Ugly hack to enable mod_ssl and mod_nss to "share" hooks.

--- httpd-2.4.6/modules/ssl/mod_ssl.c.sslmultiproxy

+++ httpd-2.4.6/modules/ssl/mod_ssl.c

@@ -369,6 +369,9 @@ static SSLConnRec *ssl_init_connection_c

     return sslconn;

 }

+static typeof(ssl_proxy_enable) *othermod_proxy_enable;

+static typeof(ssl_engine_disable) *othermod_engine_disable;

+

 int ssl_proxy_enable(conn_rec *c)

 {

     SSLSrvConfigRec *sc;

@@ -377,6 +380,12 @@ int ssl_proxy_enable(conn_rec *c)

     sc = mySrvConfig(sslconn->server);

     if (!sc->proxy_enabled) {

+        if (othermod_proxy_enable) {

+            ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, c,

+                          "mod_ssl proxy not configured, passing through to other module.");

+            return othermod_proxy_enable(c);

+        }

+

         ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, c, APLOGNO(01961)

                       "SSL Proxy requested for %s but not enabled "

                       "[Hint: SSLProxyEngine]", sc->vhost_id);

@@ -396,6 +405,10 @@ int ssl_engine_disable(conn_rec *c)

     SSLConnRec *sslconn = myConnConfig(c);

+    if (othermod_engine_disable) {

+        othermod_engine_disable(c);

+    }

+

     if (sslconn) {

         sc = mySrvConfig(sslconn->server);

     }

@@ -612,6 +625,9 @@ static void ssl_register_hooks(apr_pool_

     ap_hook_post_read_request(ssl_hook_ReadReq, pre_prr,NULL, APR_HOOK_MIDDLE);

     ssl_var_register(p);

+    

+    othermod_proxy_enable = APR_RETRIEVE_OPTIONAL_FN(ssl_proxy_enable);

+    othermod_engine_disable = APR_RETRIEVE_OPTIONAL_FN(ssl_engine_disable);

     APR_REGISTER_OPTIONAL_FN(ssl_proxy_enable);

     APR_REGISTER_OPTIONAL_FN(ssl_engine_disable);

--- httpd-2.4.6/modules/ssl/ssl_engine_vars.c.sslmultiproxy

+++ httpd-2.4.6/modules/ssl/ssl_engine_vars.c

@@ -53,10 +53,15 @@ static void  ssl_var_lookup_ssl_cipher_b

 static char *ssl_var_lookup_ssl_version(apr_pool_t *p, char *var);

 static char *ssl_var_lookup_ssl_compress_meth(SSL *ssl);

+static APR_OPTIONAL_FN_TYPE(ssl_is_https) *othermod_is_https;

+static APR_OPTIONAL_FN_TYPE(ssl_var_lookup) *othermod_var_lookup;

+

 static int ssl_is_https(conn_rec *c)

 {

     SSLConnRec *sslconn = myConnConfig(c);

-    return sslconn && sslconn->ssl;

+    

+    return (sslconn && sslconn->ssl)

+        || (othermod_is_https && othermod_is_https(c));

 }

 static const char var_interface[] = "mod_ssl/" AP_SERVER_BASEREVISION;

@@ -106,6 +111,9 @@ void ssl_var_register(apr_pool_t *p)

 {

     char *cp, *cp2;

+    othermod_is_https = APR_RETRIEVE_OPTIONAL_FN(ssl_is_https);

+    othermod_var_lookup = APR_RETRIEVE_OPTIONAL_FN(ssl_var_lookup);

+

     APR_REGISTER_OPTIONAL_FN(ssl_is_https);

     APR_REGISTER_OPTIONAL_FN(ssl_var_lookup);

     APR_REGISTER_OPTIONAL_FN(ssl_ext_list);

@@ -241,6 +249,15 @@ char *ssl_var_lookup(apr_pool_t *p, serv

      */

     if (result == NULL && c != NULL) {

         SSLConnRec *sslconn = myConnConfig(c);

+

+        if (strlen(var) > 4 && strcEQn(var, "SSL_", 4)

+            && (!sslconn || !sslconn->ssl) && othermod_var_lookup) {

+            /* For an SSL_* variable, if mod_ssl is not enabled for

+             * this connection and another SSL module is present, pass

+             * through to that module. */

+            return othermod_var_lookup(p, s, c, r, var);

+        }

+

         if (strlen(var) > 4 && strcEQn(var, "SSL_", 4)

             && sslconn && sslconn->ssl)

             result = ssl_var_lookup_ssl(p, c, r, var+4);