[Pkg-fedora-ds-maintainers] [libapache2-mod-nss] 92/156: If mod_ssl isn't loaded then register the hooks to mod_proxy so we can do at least secure proxy in front of an unsecure host.
Timo Aaltonen
tjaalton-guest at moszumanska.debian.org
Wed Jul 2 13:55:32 UTC 2014
This is an automated email from the git hooks/post-receive script.
tjaalton-guest pushed a commit to branch master
in repository libapache2-mod-nss.
commit 0c14c8a219244408ac4d4402a55d9c178fcf705c
Author: rcritten <>
Date: Thu Oct 18 18:26:21 2007 +0000
If mod_ssl isn't loaded then register the hooks to mod_proxy so we can
do at least secure proxy in front of an unsecure host.
---
mod_nss.c | 14 ++++++++++++++
mod_nss.h | 10 ++++++++++
nss_engine_vars.c | 15 +++++++++++++++
3 files changed, 39 insertions(+)
diff --git a/mod_nss.c b/mod_nss.c
index 34b528e..abf76f4 100644
--- a/mod_nss.c
+++ b/mod_nss.c
@@ -200,6 +200,10 @@ int nss_proxy_enable(conn_rec *c)
return 1;
}
+int ssl_proxy_enable(conn_rec *c) {
+ return nss_proxy_enable(c);
+}
+
int nss_engine_disable(conn_rec *c)
{
SSLSrvConfigRec *sc = mySrvConfig(c->base_server);
@@ -217,6 +221,10 @@ int nss_engine_disable(conn_rec *c)
return 1;
}
+int ssl_engine_disable(conn_rec *c) {
+ return nss_engine_disable(c);
+}
+
/* Callback for an incoming certificate that is not valid */
SECStatus NSSBadCertHandler(void *arg, PRFileDesc * socket)
@@ -430,6 +438,12 @@ static void nss_register_hooks(apr_pool_t *p)
APR_REGISTER_OPTIONAL_FN(nss_proxy_enable);
APR_REGISTER_OPTIONAL_FN(nss_engine_disable);
+
+ /* If mod_ssl is not loaded then mod_nss can work with mod_proxy */
+ if (APR_RETRIEVE_OPTIONAL_FN(ssl_proxy_enable) == NULL)
+ APR_REGISTER_OPTIONAL_FN(ssl_proxy_enable);
+ if (APR_RETRIEVE_OPTIONAL_FN(ssl_engine_disable) == NULL)
+ APR_REGISTER_OPTIONAL_FN(ssl_engine_disable);
}
module AP_MODULE_DECLARE_DATA nss_module = {
diff --git a/mod_nss.h b/mod_nss.h
index ceaa5d5..99ee622 100644
--- a/mod_nss.h
+++ b/mod_nss.h
@@ -419,24 +419,34 @@ int nss_hook_ReadReq(request_rec *r);
/* Variables */
void nss_var_register(void);
char *nss_var_lookup(apr_pool_t *, server_rec *, conn_rec *, request_rec *, char *);
+char *ssl_var_lookup(apr_pool_t *, server_rec *, conn_rec *, request_rec *, char *);
void nss_var_log_config_register(apr_pool_t *p);
APR_DECLARE_OPTIONAL_FN(char *, nss_var_lookup,
(apr_pool_t *, server_rec *,
conn_rec *, request_rec *,
char *));
+APR_DECLARE_OPTIONAL_FN(char *, ssl_var_lookup,
+ (apr_pool_t *, server_rec *,
+ conn_rec *, request_rec *,
+ char *));
/* An optional function which returns non-zero if the given connection
* is using SSL/TLS. */
APR_DECLARE_OPTIONAL_FN(int, nss_is_https, (conn_rec *));
+APR_DECLARE_OPTIONAL_FN(int, ssl_is_https, (conn_rec *));
/* Proxy Support */
int nss_proxy_enable(conn_rec *c);
int nss_engine_disable(conn_rec *c);
+int ssl_proxy_enable(conn_rec *c);
+int ssl_engine_disable(conn_rec *c);
APR_DECLARE_OPTIONAL_FN(int, nss_proxy_enable, (conn_rec *));
+APR_DECLARE_OPTIONAL_FN(int, ssl_proxy_enable, (conn_rec *));
APR_DECLARE_OPTIONAL_FN(int, nss_engine_disable, (conn_rec *));
+APR_DECLARE_OPTIONAL_FN(int, ssl_engine_disable, (conn_rec *));
/* I/O */
PRFileDesc * nss_io_new_fd();
diff --git a/nss_engine_vars.c b/nss_engine_vars.c
index 80480e7..1439a8b 100644
--- a/nss_engine_vars.c
+++ b/nss_engine_vars.c
@@ -46,10 +46,21 @@ static int nss_is_https(conn_rec *c)
return sslconn && sslconn->ssl;
}
+static int ssl_is_https(conn_rec *c) {
+ return nss_is_https(c);
+}
+
void nss_var_register(void)
{
APR_REGISTER_OPTIONAL_FN(nss_is_https);
APR_REGISTER_OPTIONAL_FN(nss_var_lookup);
+
+ /* These can only be registered if mod_ssl is not loaded */
+ if (APR_RETRIEVE_OPTIONAL_FN(ssl_is_https) == NULL)
+ APR_REGISTER_OPTIONAL_FN(ssl_is_https);
+ if (APR_RETRIEVE_OPTIONAL_FN(ssl_var_lookup) == NULL)
+ APR_REGISTER_OPTIONAL_FN(ssl_var_lookup);
+
return;
}
@@ -241,6 +252,10 @@ char *nss_var_lookup(apr_pool_t *p, server_rec *s, conn_rec *c, request_rec *r,
return result;
}
+char *ssl_var_lookup(apr_pool_t *p, server_rec *s, conn_rec *c, request_rec *r, char *var) {
+ return nss_var_lookup(p, s, c, r, var);
+}
+
static char *nss_var_lookup_header(apr_pool_t *p, request_rec *r, const char *name)
{
char *hdr = NULL;
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-fedora-ds/libapache2-mod-nss.git
More information about the Pkg-fedora-ds-maintainers
mailing list