On Fri, Apr 23, 1999, James Simmons wrote:
Really. When will this patch become availble in the main stream mod_ssl?
Do you have some patches for it. I'm willing to try it. I have a test
secure server to play with.
The stuff is still in my pkg.apache.listen/ source tree and not comitted
because it's not finished. What's missing is a correct matching of host:port's
which isn't trivial when one wants to do it in a general way, i.e. like the
vhost-stuff works in Apache. I append you my current state, but please keep in
mind that it's a diff against the current CVS state and not 2.2.8 (i.e. you
need to checkout a version from CVS) and that I've not tried it since over 6-8
weeks now. So I cannot say what's the current state is with the matching
stuff. But feel free to play with it and finalize it... ;) The general idea is
to provide a SSLListen directive which restricts the "SSLEngine on" and is
similar to Listen in usage.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
Index: src/include/http_vhost.h
===
RCS file: /e/modssl/cvs/mod_ssl/pkg.apache/src/include/http_vhost.h,v
retrieving revision 1.1.1.2
diff -u -r1.1.1.2 http_vhost.h
--- src/include/http_vhost.h1999/01/10 10:46:44 1.1.1.2
+++ src/include/http_vhost.h1999/01/10 16:43:41
@@ -87,6 +87,10 @@
*/
API_EXPORT(int) ap_matches_request_vhost(request_rec *r, const char *host,
unsigned port);
+#ifdef EAPI
+API_EXPORT(int) ap_matches_server_vhost(server_rec *s, const char *host,
+unsigned port);
+#endif
#ifdef __cplusplus
}
Index: src/main/http_vhost.c
===
RCS file: /e/modssl/cvs/mod_ssl/pkg.apache/src/main/http_vhost.c,v
retrieving revision 1.1.1.2
diff -u -r1.1.1.2 http_vhost.c
--- src/main/http_vhost.c 1999/01/10 10:46:54 1.1.1.2
+++ src/main/http_vhost.c 1999/01/10 16:41:58
@@ -717,13 +717,22 @@
* we just call it a match. But here we require the host:port to match
* the ServerName and/or ServerAliases.
*/
+#ifdef EAPI
+API_EXPORT(int) ap_matches_server_vhost(server_rec *s, const char *host,
+unsigned port)
+#else
API_EXPORT(int) ap_matches_request_vhost(request_rec *r, const char *host,
unsigned port)
+#endif
{
+#ifndef EAPI
server_rec *s;
+#endif
server_addr_rec *sar;
+#ifndef EAPI
s = r-server;
+#endif
/* search all the VirtualHost values */
/* XXX: If this is a NameVirtualHost then we may not be doing the Right Thing
@@ -757,6 +766,13 @@
return matches_aliases(s, host);
}
+#ifdef EAPI
+API_EXPORT(int) ap_matches_request_vhost(request_rec *r, const char *host,
+unsigned port)
+{
+return ap_matches_server_vhost(r-server, host, port);
+}
+#endif
static void check_hostalias(request_rec *r)
{
Index: src/modules/ssl/mod_ssl.c
===
RCS file: /e/modssl/cvs/mod_ssl/pkg.apache/src/modules/ssl/mod_ssl.c,v
retrieving revision 1.53
diff -u -r1.53 mod_ssl.c
--- src/modules/ssl/mod_ssl.c 1999/04/12 15:28:13 1.53
+++ src/modules/ssl/mod_ssl.c 1999/04/16 08:40:49
@@ -102,6 +102,9 @@
AP_SRV_CMD(Engine, FLAG,
"SSL switch for the protocol engine "
"(`on', `off')")
+AP_SRV_CMD(Listen, ITERATE,
+ "restrictions for `SSLEngine on'"
+ "(`host:port')")
AP_ALL_CMD(CipherSuite, TAKE1,
"Colon-delimited list of permitted SSL Ciphers "
"(`XXX:...:XXX' - see manual)")
Index: src/modules/ssl/mod_ssl.h
===
RCS file: /e/modssl/cvs/mod_ssl/pkg.apache/src/modules/ssl/mod_ssl.h,v
retrieving revision 1.90
diff -u -r1.90 mod_ssl.h
--- src/modules/ssl/mod_ssl.h 1999/04/16 08:50:34 1.90
+++ src/modules/ssl/mod_ssl.h 1999/04/23 17:30:24
@@ -95,6 +95,7 @@
#include "http_protocol.h"
#include "http_request.h"
#include "http_main.h"
+#include "http_vhost.h"
#include "http_core.h"
#include "http_log.h"
#include "scoreboard.h"
@@ -409,6 +410,14 @@
} ssl_require_t;
/*
+ * Define the SSLListen structure
+ */
+typedef struct {
+char*host;
+unsigned int port;
+} SSLListen;
+
+/*
* Define the SSL random number generator seeding source
*/
typedef enum {
@@ -470,6 +479,7 @@
*/
typedef struct {
BOOL bEnabled;
+array_header *aListen;
char*szCertificateFile;
char*szKeyFile;
char*szCACertificatePath;
@@ -537,6 +547,7 @@
const char *ssl_cmd_SSLPassPhraseDialog(cmd_parms *, char *, char *);
const char *ssl_cmd_SSLRandomSeed(cmd_parms *, char *, char *, char *, char *);
const char *ssl_cmd_SSLEngine(cmd_parms *, char *, int flag);
+const char *ssl_cmd_SSLListen(cmd_parms *, char *, char *);
const char