[Pkg-fedora-ds-maintainers] [libapache2-mod-nss] 92/156: If mod_ssl isn't loaded then register the hooks to mod_proxy so we can do at least secure proxy in front of an unsecure host.

Wed Jul 2 13:55:32 UTC 2014

This is an automated email from the git hooks/post-receive script.

tjaalton-guest pushed a commit to branch master
in repository libapache2-mod-nss.

commit 0c14c8a219244408ac4d4402a55d9c178fcf705c
Author: rcritten <>
Date:   Thu Oct 18 18:26:21 2007 +0000

    If mod_ssl isn't loaded then register the hooks to mod_proxy so we can
    do at least secure proxy in front of an unsecure host.
---
 mod_nss.c         | 14 ++++++++++++++
 mod_nss.h         | 10 ++++++++++
 nss_engine_vars.c | 15 +++++++++++++++
 3 files changed, 39 insertions(+)

diff --git a/mod_nss.c b/mod_nss.c
index 34b528e..abf76f4 100644
--- a/mod_nss.c
+++ b/mod_nss.c
@@ -200,6 +200,10 @@ int nss_proxy_enable(conn_rec *c)
     return 1;
 }
 
+int ssl_proxy_enable(conn_rec *c) {
+    return nss_proxy_enable(c);
+}
+
 int nss_engine_disable(conn_rec *c)
 {
     SSLSrvConfigRec *sc = mySrvConfig(c->base_server);
@@ -217,6 +221,10 @@ int nss_engine_disable(conn_rec *c)
     return 1;
 }
 
+int ssl_engine_disable(conn_rec *c) {
+    return nss_engine_disable(c);
+}
+
 /* Callback for an incoming certificate that is not valid */
 
 SECStatus NSSBadCertHandler(void *arg, PRFileDesc * socket)
@@ -430,6 +438,12 @@ static void nss_register_hooks(apr_pool_t *p)
 
     APR_REGISTER_OPTIONAL_FN(nss_proxy_enable);
     APR_REGISTER_OPTIONAL_FN(nss_engine_disable);
+
+    /* If mod_ssl is not loaded then mod_nss can work with mod_proxy */
+    if (APR_RETRIEVE_OPTIONAL_FN(ssl_proxy_enable) == NULL)
+        APR_REGISTER_OPTIONAL_FN(ssl_proxy_enable);
+    if (APR_RETRIEVE_OPTIONAL_FN(ssl_engine_disable) == NULL)
+        APR_REGISTER_OPTIONAL_FN(ssl_engine_disable);
 }
 
 module AP_MODULE_DECLARE_DATA nss_module = {
diff --git a/mod_nss.h b/mod_nss.h
index ceaa5d5..99ee622 100644
--- a/mod_nss.h
+++ b/mod_nss.h
@@ -419,24 +419,34 @@ int nss_hook_ReadReq(request_rec *r);
 /*  Variables  */
 void         nss_var_register(void);
 char        *nss_var_lookup(apr_pool_t *, server_rec *, conn_rec *, request_rec *, char *);
+char        *ssl_var_lookup(apr_pool_t *, server_rec *, conn_rec *, request_rec *, char *);
 void         nss_var_log_config_register(apr_pool_t *p);
 
 APR_DECLARE_OPTIONAL_FN(char *, nss_var_lookup,
                         (apr_pool_t *, server_rec *,
                          conn_rec *, request_rec *, 
                          char *));
+APR_DECLARE_OPTIONAL_FN(char *, ssl_var_lookup,
+                        (apr_pool_t *, server_rec *,
+                         conn_rec *, request_rec *, 
+                         char *));
 
 /* An optional function which returns non-zero if the given connection
  * is using SSL/TLS. */
 APR_DECLARE_OPTIONAL_FN(int, nss_is_https, (conn_rec *));
+APR_DECLARE_OPTIONAL_FN(int, ssl_is_https, (conn_rec *));
 
 /* Proxy Support */
 int nss_proxy_enable(conn_rec *c);
 int nss_engine_disable(conn_rec *c);
+int ssl_proxy_enable(conn_rec *c);
+int ssl_engine_disable(conn_rec *c);
 
 APR_DECLARE_OPTIONAL_FN(int, nss_proxy_enable, (conn_rec *));
+APR_DECLARE_OPTIONAL_FN(int, ssl_proxy_enable, (conn_rec *));
 
 APR_DECLARE_OPTIONAL_FN(int, nss_engine_disable, (conn_rec *));
+APR_DECLARE_OPTIONAL_FN(int, ssl_engine_disable, (conn_rec *));
 
 /* I/O */
 PRFileDesc * nss_io_new_fd();
diff --git a/nss_engine_vars.c b/nss_engine_vars.c
index 80480e7..1439a8b 100644
--- a/nss_engine_vars.c
+++ b/nss_engine_vars.c
@@ -46,10 +46,21 @@ static int nss_is_https(conn_rec *c)
     return sslconn && sslconn->ssl;
 }
 
+static int ssl_is_https(conn_rec *c) {
+    return nss_is_https(c);
+}
+
 void nss_var_register(void)
 {
     APR_REGISTER_OPTIONAL_FN(nss_is_https);
     APR_REGISTER_OPTIONAL_FN(nss_var_lookup);
+
+    /* These can only be registered if mod_ssl is not loaded */
+    if (APR_RETRIEVE_OPTIONAL_FN(ssl_is_https) == NULL)
+        APR_REGISTER_OPTIONAL_FN(ssl_is_https);
+    if (APR_RETRIEVE_OPTIONAL_FN(ssl_var_lookup) == NULL)
+        APR_REGISTER_OPTIONAL_FN(ssl_var_lookup);
+
     return;
 }
 
@@ -241,6 +252,10 @@ char *nss_var_lookup(apr_pool_t *p, server_rec *s, conn_rec *c, request_rec *r,
     return result;
 }
 
+char *ssl_var_lookup(apr_pool_t *p, server_rec *s, conn_rec *c, request_rec *r, char *var) {
+    return nss_var_lookup(p, s, c, r, var);
+}
+
 static char *nss_var_lookup_header(apr_pool_t *p, request_rec *r, const char *name)
 {
     char *hdr = NULL;

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-fedora-ds/libapache2-mod-nss.git

