On 01/11/2008 05:04 PM, [EMAIL PROTECTED] wrote: > Author: fuankg > Date: Fri Jan 11 08:04:26 2008 > New Revision: 611216 > > URL: http://svn.apache.org/viewvc?rev=611216&view=rev > Log: > Restructured server name indication support (PR 34607); > added missing client cert support. > Submitted by: Kaspar Brand <asfbugz velox.ch> > > Modified: > httpd/httpd/trunk/modules/ssl/ssl_engine_init.c > httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c > httpd/httpd/trunk/modules/ssl/ssl_engine_vars.c > httpd/httpd/trunk/modules/ssl/ssl_private.h >
> Modified: httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c > URL: > http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c?rev=611216&r1=611215&r2=611216&view=diff > ============================================================================== > --- httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c (original) > +++ httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c Fri Jan 11 08:04:26 2008 > @@ -1909,3 +1913,118 @@ > +static int ssl_find_vhost(void *servername, conn_rec *c, server_rec *s) > +{ > + SSLSrvConfigRec *sc; > + SSL *ssl; > + BOOL found = FALSE; > + apr_array_header_t *names; > + int i; > + > + /* check ServerName */ > + if (!strcasecmp(servername, s->server_hostname)) { > + found = TRUE; > + } > + > + /* > + * if not matched yet, check ServerAlias entries > + * (adapted from vhost.c:matches_aliases()) > + */ > + if (!found) { > + names = s->names; > + if (names) { > + char **name = (char **)names->elts; > + for (i = 0; i < names->nelts; ++i) { > + if (!name[i]) > + continue; > + if (!strcasecmp(servername, name[i])) { > + found = TRUE; > + break; > + } > + } > + } > + } > + > + /* if still no match, check ServerAlias entries with wildcards */ > + if (!found) { > + names = s->wild_names; > + if (names) { > + char **name = (char **)names->elts; > + for (i = 0; i < names->nelts; ++i) { > + if (!name[i]) > + continue; > + if (!ap_strcasecmp_match(servername, name[i])) { > + found = TRUE; > + break; > + } > + } > + } > + } > + > + /* set SSL_CTX (if matched) */ > + if (found && (ssl = ((SSLConnRec *)myConnConfig(c))->ssl) && > + (sc = mySrvConfig(s))) { > + SSL_set_SSL_CTX(ssl, sc->server->ssl_ctx); > + /* > + * SSL_set_SSL_CTX() only deals with the server cert, > + * so we need to duplicate a few additional settings > + * from the ctx by hand > + */ > + SSL_set_options(ssl, SSL_CTX_get_options(ssl->ctx)); Sorry for being confused, but shouldn't this be sc->server->ssl_ctx instead of ssl->ctx? > + if ((SSL_get_verify_mode(ssl) == SSL_VERIFY_NONE) || > + (SSL_num_renegotiations(ssl) == 0)) { > + /* > + * Only initialize the verification settings from the ctx > + * if they are not yet set, or if we're called when a new > + * SSL connection is set up (num_renegotiations == 0). > + * Otherwise, we would possibly reset a per-directory > + * configuration which was put into effect by ssl_hook_Access. > + */ > + SSL_set_verify(ssl, SSL_CTX_get_verify_mode(ssl->ctx), > + SSL_CTX_get_verify_callback(ssl->ctx)); Same question as above. > + } > + > + return 1; > + } > + > + return 0; > +} > +#endif Regards RĂ¼diger
