ssl_expr_eval.c

Checkout Tools
  • last updated 40 mins ago
Constraints
Constraints: committers
 
Constraints: files
Constraints: dates
Replace ap_expr with a parser derived from mod_ssl's parser. Make mod_ssl use

the new parser. Rework ap_expr's public interface and provide hooks for modules

to add variables and functions.

The Netware and Windows build files still need to be adjusted

  1. … 34 more files in changeset.
Add authz providers for use with mod_authz_core and its RequireAny/RequireAll

containers:

'ssl' (equivalent to SSLRequireSSL)

'ssl-verify-client' (for use with 'SSLVerifyClient optional')

'ssl-require' (expressions with same syntax as SSLRequire)

We may decide to axe 'ssl-require' again in favor of the generic 'expr'

provider, depending on the development of the ap_expr parser.

  1. … 7 more files in changeset.
Make the ssl expression parser thread-safe. It now requires bison instead of

yacc.

Also change the make file magic so that the real source file name is

embedded in the debug info.

The generated files have been created with flex 2.5.35/bison 2.4.1. The two

'no previous prototype' warnings are supposed to be fixed with the next flex

version.

  1. … 12 more files in changeset.
update license header text
  1. … 316 more files in changeset.
Update the copyright year in all .c, .h and .xml files

  1. … 497 more files in changeset.
No functional Change: Removing trailing whitespace. This also

means that "blank" lines consisting of just spaces or

tabs are now really blank lines

  1. … 180 more files in changeset.
As discussed previously: OID() -> PeerExtList()
  1. … 6 more files in changeset.
- remove ssl_ext_lookup and replace it with ssl_ext_list

- change ssl_expr_eval_oid to use ssl_ext_list

This change provides for a singfle function that provides an array of all

values from a certificate that match a given extension and removes the

duplictaed code that was present.

Reviewed by: Joe Orton

  1. … 4 more files in changeset.
* modules/ssl/ssl_expr_eval.c (ssl_expr_eval_oid): Remove unused

variable.

* modules/ssl/ssl_private.h, modules/ssl/mod_ssl.h

(ssl_extlist_by_oid): Move prototype to ssl_private.h.

  1. … 2 more files in changeset.
Allow extraction of the values of SSL certificate extensions into

environment variables, so that their value can be used by any

module that is aware of environment variables, as in:

SetEnvIf OID("2.16.840.1.113730.1.13") "(.*) Generated (Certificate)" ca=$1

sets

ca=TinyCA

if the cert was issued by TinyCA.

Similarly,

SetenvIf OID("2.16.840.1.113730.1.13") "(.*)" NetscapeComment=$1

will set $NetscapeComment to the whole string.

It is technically allowed to have multiple instances of an extension

field, all with the same oid. In this case, the environment variable

will be set to the list of all fields, separated by commas.

The [PATCH] uses a cross-module call from mod_setenvif to

mod_ssl (the latter may also be missing: in this case the

variable will never be set). It calls a common function

in the ssl module that is also used for the SSLRequire

directive's test.

  1. … 3 more files in changeset.
Collaborative work: (Thanks, dreid!)

Implement OID checking for mod_ssl. This code allows for checking of arbitrary client

certificate extensions by OID, in a syntax like:

SSLRequire "BaDCA Generated Certificate" in Oid("2.16.840.1.113730.1.13") \

|| "committers" in Oid("1.3.6.1.4.1.18060.1")

Note the following:

* A given OID can occur multiple times in one cert, with different values. Therefore

the OID function compares the left-hand string against each of the OID values,

until a complete match is found. If none patches, the result is FALSE

* The left hand side can be another expression, so can be a reference to a variable

or an file() invocation etc.

* The OID is also just a reference to a string, or function, or whatever.

* My manual description is very short. Someone else please help improve the description

  1. … 4 more files in changeset.
Move the POSIX reg* implementations into the ap_* namespace;

internalise the ap_reg*<->PCRE wrapper:

* configure.in: Add srclib/pcre to the include path.

* include/ap_regex.h: Renamed from include/pcreposix.h. Prefix all

constants with AP_; prefix all functions and types with ap_. Define

AP_DECLARE to nothing if necessary. Remove regcomp error codes.

* include/httpd.h: Include ap_regex.h not pcreposix.h.

(ap_pregcomp, ap_regexec, ap_regfree): s/regex_t/ap_regex_t/.

(ap_regexec, ap_regerror): Prototypes moved to ap_regex.h.

* server/util.c (regex_cleanup, ap_pregcomp, ap_pregsub, ap_pregfree):

Adjust for ap_ prefixed types. (ap_regexec, ap_regerror): Removed.

* server/Makefile.in: Build util_pcre.c.

* server/util_pcre.c: Copied from srclib/pcre/pcreposix.c; remove use

of PCRE-internals to do error mapping; rename types to add AP_/ap_

prefixes as above. Use APR includes. (ap_regerror): Use apr_snprintf.

* srclib/pcre/Makefile.in: Don't build pcreposix.c into libpcre.la.

* modules/*: Update to use new type and constant names.

PR: 27750 (part one)

Submitted by: Andres Salomon <dilinger voxel.net>, Joe Orton

  1. … 25 more files in changeset.
Update copyright year to 2005 and standardize on current copyright owner line.

  1. … 522 more files in changeset.
general property cleanup

  1. … 712 more files in changeset.
Move mod_ssl-internal interfaces into ssl_private.h; allow mod_ssl.h

to be included even when mod_ssl is not enabled.

* Makefile.in (install-include): Only install mod_ssl.h.

* modules/ssl/ssl_private.h: New file.

* modules/ssl/mod_ssl.h: Move everything apart from than the optional

hook definitions into ssl_private.h.

* modules/ssl/*.c: Include ssl_private.h not mod_ssl.h

* modules/ssl/config.m4: Always add the mod_ssl directory to the

include path so other modules can find mod_ssl.h.

* modules/proxy/mod_proxy.c: Include mod_ssl.h to pick up the optional

hook definitions rather than copy'n'pasting them.

  1. … 28 more files in changeset.
fix name of The Apache Software Foundation

  1. … 361 more files in changeset.
fix copyright dates according to the first check in

  1. … 24 more files in changeset.
apply Apache License, Version 2.0

  1. … 262 more files in changeset.
update license to 2004.

  1. … 281 more files in changeset.
finished that boring job:

update license to 2003.

Happy New Year! ;-))

  1. … 271 more files in changeset.
Update our copyright for this year.

  1. … 260 more files in changeset.

Another huge file check, and one fewer emits

That's it. Adjust for our pcre transition, and the whole thing links

once again.

Merge in part II of a set of mod_ssl porting changes.

Submitted by: Madhusudan Mathihalli <madhusudan_mathihalli@hp.com>

  1. … 3 more files in changeset.
Next step in mod_ssl integration:

Add missing files to build environment.

  1. … 31 more files in changeset.
mod_ssl integration step 2:

transfer copyright of all code to ASF by using Apache Software License v1.1

  1. … 33 more files in changeset.
Initial revision

  1. … 41 more files in changeset.