Attachment #25856 for bug #49717

View | Details | Raw Unified | Return to bug 49717
Collapse All | Expand All

Lines 3956-3969 Link Here

(-)server/core.c (-4 / +18 lines)
3956	* is not initialized correctly, Linux - for example - will	3956	* is not initialized correctly, Linux - for example - will
3957	* be initially blocking, while Solaris will be non blocking	3957	* be initially blocking, while Solaris will be non blocking
3958	* and any initial read will fail.	3958	* and any initial read will fail.
		3959	*
		3960	* If this timeout has already been set, don't set it again.
		3961	* This prevents overwriting of other modules' timeout options.
		3962	*
3959	*/	3963	*/
3960	rv = apr_socket_timeout_set(csd, c->base_server->timeout);	3964
3961	if (rv != APR_SUCCESS) {	3965	rv = apr_socket_timeout_get(csd, &old_time);
3962	/* expected cause is that the client disconnected already */	3966	if(rv != APR_SUCCESS) {
		3967	/* not sure why this would fail */
3963	ap_log_cerror(APLOG_MARK, APLOG_DEBUG, rv, c,	3968	ap_log_cerror(APLOG_MARK, APLOG_DEBUG, rv, c,
3964	"apr_socket_timeout_set");	3969	"apr_socket_timeout_get");
3965	}	3970	}
3966		3971
		3972	if(old_time == apr_time_from_sec(0)) {
		3973	rv = apr_socket_timeout_set(csd, c->base_server->timeout);
		3974	if (rv != APR_SUCCESS) {
		3975	/* expected cause is that the client disconnected already */
		3976	ap_log_cerror(APLOG_MARK, APLOG_DEBUG, rv, c,
		3977	"apr_socket_timeout_set");
		3978	}
		3979	}
		3980
3967	net->c = c;	3981	net->c = c;
3968	net->in_ctx = NULL;	3982	net->in_ctx = NULL;
3969	net->out_ctx = NULL;	3983	net->out_ctx = NULL;

Lines 476-481 Link Here

(-)modules/ssl/ssl_private.h (+2 lines)
476	modssl_ctx_t *proxy;	476	modssl_ctx_t *proxy;
477	ssl_enabled_t proxy_ssl_check_peer_expire;	477	ssl_enabled_t proxy_ssl_check_peer_expire;
478	ssl_enabled_t proxy_ssl_check_peer_cn;	478	ssl_enabled_t proxy_ssl_check_peer_cn;
		479	apr_interval_time_t timeout;
479	#ifndef OPENSSL_NO_TLSEXT	480	#ifndef OPENSSL_NO_TLSEXT
480	ssl_enabled_t strict_sni_vhost_check;	481	ssl_enabled_t strict_sni_vhost_check;
481	#endif	482	#endif
Lines 561-566 Link Here
561	const char ssl_cmd_SSLProxyMachineCertificateFile(cmd_parms , void , const char );	562	const char ssl_cmd_SSLProxyMachineCertificateFile(cmd_parms , void , const char );
562	const char ssl_cmd_SSLProxyCheckPeerExpire(cmd_parms cmd, void *dcfg, int flag);	563	const char ssl_cmd_SSLProxyCheckPeerExpire(cmd_parms cmd, void *dcfg, int flag);
563	const char ssl_cmd_SSLProxyCheckPeerCN(cmd_parms cmd, void *dcfg, int flag);	564	const char ssl_cmd_SSLProxyCheckPeerCN(cmd_parms cmd, void *dcfg, int flag);
		565	const char ssl_cmd_SSLProxyProtocol(cmd_parms , void , const char );
564		566
565	/** module initialization */	567	/** module initialization */
566	int ssl_init_Module(apr_pool_t , apr_pool_t , apr_pool_t , server_rec );	568	int ssl_init_Module(apr_pool_t , apr_pool_t , apr_pool_t , server_rec );




    sc->vhost_id               = NULL;  /* set during module init */
    sc->vhost_id_len           = 0;     /* set during module init */
    sc->session_cache_timeout  = UNSET;
    sc->timeout                = 0;
    sc->cipher_server_pref     = UNSET;
    sc->insecure_reneg         = UNSET;
    sc->proxy_ssl_check_peer_expire = SSL_ENABLED_UNSET;

    cfgMerge(enabled, SSL_ENABLED_UNSET);
    cfgMergeBool(proxy_enabled);
    cfgMergeInt(session_cache_timeout);
    cfgMergeInt(timeout);
    cfgMergeBool(cipher_server_pref);
    cfgMergeBool(insecure_reneg);
    cfgMerge(proxy_ssl_check_peer_expire, SSL_ENABLED_UNSET);

 *  Configuration functions for particular directives
 */

const char *ssl_cmd_SSLTimeout(cmd_parms *cmd,
                             void *dcfg,
                             const char *arg)
{
    SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
    sc->timeout = apr_time_from_sec(atoi(arg));
    return NULL;
}

const char *ssl_cmd_SSLMutex(cmd_parms *cmd,
                             void *dcfg,
                             const char *arg_)

Lines 149-154 Link Here

(-)modules/ssl/mod_ssl.c (-3 / +15 lines)
149	"Set user name to SSL variable value")	149	"Set user name to SSL variable value")
150	SSL_CMD_SRV(StrictSNIVHostCheck, FLAG,	150	SSL_CMD_SRV(StrictSNIVHostCheck, FLAG,
151	"Strict SNI virtual host checking")	151	"Strict SNI virtual host checking")
		152	SSL_CMD_SRV(Timeout, TAKE1,
		153	"SSL connection lifetime "
		154	"(`N' - number of seconds)")
152		155
153	/*	156	/*
154	* Proxy configuration for remote SSL connections	157	* Proxy configuration for remote SSL connections
Lines 366-372 Link Here
366	char *vhost_md5;	369	char *vhost_md5;
367	modssl_ctx_t *mctx;	370	modssl_ctx_t *mctx;
368	server_rec *server;	371	server_rec *server;
369		372
370	if (!sslconn) {	373	if (!sslconn) {
371	sslconn = ssl_init_connection_ctx(c);	374	sslconn = ssl_init_connection_ctx(c);
372	}	375	}
Lines 395-401 Link Here
395		398
396	return DECLINED; /* XXX */	399	return DECLINED; /* XXX */
397	}	400	}
398		401
399	vhost_md5 = ap_md5_binary(c->pool, (unsigned char *)sc->vhost_id,	402	vhost_md5 = ap_md5_binary(c->pool, (unsigned char *)sc->vhost_id,
400	sc->vhost_id_len);	403	sc->vhost_id_len);
401		404
Lines 455-461 Link Here
455	{	458	{
456	SSLSrvConfigRec *sc;	459	SSLSrvConfigRec *sc;
457	SSLConnRec *sslconn = myConnConfig(c);	460	SSLConnRec *sslconn = myConnConfig(c);
458		461	apr_status_t tv;
		462
459	if (sslconn) {	463	if (sslconn) {
460	sc = mySrvConfig(sslconn->server);	464	sc = mySrvConfig(sslconn->server);
461	}	465	}
Lines 482-487 Link Here
482	return DECLINED;	486	return DECLINED;
483	}	487	}
484		488
		489	/* Set the SSL connection timeout. */
		490	rv = apr_socket_timeout_set(csd, sc->timeout);
		491	if(rv != APR_SUCCESS) {
		492	/* expected cause is that the client disconnected already */
		493	ap_log_cerror(APLOG_MARK, APLOG_DEBUG, rv, c,
		494	"Unable to set timeout on SSL socket");
		495	}
		496
485	/*	497	/*
486	* Remember the connection information for	498	* Remember the connection information for
487	* later access inside callback functions	499	* later access inside callback functions

Return to bug 49717

Lines 168-173 Link Here

(-)modules/ssl/ssl_engine_config.c (+11 lines)
168	sc->vhost_id = NULL; /* set during module init */	168	sc->vhost_id = NULL; /* set during module init */
169	sc->vhost_id_len = 0; /* set during module init */	169	sc->vhost_id_len = 0; /* set during module init */
170	sc->session_cache_timeout = UNSET;	170	sc->session_cache_timeout = UNSET;
		171	sc->timeout = 0;
171	sc->cipher_server_pref = UNSET;	172	sc->cipher_server_pref = UNSET;
172	sc->insecure_reneg = UNSET;	173	sc->insecure_reneg = UNSET;
173	sc->proxy_ssl_check_peer_expire = SSL_ENABLED_UNSET;	174	sc->proxy_ssl_check_peer_expire = SSL_ENABLED_UNSET;
Lines 262-267 Link Here
262	cfgMerge(enabled, SSL_ENABLED_UNSET);	263	cfgMerge(enabled, SSL_ENABLED_UNSET);
263	cfgMergeBool(proxy_enabled);	264	cfgMergeBool(proxy_enabled);
264	cfgMergeInt(session_cache_timeout);	265	cfgMergeInt(session_cache_timeout);
		266	cfgMergeInt(timeout);
265	cfgMergeBool(cipher_server_pref);	267	cfgMergeBool(cipher_server_pref);
266	cfgMergeBool(insecure_reneg);	268	cfgMergeBool(insecure_reneg);
267	cfgMerge(proxy_ssl_check_peer_expire, SSL_ENABLED_UNSET);	269	cfgMerge(proxy_ssl_check_peer_expire, SSL_ENABLED_UNSET);
Lines 346-351 Link Here
346	* Configuration functions for particular directives	348	* Configuration functions for particular directives
347	*/	349	*/
348		350
		351	const char ssl_cmd_SSLTimeout(cmd_parms cmd,
		352	void *dcfg,
		353	const char *arg)
		354	{
		355	SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
		356	sc->timeout = apr_time_from_sec(atoi(arg));
		357	return NULL;
		358	}
		359
349	const char ssl_cmd_SSLMutex(cmd_parms cmd,	360	const char ssl_cmd_SSLMutex(cmd_parms cmd,
350	void *dcfg,	361	void *dcfg,
351	const char *arg_)	362	const char *arg_)