From 44409398b2bb63a092e16db686f4ddcd2cd88554 Mon Sep 17 00:00:00 2001 From: Rob Crittenden Date: Fri, 2 Oct 2015 15:34:36 -0400 Subject: Cleanup to remove a slew of trailing whitespace --- docs/mod_nss.html | 2 +- mod_nss.c | 18 ++++++++-------- mod_nss.h | 12 +++++------ nss_engine_cipher.c | 2 +- nss_engine_config.c | 42 ++++++++++++++++++------------------- nss_engine_init.c | 58 ++++++++++++++++++++++++++-------------------------- nss_engine_io.c | 44 +++++++++++++++++++-------------------- nss_engine_kernel.c | 44 +++++++++++++++++++-------------------- nss_engine_log.c | 8 ++++---- nss_engine_pphrase.c | 18 ++++++++-------- nss_engine_rand.c | 4 ++-- nss_engine_vars.c | 12 +++++------ nss_expr_eval.c | 2 +- nss_pcache.c | 14 ++++++------- nss_util.c | 14 ++++++------- 15 files changed, 147 insertions(+), 147 deletions(-) diff --git a/docs/mod_nss.html b/docs/mod_nss.html index f073978..37588e8 100644 --- a/docs/mod_nss.html +++ b/docs/mod_nss.html @@ -1076,7 +1076,7 @@ Configures whether a non-SNI client is allowed to access a name-based VirtualHost. If set to on in the default name-based VirtualHost then clients that are SNI unaware cannot access any virtual host. If set to on in any other VirtualHost then SNI unaware clients cannot access -this particular virtual host. +this particular virtual host.

Example
diff --git a/mod_nss.c b/mod_nss.c index c58ca47..b3ea6f0 100644 --- a/mod_nss.c +++ b/mod_nss.c @@ -133,14 +133,14 @@ static const command_rec nss_config_cmds[] = { "Require the SSL protocol for the per-directory context " "(no arguments)") SSL_CMD_DIR(Require, AUTHCFG, RAW_ARGS, - "Require a boolean expression to evaluate to true for granting access" + "Require a boolean expression to evaluate to true for granting access" "(arbitrary complex boolean expression - see manual)") SSL_CMD_DIR(RenegBufferSize, AUTHCFG, TAKE1, "Configure the amount of memory that will be used for buffering the " "request body if a per-location SSL renegotiation is required due to " "changed access control requirements") - /* + /* * Proxy configuration for remote SSL connections */ SSL_CMD_SRV(ProxyEngine, FLAG, @@ -160,14 +160,14 @@ static const command_rec nss_config_cmds[] = { #ifdef IGNORE /* Deprecated directives. */ - AP_INIT_RAW_ARGS("NSSLog", ap_set_deprecated, NULL, OR_ALL, + AP_INIT_RAW_ARGS("NSSLog", ap_set_deprecated, NULL, OR_ALL, "SSLLog directive is no longer supported - use ErrorLog."), - AP_INIT_RAW_ARGS("NSSLogLevel", ap_set_deprecated, NULL, OR_ALL, + AP_INIT_RAW_ARGS("NSSLogLevel", ap_set_deprecated, NULL, OR_ALL, "SSLLogLevel directive is no longer supported - use LogLevel."), #endif AP_INIT_TAKE1("User", set_user, NULL, RSRC_CONF, "Apache user. Comes from httpd.conf."), - + AP_END_CMD }; @@ -273,7 +273,7 @@ SECStatus NSSBadCertHandler(void *arg, PRFileDesc * socket) SECStatus rv = SECFailure; CERTCertificate *peerCert = SSL_PeerCertificate(socket); const char *hostname_note; - + switch (err) { case SSL_ERROR_BAD_CERT_DOMAIN: if (sc->proxy_ssl_check_peer_cn == TRUE) { @@ -329,7 +329,7 @@ static SECStatus NSSGetClientAuthData(void *arg, PRFileDesc *socket, } else { CERT_DestroyCertificate(cert); } - } + } if (rv == SECSuccess) { *pRetCert = cert; @@ -374,7 +374,7 @@ static int nss_hook_pre_connection(conn_rec *c, void *csd) ap_log_error(APLOG_MARK, APLOG_INFO, 0, c->base_server, "Connection to child %ld established " - "(server %s, client %s)", c->id, sc->vhost_id, + "(server %s, client %s)", c->id, sc->vhost_id, #if AP_SERVER_MINORVERSION_NUMBER <= 2 c->remote_ip ? c->remote_ip : "unknown"); #else @@ -462,7 +462,7 @@ static apr_port_t nss_hook_default_port(const request_rec *r) static void nss_register_hooks(apr_pool_t *p) { /* nss_hook_ReadReq needs to use the BrowserMatch settings so must - * run after mod_setenvif's post_read_request hook. */ + * run after mod_setenvif's post_read_request hook. */ static const char *pre_prr[] = { "mod_setenvif.c", NULL }; nss_io_filter_register(p); diff --git a/mod_nss.h b/mod_nss.h index 5c1d642..06710e4 100644 --- a/mod_nss.h +++ b/mod_nss.h @@ -147,7 +147,7 @@ ap_set_module_config(c->conn_config, &nss_module, val) #define SSL_SESSION_CACHE_TIMEOUT 100 #endif -#ifndef SSL3_SESSION_CACHE_TIMEOUT +#ifndef SSL3_SESSION_CACHE_TIMEOUT #define SSL3_SESSION_CACHE_TIMEOUT 86400 #endif @@ -176,7 +176,7 @@ typedef int nss_opt_t; /* * Define the SSL requirement structure - */ + */ typedef struct { char *cpExpr; nss_expr *mpExpr; @@ -231,7 +231,7 @@ typedef enum { typedef struct { PRFileDesc *ssl; const char *client_dn; - CERTCertificate *client_cert; + CERTCertificate *client_cert; int is_proxy; int disabled; int non_nss_request; @@ -282,7 +282,7 @@ typedef struct { typedef struct { SSLSrvConfigRec *sc; /* pointer back to server config */ - + char *cipherSuite; int as_server; @@ -376,7 +376,7 @@ typedef struct regex_t ap_regex_t; #define AP_REG_NOSUB REG_NOSUB #define AP_REG_ICASE REG_ICASE #endif - + /* * function prototypes */ @@ -455,7 +455,7 @@ void nss_var_log_config_register(apr_pool_t *p); APR_DECLARE_OPTIONAL_FN(char *, nss_var_lookup, (apr_pool_t *, server_rec *, - conn_rec *, request_rec *, + conn_rec *, request_rec *, char *)); /* An optional function which returns non-zero if the given connection diff --git a/nss_engine_cipher.c b/nss_engine_cipher.c index 5ea1f53..b0b51e4 100644 --- a/nss_engine_cipher.c +++ b/nss_engine_cipher.c @@ -155,7 +155,7 @@ int nss_parse_ciphers(server_rec *s, char *ciphers, PRBool cipher_list[ciphernum /* Given a set of ciphers perform a given action on the indexed value. - * + * * This is needed because the + action doesn't do anything in the NSS * context. In OpenSSL it will re-order the cipher list. */ diff --git a/nss_engine_config.c b/nss_engine_config.c index 0945380..0b4b8b0 100644 --- a/nss_engine_config.c +++ b/nss_engine_config.c @@ -126,7 +126,7 @@ static void modnss_ctx_init_server(SSLSrvConfigRec *sc, static SSLSrvConfigRec *nss_config_server_new(apr_pool_t *p) { SSLSrvConfigRec *sc = apr_palloc(p, sizeof(*sc)); - + sc->mc = NULL; sc->ocsp = UNSET; sc->ocsp_default = UNSET; @@ -250,13 +250,13 @@ void *nss_config_perdir_create(apr_pool_t *p, char *dir) { return dc; } - + const char *nss_cmd_NSSRequireSSL(cmd_parms *cmd, void *dcfg) { SSLDirConfigRec *dc = (SSLDirConfigRec *)dcfg; dc->bSSLRequired = TRUE; - + return NULL; } @@ -334,16 +334,16 @@ const char *nss_cmd_NSSEngine(cmd_parms *cmd, void *dcfg, int flag) SSLSrvConfigRec *sc = mySrvConfig(cmd->server); sc->enabled = flag ? TRUE : FALSE; - + return NULL; } const char *nss_cmd_NSSFIPS(cmd_parms *cmd, void *dcfg, int flag) { SSLSrvConfigRec *sc = mySrvConfig(cmd->server); - + sc->fips = flag ? TRUE : FALSE; - + return NULL; } @@ -521,7 +521,7 @@ const char *nss_cmd_NSSRenegotiation(cmd_parms *cmd, void *dcfg, int flag) SSLSrvConfigRec *sc = mySrvConfig(cmd->server); sc->server->enablerenegotiation = flag ? PR_TRUE : PR_FALSE; - + return NULL; } @@ -530,7 +530,7 @@ const char *nss_cmd_NSSRequireSafeNegotiation(cmd_parms *cmd, void *dcfg, int fl SSLSrvConfigRec *sc = mySrvConfig(cmd->server); sc->server->requiresafenegotiation = flag ? PR_TRUE : PR_FALSE; - + return NULL; } #endif @@ -551,12 +551,12 @@ const char *nss_cmd_NSSECCNickname(cmd_parms *cmd, const char *nss_cmd_NSSProxyEngine(cmd_parms *cmd, void *dcfg, int flag) { SSLSrvConfigRec *sc = mySrvConfig(cmd->server); - + sc->proxy_enabled = flag ? TRUE : FALSE; return NULL; } - + const char *nss_cmd_NSSProxyProtocol(cmd_parms *cmd, void *dcfg, const char *arg) @@ -573,12 +573,12 @@ const char *nss_cmd_NSSProxyCipherSuite(cmd_parms *cmd, const char *arg) { SSLSrvConfigRec *sc = mySrvConfig(cmd->server); - + sc->proxy->auth.cipher_suite = arg; - + return NULL; } - + const char *nss_cmd_NSSProxyNickname(cmd_parms *cmd, void *dcfg, const char *arg) @@ -606,7 +606,7 @@ const char *nss_cmd_NSSEnforceValidCerts(cmd_parms *cmd, SSLSrvConfigRec *sc = mySrvConfig(cmd->server); sc->server->enforce = flag ? PR_TRUE : PR_FALSE; - + return NULL; } @@ -716,16 +716,16 @@ const char *nss_cmd_NSSRandomSeed(cmd_parms *cmd, const char *arg1, const char *arg2, const char *arg3) -{ +{ SSLModConfigRec *mc = myModConfig(cmd->server); const char *err; ssl_randseed_t *seed; int arg2len = strlen(arg2); - + if ((err = ap_check_cmd_context(cmd, GLOBAL_ONLY))) { return err; } - + /* Only run through this once. Otherwise the random seed sources are * pushed into the array for each server start (and we are guaranteed 2) */ if (mc->nInitCount >= 1) { @@ -823,10 +823,10 @@ const char *nss_cmd_NSSOptions(cmd_parms *cmd, const char *arg) { SSLDirConfigRec *dc = (SSLDirConfigRec *)dcfg; - nss_opt_t opt; - int first = TRUE; - char action, *w; - + nss_opt_t opt; + int first = TRUE; + char action, *w; + while (*arg) { w = ap_getword_conf(cmd->pool, &arg); action = NUL; diff --git a/nss_engine_init.c b/nss_engine_init.c index 00d8d8b..211752c 100644 --- a/nss_engine_init.c +++ b/nss_engine_init.c @@ -47,12 +47,12 @@ static char *version_components[] = { "SSL_VERSION_INTERFACE", "SSL_VERSION_LIBRARY", NULL -}; +}; static char *nss_add_version_component(apr_pool_t *p, server_rec *s, char *name) -{ +{ char *val = nss_var_lookup(p, s, NULL, NULL, name); if (val && *val) { @@ -61,7 +61,7 @@ static char *nss_add_version_component(apr_pool_t *p, return val; } - + static void nss_add_version_components(apr_pool_t *p, server_rec *s) { @@ -88,7 +88,7 @@ static void nss_init_SSLLibrary(server_rec *base_server, apr_pool_t *p) { SECStatus rv; SSLModConfigRec *mc = myModConfig(base_server); - SSLSrvConfigRec *sc; + SSLSrvConfigRec *sc; char cwd[PATH_MAX]; server_rec *s; int fipsenabled = FALSE; @@ -143,7 +143,7 @@ static void nss_init_SSLLibrary(server_rec *base_server, apr_pool_t *p) } if (strncasecmp(mc->pCertificateDatabase, "sql:", 4) == 0) dbdir = (char *)mc->pCertificateDatabase + 4; - else + else dbdir = (char *)mc->pCertificateDatabase; if (chdir(dbdir) != 0) { ap_log_error(APLOG_MARK, APLOG_ERR, 0, base_server, @@ -254,7 +254,7 @@ static void nss_init_SSLLibrary(server_rec *base_server, apr_pool_t *p) /* We ensure that ocspname and ocspurl are not NULL above. */ if (ocspdefault) { SECStatus sv; - + sv = CERT_SetOCSPDefaultResponder(CERT_GetDefaultCertDB(), ocspurl, ocspname); @@ -289,7 +289,7 @@ static void nss_init_SSLLibrary(server_rec *base_server, apr_pool_t *p) "SNI is disabled"); } - /* + /* * Seed the Pseudo Random Number Generator (PRNG) * only need ptemp here; nothing inside allocated from the pool * needs to live once we return from nss_rand_seed(). @@ -302,7 +302,7 @@ int nss_init_Module(apr_pool_t *p, apr_pool_t *plog, server_rec *base_server) { SSLModConfigRec *mc = myModConfig(base_server); - SSLSrvConfigRec *sc; + SSLSrvConfigRec *sc; server_rec *s; int sslenabled = FALSE; int fipsenabled = FALSE; @@ -313,7 +313,7 @@ int nss_init_Module(apr_pool_t *p, apr_pool_t *plog, mc->nInitCount++; - /* + /* * Let us cleanup on restarts and exists */ apr_pool_cleanup_register(p, base_server, @@ -321,7 +321,7 @@ int nss_init_Module(apr_pool_t *p, apr_pool_t *plog, apr_pool_cleanup_null); mc->ptemp = ptemp; - + /* * Any init round fixes the global config */ @@ -334,7 +334,7 @@ int nss_init_Module(apr_pool_t *p, apr_pool_t *plog, ap_log_error(APLOG_MARK, APLOG_WARNING, 0, base_server, "NSSSessionCacheTimeout is deprecated. Ignoring."); - /* We still need to pass in a legal value to + /* We still need to pass in a legal value to * SSL_ConfigMPServerSIDCache() and SSL_ConfigServerSessionIDCache() */ mc->session_cache_timeout = 0; /* use NSS default */ @@ -893,14 +893,14 @@ static void nss_init_ctx_cipher_suite(server_rec *s, { PRBool cipher_state[ciphernum]; PRBool fips_state[ciphernum]; - const char *suite = mctx->auth.cipher_suite; + const char *suite = mctx->auth.cipher_suite; char * object_type = NULL; char * cipher_suite_marker = NULL; char * ciphers; char * fipsciphers = NULL; int i; - - /* + + /* * Configure SSL Cipher Suite */ if (!suite) { @@ -1067,17 +1067,17 @@ static void nss_init_server_check(server_rec *s, static void nss_init_ctx(server_rec *s, apr_pool_t *p, apr_pool_t *ptemp, - modnss_ctx_t *mctx) + modnss_ctx_t *mctx) { nss_init_ctx_socket(s, p, ptemp, mctx); nss_init_ctx_protocol(s, p, ptemp, mctx); - + nss_init_ctx_session_cache(s, p, ptemp, mctx); - + nss_init_ctx_callbacks(s, p, ptemp, mctx); - + nss_init_ctx_verify(s, p, ptemp, mctx); nss_init_ctx_cipher_suite(s, p, ptemp, mctx); @@ -1102,7 +1102,7 @@ static void nss_init_certificate(server_rec *s, const char *nickname, apr_array_header_t *names = NULL; apr_array_header_t *wild_names = NULL; int i, j; - + if (nickname == NULL) { return; } @@ -1132,13 +1132,13 @@ static void nss_init_certificate(server_rec *s, const char *nickname, if (strchr(nickname, ':')) { - char* token = strdup(nickname); + char* token = strdup(nickname); char* colon = strchr(token, ':'); if (colon) { *colon = 0; slot = PK11_FindSlotByName(token); if (!slot) { - /* + /* * Slot not found. This should never happen because we * already found the cert. */ @@ -1200,7 +1200,7 @@ static void nss_init_certificate(server_rec *s, const char *nickname, nn = certNickDNS->numnicknames; while ( nn > 0 ) { - ap_str_tolower(*nnptr); + ap_str_tolower(*nnptr); addHashVhostNick(*nnptr, (char *)nickname); nnptr++; nn--; @@ -1327,7 +1327,7 @@ static void nss_init_server_certs(server_rec *s, nss_log_nss_error(APLOG_MARK, APLOG_ERR, s); nss_die(); } - + } static void nss_init_proxy_ctx(server_rec *s, @@ -1434,7 +1434,7 @@ void nss_init_Child(apr_pool_t *p, server_rec *base_server) CERT_DestroyCertList(clist); } - /* + /* * Let us cleanup on restarts and exits */ apr_pool_cleanup_register(p, base_server, @@ -1574,7 +1574,7 @@ SECStatus ownHandshakeCallback(PRFileDesc * socket, void *arg) */ static PRBool cert_IsNewer(CERTCertificate *certa, CERTCertificate *certb) -{ +{ PRTime notBeforeA, notAfterA, notBeforeB, notAfterB, now; SECStatus rv; PRBool newerbefore, newerafter; @@ -1662,11 +1662,11 @@ FindServerCertFromNickname(const char* name, const CERTCertList* clist) * Otherwise just return the cert if the nickname matches. */ if (CERT_CheckCertUsage(cert, certUsageSSLServer) == SECSuccess) { - matchedUsage = 2; + matchedUsage = 2; } else { - if (CERT_CheckCertUsage(cert, certUsageEmailRecipient) == SECSuccess) + if (CERT_CheckCertUsage(cert, certUsageEmailRecipient) == SECSuccess) { - matchedUsage = 1; + matchedUsage = 1; } } @@ -1776,7 +1776,7 @@ PRInt32 nssSSLSNISocketConfig(PRFileDesc *fd, const SECItem *sniNameArr, } privKey = PK11_FindKeyByAnyCert(cert, &pinArg); if (privKey == NULL) { - goto loser; + goto loser; } SSLKEAType certKEA = NSS_FindCertKEAType(cert); diff --git a/nss_engine_io.c b/nss_engine_io.c index 5593246..a13b74f 100644 --- a/nss_engine_io.c +++ b/nss_engine_io.c @@ -415,7 +415,7 @@ static apr_status_t nss_io_input_read(nspr_filter_in_ctx_t *inctx, if (APR_STATUS_IS_EAGAIN(inctx->rc) || APR_STATUS_IS_EINTR(inctx->rc)) { /* Already read something, return APR_SUCCESS instead. */ - if (*len > 0) { + if (*len > 0) { inctx->rc = APR_SUCCESS; break; } @@ -458,7 +458,7 @@ static apr_status_t nss_io_input_getline(nspr_filter_in_ctx_t *inctx, while (tmplen > 0) { status = nss_io_input_read(inctx, buf + offset, &tmplen); - + if (status != APR_SUCCESS) { return status; } @@ -551,13 +551,13 @@ static apr_status_t nss_filter_write(ap_filter_t *f, /* Just use a simple request. Any request will work for this, because * we use a flag in the conn_rec->conn_vector now. The fake request just * gets the request back to the Apache core so that a response can be sent. - * + * * To avoid calling back for more data from the socket, use an HTTP/0.9 * request, and tack on an EOS bucket. */ #define HTTP_ON_HTTPS_PORT \ "GET /" CRLF - + #define HTTP_ON_HTTPS_PORT_BUCKET(alloc) \ apr_bucket_immortal_create(HTTP_ON_HTTPS_PORT, \ sizeof(HTTP_ON_HTTPS_PORT) - 1, \ @@ -569,15 +569,15 @@ static void nss_io_filter_disable(SSLConnRec *sslconn, ap_filter_t *f) nspr_filter_in_ctx_t *inctx = f->ctx; sslconn->ssl = NULL; inctx->filter_ctx->pssl = NULL; -} +} static apr_status_t nss_io_filter_error(ap_filter_t *f, apr_bucket_brigade *bb, apr_status_t status) -{ +{ SSLConnRec *sslconn = myConnConfig(f->c); apr_bucket *bucket; - + switch (status) { case HTTP_BAD_REQUEST: /* log the situation */ @@ -612,7 +612,7 @@ static apr_status_t nss_filter_io_shutdown(nss_filter_ctx_t *filter_ctx, { PRFileDesc *ssl = filter_ctx->pssl; SSLConnRec *sslconn = myConnConfig(c); - + if (!ssl) { return APR_SUCCESS; } @@ -1010,7 +1010,7 @@ int nss_io_buffer_fill(request_rec *r, apr_size_t maxlen) apr_bucket_brigade *tempb; apr_off_t total = 0; /* total length buffered */ int eos = 0; /* non-zero once EOS is seen */ - + /* Create the context which will be passed to the input filter. */ ctx = apr_palloc(r->pool, sizeof *ctx); apr_pool_create(&ctx->pool, r->pool); @@ -1038,10 +1038,10 @@ int nss_io_buffer_fill(request_rec *r, apr_size_t maxlen) "could not read request body for SSL buffer"); return HTTP_INTERNAL_SERVER_ERROR; } - + /* Iterate through the returned brigade: setaside each bucket * into the context's pool and move it into the brigade. */ - for (e = APR_BRIGADE_FIRST(tempb); + for (e = APR_BRIGADE_FIRST(tempb); e != APR_BRIGADE_SENTINEL(tempb) && !eos; e = next) { const char *data; apr_size_t len; @@ -1059,19 +1059,19 @@ int nss_io_buffer_fill(request_rec *r, apr_size_t maxlen) } total += len; } - + rv = apr_bucket_setaside(e, ctx->pool); if (rv != APR_SUCCESS) { ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r, "could not setaside bucket for SSL buffer"); return HTTP_INTERNAL_SERVER_ERROR; } - + APR_BUCKET_REMOVE(e); APR_BRIGADE_INSERT_TAIL(ctx->bb, e); } - ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, + ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, "total of %" APR_OFF_T_FMT " bytes in buffer, eos=%d", total, eos); @@ -1133,7 +1133,7 @@ static apr_status_t nss_io_filter_buffer(ap_filter_t *f, apr_bucket *d = APR_BRIGADE_FIRST(ctx->bb); e = APR_BUCKET_PREV(e); - + /* Unsplice the partitioned segment and move it into the * passed-in brigade; no convenient way to do this with * the APR_BRIGADE_* macros. */ @@ -1158,7 +1158,7 @@ static apr_status_t nss_io_filter_buffer(ap_filter_t *f, if (APR_BRIGADE_EMPTY(ctx->bb)) { apr_bucket *e = APR_BRIGADE_LAST(bb); - + /* Ensure that the brigade is terminated by an EOS if the * buffered request body has been entirely consumed. */ if (e == APR_BRIGADE_SENTINEL(bb) || !APR_BUCKET_IS_EOS(e)) { @@ -1219,9 +1219,9 @@ void nss_io_filter_init(conn_rec *c, PRFileDesc *ssl) void nss_io_filter_register(apr_pool_t *p) { ap_register_input_filter (nss_io_filter, nss_io_filter_input, NULL, AP_FTYPE_CONNECTION + 5); - ap_register_output_filter (nss_io_filter, nss_io_filter_output, NULL, AP_FTYPE_CONNECTION + 5); + ap_register_output_filter (nss_io_filter, nss_io_filter_output, NULL, AP_FTYPE_CONNECTION + 5); ap_register_input_filter (nss_io_buffer, nss_io_filter_buffer, NULL, AP_FTYPE_PROTOCOL - 1); - return; + return; } PRFileDesc * nss_io_new_fd() { @@ -1248,7 +1248,7 @@ static PRStatus PR_CALLBACK nspr_filter_getpeername(PRFileDesc *fd, PRNetAddr *a #endif } -/* +/* * Translate NSPR PR_GetSocketOption() calls into apr_socket_opt_get() calls. */ static PRStatus PR_CALLBACK nspr_filter_getsocketoption(PRFileDesc *fd, PRSocketOptionData *data) { @@ -1309,7 +1309,7 @@ static PRStatus PR_CALLBACK nspr_filter_getsocketoption(PRFileDesc *fd, PRSocket return rv; } -/* +/* * Translate NSPR PR_SetSocketOption() calls into apr_socket_opt_set() calls. */ static PRStatus PR_CALLBACK nspr_filter_setsocketOption(PRFileDesc *fd, const PRSocketOptionData *data) { @@ -1370,7 +1370,7 @@ static PRStatus PR_CALLBACK nspr_filter_setsocketOption(PRFileDesc *fd, const PR } static PRStatus PR_CALLBACK -nspr_filter_shutdown(PRFileDesc *fd, PRIntn how) +nspr_filter_shutdown(PRFileDesc *fd, PRIntn how) { return PR_SUCCESS; } @@ -1391,7 +1391,7 @@ static PRInt32 PR_CALLBACK nspr_filter_send(PRFileDesc *fd, const void *buf, PRI return nspr_filter_out_write(fd, buf, amount); } -/* +/* * Called once to initialize the NSPR layer that we push for each * request. */ diff --git a/nss_engine_kernel.c b/nss_engine_kernel.c index 28042fb..6c15ac5 100644 --- a/nss_engine_kernel.c +++ b/nss_engine_kernel.c @@ -72,7 +72,7 @@ int nss_hook_ReadReq(request_rec *r) * delayed interlinking from SSL back to request_rec */ if (!ssl) { - return DECLINED; + return DECLINED; } /* @@ -118,7 +118,7 @@ int nss_hook_ReadReq(request_rec *r) apr_pool_destroy(s_p); return HTTP_BAD_REQUEST; - } + } apr_pool_destroy(s_p); } } else if (((sc->strict_sni_vhost_check) @@ -178,8 +178,8 @@ int nss_hook_Access(request_rec *r) SSLSrvConfigRec *sc = mySrvConfig(r->server); SSLConnRec *sslconn = myConnConfig(r->connection); PRFileDesc *ssl = sslconn ? sslconn->ssl : NULL; - apr_array_header_t *requires; - nss_require_t *nss_requires; + apr_array_header_t *requires; + nss_require_t *nss_requires; char *cp; int ok, i; BOOL renegotiate = FALSE, renegotiate_quick = FALSE; @@ -217,7 +217,7 @@ int nss_hook_Access(request_rec *r) /* * Support for per-directory reconfigured SSL connection parameters. - * + * * This is implemented by forcing an SSL renegotiation with the * reconfigured parameter suite. But Apache's internal API processing * makes our life very hard here, because when internal sub-requests occur @@ -235,7 +235,7 @@ int nss_hook_Access(request_rec *r) * the reconfigured parameter suite is stronger (more restrictions) than * the currently active one. */ - + /* * Override of NSSCipherSuite * @@ -286,7 +286,7 @@ int nss_hook_Access(request_rec *r) "permitted SSL ciphers"); nss_log_nss_error(APLOG_MARK, APLOG_ERR, r->server); free(ciphers); - + return HTTP_FORBIDDEN; } free(ciphers); @@ -375,7 +375,7 @@ int nss_hook_Access(request_rec *r) SSL_OptionSet(ssl, SSL_REQUEST_CERTIFICATE, PR_FALSE); SSL_OptionSet(ssl, SSL_REQUIRE_CERTIFICATE, SSL_REQUIRE_NEVER); } - + /* determine whether we've to force a renegotiation */ if (!renegotiate && verify != verify_old) { if (((verify_old == SSL_CVERIFY_NONE) && @@ -415,7 +415,7 @@ int nss_hook_Access(request_rec *r) * handshake immediately; once the SSL library moves to the * "accept" state, it will reject the SSL packets which the client * is sending for the request body. - * + * * To allow authentication to complete in this auth hook, the * solution used here is to fill a (bounded) buffer with the * request body, and then to reinject that request body later. @@ -476,16 +476,16 @@ int nss_hook_Access(request_rec *r) "just re-verifying the peer"); peerCert = SSL_PeerCertificate(sslconn->ssl); - + pinArg = SSL_RevealPinArg(sslconn->ssl); - + rv = CERT_VerifyCertNow(CERT_GetDefaultCertDB(), peerCert, PR_TRUE, certUsageSSLClient, pinArg); - - CERT_DestroyCertificate(peerCert); + + CERT_DestroyCertificate(peerCert); if (rv != SECSuccess) { ap_log_error(APLOG_MARK, APLOG_ERR, 0, r->server, @@ -686,7 +686,7 @@ int nss_hook_UserCheck(request_rec *r) SSLDirConfigRec *dc = myDirConfig(r); char *clientdn; const char *auth_line, *username, *password; - + /* * Additionally forbid access (again) * when strict require option is used. @@ -729,7 +729,7 @@ int nss_hook_UserCheck(request_rec *r) } } - /* + /* * We decline operation in various situations... * - NSSOptions +FakeBasicAuth not configured * - r->user already authenticated @@ -769,7 +769,7 @@ int nss_hook_UserCheck(request_rec *r) ":password", NULL)), NULL); apr_table_set(r->headers_in, "Authorization", auth_line); - + ap_log_error(APLOG_MARK, APLOG_INFO, 0, r->server, "Faking HTTP Basic Auth header: \"Authorization: %s\"", auth_line); @@ -784,7 +784,7 @@ int nss_hook_Auth(request_rec *r) ap_log_error(APLOG_MARK, APLOG_INFO, 0, r->server, "nss_hook_Auth"); /* - * Additionally forbid access (again) + * Additionally forbid access (again) * when strict require option is used. */ if ((dc->nOptions & SSL_OPT_STRICTREQUIRE) && @@ -796,10 +796,10 @@ int nss_hook_Auth(request_rec *r) return DECLINED; } -/* +/* * Fixup Handler - */ - + */ + static const char *nss_hook_Fixup_vars[] = { "SSL_VERSION_INTERFACE", "SSL_VERSION_LIBRARY", @@ -954,8 +954,8 @@ int nss_hook_Fixup(request_rec *r) apr_table_setn(env, "SSL_CLIENT_CERT", val); - - /* Need to fetch the entire SSL cert chain and add it to the + + /* Need to fetch the entire SSL cert chain and add it to the * variable SSL_CLIENT_CERT_CHAIN_[0..n] */ cert = SSL_PeerCertificate(ssl); diff --git a/nss_engine_log.c b/nss_engine_log.c index b4e5d1b..3228628 100644 --- a/nss_engine_log.c +++ b/nss_engine_log.c @@ -311,14 +311,14 @@ l_error_t libnss_errors[] = { { 114, "Unexpected uncompressed record" }, }; -void nss_die(void) +void nss_die(void) { /* * This is used for fatal errors and here * it is common module practice to really - * exit from the complete program. - */ - exit(1); + * exit from the complete program. + */ + exit(1); } #if AP_SERVER_MINORVERSION_NUMBER <= 2 diff --git a/nss_engine_pphrase.c b/nss_engine_pphrase.c index b747076..9a25454 100644 --- a/nss_engine_pphrase.c +++ b/nss_engine_pphrase.c @@ -100,12 +100,12 @@ SECStatus nss_Init_Tokens(server_rec *s) 2. We'll get a bogus error message from nss_engine_init, -8053, instead of -8177. */ - return SECFailure; + return SECFailure; } parg->retryCount = 0; /* reset counter to 0 for the next token */ PK11_FreeSlot(slot); } - + /* * reset NSS password callback to blank, so that the server won't prompt * again after initialization is done. @@ -113,7 +113,7 @@ SECStatus nss_Init_Tokens(server_rec *s) PK11_SetPasswordFunc(nss_no_password); free(parg); - return status; + return status; } /* @@ -179,7 +179,7 @@ static char * nss_password_prompt(PK11SlotInfo *slot, PRBool retry, void *arg) * Enforce basic password sanity rules on the password. We don't do * any actual enforcement here but it demonstrates the sorts of things * that may be done. - */ + */ static PRBool nss_check_password(unsigned char *cp) { int len; @@ -316,17 +316,17 @@ static char *nss_get_password(FILE *input, FILE *output, nss_die(); } - /* Just return what we got. If we got this far and we don't have a + /* Just return what we got. If we got this far and we don't have a * PIN then I/O is already shut down, so we can't do anything really * clever. */ pwdstr = strdup(buf); } - /* If we got a password we're done */ + /* If we got a password we're done */ if (pwdstr) return pwdstr; - + for (;;) { /* Prompt for password */ if (isTTY) { @@ -341,7 +341,7 @@ static char *nss_get_password(FILE *input, FILE *output, fprintf(output, "\n"); echoOn(infd); } - /* stomp on newline */ + /* stomp on newline */ phrase[strlen((char*)phrase)-1] = 0; /* Validate password */ @@ -350,7 +350,7 @@ static char *nss_get_password(FILE *input, FILE *output, if (!isTTY) return 0; fprintf(output, "Password must be at least 8 characters long with one or more\n"); fprintf(output, "non-alphabetic characters\n"); - continue; + continue; } if (PK11_IsFIPS() && strlen((char *)phrase) == 0) { ap_log_error(APLOG_MARK, APLOG_ERR, 0, NULL, diff --git a/nss_engine_rand.c b/nss_engine_rand.c index cf0b66c..b6cc1d0 100644 --- a/nss_engine_rand.c +++ b/nss_engine_rand.c @@ -49,7 +49,7 @@ int nss_rand_seed(server_rec *s, apr_pool_t *p, ssl_rsctx_t nCtx, char *prefix) /* * seed in contents of an external file */ - if (apr_file_open(&fp, pRandSeed->cpPath, + if (apr_file_open(&fp, pRandSeed->cpPath, APR_READ, APR_OS_DEFAULT, p) != APR_SUCCESS) continue; nDone += nss_rand_feedfp(p, fp, pRandSeed->nBytes); @@ -89,7 +89,7 @@ int nss_rand_seed(server_rec *s, apr_pool_t *p, ssl_rsctx_t nCtx, char *prefix) l = sizeof(my_seed); PK11_RandomUpdate((unsigned char *)&my_seed, l); nDone += l; - + /* * seed in some current state of the run-time stack (128 bytes) */ diff --git a/nss_engine_vars.c b/nss_engine_vars.c index a954e08..26275d6 100644 --- a/nss_engine_vars.c +++ b/nss_engine_vars.c @@ -311,7 +311,7 @@ static char *nss_var_lookup_ssl(apr_pool_t *p, conn_rec *c, char *var) else if (ssl != NULL && strcEQ(var, "SESSION_ID")) { char *idstr; SECItem *iditem; - + if ((iditem = SSL_GetSessionID(ssl)) == NULL) return NULL; @@ -432,7 +432,7 @@ static char *nss_var_lookup_nss_cert(apr_pool_t *p, CERTCertificate *xs, char *v &suite, sizeof suite) == SECSuccess) { result = apr_psprintf(p, "%s-%s", suite.macAlgorithmName, suite.authAlgorithmName); - } + } } else result = apr_pstrdup(p, "UNKNOWN"); resdup = FALSE; @@ -527,7 +527,7 @@ static char *nss_var_lookup_nss_cert_valid(apr_pool_t *p, CERTCertificate *xs, i } /* Return a string giving the number of days remaining until the cert - * expires "0" if this can't be determined. + * expires "0" if this can't be determined. * * In mod_ssl this is more generic, passing in a time to calculate against, * but I see no point in converting the end date into a string and back again. @@ -648,7 +648,7 @@ static char *nss_var_lookup_nss_cert_verify(apr_pool_t *p, conn_rec *c) static char *nss_var_lookup_nss_cipher(apr_pool_t *p, conn_rec *c, char *var) { - SSLConnRec *sslconn = myConnConfig(c); + SSLConnRec *sslconn = myConnConfig(c); char *result; BOOL resdup; PRFileDesc *ssl; @@ -738,7 +738,7 @@ static char *nss_var_lookup_nss_version(apr_pool_t *p, char *var) return result; } -static char *nss_var_lookup_protocol_version(apr_pool_t *p, conn_rec *c) +static char *nss_var_lookup_protocol_version(apr_pool_t *p, conn_rec *c) { char *result; SSLChannelInfo channel; @@ -813,7 +813,7 @@ void nss_var_log_config_register(apr_pool_t *p) static const char *nss_var_log_handler_c(request_rec *r, char *a) { SSLConnRec *sslconn = myConnConfig(r->connection); - char *result; + char *result; if (sslconn == NULL || sslconn->ssl == NULL) return NULL; diff --git a/nss_expr_eval.c b/nss_expr_eval.c index 839d526..c9e4fe7 100644 --- a/nss_expr_eval.c +++ b/nss_expr_eval.c @@ -181,7 +181,7 @@ static char *nss_expr_eval_func_file(request_rec *r, char *filename) apr_size_t len; apr_finfo_t finfo; - if (apr_file_open(&fp, filename, APR_READ|APR_BUFFERED, + if (apr_file_open(&fp, filename, APR_READ|APR_BUFFERED, APR_OS_DEFAULT, r->pool) != APR_SUCCESS) { nss_expr_error = "Cannot open file"; return ""; diff --git a/nss_pcache.c b/nss_pcache.c index 8a80cee..19ef68c 100644 --- a/nss_pcache.c +++ b/nss_pcache.c @@ -331,10 +331,10 @@ int main(int argc, char ** argv) /* Initialize NSPR */ PR_Init(PR_USER_THREAD, PR_PRIORITY_NORMAL, 256); - + /* Set the PKCS #11 strings for the internal token. */ PK11_ConfigurePKCS11(NULL,NULL,NULL, INTERNAL_TOKEN_NAME, NULL, NULL,NULL,NULL,8,1); - + /* Initialize NSS and open the certificate database read-only. */ rv = NSS_Initialize(argv[3], argc == 5 ? argv[4] : NULL, argc == 5 ? argv[4] : NULL, "secmod.db", NSS_INIT_READONLY); @@ -356,13 +356,13 @@ int main(int argc, char ** argv) exit(1); } PR_smprintf_free(internal_name); - } + } } in = PR_GetSpecialFD(PR_StandardInput); out = PR_GetSpecialFD(PR_StandardOutput); if (in == NULL || out == NULL) { - fprintf(stderr, "PR_GetInheritedFD failed\n"); + fprintf(stderr, "PR_GetInheritedFD failed\n"); exit(1); } @@ -397,8 +397,8 @@ int main(int argc, char ** argv) if (!node) { err = PIN_NOMEMORY; } node->tokenName = strdup(tokenName); - node->store = 0; - node->next = 0; + node->store = 0; + node->next = 0; if (err == PIN_SUCCESS) err = CreatePk11PinStore(&node->store, tokenName, tokenpw); @@ -459,7 +459,7 @@ int main(int argc, char ** argv) return 0; } -/* +/* * Given a \t-deliminated string, pick out the el-th element */ static diff --git a/nss_util.c b/nss_util.c index fa22563..3de5cb2 100644 --- a/nss_util.c +++ b/nss_util.c @@ -50,12 +50,12 @@ apr_file_t *nss_util_ppopen(server_rec *s, apr_pool_t *p, const char *cmd, apr_procattr_t *procattr; apr_proc_t *proc; - if (apr_procattr_create(&procattr, p) != APR_SUCCESS) + if (apr_procattr_create(&procattr, p) != APR_SUCCESS) return NULL; - if (apr_procattr_io_set(procattr, APR_FULL_BLOCK, APR_FULL_BLOCK, + if (apr_procattr_io_set(procattr, APR_FULL_BLOCK, APR_FULL_BLOCK, APR_FULL_BLOCK) != APR_SUCCESS) return NULL; - if (apr_procattr_dir_set(procattr, + if (apr_procattr_dir_set(procattr, ap_make_dirstr_parent(p, cmd)) != APR_SUCCESS) return NULL; if (apr_procattr_cmdtype_set(procattr, APR_PROGRAM) != APR_SUCCESS) @@ -129,11 +129,11 @@ char *searchHashVhostbyNick_match(char *vhost_id) for (hi = apr_hash_first(NULL, ht); hi; hi = apr_hash_next(hi)) { const char *k = NULL; const char *v = NULL; - + apr_hash_this(hi, (const void**)&k, NULL, (void**)&v); if (!ap_strcasecmp_match(vhost_id, k)) { searchValReg = apr_hash_get(ht, k, APR_HASH_KEY_STRING); - return searchValReg; + return searchValReg; } } return NULL; @@ -143,9 +143,9 @@ void addHashVhostNick(char *vhost_id, char *nickname) { if (ht == NULL) { initializeHashVhostNick(); } - + if (searchHashVhostbyNick(vhost_id) == NULL) { - apr_hash_set(ht, apr_pstrdup(mp, vhost_id), APR_HASH_KEY_STRING, + apr_hash_set(ht, apr_pstrdup(mp, vhost_id), APR_HASH_KEY_STRING, apr_pstrdup(mp, nickname)); } } -- cgit