Attachment #19447 for bug #39636

View | Details | Raw Unified | Return to bug 39636
Collapse All | Expand All

Lines 249-254 Link Here

(-)tomcat-connectors-1.2.20-src.orig/native/common/jk_global.h (+1 lines)
249	#define JK_OPT_FLUSHPACKETS 0x0020	249	#define JK_OPT_FLUSHPACKETS 0x0020
250	#define JK_OPT_FLUSHEADER 0x0040	250	#define JK_OPT_FLUSHEADER 0x0040
251	#define JK_OPT_DISABLEREUSE 0x0080	251	#define JK_OPT_DISABLEREUSE 0x0080
		252	#define JK_OPT_FWDCERTCHAIN 0x0100
252		253
253	/* Check for EBCDIC systems */	254	/* Check for EBCDIC systems */
254		255




    int ssl_enable;
    char *https_indicator;
    char *certs_indicator;
    char *certchain_indicator;
    char *cipher_indicator;
    char *session_indicator;
    char *key_size_indicator;

                s->ssl_cert =
                    (char *)ap_table_get(r->subprocess_env,
                                         conf->certs_indicator);
                if (conf->options & JK_OPT_FWDCERTCHAIN) {
                    array_header *t = ap_table_elts(r->subprocess_env);
                    if (t && t->nelts) {
                        int i;
                        table_entry *elts = (table_entry *) t->elts;
                        array_header *certs = ap_make_array(r->pool,
                                                            1,
                                                            sizeof(char *));
                        *(const char **)ap_push_array(certs) = s->ssl_cert;
                        for (i = 0; i < t->nelts; i++) {
                             if (!elts[i].key)
                                       continue;
                             if (!strncasecmp(elts[i].key,
                                conf->certchain_indicator,
                                strlen(conf->certchain_indicator)))
                                *(const char **)ap_push_array(certs) = elts[i].val;
                        }
                     s->ssl_cert = ap_array_pstrcat(r->pool, certs, '\0');
                     }
                }
                if (s->ssl_cert) {
                    s->ssl_cert_len = strlen(s->ssl_cert);
                    jk_log(conf->log ? conf->log : main_log,
                           JK_LOG_DEBUG,
                           "length of SSL client certificate: %d bytes",
                           s->ssl_cert_len);
                           if (s->ssl_cert_len > 0)
                               jk_log(conf->log ? conf->log : main_log,
                               JK_LOG_DEBUG,
                               ", dump follows:\n%s",
                               s->ssl_cert);
                }
                /* Servlet 2.3 API */
                s->ssl_cipher =

}

/*
 * JkCERTCHAINIndicator Directive Handling
 *
 * JkCERTCHAINIndicator SSL_CLIENT_CERT_CHAIN_
 */
static const char *jk_set_certchain_indicator(cmd_parms * cmd,
                                              void *dummy, char *indicator)
{
    server_rec *s = cmd->server;
    jk_server_conf_t *conf =
    (jk_server_conf_t *) ap_get_module_config(s->module_config,
                                                &jk_module);

    conf->certchain_indicator = ap_pstrdup(cmd->pool, indicator);
    return NULL;
}

/*
 * JkCIPHERIndicator Directive Handling
 *
 * JkCIPHERIndicator SSL_CIPHER

 *  ForwardURICompatUnparsed => Forward URI as unparsed, spec compliant but broke mod_rewrite (old TC)
 *  ForwardURIEscaped        => Forward URI escaped and Tomcat (3.3 rc2) stuff will do the decoding part
 *  ForwardDirectories       => Forward all directory requests with no index files to Tomcat
 * +ForwardSSLCertChain     => Forward SSL Cert Chain
 * -ForwardSSLCertChain     => Don't Forward SSL Cert Chain (default)
*/

const char *jk_set_options(cmd_parms * cmd, void *dummy, const char *line)
{

        else if (!strcasecmp(w, "DisableReuse")) {
            opt = JK_OPT_DISABLEREUSE;
        }
        else if (!strcasecmp(w, "ForwardCertChain")) {
            opt = JK_OPT_FWDCERTCHAIN;
        }
        else
            return ap_pstrcat(cmd->pool, "JkOptions: Illegal option '", w,
                              "'", NULL);

     *
     * HTTPS - indication for SSL
     * CERTS - Base64-Der-encoded client certificates.
     * CERTCHAIN - Base64-Der-encoded client chain certificates.
     * CIPHER - A string specifing the ciphers suite in use.
     * SESSION - A string specifing the current SSL session.
     * KEYSIZE - Size of Key used in dialogue (#bits are secure)

     "Name of the Apache environment that contains SSL indication"},
    {"JkCERTSIndicator", jk_set_certs_indicator, NULL, RSRC_CONF, TAKE1,
     "Name of the Apache environment that contains SSL client certificates"},
    {"JkCERTCHAINIndicator", jk_set_certchain_indicator, NULL, RSRC_CONF, TAKE1,
     "Name of the Apache environment (prefix) that contains SSL client chain certificates"},
    {"JkCIPHERIndicator", jk_set_cipher_indicator, NULL, RSRC_CONF, TAKE1,
     "Name of the Apache environment that contains SSL client cipher"},
    {"JkSESSIONIndicator", jk_set_session_indicator, NULL, RSRC_CONF, TAKE1,

     *  ForwardURICompat         => Forward URI normally, less spec compliant but mod_rewrite compatible (old TC)
     *  ForwardURICompatUnparsed => Forward URI as unparsed, spec compliant but broke mod_rewrite (old TC)
     *  ForwardURIEscaped        => Forward URI escaped and Tomcat (3.3 rc2) stuff will do the decoding part
     * +ForwardSSLCertChain     => Forward SSL certificate chain
     * -ForwardSSLCertChain     => Don't forward SSL certificate chain (default)
     */
    {"JkOptions", jk_set_options, NULL, RSRC_CONF, RAW_ARGS,
     "Set one of more options to configure the mod_jk module"},

         */
        c->https_indicator = JK_ENV_HTTPS;
        c->certs_indicator = JK_ENV_CERTS;
        c->certchain_indicator = "SSL_CLIENT_CERT_CHAIN_";
        c->cipher_indicator = JK_ENV_CIPHER;
        c->session_indicator = JK_ENV_SESSION;
        c->key_size_indicator = JK_ENV_KEY_SIZE;

        overrides->https_indicator = base->https_indicator;
    if (!overrides->certs_indicator)
        overrides->certs_indicator = base->certs_indicator;
    if (!overrides->certchain_indicator)
        overrides->certchain_indicator = base->certchain_indicator;
    if (!overrides->cipher_indicator)
        overrides->cipher_indicator = base->cipher_indicator;
    if (!overrides->session_indicator)




    int ssl_enable;
    char *https_indicator;
    char *certs_indicator;
    char *certchain_indicator;
    char *cipher_indicator;
    char *session_indicator;    /* Servlet API 2.3 requirement */
    char *key_size_indicator;   /* Servlet API 2.3 requirement */

                s->ssl_cert =
                    (char *)apr_table_get(r->subprocess_env,
                                          conf->certs_indicator);
                if (conf->options & JK_OPT_FWDCERTCHAIN) {
                    const apr_array_header_t *t = apr_table_elts(r->subprocess_env);
                    if (t && t->nelts) {
                    int i;
                    const apr_table_entry_t *elts = (const apr_table_entry_t *) t->elts;
                    apr_array_header_t *certs = apr_array_make(r->pool, 1, sizeof(char *));
                    *(const char **)apr_array_push(certs) = s->ssl_cert;
                    for (i = 0; i < t->nelts; i++) {
                        if (!elts[i].key)
                            continue;
                        if (!strncasecmp(elts[i].key, conf->certchain_indicator, strlen(conf->certchain_indicator)))
                            *(const char **)apr_array_push(certs) = elts[i].val;
                    }
                    s->ssl_cert = apr_array_pstrcat(r->pool, certs, '\0');
                    }
                }
                if (s->ssl_cert) {
                    s->ssl_cert_len = strlen(s->ssl_cert);
                    jk_log(conf->log, JK_LOG_DEBUG, "length of SSL client certificate: %d bytes", s->ssl_cert_len);
                    if (s->ssl_cert_len > 0)
                    jk_log(conf->log, JK_LOG_DEBUG, ", dump follows:\n%s", s->ssl_cert);
                }
                /* Servlet 2.3 API */
                s->ssl_cipher =

}

/*
 * JkCERTCHAINIndicator Directive Handling
 *
 * JkCERTCHAINIndicator SSL_CLIENT_CERT_CHAIN_
 */

static const char *jk_set_certchain_indicator(cmd_parms * cmd,
                                              void *dummy, const char *indicator)
{
    server_rec *s = cmd->server;
    jk_server_conf_t *conf =
        (jk_server_conf_t *) ap_get_module_config(s->module_config,
                                                  &jk_module);

    conf->certchain_indicator = apr_pstrdup(cmd->pool, indicator);

    return NULL;
}

/*
 * JkCIPHERIndicator Directive Handling
 *
 * JkCIPHERIndicator SSL_CIPHER

 *  ForwardURICompatUnparsed => Forward URI as unparsed, spec compliant but broke mod_rewrite (old TC)
 *  ForwardURIEscaped        => Forward URI escaped and Tomcat (3.3 rc2) stuff will do the decoding part
 *  ForwardDirectories       => Forward all directory requests with no index files to Tomcat
 *  +ForwardSSLCertChain     => Forward SSL Cert Chain
 *  -ForwardSSLCertChain     => Don't Forward SSL Cert Chain (default)
 */

static const char *jk_set_options(cmd_parms * cmd, void *dummy,

        else if (!strcasecmp(w, "DisableReuse")) {
            opt = JK_OPT_DISABLEREUSE;
        }
        else if (!strcasecmp(w, "ForwardCertChain")) {
            opt = JK_OPT_FWDCERTCHAIN;
        }
        else
            return apr_pstrcat(cmd->pool, "JkOptions: Illegal option '", w,
                               "'", NULL);

     *
     * HTTPS - indication for SSL
     * CERTS - Base64-Der-encoded client certificates.
     * CERTCHAIN - Base64-Der-encoded client chain certificates.
     * CIPHER - A string specifing the ciphers suite in use.
     * KEYSIZE - Size of Key used in dialogue (#bits are secure)
     * SESSION - A string specifing the current SSL session.

                  "Name of the Apache environment that contains SSL indication"),
    AP_INIT_TAKE1("JkCERTSIndicator", jk_set_certs_indicator, NULL, RSRC_CONF,
                  "Name of the Apache environment that contains SSL client certificates"),
    AP_INIT_TAKE1("JkCERTCHAINIndicator", jk_set_certchain_indicator, NULL, RSRC_CONF,
                  "Name of the Apache environment (prefix) that contains SSL client chain certificates"),
    AP_INIT_TAKE1("JkCIPHERIndicator", jk_set_cipher_indicator, NULL,
                  RSRC_CONF,
                  "Name of the Apache environment that contains SSL client cipher"),

     *  ForwardURICompat         => Forward URI normally, less spec compliant but mod_rewrite compatible (old TC)
     *  ForwardURICompatUnparsed => Forward URI as unparsed, spec compliant but broke mod_rewrite (old TC)
     *  ForwardURIEscaped        => Forward URI escaped and Tomcat (3.3 rc2) stuff will do the decoding part
     *  +ForwardSSLCertChain     => Forward SSL certificate chain
     *  -ForwardSSLCertChain     => Don't forward SSL certificate chain
     */
    AP_INIT_RAW_ARGS("JkOptions", jk_set_options, NULL, RSRC_CONF,
                     "Set one of more options to configure the mod_jk module"),

         */
        c->https_indicator = JK_ENV_HTTPS;
        c->certs_indicator = JK_ENV_CERTS;
        c->certchain_indicator = "SSL_CLIENT_CERT_CHAIN_";
        c->cipher_indicator = JK_ENV_CIPHER;
        c->session_indicator = JK_ENV_SESSION;
        c->key_size_indicator = JK_ENV_KEY_SIZE;

        overrides->https_indicator = base->https_indicator;
    if (!overrides->certs_indicator)
        overrides->certs_indicator = base->certs_indicator;
    if (!overrides->certchain_indicator)
        overrides->certchain_indicator = base->certchain_indicator;
    if (!overrides->cipher_indicator)
        overrides->cipher_indicator = base->cipher_indicator;
    if (!overrides->session_indicator)

Return to bug 39636

Lines 154-159 Link Here

(-)tomcat-connectors-1.2.20-src.orig/native/apache-1.3/mod_jk.c (-1 / +61 lines)
154	int ssl_enable;	154	int ssl_enable;
155	char *https_indicator;	155	char *https_indicator;
156	char *certs_indicator;	156	char *certs_indicator;
		157	char *certchain_indicator;
157	char *cipher_indicator;	158	char *cipher_indicator;
158	char *session_indicator;	159	char *session_indicator;
159	char *key_size_indicator;	160	char *key_size_indicator;
Lines 632-639 Link Here
632	s->ssl_cert =	633	s->ssl_cert =
633	(char *)ap_table_get(r->subprocess_env,	634	(char *)ap_table_get(r->subprocess_env,
634	conf->certs_indicator);	635	conf->certs_indicator);
		636	if (conf->options & JK_OPT_FWDCERTCHAIN) {
		637	array_header *t = ap_table_elts(r->subprocess_env);
		638	if (t && t->nelts) {
		639	int i;
		640	table_entry elts = (table_entry ) t->elts;
		641	array_header *certs = ap_make_array(r->pool,
		642	1,
		643	sizeof(char *));
		644	(const char *)ap_push_array(certs) = s->ssl_cert;
		645	for (i = 0; i < t->nelts; i++) {
		646	if (!elts[i].key)
		647	continue;
		648	if (!strncasecmp(elts[i].key,
		649	conf->certchain_indicator,
		650	strlen(conf->certchain_indicator)))
		651	(const char *)ap_push_array(certs) = elts[i].val;
		652	}
		653	s->ssl_cert = ap_array_pstrcat(r->pool, certs, '\0');
		654	}
		655	}
635	if (s->ssl_cert) {	656	if (s->ssl_cert) {
636	s->ssl_cert_len = strlen(s->ssl_cert);	657	s->ssl_cert_len = strlen(s->ssl_cert);
		658	jk_log(conf->log ? conf->log : main_log,
		659	JK_LOG_DEBUG,
		660	"length of SSL client certificate: %d bytes",
		661	s->ssl_cert_len);
		662	if (s->ssl_cert_len > 0)
		663	jk_log(conf->log ? conf->log : main_log,
		664	JK_LOG_DEBUG,
		665	", dump follows:\n%s",
		666	s->ssl_cert);
637	}	667	}
638	/* Servlet 2.3 API */	668	/* Servlet 2.3 API */
639	s->ssl_cipher =	669	s->ssl_cipher =
Lines 1525-1530 Link Here
1525	}	1555	}
1526		1556
1527	/*	1557	/*
		1558	* JkCERTCHAINIndicator Directive Handling
		1559	*
		1560	* JkCERTCHAINIndicator SSL_CLIENT_CERT_CHAIN_
		1561	*/
		1562	static const char jk_set_certchain_indicator(cmd_parms cmd,
		1563	void dummy, char indicator)
		1564	{
		1565	server_rec *s = cmd->server;
		1566	jk_server_conf_t *conf =
		1567	(jk_server_conf_t *) ap_get_module_config(s->module_config,
		1568	&jk_module);
		1569
		1570	conf->certchain_indicator = ap_pstrdup(cmd->pool, indicator);
		1571	return NULL;
		1572	}
		1573
		1574	/*
1528	* JkCIPHERIndicator Directive Handling	1575	* JkCIPHERIndicator Directive Handling
1529	*	1576	*
1530	* JkCIPHERIndicator SSL_CIPHER	1577	* JkCIPHERIndicator SSL_CIPHER
Lines 1588-1594 Link Here
1588	* ForwardURICompatUnparsed => Forward URI as unparsed, spec compliant but broke mod_rewrite (old TC)	1635	* ForwardURICompatUnparsed => Forward URI as unparsed, spec compliant but broke mod_rewrite (old TC)
1589	* ForwardURIEscaped => Forward URI escaped and Tomcat (3.3 rc2) stuff will do the decoding part	1636	* ForwardURIEscaped => Forward URI escaped and Tomcat (3.3 rc2) stuff will do the decoding part
1590	* ForwardDirectories => Forward all directory requests with no index files to Tomcat	1637	* ForwardDirectories => Forward all directory requests with no index files to Tomcat
1591	*/	1638	* +ForwardSSLCertChain => Forward SSL Cert Chain
		1639	* -ForwardSSLCertChain => Don't Forward SSL Cert Chain (default)
		1640	*/
1592		1641
1593	const char jk_set_options(cmd_parms cmd, void dummy, const char line)	1642	const char jk_set_options(cmd_parms cmd, void dummy, const char line)
1594	{	1643	{
Lines 1646-1651 Link Here
1646	else if (!strcasecmp(w, "DisableReuse")) {	1695	else if (!strcasecmp(w, "DisableReuse")) {
1647	opt = JK_OPT_DISABLEREUSE;	1696	opt = JK_OPT_DISABLEREUSE;
1648	}	1697	}
		1698	else if (!strcasecmp(w, "ForwardCertChain")) {
		1699	opt = JK_OPT_FWDCERTCHAIN;
		1700	}
1649	else	1701	else
1650	return ap_pstrcat(cmd->pool, "JkOptions: Illegal option '", w,	1702	return ap_pstrcat(cmd->pool, "JkOptions: Illegal option '", w,
1651	"'", NULL);	1703	"'", NULL);
Lines 1813-1818 Link Here
1813	*	1865	*
1814	* HTTPS - indication for SSL	1866	* HTTPS - indication for SSL
1815	* CERTS - Base64-Der-encoded client certificates.	1867	* CERTS - Base64-Der-encoded client certificates.
		1868	* CERTCHAIN - Base64-Der-encoded client chain certificates.
1816	* CIPHER - A string specifing the ciphers suite in use.	1869	* CIPHER - A string specifing the ciphers suite in use.
1817	* SESSION - A string specifing the current SSL session.	1870	* SESSION - A string specifing the current SSL session.
1818	* KEYSIZE - Size of Key used in dialogue (#bits are secure)	1871	* KEYSIZE - Size of Key used in dialogue (#bits are secure)
Lines 1821-1826 Link Here
1821	"Name of the Apache environment that contains SSL indication"},	1874	"Name of the Apache environment that contains SSL indication"},
1822	{"JkCERTSIndicator", jk_set_certs_indicator, NULL, RSRC_CONF, TAKE1,	1875	{"JkCERTSIndicator", jk_set_certs_indicator, NULL, RSRC_CONF, TAKE1,
1823	"Name of the Apache environment that contains SSL client certificates"},	1876	"Name of the Apache environment that contains SSL client certificates"},
		1877	{"JkCERTCHAINIndicator", jk_set_certchain_indicator, NULL, RSRC_CONF, TAKE1,
		1878	"Name of the Apache environment (prefix) that contains SSL client chain certificates"},
1824	{"JkCIPHERIndicator", jk_set_cipher_indicator, NULL, RSRC_CONF, TAKE1,	1879	{"JkCIPHERIndicator", jk_set_cipher_indicator, NULL, RSRC_CONF, TAKE1,
1825	"Name of the Apache environment that contains SSL client cipher"},	1880	"Name of the Apache environment that contains SSL client cipher"},
1826	{"JkSESSIONIndicator", jk_set_session_indicator, NULL, RSRC_CONF, TAKE1,	1881	{"JkSESSIONIndicator", jk_set_session_indicator, NULL, RSRC_CONF, TAKE1,
Lines 1838-1843 Link Here
1838	* ForwardURICompat => Forward URI normally, less spec compliant but mod_rewrite compatible (old TC)	1893	* ForwardURICompat => Forward URI normally, less spec compliant but mod_rewrite compatible (old TC)
1839	* ForwardURICompatUnparsed => Forward URI as unparsed, spec compliant but broke mod_rewrite (old TC)	1894	* ForwardURICompatUnparsed => Forward URI as unparsed, spec compliant but broke mod_rewrite (old TC)
1840	* ForwardURIEscaped => Forward URI escaped and Tomcat (3.3 rc2) stuff will do the decoding part	1895	* ForwardURIEscaped => Forward URI escaped and Tomcat (3.3 rc2) stuff will do the decoding part
		1896	* +ForwardSSLCertChain => Forward SSL certificate chain
		1897	* -ForwardSSLCertChain => Don't forward SSL certificate chain (default)
1841	*/	1898	*/
1842	{"JkOptions", jk_set_options, NULL, RSRC_CONF, RAW_ARGS,	1899	{"JkOptions", jk_set_options, NULL, RSRC_CONF, RAW_ARGS,
1843	"Set one of more options to configure the mod_jk module"},	1900	"Set one of more options to configure the mod_jk module"},
Lines 2123-2128 Link Here
2123	*/	2180	*/
2124	c->https_indicator = JK_ENV_HTTPS;	2181	c->https_indicator = JK_ENV_HTTPS;
2125	c->certs_indicator = JK_ENV_CERTS;	2182	c->certs_indicator = JK_ENV_CERTS;
		2183	c->certchain_indicator = "SSL_CLIENT_CERT_CHAIN_";
2126	c->cipher_indicator = JK_ENV_CIPHER;	2184	c->cipher_indicator = JK_ENV_CIPHER;
2127	c->session_indicator = JK_ENV_SESSION;	2185	c->session_indicator = JK_ENV_SESSION;
2128	c->key_size_indicator = JK_ENV_KEY_SIZE;	2186	c->key_size_indicator = JK_ENV_KEY_SIZE;
Lines 2188-2193 Link Here
2188	overrides->https_indicator = base->https_indicator;	2246	overrides->https_indicator = base->https_indicator;
2189	if (!overrides->certs_indicator)	2247	if (!overrides->certs_indicator)
2190	overrides->certs_indicator = base->certs_indicator;	2248	overrides->certs_indicator = base->certs_indicator;
		2249	if (!overrides->certchain_indicator)
		2250	overrides->certchain_indicator = base->certchain_indicator;
2191	if (!overrides->cipher_indicator)	2251	if (!overrides->cipher_indicator)
2192	overrides->cipher_indicator = base->cipher_indicator;	2252	overrides->cipher_indicator = base->cipher_indicator;
2193	if (!overrides->session_indicator)	2253	if (!overrides->session_indicator)

Lines 188-193 Link Here

(-)tomcat-connectors-1.2.20-src.orig/native/apache-2.0/mod_jk.c (+52 lines)
188	int ssl_enable;	188	int ssl_enable;
189	char *https_indicator;	189	char *https_indicator;
190	char *certs_indicator;	190	char *certs_indicator;
		191	char *certchain_indicator;
191	char *cipher_indicator;	192	char *cipher_indicator;
192	char session_indicator; / Servlet API 2.3 requirement */	193	char session_indicator; / Servlet API 2.3 requirement */
193	char key_size_indicator; / Servlet API 2.3 requirement */	194	char key_size_indicator; / Servlet API 2.3 requirement */
Lines 656-663 Link Here
656	s->ssl_cert =	657	s->ssl_cert =
657	(char *)apr_table_get(r->subprocess_env,	658	(char *)apr_table_get(r->subprocess_env,
658	conf->certs_indicator);	659	conf->certs_indicator);
		660	if (conf->options & JK_OPT_FWDCERTCHAIN) {
		661	const apr_array_header_t *t = apr_table_elts(r->subprocess_env);
		662	if (t && t->nelts) {
		663	int i;
		664	const apr_table_entry_t elts = (const apr_table_entry_t ) t->elts;
		665	apr_array_header_t certs = apr_array_make(r->pool, 1, sizeof(char ));
		666	(const char *)apr_array_push(certs) = s->ssl_cert;
		667	for (i = 0; i < t->nelts; i++) {
		668	if (!elts[i].key)
		669	continue;
		670	if (!strncasecmp(elts[i].key, conf->certchain_indicator, strlen(conf->certchain_indicator)))
		671	(const char *)apr_array_push(certs) = elts[i].val;
		672	}
		673	s->ssl_cert = apr_array_pstrcat(r->pool, certs, '\0');
		674	}
		675	}
659	if (s->ssl_cert) {	676	if (s->ssl_cert) {
660	s->ssl_cert_len = strlen(s->ssl_cert);	677	s->ssl_cert_len = strlen(s->ssl_cert);
		678	jk_log(conf->log, JK_LOG_DEBUG, "length of SSL client certificate: %d bytes", s->ssl_cert_len);
		679	if (s->ssl_cert_len > 0)
		680	jk_log(conf->log, JK_LOG_DEBUG, ", dump follows:\n%s", s->ssl_cert);
661	}	681	}
662	/* Servlet 2.3 API */	682	/* Servlet 2.3 API */
663	s->ssl_cipher =	683	s->ssl_cipher =
Lines 1547-1552 Link Here
1547	}	1567	}
1548		1568
1549	/*	1569	/*
		1570	* JkCERTCHAINIndicator Directive Handling
		1571	*
		1572	* JkCERTCHAINIndicator SSL_CLIENT_CERT_CHAIN_
		1573	*/
		1574
		1575	static const char jk_set_certchain_indicator(cmd_parms cmd,
		1576	void dummy, const char indicator)
		1577	{
		1578	server_rec *s = cmd->server;
		1579	jk_server_conf_t *conf =
		1580	(jk_server_conf_t *) ap_get_module_config(s->module_config,
		1581	&jk_module);
		1582
		1583	conf->certchain_indicator = apr_pstrdup(cmd->pool, indicator);
		1584
		1585	return NULL;
		1586	}
		1587
		1588	/*
1550	* JkCIPHERIndicator Directive Handling	1589	* JkCIPHERIndicator Directive Handling
1551	*	1590	*
1552	* JkCIPHERIndicator SSL_CIPHER	1591	* JkCIPHERIndicator SSL_CIPHER
Lines 1615-1620 Link Here
1615	* ForwardURICompatUnparsed => Forward URI as unparsed, spec compliant but broke mod_rewrite (old TC)	1654	* ForwardURICompatUnparsed => Forward URI as unparsed, spec compliant but broke mod_rewrite (old TC)
1616	* ForwardURIEscaped => Forward URI escaped and Tomcat (3.3 rc2) stuff will do the decoding part	1655	* ForwardURIEscaped => Forward URI escaped and Tomcat (3.3 rc2) stuff will do the decoding part
1617	* ForwardDirectories => Forward all directory requests with no index files to Tomcat	1656	* ForwardDirectories => Forward all directory requests with no index files to Tomcat
		1657	* +ForwardSSLCertChain => Forward SSL Cert Chain
		1658	* -ForwardSSLCertChain => Don't Forward SSL Cert Chain (default)
1618	*/	1659	*/
1619		1660
1620	static const char jk_set_options(cmd_parms cmd, void *dummy,	1661	static const char jk_set_options(cmd_parms cmd, void *dummy,
Lines 1674-1679 Link Here
1674	else if (!strcasecmp(w, "DisableReuse")) {	1715	else if (!strcasecmp(w, "DisableReuse")) {
1675	opt = JK_OPT_DISABLEREUSE;	1716	opt = JK_OPT_DISABLEREUSE;
1676	}	1717	}
		1718	else if (!strcasecmp(w, "ForwardCertChain")) {
		1719	opt = JK_OPT_FWDCERTCHAIN;
		1720	}
1677	else	1721	else
1678	return apr_pstrcat(cmd->pool, "JkOptions: Illegal option '", w,	1722	return apr_pstrcat(cmd->pool, "JkOptions: Illegal option '", w,
1679	"'", NULL);	1723	"'", NULL);
Lines 1852-1857 Link Here
1852	*	1896	*
1853	* HTTPS - indication for SSL	1897	* HTTPS - indication for SSL
1854	* CERTS - Base64-Der-encoded client certificates.	1898	* CERTS - Base64-Der-encoded client certificates.
		1899	* CERTCHAIN - Base64-Der-encoded client chain certificates.
1855	* CIPHER - A string specifing the ciphers suite in use.	1900	* CIPHER - A string specifing the ciphers suite in use.
1856	* KEYSIZE - Size of Key used in dialogue (#bits are secure)	1901	* KEYSIZE - Size of Key used in dialogue (#bits are secure)
1857	* SESSION - A string specifing the current SSL session.	1902	* SESSION - A string specifing the current SSL session.
Lines 1860-1865 Link Here
1860	"Name of the Apache environment that contains SSL indication"),	1905	"Name of the Apache environment that contains SSL indication"),
1861	AP_INIT_TAKE1("JkCERTSIndicator", jk_set_certs_indicator, NULL, RSRC_CONF,	1906	AP_INIT_TAKE1("JkCERTSIndicator", jk_set_certs_indicator, NULL, RSRC_CONF,
1862	"Name of the Apache environment that contains SSL client certificates"),	1907	"Name of the Apache environment that contains SSL client certificates"),
		1908	AP_INIT_TAKE1("JkCERTCHAINIndicator", jk_set_certchain_indicator, NULL, RSRC_CONF,
		1909	"Name of the Apache environment (prefix) that contains SSL client chain certificates"),
1863	AP_INIT_TAKE1("JkCIPHERIndicator", jk_set_cipher_indicator, NULL,	1910	AP_INIT_TAKE1("JkCIPHERIndicator", jk_set_cipher_indicator, NULL,
1864	RSRC_CONF,	1911	RSRC_CONF,
1865	"Name of the Apache environment that contains SSL client cipher"),	1912	"Name of the Apache environment that contains SSL client cipher"),
Lines 1880-1885 Link Here
1880	* ForwardURICompat => Forward URI normally, less spec compliant but mod_rewrite compatible (old TC)	1927	* ForwardURICompat => Forward URI normally, less spec compliant but mod_rewrite compatible (old TC)
1881	* ForwardURICompatUnparsed => Forward URI as unparsed, spec compliant but broke mod_rewrite (old TC)	1928	* ForwardURICompatUnparsed => Forward URI as unparsed, spec compliant but broke mod_rewrite (old TC)
1882	* ForwardURIEscaped => Forward URI escaped and Tomcat (3.3 rc2) stuff will do the decoding part	1929	* ForwardURIEscaped => Forward URI escaped and Tomcat (3.3 rc2) stuff will do the decoding part
		1930	* +ForwardSSLCertChain => Forward SSL certificate chain
		1931	* -ForwardSSLCertChain => Don't forward SSL certificate chain
1883	*/	1932	*/
1884	AP_INIT_RAW_ARGS("JkOptions", jk_set_options, NULL, RSRC_CONF,	1933	AP_INIT_RAW_ARGS("JkOptions", jk_set_options, NULL, RSRC_CONF,
1885	"Set one of more options to configure the mod_jk module"),	1934	"Set one of more options to configure the mod_jk module"),
Lines 2242-2247 Link Here
2242	*/	2291	*/
2243	c->https_indicator = JK_ENV_HTTPS;	2292	c->https_indicator = JK_ENV_HTTPS;
2244	c->certs_indicator = JK_ENV_CERTS;	2293	c->certs_indicator = JK_ENV_CERTS;
		2294	c->certchain_indicator = "SSL_CLIENT_CERT_CHAIN_";
2245	c->cipher_indicator = JK_ENV_CIPHER;	2295	c->cipher_indicator = JK_ENV_CIPHER;
2246	c->session_indicator = JK_ENV_SESSION;	2296	c->session_indicator = JK_ENV_SESSION;
2247	c->key_size_indicator = JK_ENV_KEY_SIZE;	2297	c->key_size_indicator = JK_ENV_KEY_SIZE;
Lines 2313-2318 Link Here
2313	overrides->https_indicator = base->https_indicator;	2363	overrides->https_indicator = base->https_indicator;
2314	if (!overrides->certs_indicator)	2364	if (!overrides->certs_indicator)
2315	overrides->certs_indicator = base->certs_indicator;	2365	overrides->certs_indicator = base->certs_indicator;
		2366	if (!overrides->certchain_indicator)
		2367	overrides->certchain_indicator = base->certchain_indicator;
2316	if (!overrides->cipher_indicator)	2368	if (!overrides->cipher_indicator)
2317	overrides->cipher_indicator = base->cipher_indicator;	2369	overrides->cipher_indicator = base->cipher_indicator;
2318	if (!overrides->session_indicator)	2370	if (!overrides->session_indicator)