From f2f7282322eba35795a8c7dd57a61f2f1cf115b5 Mon Sep 17 00:00:00 2001
From: rcritten <>
Date: Wed, 9 Aug 2006 19:17:56 +0000
Subject: Merge in changes from
 http://svn.apache.org/viewvc?view=rev&revision=161958

The issue was that mod_ssl wasn't always picking up ssl-unclean-shutdown
settings. This isn't an issue for mod_nss since it doesn't support
separate shutdown modes, but this does simplify the code a bit.

* mod_nss.h: Remove nss_hook_Translate.

* nss_engine_kernel.c
     (nss_hook_ReadReq): Merge in nss_hook_Translate.
     (nss_hook_Translate): Remove.

* mod_nss.c (nss_register_hooks): Ensure that _ReadReq
  hook runs after mod_setenvif.c; don't register translate_name hook.
---
 mod_nss.c           |  7 +++++--
 mod_nss.h           |  1 -
 nss_engine_kernel.c | 18 ++++++------------
 3 files changed, 11 insertions(+), 15 deletions(-)

diff --git a/mod_nss.c b/mod_nss.c
index b46169f..e528109 100644
--- a/mod_nss.c
+++ b/mod_nss.c
@@ -395,6 +395,10 @@ static apr_port_t nss_hook_default_port(const request_rec *r)
 
 static void nss_register_hooks(apr_pool_t *p)
 {
+    /* nss_hook_ReadReq needs to use the BrowserMatch settings so must
+     * run after mod_setenvif's post_read_request hook. */ 
+    static const char *pre_prr[] = { "mod_setenvif.c", NULL };
+
     nss_io_filter_register(p);
 
     ap_hook_pre_connection(nss_hook_pre_connection,NULL,NULL, APR_HOOK_MIDDLE);
@@ -407,12 +411,11 @@ static void nss_register_hooks(apr_pool_t *p)
     ap_hook_default_port  (nss_hook_default_port,  NULL,NULL, APR_HOOK_MIDDLE);
     ap_hook_pre_config    (nss_hook_pre_config,    NULL,NULL, APR_HOOK_MIDDLE);
     ap_hook_child_init    (nss_init_Child,         NULL,NULL, APR_HOOK_MIDDLE);
-    ap_hook_translate_name(nss_hook_Translate,     NULL,NULL, APR_HOOK_MIDDLE);
     ap_hook_check_user_id (nss_hook_UserCheck,     NULL,NULL, APR_HOOK_FIRST);
     ap_hook_fixups        (nss_hook_Fixup,         NULL,NULL, APR_HOOK_MIDDLE);
     ap_hook_access_checker(nss_hook_Access,        NULL,NULL, APR_HOOK_MIDDLE);
     ap_hook_auth_checker  (nss_hook_Auth,          NULL,NULL, APR_HOOK_MIDDLE);
-    ap_hook_post_read_request(nss_hook_ReadReq,    NULL,NULL, APR_HOOK_MIDDLE);
+    ap_hook_post_read_request(nss_hook_ReadReq, pre_prr,NULL, APR_HOOK_MIDDLE);
 
     nss_var_register();
 
diff --git a/mod_nss.h b/mod_nss.h
index 117290f..30c74fa 100644
--- a/mod_nss.h
+++ b/mod_nss.h
@@ -403,7 +403,6 @@ apr_status_t nss_init_ModuleKill(void *data);
 int nss_parse_ciphers(server_rec *s, char *ciphers, PRBool cipher_list[ciphernum]);
 
 /* Apache API hooks */
-int nss_hook_Translate(request_rec *r);
 int nss_hook_UserCheck(request_rec *r);
 int nss_hook_Fixup(request_rec *r);
 int nss_hook_Access(request_rec *r);
diff --git a/nss_engine_kernel.c b/nss_engine_kernel.c
index b8de991..9443896 100644
--- a/nss_engine_kernel.c
+++ b/nss_engine_kernel.c
@@ -23,6 +23,7 @@ static void HandshakeDone(PRFileDesc *fd, void *doneflag);
 int nss_hook_ReadReq(request_rec *r)
 {
     SSLConnRec *sslconn = myConnConfig(r->connection);
+    PRFileDesc *ssl = sslconn ? sslconn->ssl : NULL;
 
     if (!sslconn) {
         return DECLINED;
@@ -62,19 +63,13 @@ int nss_hook_ReadReq(request_rec *r)
         return HTTP_BAD_REQUEST;
     }
 
-    return DECLINED;
-}
-
-/* 
- *  URL Translation Handler
- */
-int nss_hook_Translate(request_rec *r)
-{
-    SSLConnRec *sslconn = myConnConfig(r->connection);
- 
-    if (!(sslconn && sslconn->ssl)) {
+    /* Get the SSL connection structure and perform the
+     * delayed interlinking from SSL back to request_rec
+     */
+    if (!ssl) {
         return DECLINED; 
     }
+
     /*
      * Log information about incoming HTTPS requests
      */
@@ -92,7 +87,6 @@ int nss_hook_Translate(request_rec *r)
     return DECLINED;
 }
 
-
 /*
  *  Access Handler
  */
-- 
cgit