diff options
| author | Stefan Eissing <icing@apache.org> | 2021-06-08 16:37:44 +0200 |
|---|---|---|
| committer | Stefan Eissing <icing@apache.org> | 2021-06-08 16:37:44 +0200 |
| commit | a4f45f275b7d90240f2ebd28834585e04deae165 (patch) | |
| tree | 08d33b1a84441649381e9ddeb003dbdcbe676804 /modules/proxy | |
| parent | Corrected mod_md typos + build all which results in tons of copy right notice... (diff) | |
| download | apache2-a4f45f275b7d90240f2ebd28834585e04deae165.tar.xz apache2-a4f45f275b7d90240f2ebd28834585e04deae165.zip | |
*) core/mod_proxy/mod_ssl:
Adding `outgoing` flag to conn_rec, indicating a connection is
initiated by the server to somewhere, in contrast to incoming
connections from clients.
Adding 'ap_ssl_bind_outgoing()` function that marks a connection
as outgoing and is used by mod_proxy instead of the previous
optional function `ssl_engine_set`. This enables other SSL
module to secure proxy connections.
The optional functions `ssl_engine_set`, `ssl_engine_disable` and
`ssl_proxy_enable` are now provided by the core to have backward
compatibility with non-httpd modules that might use them. mod_ssl
itself no longer registers these functions, but keeps them in its
header for backward compatibility.
The core provided optional function wrap any registered function
like it was done for `ssl_is_ssl`.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1890605 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'modules/proxy')
| -rw-r--r-- | modules/proxy/mod_proxy.c | 29 | ||||
| -rw-r--r-- | modules/proxy/mod_proxy_hcheck.c | 3 | ||||
| -rw-r--r-- | modules/proxy/mod_proxy_http.c | 2 |
3 files changed, 10 insertions, 24 deletions
diff --git a/modules/proxy/mod_proxy.c b/modules/proxy/mod_proxy.c index dd51fe9641..647402d3a1 100644 --- a/modules/proxy/mod_proxy.c +++ b/modules/proxy/mod_proxy.c @@ -3136,20 +3136,15 @@ PROXY_DECLARE(int) ap_proxy_ssl_enable(conn_rec *c) * if c == NULL just check if the optional function was imported * else run the optional function so ssl filters are inserted */ - if (proxy_ssl_enable) { - return c ? proxy_ssl_enable(c) : 1; + if (c == NULL) { + return ap_ssl_has_outgoing_handlers(); } - - return 0; + return ap_ssl_bind_outgoing(c, NULL, 1) == OK; } PROXY_DECLARE(int) ap_proxy_ssl_disable(conn_rec *c) { - if (proxy_ssl_disable) { - return proxy_ssl_disable(c); - } - - return 0; + return ap_ssl_bind_outgoing(c, NULL, 0) == OK; } PROXY_DECLARE(int) ap_proxy_ssl_engine(conn_rec *c, @@ -3160,20 +3155,10 @@ PROXY_DECLARE(int) ap_proxy_ssl_engine(conn_rec *c, * if c == NULL just check if the optional function was imported * else run the optional function so ssl filters are inserted */ - if (proxy_ssl_engine) { - return c ? proxy_ssl_engine(c, per_dir_config, 1, enable) : 1; + if (c == NULL) { + return ap_ssl_has_outgoing_handlers(); } - - if (!per_dir_config) { - if (enable) { - return ap_proxy_ssl_enable(c); - } - else { - return ap_proxy_ssl_disable(c); - } - } - - return 0; + return ap_ssl_bind_outgoing(c, per_dir_config, enable) == OK; } PROXY_DECLARE(int) ap_proxy_conn_is_https(conn_rec *c) diff --git a/modules/proxy/mod_proxy_hcheck.c b/modules/proxy/mod_proxy_hcheck.c index 4d91669ba9..88723ba676 100644 --- a/modules/proxy/mod_proxy_hcheck.c +++ b/modules/proxy/mod_proxy_hcheck.c @@ -20,6 +20,7 @@ #if APR_HAS_THREADS #include "apr_thread_pool.h" #endif +#include "http_ssl.h" module AP_MODULE_DECLARE_DATA proxy_hcheck_module; @@ -605,7 +606,7 @@ static int hc_get_backend(const char *proxy_function, proxy_conn_rec **backend, (*backend)->addr = hc->cp->addr; (*backend)->hostname = hc->s->hostname_ex; if (strcmp(hc->s->scheme, "https") == 0 || strcmp(hc->s->scheme, "wss") == 0 ) { - if (!ap_proxy_ssl_enable(NULL)) { + if (!ap_ssl_has_outgoing_handlers()) { ap_log_error(APLOG_MARK, APLOG_WARNING, 0, ctx->s, APLOGNO(03252) "mod_ssl not configured?"); return !OK; diff --git a/modules/proxy/mod_proxy_http.c b/modules/proxy/mod_proxy_http.c index 056cfb1f77..25239010b6 100644 --- a/modules/proxy/mod_proxy_http.c +++ b/modules/proxy/mod_proxy_http.c @@ -1909,7 +1909,7 @@ static int proxy_http_handler(request_rec *r, proxy_worker *worker, "HTTP: declining URL %s", url); return DECLINED; /* only interested in HTTP, WS or FTP via proxy */ } - if (is_ssl && !ap_proxy_ssl_enable(NULL)) { + if (is_ssl && !ap_ssl_has_outgoing_handlers()) { ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO(01112) "HTTP: declining URL %s (mod_ssl not configured?)", url); return DECLINED; |