Lines 127-132
Link Here
|
127 |
int ssl_enable; |
127 |
int ssl_enable; |
128 |
char *https_indicator; |
128 |
char *https_indicator; |
129 |
char *certs_indicator; |
129 |
char *certs_indicator; |
|
|
130 |
char *certchain_indicator; |
130 |
char *cipher_indicator; |
131 |
char *cipher_indicator; |
131 |
char *session_indicator; |
132 |
char *session_indicator; |
132 |
char *key_size_indicator; |
133 |
char *key_size_indicator; |
Lines 563-570
Link Here
|
563 |
s->ssl_cert = |
564 |
s->ssl_cert = |
564 |
(char *)ap_table_get(r->subprocess_env, |
565 |
(char *)ap_table_get(r->subprocess_env, |
565 |
conf->certs_indicator); |
566 |
conf->certs_indicator); |
|
|
567 |
if (conf->options & JK_OPT_FWDCERTCHAIN) { |
568 |
array_header *t = ap_table_elts(r->subprocess_env); |
569 |
if (t && t->nelts) { |
570 |
int i; |
571 |
table_entry *elts = (table_entry *) t->elts; |
572 |
array_header *certs = ap_make_array(r->pool, 1, sizeof(char *)); |
573 |
*(const char **)ap_push_array(certs) = s->ssl_cert; |
574 |
for (i = 0; i < t->nelts; i++) { |
575 |
if (!elts[i].key) |
576 |
continue; |
577 |
if (!strncasecmp(elts[i].key, conf->certchain_indicator, strlen(conf->certchain_indicator))) |
578 |
*(const char **)ap_push_array(certs) = elts[i].val; |
579 |
} |
580 |
s->ssl_cert = ap_array_pstrcat(r->pool, certs, '\0'); |
581 |
} |
582 |
} |
566 |
if (s->ssl_cert) { |
583 |
if (s->ssl_cert) { |
567 |
s->ssl_cert_len = strlen(s->ssl_cert); |
584 |
s->ssl_cert_len = strlen(s->ssl_cert); |
|
|
585 |
jk_log(conf->log ? conf->log : main_log, JK_LOG_DEBUG, "length of SSL client certificate: %d bytes", s->ssl_cert_len); |
586 |
if (s->ssl_cert_len > 0) |
587 |
jk_log(conf->log ? conf->log : main_log, JK_LOG_DEBUG, ", dump follows:\n%s", s->ssl_cert); |
568 |
} |
588 |
} |
569 |
/* Servlet 2.3 API */ |
589 |
/* Servlet 2.3 API */ |
570 |
s->ssl_cipher = |
590 |
s->ssl_cipher = |
Lines 1408-1413
Link Here
|
1408 |
} |
1428 |
} |
1409 |
|
1429 |
|
1410 |
/* |
1430 |
/* |
|
|
1431 |
* JkCERTCHAINIndicator Directive Handling |
1432 |
* |
1433 |
* JkCERTCHAINIndicator SSL_CLIENT_CERT_CHAIN_ |
1434 |
*/ |
1435 |
|
1436 |
static const char *jk_set_certchain_indicator(cmd_parms * cmd, |
1437 |
void *dummy, char *indicator) |
1438 |
{ |
1439 |
server_rec *s = cmd->server; |
1440 |
jk_server_conf_t *conf = |
1441 |
(jk_server_conf_t *) ap_get_module_config(s->module_config, |
1442 |
&jk_module); |
1443 |
|
1444 |
conf->certchain_indicator = ap_pstrdup(cmd->pool, indicator); |
1445 |
return NULL; |
1446 |
} |
1447 |
|
1448 |
/* |
1411 |
* JkCIPHERIndicator Directive Handling |
1449 |
* JkCIPHERIndicator Directive Handling |
1412 |
* |
1450 |
* |
1413 |
* JkCIPHERIndicator SSL_CIPHER |
1451 |
* JkCIPHERIndicator SSL_CIPHER |
Lines 1471-1476
Link Here
|
1471 |
* ForwardURICompatUnparsed => Forward URI as unparsed, spec compliant but broke mod_rewrite (old TC) |
1509 |
* ForwardURICompatUnparsed => Forward URI as unparsed, spec compliant but broke mod_rewrite (old TC) |
1472 |
* ForwardURIEscaped => Forward URI escaped and Tomcat (3.3 rc2) stuff will do the decoding part |
1510 |
* ForwardURIEscaped => Forward URI escaped and Tomcat (3.3 rc2) stuff will do the decoding part |
1473 |
* ForwardDirectories => Forward all directory requests with no index files to Tomcat |
1511 |
* ForwardDirectories => Forward all directory requests with no index files to Tomcat |
|
|
1512 |
* +ForwardSSLCertChain => Forward SSL Cert Chain |
1513 |
* -ForwardSSLCertChain => Don't Forward SSL Cert Chain (default) |
1474 |
*/ |
1514 |
*/ |
1475 |
|
1515 |
|
1476 |
const char *jk_set_options(cmd_parms * cmd, void *dummy, const char *line) |
1516 |
const char *jk_set_options(cmd_parms * cmd, void *dummy, const char *line) |
Lines 1519-1524
Link Here
|
1519 |
else if (!strcasecmp(w, "FlushPackets")) { |
1559 |
else if (!strcasecmp(w, "FlushPackets")) { |
1520 |
opt = JK_OPT_FLUSHPACKETS; |
1560 |
opt = JK_OPT_FLUSHPACKETS; |
1521 |
} |
1561 |
} |
|
|
1562 |
else if (!strcasecmp(w, "ForwardSSLCertChain")) { |
1563 |
opt = JK_OPT_FWDCERTCHAIN; |
1564 |
} |
1522 |
else |
1565 |
else |
1523 |
return ap_pstrcat(cmd->pool, "JkOptions: Illegal option '", w, |
1566 |
return ap_pstrcat(cmd->pool, "JkOptions: Illegal option '", w, |
1524 |
"'", NULL); |
1567 |
"'", NULL); |
Lines 1663-1668
Link Here
|
1663 |
* |
1706 |
* |
1664 |
* HTTPS - indication for SSL |
1707 |
* HTTPS - indication for SSL |
1665 |
* CERTS - Base64-Der-encoded client certificates. |
1708 |
* CERTS - Base64-Der-encoded client certificates. |
|
|
1709 |
* CERTCHAIN - Base64-Der-encoded client chain certificates. |
1666 |
* CIPHER - A string specifing the ciphers suite in use. |
1710 |
* CIPHER - A string specifing the ciphers suite in use. |
1667 |
* SESSION - A string specifing the current SSL session. |
1711 |
* SESSION - A string specifing the current SSL session. |
1668 |
* KEYSIZE - Size of Key used in dialogue (#bits are secure) |
1712 |
* KEYSIZE - Size of Key used in dialogue (#bits are secure) |
Lines 1671-1676
Link Here
|
1671 |
"Name of the Apache environment that contains SSL indication"}, |
1715 |
"Name of the Apache environment that contains SSL indication"}, |
1672 |
{"JkCERTSIndicator", jk_set_certs_indicator, NULL, RSRC_CONF, TAKE1, |
1716 |
{"JkCERTSIndicator", jk_set_certs_indicator, NULL, RSRC_CONF, TAKE1, |
1673 |
"Name of the Apache environment that contains SSL client certificates"}, |
1717 |
"Name of the Apache environment that contains SSL client certificates"}, |
|
|
1718 |
{"JkCERTCHAINIndicator", jk_set_certchain_indicator, NULL, RSRC_CONF, TAKE1, |
1719 |
"Name of the Apache environment (prefix) that contains SSL client chain certificates"}, |
1674 |
{"JkCIPHERIndicator", jk_set_cipher_indicator, NULL, RSRC_CONF, TAKE1, |
1720 |
{"JkCIPHERIndicator", jk_set_cipher_indicator, NULL, RSRC_CONF, TAKE1, |
1675 |
"Name of the Apache environment that contains SSL client cipher"}, |
1721 |
"Name of the Apache environment that contains SSL client cipher"}, |
1676 |
{"JkSESSIONIndicator", jk_set_session_indicator, NULL, RSRC_CONF, TAKE1, |
1722 |
{"JkSESSIONIndicator", jk_set_session_indicator, NULL, RSRC_CONF, TAKE1, |
Lines 1688-1694
Link Here
|
1688 |
* ForwardURICompat => Forward URI normally, less spec compliant but mod_rewrite compatible (old TC) |
1734 |
* ForwardURICompat => Forward URI normally, less spec compliant but mod_rewrite compatible (old TC) |
1689 |
* ForwardURICompatUnparsed => Forward URI as unparsed, spec compliant but broke mod_rewrite (old TC) |
1735 |
* ForwardURICompatUnparsed => Forward URI as unparsed, spec compliant but broke mod_rewrite (old TC) |
1690 |
* ForwardURIEscaped => Forward URI escaped and Tomcat (3.3 rc2) stuff will do the decoding part |
1736 |
* ForwardURIEscaped => Forward URI escaped and Tomcat (3.3 rc2) stuff will do the decoding part |
1691 |
*/ |
1737 |
* +ForwardSSLCertChain => Forward SSL certificate chain |
|
|
1738 |
* -ForwardSSLCertChain => Don't forward SSL certificate chain (default) |
1739 |
*/ |
1692 |
{"JkOptions", jk_set_options, NULL, RSRC_CONF, RAW_ARGS, |
1740 |
{"JkOptions", jk_set_options, NULL, RSRC_CONF, RAW_ARGS, |
1693 |
"Set one of more options to configure the mod_jk module"}, |
1741 |
"Set one of more options to configure the mod_jk module"}, |
1694 |
|
1742 |
|
Lines 1896-1901
Link Here
|
1896 |
*/ |
1944 |
*/ |
1897 |
c->https_indicator = "HTTPS"; |
1945 |
c->https_indicator = "HTTPS"; |
1898 |
c->certs_indicator = "SSL_CLIENT_CERT"; |
1946 |
c->certs_indicator = "SSL_CLIENT_CERT"; |
|
|
1947 |
c->certchain_indicator = "SSL_CLIENT_CERT_CHAIN_"; |
1899 |
|
1948 |
|
1900 |
/* |
1949 |
/* |
1901 |
* The following (comented out) environment variables match apache_ssl! |
1950 |
* The following (comented out) environment variables match apache_ssl! |
Lines 1960-1965
Link Here
|
1960 |
overrides->ssl_enable = base->ssl_enable; |
2009 |
overrides->ssl_enable = base->ssl_enable; |
1961 |
overrides->https_indicator = base->https_indicator; |
2010 |
overrides->https_indicator = base->https_indicator; |
1962 |
overrides->certs_indicator = base->certs_indicator; |
2011 |
overrides->certs_indicator = base->certs_indicator; |
|
|
2012 |
overrides->certchain_indicator = base->certchain_indicator; |
1963 |
overrides->cipher_indicator = base->cipher_indicator; |
2013 |
overrides->cipher_indicator = base->cipher_indicator; |
1964 |
overrides->session_indicator = base->session_indicator; |
2014 |
overrides->session_indicator = base->session_indicator; |
1965 |
overrides->key_size_indicator = base->key_size_indicator; |
2015 |
overrides->key_size_indicator = base->key_size_indicator; |