[core] config_get_config_cond_info()

isolate direct use of (data_config *)

src/configfile-glue.c

@@ -25,6 +25,16 @@
  */
 
 
+void config_get_config_cond_info(server *srv, uint32_t idx, config_cond_info *cfginfo) {
+    data_config *dc = (data_config *)srv->config_context->data[idx];
+    cfginfo->comp = dc->comp;
+    cfginfo->cond = dc->cond;
+    cfginfo->string = &dc->string;
+    cfginfo->comp_tag = dc->comp_tag;
+    cfginfo->comp_key = dc->comp_key;
+    cfginfo->op = dc->op;
+}
+
 int config_plugin_values_init(server * const srv, void *p_d, const config_plugin_keys_t * const cpk, const char * const mname) {
     plugin_data_base * const p = (plugin_data_base *)p_d;
     array * const touched = srv->config_touched;

src/configfile.h

@@ -40,6 +40,18 @@ typedef enum {
 	COMP_LAST_ELEMENT
 } comp_key_t;
 
+typedef struct {
+	comp_key_t comp;
+	config_cond_t cond;
+	const buffer *string;
+	const buffer *comp_tag;
+	const buffer *comp_key;
+	const char *op;
+} config_cond_info;
+
+__attribute_cold__
+void config_get_config_cond_info(server *srv, uint32_t idx, config_cond_info *cfginfo);
+
 /* $HTTP["host"] ==    "incremental.home.kneschke.de" { ... }
  * for print:   comp_key      op    string
  * for compare: comp          cond  string/regex

src/mod_openssl.c

@@ -525,21 +525,8 @@ error:
 
 
 static int
-network_openssl_load_pemfile (server *srv, plugin_config *s, size_t ndx)
+network_openssl_load_pemfile (server *srv, plugin_config *s)
 {
-  #ifdef OPENSSL_NO_TLSEXT
-    data_config *dc = (data_config *)srv->config_context->data[ndx];
-    if ((ndx > 0 && (COMP_SERVER_SOCKET != dc->comp
-                     || dc->cond != CONFIG_COND_EQ)) || !s->ssl_enabled) {
-        log_error_write(srv, __FILE__, __LINE__, "ss", "SSL:",
-                        "ssl.pemfile only works in SSL socket binding context "
-                        "as openssl version does not support TLS extensions");
-        return -1;
-    }
-  #else
-    UNUSED(ndx);
-  #endif
-
     s->ssl_pemfile_x509 = x509_load_pem_file(srv, s->ssl_pemfile->ptr);
     if (NULL == s->ssl_pemfile_x509) return -1;
     s->ssl_pemfile_pkey = !buffer_string_is_empty(s->ssl_privkey)
@@ -883,15 +870,21 @@ network_init_ssl (server *srv, void *p_d)
         if (!buffer_string_is_empty(s->ssl_pemfile)) {
           #ifdef OPENSSL_NO_TLSEXT
             data_config *dc = (data_config *)srv->config_context->data[i];
-            if (COMP_HTTP_HOST == dc->comp) {
-                log_error_write(srv, __FILE__, __LINE__, "ss", "SSL:",
-                                "can't use ssl.pemfile with $HTTP[\"host\"], "
-                                "openssl version does not support TLS "
-                                "extensions");
+            if (!s->ssl_enabled
+                || (i > 0 && (COMP_SERVER_SOCKET != dc->comp
+                              || dc->cond != CONFIG_COND_EQ))) {
+                if (COMP_HTTP_HOST == dc->comp)
+                    log_error_write(srv, __FILE__, __LINE__, "ss", "SSL:",
+                      "can't use ssl.pemfile with $HTTP[\"host\"], "
+                      "as openssl version does not support TLS extensions");
+                else
+                    log_error_write(srv, __FILE__, __LINE__, "ss", "SSL:",
+                      "ssl.pemfile only works in SSL socket binding context "
+                      "as openssl version does not support TLS extensions");
                 return -1;
             }
           #endif
-            if (network_openssl_load_pemfile(srv, s, i)) return -1;
+            if (network_openssl_load_pemfile(srv, s)) return -1;
         }
 
 
@@ -1823,29 +1816,23 @@ CONNECTION_FUNC(mod_openssl_handle_con_accept)
     hctx->con = con;
     hctx->srv = srv;
     con->plugin_ctx[p->id] = hctx;
-    mod_openssl_patch_connection(srv, con, hctx);
 
-    /* connect fd to SSL */
     hctx->ssl = SSL_new(p->config_storage[srv_sock->sidx]->ssl_ctx);
-    if (NULL == hctx->ssl) {
-        log_error_write(srv, __FILE__, __LINE__, "ss", "SSL:",
-                        ERR_error_string(ERR_get_error(), NULL));
-        return HANDLER_ERROR;
+    if (NULL != hctx->ssl
+        && SSL_set_app_data(hctx->ssl, hctx)
+        && SSL_set_fd(hctx->ssl, con->fd)) {
+        SSL_set_accept_state(hctx->ssl);
+        con->network_read = connection_read_cq_ssl;
+        con->network_write = connection_write_cq_ssl;
+        buffer_copy_string_len(con->proto, CONST_STR_LEN("https"));
+        mod_openssl_patch_connection(srv, con, hctx);
+        return HANDLER_GO_ON;
     }
-
-    buffer_copy_string_len(con->proto, CONST_STR_LEN("https"));
-    con->network_read = connection_read_cq_ssl;
-    con->network_write = connection_write_cq_ssl;
-    SSL_set_app_data(hctx->ssl, hctx);
-    SSL_set_accept_state(hctx->ssl);
-
-    if (1 != (SSL_set_fd(hctx->ssl, con->fd))) {
-        log_error_write(srv, __FILE__, __LINE__, "ss", "SSL:",
-                        ERR_error_string(ERR_get_error(), NULL));
+    else {
+        log_error(srv->errh, __FILE__, __LINE__,
+          "SSL: %s", ERR_error_string(ERR_get_error(), NULL));
         return HANDLER_ERROR;
     }
-
-    return HANDLER_GO_ON;
 }
 
 

src/mod_rewrite.c

@@ -280,15 +280,19 @@ static handler_t process_rewrite_rules(server *srv, connection *con, plugin_data
 		uintptr_t * const hctx = (uintptr_t *)(con->plugin_ctx + p->id);
 
 		if (((++*hctx) & 0x1FF) > 100) {
-			if (0 == kvb->x0) {
-				log_error_write(srv, __FILE__, __LINE__,  "s",
-						"ENDLESS LOOP IN rewrite-rule DETECTED ... aborting request");
+			if (0 != kvb->x0) {
+				config_cond_info cfginfo;
+				config_get_config_cond_info(srv, kvb->x0, &cfginfo);
+				log_error(con->errh, __FILE__, __LINE__,
+				  "ENDLESS LOOP IN rewrite-rule DETECTED ... aborting request, "
+				  "perhaps you want to use url.rewrite-once instead of "
+				  "url.rewrite-repeat ($%s %s \"%s\")", cfginfo.comp_key->ptr,
+				  cfginfo.op, cfginfo.string->ptr);
 				return HANDLER_ERROR;
 			}
-			data_config *dc = (data_config *)srv->config_context->data[kvb->x0];
-			log_error_write(srv, __FILE__, __LINE__,  "SbsSBS",
-					"ENDLESS LOOP IN rewrite-rule DETECTED ... aborting request, perhaps you want to use url.rewrite-once instead of url.rewrite-repeat ($", dc->comp_key, dc->op, "\"", &dc->string, "\")");
 
+			log_error(con->errh, __FILE__, __LINE__,
+			  "ENDLESS LOOP IN rewrite-rule DETECTED ... aborting request");
 			return HANDLER_ERROR;
 		}
 

src/network.c

@@ -478,25 +478,29 @@ int network_init(server *srv, int stdin_fd) {
 	}
 
 	/* check for $SERVER["socket"] */
-	for (size_t i = 1; i < srv->config_context->used; ++i) {
-		data_config *dc = (data_config *)srv->config_context->data[i];
+	for (uint32_t i = 1; i < srv->config_context->used; ++i) {
+		config_cond_info cfginfo;
+		config_get_config_cond_info(srv, i, &cfginfo);
+		buffer *host_token;
+		*(const buffer **)&host_token = cfginfo.string;
+		/*(cfginfo.string is modified during config)*/
 
 		/* not our stage */
-		if (COMP_SERVER_SOCKET != dc->comp) continue;
+		if (COMP_SERVER_SOCKET != cfginfo.comp) continue;
 
-		if (dc->cond == CONFIG_COND_NE) {
+		if (cfginfo.cond == CONFIG_COND_NE) {
 			socklen_t addr_len = sizeof(sock_addr);
 			sock_addr addr;
-			if (0 != network_host_parse_addr(srv, &addr, &addr_len, &dc->string, srv->config_storage[i]->use_ipv6)) {
+			if (0 != network_host_parse_addr(srv, &addr, &addr_len, host_token, srv->config_storage[i]->use_ipv6)) {
 				return -1;
 			}
-			network_host_normalize_addr_str(&dc->string, &addr);
+			network_host_normalize_addr_str(host_token, &addr);
 			continue;
 		}
 
-		if (dc->cond != CONFIG_COND_EQ) continue;
+		if (cfginfo.cond != CONFIG_COND_EQ) continue;
 
-			if (0 != network_server_init(srv, &dc->string, i, -1)) return -1;
+			if (0 != network_server_init(srv, host_token, i, -1)) return -1;
 	}
 
 	if (srv->srvconf.systemd_socket_activation) {