summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorrcritten <>2005-05-31 14:32:42 +0000
committerrcritten <>2005-05-31 14:32:42 +0000
commit102486d90b09d87c7666d70bfb0d01a564868d67 (patch)
tree21d059a8a3035acda6ada54bed940541718eb349
parentb2aee9265a8f8b98a2e3a24a269c2b4b97882d08 (diff)
downloadmod_nss-102486d90b09d87c7666d70bfb0d01a564868d67.tar.gz
mod_nss-102486d90b09d87c7666d70bfb0d01a564868d67.tar.xz
mod_nss-102486d90b09d87c7666d70bfb0d01a564868d67.zip
Changed function and configuration names so mod_nss can peacefully
co-exist with mod_ssl.
Diffstat
-rw-r--r--Makefile.am20
-rw-r--r--Makefile.in32
-rw-r--r--TODO3
-rwxr-xr-xmigrate.pl78
-rw-r--r--mod_nss.c92
-rw-r--r--mod_nss.h128
-rw-r--r--modules.mk4
-rw-r--r--nss_engine_config.c99
-rw-r--r--nss_engine_init.c175
-rw-r--r--nss_engine_io.c130
-rw-r--r--nss_engine_kernel.c60
-rw-r--r--nss_engine_log.c8
-rw-r--r--nss_engine_pphrase.c36
-rw-r--r--nss_engine_vars.c126
-rw-r--r--nss_expr.c53
-rw-r--r--nss_expr.h55
-rw-r--r--nss_expr_eval.c142
-rw-r--r--nss_expr_parse.c (renamed from ssl_expr_parse.c)682
-rw-r--r--nss_expr_parse.h (renamed from ssl_expr_parse.h)4
-rw-r--r--nss_expr_parse.y (renamed from ssl_expr_parse.y)74
-rw-r--r--nss_expr_scan.c (renamed from ssl_expr_scan.c)176
-rw-r--r--nss_expr_scan.l (renamed from ssl_expr_scan.l)37
-rw-r--r--nss_util.c30
23 files changed, 1102 insertions, 1142 deletions
diff --git a/Makefile.am b/Makefile.am
index e12422d..8de5b22 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -6,7 +6,7 @@ bin_PROGRAMS = nss_pcache
nss_pcache_SOURCES = nss_pcache.c
## Define the source file for the module
-libmodnss_la_SOURCES = mod_nss.c nss_engine_config.c nss_engine_init.c nss_engine_io.c nss_engine_kernel.c nss_engine_log.c nss_engine_pphrase.c nss_engine_vars.c nss_expr.c nss_expr_eval.c ssl_expr_parse.y ssl_expr_scan.l nss_util.c
+libmodnss_la_SOURCES = mod_nss.c nss_engine_config.c nss_engine_init.c nss_engine_io.c nss_engine_kernel.c nss_engine_log.c nss_engine_pphrase.c nss_engine_vars.c nss_expr.c nss_expr_eval.c nss_expr_parse.y nss_expr_scan.l nss_util.c
## Set the includes and libraries needed
INCLUDES = -I@apache_inc@ @nspr_inc@ @nss_inc@ @apr_inc@
@@ -58,17 +58,17 @@ install-binPROGRAMS: $(bin_PROGRAMS)
@echo "********************** NOTE **************************"
@echo ""
-ssl_expr_scan.c: ssl_expr_scan.l ssl_expr_parse.h
- $(LEX) -Pssl_expr_yy -s -B ssl_expr_scan.l
- sed -e '/$$Header:/d' <lex.ssl_expr_yy.c >ssl_expr_scan.c && rm -f lex.ssl_expr_yy.c
+nss_expr_scan.c: nss_expr_scan.l nss_expr_parse.h
+ $(LEX) -Pnss_expr_yy -s -B nss_expr_scan.l
+ sed -e '/$$Header:/d' <lex.nss_expr_yy.c >nss_expr_scan.c && rm -f lex.nss_expr_yy.c
-ssl_expr_parse.c ssl_expr_parse.h: ssl_expr_parse.y
- $(YACC) -d ssl_expr_parse.y
- sed -e 's;yy;ssl_expr_yy;g' \
+nss_expr_parse.c nss_expr_parse.h: nss_expr_parse.y
+ $(YACC) -d nss_expr_parse.y
+ sed -e 's;yy;nss_expr_yy;g' \
-e '/#if defined(c_plusplus) || defined(__cplusplus)/,/#endif/d' \
- <y.tab.c >ssl_expr_parse.c && rm -f y.tab.c
- sed -e 's;yy;ssl_expr_yy;g' \
- <y.tab.h >ssl_expr_parse.h && rm -f y.tab.h
+ <y.tab.c >nss_expr_parse.c && rm -f y.tab.c
+ sed -e 's;yy;nss_expr_yy;g' \
+ <y.tab.h >nss_expr_parse.h && rm -f y.tab.h
LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) \
$(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \
diff --git a/Makefile.in b/Makefile.in
index 1166181..6f29fce 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -96,7 +96,7 @@ bin_PROGRAMS = nss_pcache
nss_pcache_SOURCES = nss_pcache.c
-libmodnss_la_SOURCES = mod_nss.c nss_engine_config.c nss_engine_init.c nss_engine_io.c nss_engine_kernel.c nss_engine_log.c nss_engine_pphrase.c nss_engine_vars.c nss_expr.c nss_expr_eval.c ssl_expr_parse.y ssl_expr_scan.l nss_util.c
+libmodnss_la_SOURCES = mod_nss.c nss_engine_config.c nss_engine_init.c nss_engine_io.c nss_engine_kernel.c nss_engine_log.c nss_engine_pphrase.c nss_engine_vars.c nss_expr.c nss_expr_eval.c nss_expr_parse.y nss_expr_scan.l nss_util.c
INCLUDES = -I@apache_inc@ @nspr_inc@ @nss_inc@ @apr_inc@
LIBS = @nspr_lib@ @nss_lib@ -lnspr4 -lplc4 -lplds4 -lssl3 -lsmime3 -lnss3
@@ -123,7 +123,7 @@ libmodnss_la_LIBADD =
libmodnss_la_OBJECTS = mod_nss.lo nss_engine_config.lo \
nss_engine_init.lo nss_engine_io.lo nss_engine_kernel.lo \
nss_engine_log.lo nss_engine_pphrase.lo nss_engine_vars.lo nss_expr.lo \
-nss_expr_eval.lo ssl_expr_parse.lo ssl_expr_scan.lo nss_util.lo
+nss_expr_eval.lo nss_expr_parse.lo nss_expr_scan.lo nss_util.lo
bin_PROGRAMS = nss_pcache$(EXEEXT)
PROGRAMS = $(bin_PROGRAMS)
@@ -139,7 +139,7 @@ CCLD = $(CC)
DIST_COMMON = README AUTHORS COPYING ChangeLog INSTALL Makefile.am \
Makefile.in NEWS TODO aclocal.m4 config.guess config.sub configure \
configure.in gencert.in install-sh ltmain.sh missing mkinstalldirs \
-nss.conf.in ssl_expr_parse.c ssl_expr_scan.c
+nss.conf.in nss_expr_parse.c nss_expr_scan.c
DISTFILES = $(DIST_COMMON) $(SOURCES) $(HEADERS) $(TEXINFOS) $(EXTRA_DIST)
@@ -150,8 +150,8 @@ DEP_FILES = .deps/mod_nss.P .deps/nss_engine_config.P \
.deps/nss_engine_init.P .deps/nss_engine_io.P .deps/nss_engine_kernel.P \
.deps/nss_engine_log.P .deps/nss_engine_pphrase.P \
.deps/nss_engine_vars.P .deps/nss_expr.P .deps/nss_expr_eval.P \
-.deps/nss_pcache.P .deps/nss_util.P .deps/ssl_expr_parse.P \
-.deps/ssl_expr_scan.P
+.deps/nss_expr_parse.P .deps/nss_expr_scan.P .deps/nss_pcache.P \
+.deps/nss_util.P
SOURCES = $(libmodnss_la_SOURCES) $(nss_pcache_SOURCES)
OBJECTS = $(libmodnss_la_OBJECTS) $(nss_pcache_OBJECTS)
@@ -258,7 +258,7 @@ nss_pcache$(EXEEXT): $(nss_pcache_OBJECTS) $(nss_pcache_DEPENDENCIES)
if test -f y.tab.h; then \
if cmp -s y.tab.h $*.h; then rm -f y.tab.h; else mv y.tab.h $*.h; fi; \
else :; fi
-ssl_expr_parse.h: ssl_expr_parse.c
+nss_expr_parse.h: nss_expr_parse.c
tags: TAGS
@@ -411,7 +411,7 @@ distclean-generic:
-rm -f config.cache config.log stamp-h stamp-h[0-9]*
maintainer-clean-generic:
- -test -z "ssl_expr_scanlssl_expr_parsehssl_expr_parsec" || rm -f ssl_expr_scanl ssl_expr_parseh ssl_expr_parsec
+ -test -z "nss_expr_scanlnss_expr_parsehnss_expr_parsec" || rm -f nss_expr_scanl nss_expr_parseh nss_expr_parsec
mostlyclean-am: mostlyclean-libLTLIBRARIES mostlyclean-compile \
mostlyclean-libtool mostlyclean-binPROGRAMS \
mostlyclean-tags mostlyclean-depend mostlyclean-generic
@@ -506,17 +506,17 @@ install-binPROGRAMS: $(bin_PROGRAMS)
@echo "********************** NOTE **************************"
@echo ""
-ssl_expr_scan.c: ssl_expr_scan.l ssl_expr_parse.h
- $(LEX) -Pssl_expr_yy -s -B ssl_expr_scan.l
- sed -e '/$$Header:/d' <lex.ssl_expr_yy.c >ssl_expr_scan.c && rm -f lex.ssl_expr_yy.c
+nss_expr_scan.c: nss_expr_scan.l nss_expr_parse.h
+ $(LEX) -Pnss_expr_yy -s -B nss_expr_scan.l
+ sed -e '/$$Header:/d' <lex.nss_expr_yy.c >nss_expr_scan.c && rm -f lex.nss_expr_yy.c
-ssl_expr_parse.c ssl_expr_parse.h: ssl_expr_parse.y
- $(YACC) -d ssl_expr_parse.y
- sed -e 's;yy;ssl_expr_yy;g' \
+nss_expr_parse.c nss_expr_parse.h: nss_expr_parse.y
+ $(YACC) -d nss_expr_parse.y
+ sed -e 's;yy;nss_expr_yy;g' \
-e '/#if defined(c_plusplus) || defined(__cplusplus)/,/#endif/d' \
- <y.tab.c >ssl_expr_parse.c && rm -f y.tab.c
- sed -e 's;yy;ssl_expr_yy;g' \
- <y.tab.h >ssl_expr_parse.h && rm -f y.tab.h
+ <y.tab.c >nss_expr_parse.c && rm -f y.tab.c
+ sed -e 's;yy;nss_expr_yy;g' \
+ <y.tab.h >nss_expr_parse.h && rm -f y.tab.h
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/TODO b/TODO
index b2c901c..ce9fdf4 100644
--- a/TODO
+++ b/TODO
@@ -1,2 +1,3 @@
- Support for mod_proxy
-- Pull the entire cert chain when requested
+- Offer to automatically generate a self-signed cert using gencert during
+ install?
diff --git a/migrate.pl b/migrate.pl
index fd0d990..757d85e 100755
--- a/migrate.pl
+++ b/migrate.pl
@@ -8,9 +8,11 @@ use Getopt::Std;
BEGIN {
$NSSDir = cwd();
- $CACertificatePath = "";
- $CACertificateFile = "";
+ $SSLCACertificatePath = "";
+ $SSLCACertificateFile = "";
$SSLCertificateFile = "";
+ $SSLCARevocationPath = "";
+ $SSLCARevocationFile = "";
$SSLCertificateKeyFile = "";
$passphrase = 0;
}
@@ -19,14 +21,12 @@ BEGIN {
"SSLSessionCache" => "",
"SSLMutex" => "",
"SSLCertificateChainFile" => "",
- "SSLCARevocationPath" => "",
- "SSLCARevocationFile" => "",
"SSLVerifyDepth" => "" ,
"SSLCryptoDevice" => "" ,
"LoadModule" => "" ,
);
-%insert = ( "SSLSessionCacheTimeout", "SSLSessionCacheSize 10000\nSSL3SessionCacheTimeout 86400\n",);
+%insert = ( "NSSSessionCacheTimeout", "NSSSessionCacheSize 10000\nNSSSession3CacheTimeout 86400\n",);
getopts('ch');
@@ -60,25 +60,31 @@ while (<SSL>) {
}
if ($stmt eq "SSLCipherSuite") {
- print NSS "SSLCipherSuite ", get_ciphers($val), "\n";
- print NSS "SSLProtocol SSLv3,TLSv1\n";
+ print NSS "NSSCipherSuite ", get_ciphers($val), "\n";
+ print NSS "NSSProtocol SSLv3,TLSv1\n";
$comment = 1;
} elsif ($stmt eq "SSLCACertificatePath") {
- $CACertificatePath = $value;
+ $SSLCACertificatePath = $value;
$comment = 1;
} elsif ($stmt eq "SSLCACertificateFile") {
- $CACertificateFile = $value;
+ $SSLCACertificateFile = $value;
$comment = 1;
} elsif ($stmt eq "SSLCertificateFile") {
- print NSS "SSLCertificateDatabase $NSSDir\n";
- print NSS "SSLNickName Server-Cert\n";
+ print NSS "NSSCertificateDatabase $NSSDir\n";
+ print NSS "NSSNickName Server-Cert\n";
$SSLCertificateFile = $value;
$comment = 1;
} elsif ($stmt eq "SSLCertificateKeyFile") {
$SSLCertificateKeyFile = $value;
$comment = 1;
+ } elsif ($stmt eq "SSLCARevocationPath") {
+ $SSLCARevocationPath = $value;
+ $comment = 1;
+ } elsif ($stmt eq "SSLCARevocationFile") {
+ $SSLCARevocationFile = $value;
+ $comment = 1;
} elsif ($stmt eq "SSLPassPhraseDialog") {
- print NSS "SSLPassPhraseHelper /usr/local/bin/nss_pcache\n";
+ print NSS "NSSPassPhraseHelper /usr/local/bin/nss_pcache\n";
$passphrase = 1;
$comment = 1;
}
@@ -89,6 +95,9 @@ while (<SSL>) {
next;
}
+ # Fix up any remaining directive names
+ s/^SSL/NSS/;
+
if (exists($insert{$stmt})) {
print NSS "$_";
print NSS $insert{$stmt};
@@ -106,7 +115,7 @@ while (<SSL>) {
}
if ($passphrase == 0) {
- print NSS "SSLPassPhraseHelper /usr/sbin/nss_pcache\n";
+ print NSS "NSSPassPhraseHelper /usr/sbin/nss_pcache\n";
}
close(NSS);
@@ -128,26 +137,55 @@ if ($opt_c) {
run_command("pk12util -i server.p12 -d $NSSDir -W foo");
}
- if ($CACertificateFile ne "") {
- my $subject = get_cert_subject($CACertificateFile);
+ if ($SSLCACertificateFile ne "") {
+ my $subject = get_cert_subject($SSLCACertificateFile);
if ($subject ne "") {
print "Importing CA certificate $subject\n";
- run_command("certutil -A -n \"$subject\" -t \"CT,,\" -d $NSSDir -a -i $CACertificateFile");
+ run_command("certutil -A -n \"$subject\" -t \"CT,,\" -d $NSSDir -a -i $SSLCACertificateFile");
}
}
- if ($CACertificatePath ne "") {
- opendir(DIR, $CACertificatePath) or die "can't opendir $CACertificatePath: $!";
+ if ($SSLCACertificatePath ne "") {
+ opendir(DIR, $SSLCACertificatePath) or die "can't opendir $SSLCACertificatePath: $!";
while (defined($file = readdir(DIR))) {
next if -d $file;
# we can operate directly on the hash files so don't have to worry
# about any SKIPME's.
if ($file =~ /hash.*/) {
- my $subject = get_cert_subject("$CACertificatePath/$file");
+ my $subject = get_cert_subject("$SSLCACertificatePath/$file");
if ($subject ne "") {
print "Importing CA certificate $subject\n";
- run_command("certutil -A -n \"$subject\" -t \"CT,,\" -d $NSSDir -a -i $CACertificatePath/$file");
+ run_command("certutil -A -n \"$subject\" -t \"CT,,\" -d $NSSDir -a -i $SSLCACertificatePath/$file");
+ }
+ }
+ }
+ closedir(DIR);
+ }
+
+ if ($SSLCARevocationFile ne "") {
+ print "Importing CRL file $CARevocationFile\n";
+ # Convert to DER format
+ run_command("openssl crl -in $SSLCARevocationFile -out /tmp/crl.tmp -inform PEM -outform DER");
+ run_command("crlutil -I -t 1 -d $NSSDir -i /tmp/crl.tmp");
+ unlink("/tmp/crl.tmp");
+ }
+
+ if ($SSLCARevocationPath ne "") {
+ opendir(DIR, $SSLCARevocationPath) or die "can't opendir $SSLCARevocationPath: $!";
+ while (defined($file = readdir(DIR))) {
+ next if -d $file;
+
+ # we can operate directly on the hash files so don't have to worry
+ # about any SKIPME's.
+ if ($file =~ /hash.*/) {
+ my $subject = get_cert_subject("$SSLCARevocationPath/$file");
+ if ($subject ne "") {
+ print "Importing CRL file $file\n";
+ # Convert to DER format
+ run_command("openssl crl -in $SSLCARevocationPath/$file -out /tmp/crl.tmp -inform PEM -outform DER");
+ run_command("crlutil -I -t 1 -d $NSSDir -i /tmp/crl.tmp");
+ unlink("/tmp/crl.tmp");
}
}
}
diff --git a/mod_nss.c b/mod_nss.c
index 16d090d..131b436 100644
--- a/mod_nss.c
+++ b/mod_nss.c
@@ -21,20 +21,20 @@
*/
#define SSL_CMD_ALL(name, args, desc) \
- AP_INIT_##args("SSL"#name, ssl_cmd_SSL##name, \
+ AP_INIT_##args("NSS"#name, nss_cmd_NSS##name, \
NULL, RSRC_CONF|OR_AUTHCFG, desc),
#define SSL_CMD_SRV(name, args, desc) \
- AP_INIT_##args("SSL"#name, ssl_cmd_SSL##name, \
+ AP_INIT_##args("NSS"#name, nss_cmd_NSS##name, \
NULL, RSRC_CONF, desc),
#define SSL_CMD_DIR(name, type, args, desc) \
- AP_INIT_##args("SSL"#name, ssl_cmd_SSL##name, \
+ AP_INIT_##args("NSS"#name, nss_cmd_NSS##name, \
NULL, OR_##type, desc),
#define AP_END_CMD { NULL }
-static const command_rec ssl_config_cmds[] = {
+static const command_rec nss_config_cmds[] = {
/*
* Global (main-server) context configuration directives
*/
@@ -44,7 +44,7 @@ static const command_rec ssl_config_cmds[] = {
SSL_CMD_SRV(SessionCacheTimeout, TAKE1,
"SSL 2 Session Cache object lifetime "
"(`N' - number of seconds)")
- SSL_CMD_SRV(3SessionCacheTimeout, TAKE1,
+ SSL_CMD_SRV(Session3CacheTimeout, TAKE1,
"SSL 3/TLS Session Cache object lifetime "
"(`N' - number of seconds)")
SSL_CMD_SRV(SessionCacheSize, TAKE1,
@@ -144,18 +144,17 @@ static const command_rec ssl_config_cmds[] = {
* the various processing hooks
*/
-static int ssl_hook_pre_config(apr_pool_t *pconf,
+static int nss_hook_pre_config(apr_pool_t *pconf,
apr_pool_t *plog,
apr_pool_t *ptemp)
{
- ap_log_error(APLOG_MARK, APLOG_INFO, 0, NULL, "ssl_hook_pre_config");
/* Register us to handle mod_log_config %c/%x variables */
- ssl_var_log_config_register(pconf);
+ nss_var_log_config_register(pconf);
return OK;
}
-static SSLConnRec *ssl_init_connection_ctx(conn_rec *c)
+static SSLConnRec *nss_init_connection_ctx(conn_rec *c)
{
SSLConnRec *sslconn = myConnConfig(c);
@@ -167,7 +166,7 @@ static SSLConnRec *ssl_init_connection_ctx(conn_rec *c)
sslconn->is_proxy = 0;
sslconn->disabled = 0;
- sslconn->non_ssl_request = 0;
+ sslconn->non_nss_request = 0;
sslconn->ssl = NULL;
myConnConfigSet(c, sslconn);
@@ -176,11 +175,11 @@ static SSLConnRec *ssl_init_connection_ctx(conn_rec *c)
}
#ifdef PROXY
-int ssl_proxy_enable(conn_rec *c)
+int nss_proxy_enable(conn_rec *c)
{
SSLSrvConfigRec *sc = mySrvConfig(c->base_server);
- SSLConnRec *sslconn = ssl_init_connection_ctx(c);
+ SSLConnRec *sslconn = nss_init_connection_ctx(c);
if (!sc->proxy_enabled) {
ap_log_error(APLOG_MARK, APLOG_ERR, 0, c->base_server,
@@ -197,7 +196,7 @@ int ssl_proxy_enable(conn_rec *c)
}
#endif
-int ssl_engine_disable(conn_rec *c)
+int nss_engine_disable(conn_rec *c)
{
SSLSrvConfigRec *sc = mySrvConfig(c->base_server);
@@ -207,14 +206,14 @@ int ssl_engine_disable(conn_rec *c)
return 0;
}
- sslconn = ssl_init_connection_ctx(c);
+ sslconn = nss_init_connection_ctx(c);
sslconn->disabled = 1;
return 1;
}
-static int ssl_hook_pre_connection(conn_rec *c, void *csd)
+static int nss_hook_pre_connection(conn_rec *c, void *csd)
{
SSLSrvConfigRec *sc = mySrvConfig(c->base_server);
PRFileDesc *ssl;
@@ -234,7 +233,7 @@ static int ssl_hook_pre_connection(conn_rec *c, void *csd)
* Create SSL context
*/
if (!sslconn) {
- sslconn = ssl_init_connection_ctx(c);
+ sslconn = nss_init_connection_ctx(c);
}
if (sslconn->disabled) {
@@ -258,14 +257,14 @@ static int ssl_hook_pre_connection(conn_rec *c, void *csd)
* attach this to the socket. Additionally we register this attachment
* so we can detach later.
*/
- ssl = ssl_io_new_fd();
+ ssl = nss_io_new_fd();
ssl = SSL_ImportFD(mctx->model, ssl);
if (!(ssl)) {
ap_log_error(APLOG_MARK, APLOG_ERR, 0, c->base_server,
"Unable to create a new SSL connection from the SSL "
"context");
- ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, c->base_server);
+ nss_log_nss_error(APLOG_MARK, APLOG_ERR, c->base_server);
c->aborted = 1;
@@ -275,14 +274,14 @@ static int ssl_hook_pre_connection(conn_rec *c, void *csd)
sslconn->ssl = ssl;
sslconn->client_socket = csd;
- ssl_io_filter_init(c, ssl);
+ nss_io_filter_init(c, ssl);
SSL_ResetHandshake(ssl, PR_TRUE);
return APR_SUCCESS;
}
-static const char *ssl_hook_http_method(const request_rec *r)
+static const char *nss_hook_http_method(const request_rec *r)
{
SSLSrvConfigRec *sc = mySrvConfig(r->server);
@@ -293,7 +292,7 @@ static const char *ssl_hook_http_method(const request_rec *r)
return "https";
}
-static apr_port_t ssl_hook_default_port(const request_rec *r)
+static apr_port_t nss_hook_default_port(const request_rec *r)
{
SSLSrvConfigRec *sc = mySrvConfig(r->server);
@@ -308,38 +307,37 @@ static apr_port_t ssl_hook_default_port(const request_rec *r)
* the module registration phase
*/
-static void ssl_register_hooks(apr_pool_t *p)
+static void nss_register_hooks(apr_pool_t *p)
{
- ap_log_error(APLOG_MARK, APLOG_INFO, 0, NULL, "ssl_register_hooks");
- ssl_io_filter_register(p);
-
- ap_hook_pre_connection(ssl_hook_pre_connection,NULL,NULL, APR_HOOK_MIDDLE);
- ap_hook_post_config (ssl_init_Module, NULL,NULL, APR_HOOK_MIDDLE);
- ap_hook_http_method (ssl_hook_http_method, NULL,NULL, APR_HOOK_MIDDLE);
- ap_hook_default_port (ssl_hook_default_port, NULL,NULL, APR_HOOK_MIDDLE);
- ap_hook_pre_config (ssl_hook_pre_config, NULL,NULL, APR_HOOK_MIDDLE);
- ap_hook_child_init (ssl_init_Child, NULL,NULL, APR_HOOK_MIDDLE);
- ap_hook_translate_name(ssl_hook_Translate, NULL,NULL, APR_HOOK_MIDDLE);
- ap_hook_check_user_id (ssl_hook_UserCheck, NULL,NULL, APR_HOOK_FIRST);
- ap_hook_fixups (ssl_hook_Fixup, NULL,NULL, APR_HOOK_MIDDLE);
- ap_hook_access_checker(ssl_hook_Access, NULL,NULL, APR_HOOK_MIDDLE);
- ap_hook_auth_checker (ssl_hook_Auth, NULL,NULL, APR_HOOK_MIDDLE);
- ap_hook_post_read_request(ssl_hook_ReadReq, NULL,NULL, APR_HOOK_MIDDLE);
-
- ssl_var_register();
+ nss_io_filter_register(p);
+
+ ap_hook_pre_connection(nss_hook_pre_connection,NULL,NULL, APR_HOOK_MIDDLE);
+ ap_hook_post_config (nss_init_Module, NULL,NULL, APR_HOOK_MIDDLE);
+ ap_hook_http_method (nss_hook_http_method, NULL,NULL, APR_HOOK_MIDDLE);
+ ap_hook_default_port (nss_hook_default_port, NULL,NULL, APR_HOOK_MIDDLE);
+ ap_hook_pre_config (nss_hook_pre_config, NULL,NULL, APR_HOOK_MIDDLE);
+ ap_hook_child_init (nss_init_Child, NULL,NULL, APR_HOOK_MIDDLE);
+ ap_hook_translate_name(nss_hook_Translate, NULL,NULL, APR_HOOK_MIDDLE);
+ ap_hook_check_user_id (nss_hook_UserCheck, NULL,NULL, APR_HOOK_FIRST);
+ ap_hook_fixups (nss_hook_Fixup, NULL,NULL, APR_HOOK_MIDDLE);
+ ap_hook_access_checker(nss_hook_Access, NULL,NULL, APR_HOOK_MIDDLE);
+ ap_hook_auth_checker (nss_hook_Auth, NULL,NULL, APR_HOOK_MIDDLE);
+ ap_hook_post_read_request(nss_hook_ReadReq, NULL,NULL, APR_HOOK_MIDDLE);
+
+ nss_var_register();
#ifdef PROXY
- APR_REGISTER_OPTIONAL_FN(ssl_proxy_enable);
+ APR_REGISTER_OPTIONAL_FN(nss_proxy_enable);
#endif
- APR_REGISTER_OPTIONAL_FN(ssl_engine_disable);
+ APR_REGISTER_OPTIONAL_FN(nss_engine_disable);
}
module AP_MODULE_DECLARE_DATA nss_module = {
STANDARD20_MODULE_STUFF,
- ssl_config_perdir_create, /* create per-dir config structures */
- ssl_config_perdir_merge, /* merge per-dir config structures */
- ssl_config_server_create, /* create per-server config structures */
- ssl_config_server_merge, /* merge per-server config structures */
- ssl_config_cmds, /* table of configuration directives */
- ssl_register_hooks /* register hooks */
+ nss_config_perdir_create, /* create per-dir config structures */
+ nss_config_perdir_merge, /* merge per-dir config structures */
+ nss_config_server_create, /* create per-server config structures */
+ nss_config_server_merge, /* merge per-server config structures */
+ nss_config_cmds, /* table of configuration directives */
+ nss_register_hooks /* register hooks */
};
diff --git a/mod_nss.h b/mod_nss.h
index 1095cd2..c43e7e1 100644
--- a/mod_nss.h
+++ b/mod_nss.h
@@ -152,15 +152,15 @@ ap_set_module_config(c->conn_config, &nss_module, val)
#define SSL_OPT_STRICTREQUIRE (1<<5)
#define SSL_OPT_OPTRENEGOTIATE (1<<6)
#define SSL_OPT_ALL (SSL_OPT_STDENVVARS|SSL_OPT_COMPATENVVAR|SSL_OPT_EXPORTCERTDATA|SSL_OPT_FAKEBASICAUTH|SSL_OPT_STRICTREQUIRE|SSL_OPT_OPTRENEGOTIATE)
-typedef int ssl_opt_t;
+typedef int nss_opt_t;
/*
* Define the SSL requirement structure
*/
typedef struct {
char *cpExpr;
- ssl_expr *mpExpr;
-} ssl_require_t;
+ nss_expr *mpExpr;
+} nss_require_t;
/*
* Define the SSL verify levels
@@ -171,7 +171,7 @@ typedef enum {
SSL_CVERIFY_OPTIONAL = 1,
SSL_CVERIFY_REQUIRE = 2,
SSL_CVERIFY_OPTIONAL_NO_CA = 3
-} ssl_verify_t;
+} nss_verify_t;
/*
* Define the SSL pass phrase dialog types
@@ -180,7 +180,7 @@ typedef enum {
SSL_PPTYPE_UNSET = UNSET,
SSL_PPTYPE_BUILTIN = 0,
SSL_PPTYPE_FILE = 1,
-} ssl_pphrase_t;
+} nss_pphrase_t;
/*
* Define the mod_ssl per-module configuration structure
@@ -193,7 +193,7 @@ typedef struct {
CERTCertificate *client_cert;
int is_proxy;
int disabled;
- int non_ssl_request;
+ int non_nss_request;
apr_socket_t * client_socket;
} SSLConnRec;
@@ -209,7 +209,7 @@ typedef struct {
int ssl3_session_cache_timeout;
/* config for handling encrypted keys */
- ssl_pphrase_t pphrase_dialog_type;
+ nss_pphrase_t pphrase_dialog_type;
const char *pphrase_dialog_path;
const char *pphrase_dialog_helper;
@@ -229,7 +229,7 @@ typedef struct {
const char *protocols;
/* for client or downstream server authentication */
- ssl_verify_t verify_mode;
+ nss_verify_t verify_mode;
} modnss_auth_ctx_t;
typedef struct {
@@ -275,7 +275,7 @@ typedef struct {
int nOptionsAdd;
int nOptionsDel;
const char *szCipherSuite;
- ssl_verify_t nVerifyClient;
+ nss_verify_t nVerifyClient;
const char *szCACertificatePath;
const char *szCACertificateFile;
const char *szUserName;
@@ -294,7 +294,7 @@ typedef struct
enum sslversion { SSL2=1, SSL3=2, TLS=4};
-/* the table itself is defined in ssl_engine_init.c */
+/* the table itself is defined in nss_engine_init.c */
#define ciphernum 23
/*
@@ -305,86 +305,86 @@ enum sslversion { SSL2=1, SSL3=2, TLS=4};
extern module AP_MODULE_DECLARE_DATA nss_module;
/* configuration handling */
-SSLModConfigRec *ssl_config_global_create(server_rec *);
-void *ssl_config_perdir_create(apr_pool_t *p, char *dir);
-void *ssl_config_perdir_merge(apr_pool_t *p, void *basev, void *addv);
-void *ssl_config_server_create(apr_pool_t *p, server_rec *s);
-void *ssl_config_server_merge(apr_pool_t *p, void *basev, void *addv);
-const char *ssl_cmd_SSLEngine(cmd_parms *, void *, int);
-const char *ssl_cmd_SSLCertificateDatabase(cmd_parms *cmd, void *dcfg, const char *arg);
-const char *ssl_cmd_SSLCipherSuite(cmd_parms *cmd, void *dcfg, const char *arg);
-const char *ssl_cmd_SSLVerifyClient(cmd_parms *cmd, void *dcfg, const char *arg);
-const char *ssl_cmd_SSLProtocol(cmd_parms *cmd, void *dcfg, const char *arg);
-const char *ssl_cmd_SSLNickname(cmd_parms *cmd, void *dcfg, const char *arg);
-const char *ssl_cmd_SSLEnforceValidCerts(cmd_parms *, void *, int);
-const char *ssl_cmd_SSLSessionCacheTimeout(cmd_parms *cmd, void *dcfg, const char *arg);
-const char *ssl_cmd_SSL3SessionCacheTimeout(cmd_parms *cmd, void *dcfg, const char *arg);
-const char *ssl_cmd_SSLSessionCacheSize(cmd_parms *cmd, void *dcfg, const char *arg);
-const char *ssl_cmd_SSLPassPhraseDialog(cmd_parms *cmd, void *dcfg, const char *arg);
-const char *ssl_cmd_SSLPassPhraseHelper(cmd_parms *cmd, void *dcfg, const char *arg);
-const char *ssl_cmd_SSLUserName(cmd_parms *cmd, void *dcfg, const char *arg);
-const char *ssl_cmd_SSLOptions(cmd_parms *, void *, const char *);
-const char *ssl_cmd_SSLRequireSSL(cmd_parms *cmd, void *dcfg);
-const char *ssl_cmd_SSLRequire(cmd_parms *, void *, const char *);
+SSLModConfigRec *nss_config_global_create(server_rec *);
+void *nss_config_perdir_create(apr_pool_t *p, char *dir);
+void *nss_config_perdir_merge(apr_pool_t *p, void *basev, void *addv);
+void *nss_config_server_create(apr_pool_t *p, server_rec *s);
+void *nss_config_server_merge(apr_pool_t *p, void *basev, void *addv);
+const char *nss_cmd_NSSEngine(cmd_parms *, void *, int);
+const char *nss_cmd_NSSCertificateDatabase(cmd_parms *cmd, void *dcfg, const char *arg);
+const char *nss_cmd_NSSCipherSuite(cmd_parms *cmd, void *dcfg, const char *arg);
+const char *nss_cmd_NSSVerifyClient(cmd_parms *cmd, void *dcfg, const char *arg);
+const char *nss_cmd_NSSProtocol(cmd_parms *cmd, void *dcfg, const char *arg);
+const char *nss_cmd_NSSNickname(cmd_parms *cmd, void *dcfg, const char *arg);
+const char *nss_cmd_NSSEnforceValidCerts(cmd_parms *, void *, int);
+const char *nss_cmd_NSSSessionCacheTimeout(cmd_parms *cmd, void *dcfg, const char *arg);
+const char *nss_cmd_NSSSession3CacheTimeout(cmd_parms *cmd, void *dcfg, const char *arg);
+const char *nss_cmd_NSSSessionCacheSize(cmd_parms *cmd, void *dcfg, const char *arg);
+const char *nss_cmd_NSSPassPhraseDialog(cmd_parms *cmd, void *dcfg, const char *arg);
+const char *nss_cmd_NSSPassPhraseHelper(cmd_parms *cmd, void *dcfg, const char *arg);
+const char *nss_cmd_NSSUserName(cmd_parms *cmd, void *dcfg, const char *arg);
+const char *nss_cmd_NSSOptions(cmd_parms *, void *, const char *);
+const char *nss_cmd_NSSRequireSSL(cmd_parms *cmd, void *dcfg);
+const char *nss_cmd_NSSRequire(cmd_parms *, void *, const char *);
/* module initialization */
-int ssl_init_Module(apr_pool_t *, apr_pool_t *, apr_pool_t *, server_rec *);
-void ssl_init_Child(apr_pool_t *, server_rec *);
-void ssl_init_ConfigureServer(server_rec *, apr_pool_t *, apr_pool_t *, SSLSrvConfigRec *);
-apr_status_t ssl_init_ModuleKill(void *data);
-int ssl_parse_ciphers(server_rec *s, char *ciphers, PRBool cipher_list[ciphernum]);
+int nss_init_Module(apr_pool_t *, apr_pool_t *, apr_pool_t *, server_rec *);
+void nss_init_Child(apr_pool_t *, server_rec *);
+void nss_init_ConfigureServer(server_rec *, apr_pool_t *, apr_pool_t *, SSLSrvConfigRec *);
+apr_status_t nss_init_ModuleKill(void *data);
+int nss_parse_ciphers(server_rec *s, char *ciphers, PRBool cipher_list[ciphernum]);
/* Apache API hooks */
-int ssl_hook_Translate(request_rec *r);
-int ssl_hook_UserCheck(request_rec *r);
-int ssl_hook_Fixup(request_rec *r);
-int ssl_hook_Access(request_rec *r);
-int ssl_hook_Auth(request_rec *r);
-int ssl_hook_ReadReq(request_rec *r);
+int nss_hook_Translate(request_rec *r);
+int nss_hook_UserCheck(request_rec *r);
+int nss_hook_Fixup(request_rec *r);
+int nss_hook_Access(request_rec *r);
+int nss_hook_Auth(request_rec *r);
+int nss_hook_ReadReq(request_rec *r);
/* Variables */
-void ssl_var_register(void);
-char *ssl_var_lookup(apr_pool_t *, server_rec *, conn_rec *, request_rec *, char *);
-void ssl_var_log_config_register(apr_pool_t *p);
+void nss_var_register(void);
+char *nss_var_lookup(apr_pool_t *, server_rec *, conn_rec *, request_rec *, char *);
+void nss_var_log_config_register(apr_pool_t *p);
-APR_DECLARE_OPTIONAL_FN(char *, ssl_var_lookup,
+APR_DECLARE_OPTIONAL_FN(char *, nss_var_lookup,
(apr_pool_t *, server_rec *,
conn_rec *, request_rec *,
char *));
/* An optional function which returns non-zero if the given connection
* is using SSL/TLS. */
-APR_DECLARE_OPTIONAL_FN(int, ssl_is_https, (conn_rec *));
+APR_DECLARE_OPTIONAL_FN(int, nss_is_https, (conn_rec *));
/* Proxy Support */
-int ssl_engine_disable(conn_rec *c);
+int nss_engine_disable(conn_rec *c);
-APR_DECLARE_OPTIONAL_FN(int, ssl_engine_disable, (conn_rec *));
+APR_DECLARE_OPTIONAL_FN(int, nss_engine_disable, (conn_rec *));
/* I/O */
-PRFileDesc * ssl_io_new_fd();
-int ssl_io_layer_init();
-void ssl_io_filter_init(conn_rec *c, PRFileDesc *ssl);
-void ssl_io_filter_register(apr_pool_t *p);
+PRFileDesc * nss_io_new_fd();
+int nss_io_layer_init();
+void nss_io_filter_init(conn_rec *c, PRFileDesc *ssl);
+void nss_io_filter_register(apr_pool_t *p);
/* Utility Functions */
-char *ssl_util_vhostid(apr_pool_t *, server_rec *);
-void ssl_util_strupper(char *);
-void ssl_util_uuencode(char *, const char *, BOOL);
-void ssl_util_uuencode_binary(unsigned char *, const unsigned char *, int, BOOL);
-apr_file_t *ssl_util_ppopen(server_rec *, apr_pool_t *, const char *,
+char *nss_util_vhostid(apr_pool_t *, server_rec *);
+void nss_util_strupper(char *);
+void nss_util_uuencode(char *, const char *, BOOL);
+void nss_util_uuencode_binary(unsigned char *, const unsigned char *, int, BOOL);
+apr_file_t *nss_util_ppopen(server_rec *, apr_pool_t *, const char *,
const char * const *);
-void ssl_util_ppclose(server_rec *, apr_pool_t *, apr_file_t *);
-char *ssl_util_readfilter(server_rec *, apr_pool_t *, const char *,
+void nss_util_ppclose(server_rec *, apr_pool_t *, apr_file_t *);
+char *nss_util_readfilter(server_rec *, apr_pool_t *, const char *,
const char * const *);
/* Pass Phrase Handling */
-SECStatus ssl_Init_Tokens(server_rec *s);
+SECStatus nss_Init_Tokens(server_rec *s);
/* Logging */
-void ssl_log_ssl_error(const char *file, int line, int level, server_rec *s);
-void ssl_die(void);
+void nss_log_nss_error(const char *file, int line, int level, server_rec *s);
+void nss_die(void);
/* NSS callback */
-SECStatus ssl_AuthCertificate(void *arg, PRFileDesc *socket, PRBool checksig, PRBool isServer);
+SECStatus nss_AuthCertificate(void *arg, PRFileDesc *socket, PRBool checksig, PRBool isServer);
#endif /* __MOD_SSL_H__ */
diff --git a/modules.mk b/modules.mk
index 4053381..cdad05f 100644
--- a/modules.mk
+++ b/modules.mk
@@ -1,5 +1,5 @@
-mod_nss.la: mod_nss.lo nss_engine_config.lo nss_engine_init.lo nss_engine_io.lo nss_engine_kernel.lo nss_engine_log.lo nss_engine_pphrase.lo nss_engine_vars.lo nss_expr.lo nss_expr_eval.lo ssl_expr_parse.lo ssl_expr_scan.lo nss_util.lo
- $(MOD_LINK) mod_nss.lo nss_engine_config.lo nss_engine_init.lo nss_engine_io.lo nss_engine_kernel.lo nss_engine_log.lo nss_engine_pphrase.lo nss_engine_vars.lo nss_expr.lo nss_expr_eval.lo ssl_expr_parse.lo ssl_expr_scan.lo nss_util.lo
+mod_nss.la: mod_nss.lo nss_engine_config.lo nss_engine_init.lo nss_engine_io.lo nss_engine_kernel.lo nss_engine_log.lo nss_engine_pphrase.lo nss_engine_vars.lo nss_expr.lo nss_expr_eval.lo nss_expr_parse.lo nss_expr_scan.lo nss_util.lo
+ $(MOD_LINK) mod_nss.lo nss_engine_config.lo nss_engine_init.lo nss_engine_io.lo nss_engine_kernel.lo nss_engine_log.lo nss_engine_pphrase.lo nss_engine_vars.lo nss_expr.lo nss_expr_eval.lo nss_expr_parse.lo nss_expr_scan.lo nss_util.lo
DISTCLEAN_TARGETS = modules.mk
static = mod_nss.la
shared =
diff --git a/nss_engine_config.c b/nss_engine_config.c
index 962ce2e..67c6780 100644
--- a/nss_engine_config.c
+++ b/nss_engine_config.c
@@ -23,7 +23,7 @@
#define SSL_MOD_CONFIG_KEY "nss_module"
-SSLModConfigRec *ssl_config_global_create(server_rec *s)
+SSLModConfigRec *nss_config_global_create(server_rec *s)
{
apr_pool_t *pool = s->process->pool;
SSLModConfigRec *mc;
@@ -66,9 +66,6 @@ SSLModConfigRec *ssl_config_global_create(server_rec *s)
static void modnss_ctx_init(modnss_ctx_t *mctx)
{
-
- ap_log_error(APLOG_MARK, APLOG_INFO, 0, NULL, "modnss_ctx_init");
-
mctx->sc = NULL; /* set during module init */
mctx->ssl2 = PR_FALSE;
@@ -98,7 +95,7 @@ static void modnss_ctx_init_server(SSLSrvConfigRec *sc,
modnss_ctx_init(mctx);
}
-static SSLSrvConfigRec *ssl_config_server_new(apr_pool_t *p)
+static SSLSrvConfigRec *nss_config_server_new(apr_pool_t *p)
{
SSLSrvConfigRec *sc = apr_palloc(p, sizeof(*sc));
@@ -111,7 +108,7 @@ static SSLSrvConfigRec *ssl_config_server_new(apr_pool_t *p)
sc->server = NULL;
#ifdef PROXY
- modssl_ctx_init_proxy(sc, p);
+ modnss_ctx_init_proxy(sc, p);
#endif
modnss_ctx_init_server(sc, p);
@@ -122,11 +119,10 @@ static SSLSrvConfigRec *ssl_config_server_new(apr_pool_t *p)
/*
* Create per-server SSL configuration
*/
-void *ssl_config_server_create(apr_pool_t *p, server_rec *s) {
- SSLSrvConfigRec *sc = ssl_config_server_new(p);
- ap_log_error(APLOG_MARK, APLOG_INFO, 0, NULL, "ssl_config_server_create");
+void *nss_config_server_create(apr_pool_t *p, server_rec *s) {
+ SSLSrvConfigRec *sc = nss_config_server_new(p);
- sc->mc = ssl_config_global_create(s);
+ sc->mc = nss_config_global_create(s);
return sc;
}
@@ -159,19 +155,17 @@ static void modnss_ctx_cfg_merge_server(modnss_ctx_t *base,
/*
* Merge per-server SSL configurations
*/
-void *ssl_config_server_merge(apr_pool_t *p, void *basev, void *addv) {
+void *nss_config_server_merge(apr_pool_t *p, void *basev, void *addv) {
SSLSrvConfigRec *base = (SSLSrvConfigRec *)basev;
SSLSrvConfigRec *add = (SSLSrvConfigRec *)addv;
- SSLSrvConfigRec *mrg = ssl_config_server_new(p);
-
- ap_log_error(APLOG_MARK, APLOG_INFO, 0, NULL, "ssl_config_server_merge");
+ SSLSrvConfigRec *mrg = nss_config_server_new(p);
cfgMerge(mc, NULL);
cfgMergeBool(enabled);
cfgMergeBool(proxy_enabled);
#ifdef PROXY
- modssl_ctx_cfg_merge_proxy(base->proxy, add->proxy, mrg->proxy);
+ modnss_ctx_cfg_merge_proxy(base->proxy, add->proxy, mrg->proxy);
#endif
modnss_ctx_cfg_merge_server(base->server, add->server, mrg->server);
@@ -182,12 +176,11 @@ void *ssl_config_server_merge(apr_pool_t *p, void *basev, void *addv) {
/*
* Create per-directory SSL configuration
*/
-void *ssl_config_perdir_create(apr_pool_t *p, char *dir) {
+void *nss_config_perdir_create(apr_pool_t *p, char *dir) {
SSLDirConfigRec *dc = apr_palloc(p, sizeof(*dc));
- ap_log_error(APLOG_MARK, APLOG_INFO, 0, NULL, "ssl_config_perdir_create");
dc->bSSLRequired = FALSE;
- dc->aRequirement = apr_array_make(p, 4, sizeof(ssl_require_t));
+ dc->aRequirement = apr_array_make(p, 4, sizeof(nss_require_t));
dc->nOptions = SSL_OPT_NONE|SSL_OPT_RELSET;
dc->nOptionsAdd = SSL_OPT_NONE;
dc->nOptionsDel = SSL_OPT_NONE;
@@ -200,7 +193,7 @@ void *ssl_config_perdir_create(apr_pool_t *p, char *dir) {
return dc;
}
-const char *ssl_cmd_SSLRequireSSL(cmd_parms *cmd, void *dcfg)
+const char *nss_cmd_NSSRequireSSL(cmd_parms *cmd, void *dcfg)
{
SSLDirConfigRec *dc = (SSLDirConfigRec *)dcfg;
@@ -209,17 +202,17 @@ const char *ssl_cmd_SSLRequireSSL(cmd_parms *cmd, void *dcfg)
return NULL;
}
-const char *ssl_cmd_SSLRequire(cmd_parms *cmd,
+const char *nss_cmd_NSSRequire(cmd_parms *cmd,
void *dcfg,
const char *arg)
{
SSLDirConfigRec *dc = (SSLDirConfigRec *)dcfg;
- ssl_expr *expr;
- ssl_require_t *require;
+ nss_expr *expr;
+ nss_require_t *require;
- if (!(expr = ssl_expr_comp(cmd->pool, (char *)arg))) {
- return apr_pstrcat(cmd->pool, "SSLRequire: ",
- ssl_expr_get_error(), NULL);
+ if (!(expr = nss_expr_comp(cmd->pool, (char *)arg))) {
+ return apr_pstrcat(cmd->pool, "NSSRequire: ",
+ nss_expr_get_error(), NULL);
}
require = apr_array_push(dc->aRequirement);
@@ -229,7 +222,7 @@ const char *ssl_cmd_SSLRequire(cmd_parms *cmd,
return NULL;
}
-void *ssl_config_perdir_merge(apr_pool_t *p, void *basev, void *addv) {
+void *nss_config_perdir_merge(apr_pool_t *p, void *basev, void *addv) {
SSLDirConfigRec *base = (SSLDirConfigRec *)basev;
SSLDirConfigRec *add = (SSLDirConfigRec *)addv;
SSLDirConfigRec *mrg = (SSLDirConfigRec *)apr_palloc(p, sizeof(*mrg));
@@ -259,7 +252,7 @@ void *ssl_config_perdir_merge(apr_pool_t *p, void *basev, void *addv) {
return mrg;
}
-const char *ssl_cmd_SSLEngine(cmd_parms *cmd, void *dcfg, int flag)
+const char *nss_cmd_NSSEngine(cmd_parms *cmd, void *dcfg, int flag)
{
SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
@@ -268,7 +261,7 @@ const char *ssl_cmd_SSLEngine(cmd_parms *cmd, void *dcfg, int flag)
return NULL;
}
-const char *ssl_cmd_SSLCertificateDatabase(cmd_parms *cmd,
+const char *nss_cmd_NSSCertificateDatabase(cmd_parms *cmd,
void *dcfg,
const char *arg)
{
@@ -279,7 +272,7 @@ const char *ssl_cmd_SSLCertificateDatabase(cmd_parms *cmd,
return NULL;
}
-const char *ssl_cmd_SSLCipherSuite(cmd_parms *cmd,
+const char *nss_cmd_NSSCipherSuite(cmd_parms *cmd,
void *dcfg,
const char *arg)
{
@@ -296,9 +289,9 @@ const char *ssl_cmd_SSLCipherSuite(cmd_parms *cmd,
return NULL;
}
-static const char *ssl_cmd_verify_parse(cmd_parms *parms,
+static const char *nss_cmd_verify_parse(cmd_parms *parms,
const char *arg,
- ssl_verify_t *id)
+ nss_verify_t *id)
{
if (strcEQ(arg, "none") || strcEQ(arg, "off")) {
*id = SSL_CVERIFY_NONE;
@@ -322,16 +315,16 @@ static const char *ssl_cmd_verify_parse(cmd_parms *parms,
return NULL;
}
-const char *ssl_cmd_SSLVerifyClient(cmd_parms *cmd,
+const char *nss_cmd_NSSVerifyClient(cmd_parms *cmd,
void *dcfg,
const char *arg)
{
SSLDirConfigRec *dc = (SSLDirConfigRec *)dcfg;
SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
- ssl_verify_t mode;
+ nss_verify_t mode;
const char *err;
- if ((err = ssl_cmd_verify_parse(cmd, arg, &mode))) {
+ if ((err = nss_cmd_verify_parse(cmd, arg, &mode))) {
return err;
}
@@ -345,7 +338,7 @@ const char *ssl_cmd_SSLVerifyClient(cmd_parms *cmd,
return NULL;
}
-const char *ssl_cmd_SSLProtocol(cmd_parms *cmd,
+const char *nss_cmd_NSSProtocol(cmd_parms *cmd,
void *dcfg,
const char *arg)
{
@@ -356,7 +349,7 @@ const char *ssl_cmd_SSLProtocol(cmd_parms *cmd,
return NULL;
}
-const char *ssl_cmd_SSLNickname(cmd_parms *cmd,
+const char *nss_cmd_NSSNickname(cmd_parms *cmd,
void *dcfg,
const char *arg)
{
@@ -367,7 +360,7 @@ const char *ssl_cmd_SSLNickname(cmd_parms *cmd,
return NULL;
}
-const char *ssl_cmd_SSLEnforceValidCerts(cmd_parms *cmd,
+const char *nss_cmd_NSSEnforceValidCerts(cmd_parms *cmd,
void *dcfg,
int flag)
{
@@ -378,7 +371,7 @@ const char *ssl_cmd_SSLEnforceValidCerts(cmd_parms *cmd,
return NULL;
}
-const char *ssl_cmd_SSLSessionCacheTimeout(cmd_parms *cmd,
+const char *nss_cmd_NSSSessionCacheTimeout(cmd_parms *cmd,
void *dcfg,
const char *arg)
{
@@ -387,13 +380,13 @@ const char *ssl_cmd_SSLSessionCacheTimeout(cmd_parms *cmd,
mc->session_cache_timeout = atoi(arg);
if (mc->session_cache_timeout < 0) {
- return "SSLSessionCacheTimeout: Invalid argument";
+ return "NSSSessionCacheTimeout: Invalid argument";
}
return NULL;
}
-const char *ssl_cmd_SSL3SessionCacheTimeout(cmd_parms *cmd,
+const char *nss_cmd_NSSSession3CacheTimeout(cmd_parms *cmd,
void *dcfg,
const char *arg)
{
@@ -401,14 +394,14 @@ const char *ssl_cmd_SSL3SessionCacheTimeout(cmd_parms *cmd,
mc->ssl3_session_cache_timeout = atoi(arg);
- if (mc->session_cache_timeout < 0) {
- return "SSLSessionCacheTimeout: Invalid argument";
+ if (mc->ssl3_session_cache_timeout < 0) {
+ return "NSSSession3CacheTimeout: Invalid argument";
}
return NULL;
}
-const char *ssl_cmd_SSLSessionCacheSize(cmd_parms *cmd,
+const char *nss_cmd_NSSSessionCacheSize(cmd_parms *cmd,
void *dcfg,
const char *arg)
{
@@ -417,13 +410,13 @@ const char *ssl_cmd_SSLSessionCacheSize(cmd_parms *cmd,
mc->session_cache_size = atoi(arg);
if (mc->session_cache_size < 0) {
- return "SSLSessionCacheTimeout: Invalid argument";
+ return "NSSSessionCacheTimeout: Invalid argument";
}
return NULL;
}
-const char *ssl_cmd_SSLPassPhraseDialog(cmd_parms *cmd,
+const char *nss_cmd_NSSPassPhraseDialog(cmd_parms *cmd,
void *dcfg,
const char *arg)
{
@@ -442,13 +435,13 @@ const char *ssl_cmd_SSLPassPhraseDialog(cmd_parms *cmd,
mc->pphrase_dialog_path = ap_server_root_relative(cmd->pool, arg+5);
if (!mc->pphrase_dialog_path)
return apr_pstrcat(cmd->pool,
- "Invalid SSLPassPhraseDialog file: path ",
+ "Invalid NSSPassPhraseDialog file: path ",
arg+5, NULL);
rc = apr_stat(&finfo, mc->pphrase_dialog_path,
APR_FINFO_TYPE|APR_FINFO_SIZE, cmd->pool);
if ((rc != APR_SUCCESS) || (finfo.filetype != APR_REG)) {
return apr_pstrcat(cmd->pool,
- "SSLPassPhraseDialog: file '",
+ "NSSPassPhraseDialog: file '",
mc->pphrase_dialog_path,
"' does not exist", NULL);
}
@@ -457,7 +450,7 @@ const char *ssl_cmd_SSLPassPhraseDialog(cmd_parms *cmd,
return NULL;
}
-const char *ssl_cmd_SSLPassPhraseHelper(cmd_parms *cmd,
+const char *nss_cmd_NSSPassPhraseHelper(cmd_parms *cmd,
void *dcfg,
const char *arg)
{
@@ -467,14 +460,14 @@ const char *ssl_cmd_SSLPassPhraseHelper(cmd_parms *cmd,
mc->pphrase_dialog_helper = arg;
} else {
return apr_pstrcat(cmd->pool,
- "SSLPassPhraseHelper: ", mc->pphrase_dialog_path,
+ "NSSPassPhraseHelper: ", mc->pphrase_dialog_path,
"does not exist or is not executable.", NULL);
}
return NULL;
}
-const char *ssl_cmd_SSLUserName(cmd_parms *cmd, void *dcfg,
+const char *nss_cmd_NSSUserName(cmd_parms *cmd, void *dcfg,
const char *arg)
{
SSLDirConfigRec *dc = (SSLDirConfigRec *)dcfg;
@@ -482,12 +475,12 @@ const char *ssl_cmd_SSLUserName(cmd_parms *cmd, void *dcfg,
return NULL;
}
-const char *ssl_cmd_SSLOptions(cmd_parms *cmd,
+const char *nss_cmd_NSSOptions(cmd_parms *cmd,
void *dcfg,
const char *arg)
{
SSLDirConfigRec *dc = (SSLDirConfigRec *)dcfg;
- ssl_opt_t opt;
+ nss_opt_t opt;
int first = TRUE;
char action, *w;
@@ -523,7 +516,7 @@ const char *ssl_cmd_SSLOptions(cmd_parms *cmd,
}
else {
return apr_pstrcat(cmd->pool,
- "SSLOptions: Illegal option '", w, "'",
+ "NSSOptions: Illegal option '", w, "'",
NULL);
}
if (action == '-') {
diff --git a/nss_engine_init.c b/nss_engine_init.c
index b2d2c14..cbcf114 100644
--- a/nss_engine_init.c
+++ b/nss_engine_init.c
@@ -20,7 +20,7 @@ static SECStatus ownBadCertHandler(void *arg, PRFileDesc * socket);
static SECStatus ownHandshakeCallback(PRFileDesc * socket, void *arg);
static SECStatus NSSHandshakeCallback(PRFileDesc *socket, void *arg);
static CERTCertificate* FindServerCertFromNickname(const char* name);
-SECStatus ssl_AuthCertificate(void *arg, PRFileDesc *socket, PRBool checksig, PRBool isServer);
+SECStatus nss_AuthCertificate(void *arg, PRFileDesc *socket, PRBool checksig, PRBool isServer);
/*
* Global variables defined in this file.
@@ -65,11 +65,11 @@ static char *version_components[] = {
NULL
};
-static char *ssl_add_version_component(apr_pool_t *p,
+static char *nss_add_version_component(apr_pool_t *p,
server_rec *s,
char *name)
{
- char *val = ssl_var_lookup(p, s, NULL, NULL, name);
+ char *val = nss_var_lookup(p, s, NULL, NULL, name);
if (val && *val) {
ap_add_version_component(p, val);
@@ -78,14 +78,14 @@ static char *ssl_add_version_component(apr_pool_t *p,
return val;
}
-static void ssl_add_version_components(apr_pool_t *p,
+static void nss_add_version_components(apr_pool_t *p,
server_rec *s)
{
char *vals[sizeof(version_components)/sizeof(char *)];
int i;
for (i=0; version_components[i]; i++) {
- vals[i] = ssl_add_version_component(p, s,
+ vals[i] = nss_add_version_component(p, s,
version_components[i]);
}
@@ -99,7 +99,7 @@ static void ssl_add_version_components(apr_pool_t *p,
/*
* Initialize SSL library
*/
-static void ssl_init_SSLLibrary(server_rec *s)
+static void nss_init_SSLLibrary(server_rec *s)
{
SECStatus rv;
SSLModConfigRec *mc = myModConfig(s);
@@ -115,8 +115,8 @@ static void ssl_init_SSLLibrary(server_rec *s)
if (mc->pphrase_dialog_helper == NULL &&
mc->pphrase_dialog_path == NULL) {
ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
- "Neither SSLPassPhraseHelper nor SSLPassPhraseDialog is not set. One or the other is required.");
- ssl_die();
+ "Neither NSSPassPhraseHelper nor NSSPassPhraseDialog is not set. One or the other is required.");
+ nss_die();
}
child_argv[0] = mc->pphrase_dialog_helper;
@@ -128,7 +128,7 @@ static void ssl_init_SSLLibrary(server_rec *s)
if (rv != APR_SUCCESS) {
ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
"apr_procattr_create() failed APR err: %d.", rv);
- ssl_die();
+ nss_die();
}
#if 0
@@ -151,7 +151,7 @@ static void ssl_init_SSLLibrary(server_rec *s)
if (rv != APR_SUCCESS) {
ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
"apr_proc_create failed to launch %s APR err: %d.", child_argv[0], rv);
- ssl_die();
+ nss_die();
}
/* Set a 30-second read/write timeout */
apr_file_pipe_timeout_set(mc->proc.in, apr_time_from_sec(30));
@@ -168,20 +168,20 @@ static void ssl_init_SSLLibrary(server_rec *s)
rv = NSS_Initialize(mc->pCertificateDatabase, NULL, NULL, "secmod.db", NSS_INIT_READONLY);
/* Assuming everything is ok so far, check the cert database password(s). */
- if (rv != SECSuccess || ssl_Init_Tokens(s) != SECSuccess) {
+ if (rv != SECSuccess || nss_Init_Tokens(s) != SECSuccess) {
NSS_Shutdown();
ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
"NSS initialization failed. Certificate database: %s.", mc->pCertificateDatabase != NULL ? mc->pCertificateDatabase : "not set in configuration");
- ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s);
- ssl_die();
+ nss_log_nss_error(APLOG_MARK, APLOG_ERR, s);
+ nss_die();
}
if (NSS_SetDomesticPolicy() != SECSuccess) {
NSS_Shutdown();
ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
"NSS set domestic policy failed on certificate database %s.", mc->pCertificateDatabase);
- ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s);
- ssl_die();
+ nss_log_nss_error(APLOG_MARK, APLOG_ERR, s);
+ nss_die();
}
ap_log_error(APLOG_MARK, APLOG_INFO, 0, s,
@@ -190,7 +190,7 @@ static void ssl_init_SSLLibrary(server_rec *s)
}
-int ssl_init_Module(apr_pool_t *p, apr_pool_t *plog,
+int nss_init_Module(apr_pool_t *p, apr_pool_t *plog,
apr_pool_t *ptemp,
server_rec *base_server)
{
@@ -204,13 +204,13 @@ int ssl_init_Module(apr_pool_t *p, apr_pool_t *plog,
* Let us cleanup on restarts and exists
*/
apr_pool_cleanup_register(p, base_server,
- ssl_init_ModuleKill,
+ nss_init_ModuleKill,
apr_pool_cleanup_null);
/*
* Any init round fixes the global config
*/
- ssl_config_global_create(base_server); /* just to avoid problems */
+ nss_config_global_create(base_server); /* just to avoid problems */
/*
* Fix up any global settings that aren't in the configuration
@@ -251,7 +251,7 @@ int ssl_init_Module(apr_pool_t *p, apr_pool_t *plog,
/*
* Create the server host:port string because we need it a lot
*/
- sc->vhost_id = ssl_util_vhostid(p, s);
+ sc->vhost_id = nss_util_vhostid(p, s);
sc->vhost_id_len = strlen(sc->vhost_id);
/* Fix up stuff that may not have been set */
@@ -264,12 +264,12 @@ int ssl_init_Module(apr_pool_t *p, apr_pool_t *plog,
}
}
- ssl_init_SSLLibrary(base_server);
+ nss_init_SSLLibrary(base_server);
ap_log_error(APLOG_MARK, APLOG_INFO, 0, s,
"done Init: Initializing NSS library");
/* Load our layer */
- ssl_io_layer_init();
+ nss_io_layer_init();
ap_log_error(APLOG_MARK, APLOG_INFO, 0, s,
"done layer");
@@ -291,52 +291,52 @@ int ssl_init_Module(apr_pool_t *p, apr_pool_t *plog,
/*
* Read the server certificate and key
*/
- ssl_init_ConfigureServer(s, p, ptemp, sc);
+ nss_init_ConfigureServer(s, p, ptemp, sc);
}
/*
* Announce mod_ssl and SSL library in HTTP Server field
* as ``mod_ssl/X.X.X OpenSSL/X.X.X''
*/
- ssl_add_version_components(p, base_server);
+ nss_add_version_components(p, base_server);
return OK;
}
-static void ssl_init_ctx_socket(server_rec *s,
+static void nss_init_ctx_socket(server_rec *s,
apr_pool_t *p,
apr_pool_t *ptemp,
modnss_ctx_t *mctx)
{
/* Setup a socket in the context that will be used to model all
* client connections. */
- mctx->model = ssl_io_new_fd();
+ mctx->model = nss_io_new_fd();
mctx->model = SSL_ImportFD(NULL, mctx->model);
if (SSL_OptionSet(mctx->model, SSL_SECURITY, PR_TRUE) != SECSuccess) {
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
"Unable to enable security.");
- ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s);
- ssl_die();
+ nss_log_nss_error(APLOG_MARK, APLOG_ERR, s);
+ nss_die();
}
if (SSL_OptionSet(mctx->model, SSL_HANDSHAKE_AS_SERVER, PR_TRUE)
!= SECSuccess) {
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
"Unable to set SSL server handshake mode.");
- ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s);
- ssl_die();
+ nss_log_nss_error(APLOG_MARK, APLOG_ERR, s);
+ nss_die();
}
if (SSL_OptionSet(mctx->model, SSL_HANDSHAKE_AS_CLIENT, PR_FALSE)
!= SECSuccess) {
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
"Unable to disable handshake as client");
- ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s);
- ssl_die();
+ nss_log_nss_error(APLOG_MARK, APLOG_ERR, s);
+ nss_die();
}
}
-static void ssl_init_ctx_protocol(server_rec *s,
+static void nss_init_ctx_protocol(server_rec *s,
apr_pool_t *p,
apr_pool_t *ptemp,
modnss_ctx_t *mctx)
@@ -349,8 +349,8 @@ static void ssl_init_ctx_protocol(server_rec *s,
if (mctx->auth.protocols == NULL) {
ap_log_error(APLOG_MARK, APLOG_WARNING, 0, s,
- "SSLProtocols not set; using all protocols: SSLv2, SSLv3 and TLSv1");
- ssl2 = ssl3 = tls = 1;
+ "SSLProtocols not set; using: SSLv3 and TLSv1");
+ ssl3 = tls = 1;
} else {
lprotocols = strdup(mctx->auth.protocols);
ap_str_tolower(lprotocols);
@@ -402,8 +402,8 @@ static void ssl_init_ctx_protocol(server_rec *s,
if (stat != SECSuccess) {
ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
"SSL protocol initialization failed.");
- ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s);
- ssl_die();
+ nss_log_nss_error(APLOG_MARK, APLOG_ERR, s);
+ nss_die();
}
mctx->ssl2 = ssl2;
@@ -411,45 +411,45 @@ static void ssl_init_ctx_protocol(server_rec *s,
mctx->tls = tls;
}
-static void ssl_init_ctx_session_cache(server_rec *s,
+static void nss_init_ctx_session_cache(server_rec *s,
apr_pool_t *p,
apr_pool_t *ptemp,
modnss_ctx_t *mctx)
{
}
-static void ssl_init_ctx_callbacks(server_rec *s,
+static void nss_init_ctx_callbacks(server_rec *s,
apr_pool_t *p,
apr_pool_t *ptemp,
modnss_ctx_t *mctx)
{
- if (SSL_AuthCertificateHook(mctx->model, ssl_AuthCertificate, (void *)CERT_GetDefaultCertDB()) != SECSuccess) {
+ if (SSL_AuthCertificateHook(mctx->model, nss_AuthCertificate, (void *)CERT_GetDefaultCertDB()) != SECSuccess) {
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
"SSL_AuthCertificateHook failed.");
- ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s);
- ssl_die();
+ nss_log_nss_error(APLOG_MARK, APLOG_ERR, s);
+ nss_die();
}
if (SSL_BadCertHook(mctx->model, (SSLBadCertHandler) ownBadCertHandler, NULL) != SECSuccess) {
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
"SSL_BadCertHook failed");
- ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s);
- ssl_die();
+ nss_log_nss_error(APLOG_MARK, APLOG_ERR, s);
+ nss_die();
}
if (SSL_HandshakeCallback(mctx->model, (SSLHandshakeCallback) ownHandshakeCallback, NULL) != SECSuccess) {
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
"SSL_HandshakeCallback failed");
- ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s);
- ssl_die();
+ nss_log_nss_error(APLOG_MARK, APLOG_ERR, s);
+ nss_die();
}
if (SSL_GetClientAuthDataHook(mctx->model, NSS_GetClientAuthData, (void *)mctx->nickname) != SECSuccess) {
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
"SSL_GetClientAuthDataHook failed");
- ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s);
- ssl_die();
+ nss_log_nss_error(APLOG_MARK, APLOG_ERR, s);
+ nss_die();
}
}
-static void ssl_init_ctx_verify(server_rec *s,
+static void nss_init_ctx_verify(server_rec *s,
apr_pool_t *p,
apr_pool_t *ptemp,
modnss_ctx_t *mctx)
@@ -481,7 +481,7 @@ static int countciphers(PRBool cipher_state[ciphernum], int version) {
return ciphercount;
}
-static void ssl_init_ctx_cipher_suite(server_rec *s,
+static void nss_init_ctx_cipher_suite(server_rec *s,
apr_pool_t *p,
apr_pool_t *ptemp,
modnss_ctx_t *mctx)
@@ -496,8 +496,8 @@ static void ssl_init_ctx_cipher_suite(server_rec *s,
*/
if (!suite) {
ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
- "Required value SSLCipherSuite not set.");
- ssl_die();
+ "Required value NSSCipherSuite not set.");
+ nss_die();
}
ciphers = strdup(suite);
@@ -523,8 +523,8 @@ static void ssl_init_ctx_cipher_suite(server_rec *s,
cipher_state[i] = PR_FALSE;
}
- if (ssl_parse_ciphers(s, ciphers, cipher_state) == -1) {
- ssl_die();
+ if (nss_parse_ciphers(s, ciphers, cipher_state) == -1) {
+ nss_die();
}
free(ciphers);
@@ -533,19 +533,19 @@ static void ssl_init_ctx_cipher_suite(server_rec *s,
if (mctx->ssl2 && countciphers(cipher_state, SSL2) == 0) {
ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
"SSL2 is enabled but no SSL2 ciphers are enabled.");
- ssl_die();
+ nss_die();
}
if (mctx->ssl3 && countciphers(cipher_state, SSL3) == 0) {
ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
"SSL3 is enabled but no SSL3 ciphers are enabled.");
- ssl_die();
+ nss_die();
}
if (mctx->tls && countciphers(cipher_state, TLS) == 0) {
ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
"TLS is enabled but no TLS ciphers are enabled.");
- ssl_die();
+ nss_die();
}
/* Finally actually enable the selected ciphers */
@@ -554,26 +554,26 @@ static void ssl_init_ctx_cipher_suite(server_rec *s,
}
}
-static void ssl_init_ctx(server_rec *s,
+static void nss_init_ctx(server_rec *s,
apr_pool_t *p,
apr_pool_t *ptemp,
modnss_ctx_t *mctx)
{
- ssl_init_ctx_socket(s, p, ptemp, mctx);
+ nss_init_ctx_socket(s, p, ptemp, mctx);
- ssl_init_ctx_protocol(s, p, ptemp, mctx);
+ nss_init_ctx_protocol(s, p, ptemp, mctx);
- ssl_init_ctx_session_cache(s, p, ptemp, mctx);
+ nss_init_ctx_session_cache(s, p, ptemp, mctx);
- ssl_init_ctx_callbacks(s, p, ptemp, mctx);
+ nss_init_ctx_callbacks(s, p, ptemp, mctx);
- ssl_init_ctx_verify(s, p, ptemp, mctx);
+ nss_init_ctx_verify(s, p, ptemp, mctx);
- ssl_init_ctx_cipher_suite(s, p, ptemp, mctx);
+ nss_init_ctx_cipher_suite(s, p, ptemp, mctx);
}
-static void ssl_init_server_certs(server_rec *s,
+static void nss_init_server_certs(server_rec *s,
apr_pool_t *p,
apr_pool_t *ptemp,
modnss_ctx_t *mctx)
@@ -590,8 +590,11 @@ static void ssl_init_server_certs(server_rec *s,
if (mctx->nickname == NULL) {
ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
"No certificate nickname provided.");
- ssl_die();
+ nss_die();
}
+ ap_log_error(APLOG_MARK, APLOG_INFO, 0, s,
+ "Using nickname %s.", mctx->nickname);
+
mctx->servercert = FindServerCertFromNickname(mctx->nickname);
/* Verify the certificate chain. */
@@ -601,11 +604,11 @@ static void ssl_init_server_certs(server_rec *s,
if (CERT_VerifyCertificateNow(CERT_GetDefaultCertDB(), mctx->servercert, PR_TRUE, usage, NULL, NULL) != SECSuccess) {
ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
"Certificate not verified: '%s'", mctx->nickname);
- ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s);
+ nss_log_nss_error(APLOG_MARK, APLOG_ERR, s);
if (mctx->enforce) {
ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
"Unable to verify certificate '%s'. Add \"SSLEnforceValidCerts off\" to nss.conf so the server can start until the problem can be resolved.", mctx->nickname);
- ssl_die();
+ nss_die();
}
}
}
@@ -614,7 +617,7 @@ static void ssl_init_server_certs(server_rec *s,
{
ap_log_error(APLOG_MARK, APLOG_INFO, 0, s,
"Certificate not found: '%s'", mctx->nickname);
- ssl_die();
+ nss_die();
}
if (strchr(mctx->nickname, ':'))
@@ -631,9 +634,9 @@ static void ssl_init_server_certs(server_rec *s,
*/
ap_log_error(APLOG_MARK, APLOG_INFO, 0, s,
"Slot not found");
- ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s);
+ nss_log_nss_error(APLOG_MARK, APLOG_ERR, s);
free(token);
- ssl_die();
+ nss_die();
}
}
free(token);
@@ -647,8 +650,8 @@ static void ssl_init_server_certs(server_rec *s,
if (mctx->serverkey == NULL) {
ap_log_error(APLOG_MARK, APLOG_INFO, 0, s,
"Key not found for: '%s'", mctx->nickname);
- ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s);
- ssl_die();
+ nss_log_nss_error(APLOG_MARK, APLOG_ERR, s);
+ nss_die();
}
mctx->serverKEAType = NSS_FindCertKEAType(mctx->servercert);
@@ -684,15 +687,15 @@ static void ssl_init_server_certs(server_rec *s,
if (secstatus != SECSuccess) {
ap_log_error(APLOG_MARK, APLOG_INFO, 0, s,
"Error setting PKCS11 pin argument: '%s'", mctx->nickname);
- ssl_die();
+ nss_die();
}
secstatus = SSL_ConfigSecureServer(mctx->model, mctx->servercert, mctx->serverkey, mctx->serverKEAType);
if (secstatus != SECSuccess) {
ap_log_error(APLOG_MARK, APLOG_INFO, 0, s,
"SSL error configuring server: '%s'", mctx->nickname);
- ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s);
- ssl_die();
+ nss_log_nss_error(APLOG_MARK, APLOG_ERR, s);
+ nss_die();
}
secstatus = (SECStatus)SSL_HandshakeCallback(mctx->model, (SSLHandshakeCallback)NSSHandshakeCallback, NULL);
@@ -700,25 +703,25 @@ static void ssl_init_server_certs(server_rec *s,
{
ap_log_error(APLOG_MARK, APLOG_INFO, 0, s,
"SSL error configuring handshake callback: '%s'", mctx->nickname);
- ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s);
- ssl_die();
+ nss_log_nss_error(APLOG_MARK, APLOG_ERR, s);
+ nss_die();
}
}
-static void ssl_init_server_ctx(server_rec *s,
+static void nss_init_server_ctx(server_rec *s,
apr_pool_t *p,
apr_pool_t *ptemp,
SSLSrvConfigRec *sc)
{
- ssl_init_ctx(s, p, ptemp, sc->server);
+ nss_init_ctx(s, p, ptemp, sc->server);
- ssl_init_server_certs(s, p, ptemp, sc->server);
+ nss_init_server_certs(s, p, ptemp, sc->server);
}
/*
* Configure a particular server
*/
-void ssl_init_ConfigureServer(server_rec *s,
+void nss_init_ConfigureServer(server_rec *s,
apr_pool_t *p,
apr_pool_t *ptemp,
SSLSrvConfigRec *sc)
@@ -726,23 +729,23 @@ void ssl_init_ConfigureServer(server_rec *s,
if (sc->enabled) {
ap_log_error(APLOG_MARK, APLOG_INFO, 0, s,
"Configuring server for SSL protocol");
- ssl_init_server_ctx(s, p, ptemp, sc);
+ nss_init_server_ctx(s, p, ptemp, sc);
}
#ifdef PROXY
if (sc->proxy_enabled) {
- ssl_init_proxy_ctx(s, p, ptemp, sc);
+ nss_init_proxy_ctx(s, p, ptemp, sc);
}
#endif
}
-void ssl_init_Child(apr_pool_t *p, server_rec *s)
+void nss_init_Child(apr_pool_t *p, server_rec *s)
{
SSLModConfigRec *mc = myModConfig(s);
mc->pid = getpid(); /* only call getpid() once per-process */
}
-apr_status_t ssl_init_ModuleKill(void *data)
+apr_status_t nss_init_ModuleKill(void *data)
{
/*
* There is nothing stored at the server level to kill at the moment.
@@ -931,7 +934,7 @@ SECStatus NSSHandshakeCallback(PRFileDesc *socket, void *arg)
return SECSuccess;
}
-int ssl_parse_ciphers(server_rec *s, char *ciphers, PRBool cipher_list[ciphernum])
+int nss_parse_ciphers(server_rec *s, char *ciphers, PRBool cipher_list[ciphernum])
{
char * cipher;
PRBool found, active;
diff --git a/nss_engine_io.c b/nss_engine_io.c
index 27b5671..b13fc51 100644
--- a/nss_engine_io.c
+++ b/nss_engine_io.c
@@ -26,15 +26,15 @@
* remember what is in this file. So, first, a quick overview.
*
* In this file, you will find:
- * - ssl_io_filter_input (Apache input filter)
- * - ssl_io_filter_output (Apache output filter)
+ * - nss_io_filter_input (Apache input filter)
+ * - nss_io_filter_output (Apache output filter)
*
* - bio_filter_in_* (OpenSSL input filter)
* - nspr_filter_out_* (OpenSSL output filter)
*
* The input chain is roughly:
*
- * ssl_io_filter_input->ssl_io_input_read->SSL_read->...
+ * nss_io_filter_input->nss_io_input_read->SSL_read->...
* ...->bio_filter_in_read->ap_get_brigade/next-httpd-filter
*
* In mortal terminology, we do the following:
@@ -45,21 +45,21 @@
* - bio_filter_in_read will then try to fetch data from the next httpd filter
* - bio_filter_in_read will flatten that data and return it to SSL_read
* - SSL_read will then decrypt the data
- * - ssl_io_input_read will then receive decrypted data as a char* and
+ * - nss_io_input_read will then receive decrypted data as a char* and
* ensure that there were no read errors
* - The char* is placed in a brigade and returned
*
* Since connection-level input filters in httpd need to be able to
* handle AP_MODE_GETLINE calls (namely identifying LF-terminated strings),
- * ssl_io_input_getline which will handle this special case.
+ * nss_io_input_getline which will handle this special case.
*
* Due to AP_MODE_GETLINE and AP_MODE_SPECULATIVE, we may sometimes have
* 'leftover' decoded data which must be setaside for the next read. That
* is currently handled by the char_buffer_{read|write} functions. So,
- * ssl_io_input_read may be able to fulfill reads without invoking
+ * nss_io_input_read may be able to fulfill reads without invoking
* SSL_read().
*
- * Note that the filter context of ssl_io_filter_input and bio_filter_in_*
+ * Note that the filter context of nss_io_filter_input and bio_filter_in_*
* are shared as bio_filter_in_ctx_t.
*
* Note that the filter is by choice limited to reading at most
@@ -79,7 +79,7 @@ typedef struct {
nspr_filter_in_ctx_t *inctx;
nspr_filter_out_ctx_t *outctx;
int nobuffer; /* non-zero to prevent buffering */
-} ssl_filter_ctx_t;
+} nss_filter_ctx_t;
typedef struct {
int length;
@@ -87,7 +87,7 @@ typedef struct {
} char_buffer_t;
struct nspr_filter_out_ctx_t {
- ssl_filter_ctx_t *filter_ctx;
+ nss_filter_ctx_t *filter_ctx;
apr_bucket_brigade *bb;
apr_size_t length;
char buffer[AP_IOBUFSIZE];
@@ -104,7 +104,7 @@ struct nspr_filter_in_ctx_t {
char_buffer_t cbuf;
apr_pool_t *pool;
char buffer[AP_IOBUFSIZE];
- ssl_filter_ctx_t *filter_ctx;
+ nss_filter_ctx_t *filter_ctx;
};
/* Global variables for the NSPR I/O layer */
@@ -235,7 +235,7 @@ static PRInt32 PR_CALLBACK
nspr_filter_in_read(PRFileDesc *fd, void *in, PRInt32 inlen)
{
apr_size_t inl = inlen;
- ssl_filter_ctx_t *filter_ctx = (ssl_filter_ctx_t *)(fd->secret);
+ nss_filter_ctx_t *filter_ctx = (nss_filter_ctx_t *)(fd->secret);
nspr_filter_in_ctx_t *inctx = filter_ctx->inctx;
apr_read_type_e block = inctx->block;
@@ -296,7 +296,7 @@ nspr_filter_in_read(PRFileDesc *fd, void *in, PRInt32 inlen)
return -1;
}
-static apr_status_t ssl_io_input_read(nspr_filter_in_ctx_t *inctx,
+static apr_status_t nss_io_input_read(nspr_filter_in_ctx_t *inctx,
char *buf,
apr_size_t *len)
{
@@ -386,9 +386,9 @@ static apr_status_t ssl_io_input_read(nspr_filter_in_ctx_t *inctx,
}
}
else /* (rc < 0) */ {
- int ssl_err = PR_GetError();
+ int nss_err = PR_GetError();
- if (ssl_err == PR_WOULD_BLOCK_ERROR) {
+ if (nss_err == PR_WOULD_BLOCK_ERROR) {
/*
* If NSPR wants to read more, and we were nonblocking,
* report as an EAGAIN. Otherwise loop, pulling more
@@ -408,7 +408,7 @@ static apr_status_t ssl_io_input_read(nspr_filter_in_ctx_t *inctx,
}
continue; /* Blocking and nothing yet? Try again. */
}
- else if (ssl_err != 0) {
+ else if (nss_err != 0) {
if (APR_STATUS_IS_EAGAIN(inctx->rc)
|| APR_STATUS_IS_EINTR(inctx->rc)) {
/* Already read something, return APR_SUCCESS instead. */
@@ -425,7 +425,7 @@ static apr_status_t ssl_io_input_read(nspr_filter_in_ctx_t *inctx,
ap_log_error(APLOG_MARK, APLOG_INFO, inctx->rc, c->base_server,
"SSL input filter read failed.");
if (inctx->rc == 0)
- ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, c->base_server);
+ nss_log_nss_error(APLOG_MARK, APLOG_ERR, c->base_server);
}
}
if (inctx->rc == APR_SUCCESS) {
@@ -437,7 +437,7 @@ static apr_status_t ssl_io_input_read(nspr_filter_in_ctx_t *inctx,
return inctx->rc;
}
-static apr_status_t ssl_io_input_getline(nspr_filter_in_ctx_t *inctx,
+static apr_status_t nss_io_input_getline(nspr_filter_in_ctx_t *inctx,
char *buf,
apr_size_t *len)
{
@@ -454,7 +454,7 @@ static apr_status_t ssl_io_input_getline(nspr_filter_in_ctx_t *inctx,
*/
while (tmplen > 0) {
- status = ssl_io_input_read(inctx, buf + offset, &tmplen);
+ status = nss_io_input_read(inctx, buf + offset, &tmplen);
if (status != APR_SUCCESS) {
return status;
@@ -488,11 +488,11 @@ static apr_status_t ssl_io_input_getline(nspr_filter_in_ctx_t *inctx,
return APR_SUCCESS;
}
-static apr_status_t ssl_filter_write(ap_filter_t *f,
+static apr_status_t nss_filter_write(ap_filter_t *f,
const char *data,
apr_size_t len)
{
- ssl_filter_ctx_t *filter_ctx = f->ctx;
+ nss_filter_ctx_t *filter_ctx = f->ctx;
nspr_filter_out_ctx_t *outctx;
int res;
@@ -508,9 +508,9 @@ static apr_status_t ssl_filter_write(ap_filter_t *f,
"Sent returned %d", res);
if (res < 0) {
- int ssl_err = PR_GetError();
+ int nss_err = PR_GetError();
- if (ssl_err == PR_WOULD_BLOCK_ERROR) {
+ if (nss_err == PR_WOULD_BLOCK_ERROR) {
/*
* If NSS wants to write more, and we were nonblocking,
* report as an EAGAIN. Otherwise loop, pushing more
@@ -527,8 +527,8 @@ static apr_status_t ssl_filter_write(ap_filter_t *f,
* Log SSL errors
*/
ap_log_error(APLOG_MARK, APLOG_INFO, outctx->rc, c->base_server,
- "SSL library error %d writing data", ssl_err);
- ssl_log_ssl_error(APLOG_MARK, APLOG_INFO, c->base_server);
+ "SSL library error %d writing data", nss_err);
+ nss_log_nss_error(APLOG_MARK, APLOG_INFO, c->base_server);
}
if (outctx->rc == APR_SUCCESS) {
outctx->rc = APR_EGENERAL;
@@ -563,14 +563,14 @@ static apr_status_t ssl_filter_write(ap_filter_t *f,
alloc)
-static void ssl_io_filter_disable(SSLConnRec *sslconn, ap_filter_t *f)
+static void nss_io_filter_disable(SSLConnRec *sslconn, ap_filter_t *f)
{
nspr_filter_in_ctx_t *inctx = f->ctx;
sslconn->ssl = NULL;
inctx->filter_ctx->pssl = NULL;
}
-static apr_status_t ssl_io_filter_error(ap_filter_t *f,
+static apr_status_t nss_io_filter_error(ap_filter_t *f,
apr_bucket_brigade *bb,
apr_status_t status)
{
@@ -585,8 +585,8 @@ static apr_status_t ssl_io_filter_error(ap_filter_t *f,
"SSL handshake failed: HTTP spoken on HTTPS port; "
"trying to send HTML error page");
- sslconn->non_ssl_request = 1;
- ssl_io_filter_disable(sslconn, f);
+ sslconn->non_nss_request = 1;
+ nss_io_filter_disable(sslconn, f);
/* fake the request line */
bucket = HTTP_ON_HTTPS_PORT_BUCKET(f->c->bucket_alloc);
@@ -603,9 +603,9 @@ static apr_status_t ssl_io_filter_error(ap_filter_t *f,
return APR_SUCCESS;
}
-static const char ssl_io_filter[] = "NSS SSL/TLS Filter";
+static const char nss_io_filter[] = "NSS SSL/TLS Filter";
-static apr_status_t ssl_filter_io_shutdown(ssl_filter_ctx_t *filter_ctx,
+static apr_status_t nss_filter_io_shutdown(nss_filter_ctx_t *filter_ctx,
conn_rec *c,
int abortive)
{
@@ -625,7 +625,7 @@ static apr_status_t ssl_filter_io_shutdown(ssl_filter_ctx_t *filter_ctx,
"Connection to child %ld closed "
"(server %s, client %s)",
c->id,
- ssl_util_vhostid(c->pool, c->base_server),
+ nss_util_vhostid(c->pool, c->base_server),
c->remote_ip ? c->remote_ip : "unknown");
}
@@ -646,9 +646,9 @@ static apr_status_t ssl_filter_io_shutdown(ssl_filter_ctx_t *filter_ctx,
return APR_SUCCESS;
}
-static apr_status_t ssl_io_filter_cleanup(void *data)
+static apr_status_t nss_io_filter_cleanup(void *data)
{
- ssl_filter_ctx_t *filter_ctx = data;
+ nss_filter_ctx_t *filter_ctx = data;
if (filter_ctx->pssl) {
conn_rec *c = filter_ctx->c;
@@ -664,7 +664,7 @@ static apr_status_t ssl_io_filter_cleanup(void *data)
return APR_SUCCESS;
}
-static apr_status_t ssl_io_filter_input(ap_filter_t *f,
+static apr_status_t nss_io_filter_input(ap_filter_t *f,
apr_bucket_brigade *bb,
ap_input_mode_t mode,
apr_read_type_e block,
@@ -713,10 +713,10 @@ static apr_status_t ssl_io_filter_input(ap_filter_t *f,
if (readbytes < len) {
len = (apr_size_t)readbytes;
}
- status = ssl_io_input_read(inctx, inctx->buffer, &len);
+ status = nss_io_input_read(inctx, inctx->buffer, &len);
}
else if (inctx->mode == AP_MODE_GETLINE) {
- status = ssl_io_input_getline(inctx, inctx->buffer, &len);
+ status = nss_io_input_getline(inctx, inctx->buffer, &len);
}
else {
/* We have no idea what you are talking about, so return an error. */
@@ -724,7 +724,7 @@ static apr_status_t ssl_io_filter_input(ap_filter_t *f,
}
if (status != APR_SUCCESS) {
- return ssl_io_filter_error(f, bb, status);
+ return nss_io_filter_error(f, bb, status);
}
/* Create a transient bucket out of the decrypted data. */
@@ -771,7 +771,7 @@ static int nspr_filter_out_flush(nspr_filter_out_ctx_t *outctx)
static PRInt32 PR_CALLBACK
nspr_filter_out_write(PRFileDesc *fd, const void *in, PRInt32 inl)
{
- ssl_filter_ctx_t *filter_ctx = (ssl_filter_ctx_t *)(fd->secret);
+ nss_filter_ctx_t *filter_ctx = (nss_filter_ctx_t *)(fd->secret);
nspr_filter_out_ctx_t *outctx = filter_ctx->outctx;
/* pass along the encrypted data
@@ -791,11 +791,11 @@ nspr_filter_out_write(PRFileDesc *fd, const void *in, PRInt32 inl)
return inl;
}
-static apr_status_t ssl_io_filter_output(ap_filter_t *f,
+static apr_status_t nss_io_filter_output(ap_filter_t *f,
apr_bucket_brigade *bb)
{
apr_status_t status = APR_SUCCESS;
- ssl_filter_ctx_t *filter_ctx = f->ctx;
+ nss_filter_ctx_t *filter_ctx = f->ctx;
nspr_filter_in_ctx_t *inctx;
nspr_filter_out_ctx_t *outctx;
apr_read_type_e rblock = APR_NONBLOCK_READ;
@@ -806,7 +806,7 @@ static apr_status_t ssl_io_filter_output(ap_filter_t *f,
}
if (!filter_ctx->pssl) {
- /* ssl_filter_io_shutdown was called */
+ /* nss_filter_io_shutdown was called */
return ap_pass_brigade(f->next, bb);
}
@@ -858,7 +858,7 @@ static apr_status_t ssl_io_filter_output(ap_filter_t *f,
* - issue the SSL_shutdown
*/
filter_ctx->nobuffer = 1;
- status = ssl_filter_io_shutdown(filter_ctx, f->c, 0);
+ status = nss_filter_io_shutdown(filter_ctx, f->c, 0);
if (status != APR_SUCCESS) {
ap_log_error(APLOG_MARK, APLOG_INFO, status, NULL,
"SSL filter error shutting down I/O");
@@ -891,7 +891,7 @@ static apr_status_t ssl_io_filter_output(ap_filter_t *f,
break;
}
- status = ssl_filter_write(f, data, len);
+ status = nss_filter_write(f, data, len);
apr_bucket_delete(bucket);
if (status != APR_SUCCESS) {
@@ -902,7 +902,7 @@ static apr_status_t ssl_io_filter_output(ap_filter_t *f,
return status;
}
-static void ssl_io_output_create(ssl_filter_ctx_t *filter_ctx, conn_rec *c)
+static void nss_io_output_create(nss_filter_ctx_t *filter_ctx, conn_rec *c)
{
nspr_filter_out_ctx_t *outctx = apr_palloc(c->pool, sizeof(*outctx));
@@ -916,14 +916,14 @@ static void ssl_io_output_create(ssl_filter_ctx_t *filter_ctx, conn_rec *c)
return;
}
-static void ssl_io_input_add_filter(ssl_filter_ctx_t *filter_ctx, conn_rec *c,
+static void nss_io_input_add_filter(nss_filter_ctx_t *filter_ctx, conn_rec *c,
PRFileDesc *ssl)
{
nspr_filter_in_ctx_t *inctx;
inctx = apr_palloc(c->pool, sizeof(*inctx));
- filter_ctx->pInputFilter = ap_add_input_filter(ssl_io_filter, inctx, NULL, c);
+ filter_ctx->pInputFilter = ap_add_input_filter(nss_io_filter, inctx, NULL, c);
inctx->f = filter_ctx->pInputFilter;
inctx->rc = APR_SUCCESS;
@@ -937,49 +937,49 @@ static void ssl_io_input_add_filter(ssl_filter_ctx_t *filter_ctx, conn_rec *c,
filter_ctx->inctx = inctx;
}
-void ssl_io_filter_init(conn_rec *c, PRFileDesc *ssl)
+void nss_io_filter_init(conn_rec *c, PRFileDesc *ssl)
{
- ssl_filter_ctx_t *filter_ctx;
+ nss_filter_ctx_t *filter_ctx;
- filter_ctx = apr_palloc(c->pool, sizeof(ssl_filter_ctx_t));
- filter_ctx->pOutputFilter = ap_add_output_filter(ssl_io_filter,
+ filter_ctx = apr_palloc(c->pool, sizeof(nss_filter_ctx_t));
+ filter_ctx->pOutputFilter = ap_add_output_filter(nss_io_filter,
filter_ctx, NULL, c);
- ssl_io_input_add_filter(filter_ctx, c, ssl);
- ssl_io_output_create(filter_ctx, c);
+ nss_io_input_add_filter(filter_ctx, c, ssl);
+ nss_io_output_create(filter_ctx, c);
filter_ctx->pssl = ssl;
filter_ctx->c = c;
ssl->lower->secret = (PRFilePrivate *)filter_ctx;
apr_pool_cleanup_register(c->pool, (void*)filter_ctx,
- ssl_io_filter_cleanup, apr_pool_cleanup_null);
+ nss_io_filter_cleanup, apr_pool_cleanup_null);
return;
}
-void ssl_io_filter_register(apr_pool_t *p)
+void nss_io_filter_register(apr_pool_t *p)
{
- ap_register_input_filter (ssl_io_filter, ssl_io_filter_input, NULL, AP_FTYPE_CONNECTION + 5);
- ap_register_output_filter (ssl_io_filter, ssl_io_filter_output, NULL, AP_FTYPE_CONNECTION + 5);
+ ap_register_input_filter (nss_io_filter, nss_io_filter_input, NULL, AP_FTYPE_CONNECTION + 5);
+ ap_register_output_filter (nss_io_filter, nss_io_filter_output, NULL, AP_FTYPE_CONNECTION + 5);
return;
}
-PRFileDesc * ssl_io_new_fd() {
+PRFileDesc * nss_io_new_fd() {
PRFileDesc *ssl = PR_CreateIOLayerStub(gIdentity, &gMethods);
return ssl;
}
static PRStatus PR_CALLBACK nspr_filter_getpeername(PRFileDesc *fd, PRNetAddr *addr) {
- ssl_filter_ctx_t *filter_ctx;
+ nss_filter_ctx_t *filter_ctx;
conn_rec *c;
/* This can occur when doing SSL_ImportFD(NULL, something); */
if (fd->secret == NULL)
return PR_FAILURE;
- filter_ctx = (ssl_filter_ctx_t *)(fd->secret);
+ filter_ctx = (nss_filter_ctx_t *)(fd->secret);
c = filter_ctx->c;
return PR_StringToNetAddr(c->remote_ip, addr);
@@ -989,7 +989,7 @@ static PRStatus PR_CALLBACK nspr_filter_getpeername(PRFileDesc *fd, PRNetAddr *a
* Translate NSPR PR_GetSocketOption() calls into apr_socket_opt_get() calls.
*/
static PRStatus PR_CALLBACK nspr_filter_getsocketoption(PRFileDesc *fd, PRSocketOptionData *data) {
- ssl_filter_ctx_t *filter_ctx = (ssl_filter_ctx_t *)(fd->secret);
+ nss_filter_ctx_t *filter_ctx = (nss_filter_ctx_t *)(fd->secret);
conn_rec *c = filter_ctx->c;
SSLConnRec *sslconn = myConnConfig(c); /* for the Apache socket */
apr_int32_t on;
@@ -1050,7 +1050,7 @@ static PRStatus PR_CALLBACK nspr_filter_getsocketoption(PRFileDesc *fd, PRSocket
* Translate NSPR PR_SetSocketOption() calls into apr_socket_opt_set() calls.
*/
static PRStatus PR_CALLBACK nspr_filter_setsocketOption(PRFileDesc *fd, const PRSocketOptionData *data) {
- ssl_filter_ctx_t *filter_ctx = (ssl_filter_ctx_t *)(fd->secret);
+ nss_filter_ctx_t *filter_ctx = (nss_filter_ctx_t *)(fd->secret);
conn_rec *c = filter_ctx->c;
SSLConnRec *sslconn = myConnConfig(c); /* for the Apache socket */
PRStatus rv = PR_FAILURE;
@@ -1132,7 +1132,7 @@ static PRInt32 PR_CALLBACK nspr_filter_send(PRFileDesc *fd, const void *buf, PRI
* Called once to initialize the NSPR layer that we push for each
* request.
*/
-int ssl_io_layer_init()
+int nss_io_layer_init()
{
const PRIOMethods *defaultMethods;
int rc = 1;
@@ -1168,17 +1168,17 @@ int ssl_io_layer_init()
}
SECStatus
-ssl_AuthCertificate(void *arg, PRFileDesc *socket,
+nss_AuthCertificate(void *arg, PRFileDesc *socket,
PRBool checksig, PRBool isServer)
{
SECStatus status;
- ssl_filter_ctx_t *filter_ctx;
+ nss_filter_ctx_t *filter_ctx;
if (!arg || !socket) {
return SECFailure;
}
- filter_ctx = (ssl_filter_ctx_t *)(socket->lower->secret);
+ filter_ctx = (nss_filter_ctx_t *)(socket->lower->secret);
status = SSL_AuthCertificate(arg, socket, checksig, isServer);
diff --git a/nss_engine_kernel.c b/nss_engine_kernel.c
index fb47eff..167b9f0 100644
--- a/nss_engine_kernel.c
+++ b/nss_engine_kernel.c
@@ -20,7 +20,7 @@ static void HandshakeDone(PRFileDesc *fd, void *doneflag);
/*
* Post Read Request Handler
*/
-int ssl_hook_ReadReq(request_rec *r)
+int nss_hook_ReadReq(request_rec *r)
{
SSLConnRec *sslconn = myConnConfig(r->connection);
@@ -28,7 +28,7 @@ int ssl_hook_ReadReq(request_rec *r)
return DECLINED;
}
- if (sslconn->non_ssl_request) {
+ if (sslconn->non_nss_request) {
const char *errmsg;
char *thisurl;
char *thisport = "";
@@ -56,7 +56,7 @@ int ssl_hook_ReadReq(request_rec *r)
/* Now that we have caught this error, forget it. we are done
* with using SSL on this request.
*/
- sslconn->non_ssl_request = 0;
+ sslconn->non_nss_request = 0;
return HTTP_BAD_REQUEST;
@@ -68,7 +68,7 @@ int ssl_hook_ReadReq(request_rec *r)
/*
* URL Translation Handler
*/
-int ssl_hook_Translate(request_rec *r)
+int nss_hook_Translate(request_rec *r)
{
SSLConnRec *sslconn = myConnConfig(r->connection);
@@ -86,7 +86,7 @@ int ssl_hook_Translate(request_rec *r)
apr_psprintf(r->pool, "Subsequent (No.%d)",
r->connection->keepalives+1)),
r->connection->id,
- ssl_util_vhostid(r->pool, r->server));
+ nss_util_vhostid(r->pool, r->server));
}
return DECLINED;
@@ -96,14 +96,14 @@ int ssl_hook_Translate(request_rec *r)
/*
* Access Handler
*/
-int ssl_hook_Access(request_rec *r)
+int nss_hook_Access(request_rec *r)
{
SSLDirConfigRec *dc = myDirConfig(r);
SSLSrvConfigRec *sc = mySrvConfig(r->server);
SSLConnRec *sslconn = myConnConfig(r->connection);
PRFileDesc *ssl = sslconn ? sslconn->ssl : NULL;
apr_array_header_t *requires;
- ssl_require_t *ssl_requires;
+ nss_require_t *nss_requires;
char *cp;
int ok, i;
BOOL renegotiate = FALSE, renegotiate_quick = FALSE;
@@ -159,7 +159,7 @@ int ssl_hook_Access(request_rec *r)
*/
/*
- * Override of SSLCipherSuite
+ * Override of NSSCipherSuite
*
* We provide two options here:
*
@@ -176,7 +176,7 @@ int ssl_hook_Access(request_rec *r)
* cipher suite we're happy. Because we can assume we would have
* selected it again even when other (better) ciphers exists now in the
* new cipher suite. This approach is fine because the user explicitly
- * has to enable this via ``SSLOptions +OptRenegotiate''. So we do no
+ * has to enable this via ``NSSOptions +OptRenegotiate''. So we do no
* implicit optimizations.
*/
if (dc->szCipherSuite) {
@@ -197,12 +197,12 @@ int ssl_hook_Access(request_rec *r)
/* configure new state */
ciphers = strdup(dc->szCipherSuite);
- if (ssl_parse_ciphers(r->server, ciphers, ciphers_new) < 0) {
+ if (nss_parse_ciphers(r->server, ciphers, ciphers_new) < 0) {
ap_log_error(APLOG_MARK, APLOG_WARNING, 0,
r->server,
"Unable to reconfigure (per-directory) "
"permitted SSL ciphers");
- ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, r->server);
+ nss_log_nss_error(APLOG_MARK, APLOG_ERR, r->server);
free(ciphers);
return HTTP_FORBIDDEN;
@@ -382,7 +382,7 @@ int ssl_hook_Access(request_rec *r)
ap_log_error(APLOG_MARK, APLOG_ERR, 0, r->server,
"SSL Re-negotiation in conjunction "
"with POST method not supported!"
- "hint: try SSLOptions +OptRenegotiate");
+ "hint: try NSSOptions +OptRenegotiate");
return HTTP_METHOD_NOT_ALLOWED;
}
@@ -525,7 +525,7 @@ int ssl_hook_Access(request_rec *r)
* we need to postpone setting the username until later.
*/
if ((dc->nOptions & SSL_OPT_FAKEBASICAUTH) == 0 && dc->szUserName) {
- char *val = ssl_var_lookup(r->pool, r->server, r->connection,
+ char *val = nss_var_lookup(r->pool, r->server, r->connection,
r, (char *)dc->szUserName);
if (val && val[0])
r->user = val;
@@ -535,17 +535,17 @@ int ssl_hook_Access(request_rec *r)
* Check SSLRequire boolean expressions
*/
requires = dc->aRequirement;
- ssl_requires = (ssl_require_t *)requires->elts;
+ nss_requires = (nss_require_t *)requires->elts;
for (i = 0; i < requires->nelts; i++) {
- ssl_require_t *req = &ssl_requires[i];
- ok = ssl_expr_exec(r, req->mpExpr);
+ nss_require_t *req = &nss_requires[i];
+ ok = nss_expr_exec(r, req->mpExpr);
if (ok < 0) {
cp = apr_psprintf(r->pool,
"Failed to execute "
"SSL requirement expression: %s",
- ssl_expr_get_error());
+ nss_expr_get_error());
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
"access to %s failed, reason: %s",
@@ -598,7 +598,7 @@ int ssl_hook_Access(request_rec *r)
* authenticates a user. This means that the Module statement for this
* module should be LAST in the Configuration file.
*/
-int ssl_hook_UserCheck(request_rec *r)
+int nss_hook_UserCheck(request_rec *r)
{
SSLConnRec *sslconn = myConnConfig(r->connection);
SSLSrvConfigRec *sc = mySrvConfig(r->server);
@@ -650,7 +650,7 @@ int ssl_hook_UserCheck(request_rec *r)
/*
* We decline operation in various situations...
- * - SSLOptions +FakeBasicAuth not configured
+ * - NSSOptions +FakeBasicAuth not configured
* - r->user already authenticated
* - ssl not enabled
* - client did not present a certificate
@@ -697,11 +697,11 @@ int ssl_hook_UserCheck(request_rec *r)
}
/* authorization phase */
-int ssl_hook_Auth(request_rec *r)
+int nss_hook_Auth(request_rec *r)
{
SSLDirConfigRec *dc = myDirConfig(r);
- ap_log_error(APLOG_MARK, APLOG_INFO, 0, r->server, "ssl_hook_Auth");
+ ap_log_error(APLOG_MARK, APLOG_INFO, 0, r->server, "nss_hook_Auth");
/*
* Additionally forbid access (again)
* when strict require option is used.
@@ -719,7 +719,7 @@ int ssl_hook_Auth(request_rec *r)
* Fixup Handler
*/
-static const char *ssl_hook_Fixup_vars[] = {
+static const char *nss_hook_Fixup_vars[] = {
"SSL_VERSION_INTERFACE",
"SSL_VERSION_LIBRARY",
"SSL_PROTOCOL",
@@ -800,7 +800,7 @@ static const char *ssl_hook_Fixup_vars[] = {
NULL
};
-int ssl_hook_Fixup(request_rec *r)
+int nss_hook_Fixup(request_rec *r)
{
SSLConnRec *sslconn = myConnConfig(r->connection);
SSLSrvConfigRec *sc = mySrvConfig(r->server);
@@ -823,7 +823,7 @@ int ssl_hook_Fixup(request_rec *r)
* Set r->user if requested
*/
if (dc->szUserName) {
- val = ssl_var_lookup(r->pool, r->server, r->connection,
+ val = nss_var_lookup(r->pool, r->server, r->connection,
r, (char *)dc->szUserName);
if (val && val[0]) {
r->user = val;
@@ -838,9 +838,9 @@ int ssl_hook_Fixup(request_rec *r)
/* standard SSL environment variables */
if (dc->nOptions & SSL_OPT_STDENVVARS) {
- for (i = 0; ssl_hook_Fixup_vars[i]; i++) {
- var = (char *)ssl_hook_Fixup_vars[i];
- val = ssl_var_lookup(r->pool, r->server, r->connection, r, var);
+ for (i = 0; nss_hook_Fixup_vars[i]; i++) {
+ var = (char *)nss_hook_Fixup_vars[i];
+ val = nss_var_lookup(r->pool, r->server, r->connection, r, var);
if (!strIsEmpty(val)) {
apr_table_setn(env, var, val);
}
@@ -851,12 +851,12 @@ int ssl_hook_Fixup(request_rec *r)
* On-demand bloat up the SSI/CGI environment with certificate data
*/
if (dc->nOptions & SSL_OPT_EXPORTCERTDATA) {
- val = ssl_var_lookup(r->pool, r->server, r->connection,
+ val = nss_var_lookup(r->pool, r->server, r->connection,
r, "SSL_SERVER_CERT");
apr_table_setn(env, "SSL_SERVER_CERT", val);
- val = ssl_var_lookup(r->pool, r->server, r->connection,
+ val = nss_var_lookup(r->pool, r->server, r->connection,
r, "SSL_CLIENT_CERT");
apr_table_setn(env, "SSL_CLIENT_CERT", val);
@@ -879,7 +879,7 @@ int ssl_hook_Fixup(request_rec *r)
for (i = 0; i < n; i++) {
var = apr_psprintf(r->pool, "SSL_CLIENT_CERT_CHAIN_%d", i);
- val = ssl_var_lookup(r->pool, r->server, r->connection,
+ val = nss_var_lookup(r->pool, r->server, r->connection,
r, var);
if (val) {
apr_table_setn(env, var, val);
diff --git a/nss_engine_log.c b/nss_engine_log.c
index f3f1566..1bb18e5 100644
--- a/nss_engine_log.c
+++ b/nss_engine_log.c
@@ -182,7 +182,7 @@ l_error_t libsec_errors[] = {
{ 144, "SEC_ERROR_OCSP_INVALID_SIGNING_CERT - OCSP signer certificate not found, not trusted or invalid." }
};
-l_error_t libssl_errors[] = {
+l_error_t libnss_errors[] = {
{ 0, "Client does not support high-grade encryption" },
{ 1, "Client requires high-grade encryption which is not supported" },
{ 2, "No common encryption algorithm(s) with client" },
@@ -288,7 +288,7 @@ l_error_t libssl_errors[] = {
{ 102, "Peer does not permit renegotiation of SSL security parameters" }
};
-void ssl_die(void)
+void nss_die(void)
{
/*
* This is used for fatal errors and here
@@ -298,7 +298,7 @@ void ssl_die(void)
exit(1);
}
-void ssl_log_ssl_error(const char *file, int line, int level, server_rec *s)
+void nss_log_nss_error(const char *file, int line, int level, server_rec *s)
{
const char *err;
PRInt32 error;
@@ -312,7 +312,7 @@ void ssl_log_ssl_error(const char *file, int line, int level, server_rec *s)
err = libsec_errors[error-LIBSEC_ERROR_BASE].errorString;
} else if ((error >= LIBSSL_ERROR_BASE) &&
(error <= LIBSSL_MAX_ERROR)) {
- err = libssl_errors[error-LIBSSL_ERROR_BASE].errorString;
+ err = libnss_errors[error-LIBSSL_ERROR_BASE].errorString;
} else {
err = "Unknown";
}
diff --git a/nss_engine_pphrase.c b/nss_engine_pphrase.c
index cb6643d..61324d7 100644
--- a/nss_engine_pphrase.c
+++ b/nss_engine_pphrase.c
@@ -22,10 +22,10 @@ typedef struct {
PRInt32 retryCount;
} pphrase_arg_t;
-static char * ssl_password_prompt(PK11SlotInfo *slot, PRBool retry, void *arg);
-static char * ssl_no_password(PK11SlotInfo *slot, PRBool retry, void *arg);
-static unsigned char * ssl_get_password(FILE *input, FILE *output, PK11SlotInfo *slot, PRBool (*ok)(unsigned char *), pphrase_arg_t * parg);
-static PRBool ssl_check_password(unsigned char *cp);
+static char * nss_password_prompt(PK11SlotInfo *slot, PRBool retry, void *arg);
+static char * nss_no_password(PK11SlotInfo *slot, PRBool retry, void *arg);
+static unsigned char * nss_get_password(FILE *input, FILE *output, PK11SlotInfo *slot, PRBool (*ok)(unsigned char *), pphrase_arg_t * parg);
+static PRBool nss_check_password(unsigned char *cp);
static void echoOff(int fd);
static void echoOn(int fd);
@@ -40,7 +40,7 @@ static char * prompt;
* be authenticated and others will not be.
*/
-SECStatus ssl_Init_Tokens(server_rec *s)
+SECStatus nss_Init_Tokens(server_rec *s)
{
PK11SlotList *slotList;
PK11SlotListElement *listEntry;
@@ -52,7 +52,7 @@ SECStatus ssl_Init_Tokens(server_rec *s)
parg->mc = mc;
parg->retryCount = 0;
- PK11_SetPasswordFunc(ssl_password_prompt);
+ PK11_SetPasswordFunc(nss_password_prompt);
slotList = PK11_GetAllTokens(CKM_INVALID_MECHANISM, PR_FALSE, PR_TRUE, NULL);
@@ -85,7 +85,7 @@ SECStatus ssl_Init_Tokens(server_rec *s)
* reset NSS password callback to blank, so that the server won't prompt
* again after initialization is done.
*/
- PK11_SetPasswordFunc(ssl_no_password);
+ PK11_SetPasswordFunc(nss_no_password);
free(parg);
return status;
@@ -95,7 +95,7 @@ SECStatus ssl_Init_Tokens(server_rec *s)
* Wrapper callback function that prompts the user for the token password
* up to 3 times.
*/
-static char * ssl_password_prompt(PK11SlotInfo *slot, PRBool retry, void *arg)
+static char * nss_password_prompt(PK11SlotInfo *slot, PRBool retry, void *arg)
{
char *passwd = NULL;
pphrase_arg_t *parg = (pphrase_arg_t *)arg;
@@ -106,12 +106,12 @@ static char * ssl_password_prompt(PK11SlotInfo *slot, PRBool retry, void *arg)
prompt = PR_smprintf("Please enter password for \"%s\" token:", PK11_GetTokenName(slot));
if (parg == NULL) {
// should not happen
- passwd = ssl_get_password(stdin, stdout, slot, ssl_check_password, 0);
+ passwd = nss_get_password(stdin, stdout, slot, nss_check_password, 0);
} else {
if (parg->retryCount > 2) {
passwd = NULL; // abort after 2 retries (3 failed attempts)
} else {
- passwd = ssl_get_password(stdin, stdout, slot, ssl_check_password, parg);
+ passwd = nss_get_password(stdin, stdout, slot, nss_check_password, parg);
}
}
@@ -126,7 +126,7 @@ static char * ssl_password_prompt(PK11SlotInfo *slot, PRBool retry, void *arg)
if (!APR_STATUS_IS_SUCCESS(rv)) {
ap_log_error(APLOG_MARK, APLOG_ERR, 0, NULL,
"Unable to write to pin store for slot: %s APR err: %d", PK11_GetTokenName(slot), rv);
- ssl_die();
+ nss_die();
}
/* Check the result. We don't really care what we got back as long
@@ -143,7 +143,7 @@ static char * ssl_password_prompt(PK11SlotInfo *slot, PRBool retry, void *arg)
(res != PIN_SUCCESS && res != PIN_INCORRECTPW)) {
ap_log_error(APLOG_MARK, APLOG_ERR, 0, NULL,
"Unable to read from pin store for slot: %s APR err: %d", PK11_GetTokenName(slot), rv);
- ssl_die();
+ nss_die();
}
}
@@ -155,7 +155,7 @@ static char * ssl_password_prompt(PK11SlotInfo *slot, PRBool retry, void *arg)
* any actual enforcement here but it demonstrates the sorts of things
* that may be done.
*/
-static PRBool ssl_check_password(unsigned char *cp)
+static PRBool nss_check_password(unsigned char *cp)
{
int len;
unsigned char *end, ch;
@@ -180,7 +180,7 @@ static PRBool ssl_check_password(unsigned char *cp)
* Password callback so the user is not prompted to enter the password
* after the server starts.
*/
-static char * ssl_no_password(PK11SlotInfo *slot, PRBool retry, void *arg)
+static char * nss_no_password(PK11SlotInfo *slot, PRBool retry, void *arg)
{
return NULL;
}
@@ -190,7 +190,7 @@ static char * ssl_no_password(PK11SlotInfo *slot, PRBool retry, void *arg)
* twiddling with the tty. Alternatively, if the file password.conf
* exists then it may be used to store the token password(s).
*/
-static unsigned char *ssl_get_password(FILE *input, FILE *output,
+static unsigned char *nss_get_password(FILE *input, FILE *output,
PK11SlotInfo *slot,
PRBool (*ok)(unsigned char *),
pphrase_arg_t *parg)
@@ -229,7 +229,7 @@ static unsigned char *ssl_get_password(FILE *input, FILE *output,
} else {
ap_log_error(APLOG_MARK, APLOG_ERR, 0, NULL,
"Unable to open password file %s", parg->mc->pphrase_dialog_path);
- ssl_die();
+ nss_die();
}
}
@@ -246,7 +246,7 @@ static unsigned char *ssl_get_password(FILE *input, FILE *output,
if (!APR_STATUS_IS_SUCCESS(rv)) {
ap_log_error(APLOG_MARK, APLOG_ERR, 0, NULL,
"Unable to write to pin store for slot: %s APR err: %d", PK11_GetTokenName(slot), rv);
- ssl_die();
+ nss_die();
}
/* The helper just returns a token pw or "", so we don't have much
@@ -257,7 +257,7 @@ static unsigned char *ssl_get_password(FILE *input, FILE *output,
if (!APR_STATUS_IS_SUCCESS(rv)) {
ap_log_error(APLOG_MARK, APLOG_ERR, 0, NULL,
"Unable to read from pin store for slot: %s APR err: %d", PK11_GetTokenName(slot), rv);
- ssl_die();
+ nss_die();
}
/* Just return what we got. If we got this far and we don't have a
diff --git a/nss_engine_vars.c b/nss_engine_vars.c
index 8cb24ce..22d7978 100644
--- a/nss_engine_vars.c
+++ b/nss_engine_vars.c
@@ -26,33 +26,33 @@
#define CERT_NOTBEFORE 0
#define CERT_NOTAFTER 1
-static char *ssl_var_lookup_header(apr_pool_t *p, request_rec *r, const char *name);
-static char *ssl_var_lookup_ssl(apr_pool_t *p, conn_rec *c, char *var);
-static char *ssl_var_lookup_ssl_cert(apr_pool_t *p, CERTCertificate *xs, char *var, conn_rec *c);
-static char *ssl_var_lookup_ssl_cert_dn(apr_pool_t *p, CERTName *cert, char *var);
-static char *ssl_var_lookup_ssl_cert_valid(apr_pool_t *p, CERTCertificate *xs, int type);
-static char *ssl_var_lookup_ssl_cert_chain(apr_pool_t *p, CERTCertificate *cert,char *var);
-static char *ssl_var_lookup_ssl_cert_PEM(apr_pool_t *p, CERTCertificate *xs);
-static char *ssl_var_lookup_ssl_cert_verify(apr_pool_t *p, conn_rec *c);
-static char *ssl_var_lookup_ssl_cipher(apr_pool_t *p, conn_rec *c, char *var);
-static char *ssl_var_lookup_ssl_version(apr_pool_t *p, char *var);
-static char *ssl_var_lookup_protocol_version(apr_pool_t *p, conn_rec *c);
-
-static int ssl_is_https(conn_rec *c)
+static char *nss_var_lookup_header(apr_pool_t *p, request_rec *r, const char *name);
+static char *nss_var_lookup_ssl(apr_pool_t *p, conn_rec *c, char *var);
+static char *nss_var_lookup_nss_cert(apr_pool_t *p, CERTCertificate *xs, char *var, conn_rec *c);
+static char *nss_var_lookup_nss_cert_dn(apr_pool_t *p, CERTName *cert, char *var);
+static char *nss_var_lookup_nss_cert_valid(apr_pool_t *p, CERTCertificate *xs, int type);
+static char *nss_var_lookup_nss_cert_chain(apr_pool_t *p, CERTCertificate *cert,char *var);
+static char *nss_var_lookup_nss_cert_PEM(apr_pool_t *p, CERTCertificate *xs);
+static char *nss_var_lookup_nss_cert_verify(apr_pool_t *p, conn_rec *c);
+static char *nss_var_lookup_nss_cipher(apr_pool_t *p, conn_rec *c, char *var);
+static char *nss_var_lookup_nss_version(apr_pool_t *p, char *var);
+static char *nss_var_lookup_protocol_version(apr_pool_t *p, conn_rec *c);
+
+static int nss_is_https(conn_rec *c)
{
SSLConnRec *sslconn = myConnConfig(c);
return sslconn && sslconn->ssl;
}
-void ssl_var_register(void)
+void nss_var_register(void)
{
- APR_REGISTER_OPTIONAL_FN(ssl_is_https);
- APR_REGISTER_OPTIONAL_FN(ssl_var_lookup);
+ APR_REGISTER_OPTIONAL_FN(nss_is_https);
+ APR_REGISTER_OPTIONAL_FN(nss_var_lookup);
return;
}
/* This function must remain safe to use for a non-SSL connection. */
-char *ssl_var_lookup(apr_pool_t *p, server_rec *s, conn_rec *c, request_rec *r, char *var)
+char *nss_var_lookup(apr_pool_t *p, server_rec *s, conn_rec *c, request_rec *r, char *var)
{
SSLModConfigRec *mc = myModConfig(s);
char *result;
@@ -79,22 +79,22 @@ char *ssl_var_lookup(apr_pool_t *p, server_rec *s, conn_rec *c, request_rec *r,
*/
if (r != NULL) {
if (strcEQ(var, "HTTP_USER_AGENT"))
- result = ssl_var_lookup_header(p, r, "User-Agent");
+ result = nss_var_lookup_header(p, r, "User-Agent");
else if (strcEQ(var, "HTTP_REFERER"))
- result = ssl_var_lookup_header(p, r, "Referer");
+ result = nss_var_lookup_header(p, r, "Referer");
else if (strcEQ(var, "HTTP_COOKIE"))
- result = ssl_var_lookup_header(p, r, "Cookie");
+ result = nss_var_lookup_header(p, r, "Cookie");
else if (strcEQ(var, "HTTP_FORWARDED"))
- result = ssl_var_lookup_header(p, r, "Forwarded");
+ result = nss_var_lookup_header(p, r, "Forwarded");
else if (strcEQ(var, "HTTP_HOST"))
- result = ssl_var_lookup_header(p, r, "Host");
+ result = nss_var_lookup_header(p, r, "Host");
else if (strcEQ(var, "HTTP_PROXY_CONNECTION"))
- result = ssl_var_lookup_header(p, r, "Proxy-Connection");
+ result = nss_var_lookup_header(p, r, "Proxy-Connection");
else if (strcEQ(var, "HTTP_ACCEPT"))
- result = ssl_var_lookup_header(p, r, "Accept");
+ result = nss_var_lookup_header(p, r, "Accept");
else if (strlen(var) > 5 && strcEQn(var, "HTTP:", 5))
/* all other headers from which we are still not know about */
- result = ssl_var_lookup_header(p, r, var+5);
+ result = nss_var_lookup_header(p, r, var+5);
else if (strcEQ(var, "THE_REQUEST"))
result = r->the_request;
else if (strcEQ(var, "REQUEST_METHOD"))
@@ -142,7 +142,7 @@ char *ssl_var_lookup(apr_pool_t *p, server_rec *s, conn_rec *c, request_rec *r,
result = r->ap_auth_type;
else if (strlen(var) > 4 && strcEQn(var, "SSL_", 4)
&& sslconn && sslconn->ssl)
- result = ssl_var_lookup_ssl(p, c, var+4);
+ result = nss_var_lookup_ssl(p, c, var+4);
else if (strcEQ(var, "HTTPS")) {
if (sslconn && sslconn->ssl)
result = "on";
@@ -156,7 +156,7 @@ char *ssl_var_lookup(apr_pool_t *p, server_rec *s, conn_rec *c, request_rec *r,
*/
if (result == NULL) {
if (strlen(var) > 12 && strcEQn(var, "SSL_VERSION_", 12))
- result = ssl_var_lookup_ssl_version(p, var+12);
+ result = nss_var_lookup_nss_version(p, var+12);
else if (strcEQ(var, "SERVER_SOFTWARE"))
result = (char *)ap_get_server_version();
else if (strcEQ(var, "API_VERSION")) {
@@ -216,7 +216,7 @@ char *ssl_var_lookup(apr_pool_t *p, server_rec *s, conn_rec *c, request_rec *r,
return result;
}
-static char *ssl_var_lookup_header(apr_pool_t *p, request_rec *r, const char *name)
+static char *nss_var_lookup_header(apr_pool_t *p, request_rec *r, const char *name)
{
char *hdr = NULL;
@@ -225,7 +225,7 @@ static char *ssl_var_lookup_header(apr_pool_t *p, request_rec *r, const char *na
return hdr;
}
-static char *ssl_var_lookup_ssl(apr_pool_t *p, conn_rec *c, char *var)
+static char *nss_var_lookup_ssl(apr_pool_t *p, conn_rec *c, char *var)
{
SSLConnRec *sslconn = myConnConfig(c);
char *result;
@@ -236,10 +236,10 @@ static char *ssl_var_lookup_ssl(apr_pool_t *p, conn_rec *c, char *var)
ssl = sslconn->ssl;
if (strlen(var) > 8 && strcEQn(var, "VERSION_", 8)) {
- result = ssl_var_lookup_ssl_version(p, var+8);
+ result = nss_var_lookup_nss_version(p, var+8);
}
else if (ssl != NULL && strcEQ(var, "PROTOCOL")) {
- result = (char *)ssl_var_lookup_protocol_version(p, c);
+ result = (char *)nss_var_lookup_protocol_version(p, c);
}
else if (ssl != NULL && strcEQ(var, "SESSION_ID")) {
char *idstr;
@@ -258,27 +258,27 @@ static char *ssl_var_lookup_ssl(apr_pool_t *p, conn_rec *c, char *var)
SECITEM_FreeItem(iditem, PR_TRUE);
}
else if (ssl != NULL && strlen(var) >= 6 && strcEQn(var, "CIPHER", 6)) {
- result = ssl_var_lookup_ssl_cipher(p, c, var+6);
+ result = nss_var_lookup_nss_cipher(p, c, var+6);
}
else if (ssl != NULL && strlen(var) > 18 && strcEQn(var, "CLIENT_CERT_CHAIN_", 18)) {
xs = SSL_PeerCertificate(ssl);
if (xs != NULL) {
- result = ssl_var_lookup_ssl_cert_chain(p, xs, var+18);
+ result = nss_var_lookup_nss_cert_chain(p, xs, var+18);
CERT_DestroyCertificate(xs);
}
}
else if (ssl != NULL && strcEQ(var, "CLIENT_VERIFY")) {
- result = ssl_var_lookup_ssl_cert_verify(p, c);
+ result = nss_var_lookup_nss_cert_verify(p, c);
}
else if (ssl != NULL && strlen(var) > 7 && strcEQn(var, "CLIENT_", 7)) {
if ((xs = SSL_PeerCertificate(ssl)) != NULL) {
- result = ssl_var_lookup_ssl_cert(p, xs, var+7, c);
+ result = nss_var_lookup_nss_cert(p, xs, var+7, c);
CERT_DestroyCertificate(xs);
}
}
else if (ssl != NULL && strlen(var) > 7 && strcEQn(var, "SERVER_", 7)) {
if ((xs = SSL_LocalCertificate(ssl)) != NULL) {
- result = ssl_var_lookup_ssl_cert(p, xs, var+7, c);
+ result = nss_var_lookup_nss_cert(p, xs, var+7, c);
CERT_DestroyCertificate(xs);
}
}
@@ -286,7 +286,7 @@ static char *ssl_var_lookup_ssl(apr_pool_t *p, conn_rec *c, char *var)
return result;
}
-static char *ssl_var_lookup_ssl_cert(apr_pool_t *p, CERTCertificate *xs, char *var, conn_rec *c)
+static char *nss_var_lookup_nss_cert(apr_pool_t *p, CERTCertificate *xs, char *var, conn_rec *c)
{
char *result;
BOOL resdup;
@@ -304,10 +304,10 @@ static char *ssl_var_lookup_ssl_cert(apr_pool_t *p, CERTCertificate *xs, char *v
resdup = FALSE;
}
else if (strcEQ(var, "V_START")) {
- result = ssl_var_lookup_ssl_cert_valid(p, xs, CERT_NOTBEFORE);
+ result = nss_var_lookup_nss_cert_valid(p, xs, CERT_NOTBEFORE);
}
else if (strcEQ(var, "V_END")) {
- result = ssl_var_lookup_ssl_cert_valid(p, xs, CERT_NOTAFTER);
+ result = nss_var_lookup_nss_cert_valid(p, xs, CERT_NOTAFTER);
}
else if (strcEQ(var, "S_DN")) {
xsname = CERT_NameToAscii(&xs->subject);
@@ -316,7 +316,7 @@ static char *ssl_var_lookup_ssl_cert(apr_pool_t *p, CERTCertificate *xs, char *v
resdup = FALSE;
}
else if (strlen(var) > 5 && strcEQn(var, "S_DN_", 5)) {
- result = ssl_var_lookup_ssl_cert_dn(p, &xs->subject, var+5);
+ result = nss_var_lookup_nss_cert_dn(p, &xs->subject, var+5);
resdup = FALSE;
}
else if (strcEQ(var, "I_DN")) {
@@ -326,7 +326,7 @@ static char *ssl_var_lookup_ssl_cert(apr_pool_t *p, CERTCertificate *xs, char *v
resdup = FALSE;
}
else if (strlen(var) > 5 && strcEQn(var, "I_DN_", 5)) {
- result = ssl_var_lookup_ssl_cert_dn(p, &xs->issuer, var+5);
+ result = nss_var_lookup_nss_cert_dn(p, &xs->issuer, var+5);
resdup = FALSE;
}
else if (strcEQ(var, "A_SIG")) {
@@ -367,7 +367,7 @@ static char *ssl_var_lookup_ssl_cert(apr_pool_t *p, CERTCertificate *xs, char *v
resdup = FALSE;
}
else if (strcEQ(var, "CERT")) {
- result = ssl_var_lookup_ssl_cert_PEM(p, xs);
+ result = nss_var_lookup_nss_cert_PEM(p, xs);
}
if (result != NULL && resdup)
@@ -375,7 +375,7 @@ static char *ssl_var_lookup_ssl_cert(apr_pool_t *p, CERTCertificate *xs, char *v
return result;
}
-static char *ssl_var_lookup_ssl_cert_dn(apr_pool_t *p, CERTName *cert, char *var)
+static char *nss_var_lookup_nss_cert_dn(apr_pool_t *p, CERTName *cert, char *var)
{
char *result;
char *rv;
@@ -413,7 +413,7 @@ static char *ssl_var_lookup_ssl_cert_dn(apr_pool_t *p, CERTName *cert, char *var
return result;
}
-static char *ssl_var_lookup_ssl_cert_valid(apr_pool_t *p, CERTCertificate *xs, int type)
+static char *nss_var_lookup_nss_cert_valid(apr_pool_t *p, CERTCertificate *xs, int type)
{
char *result;
PRExplodedTime printableTime;
@@ -436,7 +436,7 @@ static char *ssl_var_lookup_ssl_cert_valid(apr_pool_t *p, CERTCertificate *xs, i
return result;
}
-static char *ssl_var_lookup_ssl_cert_chain(apr_pool_t *p, CERTCertificate *cert, char *var)
+static char *nss_var_lookup_nss_cert_chain(apr_pool_t *p, CERTCertificate *cert, char *var)
{
char *result;
CERTCertificateList *chain = NULL;
@@ -454,7 +454,7 @@ static char *ssl_var_lookup_ssl_cert_chain(apr_pool_t *p, CERTCertificate *cert,
if (n <= chain->len-1) {
CERTCertificate *c;
c = CERT_FindCertByDERCert(CERT_GetDefaultCertDB(), &chain->certs[n]);
- result = ssl_var_lookup_ssl_cert_PEM(p, c);
+ result = nss_var_lookup_nss_cert_PEM(p, c);
CERT_DestroyCertificate(c);
}
}
@@ -466,7 +466,7 @@ static char *ssl_var_lookup_ssl_cert_chain(apr_pool_t *p, CERTCertificate *cert,
#define CERT_HEADER "-----BEGIN CERTIFICATE-----\n"
#define CERT_TRAILER "\n-----END CERTIFICATE-----\n"
-static char *ssl_var_lookup_ssl_cert_PEM(apr_pool_t *p, CERTCertificate *xs)
+static char *nss_var_lookup_nss_cert_PEM(apr_pool_t *p, CERTCertificate *xs)
{
char * result = NULL;
char * tmp = NULL;
@@ -503,7 +503,7 @@ static char *ssl_var_lookup_ssl_cert_PEM(apr_pool_t *p, CERTCertificate *xs)
return result;
}
-static char *ssl_var_lookup_ssl_cert_verify(apr_pool_t *p, conn_rec *c)
+static char *nss_var_lookup_nss_cert_verify(apr_pool_t *p, conn_rec *c)
{
SSLConnRec *sslconn = myConnConfig(c);
char *result;
@@ -538,7 +538,7 @@ static char *ssl_var_lookup_ssl_cert_verify(apr_pool_t *p, conn_rec *c)
return result;
}
-static char *ssl_var_lookup_ssl_cipher(apr_pool_t *p, conn_rec *c, char *var)
+static char *nss_var_lookup_nss_cipher(apr_pool_t *p, conn_rec *c, char *var)
{
SSLConnRec *sslconn = myConnConfig(c);
char *result;
@@ -588,7 +588,7 @@ static char *ssl_var_lookup_ssl_cipher(apr_pool_t *p, conn_rec *c, char *var)
return result;
}
-static char *ssl_var_lookup_ssl_version(apr_pool_t *p, char *var)
+static char *nss_var_lookup_nss_version(apr_pool_t *p, char *var)
{
char *result;
@@ -610,7 +610,7 @@ static char *ssl_var_lookup_ssl_version(apr_pool_t *p, char *var)
return result;
}
-static char *ssl_var_lookup_protocol_version(apr_pool_t *p, conn_rec *c)
+static char *nss_var_lookup_protocol_version(apr_pool_t *p, conn_rec *c)
{
char *result;
SSLChannelInfo channel;
@@ -651,22 +651,22 @@ static char *ssl_var_lookup_protocol_version(apr_pool_t *p, conn_rec *c)
#include "mod_log_config.h"
-static const char *ssl_var_log_handler_c(request_rec *r, char *a);
-static const char *ssl_var_log_handler_x(request_rec *r, char *a);
+static const char *nss_var_log_handler_c(request_rec *r, char *a);
+static const char *nss_var_log_handler_x(request_rec *r, char *a);
/*
* register us for the mod_log_config function registering phase
* to establish %{...}c and to be able to expand %{...}x variables.
*/
-void ssl_var_log_config_register(apr_pool_t *p)
+void nss_var_log_config_register(apr_pool_t *p)
{
static APR_OPTIONAL_FN_TYPE(ap_register_log_handler) *log_pfn_register;
log_pfn_register = APR_RETRIEVE_OPTIONAL_FN(ap_register_log_handler);
if (log_pfn_register) {
- log_pfn_register(p, "c", ssl_var_log_handler_c, 0);
- log_pfn_register(p, "x", ssl_var_log_handler_x, 0);
+ log_pfn_register(p, "c", nss_var_log_handler_c, 0);
+ log_pfn_register(p, "x", nss_var_log_handler_x, 0);
}
return;
}
@@ -675,7 +675,7 @@ void ssl_var_log_config_register(apr_pool_t *p)
* implement the %{..}c log function
* (we are the only function)
*/
-static const char *ssl_var_log_handler_c(request_rec *r, char *a)
+static const char *nss_var_log_handler_c(request_rec *r, char *a)
{
SSLConnRec *sslconn = myConnConfig(r->connection);
char *result;
@@ -684,13 +684,13 @@ static const char *ssl_var_log_handler_c(request_rec *r, char *a)
return NULL;
result = NULL;
if (strEQ(a, "version"))
- result = ssl_var_lookup(r->pool, r->server, r->connection, r, "SSL_PROTOCOL");
+ result = nss_var_lookup(r->pool, r->server, r->connection, r, "SSL_PROTOCOL");
else if (strEQ(a, "cipher"))
- result = ssl_var_lookup(r->pool, r->server, r->connection, r, "SSL_CIPHER");
+ result = nss_var_lookup(r->pool, r->server, r->connection, r, "SSL_CIPHER");
else if (strEQ(a, "subjectdn") || strEQ(a, "clientcert"))
- result = ssl_var_lookup(r->pool, r->server, r->connection, r, "SSL_CLIENT_S_DN");
+ result = nss_var_lookup(r->pool, r->server, r->connection, r, "SSL_CLIENT_S_DN");
else if (strEQ(a, "issuerdn") || strEQ(a, "cacert"))
- result = ssl_var_lookup(r->pool, r->server, r->connection, r, "SSL_CLIENT_I_DN");
+ result = nss_var_lookup(r->pool, r->server, r->connection, r, "SSL_CLIENT_I_DN");
else if (strEQ(a, "errcode"))
result = "-";
if (result != NULL && result[0] == NUL)
@@ -702,11 +702,11 @@ static const char *ssl_var_log_handler_c(request_rec *r, char *a)
* extend the implementation of the %{..}x log function
* (there can be more functions)
*/
-static const char *ssl_var_log_handler_x(request_rec *r, char *a)
+static const char *nss_var_log_handler_x(request_rec *r, char *a)
{
char *result;
- result = ssl_var_lookup(r->pool, r->server, r->connection, r, a);
+ result = nss_var_lookup(r->pool, r->server, r->connection, r, a);
if (result != NULL && result[0] == NUL)
result = NULL;
return result;
diff --git a/nss_expr.c b/nss_expr.c
index 1e6e445..22da3d6 100644
--- a/nss_expr.c
+++ b/nss_expr.c
@@ -13,19 +13,6 @@
* limitations under the License.
*/
-/* _ _
- * _ __ ___ ___ __| | ___ ___| | mod_ssl
- * | '_ ` _ \ / _ \ / _` | / __/ __| | Apache Interface to OpenSSL
- * | | | | | | (_) | (_| | \__ \__ \ |
- * |_| |_| |_|\___/ \__,_|___|___/___/_|
- * |_____|
- * ssl_expr.c
- * Expression Handling
- */
- /* ``It is hard to fly with
- the eagles when you work
- with the turkeys.''
- -- Unknown */
#include "mod_nss.h"
/* _________________________________________________________________
@@ -34,47 +21,47 @@
** _________________________________________________________________
*/
-ssl_expr_info_type ssl_expr_info;
-char *ssl_expr_error;
+nss_expr_info_type nss_expr_info;
+char *nss_expr_error;
-ssl_expr *ssl_expr_comp(apr_pool_t *p, char *expr)
+nss_expr *nss_expr_comp(apr_pool_t *p, char *expr)
{
- ssl_expr_info.pool = p;
- ssl_expr_info.inputbuf = expr;
- ssl_expr_info.inputlen = strlen(expr);
- ssl_expr_info.inputptr = ssl_expr_info.inputbuf;
- ssl_expr_info.expr = FALSE;
+ nss_expr_info.pool = p;
+ nss_expr_info.inputbuf = expr;
+ nss_expr_info.inputlen = strlen(expr);
+ nss_expr_info.inputptr = nss_expr_info.inputbuf;
+ nss_expr_info.expr = FALSE;
- ssl_expr_error = NULL;
- if (ssl_expr_yyparse())
+ nss_expr_error = NULL;
+ if (nss_expr_yyparse())
return NULL;
- return ssl_expr_info.expr;
+ return nss_expr_info.expr;
}
-char *ssl_expr_get_error(void)
+char *nss_expr_get_error(void)
{
- if (ssl_expr_error == NULL)
+ if (nss_expr_error == NULL)
return "";
- return ssl_expr_error;
+ return nss_expr_error;
}
-ssl_expr *ssl_expr_make(ssl_expr_node_op op, void *a1, void *a2)
+nss_expr *nss_expr_make(nss_expr_node_op op, void *a1, void *a2)
{
- ssl_expr *node;
+ nss_expr *node;
- node = (ssl_expr *)apr_palloc(ssl_expr_info.pool, sizeof(ssl_expr));
+ node = (nss_expr *)apr_palloc(nss_expr_info.pool, sizeof(nss_expr));
node->node_op = op;
node->node_arg1 = (char *)a1;
node->node_arg2 = (char *)a2;
return node;
}
-int ssl_expr_exec(request_rec *r, ssl_expr *expr)
+int nss_expr_exec(request_rec *r, nss_expr *expr)
{
BOOL rc;
- rc = ssl_expr_eval(r, expr);
- if (ssl_expr_error != NULL)
+ rc = nss_expr_eval(r, expr);
+ if (nss_expr_error != NULL)
return (-1);
else
return (rc ? 1 : 0);
diff --git a/nss_expr.h b/nss_expr.h
index 8399159..462f36c 100644
--- a/nss_expr.h
+++ b/nss_expr.h
@@ -13,19 +13,8 @@
* limitations under the License.
*/
-/* _ _
- * _ __ ___ ___ __| | ___ ___| | mod_ssl
- * | '_ ` _ \ / _ \ / _` | / __/ __| | Apache Interface to OpenSSL
- * | | | | | | (_) | (_| | \__ \__ \ |
- * |_| |_| |_|\___/ \__,_|___|___/___/_|
- * |_____|
- * ssl_expr.h
- * Expression Handling (Header)
- */
- /* ``May all your PUSHes be POPed.'' */
-
-#ifndef __SSL_EXPR_H__
-#define __SSL_EXPR_H__
+#ifndef __NSS_EXPR_H__
+#define __NSS_EXPR_H__
#ifndef FALSE
#define FALSE 0
@@ -64,40 +53,40 @@ typedef enum {
op_True, op_False, op_Not, op_Or, op_And, op_Comp,
op_EQ, op_NE, op_LT, op_LE, op_GT, op_GE, op_IN, op_REG, op_NRE,
op_Digit, op_String, op_Regex, op_Var, op_Func
-} ssl_expr_node_op;
+} nss_expr_node_op;
typedef struct {
- ssl_expr_node_op node_op;
+ nss_expr_node_op node_op;
void *node_arg1;
void *node_arg2;
apr_pool_t *p;
-} ssl_expr_node;
+} nss_expr_node;
-typedef ssl_expr_node ssl_expr;
+typedef nss_expr_node nss_expr;
typedef struct {
apr_pool_t *pool;
char *inputbuf;
int inputlen;
char *inputptr;
- ssl_expr *expr;
-} ssl_expr_info_type;
+ nss_expr *expr;
+} nss_expr_info_type;
-extern ssl_expr_info_type ssl_expr_info;
-extern char *ssl_expr_error;
+extern nss_expr_info_type nss_expr_info;
+extern char *nss_expr_error;
-#define yylval ssl_expr_yylval
-#define yyerror ssl_expr_yyerror
-#define yyinput ssl_expr_yyinput
+#define yylval nss_expr_yylval
+#define yyerror nss_expr_yyerror
+#define yyinput nss_expr_yyinput
-extern int ssl_expr_yyparse(void);
-extern int ssl_expr_yyerror(char *);
-extern int ssl_expr_yylex(void);
+extern int nss_expr_yyparse(void);
+extern int nss_expr_yyerror(char *);
+extern int nss_expr_yylex(void);
-extern ssl_expr *ssl_expr_comp(apr_pool_t *, char *);
-extern int ssl_expr_exec(request_rec *, ssl_expr *);
-extern char *ssl_expr_get_error(void);
-extern ssl_expr *ssl_expr_make(ssl_expr_node_op, void *, void *);
-extern BOOL ssl_expr_eval(request_rec *, ssl_expr *);
+extern nss_expr *nss_expr_comp(apr_pool_t *, char *);
+extern int nss_expr_exec(request_rec *, nss_expr *);
+extern char *nss_expr_get_error(void);
+extern nss_expr *nss_expr_make(nss_expr_node_op, void *, void *);
+extern BOOL nss_expr_eval(request_rec *, nss_expr *);
-#endif /* __SSL_EXPR_H__ */
+#endif /* __NSS_EXPR_H__ */
diff --git a/nss_expr_eval.c b/nss_expr_eval.c
index c3aa316..ff0545c 100644
--- a/nss_expr_eval.c
+++ b/nss_expr_eval.c
@@ -13,18 +13,6 @@
* limitations under the License.
*/
-/* _ _
- * _ __ ___ ___ __| | ___ ___| | mod_ssl
- * | '_ ` _ \ / _ \ / _` | / __/ __| | Apache Interface to OpenSSL
- * | | | | | | (_) | (_| | \__ \__ \ |
- * |_| |_| |_|\___/ \__,_|___|___/___/_|
- * |_____|
- * ssl_expr_eval.c
- * Expression Evaluation
- */
- /* ``Make love,
- not software!''
- -- Unknown */
#include "mod_nss.h"
/* _________________________________________________________________
@@ -33,12 +21,12 @@
** _________________________________________________________________
*/
-static BOOL ssl_expr_eval_comp(request_rec *, ssl_expr *);
-static char *ssl_expr_eval_word(request_rec *, ssl_expr *);
-static char *ssl_expr_eval_func_file(request_rec *, char *);
-static int ssl_expr_eval_strcmplex(char *, char *);
+static BOOL nss_expr_eval_comp(request_rec *, nss_expr *);
+static char *nss_expr_eval_word(request_rec *, nss_expr *);
+static char *nss_expr_eval_func_file(request_rec *, char *);
+static int nss_expr_eval_strcmplex(char *, char *);
-BOOL ssl_expr_eval(request_rec *r, ssl_expr *node)
+BOOL nss_expr_eval(request_rec *r, nss_expr *node)
{
switch (node->node_op) {
case op_True: {
@@ -48,73 +36,73 @@ BOOL ssl_expr_eval(request_rec *r, ssl_expr *node)
return FALSE;
}
case op_Not: {
- ssl_expr *e = (ssl_expr *)node->node_arg1;
- return (!ssl_expr_eval(r, e));
+ nss_expr *e = (nss_expr *)node->node_arg1;
+ return (!nss_expr_eval(r, e));
}
case op_Or: {
- ssl_expr *e1 = (ssl_expr *)node->node_arg1;
- ssl_expr *e2 = (ssl_expr *)node->node_arg2;
- return (ssl_expr_eval(r, e1) || ssl_expr_eval(r, e2));
+ nss_expr *e1 = (nss_expr *)node->node_arg1;
+ nss_expr *e2 = (nss_expr *)node->node_arg2;
+ return (nss_expr_eval(r, e1) || nss_expr_eval(r, e2));
}
case op_And: {
- ssl_expr *e1 = (ssl_expr *)node->node_arg1;
- ssl_expr *e2 = (ssl_expr *)node->node_arg2;
- return (ssl_expr_eval(r, e1) && ssl_expr_eval(r, e2));
+ nss_expr *e1 = (nss_expr *)node->node_arg1;
+ nss_expr *e2 = (nss_expr *)node->node_arg2;
+ return (nss_expr_eval(r, e1) && nss_expr_eval(r, e2));
}
case op_Comp: {
- ssl_expr *e = (ssl_expr *)node->node_arg1;
- return ssl_expr_eval_comp(r, e);
+ nss_expr *e = (nss_expr *)node->node_arg1;
+ return nss_expr_eval_comp(r, e);
}
default: {
- ssl_expr_error = "Internal evaluation error: Unknown expression node";
+ nss_expr_error = "Internal evaluation error: Unknown expression node";
return FALSE;
}
}
}
-static BOOL ssl_expr_eval_comp(request_rec *r, ssl_expr *node)
+static BOOL nss_expr_eval_comp(request_rec *r, nss_expr *node)
{
switch (node->node_op) {
case op_EQ: {
- ssl_expr *e1 = (ssl_expr *)node->node_arg1;
- ssl_expr *e2 = (ssl_expr *)node->node_arg2;
- return (strcmp(ssl_expr_eval_word(r, e1), ssl_expr_eval_word(r, e2)) == 0);
+ nss_expr *e1 = (nss_expr *)node->node_arg1;
+ nss_expr *e2 = (nss_expr *)node->node_arg2;
+ return (strcmp(nss_expr_eval_word(r, e1), nss_expr_eval_word(r, e2)) == 0);
}
case op_NE: {
- ssl_expr *e1 = (ssl_expr *)node->node_arg1;
- ssl_expr *e2 = (ssl_expr *)node->node_arg2;
- return (strcmp(ssl_expr_eval_word(r, e1), ssl_expr_eval_word(r, e2)) != 0);
+ nss_expr *e1 = (nss_expr *)node->node_arg1;
+ nss_expr *e2 = (nss_expr *)node->node_arg2;
+ return (strcmp(nss_expr_eval_word(r, e1), nss_expr_eval_word(r, e2)) != 0);
}
case op_LT: {
- ssl_expr *e1 = (ssl_expr *)node->node_arg1;
- ssl_expr *e2 = (ssl_expr *)node->node_arg2;
- return (ssl_expr_eval_strcmplex(ssl_expr_eval_word(r, e1), ssl_expr_eval_word(r, e2)) < 0);
+ nss_expr *e1 = (nss_expr *)node->node_arg1;
+ nss_expr *e2 = (nss_expr *)node->node_arg2;
+ return (nss_expr_eval_strcmplex(nss_expr_eval_word(r, e1), nss_expr_eval_word(r, e2)) < 0);
}
case op_LE: {
- ssl_expr *e1 = (ssl_expr *)node->node_arg1;
- ssl_expr *e2 = (ssl_expr *)node->node_arg2;
- return (ssl_expr_eval_strcmplex(ssl_expr_eval_word(r, e1), ssl_expr_eval_word(r, e2)) <= 0);
+ nss_expr *e1 = (nss_expr *)node->node_arg1;
+ nss_expr *e2 = (nss_expr *)node->node_arg2;
+ return (nss_expr_eval_strcmplex(nss_expr_eval_word(r, e1), nss_expr_eval_word(r, e2)) <= 0);
}
case op_GT: {
- ssl_expr *e1 = (ssl_expr *)node->node_arg1;
- ssl_expr *e2 = (ssl_expr *)node->node_arg2;
- return (ssl_expr_eval_strcmplex(ssl_expr_eval_word(r, e1), ssl_expr_eval_word(r, e2)) > 0);
+ nss_expr *e1 = (nss_expr *)node->node_arg1;
+ nss_expr *e2 = (nss_expr *)node->node_arg2;
+ return (nss_expr_eval_strcmplex(nss_expr_eval_word(r, e1), nss_expr_eval_word(r, e2)) > 0);
}
case op_GE: {
- ssl_expr *e1 = (ssl_expr *)node->node_arg1;
- ssl_expr *e2 = (ssl_expr *)node->node_arg2;
- return (ssl_expr_eval_strcmplex(ssl_expr_eval_word(r, e1), ssl_expr_eval_word(r, e2)) >= 0);
+ nss_expr *e1 = (nss_expr *)node->node_arg1;
+ nss_expr *e2 = (nss_expr *)node->node_arg2;
+ return (nss_expr_eval_strcmplex(nss_expr_eval_word(r, e1), nss_expr_eval_word(r, e2)) >= 0);
}
case op_IN: {
- ssl_expr *e1 = (ssl_expr *)node->node_arg1;
- ssl_expr *e2 = (ssl_expr *)node->node_arg2;
- ssl_expr *e3;
- char *w1 = ssl_expr_eval_word(r, e1);
+ nss_expr *e1 = (nss_expr *)node->node_arg1;
+ nss_expr *e2 = (nss_expr *)node->node_arg2;
+ nss_expr *e3;
+ char *w1 = nss_expr_eval_word(r, e1);
BOOL found = FALSE;
do {
- e3 = (ssl_expr *)e2->node_arg1;
- e2 = (ssl_expr *)e2->node_arg2;
- if (strcmp(w1, ssl_expr_eval_word(r, e3)) == 0) {
+ e3 = (nss_expr *)e2->node_arg1;
+ e2 = (nss_expr *)e2->node_arg2;
+ if (strcmp(w1, nss_expr_eval_word(r, e3)) == 0) {
found = TRUE;
break;
}
@@ -122,37 +110,37 @@ static BOOL ssl_expr_eval_comp(request_rec *r, ssl_expr *node)
return found;
}
case op_REG: {
- ssl_expr *e1;
- ssl_expr *e2;
+ nss_expr *e1;
+ nss_expr *e2;
char *word;
regex_t *regex;
- e1 = (ssl_expr *)node->node_arg1;
- e2 = (ssl_expr *)node->node_arg2;
- word = ssl_expr_eval_word(r, e1);
+ e1 = (nss_expr *)node->node_arg1;
+ e2 = (nss_expr *)node->node_arg2;
+ word = nss_expr_eval_word(r, e1);
regex = (regex_t *)(e2->node_arg1);
return (ap_regexec(regex, word, 0, NULL, 0) == 0);
}
case op_NRE: {
- ssl_expr *e1;
- ssl_expr *e2;
+ nss_expr *e1;
+ nss_expr *e2;
char *word;
regex_t *regex;
- e1 = (ssl_expr *)node->node_arg1;
- e2 = (ssl_expr *)node->node_arg2;
- word = ssl_expr_eval_word(r, e1);
+ e1 = (nss_expr *)node->node_arg1;
+ e2 = (nss_expr *)node->node_arg2;
+ word = nss_expr_eval_word(r, e1);
regex = (regex_t *)(e2->node_arg1);
return !(ap_regexec(regex, word, 0, NULL, 0) == 0);
}
default: {
- ssl_expr_error = "Internal evaluation error: Unknown expression node";
+ nss_expr_error = "Internal evaluation error: Unknown expression node";
return FALSE;
}
}
}
-static char *ssl_expr_eval_word(request_rec *r, ssl_expr *node)
+static char *nss_expr_eval_word(request_rec *r, nss_expr *node)
{
switch (node->node_op) {
case op_Digit: {
@@ -165,27 +153,27 @@ static char *ssl_expr_eval_word(request_rec *r, ssl_expr *node)
}
case op_Var: {
char *var = (char *)node->node_arg1;
- char *val = ssl_var_lookup(r->pool, r->server, r->connection, r, var);
+ char *val = nss_var_lookup(r->pool, r->server, r->connection, r, var);
return (val == NULL ? "" : val);
}
case op_Func: {
char *name = (char *)node->node_arg1;
- ssl_expr *args = (ssl_expr *)node->node_arg2;
+ nss_expr *args = (nss_expr *)node->node_arg2;
if (strEQ(name, "file"))
- return ssl_expr_eval_func_file(r, (char *)(args->node_arg1));
+ return nss_expr_eval_func_file(r, (char *)(args->node_arg1));
else {
- ssl_expr_error = "Internal evaluation error: Unknown function name";
+ nss_expr_error = "Internal evaluation error: Unknown function name";
return "";
}
}
default: {
- ssl_expr_error = "Internal evaluation error: Unknown expression node";
+ nss_expr_error = "Internal evaluation error: Unknown expression node";
return FALSE;
}
}
}
-static char *ssl_expr_eval_func_file(request_rec *r, char *filename)
+static char *nss_expr_eval_func_file(request_rec *r, char *filename)
{
apr_file_t *fp;
char *buf;
@@ -195,12 +183,12 @@ static char *ssl_expr_eval_func_file(request_rec *r, char *filename)
if (apr_file_open(&fp, filename, APR_READ|APR_BUFFERED,
APR_OS_DEFAULT, r->pool) != APR_SUCCESS) {
- ssl_expr_error = "Cannot open file";
+ nss_expr_error = "Cannot open file";
return "";
}
apr_file_info_get(&finfo, APR_FINFO_SIZE, fp);
if ((finfo.size + 1) != ((apr_size_t)finfo.size + 1)) {
- ssl_expr_error = "Huge file cannot be read";
+ nss_expr_error = "Huge file cannot be read";
apr_file_close(fp);
return "";
}
@@ -211,14 +199,14 @@ static char *ssl_expr_eval_func_file(request_rec *r, char *filename)
}
else {
if ((buf = (char *)apr_palloc(r->pool, sizeof(char)*(len+1))) == NULL) {
- ssl_expr_error = "Cannot allocate memory";
+ nss_expr_error = "Cannot allocate memory";
apr_file_close(fp);
return "";
}
offset = 0;
apr_file_seek(fp, APR_SET, &offset);
if (apr_file_read(fp, buf, &len) != APR_SUCCESS) {
- ssl_expr_error = "Cannot read from file";
+ nss_expr_error = "Cannot read from file";
apr_file_close(fp);
return "";
}
@@ -229,7 +217,7 @@ static char *ssl_expr_eval_func_file(request_rec *r, char *filename)
}
/* a variant of strcmp(3) which works correctly also for number strings */
-static int ssl_expr_eval_strcmplex(char *cpNum1, char *cpNum2)
+static int nss_expr_eval_strcmplex(char *cpNum1, char *cpNum2)
{
int i, n1, n2;
diff --git a/ssl_expr_parse.c b/nss_expr_parse.c
index 2eed2a0..cdca82e 100644
--- a/ssl_expr_parse.c
+++ b/nss_expr_parse.c
@@ -1,5 +1,5 @@
-/* A Bison parser, made from ssl_expr_parse.y
+/* A Bison parser, made from nss_expr_parse.y
by GNU Bison version 1.28 */
#define YYBISON 1 /* Identify Bison output. */
@@ -25,14 +25,14 @@
#define T_OP_AND 275
#define T_OP_NOT 276
-#line 34 "ssl_expr_parse.y"
+#line 22 "nss_expr_parse.y"
#include "mod_nss.h"
-#line 38 "ssl_expr_parse.y"
+#line 26 "nss_expr_parse.y"
typedef union {
char *cpVal;
- ssl_expr *exVal;
+ nss_expr *exVal;
} YYSTYPE;
#include <stdio.h>
@@ -48,9 +48,9 @@ typedef union {
#define YYFLAG -32768
#define YYNTBASE 29
-#define YYTRANSLATE(x) ((unsigned)(x) <= 276 ? ssl_expr_yytranslate[x] : 36)
+#define YYTRANSLATE(x) ((unsigned)(x) <= 276 ? nss_expr_yytranslate[x] : 36)
-static const char ssl_expr_yytranslate[] = { 0,
+static const char nss_expr_yytranslate[] = { 0,
2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
@@ -82,13 +82,13 @@ static const char ssl_expr_yytranslate[] = { 0,
};
#if YYDEBUG != 0
-static const short ssl_expr_yyprhs[] = { 0,
+static const short nss_expr_yyprhs[] = { 0,
0, 2, 4, 6, 9, 13, 17, 19, 23, 27,
31, 35, 39, 43, 47, 53, 57, 61, 63, 67,
69, 71, 76, 78, 80, 82
};
-static const short ssl_expr_yyrhs[] = { 30,
+static const short nss_expr_yyrhs[] = { 30,
0, 3, 0, 4, 0, 22, 30, 0, 30, 20,
30, 0, 30, 21, 30, 0, 31, 0, 23, 30,
24, 0, 33, 11, 33, 0, 33, 12, 33, 0,
@@ -103,17 +103,17 @@ static const short ssl_expr_yyrhs[] = { 30,
#endif
#if YYDEBUG != 0
-static const short ssl_expr_yyrline[] = { 0,
- 81, 84, 85, 86, 87, 88, 89, 90, 93, 94,
- 95, 96, 97, 98, 99, 100, 101, 104, 105, 108,
- 109, 110, 111, 114, 123, 134
+static const short nss_expr_yyrline[] = { 0,
+ 69, 72, 73, 74, 75, 76, 77, 78, 81, 82,
+ 83, 84, 85, 86, 87, 88, 89, 92, 93, 96,
+ 97, 98, 99, 102, 111, 122
};
#endif
#if YYDEBUG != 0 || defined (YYERROR_VERBOSE)
-static const char * const ssl_expr_yytname[] = { "$","error","$undefined.","T_TRUE",
+static const char * const nss_expr_yytname[] = { "$","error","$undefined.","T_TRUE",
"T_FALSE","T_DIGIT","T_ID","T_STRING","T_REGEX","T_REGEX_I","T_FUNC_FILE","T_OP_EQ",
"T_OP_NE","T_OP_LT","T_OP_LE","T_OP_GT","T_OP_GE","T_OP_REG","T_OP_NRE","T_OP_IN",
"T_OP_OR","T_OP_AND","T_OP_NOT","'('","')'","'{'","'}'","','","'%'","root","expr",
@@ -121,19 +121,19 @@ static const char * const ssl_expr_yytname[] = { "$","error","$undefined.","T_
};
#endif
-static const short ssl_expr_yyr1[] = { 0,
+static const short nss_expr_yyr1[] = { 0,
29, 30, 30, 30, 30, 30, 30, 30, 31, 31,
31, 31, 31, 31, 31, 31, 31, 32, 32, 33,
33, 33, 33, 34, 34, 35
};
-static const short ssl_expr_yyr2[] = { 0,
+static const short nss_expr_yyr2[] = { 0,
1, 1, 1, 2, 3, 3, 1, 3, 3, 3,
3, 3, 3, 3, 5, 3, 3, 1, 3, 1,
1, 4, 1, 1, 1, 4
};
-static const short ssl_expr_yydefact[] = { 0,
+static const short nss_expr_yydefact[] = { 0,
2, 3, 20, 21, 0, 0, 0, 0, 1, 7,
0, 23, 0, 4, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 8, 0,
@@ -142,11 +142,11 @@ static const short ssl_expr_yydefact[] = { 0,
0, 0, 0
};
-static const short ssl_expr_yydefgoto[] = { 51,
+static const short nss_expr_yydefgoto[] = { 51,
9, 10, 46, 11, 41, 12
};
-static const short ssl_expr_yypact[] = { 3,
+static const short nss_expr_yypact[] = { 3,
-32768,-32768,-32768,-32768, -11, 3, 3, -10, 0,-32768,
22,-32768, 16,-32768, -2, 23, 3, 3, 4, 4,
4, 4, 4, 4, 34, 34, 21, 24,-32768, 25,
@@ -155,7 +155,7 @@ static const short ssl_expr_yypact[] = { 3,
49, 50,-32768
};
-static const short ssl_expr_yypgoto[] = {-32768,
+static const short nss_expr_yypgoto[] = {-32768,
10,-32768,-32768, -19, 27,-32768
};
@@ -163,7 +163,7 @@ static const short ssl_expr_yypgoto[] = {-32768,
#define YYLAST 53
-static const short ssl_expr_yytable[] = { 33,
+static const short nss_expr_yytable[] = { 33,
34, 35, 36, 37, 38, 1, 2, 3, 3, 4,
4, 13, 5, 5, 16, 14, 15, 17, 18, 17,
18, 29, 28, 47, 6, 7, 31, 32, 30, 50,
@@ -172,7 +172,7 @@ static const short ssl_expr_yytable[] = { 33,
45, 0, 42
};
-static const short ssl_expr_yycheck[] = { 19,
+static const short nss_expr_yycheck[] = { 19,
20, 21, 22, 23, 24, 3, 4, 5, 5, 7,
7, 23, 10, 10, 25, 6, 7, 20, 21, 20,
21, 24, 7, 43, 22, 23, 17, 18, 6, 49,
@@ -264,50 +264,50 @@ static const short ssl_expr_yycheck[] = { 19,
It is replaced by the list of actions, each action
as one case of the switch. */
-#define ssl_expr_yyerrok (ssl_expr_yyerrstatus = 0)
-#define ssl_expr_yyclearin (ssl_expr_yychar = YYEMPTY)
+#define nss_expr_yyerrok (nss_expr_yyerrstatus = 0)
+#define nss_expr_yyclearin (nss_expr_yychar = YYEMPTY)
#define YYEMPTY -2
#define YYEOF 0
-#define YYACCEPT goto ssl_expr_yyacceptlab
-#define YYABORT goto ssl_expr_yyabortlab
-#define YYERROR goto ssl_expr_yyerrlab1
-/* Like YYERROR except do call ssl_expr_yyerror.
+#define YYACCEPT goto nss_expr_yyacceptlab
+#define YYABORT goto nss_expr_yyabortlab
+#define YYERROR goto nss_expr_yyerrlab1
+/* Like YYERROR except do call nss_expr_yyerror.
This remains here temporarily to ease the
transition to the new meaning of YYERROR, for GCC.
Once GCC version 2 has supplanted version 1, this can go. */
-#define YYFAIL goto ssl_expr_yyerrlab
-#define YYRECOVERING() (!!ssl_expr_yyerrstatus)
+#define YYFAIL goto nss_expr_yyerrlab
+#define YYRECOVERING() (!!nss_expr_yyerrstatus)
#define YYBACKUP(token, value) \
do \
- if (ssl_expr_yychar == YYEMPTY && ssl_expr_yylen == 1) \
- { ssl_expr_yychar = (token), ssl_expr_yylval = (value); \
- ssl_expr_yychar1 = YYTRANSLATE (ssl_expr_yychar); \
+ if (nss_expr_yychar == YYEMPTY && nss_expr_yylen == 1) \
+ { nss_expr_yychar = (token), nss_expr_yylval = (value); \
+ nss_expr_yychar1 = YYTRANSLATE (nss_expr_yychar); \
YYPOPSTACK; \
- goto ssl_expr_yybackup; \
+ goto nss_expr_yybackup; \
} \
else \
- { ssl_expr_yyerror ("syntax error: cannot back up"); YYERROR; } \
+ { nss_expr_yyerror ("syntax error: cannot back up"); YYERROR; } \
while (0)
#define YYTERROR 1
#define YYERRCODE 256
#ifndef YYPURE
-#define YYLEX ssl_expr_yylex()
+#define YYLEX nss_expr_yylex()
#endif
#ifdef YYPURE
#ifdef YYLSP_NEEDED
#ifdef YYLEX_PARAM
-#define YYLEX ssl_expr_yylex(&ssl_expr_yylval, &ssl_expr_yylloc, YYLEX_PARAM)
+#define YYLEX nss_expr_yylex(&nss_expr_yylval, &nss_expr_yylloc, YYLEX_PARAM)
#else
-#define YYLEX ssl_expr_yylex(&ssl_expr_yylval, &ssl_expr_yylloc)
+#define YYLEX nss_expr_yylex(&nss_expr_yylval, &nss_expr_yylloc)
#endif
#else /* not YYLSP_NEEDED */
#ifdef YYLEX_PARAM
-#define YYLEX ssl_expr_yylex(&ssl_expr_yylval, YYLEX_PARAM)
+#define YYLEX nss_expr_yylex(&nss_expr_yylval, YYLEX_PARAM)
#else
-#define YYLEX ssl_expr_yylex(&ssl_expr_yylval)
+#define YYLEX nss_expr_yylex(&nss_expr_yylval)
#endif
#endif /* not YYLSP_NEEDED */
#endif
@@ -316,20 +316,20 @@ while (0)
#ifndef YYPURE
-int ssl_expr_yychar; /* the lookahead symbol */
-YYSTYPE ssl_expr_yylval; /* the semantic value of the */
+int nss_expr_yychar; /* the lookahead symbol */
+YYSTYPE nss_expr_yylval; /* the semantic value of the */
/* lookahead symbol */
#ifdef YYLSP_NEEDED
-YYLTYPE ssl_expr_yylloc; /* location data for the lookahead */
+YYLTYPE nss_expr_yylloc; /* location data for the lookahead */
/* symbol */
#endif
-int ssl_expr_yynerrs; /* number of parse errors so far */
+int nss_expr_yynerrs; /* number of parse errors so far */
#endif /* not YYPURE */
#if YYDEBUG != 0
-int ssl_expr_yydebug; /* nonzero means print parse trace */
+int nss_expr_yydebug; /* nonzero means print parse trace */
/* Since this is uninitialized, it does not stop multiple parsers
from coexisting. */
#endif
@@ -351,20 +351,20 @@ int ssl_expr_yydebug; /* nonzero means print parse trace */
#define YYMAXDEPTH 10000
#endif
-/* Define __ssl_expr_yy_memcpy. Note that the size argument
+/* Define __nss_expr_yy_memcpy. Note that the size argument
should be passed with type unsigned int, because that is what the non-GCC
definitions require. With GCC, __builtin_memcpy takes an arg
of type size_t, but it can handle unsigned int. */
#if __GNUC__ > 1 /* GNU C and GNU C++ define this. */
-#define __ssl_expr_yy_memcpy(TO,FROM,COUNT) __builtin_memcpy(TO,FROM,COUNT)
+#define __nss_expr_yy_memcpy(TO,FROM,COUNT) __builtin_memcpy(TO,FROM,COUNT)
#else /* not GNU C or C++ */
#ifndef __cplusplus
/* This is the most reliable way to avoid incompatibilities
in available built-in functions on various systems. */
static void
-__ssl_expr_yy_memcpy (to, from, count)
+__nss_expr_yy_memcpy (to, from, count)
char *to;
char *from;
unsigned int count;
@@ -382,7 +382,7 @@ __ssl_expr_yy_memcpy (to, from, count)
/* This is the most reliable way to avoid incompatibilities
in available built-in functions on various systems. */
static void
-__ssl_expr_yy_memcpy (char *to, char *from, unsigned int count)
+__nss_expr_yy_memcpy (char *to, char *from, unsigned int count)
{
register char *t = to;
register char *f = from;
@@ -398,7 +398,7 @@ __ssl_expr_yy_memcpy (char *to, char *from, unsigned int count)
#line 217 "/usr/lib/bison.simple"
/* The user can define YYPARSE_PARAM as the name of an argument to be passed
- into ssl_expr_yyparse. The argument should have type void *.
+ into nss_expr_yyparse. The argument should have type void *.
It should actually point to an object.
Grammar actions can access the variable by casting it
to the proper pointer type. */
@@ -419,470 +419,470 @@ __ssl_expr_yy_memcpy (char *to, char *from, unsigned int count)
/* Prevent warning if -Wstrict-prototypes. */
#ifdef __GNUC__
#ifdef YYPARSE_PARAM
-int ssl_expr_yyparse (void *);
+int nss_expr_yyparse (void *);
#else
-int ssl_expr_yyparse (void);
+int nss_expr_yyparse (void);
#endif
#endif
int
-ssl_expr_yyparse(YYPARSE_PARAM_ARG)
+nss_expr_yyparse(YYPARSE_PARAM_ARG)
YYPARSE_PARAM_DECL
{
- register int ssl_expr_yystate;
- register int ssl_expr_yyn;
- register short *ssl_expr_yyssp;
- register YYSTYPE *ssl_expr_yyvsp;
- int ssl_expr_yyerrstatus; /* number of tokens to shift before error messages enabled */
- int ssl_expr_yychar1 = 0; /* lookahead token as an internal (translated) token number */
+ register int nss_expr_yystate;
+ register int nss_expr_yyn;
+ register short *nss_expr_yyssp;
+ register YYSTYPE *nss_expr_yyvsp;
+ int nss_expr_yyerrstatus; /* number of tokens to shift before error messages enabled */
+ int nss_expr_yychar1 = 0; /* lookahead token as an internal (translated) token number */
- short ssl_expr_yyssa[YYINITDEPTH]; /* the state stack */
- YYSTYPE ssl_expr_yyvsa[YYINITDEPTH]; /* the semantic value stack */
+ short nss_expr_yyssa[YYINITDEPTH]; /* the state stack */
+ YYSTYPE nss_expr_yyvsa[YYINITDEPTH]; /* the semantic value stack */
- short *ssl_expr_yyss = ssl_expr_yyssa; /* refer to the stacks thru separate pointers */
- YYSTYPE *ssl_expr_yyvs = ssl_expr_yyvsa; /* to allow ssl_expr_yyoverflow to reallocate them elsewhere */
+ short *nss_expr_yyss = nss_expr_yyssa; /* refer to the stacks thru separate pointers */
+ YYSTYPE *nss_expr_yyvs = nss_expr_yyvsa; /* to allow nss_expr_yyoverflow to reallocate them elsewhere */
#ifdef YYLSP_NEEDED
- YYLTYPE ssl_expr_yylsa[YYINITDEPTH]; /* the location stack */
- YYLTYPE *ssl_expr_yyls = ssl_expr_yylsa;
- YYLTYPE *ssl_expr_yylsp;
+ YYLTYPE nss_expr_yylsa[YYINITDEPTH]; /* the location stack */
+ YYLTYPE *nss_expr_yyls = nss_expr_yylsa;
+ YYLTYPE *nss_expr_yylsp;
-#define YYPOPSTACK (ssl_expr_yyvsp--, ssl_expr_yyssp--, ssl_expr_yylsp--)
+#define YYPOPSTACK (nss_expr_yyvsp--, nss_expr_yyssp--, nss_expr_yylsp--)
#else
-#define YYPOPSTACK (ssl_expr_yyvsp--, ssl_expr_yyssp--)
+#define YYPOPSTACK (nss_expr_yyvsp--, nss_expr_yyssp--)
#endif
- int ssl_expr_yystacksize = YYINITDEPTH;
- int ssl_expr_yyfree_stacks = 0;
+ int nss_expr_yystacksize = YYINITDEPTH;
+ int nss_expr_yyfree_stacks = 0;
#ifdef YYPURE
- int ssl_expr_yychar;
- YYSTYPE ssl_expr_yylval;
- int ssl_expr_yynerrs;
+ int nss_expr_yychar;
+ YYSTYPE nss_expr_yylval;
+ int nss_expr_yynerrs;
#ifdef YYLSP_NEEDED
- YYLTYPE ssl_expr_yylloc;
+ YYLTYPE nss_expr_yylloc;
#endif
#endif
- YYSTYPE ssl_expr_yyval; /* the variable used to return */
+ YYSTYPE nss_expr_yyval; /* the variable used to return */
/* semantic values from the action */
/* routines */
- int ssl_expr_yylen;
+ int nss_expr_yylen;
#if YYDEBUG != 0
- if (ssl_expr_yydebug)
+ if (nss_expr_yydebug)
fprintf(stderr, "Starting parse\n");
#endif
- ssl_expr_yystate = 0;
- ssl_expr_yyerrstatus = 0;
- ssl_expr_yynerrs = 0;
- ssl_expr_yychar = YYEMPTY; /* Cause a token to be read. */
+ nss_expr_yystate = 0;
+ nss_expr_yyerrstatus = 0;
+ nss_expr_yynerrs = 0;
+ nss_expr_yychar = YYEMPTY; /* Cause a token to be read. */
/* Initialize stack pointers.
Waste one element of value and location stack
so that they stay on the same level as the state stack.
The wasted elements are never initialized. */
- ssl_expr_yyssp = ssl_expr_yyss - 1;
- ssl_expr_yyvsp = ssl_expr_yyvs;
+ nss_expr_yyssp = nss_expr_yyss - 1;
+ nss_expr_yyvsp = nss_expr_yyvs;
#ifdef YYLSP_NEEDED
- ssl_expr_yylsp = ssl_expr_yyls;
+ nss_expr_yylsp = nss_expr_yyls;
#endif
-/* Push a new state, which is found in ssl_expr_yystate . */
+/* Push a new state, which is found in nss_expr_yystate . */
/* In all cases, when you get here, the value and location stacks
have just been pushed. so pushing a state here evens the stacks. */
-ssl_expr_yynewstate:
+nss_expr_yynewstate:
- *++ssl_expr_yyssp = ssl_expr_yystate;
+ *++nss_expr_yyssp = nss_expr_yystate;
- if (ssl_expr_yyssp >= ssl_expr_yyss + ssl_expr_yystacksize - 1)
+ if (nss_expr_yyssp >= nss_expr_yyss + nss_expr_yystacksize - 1)
{
/* Give user a chance to reallocate the stack */
/* Use copies of these so that the &'s don't force the real ones into memory. */
- YYSTYPE *ssl_expr_yyvs1 = ssl_expr_yyvs;
- short *ssl_expr_yyss1 = ssl_expr_yyss;
+ YYSTYPE *nss_expr_yyvs1 = nss_expr_yyvs;
+ short *nss_expr_yyss1 = nss_expr_yyss;
#ifdef YYLSP_NEEDED
- YYLTYPE *ssl_expr_yyls1 = ssl_expr_yyls;
+ YYLTYPE *nss_expr_yyls1 = nss_expr_yyls;
#endif
/* Get the current used size of the three stacks, in elements. */
- int size = ssl_expr_yyssp - ssl_expr_yyss + 1;
+ int size = nss_expr_yyssp - nss_expr_yyss + 1;
-#ifdef ssl_expr_yyoverflow
+#ifdef nss_expr_yyoverflow
/* Each stack pointer address is followed by the size of
the data in use in that stack, in bytes. */
#ifdef YYLSP_NEEDED
/* This used to be a conditional around just the two extra args,
- but that might be undefined if ssl_expr_yyoverflow is a macro. */
- ssl_expr_yyoverflow("parser stack overflow",
- &ssl_expr_yyss1, size * sizeof (*ssl_expr_yyssp),
- &ssl_expr_yyvs1, size * sizeof (*ssl_expr_yyvsp),
- &ssl_expr_yyls1, size * sizeof (*ssl_expr_yylsp),
- &ssl_expr_yystacksize);
+ but that might be undefined if nss_expr_yyoverflow is a macro. */
+ nss_expr_yyoverflow("parser stack overflow",
+ &nss_expr_yyss1, size * sizeof (*nss_expr_yyssp),
+ &nss_expr_yyvs1, size * sizeof (*nss_expr_yyvsp),
+ &nss_expr_yyls1, size * sizeof (*nss_expr_yylsp),
+ &nss_expr_yystacksize);
#else
- ssl_expr_yyoverflow("parser stack overflow",
- &ssl_expr_yyss1, size * sizeof (*ssl_expr_yyssp),
- &ssl_expr_yyvs1, size * sizeof (*ssl_expr_yyvsp),
- &ssl_expr_yystacksize);
+ nss_expr_yyoverflow("parser stack overflow",
+ &nss_expr_yyss1, size * sizeof (*nss_expr_yyssp),
+ &nss_expr_yyvs1, size * sizeof (*nss_expr_yyvsp),
+ &nss_expr_yystacksize);
#endif
- ssl_expr_yyss = ssl_expr_yyss1; ssl_expr_yyvs = ssl_expr_yyvs1;
+ nss_expr_yyss = nss_expr_yyss1; nss_expr_yyvs = nss_expr_yyvs1;
#ifdef YYLSP_NEEDED
- ssl_expr_yyls = ssl_expr_yyls1;
+ nss_expr_yyls = nss_expr_yyls1;
#endif
-#else /* no ssl_expr_yyoverflow */
+#else /* no nss_expr_yyoverflow */
/* Extend the stack our own way. */
- if (ssl_expr_yystacksize >= YYMAXDEPTH)
+ if (nss_expr_yystacksize >= YYMAXDEPTH)
{
- ssl_expr_yyerror("parser stack overflow");
- if (ssl_expr_yyfree_stacks)
+ nss_expr_yyerror("parser stack overflow");
+ if (nss_expr_yyfree_stacks)
{
- free (ssl_expr_yyss);
- free (ssl_expr_yyvs);
+ free (nss_expr_yyss);
+ free (nss_expr_yyvs);
#ifdef YYLSP_NEEDED
- free (ssl_expr_yyls);
+ free (nss_expr_yyls);
#endif
}
return 2;
}
- ssl_expr_yystacksize *= 2;
- if (ssl_expr_yystacksize > YYMAXDEPTH)
- ssl_expr_yystacksize = YYMAXDEPTH;
+ nss_expr_yystacksize *= 2;
+ if (nss_expr_yystacksize > YYMAXDEPTH)
+ nss_expr_yystacksize = YYMAXDEPTH;
#ifndef YYSTACK_USE_ALLOCA
- ssl_expr_yyfree_stacks = 1;
+ nss_expr_yyfree_stacks = 1;
#endif
- ssl_expr_yyss = (short *) YYSTACK_ALLOC (ssl_expr_yystacksize * sizeof (*ssl_expr_yyssp));
- __ssl_expr_yy_memcpy ((char *)ssl_expr_yyss, (char *)ssl_expr_yyss1,
- size * (unsigned int) sizeof (*ssl_expr_yyssp));
- ssl_expr_yyvs = (YYSTYPE *) YYSTACK_ALLOC (ssl_expr_yystacksize * sizeof (*ssl_expr_yyvsp));
- __ssl_expr_yy_memcpy ((char *)ssl_expr_yyvs, (char *)ssl_expr_yyvs1,
- size * (unsigned int) sizeof (*ssl_expr_yyvsp));
+ nss_expr_yyss = (short *) YYSTACK_ALLOC (nss_expr_yystacksize * sizeof (*nss_expr_yyssp));
+ __nss_expr_yy_memcpy ((char *)nss_expr_yyss, (char *)nss_expr_yyss1,
+ size * (unsigned int) sizeof (*nss_expr_yyssp));
+ nss_expr_yyvs = (YYSTYPE *) YYSTACK_ALLOC (nss_expr_yystacksize * sizeof (*nss_expr_yyvsp));
+ __nss_expr_yy_memcpy ((char *)nss_expr_yyvs, (char *)nss_expr_yyvs1,
+ size * (unsigned int) sizeof (*nss_expr_yyvsp));
#ifdef YYLSP_NEEDED
- ssl_expr_yyls = (YYLTYPE *) YYSTACK_ALLOC (ssl_expr_yystacksize * sizeof (*ssl_expr_yylsp));
- __ssl_expr_yy_memcpy ((char *)ssl_expr_yyls, (char *)ssl_expr_yyls1,
- size * (unsigned int) sizeof (*ssl_expr_yylsp));
+ nss_expr_yyls = (YYLTYPE *) YYSTACK_ALLOC (nss_expr_yystacksize * sizeof (*nss_expr_yylsp));
+ __nss_expr_yy_memcpy ((char *)nss_expr_yyls, (char *)nss_expr_yyls1,
+ size * (unsigned int) sizeof (*nss_expr_yylsp));
#endif
-#endif /* no ssl_expr_yyoverflow */
+#endif /* no nss_expr_yyoverflow */
- ssl_expr_yyssp = ssl_expr_yyss + size - 1;
- ssl_expr_yyvsp = ssl_expr_yyvs + size - 1;
+ nss_expr_yyssp = nss_expr_yyss + size - 1;
+ nss_expr_yyvsp = nss_expr_yyvs + size - 1;
#ifdef YYLSP_NEEDED
- ssl_expr_yylsp = ssl_expr_yyls + size - 1;
+ nss_expr_yylsp = nss_expr_yyls + size - 1;
#endif
#if YYDEBUG != 0
- if (ssl_expr_yydebug)
- fprintf(stderr, "Stack size increased to %d\n", ssl_expr_yystacksize);
+ if (nss_expr_yydebug)
+ fprintf(stderr, "Stack size increased to %d\n", nss_expr_yystacksize);
#endif
- if (ssl_expr_yyssp >= ssl_expr_yyss + ssl_expr_yystacksize - 1)
+ if (nss_expr_yyssp >= nss_expr_yyss + nss_expr_yystacksize - 1)
YYABORT;
}
#if YYDEBUG != 0
- if (ssl_expr_yydebug)
- fprintf(stderr, "Entering state %d\n", ssl_expr_yystate);
+ if (nss_expr_yydebug)
+ fprintf(stderr, "Entering state %d\n", nss_expr_yystate);
#endif
- goto ssl_expr_yybackup;
- ssl_expr_yybackup:
+ goto nss_expr_yybackup;
+ nss_expr_yybackup:
/* Do appropriate processing given the current state. */
/* Read a lookahead token if we need one and don't already have one. */
-/* ssl_expr_yyresume: */
+/* nss_expr_yyresume: */
/* First try to decide what to do without reference to lookahead token. */
- ssl_expr_yyn = ssl_expr_yypact[ssl_expr_yystate];
- if (ssl_expr_yyn == YYFLAG)
- goto ssl_expr_yydefault;
+ nss_expr_yyn = nss_expr_yypact[nss_expr_yystate];
+ if (nss_expr_yyn == YYFLAG)
+ goto nss_expr_yydefault;
/* Not known => get a lookahead token if don't already have one. */
- /* ssl_expr_yychar is either YYEMPTY or YYEOF
+ /* nss_expr_yychar is either YYEMPTY or YYEOF
or a valid token in external form. */
- if (ssl_expr_yychar == YYEMPTY)
+ if (nss_expr_yychar == YYEMPTY)
{
#if YYDEBUG != 0
- if (ssl_expr_yydebug)
+ if (nss_expr_yydebug)
fprintf(stderr, "Reading a token: ");
#endif
- ssl_expr_yychar = YYLEX;
+ nss_expr_yychar = YYLEX;
}
- /* Convert token to internal form (in ssl_expr_yychar1) for indexing tables with */
+ /* Convert token to internal form (in nss_expr_yychar1) for indexing tables with */
- if (ssl_expr_yychar <= 0) /* This means end of input. */
+ if (nss_expr_yychar <= 0) /* This means end of input. */
{
- ssl_expr_yychar1 = 0;
- ssl_expr_yychar = YYEOF; /* Don't call YYLEX any more */
+ nss_expr_yychar1 = 0;
+ nss_expr_yychar = YYEOF; /* Don't call YYLEX any more */
#if YYDEBUG != 0
- if (ssl_expr_yydebug)
+ if (nss_expr_yydebug)
fprintf(stderr, "Now at end of input.\n");
#endif
}
else
{
- ssl_expr_yychar1 = YYTRANSLATE(ssl_expr_yychar);
+ nss_expr_yychar1 = YYTRANSLATE(nss_expr_yychar);
#if YYDEBUG != 0
- if (ssl_expr_yydebug)
+ if (nss_expr_yydebug)
{
- fprintf (stderr, "Next token is %d (%s", ssl_expr_yychar, ssl_expr_yytname[ssl_expr_yychar1]);
+ fprintf (stderr, "Next token is %d (%s", nss_expr_yychar, nss_expr_yytname[nss_expr_yychar1]);
/* Give the individual parser a way to print the precise meaning
of a token, for further debugging info. */
#ifdef YYPRINT
- YYPRINT (stderr, ssl_expr_yychar, ssl_expr_yylval);
+ YYPRINT (stderr, nss_expr_yychar, nss_expr_yylval);
#endif
fprintf (stderr, ")\n");
}
#endif
}
- ssl_expr_yyn += ssl_expr_yychar1;
- if (ssl_expr_yyn < 0 || ssl_expr_yyn > YYLAST || ssl_expr_yycheck[ssl_expr_yyn] != ssl_expr_yychar1)
- goto ssl_expr_yydefault;
+ nss_expr_yyn += nss_expr_yychar1;
+ if (nss_expr_yyn < 0 || nss_expr_yyn > YYLAST || nss_expr_yycheck[nss_expr_yyn] != nss_expr_yychar1)
+ goto nss_expr_yydefault;
- ssl_expr_yyn = ssl_expr_yytable[ssl_expr_yyn];
+ nss_expr_yyn = nss_expr_yytable[nss_expr_yyn];
- /* ssl_expr_yyn is what to do for this token type in this state.
- Negative => reduce, -ssl_expr_yyn is rule number.
- Positive => shift, ssl_expr_yyn is new state.
+ /* nss_expr_yyn is what to do for this token type in this state.
+ Negative => reduce, -nss_expr_yyn is rule number.
+ Positive => shift, nss_expr_yyn is new state.
New state is final state => don't bother to shift,
just return success.
0, or most negative number => error. */
- if (ssl_expr_yyn < 0)
+ if (nss_expr_yyn < 0)
{
- if (ssl_expr_yyn == YYFLAG)
- goto ssl_expr_yyerrlab;
- ssl_expr_yyn = -ssl_expr_yyn;
- goto ssl_expr_yyreduce;
+ if (nss_expr_yyn == YYFLAG)
+ goto nss_expr_yyerrlab;
+ nss_expr_yyn = -nss_expr_yyn;
+ goto nss_expr_yyreduce;
}
- else if (ssl_expr_yyn == 0)
- goto ssl_expr_yyerrlab;
+ else if (nss_expr_yyn == 0)
+ goto nss_expr_yyerrlab;
- if (ssl_expr_yyn == YYFINAL)
+ if (nss_expr_yyn == YYFINAL)
YYACCEPT;
/* Shift the lookahead token. */
#if YYDEBUG != 0
- if (ssl_expr_yydebug)
- fprintf(stderr, "Shifting token %d (%s), ", ssl_expr_yychar, ssl_expr_yytname[ssl_expr_yychar1]);
+ if (nss_expr_yydebug)
+ fprintf(stderr, "Shifting token %d (%s), ", nss_expr_yychar, nss_expr_yytname[nss_expr_yychar1]);
#endif
/* Discard the token being shifted unless it is eof. */
- if (ssl_expr_yychar != YYEOF)
- ssl_expr_yychar = YYEMPTY;
+ if (nss_expr_yychar != YYEOF)
+ nss_expr_yychar = YYEMPTY;
- *++ssl_expr_yyvsp = ssl_expr_yylval;
+ *++nss_expr_yyvsp = nss_expr_yylval;
#ifdef YYLSP_NEEDED
- *++ssl_expr_yylsp = ssl_expr_yylloc;
+ *++nss_expr_yylsp = nss_expr_yylloc;
#endif
/* count tokens shifted since error; after three, turn off error status. */
- if (ssl_expr_yyerrstatus) ssl_expr_yyerrstatus--;
+ if (nss_expr_yyerrstatus) nss_expr_yyerrstatus--;
- ssl_expr_yystate = ssl_expr_yyn;
- goto ssl_expr_yynewstate;
+ nss_expr_yystate = nss_expr_yyn;
+ goto nss_expr_yynewstate;
/* Do the default action for the current state. */
-ssl_expr_yydefault:
+nss_expr_yydefault:
- ssl_expr_yyn = ssl_expr_yydefact[ssl_expr_yystate];
- if (ssl_expr_yyn == 0)
- goto ssl_expr_yyerrlab;
+ nss_expr_yyn = nss_expr_yydefact[nss_expr_yystate];
+ if (nss_expr_yyn == 0)
+ goto nss_expr_yyerrlab;
-/* Do a reduction. ssl_expr_yyn is the number of a rule to reduce with. */
-ssl_expr_yyreduce:
- ssl_expr_yylen = ssl_expr_yyr2[ssl_expr_yyn];
- if (ssl_expr_yylen > 0)
- ssl_expr_yyval = ssl_expr_yyvsp[1-ssl_expr_yylen]; /* implement default value of the action */
+/* Do a reduction. nss_expr_yyn is the number of a rule to reduce with. */
+nss_expr_yyreduce:
+ nss_expr_yylen = nss_expr_yyr2[nss_expr_yyn];
+ if (nss_expr_yylen > 0)
+ nss_expr_yyval = nss_expr_yyvsp[1-nss_expr_yylen]; /* implement default value of the action */
#if YYDEBUG != 0
- if (ssl_expr_yydebug)
+ if (nss_expr_yydebug)
{
int i;
fprintf (stderr, "Reducing via rule %d (line %d), ",
- ssl_expr_yyn, ssl_expr_yyrline[ssl_expr_yyn]);
+ nss_expr_yyn, nss_expr_yyrline[nss_expr_yyn]);
/* Print the symbols being reduced, and their result. */
- for (i = ssl_expr_yyprhs[ssl_expr_yyn]; ssl_expr_yyrhs[i] > 0; i++)
- fprintf (stderr, "%s ", ssl_expr_yytname[ssl_expr_yyrhs[i]]);
- fprintf (stderr, " -> %s\n", ssl_expr_yytname[ssl_expr_yyr1[ssl_expr_yyn]]);
+ for (i = nss_expr_yyprhs[nss_expr_yyn]; nss_expr_yyrhs[i] > 0; i++)
+ fprintf (stderr, "%s ", nss_expr_yytname[nss_expr_yyrhs[i]]);
+ fprintf (stderr, " -> %s\n", nss_expr_yytname[nss_expr_yyr1[nss_expr_yyn]]);
}
#endif
- switch (ssl_expr_yyn) {
+ switch (nss_expr_yyn) {
case 1:
-#line 81 "ssl_expr_parse.y"
-{ ssl_expr_info.expr = ssl_expr_yyvsp[0].exVal; ;
+#line 69 "nss_expr_parse.y"
+{ nss_expr_info.expr = nss_expr_yyvsp[0].exVal; ;
break;}
case 2:
-#line 84 "ssl_expr_parse.y"
-{ ssl_expr_yyval.exVal = ssl_expr_make(op_True, NULL, NULL); ;
+#line 72 "nss_expr_parse.y"
+{ nss_expr_yyval.exVal = nss_expr_make(op_True, NULL, NULL); ;
break;}
case 3:
-#line 85 "ssl_expr_parse.y"
-{ ssl_expr_yyval.exVal = ssl_expr_make(op_False, NULL, NULL); ;
+#line 73 "nss_expr_parse.y"
+{ nss_expr_yyval.exVal = nss_expr_make(op_False, NULL, NULL); ;
break;}
case 4:
-#line 86 "ssl_expr_parse.y"
-{ ssl_expr_yyval.exVal = ssl_expr_make(op_Not, ssl_expr_yyvsp[0].exVal, NULL); ;
+#line 74 "nss_expr_parse.y"
+{ nss_expr_yyval.exVal = nss_expr_make(op_Not, nss_expr_yyvsp[0].exVal, NULL); ;
break;}
case 5:
-#line 87 "ssl_expr_parse.y"
-{ ssl_expr_yyval.exVal = ssl_expr_make(op_Or, ssl_expr_yyvsp[-2].exVal, ssl_expr_yyvsp[0].exVal); ;
+#line 75 "nss_expr_parse.y"
+{ nss_expr_yyval.exVal = nss_expr_make(op_Or, nss_expr_yyvsp[-2].exVal, nss_expr_yyvsp[0].exVal); ;
break;}
case 6:
-#line 88 "ssl_expr_parse.y"
-{ ssl_expr_yyval.exVal = ssl_expr_make(op_And, ssl_expr_yyvsp[-2].exVal, ssl_expr_yyvsp[0].exVal); ;
+#line 76 "nss_expr_parse.y"
+{ nss_expr_yyval.exVal = nss_expr_make(op_And, nss_expr_yyvsp[-2].exVal, nss_expr_yyvsp[0].exVal); ;
break;}
case 7:
-#line 89 "ssl_expr_parse.y"
-{ ssl_expr_yyval.exVal = ssl_expr_make(op_Comp, ssl_expr_yyvsp[0].exVal, NULL); ;
+#line 77 "nss_expr_parse.y"
+{ nss_expr_yyval.exVal = nss_expr_make(op_Comp, nss_expr_yyvsp[0].exVal, NULL); ;
break;}
case 8:
-#line 90 "ssl_expr_parse.y"
-{ ssl_expr_yyval.exVal = ssl_expr_yyvsp[-1].exVal; ;
+#line 78 "nss_expr_parse.y"
+{ nss_expr_yyval.exVal = nss_expr_yyvsp[-1].exVal; ;
break;}
case 9:
-#line 93 "ssl_expr_parse.y"
-{ ssl_expr_yyval.exVal = ssl_expr_make(op_EQ, ssl_expr_yyvsp[-2].exVal, ssl_expr_yyvsp[0].exVal); ;
+#line 81 "nss_expr_parse.y"
+{ nss_expr_yyval.exVal = nss_expr_make(op_EQ, nss_expr_yyvsp[-2].exVal, nss_expr_yyvsp[0].exVal); ;
break;}
case 10:
-#line 94 "ssl_expr_parse.y"
-{ ssl_expr_yyval.exVal = ssl_expr_make(op_NE, ssl_expr_yyvsp[-2].exVal, ssl_expr_yyvsp[0].exVal); ;
+#line 82 "nss_expr_parse.y"
+{ nss_expr_yyval.exVal = nss_expr_make(op_NE, nss_expr_yyvsp[-2].exVal, nss_expr_yyvsp[0].exVal); ;
break;}
case 11:
-#line 95 "ssl_expr_parse.y"
-{ ssl_expr_yyval.exVal = ssl_expr_make(op_LT, ssl_expr_yyvsp[-2].exVal, ssl_expr_yyvsp[0].exVal); ;
+#line 83 "nss_expr_parse.y"
+{ nss_expr_yyval.exVal = nss_expr_make(op_LT, nss_expr_yyvsp[-2].exVal, nss_expr_yyvsp[0].exVal); ;
break;}
case 12:
-#line 96 "ssl_expr_parse.y"
-{ ssl_expr_yyval.exVal = ssl_expr_make(op_LE, ssl_expr_yyvsp[-2].exVal, ssl_expr_yyvsp[0].exVal); ;
+#line 84 "nss_expr_parse.y"
+{ nss_expr_yyval.exVal = nss_expr_make(op_LE, nss_expr_yyvsp[-2].exVal, nss_expr_yyvsp[0].exVal); ;
break;}
case 13:
-#line 97 "ssl_expr_parse.y"
-{ ssl_expr_yyval.exVal = ssl_expr_make(op_GT, ssl_expr_yyvsp[-2].exVal, ssl_expr_yyvsp[0].exVal); ;
+#line 85 "nss_expr_parse.y"
+{ nss_expr_yyval.exVal = nss_expr_make(op_GT, nss_expr_yyvsp[-2].exVal, nss_expr_yyvsp[0].exVal); ;
break;}
case 14:
-#line 98 "ssl_expr_parse.y"
-{ ssl_expr_yyval.exVal = ssl_expr_make(op_GE, ssl_expr_yyvsp[-2].exVal, ssl_expr_yyvsp[0].exVal); ;
+#line 86 "nss_expr_parse.y"
+{ nss_expr_yyval.exVal = nss_expr_make(op_GE, nss_expr_yyvsp[-2].exVal, nss_expr_yyvsp[0].exVal); ;
break;}
case 15:
-#line 99 "ssl_expr_parse.y"
-{ ssl_expr_yyval.exVal = ssl_expr_make(op_IN, ssl_expr_yyvsp[-4].exVal, ssl_expr_yyvsp[-1].exVal); ;
+#line 87 "nss_expr_parse.y"
+{ nss_expr_yyval.exVal = nss_expr_make(op_IN, nss_expr_yyvsp[-4].exVal, nss_expr_yyvsp[-1].exVal); ;
break;}
case 16:
-#line 100 "ssl_expr_parse.y"
-{ ssl_expr_yyval.exVal = ssl_expr_make(op_REG, ssl_expr_yyvsp[-2].exVal, ssl_expr_yyvsp[0].exVal); ;
+#line 88 "nss_expr_parse.y"
+{ nss_expr_yyval.exVal = nss_expr_make(op_REG, nss_expr_yyvsp[-2].exVal, nss_expr_yyvsp[0].exVal); ;
break;}
case 17:
-#line 101 "ssl_expr_parse.y"
-{ ssl_expr_yyval.exVal = ssl_expr_make(op_NRE, ssl_expr_yyvsp[-2].exVal, ssl_expr_yyvsp[0].exVal); ;
+#line 89 "nss_expr_parse.y"
+{ nss_expr_yyval.exVal = nss_expr_make(op_NRE, nss_expr_yyvsp[-2].exVal, nss_expr_yyvsp[0].exVal); ;
break;}
case 18:
-#line 104 "ssl_expr_parse.y"
-{ ssl_expr_yyval.exVal = ssl_expr_make(op_ListElement, ssl_expr_yyvsp[0].exVal, NULL); ;
+#line 92 "nss_expr_parse.y"
+{ nss_expr_yyval.exVal = nss_expr_make(op_ListElement, nss_expr_yyvsp[0].exVal, NULL); ;
break;}
case 19:
-#line 105 "ssl_expr_parse.y"
-{ ssl_expr_yyval.exVal = ssl_expr_make(op_ListElement, ssl_expr_yyvsp[0].exVal, ssl_expr_yyvsp[-2].exVal); ;
+#line 93 "nss_expr_parse.y"
+{ nss_expr_yyval.exVal = nss_expr_make(op_ListElement, nss_expr_yyvsp[0].exVal, nss_expr_yyvsp[-2].exVal); ;
break;}
case 20:
-#line 108 "ssl_expr_parse.y"
-{ ssl_expr_yyval.exVal = ssl_expr_make(op_Digit, ssl_expr_yyvsp[0].cpVal, NULL); ;
+#line 96 "nss_expr_parse.y"
+{ nss_expr_yyval.exVal = nss_expr_make(op_Digit, nss_expr_yyvsp[0].cpVal, NULL); ;
break;}
case 21:
-#line 109 "ssl_expr_parse.y"
-{ ssl_expr_yyval.exVal = ssl_expr_make(op_String, ssl_expr_yyvsp[0].cpVal, NULL); ;
+#line 97 "nss_expr_parse.y"
+{ nss_expr_yyval.exVal = nss_expr_make(op_String, nss_expr_yyvsp[0].cpVal, NULL); ;
break;}
case 22:
-#line 110 "ssl_expr_parse.y"
-{ ssl_expr_yyval.exVal = ssl_expr_make(op_Var, ssl_expr_yyvsp[-1].cpVal, NULL); ;
+#line 98 "nss_expr_parse.y"
+{ nss_expr_yyval.exVal = nss_expr_make(op_Var, nss_expr_yyvsp[-1].cpVal, NULL); ;
break;}
case 23:
-#line 111 "ssl_expr_parse.y"
-{ ssl_expr_yyval.exVal = ssl_expr_yyvsp[0].exVal; ;
+#line 99 "nss_expr_parse.y"
+{ nss_expr_yyval.exVal = nss_expr_yyvsp[0].exVal; ;
break;}
case 24:
-#line 114 "ssl_expr_parse.y"
+#line 102 "nss_expr_parse.y"
{
regex_t *regex;
- if ((regex = ap_pregcomp(ssl_expr_info.pool, ssl_expr_yyvsp[0].cpVal,
+ if ((regex = ap_pregcomp(nss_expr_info.pool, nss_expr_yyvsp[0].cpVal,
REG_EXTENDED|REG_NOSUB)) == NULL) {
- ssl_expr_error = "Failed to compile regular expression";
+ nss_expr_error = "Failed to compile regular expression";
YYERROR;
}
- ssl_expr_yyval.exVal = ssl_expr_make(op_Regex, regex, NULL);
+ nss_expr_yyval.exVal = nss_expr_make(op_Regex, regex, NULL);
;
break;}
case 25:
-#line 123 "ssl_expr_parse.y"
+#line 111 "nss_expr_parse.y"
{
regex_t *regex;
- if ((regex = ap_pregcomp(ssl_expr_info.pool, ssl_expr_yyvsp[0].cpVal,
+ if ((regex = ap_pregcomp(nss_expr_info.pool, nss_expr_yyvsp[0].cpVal,
REG_EXTENDED|REG_NOSUB|REG_ICASE)) == NULL) {
- ssl_expr_error = "Failed to compile regular expression";
+ nss_expr_error = "Failed to compile regular expression";
YYERROR;
}
- ssl_expr_yyval.exVal = ssl_expr_make(op_Regex, regex, NULL);
+ nss_expr_yyval.exVal = nss_expr_make(op_Regex, regex, NULL);
;
break;}
case 26:
-#line 134 "ssl_expr_parse.y"
+#line 122 "nss_expr_parse.y"
{
- ssl_expr *args = ssl_expr_make(op_ListElement, ssl_expr_yyvsp[-1].cpVal, NULL);
- ssl_expr_yyval.exVal = ssl_expr_make(op_Func, "file", args);
+ nss_expr *args = nss_expr_make(op_ListElement, nss_expr_yyvsp[-1].cpVal, NULL);
+ nss_expr_yyval.exVal = nss_expr_make(op_Func, "file", args);
;
break;}
}
/* the action file gets copied in in place of this dollarsign */
#line 543 "/usr/lib/bison.simple"
- ssl_expr_yyvsp -= ssl_expr_yylen;
- ssl_expr_yyssp -= ssl_expr_yylen;
+ nss_expr_yyvsp -= nss_expr_yylen;
+ nss_expr_yyssp -= nss_expr_yylen;
#ifdef YYLSP_NEEDED
- ssl_expr_yylsp -= ssl_expr_yylen;
+ nss_expr_yylsp -= nss_expr_yylen;
#endif
#if YYDEBUG != 0
- if (ssl_expr_yydebug)
+ if (nss_expr_yydebug)
{
- short *ssp1 = ssl_expr_yyss - 1;
+ short *ssp1 = nss_expr_yyss - 1;
fprintf (stderr, "state stack now");
- while (ssp1 != ssl_expr_yyssp)
+ while (ssp1 != nss_expr_yyssp)
fprintf (stderr, " %d", *++ssp1);
fprintf (stderr, "\n");
}
#endif
- *++ssl_expr_yyvsp = ssl_expr_yyval;
+ *++nss_expr_yyvsp = nss_expr_yyval;
#ifdef YYLSP_NEEDED
- ssl_expr_yylsp++;
- if (ssl_expr_yylen == 0)
+ nss_expr_yylsp++;
+ if (nss_expr_yylen == 0)
{
- ssl_expr_yylsp->first_line = ssl_expr_yylloc.first_line;
- ssl_expr_yylsp->first_column = ssl_expr_yylloc.first_column;
- ssl_expr_yylsp->last_line = (ssl_expr_yylsp-1)->last_line;
- ssl_expr_yylsp->last_column = (ssl_expr_yylsp-1)->last_column;
- ssl_expr_yylsp->text = 0;
+ nss_expr_yylsp->first_line = nss_expr_yylloc.first_line;
+ nss_expr_yylsp->first_column = nss_expr_yylloc.first_column;
+ nss_expr_yylsp->last_line = (nss_expr_yylsp-1)->last_line;
+ nss_expr_yylsp->last_column = (nss_expr_yylsp-1)->last_column;
+ nss_expr_yylsp->text = 0;
}
else
{
- ssl_expr_yylsp->last_line = (ssl_expr_yylsp+ssl_expr_yylen-1)->last_line;
- ssl_expr_yylsp->last_column = (ssl_expr_yylsp+ssl_expr_yylen-1)->last_column;
+ nss_expr_yylsp->last_line = (nss_expr_yylsp+nss_expr_yylen-1)->last_line;
+ nss_expr_yylsp->last_column = (nss_expr_yylsp+nss_expr_yylen-1)->last_column;
}
#endif
@@ -891,38 +891,38 @@ case 26:
based on the state we popped back to
and the rule number reduced by. */
- ssl_expr_yyn = ssl_expr_yyr1[ssl_expr_yyn];
+ nss_expr_yyn = nss_expr_yyr1[nss_expr_yyn];
- ssl_expr_yystate = ssl_expr_yypgoto[ssl_expr_yyn - YYNTBASE] + *ssl_expr_yyssp;
- if (ssl_expr_yystate >= 0 && ssl_expr_yystate <= YYLAST && ssl_expr_yycheck[ssl_expr_yystate] == *ssl_expr_yyssp)
- ssl_expr_yystate = ssl_expr_yytable[ssl_expr_yystate];
+ nss_expr_yystate = nss_expr_yypgoto[nss_expr_yyn - YYNTBASE] + *nss_expr_yyssp;
+ if (nss_expr_yystate >= 0 && nss_expr_yystate <= YYLAST && nss_expr_yycheck[nss_expr_yystate] == *nss_expr_yyssp)
+ nss_expr_yystate = nss_expr_yytable[nss_expr_yystate];
else
- ssl_expr_yystate = ssl_expr_yydefgoto[ssl_expr_yyn - YYNTBASE];
+ nss_expr_yystate = nss_expr_yydefgoto[nss_expr_yyn - YYNTBASE];
- goto ssl_expr_yynewstate;
+ goto nss_expr_yynewstate;
-ssl_expr_yyerrlab: /* here on detecting error */
+nss_expr_yyerrlab: /* here on detecting error */
- if (! ssl_expr_yyerrstatus)
+ if (! nss_expr_yyerrstatus)
/* If not already recovering from an error, report this error. */
{
- ++ssl_expr_yynerrs;
+ ++nss_expr_yynerrs;
#ifdef YYERROR_VERBOSE
- ssl_expr_yyn = ssl_expr_yypact[ssl_expr_yystate];
+ nss_expr_yyn = nss_expr_yypact[nss_expr_yystate];
- if (ssl_expr_yyn > YYFLAG && ssl_expr_yyn < YYLAST)
+ if (nss_expr_yyn > YYFLAG && nss_expr_yyn < YYLAST)
{
int size = 0;
char *msg;
int x, count;
count = 0;
- /* Start X at -ssl_expr_yyn if nec to avoid negative indexes in ssl_expr_yycheck. */
- for (x = (ssl_expr_yyn < 0 ? -ssl_expr_yyn : 0);
- x < (sizeof(ssl_expr_yytname) / sizeof(char *)); x++)
- if (ssl_expr_yycheck[x + ssl_expr_yyn] == x)
- size += strlen(ssl_expr_yytname[x]) + 15, count++;
+ /* Start X at -nss_expr_yyn if nec to avoid negative indexes in nss_expr_yycheck. */
+ for (x = (nss_expr_yyn < 0 ? -nss_expr_yyn : 0);
+ x < (sizeof(nss_expr_yytname) / sizeof(char *)); x++)
+ if (nss_expr_yycheck[x + nss_expr_yyn] == x)
+ size += strlen(nss_expr_yytname[x]) + 15, count++;
msg = (char *) malloc(size + 15);
if (msg != 0)
{
@@ -931,149 +931,149 @@ ssl_expr_yyerrlab: /* here on detecting error */
if (count < 5)
{
count = 0;
- for (x = (ssl_expr_yyn < 0 ? -ssl_expr_yyn : 0);
- x < (sizeof(ssl_expr_yytname) / sizeof(char *)); x++)
- if (ssl_expr_yycheck[x + ssl_expr_yyn] == x)
+ for (x = (nss_expr_yyn < 0 ? -nss_expr_yyn : 0);
+ x < (sizeof(nss_expr_yytname) / sizeof(char *)); x++)
+ if (nss_expr_yycheck[x + nss_expr_yyn] == x)
{
strcat(msg, count == 0 ? ", expecting `" : " or `");
- strcat(msg, ssl_expr_yytname[x]);
+ strcat(msg, nss_expr_yytname[x]);
strcat(msg, "'");
count++;
}
}
- ssl_expr_yyerror(msg);
+ nss_expr_yyerror(msg);
free(msg);
}
else
- ssl_expr_yyerror ("parse error; also virtual memory exceeded");
+ nss_expr_yyerror ("parse error; also virtual memory exceeded");
}
else
#endif /* YYERROR_VERBOSE */
- ssl_expr_yyerror("parse error");
+ nss_expr_yyerror("parse error");
}
- goto ssl_expr_yyerrlab1;
-ssl_expr_yyerrlab1: /* here on error raised explicitly by an action */
+ goto nss_expr_yyerrlab1;
+nss_expr_yyerrlab1: /* here on error raised explicitly by an action */
- if (ssl_expr_yyerrstatus == 3)
+ if (nss_expr_yyerrstatus == 3)
{
/* if just tried and failed to reuse lookahead token after an error, discard it. */
/* return failure if at end of input */
- if (ssl_expr_yychar == YYEOF)
+ if (nss_expr_yychar == YYEOF)
YYABORT;
#if YYDEBUG != 0
- if (ssl_expr_yydebug)
- fprintf(stderr, "Discarding token %d (%s).\n", ssl_expr_yychar, ssl_expr_yytname[ssl_expr_yychar1]);
+ if (nss_expr_yydebug)
+ fprintf(stderr, "Discarding token %d (%s).\n", nss_expr_yychar, nss_expr_yytname[nss_expr_yychar1]);
#endif
- ssl_expr_yychar = YYEMPTY;
+ nss_expr_yychar = YYEMPTY;
}
/* Else will try to reuse lookahead token
after shifting the error token. */
- ssl_expr_yyerrstatus = 3; /* Each real token shifted decrements this */
+ nss_expr_yyerrstatus = 3; /* Each real token shifted decrements this */
- goto ssl_expr_yyerrhandle;
+ goto nss_expr_yyerrhandle;
-ssl_expr_yyerrdefault: /* current state does not do anything special for the error token. */
+nss_expr_yyerrdefault: /* current state does not do anything special for the error token. */
#if 0
/* This is wrong; only states that explicitly want error tokens
should shift them. */
- ssl_expr_yyn = ssl_expr_yydefact[ssl_expr_yystate]; /* If its default is to accept any token, ok. Otherwise pop it.*/
- if (ssl_expr_yyn) goto ssl_expr_yydefault;
+ nss_expr_yyn = nss_expr_yydefact[nss_expr_yystate]; /* If its default is to accept any token, ok. Otherwise pop it.*/
+ if (nss_expr_yyn) goto nss_expr_yydefault;
#endif
-ssl_expr_yyerrpop: /* pop the current state because it cannot handle the error token */
+nss_expr_yyerrpop: /* pop the current state because it cannot handle the error token */
- if (ssl_expr_yyssp == ssl_expr_yyss) YYABORT;
- ssl_expr_yyvsp--;
- ssl_expr_yystate = *--ssl_expr_yyssp;
+ if (nss_expr_yyssp == nss_expr_yyss) YYABORT;
+ nss_expr_yyvsp--;
+ nss_expr_yystate = *--nss_expr_yyssp;
#ifdef YYLSP_NEEDED
- ssl_expr_yylsp--;
+ nss_expr_yylsp--;
#endif
#if YYDEBUG != 0
- if (ssl_expr_yydebug)
+ if (nss_expr_yydebug)
{
- short *ssp1 = ssl_expr_yyss - 1;
+ short *ssp1 = nss_expr_yyss - 1;
fprintf (stderr, "Error: state stack now");
- while (ssp1 != ssl_expr_yyssp)
+ while (ssp1 != nss_expr_yyssp)
fprintf (stderr, " %d", *++ssp1);
fprintf (stderr, "\n");
}
#endif
-ssl_expr_yyerrhandle:
+nss_expr_yyerrhandle:
- ssl_expr_yyn = ssl_expr_yypact[ssl_expr_yystate];
- if (ssl_expr_yyn == YYFLAG)
- goto ssl_expr_yyerrdefault;
+ nss_expr_yyn = nss_expr_yypact[nss_expr_yystate];
+ if (nss_expr_yyn == YYFLAG)
+ goto nss_expr_yyerrdefault;
- ssl_expr_yyn += YYTERROR;
- if (ssl_expr_yyn < 0 || ssl_expr_yyn > YYLAST || ssl_expr_yycheck[ssl_expr_yyn] != YYTERROR)
- goto ssl_expr_yyerrdefault;
+ nss_expr_yyn += YYTERROR;
+ if (nss_expr_yyn < 0 || nss_expr_yyn > YYLAST || nss_expr_yycheck[nss_expr_yyn] != YYTERROR)
+ goto nss_expr_yyerrdefault;
- ssl_expr_yyn = ssl_expr_yytable[ssl_expr_yyn];
- if (ssl_expr_yyn < 0)
+ nss_expr_yyn = nss_expr_yytable[nss_expr_yyn];
+ if (nss_expr_yyn < 0)
{
- if (ssl_expr_yyn == YYFLAG)
- goto ssl_expr_yyerrpop;
- ssl_expr_yyn = -ssl_expr_yyn;
- goto ssl_expr_yyreduce;
+ if (nss_expr_yyn == YYFLAG)
+ goto nss_expr_yyerrpop;
+ nss_expr_yyn = -nss_expr_yyn;
+ goto nss_expr_yyreduce;
}
- else if (ssl_expr_yyn == 0)
- goto ssl_expr_yyerrpop;
+ else if (nss_expr_yyn == 0)
+ goto nss_expr_yyerrpop;
- if (ssl_expr_yyn == YYFINAL)
+ if (nss_expr_yyn == YYFINAL)
YYACCEPT;
#if YYDEBUG != 0
- if (ssl_expr_yydebug)
+ if (nss_expr_yydebug)
fprintf(stderr, "Shifting error token, ");
#endif
- *++ssl_expr_yyvsp = ssl_expr_yylval;
+ *++nss_expr_yyvsp = nss_expr_yylval;
#ifdef YYLSP_NEEDED
- *++ssl_expr_yylsp = ssl_expr_yylloc;
+ *++nss_expr_yylsp = nss_expr_yylloc;
#endif
- ssl_expr_yystate = ssl_expr_yyn;
- goto ssl_expr_yynewstate;
+ nss_expr_yystate = nss_expr_yyn;
+ goto nss_expr_yynewstate;
- ssl_expr_yyacceptlab:
+ nss_expr_yyacceptlab:
/* YYACCEPT comes here. */
- if (ssl_expr_yyfree_stacks)
+ if (nss_expr_yyfree_stacks)
{
- free (ssl_expr_yyss);
- free (ssl_expr_yyvs);
+ free (nss_expr_yyss);
+ free (nss_expr_yyvs);
#ifdef YYLSP_NEEDED
- free (ssl_expr_yyls);
+ free (nss_expr_yyls);
#endif
}
return 0;
- ssl_expr_yyabortlab:
+ nss_expr_yyabortlab:
/* YYABORT comes here. */
- if (ssl_expr_yyfree_stacks)
+ if (nss_expr_yyfree_stacks)
{
- free (ssl_expr_yyss);
- free (ssl_expr_yyvs);
+ free (nss_expr_yyss);
+ free (nss_expr_yyvs);
#ifdef YYLSP_NEEDED
- free (ssl_expr_yyls);
+ free (nss_expr_yyls);
#endif
}
return 1;
}
-#line 140 "ssl_expr_parse.y"
+#line 128 "nss_expr_parse.y"
-int ssl_expr_yyerror(char *s)
+int nss_expr_yyerror(char *s)
{
- ssl_expr_error = s;
+ nss_expr_error = s;
return 2;
}
diff --git a/ssl_expr_parse.h b/nss_expr_parse.h
index 5378e28..09adf01 100644
--- a/ssl_expr_parse.h
+++ b/nss_expr_parse.h
@@ -1,6 +1,6 @@
typedef union {
char *cpVal;
- ssl_expr *exVal;
+ nss_expr *exVal;
} YYSTYPE;
#define T_TRUE 257
#define T_FALSE 258
@@ -24,4 +24,4 @@ typedef union {
#define T_OP_NOT 276
-extern YYSTYPE ssl_expr_yylval;
+extern YYSTYPE nss_expr_yylval;
diff --git a/ssl_expr_parse.y b/nss_expr_parse.y
index 21fe64c..9ee1a1a 100644
--- a/ssl_expr_parse.y
+++ b/nss_expr_parse.y
@@ -13,18 +13,6 @@
* limitations under the License.
*/
-/* _ _
- * _ __ ___ ___ __| | ___ ___| |
- * | '_ ` _ \ / _ \ / _` | / __/ __| |
- * | | | | | | (_) | (_| | \__ \__ \ | mod_ssl - Apache Interface to OpenSSL
- * |_| |_| |_|\___/ \__,_|___|___/___/_| http://www.modssl.org/
- * |_____|
- * ssl_expr_parse.y
- * Expression LR(1) Parser
- */
- /* ``What you see is all you get.''
- -- Brian Kernighan */
-
/* _________________________________________________________________
**
** Expression Parser
@@ -37,7 +25,7 @@
%union {
char *cpVal;
- ssl_expr *exVal;
+ nss_expr *exVal;
}
%token T_TRUE
@@ -78,62 +66,62 @@
%%
-root : expr { ssl_expr_info.expr = $1; }
+root : expr { nss_expr_info.expr = $1; }
;
-expr : T_TRUE { $$ = ssl_expr_make(op_True, NULL, NULL); }
- | T_FALSE { $$ = ssl_expr_make(op_False, NULL, NULL); }
- | T_OP_NOT expr { $$ = ssl_expr_make(op_Not, $2, NULL); }
- | expr T_OP_OR expr { $$ = ssl_expr_make(op_Or, $1, $3); }
- | expr T_OP_AND expr { $$ = ssl_expr_make(op_And, $1, $3); }
- | comparison { $$ = ssl_expr_make(op_Comp, $1, NULL); }
+expr : T_TRUE { $$ = nss_expr_make(op_True, NULL, NULL); }
+ | T_FALSE { $$ = nss_expr_make(op_False, NULL, NULL); }
+ | T_OP_NOT expr { $$ = nss_expr_make(op_Not, $2, NULL); }
+ | expr T_OP_OR expr { $$ = nss_expr_make(op_Or, $1, $3); }
+ | expr T_OP_AND expr { $$ = nss_expr_make(op_And, $1, $3); }
+ | comparison { $$ = nss_expr_make(op_Comp, $1, NULL); }
| '(' expr ')' { $$ = $2; }
;
-comparison: word T_OP_EQ word { $$ = ssl_expr_make(op_EQ, $1, $3); }
- | word T_OP_NE word { $$ = ssl_expr_make(op_NE, $1, $3); }
- | word T_OP_LT word { $$ = ssl_expr_make(op_LT, $1, $3); }
- | word T_OP_LE word { $$ = ssl_expr_make(op_LE, $1, $3); }
- | word T_OP_GT word { $$ = ssl_expr_make(op_GT, $1, $3); }
- | word T_OP_GE word { $$ = ssl_expr_make(op_GE, $1, $3); }
- | word T_OP_IN '{' words '}' { $$ = ssl_expr_make(op_IN, $1, $4); }
- | word T_OP_REG regex { $$ = ssl_expr_make(op_REG, $1, $3); }
- | word T_OP_NRE regex { $$ = ssl_expr_make(op_NRE, $1, $3); }
+comparison: word T_OP_EQ word { $$ = nss_expr_make(op_EQ, $1, $3); }
+ | word T_OP_NE word { $$ = nss_expr_make(op_NE, $1, $3); }
+ | word T_OP_LT word { $$ = nss_expr_make(op_LT, $1, $3); }
+ | word T_OP_LE word { $$ = nss_expr_make(op_LE, $1, $3); }
+ | word T_OP_GT word { $$ = nss_expr_make(op_GT, $1, $3); }
+ | word T_OP_GE word { $$ = nss_expr_make(op_GE, $1, $3); }
+ | word T_OP_IN '{' words '}' { $$ = nss_expr_make(op_IN, $1, $4); }
+ | word T_OP_REG regex { $$ = nss_expr_make(op_REG, $1, $3); }
+ | word T_OP_NRE regex { $$ = nss_expr_make(op_NRE, $1, $3); }
;
-words : word { $$ = ssl_expr_make(op_ListElement, $1, NULL); }
- | words ',' word { $$ = ssl_expr_make(op_ListElement, $3, $1); }
+words : word { $$ = nss_expr_make(op_ListElement, $1, NULL); }
+ | words ',' word { $$ = nss_expr_make(op_ListElement, $3, $1); }
;
-word : T_DIGIT { $$ = ssl_expr_make(op_Digit, $1, NULL); }
- | T_STRING { $$ = ssl_expr_make(op_String, $1, NULL); }
- | '%' '{' T_ID '}' { $$ = ssl_expr_make(op_Var, $3, NULL); }
+word : T_DIGIT { $$ = nss_expr_make(op_Digit, $1, NULL); }
+ | T_STRING { $$ = nss_expr_make(op_String, $1, NULL); }
+ | '%' '{' T_ID '}' { $$ = nss_expr_make(op_Var, $3, NULL); }
| funccall { $$ = $1; }
;
regex : T_REGEX {
regex_t *regex;
- if ((regex = ap_pregcomp(ssl_expr_info.pool, $1,
+ if ((regex = ap_pregcomp(nss_expr_info.pool, $1,
REG_EXTENDED|REG_NOSUB)) == NULL) {
- ssl_expr_error = "Failed to compile regular expression";
+ nss_expr_error = "Failed to compile regular expression";
YYERROR;
}
- $$ = ssl_expr_make(op_Regex, regex, NULL);
+ $$ = nss_expr_make(op_Regex, regex, NULL);
}
| T_REGEX_I {
regex_t *regex;
- if ((regex = ap_pregcomp(ssl_expr_info.pool, $1,
+ if ((regex = ap_pregcomp(nss_expr_info.pool, $1,
REG_EXTENDED|REG_NOSUB|REG_ICASE)) == NULL) {
- ssl_expr_error = "Failed to compile regular expression";
+ nss_expr_error = "Failed to compile regular expression";
YYERROR;
}
- $$ = ssl_expr_make(op_Regex, regex, NULL);
+ $$ = nss_expr_make(op_Regex, regex, NULL);
}
;
funccall : T_FUNC_FILE '(' T_STRING ')' {
- ssl_expr *args = ssl_expr_make(op_ListElement, $3, NULL);
- $$ = ssl_expr_make(op_Func, "file", args);
+ nss_expr *args = nss_expr_make(op_ListElement, $3, NULL);
+ $$ = nss_expr_make(op_Func, "file", args);
}
;
@@ -141,7 +129,7 @@ funccall : T_FUNC_FILE '(' T_STRING ')' {
int yyerror(char *s)
{
- ssl_expr_error = s;
+ nss_expr_error = s;
return 2;
}
diff --git a/ssl_expr_scan.c b/nss_expr_scan.c
index a351735..490ff54 100644
--- a/ssl_expr_scan.c
+++ b/nss_expr_scan.c
@@ -1,19 +1,19 @@
-#define yy_create_buffer ssl_expr_yy_create_buffer
-#define yy_delete_buffer ssl_expr_yy_delete_buffer
-#define yy_scan_buffer ssl_expr_yy_scan_buffer
-#define yy_scan_string ssl_expr_yy_scan_string
-#define yy_scan_bytes ssl_expr_yy_scan_bytes
-#define yy_flex_debug ssl_expr_yy_flex_debug
-#define yy_init_buffer ssl_expr_yy_init_buffer
-#define yy_flush_buffer ssl_expr_yy_flush_buffer
-#define yy_load_buffer_state ssl_expr_yy_load_buffer_state
-#define yy_switch_to_buffer ssl_expr_yy_switch_to_buffer
-#define yyin ssl_expr_yyin
-#define yyleng ssl_expr_yyleng
-#define yylex ssl_expr_yylex
-#define yyout ssl_expr_yyout
-#define yyrestart ssl_expr_yyrestart
-#define yytext ssl_expr_yytext
+#define yy_create_buffer nss_expr_yy_create_buffer
+#define yy_delete_buffer nss_expr_yy_delete_buffer
+#define yy_scan_buffer nss_expr_yy_scan_buffer
+#define yy_scan_string nss_expr_yy_scan_string
+#define yy_scan_bytes nss_expr_yy_scan_bytes
+#define yy_flex_debug nss_expr_yy_flex_debug
+#define yy_init_buffer nss_expr_yy_init_buffer
+#define yy_flush_buffer nss_expr_yy_flush_buffer
+#define yy_load_buffer_state nss_expr_yy_load_buffer_state
+#define yy_switch_to_buffer nss_expr_yy_switch_to_buffer
+#define yyin nss_expr_yyin
+#define yyleng nss_expr_yyleng
+#define yylex nss_expr_yylex
+#define yyout nss_expr_yyout
+#define yyrestart nss_expr_yyrestart
+#define yytext nss_expr_yytext
/* A lexical scanner generated by flex */
@@ -443,7 +443,7 @@ static char *yy_last_accepting_cpos;
#define YY_MORE_ADJ 0
#define YY_RESTORE_YY_MORE_OFFSET
char *yytext;
-#line 1 "ssl_expr_scan.l"
+#line 1 "nss_expr_scan.l"
#define INITIAL 0
/* Copyright 2001-2004 The Apache Software Foundation
*
@@ -459,27 +459,15 @@ char *yytext;
* See the License for the specific language governing permissions and
* limitations under the License.
*/
-/* _ _
- * _ __ ___ ___ __| | ___ ___| |
- * | '_ ` _ \ / _ \ / _` | / __/ __| |
- * | | | | | | (_) | (_| | \__ \__ \ | mod_ssl - Apache Interface to OpenSSL
- * |_| |_| |_|\___/ \__,_|___|___/___/_| http://www.modssl.org/
- * |_____|
- * ssl_expr_scan.l
- * Expression Scanner
- */
-/* ``Killing for peace is
-like fucking for virginity.''
--- Unknown */
/* _________________________________________________________________
**
** Expression Scanner
** _________________________________________________________________
*/
-#line 36 "ssl_expr_scan.l"
+#line 23 "nss_expr_scan.l"
#include "mod_nss.h"
-#include "ssl_expr_parse.h"
+#include "nss_expr_parse.h"
#define YY_NO_UNPUT 1
int yyinput(char *buf, int max_size);
@@ -496,7 +484,7 @@ int yyinput(char *buf, int max_size);
#define regex 2
#define regex_flags 3
-#line 501 "lex.ssl_expr_yy.c"
+#line 489 "lex.nss_expr_yy.c"
/* Macros after this point can all be overridden by user definitions in
* section 1.
@@ -647,7 +635,7 @@ YY_DECL
register char *yy_cp = NULL, *yy_bp = NULL;
register int yy_act;
-#line 57 "ssl_expr_scan.l"
+#line 44 "nss_expr_scan.l"
char caStr[MAX_STR_LEN];
@@ -659,7 +647,7 @@ YY_DECL
/*
* Whitespaces
*/
-#line 664 "lex.ssl_expr_yy.c"
+#line 652 "lex.nss_expr_yy.c"
if ( yy_init )
{
@@ -740,7 +728,7 @@ do_action: /* This label is used only to access EOF actions. */
case 1:
YY_RULE_SETUP
-#line 68 "ssl_expr_scan.l"
+#line 55 "nss_expr_scan.l"
{
/* NOP */
}
@@ -750,7 +738,7 @@ YY_RULE_SETUP
*/
case 2:
YY_RULE_SETUP
-#line 75 "ssl_expr_scan.l"
+#line 62 "nss_expr_scan.l"
{
cpStr = caStr;
BEGIN(str);
@@ -758,24 +746,24 @@ YY_RULE_SETUP
YY_BREAK
case 3:
YY_RULE_SETUP
-#line 79 "ssl_expr_scan.l"
+#line 66 "nss_expr_scan.l"
{
BEGIN(INITIAL);
*cpStr = NUL;
- yylval.cpVal = apr_pstrdup(ssl_expr_info.pool, caStr);
+ yylval.cpVal = apr_pstrdup(nss_expr_info.pool, caStr);
return T_STRING;
}
YY_BREAK
case 4:
YY_RULE_SETUP
-#line 85 "ssl_expr_scan.l"
+#line 72 "nss_expr_scan.l"
{
yyerror("Unterminated string");
}
YY_BREAK
case 5:
YY_RULE_SETUP
-#line 88 "ssl_expr_scan.l"
+#line 75 "nss_expr_scan.l"
{
int result;
@@ -788,46 +776,46 @@ YY_RULE_SETUP
YY_BREAK
case 6:
YY_RULE_SETUP
-#line 97 "ssl_expr_scan.l"
+#line 84 "nss_expr_scan.l"
{
yyerror("Bad escape sequence");
}
YY_BREAK
case 7:
YY_RULE_SETUP
-#line 100 "ssl_expr_scan.l"
+#line 87 "nss_expr_scan.l"
{ *cpStr++ = '\n'; }
YY_BREAK
case 8:
YY_RULE_SETUP
-#line 101 "ssl_expr_scan.l"
+#line 88 "nss_expr_scan.l"
{ *cpStr++ = '\r'; }
YY_BREAK
case 9:
YY_RULE_SETUP
-#line 102 "ssl_expr_scan.l"
+#line 89 "nss_expr_scan.l"
{ *cpStr++ = '\t'; }
YY_BREAK
case 10:
YY_RULE_SETUP
-#line 103 "ssl_expr_scan.l"
+#line 90 "nss_expr_scan.l"
{ *cpStr++ = '\b'; }
YY_BREAK
case 11:
YY_RULE_SETUP
-#line 104 "ssl_expr_scan.l"
+#line 91 "nss_expr_scan.l"
{ *cpStr++ = '\f'; }
YY_BREAK
case 12:
YY_RULE_SETUP
-#line 105 "ssl_expr_scan.l"
+#line 92 "nss_expr_scan.l"
{
*cpStr++ = yytext[1];
}
YY_BREAK
case 13:
YY_RULE_SETUP
-#line 108 "ssl_expr_scan.l"
+#line 95 "nss_expr_scan.l"
{
char *cp = yytext;
while (*cp != NUL)
@@ -836,7 +824,7 @@ YY_RULE_SETUP
YY_BREAK
case 14:
YY_RULE_SETUP
-#line 113 "ssl_expr_scan.l"
+#line 100 "nss_expr_scan.l"
{
*cpStr++ = yytext[1];
}
@@ -846,7 +834,7 @@ YY_RULE_SETUP
*/
case 15:
YY_RULE_SETUP
-#line 120 "ssl_expr_scan.l"
+#line 107 "nss_expr_scan.l"
{
cRegexDel = yytext[1];
cpRegex = caRegex;
@@ -855,7 +843,7 @@ YY_RULE_SETUP
YY_BREAK
case 16:
YY_RULE_SETUP
-#line 125 "ssl_expr_scan.l"
+#line 112 "nss_expr_scan.l"
{
if (yytext[0] == cRegexDel) {
*cpRegex = NUL;
@@ -868,27 +856,27 @@ YY_RULE_SETUP
YY_BREAK
case 17:
YY_RULE_SETUP
-#line 134 "ssl_expr_scan.l"
+#line 121 "nss_expr_scan.l"
{
- yylval.cpVal = apr_pstrdup(ssl_expr_info.pool, caRegex);
+ yylval.cpVal = apr_pstrdup(nss_expr_info.pool, caRegex);
BEGIN(INITIAL);
return T_REGEX_I;
}
YY_BREAK
case 18:
YY_RULE_SETUP
-#line 139 "ssl_expr_scan.l"
+#line 126 "nss_expr_scan.l"
{
- yylval.cpVal = apr_pstrdup(ssl_expr_info.pool, caRegex);
+ yylval.cpVal = apr_pstrdup(nss_expr_info.pool, caRegex);
yyless(0);
BEGIN(INITIAL);
return T_REGEX;
}
YY_BREAK
case YY_STATE_EOF(regex_flags):
-#line 145 "ssl_expr_scan.l"
+#line 132 "nss_expr_scan.l"
{
- yylval.cpVal = apr_pstrdup(ssl_expr_info.pool, caRegex);
+ yylval.cpVal = apr_pstrdup(nss_expr_info.pool, caRegex);
BEGIN(INITIAL);
return T_REGEX;
}
@@ -898,107 +886,107 @@ case YY_STATE_EOF(regex_flags):
*/
case 19:
YY_RULE_SETUP
-#line 154 "ssl_expr_scan.l"
+#line 141 "nss_expr_scan.l"
{ return T_OP_EQ; }
YY_BREAK
case 20:
YY_RULE_SETUP
-#line 155 "ssl_expr_scan.l"
+#line 142 "nss_expr_scan.l"
{ return T_OP_EQ; }
YY_BREAK
case 21:
YY_RULE_SETUP
-#line 156 "ssl_expr_scan.l"
+#line 143 "nss_expr_scan.l"
{ return T_OP_NE; }
YY_BREAK
case 22:
YY_RULE_SETUP
-#line 157 "ssl_expr_scan.l"
+#line 144 "nss_expr_scan.l"
{ return T_OP_NE; }
YY_BREAK
case 23:
YY_RULE_SETUP
-#line 158 "ssl_expr_scan.l"
+#line 145 "nss_expr_scan.l"
{ return T_OP_LT; }
YY_BREAK
case 24:
YY_RULE_SETUP
-#line 159 "ssl_expr_scan.l"
+#line 146 "nss_expr_scan.l"
{ return T_OP_LT; }
YY_BREAK
case 25:
YY_RULE_SETUP
-#line 160 "ssl_expr_scan.l"
+#line 147 "nss_expr_scan.l"
{ return T_OP_LE; }
YY_BREAK
case 26:
YY_RULE_SETUP
-#line 161 "ssl_expr_scan.l"
+#line 148 "nss_expr_scan.l"
{ return T_OP_LE; }
YY_BREAK
case 27:
YY_RULE_SETUP
-#line 162 "ssl_expr_scan.l"
+#line 149 "nss_expr_scan.l"
{ return T_OP_GT; }
YY_BREAK
case 28:
YY_RULE_SETUP
-#line 163 "ssl_expr_scan.l"
+#line 150 "nss_expr_scan.l"
{ return T_OP_GT; }
YY_BREAK
case 29:
YY_RULE_SETUP
-#line 164 "ssl_expr_scan.l"
+#line 151 "nss_expr_scan.l"
{ return T_OP_GE; }
YY_BREAK
case 30:
YY_RULE_SETUP
-#line 165 "ssl_expr_scan.l"
+#line 152 "nss_expr_scan.l"
{ return T_OP_GE; }
YY_BREAK
case 31:
YY_RULE_SETUP
-#line 166 "ssl_expr_scan.l"
+#line 153 "nss_expr_scan.l"
{ return T_OP_REG; }
YY_BREAK
case 32:
YY_RULE_SETUP
-#line 167 "ssl_expr_scan.l"
+#line 154 "nss_expr_scan.l"
{ return T_OP_NRE; }
YY_BREAK
case 33:
YY_RULE_SETUP
-#line 168 "ssl_expr_scan.l"
+#line 155 "nss_expr_scan.l"
{ return T_OP_AND; }
YY_BREAK
case 34:
YY_RULE_SETUP
-#line 169 "ssl_expr_scan.l"
+#line 156 "nss_expr_scan.l"
{ return T_OP_AND; }
YY_BREAK
case 35:
YY_RULE_SETUP
-#line 170 "ssl_expr_scan.l"
+#line 157 "nss_expr_scan.l"
{ return T_OP_OR; }
YY_BREAK
case 36:
YY_RULE_SETUP
-#line 171 "ssl_expr_scan.l"
+#line 158 "nss_expr_scan.l"
{ return T_OP_OR; }
YY_BREAK
case 37:
YY_RULE_SETUP
-#line 172 "ssl_expr_scan.l"
+#line 159 "nss_expr_scan.l"
{ return T_OP_NOT; }
YY_BREAK
case 38:
YY_RULE_SETUP
-#line 173 "ssl_expr_scan.l"
+#line 160 "nss_expr_scan.l"
{ return T_OP_NOT; }
YY_BREAK
case 39:
YY_RULE_SETUP
-#line 174 "ssl_expr_scan.l"
+#line 161 "nss_expr_scan.l"
{ return T_OP_IN; }
YY_BREAK
/*
@@ -1006,7 +994,7 @@ YY_RULE_SETUP
*/
case 40:
YY_RULE_SETUP
-#line 179 "ssl_expr_scan.l"
+#line 166 "nss_expr_scan.l"
{ return T_FUNC_FILE; }
YY_BREAK
/*
@@ -1014,12 +1002,12 @@ YY_RULE_SETUP
*/
case 41:
YY_RULE_SETUP
-#line 184 "ssl_expr_scan.l"
+#line 171 "nss_expr_scan.l"
{ return T_TRUE; }
YY_BREAK
case 42:
YY_RULE_SETUP
-#line 185 "ssl_expr_scan.l"
+#line 172 "nss_expr_scan.l"
{ return T_FALSE; }
YY_BREAK
/*
@@ -1027,9 +1015,9 @@ YY_RULE_SETUP
*/
case 43:
YY_RULE_SETUP
-#line 190 "ssl_expr_scan.l"
+#line 177 "nss_expr_scan.l"
{
- yylval.cpVal = apr_pstrdup(ssl_expr_info.pool, yytext);
+ yylval.cpVal = apr_pstrdup(nss_expr_info.pool, yytext);
return T_DIGIT;
}
YY_BREAK
@@ -1038,9 +1026,9 @@ YY_RULE_SETUP
*/
case 44:
YY_RULE_SETUP
-#line 198 "ssl_expr_scan.l"
+#line 185 "nss_expr_scan.l"
{
- yylval.cpVal = apr_pstrdup(ssl_expr_info.pool, yytext);
+ yylval.cpVal = apr_pstrdup(nss_expr_info.pool, yytext);
return T_ID;
}
YY_BREAK
@@ -1049,17 +1037,17 @@ YY_RULE_SETUP
*/
case 45:
YY_RULE_SETUP
-#line 206 "ssl_expr_scan.l"
+#line 193 "nss_expr_scan.l"
{
return yytext[0];
}
YY_BREAK
case 46:
YY_RULE_SETUP
-#line 210 "ssl_expr_scan.l"
+#line 197 "nss_expr_scan.l"
YY_FATAL_ERROR( "flex scanner jammed" );
YY_BREAK
-#line 1064 "lex.ssl_expr_yy.c"
+#line 1052 "lex.nss_expr_yy.c"
case YY_STATE_EOF(INITIAL):
case YY_STATE_EOF(str):
case YY_STATE_EOF(regex):
@@ -1943,19 +1931,19 @@ int main()
return 0;
}
#endif
-#line 210 "ssl_expr_scan.l"
+#line 197 "nss_expr_scan.l"
int yyinput(char *buf, int max_size)
{
int n;
- if ((n = MIN(max_size, ssl_expr_info.inputbuf
- + ssl_expr_info.inputlen
- - ssl_expr_info.inputptr)) <= 0)
+ if ((n = MIN(max_size, nss_expr_info.inputbuf
+ + nss_expr_info.inputlen
+ - nss_expr_info.inputptr)) <= 0)
return YY_NULL;
- memcpy(buf, ssl_expr_info.inputptr, n);
- ssl_expr_info.inputptr += n;
+ memcpy(buf, nss_expr_info.inputptr, n);
+ nss_expr_info.inputptr += n;
return n;
}
diff --git a/ssl_expr_scan.l b/nss_expr_scan.l
index c22bd3e..e237de2 100644
--- a/ssl_expr_scan.l
+++ b/nss_expr_scan.l
@@ -13,19 +13,6 @@
* limitations under the License.
*/
-/* _ _
- * _ __ ___ ___ __| | ___ ___| |
- * | '_ ` _ \ / _ \ / _` | / __/ __| |
- * | | | | | | (_) | (_| | \__ \__ \ | mod_ssl - Apache Interface to OpenSSL
- * |_| |_| |_|\___/ \__,_|___|___/___/_| http://www.modssl.org/
- * |_____|
- * ssl_expr_scan.l
- * Expression Scanner
- */
- /* ``Killing for peace is
- like fucking for virginity.''
- -- Unknown */
-
/* _________________________________________________________________
**
** Expression Scanner
@@ -35,7 +22,7 @@
%{
#include "mod_nss.h"
-#include "ssl_expr_parse.h"
+#include "nss_expr_parse.h"
#define YY_NO_UNPUT 1
int yyinput(char *buf, int max_size);
@@ -79,7 +66,7 @@ int yyinput(char *buf, int max_size);
<str>\" {
BEGIN(INITIAL);
*cpStr = NUL;
- yylval.cpVal = apr_pstrdup(ssl_expr_info.pool, caStr);
+ yylval.cpVal = apr_pstrdup(nss_expr_info.pool, caStr);
return T_STRING;
}
<str>\n {
@@ -132,18 +119,18 @@ int yyinput(char *buf, int max_size);
}
}
<regex_flags>i {
- yylval.cpVal = apr_pstrdup(ssl_expr_info.pool, caRegex);
+ yylval.cpVal = apr_pstrdup(nss_expr_info.pool, caRegex);
BEGIN(INITIAL);
return T_REGEX_I;
}
<regex_flags>.|\n {
- yylval.cpVal = apr_pstrdup(ssl_expr_info.pool, caRegex);
+ yylval.cpVal = apr_pstrdup(nss_expr_info.pool, caRegex);
yyless(0);
BEGIN(INITIAL);
return T_REGEX;
}
<regex_flags><<EOF>> {
- yylval.cpVal = apr_pstrdup(ssl_expr_info.pool, caRegex);
+ yylval.cpVal = apr_pstrdup(nss_expr_info.pool, caRegex);
BEGIN(INITIAL);
return T_REGEX;
}
@@ -188,7 +175,7 @@ int yyinput(char *buf, int max_size);
* Digits
*/
[0-9]+ {
- yylval.cpVal = apr_pstrdup(ssl_expr_info.pool, yytext);
+ yylval.cpVal = apr_pstrdup(nss_expr_info.pool, yytext);
return T_DIGIT;
}
@@ -196,7 +183,7 @@ int yyinput(char *buf, int max_size);
* Identifiers
*/
[a-zA-Z][a-zA-Z0-9_:-]* {
- yylval.cpVal = apr_pstrdup(ssl_expr_info.pool, yytext);
+ yylval.cpVal = apr_pstrdup(nss_expr_info.pool, yytext);
return T_ID;
}
@@ -213,12 +200,12 @@ int yyinput(char *buf, int max_size)
{
int n;
- if ((n = MIN(max_size, ssl_expr_info.inputbuf
- + ssl_expr_info.inputlen
- - ssl_expr_info.inputptr)) <= 0)
+ if ((n = MIN(max_size, nss_expr_info.inputbuf
+ + nss_expr_info.inputlen
+ - nss_expr_info.inputptr)) <= 0)
return YY_NULL;
- memcpy(buf, ssl_expr_info.inputptr, n);
- ssl_expr_info.inputptr += n;
+ memcpy(buf, nss_expr_info.inputptr, n);
+ nss_expr_info.inputptr += n;
return n;
}
diff --git a/nss_util.c b/nss_util.c
index 502964c..2a5b91c 100644
--- a/nss_util.c
+++ b/nss_util.c
@@ -24,7 +24,7 @@
** _________________________________________________________________
*/
-char *ssl_util_vhostid(apr_pool_t *p, server_rec *s)
+char *nss_util_vhostid(apr_pool_t *p, server_rec *s)
{
char *id;
SSLSrvConfigRec *sc;
@@ -45,24 +45,24 @@ char *ssl_util_vhostid(apr_pool_t *p, server_rec *s)
return id;
}
-void ssl_util_strupper(char *s)
+void nss_util_strupper(char *s)
{
for (; *s; ++s)
*s = apr_toupper(*s);
return;
}
-static const char ssl_util_uuencode_six2pr[64+1] =
+static const char nss_util_uuencode_six2pr[64+1] =
"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
-void ssl_util_uuencode(char *szTo, const char *szFrom, BOOL bPad)
+void nss_util_uuencode(char *szTo, const char *szFrom, BOOL bPad)
{
- ssl_util_uuencode_binary((unsigned char *)szTo,
+ nss_util_uuencode_binary((unsigned char *)szTo,
(const unsigned char *)szFrom,
strlen(szFrom), bPad);
}
-void ssl_util_uuencode_binary(unsigned char *szTo,
+void nss_util_uuencode_binary(unsigned char *szTo,
const unsigned char *szFrom,
int nLength, BOOL bPad)
{
@@ -70,18 +70,18 @@ void ssl_util_uuencode_binary(unsigned char *szTo,
int nPad = 0;
for (s = szFrom; nLength > 0; s += 3) {
- *szTo++ = ssl_util_uuencode_six2pr[s[0] >> 2];
- *szTo++ = ssl_util_uuencode_six2pr[(s[0] << 4 | s[1] >> 4) & 0x3f];
+ *szTo++ = nss_util_uuencode_six2pr[s[0] >> 2];
+ *szTo++ = nss_util_uuencode_six2pr[(s[0] << 4 | s[1] >> 4) & 0x3f];
if (--nLength == 0) {
nPad = 2;
break;
}
- *szTo++ = ssl_util_uuencode_six2pr[(s[1] << 2 | s[2] >> 6) & 0x3f];
+ *szTo++ = nss_util_uuencode_six2pr[(s[1] << 2 | s[2] >> 6) & 0x3f];
if (--nLength == 0) {
nPad = 1;
break;
}
- *szTo++ = ssl_util_uuencode_six2pr[s[2] & 0x3f];
+ *szTo++ = nss_util_uuencode_six2pr[s[2] & 0x3f];
--nLength;
}
while(bPad && nPad--) {
@@ -91,7 +91,7 @@ void ssl_util_uuencode_binary(unsigned char *szTo,
return;
}
-apr_file_t *ssl_util_ppopen(server_rec *s, apr_pool_t *p, const char *cmd,
+apr_file_t *nss_util_ppopen(server_rec *s, apr_pool_t *p, const char *cmd,
const char * const *argv)
{
apr_procattr_t *procattr;
@@ -114,7 +114,7 @@ apr_file_t *ssl_util_ppopen(server_rec *s, apr_pool_t *p, const char *cmd,
return proc->out;
}
-void ssl_util_ppclose(server_rec *s, apr_pool_t *p, apr_file_t *fp)
+void nss_util_ppclose(server_rec *s, apr_pool_t *p, apr_file_t *fp)
{
apr_file_close(fp);
return;
@@ -123,7 +123,7 @@ void ssl_util_ppclose(server_rec *s, apr_pool_t *p, apr_file_t *fp)
/*
* Run a filter program and read the first line of its stdout output
*/
-char *ssl_util_readfilter(server_rec *s, apr_pool_t *p, const char *cmd,
+char *nss_util_readfilter(server_rec *s, apr_pool_t *p, const char *cmd,
const char * const *argv)
{
static char buf[MAX_STRING_LEN];
@@ -132,7 +132,7 @@ char *ssl_util_readfilter(server_rec *s, apr_pool_t *p, const char *cmd,
char c;
int k;
- if ((fp = ssl_util_ppopen(s, p, cmd, argv)) == NULL)
+ if ((fp = nss_util_ppopen(s, p, cmd, argv)) == NULL)
return NULL;
/* XXX: we are reading 1 byte at a time here */
for (k = 0; apr_file_read(fp, &c, &nbytes) == APR_SUCCESS
@@ -142,7 +142,7 @@ char *ssl_util_readfilter(server_rec *s, apr_pool_t *p, const char *cmd,
buf[k++] = c;
}
buf[k] = NUL;
- ssl_util_ppclose(s, p, fp);
+ nss_util_ppclose(s, p, fp);
return buf;
}
generated by cgit (git 2.34.1) at 2024-05-13 18:32:51 +0000