842ae4bd224140319ae7feec1872b93dfd491143fielding/* Licensed to the Apache Software Foundation (ASF) under one or more
842ae4bd224140319ae7feec1872b93dfd491143fielding * contributor license agreements. See the NOTICE file distributed with
842ae4bd224140319ae7feec1872b93dfd491143fielding * this work for additional information regarding copyright ownership.
842ae4bd224140319ae7feec1872b93dfd491143fielding * The ASF licenses this file to You under the Apache License, Version 2.0
842ae4bd224140319ae7feec1872b93dfd491143fielding * (the "License"); you may not use this file except in compliance with
842ae4bd224140319ae7feec1872b93dfd491143fielding * the License. You may obtain a copy of the License at
ce9621257ef9e54c1bbe5ad8a5f445a1f211c2dcnd * Unless required by applicable law or agreed to in writing, software
ce9621257ef9e54c1bbe5ad8a5f445a1f211c2dcnd * distributed under the License is distributed on an "AS IS" BASIS,
ce9621257ef9e54c1bbe5ad8a5f445a1f211c2dcnd * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
ce9621257ef9e54c1bbe5ad8a5f445a1f211c2dcnd * See the License for the specific language governing permissions and
ce9621257ef9e54c1bbe5ad8a5f445a1f211c2dcnd * limitations under the License.
ce9621257ef9e54c1bbe5ad8a5f445a1f211c2dcnd * _ __ ___ ___ __| | ___ ___| | mod_ssl
ce9621257ef9e54c1bbe5ad8a5f445a1f211c2dcnd * | '_ ` _ \ / _ \ / _` | / __/ __| | Apache Interface to OpenSSL
ce9621257ef9e54c1bbe5ad8a5f445a1f211c2dcnd * | | | | | | (_) | (_| | \__ \__ \ |
ce9621257ef9e54c1bbe5ad8a5f445a1f211c2dcnd * |_| |_| |_|\___/ \__,_|___|___/___/_|
ce9621257ef9e54c1bbe5ad8a5f445a1f211c2dcnd * Apache API interface structures
5716f9c6daa92dde5f2f9d11ed63f7c9549c223atrawickAPR_IMPLEMENT_OPTIONAL_HOOK_RUN_ALL(ssl, SSL, int, pre_handshake,
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse * the table of configuration directives we provide
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse * Global (main-server) context configuration directives
7933d4a963def02417113b6798d87a36395053b0rse "SSL dialog mechanism for the pass phrase query "
7988a91d9a1c6413f2c1a2138847f513d20de856fuankg "('builtin', '|/path/to/pipe_program', "
7988a91d9a1c6413f2c1a2138847f513d20de856fuankg "or 'exec:/path/to/cgi_program')")
7933d4a963def02417113b6798d87a36395053b0rse "SSL Session Cache storage "
7988a91d9a1c6413f2c1a2138847f513d20de856fuankg "('none', 'nonenotnull', 'dbm:/path/to/file')")
53c239bee62c6d55b5ddfba5d99376d4c8de924ejwoolley#if defined(HAVE_OPENSSL_ENGINE_H) && defined(HAVE_ENGINE_INIT)
7933d4a963def02417113b6798d87a36395053b0rse "SSL external Crypto Device usage "
7988a91d9a1c6413f2c1a2138847f513d20de856fuankg "('builtin', '...')")
7933d4a963def02417113b6798d87a36395053b0rse "SSL Pseudo Random Number Generator (PRNG) seeding source "
7988a91d9a1c6413f2c1a2138847f513d20de856fuankg "('startup|connect builtin|file:/path|exec:/path [bytes]')")
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse * Per-server context configuration directives
7933d4a963def02417113b6798d87a36395053b0rse "SSL switch for the protocol engine "
7988a91d9a1c6413f2c1a2138847f513d20de856fuankg "('on', 'off')")
e9eabac76b50e8f00d0c391f6070d0f42db77aa2wrowe "Enable FIPS-140 mode "
e9eabac76b50e8f00d0c391f6070d0f42db77aa2wrowe "(`on', `off')")
7933d4a963def02417113b6798d87a36395053b0rse "Colon-delimited list of permitted SSL Ciphers "
7988a91d9a1c6413f2c1a2138847f513d20de856fuankg "('XXX:...:XXX' - see manual)")
7933d4a963def02417113b6798d87a36395053b0rse "SSL Server Certificate file "
7988a91d9a1c6413f2c1a2138847f513d20de856fuankg "('/path/to/file' - PEM or DER encoded)")
7933d4a963def02417113b6798d87a36395053b0rse "SSL Server Private Key file "
7988a91d9a1c6413f2c1a2138847f513d20de856fuankg "('/path/to/file' - PEM or DER encoded)")
7933d4a963def02417113b6798d87a36395053b0rse "SSL Server CA Certificate Chain file "
7988a91d9a1c6413f2c1a2138847f513d20de856fuankg "('/path/to/file' - PEM encoded)")
7a4e3510f3516132ff057ac986fd6350164b7950kbrand "TLS session ticket encryption/decryption key file (RFC 5077) "
7a4e3510f3516132ff057ac986fd6350164b7950kbrand "('/path/to/file' - file with 48 bytes of random data)")
7933d4a963def02417113b6798d87a36395053b0rse "SSL CA Certificate path "
7988a91d9a1c6413f2c1a2138847f513d20de856fuankg "('/path/to/dir' - contains PEM encoded files)")
7933d4a963def02417113b6798d87a36395053b0rse "SSL CA Certificate file "
7988a91d9a1c6413f2c1a2138847f513d20de856fuankg "('/path/to/file' - PEM encoded)")
e335319a08e12eb7daff9afa80e985dc53f652b8jorton "SSL CA Distinguished Name path "
7988a91d9a1c6413f2c1a2138847f513d20de856fuankg "('/path/to/dir' - symlink hashes to PEM of acceptable CA names to request)")
e335319a08e12eb7daff9afa80e985dc53f652b8jorton "SSL CA Distinguished Name file "
7988a91d9a1c6413f2c1a2138847f513d20de856fuankg "('/path/to/file' - PEM encoded to derive acceptable CA names to request)")
7933d4a963def02417113b6798d87a36395053b0rse "SSL CA Certificate Revocation List (CRL) path "
7988a91d9a1c6413f2c1a2138847f513d20de856fuankg "('/path/to/dir' - contains PEM encoded files)")
7933d4a963def02417113b6798d87a36395053b0rse "SSL CA Certificate Revocation List (CRL) file "
7988a91d9a1c6413f2c1a2138847f513d20de856fuankg "('/path/to/file' - PEM encoded)")
77504f17963a8dd941a921d9ddfa25ddb0f348d6kbrand "SSL CA Certificate Revocation List (CRL) checking mode")
7933d4a963def02417113b6798d87a36395053b0rse "SSL Client verify type "
7988a91d9a1c6413f2c1a2138847f513d20de856fuankg "('none', 'optional', 'require', 'optional_no_ca')")
7933d4a963def02417113b6798d87a36395053b0rse "SSL Client verify depth "
7988a91d9a1c6413f2c1a2138847f513d20de856fuankg "('N' - number of intermediate certificates)")
7933d4a963def02417113b6798d87a36395053b0rse "SSL Session Cache object lifetime "
7988a91d9a1c6413f2c1a2138847f513d20de856fuankg "('N' - number of seconds)")
1fd6337111a9607570691e38857dcece7fb84abekbrand "Enable or disable various SSL protocols "
7efe7de73c89c26518714a504359244d03cfbbc5jorton "Use the server's cipher ordering preference")
807c436563a054c3513648163fd2e36612b68c9atrawick "Enable SSL level compression "
d9b079a6dd66d36313be56f859c8c61153146527sf "(`on', `off')")
f0ed8386200af077d3151eed8724d68b35884f1erjung "Enable or disable TLS session tickets"
f0ed8386200af077d3151eed8724d68b35884f1erjung "(`on', `off')")
2b4e45d87889ab2f6b432690cc993a42bc607fafjorton "Enable support for insecure renegotiation")
43c3e6a4b559b76b750c245ee95e2782c15b4296jim "Set user name to SSL variable value")
e3715027f352040ef98da03359b00f13ddb506cbrpluem "Strict SNI virtual host checking")
099c357f282d4aebf2b32264f7dce6ffc0497c37sf "SRP verifier file "
099c357f282d4aebf2b32264f7dce6ffc0497c37sf "('/path/to/file' - created by srptool)")
099c357f282d4aebf2b32264f7dce6ffc0497c37sf "SRP seed for unknown users (to avoid leaking a user's existence) "
099c357f282d4aebf2b32264f7dce6ffc0497c37sf "('some secret text')")
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse * Proxy configuration for remote SSL connections
cde1010d880fb6230f80c9d697842ea0b1cb79c7dougm "SSL switch for the proxy protocol engine "
7988a91d9a1c6413f2c1a2138847f513d20de856fuankg "('on', 'off')")
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse "SSL Proxy: enable or disable SSL protocol flavors "
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse "SSL Proxy: colon-delimited list of permitted SSL ciphers "
7988a91d9a1c6413f2c1a2138847f513d20de856fuankg "('XXX:...:XXX' - see manual)")
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse "SSL Proxy: whether to verify the remote certificate "
7988a91d9a1c6413f2c1a2138847f513d20de856fuankg "('on' or 'off')")
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse "SSL Proxy: maximum certificate verification depth "
7988a91d9a1c6413f2c1a2138847f513d20de856fuankg "('N' - number of intermediate certificates)")
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse "SSL Proxy: file containing server certificates "
7988a91d9a1c6413f2c1a2138847f513d20de856fuankg "('/path/to/file' - PEM encoded certificates)")
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse "SSL Proxy: directory containing server certificates "
7988a91d9a1c6413f2c1a2138847f513d20de856fuankg "('/path/to/dir' - contains PEM encoded certificates)")
a72de14bfdbf0be9d935be9bdc2df631ca5e032bdougm "SSL Proxy: CA Certificate Revocation List (CRL) path "
7988a91d9a1c6413f2c1a2138847f513d20de856fuankg "('/path/to/dir' - contains PEM encoded files)")
a72de14bfdbf0be9d935be9bdc2df631ca5e032bdougm "SSL Proxy: CA Certificate Revocation List (CRL) file "
7988a91d9a1c6413f2c1a2138847f513d20de856fuankg "('/path/to/file' - PEM encoded)")
77504f17963a8dd941a921d9ddfa25ddb0f348d6kbrand "SSL Proxy: CA Certificate Revocation List (CRL) checking mode")
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse "SSL Proxy: file containing client certificates "
7988a91d9a1c6413f2c1a2138847f513d20de856fuankg "('/path/to/file' - PEM encoded certificates)")
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse "SSL Proxy: directory containing client certificates "
7988a91d9a1c6413f2c1a2138847f513d20de856fuankg "('/path/to/dir' - contains PEM encoded certificates)")
44985e4f931d3a75a7e5108705010cc21605ee34druggeri SSL_CMD_SRV(ProxyMachineCertificateChainFile, TAKE1,
44985e4f931d3a75a7e5108705010cc21605ee34druggeri "SSL Proxy: file containing issuing certificates "
44985e4f931d3a75a7e5108705010cc21605ee34druggeri "of the client certificate "
44985e4f931d3a75a7e5108705010cc21605ee34druggeri "(`/path/to/file' - PEM encoded certificates)")
d58a822aff1dfda25384d3d009f88f1883c95436kbrand "SSL Proxy: check the peer certificate's expiration date")
d58a822aff1dfda25384d3d009f88f1883c95436kbrand "SSL Proxy: check the peer certificate's CN")
d58a822aff1dfda25384d3d009f88f1883c95436kbrand "SSL Proxy: check the peer certificate's name "
d58a822aff1dfda25384d3d009f88f1883c95436kbrand "(must be present in subjectAltName extension or CN")
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse * Per-directory context configuration directives
0839d91ee551a0e19ea9577bb00976b97308dfddmartin "Set one or more options to configure the SSL engine"
7988a91d9a1c6413f2c1a2138847f513d20de856fuankg "('[+-]option[=value] ...' - see manual)")
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse "Require the SSL protocol for the per-directory context "
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse "(no arguments)")
0839d91ee551a0e19ea9577bb00976b97308dfddmartin "Require a boolean expression to evaluate to true for granting access"
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse "(arbitrary complex boolean expression - see manual)")
509111f5f58a9effd4c832f6a0cbd6ad9d549188jorton "Configure the amount of memory that will be used for buffering the "
509111f5f58a9effd4c832f6a0cbd6ad9d549188jorton "request body if a per-location SSL renegotiation is required due to "
509111f5f58a9effd4c832f6a0cbd6ad9d549188jorton "changed access control requirements")
7988a91d9a1c6413f2c1a2138847f513d20de856fuankg "Enable use of OCSP to verify certificate revocation ('on', 'off')")
39c7699ec0799d394d3f67145d4a12ed82f587b8jorton "URL of the default OCSP Responder")
7988a91d9a1c6413f2c1a2138847f513d20de856fuankg "Force use of the default responder URL ('on', 'off')")
a2558ec3af4391b7da7fe61e1e53383bbd0174b9jorton "Maximum time difference in OCSP responses")
a2558ec3af4391b7da7fe61e1e53383bbd0174b9jorton "Maximum age of OCSP responses")
a2558ec3af4391b7da7fe61e1e53383bbd0174b9jorton "OCSP responder query timeout")
1716538bf2c1a52278afc6830c84f4f232329d1aylavic "Whether OCSP queries use a nonce or not ('on', 'off')")
89b8bbc89404e7071e573c4f0a17f528996e855djorton * OCSP Stapling options
89b8bbc89404e7071e573c4f0a17f528996e855djorton "SSL Stapling Response Cache storage "
89b8bbc89404e7071e573c4f0a17f528996e855djorton "(`dbm:/path/to/file')")
89b8bbc89404e7071e573c4f0a17f528996e855djorton "SSL switch for the OCSP Stapling protocol " "(`on', `off')")
89b8bbc89404e7071e573c4f0a17f528996e855djorton "SSL stapling option for maximum time difference in OCSP responses")
89b8bbc89404e7071e573c4f0a17f528996e855djorton "SSL stapling option for OCSP responder timeout")
89b8bbc89404e7071e573c4f0a17f528996e855djorton "SSL stapling option for maximum age of OCSP responses")
89b8bbc89404e7071e573c4f0a17f528996e855djorton "SSL stapling option for normal OCSP Response Cache Lifetime")
89b8bbc89404e7071e573c4f0a17f528996e855djorton "SSL stapling switch to return Status Errors Back to Client"
11e076839c8d5a82d55e710194d0daac51390dbdsf "(`on', `off')")
89b8bbc89404e7071e573c4f0a17f528996e855djorton "SSL stapling switch to send tryLater response to client on error "
11e076839c8d5a82d55e710194d0daac51390dbdsf "(`on', `off')")
89b8bbc89404e7071e573c4f0a17f528996e855djorton "SSL stapling option for OCSP Response Error Cache Lifetime")
89b8bbc89404e7071e573c4f0a17f528996e855djorton "SSL stapling option to Force the OCSP Stapling URL")
1cb35ac84e3ff37ec77837d1e3702a74604ab6f0fuankg "OpenSSL configuration command")
da0e8dabb745dce2c403f2aa9aded8045c646c29jim "Preference in Application-Layer Protocol Negotiation (ALPN), "
da0e8dabb745dce2c403f2aa9aded8045c646c29jim "protocols are chosed in the specified order")
e6e65585927961caf45d4e9e932bb1f4e9e89ca1jerenkrantz /* Deprecated directives. */
e8f95a682820a599fe41b22977010636be5c2717jim AP_INIT_RAW_ARGS("SSLLog", ap_set_deprecated, NULL, OR_ALL,
e6e65585927961caf45d4e9e932bb1f4e9e89ca1jerenkrantz "SSLLog directive is no longer supported - use ErrorLog."),
e8f95a682820a599fe41b22977010636be5c2717jim AP_INIT_RAW_ARGS("SSLLogLevel", ap_set_deprecated, NULL, OR_ALL,
e6e65585927961caf45d4e9e932bb1f4e9e89ca1jerenkrantz "SSLLogLevel directive is no longer supported - use LogLevel."),
7933d4a963def02417113b6798d87a36395053b0rse * the various processing hooks
2b7078b0c4fd5b6054f6f2d4f626177844f5c6f7wrowe * Try to kill the internals of the SSL library.
2b7078b0c4fd5b6054f6f2d4f626177844f5c6f7wrowe /* Corresponds to OPENSSL_load_builtin_modules():
2b7078b0c4fd5b6054f6f2d4f626177844f5c6f7wrowe * XXX: borrowed from apps.h, but why not CONF_modules_free()
2b7078b0c4fd5b6054f6f2d4f626177844f5c6f7wrowe * which also invokes CONF_modules_finish()?
2b7078b0c4fd5b6054f6f2d4f626177844f5c6f7wrowe /* Corresponds to SSL_library_init: */
28a2a3f8cc81354f027a4ac95abbbcd9e190db3fjkaluza /* Don't call ERR_free_strings in earlier versions, ERR_load_*_strings only
28a2a3f8cc81354f027a4ac95abbbcd9e190db3fjkaluza * actually loaded the error strings once per process due to static
56bd16e394f49423a22aa82643eb27f26db2c748jorton * variable abuse in OpenSSL. */
a73ec375db18806018eabc968baa85b250bbbf5djorton /* Also don't call CRYPTO_cleanup_all_ex_data here; any registered
a73ec375db18806018eabc968baa85b250bbbf5djorton * ex_data indices may have been cached in static variables in
a73ec375db18806018eabc968baa85b250bbbf5djorton * OpenSSL; removing them may cause havoc. Notably, with OpenSSL
a73ec375db18806018eabc968baa85b250bbbf5djorton * versions >= 0.9.8f, COMP_CTX cleanups would not be run, which
a73ec375db18806018eabc968baa85b250bbbf5djorton * could result in a per-connection memory leak (!). */
e8f95a682820a599fe41b22977010636be5c2717jim * TODO: determine somewhere we can safely shove out diagnostics
2b7078b0c4fd5b6054f6f2d4f626177844f5c6f7wrowe * (when enabled) at this late stage in the game:
2b7078b0c4fd5b6054f6f2d4f626177844f5c6f7wrowe * CRYPTO_mem_leaks_fp(stderr);
e8f95a682820a599fe41b22977010636be5c2717jim /* We must register the library in full, to ensure our configuration
b5451913a64155af2eab4f12ecbaf16e15acafc3wrowe * code can successfully test the SSL environment.
2b7078b0c4fd5b6054f6f2d4f626177844f5c6f7wrowe * Let us cleanup the ssl library when the module is unloaded
2b7078b0c4fd5b6054f6f2d4f626177844f5c6f7wrowe apr_pool_cleanup_register(pconf, NULL, ssl_cleanup_pre_config,
af5dd1c93d2185f7e37f8783c593b64fd35ea8a6wrowe /* Register us to handle mod_log_config %c/%x variables */
8dc154408549195c828b823e9dc7396f107f2512jorton /* Register to handle mod_status status page generation */
11f2c481e1d57bedb3f758565307501e9a2730ddtrawick /* Register mutex type names so they can be configured with Mutex */
2792780a6fb0951dc304b940ba9274ed1e37fe26wrowe ap_mutex_register(pconf, SSL_CACHE_MUTEX_TYPE, NULL, APR_LOCK_DEFAULT, 0);
2792780a6fb0951dc304b940ba9274ed1e37fe26wrowe ap_mutex_register(pconf, SSL_STAPLING_MUTEX_TYPE, NULL, APR_LOCK_DEFAULT, 0);
9cb81d96f6b556cec1aa456191f43f7932aabaaedougmstatic SSLConnRec *ssl_init_connection_ctx(conn_rec *c)
185aa71728867671e105178b4c66fbc22b65ae26sf ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, c, APLOGNO(01961)
2261f694ce2fc09f9df6c65bd8e1f4230313696bjorton "SSL Proxy requested for %s but not enabled "
8a2483ae14c7d9c1ee21a92e4251202456af5747jorton apr_array_make(c->pool, 5, sizeof(ssl_npn_advertise_protos));
8a2483ae14c7d9c1ee21a92e4251202456af5747jorton apr_array_make(c->pool, 5, sizeof(ssl_npn_proto_negotiated));
8a2483ae14c7d9c1ee21a92e4251202456af5747jorton APR_ARRAY_PUSH(sslconn->npn_advertfns, ssl_npn_advertise_protos) =
8a2483ae14c7d9c1ee21a92e4251202456af5747jorton APR_ARRAY_PUSH(sslconn->npn_negofns, ssl_npn_proto_negotiated) =
da0e8dabb745dce2c403f2aa9aded8045c646c29jim apr_array_make(c->pool, 5, sizeof(ssl_alpn_propose_protos));
da0e8dabb745dce2c403f2aa9aded8045c646c29jim apr_array_make(c->pool, 5, sizeof(ssl_alpn_proto_negotiated));
da0e8dabb745dce2c403f2aa9aded8045c646c29jim APR_ARRAY_PUSH(sslconn->alpn_proposefns, ssl_alpn_propose_protos) =
da0e8dabb745dce2c403f2aa9aded8045c646c29jim APR_ARRAY_PUSH(sslconn->alpn_negofns, ssl_alpn_proto_negotiated) =
4ede070ca63bd4c48045e35a7192582769770290jortonint ssl_init_ssl_connection(conn_rec *c, request_rec *r)
807c9f7266ad3a966b6714fe578f3c9da1ca868brpluem * Seed the Pseudo Random Number Generator (PRNG)
807c9f7266ad3a966b6714fe578f3c9da1ca868brpluem ssl_rand_seed(server, c->pool, SSL_RSCTX_CONNECT, "");
a943533fd4d91d114af622731a405407990c4fb1rse * Create a new SSL connection with the configured server SSL context and
a943533fd4d91d114af622731a405407990c4fb1rse * attach this to the socket. Additionally we register this attachment
a943533fd4d91d114af622731a405407990c4fb1rse * so we can detach later.
185aa71728867671e105178b4c66fbc22b65ae26sf ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, c, APLOGNO(01962)
2261f694ce2fc09f9df6c65bd8e1f4230313696bjorton "Unable to create a new SSL connection from the SSL "
2261f694ce2fc09f9df6c65bd8e1f4230313696bjorton "context");
e670b9648396d99ab737684f74e251d4a2e9b95btrawick rc = ssl_run_pre_handshake(c, ssl, sslconn->is_proxy ? 1 : 0);
f4c472b8dce3c2e559232dbb5b27ed2466922ea4jerenkrantz vhost_md5 = ap_md5_binary(c->pool, (unsigned char *)sc->vhost_id,
469549ac22c6f7b9ecdd9df2565925563e4df84djwoolley if (!SSL_set_session_id_context(ssl, (unsigned char *)vhost_md5,
185aa71728867671e105178b4c66fbc22b65ae26sf ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, c, APLOGNO(01963)
7988a91d9a1c6413f2c1a2138847f513d20de856fuankg "Unable to set session id context to '%s'", vhost_md5);
d28d7091912b3d911bdbe18df2d37d315681054bdougm SSL_set_app_data2(ssl, NULL); /* will be request_rec */
7b6ba9c468f26bdb3492d5e8cb79628a3b04e8c8wrowestatic const char *ssl_hook_http_scheme(const request_rec *r)
2f32a3d146dc55d81b31660386e17c3b83ad61b8bnicholes if (sc->enabled == SSL_ENABLED_FALSE || sc->enabled == SSL_ENABLED_OPTIONAL) {
a943533fd4d91d114af622731a405407990c4fb1rse return "https";
71c00f988beb28388702e14cb7fe06f08bd792bbdougmstatic apr_port_t ssl_hook_default_port(const request_rec *r)
2f32a3d146dc55d81b31660386e17c3b83ad61b8bnicholes if (sc->enabled == SSL_ENABLED_FALSE || sc->enabled == SSL_ENABLED_OPTIONAL) {
a943533fd4d91d114af622731a405407990c4fb1rse return 443;
e726f34f8da08c01ee8bc90904b26196b69c8587wrowestatic int ssl_hook_pre_connection(conn_rec *c, void *csd)
e726f34f8da08c01ee8bc90904b26196b69c8587wrowe * Immediately stop processing if SSL is disabled for this connection
e726f34f8da08c01ee8bc90904b26196b69c8587wrowe * Create SSL context
e726f34f8da08c01ee8bc90904b26196b69c8587wrowe * Remember the connection information for
e726f34f8da08c01ee8bc90904b26196b69c8587wrowe * later access inside callback functions
185aa71728867671e105178b4c66fbc22b65ae26sf ap_log_cerror(APLOG_MARK, APLOG_INFO, 0, c, APLOGNO(01964)
2261f694ce2fc09f9df6c65bd8e1f4230313696bjorton "Connection to child %ld established "
7933d4a963def02417113b6798d87a36395053b0rse * the module registration phase
825479074daa2c65852666c4b26d771dff957507jorton /* ssl_hook_ReadReq needs to use the BrowserMatch settings so must
e8f95a682820a599fe41b22977010636be5c2717jim * run after mod_setenvif's post_read_request hook. */
825479074daa2c65852666c4b26d771dff957507jorton static const char *pre_prr[] = { "mod_setenvif.c", NULL };
a943533fd4d91d114af622731a405407990c4fb1rse ap_hook_pre_connection(ssl_hook_pre_connection,NULL,NULL, APR_HOOK_MIDDLE);
d2ffb32434f79782ff7a364ffa31064698c5c645jorton ap_hook_test_config (ssl_hook_ConfigTest, NULL,NULL, APR_HOOK_MIDDLE);
a943533fd4d91d114af622731a405407990c4fb1rse ap_hook_post_config (ssl_init_Module, NULL,NULL, APR_HOOK_MIDDLE);
7b6ba9c468f26bdb3492d5e8cb79628a3b04e8c8wrowe ap_hook_http_scheme (ssl_hook_http_scheme, NULL,NULL, APR_HOOK_MIDDLE);
a943533fd4d91d114af622731a405407990c4fb1rse ap_hook_default_port (ssl_hook_default_port, NULL,NULL, APR_HOOK_MIDDLE);
fa599e0e097d4d933c4dc378ffbfc3c045dd589ewrowe ap_hook_pre_config (ssl_hook_pre_config, NULL,NULL, APR_HOOK_MIDDLE);
a943533fd4d91d114af622731a405407990c4fb1rse ap_hook_child_init (ssl_init_Child, NULL,NULL, APR_HOOK_MIDDLE);
a72211e92bab814bfa28ee086ca9b2a1a6095c92chrisd ap_hook_check_authn (ssl_hook_UserCheck, NULL,NULL, APR_HOOK_FIRST,
a943533fd4d91d114af622731a405407990c4fb1rse ap_hook_fixups (ssl_hook_Fixup, NULL,NULL, APR_HOOK_MIDDLE);
a72211e92bab814bfa28ee086ca9b2a1a6095c92chrisd ap_hook_check_access (ssl_hook_Access, NULL,NULL, APR_HOOK_MIDDLE,
a72211e92bab814bfa28ee086ca9b2a1a6095c92chrisd ap_hook_check_authz (ssl_hook_Auth, NULL,NULL, APR_HOOK_MIDDLE,
825479074daa2c65852666c4b26d771dff957507jorton ap_hook_post_read_request(ssl_hook_ReadReq, pre_prr,NULL, APR_HOOK_MIDDLE);
fc58f0ff708564b67cd578c626b6500d1cd63a51sf ap_register_auth_provider(p, AUTHZ_PROVIDER_GROUP, "ssl",
fc58f0ff708564b67cd578c626b6500d1cd63a51sf ap_register_auth_provider(p, AUTHZ_PROVIDER_GROUP, "ssl-verify-client",
7933d4a963def02417113b6798d87a36395053b0rse ssl_config_perdir_create, /* create per-dir config structures */
7933d4a963def02417113b6798d87a36395053b0rse ssl_config_perdir_merge, /* merge per-dir config structures */
7933d4a963def02417113b6798d87a36395053b0rse ssl_config_server_create, /* create per-server config structures */
7933d4a963def02417113b6798d87a36395053b0rse ssl_config_server_merge, /* merge per-server config structures */
7933d4a963def02417113b6798d87a36395053b0rse ssl_config_cmds, /* table of configuration directives */