[Fedora-directory-commits] mod_nss mod_nss.c, 1.16, 1.17 mod_nss.h, 1.18, 1.19 nss_engine_vars.c, 1.9, 1.10

Robert Crittenden (rcritten) fedora-directory-commits at redhat.com
Thu Oct 18 18:26:23 UTC 2007


Author: rcritten

Update of /cvs/dirsec/mod_nss
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv30785

Modified Files:
	mod_nss.c mod_nss.h nss_engine_vars.c 
Log Message:
If mod_ssl isn't loaded then register the hooks to mod_proxy so we can
do at least secure proxy in front of an unsecure host.



Index: mod_nss.c
===================================================================
RCS file: /cvs/dirsec/mod_nss/mod_nss.c,v
retrieving revision 1.16
retrieving revision 1.17
diff -u -r1.16 -r1.17
--- mod_nss.c	31 May 2007 21:36:03 -0000	1.16
+++ mod_nss.c	18 Oct 2007 18:26:21 -0000	1.17
@@ -200,6 +200,10 @@
     return 1;
 }
 
+int ssl_proxy_enable(conn_rec *c) {
+    return nss_proxy_enable(c);
+}
+
 int nss_engine_disable(conn_rec *c)
 {
     SSLSrvConfigRec *sc = mySrvConfig(c->base_server);
@@ -217,6 +221,10 @@
     return 1;
 }
 
+int ssl_engine_disable(conn_rec *c) {
+    return nss_engine_disable(c);
+}
+
 /* Callback for an incoming certificate that is not valid */
 
 SECStatus NSSBadCertHandler(void *arg, PRFileDesc * socket)
@@ -430,6 +438,12 @@
 
     APR_REGISTER_OPTIONAL_FN(nss_proxy_enable);
     APR_REGISTER_OPTIONAL_FN(nss_engine_disable);
+
+    /* If mod_ssl is not loaded then mod_nss can work with mod_proxy */
+    if (APR_RETRIEVE_OPTIONAL_FN(ssl_proxy_enable) == NULL)
+        APR_REGISTER_OPTIONAL_FN(ssl_proxy_enable);
+    if (APR_RETRIEVE_OPTIONAL_FN(ssl_engine_disable) == NULL)
+        APR_REGISTER_OPTIONAL_FN(ssl_engine_disable);
 }
 
 module AP_MODULE_DECLARE_DATA nss_module = {


Index: mod_nss.h
===================================================================
RCS file: /cvs/dirsec/mod_nss/mod_nss.h,v
retrieving revision 1.18
retrieving revision 1.19
diff -u -r1.18 -r1.19
--- mod_nss.h	31 May 2007 21:36:03 -0000	1.18
+++ mod_nss.h	18 Oct 2007 18:26:21 -0000	1.19
@@ -419,24 +419,34 @@
 /*  Variables  */
 void         nss_var_register(void);
 char        *nss_var_lookup(apr_pool_t *, server_rec *, conn_rec *, request_rec *, char *);
+char        *ssl_var_lookup(apr_pool_t *, server_rec *, conn_rec *, request_rec *, char *);
 void         nss_var_log_config_register(apr_pool_t *p);
 
 APR_DECLARE_OPTIONAL_FN(char *, nss_var_lookup,
                         (apr_pool_t *, server_rec *,
                          conn_rec *, request_rec *, 
                          char *));
+APR_DECLARE_OPTIONAL_FN(char *, ssl_var_lookup,
+                        (apr_pool_t *, server_rec *,
+                         conn_rec *, request_rec *, 
+                         char *));
 
 /* An optional function which returns non-zero if the given connection
  * is using SSL/TLS. */
 APR_DECLARE_OPTIONAL_FN(int, nss_is_https, (conn_rec *));
+APR_DECLARE_OPTIONAL_FN(int, ssl_is_https, (conn_rec *));
 
 /* Proxy Support */
 int nss_proxy_enable(conn_rec *c);
 int nss_engine_disable(conn_rec *c);
+int ssl_proxy_enable(conn_rec *c);
+int ssl_engine_disable(conn_rec *c);
 
 APR_DECLARE_OPTIONAL_FN(int, nss_proxy_enable, (conn_rec *));
+APR_DECLARE_OPTIONAL_FN(int, ssl_proxy_enable, (conn_rec *));
 
 APR_DECLARE_OPTIONAL_FN(int, nss_engine_disable, (conn_rec *));
+APR_DECLARE_OPTIONAL_FN(int, ssl_engine_disable, (conn_rec *));
 
 /* I/O */
 PRFileDesc * nss_io_new_fd();


Index: nss_engine_vars.c
===================================================================
RCS file: /cvs/dirsec/mod_nss/nss_engine_vars.c,v
retrieving revision 1.9
retrieving revision 1.10
diff -u -r1.9 -r1.10
--- nss_engine_vars.c	31 May 2007 21:36:03 -0000	1.9
+++ nss_engine_vars.c	18 Oct 2007 18:26:21 -0000	1.10
@@ -46,10 +46,21 @@
     return sslconn && sslconn->ssl;
 }
 
+static int ssl_is_https(conn_rec *c) {
+    return nss_is_https(c);
+}
+
 void nss_var_register(void)
 {
     APR_REGISTER_OPTIONAL_FN(nss_is_https);
     APR_REGISTER_OPTIONAL_FN(nss_var_lookup);
+
+    /* These can only be registered if mod_ssl is not loaded */
+    if (APR_RETRIEVE_OPTIONAL_FN(ssl_is_https) == NULL)
+        APR_REGISTER_OPTIONAL_FN(ssl_is_https);
+    if (APR_RETRIEVE_OPTIONAL_FN(ssl_var_lookup) == NULL)
+        APR_REGISTER_OPTIONAL_FN(ssl_var_lookup);
+
     return;
 }
 
@@ -241,6 +252,10 @@
     return result;
 }
 
+char *ssl_var_lookup(apr_pool_t *p, server_rec *s, conn_rec *c, request_rec *r, char *var) {
+    return nss_var_lookup(p, s, c, r, var);
+}
+
 static char *nss_var_lookup_header(apr_pool_t *p, request_rec *r, const char *name)
 {
     char *hdr = NULL;




More information about the Fedora-directory-commits mailing list