Lines 127-132
Link Here
|
127 |
int ssl_enable; |
127 |
int ssl_enable; |
128 |
char *https_indicator; |
128 |
char *https_indicator; |
129 |
char *certs_indicator; |
129 |
char *certs_indicator; |
|
|
130 |
char *certchain_indicator; |
130 |
char *cipher_indicator; |
131 |
char *cipher_indicator; |
131 |
char *session_indicator; |
132 |
char *session_indicator; |
132 |
char *key_size_indicator; |
133 |
char *key_size_indicator; |
Lines 559-570
Link Here
|
559 |
(char *)ap_table_get(r->subprocess_env, |
560 |
(char *)ap_table_get(r->subprocess_env, |
560 |
conf->https_indicator); |
561 |
conf->https_indicator); |
561 |
if (ssl_temp && !strcasecmp(ssl_temp, "on")) { |
562 |
if (ssl_temp && !strcasecmp(ssl_temp, "on")) { |
|
|
563 |
array_header *t = ap_table_elts(r->subprocess_env); |
562 |
s->is_ssl = JK_TRUE; |
564 |
s->is_ssl = JK_TRUE; |
563 |
s->ssl_cert = |
565 |
s->ssl_cert = |
564 |
(char *)ap_table_get(r->subprocess_env, |
566 |
(char *)ap_table_get(r->subprocess_env, |
565 |
conf->certs_indicator); |
567 |
conf->certs_indicator); |
|
|
568 |
if (t && t->nelts) { |
569 |
int i; |
570 |
table_entry *elts = (table_entry *) t->elts; |
571 |
array_header *certs = ap_make_array(r->pool, 1, sizeof(char *)); |
572 |
*(const char **)ap_push_array(certs) = s->ssl_cert; |
573 |
for (i = 0; i < t->nelts; i++) { |
574 |
if (!elts[i].key) |
575 |
continue; |
576 |
if (!strncasecmp(elts[i].key, conf->certchain_indicator, strlen(conf->certchain_indicator))) |
577 |
*(const char **)ap_push_array(certs) = elts[i].val; |
578 |
} |
579 |
s->ssl_cert = ap_array_pstrcat(r->pool, certs, '\0'); |
580 |
} |
566 |
if (s->ssl_cert) { |
581 |
if (s->ssl_cert) { |
567 |
s->ssl_cert_len = strlen(s->ssl_cert); |
582 |
s->ssl_cert_len = strlen(s->ssl_cert); |
|
|
583 |
jk_log(conf->log ? conf->log : main_log, JK_LOG_DEBUG, "length of SSL client certificate: %d bytes, dump follows:\n%s", s->ssl_cert_len, s->ssl_cert); |
568 |
} |
584 |
} |
569 |
/* Servlet 2.3 API */ |
585 |
/* Servlet 2.3 API */ |
570 |
s->ssl_cipher = |
586 |
s->ssl_cipher = |
Lines 1408-1413
Link Here
|
1408 |
} |
1424 |
} |
1409 |
|
1425 |
|
1410 |
/* |
1426 |
/* |
|
|
1427 |
* JkCERTCHAINIndicator Directive Handling |
1428 |
* |
1429 |
* JkCERTCHAINIndicator SSL_CLIENT_CERT_CHAIN_ |
1430 |
*/ |
1431 |
|
1432 |
static const char *jk_set_certchain_indicator(cmd_parms * cmd, |
1433 |
void *dummy, char *indicator) |
1434 |
{ |
1435 |
server_rec *s = cmd->server; |
1436 |
jk_server_conf_t *conf = |
1437 |
(jk_server_conf_t *) ap_get_module_config(s->module_config, |
1438 |
&jk_module); |
1439 |
|
1440 |
conf->certchain_indicator = ap_pstrdup(cmd->pool, indicator); |
1441 |
return NULL; |
1442 |
} |
1443 |
|
1444 |
/* |
1411 |
* JkCIPHERIndicator Directive Handling |
1445 |
* JkCIPHERIndicator Directive Handling |
1412 |
* |
1446 |
* |
1413 |
* JkCIPHERIndicator SSL_CIPHER |
1447 |
* JkCIPHERIndicator SSL_CIPHER |
Lines 1663-1668
Link Here
|
1663 |
* |
1697 |
* |
1664 |
* HTTPS - indication for SSL |
1698 |
* HTTPS - indication for SSL |
1665 |
* CERTS - Base64-Der-encoded client certificates. |
1699 |
* CERTS - Base64-Der-encoded client certificates. |
|
|
1700 |
* CERTCHAIN - Base64-Der-encoded client chain certificates. |
1666 |
* CIPHER - A string specifing the ciphers suite in use. |
1701 |
* CIPHER - A string specifing the ciphers suite in use. |
1667 |
* SESSION - A string specifing the current SSL session. |
1702 |
* SESSION - A string specifing the current SSL session. |
1668 |
* KEYSIZE - Size of Key used in dialogue (#bits are secure) |
1703 |
* KEYSIZE - Size of Key used in dialogue (#bits are secure) |
Lines 1671-1676
Link Here
|
1671 |
"Name of the Apache environment that contains SSL indication"}, |
1706 |
"Name of the Apache environment that contains SSL indication"}, |
1672 |
{"JkCERTSIndicator", jk_set_certs_indicator, NULL, RSRC_CONF, TAKE1, |
1707 |
{"JkCERTSIndicator", jk_set_certs_indicator, NULL, RSRC_CONF, TAKE1, |
1673 |
"Name of the Apache environment that contains SSL client certificates"}, |
1708 |
"Name of the Apache environment that contains SSL client certificates"}, |
|
|
1709 |
{"JkCERTCHAINIndicator", jk_set_certchain_indicator, NULL, RSRC_CONF, TAKE1, |
1710 |
"Name of the Apache environment (prefix) that contains SSL client chain certificates"}, |
1674 |
{"JkCIPHERIndicator", jk_set_cipher_indicator, NULL, RSRC_CONF, TAKE1, |
1711 |
{"JkCIPHERIndicator", jk_set_cipher_indicator, NULL, RSRC_CONF, TAKE1, |
1675 |
"Name of the Apache environment that contains SSL client cipher"}, |
1712 |
"Name of the Apache environment that contains SSL client cipher"}, |
1676 |
{"JkSESSIONIndicator", jk_set_session_indicator, NULL, RSRC_CONF, TAKE1, |
1713 |
{"JkSESSIONIndicator", jk_set_session_indicator, NULL, RSRC_CONF, TAKE1, |
Lines 1896-1901
Link Here
|
1896 |
*/ |
1933 |
*/ |
1897 |
c->https_indicator = "HTTPS"; |
1934 |
c->https_indicator = "HTTPS"; |
1898 |
c->certs_indicator = "SSL_CLIENT_CERT"; |
1935 |
c->certs_indicator = "SSL_CLIENT_CERT"; |
|
|
1936 |
c->certchain_indicator = "SSL_CLIENT_CERT_CHAIN_"; |
1899 |
|
1937 |
|
1900 |
/* |
1938 |
/* |
1901 |
* The following (comented out) environment variables match apache_ssl! |
1939 |
* The following (comented out) environment variables match apache_ssl! |
Lines 1960-1965
Link Here
|
1960 |
overrides->ssl_enable = base->ssl_enable; |
1998 |
overrides->ssl_enable = base->ssl_enable; |
1961 |
overrides->https_indicator = base->https_indicator; |
1999 |
overrides->https_indicator = base->https_indicator; |
1962 |
overrides->certs_indicator = base->certs_indicator; |
2000 |
overrides->certs_indicator = base->certs_indicator; |
|
|
2001 |
overrides->certchain_indicator = base->certchain_indicator; |
1963 |
overrides->cipher_indicator = base->cipher_indicator; |
2002 |
overrides->cipher_indicator = base->cipher_indicator; |
1964 |
overrides->session_indicator = base->session_indicator; |
2003 |
overrides->session_indicator = base->session_indicator; |
1965 |
overrides->key_size_indicator = base->key_size_indicator; |
2004 |
overrides->key_size_indicator = base->key_size_indicator; |