Lines 154-159
Link Here
|
154 |
int ssl_enable; |
154 |
int ssl_enable; |
155 |
char *https_indicator; |
155 |
char *https_indicator; |
156 |
char *certs_indicator; |
156 |
char *certs_indicator; |
|
|
157 |
char *certchain_indicator; |
157 |
char *cipher_indicator; |
158 |
char *cipher_indicator; |
158 |
char *session_indicator; |
159 |
char *session_indicator; |
159 |
char *key_size_indicator; |
160 |
char *key_size_indicator; |
Lines 632-639
Link Here
|
632 |
s->ssl_cert = |
633 |
s->ssl_cert = |
633 |
(char *)ap_table_get(r->subprocess_env, |
634 |
(char *)ap_table_get(r->subprocess_env, |
634 |
conf->certs_indicator); |
635 |
conf->certs_indicator); |
|
|
636 |
if (conf->options & JK_OPT_FWDCERTCHAIN) { |
637 |
array_header *t = ap_table_elts(r->subprocess_env); |
638 |
if (t && t->nelts) { |
639 |
int i; |
640 |
table_entry *elts = (table_entry *) t->elts; |
641 |
array_header *certs = ap_make_array(r->pool, |
642 |
1, |
643 |
sizeof(char *)); |
644 |
*(const char **)ap_push_array(certs) = s->ssl_cert; |
645 |
for (i = 0; i < t->nelts; i++) { |
646 |
if (!elts[i].key) |
647 |
continue; |
648 |
if (!strncasecmp(elts[i].key, |
649 |
conf->certchain_indicator, |
650 |
strlen(conf->certchain_indicator))) |
651 |
*(const char **)ap_push_array(certs) = elts[i].val; |
652 |
} |
653 |
s->ssl_cert = ap_array_pstrcat(r->pool, certs, '\0'); |
654 |
} |
655 |
} |
635 |
if (s->ssl_cert) { |
656 |
if (s->ssl_cert) { |
636 |
s->ssl_cert_len = strlen(s->ssl_cert); |
657 |
s->ssl_cert_len = strlen(s->ssl_cert); |
|
|
658 |
jk_log(conf->log ? conf->log : main_log, |
659 |
JK_LOG_DEBUG, |
660 |
"length of SSL client certificate: %d bytes", |
661 |
s->ssl_cert_len); |
662 |
if (s->ssl_cert_len > 0) |
663 |
jk_log(conf->log ? conf->log : main_log, |
664 |
JK_LOG_DEBUG, |
665 |
", dump follows:\n%s", |
666 |
s->ssl_cert); |
637 |
} |
667 |
} |
638 |
/* Servlet 2.3 API */ |
668 |
/* Servlet 2.3 API */ |
639 |
s->ssl_cipher = |
669 |
s->ssl_cipher = |
Lines 1525-1530
Link Here
|
1525 |
} |
1555 |
} |
1526 |
|
1556 |
|
1527 |
/* |
1557 |
/* |
|
|
1558 |
* JkCERTCHAINIndicator Directive Handling |
1559 |
* |
1560 |
* JkCERTCHAINIndicator SSL_CLIENT_CERT_CHAIN_ |
1561 |
*/ |
1562 |
static const char *jk_set_certchain_indicator(cmd_parms * cmd, |
1563 |
void *dummy, char *indicator) |
1564 |
{ |
1565 |
server_rec *s = cmd->server; |
1566 |
jk_server_conf_t *conf = |
1567 |
(jk_server_conf_t *) ap_get_module_config(s->module_config, |
1568 |
&jk_module); |
1569 |
|
1570 |
conf->certchain_indicator = ap_pstrdup(cmd->pool, indicator); |
1571 |
return NULL; |
1572 |
} |
1573 |
|
1574 |
/* |
1528 |
* JkCIPHERIndicator Directive Handling |
1575 |
* JkCIPHERIndicator Directive Handling |
1529 |
* |
1576 |
* |
1530 |
* JkCIPHERIndicator SSL_CIPHER |
1577 |
* JkCIPHERIndicator SSL_CIPHER |
Lines 1588-1594
Link Here
|
1588 |
* ForwardURICompatUnparsed => Forward URI as unparsed, spec compliant but broke mod_rewrite (old TC) |
1635 |
* ForwardURICompatUnparsed => Forward URI as unparsed, spec compliant but broke mod_rewrite (old TC) |
1589 |
* ForwardURIEscaped => Forward URI escaped and Tomcat (3.3 rc2) stuff will do the decoding part |
1636 |
* ForwardURIEscaped => Forward URI escaped and Tomcat (3.3 rc2) stuff will do the decoding part |
1590 |
* ForwardDirectories => Forward all directory requests with no index files to Tomcat |
1637 |
* ForwardDirectories => Forward all directory requests with no index files to Tomcat |
1591 |
*/ |
1638 |
* +ForwardSSLCertChain => Forward SSL Cert Chain |
|
|
1639 |
* -ForwardSSLCertChain => Don't Forward SSL Cert Chain (default) |
1640 |
*/ |
1592 |
|
1641 |
|
1593 |
const char *jk_set_options(cmd_parms * cmd, void *dummy, const char *line) |
1642 |
const char *jk_set_options(cmd_parms * cmd, void *dummy, const char *line) |
1594 |
{ |
1643 |
{ |
Lines 1646-1651
Link Here
|
1646 |
else if (!strcasecmp(w, "DisableReuse")) { |
1695 |
else if (!strcasecmp(w, "DisableReuse")) { |
1647 |
opt = JK_OPT_DISABLEREUSE; |
1696 |
opt = JK_OPT_DISABLEREUSE; |
1648 |
} |
1697 |
} |
|
|
1698 |
else if (!strcasecmp(w, "ForwardCertChain")) { |
1699 |
opt = JK_OPT_FWDCERTCHAIN; |
1700 |
} |
1649 |
else |
1701 |
else |
1650 |
return ap_pstrcat(cmd->pool, "JkOptions: Illegal option '", w, |
1702 |
return ap_pstrcat(cmd->pool, "JkOptions: Illegal option '", w, |
1651 |
"'", NULL); |
1703 |
"'", NULL); |
Lines 1813-1818
Link Here
|
1813 |
* |
1865 |
* |
1814 |
* HTTPS - indication for SSL |
1866 |
* HTTPS - indication for SSL |
1815 |
* CERTS - Base64-Der-encoded client certificates. |
1867 |
* CERTS - Base64-Der-encoded client certificates. |
|
|
1868 |
* CERTCHAIN - Base64-Der-encoded client chain certificates. |
1816 |
* CIPHER - A string specifing the ciphers suite in use. |
1869 |
* CIPHER - A string specifing the ciphers suite in use. |
1817 |
* SESSION - A string specifing the current SSL session. |
1870 |
* SESSION - A string specifing the current SSL session. |
1818 |
* KEYSIZE - Size of Key used in dialogue (#bits are secure) |
1871 |
* KEYSIZE - Size of Key used in dialogue (#bits are secure) |
Lines 1821-1826
Link Here
|
1821 |
"Name of the Apache environment that contains SSL indication"}, |
1874 |
"Name of the Apache environment that contains SSL indication"}, |
1822 |
{"JkCERTSIndicator", jk_set_certs_indicator, NULL, RSRC_CONF, TAKE1, |
1875 |
{"JkCERTSIndicator", jk_set_certs_indicator, NULL, RSRC_CONF, TAKE1, |
1823 |
"Name of the Apache environment that contains SSL client certificates"}, |
1876 |
"Name of the Apache environment that contains SSL client certificates"}, |
|
|
1877 |
{"JkCERTCHAINIndicator", jk_set_certchain_indicator, NULL, RSRC_CONF, TAKE1, |
1878 |
"Name of the Apache environment (prefix) that contains SSL client chain certificates"}, |
1824 |
{"JkCIPHERIndicator", jk_set_cipher_indicator, NULL, RSRC_CONF, TAKE1, |
1879 |
{"JkCIPHERIndicator", jk_set_cipher_indicator, NULL, RSRC_CONF, TAKE1, |
1825 |
"Name of the Apache environment that contains SSL client cipher"}, |
1880 |
"Name of the Apache environment that contains SSL client cipher"}, |
1826 |
{"JkSESSIONIndicator", jk_set_session_indicator, NULL, RSRC_CONF, TAKE1, |
1881 |
{"JkSESSIONIndicator", jk_set_session_indicator, NULL, RSRC_CONF, TAKE1, |
Lines 1838-1843
Link Here
|
1838 |
* ForwardURICompat => Forward URI normally, less spec compliant but mod_rewrite compatible (old TC) |
1893 |
* ForwardURICompat => Forward URI normally, less spec compliant but mod_rewrite compatible (old TC) |
1839 |
* ForwardURICompatUnparsed => Forward URI as unparsed, spec compliant but broke mod_rewrite (old TC) |
1894 |
* ForwardURICompatUnparsed => Forward URI as unparsed, spec compliant but broke mod_rewrite (old TC) |
1840 |
* ForwardURIEscaped => Forward URI escaped and Tomcat (3.3 rc2) stuff will do the decoding part |
1895 |
* ForwardURIEscaped => Forward URI escaped and Tomcat (3.3 rc2) stuff will do the decoding part |
|
|
1896 |
* +ForwardSSLCertChain => Forward SSL certificate chain |
1897 |
* -ForwardSSLCertChain => Don't forward SSL certificate chain (default) |
1841 |
*/ |
1898 |
*/ |
1842 |
{"JkOptions", jk_set_options, NULL, RSRC_CONF, RAW_ARGS, |
1899 |
{"JkOptions", jk_set_options, NULL, RSRC_CONF, RAW_ARGS, |
1843 |
"Set one of more options to configure the mod_jk module"}, |
1900 |
"Set one of more options to configure the mod_jk module"}, |
Lines 2123-2128
Link Here
|
2123 |
*/ |
2180 |
*/ |
2124 |
c->https_indicator = JK_ENV_HTTPS; |
2181 |
c->https_indicator = JK_ENV_HTTPS; |
2125 |
c->certs_indicator = JK_ENV_CERTS; |
2182 |
c->certs_indicator = JK_ENV_CERTS; |
|
|
2183 |
c->certchain_indicator = "SSL_CLIENT_CERT_CHAIN_"; |
2126 |
c->cipher_indicator = JK_ENV_CIPHER; |
2184 |
c->cipher_indicator = JK_ENV_CIPHER; |
2127 |
c->session_indicator = JK_ENV_SESSION; |
2185 |
c->session_indicator = JK_ENV_SESSION; |
2128 |
c->key_size_indicator = JK_ENV_KEY_SIZE; |
2186 |
c->key_size_indicator = JK_ENV_KEY_SIZE; |
Lines 2188-2193
Link Here
|
2188 |
overrides->https_indicator = base->https_indicator; |
2246 |
overrides->https_indicator = base->https_indicator; |
2189 |
if (!overrides->certs_indicator) |
2247 |
if (!overrides->certs_indicator) |
2190 |
overrides->certs_indicator = base->certs_indicator; |
2248 |
overrides->certs_indicator = base->certs_indicator; |
|
|
2249 |
if (!overrides->certchain_indicator) |
2250 |
overrides->certchain_indicator = base->certchain_indicator; |
2191 |
if (!overrides->cipher_indicator) |
2251 |
if (!overrides->cipher_indicator) |
2192 |
overrides->cipher_indicator = base->cipher_indicator; |
2252 |
overrides->cipher_indicator = base->cipher_indicator; |
2193 |
if (!overrides->session_indicator) |
2253 |
if (!overrides->session_indicator) |