Axe out EAPI-based SSL_VENDOR stuff. (481a325b) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP Apache Httpd

modules/ssl/README

+0 −18

Original line number	Diff line number	Diff line
		@@ -140,21 +140,3 @@
		mod_ssl automatically recognizes this OpenSSL variant and then can
		activate external crypto devices through SSLCryptoDevice directive.

		VENDOR EXTENSIONS

		Inside the mod_ssl sources you can enable various EAPI vendor hooks
		(`ap::mod_ssl::vendor::xxxx') by using the APACI --enable-rule=SSL_VENDOR
		option. These hooks can be used to change or extend mod_ssl by a vendor
		without patching the source code. Grep for `ap::mod_ssl::vendor::'.
		Additionally vendors can add their own source code to files named
		ssl_vendor.c, ssl_vendor_XXX.c, etc. The libssl.module script automatically
		picks these up under configuration time and mod_ssl under run-time calls the
		functions `void ssl_vendor_register(void)' and `void
		ssl_vendor_unregister(void)' inside these objects to bootstrap them.

		An ssl_vendor.c should at least contain the following contents:

		\| #include "mod_ssl.h"
		\| void ssl_vendor_register(void) { return; }
		\| void ssl_vendor_unregister(void) { return; }

modules/ssl/mod_ssl.h

+0 −16

Original line number	Diff line number	Diff line
		@@ -563,9 +563,6 @@ typedef struct {
		struct {
		void pV1, pV2, pV3, pV4, pV5, pV6, pV7, pV8, pV9, pV10;
		} rCtx;
		#ifdef SSL_VENDOR
		ap_ctx *ctx;
		#endif
		} SSLModConfigRec;

		/*
		@@ -609,9 +606,6 @@ typedef struct {
		SSL_CTX *pSSLProxyCtx;
		STACK_OF(X509_INFO) *skProxyClientCerts;
		#endif
		#ifdef SSL_VENDOR
		ap_ctx *ctx;
		#endif
		} SSLSrvConfigRec;

		/*
		@@ -634,9 +628,6 @@ typedef struct {
		char *szCACertificatePath;
		char *szCACertificateFile;
		#endif
		#ifdef SSL_VENDOR
		ap_ctx *ctx;
		#endif
		#endif /* XXX */
		} SSLDirConfigRec;
		#if 0 /* XXX */
		@@ -833,7 +824,6 @@ void ssl_compat_variables(request_rec *);
		#endif

		/* Utility Functions */
		char ssl_util_server_root_relative(pool , char , char );
		char ssl_util_vhostid(pool , server_rec *);
		void ssl_util_strupper(char *);
		void ssl_util_uuencode(char , const char , BOOL);
		@@ -848,12 +838,6 @@ char *ssl_util_algotypestr(ssl_algo_t);
		char ssl_util_ptxtsub(pool , const char , const char , char *);
		void ssl_util_thread_setup(void);

		/* Vendor extension support */
		#if defined(SSL_VENDOR) && defined(SSL_VENDOR_OBJS)
		void ssl_vendor_register(void);
		void ssl_vendor_unregister(void);
		#endif

		#endif /* XXX */

		#endif /* MOD_SSL_H */

modules/ssl/ssl_engine_compat.c

+0 −16

Original line number	Diff line number	Diff line
		@@ -481,22 +481,6 @@ void ssl_compat_variables(request_rec *r)
		ap_table_set(r->subprocess_env, cpOld, cpVal);
		}
		else if (cpMsg != NULL) {
		#ifdef SSL_VENDOR
		/*
		* something that isn't provided by mod_ssl, so at least
		* let vendor extensions provide a reasonable value first.
		*/
		cpVal = NULL;
		ap_hook_use("ap::mod_ssl::vendor::compat_variables_lookup",
		AP_HOOK_SIG3(ptr,ptr,ptr),
		AP_HOOK_DECLINE(NULL),
		&cpVal, r, cpOld);
		if (cpVal != NULL) {
		ap_table_set(r->subprocess_env, cpOld, cpVal);
		continue;
		}
		#endif

		/*
		* we cannot print a message, so we set at least
		* the variables content to the compat message

modules/ssl/ssl_engine_config.c

+19 −64

Original line number	Diff line number	Diff line
		@@ -84,9 +84,6 @@ void ssl_hook_AddModule(module *m)
		ssl_var_register();
		ssl_ext_register();
		ssl_io_register();
		#if defined(SSL_VENDOR) && defined(SSL_VENDOR_OBJS)
		ssl_vendor_register();
		#endif
		}
		return;
		}
		@@ -100,9 +97,6 @@ void ssl_hook_RemoveModule(module *m)
		ssl_var_unregister();
		ssl_ext_unregister();
		ssl_io_unregister();
		#if defined(SSL_VENDOR) && defined(SSL_VENDOR_OBJS)
		ssl_vendor_unregister();
		#endif
		}
		return;
		}
		@@ -145,12 +139,6 @@ void ssl_config_global_create(void)

		(void)memset(mc->pTmpKeys, 0, SSL_TKPIDX_MAXsizeof(void ));

		#ifdef SSL_VENDOR
		mc->ctx = ap_ctx_new(pPool);
		ap_hook_use("ap::mod_ssl::vendor::config_global_create",
		AP_HOOK_SIG2(void,ptr), AP_HOOK_MODE_ALL, mc);
		#endif

		/*
		* And push it into Apache's global context
		*/
		@@ -225,13 +213,6 @@ void ssl_config_server_create(pool p, server_rec *s)
		(void)memset(sc->pPublicCert, 0, SSL_AIDX_MAXsizeof(X509 ));
		(void)memset(sc->pPrivateKey, 0, SSL_AIDX_MAXsizeof(EVP_PKEY ));

		#ifdef SSL_VENDOR
		sc->ctx = ap_ctx_new(p);
		ap_hook_use("ap::mod_ssl::vendor::config_server_create",
		AP_HOOK_SIG4(void,ptr,ptr,ptr), AP_HOOK_MODE_ALL,
		p, s, sc);
		#endif

		return sc;
		}

		@@ -271,13 +252,6 @@ void ssl_config_server_merge(pool p, void basev, void addv)
		cfgMerge(pPrivateKey[i], NULL);
		}

		#ifdef SSL_VENDOR
		cfgMergeCtx(ctx);
		ap_hook_use("ap::mod_ssl::vendor::config_server_merge",
		AP_HOOK_SIG5(void,ptr,ptr,ptr,ptr), AP_HOOK_MODE_ALL,
		p, base, add, new);
		#endif

		#ifdef SSL_EXPERIMENTAL_PROXY
		cfgMergeInt(nProxyVerifyDepth);
		cfgMergeString(szProxyCACertificatePath);
		@@ -314,13 +288,6 @@ void ssl_config_perdir_create(pool p, char *dir)
		dc->szCACertificateFile = NULL;
		#endif

		#ifdef SSL_VENDOR
		dc->ctx = ap_ctx_new(p);
		ap_hook_use("ap::mod_ssl::vendor::config_perdir_create",
		AP_HOOK_SIG4(void,ptr,ptr,ptr), AP_HOOK_MODE_ALL,
		p, dir, dc);
		#endif

		return dc;
		}

		@@ -356,13 +323,6 @@ void ssl_config_perdir_merge(pool p, void basev, void addv)
		cfgMergeString(szCACertificateFile);
		#endif

		#ifdef SSL_VENDOR
		cfgMergeCtx(ctx);
		ap_hook_use("ap::mod_ssl::vendor::config_perdir_merge",
		AP_HOOK_SIG5(void,ptr,ptr,ptr,ptr), AP_HOOK_MODE_ALL,
		p, base, add, new);
		#endif

		return new;
		}

		@@ -403,7 +363,7 @@ const char *ssl_cmd_SSLMutex(
		#ifndef WIN32
		mc->nMutexMode = SSL_MUTEXMODE_FILE;
		mc->szMutexFile = ap_psprintf(mc->pPool, "%s.%lu",
		ssl_util_server_root_relative(cmd->pool, "mutex", arg+5),
		ap_server_root_relative(cmd->pool, "mutex", arg+5),
		(unsigned long)getpid());
		#else
		return "SSLMutex: Lockfiles not available on this platform";
		@@ -437,7 +397,7 @@ const char *ssl_cmd_SSLPassPhraseDialog(
		}
		else if (strlen(arg) > 5 && strEQn(arg, "exec:", 5)) {
		sc->nPassPhraseDialogType = SSL_PPTYPE_FILTER;
		sc->szPassPhraseDialogPath = ssl_util_server_root_relative(cmd->pool, "dialog", arg+5);
		sc->szPassPhraseDialogPath = ap_server_root_relative(cmd->pool, "dialog", arg+5);
		if (!ssl_util_path_check(SSL_PCM_EXISTS, sc->szPassPhraseDialogPath))
		return ap_pstrcat(cmd->pool, "SSLPassPhraseDialog: file '",
		sc->szPassPhraseDialogPath, "' not exists", NULL);
		@@ -504,16 +464,16 @@ const char *ssl_cmd_SSLRandomSeed(
		"invalid context: `", arg1, "'");
		if (strlen(arg2) > 5 && strEQn(arg2, "file:", 5)) {
		pRS->nSrc = SSL_RSSRC_FILE;
		pRS->cpPath = ap_pstrdup(mc->pPool, ssl_util_server_root_relative(cmd->pool, "random", arg2+5));
		pRS->cpPath = ap_pstrdup(mc->pPool, ap_server_root_relative(cmd->pool, "random", arg2+5));
		}
		else if (strlen(arg2) > 5 && strEQn(arg2, "exec:", 5)) {
		pRS->nSrc = SSL_RSSRC_EXEC;
		pRS->cpPath = ap_pstrdup(mc->pPool, ssl_util_server_root_relative(cmd->pool, "random", arg2+5));
		pRS->cpPath = ap_pstrdup(mc->pPool, ap_server_root_relative(cmd->pool, "random", arg2+5));
		}
		#if SSL_LIBRARY_VERSION >= 0x00905100
		else if (strlen(arg2) > 4 && strEQn(arg2, "egd:", 4)) {
		pRS->nSrc = SSL_RSSRC_EGD;
		pRS->cpPath = ap_pstrdup(mc->pPool, ssl_util_server_root_relative(cmd->pool, "random", arg2+4));
		pRS->cpPath = ap_pstrdup(mc->pPool, ap_server_root_relative(cmd->pool, "random", arg2+4));
		}
		#endif
		else if (strcEQ(arg2, "builtin")) {
		@@ -522,7 +482,7 @@ const char *ssl_cmd_SSLRandomSeed(
		}
		else {
		pRS->nSrc = SSL_RSSRC_FILE;
		pRS->cpPath = ap_pstrdup(mc->pPool, ssl_util_server_root_relative(cmd->pool, "random", arg2));
		pRS->cpPath = ap_pstrdup(mc->pPool, ap_server_root_relative(cmd->pool, "random", arg2));
		}
		if (pRS->nSrc != SSL_RSSRC_BUILTIN)
		if (!ssl_util_path_check(SSL_PCM_EXISTS, pRS->cpPath))
		@@ -575,7 +535,7 @@ const char *ssl_cmd_SSLCertificateFile(
		char *cpPath;
		int i;

		cpPath = ssl_util_server_root_relative(cmd->pool, "certkey", arg);
		cpPath = ap_server_root_relative(cmd->pool, "certkey", arg);
		if (!ssl_util_path_check(SSL_PCM_EXISTS\|SSL_PCM_ISREG\|SSL_PCM_ISNONZERO, cpPath))
		return ap_pstrcat(cmd->pool, "SSLCertificateFile: file '",
		cpPath, "' not exists or empty", NULL);
		@@ -598,7 +558,7 @@ const char *ssl_cmd_SSLCertificateKeyFile(
		char *cpPath;
		int i;

		cpPath = ssl_util_server_root_relative(cmd->pool, "certkey", arg);
		cpPath = ap_server_root_relative(cmd->pool, "certkey", arg);
		if (!ssl_util_path_check(SSL_PCM_EXISTS\|SSL_PCM_ISREG\|SSL_PCM_ISNONZERO, cpPath))
		return ap_pstrcat(cmd->pool, "SSLCertificateKeyFile: file '",
		cpPath, "' not exists or empty", NULL);
		@@ -620,7 +580,7 @@ const char *ssl_cmd_SSLCertificateChainFile(
		SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
		char *cpPath;

		cpPath = ssl_util_server_root_relative(cmd->pool, "certkey", arg);
		cpPath = ap_server_root_relative(cmd->pool, "certkey", arg);
		if (!ssl_util_path_check(SSL_PCM_EXISTS\|SSL_PCM_ISREG\|SSL_PCM_ISNONZERO, cpPath))
		return ap_pstrcat(cmd->pool, "SSLCertificateChainFile: file '",
		cpPath, "' not exists or empty", NULL);
		@@ -636,7 +596,7 @@ const char *ssl_cmd_SSLCACertificatePath(
		SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
		char *cpPath;

		cpPath = ssl_util_server_root_relative(cmd->pool, "certkey", arg);
		cpPath = ap_server_root_relative(cmd->pool, "certkey", arg);
		if (!ssl_util_path_check(SSL_PCM_EXISTS\|SSL_PCM_ISDIR, cpPath))
		return ap_pstrcat(cmd->pool, "SSLCACertificatePath: directory '",
		cpPath, "' not exists", NULL);
		@@ -659,7 +619,7 @@ const char *ssl_cmd_SSLCACertificateFile(
		SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
		char *cpPath;

		cpPath = ssl_util_server_root_relative(cmd->pool, "certkey", arg);
		cpPath = ap_server_root_relative(cmd->pool, "certkey", arg);
		if (!ssl_util_path_check(SSL_PCM_EXISTS\|SSL_PCM_ISREG\|SSL_PCM_ISNONZERO, cpPath))
		return ap_pstrcat(cmd->pool, "SSLCACertificateFile: file '",
		cpPath, "' not exists or empty", NULL);
		@@ -682,7 +642,7 @@ const char *ssl_cmd_SSLCARevocationPath(
		SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
		char *cpPath;

		cpPath = ssl_util_server_root_relative(cmd->pool, "certkey", arg);
		cpPath = ap_server_root_relative(cmd->pool, "certkey", arg);
		if (!ssl_util_path_check(SSL_PCM_EXISTS\|SSL_PCM_ISDIR, cpPath))
		return ap_pstrcat(cmd->pool, "SSLCARecocationPath: directory '",
		cpPath, "' not exists", NULL);
		@@ -698,7 +658,7 @@ const char *ssl_cmd_SSLCARevocationFile(
		SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
		char *cpPath;

		cpPath = ssl_util_server_root_relative(cmd->pool, "certkey", arg);
		cpPath = ap_server_root_relative(cmd->pool, "certkey", arg);
		if (!ssl_util_path_check(SSL_PCM_EXISTS\|SSL_PCM_ISREG\|SSL_PCM_ISNONZERO, cpPath))
		return ap_pstrcat(cmd->pool, "SSLCARevocationFile: file '",
		cpPath, "' not exists or empty", NULL);
		@@ -770,7 +730,7 @@ const char *ssl_cmd_SSLSessionCache(
		else if (strlen(arg) > 4 && strcEQn(arg, "dbm:", 4)) {
		mc->nSessionCacheMode = SSL_SCMODE_DBM;
		mc->szSessionCacheDataFile = ap_pstrdup(mc->pPool,
		ssl_util_server_root_relative(cmd->pool, "scache", arg+4));
		ap_server_root_relative(cmd->pool, "scache", arg+4));
		}
		else if ( (strlen(arg) > 4 && strcEQn(arg, "shm:", 4))
		\|\| (strlen(arg) > 6 && strcEQn(arg, "shmht:", 6))) {
		@@ -779,7 +739,7 @@ const char *ssl_cmd_SSLSessionCache(
		mc->nSessionCacheMode = SSL_SCMODE_SHMHT;
		cp = strchr(arg, ':');
		mc->szSessionCacheDataFile = ap_pstrdup(mc->pPool,
		ssl_util_server_root_relative(cmd->pool, "scache", cp+1));
		ap_server_root_relative(cmd->pool, "scache", cp+1));
		mc->tSessionCacheDataTable = NULL;
		mc->nSessionCacheDataSize = 1024512; / 512KB */
		if ((cp = strchr(mc->szSessionCacheDataFile, '(')) != NULL) {
		@@ -819,11 +779,6 @@ const char *ssl_cmd_SSLSessionCache(
		}
		}
		else
		#ifdef SSL_VENDOR
		if (!ap_hook_use("ap::mod_ssl::vendor::cmd_sslsessioncache",
		AP_HOOK_SIG4(void,ptr,ptr,ptr), AP_HOOK_MODE_ALL,
		cmd, arg, mc))
		#endif
		return "SSLSessionCache: Invalid argument";
		#endif /* XXX */
		return NULL;
		@@ -1095,7 +1050,7 @@ const char *ssl_cmd_SSLProxyCACertificateFile(
		SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
		char *cpPath;

		cpPath = ssl_util_server_root_relative(cmd->pool, "certkey", arg);
		cpPath = ap_server_root_relative(cmd->pool, "certkey", arg);
		if (!ssl_util_path_check(SSL_PCM_EXISTS\|SSL_PCM_ISREG\|SSL_PCM_ISNONZERO, cpPath))
		return ap_pstrcat(cmd->pool, "SSLProxyCACertificateFile: file '",
		cpPath, "' not exists or empty", NULL);
		@@ -1111,7 +1066,7 @@ const char *ssl_cmd_SSLProxyCACertificatePath(
		SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
		char *cpPath;

		cpPath = ssl_util_server_root_relative(cmd->pool, "certkey", arg);
		cpPath = ap_server_root_relative(cmd->pool, "certkey", arg);
		if (!ssl_util_path_check(SSL_PCM_EXISTS\|SSL_PCM_ISDIR, cpPath))
		return ap_pstrcat(cmd->pool, "SSLProxyCACertificatePath: directory '",
		cpPath, "' does not exists", NULL);
		@@ -1127,7 +1082,7 @@ const char *ssl_cmd_SSLProxyMachineCertificateFile(
		SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
		char *cpPath;

		cpPath = ssl_util_server_root_relative(cmd->pool, "certkey", arg);
		cpPath = ap_server_root_relative(cmd->pool, "certkey", arg);
		if (!ssl_util_path_check(SSL_PCM_EXISTS\|SSL_PCM_ISREG\|SSL_PCM_ISNONZERO, cpPath))
		return ap_pstrcat(cmd->pool, "SSLProxyMachineCertFile: file '",
		cpPath, "' not exists or empty", NULL);
		@@ -1143,7 +1098,7 @@ const char *ssl_cmd_SSLProxyMachineCertificatePath(
		SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
		char *cpPath;

		cpPath = ssl_util_server_root_relative(cmd->pool, "certkey", arg);
		cpPath = ap_server_root_relative(cmd->pool, "certkey", arg);
		if (!ssl_util_path_check(SSL_PCM_EXISTS\|SSL_PCM_ISDIR, cpPath))
		return ap_pstrcat(cmd->pool, "SSLProxyMachineCertPath: directory '",
		cpPath, "' does not exists", NULL);

modules/ssl/ssl_engine_init.c

+0 −11

Original line number	Diff line number	Diff line
		@@ -145,11 +145,6 @@ void ssl_init_Module(server_rec s, pool p)
		ssl_log(s, SSL_LOG_INFO, "Init: %d%s restart round (already detached)",
		mc->nInitCount-2, (mc->nInitCount-2) == 1 ? "st" : "nd");

		#ifdef SSL_VENDOR
		ap_hook_use("ap::mod_ssl::vendor::init_module",
		AP_HOOK_SIG3(void,ptr,ptr), AP_HOOK_ALL, s, p);
		#endif

		/*
		* The initialization phase inside the Apache API is totally bogus.
		* We actually have three non-trivial problems:
		@@ -830,12 +825,6 @@ void ssl_init_ConfigureServer(server_rec s, pool p, SSLSrvConfigRec *sc)
		n, n == 1 ? "" : "s");
		}

		#ifdef SSL_VENDOR
		ap_hook_use("ap::mod_ssl::vendor::configure_server",
		AP_HOOK_SIG4(void,ptr,ptr,ptr), AP_HOOK_ALL,
		s, p, sc);
		#endif

		return;
		}