From ce2d1d7d4b2bebe34cf37fdeb30d35050092c5b5 Mon Sep 17 00:00:00 2001 From: Rob Crittenden Date: Thu, 12 Apr 2018 14:36:28 -0400 Subject: [PATCH] httpd-2.4.18-sslmultiproxy.patch --- modules/ssl/mod_ssl.c | 24 ++++++++++++++++++++++-- modules/ssl/ssl_engine_vars.c | 18 +++++++++++++++++- 2 files changed, 39 insertions(+), 3 deletions(-) diff --git a/modules/ssl/mod_ssl.c b/modules/ssl/mod_ssl.c index 48d64cb..42e85a3 100644 diff -uap httpd-2.4.33/modules/ssl/mod_ssl.c.sslmultiproxy httpd-2.4.33/modules/ssl/mod_ssl.c --- httpd-2.4.33/modules/ssl/mod_ssl.c.sslmultiproxy +++ httpd-2.4.33/modules/ssl/mod_ssl.c @@ -444,12 +444,19 @@ return OK; } +static APR_OPTIONAL_FN_TYPE(ssl_engine_disable) *othermod_engine_disable; +static APR_OPTIONAL_FN_TYPE(ssl_engine_set) *othermod_engine_set; + static SSLConnRec *ssl_init_connection_ctx(conn_rec *c, ap_conf_vector_t *per_dir_config) { SSLConnRec *sslconn = myConnConfig(c); SSLSrvConfigRec *sc; + if (othermod_engine_disable) { + othermod_engine_disable(c); + } + if (sslconn) { return sslconn; } @@ -508,6 +515,10 @@ { SSLConnRec *sslconn; int status; + + if (othermod_engine_set) { + return othermod_engine_set(c, per_dir_config, proxy, enable); + } if (proxy) { sslconn = ssl_init_connection_ctx(c, per_dir_config); @@ -537,12 +548,18 @@ static int ssl_proxy_enable(conn_rec *c) { - return ssl_engine_set(c, NULL, 1, 1); + if (othermod_engine_set) + return othermod_engine_set(c, NULL, 1, 1); + else + return ssl_engine_set(c, NULL, 1, 1); } static int ssl_engine_disable(conn_rec *c) { - return ssl_engine_set(c, NULL, 0, 0); + if (othermod_engine_set) + return othermod_engine_set(c, NULL, 0, 0); + else + return ssl_engine_set(c, NULL, 0, 0); } int ssl_init_ssl_connection(conn_rec *c, request_rec *r) @@ -730,6 +747,9 @@ APR_HOOK_MIDDLE); ssl_var_register(p); + + othermod_engine_disable = APR_RETRIEVE_OPTIONAL_FN(ssl_engine_disable); + othermod_engine_set = APR_RETRIEVE_OPTIONAL_FN(ssl_engine_set); APR_REGISTER_OPTIONAL_FN(ssl_proxy_enable); APR_REGISTER_OPTIONAL_FN(ssl_engine_disable); diff -uap httpd-2.4.33/modules/ssl/ssl_engine_vars.c.sslmultiproxy httpd-2.4.33/modules/ssl/ssl_engine_vars.c --- httpd-2.4.33/modules/ssl/ssl_engine_vars.c.sslmultiproxy +++ httpd-2.4.33/modules/ssl/ssl_engine_vars.c @@ -54,6 +54,8 @@ static void ssl_var_lookup_ssl_cipher_bits(SSL *ssl, int *usekeysize, int *algkeysize); static char *ssl_var_lookup_ssl_version(apr_pool_t *p, char *var); static char *ssl_var_lookup_ssl_compress_meth(SSL *ssl); +static APR_OPTIONAL_FN_TYPE(ssl_is_https) *othermod_is_https; +static APR_OPTIONAL_FN_TYPE(ssl_var_lookup) *othermod_var_lookup; static SSLConnRec *ssl_get_effective_config(conn_rec *c) { @@ -68,7 +70,9 @@ static int ssl_is_https(conn_rec *c) { SSLConnRec *sslconn = ssl_get_effective_config(c); - return sslconn && sslconn->ssl; + + return (sslconn && sslconn->ssl) + || (othermod_is_https && othermod_is_https(c)); } static const char var_interface[] = "mod_ssl/" AP_SERVER_BASEREVISION; @@ -137,6 +141,9 @@ { char *cp, *cp2; + othermod_is_https = APR_RETRIEVE_OPTIONAL_FN(ssl_is_https); + othermod_var_lookup = APR_RETRIEVE_OPTIONAL_FN(ssl_var_lookup); + APR_REGISTER_OPTIONAL_FN(ssl_is_https); APR_REGISTER_OPTIONAL_FN(ssl_var_lookup); APR_REGISTER_OPTIONAL_FN(ssl_ext_list); @@ -271,6 +278,15 @@ */ if (result == NULL && c != NULL) { SSLConnRec *sslconn = ssl_get_effective_config(c); + + if (strlen(var) > 4 && strcEQn(var, "SSL_", 4) + && (!sslconn || !sslconn->ssl) && othermod_var_lookup) { + /* For an SSL_* variable, if mod_ssl is not enabled for + * this connection and another SSL module is present, pass + * through to that module. */ + return othermod_var_lookup(p, s, c, r, var); + } + if (strlen(var) > 4 && strcEQn(var, "SSL_", 4) && sslconn && sslconn->ssl) result = ssl_var_lookup_ssl(p, sslconn, r, var+4);