mod_nw_ssl.c File Reference

#include "httpd.h"
#include "http_config.h"
#include "http_log.h"
#include "http_protocol.h"
#include "http_core.h"
#include "ap_listen.h"
#include "apr_strings.h"
#include "apr_portable.h"
#include "apr_optional.h"
#include <unilib.h>

Include dependency graph for mod_nw_ssl.c:

Go to the source code of this file.

Defines
#define	WS_SSL
#define	MAX_ADDRESS   512
#define	MAX_KEY   80
#define	SO_TLS_UNCLEAN_SHUTDOWN   0
#define	strEQ(s1, s2)   (strcmp(s1,s2) == 0)
#define	strNE(s1, s2)   (strcmp(s1,s2) != 0)
#define	strEQn(s1, s2, n)   (strncmp(s1,s2,n) == 0)
#define	strNEn(s1, s2, n)   (strncmp(s1,s2,n) != 0)
#define	strcEQ(s1, s2)   (strcasecmp(s1,s2) == 0)
#define	strcNE(s1, s2)   (strcasecmp(s1,s2) != 0)
#define	strcEQn(s1, s2, n)   (strncasecmp(s1,s2,n) == 0)
#define	strcNEn(s1, s2, n)   (strncasecmp(s1,s2,n) != 0)
#define	strIsEmpty(s)   (s == NULL || s[0] == NUL)
#define	get_nwssl_cfg(srv)   (NWSSLSrvConfigRec *) ap_get_module_config(srv->module_config, &nwssl_module)
#define	MKTIMESTR(format, tmfield)
#define	SWITCH_STATUS_LINE   "HTTP/1.1 101 Switching Protocols"
#define	UPGRADE_HEADER   "Upgrade: TLS/1.0, HTTP/1.1"
#define	CONNECTION_HEADER   "Connection: Upgrade"
Typedefs
typedef NWSSLSrvConfigRec	NWSSLSrvConfigRec
typedef seclisten_rec	seclisten_rec
typedef seclistenup_rec	seclistenup_rec
typedef secsocket_data	secsocket_data
Functions
	APR_DECLARE_OPTIONAL_FN (char *, ssl_var_lookup,(apr_pool_t *, server_rec *, conn_rec *, request_rec *, char *))
	APR_DECLARE_OPTIONAL_FN (int, ssl_is_https,(conn_rec *))
	APR_DECLARE_OPTIONAL_FN (int, ssl_proxy_enable,(conn_rec *))
	APR_DECLARE_OPTIONAL_FN (int, ssl_engine_disable,(conn_rec *))
static void	build_cert_list (apr_pool_t *p)
static unsigned long	parse_addr (const char *w, unsigned short *ports)
static int	find_secure_listener (seclisten_rec *lr)
static char *	get_port_key (conn_rec *c)
static int	make_secure_socket (apr_pool_t *pconf, const struct sockaddr_in *server, char *key, int mutual, server_rec *sconf)
int	convert_secure_socket (conn_rec *c, apr_socket_t *csd)
int	SSLize_Socket (SOCKET socketHnd, char *key, request_rec *r)
static const char *	set_secure_listener (cmd_parms *cmd, void *dummy, const char *ips, const char *key, const char *mutual)
static const char *	set_secure_upgradeable_listener (cmd_parms *cmd, void *dummy, const char *ips, const char *key)
static apr_status_t	nwssl_socket_cleanup (void *data)
static const char *	set_trusted_certs (cmd_parms *cmd, void *dummy, char *arg)
static int	nwssl_pre_config (apr_pool_t *pconf, apr_pool_t *plog, apr_pool_t *ptemp)
static int	nwssl_pre_connection (conn_rec *c, void *csd)
static int	nwssl_post_config (apr_pool_t *pconf, apr_pool_t *plog, apr_pool_t *ptemp, server_rec *s)
static void *	nwssl_config_server_create (apr_pool_t *p, server_rec *s)
static void *	nwssl_config_server_merge (apr_pool_t *p, void *basev, void *addv)
static int	compare_ipports (void *rec, const char *key, const char *value)
static int	isSecureConnEx (const server_rec *s, const conn_rec *c, const apr_table_t *t)
static int	isSecureConn (const server_rec *s, const conn_rec *c)
static int	isSecureConnUpgradeable (const server_rec *s, const conn_rec *c)
static int	isSecure (const request_rec *r)
static int	isSecureUpgradeable (const request_rec *r)
static int	isSecureUpgraded (const request_rec *r)
static int	nwssl_hook_Fixup (request_rec *r)
static const char *	nwssl_hook_http_method (const request_rec *r)
static apr_port_t	nwssl_hook_default_port (const request_rec *r)
int	ssl_proxy_enable (conn_rec *c)
int	ssl_engine_disable (conn_rec *c)
static int	ssl_is_https (conn_rec *c)
char *	ssl_var_lookup (apr_pool_t *p, server_rec *s, conn_rec *c, request_rec *r, char *var)
static apr_status_t	ssl_io_filter_Upgrade (ap_filter_t *f, apr_bucket_brigade *bb)
static void	ssl_hook_Insert_Filter (request_rec *r)
static void	register_hooks (apr_pool_t *p)
Variables
module AP_MODULE_DECLARE_DATA	nwssl_module
static apr_array_header_t *	certlist = NULL
static unicode_t **	certarray = NULL
static int	numcerts = 0
static seclisten_rec *	ap_seclisteners = NULL
static seclistenup_rec *	ap_seclistenersup = NULL
static const command_rec	nwssl_module_cmds []

---

Define Documentation

#define CONNECTION_HEADER   "Connection: Upgrade"

Referenced by ssl_io_filter_Upgrade().

#define get_nwssl_cfg (  srv   )     (NWSSLSrvConfigRec *) ap_get_module_config(srv->module_config, &nwssl_module)

Definition at line 130 of file mod_nw_ssl.c. Referenced by isSecureConn(), isSecureConnUpgradeable(), set_secure_listener(), set_secure_upgradeable_listener(), ssl_hook_Insert_Filter(), and ssl_var_lookup().

#define MAX_ADDRESS   512

Definition at line 38 of file mod_nw_ssl.c. Referenced by make_secure_socket().

#define MAX_KEY   80

Definition at line 39 of file mod_nw_ssl.c.

#define MKTIMESTR (  format, tmfield   )

Value: apr_time_exp_lt(&tm, apr_time_now()); \ result = apr_psprintf(p, format, tm.tmfield); \ resdup = FALSE; Referenced by lookup_variable(), and ssl_var_lookup().

#define SO_TLS_UNCLEAN_SHUTDOWN   0

Definition at line 55 of file mod_nw_ssl.c. Referenced by convert_secure_socket(), and make_secure_socket().

#define strcEQ (  s1, s2   )     (strcasecmp(s1,s2) == 0)

Definition at line 80 of file mod_nw_ssl.c. Referenced by ssl_cmd_protocol_parse(), ssl_cmd_SSLMutex(), ssl_cmd_SSLOptions(), ssl_cmd_SSLPassPhraseDialog(), ssl_cmd_SSLRandomSeed(), ssl_cmd_SSLSessionCache(), ssl_cmd_verify_parse(), ssl_hook_UserCheck(), ssl_var_lookup(), ssl_var_lookup_ssl(), ssl_var_lookup_ssl_cert(), and ssl_var_lookup_ssl_cipher().

#define strcEQn (  s1, s2, n   )     (strncasecmp(s1,s2,n) == 0)

Definition at line 82 of file mod_nw_ssl.c. Referenced by ssl_cmd_SSLMutex(), ssl_cmd_SSLSessionCache(), ssl_var_lookup(), ssl_var_lookup_ssl(), and ssl_var_lookup_ssl_cert().

#define strcNE (  s1, s2   )     (strcasecmp(s1,s2) != 0)

Definition at line 81 of file mod_nw_ssl.c.

#define strcNEn (  s1, s2, n   )     (strncasecmp(s1,s2,n) != 0)

Definition at line 83 of file mod_nw_ssl.c.

#define strEQ (  s1, s2   )     (strcmp(s1,s2) == 0)

Definition at line 75 of file mod_nw_ssl.c. Referenced by ssl_expr_eval_word(), ssl_hook_UserCheck(), ssl_init_ctx_cert_chain(), ssl_var_log_handler_c(), ssl_var_lookup_ssl_cert_dn(), ssl_var_lookup_ssl_cert_verify(), ssl_var_lookup_ssl_cipher(), and ssl_var_lookup_ssl_version().

#define strEQn (  s1, s2, n   )     (strncmp(s1,s2,n) == 0)

Definition at line 77 of file mod_nw_ssl.c. Referenced by ssl_cmd_SSLPassPhraseDialog(), and ssl_cmd_SSLRandomSeed().

#define strIsEmpty (  s   )     (s == NULL || s[0] == NUL)

Definition at line 85 of file mod_nw_ssl.c. Referenced by ssl_hook_Fixup().

#define strNE (  s1, s2   )     (strcmp(s1,s2) != 0)

Definition at line 76 of file mod_nw_ssl.c. Referenced by ssl_check_public_cert().

#define strNEn (  s1, s2, n   )     (strncmp(s1,s2,n) != 0)

Definition at line 78 of file mod_nw_ssl.c.

#define SWITCH_STATUS_LINE   "HTTP/1.1 101 Switching Protocols"

Referenced by ssl_io_filter_Upgrade().

#define UPGRADE_HEADER   "Upgrade: TLS/1.0, HTTP/1.1"

Referenced by ssl_io_filter_Upgrade().

#define WS_SSL

Definition at line 36 of file mod_nw_ssl.c.

---

Typedef Documentation

typedef struct NWSSLSrvConfigRec NWSSLSrvConfigRec

Definition at line 90 of file mod_nw_ssl.c.

typedef struct seclisten_rec seclisten_rec

Definition at line 91 of file mod_nw_ssl.c.

typedef struct seclistenup_rec seclistenup_rec

Definition at line 92 of file mod_nw_ssl.c.

typedef struct secsocket_data secsocket_data

Definition at line 93 of file mod_nw_ssl.c.

---

Function Documentation

APR_DECLARE_OPTIONAL_FN (  int  , ssl_engine_disable  , (conn_rec *)  )

APR_DECLARE_OPTIONAL_FN (  int  , ssl_proxy_enable  , (conn_rec *)  )

APR_DECLARE_OPTIONAL_FN (  int  , ssl_is_https  , (conn_rec *)  )

APR_DECLARE_OPTIONAL_FN (  char *  , ssl_var_lookup  , (apr_pool_t *, server_rec *, conn_rec *, request_rec *, char *)  )

static void build_cert_list (  apr_pool_t *  p  )  [static]

Definition at line 133 of file mod_nw_ssl.c. References apr_array_header_t::elts, and apr_array_header_t::nelts. Referenced by nwssl_post_config().

static int compare_ipports (  void *  rec, const char *  key, const char *  value )  [static]

Definition at line 695 of file mod_nw_ssl.c. References c, and conn_rec::local_ip. Referenced by isSecureConnEx().

int convert_secure_socket (  conn_rec *  c, apr_socket_t *  csd )

Definition at line 310 of file mod_nw_ssl.c. References APLOG_ERR, APLOG_MARK, apr_os_sock_get(), conn_rec::base_server, NULL, SO_TLS_UNCLEAN_SHUTDOWN, and sock. Referenced by nwssl_pre_connection(). Here is the call graph for this function:

static int find_secure_listener (  seclisten_rec *  lr  )  [static]

Definition at line 204 of file mod_nw_ssl.c. References seclisten_rec::fd, seclisten_rec::local_addr, seclisten_rec::next, and seclisten_rec::used. Referenced by nwssl_post_config().

static char* get_port_key (  conn_rec *  c  )  [static]

Definition at line 217 of file mod_nw_ssl.c. References seclistenup_rec::addr, seclistenup_rec::key, seclistenup_rec::next, NULL, and seclistenup_rec::port. Referenced by ssl_io_filter_Upgrade().

static int isSecure (  const request_rec *  r  )  [static]

Definition at line 734 of file mod_nw_ssl.c. References request_rec::connection, isSecureConn(), and request_rec::server. Referenced by nwssl_hook_default_port(), nwssl_hook_Fixup(), nwssl_hook_http_method(), and ssl_var_lookup(). Here is the call graph for this function:

static int isSecureConn (  const server_rec *  s, const conn_rec *  c )  [static]

Definition at line 720 of file mod_nw_ssl.c. References get_nwssl_cfg, isSecureConnEx(), and NWSSLSrvConfigRec::sltable. Referenced by isSecure(), and ssl_is_https(). Here is the call graph for this function:

static int isSecureConnEx (  const server_rec *  s, const conn_rec *  c, const apr_table_t *  t )  [static]

Definition at line 707 of file mod_nw_ssl.c. References compare_ipports(), conn_rec::local_addr, NULL, and port. Referenced by isSecureConn(), and isSecureConnUpgradeable(). Here is the call graph for this function:

static int isSecureConnUpgradeable (  const server_rec *  s, const conn_rec *  c )  [static]

Definition at line 727 of file mod_nw_ssl.c. References get_nwssl_cfg, isSecureConnEx(), and NWSSLSrvConfigRec::slutable. Referenced by isSecureUpgradeable(). Here is the call graph for this function:

static int isSecureUpgradeable (  const request_rec *  r  )  [static]

Definition at line 739 of file mod_nw_ssl.c. References request_rec::connection, isSecureConnUpgradeable(), and request_rec::server. Referenced by ssl_hook_Insert_Filter(). Here is the call graph for this function:

static int isSecureUpgraded (  const request_rec *  r  )  [static]

Definition at line 744 of file mod_nw_ssl.c. References ap_get_module_config, conn_rec::conn_config, request_rec::connection, and secsocket_data::is_secure. Referenced by nwssl_hook_Fixup(), nwssl_hook_http_method(), and ssl_var_lookup().

static int make_secure_socket (  apr_pool_t *  pconf, const struct sockaddr_in *  server, char *  key, int  mutual, server_rec *  sconf )  [static]

Definition at line 230 of file mod_nw_ssl.c. References addr, APLOG_CRIT, APLOG_MARK, MAX_ADDRESS, NULL, s, and SO_TLS_UNCLEAN_SHUTDOWN. Referenced by nwssl_post_config().

static void* nwssl_config_server_create (  apr_pool_t *  p, server_rec *  s )  [static]

Definition at line 679 of file mod_nw_ssl.c.

static void* nwssl_config_server_merge (  apr_pool_t *  p, void *  basev, void *  addv )  [static]

Definition at line 687 of file mod_nw_ssl.c. References base.

static apr_port_t nwssl_hook_default_port (  const request_rec *  r  )  [static]

Definition at line 771 of file mod_nw_ssl.c. References DEFAULT_HTTPS_PORT, and isSecure(). Referenced by register_hooks(). Here is the call graph for this function:

static int nwssl_hook_Fixup (  request_rec *  r  )  [static]

Definition at line 751 of file mod_nw_ssl.c. References DECLINED, isSecure(), isSecureUpgraded(), and request_rec::subprocess_env. Referenced by register_hooks(). Here is the call graph for this function:

static const char* nwssl_hook_http_method (  const request_rec *  r  )  [static]

Definition at line 763 of file mod_nw_ssl.c. References isSecure(), isSecureUpgraded(), and NULL. Referenced by register_hooks(). Here is the call graph for this function:

static int nwssl_post_config (  apr_pool_t *  pconf, apr_pool_t *  plog, apr_pool_t *  ptemp, server_rec *  s )  [static]

Definition at line 613 of file mod_nw_ssl.c. References seclistenup_rec::addr, seclisten_rec::addr, ap_listeners, APLOG_CRIT, APLOG_MARK, APLOG_WARNING, APR_INET, apr_os_sock_make(), apr_pcalloc, APR_SUCCESS, APR_UNSPEC, ap_listen_rec::bind_addr, build_cert_list(), apr_os_sock_info_t::family, seclisten_rec::fd, find_secure_listener(), HTTP_INTERNAL_SERVER_ERROR, seclisten_rec::key, apr_os_sock_info_t::local, seclisten_rec::local_addr, lr, make_secure_socket(), seclisten_rec::mutual, seclistenup_rec::next, ap_listen_rec::next, seclisten_rec::next, NULL, nwssl_socket_cleanup(), OK, apr_os_sock_info_t::os_sock, apr_sockaddr_t::port, seclistenup_rec::port, seclisten_rec::port, apr_os_sock_info_t::remote, ap_listen_rec::sd, sockaddr, status, and apr_os_sock_info_t::type. Referenced by register_hooks(). Here is the call graph for this function:

static int nwssl_pre_config (  apr_pool_t *  pconf, apr_pool_t *  plog, apr_pool_t *  ptemp )  [static]

Definition at line 586 of file mod_nw_ssl.c. References NULL, and OK. Referenced by register_hooks().

static int nwssl_pre_connection (  conn_rec *  c, void *  csd )  [static]

Definition at line 596 of file mod_nw_ssl.c. References ap_set_module_config, conn_rec::conn_config, convert_secure_socket(), secsocket_data::csd, secsocket_data::is_secure, conn_rec::notes, OK, and conn_rec::pool. Referenced by register_hooks(). Here is the call graph for this function:

static apr_status_t nwssl_socket_cleanup (  void *  data  )  [static]

Definition at line 557 of file mod_nw_ssl.c. References ap_listeners, APR_SUCCESS, lr, and ap_listen_rec::next. Referenced by nwssl_post_config().

static unsigned long parse_addr (  const char *  w, unsigned short *  ports )  [static]

Definition at line 153 of file mod_nw_ssl.c. References exit, NULL, and p. Referenced by set_secure_listener().

static void register_hooks (  apr_pool_t *  p  )  [static]

Definition at line 1122 of file mod_nw_ssl.c. References AP_FTYPE_PROTOCOL, APR_HOOK_MIDDLE, APR_REGISTER_OPTIONAL_FN, NULL, nwssl_hook_default_port(), nwssl_hook_Fixup(), nwssl_hook_http_method(), nwssl_post_config(), nwssl_pre_config(), nwssl_pre_connection(), ssl_engine_disable(), ssl_hook_Insert_Filter(), ssl_io_filter_Upgrade(), ssl_is_https(), ssl_proxy_enable(), and ssl_var_lookup(). Here is the call graph for this function:

static const char* set_secure_listener (  cmd_parms *  cmd, void *  dummy, const char *  ips, const char *  key, const char *  mutual )  [static]

Definition at line 447 of file mod_nw_ssl.c. References addr, apr_pcalloc, err, get_nwssl_cfg, GLOBAL_ONLY, NULL, parse_addr(), cmd_parms_struct::pool, port, cmd_parms_struct::server, and NWSSLSrvConfigRec::sltable. Here is the call graph for this function:

static const char* set_secure_upgradeable_listener (  cmd_parms *  cmd, void *  dummy, const char *  ips, const char *  key )  [static]

Definition at line 506 of file mod_nw_ssl.c. References addr, apr_pcalloc, err, get_nwssl_cfg, GLOBAL_ONLY, NULL, cmd_parms_struct::pool, port, cmd_parms_struct::server, and NWSSLSrvConfigRec::slutable.

static const char* set_trusted_certs (  cmd_parms *  cmd, void *  dummy, char *  arg )  [static]

Definition at line 578 of file mod_nw_ssl.c. References NULL.

int ssl_engine_disable (  conn_rec *  c  )

Definition at line 786 of file mod_nw_ssl.c. Referenced by proxy_post_config(), register_hooks(), and ssl_register_hooks().

static void ssl_hook_Insert_Filter (  request_rec *  r  )  [static]

Definition at line 1100 of file mod_nw_ssl.c. References get_nwssl_cfg, isSecureUpgradeable(), NULL, and request_rec::server. Referenced by register_hooks(). Here is the call graph for this function:

static apr_status_t ssl_io_filter_Upgrade (  ap_filter_t *  f, apr_bucket_brigade *  bb )  [static]

Definition at line 989 of file mod_nw_ssl.c. References ap_get_module_config, APLOG_ERR, APLOG_INFO, APLOG_MARK, APR_BRIGADE_INSERT_TAIL, apr_os_sock_get(), b, conn_rec::conn_config, request_rec::connection, CONNECTION_HEADER, CRLF, secsocket_data::csd, get_port_key(), request_rec::headers_in, request_rec::headers_out, secsocket_data::is_secure, key, M_OPTIONS, request_rec::method_number, NULL, request_rec::pool, r, request_rec::server, SSLize_Socket(), SWITCH_STATUS_LINE, token_string, and UPGRADE_HEADER. Referenced by register_hooks(). Here is the call graph for this function:

static int ssl_is_https (  conn_rec *  c  )  [static]

Definition at line 791 of file mod_nw_ssl.c. References ap_get_module_config, conn_rec::base_server, conn_rec::conn_config, secsocket_data::is_secure, and isSecureConn(). Referenced by post_config(), register_hooks(), and ssl_var_register(). Here is the call graph for this function:

int ssl_proxy_enable (  conn_rec *  c  )

Definition at line 779 of file mod_nw_ssl.c. Referenced by proxy_post_config(), register_hooks(), and ssl_register_hooks().

char* ssl_var_lookup (  apr_pool_t *  p, server_rec *  s, conn_rec *  c, request_rec *  r, char *  var )

Definition at line 799 of file mod_nw_ssl.c. Referenced by