| /* _ _ |
| ** _ __ ___ ___ __| | ___ ___| | mod_ssl |
| ** | '_ ` _ \ / _ \ / _` | / __/ __| | Apache Interface to OpenSSL |
| ** | | | | | | (_) | (_| | \__ \__ \ | www.modssl.org |
| ** |_| |_| |_|\___/ \__,_|___|___/___/_| ftp.modssl.org |
| ** |_____| |
| ** ssl_engine_compat.c |
| ** Backward Compatibility |
| */ |
| |
| /* ==================================================================== |
| * Copyright (c) 1998-2001 Ralf S. Engelschall. All rights reserved. |
| * |
| * Redistribution and use in source and binary forms, with or without |
| * modification, are permitted provided that the following conditions |
| * are met: |
| * |
| * 1. Redistributions of source code must retain the above copyright |
| * notice, this list of conditions and the following disclaimer. |
| * |
| * 2. Redistributions in binary form must reproduce the above copyright |
| * notice, this list of conditions and the following |
| * disclaimer in the documentation and/or other materials |
| * provided with the distribution. |
| * |
| * 3. All advertising materials mentioning features or use of this |
| * software must display the following acknowledgment: |
| * "This product includes software developed by |
| * Ralf S. Engelschall <rse@engelschall.com> for use in the |
| * mod_ssl project (http://www.modssl.org/)." |
| * |
| * 4. The names "mod_ssl" must not be used to endorse or promote |
| * products derived from this software without prior written |
| * permission. For written permission, please contact |
| * rse@engelschall.com. |
| * |
| * 5. Products derived from this software may not be called "mod_ssl" |
| * nor may "mod_ssl" appear in their names without prior |
| * written permission of Ralf S. Engelschall. |
| * |
| * 6. Redistributions of any form whatsoever must retain the following |
| * acknowledgment: |
| * "This product includes software developed by |
| * Ralf S. Engelschall <rse@engelschall.com> for use in the |
| * mod_ssl project (http://www.modssl.org/)." |
| * |
| * THIS SOFTWARE IS PROVIDED BY RALF S. ENGELSCHALL ``AS IS'' AND ANY |
| * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
| * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR |
| * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL RALF S. ENGELSCHALL OR |
| * HIS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, |
| * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT |
| * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; |
| * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
| * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, |
| * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) |
| * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED |
| * OF THE POSSIBILITY OF SUCH DAMAGE. |
| * ==================================================================== |
| */ |
| |
| /* ``Backward compatibility is for |
| users who don't want to live |
| on the bleeding edge.'' |
| -- Unknown */ |
| #ifdef SSL_COMPAT |
| |
| #include "mod_ssl.h" |
| |
| |
| /* _________________________________________________________________ |
| ** |
| ** Backward Compatibility |
| ** _________________________________________________________________ |
| */ |
| |
| /* |
| * The mapping of obsolete directives to official ones... |
| */ |
| |
| static char *ssl_compat_RequireSSL(pool *, const char *, const char *, const char *); |
| static char *ssl_compat_SSLSessionLockFile(pool *, const char *, const char *, const char *); |
| static char *ssl_compat_SSLCacheDisable(pool *, const char *, const char *, const char *); |
| static char *ssl_compat_SSLRequireCipher(pool *, const char *, const char *, const char *); |
| static char *ssl_compat_SSLBanCipher(pool *, const char *, const char *, const char *); |
| static char *ssl_compat_SSL_SessionDir(pool *, const char *, const char *, const char *); |
| static char *ssl_compat_words2list(pool *, const char *); |
| |
| #define CRM_BEGIN /* nop */ |
| #define CRM_ENTRY(what,action) { what, action }, |
| #define CRM_END { NULL, NULL, NULL, NULL, NULL, NULL } |
| #define CRM_CMD(cmd) cmd, NULL, NULL |
| #define CRM_STR(str) NULL, str, NULL |
| #define CRM_PAT(cmd) NULL, NULL, pat |
| #define CRM_LOG(msg) msg, NULL, NULL |
| #define CRM_SUB(new) NULL, new, NULL |
| #define CRM_CAL(fct) NULL, NULL, fct |
| |
| static struct { |
| char *cpCommand; |
| char *cpSubstring; |
| char *cpPattern; |
| char *cpMessage; |
| char *cpSubst; |
| char *(*fpSubst)(pool *, const char *, const char *, const char *); |
| } ssl_cmd_rewrite_map[] = { |
| CRM_BEGIN |
| |
| /* |
| * Apache-SSL 1.x & mod_ssl 2.0.x backward compatibility |
| */ |
| CRM_ENTRY( CRM_CMD("SSLEnable"), CRM_SUB("SSLEngine on") ) |
| CRM_ENTRY( CRM_CMD("SSLDisable"), CRM_SUB("SSLEngine off") ) |
| CRM_ENTRY( CRM_CMD("SSLLogFile"), CRM_SUB("SSLLog") ) |
| CRM_ENTRY( CRM_CMD("SSLRequiredCiphers"), CRM_SUB("SSLCipherSuite") ) |
| CRM_ENTRY( CRM_CMD("SSLRequireCipher"), CRM_CAL(ssl_compat_SSLRequireCipher) ) |
| CRM_ENTRY( CRM_CMD("SSLBanCipher"), CRM_CAL(ssl_compat_SSLBanCipher) ) |
| CRM_ENTRY( CRM_CMD("SSLFakeBasicAuth"), CRM_SUB("SSLOptions +FakeBasicAuth") ) |
| CRM_ENTRY( CRM_CMD("SSLCacheServerPath"), CRM_LOG("Use SSLSessionCache instead") ) |
| CRM_ENTRY( CRM_CMD("SSLCacheServerPort"), CRM_LOG("Use SSLSessionCache instead") ) |
| |
| /* |
| * Apache-SSL 1.x backward compatibility |
| */ |
| CRM_ENTRY( CRM_CMD("SSLExportClientCertificates"), CRM_SUB("SSLOptions +ExportCertData") ) |
| CRM_ENTRY( CRM_CMD("SSLCacheServerRunDir"), CRM_LOG("Not needed for mod_ssl") ) |
| |
| /* |
| * Sioux 1.x backward compatibility |
| */ |
| CRM_ENTRY( CRM_CMD("SSL_CertFile"), CRM_SUB("SSLCertificateFile") ) |
| CRM_ENTRY( CRM_CMD("SSL_KeyFile"), CRM_SUB("SSLCertificateKeyFile") ) |
| CRM_ENTRY( CRM_CMD("SSL_CipherSuite"), CRM_SUB("SSLCipherSuite") ) |
| CRM_ENTRY( CRM_CMD("SSL_X509VerifyDir"), CRM_SUB("SSLCACertificatePath") ) |
| CRM_ENTRY( CRM_CMD("SSL_Log"), CRM_SUB("SSLLogFile") ) |
| CRM_ENTRY( CRM_CMD("SSL_Connect"), CRM_SUB("SSLEngine") ) |
| CRM_ENTRY( CRM_CMD("SSL_ClientAuth"), CRM_SUB("SSLVerifyClient") ) |
| CRM_ENTRY( CRM_CMD("SSL_X509VerifyDepth"), CRM_SUB("SSLVerifyDepth") ) |
| CRM_ENTRY( CRM_CMD("SSL_FetchKeyPhraseFrom"), CRM_LOG("Use SSLPassPhraseDialog instead") ) |
| CRM_ENTRY( CRM_CMD("SSL_SessionDir"), CRM_CAL(ssl_compat_SSL_SessionDir) ) |
| CRM_ENTRY( CRM_CMD("SSL_Require"), CRM_LOG("Use SSLRequire instead (Syntax!)")) |
| CRM_ENTRY( CRM_CMD("SSL_CertFileType"), CRM_LOG("Not supported by mod_ssl") ) |
| CRM_ENTRY( CRM_CMD("SSL_KeyFileType"), CRM_LOG("Not supported by mod_ssl") ) |
| CRM_ENTRY( CRM_CMD("SSL_X509VerifyPolicy"), CRM_LOG("Not supported by mod_ssl") ) |
| CRM_ENTRY( CRM_CMD("SSL_LogX509Attributes"), CRM_LOG("Not supported by mod_ssl") ) |
| |
| /* |
| * Stronghold 2.x backward compatibility |
| */ |
| CRM_ENTRY( CRM_CMD("StrongholdAccelerator"), CRM_LOG("Not supported by mod_ssl") ) |
| CRM_ENTRY( CRM_CMD("StrongholdKey"), CRM_LOG("Not supported by mod_ssl") ) |
| CRM_ENTRY( CRM_CMD("StrongholdLicenseFile"), CRM_LOG("Not supported by mod_ssl") ) |
| CRM_ENTRY( CRM_CMD("SSLFlag"), CRM_SUB("SSLEngine") ) |
| CRM_ENTRY( CRM_CMD("SSLClientCAfile"), CRM_SUB("SSLCACertificateFile") ) |
| CRM_ENTRY( CRM_CMD("SSLSessionLockFile"), CRM_CAL(ssl_compat_SSLSessionLockFile) ) |
| CRM_ENTRY( CRM_CMD("SSLCacheDisable"), CRM_CAL(ssl_compat_SSLCacheDisable) ) |
| CRM_ENTRY( CRM_CMD("RequireSSL"), CRM_CAL(ssl_compat_RequireSSL) ) |
| CRM_ENTRY( CRM_CMD("SSLCipherList"), CRM_SUB("SSLCipherSuite") ) |
| CRM_ENTRY( CRM_CMD("SSLErrorFile"), CRM_LOG("Not needed for mod_ssl") ) |
| CRM_ENTRY( CRM_CMD("SSLRoot"), CRM_LOG("Not supported by mod_ssl") ) |
| CRM_ENTRY( CRM_CMD("SSL_CertificateLogDir"), CRM_LOG("Not supported by mod_ssl") ) |
| CRM_ENTRY( CRM_CMD("AuthCertDir"), CRM_LOG("Not supported by mod_ssl") ) |
| CRM_ENTRY( CRM_CMD("SSL_Group"), CRM_LOG("Not supported by mod_ssl") ) |
| #ifndef SSL_EXPERIMENTAL_PROXY |
| CRM_ENTRY( CRM_CMD("SSLProxyMachineCertPath"), CRM_LOG("Not supported by mod_ssl") ) |
| CRM_ENTRY( CRM_CMD("SSLProxyMachineCertFile"), CRM_LOG("Not supported by mod_ssl") ) |
| CRM_ENTRY( CRM_CMD("SSLProxyCACertificatePath"), CRM_LOG("Not supported by mod_ssl") ) |
| CRM_ENTRY( CRM_CMD("SSLProxyCACertificateFile"), CRM_LOG("Not supported by mod_ssl") ) |
| CRM_ENTRY( CRM_CMD("SSLProxyVerifyDepth"), CRM_LOG("Not supported by mod_ssl") ) |
| CRM_ENTRY( CRM_CMD("SSLProxyCipherList"), CRM_LOG("Not supported by mod_ssl") ) |
| #else |
| CRM_ENTRY( CRM_CMD("SSLProxyCipherList"), CRM_SUB("SSLProxyCipherSuite") ) |
| #endif |
| |
| CRM_END |
| }; |
| |
| static char *ssl_compat_RequireSSL( |
| pool *p, const char *oline, const char *cmd, const char *args) |
| { |
| char *cp; |
| |
| for (cp = (char *)args; ap_isspace(*cp); cp++) |
| ; |
| if (strcEQ(cp, "on")) |
| return "SSLRequireSSL"; |
| return ""; |
| } |
| |
| static char *ssl_compat_SSLSessionLockFile( |
| pool *p, const char *oline, const char *cmd, const char *args) |
| { |
| char *cp; |
| |
| for (cp = (char *)args; ap_isspace(*cp); cp++) |
| ; |
| return ap_pstrcat(p, "SSLMutex file:", cp, NULL); |
| } |
| |
| static char *ssl_compat_SSLCacheDisable( |
| pool *p, const char *oline, const char *cmd, const char *args) |
| { |
| char *cp; |
| |
| for (cp = (char *)args; ap_isspace(*cp); cp++) |
| ; |
| if (strcEQ(cp, "on")) |
| return "SSLSessionCache none"; |
| return ""; |
| } |
| |
| static char *ssl_compat_SSLRequireCipher(pool *p, const char *oline, const char *cmd, const char *args) |
| { |
| return ap_pstrcat(p, "SSLRequire %{SSL_CIPHER} in {", |
| ssl_compat_words2list(p, args), |
| "}", NULL); |
| } |
| |
| static char *ssl_compat_SSLBanCipher(pool *p, const char *oline, const char *cmd, const char *args) |
| { |
| return ap_pstrcat(p, "SSLRequire not (%{SSL_CIPHER} in {", |
| ssl_compat_words2list(p, args), |
| "})", NULL); |
| } |
| |
| static char *ssl_compat_SSL_SessionDir( |
| pool *p, const char *oline, const char *cmd, const char *args) |
| { |
| char *cp; |
| |
| for (cp = (char *)args; ap_isspace(*cp); cp++) |
| ; |
| return ap_pstrcat(p, "SSLSessionCache dir:", cp, NULL); |
| } |
| |
| static char *ssl_compat_words2list(pool *p, const char *oline) |
| { |
| char *line; |
| char *cpB; |
| char *cpE; |
| char *cpI; |
| char *cpO; |
| char n; |
| |
| /* |
| * Step 1: Determine borders |
| */ |
| cpB = (char *)oline; |
| while (*cpB == ' ' || *cpB == '\t') |
| cpB++; |
| cpE = cpB+strlen(cpB); |
| while (cpE > cpB && (*(cpE-1) == ' ' || *(cpE-1) == '\t')) |
| cpE--; |
| |
| /* |
| * Step 2: Determine final size and allocate buffer |
| */ |
| for (cpI = cpB, n = 1; cpI < cpE; cpI++) |
| if ((*cpI == ' ' || *cpI == '\t') && |
| (cpI > cpB && *(cpI-1) != ' ' && *(cpI-1) != '\t')) |
| n++; |
| line = ap_palloc(p, (cpE-cpB)+(n*2)+n+1); |
| cpI = cpB; |
| cpO = line; |
| while (cpI < cpE) { |
| if ( (*cpI != ' ' && *cpI != '\t') |
| && ( cpI == cpB |
| || ( cpI > cpB |
| && (*(cpI-1) == ' ' || *(cpI-1) == '\t')))) { |
| *cpO++ = '"'; |
| *cpO++ = *cpI++; |
| } |
| else if ( (*cpI == ' ' || *cpI == '\t') |
| && ( cpI > cpB |
| && (*(cpI-1) != ' ' && *(cpI-1) != '\t'))) { |
| *cpO++ = '"'; |
| *cpO++ = ','; |
| *cpO++ = *cpI++; |
| } |
| else { |
| *cpO++ = *cpI++; |
| } |
| } |
| if (cpI > cpB && (*(cpI-1) != ' ' && *(cpI-1) != '\t')) |
| *cpO++ = '"'; |
| *cpO++ = NUL; |
| return line; |
| } |
| |
| char *ssl_compat_directive(server_rec *s, pool *p, const char *oline) |
| { |
| int i; |
| char *line; |
| char *cp; |
| char caCmd[1024]; |
| char *cpArgs; |
| int match; |
| |
| /* |
| * Skip comment lines |
| */ |
| cp = (char *)oline; |
| while ((*cp == ' ' || *cp == '\t' || *cp == '\n') && (*cp != NUL)) |
| cp++; |
| if (*cp == '#' || *cp == NUL) |
| return NULL; |
| |
| /* |
| * Extract directive name |
| */ |
| cp = (char *)oline; |
| for (i = 0; *cp != ' ' && *cp != '\t' && *cp != NUL && i < 1024; ) |
| caCmd[i++] = *cp++; |
| caCmd[i] = NUL; |
| cpArgs = cp; |
| |
| /* |
| * Apply rewriting map |
| */ |
| line = NULL; |
| for (i = 0; !(ssl_cmd_rewrite_map[i].cpCommand == NULL && |
| ssl_cmd_rewrite_map[i].cpPattern == NULL ); i++) { |
| /* |
| * Matching |
| */ |
| match = FALSE; |
| if (ssl_cmd_rewrite_map[i].cpCommand != NULL) { |
| if (strcEQ(ssl_cmd_rewrite_map[i].cpCommand, caCmd)) |
| match = TRUE; |
| } |
| else if (ssl_cmd_rewrite_map[i].cpSubstring != NULL) { |
| if (strstr(oline, ssl_cmd_rewrite_map[i].cpSubstring) != NULL) |
| match = TRUE; |
| } |
| else if (ssl_cmd_rewrite_map[i].cpPattern != NULL) { |
| if (ap_fnmatch(ssl_cmd_rewrite_map[i].cpPattern, oline, 0)) |
| match = TRUE; |
| } |
| |
| /* |
| * Action Processing |
| */ |
| if (match) { |
| if (ssl_cmd_rewrite_map[i].cpMessage != NULL) { |
| ap_log_error(APLOG_MARK, APLOG_WARNING|APLOG_NOERRNO, s, |
| "mod_ssl:Compat: OBSOLETE '%s' => %s", |
| oline, ssl_cmd_rewrite_map[i].cpMessage); |
| line = ""; |
| break; |
| } |
| else if (ssl_cmd_rewrite_map[i].cpSubst != NULL) { |
| if (ssl_cmd_rewrite_map[i].cpCommand != NULL) |
| line = ap_pstrcat(p, ssl_cmd_rewrite_map[i].cpSubst, |
| cpArgs, NULL); |
| else if (ssl_cmd_rewrite_map[i].cpSubstring != NULL) |
| line = ssl_util_ptxtsub(p, oline, ssl_cmd_rewrite_map[i].cpSubstring, |
| ssl_cmd_rewrite_map[i].cpSubst); |
| else |
| line = ssl_cmd_rewrite_map[i].cpSubst; |
| break; |
| } |
| else if (ssl_cmd_rewrite_map[i].fpSubst != NULL) { |
| line = ((char *(*)(pool *, const char *, const char *, const char *)) |
| (ssl_cmd_rewrite_map[i].fpSubst))(p, oline, caCmd, cpArgs); |
| break; |
| } |
| } |
| } |
| if (line != NULL && line[0] != NUL) |
| ap_log_error(APLOG_MARK, APLOG_INFO|APLOG_NOERRNO, s, |
| "mod_ssl:Compat: MAPPED '%s' => '%s'", oline, line); |
| return line; |
| } |
| |
| /* |
| * The mapping of obsolete environment variables to official ones... |
| */ |
| |
| #define VRM_BEGIN /* nop */ |
| #define VRM_ENTRY(var,action) { var, action }, |
| #define VRM_END { NULL, NULL, NULL } |
| #define VRM_VAR(old) old |
| #define VRM_SUB(new) new, NULL |
| #define VRM_LOG(msg) NULL, msg |
| |
| static struct { |
| char *cpOld; |
| char *cpNew; |
| char *cpMsg; |
| } ssl_var_rewrite_map[] = { |
| VRM_BEGIN |
| |
| /* |
| * Apache-SSL 1.x, mod_ssl 2.0.x, Sioux 1.x |
| * and Stronghold 2.x backward compatibility |
| */ |
| VRM_ENTRY( VRM_VAR("SSL_PROTOCOL_VERSION"), VRM_SUB("SSL_PROTOCOL") ) |
| VRM_ENTRY( VRM_VAR("SSLEAY_VERSION"), VRM_SUB("SSL_VERSION_LIBRARY") ) |
| VRM_ENTRY( VRM_VAR("HTTPS_SECRETKEYSIZE"), VRM_SUB("SSL_CIPHER_USEKEYSIZE") ) |
| VRM_ENTRY( VRM_VAR("HTTPS_KEYSIZE"), VRM_SUB("SSL_CIPHER_ALGKEYSIZE") ) |
| VRM_ENTRY( VRM_VAR("HTTPS_CIPHER"), VRM_SUB("SSL_CIPHER") ) |
| VRM_ENTRY( VRM_VAR("HTTPS_EXPORT"), VRM_SUB("SSL_CIPHER_EXPORT") ) |
| VRM_ENTRY( VRM_VAR("SSL_SERVER_KEY_SIZE"), VRM_SUB("SSL_CIPHER_ALGKEYSIZE") ) |
| VRM_ENTRY( VRM_VAR("SSL_SERVER_CERTIFICATE"), VRM_SUB("SSL_SERVER_CERT") ) |
| VRM_ENTRY( VRM_VAR("SSL_SERVER_CERT_START"), VRM_SUB("SSL_SERVER_V_START") ) |
| VRM_ENTRY( VRM_VAR("SSL_SERVER_CERT_END"), VRM_SUB("SSL_SERVER_V_END") ) |
| VRM_ENTRY( VRM_VAR("SSL_SERVER_CERT_SERIAL"), VRM_SUB("SSL_SERVER_M_SERIAL") ) |
| VRM_ENTRY( VRM_VAR("SSL_SERVER_SIGNATURE_ALGORITHM"),VRM_SUB("SSL_SERVER_A_SIG") ) |
| VRM_ENTRY( VRM_VAR("SSL_SERVER_DN"), VRM_SUB("SSL_SERVER_S_DN") ) |
| VRM_ENTRY( VRM_VAR("SSL_SERVER_CN"), VRM_SUB("SSL_SERVER_S_DN_CN") ) |
| VRM_ENTRY( VRM_VAR("SSL_SERVER_EMAIL"), VRM_SUB("SSL_SERVER_S_DN_Email") ) |
| VRM_ENTRY( VRM_VAR("SSL_SERVER_O"), VRM_SUB("SSL_SERVER_S_DN_O") ) |
| VRM_ENTRY( VRM_VAR("SSL_SERVER_OU"), VRM_SUB("SSL_SERVER_S_DN_OU") ) |
| VRM_ENTRY( VRM_VAR("SSL_SERVER_C"), VRM_SUB("SSL_SERVER_S_DN_C") ) |
| VRM_ENTRY( VRM_VAR("SSL_SERVER_SP"), VRM_SUB("SSL_SERVER_S_DN_SP") ) |
| VRM_ENTRY( VRM_VAR("SSL_SERVER_L"), VRM_SUB("SSL_SERVER_S_DN_L") ) |
| VRM_ENTRY( VRM_VAR("SSL_SERVER_IDN"), VRM_SUB("SSL_SERVER_I_DN") ) |
| VRM_ENTRY( VRM_VAR("SSL_SERVER_ICN"), VRM_SUB("SSL_SERVER_I_DN_CN") ) |
| VRM_ENTRY( VRM_VAR("SSL_SERVER_IEMAIL"), VRM_SUB("SSL_SERVER_I_DN_Email") ) |
| VRM_ENTRY( VRM_VAR("SSL_SERVER_IO"), VRM_SUB("SSL_SERVER_I_DN_O") ) |
| VRM_ENTRY( VRM_VAR("SSL_SERVER_IOU"), VRM_SUB("SSL_SERVER_I_DN_OU") ) |
| VRM_ENTRY( VRM_VAR("SSL_SERVER_IC"), VRM_SUB("SSL_SERVER_I_DN_C") ) |
| VRM_ENTRY( VRM_VAR("SSL_SERVER_ISP"), VRM_SUB("SSL_SERVER_I_DN_SP") ) |
| VRM_ENTRY( VRM_VAR("SSL_SERVER_IL"), VRM_SUB("SSL_SERVER_I_DN_L") ) |
| VRM_ENTRY( VRM_VAR("SSL_CLIENT_CERTIFICATE"), VRM_SUB("SSL_CLIENT_CERT") ) |
| VRM_ENTRY( VRM_VAR("SSL_CLIENT_CERT_START"), VRM_SUB("SSL_CLIENT_V_START") ) |
| VRM_ENTRY( VRM_VAR("SSL_CLIENT_CERT_END"), VRM_SUB("SSL_CLIENT_V_END") ) |
| VRM_ENTRY( VRM_VAR("SSL_CLIENT_CERT_SERIAL"), VRM_SUB("SSL_CLIENT_M_SERIAL") ) |
| VRM_ENTRY( VRM_VAR("SSL_CLIENT_SIGNATURE_ALGORITHM"),VRM_SUB("SSL_CLIENT_A_SIG") ) |
| VRM_ENTRY( VRM_VAR("SSL_CLIENT_DN"), VRM_SUB("SSL_CLIENT_S_DN") ) |
| VRM_ENTRY( VRM_VAR("SSL_CLIENT_CN"), VRM_SUB("SSL_CLIENT_S_DN_CN") ) |
| VRM_ENTRY( VRM_VAR("SSL_CLIENT_EMAIL"), VRM_SUB("SSL_CLIENT_S_DN_Email") ) |
| VRM_ENTRY( VRM_VAR("SSL_CLIENT_O"), VRM_SUB("SSL_CLIENT_S_DN_O") ) |
| VRM_ENTRY( VRM_VAR("SSL_CLIENT_OU"), VRM_SUB("SSL_CLIENT_S_DN_OU") ) |
| VRM_ENTRY( VRM_VAR("SSL_CLIENT_C"), VRM_SUB("SSL_CLIENT_S_DN_C") ) |
| VRM_ENTRY( VRM_VAR("SSL_CLIENT_SP"), VRM_SUB("SSL_CLIENT_S_DN_SP") ) |
| VRM_ENTRY( VRM_VAR("SSL_CLIENT_L"), VRM_SUB("SSL_CLIENT_S_DN_L") ) |
| VRM_ENTRY( VRM_VAR("SSL_CLIENT_IDN"), VRM_SUB("SSL_CLIENT_I_DN") ) |
| VRM_ENTRY( VRM_VAR("SSL_CLIENT_ICN"), VRM_SUB("SSL_CLIENT_I_DN_CN") ) |
| VRM_ENTRY( VRM_VAR("SSL_CLIENT_IEMAIL"), VRM_SUB("SSL_CLIENT_I_DN_Email") ) |
| VRM_ENTRY( VRM_VAR("SSL_CLIENT_IO"), VRM_SUB("SSL_CLIENT_I_DN_O") ) |
| VRM_ENTRY( VRM_VAR("SSL_CLIENT_IOU"), VRM_SUB("SSL_CLIENT_I_DN_OU") ) |
| VRM_ENTRY( VRM_VAR("SSL_CLIENT_IC"), VRM_SUB("SSL_CLIENT_I_DN_C") ) |
| VRM_ENTRY( VRM_VAR("SSL_CLIENT_ISP"), VRM_SUB("SSL_CLIENT_I_DN_SP") ) |
| VRM_ENTRY( VRM_VAR("SSL_CLIENT_IL"), VRM_SUB("SSL_CLIENT_I_DN_L") ) |
| VRM_ENTRY( VRM_VAR("SSL_EXPORT"), VRM_SUB("SSL_CIPHER_EXPORT") ) |
| VRM_ENTRY( VRM_VAR("SSL_KEYSIZE"), VRM_SUB("SSL_CIPHER_ALGKEYSIZE") ) |
| VRM_ENTRY( VRM_VAR("SSL_SECRETKEYSIZE"), VRM_SUB("SSL_CIPHER_USEKEYSIZE") ) |
| VRM_ENTRY( VRM_VAR("SSL_SSLEAY_VERSION"), VRM_SUB("SSL_VERSION_LIBRARY") ) |
| |
| VRM_ENTRY( VRM_VAR("SSL_STRONG_CRYPTO"), VRM_LOG("Not supported by mod_ssl") ) |
| VRM_ENTRY( VRM_VAR("SSL_SERVER_KEY_EXP"), VRM_LOG("Not supported by mod_ssl") ) |
| VRM_ENTRY( VRM_VAR("SSL_SERVER_KEY_SIZE"), VRM_LOG("Not supported by mod_ssl") ) |
| VRM_ENTRY( VRM_VAR("SSL_SERVER_KEY_ALGORITHM"), VRM_LOG("Not supported by mod_ssl") ) |
| VRM_ENTRY( VRM_VAR("SSL_SERVER_SESSIONDIR"), VRM_LOG("Not supported by mod_ssl") ) |
| VRM_ENTRY( VRM_VAR("SSL_SERVER_CERTIFICATELOGDIR"), VRM_LOG("Not supported by mod_ssl") ) |
| VRM_ENTRY( VRM_VAR("SSL_SERVER_CERTFILE"), VRM_LOG("Not supported by mod_ssl") ) |
| VRM_ENTRY( VRM_VAR("SSL_SERVER_KEYFILE"), VRM_LOG("Not supported by mod_ssl") ) |
| VRM_ENTRY( VRM_VAR("SSL_SERVER_KEYFILETYPE"), VRM_LOG("Not supported by mod_ssl") ) |
| VRM_ENTRY( VRM_VAR("SSL_CLIENT_KEY_EXP"), VRM_LOG("Not supported by mod_ssl") ) |
| VRM_ENTRY( VRM_VAR("SSL_CLIENT_KEY_ALGORITHM"), VRM_LOG("Not supported by mod_ssl") ) |
| VRM_ENTRY( VRM_VAR("SSL_CLIENT_KEY_SIZE"), VRM_LOG("Not supported by mod_ssl") ) |
| |
| VRM_END |
| }; |
| |
| void ssl_compat_variables(request_rec *r) |
| { |
| char *cpOld; |
| char *cpNew; |
| char *cpMsg; |
| char *cpVal; |
| int i; |
| |
| for (i = 0; ssl_var_rewrite_map[i].cpOld != NULL; i++) { |
| cpOld = ssl_var_rewrite_map[i].cpOld; |
| cpMsg = ssl_var_rewrite_map[i].cpMsg; |
| cpNew = ssl_var_rewrite_map[i].cpNew; |
| if (cpNew != NULL) { |
| cpVal = ssl_var_lookup(r->pool, r->server, r->connection, r, cpNew); |
| if (!strIsEmpty(cpVal)) |
| ap_table_set(r->subprocess_env, cpOld, cpVal); |
| } |
| else if (cpMsg != NULL) { |
| #ifdef SSL_VENDOR |
| /* |
| * something that isn't provided by mod_ssl, so at least |
| * let vendor extensions provide a reasonable value first. |
| */ |
| cpVal = NULL; |
| ap_hook_use("ap::mod_ssl::vendor::compat_variables_lookup", |
| AP_HOOK_SIG3(ptr,ptr,ptr), |
| AP_HOOK_DECLINE(NULL), |
| &cpVal, r, cpOld); |
| if (cpVal != NULL) { |
| ap_table_set(r->subprocess_env, cpOld, cpVal); |
| continue; |
| } |
| #endif |
| |
| /* |
| * we cannot print a message, so we set at least |
| * the variables content to the compat message |
| */ |
| ap_table_set(r->subprocess_env, cpOld, cpMsg); |
| } |
| } |
| return; |
| } |
| |
| #endif /* SSL_COMPAT */ |