diff options
| author | Rob Crittenden <rcritten@redhat.com> | 2014-02-20 16:32:52 -0500 |
|---|---|---|
| committer | Rob Crittenden <rcritten@redhat.com> | 2014-02-21 14:20:19 -0500 |
| commit | 6ea9bd897f3cfc1526067b52868d31ee3da19cc1 (patch) | |
| tree | 0b77a10ffa7ab22ba248a7c1038e04bbd43ebee3 /nss_engine_vars.c | |
| parent | 8eff5df729dcad9c229e637b752b762a4ad5472a (diff) | |
| download | mod_nss-6ea9bd897f3cfc1526067b52868d31ee3da19cc1.tar.gz mod_nss-6ea9bd897f3cfc1526067b52868d31ee3da19cc1.tar.xz mod_nss-6ea9bd897f3cfc1526067b52868d31ee3da19cc1.zip | |
Work with mod_proxy when mod_ssl is also loaded.
There is a single-set of hooks in mod_proxy so if mod_ssl was even
loaded,even if not being used, it would grab those hooks and mod_nss
would not work.
Resolves #1021469
Diffstat (limited to 'nss_engine_vars.c')
| -rw-r--r-- | nss_engine_vars.c | 32 |
1 files changed, 25 insertions, 7 deletions
diff --git a/nss_engine_vars.c b/nss_engine_vars.c index 8f0379a..8eba2df 100644 --- a/nss_engine_vars.c +++ b/nss_engine_vars.c @@ -39,11 +39,17 @@ static char *nss_var_lookup_nss_cert_verify(apr_pool_t *p, conn_rec *c); static char *nss_var_lookup_nss_cipher(apr_pool_t *p, conn_rec *c, char *var); static char *nss_var_lookup_nss_version(apr_pool_t *p, char *var); static char *nss_var_lookup_protocol_version(apr_pool_t *p, conn_rec *c); +static char *ssl_var_lookup(apr_pool_t *p, server_rec *s, conn_rec *c, request_rec *r, char *var); + +static APR_OPTIONAL_FN_TYPE(ssl_is_https) *othermod_is_https; +static APR_OPTIONAL_FN_TYPE(ssl_var_lookup) *othermod_var_lookup; static int nss_is_https(conn_rec *c) { SSLConnRec *sslconn = myConnConfig(c); - return sslconn && sslconn->ssl; + + return (sslconn && sslconn->ssl) + || (othermod_is_https && othermod_is_https(c)); } static int ssl_is_https(conn_rec *c) { @@ -52,14 +58,17 @@ static int ssl_is_https(conn_rec *c) { void nss_var_register(void) { + /* Always register these mod_nss optional functions */ APR_REGISTER_OPTIONAL_FN(nss_is_https); APR_REGISTER_OPTIONAL_FN(nss_var_lookup); - /* These can only be registered if mod_ssl is not loaded */ - if (APR_RETRIEVE_OPTIONAL_FN(ssl_is_https) == NULL) - APR_REGISTER_OPTIONAL_FN(ssl_is_https); - if (APR_RETRIEVE_OPTIONAL_FN(ssl_var_lookup) == NULL) - APR_REGISTER_OPTIONAL_FN(ssl_var_lookup); + /* Save the state of any previously registered mod_ssl functions */ + othermod_is_https = APR_RETRIEVE_OPTIONAL_FN(ssl_is_https); + othermod_var_lookup = APR_RETRIEVE_OPTIONAL_FN(ssl_var_lookup); + + /* Always register these local mod_ssl optional functions */ + APR_REGISTER_OPTIONAL_FN(ssl_is_https); + APR_REGISTER_OPTIONAL_FN(ssl_var_lookup); return; } @@ -174,6 +183,15 @@ char *nss_var_lookup(apr_pool_t *p, server_rec *s, conn_rec *c, request_rec *r, */ if (result == NULL && c != NULL) { SSLConnRec *sslconn = myConnConfig(c); + + if (strlen(var) > 4 && strcEQn(var, "SSL_", 4) + && (!sslconn || !sslconn->ssl) && othermod_var_lookup) { + /* If mod_ssl is registered for this connection, + * pass any SSL_* variable through to the mod_ssl module + */ + return othermod_var_lookup(p, s, c, r, var); + } + if (strlen(var) > 4 && strcEQn(var, "SSL_", 4) && sslconn && sslconn->ssl) result = nss_var_lookup_ssl(p, c, var+4); @@ -252,7 +270,7 @@ char *nss_var_lookup(apr_pool_t *p, server_rec *s, conn_rec *c, request_rec *r, return result; } -char *ssl_var_lookup(apr_pool_t *p, server_rec *s, conn_rec *c, request_rec *r, char *var) { +static char *ssl_var_lookup(apr_pool_t *p, server_rec *s, conn_rec *c, request_rec *r, char *var) { return nss_var_lookup(p, s, c, r, var); } |