diff options
| author | Stefan Eissing <icing@apache.org> | 2021-03-02 15:21:18 +0100 |
|---|---|---|
| committer | Stefan Eissing <icing@apache.org> | 2021-03-02 15:21:18 +0100 |
| commit | 5dc01860dbf5273e0557f8912c36667aeb450a3e (patch) | |
| tree | ecdc92e22e0a70c82ac47d5fdce0c6cda06554b5 /server/protocol.c | |
| parent | Sync CHANGES entries. [skip ci]. (diff) | |
| download | apache2-5dc01860dbf5273e0557f8912c36667aeb450a3e.tar.xz apache2-5dc01860dbf5273e0557f8912c36667aeb450a3e.zip | |
Adding more ap_ssl_* functions and hooks to the core server.
- ap_ssl_add_cert_files() to enable other modules like mod_md to provide
certificate and keys for an SSL module like mod_ssl.
- ap_ssl_add_fallback_cert_files() to enable other modules like mod_md to
provide a fallback certificate in case no 'proper' certificate is
available for an SSL module like mod_ssl.
- ap_ssl_answer_challenge() to enable other modules like mod_md to
provide a certificate as used in the RFC 8555 'tls-alpn-01' challenge
for the ACME protocol for an SSL module like mod_ssl.
- Hooks for 'ssl_add_cert_files', 'ssl_add_fallback_cert_files' and
'ssl_answer_challenge' where modules like mod_md can provide providers
to the above mentioned functions.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1887085 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'server/protocol.c')
| -rw-r--r-- | server/protocol.c | 36 |
1 files changed, 36 insertions, 0 deletions
diff --git a/server/protocol.c b/server/protocol.c index afd76aa07c..4ce2b6172a 100644 --- a/server/protocol.c +++ b/server/protocol.c @@ -72,6 +72,9 @@ APR_HOOK_STRUCT( APR_HOOK_LINK(protocol_get) APR_HOOK_LINK(ssl_conn_is_ssl) APR_HOOK_LINK(ssl_var_lookup) + APR_HOOK_LINK(ssl_add_cert_files) + APR_HOOK_LINK(ssl_add_fallback_cert_files) + APR_HOOK_LINK(ssl_answer_challenge) ) AP_DECLARE_DATA ap_filter_rec_t *ap_old_write_func = NULL; @@ -2697,6 +2700,27 @@ AP_DECLARE(void) ap_setup_ssl_optional_fns(apr_pool_t *pool) APR_REGISTER_OPTIONAL_FN(ssl_var_lookup); } +AP_DECLARE(apr_status_t) ap_ssl_add_cert_files(server_rec *s, apr_pool_t *p, + apr_array_header_t *cert_files, + apr_array_header_t *key_files) +{ + int rv = ap_run_ssl_add_cert_files(s, p, cert_files, key_files); + return (rv == OK || rv == DECLINED)? APR_SUCCESS : APR_EGENERAL; +} + +AP_DECLARE(apr_status_t) ap_ssl_add_fallback_cert_files(server_rec *s, apr_pool_t *p, + apr_array_header_t *cert_files, + apr_array_header_t *key_files) +{ + int rv = ap_run_ssl_add_fallback_cert_files(s, p, cert_files, key_files); + return (rv == OK || rv == DECLINED)? APR_SUCCESS : APR_EGENERAL; +} + +AP_DECLARE(int) ap_ssl_answer_challenge(conn_rec *c, const char *server_name, + const char **pcert_file, const char **pkey_file) +{ + return (ap_run_ssl_answer_challenge(c, server_name, pcert_file, pkey_file) == OK); +} AP_IMPLEMENT_HOOK_VOID(pre_read_request, (request_rec *r, conn_rec *c), @@ -2728,3 +2752,15 @@ AP_IMPLEMENT_HOOK_RUN_FIRST(int, ssl_conn_is_ssl, AP_IMPLEMENT_HOOK_RUN_FIRST(const char *,ssl_var_lookup, (apr_pool_t *p, server_rec *s, conn_rec *c, request_rec *r, const char *name), (p, s, c, r, name), NULL) +AP_IMPLEMENT_HOOK_RUN_ALL(int, ssl_add_cert_files, + (server_rec *s, apr_pool_t *p, + apr_array_header_t *cert_files, apr_array_header_t *key_files), + (s, p, cert_files, key_files), OK, DECLINED) +AP_IMPLEMENT_HOOK_RUN_ALL(int, ssl_add_fallback_cert_files, + (server_rec *s, apr_pool_t *p, + apr_array_header_t *cert_files, apr_array_header_t *key_files), + (s, p, cert_files, key_files), OK, DECLINED) +AP_IMPLEMENT_HOOK_RUN_FIRST(int, ssl_answer_challenge, + (conn_rec *c, const char *server_name, const char **pcert_file, const char **pkey_file), + (c, server_name, pcert_file, pkey_file), DECLINED) + |