[core] new plugin hooks to help isolate SSL

handle_request_env        (called on demand by handlers to populate env)
handle_connection_accept
handle_connection_shut_wr (was handle_connection_close)
handle_connection_close   (now occurs at socket close())

src/base.h

@@ -684,6 +684,7 @@ typedef struct server {
 	fdevent_handler_t event_handler;
 
 	int (* network_backend_write)(struct server *srv, connection *con, int fd, chunkqueue *cq, off_t max_bytes);
+	handler_t (* request_env)(struct server *srv, connection *con);
 
 	uid_t uid;
 	gid_t gid;

src/connections.c

@@ -126,6 +126,7 @@ static int connection_close(server *srv, connection *con) {
 		con->ssl = NULL;
 	}
 #endif
+	plugins_call_handle_connection_close(srv, con);
 
 	fdevent_event_del(srv->ev, &(con->fde_ndx), con->fd);
 	fdevent_unregister(srv->ev, con->fd);
@@ -186,8 +187,6 @@ static void connection_handle_close_state(server *srv, connection *con) {
 }
 
 static void connection_handle_shutdown(server *srv, connection *con) {
-	int r;
-
 #ifdef USE_OPENSSL
 	server_socket *srv_sock = con->srv_socket;
 	if (srv_sock->is_ssl && SSL_is_init_finished(con->ssl)) {
@@ -252,15 +251,7 @@ static void connection_handle_shutdown(server *srv, connection *con) {
 		ERR_clear_error();
 	}
 #endif
-
-	switch(r = plugins_call_handle_connection_close(srv, con)) {
-	case HANDLER_GO_ON:
-	case HANDLER_FINISHED:
-		break;
-	default:
-		log_error_write(srv, __FILE__, __LINE__, "sd", "unhandling return value", r);
-		break;
-	}
+	plugins_call_handle_connection_shut_wr(srv, con);
 
 	srv->con_closed++;
 	connection_reset(srv, con);
@@ -1105,6 +1096,10 @@ connection *connection_accepted(server *srv, server_socket *srv_socket, sock_add
 			}
 		}
 #endif
+		if (HANDLER_GO_ON != plugins_call_handle_connection_accept(srv, con)) {
+			connection_close(srv, con);
+			return NULL;
+		}
 		return con;
 }
 

src/http-header-glue.c

@@ -1006,6 +1006,7 @@ int http_cgi_headers (server *srv, connection *con, http_cgi_opts *opts, http_cg
         }
     }
 
+    srv->request_env(srv, con);
   #ifdef USE_OPENSSL
     if (con->ssl) http_cgi_ssl_env(srv, con);
   #endif

src/mod_magnet.c

@@ -1030,6 +1030,7 @@ static handler_t magnet_attract_array(server *srv, connection *con, plugin_data
 	/* no filename set */
 	if (files->used == 0) return HANDLER_GO_ON;
 
+	srv->request_env(srv, con);
       #ifdef USE_OPENSSL
 	if (con->ssl) http_cgi_ssl_env(srv, con);
       #endif

src/plugin.c

@@ -34,7 +34,10 @@ typedef enum {
 
 	PLUGIN_FUNC_HANDLE_URI_CLEAN,
 	PLUGIN_FUNC_HANDLE_URI_RAW,
+	PLUGIN_FUNC_HANDLE_REQUEST_ENV,
 	PLUGIN_FUNC_HANDLE_REQUEST_DONE,
+	PLUGIN_FUNC_HANDLE_CONNECTION_ACCEPT,
+	PLUGIN_FUNC_HANDLE_CONNECTION_SHUT_WR,
 	PLUGIN_FUNC_HANDLE_CONNECTION_CLOSE,
 	PLUGIN_FUNC_HANDLE_TRIGGER,
 	PLUGIN_FUNC_HANDLE_SIGHUP,
@@ -329,7 +332,10 @@ int plugins_load(server *srv) {
 
 PLUGIN_TO_SLOT(PLUGIN_FUNC_HANDLE_URI_CLEAN, handle_uri_clean)
 PLUGIN_TO_SLOT(PLUGIN_FUNC_HANDLE_URI_RAW, handle_uri_raw)
+PLUGIN_TO_SLOT(PLUGIN_FUNC_HANDLE_REQUEST_ENV, handle_request_env)
 PLUGIN_TO_SLOT(PLUGIN_FUNC_HANDLE_REQUEST_DONE, handle_request_done)
+PLUGIN_TO_SLOT(PLUGIN_FUNC_HANDLE_CONNECTION_ACCEPT, handle_connection_accept)
+PLUGIN_TO_SLOT(PLUGIN_FUNC_HANDLE_CONNECTION_SHUT_WR, handle_connection_shut_wr)
 PLUGIN_TO_SLOT(PLUGIN_FUNC_HANDLE_CONNECTION_CLOSE, handle_connection_close)
 PLUGIN_TO_SLOT(PLUGIN_FUNC_HANDLE_SUBREQUEST, handle_subrequest)
 PLUGIN_TO_SLOT(PLUGIN_FUNC_HANDLE_SUBREQUEST_START, handle_subrequest_start)
@@ -458,7 +464,10 @@ handler_t plugins_call_init(server *srv) {
 
 		PLUGIN_TO_SLOT(PLUGIN_FUNC_HANDLE_URI_CLEAN, handle_uri_clean);
 		PLUGIN_TO_SLOT(PLUGIN_FUNC_HANDLE_URI_RAW, handle_uri_raw);
+		PLUGIN_TO_SLOT(PLUGIN_FUNC_HANDLE_REQUEST_ENV, handle_request_env);
 		PLUGIN_TO_SLOT(PLUGIN_FUNC_HANDLE_REQUEST_DONE, handle_request_done);
+		PLUGIN_TO_SLOT(PLUGIN_FUNC_HANDLE_CONNECTION_ACCEPT, handle_connection_accept);
+		PLUGIN_TO_SLOT(PLUGIN_FUNC_HANDLE_CONNECTION_SHUT_WR, handle_connection_shut_wr);
 		PLUGIN_TO_SLOT(PLUGIN_FUNC_HANDLE_CONNECTION_CLOSE, handle_connection_close);
 		PLUGIN_TO_SLOT(PLUGIN_FUNC_HANDLE_TRIGGER, handle_trigger);
 		PLUGIN_TO_SLOT(PLUGIN_FUNC_HANDLE_SIGHUP, handle_sighup);

src/plugin.h

@@ -42,8 +42,11 @@ typedef struct {
 	handler_t (* handle_uri_clean)       (server *srv, connection *con, void *p_d);    /* after uri is set */
 	handler_t (* handle_docroot)         (server *srv, connection *con, void *p_d);    /* getting the document-root */
 	handler_t (* handle_physical)        (server *srv, connection *con, void *p_d);    /* mapping url to physical path */
+	handler_t (* handle_request_env)     (server *srv, connection *con, void *p_d);    /* (deferred env populate) */
 	handler_t (* handle_request_done)    (server *srv, connection *con, void *p_d);    /* at the end of a request */
-	handler_t (* handle_connection_close)(server *srv, connection *con, void *p_d);    /* at the end of a connection */
+	handler_t (* handle_connection_accept) (server *srv, connection *con, void *p_d);  /* after accept() socket */
+	handler_t (* handle_connection_shut_wr)(server *srv, connection *con, void *p_d);  /* done writing to socket */
+	handler_t (* handle_connection_close)  (server *srv, connection *con, void *p_d);  /* before close() of socket */
 
 
 
@@ -69,9 +72,12 @@ handler_t plugins_call_handle_uri_clean(server *srv, connection *con);
 handler_t plugins_call_handle_subrequest_start(server *srv, connection *con);
 handler_t plugins_call_handle_subrequest(server *srv, connection *con);
 handler_t plugins_call_handle_response_start(server *srv, connection *con);
+handler_t plugins_call_handle_request_env(server *srv, connection *con);
 handler_t plugins_call_handle_request_done(server *srv, connection *con);
 handler_t plugins_call_handle_docroot(server *srv, connection *con);
 handler_t plugins_call_handle_physical(server *srv, connection *con);
+handler_t plugins_call_handle_connection_accept(server *srv, connection *con);
+handler_t plugins_call_handle_connection_shut_wr(server *srv, connection *con);
 handler_t plugins_call_handle_connection_close(server *srv, connection *con);
 handler_t plugins_call_connection_reset(server *srv, connection *con);
 

src/server.c

@@ -277,6 +277,7 @@ static server *server_init(void) {
 	srv->errorlog_mode = ERRORLOG_FD;
 
 	srv->split_vals = array_init();
+	srv->request_env = plugins_call_handle_request_env;
 
 	return srv;
 }