From c97fcaf3741de2e1c8a18b88760bbdf1e0178d8c Mon Sep 17 00:00:00 2001 From: Bradley Nicholes Date: Fri, 5 Mar 2004 02:44:40 +0000 Subject: [PATCH] Allow the enabled flag to be set to more than just TRUE or FALSE so that the OPTIONAL flag can be correctly merged within the ssl_config_server_merge() function. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@102860 13f79535-47bb-0310-9956-ffa450edef68 --- ssl_engine_config.c | 10 +++++----- ssl_engine_init.c | 17 +++++++---------- ssl_engine_kernel.c | 10 +++++----- ssl_private.h | 12 +++++++++++- 4 files changed, 28 insertions(+), 21 deletions(-) diff --git a/ssl_engine_config.c b/ssl_engine_config.c index d52e9d1d6af..8f66eba4eae 100644 --- a/ssl_engine_config.c +++ b/ssl_engine_config.c @@ -171,7 +171,7 @@ static SSLSrvConfigRec *ssl_config_server_new(apr_pool_t *p) SSLSrvConfigRec *sc = apr_palloc(p, sizeof(*sc)); sc->mc = NULL; - sc->enabled = FALSE; + sc->enabled = SSL_ENABLED_FALSE; sc->proxy_enabled = UNSET; sc->vhost_id = NULL; /* set during module init */ sc->vhost_id_len = 0; /* set during module init */ @@ -257,7 +257,7 @@ void *ssl_config_server_merge(apr_pool_t *p, void *basev, void *addv) SSLSrvConfigRec *mrg = ssl_config_server_new(p); cfgMerge(mc, NULL); - cfgMergeBool(enabled); + cfgMerge(enabled, SSL_ENABLED_UNSET); cfgMergeBool(proxy_enabled); cfgMergeInt(session_cache_timeout); @@ -606,15 +606,15 @@ const char *ssl_cmd_SSLEngine(cmd_parms *cmd, void *dcfg, const char *arg) SSLSrvConfigRec *sc = mySrvConfig(cmd->server); if (!strcasecmp(arg, "On")) { - sc->enabled = TRUE; + sc->enabled = SSL_ENABLED_TRUE; return NULL; } else if (!strcasecmp(arg, "Off")) { - sc->enabled = FALSE; + sc->enabled = SSL_ENABLED_FALSE; return NULL; } else if (!strcasecmp(arg, "Optional")) { - sc->enabled = UNSET; + sc->enabled = SSL_ENABLED_OPTIONAL; return NULL; } diff --git a/ssl_engine_init.c b/ssl_engine_init.c index 17aa6e06ace..95d3b5be588 100644 --- a/ssl_engine_init.c +++ b/ssl_engine_init.c @@ -206,13 +206,11 @@ int ssl_init_Module(apr_pool_t *p, apr_pool_t *plog, sc->vhost_id = ssl_util_vhostid(p, s); sc->vhost_id_len = strlen(sc->vhost_id); -#if 0 /* If sc->enabled is UNSET, then SSL is optional on this vhost */ /* Fix up stuff that may not have been set */ - if (sc->enabled == UNSET) { - sc->enabled = FALSE; + if (sc->enabled == SSL_ENABLED_UNSET) { + sc->enabled = SSL_ENABLED_FALSE; } -#endif if (sc->proxy_enabled == UNSET) { sc->proxy_enabled = FALSE; } @@ -960,10 +958,9 @@ void ssl_init_ConfigureServer(server_rec *s, apr_pool_t *ptemp, SSLSrvConfigRec *sc) { - /* A bit of a hack, but initialize the server if SSL is optional or - * not. + /* Initialize the server if SSL is enabled or optional. */ - if (sc->enabled) { + if ((sc->enabled == SSL_ENABLED_TRUE) || (sc->enabled == SSL_ENABLED_OPTIONAL)) { ap_log_error(APLOG_MARK, APLOG_INFO, 0, s, "Configuring server for SSL protocol"); ssl_init_server_ctx(s, p, ptemp, sc); @@ -991,7 +988,7 @@ void ssl_init_CheckServers(server_rec *base_server, apr_pool_t *p) for (s = base_server; s; s = s->next) { sc = mySrvConfig(s); - if ((sc->enabled == TRUE) && (s->port == DEFAULT_HTTP_PORT)) { + if ((sc->enabled == SSL_ENABLED_TRUE) && (s->port == DEFAULT_HTTP_PORT)) { ap_log_error(APLOG_MARK, APLOG_WARNING, 0, base_server, "Init: (%s) You configured HTTPS(%d) " @@ -1000,7 +997,7 @@ void ssl_init_CheckServers(server_rec *base_server, apr_pool_t *p) DEFAULT_HTTPS_PORT, DEFAULT_HTTP_PORT); } - if (!sc->enabled && (s->port == DEFAULT_HTTPS_PORT)) { + if ((sc->enabled == SSL_ENABLED_FALSE) && (s->port == DEFAULT_HTTPS_PORT)) { ap_log_error(APLOG_MARK, APLOG_WARNING, 0, base_server, "Init: (%s) You configured HTTP(%d) " @@ -1021,7 +1018,7 @@ void ssl_init_CheckServers(server_rec *base_server, apr_pool_t *p) for (s = base_server; s; s = s->next) { sc = mySrvConfig(s); - if (!(sc->enabled && s->addrs)) { + if (!((sc->enabled == SSL_ENABLED_TRUE) && s->addrs)) { continue; } diff --git a/ssl_engine_kernel.c b/ssl_engine_kernel.c index a2898dd0dd1..7a234da63aa 100644 --- a/ssl_engine_kernel.c +++ b/ssl_engine_kernel.c @@ -190,7 +190,7 @@ int ssl_hook_Access(request_rec *r) * Support for SSLRequireSSL directive */ if (dc->bSSLRequired && !ssl) { - if (sc->enabled == UNSET) { + if (sc->enabled == SSL_ENABLED_OPTIONAL) { /* This vhost was configured for optional SSL, just tell the * client that we need to upgrade. */ @@ -213,7 +213,7 @@ int ssl_hook_Access(request_rec *r) /* * Check to see if SSL protocol is on */ - if (!(sc->enabled || ssl)) { + if (!((sc->enabled == SSL_ENABLED_TRUE) || (sc->enabled == SSL_ENABLED_OPTIONAL) || ssl)) { return DECLINED; } /* @@ -860,7 +860,7 @@ int ssl_hook_UserCheck(request_rec *r) * - ssl not enabled * - client did not present a certificate */ - if (!(sc->enabled && sslconn->ssl && sslconn->client_cert) || + if (!((sc->enabled == SSL_ENABLED_TRUE || sc->enabled == SSL_ENABLED_OPTIONAL) && sslconn->ssl && sslconn->client_cert) || !(dc->nOptions & SSL_OPT_FAKEBASICAUTH) || r->user) { return DECLINED; @@ -1012,14 +1012,14 @@ int ssl_hook_Fixup(request_rec *r) SSL *ssl; int i; - if (sc->enabled == UNSET) { + if (sc->enabled == SSL_ENABLED_OPTIONAL) { apr_table_setn(r->headers_out, "Upgrade", "TLS/1.0, HTTP/1.1"); } /* * Check to see if SSL is on */ - if (!(sc->enabled && sslconn && (ssl = sslconn->ssl))) { + if (!(((sc->enabled == SSL_ENABLED_TRUE) || (sc->enabled == SSL_ENABLED_OPTIONAL)) && sslconn && (ssl = sslconn->ssl))) { return DECLINED; } diff --git a/ssl_private.h b/ssl_private.h index 5deef719674..d756ee34958 100644 --- a/ssl_private.h +++ b/ssl_private.h @@ -271,6 +271,16 @@ typedef enum { SSL_MUTEXMODE_USED = 1 } ssl_mutexmode_t; +/* + * Define the SSL enabled state + */ +typedef enum { + SSL_ENABLED_UNSET = UNSET, + SSL_ENABLED_FALSE = 0, + SSL_ENABLED_TRUE = 1, + SSL_ENABLED_OPTIONAL = 3 +} ssl_enabled_t; + /* * Define the SSL requirement structure */ @@ -420,7 +430,7 @@ typedef struct { struct SSLSrvConfigRec { SSLModConfigRec *mc; - BOOL enabled; + ssl_enabled_t enabled; BOOL proxy_enabled; const char *vhost_id; int vhost_id_len; -- 2.47.2