ca4f |
+
|
|
|
90ca4f |
int nss_proxy_enable(conn_rec *c)
|
|
|
90ca4f |
{
|
|
|
90ca4f |
SSLSrvConfigRec *sc = mySrvConfig(c->base_server);
|
|
|
90ca4f |
@@ -199,6 +202,12 @@ int nss_proxy_enable(conn_rec *c)
|
|
|
90ca4f |
SSLConnRec *sslconn = nss_init_connection_ctx(c);
|
|
|
90ca4f |
|
|
|
90ca4f |
if (!sc->proxy_enabled) {
|
|
|
90ca4f |
+ if (othermod_proxy_enable) {
|
|
|
90ca4f |
+ ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, c,
|
|
|
90ca4f |
+ "mod_nss proxy not configured, passing through to mod_ssl module");
|
|
|
90ca4f |
+ return othermod_proxy_enable(c);
|
|
|
90ca4f |
+ }
|
|
|
90ca4f |
+
|
|
|
90ca4f |
ap_log_error(APLOG_MARK, APLOG_ERR, 0, c->base_server,
|
|
|
90ca4f |
"SSL Proxy requested for %s but not enabled "
|
|
|
90ca4f |
"[Hint: NSSProxyEngine]", sc->vhost_id);
|
|
|
90ca4f |
@@ -212,7 +221,7 @@ int nss_proxy_enable(conn_rec *c)
|
|
|
90ca4f |
return 1;
|
|
|
90ca4f |
}
|
|
|
90ca4f |
|
|
|
90ca4f |
-int ssl_proxy_enable(conn_rec *c) {
|
|
|
90ca4f |
+static int ssl_proxy_enable(conn_rec *c) {
|
|
|
90ca4f |
return nss_proxy_enable(c);
|
|
|
90ca4f |
}
|
|
|
90ca4f |
|
|
|
90ca4f |
@@ -222,6 +231,10 @@ int nss_engine_disable(conn_rec *c)
|
|
|
90ca4f |
|
|
|
90ca4f |
SSLConnRec *sslconn;
|
|
|
90ca4f |
|
|
|
90ca4f |
+ if (othermod_engine_disable) {
|
|
|
90ca4f |
+ othermod_engine_disable(c);
|
|
|
90ca4f |
+ }
|
|
|
90ca4f |
+
|
|
|
90ca4f |
if (sc->enabled == FALSE) {
|
|
|
90ca4f |
return 0;
|
|
|
90ca4f |
}
|
|
|
90ca4f |
@@ -233,7 +246,7 @@ int nss_engine_disable(conn_rec *c)
|
|
|
90ca4f |
return 1;
|
|
|
90ca4f |
}
|
|
|
90ca4f |
|
|
|
90ca4f |
-int ssl_engine_disable(conn_rec *c) {
|
|
|
90ca4f |
+static int ssl_engine_disable(conn_rec *c) {
|
|
|
90ca4f |
return nss_engine_disable(c);
|
|
|
90ca4f |
}
|
|
|
90ca4f |
|
|
|
90ca4f |
@@ -455,14 +468,17 @@ static void nss_register_hooks(apr_pool_
|
|
|
90ca4f |
|
|
|
90ca4f |
nss_var_register();
|
|
|
90ca4f |
|
|
|
90ca4f |
+ /* Always register these mod_nss optional functions */
|
|
|
90ca4f |
APR_REGISTER_OPTIONAL_FN(nss_proxy_enable);
|
|
|
90ca4f |
APR_REGISTER_OPTIONAL_FN(nss_engine_disable);
|
|
|
90ca4f |
|
|
|
90ca4f |
- /* If mod_ssl is not loaded then mod_nss can work with mod_proxy */
|
|
|
90ca4f |
- if (APR_RETRIEVE_OPTIONAL_FN(ssl_proxy_enable) == NULL)
|
|
|
90ca4f |
- APR_REGISTER_OPTIONAL_FN(ssl_proxy_enable);
|
|
|
90ca4f |
- if (APR_RETRIEVE_OPTIONAL_FN(ssl_engine_disable) == NULL)
|
|
|
90ca4f |
- APR_REGISTER_OPTIONAL_FN(ssl_engine_disable);
|
|
|
90ca4f |
+ /* Save the state of any previously registered mod_ssl functions */
|
|
|
90ca4f |
+ othermod_proxy_enable = APR_RETRIEVE_OPTIONAL_FN(ssl_proxy_enable);
|
|
|
90ca4f |
+ othermod_engine_disable = APR_RETRIEVE_OPTIONAL_FN(ssl_engine_disable);
|
|
|
90ca4f |
+
|
|
|
90ca4f |
+ /* Always register these local mod_ssl optional functions */
|
|
|
90ca4f |
+ APR_REGISTER_OPTIONAL_FN(ssl_proxy_enable);
|
|
|
90ca4f |
+ APR_REGISTER_OPTIONAL_FN(ssl_engine_disable);
|
|
|
90ca4f |
}
|
|
|
90ca4f |
|
|
|
90ca4f |
module AP_MODULE_DECLARE_DATA nss_module = {
|
|
|
90ca4f |
diff -rupN mod_nss-1.0.8.orig/mod_nss.h mod_nss-1.0.8/mod_nss.h
|
|
|
90ca4f |
--- mod_nss-1.0.8.orig/mod_nss.h 2012-11-09 16:13:26.799022000 -0800
|
|
|
90ca4f |
+++ mod_nss-1.0.8/mod_nss.h 2012-11-09 17:14:18.660077000 -0800
|
|
|
90ca4f |
@@ -13,8 +13,8 @@
|
|
|
90ca4f |
* limitations under the License.
|
|
|
90ca4f |
*/
|
|
|
90ca4f |
|
|
|
90ca4f |
-#ifndef __MOD_SSL_H__
|
|
|
90ca4f |
-#define __MOD_SSL_H__
|
|
|
90ca4f |
+#ifndef __MOD_NSS_H__
|
|
|
90ca4f |
+#define __MOD_NSS_H__
|
|
|
90ca4f |
|
|
|
90ca4f |
/* Apache headers */
|
|
|
90ca4f |
#include "httpd.h"
|
|
|
90ca4f |
@@ -25,6 +25,7 @@
|
|
|
90ca4f |
#include "http_connection.h"
|
|
|
90ca4f |
#include "http_request.h"
|
|
|
90ca4f |
#include "http_protocol.h"
|
|
|
90ca4f |
+#include "mod_ssl.h"
|
|
|
90ca4f |
#include "util_script.h"
|
|
|
90ca4f |
#include "util_filter.h"
|
|
|
90ca4f |
#include "mpm.h"
|
|
|
90ca4f |
@@ -438,34 +439,24 @@ int nss_hook_ReadReq(request_rec *r);
|
|
|
90ca4f |
/* Variables */
|
|
|
90ca4f |
void nss_var_register(void);
|
|
|
90ca4f |
char *nss_var_lookup(apr_pool_t *, server_rec *, conn_rec *, request_rec *, char *);
|
|
|
90ca4f |
-char *ssl_var_lookup(apr_pool_t *, server_rec *, conn_rec *, request_rec *, char *);
|
|
|
90ca4f |
void nss_var_log_config_register(apr_pool_t *p);
|
|
|
90ca4f |
|
|
|
90ca4f |
APR_DECLARE_OPTIONAL_FN(char *, nss_var_lookup,
|
|
|
90ca4f |
(apr_pool_t *, server_rec *,
|
|
|
90ca4f |
conn_rec *, request_rec *,
|
|
|
90ca4f |
char *));
|
|
|
90ca4f |
-APR_DECLARE_OPTIONAL_FN(char *, ssl_var_lookup,
|
|
|
90ca4f |
- (apr_pool_t *, server_rec *,
|
|
|
90ca4f |
- conn_rec *, request_rec *,
|
|
|
90ca4f |
- char *));
|
|
|
90ca4f |
|
|
|
90ca4f |
/* An optional function which returns non-zero if the given connection
|
|
|
90ca4f |
* is using SSL/TLS. */
|
|
|
90ca4f |
APR_DECLARE_OPTIONAL_FN(int, nss_is_https, (conn_rec *));
|
|
|
90ca4f |
-APR_DECLARE_OPTIONAL_FN(int, ssl_is_https, (conn_rec *));
|
|
|
90ca4f |
|
|
|
90ca4f |
/* Proxy Support */
|
|
|
90ca4f |
int nss_proxy_enable(conn_rec *c);
|
|
|
90ca4f |
int nss_engine_disable(conn_rec *c);
|
|
|
90ca4f |
-int ssl_proxy_enable(conn_rec *c);
|
|
|
90ca4f |
-int ssl_engine_disable(conn_rec *c);
|
|
|
90ca4f |
|
|
|
90ca4f |
APR_DECLARE_OPTIONAL_FN(int, nss_proxy_enable, (conn_rec *));
|
|
|
90ca4f |
-APR_DECLARE_OPTIONAL_FN(int, ssl_proxy_enable, (conn_rec *));
|
|
|
90ca4f |
|
|
|
90ca4f |
APR_DECLARE_OPTIONAL_FN(int, nss_engine_disable, (conn_rec *));
|
|
|
90ca4f |
-APR_DECLARE_OPTIONAL_FN(int, ssl_engine_disable, (conn_rec *));
|
|
|
90ca4f |
|
|
|
90ca4f |
/* I/O */
|
|
|
90ca4f |
PRFileDesc * nss_io_new_fd();
|
|
|
90ca4f |
@@ -495,4 +486,4 @@ void nss_die(void);
|
|
|
90ca4f |
|
|
|
90ca4f |
/* NSS callback */
|
|
|
90ca4f |
SECStatus nss_AuthCertificate(void *arg, PRFileDesc *socket, PRBool checksig, PRBool isServer);
|
|
|
90ca4f |
-#endif /* __MOD_SSL_H__ */
|
|
|
90ca4f |
+#endif /* __MOD_NSS_H__ */
|
|
|
90ca4f |
diff -rupN mod_nss-1.0.8.orig/nss_engine_vars.c mod_nss-1.0.8/nss_engine_vars.c
|
|
|
90ca4f |
--- mod_nss-1.0.8.orig/nss_engine_vars.c 2012-11-09 16:13:26.997024000 -0800
|
|
|
90ca4f |
+++ mod_nss-1.0.8/nss_engine_vars.c 2012-11-09 20:15:32.948488000 -0800
|
|
|
90ca4f |
@@ -39,11 +39,17 @@ static char *nss_var_lookup_nss_cert_ver
|
|
|
90ca4f |
static char *nss_var_lookup_nss_cipher(apr_pool_t *p, conn_rec *c, char *var);
|
|
|
90ca4f |
static char *nss_var_lookup_nss_version(apr_pool_t *p, char *var);
|
|
|
90ca4f |
static char *nss_var_lookup_protocol_version(apr_pool_t *p, conn_rec *c);
|
|
|
90ca4f |
+static char *ssl_var_lookup(apr_pool_t *p, server_rec *s, conn_rec *c, request_rec *r, char *var);
|
|
|
90ca4f |
+
|
|
|
90ca4f |
+static APR_OPTIONAL_FN_TYPE(ssl_is_https) *othermod_is_https;
|
|
|
90ca4f |
+static APR_OPTIONAL_FN_TYPE(ssl_var_lookup) *othermod_var_lookup;
|
|
|
90ca4f |
|
|
|
90ca4f |
static int nss_is_https(conn_rec *c)
|
|
|
90ca4f |
{
|
|
|
90ca4f |
SSLConnRec *sslconn = myConnConfig(c);
|
|
|
90ca4f |
- return sslconn && sslconn->ssl;
|
|
|
90ca4f |
+
|
|
|
90ca4f |
+ return (sslconn && sslconn->ssl)
|
|
|
90ca4f |
+ || (othermod_is_https && othermod_is_https(c));
|
|
|
90ca4f |
}
|
|
|
90ca4f |
|
|
|
90ca4f |
static int ssl_is_https(conn_rec *c) {
|
|
|
90ca4f |
@@ -52,14 +58,17 @@ static int ssl_is_https(conn_rec *c) {
|
|
|
90ca4f |
|
|
|
90ca4f |
void nss_var_register(void)
|
|
|
90ca4f |
{
|
|
|
90ca4f |
+ /* Always register these mod_nss optional functions */
|
|
|
90ca4f |
APR_REGISTER_OPTIONAL_FN(nss_is_https);
|
|
|
90ca4f |
APR_REGISTER_OPTIONAL_FN(nss_var_lookup);
|
|
|
90ca4f |
|
|
|
90ca4f |
- /* These can only be registered if mod_ssl is not loaded */
|
|
|
90ca4f |
- if (APR_RETRIEVE_OPTIONAL_FN(ssl_is_https) == NULL)
|
|
|
90ca4f |
- APR_REGISTER_OPTIONAL_FN(ssl_is_https);
|
|
|
90ca4f |
- if (APR_RETRIEVE_OPTIONAL_FN(ssl_var_lookup) == NULL)
|
|
|
90ca4f |
- APR_REGISTER_OPTIONAL_FN(ssl_var_lookup);
|
|
|
90ca4f |
+ /* Save the state of any previously registered mod_ssl functions */
|
|
|
90ca4f |
+ othermod_is_https = APR_RETRIEVE_OPTIONAL_FN(ssl_is_https);
|
|
|
90ca4f |
+ othermod_var_lookup = APR_RETRIEVE_OPTIONAL_FN(ssl_var_lookup);
|
|
|
90ca4f |
+
|
|
|
90ca4f |
+ /* Always register these local mod_ssl optional functions */
|
|
|
90ca4f |
+ APR_REGISTER_OPTIONAL_FN(ssl_is_https);
|
|
|
90ca4f |
+ APR_REGISTER_OPTIONAL_FN(ssl_var_lookup);
|
|
|
90ca4f |
|
|
|
90ca4f |
return;
|
|
|
90ca4f |
}
|
|
|
90ca4f |
@@ -174,6 +183,15 @@ char *nss_var_lookup(apr_pool_t *p, serv
|
|
|
90ca4f |
*/
|
|
|
90ca4f |
if (result == NULL && c != NULL) {
|
|
|
90ca4f |
SSLConnRec *sslconn = myConnConfig(c);
|
|
|
90ca4f |
+
|
|
|
90ca4f |
+ if (strlen(var) > 4 && strcEQn(var, "SSL_", 4)
|
|
|
90ca4f |
+ && (!sslconn || !sslconn->ssl) && othermod_var_lookup) {
|
|
|
90ca4f |
+ /* If mod_ssl is registered for this connection,
|
|
|
90ca4f |
+ * pass any SSL_* variable through to the mod_ssl module
|
|
|
90ca4f |
+ */
|
|
|
90ca4f |
+ return othermod_var_lookup(p, s, c, r, var);
|
|
|
90ca4f |
+ }
|
|
|
90ca4f |
+
|
|
|
90ca4f |
if (strlen(var) > 4 && strcEQn(var, "SSL_", 4)
|
|
|
90ca4f |
&& sslconn && sslconn->ssl)
|
|
|
90ca4f |
result = nss_var_lookup_ssl(p, c, var+4);
|
|
|
90ca4f |
@@ -252,7 +270,7 @@ char *nss_var_lookup(apr_pool_t *p, serv
|
|
|
90ca4f |
return result;
|
|
|
90ca4f |
}
|
|
|
90ca4f |
|
|
|
90ca4f |
-char *ssl_var_lookup(apr_pool_t *p, server_rec *s, conn_rec *c, request_rec *r, char *var) {
|
|
|
90ca4f |
+static char *ssl_var_lookup(apr_pool_t *p, server_rec *s, conn_rec *c, request_rec *r, char *var) {
|
|
|
90ca4f |
return nss_var_lookup(p, s, c, r, var);
|
|
|
90ca4f |
}
|
|
|
90ca4f |
|