ASF Bugzilla – Attachment 18332 Details for
Bug 39636
mod_jk does not pass SSL client certificate chain to AJP connector
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch for jakarta-tomcat-connectors-1.2.15
mod_jk_apache-certchain.patch (text/plain), 8.64 KB, created by
Patrik Schnellmann
on 2006-05-23 07:28:04 UTC
(
hide
)
Description:
Patch for jakarta-tomcat-connectors-1.2.15
Filename:
MIME Type:
Creator:
Patrik Schnellmann
Created:
2006-05-23 07:28:04 UTC
Size:
8.64 KB
patch
obsolete
>--- jakarta-tomcat-connectors-1.2.15-src/jk/native/apache-1.3/mod_jk.c.orig 2005-08-08 07:14:00.000000000 +0200 >+++ jakarta-tomcat-connectors-1.2.15-src/jk/native/apache-1.3/mod_jk.c 2006-05-05 09:07:20.000000000 +0200 >@@ -127,6 +127,7 @@ > int ssl_enable; > char *https_indicator; > char *certs_indicator; >+ char *certchain_indicator; > char *cipher_indicator; > char *session_indicator; > char *key_size_indicator; >@@ -559,12 +560,27 @@ > (char *)ap_table_get(r->subprocess_env, > conf->https_indicator); > if (ssl_temp && !strcasecmp(ssl_temp, "on")) { >+ array_header *t = ap_table_elts(r->subprocess_env); > s->is_ssl = JK_TRUE; > s->ssl_cert = > (char *)ap_table_get(r->subprocess_env, > conf->certs_indicator); >+ if (t && t->nelts) { >+ int i; >+ table_entry *elts = (table_entry *) t->elts; >+ array_header *certs = ap_make_array(r->pool, 1, sizeof(char *)); >+ *(const char **)ap_push_array(certs) = s->ssl_cert; >+ for (i = 0; i < t->nelts; i++) { >+ if (!elts[i].key) >+ continue; >+ if (!strncasecmp(elts[i].key, conf->certchain_indicator, strlen(conf->certchain_indicator))) >+ *(const char **)ap_push_array(certs) = elts[i].val; >+ } >+ s->ssl_cert = ap_array_pstrcat(r->pool, certs, '\0'); >+ } > if (s->ssl_cert) { > s->ssl_cert_len = strlen(s->ssl_cert); >+ jk_log(conf->log ? conf->log : main_log, JK_LOG_DEBUG, "length of SSL client certificate: %d bytes, dump follows:\n%s", s->ssl_cert_len, s->ssl_cert); > } > /* Servlet 2.3 API */ > s->ssl_cipher = >@@ -1408,6 +1424,24 @@ > } > > /* >+ * JkCERTCHAINIndicator Directive Handling >+ * >+ * JkCERTCHAINIndicator SSL_CLIENT_CERT_CHAIN_ >+ */ >+ >+static const char *jk_set_certchain_indicator(cmd_parms * cmd, >+ void *dummy, char *indicator) >+{ >+ server_rec *s = cmd->server; >+ jk_server_conf_t *conf = >+ (jk_server_conf_t *) ap_get_module_config(s->module_config, >+ &jk_module); >+ >+ conf->certchain_indicator = ap_pstrdup(cmd->pool, indicator); >+ return NULL; >+} >+ >+/* > * JkCIPHERIndicator Directive Handling > * > * JkCIPHERIndicator SSL_CIPHER >@@ -1663,6 +1697,7 @@ > * > * HTTPS - indication for SSL > * CERTS - Base64-Der-encoded client certificates. >+ * CERTCHAIN - Base64-Der-encoded client chain certificates. > * CIPHER - A string specifing the ciphers suite in use. > * SESSION - A string specifing the current SSL session. > * KEYSIZE - Size of Key used in dialogue (#bits are secure) >@@ -1671,6 +1706,8 @@ > "Name of the Apache environment that contains SSL indication"}, > {"JkCERTSIndicator", jk_set_certs_indicator, NULL, RSRC_CONF, TAKE1, > "Name of the Apache environment that contains SSL client certificates"}, >+ {"JkCERTCHAINIndicator", jk_set_certchain_indicator, NULL, RSRC_CONF, TAKE1, >+ "Name of the Apache environment (prefix) that contains SSL client chain certificates"}, > {"JkCIPHERIndicator", jk_set_cipher_indicator, NULL, RSRC_CONF, TAKE1, > "Name of the Apache environment that contains SSL client cipher"}, > {"JkSESSIONIndicator", jk_set_session_indicator, NULL, RSRC_CONF, TAKE1, >@@ -1896,6 +1933,7 @@ > */ > c->https_indicator = "HTTPS"; > c->certs_indicator = "SSL_CLIENT_CERT"; >+ c->certchain_indicator = "SSL_CLIENT_CERT_CHAIN_"; > > /* > * The following (comented out) environment variables match apache_ssl! >@@ -1960,6 +1998,7 @@ > overrides->ssl_enable = base->ssl_enable; > overrides->https_indicator = base->https_indicator; > overrides->certs_indicator = base->certs_indicator; >+ overrides->certchain_indicator = base->certchain_indicator; > overrides->cipher_indicator = base->cipher_indicator; > overrides->session_indicator = base->session_indicator; > overrides->key_size_indicator = base->key_size_indicator; >--- jakarta-tomcat-connectors-1.2.15-src/jk/native/apache-2.0/mod_jk.c.orig 2005-09-21 15:59:50.000000000 +0200 >+++ jakarta-tomcat-connectors-1.2.15-src/jk/native/apache-2.0/mod_jk.c 2006-05-05 09:47:27.000000000 +0200 >@@ -170,6 +170,7 @@ > int ssl_enable; > char *https_indicator; > char *certs_indicator; >+ char *certchain_indicator; > char *cipher_indicator; > char *session_indicator; /* Servlet API 2.3 requirement */ > char *key_size_indicator; /* Servlet API 2.3 requirement */ >@@ -599,12 +600,27 @@ > (char *)apr_table_get(r->subprocess_env, > conf->https_indicator); > if (ssl_temp && !strcasecmp(ssl_temp, "on")) { >+ const apr_array_header_t *t = apr_table_elts(r->subprocess_env); > s->is_ssl = JK_TRUE; > s->ssl_cert = > (char *)apr_table_get(r->subprocess_env, > conf->certs_indicator); >+ if (t && t->nelts) { >+ int i; >+ const apr_table_entry_t *elts = (const apr_table_entry_t *) t->elts; >+ apr_array_header_t *certs = apr_array_make(r->pool, 1, sizeof(char *)); >+ *(const char **)apr_array_push(certs) = s->ssl_cert; >+ for (i = 0; i < t->nelts; i++) { >+ if (!elts[i].key) >+ continue; >+ if (!strncasecmp(elts[i].key, conf->certchain_indicator, strlen(conf->certchain_indicator))) >+ *(const char **)apr_array_push(certs) = elts[i].val; >+ } >+ s->ssl_cert = apr_array_pstrcat(r->pool, certs, '\0'); >+ } > if (s->ssl_cert) { > s->ssl_cert_len = strlen(s->ssl_cert); >+ jk_log(conf->log, JK_LOG_DEBUG, "length of SSL client certificate: %d bytes, dump follows:\n%s", s->ssl_cert_len, s->ssl_cert); > } > /* Servlet 2.3 API */ > s->ssl_cipher = >@@ -1433,6 +1449,25 @@ > } > > /* >+ * JkCERTCHAINIndicator Directive Handling >+ * >+ * JkCERTCHAINIndicator SSL_CLIENT_CERT_CHAIN_ >+ */ >+ >+static const char *jk_set_certchain_indicator(cmd_parms * cmd, >+ void *dummy, const char *indicator) >+{ >+ server_rec *s = cmd->server; >+ jk_server_conf_t *conf = >+ (jk_server_conf_t *) ap_get_module_config(s->module_config, >+ &jk_module); >+ >+ conf->certchain_indicator = apr_pstrdup(cmd->pool, indicator); >+ >+ return NULL; >+} >+ >+/* > * JkCIPHERIndicator Directive Handling > * > * JkCIPHERIndicator SSL_CIPHER >@@ -1700,6 +1735,7 @@ > * > * HTTPS - indication for SSL > * CERTS - Base64-Der-encoded client certificates. >+ * CERTCHAIN - Base64-Der-encoded client chain certificates. > * CIPHER - A string specifing the ciphers suite in use. > * KEYSIZE - Size of Key used in dialogue (#bits are secure) > * SESSION - A string specifing the current SSL session. >@@ -1708,6 +1744,8 @@ > "Name of the Apache environment that contains SSL indication"), > AP_INIT_TAKE1("JkCERTSIndicator", jk_set_certs_indicator, NULL, RSRC_CONF, > "Name of the Apache environment that contains SSL client certificates"), >+ AP_INIT_TAKE1("JkCERTCHAINIndicator", jk_set_certchain_indicator, NULL, RSRC_CONF, >+ "Name of the Apache environment (prefix) that contains SSL client chain certificates"), > AP_INIT_TAKE1("JkCIPHERIndicator", jk_set_cipher_indicator, NULL, > RSRC_CONF, > "Name of the Apache environment that contains SSL client cipher"), >@@ -2069,6 +2107,7 @@ > */ > c->https_indicator = "HTTPS"; > c->certs_indicator = "SSL_CLIENT_CERT"; >+ c->certchain_indicator = "SSL_CLIENT_CERT_CHAIN_"; > > /* > * The following (comented out) environment variables match apache_ssl! >@@ -2138,6 +2177,7 @@ > overrides->ssl_enable = base->ssl_enable; > overrides->https_indicator = base->https_indicator; > overrides->certs_indicator = base->certs_indicator; >+ overrides->certchain_indicator = base->certchain_indicator; > overrides->cipher_indicator = base->cipher_indicator; > overrides->session_indicator = base->session_indicator; > }
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=18332">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 39636
:
18332
|
18458
|
19447