From: Yann Ylavic Date: Wed, 3 Jul 2024 15:06:32 +0000 (+0000) Subject: mod_ssl: Let modssl_set_io_callbacks() whether which callback is needed. X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=0cfc8c31349a2abd99910eda9ab9faaf55e4780a;p=thirdparty%2Fapache%2Fhttpd.git mod_ssl: Let modssl_set_io_callbacks() whether which callback is needed. * modules/ssl/ssl_private.h: Add conn_rec and server_rec args to modssl_set_io_callbacks(). * modules/ssl/ssl_engine_io.c(modssl_set_io_callbacks): Don't set modssl_io_cb for log levels below TRACE4. * modules/ssl/ssl_engine_io.c(ssl_io_filter_init), modules/ssl/ssl_engine_kernel.c(ssl_find_vhost): Call modssl_set_io_callbacks() unconditionally. * modules/ssl/ssl_engine_io.c(modssl_io_cb): While at it, (cmd & BIO_CB_WRITE) is enough to differentiate a write from read. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1918883 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/modules/ssl/ssl_engine_io.c b/modules/ssl/ssl_engine_io.c index d14d82f6992..3a2e841ae02 100644 --- a/modules/ssl/ssl_engine_io.c +++ b/modules/ssl/ssl_engine_io.c @@ -2281,9 +2281,7 @@ apr_status_t ssl_io_filter_init(conn_rec *c, request_rec *r, SSL *ssl) apr_pool_cleanup_register(c->pool, (void*)filter_ctx, ssl_io_filter_cleanup, apr_pool_cleanup_null); - if (APLOG_CS_IS_LEVEL(c, mySrvFromConn(c), APLOG_TRACE4)) { - modssl_set_io_callbacks(ssl); - } + modssl_set_io_callbacks(ssl, c, mySrvFromConn(c)); return APR_SUCCESS; } @@ -2380,6 +2378,8 @@ static long modssl_io_cb(BIO *bio, int cmd, const char *argp, SSL *ssl; conn_rec *c; server_rec *s; + + /* unused */ #if OPENSSL_VERSION_NUMBER >= 0x30000000L (void)argi; #endif @@ -2425,9 +2425,9 @@ static long modssl_io_cb(BIO *bio, int cmd, const char *argp, "%s: %s %" APR_SIZE_T_FMT "/%" APR_SIZE_T_FMT " bytes %s BIO#%pp [mem: %pp] %s", MODSSL_LIBRARY_NAME, - (cmd == (BIO_CB_WRITE|BIO_CB_RETURN) ? "write" : "read"), + (cmd & BIO_CB_WRITE) ? "write" : "read", actual_len, requested_len, - (cmd == (BIO_CB_WRITE|BIO_CB_RETURN) ? "to" : "from"), + (cmd & BIO_CB_WRITE) ? "to" : "from", bio, argp, dump); /* * *dump will only be != '\0' if @@ -2445,7 +2445,7 @@ static long modssl_io_cb(BIO *bio, int cmd, const char *argp, "%s: I/O error, %" APR_SIZE_T_FMT " bytes expected to %s on BIO#%pp [mem: %pp]", MODSSL_LIBRARY_NAME, requested_len, - (cmd == (BIO_CB_WRITE|BIO_CB_RETURN) ? "write" : "read"), + (cmd & BIO_CB_WRITE) ? "write" : "read", bio, argp); } } @@ -2462,10 +2462,15 @@ static APR_INLINE void set_bio_callback(BIO *bio, void *arg) BIO_set_callback_arg(bio, arg); } -void modssl_set_io_callbacks(SSL *ssl) +void modssl_set_io_callbacks(SSL *ssl, conn_rec *c, server_rec *s) { - BIO *rbio = SSL_get_rbio(ssl), - *wbio = SSL_get_wbio(ssl); + BIO *rbio, *wbio; + + if (!APLOG_CS_IS_LEVEL(c, s, APLOG_TRACE4)) + return; + + rbio = SSL_get_rbio(ssl); + wbio = SSL_get_wbio(ssl); if (rbio) { set_bio_callback(rbio, ssl); } diff --git a/modules/ssl/ssl_engine_kernel.c b/modules/ssl/ssl_engine_kernel.c index a416ce3f0f4..e89bc0ceccc 100644 --- a/modules/ssl/ssl_engine_kernel.c +++ b/modules/ssl/ssl_engine_kernel.c @@ -2607,9 +2607,7 @@ static int ssl_find_vhost(void *servername, conn_rec *c, server_rec *s) * (and the first vhost doesn't use APLOG_TRACE4), then * we need to set that callback here. */ - if (APLOGtrace4(s)) { - modssl_set_io_callbacks(ssl); - } + modssl_set_io_callbacks(ssl, c, s); return 1; } diff --git a/modules/ssl/ssl_private.h b/modules/ssl/ssl_private.h index 9cdf0c37542..2f7bb51fa5a 100644 --- a/modules/ssl/ssl_private.h +++ b/modules/ssl/ssl_private.h @@ -1053,7 +1053,7 @@ void modssl_callback_keylog(const SSL *ssl, const char *line); /** I/O */ apr_status_t ssl_io_filter_init(conn_rec *, request_rec *r, SSL *); void ssl_io_filter_register(apr_pool_t *); -void modssl_set_io_callbacks(SSL *ssl); +void modssl_set_io_callbacks(SSL *ssl, conn_rec *c, server_rec *s); /* ssl_io_buffer_fill fills the setaside buffering of the HTTP request * to allow an SSL renegotiation to take place. */