diff options
Diffstat (limited to 'modules')
-rw-r--r-- | modules/ssl/ssl_engine_kernel.c | 1 | ||||
-rw-r--r-- | modules/ssl/ssl_engine_vars.c | 14 |
2 files changed, 15 insertions, 0 deletions
diff --git a/modules/ssl/ssl_engine_kernel.c b/modules/ssl/ssl_engine_kernel.c index e89bc0cecc..4ce98aa80b 100644 --- a/modules/ssl/ssl_engine_kernel.c +++ b/modules/ssl/ssl_engine_kernel.c @@ -1546,6 +1546,7 @@ static const char *const ssl_hook_Fixup_vars[] = { "SSL_SRP_USER", "SSL_SRP_USERINFO", #endif + "SSL_HANDSHAKE_RTT", NULL }; diff --git a/modules/ssl/ssl_engine_vars.c b/modules/ssl/ssl_engine_vars.c index d8881734b9..7d09846c27 100644 --- a/modules/ssl/ssl_engine_vars.c +++ b/modules/ssl/ssl_engine_vars.c @@ -51,6 +51,7 @@ static const char *ssl_var_lookup_ssl_cert_rfc4523_cea(apr_pool_t *p, SSL *ssl); static const char *ssl_var_lookup_ssl_cert_verify(apr_pool_t *p, const SSLConnRec *sslconn); static const char *ssl_var_lookup_ssl_cipher(apr_pool_t *p, const SSLConnRec *sslconn, const char *var); static void ssl_var_lookup_ssl_cipher_bits(SSL *ssl, int *usekeysize, int *algkeysize); +static const char *ssl_var_lookup_ssl_handshake_rtt(apr_pool_t *p, SSL *ssl); static const char *ssl_var_lookup_ssl_version(const char *var); static const char *ssl_var_lookup_ssl_compress_meth(SSL *ssl); @@ -472,6 +473,9 @@ static const char *ssl_var_lookup_ssl(apr_pool_t *p, const SSLConnRec *sslconn, else if (ssl != NULL && strlen(var) >= 6 && strcEQn(var, "CIPHER", 6)) { result = ssl_var_lookup_ssl_cipher(p, sslconn, var+6); } + else if (ssl != NULL && strcEQ(var, "HANDSHAKE_RTT")) { + result = ssl_var_lookup_ssl_handshake_rtt(p, ssl); + } else if (ssl != NULL && strlen(var) > 18 && strcEQn(var, "CLIENT_CERT_CHAIN_", 18)) { sk = SSL_get_peer_cert_chain(ssl); result = ssl_var_lookup_ssl_cert_chain(p, sk, var+18, 1); @@ -961,6 +965,16 @@ static void ssl_var_lookup_ssl_cipher_bits(SSL *ssl, int *usekeysize, int *algke return; } +static const char *ssl_var_lookup_ssl_handshake_rtt(apr_pool_t *p, SSL *ssl) +{ +#if OPENSSL_VERSION_NUMBER >= 0x30200000L + apr_uint64_t rtt; + if (SSL_get_handshake_rtt(ssl, &rtt) > 0) + return apr_psprintf(p, "%" APR_UINT64_T_FMT, rtt); +#endif + return NULL; +} + static const char *ssl_var_lookup_ssl_version(const char *var) { if (strEQ(var, "INTERFACE")) { |