[multiple] con hooks store ctx in con->plugin_ctx
modules with connection level hooks now store ctx in con->plugin_ctx
This commit is contained in:
parent
fea5bdc873
commit
164f7600b7
|
@ -413,10 +413,10 @@ SETDEFAULTS_FUNC(mod_extforward_set_defaults) {
|
|||
/* attempt to warn if mod_extforward is not last module loaded to hook
|
||||
* handle_connection_accept. (Nice to have, but remove this check if
|
||||
* it reaches too far into internals and prevents other code changes.)
|
||||
* While it would be nice to check connection_handle_accept plugin slot
|
||||
* While it would be nice to check handle_connection_accept plugin slot
|
||||
* to make sure mod_extforward is last, that info is private to plugin.c
|
||||
* so merely warn if mod_openssl is loaded after mod_extforward, though
|
||||
* future modules which hook connection_handle_accept might be missed.*/
|
||||
* future modules which hook handle_connection_accept might be missed.*/
|
||||
if (hap_PROXY) {
|
||||
uint32_t i;
|
||||
for (i = 0; i < srv->srvconf.modules->used; ++i) {
|
||||
|
@ -543,7 +543,7 @@ static const char *last_not_in_array(array *a, plugin_data *p)
|
|||
static int mod_extforward_set_addr(request_st * const r, plugin_data *p, const char *addr) {
|
||||
connection * const con = r->con;
|
||||
sock_addr sock;
|
||||
handler_ctx *hctx = r->plugin_ctx[p->id];
|
||||
handler_ctx *hctx = con->plugin_ctx[p->id];
|
||||
|
||||
if (r->conf.log_request_handling) {
|
||||
log_error(r->conf.errh, __FILE__, __LINE__, "using address: %s", addr);
|
||||
|
@ -566,7 +566,7 @@ static int mod_extforward_set_addr(request_st * const r, plugin_data *p, const c
|
|||
hctx->saved_remote_addr_buf = NULL;
|
||||
}
|
||||
} else {
|
||||
r->plugin_ctx[p->id] = hctx = handler_ctx_init();
|
||||
con->plugin_ctx[p->id] = hctx = handler_ctx_init();
|
||||
}
|
||||
/* save old address */
|
||||
if (extforward_check_proxy) {
|
||||
|
@ -1044,7 +1044,6 @@ static handler_t mod_extforward_Forwarded (request_st * const r, plugin_data * c
|
|||
URIHANDLER_FUNC(mod_extforward_uri_handler) {
|
||||
plugin_data *p = p_d;
|
||||
const buffer *forwarded = NULL;
|
||||
handler_ctx *hctx = r->plugin_ctx[p->id];
|
||||
int is_forwarded_header = 0;
|
||||
|
||||
mod_extforward_patch_config(r, p);
|
||||
|
@ -1056,6 +1055,7 @@ URIHANDLER_FUNC(mod_extforward_uri_handler) {
|
|||
|
||||
if (p->conf.hap_PROXY_ssl_client_verify) {
|
||||
const data_string *ds;
|
||||
handler_ctx *hctx = r->con->plugin_ctx[p->id];
|
||||
if (NULL != hctx && hctx->ssl_client_verify && NULL != hctx->env
|
||||
&& NULL != (ds = (const data_string *)array_get_element_klen(hctx->env, CONST_STR_LEN("SSL_CLIENT_S_DN_CN")))) {
|
||||
http_header_env_set(r,
|
||||
|
@ -1114,7 +1114,7 @@ URIHANDLER_FUNC(mod_extforward_uri_handler) {
|
|||
|
||||
REQUEST_FUNC(mod_extforward_handle_request_env) {
|
||||
plugin_data *p = p_d;
|
||||
handler_ctx *hctx = r->plugin_ctx[p->id];
|
||||
handler_ctx *hctx = r->con->plugin_ctx[p->id];
|
||||
if (NULL == hctx || NULL == hctx->env) return HANDLER_GO_ON;
|
||||
for (uint32_t i=0; i < hctx->env->used; ++i) {
|
||||
/* note: replaces values which may have been set by mod_openssl
|
||||
|
@ -1131,11 +1131,11 @@ REQUEST_FUNC(mod_extforward_restore) {
|
|||
/* XXX: should change this to not occur at request reset,
|
||||
* but instead at connection reset */
|
||||
plugin_data *p = p_d;
|
||||
handler_ctx *hctx = r->plugin_ctx[p->id];
|
||||
connection * const con = r->con;
|
||||
handler_ctx *hctx = con->plugin_ctx[p->id];
|
||||
|
||||
if (!hctx) return HANDLER_GO_ON;
|
||||
|
||||
connection * const con = r->con;
|
||||
if (NULL != hctx->saved_network_read) {
|
||||
con->network_read = hctx->saved_network_read;
|
||||
hctx->saved_network_read = NULL;
|
||||
|
@ -1152,7 +1152,7 @@ REQUEST_FUNC(mod_extforward_restore) {
|
|||
|
||||
if (NULL == hctx->env) {
|
||||
handler_ctx_free(hctx);
|
||||
r->plugin_ctx[p->id] = NULL;
|
||||
con->plugin_ctx[p->id] = NULL;
|
||||
}
|
||||
|
||||
return HANDLER_GO_ON;
|
||||
|
@ -1161,9 +1161,8 @@ REQUEST_FUNC(mod_extforward_restore) {
|
|||
|
||||
CONNECTION_FUNC(mod_extforward_handle_con_close)
|
||||
{
|
||||
request_st * const r = &con->request;
|
||||
plugin_data *p = p_d;
|
||||
handler_ctx *hctx = r->plugin_ctx[p->id];
|
||||
handler_ctx *hctx = con->plugin_ctx[p->id];
|
||||
if (NULL != hctx) {
|
||||
if (NULL != hctx->saved_network_read) {
|
||||
con->network_read = hctx->saved_network_read;
|
||||
|
@ -1177,7 +1176,7 @@ CONNECTION_FUNC(mod_extforward_handle_con_close)
|
|||
array_free(hctx->env);
|
||||
}
|
||||
handler_ctx_free(hctx);
|
||||
r->plugin_ctx[p->id] = NULL;
|
||||
con->plugin_ctx[p->id] = NULL;
|
||||
}
|
||||
|
||||
return HANDLER_GO_ON;
|
||||
|
@ -1195,7 +1194,7 @@ CONNECTION_FUNC(mod_extforward_handle_con_accept)
|
|||
if (NULL == p->conf.forwarder) return HANDLER_GO_ON;
|
||||
if (is_connection_trusted(con, p)) {
|
||||
handler_ctx *hctx = handler_ctx_init();
|
||||
r->plugin_ctx[p->id] = hctx;
|
||||
con->plugin_ctx[p->id] = hctx;
|
||||
hctx->saved_network_read = con->network_read;
|
||||
con->network_read = mod_extforward_network_read;
|
||||
}
|
||||
|
@ -1606,10 +1605,9 @@ static int mod_extforward_hap_PROXY_v2 (connection * const con,
|
|||
case PP2_TYPE_CRC32C:
|
||||
#endif
|
||||
case PP2_TYPE_SSL: {
|
||||
request_st * const r = &con->request;
|
||||
static const uint32_t zero = 0;
|
||||
handler_ctx *hctx =
|
||||
r->plugin_ctx[mod_extforward_plugin_data_singleton->id];
|
||||
con->plugin_ctx[mod_extforward_plugin_data_singleton->id];
|
||||
struct pp2_tlv_ssl *tlv_ssl =
|
||||
(struct pp2_tlv_ssl *)(void *)((char *)tlv+3);
|
||||
struct pp2_tlv *subtlv = tlv;
|
||||
|
|
|
@ -135,7 +135,7 @@ typedef struct {
|
|||
|
||||
static int ssl_is_init;
|
||||
/* need assigned p->id for deep access of module handler_ctx for connection
|
||||
* i.e. handler_ctx *hctx = r->plugin_ctx[plugin_data_singleton->id]; */
|
||||
* i.e. handler_ctx *hctx = con->plugin_ctx[plugin_data_singleton->id]; */
|
||||
static plugin_data *plugin_data_singleton;
|
||||
#define LOCAL_SEND_BUFSIZE 16384 /* DEFAULT_MAX_RECORD_SIZE */
|
||||
static char *local_send_buffer;
|
||||
|
@ -144,7 +144,6 @@ typedef struct {
|
|||
gnutls_session_t ssl; /* gnutls request/connection context */
|
||||
request_st *r;
|
||||
connection *con;
|
||||
int8_t request_env_patched;
|
||||
int8_t close_notify;
|
||||
uint8_t alpn;
|
||||
int8_t ssl_session_ticket;
|
||||
|
@ -153,6 +152,7 @@ typedef struct {
|
|||
plugin_config conf;
|
||||
unsigned int verify_status;
|
||||
buffer *tmp_buf;
|
||||
log_error_st *errh;
|
||||
gnutls_certificate_credentials_t acme_tls_1_cred;
|
||||
} handler_ctx;
|
||||
|
||||
|
@ -2201,8 +2201,9 @@ SETDEFAULTS_FUNC(mod_gnutls_set_defaults)
|
|||
|
||||
|
||||
static int
|
||||
load_next_chunk (request_st * const r, chunkqueue * const cq, off_t max_bytes,
|
||||
const char ** const data, size_t * const data_len)
|
||||
load_next_chunk (chunkqueue * const cq, off_t max_bytes,
|
||||
const char ** const data, size_t * const data_len,
|
||||
log_error_st * const errh)
|
||||
{
|
||||
chunk *c = cq->first;
|
||||
|
||||
|
@ -2256,7 +2257,7 @@ load_next_chunk (request_st * const r, chunkqueue * const cq, off_t max_bytes,
|
|||
return 0;
|
||||
|
||||
case FILE_CHUNK:
|
||||
if (0 != chunkqueue_open_file_chunk(cq, r->conf.errh)) return -1;
|
||||
if (0 != chunkqueue_open_file_chunk(cq, errh)) return -1;
|
||||
|
||||
{
|
||||
off_t offset, toSend;
|
||||
|
@ -2269,11 +2270,11 @@ load_next_chunk (request_st * const r, chunkqueue * const cq, off_t max_bytes,
|
|||
if (toSend > max_bytes) toSend = max_bytes;
|
||||
|
||||
if (-1 == lseek(c->file.fd, offset, SEEK_SET)) {
|
||||
log_perror(r->conf.errh, __FILE__, __LINE__, "lseek");
|
||||
log_perror(errh, __FILE__, __LINE__, "lseek");
|
||||
return -1;
|
||||
}
|
||||
if (-1 == (toSend = read(c->file.fd, local_send_buffer, toSend))) {
|
||||
log_perror(r->conf.errh, __FILE__, __LINE__, "read");
|
||||
log_perror(errh, __FILE__, __LINE__, "read");
|
||||
return -1;
|
||||
}
|
||||
|
||||
|
@ -2389,8 +2390,7 @@ mod_gnutls_close_notify(handler_ctx *hctx);
|
|||
static int
|
||||
connection_write_cq_ssl (connection *con, chunkqueue *cq, off_t max_bytes)
|
||||
{
|
||||
request_st * const r = &con->request;
|
||||
handler_ctx *hctx = r->plugin_ctx[plugin_data_singleton->id];
|
||||
handler_ctx *hctx = con->plugin_ctx[plugin_data_singleton->id];
|
||||
gnutls_session_t ssl = hctx->ssl;
|
||||
|
||||
if (hctx->pending_write) {
|
||||
|
@ -2417,12 +2417,13 @@ connection_write_cq_ssl (connection *con, chunkqueue *cq, off_t max_bytes)
|
|||
* headers and beginning of files before uncorking.
|
||||
*/
|
||||
|
||||
log_error_st * const errh = hctx->errh;
|
||||
while (max_bytes > 0 && NULL != cq->first) {
|
||||
const char *data;
|
||||
size_t data_len;
|
||||
int wr;
|
||||
|
||||
if (0 != load_next_chunk(r, cq, max_bytes, &data, &data_len)) return -1;
|
||||
if (0 != load_next_chunk(cq,max_bytes,&data,&data_len,errh)) return -1;
|
||||
|
||||
/* gnutls_record_send() copies the data, up to max record size, but if
|
||||
* (temporarily) unable to write the entire record, it is documented
|
||||
|
@ -2482,8 +2483,7 @@ mod_gnutls_ssl_handshake (handler_ctx *hctx)
|
|||
static int
|
||||
connection_read_cq_ssl (connection *con, chunkqueue *cq, off_t max_bytes)
|
||||
{
|
||||
request_st * const r = &con->request;
|
||||
handler_ctx *hctx = r->plugin_ctx[plugin_data_singleton->id];
|
||||
handler_ctx *hctx = con->plugin_ctx[plugin_data_singleton->id];
|
||||
|
||||
UNUSED(max_bytes);
|
||||
|
||||
|
@ -2546,7 +2546,8 @@ CONNECTION_FUNC(mod_gnutls_handle_con_accept)
|
|||
hctx->r = r;
|
||||
hctx->con = con;
|
||||
hctx->tmp_buf = con->srv->tmp_buf;
|
||||
r->plugin_ctx[p->id] = hctx;
|
||||
hctx->errh = r->conf.errh;
|
||||
con->plugin_ctx[p->id] = hctx;
|
||||
|
||||
plugin_ssl_ctx * const s = p->ssl_ctxs + srv_sock->sidx;
|
||||
hctx->ssl_session_ticket = s->ssl_session_ticket;
|
||||
|
@ -2620,9 +2621,8 @@ mod_gnutls_detach(handler_ctx *hctx)
|
|||
|
||||
CONNECTION_FUNC(mod_gnutls_handle_con_shut_wr)
|
||||
{
|
||||
request_st * const r = &con->request;
|
||||
plugin_data *p = p_d;
|
||||
handler_ctx *hctx = r->plugin_ctx[p->id];
|
||||
handler_ctx *hctx = con->plugin_ctx[p->id];
|
||||
if (NULL == hctx) return HANDLER_GO_ON;
|
||||
|
||||
hctx->close_notify = -2;
|
||||
|
@ -2661,14 +2661,13 @@ mod_gnutls_close_notify (handler_ctx *hctx)
|
|||
|
||||
CONNECTION_FUNC(mod_gnutls_handle_con_close)
|
||||
{
|
||||
request_st * const r = &con->request;
|
||||
plugin_data *p = p_d;
|
||||
handler_ctx *hctx = r->plugin_ctx[p->id];
|
||||
handler_ctx *hctx = con->plugin_ctx[p->id];
|
||||
if (NULL != hctx) {
|
||||
con->plugin_ctx[p->id] = NULL;
|
||||
if (1 != hctx->close_notify)
|
||||
mod_gnutls_close_notify(hctx); /*(one final try)*/
|
||||
handler_ctx_free(hctx);
|
||||
r->plugin_ctx[p->id] = NULL;
|
||||
}
|
||||
|
||||
return HANDLER_GO_ON;
|
||||
|
@ -2876,10 +2875,11 @@ http_cgi_ssl_env (request_st * const r, handler_ctx * const hctx)
|
|||
REQUEST_FUNC(mod_gnutls_handle_request_env)
|
||||
{
|
||||
plugin_data *p = p_d;
|
||||
handler_ctx *hctx = r->plugin_ctx[p->id];
|
||||
/* simple flag for request_env_patched */
|
||||
if (r->plugin_ctx[p->id]) return HANDLER_GO_ON;
|
||||
handler_ctx *hctx = r->con->plugin_ctx[p->id];
|
||||
if (NULL == hctx) return HANDLER_GO_ON;
|
||||
if (hctx->request_env_patched) return HANDLER_GO_ON;
|
||||
hctx->request_env_patched = 1;
|
||||
r->plugin_ctx[p->id] = (void *)(uintptr_t)1u;
|
||||
|
||||
http_cgi_ssl_env(r, hctx);
|
||||
if (hctx->conf.ssl_verifyclient) {
|
||||
|
@ -2900,7 +2900,7 @@ REQUEST_FUNC(mod_gnutls_handle_uri_raw)
|
|||
* is enabled with extforward.hap-PROXY = "enable", in which case the
|
||||
* reverse is true: mod_extforward must be loaded after mod_gnutls */
|
||||
plugin_data *p = p_d;
|
||||
handler_ctx *hctx = r->plugin_ctx[p->id];
|
||||
handler_ctx *hctx = r->con->plugin_ctx[p->id];
|
||||
if (NULL == hctx) return HANDLER_GO_ON;
|
||||
|
||||
mod_gnutls_patch_config(r, &hctx->conf);
|
||||
|
@ -2915,10 +2915,7 @@ REQUEST_FUNC(mod_gnutls_handle_uri_raw)
|
|||
REQUEST_FUNC(mod_gnutls_handle_request_reset)
|
||||
{
|
||||
plugin_data *p = p_d;
|
||||
handler_ctx *hctx = r->plugin_ctx[p->id];
|
||||
if (NULL == hctx) return HANDLER_GO_ON;
|
||||
|
||||
hctx->request_env_patched = 0;
|
||||
r->plugin_ctx[p->id] = NULL; /* simple flag for request_env_patched */
|
||||
return HANDLER_GO_ON;
|
||||
}
|
||||
|
||||
|
|
|
@ -421,7 +421,8 @@ mod_maxmind_geoip2 (array * const env, const struct sockaddr * const dst_addr,
|
|||
|
||||
REQUEST_FUNC(mod_maxminddb_request_env_handler)
|
||||
{
|
||||
const sock_addr * const dst_addr = &r->con->dst_addr;
|
||||
connection * const con = r->con;
|
||||
const sock_addr * const dst_addr = &con->dst_addr;
|
||||
const int sa_family = dst_addr->plain.sa_family;
|
||||
if (sa_family != AF_INET && sa_family != AF_INET6) return HANDLER_GO_ON;
|
||||
|
||||
|
@ -431,14 +432,14 @@ REQUEST_FUNC(mod_maxminddb_request_env_handler)
|
|||
/* check that mod_maxmind is activated and env fields were requested */
|
||||
if (!pconf.activate || NULL == pconf.env) return HANDLER_GO_ON;
|
||||
|
||||
array *env = r->plugin_ctx[p->id];
|
||||
array *env = con->plugin_ctx[p->id];
|
||||
if (NULL == env) {
|
||||
env = r->plugin_ctx[p->id] = array_init(pconf.env->used);
|
||||
env = con->plugin_ctx[p->id] = array_init(pconf.env->used);
|
||||
if (pconf.mmdb)
|
||||
mod_maxmind_geoip2(env, (const struct sockaddr *)dst_addr, &pconf);
|
||||
}
|
||||
|
||||
for (size_t i = 0; i < env->used; ++i) {
|
||||
for (uint32_t i = 0; i < env->used; ++i) {
|
||||
/* note: replaces values which may have been set by mod_openssl
|
||||
* (when mod_extforward is listed after mod_openssl in server.modules)*/
|
||||
data_string *ds = (data_string *)env->data[i];
|
||||
|
@ -452,12 +453,11 @@ REQUEST_FUNC(mod_maxminddb_request_env_handler)
|
|||
|
||||
CONNECTION_FUNC(mod_maxminddb_handle_con_close)
|
||||
{
|
||||
request_st * const r = &con->request;
|
||||
plugin_data *p = p_d;
|
||||
array *env = r->plugin_ctx[p->id];
|
||||
array *env = con->plugin_ctx[p->id];
|
||||
if (NULL != env) {
|
||||
array_free(env);
|
||||
r->plugin_ctx[p->id] = NULL;
|
||||
con->plugin_ctx[p->id] = NULL;
|
||||
}
|
||||
|
||||
return HANDLER_GO_ON;
|
||||
|
|
|
@ -172,7 +172,7 @@ typedef struct {
|
|||
|
||||
static int ssl_is_init;
|
||||
/* need assigned p->id for deep access of module handler_ctx for connection
|
||||
* i.e. handler_ctx *hctx = r->plugin_ctx[plugin_data_singleton->id]; */
|
||||
* i.e. handler_ctx *hctx = con->plugin_ctx[plugin_data_singleton->id]; */
|
||||
static plugin_data *plugin_data_singleton;
|
||||
#define LOCAL_SEND_BUFSIZE MBEDTLS_SSL_MAX_CONTENT_LEN
|
||||
static char *local_send_buffer;
|
||||
|
@ -181,13 +181,13 @@ typedef struct {
|
|||
mbedtls_ssl_context ssl; /* mbedtls request/connection context */
|
||||
request_st *r;
|
||||
connection *con;
|
||||
int8_t request_env_patched;
|
||||
int8_t close_notify;
|
||||
unsigned short alpn;
|
||||
int handshake_done;
|
||||
size_t pending_write;
|
||||
plugin_config conf;
|
||||
buffer *tmp_buf;
|
||||
log_error_st *errh;
|
||||
mbedtls_pk_context *acme_tls_1_pkey;
|
||||
mbedtls_x509_crt *acme_tls_1_x509;
|
||||
} handler_ctx;
|
||||
|
@ -1691,8 +1691,9 @@ SETDEFAULTS_FUNC(mod_mbedtls_set_defaults)
|
|||
|
||||
|
||||
static int
|
||||
load_next_chunk (request_st * const r, chunkqueue * const cq, off_t max_bytes,
|
||||
const char ** const data, size_t * const data_len)
|
||||
load_next_chunk (chunkqueue * const cq, off_t max_bytes,
|
||||
const char ** const data, size_t * const data_len,
|
||||
log_error_st * const errh)
|
||||
{
|
||||
chunk *c = cq->first;
|
||||
|
||||
|
@ -1744,7 +1745,7 @@ load_next_chunk (request_st * const r, chunkqueue * const cq, off_t max_bytes,
|
|||
return 0;
|
||||
|
||||
case FILE_CHUNK:
|
||||
if (0 != chunkqueue_open_file_chunk(cq, r->conf.errh)) return -1;
|
||||
if (0 != chunkqueue_open_file_chunk(cq, errh)) return -1;
|
||||
|
||||
{
|
||||
off_t offset, toSend;
|
||||
|
@ -1757,11 +1758,11 @@ load_next_chunk (request_st * const r, chunkqueue * const cq, off_t max_bytes,
|
|||
if (toSend > max_bytes) toSend = max_bytes;
|
||||
|
||||
if (-1 == lseek(c->file.fd, offset, SEEK_SET)) {
|
||||
log_perror(r->conf.errh, __FILE__, __LINE__, "lseek");
|
||||
log_perror(errh, __FILE__, __LINE__, "lseek");
|
||||
return -1;
|
||||
}
|
||||
if (-1 == (toSend = read(c->file.fd, local_send_buffer, toSend))) {
|
||||
log_perror(r->conf.errh, __FILE__, __LINE__, "read");
|
||||
log_perror(errh, __FILE__, __LINE__, "read");
|
||||
return -1;
|
||||
}
|
||||
|
||||
|
@ -1813,8 +1814,7 @@ mod_mbedtls_close_notify(handler_ctx *hctx);
|
|||
static int
|
||||
connection_write_cq_ssl (connection *con, chunkqueue *cq, off_t max_bytes)
|
||||
{
|
||||
request_st * const r = &con->request;
|
||||
handler_ctx *hctx = r->plugin_ctx[plugin_data_singleton->id];
|
||||
handler_ctx *hctx = con->plugin_ctx[plugin_data_singleton->id];
|
||||
mbedtls_ssl_context * const ssl = &hctx->ssl;
|
||||
|
||||
if (hctx->pending_write) {
|
||||
|
@ -1838,12 +1838,13 @@ connection_write_cq_ssl (connection *con, chunkqueue *cq, off_t max_bytes)
|
|||
const int lim = mbedtls_ssl_get_max_out_record_payload(ssl);
|
||||
if (lim < 0) return mod_mbedtls_ssl_write_err(con, hctx, lim, 0);
|
||||
|
||||
log_error_st * const errh = hctx->errh;
|
||||
while (max_bytes > 0 && NULL != cq->first) {
|
||||
const char *data;
|
||||
size_t data_len;
|
||||
int wr;
|
||||
|
||||
if (0 != load_next_chunk(r, cq, max_bytes, &data, &data_len)) return -1;
|
||||
if (0 != load_next_chunk(cq,max_bytes,&data,&data_len,errh)) return -1;
|
||||
|
||||
/* mbedtls_ssl_write() copies the data, up to max record size, but if
|
||||
* (temporarily) unable to write the entire record, it is documented
|
||||
|
@ -1992,8 +1993,7 @@ mod_mbedtls_ssl_handshake (handler_ctx *hctx)
|
|||
static int
|
||||
connection_read_cq_ssl (connection *con, chunkqueue *cq, off_t max_bytes)
|
||||
{
|
||||
request_st * const r = &con->request;
|
||||
handler_ctx *hctx = r->plugin_ctx[plugin_data_singleton->id];
|
||||
handler_ctx *hctx = con->plugin_ctx[plugin_data_singleton->id];
|
||||
int len;
|
||||
char *mem = NULL;
|
||||
size_t mem_len = 0;
|
||||
|
@ -2025,6 +2025,7 @@ connection_read_cq_ssl (connection *con, chunkqueue *cq, off_t max_bytes)
|
|||
|
||||
if (len < 0) {
|
||||
int rc = len;
|
||||
request_st * const r = &con->request;
|
||||
switch (rc) {
|
||||
case MBEDTLS_ERR_SSL_WANT_WRITE:
|
||||
con->is_writable = -1;
|
||||
|
@ -2047,7 +2048,7 @@ connection_read_cq_ssl (connection *con, chunkqueue *cq, off_t max_bytes)
|
|||
if (!hctx->conf.ssl_log_noise) return -1;
|
||||
__attribute_fallthrough__
|
||||
default:
|
||||
elog(r->conf.errh, __FILE__, __LINE__, rc, "Reading mbedtls");
|
||||
elog(hctx->errh, __FILE__, __LINE__, rc, "Reading mbedtls");
|
||||
return -1;
|
||||
}
|
||||
} else if (len == 0) {
|
||||
|
@ -2082,7 +2083,8 @@ CONNECTION_FUNC(mod_mbedtls_handle_con_accept)
|
|||
hctx->r = r;
|
||||
hctx->con = con;
|
||||
hctx->tmp_buf = con->srv->tmp_buf;
|
||||
r->plugin_ctx[p->id] = hctx;
|
||||
hctx->errh = r->conf.errh;
|
||||
con->plugin_ctx[p->id] = hctx;
|
||||
|
||||
plugin_ssl_ctx * const s = p->ssl_ctxs + srv_sock->sidx;
|
||||
mbedtls_ssl_init(&hctx->ssl);
|
||||
|
@ -2137,9 +2139,8 @@ mod_mbedtls_detach(handler_ctx *hctx)
|
|||
|
||||
CONNECTION_FUNC(mod_mbedtls_handle_con_shut_wr)
|
||||
{
|
||||
request_st * const r = &con->request;
|
||||
plugin_data *p = p_d;
|
||||
handler_ctx *hctx = r->plugin_ctx[p->id];
|
||||
handler_ctx *hctx = con->plugin_ctx[p->id];
|
||||
if (NULL == hctx) return HANDLER_GO_ON;
|
||||
|
||||
hctx->close_notify = -2;
|
||||
|
@ -2179,14 +2180,13 @@ mod_mbedtls_close_notify (handler_ctx *hctx)
|
|||
|
||||
CONNECTION_FUNC(mod_mbedtls_handle_con_close)
|
||||
{
|
||||
request_st * const r = &con->request;
|
||||
plugin_data *p = p_d;
|
||||
handler_ctx *hctx = r->plugin_ctx[p->id];
|
||||
handler_ctx *hctx = con->plugin_ctx[p->id];
|
||||
if (NULL != hctx) {
|
||||
con->plugin_ctx[p->id] = NULL;
|
||||
if (1 != hctx->close_notify)
|
||||
mod_mbedtls_close_notify(hctx); /*(one final try)*/
|
||||
handler_ctx_free(hctx);
|
||||
r->plugin_ctx[p->id] = NULL;
|
||||
}
|
||||
|
||||
return HANDLER_GO_ON;
|
||||
|
@ -2371,10 +2371,11 @@ http_cgi_ssl_env (request_st * const r, handler_ctx * const hctx)
|
|||
REQUEST_FUNC(mod_mbedtls_handle_request_env)
|
||||
{
|
||||
plugin_data *p = p_d;
|
||||
handler_ctx *hctx = r->plugin_ctx[p->id];
|
||||
/* simple flag for request_env_patched */
|
||||
if (r->plugin_ctx[p->id]) return HANDLER_GO_ON;
|
||||
handler_ctx *hctx = r->con->plugin_ctx[p->id];
|
||||
if (NULL == hctx) return HANDLER_GO_ON;
|
||||
if (hctx->request_env_patched) return HANDLER_GO_ON;
|
||||
hctx->request_env_patched = 1;
|
||||
r->plugin_ctx[p->id] = (void *)(uintptr_t)1u;
|
||||
|
||||
http_cgi_ssl_env(r, hctx);
|
||||
if (hctx->conf.ssl_verifyclient) {
|
||||
|
@ -2395,7 +2396,7 @@ REQUEST_FUNC(mod_mbedtls_handle_uri_raw)
|
|||
* is enabled with extforward.hap-PROXY = "enable", in which case the
|
||||
* reverse is true: mod_extforward must be loaded after mod_mbedtls */
|
||||
plugin_data *p = p_d;
|
||||
handler_ctx *hctx = r->plugin_ctx[p->id];
|
||||
handler_ctx *hctx = r->con->plugin_ctx[p->id];
|
||||
if (NULL == hctx) return HANDLER_GO_ON;
|
||||
|
||||
mod_mbedtls_patch_config(r, &hctx->conf);
|
||||
|
@ -2410,10 +2411,7 @@ REQUEST_FUNC(mod_mbedtls_handle_uri_raw)
|
|||
REQUEST_FUNC(mod_mbedtls_handle_request_reset)
|
||||
{
|
||||
plugin_data *p = p_d;
|
||||
handler_ctx *hctx = r->plugin_ctx[p->id];
|
||||
if (NULL == hctx) return HANDLER_GO_ON;
|
||||
|
||||
hctx->request_env_patched = 0;
|
||||
r->plugin_ctx[p->id] = NULL; /* simple flag for request_env_patched */
|
||||
return HANDLER_GO_ON;
|
||||
}
|
||||
|
||||
|
|
|
@ -178,7 +178,7 @@ typedef struct {
|
|||
|
||||
static int ssl_is_init;
|
||||
/* need assigned p->id for deep access of module handler_ctx for connection
|
||||
* i.e. handler_ctx *hctx = r->plugin_ctx[plugin_data_singleton->id]; */
|
||||
* i.e. handler_ctx *hctx = con->plugin_ctx[plugin_data_singleton->id]; */
|
||||
static plugin_data *plugin_data_singleton;
|
||||
#define LOCAL_SEND_BUFSIZE 16384 /* DEFAULT_MAX_RECORD_SIZE */
|
||||
static char *local_send_buffer;
|
||||
|
@ -187,7 +187,6 @@ typedef struct {
|
|||
PRFileDesc *ssl;
|
||||
request_st *r;
|
||||
connection *con;
|
||||
int8_t request_env_patched;
|
||||
int8_t close_notify;
|
||||
uint8_t alpn;
|
||||
int8_t ssl_session_ticket;
|
||||
|
@ -196,6 +195,7 @@ typedef struct {
|
|||
plugin_config conf;
|
||||
int verify_status;
|
||||
buffer *tmp_buf;
|
||||
log_error_st *errh;
|
||||
} handler_ctx;
|
||||
|
||||
|
||||
|
@ -2032,8 +2032,9 @@ SETDEFAULTS_FUNC(mod_nss_set_defaults)
|
|||
|
||||
|
||||
static int
|
||||
load_next_chunk (request_st * const r, chunkqueue * const cq, off_t max_bytes,
|
||||
const char ** const data, size_t * const data_len)
|
||||
load_next_chunk (chunkqueue * const cq, off_t max_bytes,
|
||||
const char ** const data, size_t * const data_len,
|
||||
log_error_st * const errh)
|
||||
{
|
||||
chunk *c = cq->first;
|
||||
|
||||
|
@ -2085,7 +2086,7 @@ load_next_chunk (request_st * const r, chunkqueue * const cq, off_t max_bytes,
|
|||
return 0;
|
||||
|
||||
case FILE_CHUNK:
|
||||
if (0 != chunkqueue_open_file_chunk(cq, r->conf.errh)) return -1;
|
||||
if (0 != chunkqueue_open_file_chunk(cq, errh)) return -1;
|
||||
|
||||
{
|
||||
off_t offset, toSend;
|
||||
|
@ -2098,11 +2099,11 @@ load_next_chunk (request_st * const r, chunkqueue * const cq, off_t max_bytes,
|
|||
if (toSend > max_bytes) toSend = max_bytes;
|
||||
|
||||
if (-1 == lseek(c->file.fd, offset, SEEK_SET)) {
|
||||
log_perror(r->conf.errh, __FILE__, __LINE__, "lseek");
|
||||
log_perror(errh, __FILE__, __LINE__, "lseek");
|
||||
return -1;
|
||||
}
|
||||
if (-1 == (toSend = read(c->file.fd, local_send_buffer, toSend))) {
|
||||
log_perror(r->conf.errh, __FILE__, __LINE__, "read");
|
||||
log_perror(errh, __FILE__, __LINE__, "read");
|
||||
return -1;
|
||||
}
|
||||
|
||||
|
@ -2158,7 +2159,7 @@ mod_nss_read_err(connection *con, handler_ctx *hctx)
|
|||
if (!hctx->conf.ssl_log_noise) return -1;
|
||||
__attribute_fallthrough__
|
||||
default:
|
||||
elog(hctx->r->conf.errh, __FILE__, __LINE__, __func__);
|
||||
elog(hctx->errh, __FILE__, __LINE__, __func__);
|
||||
return -1;
|
||||
}
|
||||
}
|
||||
|
@ -2171,9 +2172,9 @@ mod_nss_close_notify(handler_ctx *hctx);
|
|||
static int
|
||||
connection_write_cq_ssl (connection *con, chunkqueue *cq, off_t max_bytes)
|
||||
{
|
||||
request_st * const r = &con->request;
|
||||
handler_ctx *hctx = r->plugin_ctx[plugin_data_singleton->id];
|
||||
handler_ctx *hctx = con->plugin_ctx[plugin_data_singleton->id];
|
||||
PRFileDesc *ssl = hctx->ssl;
|
||||
log_error_st * const errh = hctx->errh;
|
||||
|
||||
if (0 != hctx->close_notify) return mod_nss_close_notify(hctx);
|
||||
|
||||
|
@ -2188,7 +2189,7 @@ connection_write_cq_ssl (connection *con, chunkqueue *cq, off_t max_bytes)
|
|||
size_t data_len;
|
||||
int wr;
|
||||
|
||||
if (0 != load_next_chunk(r, cq, max_bytes, &data, &data_len)) return -1;
|
||||
if (0 != load_next_chunk(cq,max_bytes,&data,&data_len,errh)) return -1;
|
||||
|
||||
/*(if partial write occurred, expect that subsequent writes will have
|
||||
* at least that much data available from load_next_chunk(), which is
|
||||
|
@ -2242,8 +2243,7 @@ mod_nss_SSLHandshakeCallback (PRFileDesc *fd, void *arg)
|
|||
static int
|
||||
connection_read_cq_ssl (connection *con, chunkqueue *cq, off_t max_bytes)
|
||||
{
|
||||
request_st * const r = &con->request;
|
||||
handler_ctx *hctx = r->plugin_ctx[plugin_data_singleton->id];
|
||||
handler_ctx *hctx = con->plugin_ctx[plugin_data_singleton->id];
|
||||
|
||||
UNUSED(max_bytes);
|
||||
|
||||
|
@ -2305,7 +2305,8 @@ CONNECTION_FUNC(mod_nss_handle_con_accept)
|
|||
hctx->r = r;
|
||||
hctx->con = con;
|
||||
hctx->tmp_buf = con->srv->tmp_buf;
|
||||
r->plugin_ctx[p->id] = hctx;
|
||||
hctx->errh = r->conf.errh;
|
||||
con->plugin_ctx[p->id] = hctx;
|
||||
|
||||
plugin_ssl_ctx * const s = p->ssl_ctxs + srv_sock->sidx;
|
||||
hctx->ssl_session_ticket = s->ssl_session_ticket;
|
||||
|
@ -2399,9 +2400,8 @@ mod_nss_detach(handler_ctx *hctx)
|
|||
|
||||
CONNECTION_FUNC(mod_nss_handle_con_shut_wr)
|
||||
{
|
||||
request_st * const r = &con->request;
|
||||
plugin_data *p = p_d;
|
||||
handler_ctx *hctx = r->plugin_ctx[p->id];
|
||||
handler_ctx *hctx = con->plugin_ctx[p->id];
|
||||
if (NULL == hctx) return HANDLER_GO_ON;
|
||||
|
||||
hctx->close_notify = -2;
|
||||
|
@ -2438,14 +2438,13 @@ mod_nss_close_notify (handler_ctx *hctx)
|
|||
|
||||
CONNECTION_FUNC(mod_nss_handle_con_close)
|
||||
{
|
||||
request_st * const r = &con->request;
|
||||
plugin_data *p = p_d;
|
||||
handler_ctx *hctx = r->plugin_ctx[p->id];
|
||||
handler_ctx *hctx = con->plugin_ctx[p->id];
|
||||
if (NULL != hctx) {
|
||||
con->plugin_ctx[p->id] = NULL;
|
||||
if (1 != hctx->close_notify)
|
||||
mod_nss_close_notify(hctx); /*(one final try)*/
|
||||
handler_ctx_free(hctx);
|
||||
r->plugin_ctx[p->id] = NULL;
|
||||
}
|
||||
|
||||
return HANDLER_GO_ON;
|
||||
|
@ -2638,10 +2637,11 @@ http_cgi_ssl_env (request_st * const r, handler_ctx * const hctx)
|
|||
REQUEST_FUNC(mod_nss_handle_request_env)
|
||||
{
|
||||
plugin_data *p = p_d;
|
||||
handler_ctx *hctx = r->plugin_ctx[p->id];
|
||||
/* simple flag for request_env_patched */
|
||||
if (r->plugin_ctx[p->id]) return HANDLER_GO_ON;
|
||||
handler_ctx *hctx = r->con->plugin_ctx[p->id];
|
||||
if (NULL == hctx) return HANDLER_GO_ON;
|
||||
if (hctx->request_env_patched) return HANDLER_GO_ON;
|
||||
hctx->request_env_patched = 1;
|
||||
r->plugin_ctx[p->id] = (void *)(uintptr_t)1u;
|
||||
|
||||
http_cgi_ssl_env(r, hctx);
|
||||
if (hctx->conf.ssl_verifyclient) {
|
||||
|
@ -2662,7 +2662,7 @@ REQUEST_FUNC(mod_nss_handle_uri_raw)
|
|||
* is enabled with extforward.hap-PROXY = "enable", in which case the
|
||||
* reverse is true: mod_extforward must be loaded after mod_nss */
|
||||
plugin_data *p = p_d;
|
||||
handler_ctx *hctx = r->plugin_ctx[p->id];
|
||||
handler_ctx *hctx = r->con->plugin_ctx[p->id];
|
||||
if (NULL == hctx) return HANDLER_GO_ON;
|
||||
|
||||
mod_nss_patch_config(r, &hctx->conf);
|
||||
|
@ -2677,10 +2677,7 @@ REQUEST_FUNC(mod_nss_handle_uri_raw)
|
|||
REQUEST_FUNC(mod_nss_handle_request_reset)
|
||||
{
|
||||
plugin_data *p = p_d;
|
||||
handler_ctx *hctx = r->plugin_ctx[p->id];
|
||||
if (NULL == hctx) return HANDLER_GO_ON;
|
||||
|
||||
hctx->request_env_patched = 0;
|
||||
r->plugin_ctx[p->id] = NULL; /* simple flag for request_env_patched */
|
||||
return HANDLER_GO_ON;
|
||||
}
|
||||
|
||||
|
|
|
@ -240,7 +240,7 @@ typedef struct {
|
|||
|
||||
static int ssl_is_init;
|
||||
/* need assigned p->id for deep access of module handler_ctx for connection
|
||||
* i.e. handler_ctx *hctx = r->plugin_ctx[plugin_data_singleton->id]; */
|
||||
* i.e. handler_ctx *hctx = con->plugin_ctx[plugin_data_singleton->id]; */
|
||||
static plugin_data *plugin_data_singleton;
|
||||
#define LOCAL_SEND_BUFSIZE (16 * 1024)
|
||||
static char *local_send_buffer;
|
||||
|
@ -251,10 +251,10 @@ typedef struct {
|
|||
connection *con;
|
||||
short renegotiations; /* count of SSL_CB_HANDSHAKE_START */
|
||||
short close_notify;
|
||||
unsigned short request_env_patched;
|
||||
unsigned short alpn;
|
||||
plugin_config conf;
|
||||
buffer *tmp_buf;
|
||||
log_error_st *errh;
|
||||
} handler_ctx;
|
||||
|
||||
|
||||
|
@ -3518,8 +3518,9 @@ SETDEFAULTS_FUNC(mod_openssl_set_defaults)
|
|||
|
||||
|
||||
static int
|
||||
load_next_chunk (request_st * const r, chunkqueue * const cq, off_t max_bytes,
|
||||
const char ** const data, size_t * const data_len)
|
||||
load_next_chunk (chunkqueue * const cq, off_t max_bytes,
|
||||
const char ** const data, size_t * const data_len,
|
||||
log_error_st * const errh)
|
||||
{
|
||||
chunk *c = cq->first;
|
||||
|
||||
|
@ -3576,7 +3577,7 @@ load_next_chunk (request_st * const r, chunkqueue * const cq, off_t max_bytes,
|
|||
return 0;
|
||||
|
||||
case FILE_CHUNK:
|
||||
if (0 != chunkqueue_open_file_chunk(cq, r->conf.errh)) return -1;
|
||||
if (0 != chunkqueue_open_file_chunk(cq, errh)) return -1;
|
||||
|
||||
{
|
||||
off_t offset, toSend;
|
||||
|
@ -3589,11 +3590,11 @@ load_next_chunk (request_st * const r, chunkqueue * const cq, off_t max_bytes,
|
|||
if (toSend > max_bytes) toSend = max_bytes;
|
||||
|
||||
if (-1 == lseek(c->file.fd, offset, SEEK_SET)) {
|
||||
log_perror(r->conf.errh, __FILE__, __LINE__, "lseek");
|
||||
log_perror(errh, __FILE__, __LINE__, "lseek");
|
||||
return -1;
|
||||
}
|
||||
if (-1 == (toSend = read(c->file.fd, local_send_buffer, toSend))) {
|
||||
log_perror(r->conf.errh, __FILE__, __LINE__, "read");
|
||||
log_perror(errh, __FILE__, __LINE__, "read");
|
||||
return -1;
|
||||
}
|
||||
|
||||
|
@ -3614,9 +3615,9 @@ mod_openssl_close_notify(handler_ctx *hctx);
|
|||
static int
|
||||
connection_write_cq_ssl (connection *con, chunkqueue *cq, off_t max_bytes)
|
||||
{
|
||||
request_st * const r = &con->request;
|
||||
handler_ctx *hctx = r->plugin_ctx[plugin_data_singleton->id];
|
||||
handler_ctx *hctx = con->plugin_ctx[plugin_data_singleton->id];
|
||||
SSL *ssl = hctx->ssl;
|
||||
log_error_st * const errh = hctx->errh;
|
||||
|
||||
if (0 != hctx->close_notify) return mod_openssl_close_notify(hctx);
|
||||
|
||||
|
@ -3627,7 +3628,7 @@ connection_write_cq_ssl (connection *con, chunkqueue *cq, off_t max_bytes)
|
|||
size_t data_len;
|
||||
int wr;
|
||||
|
||||
if (0 != load_next_chunk(r, cq, max_bytes, &data, &data_len)) return -1;
|
||||
if (0 != load_next_chunk(cq,max_bytes,&data,&data_len,errh)) return -1;
|
||||
|
||||
/**
|
||||
* SSL_write man-page
|
||||
|
@ -3643,7 +3644,7 @@ connection_write_cq_ssl (connection *con, chunkqueue *cq, off_t max_bytes)
|
|||
|
||||
if (hctx->renegotiations > 1
|
||||
&& hctx->conf.ssl_disable_client_renegotiation) {
|
||||
log_error(r->conf.errh, __FILE__, __LINE__,
|
||||
log_error(errh, __FILE__, __LINE__,
|
||||
"SSL: renegotiation initiated by client, killing connection");
|
||||
return -1;
|
||||
}
|
||||
|
@ -3663,7 +3664,7 @@ connection_write_cq_ssl (connection *con, chunkqueue *cq, off_t max_bytes)
|
|||
/* perhaps we have error waiting in our error-queue */
|
||||
if (0 != (err = ERR_get_error())) {
|
||||
do {
|
||||
log_error(r->conf.errh, __FILE__, __LINE__,
|
||||
log_error(errh, __FILE__, __LINE__,
|
||||
"SSL: %d %d %s",ssl_r,wr,ERR_error_string(err,NULL));
|
||||
} while((err = ERR_get_error()));
|
||||
} else if (wr == -1) {
|
||||
|
@ -3673,13 +3674,13 @@ connection_write_cq_ssl (connection *con, chunkqueue *cq, off_t max_bytes)
|
|||
case ECONNRESET:
|
||||
return -2;
|
||||
default:
|
||||
log_perror(r->conf.errh, __FILE__, __LINE__,
|
||||
log_perror(errh, __FILE__, __LINE__,
|
||||
"SSL: %d %d", ssl_r, wr);
|
||||
break;
|
||||
}
|
||||
} else {
|
||||
/* neither error-queue nor errno ? */
|
||||
log_perror(r->conf.errh, __FILE__, __LINE__,
|
||||
log_perror(errh, __FILE__, __LINE__,
|
||||
"SSL (error): %d %d", ssl_r, wr);
|
||||
}
|
||||
break;
|
||||
|
@ -3692,7 +3693,7 @@ connection_write_cq_ssl (connection *con, chunkqueue *cq, off_t max_bytes)
|
|||
/* fall through */
|
||||
default:
|
||||
while((err = ERR_get_error())) {
|
||||
log_error(r->conf.errh, __FILE__, __LINE__,
|
||||
log_error(errh, __FILE__, __LINE__,
|
||||
"SSL: %d %d %s", ssl_r, wr, ERR_error_string(err, NULL));
|
||||
}
|
||||
break;
|
||||
|
@ -3713,8 +3714,7 @@ connection_write_cq_ssl (connection *con, chunkqueue *cq, off_t max_bytes)
|
|||
static int
|
||||
connection_read_cq_ssl (connection *con, chunkqueue *cq, off_t max_bytes)
|
||||
{
|
||||
request_st * const r = &con->request;
|
||||
handler_ctx *hctx = r->plugin_ctx[plugin_data_singleton->id];
|
||||
handler_ctx *hctx = con->plugin_ctx[plugin_data_singleton->id];
|
||||
int len;
|
||||
char *mem = NULL;
|
||||
size_t mem_len = 0;
|
||||
|
@ -3740,7 +3740,7 @@ connection_read_cq_ssl (connection *con, chunkqueue *cq, off_t max_bytes)
|
|||
|
||||
if (hctx->renegotiations > 1
|
||||
&& hctx->conf.ssl_disable_client_renegotiation) {
|
||||
log_error(r->conf.errh, __FILE__, __LINE__,
|
||||
log_error(hctx->errh, __FILE__, __LINE__,
|
||||
"SSL: renegotiation initiated by client, killing connection");
|
||||
return -1;
|
||||
}
|
||||
|
@ -3794,7 +3794,7 @@ connection_read_cq_ssl (connection *con, chunkqueue *cq, off_t max_bytes)
|
|||
*/
|
||||
while((ssl_err = ERR_get_error())) {
|
||||
/* get all errors from the error-queue */
|
||||
log_error(r->conf.errh, __FILE__, __LINE__,
|
||||
log_error(hctx->errh, __FILE__, __LINE__,
|
||||
"SSL: %d %s", rc, ERR_error_string(ssl_err, NULL));
|
||||
}
|
||||
|
||||
|
@ -3811,7 +3811,7 @@ connection_read_cq_ssl (connection *con, chunkqueue *cq, off_t max_bytes)
|
|||
if (0==oerrno && 0==cq->bytes_in && !hctx->conf.ssl_log_noise)
|
||||
break;
|
||||
|
||||
log_error(r->conf.errh, __FILE__, __LINE__,
|
||||
log_error(hctx->errh, __FILE__, __LINE__,
|
||||
"SSL: %d %d %d %s", len, rc, oerrno, strerror(oerrno));
|
||||
break;
|
||||
}
|
||||
|
@ -3847,7 +3847,7 @@ connection_read_cq_ssl (connection *con, chunkqueue *cq, off_t max_bytes)
|
|||
break;
|
||||
}
|
||||
/* get all errors from the error-queue */
|
||||
log_error(r->conf.errh, __FILE__, __LINE__,
|
||||
log_error(hctx->errh, __FILE__, __LINE__,
|
||||
"SSL: %d %s", rc, ERR_error_string(ssl_err, NULL));
|
||||
}
|
||||
break;
|
||||
|
@ -3875,7 +3875,8 @@ CONNECTION_FUNC(mod_openssl_handle_con_accept)
|
|||
hctx->r = r;
|
||||
hctx->con = con;
|
||||
hctx->tmp_buf = con->srv->tmp_buf;
|
||||
r->plugin_ctx[p->id] = hctx;
|
||||
hctx->errh = r->conf.errh;
|
||||
con->plugin_ctx[p->id] = hctx;
|
||||
|
||||
plugin_ssl_ctx * const s = p->ssl_ctxs + srv_sock->sidx;
|
||||
hctx->ssl = SSL_new(s->ssl_ctx);
|
||||
|
@ -3912,9 +3913,8 @@ mod_openssl_detach(handler_ctx *hctx)
|
|||
|
||||
CONNECTION_FUNC(mod_openssl_handle_con_shut_wr)
|
||||
{
|
||||
request_st * const r = &con->request;
|
||||
plugin_data *p = p_d;
|
||||
handler_ctx *hctx = r->plugin_ctx[p->id];
|
||||
handler_ctx *hctx = con->plugin_ctx[p->id];
|
||||
if (NULL == hctx) return HANDLER_GO_ON;
|
||||
|
||||
hctx->close_notify = -2;
|
||||
|
@ -4039,12 +4039,11 @@ mod_openssl_close_notify(handler_ctx *hctx)
|
|||
|
||||
CONNECTION_FUNC(mod_openssl_handle_con_close)
|
||||
{
|
||||
request_st * const r = &con->request;
|
||||
plugin_data *p = p_d;
|
||||
handler_ctx *hctx = r->plugin_ctx[p->id];
|
||||
handler_ctx *hctx = con->plugin_ctx[p->id];
|
||||
if (NULL != hctx) {
|
||||
con->plugin_ctx[p->id] = NULL;
|
||||
handler_ctx_free(hctx);
|
||||
r->plugin_ctx[p->id] = NULL;
|
||||
}
|
||||
|
||||
return HANDLER_GO_ON;
|
||||
|
@ -4217,10 +4216,11 @@ http_cgi_ssl_env (request_st * const r, handler_ctx * const hctx)
|
|||
REQUEST_FUNC(mod_openssl_handle_request_env)
|
||||
{
|
||||
plugin_data *p = p_d;
|
||||
handler_ctx *hctx = r->plugin_ctx[p->id];
|
||||
/* simple flag for request_env_patched */
|
||||
if (r->plugin_ctx[p->id]) return HANDLER_GO_ON;
|
||||
handler_ctx *hctx = r->con->plugin_ctx[p->id];
|
||||
if (NULL == hctx) return HANDLER_GO_ON;
|
||||
if (hctx->request_env_patched) return HANDLER_GO_ON;
|
||||
hctx->request_env_patched = 1;
|
||||
r->plugin_ctx[p->id] = (void *)(uintptr_t)1u;
|
||||
|
||||
http_cgi_ssl_env(r, hctx);
|
||||
if (hctx->conf.ssl_verifyclient) {
|
||||
|
@ -4241,7 +4241,7 @@ REQUEST_FUNC(mod_openssl_handle_uri_raw)
|
|||
* is enabled with extforward.hap-PROXY = "enable", in which case the
|
||||
* reverse is true: mod_extforward must be loaded after mod_openssl */
|
||||
plugin_data *p = p_d;
|
||||
handler_ctx *hctx = r->plugin_ctx[p->id];
|
||||
handler_ctx *hctx = r->con->plugin_ctx[p->id];
|
||||
if (NULL == hctx) return HANDLER_GO_ON;
|
||||
|
||||
mod_openssl_patch_config(r, &hctx->conf);
|
||||
|
@ -4256,10 +4256,7 @@ REQUEST_FUNC(mod_openssl_handle_uri_raw)
|
|||
REQUEST_FUNC(mod_openssl_handle_request_reset)
|
||||
{
|
||||
plugin_data *p = p_d;
|
||||
handler_ctx *hctx = r->plugin_ctx[p->id];
|
||||
if (NULL == hctx) return HANDLER_GO_ON;
|
||||
|
||||
hctx->request_env_patched = 0;
|
||||
r->plugin_ctx[p->id] = NULL; /* simple flag for request_env_patched */
|
||||
return HANDLER_GO_ON;
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in New Issue