diff options
author | Stefan Eissing <icing@apache.org> | 2021-09-09 15:22:23 +0000 |
---|---|---|
committer | Stefan Eissing <icing@apache.org> | 2021-09-09 15:22:23 +0000 |
commit | f9c54948e4cb616d0a13fad0e288b907b419722f (patch) | |
tree | 99bf5b1cc25c0a63e2486936dcfbe4d555f5692f /include | |
parent | b88fc883644254c747fb1cdf90775c881cebc969 (diff) | |
download | httpd-f9c54948e4cb616d0a13fad0e288b907b419722f.tar.gz |
Merge r1890605, r1893164, r1893179 from trunk:
*) core/mod_proxy/mod_ssl:
Adding `outgoing` flag to conn_rec, indicating a connection is
initiated by the server to somewhere, in contrast to incoming
connections from clients.
Adding 'ap_ssl_bind_outgoing()` function that marks a connection
as outgoing and is used by mod_proxy instead of the previous
optional function `ssl_engine_set`. This enables other SSL
module to secure proxy connections.
The optional functions `ssl_engine_set`, `ssl_engine_disable` and
`ssl_proxy_enable` are now provided by the core to have backward
compatibility with non-httpd modules that might use them. mod_ssl
itself no longer registers these functions, but keeps them in its
header for backward compatibility.
The core provided optional function wrap any registered function
like it was done for `ssl_is_ssl`.
*core: clarify comments and use hook API better to check for presence of callbacks.
* optimizing hook check as suggested by Yann.
Submitted by: icing
Reviewed by:
Github: closes #203
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1893182 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'include')
-rw-r--r-- | include/ap_mmn.h | 3 | ||||
-rw-r--r-- | include/http_ssl.h | 37 | ||||
-rw-r--r-- | include/httpd.h | 2 |
3 files changed, 41 insertions, 1 deletions
diff --git a/include/ap_mmn.h b/include/ap_mmn.h index 70447b845e..f874f96f2d 100644 --- a/include/ap_mmn.h +++ b/include/ap_mmn.h @@ -577,6 +577,7 @@ * 20120211.114 (2.4.49-dev) Add optional balancer_manage function. * 20120211.115 (2.4.49-dev) Add ap_proxy_get_worker_ex() and * ap_proxy_define_worker_ex() to mod_proxy.h + * 20120211.116 (2.4.49-dev) add conn_rec->outgoing and ap_ssl_bind_outgoing() */ #define MODULE_MAGIC_COOKIE 0x41503234UL /* "AP24" */ @@ -584,7 +585,7 @@ #ifndef MODULE_MAGIC_NUMBER_MAJOR #define MODULE_MAGIC_NUMBER_MAJOR 20120211 #endif -#define MODULE_MAGIC_NUMBER_MINOR 115 /* 0...n */ +#define MODULE_MAGIC_NUMBER_MINOR 116 /* 0...n */ /** * Determine if the server's current MODULE_MAGIC_NUMBER is at least a diff --git a/include/http_ssl.h b/include/http_ssl.h index 556a58bdb7..0b5379379f 100644 --- a/include/http_ssl.h +++ b/include/http_ssl.h @@ -34,6 +34,8 @@ extern "C" { #endif +struct ap_conf_vector_t; + /** * This hook allows modules that manage SSL connection to register their * inquiry function for checking if a connection is using SSL from them. @@ -50,6 +52,41 @@ AP_DECLARE_HOOK(int,ssl_conn_is_ssl,(conn_rec *c)) AP_DECLARE(int) ap_ssl_conn_is_ssl(conn_rec *c); /** + * This hook declares a connection to be outgoing and the configuration that applies to it. + * This hook can be called several times in the lifetime of an outgoing connection, e.g. + * when it is re-used in different request contexts. It will at least be called after the + * connection was created and before the pre-connection hooks is invoked. + * All outgoing-connection hooks are run until one returns something other than DECLINE. + * if enable_ssl != 0, a hook that sets up SSL for the connection needs to return OK + * to prevent subsequent hooks from doing the same. + * + * @param c The connection on which requests/data are to be sent. + * @param dir_conf The directory configuration in which this connection is being used. + * @param enable_ssl If != 0, the SSL protocol should be enabled for this connection. + * @return DECLINED, OK when ssl was enabled + */ +AP_DECLARE_HOOK(int, ssl_bind_outgoing, + (conn_rec *c, struct ap_conf_vector_t *dir_conf, int enable_ssl)) + +/** + * Assures the connection is marked as outgoing and invokes the ssl_bind_outgoing hook. + * This may be called several times on an outgoing connection with varying dir_conf + * values. require_ssl is not allowed to change on the same connection. + * + * @param c The connection on which requests/data are to be sent. + * @param dir_conf The directory configuration in which this connection is being used. + * @param require_ssl != 0 iff this connection needs to be secured by SSL/TLS protocol. + * @return OK iff ssl was required and is enabled, DECLINED otherwise + */ +AP_DECLARE(int) ap_ssl_bind_outgoing(conn_rec *c, struct ap_conf_vector_t *dir_conf, + int require_ssl); + +/** + * Return != 0 iff handlers/hooks for outgoing connections are registered. + */ +AP_DECLARE(int) ap_ssl_has_outgoing_handlers(void); + +/** * This hook allows modules to look up SSL related variables for a * server/connection/request, depending on what they inquire. Some * variables will only be available for a connection/request, for example. diff --git a/include/httpd.h b/include/httpd.h index 02cde256ed..d03626a62b 100644 --- a/include/httpd.h +++ b/include/httpd.h @@ -1238,6 +1238,8 @@ struct conn_rec { /** The "real" master connection. NULL if I am the master. */ conn_rec *master; + + int outgoing; }; /** |