Using the new ap_ssl_conn_is_ssl() and ap_ssl_var_lookup() in all internal modules.

 * leaving mod_nw_ssl and mod_ssl itself untouched
 * removing mod_ssl.h includes where no longer necessary
 * some modules might skip post_config hooks, but those were left in, even when empty now.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1887364 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/modules/filters/mod_deflate.c b/modules/filters/mod_deflate.c
index 1c09df1f68304044b0914c07e5a1c8524a7e56ff..d1a2c558e5b74b165773320730474f7b96f06637 100644 (file)
--- a/modules/filters/mod_deflate.c
+++ b/modules/filters/mod_deflate.c
@@ -43,10 +43,10 @@
 #include "apr_general.h"
 #include "util_filter.h"
 #include "apr_buckets.h"
+#include "http_protocol.h"
 #include "http_request.h"
 #define APR_WANT_STRFUNC
 #include "apr_want.h"
-#include "mod_ssl.h"
 
 #include "zlib.h"
 
@@ -99,8 +99,6 @@ static const char deflate_magic[2] = { '\037', '\213' };
 #define DEFAULT_MEMLEVEL 9
 #define DEFAULT_BUFFERSIZE 8096
 
-static APR_OPTIONAL_FN_TYPE(ssl_var_lookup) *mod_deflate_ssl_var = NULL;
-
 /* Check whether a request is gzipped, so we can un-gzip it.
  * If a request has multiple encodings, we need the gzip
  * to be the outermost non-identity encoding.
@@ -553,10 +551,8 @@ static int check_ratio(request_rec *r, deflate_ctx *ctx,
 static int have_ssl_compression(request_rec *r)
 {
     const char *comp;
-    if (mod_deflate_ssl_var == NULL)
-        return 0;
-    comp = mod_deflate_ssl_var(r->pool, r->server, r->connection, r,
-                               "SSL_COMPRESS_METHOD");
+    comp = ap_ssl_var_lookup(r->pool, r->server, r->connection, r,
+                             "SSL_COMPRESS_METHOD");
     if (comp == NULL || *comp == '\0' || strcmp(comp, "NULL") == 0)
         return 0;
     return 1;
@@ -1889,7 +1885,6 @@ static apr_status_t inflate_out_filter(ap_filter_t *f,
 static int mod_deflate_post_config(apr_pool_t *pconf, apr_pool_t *plog,
                                    apr_pool_t *ptemp, server_rec *s)
 {
-    mod_deflate_ssl_var = APR_RETRIEVE_OPTIONAL_FN(ssl_var_lookup);
     return OK;
 }
 

diff --git a/modules/http2/h2_alt_svc.c b/modules/http2/h2_alt_svc.c
index 7f44100f360f89ef89f88787f07bda32608e40d8..0e7bc30f7f16fe025f15995a7cf2dc91ef2569f5 100644 (file)
--- a/modules/http2/h2_alt_svc.c
+++ b/modules/http2/h2_alt_svc.c
@@ -98,7 +98,7 @@ static int h2_alt_svc_handler(request_rec *r)
              */
             const char *alt_svc = "";
             const char *svc_ma = "";
-            int secure = h2_h2_is_tls(r->connection);
+            int secure = ap_ssl_conn_is_ssl(r->connection);
             int ma = h2_config_rgeti(r, H2_CONF_ALT_SVC_MAX_AGE);
             if (ma >= 0) {
                 svc_ma = apr_psprintf(r->pool, "; ma=%d", ma);

diff --git a/modules/http2/h2_conn_io.c b/modules/http2/h2_conn_io.c
index 68c15d13e4906f3c4cfe94b0d236e2fe5f5efcfa..b6f56e4df9186bf2de6dced2e39a84685dce964e 100644 (file)
--- a/modules/http2/h2_conn_io.c
+++ b/modules/http2/h2_conn_io.c
@@ -22,6 +22,7 @@
 #include <http_core.h>
 #include <http_log.h>
 #include <http_connection.h>
+#include <http_protocol.h>
 #include <http_request.h>
 
 #include "h2_private.h"
@@ -133,7 +134,7 @@ apr_status_t h2_conn_io_init(h2_conn_io *io, conn_rec *c, server_rec *s)
 {
     io->c              = c;
     io->output         = apr_brigade_create(c->pool, c->bucket_alloc);
-    io->is_tls         = h2_h2_is_tls(c);
+    io->is_tls         = ap_ssl_conn_is_ssl(c);
     io->buffer_output  = io->is_tls;
     io->flush_threshold = (apr_size_t)h2_config_sgeti64(s, H2_CONF_STREAM_MAX_MEM);
 

diff --git a/modules/http2/h2_h2.c b/modules/http2/h2_h2.c
index 2256842d054638e60ced7130376349b8566218f5..3c5d045d523eccfa08f871a11e8f63f94dd86ec8 100644 (file)
--- a/modules/http2/h2_h2.c
+++ b/modules/http2/h2_h2.c
@@ -28,8 +28,6 @@
 #include <http_request.h>
 #include <http_log.h>
 
-#include "mod_ssl.h"
-
 #include "mod_http2.h"
 #include "h2_private.h"
 
@@ -57,13 +55,6 @@ const char *h2_clear_protos[] = {
 
 const char *H2_MAGIC_TOKEN = "PRI * HTTP/2.0\r\n\r\nSM\r\n\r\n";
 
-/*******************************************************************************
- * The optional mod_ssl functions we need. 
- */
-static APR_OPTIONAL_FN_TYPE(ssl_is_https) *opt_ssl_is_https;
-static APR_OPTIONAL_FN_TYPE(ssl_var_lookup) *opt_ssl_var_lookup;
-
-
 /*******************************************************************************
  * HTTP/2 error stuff
  */
@@ -445,27 +436,14 @@ apr_status_t h2_h2_init(apr_pool_t *pool, server_rec *s)
 {
     (void)pool;
     ap_log_error(APLOG_MARK, APLOG_TRACE1, 0, s, "h2_h2, child_init");
-    opt_ssl_is_https = APR_RETRIEVE_OPTIONAL_FN(ssl_is_https);
-    opt_ssl_var_lookup = APR_RETRIEVE_OPTIONAL_FN(ssl_var_lookup);
-    
-    if (!opt_ssl_is_https || !opt_ssl_var_lookup) {
-        ap_log_error(APLOG_MARK, APLOG_WARNING, 0, s,
-                     APLOGNO(02951) "mod_ssl does not seem to be enabled");
-    }
-    
     cipher_init(pool);
     
     return APR_SUCCESS;
 }
 
-int h2_h2_is_tls(conn_rec *c)
-{
-    return opt_ssl_is_https && opt_ssl_is_https(c);
-}
-
 int h2_is_acceptable_connection(conn_rec *c, request_rec *r, int require_all) 
 {
-    int is_tls = h2_h2_is_tls(c);
+    int is_tls = ap_ssl_conn_is_ssl(c);
 
     if (is_tls && h2_config_cgeti(c, H2_CONF_MODERN_TLS_ONLY) > 0) {
         /* Check TLS connection for modern TLS parameters, as defined in
@@ -475,14 +453,9 @@ int h2_is_acceptable_connection(conn_rec *c, request_rec *r, int require_all)
         server_rec *s = c->base_server;
         const char *val;
 
-        if (!opt_ssl_var_lookup) {
-            /* unable to check */
-            return 0;
-        }
-        
         /* Need Tlsv1.2 or higher, rfc 7540, ch. 9.2
          */
-        val = opt_ssl_var_lookup(pool, s, c, NULL, (char*)"SSL_PROTOCOL");
+        val = ap_ssl_var_lookup(pool, s, c, NULL, (char*)"SSL_PROTOCOL");
         if (val && *val) {
             if (strncmp("TLS", val, 3) 
                 || !strcmp("TLSv1", val) 
@@ -501,7 +474,7 @@ int h2_is_acceptable_connection(conn_rec *c, request_rec *r, int require_all)
 
         /* Check TLS cipher blacklist
          */
-        val = opt_ssl_var_lookup(pool, s, c, NULL, (char*)"SSL_CIPHER");
+        val = ap_ssl_var_lookup(pool, s, c, NULL, (char*)"SSL_CIPHER");
         if (val && *val) {
             const char *source;
             if (cipher_is_blacklisted(val, &source)) {
@@ -522,7 +495,7 @@ int h2_is_acceptable_connection(conn_rec *c, request_rec *r, int require_all)
 
 static int h2_allows_h2_direct(conn_rec *c)
 {
-    int is_tls = h2_h2_is_tls(c);
+    int is_tls = ap_ssl_conn_is_ssl(c);
     const char *needed_protocol = is_tls? "h2" : "h2c";
     int h2_direct = h2_config_cgeti(c, H2_CONF_DIRECT);
     
@@ -535,7 +508,7 @@ static int h2_allows_h2_direct(conn_rec *c)
 int h2_allows_h2_upgrade(request_rec *r)
 {
     int h2_upgrade = h2_config_rgeti(r, H2_CONF_UPGRADE);
-    return h2_upgrade > 0 || (h2_upgrade < 0 && !h2_h2_is_tls(r->connection));
+    return h2_upgrade > 0 || (h2_upgrade < 0 && !ap_ssl_conn_is_ssl(r->connection));
 }
 
 /*******************************************************************************
@@ -631,7 +604,7 @@ int h2_h2_process_conn(conn_rec* c)
                 if (!ctx) {
                     ctx = h2_ctx_get(c, 1);
                 }
-                h2_ctx_protocol_set(ctx, h2_h2_is_tls(c)? "h2" : "h2c");
+                h2_ctx_protocol_set(ctx, ap_ssl_conn_is_ssl(c)? "h2" : "h2c");
             }
             else if (APLOGctrace2(c)) {
                 ap_log_cerror(APLOG_MARK, APLOG_TRACE2, 0, c,

diff --git a/modules/http2/h2_h2.h b/modules/http2/h2_h2.h
index 339e898a108d839e674708a251ce3e8324cf3454..8cfb9864fe89afaccdd0d73b3aff3ed5704350b4 100644 (file)
--- a/modules/http2/h2_h2.h
+++ b/modules/http2/h2_h2.h
@@ -41,10 +41,6 @@ const char *h2_h2_err_description(unsigned int h2_error);
  */
 apr_status_t h2_h2_init(apr_pool_t *pool, server_rec *s);
 
-/* Is the connection a TLS connection?
- */
-int h2_h2_is_tls(conn_rec *c);
-
 /* Register apache hooks for h2 protocol
  */
 void h2_h2_register_hooks(void);

diff --git a/modules/http2/h2_switch.c b/modules/http2/h2_switch.c
index 9ec658b8e173da297746c764bfc0f22d331f2b93..bbc1472e33df1435b57de7de4b5181a7a3c4ead1 100644 (file)
--- a/modules/http2/h2_switch.c
+++ b/modules/http2/h2_switch.c
@@ -52,7 +52,7 @@ static int h2_protocol_propose(conn_rec *c, request_rec *r,
                                apr_array_header_t *proposals)
 {
     int proposed = 0;
-    int is_tls = h2_h2_is_tls(c);
+    int is_tls = ap_ssl_conn_is_ssl(c);
     const char **protos = is_tls? h2_tls_protos : h2_clear_protos;
     
     if (!h2_mpm_supported()) {
@@ -127,7 +127,7 @@ static int h2_protocol_switch(conn_rec *c, request_rec *r, server_rec *s,
                               const char *protocol)
 {
     int found = 0;
-    const char **protos = h2_h2_is_tls(c)? h2_tls_protos : h2_clear_protos;
+    const char **protos = ap_ssl_conn_is_ssl(c)? h2_tls_protos : h2_clear_protos;
     const char **p = protos;
     
     (void)s;

diff --git a/modules/loggers/mod_log_json.c b/modules/loggers/mod_log_json.c
index 825da6b170fa1281d56e627211e3ee27b15fff9d..f25be19c92cdafc096b84a5d5b40426dffd373d2 100644 (file)
--- a/modules/loggers/mod_log_json.c
+++ b/modules/loggers/mod_log_json.c
@@ -21,7 +21,6 @@
 #include "http_protocol.h"
 #include "http_request.h"
 
-#include <mod_ssl.h>
 #include "mod_log_config.h"
 
 #include "apr_strings.h"
@@ -49,8 +48,6 @@ APLOG_USE_MODULE(log_json);
 
 module AP_MODULE_DECLARE_DATA log_json_module;
 
-static APR_OPTIONAL_FN_TYPE(ssl_var_lookup) *log_json_ssl_lookup = NULL;
-static APR_OPTIONAL_FN_TYPE(ssl_is_https) *log_json_ssl_is_https = NULL;
 static APR_OPTIONAL_FN_TYPE(ap_register_log_handler) *log_json_register = NULL;
 
 static const char *crit_error =
@@ -99,21 +96,20 @@ log_json(request_rec *r, char *a)
         json_string(apr_table_get(r->headers_in, "User-Agent")));
     json_object_set_new_nocheck(obj, "hdrs", hdrs);
 
-    if (log_json_ssl_is_https != NULL && log_json_ssl_lookup != NULL &&
-        log_json_ssl_is_https(r->connection)) {
+    if (ap_ssl_conn_is_ssl(r->connection)) {
         json_t *tls = json_object();
 
         json_object_set_new_nocheck(tls, "v",
-            json_string(log_json_ssl_lookup(
+            json_string(ap_ssl_var_lookup(
                 r->pool, r->server, r->connection, r, "SSL_PROTOCOL")));
         json_object_set_new_nocheck(tls, "cipher",
-            json_string(log_json_ssl_lookup(
+            json_string(ap_ssl_var_lookup(
                 r->pool, r->server, r->connection, r, "SSL_CIPHER")));
         json_object_set_new_nocheck(tls, "client_verify",
-            json_string(log_json_ssl_lookup(
+            json_string(ap_ssl_var_lookup(
                 r->pool, r->server, r->connection, r, "SSL_CLIENT_VERIFY")));
         json_object_set_new_nocheck(tls, "sni",
-            json_string(log_json_ssl_lookup(
+            json_string(ap_ssl_var_lookup(
                 r->pool, r->server, r->connection, r, "SSL_TLS_SNI")));
 
         json_object_set_new_nocheck(obj, "tls", tls);
@@ -162,9 +158,6 @@ log_json_post_config(
         return OK;
     }
 
-    log_json_ssl_lookup = APR_RETRIEVE_OPTIONAL_FN(ssl_var_lookup);
-    log_json_ssl_is_https = APR_RETRIEVE_OPTIONAL_FN(ssl_is_https);
-
     /* http://jansson.readthedocs.io/en/2.8/portability.html#portability-thread-safety
      */
     json_object_seed(0);

diff --git a/modules/lua/mod_lua.c b/modules/lua/mod_lua.c
index d0806c9ad6d3880e815ffe9451ba0d6998acaf1f..c672de864480a8ae7ee9bf6e9b9a22c740998146 100644 (file)
--- a/modules/lua/mod_lua.c
+++ b/modules/lua/mod_lua.c
@@ -37,7 +37,6 @@
 #include "mod_lua.h"
 #include "lua_apr.h"
 #include "lua_config.h"
-#include "mod_ssl.h"
 #include "mod_auth.h"
 #include "util_mutex.h"
 
@@ -52,8 +51,6 @@ APR_IMPLEMENT_OPTIONAL_HOOK_RUN_ALL(ap_lua, AP_LUA, int, lua_open,
 APR_IMPLEMENT_OPTIONAL_HOOK_RUN_ALL(ap_lua, AP_LUA, int, lua_request,
                                     (lua_State *L, request_rec *r),
                                     (L, r), OK, DECLINED)
-static APR_OPTIONAL_FN_TYPE(ssl_var_lookup) *lua_ssl_val = NULL;
-static APR_OPTIONAL_FN_TYPE(ssl_is_https) *lua_ssl_is_https = NULL;
 
 module AP_MODULE_DECLARE_DATA lua_module;
 
@@ -1707,15 +1704,12 @@ static const char *register_lua_root(cmd_parms *cmd, void *_cfg,
 const char *ap_lua_ssl_val(apr_pool_t *p, server_rec *s, conn_rec *c,
                            request_rec *r, const char *var)
 {
-    if (lua_ssl_val) { 
-        return (const char *)lua_ssl_val(p, s, c, r, (char *)var);
-    }
-    return NULL;
+    return ap_ssl_var_lookup(p, s, c, r, (char *)var);
 }
 
 int ap_lua_ssl_is_https(conn_rec *c)
 {
-    return lua_ssl_is_https ? lua_ssl_is_https(c) : 0;
+    return ap_ssl_conn_is_ssl(c);
 }
 
 /*******************************/
@@ -2029,9 +2023,6 @@ static int lua_post_config(apr_pool_t *pconf, apr_pool_t *plog,
     apr_pool_t **pool;
     apr_status_t rs;
 
-    lua_ssl_val = APR_RETRIEVE_OPTIONAL_FN(ssl_var_lookup);
-    lua_ssl_is_https = APR_RETRIEVE_OPTIONAL_FN(ssl_is_https);
-    
     if (ap_state_query(AP_SQ_MAIN_STATE) == AP_SQ_MS_CREATE_PRE_CONFIG)
         return OK;
 

diff --git a/modules/mappers/mod_rewrite.c b/modules/mappers/mod_rewrite.c
index 7ce09197ea41a6da61f2f2ed285dd40e7883e63d..b8ffb9fcbe36bcb6e19a729be613c4bbcb996898 100644 (file)
--- a/modules/mappers/mod_rewrite.c
+++ b/modules/mappers/mod_rewrite.c
@@ -85,8 +85,6 @@
 #include "http_vhost.h"
 #include "util_mutex.h"
 
-#include "mod_ssl.h"
-
 #include "mod_rewrite.h"
 #include "ap_expr.h"
 
@@ -419,8 +417,6 @@ static apr_global_mutex_t *rewrite_mapr_lock_acquire = NULL;
 static const char *rewritemap_mutex_type = "rewrite-map";
 
 /* Optional functions imported from mod_ssl when loaded: */
-static APR_OPTIONAL_FN_TYPE(ssl_var_lookup) *rewrite_ssl_lookup = NULL;
-static APR_OPTIONAL_FN_TYPE(ssl_is_https) *rewrite_is_https = NULL;
 static char *escape_backref(apr_pool_t *p, const char *path, const char *escapeme, int noplus);
 
 /*
@@ -1894,8 +1890,8 @@ static char *lookup_variable(char *var, rewrite_ctx *ctx)
                 result = getenv(var);
             }
         }
-        else if (var[4] && !strncasecmp(var, "SSL", 3) && rewrite_ssl_lookup) {
-            result = rewrite_ssl_lookup(r->pool, r->server, r->connection, r,
+        else if (var[4] && !strncasecmp(var, "SSL", 3)) {
+            result = ap_ssl_var_lookup(r->pool, r->server, r->connection, r,
                                         var + 4);
         }
     }
@@ -1993,7 +1989,7 @@ static char *lookup_variable(char *var, rewrite_ctx *ctx)
 
         case  5:
             if (!strcmp(var, "HTTPS")) {
-                int flag = rewrite_is_https && rewrite_is_https(r->connection);
+                int flag = ap_ssl_conn_is_ssl(r->connection);
                 return apr_pstrdup(r->pool, flag ? "on" : "off");
             }
             break;
@@ -4581,9 +4577,6 @@ static int post_config(apr_pool_t *p,
         }
     }
 
-    rewrite_ssl_lookup = APR_RETRIEVE_OPTIONAL_FN(ssl_var_lookup);
-    rewrite_is_https = APR_RETRIEVE_OPTIONAL_FN(ssl_is_https);
-
     return OK;
 }
 

diff --git a/modules/metadata/mod_headers.c b/modules/metadata/mod_headers.c
index e60281fdbd653fd78f6bbc6f408074978aad559a..8caa550a64b7d293274855418b69602810a8a1fc 100644 (file)
--- a/modules/metadata/mod_headers.c
+++ b/modules/metadata/mod_headers.c
@@ -83,8 +83,6 @@
 #include "http_protocol.h"
 #include "ap_expr.h"
 
-#include "mod_ssl.h" /* for the ssl_var_lookup optional function defn */
-
 /* format_tag_hash is initialized during pre-config */
 static apr_hash_t *format_tag_hash;
 
@@ -161,9 +159,6 @@ typedef struct {
 
 module AP_MODULE_DECLARE_DATA headers_module;
 
-/* Pointer to ssl_var_lookup, if available. */
-static APR_OPTIONAL_FN_TYPE(ssl_var_lookup) *header_ssl_lookup = NULL;
-
 /*
  * Tag formatting functions
  */
@@ -210,17 +205,12 @@ static const char *header_request_env_var(request_rec *r, char *a)
 
 static const char *header_request_ssl_var(request_rec *r, char *name)
 {
-    if (header_ssl_lookup) {
-        const char *val = header_ssl_lookup(r->pool, r->server,
-                                            r->connection, r, name);
-        if (val && val[0])
-            return unwrap_header(r->pool, val);
-        else
-            return "(null)";
-    }
-    else {
+    const char *val = ap_ssl_var_lookup(r->pool, r->server,
+                                        r->connection, r, name);
+    if (val && val[0])
+        return unwrap_header(r->pool, val);
+    else
         return "(null)";
-    }
 }
 
 static const char *header_request_loadavg(request_rec *r, char *a)
@@ -995,7 +985,6 @@ static int header_pre_config(apr_pool_t *p, apr_pool_t *plog, apr_pool_t *ptemp)
 static int header_post_config(apr_pool_t *pconf, apr_pool_t *plog,
                               apr_pool_t *ptemp, server_rec *s)
 {
-    header_ssl_lookup = APR_RETRIEVE_OPTIONAL_FN(ssl_var_lookup);
     return OK;
 }
 

diff --git a/modules/proxy/mod_proxy.c b/modules/proxy/mod_proxy.c
index 3380e1d5e000064ce87accc5b18ade3efd9a54cc..0926ae113f3d1a42e83b625e05b4650d27423a98 100644 (file)
--- a/modules/proxy/mod_proxy.c
+++ b/modules/proxy/mod_proxy.c
@@ -30,10 +30,6 @@ APR_DECLARE_OPTIONAL_FN(int, ssl_engine_disable, (conn_rec *));
 APR_DECLARE_OPTIONAL_FN(int, ssl_engine_set, (conn_rec *,
                                               ap_conf_vector_t *,
                                               int proxy, int enable));
-APR_DECLARE_OPTIONAL_FN(int, ssl_is_https, (conn_rec *));
-APR_DECLARE_OPTIONAL_FN(char *, ssl_var_lookup,
-                        (apr_pool_t *, server_rec *,
-                         conn_rec *, request_rec *, char *));
 #endif
 
 #ifndef MAX
@@ -3133,8 +3129,6 @@ static const command_rec proxy_cmds[] =
 static APR_OPTIONAL_FN_TYPE(ssl_proxy_enable) *proxy_ssl_enable = NULL;
 static APR_OPTIONAL_FN_TYPE(ssl_engine_disable) *proxy_ssl_disable = NULL;
 static APR_OPTIONAL_FN_TYPE(ssl_engine_set) *proxy_ssl_engine = NULL;
-static APR_OPTIONAL_FN_TYPE(ssl_is_https) *proxy_is_https = NULL;
-static APR_OPTIONAL_FN_TYPE(ssl_var_lookup) *proxy_ssl_val = NULL;
 
 PROXY_DECLARE(int) ap_proxy_ssl_enable(conn_rec *c)
 {
@@ -3184,23 +3178,14 @@ PROXY_DECLARE(int) ap_proxy_ssl_engine(conn_rec *c,
 
 PROXY_DECLARE(int) ap_proxy_conn_is_https(conn_rec *c)
 {
-    if (proxy_is_https) {
-        return proxy_is_https(c);
-    }
-    else
-        return 0;
+    return ap_ssl_conn_is_ssl(c);
 }
 
 PROXY_DECLARE(const char *) ap_proxy_ssl_val(apr_pool_t *p, server_rec *s,
                                              conn_rec *c, request_rec *r,
                                              const char *var)
 {
-    if (proxy_ssl_val) {
-        /* XXX Perhaps the casting useless */
-        return (const char *)proxy_ssl_val(p, s, c, r, (char *)var);
-    }
-    else
-        return NULL;
+    return ap_ssl_var_lookup(p, s, c, r, (char *)var);
 }
 
 static int proxy_post_config(apr_pool_t *pconf, apr_pool_t *plog,
@@ -3218,8 +3203,6 @@ static int proxy_post_config(apr_pool_t *pconf, apr_pool_t *plog,
     proxy_ssl_enable = APR_RETRIEVE_OPTIONAL_FN(ssl_proxy_enable);
     proxy_ssl_disable = APR_RETRIEVE_OPTIONAL_FN(ssl_engine_disable);
     proxy_ssl_engine = APR_RETRIEVE_OPTIONAL_FN(ssl_engine_set);
-    proxy_is_https = APR_RETRIEVE_OPTIONAL_FN(ssl_is_https);
-    proxy_ssl_val = APR_RETRIEVE_OPTIONAL_FN(ssl_var_lookup);
     ap_proxy_strmatch_path = apr_strmatch_precompile(pconf, "path=", 0);
     ap_proxy_strmatch_domain = apr_strmatch_precompile(pconf, "domain=", 0);
 

diff --git a/server/util_expr_eval.c b/server/util_expr_eval.c
index 765a1a8b6767b33ef060bb266c90b7c5db007750..ccf13b7cb8bd1116322147b49cae21b356c17051 100644 (file)
--- a/server/util_expr_eval.c
+++ b/server/util_expr_eval.c
@@ -1649,9 +1649,6 @@ static int op_file_subr(ap_expr_eval_ctx_t *ctx, const void *data, const char *a
 }
 
 
-APR_DECLARE_OPTIONAL_FN(int, ssl_is_https, (conn_rec *));
-static APR_OPTIONAL_FN_TYPE(ssl_is_https) *is_https = NULL;
-
 APR_DECLARE_OPTIONAL_FN(int, http2_is_h2, (conn_rec *));
 static APR_OPTIONAL_FN_TYPE(http2_is_h2) *is_http2 = NULL;
 
@@ -1673,7 +1670,7 @@ static const char *conn_var_fn(ap_expr_eval_ctx_t *ctx, const void *data)
 
     switch (index) {
     case 0:
-        if (is_https && is_https(c))
+        if (ap_ssl_conn_is_ssl(c))
             return "on";
         else
             return "off";
@@ -2227,10 +2224,7 @@ static int expr_lookup_not_found(ap_expr_lookup_parms *parms)
 static int ap_expr_post_config(apr_pool_t *pconf, apr_pool_t *plog,
                                apr_pool_t *ptemp, server_rec *s)
 {
-    is_https = APR_RETRIEVE_OPTIONAL_FN(ssl_is_https);
     is_http2 = APR_RETRIEVE_OPTIONAL_FN(http2_is_h2);
-    apr_pool_cleanup_register(pconf, &is_https, ap_pool_cleanup_set_null,
-                              apr_pool_cleanup_null);
     return OK;
 }