mod_tls.c revision 6ff63662058d5891fc110f8b357a3604d7f7deb3
/* ====================================================================
* The Apache Software License, Version 1.1
*
* Copyright (c) 2001 The Apache Software Foundation. All rights
* reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* distribution.
*
* 3. The end-user documentation included with the redistribution,
* if any, must include the following acknowledgment:
* "This product includes software developed by the
* Apache Software Foundation (http://www.apache.org/)."
* Alternately, this acknowledgment may appear in the software itself,
* if and wherever such third-party acknowledgments normally appear.
*
* 4. The names "Apache" and "Apache Software Foundation" must
* not be used to endorse or promote products derived from this
* software without prior written permission. For written
* permission, please contact apache@apache.org.
*
* 5. Products derived from this software may not be called "Apache",
* nor may "Apache" appear in their name, without prior written
* permission of the Apache Software Foundation.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
* WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
* USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
* ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
* OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
* ====================================================================
*
* This software consists of voluntary contributions made by many
* individuals on behalf of the Apache Software Foundation. For more
* information on the Apache Software Foundation, please see
*
* Portions of this software are based upon public domain software
* originally written at the National Center for Supercomputing Applications,
* University of Illinois, Urbana-Champaign.
*/
#include "httpd.h"
#include "http_config.h"
#include "util_filter.h"
#include "http_connection.h"
#include "openssl_state_machine.h"
#include "apr_strings.h"
#include "http_protocol.h"
#include "http_log.h"
/* temp */
#include <assert.h>
static const char s_szTLSFilterName[]="TLSFilter";
typedef struct
{
int bEnabled;
const char *szCertificateFile;
const char *szKeyFile;
typedef struct
{
} TLSFilterCtx;
{
return pConfig;
}
{
&tls_module);
return NULL;
}
{
&tls_module);
/* temp */
return NULL;
}
static int tls_filter_inserter(conn_rec *c)
{
&tls_module);
return DECLINED;
return OK;
}
{
int done;
do {
char buf[1024];
int n;
done=0;
sizeof buf);
if(n > 0) {
char *pbuf;
if(!pbbOutput)
done=1;
/* } else if(n == 0) {
apr_bucket *pbktEOS=apr_bucket_create_eos();
APR_BRIGADE_INSERT_TAIL(pbbOutput,pbktEOS);*/
}
assert(n > 0);
}
} while(done);
/* XXX: check for errors */
if(pbbOutput) {
/* XXX: it may be possible to not always flush */
}
return APR_SUCCESS;
}
{
return APR_EOF;
}
const char *data;
int n;
char buf[1024];
if(APR_BUCKET_IS_EOS(pbktIn)) {
/* XXX: why can't I reuse pbktIn??? */
/* Write eof! */
break;
}
/* read filter */
if(len == 0) {
/* Lazy frickin browsers just reset instead of shutting down. */
return APR_EOF;
else
/* Next time around, the incoming brigade will be empty,
* so we'll return EOF then
*/
return APR_SUCCESS;
}
if(eReadType != APR_NONBLOCK_READ)
"Read failed in tls_in_filter");
/* In this case, we have data in the output bucket, or we were
* non-blocking, so returning nothing is fine.
*/
return APR_SUCCESS;
}
/* write SSL */
if(n > 0) {
char *pbuf;
/* XXX: should we use a heap bucket instead? Or a transient (in
* which case we need a separate brigade for each bucket)?
*/
/* Once we've read something, we can move to non-blocking mode (if
* we weren't already).
*/
/* XXX: deal with EOF! */
/* } else if(n == 0) {
apr_bucket *pbktEOS=apr_bucket_create_eos();
APR_BRIGADE_INSERT_TAIL(pbbInput,pbktEOS);*/
}
assert(n >= 0);
if(ret != APR_SUCCESS)
return ret;
}
return churn_output(pCtx);
}
{
apr_size_t zero = 0;
const char *data;
if(APR_BUCKET_IS_EOS(pbktIn)) {
/* XXX: demote to debug */
/* XXX: dubious - does this always terminate? Does it return the right thing? */
for( ; ; ) {
if(ret != APR_SUCCESS)
return ret;
if(ret != APR_SUCCESS) {
return APR_SUCCESS;
else
return ret;
}
}
break;
}
if(APR_BUCKET_IS_FLUSH(pbktIn)) {
/* assume that churn will flush (or already has) if there's output */
if(ret != APR_SUCCESS)
return ret;
continue;
}
/* read filter */
/* write SSL */
/* churn the state machine */
if(ret != APR_SUCCESS)
return ret;
}
return APR_SUCCESS;
}
{
/* XXX: we don't currently support peek */
/* churn the state machine */
if(ret != APR_SUCCESS)
return ret;
/* XXX: shame that APR_BRIGADE_FOREACH doesn't work here */
}
return APR_SUCCESS;
}
static const char *tls_method(const request_rec *r)
{
&tls_module);
return NULL;
return "https";
}
static unsigned short tls_port(const request_rec *r)
{
&tls_module);
return 0;
return 443;
}
static const command_rec tls_cmds[] =
{
/* XXX: We should be able to add the filter using AddOutputFilter */
"Set the certificate file for this host"),
{ NULL }
};
static void register_hooks(apr_pool_t *p)
{
}
NULL, /* create per-directory config structure */
NULL, /* merge per-directory config structures */
create_tls_server_config, /* create per-server config structure */
NULL, /* merge per-server config structures */
tls_cmds, /* command apr_table_t */
register_hooks /* register hooks */
};