*) core/mod_proxy/mod_ssl:

Adding `outgoing` flag to conn_rec, indicating a connection is initiated by the server to somewhere, in contrast to incoming connections from clients. Adding 'ap_ssl_bind_outgoing()` function that marks a connection as outgoing and is used by mod_proxy instead of the previous optional function `ssl_engine_set`. This enables other SSL module to secure proxy connections. The optional functions `ssl_engine_set`, `ssl_engine_disable` and `ssl_proxy_enable` are now provided by the core to have backward compatibility with non-httpd modules that might use them. mod_ssl itself no longer registers these functions, but keeps them in its header for backward compatibility. The core provided optional function wrap any registered function like it was done for `ssl_is_ssl`. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1890605 13f79535-47bb-0310-9956-ffa450edef68
author: Stefan Eissing <icing@apache.org> 2021-06-08 14:37:44 +0000
committer: Stefan Eissing <icing@apache.org> 2021-06-08 14:37:44 +0000
commit: a4f45f275b7d90240f2ebd28834585e04deae165 (patch)
tree: 08d33b1a84441649381e9ddeb003dbdcbe676804 /include
parent: a360cd342f25b05185dc7bd201d6cb964d433575 (diff)
download: httpd-a4f45f275b7d90240f2ebd28834585e04deae165.tar.gz
3 files changed, 40 insertions, 1 deletions
diff --git a/include/ap_mmn.h b/include/ap_mmn.h
index 5e2634be37..eccfce1e96 100644
--- a/include/ap_mmn.h
+++ b/include/ap_mmn.h
@@ -672,12 +672,13 @@
  * 20210506.0 (2.5.1-dev)  Add ap_proxy_tunnel_conn_get_read() and
  *                         ap_proxy_tunnel_conn_get_transferred() change
  *                         ap_proxy_transfer_between_connections() sent to apr_off_t *.
+ * 20210531.0 (2.5.1-dev)  add conn_rec->outgoing and ap_ssl_bind_outgoing()
  */
 
 #define MODULE_MAGIC_COOKIE 0x41503235UL /* "AP25" */
 
 #ifndef MODULE_MAGIC_NUMBER_MAJOR
-#define MODULE_MAGIC_NUMBER_MAJOR 20210506
+#define MODULE_MAGIC_NUMBER_MAJOR 20210531
 #endif
 #define MODULE_MAGIC_NUMBER_MINOR 0             /* 0...n */
 
diff --git a/include/http_ssl.h b/include/http_ssl.h
index 556a58bdb7..f4c548bf4e 100644
--- a/include/http_ssl.h
+++ b/include/http_ssl.h
@@ -34,6 +34,8 @@
 extern "C" {
 #endif
 
+struct ap_conf_vector_t;
+
 /**
  * This hook allows modules that manage SSL connection to register their
  * inquiry function for checking if a connection is using SSL from them.
@@ -50,6 +52,40 @@ AP_DECLARE_HOOK(int,ssl_conn_is_ssl,(conn_rec *c))
 AP_DECLARE(int) ap_ssl_conn_is_ssl(conn_rec *c);
 
 /**
+ * This hook declares a connection to be outgoing and the configuration that applies to it.
+ * This hook can be called several times in the lifetime of an outgoing connection, e.g.
+ * when it is re-used in different request contexts. It will at least be called after the
+ * connection was created and before the pre-connection hooks is invoked.
+ * All outgoing-connection hooks are run until one returns something other than ok or decline.
+ * if enable_ssl != 0, a hook that sets up SSL for the connection needs to return DONE.
+ *
+ * @param c The connection on which requests/data are to be sent.
+ * @param dir_conf The directory configuration in which this connection is being used.
+ * @param enable_ssl If != 0, the SSL protocol should be enabled for this connection.
+ * @return OK or DECLINED, DONE when ssl was enabled
+ */
+AP_DECLARE_HOOK(int, ssl_bind_outgoing,
+               (conn_rec *c, struct ap_conf_vector_t *dir_conf, int enable_ssl))
+
+/**
+ * Assures the connection is marked as outgoing and invokes the ssl_bind_outgoing hook.
+ * This may be called several times on an outgoing connection with varying dir_conf
+ * values. require_ssl is not allowed to change on the same connection.
+ *
+ * @param c The connection on which requests/data are to be sent.
+ * @param dir_conf The directory configuration in which this connection is being used.
+ * @param require_ssl != 0 iff this connection needs to be secured by SSL/TLS protocol.
+ * @return OK iff ssl was required and is enabled, DECLINED otherwise
+ */
+AP_DECLARE(int) ap_ssl_bind_outgoing(conn_rec *c, struct ap_conf_vector_t *dir_conf,
+                                     int require_ssl);
+
+/**
+ * Return != 0 iff handlers/hooks for outgoing connections are registered.
+ */
+AP_DECLARE(int) ap_ssl_has_outgoing_handlers(void);
+
+/**
  * This hook allows modules to look up SSL related variables for a
  * server/connection/request, depending on what they inquire. Some
  * variables will only be available for a connection/request, for example.
diff --git a/include/httpd.h b/include/httpd.h
index 5e4c036d8a..5a4a61979d 100644
--- a/include/httpd.h
+++ b/include/httpd.h
@@ -1289,6 +1289,8 @@ struct conn_rec {
 
     /** The minimum level of filter type to allow setaside buckets */
     int async_filter;
+
+    int outgoing;
 };
 
 struct conn_slave_rec {
author	Stefan Eissing <icing@apache.org>	2021-06-08 14:37:44 +0000
committer	Stefan Eissing <icing@apache.org>	2021-06-08 14:37:44 +0000
commit	a4f45f275b7d90240f2ebd28834585e04deae165 (patch)
tree	08d33b1a84441649381e9ddeb003dbdcbe676804 /include
parent	a360cd342f25b05185dc7bd201d6cb964d433575 (diff)
download	httpd-a4f45f275b7d90240f2ebd28834585e04deae165.tar.gz