[Fedora-directory-commits] mod_nss mod_nss.c, 1.16, 1.17 mod_nss.h, 1.18, 1.19 nss_engine_vars.c, 1.9, 1.10
Robert Crittenden (rcritten)
fedora-directory-commits at redhat.com
Thu Oct 18 18:26:23 UTC 2007
Author: rcritten
Update of /cvs/dirsec/mod_nss
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv30785
Modified Files:
mod_nss.c mod_nss.h nss_engine_vars.c
Log Message:
If mod_ssl isn't loaded then register the hooks to mod_proxy so we can
do at least secure proxy in front of an unsecure host.
Index: mod_nss.c
===================================================================
RCS file: /cvs/dirsec/mod_nss/mod_nss.c,v
retrieving revision 1.16
retrieving revision 1.17
diff -u -r1.16 -r1.17
--- mod_nss.c 31 May 2007 21:36:03 -0000 1.16
+++ mod_nss.c 18 Oct 2007 18:26:21 -0000 1.17
@@ -200,6 +200,10 @@
return 1;
}
+int ssl_proxy_enable(conn_rec *c) {
+ return nss_proxy_enable(c);
+}
+
int nss_engine_disable(conn_rec *c)
{
SSLSrvConfigRec *sc = mySrvConfig(c->base_server);
@@ -217,6 +221,10 @@
return 1;
}
+int ssl_engine_disable(conn_rec *c) {
+ return nss_engine_disable(c);
+}
+
/* Callback for an incoming certificate that is not valid */
SECStatus NSSBadCertHandler(void *arg, PRFileDesc * socket)
@@ -430,6 +438,12 @@
APR_REGISTER_OPTIONAL_FN(nss_proxy_enable);
APR_REGISTER_OPTIONAL_FN(nss_engine_disable);
+
+ /* If mod_ssl is not loaded then mod_nss can work with mod_proxy */
+ if (APR_RETRIEVE_OPTIONAL_FN(ssl_proxy_enable) == NULL)
+ APR_REGISTER_OPTIONAL_FN(ssl_proxy_enable);
+ if (APR_RETRIEVE_OPTIONAL_FN(ssl_engine_disable) == NULL)
+ APR_REGISTER_OPTIONAL_FN(ssl_engine_disable);
}
module AP_MODULE_DECLARE_DATA nss_module = {
Index: mod_nss.h
===================================================================
RCS file: /cvs/dirsec/mod_nss/mod_nss.h,v
retrieving revision 1.18
retrieving revision 1.19
diff -u -r1.18 -r1.19
--- mod_nss.h 31 May 2007 21:36:03 -0000 1.18
+++ mod_nss.h 18 Oct 2007 18:26:21 -0000 1.19
@@ -419,24 +419,34 @@
/* Variables */
void nss_var_register(void);
char *nss_var_lookup(apr_pool_t *, server_rec *, conn_rec *, request_rec *, char *);
+char *ssl_var_lookup(apr_pool_t *, server_rec *, conn_rec *, request_rec *, char *);
void nss_var_log_config_register(apr_pool_t *p);
APR_DECLARE_OPTIONAL_FN(char *, nss_var_lookup,
(apr_pool_t *, server_rec *,
conn_rec *, request_rec *,
char *));
+APR_DECLARE_OPTIONAL_FN(char *, ssl_var_lookup,
+ (apr_pool_t *, server_rec *,
+ conn_rec *, request_rec *,
+ char *));
/* An optional function which returns non-zero if the given connection
* is using SSL/TLS. */
APR_DECLARE_OPTIONAL_FN(int, nss_is_https, (conn_rec *));
+APR_DECLARE_OPTIONAL_FN(int, ssl_is_https, (conn_rec *));
/* Proxy Support */
int nss_proxy_enable(conn_rec *c);
int nss_engine_disable(conn_rec *c);
+int ssl_proxy_enable(conn_rec *c);
+int ssl_engine_disable(conn_rec *c);
APR_DECLARE_OPTIONAL_FN(int, nss_proxy_enable, (conn_rec *));
+APR_DECLARE_OPTIONAL_FN(int, ssl_proxy_enable, (conn_rec *));
APR_DECLARE_OPTIONAL_FN(int, nss_engine_disable, (conn_rec *));
+APR_DECLARE_OPTIONAL_FN(int, ssl_engine_disable, (conn_rec *));
/* I/O */
PRFileDesc * nss_io_new_fd();
Index: nss_engine_vars.c
===================================================================
RCS file: /cvs/dirsec/mod_nss/nss_engine_vars.c,v
retrieving revision 1.9
retrieving revision 1.10
diff -u -r1.9 -r1.10
--- nss_engine_vars.c 31 May 2007 21:36:03 -0000 1.9
+++ nss_engine_vars.c 18 Oct 2007 18:26:21 -0000 1.10
@@ -46,10 +46,21 @@
return sslconn && sslconn->ssl;
}
+static int ssl_is_https(conn_rec *c) {
+ return nss_is_https(c);
+}
+
void nss_var_register(void)
{
APR_REGISTER_OPTIONAL_FN(nss_is_https);
APR_REGISTER_OPTIONAL_FN(nss_var_lookup);
+
+ /* These can only be registered if mod_ssl is not loaded */
+ if (APR_RETRIEVE_OPTIONAL_FN(ssl_is_https) == NULL)
+ APR_REGISTER_OPTIONAL_FN(ssl_is_https);
+ if (APR_RETRIEVE_OPTIONAL_FN(ssl_var_lookup) == NULL)
+ APR_REGISTER_OPTIONAL_FN(ssl_var_lookup);
+
return;
}
@@ -241,6 +252,10 @@
return result;
}
+char *ssl_var_lookup(apr_pool_t *p, server_rec *s, conn_rec *c, request_rec *r, char *var) {
+ return nss_var_lookup(p, s, c, r, var);
+}
+
static char *nss_var_lookup_header(apr_pool_t *p, request_rec *r, const char *name)
{
char *hdr = NULL;
More information about the Fedora-directory-commits
mailing list