diff options
author | Stefan Eissing <icing@apache.org> | 2021-06-08 14:37:44 +0000 |
---|---|---|
committer | Stefan Eissing <icing@apache.org> | 2021-06-08 14:37:44 +0000 |
commit | a4f45f275b7d90240f2ebd28834585e04deae165 (patch) | |
tree | 08d33b1a84441649381e9ddeb003dbdcbe676804 /include | |
parent | a360cd342f25b05185dc7bd201d6cb964d433575 (diff) | |
download | httpd-a4f45f275b7d90240f2ebd28834585e04deae165.tar.gz |
*) core/mod_proxy/mod_ssl:
Adding `outgoing` flag to conn_rec, indicating a connection is
initiated by the server to somewhere, in contrast to incoming
connections from clients.
Adding 'ap_ssl_bind_outgoing()` function that marks a connection
as outgoing and is used by mod_proxy instead of the previous
optional function `ssl_engine_set`. This enables other SSL
module to secure proxy connections.
The optional functions `ssl_engine_set`, `ssl_engine_disable` and
`ssl_proxy_enable` are now provided by the core to have backward
compatibility with non-httpd modules that might use them. mod_ssl
itself no longer registers these functions, but keeps them in its
header for backward compatibility.
The core provided optional function wrap any registered function
like it was done for `ssl_is_ssl`.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1890605 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'include')
-rw-r--r-- | include/ap_mmn.h | 3 | ||||
-rw-r--r-- | include/http_ssl.h | 36 | ||||
-rw-r--r-- | include/httpd.h | 2 |
3 files changed, 40 insertions, 1 deletions
diff --git a/include/ap_mmn.h b/include/ap_mmn.h index 5e2634be37..eccfce1e96 100644 --- a/include/ap_mmn.h +++ b/include/ap_mmn.h @@ -672,12 +672,13 @@ * 20210506.0 (2.5.1-dev) Add ap_proxy_tunnel_conn_get_read() and * ap_proxy_tunnel_conn_get_transferred() change * ap_proxy_transfer_between_connections() sent to apr_off_t *. + * 20210531.0 (2.5.1-dev) add conn_rec->outgoing and ap_ssl_bind_outgoing() */ #define MODULE_MAGIC_COOKIE 0x41503235UL /* "AP25" */ #ifndef MODULE_MAGIC_NUMBER_MAJOR -#define MODULE_MAGIC_NUMBER_MAJOR 20210506 +#define MODULE_MAGIC_NUMBER_MAJOR 20210531 #endif #define MODULE_MAGIC_NUMBER_MINOR 0 /* 0...n */ diff --git a/include/http_ssl.h b/include/http_ssl.h index 556a58bdb7..f4c548bf4e 100644 --- a/include/http_ssl.h +++ b/include/http_ssl.h @@ -34,6 +34,8 @@ extern "C" { #endif +struct ap_conf_vector_t; + /** * This hook allows modules that manage SSL connection to register their * inquiry function for checking if a connection is using SSL from them. @@ -50,6 +52,40 @@ AP_DECLARE_HOOK(int,ssl_conn_is_ssl,(conn_rec *c)) AP_DECLARE(int) ap_ssl_conn_is_ssl(conn_rec *c); /** + * This hook declares a connection to be outgoing and the configuration that applies to it. + * This hook can be called several times in the lifetime of an outgoing connection, e.g. + * when it is re-used in different request contexts. It will at least be called after the + * connection was created and before the pre-connection hooks is invoked. + * All outgoing-connection hooks are run until one returns something other than ok or decline. + * if enable_ssl != 0, a hook that sets up SSL for the connection needs to return DONE. + * + * @param c The connection on which requests/data are to be sent. + * @param dir_conf The directory configuration in which this connection is being used. + * @param enable_ssl If != 0, the SSL protocol should be enabled for this connection. + * @return OK or DECLINED, DONE when ssl was enabled + */ +AP_DECLARE_HOOK(int, ssl_bind_outgoing, + (conn_rec *c, struct ap_conf_vector_t *dir_conf, int enable_ssl)) + +/** + * Assures the connection is marked as outgoing and invokes the ssl_bind_outgoing hook. + * This may be called several times on an outgoing connection with varying dir_conf + * values. require_ssl is not allowed to change on the same connection. + * + * @param c The connection on which requests/data are to be sent. + * @param dir_conf The directory configuration in which this connection is being used. + * @param require_ssl != 0 iff this connection needs to be secured by SSL/TLS protocol. + * @return OK iff ssl was required and is enabled, DECLINED otherwise + */ +AP_DECLARE(int) ap_ssl_bind_outgoing(conn_rec *c, struct ap_conf_vector_t *dir_conf, + int require_ssl); + +/** + * Return != 0 iff handlers/hooks for outgoing connections are registered. + */ +AP_DECLARE(int) ap_ssl_has_outgoing_handlers(void); + +/** * This hook allows modules to look up SSL related variables for a * server/connection/request, depending on what they inquire. Some * variables will only be available for a connection/request, for example. diff --git a/include/httpd.h b/include/httpd.h index 5e4c036d8a..5a4a61979d 100644 --- a/include/httpd.h +++ b/include/httpd.h @@ -1289,6 +1289,8 @@ struct conn_rec { /** The minimum level of filter type to allow setaside buckets */ int async_filter; + + int outgoing; }; struct conn_slave_rec { |