Apache HTTPD
Classes | Macros | Typedefs | Functions | Variables
mod_nw_ssl.c File Reference
module nwssl_module
#include "httpd.h"
#include "http_config.h"
#include "http_connection.h"
#include "http_core.h"
#include "http_log.h"
#include "http_protocol.h"
#include "http_request.h"
#include "ap_listen.h"
#include "apr_strings.h"
#include "apr_portable.h"
#include "apr_optional.h"
#include <unilib.h>

Go to the source code of this file.

Classes

struct  seclisten_rec
 
struct  seclistenup_rec
 
struct  NWSSLSrvConfigRec
 
struct  secsocket_data
 

Macros

#define WS_SSL
 
#define MAX_ADDRESS   512
 
#define MAX_KEY   80
 
#define SO_TLS_UNCLEAN_SHUTDOWN   0
 
#define strEQ(s1, s2)   (strcmp(s1,s2) == 0)
 
#define strNE(s1, s2)   (strcmp(s1,s2) != 0)
 
#define strEQn(s1, s2, n)   (strncmp(s1,s2,n) == 0)
 
#define strNEn(s1, s2, n)   (strncmp(s1,s2,n) != 0)
 
#define strcEQ(s1, s2)   (strcasecmp(s1,s2) == 0)
 
#define strcNE(s1, s2)   (strcasecmp(s1,s2) != 0)
 
#define strcEQn(s1, s2, n)   (strncasecmp(s1,s2,n) == 0)
 
#define strcNEn(s1, s2, n)   (strncasecmp(s1,s2,n) != 0)
 
#define strIsEmpty(s)   (s == NULL || s[0] == NUL)
 
#define get_nwssl_cfg(srv)   (NWSSLSrvConfigRec *) ap_get_module_config(srv->module_config, &nwssl_module)
 
#define MKTIMESTR(format, tmfield)
 
#define SWITCH_STATUS_LINE   "HTTP/1.1 101 Switching Protocols"
 
#define UPGRADE_HEADER   "Upgrade: TLS/1.0, HTTP/1.1"
 
#define CONNECTION_HEADER   "Connection: Upgrade"
 

Typedefs

typedef char *() apr_OFN_ssl_var_lookup_t(apr_pool_t *, server_rec *, conn_rec *, request_rec *, char *)
 
typedef int() apr_OFN_ssl_is_https_t(conn_rec *)
 
typedef int() apr_OFN_ssl_proxy_enable_t(conn_rec *)
 
typedef int() apr_OFN_ssl_engine_disable_t(conn_rec *)
 
typedef struct NWSSLSrvConfigRec NWSSLSrvConfigRec
 
typedef struct seclisten_rec seclisten_rec
 
typedef struct seclistenup_rec seclistenup_rec
 
typedef struct secsocket_data secsocket_data
 

Functions

static void build_cert_list (apr_pool_t *p)
 
static unsigned long parse_addr (const char *w, unsigned short *ports)
 
static int find_secure_listener (seclisten_rec *lr)
 
static charget_port_key (conn_rec *c)
 
static int make_secure_socket (apr_pool_t *pconf, const struct sockaddr_in *server, char *key, int mutual, server_rec *sconf)
 
static int convert_secure_socket (conn_rec *c, apr_socket_t *csd)
 
static int SSLize_Socket (SOCKET socketHnd, char *key, request_rec *r)
 
static const charset_secure_listener (cmd_parms *cmd, void *dummy, const char *ips, const char *key, const char *mutual)
 
static const charset_secure_upgradeable_listener (cmd_parms *cmd, void *dummy, const char *ips, const char *key)
 
static apr_status_t nwssl_socket_cleanup (void *data)
 
static const charset_trusted_certs (cmd_parms *cmd, void *dummy, char *arg)
 
static int nwssl_pre_config (apr_pool_t *pconf, apr_pool_t *plog, apr_pool_t *ptemp)
 
static int nwssl_pre_connection (conn_rec *c, void *csd)
 
static int nwssl_post_config (apr_pool_t *pconf, apr_pool_t *plog, apr_pool_t *ptemp, server_rec *s)
 
static void * nwssl_config_server_create (apr_pool_t *p, server_rec *s)
 
static void * nwssl_config_server_merge (apr_pool_t *p, void *basev, void *addv)
 
static int compare_ipports (void *rec, const char *key, const char *value)
 
static int isSecureConnEx (const server_rec *s, const conn_rec *c, const apr_table_t *t)
 
static int isSecureConn (const server_rec *s, const conn_rec *c)
 
static int isSecureConnUpgradeable (const server_rec *s, const conn_rec *c)
 
static int isSecure (const request_rec *r)
 
static int isSecureUpgradeable (const request_rec *r)
 
static int isSecureUpgraded (const request_rec *r)
 
static int nwssl_hook_Fixup (request_rec *r)
 
static const charnwssl_hook_http_scheme (const request_rec *r)
 
static apr_port_t nwssl_hook_default_port (const request_rec *r)
 
int ssl_proxy_enable (conn_rec *c)
 
int ssl_engine_disable (conn_rec *c)
 
static int ssl_is_https (conn_rec *c)
 
charssl_var_lookup (apr_pool_t *p, server_rec *s, conn_rec *c, request_rec *r, char *var)
 
static apr_status_t ssl_io_filter_Upgrade (ap_filter_t *f, apr_bucket_brigade *bb)
 
static void ssl_hook_Insert_Filter (request_rec *r)
 
static void register_hooks (apr_pool_t *p)
 

Variables

static apr_array_header_tcertlist = NULL
 
static unicode_t ** certarray = NULL
 
static int numcerts = 0
 
static seclisten_recap_seclisteners = NULL
 
static seclistenup_recap_seclistenersup = NULL
 
static ap_listen_recnw_old_listeners
 
static const command_rec nwssl_module_cmds []
 
static int *const aplog_module_index = &( nwssl_module.module_index)
 

Macro Definition Documentation

◆ CONNECTION_HEADER

#define CONNECTION_HEADER   "Connection: Upgrade"

Definition at line 1146 of file mod_nw_ssl.c.

◆ get_nwssl_cfg

#define get_nwssl_cfg (   srv)    (NWSSLSrvConfigRec *) ap_get_module_config(srv->module_config, &nwssl_module)

Definition at line 145 of file mod_nw_ssl.c.

◆ MAX_ADDRESS

#define MAX_ADDRESS   512

Definition at line 49 of file mod_nw_ssl.c.

◆ MAX_KEY

#define MAX_KEY   80

Definition at line 50 of file mod_nw_ssl.c.

◆ MKTIMESTR

#define MKTIMESTR (   format,
  tmfield 
)
Value:
apr_time_exp_lt(&tm, apr_time_now()); \
result = apr_psprintf(p, format, tm.tmfield); \
resdup = FALSE;
FALSE
#define FALSE
Definition abts.h:35
size
apr_size_t size
Definition apr_allocator.h:115
format
const char * format
Definition apr_file_io.h:844
result
apr_array_header_t ** result
Definition apr_fnmatch.h:144
tm
apr_size_t apr_size_t const char apr_time_exp_t * tm
Definition apr_time.h:221
p
apr_pool_t * p
Definition md_event.c:32

◆ SO_TLS_UNCLEAN_SHUTDOWN

#define SO_TLS_UNCLEAN_SHUTDOWN   0

Definition at line 68 of file mod_nw_ssl.c.

◆ strcEQ

#define strcEQ (   s1,
  s2 
)    (strcasecmp(s1,s2) == 0)

Definition at line 93 of file mod_nw_ssl.c.

◆ strcEQn

#define strcEQn (   s1,
  s2,
  n 
)    (strncasecmp(s1,s2,n) == 0)

Definition at line 95 of file mod_nw_ssl.c.

◆ strcNE

#define strcNE (   s1,
  s2 
)    (strcasecmp(s1,s2) != 0)

Definition at line 94 of file mod_nw_ssl.c.

◆ strcNEn

#define strcNEn (   s1,
  s2,
  n 
)    (strncasecmp(s1,s2,n) != 0)

Definition at line 96 of file mod_nw_ssl.c.

◆ strEQ

#define strEQ (   s1,
  s2 
)    (strcmp(s1,s2) == 0)

Definition at line 88 of file mod_nw_ssl.c.

◆ strEQn

#define strEQn (   s1,
  s2,
  n 
)    (strncmp(s1,s2,n) == 0)

Definition at line 90 of file mod_nw_ssl.c.

◆ strIsEmpty

#define strIsEmpty (   s)    (s == NULL || s[0] == NUL)

Definition at line 98 of file mod_nw_ssl.c.

◆ strNE

#define strNE (   s1,
  s2 
)    (strcmp(s1,s2) != 0)

Definition at line 89 of file mod_nw_ssl.c.

◆ strNEn

#define strNEn (   s1,
  s2,
  n 
)    (strncmp(s1,s2,n) != 0)

Definition at line 91 of file mod_nw_ssl.c.

◆ SWITCH_STATUS_LINE

#define SWITCH_STATUS_LINE   "HTTP/1.1 101 Switching Protocols"

Definition at line 1144 of file mod_nw_ssl.c.

◆ UPGRADE_HEADER

#define UPGRADE_HEADER   "Upgrade: TLS/1.0, HTTP/1.1"

Definition at line 1145 of file mod_nw_ssl.c.

◆ WS_SSL

#define WS_SSL

Definition at line 47 of file mod_nw_ssl.c.

Typedef Documentation

◆ apr_OFN_ssl_engine_disable_t

typedef int() apr_OFN_ssl_engine_disable_t(conn_rec *)

Definition at line 86 of file mod_nw_ssl.c.

◆ apr_OFN_ssl_is_https_t

typedef int() apr_OFN_ssl_is_https_t(conn_rec *)

Definition at line 80 of file mod_nw_ssl.c.

◆ apr_OFN_ssl_proxy_enable_t

typedef int() apr_OFN_ssl_proxy_enable_t(conn_rec *)

Definition at line 85 of file mod_nw_ssl.c.

◆ apr_OFN_ssl_var_lookup_t

typedef char *() apr_OFN_ssl_var_lookup_t(apr_pool_t *, server_rec *, conn_rec *, request_rec *, char *)

Definition at line 76 of file mod_nw_ssl.c.

◆ NWSSLSrvConfigRec

typedef struct NWSSLSrvConfigRec NWSSLSrvConfigRec

Definition at line 103 of file mod_nw_ssl.c.

◆ seclisten_rec

typedef struct seclisten_rec seclisten_rec

Definition at line 104 of file mod_nw_ssl.c.

◆ seclistenup_rec

typedef struct seclistenup_rec seclistenup_rec

Definition at line 105 of file mod_nw_ssl.c.

◆ secsocket_data

typedef struct secsocket_data secsocket_data

Definition at line 106 of file mod_nw_ssl.c.

Function Documentation

◆ build_cert_list()

static void build_cert_list ( apr_pool_t p)
static

Definition at line 148 of file mod_nw_ssl.c.

◆ compare_ipports()

static int compare_ipports ( void *  rec,
const char key,
const char value 
)
static

Definition at line 855 of file mod_nw_ssl.c.

◆ convert_secure_socket()

static int convert_secure_socket ( conn_rec c,
apr_socket_t csd 
)
static

Definition at line 329 of file mod_nw_ssl.c.

◆ find_secure_listener()

static int find_secure_listener ( seclisten_rec lr)
static

Definition at line 219 of file mod_nw_ssl.c.

◆ get_port_key()

static char * get_port_key ( conn_rec c)
static

Definition at line 232 of file mod_nw_ssl.c.

◆ isSecure()

static int isSecure ( const request_rec r)
static

Definition at line 893 of file mod_nw_ssl.c.

◆ isSecureConn()

static int isSecureConn ( const server_rec s,
const conn_rec c 
)
static

Definition at line 879 of file mod_nw_ssl.c.

◆ isSecureConnEx()

static int isSecureConnEx ( const server_rec s,
const conn_rec c,
const apr_table_t t 
)
static

Definition at line 867 of file mod_nw_ssl.c.

◆ isSecureConnUpgradeable()

static int isSecureConnUpgradeable ( const server_rec s,
const conn_rec c 
)
static

Definition at line 886 of file mod_nw_ssl.c.

◆ isSecureUpgradeable()

static int isSecureUpgradeable ( const request_rec r)
static

Definition at line 898 of file mod_nw_ssl.c.

◆ isSecureUpgraded()

static int isSecureUpgraded ( const request_rec r)
static

Definition at line 903 of file mod_nw_ssl.c.

◆ make_secure_socket()

static int make_secure_socket ( apr_pool_t pconf,
const struct sockaddr_in server,
char key,
int  mutual,
server_rec sconf 
)
static

Definition at line 246 of file mod_nw_ssl.c.

◆ nwssl_config_server_create()

static void * nwssl_config_server_create ( apr_pool_t p,
server_rec s 
)
static

Definition at line 839 of file mod_nw_ssl.c.

◆ nwssl_config_server_merge()

static void * nwssl_config_server_merge ( apr_pool_t p,
void *  basev,
void *  addv 
)
static

Definition at line 847 of file mod_nw_ssl.c.

◆ nwssl_hook_default_port()

static apr_port_t nwssl_hook_default_port ( const request_rec r)
static

Definition at line 928 of file mod_nw_ssl.c.

◆ nwssl_hook_Fixup()

static int nwssl_hook_Fixup ( request_rec r)
static

< Module declines to handle

< Module declines to handle

Definition at line 910 of file mod_nw_ssl.c.

◆ nwssl_hook_http_scheme()

static const char * nwssl_hook_http_scheme ( const request_rec r)
static

Definition at line 920 of file mod_nw_ssl.c.

◆ nwssl_post_config()

static int nwssl_post_config ( apr_pool_t pconf,
apr_pool_t plog,
apr_pool_t ptemp,
server_rec s 
)
static

< Module has handled this stage.

Definition at line 730 of file mod_nw_ssl.c.

◆ nwssl_pre_config()

static int nwssl_pre_config ( apr_pool_t pconf,
apr_pool_t plog,
apr_pool_t ptemp 
)
static

< Module has handled this stage.

Definition at line 642 of file mod_nw_ssl.c.

◆ nwssl_pre_connection()

static int nwssl_pre_connection ( conn_rec c,
void *  csd 
)
static

< Module has handled this stage.

Definition at line 713 of file mod_nw_ssl.c.

◆ nwssl_socket_cleanup()

static apr_status_t nwssl_socket_cleanup ( void *  data)
static

Definition at line 613 of file mod_nw_ssl.c.

◆ parse_addr()

static unsigned long parse_addr ( const char w,
unsigned short ports 
)
static

Definition at line 168 of file mod_nw_ssl.c.

◆ register_hooks()

static void register_hooks ( apr_pool_t p)
static

Definition at line 1256 of file mod_nw_ssl.c.

◆ set_secure_listener()

static const char * set_secure_listener ( cmd_parms cmd,
void *  dummy,
const char ips,
const char key,
const char mutual 
)
static

< Forbidden in <VirtualHost>

< Forbidden in <Limit>

< Forbidden in <Directory>

< Forbidden in <Location>

< Forbidden in <Files> or <If>

< Forbidden in <Proxy>

Definition at line 467 of file mod_nw_ssl.c.

◆ set_secure_upgradeable_listener()

static const char * set_secure_upgradeable_listener ( cmd_parms cmd,
void *  dummy,
const char ips,
const char key 
)
static

< Forbidden in <VirtualHost>

< Forbidden in <Limit>

< Forbidden in <Directory>

< Forbidden in <Location>

< Forbidden in <Files> or <If>

< Forbidden in <Proxy>

Definition at line 563 of file mod_nw_ssl.c.

◆ set_trusted_certs()

static const char * set_trusted_certs ( cmd_parms cmd,
void *  dummy,
char arg 
)
static

Definition at line 634 of file mod_nw_ssl.c.

◆ ssl_engine_disable()

int ssl_engine_disable ( conn_rec c)

Definition at line 943 of file mod_nw_ssl.c.

◆ ssl_hook_Insert_Filter()

static void ssl_hook_Insert_Filter ( request_rec r)
static

Definition at line 1234 of file mod_nw_ssl.c.

◆ ssl_io_filter_Upgrade()

static apr_status_t ssl_io_filter_Upgrade ( ap_filter_t f,
apr_bucket_brigade bb 
)
static

Definition at line 1148 of file mod_nw_ssl.c.

◆ ssl_is_https()

static int ssl_is_https ( conn_rec c)
static

Definition at line 948 of file mod_nw_ssl.c.

◆ ssl_proxy_enable()

int ssl_proxy_enable ( conn_rec c)

Definition at line 936 of file mod_nw_ssl.c.

◆ SSLize_Socket()

static int SSLize_Socket ( SOCKET  socketHnd,
char key,
request_rec r 
)
static

Definition at line 393 of file mod_nw_ssl.c.

Variable Documentation

◆ ap_seclisteners

seclisten_rec* ap_seclisteners = NULL
static

Definition at line 140 of file mod_nw_ssl.c.

◆ ap_seclistenersup

seclistenup_rec* ap_seclistenersup = NULL
static

Definition at line 141 of file mod_nw_ssl.c.

◆ aplog_module_index

int* const aplog_module_index = &( nwssl_module.module_index)
static

Definition at line 1275 of file mod_nw_ssl.c.

◆ certarray

unicode_t** certarray = NULL
static

Definition at line 138 of file mod_nw_ssl.c.

◆ certlist

apr_array_header_t* certlist = NULL
static

Definition at line 137 of file mod_nw_ssl.c.

◆ numcerts

int numcerts = 0
static

Definition at line 139 of file mod_nw_ssl.c.

◆ nw_old_listeners

ap_listen_rec* nw_old_listeners
static

Definition at line 143 of file mod_nw_ssl.c.

◆ nwssl_module_cmds

const command_rec nwssl_module_cmds[]
static
Initial value:
=
{
{ "SecureListen" , set_secure_listener , NULL , 128 , TAKE23, "specify an address and/or port with a key pair name.\n" "Optional third parameter of MUTUAL configures the port for mutual authentication." },
{ "NWSSLUpgradeable" , set_secure_upgradeable_listener , NULL , 128 , TAKE2, "specify an address and/or port with a key pair name, that can be upgraded to an SSL connection.\n" "The address and/or port must have already be defined using a Listen directive." },
{ "NWSSLTrustedCerts" , set_trusted_certs , NULL , 128 , ITERATE, "Adds trusted certificates that are used to create secure connections to proxied servers" },
{NULL}
}
TAKE23
@ TAKE23
Definition http_config.h:63
TAKE2
@ TAKE2
Definition http_config.h:52
ITERATE
@ ITERATE
Definition http_config.h:53
set_secure_listener
static const char * set_secure_listener(cmd_parms *cmd, void *dummy, const char *ips, const char *key, const char *mutual)
Definition mod_nw_ssl.c:467
set_secure_upgradeable_listener
static const char * set_secure_upgradeable_listener(cmd_parms *cmd, void *dummy, const char *ips, const char *key)
Definition mod_nw_ssl.c:563
set_trusted_certs
static const char * set_trusted_certs(cmd_parms *cmd, void *dummy, char *arg)
Definition mod_nw_ssl.c:634
NULL
return NULL
Definition mod_so.c:359

Definition at line 1243 of file mod_nw_ssl.c.

Generated by doxygen 1.9.8