From: Doug MacEachern <dougm@apache.org>
Date: Fri, 29 Mar 2002 07:29:11 +0000 (+0000)
Subject: hook into mod_ssl for https support
X-Git-Tag: 2.0.34~35
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c3e2155dca7be7842977e63675376733ca98f0a2;p=thirdparty%2Fapache%2Fhttpd.git

hook into mod_ssl for https support


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94300 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/modules/proxy/mod_proxy.c b/modules/proxy/mod_proxy.c
index 5daef69d5b3..a9613ddf87d 100644
--- a/modules/proxy/mod_proxy.c
+++ b/modules/proxy/mod_proxy.c
@@ -61,6 +61,8 @@
 #include "mod_proxy.h"
 #include "mod_core.h"
 
+#include "apr_optional.h"
+
 extern module AP_MODULE_DECLARE_DATA proxy_module;
 
 #ifndef MAX
@@ -1045,6 +1047,23 @@ static const command_rec proxy_cmds[] =
     {NULL}
 };
 
+APR_DECLARE_OPTIONAL_FN(int, ssl_proxy_enable, (conn_rec *));
+
+static APR_OPTIONAL_FN_TYPE(ssl_proxy_enable) *proxy_ssl_enable = NULL;
+
+int ap_proxy_ssl_enable(conn_rec *c)
+{
+    /* 
+     * if c == NULL just check if the optional function was imported
+     * else run the optional function so ssl filters are inserted
+     */
+    if (proxy_ssl_enable) {
+        return c ? proxy_ssl_enable(c) : 1;
+    }
+
+    return 0;
+}
+
 static void register_hooks(apr_pool_t *p)
 {
     /* handler */
@@ -1057,6 +1076,8 @@ static void register_hooks(apr_pool_t *p)
     ap_hook_fixups(proxy_fixup, NULL, NULL, APR_HOOK_FIRST);
     /* post read_request handling */
     ap_hook_post_read_request(proxy_detect, NULL, NULL, APR_HOOK_FIRST);
+
+    proxy_ssl_enable = APR_RETRIEVE_OPTIONAL_FN(ssl_proxy_enable);
 }
 
 module AP_MODULE_DECLARE_DATA proxy_module =
diff --git a/modules/proxy/mod_proxy.h b/modules/proxy/mod_proxy.h
index b9d18bcacc3..ccd6b1c35a4 100644
--- a/modules/proxy/mod_proxy.h
+++ b/modules/proxy/mod_proxy.h
@@ -208,6 +208,7 @@ typedef struct {
     conn_rec *connection;
     char *hostname;
     apr_port_t port;
+    int is_ssl;
 } proxy_conn_rec;
 
 typedef struct {
@@ -273,5 +274,6 @@ PROXY_DECLARE(apr_status_t) ap_proxy_string_read(conn_rec *c, apr_bucket_brigade
 PROXY_DECLARE(void) ap_proxy_reset_output_filters(conn_rec *c);
 PROXY_DECLARE(void) ap_proxy_table_unmerge(apr_pool_t *p, apr_table_t *t, char *key);
 PROXY_DECLARE(int) ap_proxy_connect_to_backend(apr_socket_t **, const char *, apr_sockaddr_t *, const char *, proxy_server_conf *, server_rec *, apr_pool_t *);
+PROXY_DECLARE(int) ap_proxy_ssl_enable(conn_rec *c);
 
 #endif /*MOD_PROXY_H*/
diff --git a/modules/proxy/proxy_http.c b/modules/proxy/proxy_http.c
index e57ffc3ea96..f37785d4ad7 100644
--- a/modules/proxy/proxy_http.c
+++ b/modules/proxy/proxy_http.c
@@ -391,6 +391,10 @@ apr_status_t ap_proxy_http_create_connection(apr_pool_t *p, request_rec *r,
         backend->hostname = apr_pstrdup(c->pool, p_conn->name);
         backend->port = p_conn->port;
 
+        if (backend->is_ssl) {
+            ap_proxy_ssl_enable(backend->connection);
+        }
+
         ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, r->server,
                      "proxy: connection complete to %pI (%s)",
                      p_conn->addr, p_conn->name);
@@ -937,6 +941,7 @@ int ap_proxy_http_handler(request_rec *r, proxy_server_conf *conf,
     char server_portstr[32];
     conn_rec *origin = NULL;
     proxy_conn_rec *backend = NULL;
+    int is_ssl = 0;
 
     /* Note: Memory pool allocation.
      * A downstream keepalive connection is always connected to the existence
@@ -959,7 +964,16 @@ int ap_proxy_http_handler(request_rec *r, proxy_server_conf *conf,
                                            sizeof(*p_conn));
 
     /* is it for us? */
-    if (strncasecmp(url, "http:", 5)) {
+    if (strncasecmp(url, "https:", 6) == 0) {
+        if (!ap_proxy_ssl_enable(NULL)) {
+            ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, r->server,
+                         "proxy: HTTPS: declining URL %s"
+                         " (mod_ssl not configured?)", url);
+            return DECLINED;
+        }
+        is_ssl = 1;
+    }
+    else if (strncasecmp(url, "http:", 5)) {
         ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, r->server,
                      "proxy: HTTP: declining URL %s", url);
         return DECLINED; /* only interested in HTTP */
@@ -986,6 +1000,8 @@ int ap_proxy_http_handler(request_rec *r, proxy_server_conf *conf,
         }
     }
 
+    backend->is_ssl = is_ssl;
+
     /* Step One: Determine Who To Connect To */
     status = ap_proxy_http_determine_connection(p, r, p_conn, c, conf, uri,
                                                 &url, proxyname, proxyport,