View | Details | Raw Unified | Return to bug 39636
Collapse All | Expand All

(-)jakarta-tomcat-connectors-1.2.15-src/jk/native/apache-1.3/mod_jk.c.orig (+39 lines)
Lines 127-132 Link Here
127
    int ssl_enable;
127
    int ssl_enable;
128
    char *https_indicator;
128
    char *https_indicator;
129
    char *certs_indicator;
129
    char *certs_indicator;
130
    char *certchain_indicator;
130
    char *cipher_indicator;
131
    char *cipher_indicator;
131
    char *session_indicator;
132
    char *session_indicator;
132
    char *key_size_indicator;
133
    char *key_size_indicator;
Lines 559-570 Link Here
559
                (char *)ap_table_get(r->subprocess_env,
560
                (char *)ap_table_get(r->subprocess_env,
560
                                     conf->https_indicator);
561
                                     conf->https_indicator);
561
            if (ssl_temp && !strcasecmp(ssl_temp, "on")) {
562
            if (ssl_temp && !strcasecmp(ssl_temp, "on")) {
563
                array_header *t = ap_table_elts(r->subprocess_env);
562
                s->is_ssl = JK_TRUE;
564
                s->is_ssl = JK_TRUE;
563
                s->ssl_cert =
565
                s->ssl_cert =
564
                    (char *)ap_table_get(r->subprocess_env,
566
                    (char *)ap_table_get(r->subprocess_env,
565
                                         conf->certs_indicator);
567
                                         conf->certs_indicator);
568
                if (t && t->nelts) {
569
                    int i;
570
                    table_entry *elts = (table_entry *) t->elts;
571
                    array_header *certs = ap_make_array(r->pool, 1, sizeof(char *));
572
                    *(const char **)ap_push_array(certs) = s->ssl_cert;
573
                    for (i = 0; i < t->nelts; i++) {
574
                       if (!elts[i].key)
575
                           continue;
576
                       if (!strncasecmp(elts[i].key, conf->certchain_indicator, strlen(conf->certchain_indicator)))
577
                           *(const char **)ap_push_array(certs) = elts[i].val;
578
                    }
579
                    s->ssl_cert = ap_array_pstrcat(r->pool, certs, '\0');
580
                }
566
                if (s->ssl_cert) {
581
                if (s->ssl_cert) {
567
                    s->ssl_cert_len = strlen(s->ssl_cert);
582
                    s->ssl_cert_len = strlen(s->ssl_cert);
583
                    jk_log(conf->log ? conf->log : main_log, JK_LOG_DEBUG, "length of SSL client certificate: %d bytes, dump follows:\n%s", s->ssl_cert_len, s->ssl_cert);
568
                }
584
                }
569
                /* Servlet 2.3 API */
585
                /* Servlet 2.3 API */
570
                s->ssl_cipher =
586
                s->ssl_cipher =
Lines 1408-1413 Link Here
1408
}
1424
}
1409
1425
1410
/*
1426
/*
1427
 * JkCERTCHAINIndicator Directive Handling
1428
 *
1429
 * JkCERTCHAINIndicator SSL_CLIENT_CERT_CHAIN_
1430
 */
1431
1432
static const char *jk_set_certchain_indicator(cmd_parms * cmd,
1433
                                              void *dummy, char *indicator)
1434
{
1435
    server_rec *s = cmd->server;
1436
    jk_server_conf_t *conf =
1437
        (jk_server_conf_t *) ap_get_module_config(s->module_config,
1438
                                                  &jk_module);
1439
1440
    conf->certchain_indicator = ap_pstrdup(cmd->pool, indicator);
1441
    return NULL;
1442
}
1443
1444
/*
1411
 * JkCIPHERIndicator Directive Handling
1445
 * JkCIPHERIndicator Directive Handling
1412
 *
1446
 *
1413
 * JkCIPHERIndicator SSL_CIPHER
1447
 * JkCIPHERIndicator SSL_CIPHER
Lines 1663-1668 Link Here
1663
     *
1697
     *
1664
     * HTTPS - indication for SSL
1698
     * HTTPS - indication for SSL
1665
     * CERTS - Base64-Der-encoded client certificates.
1699
     * CERTS - Base64-Der-encoded client certificates.
1700
     * CERTCHAIN - Base64-Der-encoded client chain certificates.
1666
     * CIPHER - A string specifing the ciphers suite in use.
1701
     * CIPHER - A string specifing the ciphers suite in use.
1667
     * SESSION - A string specifing the current SSL session.
1702
     * SESSION - A string specifing the current SSL session.
1668
     * KEYSIZE - Size of Key used in dialogue (#bits are secure)
1703
     * KEYSIZE - Size of Key used in dialogue (#bits are secure)
Lines 1671-1676 Link Here
1671
     "Name of the Apache environment that contains SSL indication"},
1706
     "Name of the Apache environment that contains SSL indication"},
1672
    {"JkCERTSIndicator", jk_set_certs_indicator, NULL, RSRC_CONF, TAKE1,
1707
    {"JkCERTSIndicator", jk_set_certs_indicator, NULL, RSRC_CONF, TAKE1,
1673
     "Name of the Apache environment that contains SSL client certificates"},
1708
     "Name of the Apache environment that contains SSL client certificates"},
1709
    {"JkCERTCHAINIndicator", jk_set_certchain_indicator, NULL, RSRC_CONF, TAKE1,
1710
     "Name of the Apache environment (prefix) that contains SSL client chain certificates"},
1674
    {"JkCIPHERIndicator", jk_set_cipher_indicator, NULL, RSRC_CONF, TAKE1,
1711
    {"JkCIPHERIndicator", jk_set_cipher_indicator, NULL, RSRC_CONF, TAKE1,
1675
     "Name of the Apache environment that contains SSL client cipher"},
1712
     "Name of the Apache environment that contains SSL client cipher"},
1676
    {"JkSESSIONIndicator", jk_set_session_indicator, NULL, RSRC_CONF, TAKE1,
1713
    {"JkSESSIONIndicator", jk_set_session_indicator, NULL, RSRC_CONF, TAKE1,
Lines 1896-1901 Link Here
1896
     */
1933
     */
1897
    c->https_indicator = "HTTPS";
1934
    c->https_indicator = "HTTPS";
1898
    c->certs_indicator = "SSL_CLIENT_CERT";
1935
    c->certs_indicator = "SSL_CLIENT_CERT";
1936
    c->certchain_indicator = "SSL_CLIENT_CERT_CHAIN_";
1899
1937
1900
    /*
1938
    /*
1901
     * The following (comented out) environment variables match apache_ssl!
1939
     * The following (comented out) environment variables match apache_ssl!
Lines 1960-1965 Link Here
1960
        overrides->ssl_enable = base->ssl_enable;
1998
        overrides->ssl_enable = base->ssl_enable;
1961
        overrides->https_indicator = base->https_indicator;
1999
        overrides->https_indicator = base->https_indicator;
1962
        overrides->certs_indicator = base->certs_indicator;
2000
        overrides->certs_indicator = base->certs_indicator;
2001
        overrides->certchain_indicator = base->certchain_indicator;
1963
        overrides->cipher_indicator = base->cipher_indicator;
2002
        overrides->cipher_indicator = base->cipher_indicator;
1964
        overrides->session_indicator = base->session_indicator;
2003
        overrides->session_indicator = base->session_indicator;
1965
        overrides->key_size_indicator = base->key_size_indicator;
2004
        overrides->key_size_indicator = base->key_size_indicator;
(-)jakarta-tomcat-connectors-1.2.15-src/jk/native/apache-2.0/mod_jk.c.orig (+40 lines)
Lines 170-175 Link Here
170
    int ssl_enable;
170
    int ssl_enable;
171
    char *https_indicator;
171
    char *https_indicator;
172
    char *certs_indicator;
172
    char *certs_indicator;
173
    char *certchain_indicator;
173
    char *cipher_indicator;
174
    char *cipher_indicator;
174
    char *session_indicator;    /* Servlet API 2.3 requirement */
175
    char *session_indicator;    /* Servlet API 2.3 requirement */
175
    char *key_size_indicator;   /* Servlet API 2.3 requirement */
176
    char *key_size_indicator;   /* Servlet API 2.3 requirement */
Lines 599-610 Link Here
599
                (char *)apr_table_get(r->subprocess_env,
600
                (char *)apr_table_get(r->subprocess_env,
600
                                      conf->https_indicator);
601
                                      conf->https_indicator);
601
            if (ssl_temp && !strcasecmp(ssl_temp, "on")) {
602
            if (ssl_temp && !strcasecmp(ssl_temp, "on")) {
603
                const apr_array_header_t *t = apr_table_elts(r->subprocess_env);
602
                s->is_ssl = JK_TRUE;
604
                s->is_ssl = JK_TRUE;
603
                s->ssl_cert =
605
                s->ssl_cert =
604
                    (char *)apr_table_get(r->subprocess_env,
606
                    (char *)apr_table_get(r->subprocess_env,
605
                                          conf->certs_indicator);
607
                                          conf->certs_indicator);
608
                if (t && t->nelts) {
609
                    int i;
610
                    const apr_table_entry_t *elts = (const apr_table_entry_t *) t->elts;
611
                    apr_array_header_t *certs = apr_array_make(r->pool, 1, sizeof(char *));
612
                    *(const char **)apr_array_push(certs) = s->ssl_cert;
613
                    for (i = 0; i < t->nelts; i++) {
614
                        if (!elts[i].key)
615
                            continue;
616
                        if (!strncasecmp(elts[i].key, conf->certchain_indicator, strlen(conf->certchain_indicator)))
617
                            *(const char **)apr_array_push(certs) = elts[i].val;
618
                    }
619
                    s->ssl_cert = apr_array_pstrcat(r->pool, certs, '\0');
620
                }
606
                if (s->ssl_cert) {
621
                if (s->ssl_cert) {
607
                    s->ssl_cert_len = strlen(s->ssl_cert);
622
                    s->ssl_cert_len = strlen(s->ssl_cert);
623
                    jk_log(conf->log, JK_LOG_DEBUG, "length of SSL client certificate: %d bytes, dump follows:\n%s", s->ssl_cert_len, s->ssl_cert);
608
                }
624
                }
609
                /* Servlet 2.3 API */
625
                /* Servlet 2.3 API */
610
                s->ssl_cipher =
626
                s->ssl_cipher =
Lines 1433-1438 Link Here
1433
}
1449
}
1434
1450
1435
/*
1451
/*
1452
 * JkCERTCHAINIndicator Directive Handling
1453
 *
1454
 * JkCERTCHAINIndicator SSL_CLIENT_CERT_CHAIN_
1455
 */
1456
1457
static const char *jk_set_certchain_indicator(cmd_parms * cmd,
1458
                                              void *dummy, const char *indicator)
1459
{
1460
    server_rec *s = cmd->server;
1461
    jk_server_conf_t *conf =
1462
        (jk_server_conf_t *) ap_get_module_config(s->module_config,
1463
                                                  &jk_module);
1464
1465
    conf->certchain_indicator = apr_pstrdup(cmd->pool, indicator);
1466
1467
    return NULL;
1468
}
1469
1470
/*
1436
 * JkCIPHERIndicator Directive Handling
1471
 * JkCIPHERIndicator Directive Handling
1437
 *
1472
 *
1438
 * JkCIPHERIndicator SSL_CIPHER
1473
 * JkCIPHERIndicator SSL_CIPHER
Lines 1700-1705 Link Here
1700
     *
1735
     *
1701
     * HTTPS - indication for SSL
1736
     * HTTPS - indication for SSL
1702
     * CERTS - Base64-Der-encoded client certificates.
1737
     * CERTS - Base64-Der-encoded client certificates.
1738
     * CERTCHAIN - Base64-Der-encoded client chain certificates.
1703
     * CIPHER - A string specifing the ciphers suite in use.
1739
     * CIPHER - A string specifing the ciphers suite in use.
1704
     * KEYSIZE - Size of Key used in dialogue (#bits are secure)
1740
     * KEYSIZE - Size of Key used in dialogue (#bits are secure)
1705
     * SESSION - A string specifing the current SSL session.
1741
     * SESSION - A string specifing the current SSL session.
Lines 1708-1713 Link Here
1708
                  "Name of the Apache environment that contains SSL indication"),
1744
                  "Name of the Apache environment that contains SSL indication"),
1709
    AP_INIT_TAKE1("JkCERTSIndicator", jk_set_certs_indicator, NULL, RSRC_CONF,
1745
    AP_INIT_TAKE1("JkCERTSIndicator", jk_set_certs_indicator, NULL, RSRC_CONF,
1710
                  "Name of the Apache environment that contains SSL client certificates"),
1746
                  "Name of the Apache environment that contains SSL client certificates"),
1747
    AP_INIT_TAKE1("JkCERTCHAINIndicator", jk_set_certchain_indicator, NULL, RSRC_CONF,
1748
                  "Name of the Apache environment (prefix) that contains SSL client chain certificates"),
1711
    AP_INIT_TAKE1("JkCIPHERIndicator", jk_set_cipher_indicator, NULL,
1749
    AP_INIT_TAKE1("JkCIPHERIndicator", jk_set_cipher_indicator, NULL,
1712
                  RSRC_CONF,
1750
                  RSRC_CONF,
1713
                  "Name of the Apache environment that contains SSL client cipher"),
1751
                  "Name of the Apache environment that contains SSL client cipher"),
Lines 2069-2074 Link Here
2069
     */
2107
     */
2070
    c->https_indicator = "HTTPS";
2108
    c->https_indicator = "HTTPS";
2071
    c->certs_indicator = "SSL_CLIENT_CERT";
2109
    c->certs_indicator = "SSL_CLIENT_CERT";
2110
    c->certchain_indicator = "SSL_CLIENT_CERT_CHAIN_";
2072
2111
2073
    /*
2112
    /*
2074
     * The following (comented out) environment variables match apache_ssl!
2113
     * The following (comented out) environment variables match apache_ssl!
Lines 2138-2143 Link Here
2138
        overrides->ssl_enable = base->ssl_enable;
2177
        overrides->ssl_enable = base->ssl_enable;
2139
        overrides->https_indicator = base->https_indicator;
2178
        overrides->https_indicator = base->https_indicator;
2140
        overrides->certs_indicator = base->certs_indicator;
2179
        overrides->certs_indicator = base->certs_indicator;
2180
        overrides->certchain_indicator = base->certchain_indicator;
2141
        overrides->cipher_indicator = base->cipher_indicator;
2181
        overrides->cipher_indicator = base->cipher_indicator;
2142
        overrides->session_indicator = base->session_indicator;
2182
        overrides->session_indicator = base->session_indicator;
2143
    }
2183
    }

Return to bug 39636