Removed tabs, fixed C++ comments, added prototypes. (c4d34341) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP Apache Httpd

modules/arch/netware/mod_nw_ssl.c

+176 −166

Original line number	Diff line number	Diff line
		@@ -41,9 +41,11 @@

		#include "httpd.h"
		#include "http_config.h"
		#include "http_connection.h"
		#include "http_core.h"
		#include "http_log.h"
		#include "http_protocol.h"
		#include "http_core.h"
		#include "http_request.h"
		#include "ap_listen.h"
		#include "apr_strings.h"
		#include "apr_portable.h"
		@@ -307,7 +309,7 @@ static int make_secure_socket(apr_pool_t pconf, const struct sockaddr_in serve
		return s;
		}

		int convert_secure_socket(conn_rec c, apr_socket_t csd)
		static int convert_secure_socket(conn_rec c, apr_socket_t csd)
		{
		int rcode;
		struct tlsclientopts sWS2Opts;
		@@ -327,10 +329,10 @@ int convert_secure_socket(conn_rec c, apr_socket_t csd)
		ulFlags = (numcerts ? SO_TLS_ENABLE : SO_TLS_ENABLE \| SO_TLS_BLIND_ACCEPT);
		rcode = WSAIoctl(sock, SO_TLS_SET_FLAGS, &ulFlags, sizeof(unsigned long),
		NULL, 0, NULL, NULL, NULL);
		if (SOCKET_ERROR == rcode)
		{
		if (SOCKET_ERROR == rcode) {
		ap_log_error(APLOG_MARK, APLOG_ERR, 0, c->base_server,
		"Error: %d with ioctlsocket(flag SO_TLS_ENABLE)", WSAGetLastError());
		"Error: %d with ioctlsocket(flag SO_TLS_ENABLE)",
		WSAGetLastError());
		return rcode;
		}

		@@ -344,9 +346,9 @@ int convert_secure_socket(conn_rec c, apr_socket_t csd)
		sWS2Opts.options = &sNWTLSOpts;

		if (numcerts) {
		sNWTLSOpts.walletProvider = WAL_PROV_DER; //the wallet provider defined in wdefs.h
		sNWTLSOpts.TrustedRootList = certarray; //array of certs in UNICODE format
		sNWTLSOpts.numElementsInTRList = numcerts; //number of certs in TRList
		sNWTLSOpts.walletProvider = WAL_PROV_DER; /* the wallet provider defined in wdefs.h */
		sNWTLSOpts.TrustedRootList = certarray; /* array of certs in UNICODE format */
		sNWTLSOpts.numElementsInTRList = numcerts; /* number of certs in TRList */
		}
		else {
		/* setup the socket for SSL */
		@@ -354,7 +356,7 @@ int convert_secure_socket(conn_rec c, apr_socket_t csd)
		sWS2Opts.wallet = keyFileName; /* no client certificate */
		sWS2Opts.walletlen = unilen(keyFileName);

		sNWTLSOpts.walletProvider = WAL_PROV_KMO; //the wallet provider defined in wdefs.h
		sNWTLSOpts.walletProvider = WAL_PROV_KMO; /* the wallet provider defined in wdefs.h */
		}

		/* make the IOCTL call */
		@@ -365,12 +367,13 @@ int convert_secure_socket(conn_rec c, apr_socket_t csd)
		/* make sure that it was successfull */
		if(SOCKET_ERROR == rcode ){
		ap_log_error(APLOG_MARK, APLOG_ERR, 0, c->base_server,
		"Error: %d with ioctl (SO_TLS_SET_CLIENT)", WSAGetLastError());
		"Error: %d with ioctl (SO_TLS_SET_CLIENT)",
		WSAGetLastError());
		}
		return rcode;
		}

		int SSLize_Socket(SOCKET socketHnd, char key, request_rec r)
		static int SSLize_Socket(SOCKET socketHnd, char key, request_rec r)
		{
		int rcode;
		struct tlsserveropts sWS2Opts;
		@@ -383,28 +386,30 @@ int SSLize_Socket(SOCKET socketHnd, char key, request_rec r)


		ulFlag = SO_TLS_ENABLE;
		rcode = WSAIoctl(socketHnd, SO_TLS_SET_FLAGS, &ulFlag, sizeof(unsigned long), NULL, 0, NULL, NULL, NULL);
		if(rcode)
		{
		rcode = WSAIoctl(socketHnd, SO_TLS_SET_FLAGS, &ulFlag,
		sizeof(unsigned long), NULL, 0, NULL, NULL, NULL);
		if(rcode) {
		ap_log_error(APLOG_MARK, APLOG_ERR, 0, r->server,
		"Error: %d with WSAIoctl(SO_TLS_SET_FLAGS, SO_TLS_ENABLE)", WSAGetLastError());
		"Error: %d with WSAIoctl(SO_TLS_SET_FLAGS, SO_TLS_ENABLE)",
		WSAGetLastError());
		goto ERR;
		}


		ulFlag = SO_TLS_SERVER;
		rcode = WSAIoctl(socketHnd, SO_TLS_SET_FLAGS, &ulFlag, sizeof(unsigned long),NULL, 0, NULL, NULL, NULL);
		rcode = WSAIoctl(socketHnd, SO_TLS_SET_FLAGS, &ulFlag,
		sizeof(unsigned long),NULL, 0, NULL, NULL, NULL);

		if(rcode)
		{
		if(rcode) {
		ap_log_error(APLOG_MARK, APLOG_ERR, 0, r->server,
		"Error: %d with WSAIoctl(SO_TLS_SET_FLAGS, SO_TLS_SERVER)", WSAGetLastError());
		"Error: %d with WSAIoctl(SO_TLS_SET_FLAGS, SO_TLS_SERVER)",
		WSAGetLastError());
		goto ERR;
		}

		loc2uni(UNI_LOCAL_DEFAULT, SASKey, key, 0, 0);

		//setup the tlsserveropts struct
		/* setup the tlsserveropts struct */
		sWS2Opts.wallet = SASKey;
		sWS2Opts.walletlen = unilen(SASKey);
		sWS2Opts.sidtimeout = 0;
		@@ -412,7 +417,7 @@ int SSLize_Socket(SOCKET socketHnd, char key, request_rec r)
		sWS2Opts.siddir = NULL;
		sWS2Opts.options = &sNWTLSOpts;

		//setup the nwtlsopts structure
		/* setup the nwtlsopts structure */

		sNWTLSOpts.walletProvider = WAL_PROV_KMO;
		sNWTLSOpts.keysList = NULL;
		@@ -436,7 +441,8 @@ int SSLize_Socket(SOCKET socketHnd, char key, request_rec r)
		NULL);
		if(SOCKET_ERROR == rcode) {
		ap_log_error(APLOG_MARK, APLOG_ERR, 0, r->server,
		"Error: %d with WSAIoctl(SO_TLS_SET_SERVER)", WSAGetLastError());
		"Error: %d with WSAIoctl(SO_TLS_SET_SERVER)",
		WSAGetLastError());
		goto ERR;
		}

		@@ -503,8 +509,10 @@ static const char set_secure_listener(cmd_parms cmd, void *dummy,
		return NULL;
		}

		static const char set_secure_upgradeable_listener(cmd_parms cmd, void *dummy,
		const char ips, const char key)
		static const char set_secure_upgradeable_listener(cmd_parms cmd,
		void *dummy,
		const char *ips,
		const char *key)
		{
		NWSSLSrvConfigRec* sc = get_nwssl_cfg(cmd->server);
		seclistenup_rec *listen_node;
		@@ -624,7 +632,8 @@ static int nwssl_post_config(apr_pool_t pconf, apr_pool_t plog,
		sl->fd = find_secure_listener(sl);

		if (sl->fd < 0)
		sl->fd = make_secure_socket(pconf, &sl->local_addr, sl->key, sl->mutual, s);
		sl->fd = make_secure_socket(pconf, &sl->local_addr,
		sl->key, sl->mutual, s);

		if (sl->fd >= 0) {
		apr_os_sock_info_t sock_info;
		@@ -641,10 +650,11 @@ static int nwssl_post_config(apr_pool_t pconf, apr_pool_t plog,

		if (lr) {
		lr->sd = sd;
		if ((status = apr_sockaddr_info_get(&lr->bind_addr, sl->addr, APR_UNSPEC, sl->port, 0,
		pconf)) != APR_SUCCESS) {
		if ((status = apr_sockaddr_info_get(&lr->bind_addr, sl->addr,
		APR_UNSPEC, sl->port, 0, pconf)) != APR_SUCCESS) {
		ap_log_perror(APLOG_MARK, APLOG_CRIT, status, pconf,
		"alloc_listener: failed to set up sockaddr for %s:%d", sl->addr, sl->port);
		"alloc_listener: failed to set up sockaddr for %s:%d",
		sl->addr, sl->port);
		return HTTP_INTERNAL_SERVER_ERROR;
		}
		lr->next = ap_listeners;
		@@ -667,7 +677,8 @@ static int nwssl_post_config(apr_pool_t pconf, apr_pool_t plog,
		}
		if (!found) {
		ap_log_perror(APLOG_MARK, APLOG_WARNING, 0, plog,
		"No Listen directive found for upgradeable listener %s:%d", slu->addr, slu->port);
		"No Listen directive found for upgradeable listener %s:%d",
		slu->addr, slu->port);
		}
		}

		@@ -696,15 +707,15 @@ static int compare_ipports(void rec, const char key, const char *value)
		{
		conn_rec c = (conn_rec)rec;

		if (value &&
		((strcmp(value, "0.0.0.0") == 0) \|\| (strcmp(value, c->local_ip) == 0)))
		{
		if (value && ((strcmp(value, "0.0.0.0") == 0) \|\|
		(strcmp(value, c->local_ip) == 0))) {
		return 0;
		}
		return 1;
		}

		static int isSecureConnEx (const server_rec s, const conn_rec c, const apr_table_t *t)
		static int isSecureConnEx (const server_rec s, const conn_rec c,
		const apr_table_t *t)
		{
		char port[8];

		@@ -912,7 +923,6 @@ char ssl_var_lookup(apr_pool_t p, server_rec s, conn_rec c, request_rec *r,
		if (strlen(var) > 4 && strcEQn(var, "SSL_", 4)
		&& sslconn && sslconn->ssl)
		result = ssl_var_lookup_ssl(p, c, var+4); */

		if (strlen(var) > 4 && strcEQn(var, "SSL_", 4))
		result = NULL;
		else if (strcEQ(var, "REMOTE_ADDR"))
		@@ -1024,7 +1034,7 @@ static apr_status_t ssl_io_filter_Upgrade(ap_filter_t *f,
		while (token && strcmp(token,"TLS/1.0")) {
		apr_strtok(NULL,", ",&token_state);
		}
		// "Upgrade: TLS/1.0" header not found, don't do Upgrade
		/* "Upgrade: TLS/1.0" header not found, don't do Upgrade */
		if (!token) {
		return ap_pass_brigade(f->next, bb);
		}
		@@ -1035,7 +1045,7 @@ static apr_status_t ssl_io_filter_Upgrade(ap_filter_t *f,
		while (token && strcmp(token,"Upgrade")) {
		apr_strtok(NULL,",",&token_state);
		}
		// "Connection: Upgrade" header not found, don't do Upgrade
		/* "Connection: Upgrade" header not found, don't do Upgrade */
		if (!token) {
		return ap_pass_brigade(f->next, bb);
		}