summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorStefan Eissing <icing@apache.org>2021-04-20 14:16:05 +0200
committerStefan Eissing <icing@apache.org>2021-04-20 14:16:05 +0200
commit8951949163612ad2f4ec936ac4a61154af0edce3 (patch)
tree80de0386c95cc48d3ea06a4f82606c5bded9aa10
parentFix some typos (diff)
downloadapache2-8951949163612ad2f4ec936ac4a61154af0edce3.tar.xz
apache2-8951949163612ad2f4ec936ac4a61154af0edce3.zip
core/ap_ssl_*: changes after review by rpluem
- removed no longer needed (char*) casts when looking up ssl variables. - move 'goto cleanup;' on separate source line - fixed check for wrong optional function in ap_run_ssl_var_lookup - remove ap_bytes_t again from httpd.h and passes now ocsp identifier as separate const char* and apr_size_t. This follows more how such data is passed in the rest of the server. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1889009 13f79535-47bb-0310-9956-ffa450edef68
Diffstat
-rw-r--r--include/ap_mmn.h8
-rw-r--r--include/http_ssl.h9
-rw-r--r--include/httpd.h11
-rw-r--r--modules/http2/h2_h2.c4
-rw-r--r--modules/lua/mod_lua.c2
-rw-r--r--modules/md/md_ocsp.c21
-rw-r--r--modules/md/md_ocsp.h6
-rw-r--r--modules/md/md_util.c6
-rw-r--r--modules/md/md_util.h2
-rw-r--r--modules/md/mod_md_ocsp.c18
-rw-r--r--modules/md/mod_md_ocsp.h4
-rw-r--r--modules/proxy/mod_proxy.c2
-rw-r--r--modules/ssl/ssl_engine_kernel.c9
-rw-r--r--modules/ssl/ssl_util_ssl.c12
-rw-r--r--modules/ssl/ssl_util_stapling.c19
-rw-r--r--server/ssl.c19
16 files changed, 73 insertions, 79 deletions
diff --git a/include/ap_mmn.h b/include/ap_mmn.h
index c1a0c9c8d5..260aca246d 100644
--- a/include/ap_mmn.h
+++ b/include/ap_mmn.h
@@ -667,16 +667,16 @@
* 20201214.1 (2.5.1-dev) Add ap_ssl_conn_is_ssl()/ap_ssl_var_lookup() and hooks
* 20201214.2 (2.5.1-dev) Add ap_ssl_add_cert_files, ap_ssl_add_fallback_cert_files
* 20201214.3 (2.5.1-dev) Move ap_ssl_* into new http_ssl.h header file
- * 20201214.4 (2.5.1-dev) Add `ap_bytes_t` to httpd.h.
- * Add ap_ssl_ocsp* hooks and functions to http_ssl.h.
+ * 20201214.4 (2.5.1-dev) Add ap_ssl_ocsp* hooks and functions to http_ssl.h.
+ * 20210420.0 (2.5.1-dev) Removed `ap_bytes_t` again from httpd.h and usage in ap_ssl_ocsp*()
*/
#define MODULE_MAGIC_COOKIE 0x41503235UL /* "AP25" */
#ifndef MODULE_MAGIC_NUMBER_MAJOR
-#define MODULE_MAGIC_NUMBER_MAJOR 20201214
+#define MODULE_MAGIC_NUMBER_MAJOR 20210420
#endif
-#define MODULE_MAGIC_NUMBER_MINOR 4 /* 0...n */
+#define MODULE_MAGIC_NUMBER_MINOR 0 /* 0...n */
/**
* Determine if the server's current MODULE_MAGIC_NUMBER is at least a
diff --git a/include/http_ssl.h b/include/http_ssl.h
index d238439e9a..556a58bdb7 100644
--- a/include/http_ssl.h
+++ b/include/http_ssl.h
@@ -200,7 +200,8 @@ AP_DECLARE(void) ap_setup_ssl_optional_fns(apr_pool_t *pool);
* @return OK iff stapling is being provided
*/
AP_DECLARE_HOOK(int, ssl_ocsp_prime_hook, (server_rec *s, apr_pool_t *p,
- const ap_bytes_t *id, const char *pem))
+ const char *id, apr_size_t id_len,
+ const char *pem))
/**
* Registering a certificate for Provisioning of OCSP responses. It is the caller's
@@ -218,7 +219,7 @@ AP_DECLARE_HOOK(int, ssl_ocsp_prime_hook, (server_rec *s, apr_pool_t *p,
* APR_ENOENT when no provided was found or took responsibility.
*/
AP_DECLARE(apr_status_t) ap_ssl_ocsp_prime(server_rec *s, apr_pool_t *p,
- const ap_bytes_t *id,
+ const char *id, apr_size_t id_len,
const char *pem);
/**
@@ -242,7 +243,7 @@ typedef void ap_ssl_ocsp_copy_resp(const unsigned char *der, apr_size_t der_len,
* @return OK iff response data has been provided, DECLINED otherwise
*/
AP_DECLARE_HOOK(int, ssl_ocsp_get_resp_hook,
- (server_rec *s, conn_rec *c, const ap_bytes_t *id,
+ (server_rec *s, conn_rec *c, const char *id, apr_size_t id_len,
ap_ssl_ocsp_copy_resp *cb, void *userdata))
/**
@@ -268,7 +269,7 @@ AP_DECLARE_HOOK(int, ssl_ocsp_get_resp_hook,
* @return APR_SUCCESS iff data has been provided
*/
AP_DECLARE(apr_status_t) ap_ssl_ocsp_get_resp(server_rec *s, conn_rec *c,
- const ap_bytes_t *id,
+ const char *id, apr_size_t id_len,
ap_ssl_ocsp_copy_resp *cb, void *userdata);
#ifdef __cplusplus
diff --git a/include/httpd.h b/include/httpd.h
index 397c80b290..5e4c036d8a 100644
--- a/include/httpd.h
+++ b/include/httpd.h
@@ -830,8 +830,6 @@ typedef struct conn_slave_rec conn_slave_rec;
typedef struct request_rec request_rec;
/** A structure that represents the status of the current connection */
typedef struct conn_state_t conn_state_t;
-/** A structure that represents a number of bytes */
-typedef struct ap_bytes_t ap_bytes_t;
/* ### would be nice to not include this from httpd.h ... */
/* This comes after we have defined the request_rec type */
@@ -1485,15 +1483,6 @@ struct ap_loadavg_t {
};
/**
- * @struct ap_bytes_t
- * @brief A structure to hold a number of bytes
- */
-struct ap_bytes_t {
- unsigned char *data;
- apr_size_t len;
-};
-
-/**
* Get the context_document_root for a request. This is a generalization of
* the document root, which is too limited in the presence of mappers like
* mod_userdir and mod_alias. The context_document_root is the directory
diff --git a/modules/http2/h2_h2.c b/modules/http2/h2_h2.c
index 1827788eac..1f0a5df7d3 100644
--- a/modules/http2/h2_h2.c
+++ b/modules/http2/h2_h2.c
@@ -456,7 +456,7 @@ int h2_is_acceptable_connection(conn_rec *c, request_rec *r, int require_all)
/* Need Tlsv1.2 or higher, rfc 7540, ch. 9.2
*/
- val = ap_ssl_var_lookup(pool, s, c, NULL, (char*)"SSL_PROTOCOL");
+ val = ap_ssl_var_lookup(pool, s, c, NULL, "SSL_PROTOCOL");
if (val && *val) {
if (strncmp("TLS", val, 3)
|| !strcmp("TLSv1", val)
@@ -475,7 +475,7 @@ int h2_is_acceptable_connection(conn_rec *c, request_rec *r, int require_all)
/* Check TLS cipher blacklist
*/
- val = ap_ssl_var_lookup(pool, s, c, NULL, (char*)"SSL_CIPHER");
+ val = ap_ssl_var_lookup(pool, s, c, NULL, "SSL_CIPHER");
if (val && *val) {
const char *source;
if (cipher_is_blacklisted(val, &source)) {
diff --git a/modules/lua/mod_lua.c b/modules/lua/mod_lua.c
index c672de8644..356cbfe0dc 100644
--- a/modules/lua/mod_lua.c
+++ b/modules/lua/mod_lua.c
@@ -1704,7 +1704,7 @@ static const char *register_lua_root(cmd_parms *cmd, void *_cfg,
const char *ap_lua_ssl_val(apr_pool_t *p, server_rec *s, conn_rec *c,
request_rec *r, const char *var)
{
- return ap_ssl_var_lookup(p, s, c, r, (char *)var);
+ return ap_ssl_var_lookup(p, s, c, r, var);
}
int ap_lua_ssl_is_https(conn_rec *c)
diff --git a/modules/md/md_ocsp.c b/modules/md/md_ocsp.c
index c6301a0f0c..d3f0e1577e 100644
--- a/modules/md/md_ocsp.c
+++ b/modules/md/md_ocsp.c
@@ -324,7 +324,7 @@ cleanup:
return rv;
}
-apr_status_t md_ocsp_prime(md_ocsp_reg_t *reg, const md_data_t *external_id,
+apr_status_t md_ocsp_prime(md_ocsp_reg_t *reg, const char *ext_id, apr_size_t ext_id_len,
md_cert_t *cert, md_cert_t *issuer, const md_t *md)
{
md_ocsp_status_t *ostat;
@@ -384,12 +384,12 @@ apr_status_t md_ocsp_prime(md_ocsp_reg_t *reg, const md_data_t *external_id,
"md[%s]: adding ocsp info (responder=%s)",
name, ostat->responder_url);
apr_hash_set(reg->ostat_by_id, ostat->id.data, (apr_ssize_t)ostat->id.len, ostat);
- if (external_id) {
+ if (ext_id) {
md_ocsp_id_map_t *id_map;
id_map = apr_pcalloc(reg->p, sizeof(*id_map));
id_map->id = id;
- md_data_assign_pcopy(&id_map->external_id, external_id, reg->p);
+ md_data_assign_pcopy(&id_map->external_id, ext_id, ext_id_len, reg->p);
/* check for collision/uniqness? */
apr_hash_set(reg->id_by_external_id, id_map->external_id.data,
(apr_ssize_t)id_map->external_id.len, id_map);
@@ -399,15 +399,16 @@ cleanup:
return rv;
}
-apr_status_t md_ocsp_get_status(md_ocsp_copy_der *cb, void *userdata,
- md_ocsp_reg_t *reg, const md_data_t *external_id,
+apr_status_t md_ocsp_get_status(md_ocsp_copy_der *cb, void *userdata, md_ocsp_reg_t *reg,
+ const char *ext_id, apr_size_t ext_id_len,
apr_pool_t *p, const md_t *md)
{
md_ocsp_status_t *ostat;
const char *name;
apr_status_t rv = APR_SUCCESS;
md_ocsp_id_map_t *id_map;
- const md_data_t *id;
+ const char *id;
+ apr_size_t id_len;
int locked = 0;
(void)p;
@@ -416,10 +417,10 @@ apr_status_t md_ocsp_get_status(md_ocsp_copy_der *cb, void *userdata,
md_log_perror(MD_LOG_MARK, MD_LOG_TRACE2, 0, reg->p,
"md[%s]: OCSP, get_status", name);
- id_map = apr_hash_get(reg->id_by_external_id,
- external_id->data, (apr_ssize_t)external_id->len);
- id = id_map? &id_map->id : external_id;
- ostat = apr_hash_get(reg->ostat_by_id, id->data, (apr_ssize_t)id->len);
+ id_map = apr_hash_get(reg->id_by_external_id, ext_id, (apr_ssize_t)ext_id_len);
+ id = id_map? id_map->id.data : ext_id;
+ id_len = id_map? id_map->id.len : ext_id_len;
+ ostat = apr_hash_get(reg->ostat_by_id, id, (apr_ssize_t)id_len);
if (!ostat) {
rv = APR_ENOENT;
goto cleanup;
diff --git a/modules/md/md_ocsp.h b/modules/md/md_ocsp.h
index 7f2e356e50..d6ee0f1d7d 100644
--- a/modules/md/md_ocsp.h
+++ b/modules/md/md_ocsp.h
@@ -42,13 +42,13 @@ apr_status_t md_ocsp_reg_make(md_ocsp_reg_t **preg, apr_pool_t *p,
apr_status_t md_ocsp_init_id(struct md_data_t *id, apr_pool_t *p, const md_cert_t *cert);
-apr_status_t md_ocsp_prime(md_ocsp_reg_t *reg, const struct md_data_t *external_id,
+apr_status_t md_ocsp_prime(md_ocsp_reg_t *reg, const char *ext_id, apr_size_t ext_id_len,
md_cert_t *x, md_cert_t *issuer, const md_t *md);
typedef void md_ocsp_copy_der(const unsigned char *der, apr_size_t der_len, void *userdata);
-apr_status_t md_ocsp_get_status(md_ocsp_copy_der *cb, void *userdata,
- md_ocsp_reg_t *reg, const struct md_data_t *external_id,
+apr_status_t md_ocsp_get_status(md_ocsp_copy_der *cb, void *userdata, md_ocsp_reg_t *reg,
+ const char *ext_id, apr_size_t ext_id_len,
apr_pool_t *p, const md_t *md);
apr_status_t md_ocsp_get_meta(md_ocsp_cert_stat_t *pstat, md_timeperiod_t *pvalid,
diff --git a/modules/md/md_util.c b/modules/md/md_util.c
index d0c23f9678..34e891d1ce 100644
--- a/modules/md/md_util.c
+++ b/modules/md/md_util.c
@@ -96,10 +96,10 @@ md_data_t *md_data_make(apr_pool_t *p, apr_size_t len)
return d;
}
-void md_data_assign_pcopy(md_data_t *dest, const md_data_t *src, apr_pool_t *p)
+void md_data_assign_pcopy(md_data_t *dest, const char *src, apr_size_t src_len, apr_pool_t *p)
{
- dest->data = (src->data && src->len)? apr_pmemdup(p, src->data, src->len) : NULL;
- dest->len = dest->data? src->len : 0;
+ dest->data = (src && src_len)? apr_pmemdup(p, src, src_len) : NULL;
+ dest->len = dest->data? src_len : 0;
}
static const char * const hex_const[] = {
diff --git a/modules/md/md_util.h b/modules/md/md_util.h
index 0fc00256cf..67d0e5128a 100644
--- a/modules/md/md_util.h
+++ b/modules/md/md_util.h
@@ -46,7 +46,7 @@ struct md_data_t {
md_data_t *md_data_make(apr_pool_t *p, apr_size_t len);
md_data_t *md_data_create(apr_pool_t *p, const char *data, apr_size_t len);
-void md_data_assign_pcopy(md_data_t *dest, const md_data_t *src, apr_pool_t *p);
+void md_data_assign_pcopy(md_data_t *dest, const char *src, apr_size_t src_len, apr_pool_t *p);
apr_status_t md_data_to_hex(const char **phex, char separator,
apr_pool_t *p, const md_data_t *data);
diff --git a/modules/md/mod_md_ocsp.c b/modules/md/mod_md_ocsp.c
index 4aa9ed29dd..0f64676025 100644
--- a/modules/md/mod_md_ocsp.c
+++ b/modules/md/mod_md_ocsp.c
@@ -65,7 +65,7 @@ int md_ocsp_init_stapling_status(server_rec *s, apr_pool_t *p,
md = ((sc->assigned && sc->assigned->nelts == 1)?
APR_ARRAY_IDX(sc->assigned, 0, const md_t*) : NULL);
- rv = md_ocsp_prime(sc->mc->ocsp, NULL, md_cert_wrap(p, cert),
+ rv = md_ocsp_prime(sc->mc->ocsp, NULL, 0, md_cert_wrap(p, cert),
md_cert_wrap(p, issuer), md);
ap_log_error(APLOG_MARK, APLOG_TRACE1, rv, s, "init stapling for: %s",
md? md->name : s->server_hostname);
@@ -77,13 +77,12 @@ declined:
}
int md_ocsp_prime_status(server_rec *s, apr_pool_t *p,
- const ap_bytes_t *external_id, const char *pem)
+ const char *id, apr_size_t id_len, const char *pem)
{
md_srv_conf_t *sc;
const md_t *md;
apr_array_header_t *chain;
apr_status_t rv = APR_ENOENT;
- md_data_t eid;
sc = md_config_get(s);
if (!staple_here(sc)) goto cleanup;
@@ -104,9 +103,7 @@ int md_ocsp_prime_status(server_rec *s, apr_pool_t *p,
goto cleanup;
}
- eid.data = (char*)external_id->data;
- eid.len = external_id->len;
- rv = md_ocsp_prime(sc->mc->ocsp, &eid,
+ rv = md_ocsp_prime(sc->mc->ocsp, id, id_len,
APR_ARRAY_IDX(chain, 0, md_cert_t*),
APR_ARRAY_IDX(chain, 1, md_cert_t*), md);
ap_log_error(APLOG_MARK, APLOG_TRACE1, rv, s, "init stapling for: %s",
@@ -156,7 +153,7 @@ int md_ocsp_get_stapling_status(unsigned char **pder, int *pderlen,
rv = md_ocsp_init_id(&id, c->pool, cert);
if (APR_SUCCESS != rv) goto declined;
- rv = md_ocsp_get_status(ocsp_copy_der, &ctx, sc->mc->ocsp, &id, c->pool, md);
+ rv = md_ocsp_get_status(ocsp_copy_der, &ctx, sc->mc->ocsp, id.data, id.len, c->pool, md);
if (APR_STATUS_IS_ENOENT(rv)) goto declined;
*pder = ctx.der;
*pderlen = (int)ctx.der_len;
@@ -167,12 +164,11 @@ declined:
}
int md_ocsp_provide_status(server_rec *s, conn_rec *c,
- const ap_bytes_t *external_id,
+ const char *id, apr_size_t id_len,
ap_ssl_ocsp_copy_resp *cb, void *userdata)
{
md_srv_conf_t *sc;
const md_t *md;
- md_data_t eid;
apr_status_t rv;
sc = md_config_get(s);
@@ -183,9 +179,7 @@ int md_ocsp_provide_status(server_rec *s, conn_rec *c,
ap_log_cerror(APLOG_MARK, APLOG_TRACE2, 0, c, "get stapling for: %s",
md? md->name : s->server_hostname);
- eid.data = (const char *)external_id->data;
- eid.len = external_id->len;
- rv = md_ocsp_get_status(cb, userdata, sc->mc->ocsp, &eid, c->pool, md);
+ rv = md_ocsp_get_status(cb, userdata, sc->mc->ocsp, id, id_len, c->pool, md);
if (APR_STATUS_IS_ENOENT(rv)) goto declined;
return OK;
diff --git a/modules/md/mod_md_ocsp.h b/modules/md/mod_md_ocsp.h
index 48f0db34aa..dcc6e49c5a 100644
--- a/modules/md/mod_md_ocsp.h
+++ b/modules/md/mod_md_ocsp.h
@@ -25,9 +25,9 @@ int md_ocsp_get_stapling_status(unsigned char **pder, int *pderlen,
conn_rec *c, server_rec *s, X509 *cert);
int md_ocsp_prime_status(server_rec *s, apr_pool_t *p,
- const ap_bytes_t *id, const char *pem);
+ const char *id, apr_size_t id_len, const char *pem);
-int md_ocsp_provide_status(server_rec *s, conn_rec *c, const ap_bytes_t *id,
+int md_ocsp_provide_status(server_rec *s, conn_rec *c, const char *id, apr_size_t id_len,
ap_ssl_ocsp_copy_resp *cb, void *userdata);
/**
diff --git a/modules/proxy/mod_proxy.c b/modules/proxy/mod_proxy.c
index 0926ae113f..dd51fe9641 100644
--- a/modules/proxy/mod_proxy.c
+++ b/modules/proxy/mod_proxy.c
@@ -3185,7 +3185,7 @@ PROXY_DECLARE(const char *) ap_proxy_ssl_val(apr_pool_t *p, server_rec *s,
conn_rec *c, request_rec *r,
const char *var)
{
- return ap_ssl_var_lookup(p, s, c, r, (char *)var);
+ return ap_ssl_var_lookup(p, s, c, r, var);
}
static int proxy_post_config(apr_pool_t *pconf, apr_pool_t *plog,
diff --git a/modules/ssl/ssl_engine_kernel.c b/modules/ssl/ssl_engine_kernel.c
index b279273deb..8e7437bf6c 100644
--- a/modules/ssl/ssl_engine_kernel.c
+++ b/modules/ssl/ssl_engine_kernel.c
@@ -2349,7 +2349,8 @@ static apr_status_t set_challenge_creds(conn_rec *c, const char *servername,
ap_log_cerror(APLOG_MARK, APLOG_WARNING, 0, c, APLOGNO(10086)
"Failed to configure challenge certificate %s",
servername);
- rv = APR_EGENERAL; goto cleanup;
+ rv = APR_EGENERAL;
+ goto cleanup;
}
if (!SSL_use_PrivateKey(ssl, key)) {
@@ -2357,14 +2358,16 @@ static apr_status_t set_challenge_creds(conn_rec *c, const char *servername,
"error '%s' using Challenge key: %s",
ERR_error_string(ERR_peek_last_error(), NULL),
servername);
- rv = APR_EGENERAL; goto cleanup;
+ rv = APR_EGENERAL;
+ goto cleanup;
}
if (SSL_check_private_key(ssl) < 1) {
ap_log_cerror(APLOG_MARK, APLOG_WARNING, 0, c, APLOGNO(10088)
"Challenge certificate and private key %s "
"do not match", servername);
- rv = APR_EGENERAL; goto cleanup;
+ rv = APR_EGENERAL;
+ goto cleanup;
}
cleanup:
diff --git a/modules/ssl/ssl_util_ssl.c b/modules/ssl/ssl_util_ssl.c
index df25c49925..f3e9ee62a4 100644
--- a/modules/ssl/ssl_util_ssl.c
+++ b/modules/ssl/ssl_util_ssl.c
@@ -546,22 +546,26 @@ apr_status_t modssl_read_cert(apr_pool_t *p,
in = BIO_new_mem_buf(cert_pem, -1);
if (in == NULL) {
- rv = APR_ENOMEM; goto cleanup;
+ rv = APR_ENOMEM;
+ goto cleanup;
}
x = PEM_read_bio_X509(in, NULL, cb, ud);
if (x == NULL) {
- rv = APR_ENOENT; goto cleanup;
+ rv = APR_ENOENT;
+ goto cleanup;
}
BIO_free(in);
in = BIO_new_mem_buf(key_pem? key_pem : cert_pem, -1);
if (in == NULL) {
- rv = APR_ENOMEM; goto cleanup;
+ rv = APR_ENOMEM;
+ goto cleanup;
}
key = PEM_read_bio_PrivateKey(in, NULL, cb, ud);
if (key == NULL) {
- rv = APR_ENOENT; goto cleanup;
+ rv = APR_ENOENT;
+ goto cleanup;
}
cleanup:
diff --git a/modules/ssl/ssl_util_stapling.c b/modules/ssl/ssl_util_stapling.c
index 54fb4e0415..f9f10b8426 100644
--- a/modules/ssl/ssl_util_stapling.c
+++ b/modules/ssl/ssl_util_stapling.c
@@ -131,7 +131,6 @@ int ssl_stapling_init_cert(server_rec *s, apr_pool_t *p, apr_pool_t *ptemp,
OCSP_CERTID *cid = NULL;
STACK_OF(OPENSSL_STRING) *aia = NULL;
const char *pem = NULL;
- ap_bytes_t key;
int rv = 1; /* until further notice */
if (x == NULL)
@@ -161,9 +160,7 @@ int ssl_stapling_init_cert(server_rec *s, apr_pool_t *p, apr_pool_t *ptemp,
goto cleanup;
}
- key.data = idx;
- key.len = sizeof(idx);
- if (ap_ssl_ocsp_prime(s, p, &key, pem) == APR_SUCCESS
+ if (ap_ssl_ocsp_prime(s, p, (const char*)idx, sizeof(idx), pem) == APR_SUCCESS
|| ssl_run_init_stapling_status(s, p, x, issuer) == OK) {
/* Someone's taken over or mod_ssl's own implementation is not enabled */
if (mctx->stapling_enabled != TRUE) {
@@ -772,9 +769,14 @@ static int get_and_check_cached_response(server_rec *s, modssl_ctx_t *mctx,
return 0;
}
+typedef struct {
+ unsigned char *data;
+ apr_size_t len;
+} ocsp_resp;
+
static void copy_ocsp_resp(const unsigned char *der, apr_size_t der_len, void *userdata)
{
- ap_bytes_t *resp = userdata;
+ ocsp_resp *resp = userdata;
resp->len = 0;
resp->data = der? OPENSSL_malloc(der_len) : NULL;
@@ -799,7 +801,7 @@ static int stapling_cb(SSL *ssl, void *arg)
SSLConnRec *sslconn = myConnConfig(conn);
modssl_ctx_t *mctx = myCtxConfig(sslconn, sc);
UCHAR idx[SHA_DIGEST_LENGTH];
- ap_bytes_t key, resp;
+ ocsp_resp resp;
certinfo *cinf = NULL;
OCSP_RESPONSE *rsp = NULL;
int rv;
@@ -818,10 +820,9 @@ static int stapling_cb(SSL *ssl, void *arg)
if (X509_digest(x, EVP_sha1(), idx, NULL) != 1) {
return SSL_TLSEXT_ERR_NOACK;
}
- key.data = idx;
- key.len = sizeof(idx);
- if (ap_ssl_ocsp_get_resp(s, conn, &key, copy_ocsp_resp, &resp) == APR_SUCCESS) {
+ if (ap_ssl_ocsp_get_resp(s, conn, (const char*)idx, sizeof(idx),
+ copy_ocsp_resp, &resp) == APR_SUCCESS) {
provided = 1;
}
else if (ssl_run_get_stapling_status(&resp.data, &rspderlen, conn, s, x) == APR_SUCCESS) {
diff --git a/server/ssl.c b/server/ssl.c
index 65112ca9da..1f4be8d6aa 100644
--- a/server/ssl.c
+++ b/server/ssl.c
@@ -100,7 +100,7 @@ AP_DECLARE(const char *) ap_ssl_var_lookup(apr_pool_t *p, server_rec *s,
const char *name)
{
const char *val = ap_run_ssl_var_lookup(p, s, c, r, name);
- if (val == NULL && module_ssl_is_https) {
+ if (val == NULL && module_ssl_var_lookup) {
val = module_ssl_var_lookup(p, s, c, r, name);
}
return val;
@@ -148,18 +148,18 @@ AP_DECLARE(int) ap_ssl_answer_challenge(conn_rec *c, const char *server_name,
}
AP_DECLARE(apr_status_t) ap_ssl_ocsp_prime(server_rec *s, apr_pool_t *p,
- const ap_bytes_t *id,
+ const char *id, apr_size_t id_len,
const char *pem)
{
- int rv = ap_run_ssl_ocsp_prime_hook(s, p, id, pem);
+ int rv = ap_run_ssl_ocsp_prime_hook(s, p, id, id_len, pem);
return rv == OK? APR_SUCCESS : (rv == DECLINED? APR_ENOENT : APR_EGENERAL);
}
AP_DECLARE(apr_status_t) ap_ssl_ocsp_get_resp(server_rec *s, conn_rec *c,
- const ap_bytes_t *id,
+ const char *id, apr_size_t id_len,
ap_ssl_ocsp_copy_resp *cb, void *userdata)
{
- int rv = ap_run_ssl_ocsp_get_resp_hook(s, c, id, cb, userdata);
+ int rv = ap_run_ssl_ocsp_get_resp_hook(s, c, id, id_len, cb, userdata);
return rv == OK? APR_SUCCESS : (rv == DECLINED? APR_ENOENT : APR_EGENERAL);
}
@@ -180,8 +180,9 @@ AP_IMPLEMENT_HOOK_RUN_FIRST(int, ssl_answer_challenge,
(conn_rec *c, const char *server_name, const char **pcert_pem, const char **pkey_pem),
(c, server_name, pcert_pem, pkey_pem), DECLINED)
AP_IMPLEMENT_HOOK_RUN_FIRST(int, ssl_ocsp_prime_hook,
- (server_rec *s, apr_pool_t *p, const ap_bytes_t *id, const char *pem),
- (s, p, id, pem), DECLINED)
+ (server_rec *s, apr_pool_t *p, const char *id, apr_size_t id_len, const char *pem),
+ (s, p, id, id_len, pem), DECLINED)
AP_IMPLEMENT_HOOK_RUN_FIRST(int, ssl_ocsp_get_resp_hook,
- (server_rec *s, conn_rec *c, const ap_bytes_t *id, ap_ssl_ocsp_copy_resp *cb, void *userdata),
- (s, c, id, cb, userdata), DECLINED)
+ (server_rec *s, conn_rec *c, const char *id, apr_size_t id_len,
+ ap_ssl_ocsp_copy_resp *cb, void *userdata),
+ (s, c, id, id_len, cb, userdata), DECLINED)
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-18 14:15:26 +0100