summaryrefslogtreecommitdiffstats
path: root/rubbos/app/httpd-2.0.64/modules/ssl
diff options
context:
space:
mode:
Diffstat (limited to 'rubbos/app/httpd-2.0.64/modules/ssl')
-rw-r--r--rubbos/app/httpd-2.0.64/modules/ssl/.deps0
-rw-r--r--rubbos/app/httpd-2.0.64/modules/ssl/Makefile43
-rw-r--r--rubbos/app/httpd-2.0.64/modules/ssl/Makefile.in38
-rw-r--r--rubbos/app/httpd-2.0.64/modules/ssl/README129
-rw-r--r--rubbos/app/httpd-2.0.64/modules/ssl/README.dsov.fig346
-rw-r--r--rubbos/app/httpd-2.0.64/modules/ssl/README.dsov.ps1138
-rw-r--r--rubbos/app/httpd-2.0.64/modules/ssl/config.m454
-rw-r--r--rubbos/app/httpd-2.0.64/modules/ssl/mod_ssl.c428
-rw-r--r--rubbos/app/httpd-2.0.64/modules/ssl/mod_ssl.dsp328
-rw-r--r--rubbos/app/httpd-2.0.64/modules/ssl/mod_ssl.h724
-rw-r--r--rubbos/app/httpd-2.0.64/modules/ssl/modules.mk3
-rw-r--r--rubbos/app/httpd-2.0.64/modules/ssl/ssl_engine_config.c1420
-rw-r--r--rubbos/app/httpd-2.0.64/modules/ssl/ssl_engine_dh.c207
-rw-r--r--rubbos/app/httpd-2.0.64/modules/ssl/ssl_engine_init.c1243
-rw-r--r--rubbos/app/httpd-2.0.64/modules/ssl/ssl_engine_io.c1746
-rw-r--r--rubbos/app/httpd-2.0.64/modules/ssl/ssl_engine_kernel.c1876
-rw-r--r--rubbos/app/httpd-2.0.64/modules/ssl/ssl_engine_log.c101
-rw-r--r--rubbos/app/httpd-2.0.64/modules/ssl/ssl_engine_mutex.c120
-rw-r--r--rubbos/app/httpd-2.0.64/modules/ssl/ssl_engine_pphrase.c789
-rw-r--r--rubbos/app/httpd-2.0.64/modules/ssl/ssl_engine_rand.c179
-rw-r--r--rubbos/app/httpd-2.0.64/modules/ssl/ssl_engine_vars.c687
-rw-r--r--rubbos/app/httpd-2.0.64/modules/ssl/ssl_expr.c82
-rw-r--r--rubbos/app/httpd-2.0.64/modules/ssl/ssl_expr.h104
-rw-r--r--rubbos/app/httpd-2.0.64/modules/ssl/ssl_expr_eval.c254
-rw-r--r--rubbos/app/httpd-2.0.64/modules/ssl/ssl_expr_parse.c1081
-rw-r--r--rubbos/app/httpd-2.0.64/modules/ssl/ssl_expr_parse.h27
-rw-r--r--rubbos/app/httpd-2.0.64/modules/ssl/ssl_expr_parse.y148
-rw-r--r--rubbos/app/httpd-2.0.64/modules/ssl/ssl_expr_scan.c1969
-rw-r--r--rubbos/app/httpd-2.0.64/modules/ssl/ssl_expr_scan.l225
-rw-r--r--rubbos/app/httpd-2.0.64/modules/ssl/ssl_scache.c199
-rw-r--r--rubbos/app/httpd-2.0.64/modules/ssl/ssl_scache_dbm.c462
-rw-r--r--rubbos/app/httpd-2.0.64/modules/ssl/ssl_scache_shmcb.c1362
-rw-r--r--rubbos/app/httpd-2.0.64/modules/ssl/ssl_scache_shmht.c351
-rw-r--r--rubbos/app/httpd-2.0.64/modules/ssl/ssl_toolkit_compat.h239
-rw-r--r--rubbos/app/httpd-2.0.64/modules/ssl/ssl_util.c449
-rw-r--r--rubbos/app/httpd-2.0.64/modules/ssl/ssl_util_ssl.c574
-rw-r--r--rubbos/app/httpd-2.0.64/modules/ssl/ssl_util_ssl.h93
-rw-r--r--rubbos/app/httpd-2.0.64/modules/ssl/ssl_util_table.c2518
-rw-r--r--rubbos/app/httpd-2.0.64/modules/ssl/ssl_util_table.h152
39 files changed, 0 insertions, 21888 deletions
diff --git a/rubbos/app/httpd-2.0.64/modules/ssl/.deps b/rubbos/app/httpd-2.0.64/modules/ssl/.deps
deleted file mode 100644
index e69de29b..00000000
--- a/rubbos/app/httpd-2.0.64/modules/ssl/.deps
+++ /dev/null
diff --git a/rubbos/app/httpd-2.0.64/modules/ssl/Makefile b/rubbos/app/httpd-2.0.64/modules/ssl/Makefile
deleted file mode 100644
index b624d817..00000000
--- a/rubbos/app/httpd-2.0.64/modules/ssl/Makefile
+++ /dev/null
@@ -1,43 +0,0 @@
-top_srcdir = /bottlenecks/rubbos/app/httpd-2.0.64
-top_builddir = /bottlenecks/rubbos/app/httpd-2.0.64
-srcdir = /bottlenecks/rubbos/app/httpd-2.0.64/modules/ssl
-builddir = /bottlenecks/rubbos/app/httpd-2.0.64/modules/ssl
-VPATH = /bottlenecks/rubbos/app/httpd-2.0.64/modules/ssl
-# Licensed to the Apache Software Foundation (ASF) under one or more
-# contributor license agreements. See the NOTICE file distributed with
-# this work for additional information regarding copyright ownership.
-# The ASF licenses this file to You under the Apache License, Version 2.0
-# (the "License"); you may not use this file except in compliance with
-# the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#
-# standard stuff
-#
-
-include $(top_srcdir)/build/special.mk
-
-#
-# developer stuff
-# (we really don't expect end users to use these targets!)
-#
-
-ssl_expr_scan.c: $(top_srcdir)/modules/ssl/ssl_expr_scan.l ssl_expr_parse.h
- flex -Pssl_expr_yy -s -B $(top_srcdir)/modules/ssl/ssl_expr_scan.l
- sed -e '/$$Header:/d' <lex.ssl_expr_yy.c >ssl_expr_scan.c && rm -f lex.ssl_expr_yy.c
-
-ssl_expr_parse.c ssl_expr_parse.h: $(top_srcdir)/modules/ssl/ssl_expr_parse.y
- yacc -d $(top_srcdir)/modules/ssl/ssl_expr_parse.y
- sed -e 's;yy;ssl_expr_yy;g' \
- -e '/#if defined(c_plusplus) || defined(__cplusplus)/,/#endif/d' \
- <y.tab.c >ssl_expr_parse.c && rm -f y.tab.c
- sed -e 's;yy;ssl_expr_yy;g' \
- <y.tab.h >ssl_expr_parse.h && rm -f y.tab.h
-
diff --git a/rubbos/app/httpd-2.0.64/modules/ssl/Makefile.in b/rubbos/app/httpd-2.0.64/modules/ssl/Makefile.in
deleted file mode 100644
index a5153f3a..00000000
--- a/rubbos/app/httpd-2.0.64/modules/ssl/Makefile.in
+++ /dev/null
@@ -1,38 +0,0 @@
-# Licensed to the Apache Software Foundation (ASF) under one or more
-# contributor license agreements. See the NOTICE file distributed with
-# this work for additional information regarding copyright ownership.
-# The ASF licenses this file to You under the Apache License, Version 2.0
-# (the "License"); you may not use this file except in compliance with
-# the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#
-# standard stuff
-#
-
-include $(top_srcdir)/build/special.mk
-
-#
-# developer stuff
-# (we really don't expect end users to use these targets!)
-#
-
-ssl_expr_scan.c: $(top_srcdir)/modules/ssl/ssl_expr_scan.l ssl_expr_parse.h
- flex -Pssl_expr_yy -s -B $(top_srcdir)/modules/ssl/ssl_expr_scan.l
- sed -e '/$$Header:/d' <lex.ssl_expr_yy.c >ssl_expr_scan.c && rm -f lex.ssl_expr_yy.c
-
-ssl_expr_parse.c ssl_expr_parse.h: $(top_srcdir)/modules/ssl/ssl_expr_parse.y
- yacc -d $(top_srcdir)/modules/ssl/ssl_expr_parse.y
- sed -e 's;yy;ssl_expr_yy;g' \
- -e '/#if defined(c_plusplus) || defined(__cplusplus)/,/#endif/d' \
- <y.tab.c >ssl_expr_parse.c && rm -f y.tab.c
- sed -e 's;yy;ssl_expr_yy;g' \
- <y.tab.h >ssl_expr_parse.h && rm -f y.tab.h
-
diff --git a/rubbos/app/httpd-2.0.64/modules/ssl/README b/rubbos/app/httpd-2.0.64/modules/ssl/README
deleted file mode 100644
index b24af26f..00000000
--- a/rubbos/app/httpd-2.0.64/modules/ssl/README
+++ /dev/null
@@ -1,129 +0,0 @@
-SYNOPSIS
-
- This Apache module provides strong cryptography for the Apache 2.0 webserver
- via the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS
- v1) protocols by the help of the SSL/TLS implementation library OpenSSL which
- is based on SSLeay from Eric A. Young and Tim J. Hudson.
-
- The mod_ssl package was created in April 1998 by Ralf S. Engelschall
- and was originally derived from software developed by Ben Laurie for
- use in the Apache-SSL HTTP server project. The mod_ssl implementation
- for Apache 1.3 continues to be supported by the modssl project
- <http://www.modssl.org/>.
-
-SOURCES
-
- See the top-level LAYOUT file in httpd-2.0 for file descriptions.
-
- The source files are written in clean ANSI C and pass the ``gcc -O -g
- -ggdb3 -Wall -Wshadow -Wpointer-arith -Wcast-align -Wmissing-prototypes
- -Wmissing-declarations -Wnested-externs -Winline'' compiler test
- (assuming `gcc' is GCC 2.95.2 or newer) without any complains. When
- you make changes or additions make sure the source still passes this
- compiler test.
-
-FUNCTIONS
-
- Inside the source code you will be confronted with the following types of
- functions which can be identified by their prefixes:
-
- ap_xxxx() ............... Apache API function
- ssl_xxxx() .............. mod_ssl function
- SSL_xxxx() .............. OpenSSL function (SSL library)
- OpenSSL_xxxx() .......... OpenSSL function (SSL library)
- X509_xxxx() ............. OpenSSL function (Crypto library)
- PEM_xxxx() .............. OpenSSL function (Crypto library)
- EVP_xxxx() .............. OpenSSL function (Crypto library)
- RSA_xxxx() .............. OpenSSL function (Crypto library)
-
-DATA STRUCTURES
-
- Inside the source code you will be confronted with the following
- data structures:
-
- server_rec .............. Apache (Virtual) Server
- conn_rec ................ Apache Connection
- request_rec ............. Apache Request
- SSLModConfig ............ mod_ssl (Global) Module Configuration
- SSLSrvConfig ............ mod_ssl (Virtual) Server Configuration
- SSLDirConfig ............ mod_ssl Directory Configuration
- SSLConnConfig ........... mod_ssl Connection Configuration
- SSLFilterRec ............ mod_ssl Filter Context
- SSL_CTX ................. OpenSSL Context
- SSL_METHOD .............. OpenSSL Protocol Method
- SSL_CIPHER .............. OpenSSL Cipher
- SSL_SESSION ............. OpenSSL Session
- SSL ..................... OpenSSL Connection
- BIO ..................... OpenSSL Connection Buffer
-
- For an overview how these are related and chained together have a look at the
- page in README.dsov.{fig,ps}. It contains overview diagrams for those data
- structures. It's designed for DIN A4 paper size, but you can easily generate
- a smaller version inside XFig by specifing a magnification on the Export
- panel.
-
-EXPERIMENTAL CODE
-
- Experimental code is always encapsulated as following:
-
- | #ifdef SSL_EXPERIMENTAL_xxxx
- | ...
- | #endif
-
- This way it is only compiled in when this define is enabled with
- the APACI --enable-rule=SSL_EXPERIMENTAL option and as long as the
- C pre-processor variable SSL_EXPERIMENTAL_xxxx_IGNORE is _NOT_
- defined (via CFLAGS). Or in other words: SSL_EXPERIMENTAL enables all
- SSL_EXPERIMENTAL_xxxx variables, except if SSL_EXPERIMENTAL_xxxx_IGNORE
- is already defined. Currently the following features are experimental:
-
- o SSL_EXPERIMENTAL_ENGINE
- The ability to support the new forthcoming OpenSSL ENGINE stuff.
- Until this development branch of OpenSSL is merged into the main
- stream, you have to use openssl-engine-0.9.x.tar.gz for this.
- mod_ssl automatically recognizes this OpenSSL variant and then can
- activate external crypto devices through SSLCryptoDevice directive.
-
-INCOMPATIBILITIES
-
- The following intentional incompatibilities exist between mod_ssl 2.x
- from Apache 1.3 and this mod_ssl version for Apache 2.0:
-
- o The complete EAPI-based SSL_VENDOR stuff was removed.
- o The complete EAPI-based SSL_COMPAT stuff was removed.
- o The <IfDefine> variable MOD_SSL is no longer provided automatically
-
-MAJOR CHANGES
-
- For a complete history of changes for Apache 2.0 mod_ssl, see the
- CHANGES file in the top-level httpd-2.0 directory. The following
- is a condensed summary of the major changes were made between
- mod_ssl 2.x from Apache 1.3 and this mod_ssl version for Apache 2.0:
-
- o The DBM based session cache is now based on APR's DBM API only.
- o The shared memory based session cache is now based on APR's APIs.
- o SSL I/O is now implemented in terms of filters rather than BUFF
- o Eliminated ap_global_ctx. Storing Persistant information in
- process_rec->pool->user_data. The ssl_pphrase_Handle_CB() and
- ssl_config_global_* () functions have an extra parameter now -
- "server_rec *" - which is used to retrieve the SSLModConfigRec.
- o Properly support restarts, allowing mod_ssl to be added to a server
- that is already running and to change server certs/keys on restart
- o Various performance enhancements
- o proxy support is no longer an "extension", much of the mod_ssl core
- was re-written (ssl_engine_{init,kernel,config}.c) to be generic so
- it could be re-used in proxy mode.
- - the optional function ssl_proxy_enable is provide for mod_proxy
- to enable proxy support
- - proxy support now requires 'SSLProxyEngine on' to be configured
- - proxy now supports SSLProxyCARevocation{Path,File} in addition to
- the original SSLProxy* directives
- o per-directory SSLCACertificate{File,Path} is now thread-safe but
- requires SSL_set_cert_store patch to OpenSSL
- o RSA sslc is supported via ssl_toolkit_compat.h
- o the ssl_engine_{ds,ext}.c source files are obsolete and no longer
- exist
-
-TODO
-
- See the top-level STATUS file in httpd-2.0 for current efforts and goals.
diff --git a/rubbos/app/httpd-2.0.64/modules/ssl/README.dsov.fig b/rubbos/app/httpd-2.0.64/modules/ssl/README.dsov.fig
deleted file mode 100644
index d8d03db2..00000000
--- a/rubbos/app/httpd-2.0.64/modules/ssl/README.dsov.fig
+++ /dev/null
@@ -1,346 +0,0 @@
-#FIG 3.2
-Landscape
-Center
-Metric
-Letter
-100.00
-Single
--2
-1200 2
-0 32 #616561
-0 33 #b6b2b6
-0 34 #f7f3f7
-0 35 #cfcfcf
-0 36 #ffffff
-6 6345 2835 7155 3150
-6 6345 2970 7110 3150
-4 0 0 200 0 20 8 0.0000 4 120 585 6345 3105 "ssl_module")\001
--6
-4 0 0 200 0 20 8 0.0000 4 120 660 6345 2970 ap_ctx_get(...,\001
--6
-6 10800 2610 12240 3060
-4 0 0 200 0 20 8 0.0000 4 120 1170 10800 2745 ap_get_module_config(...\001
-4 0 0 200 0 20 8 0.0000 4 120 795 10800 2880 ->per_dir_config,\001
-4 0 0 200 0 20 8 0.0000 4 120 585 10800 3015 &ssl_module)\001
--6
-6 7920 4770 9135 4995
-2 4 0 1 35 35 200 0 20 0.000 0 0 4 0 0 5
- 9135 4995 7920 4995 7920 4770 9135 4770 9135 4995
-4 0 0 100 0 18 12 0.0000 4 180 1065 8010 4950 request_rec\001
--6
-2 1 0 1 0 34 200 0 20 0.000 0 0 -1 1 0 2
- 1 1 1.00 60.00 120.00
- 6975 3330 7425 2520
-2 1 0 1 0 34 200 0 20 0.000 0 0 -1 1 0 2
- 1 1 1.00 60.00 120.00
- 7200 4230 9450 2520
-2 1 0 1 0 34 200 0 20 0.000 0 0 -1 1 0 2
- 1 1 1.00 60.00 120.00
- 7875 4905 7200 5220
-2 1 0 1 0 34 200 0 20 0.000 0 0 -1 1 0 2
- 1 1 1.00 60.00 120.00
- 6750 5130 6750 4545
-2 1 0 1 0 34 200 0 20 0.000 0 0 -1 1 0 2
- 1 1 1.00 60.00 120.00
- 6705 5445 7155 6120
-2 1 0 1 0 34 200 0 20 0.000 0 0 -1 1 0 2
- 1 1 1.00 60.00 120.00
- 7875 4815 7200 4590
-2 1 0 1 0 34 200 0 20 0.000 0 0 -1 1 0 2
- 1 1 1.00 60.00 120.00
- 9585 2565 11475 4230
-2 1 0 1 0 34 200 0 20 0.000 0 0 -1 1 0 2
- 1 1 1.00 60.00 120.00
- 10170 5130 11835 4545
-2 1 0 1 0 34 200 0 20 0.000 0 0 -1 1 0 2
- 1 1 1.00 60.00 120.00
- 7920 6075 9855 5400
-2 1 0 1 0 34 200 0 20 0.000 0 0 -1 1 0 2
- 1 1 1.00 60.00 120.00
- 9990 5445 10935 5625
-2 1 0 1 0 34 200 0 20 0.000 0 0 -1 1 0 2
- 1 1 1.00 60.00 120.00
- 10215 5310 10935 5310
-2 1 0 1 0 34 200 0 20 0.000 0 0 -1 1 0 2
- 1 1 1.00 60.00 120.00
- 11925 4590 11925 5085
-2 1 0 1 0 34 200 0 20 0.000 0 0 -1 1 0 2
- 1 1 1.00 60.00 120.00
- 9810 5490 9810 6840
-2 1 0 1 0 34 200 0 20 0.000 0 0 -1 1 0 2
- 1 1 1.00 60.00 120.00
- 9945 5445 10935 6030
-2 1 0 1 0 34 200 0 20 0.000 0 0 -1 1 0 2
- 1 1 1.00 60.00 120.00
- 8865 4725 10800 2565
-2 1 0 3 0 34 200 0 20 0.000 0 0 -1 0 0 2
- 675 6075 5850 6075
-2 1 2 1 0 34 200 0 20 1.000 0 0 -1 1 0 2
- 1 1 1.00 60.00 120.00
- 675 6525 675 6075
-2 1 2 1 0 34 200 0 20 1.000 0 0 -1 1 0 2
- 1 0 1.00 60.00 120.00
- 5850 6075 5850 6525
-2 1 0 3 0 34 200 0 20 0.000 0 0 -1 0 0 2
- 900 5625 5625 5625
-2 1 0 3 0 34 200 0 20 0.000 0 0 -1 0 0 2
- 1125 5175 5400 5175
-2 1 0 3 0 34 200 0 20 0.000 0 0 -1 0 0 2
- 1350 4725 5175 4725
-2 1 0 3 0 34 200 0 20 0.000 0 0 -1 0 0 2
- 1575 4275 4950 4275
-2 1 0 3 0 34 200 0 20 0.000 0 0 -1 0 0 2
- 1800 3825 4725 3825
-2 1 0 3 0 34 200 0 20 0.000 0 0 -1 0 0 2
- 2025 3375 4500 3375
-2 1 0 3 0 34 200 0 20 0.000 0 0 -1 0 0 2
- 2250 2925 4275 2925
-2 1 0 3 0 34 200 0 20 0.000 0 0 -1 0 0 2
- 2475 2475 4050 2475
-2 1 0 3 0 34 200 0 20 0.000 0 0 -1 0 0 2
- 2700 2025 3825 2025
-2 1 0 3 0 34 200 0 20 0.000 0 0 -1 0 0 2
- 2925 1575 3600 1575
-2 1 2 1 0 34 200 0 20 1.000 0 0 -1 1 0 2
- 1 1 1.00 60.00 120.00
- 900 6075 900 5625
-2 1 2 1 0 34 200 0 20 1.000 0 0 -1 1 0 2
- 1 1 1.00 60.00 120.00
- 1125 6525 1125 5175
-2 1 2 1 0 34 200 0 20 1.000 0 0 -1 1 0 2
- 1 1 1.00 60.00 120.00
- 1350 5175 1350 4725
-2 1 2 1 0 34 200 0 20 1.000 0 0 -1 1 0 2
- 1 1 1.00 60.00 120.00
- 1575 4725 1575 4275
-2 1 2 1 0 34 200 0 20 1.000 0 0 -1 1 0 2
- 1 1 1.00 60.00 120.00
- 1800 6525 1800 3825
-2 1 2 1 0 34 200 0 20 1.000 0 0 -1 1 0 2
- 1 1 1.00 60.00 120.00
- 2025 3825 2025 3375
-2 1 2 1 0 34 200 0 20 1.000 0 0 -1 1 0 2
- 1 1 1.00 60.00 120.00
- 2250 3375 2250 2925
-2 1 2 1 0 34 200 0 20 1.000 0 0 -1 1 0 2
- 1 1 1.00 60.00 120.00
- 2475 2925 2475 2475
-2 1 2 1 0 34 200 0 20 1.000 0 0 -1 1 0 2
- 1 0 1.00 60.00 120.00
- 5625 5625 5625 6075
-2 1 2 1 0 34 200 0 20 1.000 0 0 -1 1 0 2
- 1 0 1.00 60.00 120.00
- 5400 5175 5400 6525
-2 1 2 1 0 34 200 0 20 1.000 0 0 -1 1 0 2
- 1 0 1.00 60.00 120.00
- 5175 4725 5175 5175
-2 1 2 1 0 34 200 0 20 1.000 0 0 -1 1 0 2
- 1 0 1.00 60.00 120.00
- 4950 4275 4950 4725
-2 1 2 1 0 34 200 0 20 1.000 0 0 -1 1 0 2
- 1 0 1.00 60.00 120.00
- 4725 3825 4725 6525
-2 1 2 1 0 34 200 0 20 1.000 0 0 -1 1 0 2
- 1 0 1.00 60.00 120.00
- 4500 3375 4500 3825
-2 1 2 1 0 34 200 0 20 1.000 0 0 -1 1 0 2
- 1 0 1.00 60.00 120.00
- 4275 2925 4275 3375
-2 1 2 1 0 34 200 0 20 1.000 0 0 -1 1 0 2
- 1 0 1.00 60.00 120.00
- 4050 2475 4050 2925
-2 1 2 1 0 34 200 0 20 1.000 0 0 -1 1 0 2
- 1 1 1.00 60.00 120.00
- 2700 6525 2700 2025
-2 1 2 1 0 34 200 0 20 1.000 0 0 -1 1 0 2
- 1 0 1.00 60.00 120.00
- 3825 2025 3825 6525
-2 1 2 1 0 34 200 0 20 1.000 0 0 -1 1 0 2
- 1 0 1.00 60.00 120.00
- 3600 1575 3600 2025
-2 1 2 1 0 34 200 0 20 1.000 0 0 -1 1 0 2
- 1 1 1.00 60.00 120.00
- 2925 2025 2925 1575
-2 1 0 4 0 0 200 0 20 0.000 0 0 -1 1 0 2
- 1 1 4.00 60.00 120.00
- 540 6525 6300 6525
-2 3 0 1 7 7 800 0 20 0.000 0 0 -1 0 0 9
- 675 6525 5850 6525 5850 6075 5625 6075 5625 5625 900 5625
- 900 6075 675 6075 675 6525
-2 3 0 1 34 34 700 0 20 0.000 0 0 -1 0 0 13
- 1125 6525 5355 6525 5400 5175 5175 5175 5175 4725 4950 4725
- 4950 4275 1575 4275 1575 4725 1350 4725 1350 5175 1125 5175
- 1125 6525
-2 3 0 1 35 35 500 0 20 0.000 0 0 -1 0 0 17
- 1800 6525 4725 6525 4725 3825 4500 3825 4500 3375 4275 3375
- 4275 2925 4050 2925 4050 2475 2475 2475 2475 2925 2250 2925
- 2250 3375 2025 3375 2025 3825 1800 3825 1800 6525
-2 3 0 1 33 33 400 0 20 0.000 0 0 -1 0 0 9
- 2700 6525 3825 6525 3825 2025 3600 2025 3600 1575 2925 1575
- 2925 2025 2700 2025 2700 6525
-2 1 0 1 0 34 200 0 20 0.000 0 0 -1 1 1 2
- 2 0 1.00 60.00 120.00
- 2 0 1.00 60.00 120.00
- 2700 6750 3825 6750
-2 1 0 1 0 34 200 0 20 0.000 0 0 -1 1 1 2
- 2 0 1.00 60.00 120.00
- 2 0 1.00 60.00 120.00
- 1125 7200 5400 7200
-2 1 0 1 0 34 200 0 20 0.000 0 0 -1 1 1 2
- 2 0 1.00 60.00 120.00
- 2 0 1.00 60.00 120.00
- 1800 6975 4725 6975
-2 1 0 1 0 34 200 0 20 0.000 0 0 -1 1 1 2
- 2 0 1.00 60.00 120.00
- 2 0 1.00 60.00 120.00
- 675 7425 5850 7425
-2 1 2 1 0 34 200 0 20 3.000 0 1 -1 0 0 2
- 675 6570 675 7650
-2 1 2 1 0 34 200 0 20 3.000 0 1 -1 0 0 2
- 1125 6570 1125 7650
-2 1 2 1 0 34 200 0 20 3.000 0 1 -1 0 0 2
- 1800 6570 1800 7650
-2 1 2 1 0 34 200 0 20 3.000 0 1 -1 0 0 2
- 2700 6570 2700 7650
-2 1 2 1 0 34 200 0 20 3.000 0 1 -1 0 0 2
- 3825 6570 3825 7650
-2 1 2 1 0 34 200 0 20 3.000 0 1 -1 0 0 2
- 4725 6570 4725 7650
-2 1 2 1 0 34 200 0 20 3.000 0 1 -1 0 0 2
- 5400 6570 5400 7650
-2 1 2 1 0 34 200 0 20 3.000 0 1 -1 0 0 2
- 5850 6570 5850 7650
-2 4 0 2 0 7 100 0 -1 0.000 0 0 20 0 0 5
- 12600 8550 450 8550 450 225 12600 225 12600 8550
-2 4 0 1 0 34 200 0 20 0.000 0 0 20 0 0 5
- 12600 1350 450 1350 450 225 12600 225 12600 1350
-2 4 0 1 35 35 200 0 20 0.000 0 0 4 0 0 5
- 10170 2475 8775 2475 8775 2250 10170 2250 10170 2475
-2 4 0 1 35 35 200 0 20 0.000 0 0 4 0 0 5
- 11925 2475 10575 2475 10575 2250 11925 2250 11925 2475
-2 4 0 1 35 35 200 0 20 0.000 0 0 4 0 0 5
- 12375 4500 11430 4500 11430 4275 12375 4275 12375 4500
-2 4 0 1 35 35 200 0 20 0.000 0 0 4 0 0 5
- 12375 5400 10980 5400 10980 5175 12375 5175 12375 5400
-2 4 0 1 35 35 200 0 20 0.000 0 0 4 0 0 5
- 10170 5400 9675 5400 9675 5175 10170 5175 10170 5400
-2 4 0 1 35 35 200 0 20 0.000 0 0 4 0 0 5
- 7875 6300 7200 6300 7200 6075 7875 6075 7875 6300
-2 4 0 1 35 35 200 0 20 0.000 0 0 4 0 0 5
- 8190 2475 6750 2475 6750 2250 8190 2250 8190 2475
-2 4 0 1 35 35 200 0 20 0.000 0 0 4 0 0 5
- 7605 3600 6300 3600 6300 3375 7605 3375 7605 3600
-2 4 0 1 35 35 200 0 20 0.000 0 0 4 0 0 5
- 7335 4500 6300 4500 6300 4275 7335 4275 7335 4500
-2 4 0 1 35 35 200 0 20 0.000 0 0 4 0 0 5
- 7200 5400 6300 5400 6300 5175 7200 5175 7200 5400
-2 1 0 6 7 7 600 0 -1 0.000 0 0 -1 0 0 2
- 9450 4500 6075 1935
-2 1 0 6 7 7 600 0 -1 0.000 0 0 4 0 0 2
- 9450 4500 12465 2205
-2 1 0 6 7 7 600 0 -1 0.000 0 0 4 0 0 2
- 9450 4500 9450 7785
-2 1 0 1 0 34 200 0 20 0.000 0 0 -1 1 0 2
- 1 1 1.00 60.00 120.00
- 9630 5310 7245 5310
-2 1 0 1 0 34 200 0 20 0.000 0 0 -1 1 0 2
- 1 1 1.00 60.00 120.00
- 11385 4365 7380 4365
-2 4 0 1 35 35 200 0 20 0.000 0 0 4 0 0 5
- 12240 5805 10980 5805 10980 5580 12240 5580 12240 5805
-2 4 0 1 35 35 200 0 20 0.000 0 0 4 0 0 5
- 12375 6210 10980 6210 10980 5985 12375 5985 12375 6210
-2 1 0 1 0 34 200 0 20 0.000 0 0 -1 1 0 2
- 1 1 1.00 60.00 120.00
- 11205 6885 9900 5445
-2 4 0 1 35 35 200 0 20 0.000 0 0 4 0 0 5
- 12285 7155 10530 7155 10530 6930 12285 6930 12285 7155
-2 4 0 1 35 35 200 0 20 0.000 0 0 4 0 0 5
- 10170 7155 9630 7155 9630 6930 10170 6930 10170 7155
-2 1 0 6 7 7 600 0 -1 0.000 0 0 4 0 0 2
- 12510 6435 9450 6435
-2 1 0 1 0 34 300 0 20 0.000 0 0 7 1 0 4
- 1 1 1.00 60.00 120.00
- 12375 4455 12510 4635 12510 6210 11970 6885
-2 1 2 1 0 34 200 0 20 1.000 0 0 -1 1 0 2
- 1 1 1.00 60.00 120.00
- 9850 5143 9175 4918
-3 1 0 1 34 34 800 0 20 0.000 0 0 0 41
- 7380 1710 6390 2115 5535 2115 6075 3015 5670 3465 6165 3915
- 5715 4410 6030 5040 6030 5310 6480 5715 6390 6255 6975 6300
- 7065 6975 7965 6750 8100 7560 8955 7290 9360 7740 9720 7560
- 10755 8145 12060 8280 12375 7650 12420 7200 12510 7065 12330 6660
- 12510 6390 12420 5940 12375 5400 12510 5220 12510 4725 12600 4275
- 12375 3645 12105 3240 12150 2745 12375 2700 12330 1980 11790 1575
- 11250 1935 10125 1485 8955 2070 7785 1620 7695 1575
- 1.000 1.000 1.000 1.000 1.000 1.000 1.000 1.000
- 1.000 1.000 1.000 1.000 1.000 1.000 1.000 1.000
- 1.000 1.000 1.000 1.000 1.000 1.000 1.000 1.000
- 1.000 1.000 1.000 1.000 1.000 1.000 1.000 1.000
- 1.000 1.000 1.000 1.000 1.000 1.000 1.000 1.000
- 1.000
-4 0 0 100 0 0 12 0.0000 4 180 1440 10575 675 Ralf S. Engelschall\001
-4 0 0 100 0 18 20 0.0000 4 270 3840 4275 675 Apache+mod_ssl+OpenSSL\001
-4 0 0 100 0 0 10 0.0000 4 135 1320 10575 855 rse@engelschall.com\001
-4 0 0 100 0 0 10 0.0000 4 135 1410 10575 1035 www.engelschall.com\001
-4 0 0 100 0 0 12 0.0000 4 135 870 900 675 Version 1.3\001
-4 0 0 100 0 0 12 0.0000 4 180 1035 900 855 12-Apr-1999\001
-4 0 0 200 0 20 8 0.0000 4 60 390 6210 4680 ->server\001
-4 0 0 200 0 20 8 0.0000 4 120 855 8280 6120 ap_ctx_get(...,"ssl")\001
-4 0 0 200 0 20 8 0.0000 4 120 1170 7740 2700 ap_get_module_config(...\001
-4 0 0 200 0 20 8 0.0000 4 120 810 7740 2835 ->module_config,\001
-4 0 0 200 0 20 8 0.0000 4 120 585 7740 2970 &ssl_module)\001
-4 0 0 100 0 18 20 0.0000 4 270 1200 9000 8100 Chaining\001
-4 0 0 100 0 18 20 0.0000 4 210 1095 2745 8100 Lifetime\001
-4 0 0 100 0 18 12 0.0000 4 180 1215 810 6255 ap_global_ctx\001
-4 0 0 100 0 18 12 0.0000 4 180 1305 990 5805 SSLModConfig\001
-4 0 0 100 0 18 12 0.0000 4 180 840 4050 4455 SSL_CTX\001
-4 0 0 100 0 18 12 0.0000 4 150 975 4455 5355 server_rec\001
-4 0 0 100 0 18 12 0.0000 4 180 1260 3870 4905 SSLSrvConfig\001
-4 0 0 100 0 18 12 0.0000 4 135 480 1845 4005 BUFF\001
-4 0 0 100 0 18 12 0.0000 4 150 810 2070 3555 conn_rec\001
-4 0 0 100 0 18 12 0.0000 4 135 345 2295 3105 BIO\001
-4 0 0 100 0 18 12 0.0000 4 135 375 2565 2655 SSL\001
-4 0 0 100 0 18 12 0.0000 4 180 1185 3645 1620 SSLDirConfig\001
-4 0 0 100 0 18 12 0.0000 4 180 1065 3915 2070 request_rec\001
-4 0 0 200 0 0 8 0.0000 4 120 1440 900 7560 Startup, Runtime, Shutdown\001
-4 0 0 200 0 0 8 0.0000 4 105 975 1350 7335 Configuration Time\001
-4 0 0 200 0 0 8 0.0000 4 90 1050 2025 7110 Connection Duration\001
-4 0 0 200 0 0 8 0.0000 4 120 885 2835 6885 Request Duration\001
-4 0 0 200 0 18 20 0.0000 4 195 90 6345 6795 t\001
-4 0 0 200 0 20 8 0.0000 4 90 345 7110 5985 ->client\001
-4 0 0 100 0 18 12 0.0000 4 180 1305 6795 2430 SSLModConfig\001
-4 0 0 100 0 18 12 0.0000 4 180 1260 8865 2430 SSLSrvConfig\001
-4 0 0 100 0 18 12 0.0000 4 180 1215 6345 3555 ap_global_ctx\001
-4 0 0 100 0 18 12 0.0000 4 150 975 6345 4455 server_rec\001
-4 0 0 100 0 18 12 0.0000 4 150 810 6345 5355 conn_rec\001
-4 0 0 100 0 18 12 0.0000 4 135 375 9720 5355 SSL\001
-4 0 0 100 0 18 12 0.0000 4 180 1185 10665 2430 SSLDirConfig\001
-4 0 0 100 0 18 12 0.0000 4 135 480 7290 6255 BUFF\001
-4 0 0 100 0 18 12 0.0000 4 180 1305 11025 5355 SSL_METHOD\001
-4 0 0 100 0 18 12 0.0000 4 180 840 11475 4455 SSL_CTX\001
-4 0 0 100 0 18 24 0.0000 4 285 4365 3915 1080 Data Structure Overview\001
-4 0 0 200 0 20 8 0.0000 4 90 615 7065 5085 ->connection\001
-4 0 0 200 0 20 8 0.0000 4 60 390 7065 4770 ->server\001
-4 0 0 200 0 20 8 0.0000 4 120 960 8010 5445 SSL_get_app_data()\001
-4 0 0 200 0 20 8 0.0000 4 120 510 10530 4050 ->pSSLCtx\001
-4 0 0 200 0 20 8 0.0000 4 120 1215 7875 4275 SSL_CTX_get_app_data()\001
-4 0 0 200 0 20 8 0.0000 4 120 1155 10305 5535 SSL_get_current_cipher()\001
-4 0 0 100 0 18 12 0.0000 4 180 1170 11025 5760 SSL_CIPHER\001
-4 0 0 100 0 18 12 0.0000 4 180 1350 10980 6165 SSL_SESSION\001
-4 0 0 200 0 20 8 0.0000 4 120 840 10440 5940 SSL_get_session()\001
-4 0 0 100 0 18 12 0.0000 4 180 1665 10575 7110 X509_STORE_CTX\001
-4 0 0 100 0 18 12 0.0000 4 135 345 9720 7110 BIO\001
-4 0 0 200 0 20 8 0.0000 4 120 840 9540 7335 SSL_get_{r,w}bio()\001
-4 0 0 100 0 18 20 0.0000 4 270 1170 8730 3465 mod_ssl\001
-4 0 0 100 0 18 20 0.0000 4 270 1050 8145 6750 Apache\001
-4 0 0 200 0 20 8 0.0000 4 120 945 10125 4680 SSL_get_SSL_CTX()\001
-4 0 0 200 0 20 8 0.0000 4 120 1170 10350 5175 SSL_get_SSL_METHOD()\001
-4 0 0 200 0 20 8 0.0000 4 90 465 11745 4770 ->method\001
-4 0 0 200 0 20 8 0.0000 4 120 1665 9945 6480 X509_STORE_CTX_get_app_data()\001
-4 0 0 200 0 20 8 0.0000 4 120 1215 10980 6705 SSL_CTX_get_cert_store()\001
-4 0 0 200 0 20 8 0.0000 4 120 1020 8280 5130 SSL_get_app_data2()\001
-4 0 0 100 0 18 20 0.0000 4 270 1290 10710 7605 OpenSSL\001
-4 0 0 100 0 18 12 0.0000 4 180 720 10710 7785 [Crypto]\001
-4 0 0 100 0 18 20 0.0000 4 270 1290 10935 3645 OpenSSL\001
-4 0 0 100 0 18 12 0.0000 4 180 495 10935 3825 [SSL]\001
diff --git a/rubbos/app/httpd-2.0.64/modules/ssl/README.dsov.ps b/rubbos/app/httpd-2.0.64/modules/ssl/README.dsov.ps
deleted file mode 100644
index def19dbe..00000000
--- a/rubbos/app/httpd-2.0.64/modules/ssl/README.dsov.ps
+++ /dev/null
@@ -1,1138 +0,0 @@
-%!PS-Adobe-2.0
-%%Title: README.dsov.ps
-%%Creator: fig2dev Version 3.2 Patchlevel 1
-%%CreationDate: Mon Apr 12 17:09:11 1999
-%%For: rse@en1.engelschall.com (Ralf S. Engelschall)
-%%Orientation: Landscape
-%%BoundingBox: 59 37 553 755
-%%Pages: 1
-%%BeginSetup
-%%IncludeFeature: *PageSize Letter
-%%EndSetup
-%%Magnification: 0.9340
-%%EndComments
-/$F2psDict 200 dict def
-$F2psDict begin
-$F2psDict /mtrx matrix put
-/col-1 {0 setgray} bind def
-/col0 {0.000 0.000 0.000 srgb} bind def
-/col1 {0.000 0.000 1.000 srgb} bind def
-/col2 {0.000 1.000 0.000 srgb} bind def
-/col3 {0.000 1.000 1.000 srgb} bind def
-/col4 {1.000 0.000 0.000 srgb} bind def
-/col5 {1.000 0.000 1.000 srgb} bind def
-/col6 {1.000 1.000 0.000 srgb} bind def
-/col7 {1.000 1.000 1.000 srgb} bind def
-/col8 {0.000 0.000 0.560 srgb} bind def
-/col9 {0.000 0.000 0.690 srgb} bind def
-/col10 {0.000 0.000 0.820 srgb} bind def
-/col11 {0.530 0.810 1.000 srgb} bind def
-/col12 {0.000 0.560 0.000 srgb} bind def
-/col13 {0.000 0.690 0.000 srgb} bind def
-/col14 {0.000 0.820 0.000 srgb} bind def
-/col15 {0.000 0.560 0.560 srgb} bind def
-/col16 {0.000 0.690 0.690 srgb} bind def
-/col17 {0.000 0.820 0.820 srgb} bind def
-/col18 {0.560 0.000 0.000 srgb} bind def
-/col19 {0.690 0.000 0.000 srgb} bind def
-/col20 {0.820 0.000 0.000 srgb} bind def
-/col21 {0.560 0.000 0.560 srgb} bind def
-/col22 {0.690 0.000 0.690 srgb} bind def
-/col23 {0.820 0.000 0.820 srgb} bind def
-/col24 {0.500 0.190 0.000 srgb} bind def
-/col25 {0.630 0.250 0.000 srgb} bind def
-/col26 {0.750 0.380 0.000 srgb} bind def
-/col27 {1.000 0.500 0.500 srgb} bind def
-/col28 {1.000 0.630 0.630 srgb} bind def
-/col29 {1.000 0.750 0.750 srgb} bind def
-/col30 {1.000 0.880 0.880 srgb} bind def
-/col31 {1.000 0.840 0.000 srgb} bind def
-/col32 {0.380 0.396 0.380 srgb} bind def
-/col33 {0.714 0.698 0.714 srgb} bind def
-/col34 {0.969 0.953 0.969 srgb} bind def
-/col35 {0.812 0.812 0.812 srgb} bind def
-/col36 {1.000 1.000 1.000 srgb} bind def
-
-end
-save
-48.0 12.0 translate
- 90 rotate
-1 -1 scale
-
-/cp {closepath} bind def
-/ef {eofill} bind def
-/gr {grestore} bind def
-/gs {gsave} bind def
-/sa {save} bind def
-/rs {restore} bind def
-/l {lineto} bind def
-/m {moveto} bind def
-/rm {rmoveto} bind def
-/n {newpath} bind def
-/s {stroke} bind def
-/sh {show} bind def
-/slc {setlinecap} bind def
-/slj {setlinejoin} bind def
-/slw {setlinewidth} bind def
-/srgb {setrgbcolor} bind def
-/rot {rotate} bind def
-/sc {scale} bind def
-/sd {setdash} bind def
-/ff {findfont} bind def
-/sf {setfont} bind def
-/scf {scalefont} bind def
-/sw {stringwidth} bind def
-/tr {translate} bind def
-/tnt {dup dup currentrgbcolor
- 4 -2 roll dup 1 exch sub 3 -1 roll mul add
- 4 -2 roll dup 1 exch sub 3 -1 roll mul add
- 4 -2 roll dup 1 exch sub 3 -1 roll mul add srgb}
- bind def
-/shd {dup dup currentrgbcolor 4 -2 roll mul 4 -2 roll mul
- 4 -2 roll mul srgb} bind def
-/reencdict 12 dict def /ReEncode { reencdict begin
-/newcodesandnames exch def /newfontname exch def /basefontname exch def
-/basefontdict basefontname findfont def /newfont basefontdict maxlength dict def
-basefontdict { exch dup /FID ne { dup /Encoding eq
-{ exch dup length array copy newfont 3 1 roll put }
-{ exch newfont 3 1 roll put } ifelse } { pop pop } ifelse } forall
-newfont /FontName newfontname put newcodesandnames aload pop
-128 1 255 { newfont /Encoding get exch /.notdef put } for
-newcodesandnames length 2 idiv { newfont /Encoding get 3 1 roll put } repeat
-newfontname newfont definefont pop end } def
-/isovec [
-8#200 /grave 8#201 /acute 8#202 /circumflex 8#203 /tilde
-8#204 /macron 8#205 /breve 8#206 /dotaccent 8#207 /dieresis
-8#210 /ring 8#211 /cedilla 8#212 /hungarumlaut 8#213 /ogonek 8#214 /caron
-8#220 /dotlessi 8#230 /oe 8#231 /OE
-8#240 /space 8#241 /exclamdown 8#242 /cent 8#243 /sterling
-8#244 /currency 8#245 /yen 8#246 /brokenbar 8#247 /section 8#250 /dieresis
-8#251 /copyright 8#252 /ordfeminine 8#253 /guillemotleft 8#254 /logicalnot
-8#255 /endash 8#256 /registered 8#257 /macron 8#260 /degree 8#261 /plusminus
-8#262 /twosuperior 8#263 /threesuperior 8#264 /acute 8#265 /mu 8#266 /paragraph
-8#267 /periodcentered 8#270 /cedilla 8#271 /onesuperior 8#272 /ordmasculine
-8#273 /guillemotright 8#274 /onequarter 8#275 /onehalf
-8#276 /threequarters 8#277 /questiondown 8#300 /Agrave 8#301 /Aacute
-8#302 /Acircumflex 8#303 /Atilde 8#304 /Adieresis 8#305 /Aring
-8#306 /AE 8#307 /Ccedilla 8#310 /Egrave 8#311 /Eacute
-8#312 /Ecircumflex 8#313 /Edieresis 8#314 /Igrave 8#315 /Iacute
-8#316 /Icircumflex 8#317 /Idieresis 8#320 /Eth 8#321 /Ntilde 8#322 /Ograve
-8#323 /Oacute 8#324 /Ocircumflex 8#325 /Otilde 8#326 /Odieresis 8#327 /multiply
-8#330 /Oslash 8#331 /Ugrave 8#332 /Uacute 8#333 /Ucircumflex
-8#334 /Udieresis 8#335 /Yacute 8#336 /Thorn 8#337 /germandbls 8#340 /agrave
-8#341 /aacute 8#342 /acircumflex 8#343 /atilde 8#344 /adieresis 8#345 /aring
-8#346 /ae 8#347 /ccedilla 8#350 /egrave 8#351 /eacute
-8#352 /ecircumflex 8#353 /edieresis 8#354 /igrave 8#355 /iacute
-8#356 /icircumflex 8#357 /idieresis 8#360 /eth 8#361 /ntilde 8#362 /ograve
-8#363 /oacute 8#364 /ocircumflex 8#365 /otilde 8#366 /odieresis 8#367 /divide
-8#370 /oslash 8#371 /ugrave 8#372 /uacute 8#373 /ucircumflex
-8#374 /udieresis 8#375 /yacute 8#376 /thorn 8#377 /ydieresis] def
-/Times-Roman /Times-Roman-iso isovec ReEncode
-/Helvetica-Bold /Helvetica-Bold-iso isovec ReEncode
-/Helvetica-Narrow /Helvetica-Narrow-iso isovec ReEncode
-/$F2psBegin {$F2psDict begin /$F2psEnteredState save def} def
-/$F2psEnd {$F2psEnteredState restore end} def
-%%EndProlog
-
-$F2psBegin
-10 setmiterlimit
-n -1000 9572 m -1000 -1000 l 13622 -1000 l 13622 9572 l cp clip
- 0.05883 0.05883 sc
-%%Page: 1 1
-% Polyline
-7.500 slw
-n 6413 2048 m 6380 2054 l 6348 2061 l 6315 2067 l 6283 2073 l 6250 2079 l
- 6217 2084 l 6185 2090 l 6152 2095 l 6120 2101 l 6088 2107 l
- 6057 2113 l 6027 2120 l 5998 2126 l 5970 2134 l 5943 2141 l
- 5918 2149 l 5894 2158 l 5873 2167 l 5853 2177 l 5835 2187 l
- 5819 2198 l 5805 2210 l 5793 2222 l 5782 2235 l 5774 2250 l
- 5768 2265 l 5763 2281 l 5760 2299 l 5759 2318 l 5759 2339 l
- 5761 2360 l 5764 2383 l 5768 2408 l 5774 2433 l 5780 2460 l
- 5788 2488 l 5797 2516 l 5806 2546 l 5815 2575 l 5825 2606 l
- 5836 2636 l 5846 2666 l 5856 2696 l 5866 2726 l 5875 2755 l
- 5884 2784 l 5892 2812 l 5899 2839 l 5905 2866 l 5910 2891 l
- 5915 2916 l 5918 2940 l 5919 2968 l 5920 2995 l 5919 3022 l
- 5916 3048 l 5912 3075 l 5908 3101 l 5902 3127 l 5895 3153 l
- 5887 3179 l 5880 3205 l 5871 3230 l 5863 3254 l 5855 3278 l
- 5848 3302 l 5841 3324 l 5834 3346 l 5829 3367 l 5824 3388 l
- 5821 3408 l 5819 3427 l 5819 3446 l 5820 3465 l 5823 3484 l
- 5827 3503 l 5833 3522 l 5840 3542 l 5848 3562 l 5858 3582 l
- 5868 3603 l 5880 3625 l 5891 3647 l 5904 3669 l 5916 3691 l
- 5929 3713 l 5941 3736 l 5953 3758 l 5964 3779 l 5974 3801 l
- 5983 3822 l 5991 3843 l 5997 3863 l 6002 3883 l 6006 3903 l
- 6008 3923 l 6008 3942 l 6006 3962 l 6003 3983 l 5998 4004 l
- 5992 4025 l 5985 4048 l 5977 4070 l 5968 4094 l 5958 4118 l
- 5947 4142 l 5936 4167 l 5925 4192 l 5913 4216 l 5902 4241 l
- 5892 4266 l 5882 4291 l 5872 4315 l 5864 4339 l 5857 4362 l
- 5851 4386 l 5846 4409 l 5843 4433 l 5840 4456 l 5840 4480 l
- 5840 4505 l 5842 4530 l 5845 4556 l 5849 4582 l 5854 4609 l
- 5860 4636 l 5867 4664 l 5875 4692 l 5883 4720 l 5892 4747 l
- 5901 4774 l 5910 4801 l 5920 4827 l 5929 4852 l 5938 4875 l
- 5947 4898 l 5955 4920 l 5963 4941 l 5971 4961 l 5978 4980 l
- 5985 5002 l 5992 5024 l 5999 5046 l 6005 5067 l 6010 5088 l
- 6016 5109 l 6022 5129 l 6027 5150 l 6033 5170 l 6039 5190 l
- 6045 5209 l 6052 5228 l 6059 5246 l 6067 5264 l 6075 5281 l
- 6084 5298 l 6094 5315 l 6105 5333 l 6115 5347 l 6125 5361 l
- 6137 5376 l 6149 5392 l 6162 5408 l 6176 5425 l 6191 5443 l
- 6206 5461 l 6221 5480 l 6237 5499 l 6253 5519 l 6269 5539 l
- 6284 5559 l 6299 5579 l 6313 5599 l 6327 5619 l 6340 5639 l
- 6352 5659 l 6363 5679 l 6373 5698 l 6382 5718 l 6390 5738 l
- 6398 5759 l 6404 5782 l 6410 5805 l 6415 5828 l 6420 5852 l
- 6424 5877 l 6428 5902 l 6431 5927 l 6435 5952 l 6438 5977 l
- 6442 6001 l 6446 6025 l 6450 6048 l 6455 6069 l 6461 6090 l
- 6467 6109 l 6474 6127 l 6483 6143 l 6492 6159 l 6503 6173 l
- 6515 6185 l 6528 6197 l 6543 6209 l 6560 6220 l 6578 6230 l
- 6598 6240 l 6619 6250 l 6641 6260 l 6663 6270 l 6687 6281 l
- 6710 6291 l 6733 6302 l 6757 6312 l 6779 6324 l 6801 6335 l
- 6821 6348 l 6841 6361 l 6859 6374 l 6876 6389 l 6893 6405 l
- 6906 6421 l 6919 6437 l 6932 6455 l 6944 6475 l 6955 6495 l
- 6967 6516 l 6979 6538 l 6991 6561 l 7003 6584 l 7015 6608 l
- 7027 6631 l 7040 6654 l 7053 6677 l 7067 6699 l 7081 6720 l
- 7096 6739 l 7111 6758 l 7127 6774 l 7144 6789 l 7161 6803 l
- 7180 6815 l 7200 6825 l 7220 6833 l 7240 6840 l 7263 6845 l
- 7286 6850 l 7311 6854 l 7338 6857 l 7365 6859 l 7394 6861 l
- 7424 6862 l 7454 6864 l 7485 6865 l 7516 6866 l 7547 6867 l
- 7578 6868 l 7609 6870 l 7639 6872 l 7668 6875 l 7696 6879 l
- 7723 6883 l 7748 6889 l 7773 6895 l 7795 6903 l 7817 6912 l
- 7838 6923 l 7857 6934 l 7875 6948 l 7892 6963 l 7909 6980 l
- 7926 6998 l 7941 7017 l 7957 7038 l 7972 7060 l 7987 7083 l
- 8002 7106 l 8017 7130 l 8031 7154 l 8046 7178 l 8061 7202 l
- 8075 7225 l 8090 7247 l 8105 7269 l 8120 7289 l 8135 7308 l
- 8151 7326 l 8167 7342 l 8184 7356 l 8202 7369 l 8220 7380 l
- 8239 7390 l 8260 7397 l 8282 7404 l 8305 7409 l 8330 7413 l
- 8356 7416 l 8383 7418 l 8412 7420 l 8441 7420 l 8471 7419 l
- 8502 7418 l 8534 7417 l 8565 7415 l 8597 7413 l 8629 7411 l
- 8660 7409 l 8690 7407 l 8720 7405 l 8749 7404 l 8777 7404 l
- 8804 7404 l 8830 7405 l 8856 7407 l 8880 7410 l 8906 7414 l
- 8931 7420 l 8956 7427 l 8981 7435 l 9005 7444 l 9029 7455 l
- 9053 7466 l 9077 7478 l 9100 7491 l 9123 7504 l 9146 7517 l
- 9168 7531 l 9190 7544 l 9210 7557 l 9230 7570 l 9250 7582 l
- 9268 7593 l 9286 7604 l 9304 7613 l 9320 7621 l 9336 7629 l
- 9353 7635 l 9370 7641 l 9388 7645 l 9406 7648 l 9425 7650 l
- 9444 7652 l 9464 7653 l 9485 7653 l 9508 7653 l 9531 7653 l
- 9555 7653 l 9579 7653 l 9605 7654 l 9631 7655 l 9658 7656 l
- 9685 7659 l 9713 7662 l 9742 7666 l 9771 7672 l 9801 7679 l
- 9833 7688 l 9853 7694 l 9874 7700 l 9895 7708 l 9918 7716 l
- 9941 7725 l 9966 7734 l 9991 7745 l 10017 7755 l 10045 7767 l
- 10073 7779 l 10102 7791 l 10132 7804 l 10163 7818 l 10194 7831 l
- 10227 7845 l 10259 7860 l 10293 7874 l 10326 7889 l 10360 7903 l
- 10394 7918 l 10429 7932 l 10463 7947 l 10497 7961 l 10531 7974 l
- 10565 7988 l 10599 8001 l 10633 8013 l 10667 8025 l 10700 8037 l
- 10733 8049 l 10767 8059 l 10800 8070 l 10834 8080 l 10868 8090 l
- 10902 8099 l 10937 8108 l 10973 8117 l 11009 8125 l 11045 8133 l
- 11083 8141 l 11120 8148 l 11158 8155 l 11197 8161 l 11236 8167 l
- 11275 8172 l 11313 8177 l 11352 8181 l 11391 8184 l 11429 8187 l
- 11467 8190 l 11504 8191 l 11540 8192 l 11576 8192 l 11610 8192 l
- 11644 8191 l 11676 8189 l 11707 8187 l 11738 8184 l 11767 8180 l
- 11794 8176 l 11821 8171 l 11847 8165 l 11871 8159 l 11895 8153 l
- 11923 8143 l 11950 8133 l 11976 8122 l 12001 8109 l 12025 8096 l
- 12048 8081 l 12071 8065 l 12092 8048 l 12113 8031 l 12133 8012 l
- 12153 7992 l 12171 7972 l 12188 7951 l 12205 7930 l 12220 7909 l
- 12235 7887 l 12248 7865 l 12260 7843 l 12272 7822 l 12282 7800 l
- 12292 7779 l 12301 7759 l 12309 7739 l 12316 7719 l 12323 7699 l
- 12330 7680 l 12338 7655 l 12345 7631 l 12352 7607 l 12359 7582 l
- 12365 7558 l 12371 7533 l 12377 7508 l 12382 7484 l 12388 7460 l
- 12392 7436 l 12397 7414 l 12401 7391 l 12405 7370 l 12409 7350 l
- 12412 7331 l 12415 7313 l 12418 7297 l 12421 7281 l 12424 7266 l
- 12428 7253 l 12432 7234 l 12437 7216 l 12442 7199 l 12446 7183 l
- 12451 7166 l 12456 7150 l 12460 7134 l 12463 7117 l 12466 7101 l
- 12468 7086 l 12469 7070 l 12469 7054 l 12467 7037 l 12465 7020 l
- 12462 7006 l 12459 6991 l 12455 6975 l 12450 6958 l 12445 6940 l
- 12440 6921 l 12434 6901 l 12428 6880 l 12422 6859 l 12416 6838 l
- 12411 6817 l 12406 6796 l 12401 6776 l 12397 6756 l 12394 6736 l
- 12392 6718 l 12390 6700 l 12390 6683 l 12390 6665 l 12392 6649 l
- 12394 6631 l 12397 6614 l 12401 6597 l 12406 6579 l 12411 6561 l
- 12416 6542 l 12422 6524 l 12428 6505 l 12434 6487 l 12440 6468 l
- 12445 6450 l 12450 6432 l 12455 6414 l 12459 6396 l 12462 6378 l
- 12465 6360 l 12467 6343 l 12468 6326 l 12469 6308 l 12469 6289 l
- 12468 6269 l 12468 6249 l 12466 6227 l 12464 6205 l 12462 6182 l
- 12460 6159 l 12457 6135 l 12454 6111 l 12451 6087 l 12447 6063 l
- 12444 6040 l 12441 6016 l 12437 5993 l 12434 5970 l 12431 5948 l
- 12428 5925 l 12424 5902 l 12421 5879 l 12419 5855 l 12416 5831 l
- 12413 5806 l 12411 5781 l 12408 5755 l 12406 5729 l 12404 5702 l
- 12403 5676 l 12401 5651 l 12400 5625 l 12400 5601 l 12399 5578 l
- 12399 5555 l 12400 5534 l 12401 5514 l 12402 5495 l 12403 5477 l
- 12405 5460 l 12408 5440 l 12411 5421 l 12416 5402 l 12420 5384 l
- 12426 5365 l 12431 5347 l 12437 5329 l 12444 5311 l 12450 5293 l
- 12456 5275 l 12462 5258 l 12468 5240 l 12474 5222 l 12479 5205 l
- 12483 5186 l 12488 5168 l 12490 5152 l 12493 5135 l 12496 5117 l
- 12498 5099 l 12500 5079 l 12502 5058 l 12504 5036 l 12506 5014 l
- 12507 4990 l 12509 4966 l 12510 4942 l 12512 4918 l 12513 4893 l
- 12515 4869 l 12516 4845 l 12518 4822 l 12520 4799 l 12521 4776 l
- 12523 4754 l 12525 4733 l 12527 4713 l 12529 4693 l 12531 4673 l
- 12534 4653 l 12536 4632 l 12539 4610 l 12541 4588 l 12543 4566 l
- 12546 4543 l 12548 4520 l 12550 4497 l 12552 4473 l 12553 4450 l
- 12554 4426 l 12555 4403 l 12555 4380 l 12555 4357 l 12555 4334 l
- 12554 4312 l 12552 4290 l 12550 4267 l 12548 4245 l 12545 4224 l
- 12541 4203 l 12537 4181 l 12533 4159 l 12528 4136 l 12523 4112 l
- 12517 4088 l 12510 4064 l 12503 4038 l 12496 4013 l 12488 3987 l
- 12479 3961 l 12471 3935 l 12462 3909 l 12452 3884 l 12443 3859 l
- 12434 3835 l 12424 3811 l 12415 3788 l 12405 3766 l 12396 3744 l
- 12386 3723 l 12377 3702 l 12368 3683 l 12357 3661 l 12347 3640 l
- 12336 3619 l 12325 3598 l 12314 3576 l 12303 3555 l 12291 3533 l
- 12280 3511 l 12269 3489 l 12257 3467 l 12246 3446 l 12235 3424 l
- 12225 3402 l 12215 3381 l 12206 3360 l 12197 3340 l 12189 3320 l
- 12181 3301 l 12174 3281 l 12168 3262 l 12162 3244 l 12158 3225 l
- 12153 3204 l 12149 3183 l 12145 3162 l 12142 3139 l 12140 3117 l
- 12138 3094 l 12137 3071 l 12137 3047 l 12138 3024 l 12139 3001 l
- 12141 2978 l 12143 2956 l 12146 2935 l 12150 2915 l 12154 2896 l
- 12158 2879 l 12163 2862 l 12168 2847 l 12174 2833 l 12180 2820 l
- 12188 2805 l 12197 2792 l 12206 2779 l 12216 2766 l 12227 2754 l
- 12238 2742 l 12249 2730 l 12260 2717 l 12272 2704 l 12282 2691 l
- 12292 2676 l 12302 2661 l 12310 2645 l 12318 2627 l 12324 2608 l
- 12330 2588 l 12334 2571 l 12336 2553 l 12339 2534 l 12341 2513 l
- 12342 2491 l 12343 2467 l 12343 2442 l 12342 2416 l 12340 2389 l
- 12338 2360 l 12335 2332 l 12331 2303 l 12326 2273 l 12320 2244 l
- 12314 2215 l 12307 2187 l 12299 2159 l 12290 2132 l 12280 2106 l
- 12270 2081 l 12259 2056 l 12248 2033 l 12236 2011 l 12224 1990 l
- 12210 1970 l 12196 1949 l 12181 1929 l 12164 1910 l 12147 1890 l
- 12129 1871 l 12110 1853 l 12090 1835 l 12070 1818 l 12049 1802 l
- 12027 1787 l 12005 1773 l 11983 1761 l 11961 1749 l 11939 1739 l
- 11917 1730 l 11895 1722 l 11874 1716 l 11852 1710 l 11831 1707 l
- 11811 1704 l 11790 1703 l 11769 1702 l 11748 1703 l 11727 1705 l
- 11706 1708 l 11683 1711 l 11660 1716 l 11636 1721 l 11612 1727 l
- 11587 1733 l 11560 1740 l 11534 1747 l 11506 1754 l 11479 1761 l
- 11450 1768 l 11422 1774 l 11393 1780 l 11364 1786 l 11334 1791 l
- 11305 1795 l 11275 1798 l 11245 1800 l 11215 1801 l 11184 1801 l
- 11153 1800 l 11128 1798 l 11104 1796 l 11078 1793 l 11052 1790 l
- 11025 1785 l 10997 1781 l 10968 1776 l 10939 1770 l 10908 1764 l
- 10877 1758 l 10844 1751 l 10811 1744 l 10778 1737 l 10743 1730 l
- 10708 1722 l 10673 1715 l 10637 1708 l 10601 1701 l 10565 1695 l
- 10530 1688 l 10494 1682 l 10458 1677 l 10422 1672 l 10387 1668 l
- 10352 1664 l 10318 1661 l 10284 1658 l 10250 1657 l 10216 1656 l
- 10183 1655 l 10150 1656 l 10118 1658 l 10087 1660 l 10055 1663 l
- 10024 1666 l 9992 1671 l 9960 1676 l 9927 1682 l 9894 1688 l
- 9861 1695 l 9827 1703 l 9792 1711 l 9757 1720 l 9721 1729 l
- 9685 1738 l 9649 1748 l 9613 1757 l 9576 1767 l 9539 1778 l
- 9502 1788 l 9465 1798 l 9429 1807 l 9392 1817 l 9356 1826 l
- 9320 1835 l 9285 1844 l 9250 1852 l 9216 1860 l 9182 1867 l
- 9148 1873 l 9115 1879 l 9082 1884 l 9050 1889 l 9018 1892 l
- 8987 1895 l 8955 1898 l 8919 1899 l 8883 1900 l 8847 1899 l
- 8811 1898 l 8774 1896 l 8737 1893 l 8699 1889 l 8661 1884 l
- 8623 1878 l 8585 1872 l 8546 1865 l 8508 1857 l 8470 1849 l
- 8432 1840 l 8395 1830 l 8358 1821 l 8322 1811 l 8287 1801 l
- 8254 1790 l 8221 1780 l 8189 1770 l 8159 1760 l 8130 1750 l
- 8102 1740 l 8076 1730 l 8051 1721 l 8028 1712 l 8006 1703 l
- 7985 1695 l 7965 1688 l 7931 1674 l 7899 1662 l 7871 1650 l
- 7844 1640 l 7820 1631 l 7798 1623 l 7778 1617 l 7760 1611 l
- 7743 1607 l 7728 1603 l 7715 1601 l 7702 1600 l 7691 1600 l
- 7680 1601 l 7669 1603 l 7658 1605 l 7648 1607 l 7638 1610 l
- 7627 1613 l 7615 1617 l 7601 1621 l 7587 1626 l 7571 1632 l
- 7554 1638 l 7536 1645 l 7517 1653 l 7496 1661 l 7474 1670 l
- 7452 1679 l 7428 1689 l 7403 1699 l 7378 1709 l 7352 1720 l
- 7325 1731 l 7297 1743 l 7268 1755 l 7247 1763 l 7226 1772 l
- 7204 1781 l 7182 1790 l 7158 1800 l 7133 1810 l 7108 1820 l
- 7081 1831 l 7053 1842 l 7025 1853 l 6996 1864 l 6966 1875 l
- 6935 1886 l 6904 1898 l 6873 1909 l 6841 1921 l 6809 1932 l
- 6776 1943 l 6744 1954 l 6712 1964 l 6680 1974 l 6649 1984 l
- 6618 1994 l 6587 2003 l 6557 2011 l 6527 2019 l 6498 2027 l
- 6469 2034 l 6441 2041 l cp gs col34 1.00 shd ef gr gs col34 s gr
-% Polyline
-n 675 6525 m 5850 6525 l 5850 6075 l 5625 6075 l 5625 5625 l 900 5625 l
- 900 6075 l 675 6075 l cp gs col7 1.00 shd ef gr gs col7 s gr
-% Polyline
-n 1125 6525 m 5355 6525 l 5400 5175 l 5175 5175 l 5175 4725 l 4950 4725 l
- 4950 4275 l 1575 4275 l 1575 4725 l 1350 4725 l 1350 5175 l
- 1125 5175 l cp gs col34 1.00 shd ef gr gs col34 s gr
-% Polyline
-75.000 slw
-n 9450 4500 m 12465 2205 l gs col7 s gr
-% Polyline
-n 9450 4500 m 9450 7785 l gs col7 s gr
-% Polyline
-n 9450 4500 m 6075 1935 l gs col7 s gr
-% Polyline
-n 12510 6435 m 9450 6435 l gs col7 s gr
-% Polyline
-7.500 slw
-n 1800 6525 m 4725 6525 l 4725 3825 l 4500 3825 l 4500 3375 l 4275 3375 l
- 4275 2925 l 4050 2925 l 4050 2475 l 2475 2475 l 2475 2925 l
- 2250 2925 l 2250 3375 l 2025 3375 l 2025 3825 l 1800 3825 l
- cp gs col35 1.00 shd ef gr gs col35 s gr
-% Polyline
-n 2700 6525 m 3825 6525 l 3825 2025 l 3600 2025 l 3600 1575 l 2925 1575 l
- 2925 2025 l 2700 2025 l cp gs col33 1.00 shd ef gr gs col33 s gr
-% Polyline
-gs clippath
-12068 6810 m 11970 6885 l 12022 6773 l 11937 6878 l 11984 6915 l cp
-clip
-n 12375 4455 m 12510 4635 l 12510 6210 l 11970 6885 l gs col34 1.00 shd ef gr gs col0 s gr gr
-
-% arrowhead
-n 12068 6810 m 11970 6885 l 12022 6773 l 12045 6791 l 12068 6810 l cp gs 0.00 setgray ef gr col0 s
-% Polyline
-gs clippath
-7113 6004 m 7155 6120 l 7063 6037 l 7138 6149 l 7188 6116 l cp
-clip
-n 6705 5445 m 7155 6120 l gs col34 1.00 shd ef gr gs col0 s gr gr
-
-% arrowhead
-n 7113 6004 m 7155 6120 l 7063 6037 l 7088 6020 l 7113 6004 l cp gs 0.00 setgray ef gr col0 s
-% Polyline
-gs clippath
-7304 4656 m 7200 4590 l 7323 4599 l 7195 4557 l 7176 4614 l cp
-clip
-n 7875 4815 m 7200 4590 l gs col34 1.00 shd ef gr gs col0 s gr gr
-
-% arrowhead
-n 7304 4656 m 7200 4590 l 7323 4599 l 7314 4628 l 7304 4656 l cp gs 0.00 setgray ef gr col0 s
-% Polyline
-gs clippath
-11405 4128 m 11475 4230 l 11365 4173 l 11466 4262 l 11506 4217 l cp
-clip
-n 9585 2565 m 11475 4230 l gs col34 1.00 shd ef gr gs col0 s gr gr
-
-% arrowhead
-n 11405 4128 m 11475 4230 l 11365 4173 l 11385 4151 l 11405 4128 l cp gs 0.00 setgray ef gr col0 s
-% Polyline
-gs clippath
-11712 4556 m 11835 4545 l 11732 4613 l 11859 4568 l 11839 4512 l cp
-clip
-n 10170 5130 m 11835 4545 l gs col34 1.00 shd ef gr gs col0 s gr gr
-
-% arrowhead
-n 11712 4556 m 11835 4545 l 11732 4613 l 11722 4585 l 11712 4556 l cp gs 0.00 setgray ef gr col0 s
-% Polyline
-gs clippath
-9732 5411 m 9855 5400 l 9752 5468 l 9879 5423 l 9859 5367 l cp
-clip
-n 7920 6075 m 9855 5400 l gs col34 1.00 shd ef gr gs col0 s gr gr
-
-% arrowhead
-n 9732 5411 m 9855 5400 l 9752 5468 l 9742 5440 l 9732 5411 l cp gs 0.00 setgray ef gr col0 s
-% Polyline
-gs clippath
-10823 5573 m 10935 5625 l 10812 5632 l 10944 5657 l 10955 5598 l cp
-clip
-n 9990 5445 m 10935 5625 l gs col34 1.00 shd ef gr gs col0 s gr gr
-
-% arrowhead
-n 10823 5573 m 10935 5625 l 10812 5632 l 10817 5603 l 10823 5573 l cp gs 0.00 setgray ef gr col0 s
-% Polyline
-gs clippath
-10815 5280 m 10935 5310 l 10815 5340 l 10950 5340 l 10950 5280 l cp
-clip
-n 10215 5310 m 10935 5310 l gs col34 1.00 shd ef gr gs col0 s gr gr
-
-% arrowhead
-n 10815 5280 m 10935 5310 l 10815 5340 l 10815 5310 l 10815 5280 l cp gs 0.00 setgray ef gr col0 s
-% Polyline
-gs clippath
-11955 4965 m 11925 5085 l 11895 4965 l 11895 5100 l 11955 5100 l cp
-clip
-n 11925 4590 m 11925 5085 l gs col34 1.00 shd ef gr gs col0 s gr gr
-
-% arrowhead
-n 11955 4965 m 11925 5085 l 11895 4965 l 11925 4965 l 11955 4965 l cp gs 0.00 setgray ef gr col0 s
-% Polyline
-gs clippath
-9840 6720 m 9810 6840 l 9780 6720 l 9780 6855 l 9840 6855 l cp
-clip
-n 9810 5490 m 9810 6840 l gs col34 1.00 shd ef gr gs col0 s gr gr
-
-% arrowhead
-n 9840 6720 m 9810 6840 l 9780 6720 l 9810 6720 l 9840 6720 l cp gs 0.00 setgray ef gr col0 s
-% Polyline
-gs clippath
-10847 5943 m 10935 6030 l 10816 5995 l 10933 6063 l 10963 6012 l cp
-clip
-n 9945 5445 m 10935 6030 l gs col34 1.00 shd ef gr gs col0 s gr gr
-
-% arrowhead
-n 10847 5943 m 10935 6030 l 10816 5995 l 10832 5969 l 10847 5943 l cp gs 0.00 setgray ef gr col0 s
-% Polyline
-gs clippath
-10698 2634 m 10800 2565 l 10742 2674 l 10832 2574 l 10788 2534 l cp
-clip
-n 8865 4725 m 10800 2565 l gs col34 1.00 shd ef gr gs col0 s gr gr
-
-% arrowhead
-n 10698 2634 m 10800 2565 l 10742 2674 l 10720 2654 l 10698 2634 l cp gs 0.00 setgray ef gr col0 s
-% Polyline
-30.000 slw
-n 675 6075 m 5850 6075 l gs col34 1.00 shd ef gr gs col0 s gr
-% Polyline
-7.500 slw
- [15 15] 15 sd
-gs clippath
-645 6195 m 675 6075 l 705 6195 l 705 6060 l 645 6060 l cp
-clip
-n 675 6525 m 675 6075 l gs col34 1.00 shd ef gr gs col0 s gr gr
- [] 0 sd
-% arrowhead
-n 645 6195 m 675 6075 l 705 6195 l 675 6195 l 645 6195 l cp gs 0.00 setgray ef gr col0 s
-% Polyline
- [15 15] 15 sd
-gs clippath
-5880 6405 m 5850 6525 l 5820 6405 l 5820 6540 l 5880 6540 l cp
-clip
-n 5850 6075 m 5850 6525 l gs col34 1.00 shd ef gr gs col0 s gr gr
- [] 0 sd
-% arrowhead
-n 5880 6405 m 5850 6525 l 5820 6405 l 5850 6405 l 5880 6405 l cp gs col7 1.00 shd ef gr col0 s
-% Polyline
-30.000 slw
-n 900 5625 m 5625 5625 l gs col34 1.00 shd ef gr gs col0 s gr
-% Polyline
-n 1125 5175 m 5400 5175 l gs col34 1.00 shd ef gr gs col0 s gr
-% Polyline
-n 1350 4725 m 5175 4725 l gs col34 1.00 shd ef gr gs col0 s gr
-% Polyline
-n 1575 4275 m 4950 4275 l gs col34 1.00 shd ef gr gs col0 s gr
-% Polyline
-n 1800 3825 m 4725 3825 l gs col34 1.00 shd ef gr gs col0 s gr
-% Polyline
-n 2025 3375 m 4500 3375 l gs col34 1.00 shd ef gr gs col0 s gr
-% Polyline
-n 2250 2925 m 4275 2925 l gs col34 1.00 shd ef gr gs col0 s gr
-% Polyline
-n 2475 2475 m 4050 2475 l gs col34 1.00 shd ef gr gs col0 s gr
-% Polyline
-n 2700 2025 m 3825 2025 l gs col34 1.00 shd ef gr gs col0 s gr
-% Polyline
-n 2925 1575 m 3600 1575 l gs col34 1.00 shd ef gr gs col0 s gr
-% Polyline
-7.500 slw
- [15 15] 15 sd
-gs clippath
-870 5745 m 900 5625 l 930 5745 l 930 5610 l 870 5610 l cp
-clip
-n 900 6075 m 900 5625 l gs col34 1.00 shd ef gr gs col0 s gr gr
- [] 0 sd
-% arrowhead
-n 870 5745 m 900 5625 l 930 5745 l 900 5745 l 870 5745 l cp gs 0.00 setgray ef gr col0 s
-% Polyline
- [15 15] 15 sd
-gs clippath
-1095 5295 m 1125 5175 l 1155 5295 l 1155 5160 l 1095 5160 l cp
-clip
-n 1125 6525 m 1125 5175 l gs col34 1.00 shd ef gr gs col0 s gr gr
- [] 0 sd
-% arrowhead
-n 1095 5295 m 1125 5175 l 1155 5295 l 1125 5295 l 1095 5295 l cp gs 0.00 setgray ef gr col0 s
-% Polyline
- [15 15] 15 sd
-gs clippath
-1320 4845 m 1350 4725 l 1380 4845 l 1380 4710 l 1320 4710 l cp
-clip
-n 1350 5175 m 1350 4725 l gs col34 1.00 shd ef gr gs col0 s gr gr
- [] 0 sd
-% arrowhead
-n 1320 4845 m 1350 4725 l 1380 4845 l 1350 4845 l 1320 4845 l cp gs 0.00 setgray ef gr col0 s
-% Polyline
- [15 15] 15 sd
-gs clippath
-1545 4395 m 1575 4275 l 1605 4395 l 1605 4260 l 1545 4260 l cp
-clip
-n 1575 4725 m 1575 4275 l gs col34 1.00 shd ef gr gs col0 s gr gr
- [] 0 sd
-% arrowhead
-n 1545 4395 m 1575 4275 l 1605 4395 l 1575 4395 l 1545 4395 l cp gs 0.00 setgray ef gr col0 s
-% Polyline
- [15 15] 15 sd
-gs clippath
-1770 3945 m 1800 3825 l 1830 3945 l 1830 3810 l 1770 3810 l cp
-clip
-n 1800 6525 m 1800 3825 l gs col34 1.00 shd ef gr gs col0 s gr gr
- [] 0 sd
-% arrowhead
-n 1770 3945 m 1800 3825 l 1830 3945 l 1800 3945 l 1770 3945 l cp gs 0.00 setgray ef gr col0 s
-% Polyline
- [15 15] 15 sd
-gs clippath
-1995 3495 m 2025 3375 l 2055 3495 l 2055 3360 l 1995 3360 l cp
-clip
-n 2025 3825 m 2025 3375 l gs col34 1.00 shd ef gr gs col0 s gr gr
- [] 0 sd
-% arrowhead
-n 1995 3495 m 2025 3375 l 2055 3495 l 2025 3495 l 1995 3495 l cp gs 0.00 setgray ef gr col0 s
-% Polyline
- [15 15] 15 sd
-gs clippath
-2220 3045 m 2250 2925 l 2280 3045 l 2280 2910 l 2220 2910 l cp
-clip
-n 2250 3375 m 2250 2925 l gs col34 1.00 shd ef gr gs col0 s gr gr
- [] 0 sd
-% arrowhead
-n 2220 3045 m 2250 2925 l 2280 3045 l 2250 3045 l 2220 3045 l cp gs 0.00 setgray ef gr col0 s
-% Polyline
- [15 15] 15 sd
-gs clippath
-2445 2595 m 2475 2475 l 2505 2595 l 2505 2460 l 2445 2460 l cp
-clip
-n 2475 2925 m 2475 2475 l gs col34 1.00 shd ef gr gs col0 s gr gr
- [] 0 sd
-% arrowhead
-n 2445 2595 m 2475 2475 l 2505 2595 l 2475 2595 l 2445 2595 l cp gs 0.00 setgray ef gr col0 s
-% Polyline
- [15 15] 15 sd
-gs clippath
-5655 5955 m 5625 6075 l 5595 5955 l 5595 6090 l 5655 6090 l cp
-clip
-n 5625 5625 m 5625 6075 l gs col34 1.00 shd ef gr gs col0 s gr gr
- [] 0 sd
-% arrowhead
-n 5655 5955 m 5625 6075 l 5595 5955 l 5625 5955 l 5655 5955 l cp gs col7 1.00 shd ef gr col0 s
-% Polyline
- [15 15] 15 sd
-gs clippath
-5430 6405 m 5400 6525 l 5370 6405 l 5370 6540 l 5430 6540 l cp
-clip
-n 5400 5175 m 5400 6525 l gs col34 1.00 shd ef gr gs col0 s gr gr
- [] 0 sd
-% arrowhead
-n 5430 6405 m 5400 6525 l 5370 6405 l 5400 6405 l 5430 6405 l cp gs col7 1.00 shd ef gr col0 s
-% Polyline
- [15 15] 15 sd
-gs clippath
-5205 5055 m 5175 5175 l 5145 5055 l 5145 5190 l 5205 5190 l cp
-clip
-n 5175 4725 m 5175 5175 l gs col34 1.00 shd ef gr gs col0 s gr gr
- [] 0 sd
-% arrowhead
-n 5205 5055 m 5175 5175 l 5145 5055 l 5175 5055 l 5205 5055 l cp gs col7 1.00 shd ef gr col0 s
-% Polyline
- [15 15] 15 sd
-gs clippath
-4980 4605 m 4950 4725 l 4920 4605 l 4920 4740 l 4980 4740 l cp
-clip
-n 4950 4275 m 4950 4725 l gs col34 1.00 shd ef gr gs col0 s gr gr
- [] 0 sd
-% arrowhead
-n 4980 4605 m 4950 4725 l 4920 4605 l 4950 4605 l 4980 4605 l cp gs col7 1.00 shd ef gr col0 s
-% Polyline
- [15 15] 15 sd
-gs clippath
-4755 6405 m 4725 6525 l 4695 6405 l 4695 6540 l 4755 6540 l cp
-clip
-n 4725 3825 m 4725 6525 l gs col34 1.00 shd ef gr gs col0 s gr gr
- [] 0 sd
-% arrowhead
-n 4755 6405 m 4725 6525 l 4695 6405 l 4725 6405 l 4755 6405 l cp gs col7 1.00 shd ef gr col0 s
-% Polyline
- [15 15] 15 sd
-gs clippath
-4530 3705 m 4500 3825 l 4470 3705 l 4470 3840 l 4530 3840 l cp
-clip
-n 4500 3375 m 4500 3825 l gs col34 1.00 shd ef gr gs col0 s gr gr
- [] 0 sd
-% arrowhead
-n 4530 3705 m 4500 3825 l 4470 3705 l 4500 3705 l 4530 3705 l cp gs col7 1.00 shd ef gr col0 s
-% Polyline
- [15 15] 15 sd
-gs clippath
-4305 3255 m 4275 3375 l 4245 3255 l 4245 3390 l 4305 3390 l cp
-clip
-n 4275 2925 m 4275 3375 l gs col34 1.00 shd ef gr gs col0 s gr gr
- [] 0 sd
-% arrowhead
-n 4305 3255 m 4275 3375 l 4245 3255 l 4275 3255 l 4305 3255 l cp gs col7 1.00 shd ef gr col0 s
-% Polyline
- [15 15] 15 sd
-gs clippath
-4080 2805 m 4050 2925 l 4020 2805 l 4020 2940 l 4080 2940 l cp
-clip
-n 4050 2475 m 4050 2925 l gs col34 1.00 shd ef gr gs col0 s gr gr
- [] 0 sd
-% arrowhead
-n 4080 2805 m 4050 2925 l 4020 2805 l 4050 2805 l 4080 2805 l cp gs col7 1.00 shd ef gr col0 s
-% Polyline
- [15 15] 15 sd
-gs clippath
-2670 2145 m 2700 2025 l 2730 2145 l 2730 2010 l 2670 2010 l cp
-clip
-n 2700 6525 m 2700 2025 l gs col34 1.00 shd ef gr gs col0 s gr gr
- [] 0 sd
-% arrowhead
-n 2670 2145 m 2700 2025 l 2730 2145 l 2700 2145 l 2670 2145 l cp gs 0.00 setgray ef gr col0 s
-% Polyline
- [15 15] 15 sd
-gs clippath
-3855 6405 m 3825 6525 l 3795 6405 l 3795 6540 l 3855 6540 l cp
-clip
-n 3825 2025 m 3825 6525 l gs col34 1.00 shd ef gr gs col0 s gr gr
- [] 0 sd
-% arrowhead
-n 3855 6405 m 3825 6525 l 3795 6405 l 3825 6405 l 3855 6405 l cp gs col7 1.00 shd ef gr col0 s
-% Polyline
- [15 15] 15 sd
-gs clippath
-3630 1905 m 3600 2025 l 3570 1905 l 3570 2040 l 3630 2040 l cp
-clip
-n 3600 1575 m 3600 2025 l gs col34 1.00 shd ef gr gs col0 s gr gr
- [] 0 sd
-% arrowhead
-n 3630 1905 m 3600 2025 l 3570 1905 l 3600 1905 l 3630 1905 l cp gs col7 1.00 shd ef gr col0 s
-% Polyline
- [15 15] 15 sd
-gs clippath
-2895 1695 m 2925 1575 l 2955 1695 l 2955 1560 l 2895 1560 l cp
-clip
-n 2925 2025 m 2925 1575 l gs col34 1.00 shd ef gr gs col0 s gr gr
- [] 0 sd
-% arrowhead
-n 2895 1695 m 2925 1575 l 2955 1695 l 2925 1695 l 2895 1695 l cp gs 0.00 setgray ef gr col0 s
-% Polyline
-45.000 slw
-gs clippath
-6087 6495 m 6207 6525 l 6087 6555 l 6360 6555 l 6360 6495 l cp
-clip
-n 540 6525 m 6300 6525 l gs 0.00 setgray ef gr gs col0 s gr gr
-
-% arrowhead
-n 6087 6495 m 6207 6525 l 6087 6555 l 6087 6525 l 6087 6495 l cp gs 0.00 setgray ef gr col0 s
-% Polyline
-7.500 slw
-gs clippath
-3681 6720 m 3825 6750 l 3681 6780 l 3840 6780 l 3840 6720 l cp
-2844 6780 m 2700 6750 l 2844 6720 l 2685 6720 l 2685 6780 l cp
-clip
-n 2700 6750 m 3825 6750 l gs col34 1.00 shd ef gr gs col0 s gr gr
-
-% arrowhead
-n 2844 6780 m 2700 6750 l 2844 6720 l 2820 6750 l 2844 6780 l cp gs col7 1.00 shd ef gr col0 s
-% arrowhead
-n 3681 6720 m 3825 6750 l 3681 6780 l 3705 6750 l 3681 6720 l cp gs col7 1.00 shd ef gr col0 s
-% Polyline
-gs clippath
-5256 7170 m 5400 7200 l 5256 7230 l 5415 7230 l 5415 7170 l cp
-1269 7230 m 1125 7200 l 1269 7170 l 1110 7170 l 1110 7230 l cp
-clip
-n 1125 7200 m 5400 7200 l gs col34 1.00 shd ef gr gs col0 s gr gr
-
-% arrowhead
-n 1269 7230 m 1125 7200 l 1269 7170 l 1245 7200 l 1269 7230 l cp gs col7 1.00 shd ef gr col0 s
-% arrowhead
-n 5256 7170 m 5400 7200 l 5256 7230 l 5280 7200 l 5256 7170 l cp gs col7 1.00 shd ef gr col0 s
-% Polyline
-gs clippath
-4581 6945 m 4725 6975 l 4581 7005 l 4740 7005 l 4740 6945 l cp
-1944 7005 m 1800 6975 l 1944 6945 l 1785 6945 l 1785 7005 l cp
-clip
-n 1800 6975 m 4725 6975 l gs col34 1.00 shd ef gr gs col0 s gr gr
-
-% arrowhead
-n 1944 7005 m 1800 6975 l 1944 6945 l 1920 6975 l 1944 7005 l cp gs col7 1.00 shd ef gr col0 s
-% arrowhead
-n 4581 6945 m 4725 6975 l 4581 7005 l 4605 6975 l 4581 6945 l cp gs col7 1.00 shd ef gr col0 s
-% Polyline
-gs clippath
-5706 7395 m 5850 7425 l 5706 7455 l 5865 7455 l 5865 7395 l cp
-819 7455 m 675 7425 l 819 7395 l 660 7395 l 660 7455 l cp
-clip
-n 675 7425 m 5850 7425 l gs col34 1.00 shd ef gr gs col0 s gr gr
-
-% arrowhead
-n 819 7455 m 675 7425 l 819 7395 l 795 7425 l 819 7455 l cp gs col7 1.00 shd ef gr col0 s
-% arrowhead
-n 5706 7395 m 5850 7425 l 5706 7455 l 5730 7425 l 5706 7395 l cp gs col7 1.00 shd ef gr col0 s
-% Polyline
-1 slc
- [15 45] 45 sd
-n 675 6570 m 675 7650 l gs col34 1.00 shd ef gr gs col0 s gr [] 0 sd
-% Polyline
- [15 45] 45 sd
-n 1125 6570 m 1125 7650 l gs col34 1.00 shd ef gr gs col0 s gr [] 0 sd
-% Polyline
- [15 45] 45 sd
-n 1800 6570 m 1800 7650 l gs col34 1.00 shd ef gr gs col0 s gr [] 0 sd
-% Polyline
- [15 45] 45 sd
-n 2700 6570 m 2700 7650 l gs col34 1.00 shd ef gr gs col0 s gr [] 0 sd
-% Polyline
- [15 45] 45 sd
-n 3825 6570 m 3825 7650 l gs col34 1.00 shd ef gr gs col0 s gr [] 0 sd
-% Polyline
- [15 45] 45 sd
-n 4725 6570 m 4725 7650 l gs col34 1.00 shd ef gr gs col0 s gr [] 0 sd
-% Polyline
- [15 45] 45 sd
-n 5400 6570 m 5400 7650 l gs col34 1.00 shd ef gr gs col0 s gr [] 0 sd
-% Polyline
- [15 45] 45 sd
-n 5850 6570 m 5850 7650 l gs col34 1.00 shd ef gr gs col0 s gr [] 0 sd
-% Polyline
-0 slc
-n 750 225 m 450 225 450 1050 300 arcto 4 {pop} repeat
- 450 1350 12300 1350 300 arcto 4 {pop} repeat
- 12600 1350 12600 525 300 arcto 4 {pop} repeat
- 12600 225 750 225 300 arcto 4 {pop} repeat
- cp gs col34 1.00 shd ef gr gs col0 s gr
-% Polyline
-n 8835 2250 m 8775 2250 8775 2415 60 arcto 4 {pop} repeat
- 8775 2475 10110 2475 60 arcto 4 {pop} repeat
- 10170 2475 10170 2310 60 arcto 4 {pop} repeat
- 10170 2250 8835 2250 60 arcto 4 {pop} repeat
- cp gs col35 1.00 shd ef gr gs col35 s gr
-% Polyline
-n 10635 2250 m 10575 2250 10575 2415 60 arcto 4 {pop} repeat
- 10575 2475 11865 2475 60 arcto 4 {pop} repeat
- 11925 2475 11925 2310 60 arcto 4 {pop} repeat
- 11925 2250 10635 2250 60 arcto 4 {pop} repeat
- cp gs col35 1.00 shd ef gr gs col35 s gr
-% Polyline
-n 11490 4275 m 11430 4275 11430 4440 60 arcto 4 {pop} repeat
- 11430 4500 12315 4500 60 arcto 4 {pop} repeat
- 12375 4500 12375 4335 60 arcto 4 {pop} repeat
- 12375 4275 11490 4275 60 arcto 4 {pop} repeat
- cp gs col35 1.00 shd ef gr gs col35 s gr
-% Polyline
-n 11040 5175 m 10980 5175 10980 5340 60 arcto 4 {pop} repeat
- 10980 5400 12315 5400 60 arcto 4 {pop} repeat
- 12375 5400 12375 5235 60 arcto 4 {pop} repeat
- 12375 5175 11040 5175 60 arcto 4 {pop} repeat
- cp gs col35 1.00 shd ef gr gs col35 s gr
-% Polyline
-n 9735 5175 m 9675 5175 9675 5340 60 arcto 4 {pop} repeat
- 9675 5400 10110 5400 60 arcto 4 {pop} repeat
- 10170 5400 10170 5235 60 arcto 4 {pop} repeat
- 10170 5175 9735 5175 60 arcto 4 {pop} repeat
- cp gs col35 1.00 shd ef gr gs col35 s gr
-% Polyline
-n 7260 6075 m 7200 6075 7200 6240 60 arcto 4 {pop} repeat
- 7200 6300 7815 6300 60 arcto 4 {pop} repeat
- 7875 6300 7875 6135 60 arcto 4 {pop} repeat
- 7875 6075 7260 6075 60 arcto 4 {pop} repeat
- cp gs col35 1.00 shd ef gr gs col35 s gr
-% Polyline
-n 6810 2250 m 6750 2250 6750 2415 60 arcto 4 {pop} repeat
- 6750 2475 8130 2475 60 arcto 4 {pop} repeat
- 8190 2475 8190 2310 60 arcto 4 {pop} repeat
- 8190 2250 6810 2250 60 arcto 4 {pop} repeat
- cp gs col35 1.00 shd ef gr gs col35 s gr
-% Polyline
-n 6360 3375 m 6300 3375 6300 3540 60 arcto 4 {pop} repeat
- 6300 3600 7545 3600 60 arcto 4 {pop} repeat
- 7605 3600 7605 3435 60 arcto 4 {pop} repeat
- 7605 3375 6360 3375 60 arcto 4 {pop} repeat
- cp gs col35 1.00 shd ef gr gs col35 s gr
-% Polyline
-n 6360 4275 m 6300 4275 6300 4440 60 arcto 4 {pop} repeat
- 6300 4500 7275 4500 60 arcto 4 {pop} repeat
- 7335 4500 7335 4335 60 arcto 4 {pop} repeat
- 7335 4275 6360 4275 60 arcto 4 {pop} repeat
- cp gs col35 1.00 shd ef gr gs col35 s gr
-% Polyline
-n 6360 5175 m 6300 5175 6300 5340 60 arcto 4 {pop} repeat
- 6300 5400 7140 5400 60 arcto 4 {pop} repeat
- 7200 5400 7200 5235 60 arcto 4 {pop} repeat
- 7200 5175 6360 5175 60 arcto 4 {pop} repeat
- cp gs col35 1.00 shd ef gr gs col35 s gr
-% Polyline
-gs clippath
-7365 5340 m 7245 5310 l 7365 5280 l 7230 5280 l 7230 5340 l cp
-clip
-n 9630 5310 m 7245 5310 l gs col34 1.00 shd ef gr gs col0 s gr gr
-
-% arrowhead
-n 7365 5340 m 7245 5310 l 7365 5280 l 7365 5310 l 7365 5340 l cp gs 0.00 setgray ef gr col0 s
-% Polyline
-gs clippath
-7500 4395 m 7380 4365 l 7500 4335 l 7365 4335 l 7365 4395 l cp
-clip
-n 11385 4365 m 7380 4365 l gs col34 1.00 shd ef gr gs col0 s gr gr
-
-% arrowhead
-n 7500 4395 m 7380 4365 l 7500 4335 l 7500 4365 l 7500 4395 l cp gs 0.00 setgray ef gr col0 s
-% Polyline
-n 11040 5580 m 10980 5580 10980 5745 60 arcto 4 {pop} repeat
- 10980 5805 12180 5805 60 arcto 4 {pop} repeat
- 12240 5805 12240 5640 60 arcto 4 {pop} repeat
- 12240 5580 11040 5580 60 arcto 4 {pop} repeat
- cp gs col35 1.00 shd ef gr gs col35 s gr
-% Polyline
-n 11040 5985 m 10980 5985 10980 6150 60 arcto 4 {pop} repeat
- 10980 6210 12315 6210 60 arcto 4 {pop} repeat
- 12375 6210 12375 6045 60 arcto 4 {pop} repeat
- 12375 5985 11040 5985 60 arcto 4 {pop} repeat
- cp gs col35 1.00 shd ef gr gs col35 s gr
-% Polyline
-gs clippath
-9958 5554 m 9900 5445 l 10003 5514 l 9912 5414 l 9868 5454 l cp
-clip
-n 11205 6885 m 9900 5445 l gs col34 1.00 shd ef gr gs col0 s gr gr
-
-% arrowhead
-n 9958 5554 m 9900 5445 l 10003 5514 l 9981 5534 l 9958 5554 l cp gs 0.00 setgray ef gr col0 s
-% Polyline
-n 10590 6930 m 10530 6930 10530 7095 60 arcto 4 {pop} repeat
- 10530 7155 12225 7155 60 arcto 4 {pop} repeat
- 12285 7155 12285 6990 60 arcto 4 {pop} repeat
- 12285 6930 10590 6930 60 arcto 4 {pop} repeat
- cp gs col35 1.00 shd ef gr gs col35 s gr
-% Polyline
-n 9690 6930 m 9630 6930 9630 7095 60 arcto 4 {pop} repeat
- 9630 7155 10110 7155 60 arcto 4 {pop} repeat
- 10170 7155 10170 6990 60 arcto 4 {pop} repeat
- 10170 6930 9690 6930 60 arcto 4 {pop} repeat
- cp gs col35 1.00 shd ef gr gs col35 s gr
-/Times-Roman-iso ff 120.00 scf sf
-900 7560 m
-gs 1 -1 sc (Startup, Runtime, Shutdown) col0 sh gr
-/Helvetica-Narrow-iso ff 120.00 scf sf
-6345 2970 m
-gs 1 -1 sc (ap_ctx_get\(...,) col0 sh gr
-/Helvetica-Narrow-iso ff 120.00 scf sf
-10800 2745 m
-gs 1 -1 sc (ap_get_module_config\(...) col0 sh gr
-/Helvetica-Narrow-iso ff 120.00 scf sf
-10800 2880 m
-gs 1 -1 sc (->per_dir_config,) col0 sh gr
-/Helvetica-Narrow-iso ff 120.00 scf sf
-10800 3015 m
-gs 1 -1 sc (&ssl_module\)) col0 sh gr
-% Polyline
-n 7980 4770 m 7920 4770 7920 4935 60 arcto 4 {pop} repeat
- 7920 4995 9075 4995 60 arcto 4 {pop} repeat
- 9135 4995 9135 4830 60 arcto 4 {pop} repeat
- 9135 4770 7980 4770 60 arcto 4 {pop} repeat
- cp gs col35 1.00 shd ef gr gs col35 s gr
-% Polyline
-gs clippath
-7340 2610 m 7425 2520 l 7393 2639 l 7459 2521 l 7406 2492 l cp
-clip
-n 6975 3330 m 7425 2520 l gs col34 1.00 shd ef gr gs col0 s gr gr
-
-% arrowhead
-n 7340 2610 m 7425 2520 l 7393 2639 l 7367 2625 l 7340 2610 l cp gs 0.00 setgray ef gr col0 s
-% Polyline
-gs clippath
-9336 2569 m 9450 2520 l 9373 2616 l 9480 2535 l 9444 2487 l cp
-clip
-n 7200 4230 m 9450 2520 l gs col34 1.00 shd ef gr gs col0 s gr gr
-
-% arrowhead
-n 9336 2569 m 9450 2520 l 9373 2616 l 9354 2593 l 9336 2569 l cp gs 0.00 setgray ef gr col0 s
-% Polyline
-gs clippath
-7321 5196 m 7200 5220 l 7296 5142 l 7174 5199 l 7199 5254 l cp
-clip
-n 7875 4905 m 7200 5220 l gs col34 1.00 shd ef gr gs col0 s gr gr
-
-% arrowhead
-n 7321 5196 m 7200 5220 l 7296 5142 l 7309 5169 l 7321 5196 l cp gs 0.00 setgray ef gr col0 s
-% Polyline
-gs clippath
-6720 4665 m 6750 4545 l 6780 4665 l 6780 4530 l 6720 4530 l cp
-clip
-n 6750 5130 m 6750 4545 l gs col34 1.00 shd ef gr gs col0 s gr gr
-
-% arrowhead
-n 6720 4665 m 6750 4545 l 6780 4665 l 6750 4665 l 6720 4665 l cp gs 0.00 setgray ef gr col0 s
-% Polyline
- [15 15] 15 sd
-gs clippath
-9279 4984 m 9175 4918 l 9298 4927 l 9170 4885 l 9151 4942 l cp
-clip
-n 9850 5143 m 9175 4918 l gs col34 1.00 shd ef gr gs col0 s gr gr
- [] 0 sd
-% arrowhead
-n 9279 4984 m 9175 4918 l 9298 4927 l 9289 4956 l 9279 4984 l cp gs 0.00 setgray ef gr col0 s
-/Helvetica-Narrow-iso ff 120.00 scf sf
-6210 4680 m
-gs 1 -1 sc (->server) col0 sh gr
-/Helvetica-Narrow-iso ff 120.00 scf sf
-8280 6120 m
-gs 1 -1 sc (ap_ctx_get\(...,"ssl"\)) col0 sh gr
-/Helvetica-Narrow-iso ff 120.00 scf sf
-7740 2700 m
-gs 1 -1 sc (ap_get_module_config\(...) col0 sh gr
-/Helvetica-Narrow-iso ff 120.00 scf sf
-7740 2835 m
-gs 1 -1 sc (->module_config,) col0 sh gr
-/Helvetica-Narrow-iso ff 120.00 scf sf
-7740 2970 m
-gs 1 -1 sc (&ssl_module\)) col0 sh gr
-/Helvetica-Narrow-iso ff 120.00 scf sf
-6345 3105 m
-gs 1 -1 sc ("ssl_module"\)) col0 sh gr
-/Times-Roman-iso ff 120.00 scf sf
-1350 7335 m
-gs 1 -1 sc (Configuration Time) col0 sh gr
-/Times-Roman-iso ff 120.00 scf sf
-2025 7110 m
-gs 1 -1 sc (Connection Duration) col0 sh gr
-/Times-Roman-iso ff 120.00 scf sf
-2835 6885 m
-gs 1 -1 sc (Request Duration) col0 sh gr
-/Helvetica-Bold-iso ff 300.00 scf sf
-6345 6795 m
-gs 1 -1 sc (t) col0 sh gr
-/Helvetica-Narrow-iso ff 120.00 scf sf
-7110 5985 m
-gs 1 -1 sc (->client) col0 sh gr
-/Helvetica-Narrow-iso ff 120.00 scf sf
-7065 5085 m
-gs 1 -1 sc (->connection) col0 sh gr
-/Helvetica-Narrow-iso ff 120.00 scf sf
-7065 4770 m
-gs 1 -1 sc (->server) col0 sh gr
-/Helvetica-Narrow-iso ff 120.00 scf sf
-8010 5445 m
-gs 1 -1 sc (SSL_get_app_data\(\)) col0 sh gr
-/Helvetica-Narrow-iso ff 120.00 scf sf
-10530 4050 m
-gs 1 -1 sc (->pSSLCtx) col0 sh gr
-/Helvetica-Narrow-iso ff 120.00 scf sf
-7875 4275 m
-gs 1 -1 sc (SSL_CTX_get_app_data\(\)) col0 sh gr
-/Helvetica-Narrow-iso ff 120.00 scf sf
-10305 5535 m
-gs 1 -1 sc (SSL_get_current_cipher\(\)) col0 sh gr
-/Helvetica-Narrow-iso ff 120.00 scf sf
-10440 5940 m
-gs 1 -1 sc (SSL_get_session\(\)) col0 sh gr
-/Helvetica-Narrow-iso ff 120.00 scf sf
-9540 7335 m
-gs 1 -1 sc (SSL_get_{r,w}bio\(\)) col0 sh gr
-/Helvetica-Narrow-iso ff 120.00 scf sf
-10125 4680 m
-gs 1 -1 sc (SSL_get_SSL_CTX\(\)) col0 sh gr
-/Helvetica-Narrow-iso ff 120.00 scf sf
-10350 5175 m
-gs 1 -1 sc (SSL_get_SSL_METHOD\(\)) col0 sh gr
-/Helvetica-Narrow-iso ff 120.00 scf sf
-11745 4770 m
-gs 1 -1 sc (->method) col0 sh gr
-/Helvetica-Narrow-iso ff 120.00 scf sf
-9945 6480 m
-gs 1 -1 sc (X509_STORE_CTX_get_app_data\(\)) col0 sh gr
-/Helvetica-Narrow-iso ff 120.00 scf sf
-10980 6705 m
-gs 1 -1 sc (SSL_CTX_get_cert_store\(\)) col0 sh gr
-/Helvetica-Narrow-iso ff 120.00 scf sf
-8280 5130 m
-gs 1 -1 sc (SSL_get_app_data2\(\)) col0 sh gr
-/Helvetica-Bold-iso ff 180.00 scf sf
-3645 1620 m
-gs 1 -1 sc (SSLDirConfig) col0 sh gr
-/Helvetica-Bold-iso ff 300.00 scf sf
-10935 3645 m
-gs 1 -1 sc (OpenSSL) col0 sh gr
-/Helvetica-Bold-iso ff 180.00 scf sf
-10935 3825 m
-gs 1 -1 sc ([SSL]) col0 sh gr
-/Helvetica-Bold-iso ff 180.00 scf sf
-11025 5760 m
-gs 1 -1 sc (SSL_CIPHER) col0 sh gr
-/Helvetica-Bold-iso ff 180.00 scf sf
-10980 6165 m
-gs 1 -1 sc (SSL_SESSION) col0 sh gr
-/Helvetica-Bold-iso ff 300.00 scf sf
-10710 7605 m
-gs 1 -1 sc (OpenSSL) col0 sh gr
-/Helvetica-Bold-iso ff 180.00 scf sf
-10575 7110 m
-gs 1 -1 sc (X509_STORE_CTX) col0 sh gr
-/Helvetica-Bold-iso ff 180.00 scf sf
-6795 2430 m
-gs 1 -1 sc (SSLModConfig) col0 sh gr
-/Helvetica-Bold-iso ff 180.00 scf sf
-8865 2430 m
-gs 1 -1 sc (SSLSrvConfig) col0 sh gr
-/Helvetica-Bold-iso ff 180.00 scf sf
-6345 3555 m
-gs 1 -1 sc (ap_global_ctx) col0 sh gr
-/Helvetica-Bold-iso ff 180.00 scf sf
-6345 4455 m
-gs 1 -1 sc (server_rec) col0 sh gr
-/Helvetica-Bold-iso ff 180.00 scf sf
-6345 5355 m
-gs 1 -1 sc (conn_rec) col0 sh gr
-/Helvetica-Bold-iso ff 180.00 scf sf
-9720 5355 m
-gs 1 -1 sc (SSL) col0 sh gr
-/Helvetica-Bold-iso ff 180.00 scf sf
-10665 2430 m
-gs 1 -1 sc (SSLDirConfig) col0 sh gr
-/Helvetica-Bold-iso ff 180.00 scf sf
-7290 6255 m
-gs 1 -1 sc (BUFF) col0 sh gr
-/Helvetica-Bold-iso ff 180.00 scf sf
-11025 5355 m
-gs 1 -1 sc (SSL_METHOD) col0 sh gr
-% Polyline
-15.000 slw
-n 750 225 m 450 225 450 8250 300 arcto 4 {pop} repeat
- 450 8550 12300 8550 300 arcto 4 {pop} repeat
- 12600 8550 12600 525 300 arcto 4 {pop} repeat
- 12600 225 750 225 300 arcto 4 {pop} repeat
- cp gs col0 s gr
-/Helvetica-Bold-iso ff 180.00 scf sf
-11475 4455 m
-gs 1 -1 sc (SSL_CTX) col0 sh gr
-/Helvetica-Bold-iso ff 180.00 scf sf
-8010 4950 m
-gs 1 -1 sc (request_rec) col0 sh gr
-/Times-Roman-iso ff 180.00 scf sf
-10575 675 m
-gs 1 -1 sc (Ralf S. Engelschall) col0 sh gr
-/Helvetica-Bold-iso ff 300.00 scf sf
-4275 675 m
-gs 1 -1 sc (Apache+mod_ssl+OpenSSL) col0 sh gr
-/Times-Roman-iso ff 150.00 scf sf
-10575 855 m
-gs 1 -1 sc (rse@engelschall.com) col0 sh gr
-/Times-Roman-iso ff 150.00 scf sf
-10575 1035 m
-gs 1 -1 sc (www.engelschall.com) col0 sh gr
-/Times-Roman-iso ff 180.00 scf sf
-900 675 m
-gs 1 -1 sc (Version 1.3) col0 sh gr
-/Times-Roman-iso ff 180.00 scf sf
-900 855 m
-gs 1 -1 sc (12-Apr-1999) col0 sh gr
-/Helvetica-Bold-iso ff 360.00 scf sf
-3915 1080 m
-gs 1 -1 sc (Data Structure Overview) col0 sh gr
-/Helvetica-Bold-iso ff 180.00 scf sf
-9720 7110 m
-gs 1 -1 sc (BIO) col0 sh gr
-/Helvetica-Bold-iso ff 180.00 scf sf
-10710 7785 m
-gs 1 -1 sc ([Crypto]) col0 sh gr
-/Helvetica-Bold-iso ff 300.00 scf sf
-8730 3465 m
-gs 1 -1 sc (mod_ssl) col0 sh gr
-/Helvetica-Bold-iso ff 300.00 scf sf
-8145 6750 m
-gs 1 -1 sc (Apache) col0 sh gr
-/Helvetica-Bold-iso ff 300.00 scf sf
-9000 8100 m
-gs 1 -1 sc (Chaining) col0 sh gr
-/Helvetica-Bold-iso ff 300.00 scf sf
-2745 8100 m
-gs 1 -1 sc (Lifetime) col0 sh gr
-/Helvetica-Bold-iso ff 180.00 scf sf
-810 6255 m
-gs 1 -1 sc (ap_global_ctx) col0 sh gr
-/Helvetica-Bold-iso ff 180.00 scf sf
-990 5805 m
-gs 1 -1 sc (SSLModConfig) col0 sh gr
-/Helvetica-Bold-iso ff 180.00 scf sf
-4050 4455 m
-gs 1 -1 sc (SSL_CTX) col0 sh gr
-/Helvetica-Bold-iso ff 180.00 scf sf
-4455 5355 m
-gs 1 -1 sc (server_rec) col0 sh gr
-/Helvetica-Bold-iso ff 180.00 scf sf
-3870 4905 m
-gs 1 -1 sc (SSLSrvConfig) col0 sh gr
-/Helvetica-Bold-iso ff 180.00 scf sf
-1845 4005 m
-gs 1 -1 sc (BUFF) col0 sh gr
-/Helvetica-Bold-iso ff 180.00 scf sf
-2070 3555 m
-gs 1 -1 sc (conn_rec) col0 sh gr
-/Helvetica-Bold-iso ff 180.00 scf sf
-2295 3105 m
-gs 1 -1 sc (BIO) col0 sh gr
-/Helvetica-Bold-iso ff 180.00 scf sf
-2565 2655 m
-gs 1 -1 sc (SSL) col0 sh gr
-/Helvetica-Bold-iso ff 180.00 scf sf
-3915 2070 m
-gs 1 -1 sc (request_rec) col0 sh gr
-$F2psEnd
-rs
-showpage
diff --git a/rubbos/app/httpd-2.0.64/modules/ssl/config.m4 b/rubbos/app/httpd-2.0.64/modules/ssl/config.m4
deleted file mode 100644
index 8cb4b42e..00000000
--- a/rubbos/app/httpd-2.0.64/modules/ssl/config.m4
+++ /dev/null
@@ -1,54 +0,0 @@
-dnl Licensed to the Apache Software Foundation (ASF) under one or more
-dnl contributor license agreements. See the NOTICE file distributed with
-dnl this work for additional information regarding copyright ownership.
-dnl The ASF licenses this file to You under the Apache License, Version 2.0
-dnl (the "License"); you may not use this file except in compliance with
-dnl the License. You may obtain a copy of the License at
-dnl
-dnl http://www.apache.org/licenses/LICENSE-2.0
-dnl
-dnl Unless required by applicable law or agreed to in writing, software
-dnl distributed under the License is distributed on an "AS IS" BASIS,
-dnl WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-dnl See the License for the specific language governing permissions and
-dnl limitations under the License.
-
-dnl # start of module specific part
-APACHE_MODPATH_INIT(ssl)
-
-dnl # list of module object files
-ssl_objs="dnl
-mod_ssl.lo dnl
-ssl_engine_config.lo dnl
-ssl_engine_dh.lo dnl
-ssl_engine_init.lo dnl
-ssl_engine_io.lo dnl
-ssl_engine_kernel.lo dnl
-ssl_engine_log.lo dnl
-ssl_engine_mutex.lo dnl
-ssl_engine_pphrase.lo dnl
-ssl_engine_rand.lo dnl
-ssl_engine_vars.lo dnl
-ssl_expr.lo dnl
-ssl_expr_eval.lo dnl
-ssl_expr_parse.lo dnl
-ssl_expr_scan.lo dnl
-ssl_scache.lo dnl
-ssl_scache_dbm.lo dnl
-ssl_scache_shmcb.lo dnl
-ssl_scache_shmht.lo dnl
-ssl_util.lo dnl
-ssl_util_ssl.lo dnl
-ssl_util_table.lo dnl
-"
-dnl # hook module into the Autoconf mechanism (--enable-ssl option)
-APACHE_MODULE(ssl, [SSL/TLS support (mod_ssl)], $ssl_objs, , no, [
- APACHE_CHECK_SSL_TOOLKIT
- APR_SETVAR(MOD_SSL_LDADD, [\$(SSL_LIBS)])
- AC_CHECK_FUNCS(SSL_set_state)
- AC_CHECK_FUNCS(SSL_set_cert_store)
-])
-
-dnl # end of module specific part
-APACHE_MODPATH_FINISH
-
diff --git a/rubbos/app/httpd-2.0.64/modules/ssl/mod_ssl.c b/rubbos/app/httpd-2.0.64/modules/ssl/mod_ssl.c
deleted file mode 100644
index dd22ec9a..00000000
--- a/rubbos/app/httpd-2.0.64/modules/ssl/mod_ssl.c
+++ /dev/null
@@ -1,428 +0,0 @@
-/* Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-/* _ _
- * _ __ ___ ___ __| | ___ ___| | mod_ssl
- * | '_ ` _ \ / _ \ / _` | / __/ __| | Apache Interface to OpenSSL
- * | | | | | | (_) | (_| | \__ \__ \ |
- * |_| |_| |_|\___/ \__,_|___|___/___/_|
- * |_____|
- * mod_ssl.c
- * Apache API interface structures
- */
-
-#include "mod_ssl.h"
-#include "util_md5.h"
-#include <assert.h>
-
-/*
- * the table of configuration directives we provide
- */
-
-#define SSL_CMD_ALL(name, args, desc) \
- AP_INIT_##args("SSL"#name, ssl_cmd_SSL##name, \
- NULL, RSRC_CONF|OR_AUTHCFG, desc),
-
-#define SSL_CMD_SRV(name, args, desc) \
- AP_INIT_##args("SSL"#name, ssl_cmd_SSL##name, \
- NULL, RSRC_CONF, desc),
-
-#define SSL_CMD_DIR(name, type, args, desc) \
- AP_INIT_##args("SSL"#name, ssl_cmd_SSL##name, \
- NULL, OR_##type, desc),
-
-#define AP_END_CMD { NULL }
-
-const char ssl_valid_ssl_mutex_string[] =
- "Valid SSLMutex mechanisms are: `none', `default'"
-#if APR_HAS_FLOCK_SERIALIZE
- ", `flock:/path/to/file'"
-#endif
-#if APR_HAS_FCNTL_SERIALIZE
- ", `fcntl:/path/to/file'"
-#endif
-#if APR_HAS_SYSVSEM_SERIALIZE && !defined(PERCHILD_MPM)
- ", `sysvsem'"
-#endif
-#if APR_HAS_POSIXSEM_SERIALIZE
- ", `posixsem'"
-#endif
-#if APR_HAS_PROC_PTHREAD_SERIALIZE
- ", `pthread'"
-#endif
-#if APR_HAS_FLOCK_SERIALIZE || APR_HAS_FCNTL_SERIALIZE
- ", `file:/path/to/file'"
-#endif
-#if (APR_HAS_SYSVSEM_SERIALIZE && !defined(PERCHILD_MPM)) || APR_HAS_POSIXSEM_SERIALIZE
- ", `sem'"
-#endif
- " ";
-
-static const command_rec ssl_config_cmds[] = {
- /*
- * Global (main-server) context configuration directives
- */
- SSL_CMD_SRV(Mutex, TAKE1, ssl_valid_ssl_mutex_string)
- SSL_CMD_SRV(PassPhraseDialog, TAKE1,
- "SSL dialog mechanism for the pass phrase query "
- "(`builtin', `|/path/to/pipe_program`, "
- "or `exec:/path/to/cgi_program')")
- SSL_CMD_SRV(SessionCache, TAKE1,
- "SSL Session Cache storage "
- "(`none', `dbm:/path/to/file')")
-#ifdef SSL_EXPERIMENTAL_ENGINE
- SSL_CMD_SRV(CryptoDevice, TAKE1,
- "SSL external Crypto Device usage "
- "(`builtin', `...')")
-#endif
- SSL_CMD_SRV(RandomSeed, TAKE23,
- "SSL Pseudo Random Number Generator (PRNG) seeding source "
- "(`startup|connect builtin|file:/path|exec:/path [bytes]')")
-
- /*
- * Per-server context configuration directives
- */
- SSL_CMD_SRV(Engine, FLAG,
- "SSL switch for the protocol engine "
- "(`on', `off')")
- SSL_CMD_ALL(CipherSuite, TAKE1,
- "Colon-delimited list of permitted SSL Ciphers "
- "(`XXX:...:XXX' - see manual)")
- SSL_CMD_SRV(CertificateFile, TAKE1,
- "SSL Server Certificate file "
- "(`/path/to/file' - PEM or DER encoded)")
- SSL_CMD_SRV(CertificateKeyFile, TAKE1,
- "SSL Server Private Key file "
- "(`/path/to/file' - PEM or DER encoded)")
- SSL_CMD_SRV(CertificateChainFile, TAKE1,
- "SSL Server CA Certificate Chain file "
- "(`/path/to/file' - PEM encoded)")
- SSL_CMD_ALL(CACertificatePath, TAKE1,
- "SSL CA Certificate path "
- "(`/path/to/dir' - contains PEM encoded files)")
- SSL_CMD_ALL(CACertificateFile, TAKE1,
- "SSL CA Certificate file "
- "(`/path/to/file' - PEM encoded)")
- SSL_CMD_SRV(CARevocationPath, TAKE1,
- "SSL CA Certificate Revocation List (CRL) path "
- "(`/path/to/dir' - contains PEM encoded files)")
- SSL_CMD_SRV(CARevocationFile, TAKE1,
- "SSL CA Certificate Revocation List (CRL) file "
- "(`/path/to/file' - PEM encoded)")
- SSL_CMD_ALL(VerifyClient, TAKE1,
- "SSL Client verify type "
- "(`none', `optional', `require', `optional_no_ca')")
- SSL_CMD_ALL(VerifyDepth, TAKE1,
- "SSL Client verify depth "
- "(`N' - number of intermediate certificates)")
- SSL_CMD_SRV(SessionCacheTimeout, TAKE1,
- "SSL Session Cache object lifetime "
- "(`N' - number of seconds)")
- SSL_CMD_SRV(Protocol, RAW_ARGS,
- "Enable or disable various SSL protocols"
- "(`[+-][SSLv2|SSLv3|TLSv1] ...' - see manual)")
- SSL_CMD_ALL(UserName, TAKE1,
- "Set user name to SSL variable value")
- SSL_CMD_SRV(InsecureRenegotiation, FLAG,
- "Enable support for insecure renegotiation")
-
- /*
- * Proxy configuration for remote SSL connections
- */
- SSL_CMD_SRV(ProxyEngine, FLAG,
- "SSL switch for the proxy protocol engine "
- "(`on', `off')")
- SSL_CMD_SRV(ProxyProtocol, RAW_ARGS,
- "SSL Proxy: enable or disable SSL protocol flavors "
- "(`[+-][SSLv2|SSLv3|TLSv1] ...' - see manual)")
- SSL_CMD_SRV(ProxyCipherSuite, TAKE1,
- "SSL Proxy: colon-delimited list of permitted SSL ciphers "
- "(`XXX:...:XXX' - see manual)")
- SSL_CMD_SRV(ProxyVerify, TAKE1,
- "SSL Proxy: whether to verify the remote certificate "
- "(`on' or `off')")
- SSL_CMD_SRV(ProxyVerifyDepth, TAKE1,
- "SSL Proxy: maximum certificate verification depth "
- "(`N' - number of intermediate certificates)")
- SSL_CMD_SRV(ProxyCACertificateFile, TAKE1,
- "SSL Proxy: file containing server certificates "
- "(`/path/to/file' - PEM encoded certificates)")
- SSL_CMD_SRV(ProxyCACertificatePath, TAKE1,
- "SSL Proxy: directory containing server certificates "
- "(`/path/to/dir' - contains PEM encoded certificates)")
- SSL_CMD_SRV(ProxyCARevocationPath, TAKE1,
- "SSL Proxy: CA Certificate Revocation List (CRL) path "
- "(`/path/to/dir' - contains PEM encoded files)")
- SSL_CMD_SRV(ProxyCARevocationFile, TAKE1,
- "SSL Proxy: CA Certificate Revocation List (CRL) file "
- "(`/path/to/file' - PEM encoded)")
- SSL_CMD_SRV(ProxyMachineCertificateFile, TAKE1,
- "SSL Proxy: file containing client certificates "
- "(`/path/to/file' - PEM encoded certificates)")
- SSL_CMD_SRV(ProxyMachineCertificatePath, TAKE1,
- "SSL Proxy: directory containing client certificates "
- "(`/path/to/dir' - contains PEM encoded certificates)")
-
- /*
- * Per-directory context configuration directives
- */
- SSL_CMD_DIR(Options, OPTIONS, RAW_ARGS,
- "Set one or more options to configure the SSL engine"
- "(`[+-]option[=value] ...' - see manual)")
- SSL_CMD_DIR(RequireSSL, AUTHCFG, NO_ARGS,
- "Require the SSL protocol for the per-directory context "
- "(no arguments)")
- SSL_CMD_DIR(Require, AUTHCFG, RAW_ARGS,
- "Require a boolean expression to evaluate to true for granting access"
- "(arbitrary complex boolean expression - see manual)")
-
- /* Deprecated directives. */
- AP_INIT_RAW_ARGS("SSLLog", ap_set_deprecated, NULL, OR_ALL,
- "SSLLog directive is no longer supported - use ErrorLog."),
- AP_INIT_RAW_ARGS("SSLLogLevel", ap_set_deprecated, NULL, OR_ALL,
- "SSLLogLevel directive is no longer supported - use LogLevel."),
-
- AP_END_CMD
-};
-
-/*
- * the various processing hooks
- */
-
-static int ssl_hook_pre_config(apr_pool_t *pconf,
- apr_pool_t *plog,
- apr_pool_t *ptemp)
-{
- /* Preregister the malloc callbacks so cmds can make library calls */
- CRYPTO_malloc_init();
-
- /* Register us to handle mod_log_config %c/%x variables */
- ssl_var_log_config_register(pconf);
-#if 0 /* XXX */
- /* XXX: Register us to handle mod_status extensions that don't exist yet */
- ssl_scache_status_register(pconf);
-#endif /* -0- */
-
- return OK;
-}
-
-static SSLConnRec *ssl_init_connection_ctx(conn_rec *c)
-{
- SSLConnRec *sslconn = myConnConfig(c);
-
- if (sslconn) {
- return sslconn;
- }
-
- sslconn = apr_pcalloc(c->pool, sizeof(*sslconn));
-
- myConnConfigSet(c, sslconn);
-
- return sslconn;
-}
-
-int ssl_proxy_enable(conn_rec *c)
-{
- SSLSrvConfigRec *sc = mySrvConfig(c->base_server);
-
- SSLConnRec *sslconn = ssl_init_connection_ctx(c);
-
- if (!sc->proxy_enabled) {
- ap_log_error(APLOG_MARK, APLOG_ERR, 0, c->base_server,
- "SSL Proxy requested for %s but not enabled "
- "[Hint: SSLProxyEngine]", sc->vhost_id);
-
- return 0;
- }
-
- sslconn->is_proxy = 1;
- sslconn->disabled = 0;
-
- return 1;
-}
-
-int ssl_engine_disable(conn_rec *c)
-{
- SSLSrvConfigRec *sc = mySrvConfig(c->base_server);
-
- SSLConnRec *sslconn;
-
- if (!sc->enabled) {
- return 0;
- }
-
- sslconn = ssl_init_connection_ctx(c);
-
- sslconn->disabled = 1;
-
- return 1;
-}
-
-static int ssl_hook_pre_connection(conn_rec *c, void *csd)
-{
- SSLSrvConfigRec *sc = mySrvConfig(c->base_server);
- SSL *ssl;
- SSLConnRec *sslconn = myConnConfig(c);
- char *vhost_md5;
- modssl_ctx_t *mctx;
-
- /*
- * Immediately stop processing if SSL is disabled for this connection
- */
- if (!(sc && (sc->enabled ||
- (sslconn && sslconn->is_proxy))))
- {
- return DECLINED;
- }
-
- /*
- * Create SSL context
- */
- if (!sslconn) {
- sslconn = ssl_init_connection_ctx(c);
- }
-
- if (sslconn->disabled) {
- return DECLINED;
- }
-
- /*
- * Remember the connection information for
- * later access inside callback functions
- */
-
- ap_log_error(APLOG_MARK, APLOG_INFO, 0, c->base_server,
- "Connection to child %ld established "
- "(server %s, client %s)", c->id, sc->vhost_id,
- c->remote_ip ? c->remote_ip : "unknown");
-
- /*
- * Seed the Pseudo Random Number Generator (PRNG)
- */
- ssl_rand_seed(c->base_server, c->pool, SSL_RSCTX_CONNECT, "");
-
- mctx = sslconn->is_proxy ? sc->proxy : sc->server;
-
- /*
- * Create a new SSL connection with the configured server SSL context and
- * attach this to the socket. Additionally we register this attachment
- * so we can detach later.
- */
- if (!(ssl = SSL_new(mctx->ssl_ctx))) {
- ap_log_error(APLOG_MARK, APLOG_ERR, 0, c->base_server,
- "Unable to create a new SSL connection from the SSL "
- "context");
- ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, c->base_server);
-
- c->aborted = 1;
-
- return DECLINED; /* XXX */
- }
-
- vhost_md5 = ap_md5_binary(c->pool, (unsigned char *)sc->vhost_id,
- sc->vhost_id_len);
-
- if (!SSL_set_session_id_context(ssl, (unsigned char *)vhost_md5,
- MD5_DIGESTSIZE*2))
- {
- ap_log_error(APLOG_MARK, APLOG_ERR, 0, c->base_server,
- "Unable to set session id context to `%s'", vhost_md5);
- ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, c->base_server);
-
- c->aborted = 1;
-
- return DECLINED; /* XXX */
- }
-
- SSL_set_app_data(ssl, c);
- SSL_set_app_data2(ssl, NULL); /* will be request_rec */
-
- sslconn->ssl = ssl;
-
- /*
- * Configure callbacks for SSL connection
- */
- SSL_set_tmp_rsa_callback(ssl, ssl_callback_TmpRSA);
- SSL_set_tmp_dh_callback(ssl, ssl_callback_TmpDH);
-
- SSL_set_verify_result(ssl, X509_V_OK);
-
- ssl_io_filter_init(c, ssl);
-
- return APR_SUCCESS;
-}
-
-static const char *ssl_hook_http_method(const request_rec *r)
-{
- SSLSrvConfigRec *sc = mySrvConfig(r->server);
-
- if (sc->enabled == FALSE) {
- return NULL;
- }
-
- return "https";
-}
-
-static apr_port_t ssl_hook_default_port(const request_rec *r)
-{
- SSLSrvConfigRec *sc = mySrvConfig(r->server);
-
- if (sc->enabled == FALSE) {
- return 0;
- }
-
- return 443;
-}
-
-/*
- * the module registration phase
- */
-
-static void ssl_register_hooks(apr_pool_t *p)
-{
- /* ssl_hook_ReadReq needs to use the BrowserMatch settings so must
- * run after mod_setenvif's post_read_request hook. */
- static const char *pre_prr[] = { "mod_setenvif.c", NULL };
-
- ssl_io_filter_register(p);
-
- ap_hook_pre_connection(ssl_hook_pre_connection,NULL,NULL, APR_HOOK_MIDDLE);
- ap_hook_post_config (ssl_init_Module, NULL,NULL, APR_HOOK_MIDDLE);
- ap_hook_http_method (ssl_hook_http_method, NULL,NULL, APR_HOOK_MIDDLE);
- ap_hook_default_port (ssl_hook_default_port, NULL,NULL, APR_HOOK_MIDDLE);
- ap_hook_pre_config (ssl_hook_pre_config, NULL,NULL, APR_HOOK_MIDDLE);
- ap_hook_child_init (ssl_init_Child, NULL,NULL, APR_HOOK_MIDDLE);
- ap_hook_check_user_id (ssl_hook_UserCheck, NULL,NULL, APR_HOOK_FIRST);
- ap_hook_fixups (ssl_hook_Fixup, NULL,NULL, APR_HOOK_MIDDLE);
- ap_hook_access_checker(ssl_hook_Access, NULL,NULL, APR_HOOK_MIDDLE);
- ap_hook_auth_checker (ssl_hook_Auth, NULL,NULL, APR_HOOK_MIDDLE);
- ap_hook_post_read_request(ssl_hook_ReadReq, pre_prr,NULL, APR_HOOK_MIDDLE);
-
- ssl_var_register();
-
- APR_REGISTER_OPTIONAL_FN(ssl_proxy_enable);
- APR_REGISTER_OPTIONAL_FN(ssl_engine_disable);
-}
-
-module AP_MODULE_DECLARE_DATA ssl_module = {
- STANDARD20_MODULE_STUFF,
- ssl_config_perdir_create, /* create per-dir config structures */
- ssl_config_perdir_merge, /* merge per-dir config structures */
- ssl_config_server_create, /* create per-server config structures */
- ssl_config_server_merge, /* merge per-server config structures */
- ssl_config_cmds, /* table of configuration directives */
- ssl_register_hooks /* register hooks */
-};
diff --git a/rubbos/app/httpd-2.0.64/modules/ssl/mod_ssl.dsp b/rubbos/app/httpd-2.0.64/modules/ssl/mod_ssl.dsp
deleted file mode 100644
index cf3df14e..00000000
--- a/rubbos/app/httpd-2.0.64/modules/ssl/mod_ssl.dsp
+++ /dev/null
@@ -1,328 +0,0 @@
-# Microsoft Developer Studio Project File - Name="mod_ssl" - Package Owner=<4>
-# Microsoft Developer Studio Generated Build File, Format Version 6.00
-# ** DO NOT EDIT **
-
-# TARGTYPE "Win32 (x86) Dynamic-Link Library" 0x0102
-
-CFG=mod_ssl - Win32 Release
-!MESSAGE This is not a valid makefile. To build this project using NMAKE,
-!MESSAGE use the Export Makefile command and run
-!MESSAGE
-!MESSAGE NMAKE /f "mod_ssl.mak".
-!MESSAGE
-!MESSAGE You can specify a configuration when running NMAKE
-!MESSAGE by defining the macro CFG on the command line. For example:
-!MESSAGE
-!MESSAGE NMAKE /f "mod_ssl.mak" CFG="mod_ssl - Win32 Release"
-!MESSAGE
-!MESSAGE Possible choices for configuration are:
-!MESSAGE
-!MESSAGE "mod_ssl - Win32 Release" (based on "Win32 (x86) Dynamic-Link Library")
-!MESSAGE "mod_ssl - Win32 Debug" (based on "Win32 (x86) Dynamic-Link Library")
-!MESSAGE
-
-# Begin Project
-# PROP AllowPerConfigDependencies 0
-# PROP Scc_ProjName ""
-# PROP Scc_LocalPath ""
-CPP=cl.exe
-MTL=midl.exe
-RSC=rc.exe
-
-!IF "$(CFG)" == "mod_ssl - Win32 Release"
-
-# PROP BASE Use_MFC 0
-# PROP BASE Use_Debug_Libraries 0
-# PROP BASE Output_Dir "Release"
-# PROP BASE Intermediate_Dir "Release"
-# PROP BASE Target_Dir ""
-# PROP Use_MFC 0
-# PROP Use_Debug_Libraries 0
-# PROP Output_Dir "Release"
-# PROP Intermediate_Dir "Release"
-# PROP Ignore_Export_Lib 0
-# PROP Target_Dir ""
-# ADD BASE CPP /nologo /MD /W3 /O2 /D "WIN32" /D "NDEBUG" /D "_WINDOWS" /FD /c
-# ADD CPP /nologo /MD /W3 /Zi /O2 /I "../../include" /I "../../srclib/apr/include" /I "../../srclib/apr-util/include" /I "../../srclib/openssl/inc32/openssl" /I "../../srclib/openssl/inc32" /D "NDEBUG" /D "WIN32" /D "_WINDOWS" /D "WIN32_LEAN_AND_MEAN" /D "NO_IDEA" /D "NO_RC5" /D "NO_MDC2" /D "OPENSSL_NO_IDEA" /D "OPENSSL_NO_RC5" /D "OPENSSL_NO_MDC2" /D "HAVE_SSL_SET_STATE=1" /Fd"Release\mod_ssl_src" /FD /c
-# ADD BASE MTL /nologo /D "NDEBUG" /win32
-# ADD MTL /nologo /D "NDEBUG" /mktyplib203 /win32
-# ADD BASE RSC /l 0x409 /d "NDEBUG"
-# ADD RSC /l 0x409 /d "NDEBUG"
-BSC32=bscmake.exe
-# ADD BASE BSC32 /nologo
-# ADD BSC32 /nologo
-LINK32=link.exe
-# ADD BASE LINK32 kernel32.lib /nologo /subsystem:windows /dll /out:"Release/mod_ssl.so" /base:@..\..\os\win32\BaseAddr.ref,mod_ssl.so
-# ADD LINK32 kernel32.lib user32.lib wsock32.lib ws2_32.lib advapi32.lib gdi32.lib ssleay32.lib libeay32.lib /nologo /subsystem:windows /dll /incremental:no /debug /out:"Release/mod_ssl.so" /libpath:"../../srclib/openssl/out32dll" /libpath:"../../srclib/openssl/out32" /base:@..\..\os\win32\BaseAddr.ref,mod_ssl.so /opt:ref
-
-!ELSEIF "$(CFG)" == "mod_ssl - Win32 Debug"
-
-# PROP BASE Use_MFC 0
-# PROP BASE Use_Debug_Libraries 1
-# PROP BASE Output_Dir "Debug"
-# PROP BASE Intermediate_Dir "Debug"
-# PROP BASE Target_Dir ""
-# PROP Use_MFC 0
-# PROP Use_Debug_Libraries 1
-# PROP Output_Dir "Debug"
-# PROP Intermediate_Dir "Debug"
-# PROP Ignore_Export_Lib 0
-# PROP Target_Dir ""
-# ADD BASE CPP /nologo /MDd /W3 /EHsc /Zi /Od /D "WIN32" /D "_DEBUG" /D "_WINDOWS" /FD /c
-# ADD CPP /nologo /MDd /W3 /EHsc /Zi /Od /I "../../include" /I "../../srclib/apr/include" /I "../../srclib/apr-util/include" /I "../../srclib/openssl/inc32/openssl" /I "../../srclib/openssl/inc32" /D "_DEBUG" /D "WIN32" /D "_WINDOWS" /D "WIN32_LEAN_AND_MEAN" /D "NO_IDEA" /D "NO_RC5" /D "NO_MDC2" /D "OPENSSL_NO_IDEA" /D "OPENSSL_NO_RC5" /D "OPENSSL_NO_MDC2" /D "HAVE_SSL_SET_STATE=1" /Fd"Debug\mod_ssl_src" /FD /c
-# ADD BASE MTL /nologo /D "_DEBUG" /win32
-# ADD MTL /nologo /D "_DEBUG" /mktyplib203 /win32
-# ADD BASE RSC /l 0x409 /d "_DEBUG"
-# ADD RSC /l 0x409 /d "_DEBUG"
-BSC32=bscmake.exe
-# ADD BASE BSC32 /nologo
-# ADD BSC32 /nologo
-LINK32=link.exe
-# ADD BASE LINK32 kernel32.lib /nologo /subsystem:windows /dll /incremental:no /debug /out:"Debug/mod_ssl.so" /base:@..\..\os\win32\BaseAddr.ref,mod_ssl.so
-# ADD LINK32 kernel32.lib user32.lib wsock32.lib ws2_32.lib advapi32.lib gdi32.lib ssleay32.lib libeay32.lib /nologo /subsystem:windows /dll /incremental:no /debug /out:"Debug/mod_ssl.so" /libpath:"../../srclib/openssl/out32dll.dbg" /libpath:"../../srclib/openssl/out32.dbg" /base:@..\..\os\win32\BaseAddr.ref,mod_ssl.so
-
-!ENDIF
-
-# Begin Target
-
-# Name "mod_ssl - Win32 Release"
-# Name "mod_ssl - Win32 Debug"
-# Begin Group "Source Files"
-
-# PROP Default_Filter "*.c"
-# Begin Source File
-
-SOURCE=.\mod_ssl.c
-# End Source File
-# Begin Source File
-
-SOURCE=.\ssl_engine_config.c
-# End Source File
-# Begin Source File
-
-SOURCE=.\ssl_engine_dh.c
-# End Source File
-# Begin Source File
-
-SOURCE=.\ssl_engine_init.c
-# End Source File
-# Begin Source File
-
-SOURCE=.\ssl_engine_io.c
-# End Source File
-# Begin Source File
-
-SOURCE=.\ssl_engine_kernel.c
-# End Source File
-# Begin Source File
-
-SOURCE=.\ssl_engine_log.c
-# End Source File
-# Begin Source File
-
-SOURCE=.\ssl_engine_mutex.c
-# End Source File
-# Begin Source File
-
-SOURCE=.\ssl_engine_pphrase.c
-# End Source File
-# Begin Source File
-
-SOURCE=.\ssl_engine_rand.c
-# End Source File
-# Begin Source File
-
-SOURCE=.\ssl_engine_vars.c
-# End Source File
-# Begin Source File
-
-SOURCE=.\ssl_expr.c
-# End Source File
-# Begin Source File
-
-SOURCE=.\ssl_expr_eval.c
-# End Source File
-# Begin Source File
-
-SOURCE=.\ssl_expr_parse.c
-# End Source File
-# Begin Source File
-
-SOURCE=.\ssl_expr_scan.c
-# End Source File
-# Begin Source File
-
-SOURCE=.\ssl_scache.c
-# End Source File
-# Begin Source File
-
-SOURCE=.\ssl_scache_dbm.c
-# End Source File
-# Begin Source File
-
-SOURCE=.\ssl_scache_shmcb.c
-# End Source File
-# Begin Source File
-
-SOURCE=.\ssl_scache_shmht.c
-# End Source File
-# Begin Source File
-
-SOURCE=.\ssl_util.c
-# End Source File
-# Begin Source File
-
-SOURCE=.\ssl_util_ssl.c
-# End Source File
-# Begin Source File
-
-SOURCE=.\ssl_util_table.c
-# End Source File
-# End Group
-# Begin Group "Header Files"
-
-# PROP Default_Filter "*.h"
-# Begin Source File
-
-SOURCE=.\mod_ssl.h
-# End Source File
-# Begin Source File
-
-SOURCE=.\ssl_expr.h
-# End Source File
-# Begin Source File
-
-SOURCE=.\ssl_expr_parse.h
-# End Source File
-# Begin Source File
-
-SOURCE=.\ssl_toolkit_compat.h
-# End Source File
-# Begin Source File
-
-SOURCE=.\ssl_util_ssl.h
-# End Source File
-# Begin Source File
-
-SOURCE=.\ssl_util_table.h
-# End Source File
-# End Group
-# Begin Group "Generated Files"
-
-# PROP Default_Filter ""
-# Begin Source File
-
-SOURCE=.\ssl_expr_parse.y
-
-!IF "$(CFG)" == "mod_ssl - Win32 Release"
-
-# Begin Custom Build - Generating ssl_expr_parse.c/.h from ssl_expr_parse.y
-InputPath=.\ssl_expr_parse.y
-
-BuildCmds= \
- bison -y -d ssl_expr_parse.y \
- sed -e "s;yy;ssl_expr_yy;g" -e "/#if defined(c_plusplus) || defined(__cplusplus)/,/#endif/d" <y.tab.c >ssl_expr_parse.c \
- del y.tab.c \
- sed -e "s;yy;ssl_expr_yy;g" <y.tab.h >ssl_expr_parse.h \
- del y.tab.h \
-
-
-"ssl_expr_parse.c" : $(SOURCE) "$(INTDIR)" "$(OUTDIR)"
- $(BuildCmds)
-
-"ssl_expr_parse.h" : $(SOURCE) "$(INTDIR)" "$(OUTDIR)"
- $(BuildCmds)
-# End Custom Build
-
-!ELSEIF "$(CFG)" == "mod_ssl - Win32 Debug"
-
-# Begin Custom Build - Generating ssl_expr_parse.c/.h from ssl_expr_parse.y
-InputPath=.\ssl_expr_parse.y
-
-BuildCmds= \
- bison -y -d ssl_expr_parse.y \
- sed -e "s;yy;ssl_expr_yy;g" -e "/#if defined(c_plusplus) || defined(__cplusplus)/,/#endif/d" <y.tab.c >ssl_expr_parse.c \
- del y.tab.c \
- sed -e "s;yy;ssl_expr_yy;g" <y.tab.h >ssl_expr_parse.h \
- del y.tab.h \
-
-
-"ssl_expr_parse.c" : $(SOURCE) "$(INTDIR)" "$(OUTDIR)"
- $(BuildCmds)
-
-"ssl_expr_parse.h" : $(SOURCE) "$(INTDIR)" "$(OUTDIR)"
- $(BuildCmds)
-# End Custom Build
-
-!ENDIF
-
-# End Source File
-# Begin Source File
-
-SOURCE=.\ssl_expr_scan.l
-
-!IF "$(CFG)" == "mod_ssl - Win32 Release"
-
-# PROP Ignore_Default_Tool 1
-# Begin Custom Build - Generating ssl_expr_scan.c from ssl_expr_scan.l
-InputPath=.\ssl_expr_scan.l
-
-"ssl_expr_scan.c" : $(SOURCE) "$(INTDIR)" "$(OUTDIR)"
- flex -Pssl_expr_yy -s -B ssl_expr_scan.l
- sed -e "/$$Header:/d" <lex.ssl_expr_yy.c >ssl_expr_scan.c
- del lex.ssl_expr_yy.c
-
-# End Custom Build
-
-!ELSEIF "$(CFG)" == "mod_ssl - Win32 Debug"
-
-# PROP Ignore_Default_Tool 1
-# Begin Custom Build - Generating ssl_expr_scan.c from ssl_expr_scan.l
-InputPath=.\ssl_expr_scan.l
-
-"ssl_expr_scan.c" : $(SOURCE) "$(INTDIR)" "$(OUTDIR)"
- flex -Pssl_expr_yy -s -B ssl_expr_scan.l
- sed -e "/$$Header:/d" <lex.ssl_expr_yy.c >ssl_expr_scan.c
- del lex.ssl_expr_yy.c
-
-# End Custom Build
-
-!ENDIF
-
-# End Source File
-# End Group
-# Begin Source File
-
-SOURCE=.\mod_ssl.rc
-# End Source File
-# Begin Source File
-
-SOURCE=..\..\build\win32\win32ver.awk
-
-!IF "$(CFG)" == "mod_ssl - Win32 Release"
-
-# PROP Ignore_Default_Tool 1
-# Begin Custom Build - Creating Version Resource
-InputPath=..\..\build\win32\win32ver.awk
-
-".\mod_ssl.rc" : $(SOURCE) "$(INTDIR)" "$(OUTDIR)"
- awk -f ../../build/win32/win32ver.awk mod_ssl.so "ssl_module for Apache" ../../include/ap_release.h > .\mod_ssl.rc
-
-# End Custom Build
-
-!ELSEIF "$(CFG)" == "mod_ssl - Win32 Debug"
-
-# PROP Ignore_Default_Tool 1
-# Begin Custom Build - Creating Version Resource
-InputPath=..\..\build\win32\win32ver.awk
-
-".\mod_ssl.rc" : $(SOURCE) "$(INTDIR)" "$(OUTDIR)"
- awk -f ../../build/win32/win32ver.awk mod_ssl.so "ssl_module for Apache" ../../include/ap_release.h > .\mod_ssl.rc
-
-# End Custom Build
-
-!ENDIF
-
-# End Source File
-# End Target
-# End Project
diff --git a/rubbos/app/httpd-2.0.64/modules/ssl/mod_ssl.h b/rubbos/app/httpd-2.0.64/modules/ssl/mod_ssl.h
deleted file mode 100644
index 6f69c26f..00000000
--- a/rubbos/app/httpd-2.0.64/modules/ssl/mod_ssl.h
+++ /dev/null
@@ -1,724 +0,0 @@
-/* Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-/* _ _
- * _ __ ___ ___ __| | ___ ___| | mod_ssl
- * | '_ ` _ \ / _ \ / _` | / __/ __| | Apache Interface to OpenSSL
- * | | | | | | (_) | (_| | \__ \__ \ |
- * |_| |_| |_|\___/ \__,_|___|___/___/_|
- * |_____|
- * mod_ssl.h
- * Global header
- */
- /* ``The Apache Group: a collection
- of talented individuals who are
- trying to perfect the art of
- never finishing something.''
- -- Rob Hartill */
-#ifndef __MOD_SSL_H__
-#define __MOD_SSL_H__
-
-/*
- * Optionally enable the experimental stuff, but allow the user to
- * override the decision which experimental parts are included by using
- * CFLAGS="-DSSL_EXPERIMENTAL_xxxx_IGNORE".
- */
-#ifdef SSL_EXPERIMENTAL
-#ifdef SSL_ENGINE
-#ifndef SSL_EXPERIMENTAL_ENGINE_IGNORE
-#define SSL_EXPERIMENTAL_ENGINE
-#endif
-#endif
-#endif /* SSL_EXPERIMENTAL */
-
-/*
- * Power up our brain...
- */
-
-/* Apache headers */
-#include "httpd.h"
-#include "http_config.h"
-#include "http_core.h"
-#include "http_log.h"
-#include "http_main.h"
-#include "http_connection.h"
-#include "http_request.h"
-#include "http_protocol.h"
-#include "util_script.h"
-#include "util_filter.h"
-#include "mpm.h"
-#include "apr.h"
-#include "apr_strings.h"
-#define APR_WANT_STRFUNC
-#include "apr_want.h"
-#include "apr_tables.h"
-#include "apr_lib.h"
-#include "apr_fnmatch.h"
-#include "apr_strings.h"
-#include "apr_dbm.h"
-#include "apr_rmm.h"
-#include "apr_shm.h"
-#include "apr_global_mutex.h"
-#include "apr_optional.h"
-
-#define MOD_SSL_VERSION AP_SERVER_BASEREVISION
-
-#ifdef HAVE_SSLC
-
-#include <bio.h>
-#include <ssl.h>
-#include <err.h>
-#include <x509.h>
-#include <pem.h>
-#include <evp.h>
-#include <objects.h>
-#include <sslc.h>
-
-#else /* !HAVE_SSLC (implicit HAVE_OPENSSL) */
-
-#include <ssl.h>
-#include <err.h>
-#include <x509.h>
-#include <pem.h>
-#include <crypto.h>
-#include <evp.h>
-#include <rand.h>
-#ifdef SSL_EXPERIMENTAL_ENGINE
-#include <engine.h>
-#endif
-#ifdef HAVE_SSL_X509V3_H
-#include <x509v3.h>
-#endif
-
-#endif /* !HAVE_SSLC (implicit HAVE_OPENSSL) */
-
-
-/* mod_ssl headers */
-#include "ssl_toolkit_compat.h"
-#include "ssl_expr.h"
-#include "ssl_util_ssl.h"
-#include "ssl_util_table.h"
-
-/* The #ifdef macros are only defined AFTER including the above
- * therefore we cannot include these system files at the top :-(
- */
-#if APR_HAVE_SYS_TIME_H
-#include <sys/time.h>
-#endif
-#if APR_HAVE_UNISTD_H
-#include <unistd.h> /* needed for STDIN_FILENO et.al., at least on FreeBSD */
-#endif
-
-/*
- * Provide reasonable default for some defines
- */
-#ifndef FALSE
-#define FALSE (0)
-#endif
-#ifndef TRUE
-#define TRUE (!FALSE)
-#endif
-#ifndef PFALSE
-#define PFALSE ((void *)FALSE)
-#endif
-#ifndef PTRUE
-#define PTRUE ((void *)TRUE)
-#endif
-#ifndef UNSET
-#define UNSET (-1)
-#endif
-#ifndef NUL
-#define NUL '\0'
-#endif
-#ifndef RAND_MAX
-#include <limits.h>
-#define RAND_MAX INT_MAX
-#endif
-
-/*
- * Provide reasonable defines for some types
- */
-#ifndef BOOL
-#define BOOL unsigned int
-#endif
-#ifndef UCHAR
-#define UCHAR unsigned char
-#endif
-
-/*
- * Provide useful shorthands
- */
-#define strEQ(s1,s2) (strcmp(s1,s2) == 0)
-#define strNE(s1,s2) (strcmp(s1,s2) != 0)
-#define strEQn(s1,s2,n) (strncmp(s1,s2,n) == 0)
-#define strNEn(s1,s2,n) (strncmp(s1,s2,n) != 0)
-
-#define strcEQ(s1,s2) (strcasecmp(s1,s2) == 0)
-#define strcNE(s1,s2) (strcasecmp(s1,s2) != 0)
-#define strcEQn(s1,s2,n) (strncasecmp(s1,s2,n) == 0)
-#define strcNEn(s1,s2,n) (strncasecmp(s1,s2,n) != 0)
-
-#define strIsEmpty(s) (s == NULL || s[0] == NUL)
-
-#define myConnConfig(c) \
-(SSLConnRec *)ap_get_module_config(c->conn_config, &ssl_module)
-#define myCtxConfig(sslconn, sc) (sslconn->is_proxy ? sc->proxy : sc->server)
-#define myConnConfigSet(c, val) \
-ap_set_module_config(c->conn_config, &ssl_module, val)
-#define mySrvConfig(srv) (SSLSrvConfigRec *)ap_get_module_config(srv->module_config, &ssl_module)
-#define myDirConfig(req) (SSLDirConfigRec *)ap_get_module_config(req->per_dir_config, &ssl_module)
-#define myModConfig(srv) (mySrvConfig((srv)))->mc
-
-#define myCtxVarSet(mc,num,val) mc->rCtx.pV##num = val
-#define myCtxVarGet(mc,num,type) (type)(mc->rCtx.pV##num)
-
-/*
- * Defaults for the configuration
- */
-#ifndef SSL_SESSION_CACHE_TIMEOUT
-#define SSL_SESSION_CACHE_TIMEOUT 300
-#endif
-
-/*
- * Support for MM library
- */
-#define SSL_MM_FILE_MODE ( APR_UREAD | APR_UWRITE | APR_GREAD | APR_WREAD )
-
-/*
- * Support for DBM library
- */
-#define SSL_DBM_FILE_MODE ( APR_UREAD | APR_UWRITE | APR_GREAD | APR_WREAD )
-
-#if !defined(SSL_DBM_FILE_SUFFIX_DIR) && !defined(SSL_DBM_FILE_SUFFIX_PAG)
-#if defined(DBM_SUFFIX)
-#define SSL_DBM_FILE_SUFFIX_DIR DBM_SUFFIX
-#define SSL_DBM_FILE_SUFFIX_PAG DBM_SUFFIX
-#elif defined(__FreeBSD__) || (defined(DB_LOCK) && defined(DB_SHMEM))
-#define SSL_DBM_FILE_SUFFIX_DIR ".db"
-#define SSL_DBM_FILE_SUFFIX_PAG ".db"
-#else
-#define SSL_DBM_FILE_SUFFIX_DIR ".dir"
-#define SSL_DBM_FILE_SUFFIX_PAG ".pag"
-#endif
-#endif
-
-/*
- * Define the certificate algorithm types
- */
-
-typedef int ssl_algo_t;
-
-#define SSL_ALGO_UNKNOWN (0)
-#define SSL_ALGO_RSA (1<<0)
-#define SSL_ALGO_DSA (1<<1)
-#define SSL_ALGO_ALL (SSL_ALGO_RSA|SSL_ALGO_DSA)
-
-#define SSL_AIDX_RSA (0)
-#define SSL_AIDX_DSA (1)
-#define SSL_AIDX_MAX (2)
-
-
-/*
- * Define IDs for the temporary RSA keys and DH params
- */
-
-#define SSL_TMP_KEY_RSA_512 (0)
-#define SSL_TMP_KEY_RSA_1024 (1)
-#define SSL_TMP_KEY_DH_512 (2)
-#define SSL_TMP_KEY_DH_1024 (3)
-#define SSL_TMP_KEY_MAX (4)
-
-/*
- * Define the SSL options
- */
-#define SSL_OPT_NONE (0)
-#define SSL_OPT_RELSET (1<<0)
-#define SSL_OPT_STDENVVARS (1<<1)
-#define SSL_OPT_COMPATENVVARS (1<<2)
-#define SSL_OPT_EXPORTCERTDATA (1<<3)
-#define SSL_OPT_FAKEBASICAUTH (1<<4)
-#define SSL_OPT_STRICTREQUIRE (1<<5)
-#define SSL_OPT_OPTRENEGOTIATE (1<<6)
-#define SSL_OPT_ALL (SSL_OPT_STDENVVARS|SSL_OPT_COMPATENVVAR|SSL_OPT_EXPORTCERTDATA|SSL_OPT_FAKEBASICAUTH|SSL_OPT_STRICTREQUIRE|SSL_OPT_OPTRENEGOTIATE)
-typedef int ssl_opt_t;
-
-/*
- * Define the SSL Protocol options
- */
-#define SSL_PROTOCOL_NONE (0)
-#define SSL_PROTOCOL_SSLV2 (1<<0)
-#define SSL_PROTOCOL_SSLV3 (1<<1)
-#define SSL_PROTOCOL_TLSV1 (1<<2)
-#define SSL_PROTOCOL_ALL (SSL_PROTOCOL_SSLV2|SSL_PROTOCOL_SSLV3|SSL_PROTOCOL_TLSV1)
-typedef int ssl_proto_t;
-
-/*
- * Define the SSL verify levels
- */
-typedef enum {
- SSL_CVERIFY_UNSET = UNSET,
- SSL_CVERIFY_NONE = 0,
- SSL_CVERIFY_OPTIONAL = 1,
- SSL_CVERIFY_REQUIRE = 2,
- SSL_CVERIFY_OPTIONAL_NO_CA = 3
-} ssl_verify_t;
-
-#define SSL_VERIFY_PEER_STRICT \
- (SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT)
-
-#ifndef X509_V_ERR_CERT_UNTRUSTED
-#define X509_V_ERR_CERT_UNTRUSTED 27
-#endif
-
-#define ssl_verify_error_is_optional(errnum) \
- ((errnum == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT) \
- || (errnum == X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN) \
- || (errnum == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY) \
- || (errnum == X509_V_ERR_CERT_UNTRUSTED) \
- || (errnum == X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE))
-
-/*
- * Define the SSL pass phrase dialog types
- */
-typedef enum {
- SSL_PPTYPE_UNSET = UNSET,
- SSL_PPTYPE_BUILTIN = 0,
- SSL_PPTYPE_FILTER = 1,
- SSL_PPTYPE_PIPE = 2
-} ssl_pphrase_t;
-
-/*
- * Define the Path Checking modes
- */
-#define SSL_PCM_EXISTS 1
-#define SSL_PCM_ISREG 2
-#define SSL_PCM_ISDIR 4
-#define SSL_PCM_ISNONZERO 8
-typedef unsigned int ssl_pathcheck_t;
-
-/*
- * Define the SSL session cache modes and structures
- */
-typedef enum {
- SSL_SCMODE_UNSET = UNSET,
- SSL_SCMODE_NONE = 0,
- SSL_SCMODE_DBM = 1,
- SSL_SCMODE_SHMHT = 2,
- SSL_SCMODE_SHMCB = 3
-} ssl_scmode_t;
-
-/*
- * Define the SSL mutex modes
- */
-typedef enum {
- SSL_MUTEXMODE_UNSET = UNSET,
- SSL_MUTEXMODE_NONE = 0,
- SSL_MUTEXMODE_USED = 1
-} ssl_mutexmode_t;
-
-/*
- * Define the SSL requirement structure
- */
-typedef struct {
- char *cpExpr;
- ssl_expr *mpExpr;
-} ssl_require_t;
-
-/*
- * Define the SSL random number generator seeding source
- */
-typedef enum {
- SSL_RSCTX_STARTUP = 1,
- SSL_RSCTX_CONNECT = 2
-} ssl_rsctx_t;
-typedef enum {
- SSL_RSSRC_BUILTIN = 1,
- SSL_RSSRC_FILE = 2,
- SSL_RSSRC_EXEC = 3,
- SSL_RSSRC_EGD = 4
-} ssl_rssrc_t;
-typedef struct {
- ssl_rsctx_t nCtx;
- ssl_rssrc_t nSrc;
- char *cpPath;
- int nBytes;
-} ssl_randseed_t;
-
-/*
- * Define the structure of an ASN.1 anything
- */
-typedef struct {
- long int nData;
- unsigned char *cpData;
- apr_time_t source_mtime;
-} ssl_asn1_t;
-
-/*
- * Define the mod_ssl per-module configuration structure
- * (i.e. the global configuration for each httpd process)
- */
-
-typedef enum {
- SSL_SHUTDOWN_TYPE_UNSET,
- SSL_SHUTDOWN_TYPE_STANDARD,
- SSL_SHUTDOWN_TYPE_UNCLEAN,
- SSL_SHUTDOWN_TYPE_ACCURATE
-} ssl_shutdown_type_e;
-
-typedef struct {
- SSL *ssl;
- const char *client_dn;
- X509 *client_cert;
- ssl_shutdown_type_e shutdown_type;
- const char *verify_info;
- const char *verify_error;
- int verify_depth;
- int is_proxy;
- int disabled;
- int non_ssl_request;
-
- /* Track the handshake/renegotiation state for the connection so
- * that all client-initiated renegotiations can be rejected, as a
- * partial fix for CVE-2009-3555. */
- enum {
- RENEG_INIT = 0, /* Before initial handshake */
- RENEG_REJECT, /* After initial handshake; any client-initiated
- * renegotiation should be rejected */
- RENEG_ALLOW, /* A server-initated renegotiation is taking
- * place (as dictated by configuration) */
- RENEG_ABORT /* Renegotiation initiated by client, abort the
- * connection */
- } reneg_state;
-} SSLConnRec;
-
-typedef struct {
- pid_t pid;
- apr_pool_t *pPool;
- BOOL bFixed;
- int nSessionCacheMode;
- char *szSessionCacheDataFile;
- int nSessionCacheDataSize;
- apr_shm_t *pSessionCacheDataMM;
- apr_rmm_t *pSessionCacheDataRMM;
- apr_table_t *tSessionCacheDataTable;
- ssl_mutexmode_t nMutexMode;
- apr_lockmech_e nMutexMech;
- const char *szMutexFile;
- apr_global_mutex_t *pMutex;
- apr_array_header_t *aRandSeed;
- apr_hash_t *tVHostKeys;
- void *pTmpKeys[SSL_TMP_KEY_MAX];
- apr_hash_t *tPublicCert;
- apr_hash_t *tPrivateKey;
-#ifdef SSL_EXPERIMENTAL_ENGINE
- char *szCryptoDevice;
-#endif
- struct {
- void *pV1, *pV2, *pV3, *pV4, *pV5, *pV6, *pV7, *pV8, *pV9, *pV10;
- } rCtx;
-} SSLModConfigRec;
-
-/* public cert/private key */
-typedef struct {
- /*
- * server only has 1-2 certs/keys
- * 1 RSA and/or 1 DSA
- */
- const char *cert_files[SSL_AIDX_MAX];
- const char *key_files[SSL_AIDX_MAX];
- X509 *certs[SSL_AIDX_MAX];
- EVP_PKEY *keys[SSL_AIDX_MAX];
-} modssl_pk_server_t;
-
-typedef struct {
- /* proxy can have any number of cert/key pairs */
- const char *cert_file;
- const char *cert_path;
- STACK_OF(X509_INFO) *certs;
-} modssl_pk_proxy_t;
-
-/* stuff related to authentication that can also be per-dir */
-typedef struct {
- /* known/trusted CAs */
- const char *ca_cert_path;
- const char *ca_cert_file;
-
- const char *cipher_suite;
-
- /* for client or downstream server authentication */
- int verify_depth;
- ssl_verify_t verify_mode;
-} modssl_auth_ctx_t;
-
-typedef struct SSLSrvConfigRec SSLSrvConfigRec;
-
-typedef struct {
- SSLSrvConfigRec *sc; /* pointer back to server config */
- SSL_CTX *ssl_ctx;
-
- /* we are one or the other */
- modssl_pk_server_t *pks;
- modssl_pk_proxy_t *pkp;
-
- ssl_proto_t protocol;
-
- /* config for handling encrypted keys */
- ssl_pphrase_t pphrase_dialog_type;
- const char *pphrase_dialog_path;
-
- const char *cert_chain;
-
- /* certificate revocation list */
- const char *crl_path;
- const char *crl_file;
- X509_STORE *crl;
-
- modssl_auth_ctx_t auth;
-} modssl_ctx_t;
-
-struct SSLSrvConfigRec {
- SSLModConfigRec *mc;
- BOOL enabled;
- BOOL proxy_enabled;
- const char *vhost_id;
- int vhost_id_len;
- int session_cache_timeout;
- BOOL insecure_reneg;
- modssl_ctx_t *server;
- modssl_ctx_t *proxy;
-};
-
-/*
- * Define the mod_ssl per-directory configuration structure
- * (i.e. the local configuration for all <Directory>
- * and .htaccess contexts)
- */
-typedef struct {
- BOOL bSSLRequired;
- apr_array_header_t *aRequirement;
- ssl_opt_t nOptions;
- ssl_opt_t nOptionsAdd;
- ssl_opt_t nOptionsDel;
- const char *szCipherSuite;
- ssl_verify_t nVerifyClient;
- int nVerifyDepth;
- const char *szCACertificatePath;
- const char *szCACertificateFile;
- const char *szUserName;
-} SSLDirConfigRec;
-
-/*
- * function prototypes
- */
-
-/* API glue structures */
-extern module AP_MODULE_DECLARE_DATA ssl_module;
-
-/* "global" stuff */
-extern const char ssl_valid_ssl_mutex_string[];
-
-/* configuration handling */
-SSLModConfigRec *ssl_config_global_create(server_rec *);
-void ssl_config_global_fix(SSLModConfigRec *);
-BOOL ssl_config_global_isfixed(SSLModConfigRec *);
-void *ssl_config_server_create(apr_pool_t *, server_rec *);
-void *ssl_config_server_merge(apr_pool_t *, void *, void *);
-void *ssl_config_perdir_create(apr_pool_t *, char *);
-void *ssl_config_perdir_merge(apr_pool_t *, void *, void *);
-const char *ssl_cmd_SSLMutex(cmd_parms *, void *, const char *);
-const char *ssl_cmd_SSLPassPhraseDialog(cmd_parms *, void *, const char *);
-const char *ssl_cmd_SSLCryptoDevice(cmd_parms *, void *, const char *);
-const char *ssl_cmd_SSLRandomSeed(cmd_parms *, void *, const char *, const char *, const char *);
-const char *ssl_cmd_SSLEngine(cmd_parms *, void *, int);
-const char *ssl_cmd_SSLCipherSuite(cmd_parms *, void *, const char *);
-const char *ssl_cmd_SSLCertificateFile(cmd_parms *, void *, const char *);
-const char *ssl_cmd_SSLCertificateKeyFile(cmd_parms *, void *, const char *);
-const char *ssl_cmd_SSLCertificateChainFile(cmd_parms *, void *, const char *);
-const char *ssl_cmd_SSLCACertificatePath(cmd_parms *, void *, const char *);
-const char *ssl_cmd_SSLCACertificateFile(cmd_parms *, void *, const char *);
-const char *ssl_cmd_SSLCARevocationPath(cmd_parms *, void *, const char *);
-const char *ssl_cmd_SSLCARevocationFile(cmd_parms *, void *, const char *);
-const char *ssl_cmd_SSLVerifyClient(cmd_parms *, void *, const char *);
-const char *ssl_cmd_SSLVerifyDepth(cmd_parms *, void *, const char *);
-const char *ssl_cmd_SSLSessionCache(cmd_parms *, void *, const char *);
-const char *ssl_cmd_SSLSessionCacheTimeout(cmd_parms *, void *, const char *);
-const char *ssl_cmd_SSLProtocol(cmd_parms *, void *, const char *);
-const char *ssl_cmd_SSLOptions(cmd_parms *, void *, const char *);
-const char *ssl_cmd_SSLRequireSSL(cmd_parms *, void *);
-const char *ssl_cmd_SSLRequire(cmd_parms *, void *, const char *);
-const char *ssl_cmd_SSLUserName(cmd_parms *, void *, const char *);
-const char *ssl_cmd_SSLInsecureRenegotiation(cmd_parms *cmd, void *dcfg, int flag);
-
-const char *ssl_cmd_SSLProxyEngine(cmd_parms *cmd, void *dcfg, int flag);
-const char *ssl_cmd_SSLProxyProtocol(cmd_parms *, void *, const char *);
-const char *ssl_cmd_SSLProxyCipherSuite(cmd_parms *, void *, const char *);
-const char *ssl_cmd_SSLProxyVerify(cmd_parms *, void *, const char *);
-const char *ssl_cmd_SSLProxyVerifyDepth(cmd_parms *, void *, const char *);
-const char *ssl_cmd_SSLProxyCACertificatePath(cmd_parms *, void *, const char *);
-const char *ssl_cmd_SSLProxyCACertificateFile(cmd_parms *, void *, const char *);
-const char *ssl_cmd_SSLProxyCARevocationPath(cmd_parms *, void *, const char *);
-const char *ssl_cmd_SSLProxyCARevocationFile(cmd_parms *, void *, const char *);
-const char *ssl_cmd_SSLProxyMachineCertificatePath(cmd_parms *, void *, const char *);
-const char *ssl_cmd_SSLProxyMachineCertificateFile(cmd_parms *, void *, const char *);
-
-/* module initialization */
-int ssl_init_Module(apr_pool_t *, apr_pool_t *, apr_pool_t *, server_rec *);
-void ssl_init_Engine(server_rec *, apr_pool_t *);
-void ssl_init_ConfigureServer(server_rec *, apr_pool_t *, apr_pool_t *, SSLSrvConfigRec *);
-void ssl_init_CheckServers(server_rec *, apr_pool_t *);
-STACK_OF(X509_NAME)
- *ssl_init_FindCAList(server_rec *, apr_pool_t *, const char *, const char *);
-void ssl_init_Child(apr_pool_t *, server_rec *);
-apr_status_t ssl_init_ModuleKill(void *data);
-
-/* Apache API hooks */
-int ssl_hook_Auth(request_rec *);
-int ssl_hook_UserCheck(request_rec *);
-int ssl_hook_Access(request_rec *);
-int ssl_hook_Fixup(request_rec *);
-int ssl_hook_ReadReq(request_rec *);
-
-/* OpenSSL callbacks */
-RSA *ssl_callback_TmpRSA(SSL *, int, int);
-DH *ssl_callback_TmpDH(SSL *, int, int);
-int ssl_callback_SSLVerify(int, X509_STORE_CTX *);
-int ssl_callback_SSLVerify_CRL(int, X509_STORE_CTX *, conn_rec *);
-int ssl_callback_proxy_cert(SSL *ssl, MODSSL_CLIENT_CERT_CB_ARG_TYPE **x509, EVP_PKEY **pkey);
-int ssl_callback_NewSessionCacheEntry(SSL *, SSL_SESSION *);
-SSL_SESSION *ssl_callback_GetSessionCacheEntry(SSL *, unsigned char *, int, int *);
-void ssl_callback_DelSessionCacheEntry(SSL_CTX *, SSL_SESSION *);
-void ssl_callback_Info(MODSSL_INFO_CB_ARG_TYPE, int, int);
-
-/* Session Cache Support */
-void ssl_scache_init(server_rec *, apr_pool_t *);
-#if 0 /* XXX */
-void ssl_scache_status_register(apr_pool_t *p);
-#endif
-void ssl_scache_kill(server_rec *);
-BOOL ssl_scache_store(server_rec *, UCHAR *, int, time_t, SSL_SESSION *);
-SSL_SESSION *ssl_scache_retrieve(server_rec *, UCHAR *, int);
-void ssl_scache_remove(server_rec *, UCHAR *, int);
-void ssl_scache_expire(server_rec *);
-void ssl_scache_status(server_rec *, apr_pool_t *, void (*)(char *, void *), void *);
-char *ssl_scache_id2sz(UCHAR *, int);
-void ssl_scache_dbm_init(server_rec *, apr_pool_t *);
-void ssl_scache_dbm_kill(server_rec *);
-BOOL ssl_scache_dbm_store(server_rec *, UCHAR *, int, time_t, SSL_SESSION *);
-SSL_SESSION *ssl_scache_dbm_retrieve(server_rec *, UCHAR *, int);
-void ssl_scache_dbm_remove(server_rec *, UCHAR *, int);
-void ssl_scache_dbm_expire(server_rec *);
-void ssl_scache_dbm_status(server_rec *, apr_pool_t *, void (*)(char *, void *), void *);
-
-void ssl_scache_shmht_init(server_rec *, apr_pool_t *);
-void ssl_scache_shmht_kill(server_rec *);
-BOOL ssl_scache_shmht_store(server_rec *, UCHAR *, int, time_t, SSL_SESSION *);
-SSL_SESSION *ssl_scache_shmht_retrieve(server_rec *, UCHAR *, int);
-void ssl_scache_shmht_remove(server_rec *, UCHAR *, int);
-void ssl_scache_shmht_expire(server_rec *);
-void ssl_scache_shmht_status(server_rec *, apr_pool_t *, void (*)(char *, void *), void *);
-
-void ssl_scache_shmcb_init(server_rec *, apr_pool_t *);
-void ssl_scache_shmcb_kill(server_rec *);
-BOOL ssl_scache_shmcb_store(server_rec *, UCHAR *, int, time_t, SSL_SESSION *);
-SSL_SESSION *ssl_scache_shmcb_retrieve(server_rec *, UCHAR *, int);
-void ssl_scache_shmcb_remove(server_rec *, UCHAR *, int);
-void ssl_scache_shmcb_expire(server_rec *);
-void ssl_scache_shmcb_status(server_rec *, apr_pool_t *, void (*)(char *, void *), void *);
-
-/* Pass Phrase Support */
-void ssl_pphrase_Handle(server_rec *, apr_pool_t *);
-
-/* Diffie-Hellman Parameter Support */
-DH *ssl_dh_GetTmpParam(int);
-DH *ssl_dh_GetParamFromFile(char *);
-
-unsigned char *ssl_asn1_table_set(apr_hash_t *table,
- const char *key,
- long int length);
-
-ssl_asn1_t *ssl_asn1_table_get(apr_hash_t *table,
- const char *key);
-
-void ssl_asn1_table_unset(apr_hash_t *table,
- const char *key);
-
-const char *ssl_asn1_keystr(int keytype);
-
-const char *ssl_asn1_table_keyfmt(apr_pool_t *p,
- const char *id,
- int keytype);
-/* Mutex Support */
-int ssl_mutex_init(server_rec *, apr_pool_t *);
-int ssl_mutex_reinit(server_rec *, apr_pool_t *);
-int ssl_mutex_on(server_rec *);
-int ssl_mutex_off(server_rec *);
-
-/* Logfile Support */
-void ssl_die(void);
-void ssl_log_ssl_error(const char *, int, int, server_rec *);
-
-/* Variables */
-void ssl_var_register(void);
-char *ssl_var_lookup(apr_pool_t *, server_rec *, conn_rec *, request_rec *, char *);
-void ssl_var_log_config_register(apr_pool_t *p);
-
-APR_DECLARE_OPTIONAL_FN(char *, ssl_var_lookup,
- (apr_pool_t *, server_rec *,
- conn_rec *, request_rec *,
- char *));
-
-/* An optional function which returns non-zero if the given connection
- * is using SSL/TLS. */
-APR_DECLARE_OPTIONAL_FN(int, ssl_is_https, (conn_rec *));
-
-/* Proxy Support */
-int ssl_proxy_enable(conn_rec *c);
-int ssl_engine_disable(conn_rec *c);
-
-APR_DECLARE_OPTIONAL_FN(int, ssl_proxy_enable, (conn_rec *));
-
-APR_DECLARE_OPTIONAL_FN(int, ssl_engine_disable, (conn_rec *));
-
-/* I/O */
-void ssl_io_filter_init(conn_rec *, SSL *);
-void ssl_io_filter_register(apr_pool_t *);
-long ssl_io_data_cb(BIO *, int, MODSSL_BIO_CB_ARG_TYPE *, int, long, long);
-
-/* ssl_io_buffer_fill fills the setaside buffering of the HTTP request
- * to allow an SSL renegotiation to take place. */
-int ssl_io_buffer_fill(request_rec *r);
-
-/* PRNG */
-int ssl_rand_seed(server_rec *, apr_pool_t *, ssl_rsctx_t, char *);
-
-/* Utility Functions */
-char *ssl_util_vhostid(apr_pool_t *, server_rec *);
-void ssl_util_strupper(char *);
-void ssl_util_uuencode(char *, const char *, BOOL);
-void ssl_util_uuencode_binary(unsigned char *, const unsigned char *, int, BOOL);
-apr_file_t *ssl_util_ppopen(server_rec *, apr_pool_t *, const char *,
- const char * const *);
-void ssl_util_ppclose(server_rec *, apr_pool_t *, apr_file_t *);
-char *ssl_util_readfilter(server_rec *, apr_pool_t *, const char *,
- const char * const *);
-BOOL ssl_util_path_check(ssl_pathcheck_t, const char *, apr_pool_t *);
-ssl_algo_t ssl_util_algotypeof(X509 *, EVP_PKEY *);
-char *ssl_util_algotypestr(ssl_algo_t);
-char *ssl_util_ptxtsub(apr_pool_t *, const char *, const char *, char *);
-void ssl_util_thread_setup(apr_pool_t *);
-
-#define APR_SHM_MAXSIZE (64 * 1024 * 1024)
-#endif /* __MOD_SSL_H__ */
diff --git a/rubbos/app/httpd-2.0.64/modules/ssl/modules.mk b/rubbos/app/httpd-2.0.64/modules/ssl/modules.mk
deleted file mode 100644
index ceb52a1b..00000000
--- a/rubbos/app/httpd-2.0.64/modules/ssl/modules.mk
+++ /dev/null
@@ -1,3 +0,0 @@
-DISTCLEAN_TARGETS = modules.mk
-static =
-shared =
diff --git a/rubbos/app/httpd-2.0.64/modules/ssl/ssl_engine_config.c b/rubbos/app/httpd-2.0.64/modules/ssl/ssl_engine_config.c
deleted file mode 100644
index f597d2a4..00000000
--- a/rubbos/app/httpd-2.0.64/modules/ssl/ssl_engine_config.c
+++ /dev/null
@@ -1,1420 +0,0 @@
-/* Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-/* _ _
- * _ __ ___ ___ __| | ___ ___| | mod_ssl
- * | '_ ` _ \ / _ \ / _` | / __/ __| | Apache Interface to OpenSSL
- * | | | | | | (_) | (_| | \__ \__ \ |
- * |_| |_| |_|\___/ \__,_|___|___/___/_|
- * |_____|
- * ssl_engine_config.c
- * Apache Configuration Directives
- */
- /* ``Damned if you do,
- damned if you don't.''
- -- Unknown */
-#include "mod_ssl.h"
-
-/* _________________________________________________________________
-**
-** Support for Global Configuration
-** _________________________________________________________________
-*/
-
-#define SSL_MOD_CONFIG_KEY "ssl_module"
-
-SSLModConfigRec *ssl_config_global_create(server_rec *s)
-{
- apr_pool_t *pool = s->process->pool;
- SSLModConfigRec *mc;
- void *vmc;
-
- apr_pool_userdata_get(&vmc, SSL_MOD_CONFIG_KEY, pool);
- if (vmc) {
- return vmc; /* reused for lifetime of the server */
- }
-
- /*
- * allocate an own subpool which survives server restarts
- */
- mc = (SSLModConfigRec *)apr_palloc(pool, sizeof(*mc));
- mc->pPool = pool;
- mc->bFixed = FALSE;
-
- /*
- * initialize per-module configuration
- */
- mc->nSessionCacheMode = SSL_SCMODE_UNSET;
- mc->szSessionCacheDataFile = NULL;
- mc->nSessionCacheDataSize = 0;
- mc->pSessionCacheDataMM = NULL;
- mc->pSessionCacheDataRMM = NULL;
- mc->tSessionCacheDataTable = NULL;
- mc->nMutexMode = SSL_MUTEXMODE_UNSET;
- mc->nMutexMech = APR_LOCK_DEFAULT;
- mc->szMutexFile = NULL;
- mc->pMutex = NULL;
- mc->aRandSeed = apr_array_make(pool, 4,
- sizeof(ssl_randseed_t));
- mc->tVHostKeys = apr_hash_make(pool);
- mc->tPrivateKey = apr_hash_make(pool);
- mc->tPublicCert = apr_hash_make(pool);
-#ifdef SSL_EXPERIMENTAL_ENGINE
- mc->szCryptoDevice = NULL;
-#endif
-
- memset(mc->pTmpKeys, 0, sizeof(mc->pTmpKeys));
-
- apr_pool_userdata_set(mc, SSL_MOD_CONFIG_KEY,
- apr_pool_cleanup_null,
- pool);
-
- return mc;
-}
-
-void ssl_config_global_fix(SSLModConfigRec *mc)
-{
- mc->bFixed = TRUE;
-}
-
-BOOL ssl_config_global_isfixed(SSLModConfigRec *mc)
-{
- return mc->bFixed;
-}
-
-/* _________________________________________________________________
-**
-** Configuration handling
-** _________________________________________________________________
-*/
-
-static void modssl_ctx_init(modssl_ctx_t *mctx)
-{
- mctx->sc = NULL; /* set during module init */
-
- mctx->ssl_ctx = NULL; /* set during module init */
-
- mctx->pks = NULL;
- mctx->pkp = NULL;
-
- mctx->protocol = SSL_PROTOCOL_ALL;
-
- mctx->pphrase_dialog_type = SSL_PPTYPE_UNSET;
- mctx->pphrase_dialog_path = NULL;
-
- mctx->cert_chain = NULL;
-
- mctx->crl_path = NULL;
- mctx->crl_file = NULL;
- mctx->crl = NULL; /* set during module init */
-
- mctx->auth.ca_cert_path = NULL;
- mctx->auth.ca_cert_file = NULL;
- mctx->auth.cipher_suite = NULL;
- mctx->auth.verify_depth = UNSET;
- mctx->auth.verify_mode = SSL_CVERIFY_UNSET;
-}
-
-static void modssl_ctx_init_proxy(SSLSrvConfigRec *sc,
- apr_pool_t *p)
-{
- modssl_ctx_t *mctx;
-
- mctx = sc->proxy = apr_palloc(p, sizeof(*sc->proxy));
-
- modssl_ctx_init(mctx);
-
- mctx->pkp = apr_palloc(p, sizeof(*mctx->pkp));
-
- mctx->pkp->cert_file = NULL;
- mctx->pkp->cert_path = NULL;
- mctx->pkp->certs = NULL;
-}
-
-static void modssl_ctx_init_server(SSLSrvConfigRec *sc,
- apr_pool_t *p)
-{
- modssl_ctx_t *mctx;
-
- mctx = sc->server = apr_palloc(p, sizeof(*sc->server));
-
- modssl_ctx_init(mctx);
-
- mctx->pks = apr_palloc(p, sizeof(*mctx->pks));
-
- memset((void*)mctx->pks->cert_files, 0, sizeof(mctx->pks->cert_files));
-
- memset((void*)mctx->pks->key_files, 0, sizeof(mctx->pks->key_files));
-
- /* certs/keys are set during module init */
-
- memset(mctx->pks->certs, 0, sizeof(mctx->pks->certs));
-
- memset(mctx->pks->keys, 0, sizeof(mctx->pks->keys));
-}
-
-static SSLSrvConfigRec *ssl_config_server_new(apr_pool_t *p)
-{
- SSLSrvConfigRec *sc = apr_palloc(p, sizeof(*sc));
-
- sc->mc = NULL;
- sc->enabled = UNSET;
- sc->proxy_enabled = UNSET;
- sc->vhost_id = NULL; /* set during module init */
- sc->vhost_id_len = 0; /* set during module init */
- sc->session_cache_timeout = UNSET;
- sc->insecure_reneg = UNSET;
-
- modssl_ctx_init_proxy(sc, p);
-
- modssl_ctx_init_server(sc, p);
-
- return sc;
-}
-
-/*
- * Create per-server SSL configuration
- */
-void *ssl_config_server_create(apr_pool_t *p, server_rec *s)
-{
- SSLSrvConfigRec *sc = ssl_config_server_new(p);
-
- sc->mc = ssl_config_global_create(s);
-
- return sc;
-}
-
-#define cfgMerge(el,unset) mrg->el = (add->el == (unset)) ? base->el : add->el
-#define cfgMergeArray(el) mrg->el = apr_array_append(p, add->el, base->el)
-#define cfgMergeString(el) cfgMerge(el, NULL)
-#define cfgMergeBool(el) cfgMerge(el, UNSET)
-#define cfgMergeInt(el) cfgMerge(el, UNSET)
-
-static void modssl_ctx_cfg_merge(modssl_ctx_t *base,
- modssl_ctx_t *add,
- modssl_ctx_t *mrg)
-{
- cfgMerge(protocol, SSL_PROTOCOL_ALL);
-
- cfgMerge(pphrase_dialog_type, SSL_PPTYPE_UNSET);
- cfgMergeString(pphrase_dialog_path);
-
- cfgMergeString(cert_chain);
-
- cfgMerge(crl_path, NULL);
- cfgMerge(crl_file, NULL);
-
- cfgMergeString(auth.ca_cert_path);
- cfgMergeString(auth.ca_cert_file);
- cfgMergeString(auth.cipher_suite);
- cfgMergeInt(auth.verify_depth);
- cfgMerge(auth.verify_mode, SSL_CVERIFY_UNSET);
-}
-
-static void modssl_ctx_cfg_merge_proxy(modssl_ctx_t *base,
- modssl_ctx_t *add,
- modssl_ctx_t *mrg)
-{
- modssl_ctx_cfg_merge(base, add, mrg);
-
- cfgMergeString(pkp->cert_file);
- cfgMergeString(pkp->cert_path);
-}
-
-static void modssl_ctx_cfg_merge_server(modssl_ctx_t *base,
- modssl_ctx_t *add,
- modssl_ctx_t *mrg)
-{
- int i;
-
- modssl_ctx_cfg_merge(base, add, mrg);
-
- for (i = 0; i < SSL_AIDX_MAX; i++) {
- cfgMergeString(pks->cert_files[i]);
- cfgMergeString(pks->key_files[i]);
- }
-}
-
-/*
- * Merge per-server SSL configurations
- */
-void *ssl_config_server_merge(apr_pool_t *p, void *basev, void *addv)
-{
- SSLSrvConfigRec *base = (SSLSrvConfigRec *)basev;
- SSLSrvConfigRec *add = (SSLSrvConfigRec *)addv;
- SSLSrvConfigRec *mrg = ssl_config_server_new(p);
-
- cfgMerge(mc, NULL);
- cfgMergeBool(enabled);
- cfgMergeBool(proxy_enabled);
- cfgMergeInt(session_cache_timeout);
- cfgMergeBool(insecure_reneg);
-
- modssl_ctx_cfg_merge_proxy(base->proxy, add->proxy, mrg->proxy);
-
- modssl_ctx_cfg_merge_server(base->server, add->server, mrg->server);
-
- return mrg;
-}
-
-/*
- * Create per-directory SSL configuration
- */
-void *ssl_config_perdir_create(apr_pool_t *p, char *dir)
-{
- SSLDirConfigRec *dc = apr_palloc(p, sizeof(*dc));
-
- dc->bSSLRequired = FALSE;
- dc->aRequirement = apr_array_make(p, 4, sizeof(ssl_require_t));
- dc->nOptions = SSL_OPT_NONE|SSL_OPT_RELSET;
- dc->nOptionsAdd = SSL_OPT_NONE;
- dc->nOptionsDel = SSL_OPT_NONE;
-
- dc->szCipherSuite = NULL;
- dc->nVerifyClient = SSL_CVERIFY_UNSET;
- dc->nVerifyDepth = UNSET;
-
- dc->szCACertificatePath = NULL;
- dc->szCACertificateFile = NULL;
- dc->szUserName = NULL;
-
- return dc;
-}
-
-/*
- * Merge per-directory SSL configurations
- */
-void *ssl_config_perdir_merge(apr_pool_t *p, void *basev, void *addv)
-{
- SSLDirConfigRec *base = (SSLDirConfigRec *)basev;
- SSLDirConfigRec *add = (SSLDirConfigRec *)addv;
- SSLDirConfigRec *mrg = (SSLDirConfigRec *)apr_palloc(p, sizeof(*mrg));
-
- cfgMerge(bSSLRequired, FALSE);
- cfgMergeArray(aRequirement);
-
- if (add->nOptions & SSL_OPT_RELSET) {
- mrg->nOptionsAdd =
- (base->nOptionsAdd & ~(add->nOptionsDel)) | add->nOptionsAdd;
- mrg->nOptionsDel =
- (base->nOptionsDel & ~(add->nOptionsAdd)) | add->nOptionsDel;
- mrg->nOptions =
- (base->nOptions & ~(mrg->nOptionsDel)) | mrg->nOptionsAdd;
- }
- else {
- mrg->nOptions = add->nOptions;
- mrg->nOptionsAdd = add->nOptionsAdd;
- mrg->nOptionsDel = add->nOptionsDel;
- }
-
- cfgMergeString(szCipherSuite);
- cfgMerge(nVerifyClient, SSL_CVERIFY_UNSET);
- cfgMergeInt(nVerifyDepth);
-
- cfgMergeString(szCACertificatePath);
- cfgMergeString(szCACertificateFile);
- cfgMergeString(szUserName);
-
- return mrg;
-}
-
-/*
- * Configuration functions for particular directives
- */
-
-const char *ssl_cmd_SSLMutex(cmd_parms *cmd,
- void *dcfg,
- const char *arg)
-{
- const char *err;
- SSLModConfigRec *mc = myModConfig(cmd->server);
-
- if ((err = ap_check_cmd_context(cmd, GLOBAL_ONLY))) {
- return err;
- }
-
- if (ssl_config_global_isfixed(mc)) {
- return NULL;
- }
-
- if (strcEQ(arg, "none") || strcEQ(arg, "no")) {
- mc->nMutexMode = SSL_MUTEXMODE_NONE;
- }
- /* NOTE: previously, 'yes' implied 'sem' */
- else if (strcEQ(arg, "default") || strcEQ(arg, "yes")) {
- mc->nMutexMode = SSL_MUTEXMODE_USED;
- mc->nMutexMech = APR_LOCK_DEFAULT;
- mc->szMutexFile = NULL; /* APR determines temporary filename */
- }
-#if APR_HAS_FLOCK_SERIALIZE
- else if (strlen(arg) > 6 && strcEQn(arg, "flock:", 6)) {
- const char *file = ap_server_root_relative(cmd->pool, arg+6);
- if (!file) {
- return apr_pstrcat(cmd->pool, "Invalid SSLMutex flock: path ",
- arg+6, NULL);
- }
- mc->nMutexMode = SSL_MUTEXMODE_USED;
- mc->nMutexMech = APR_LOCK_FLOCK;
- mc->szMutexFile = apr_psprintf(mc->pPool, "%s.%lu",
- file, (unsigned long)getpid());
- }
-#endif
-#if APR_HAS_FCNTL_SERIALIZE
- else if (strlen(arg) > 6 && strcEQn(arg, "fcntl:", 6)) {
- const char *file = ap_server_root_relative(cmd->pool, arg+6);
- if (!file) {
- return apr_pstrcat(cmd->pool, "Invalid SSLMutex fcntl: path ",
- arg+6, NULL);
- }
- mc->nMutexMode = SSL_MUTEXMODE_USED;
- mc->nMutexMech = APR_LOCK_FCNTL;
- mc->szMutexFile = apr_psprintf(mc->pPool, "%s.%lu",
- file, (unsigned long)getpid());
- }
-#endif
-#if APR_HAS_SYSVSEM_SERIALIZE && !defined(PERCHILD_MPM)
- else if (strcEQ(arg, "sysvsem")) {
- mc->nMutexMode = SSL_MUTEXMODE_USED;
- mc->nMutexMech = APR_LOCK_SYSVSEM;
- mc->szMutexFile = NULL; /* APR determines temporary filename */
- }
-#endif
-#if APR_HAS_POSIXSEM_SERIALIZE
- else if (strcEQ(arg, "posixsem")) {
- mc->nMutexMode = SSL_MUTEXMODE_USED;
- mc->nMutexMech = APR_LOCK_POSIXSEM;
- mc->szMutexFile = NULL; /* APR determines temporary filename */
- }
-#endif
-#if APR_HAS_PROC_PTHREAD_SERIALIZE
- else if (strcEQ(arg, "pthread")) {
- mc->nMutexMode = SSL_MUTEXMODE_USED;
- mc->nMutexMech = APR_LOCK_PROC_PTHREAD;
- mc->szMutexFile = NULL; /* APR determines temporary filename */
- }
-#endif
-#if APR_HAS_FLOCK_SERIALIZE || APR_HAS_FCNTL_SERIALIZE
- else if (strlen(arg) > 5 && strcEQn(arg, "file:", 5)) {
- const char *file = ap_server_root_relative(cmd->pool, arg+5);
- if (!file) {
- return apr_pstrcat(cmd->pool, "Invalid SSLMutex file: path ",
- arg+5, NULL);
- }
- mc->nMutexMode = SSL_MUTEXMODE_USED;
-#if APR_HAS_FLOCK_SERIALIZE
- mc->nMutexMech = APR_LOCK_FLOCK;
-#endif
-#if APR_HAS_FCNTL_SERIALIZE
- mc->nMutexMech = APR_LOCK_FCNTL;
-#endif
- mc->szMutexFile =
- apr_psprintf(mc->pPool, "%s.%lu",
- file, (unsigned long)getpid());
- }
-#endif
-#if (APR_HAS_SYSVSEM_SERIALIZE && !defined(PERCHILD_MPM)) || APR_HAS_POSIXSEM_SERIALIZE
- else if (strcEQ(arg, "sem")) {
- mc->nMutexMode = SSL_MUTEXMODE_USED;
-#if APR_HAS_SYSVSEM_SERIALIZE && !defined(PERCHILD_MPM)
- mc->nMutexMech = APR_LOCK_SYSVSEM;
-#endif
-#if APR_HAS_POSIXSEM_SERIALIZE
- mc->nMutexMech = APR_LOCK_POSIXSEM;
-#endif
- mc->szMutexFile = NULL; /* APR determines temporary filename */
- }
-#endif
- else {
- return apr_pstrcat(cmd->pool, "Invalid SSLMutex argument ",
- arg, " (", ssl_valid_ssl_mutex_string, ")", NULL);
- }
-
- return NULL;
-}
-
-const char *ssl_cmd_SSLPassPhraseDialog(cmd_parms *cmd,
- void *dcfg,
- const char *arg)
-{
- SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
- const char *err;
- int arglen = strlen(arg);
-
- if ((err = ap_check_cmd_context(cmd, GLOBAL_ONLY))) {
- return err;
- }
-
- if (strcEQ(arg, "builtin")) {
- sc->server->pphrase_dialog_type = SSL_PPTYPE_BUILTIN;
- sc->server->pphrase_dialog_path = NULL;
- }
- else if ((arglen > 5) && strEQn(arg, "exec:", 5)) {
- sc->server->pphrase_dialog_type = SSL_PPTYPE_FILTER;
- /* ### This is broken, exec: may contain args, no? */
- sc->server->pphrase_dialog_path =
- ap_server_root_relative(cmd->pool, arg+5);
- if (!sc->server->pphrase_dialog_path) {
- return apr_pstrcat(cmd->pool,
- "Invalid SSLPassPhraseDialog exec: path ",
- arg+5, NULL);
- }
- if (!ssl_util_path_check(SSL_PCM_EXISTS,
- sc->server->pphrase_dialog_path,
- cmd->pool))
- {
- return apr_pstrcat(cmd->pool,
- "SSLPassPhraseDialog: file '",
- sc->server->pphrase_dialog_path,
- "' does not exist", NULL);
- }
-
- }
- else if ((arglen > 1) && (arg[0] == '|')) {
- sc->server->pphrase_dialog_type = SSL_PPTYPE_PIPE;
- sc->server->pphrase_dialog_path = arg + 1;
- }
- else {
- return "SSLPassPhraseDialog: Invalid argument";
- }
-
- return NULL;
-}
-
-#ifdef SSL_EXPERIMENTAL_ENGINE
-const char *ssl_cmd_SSLCryptoDevice(cmd_parms *cmd,
- void *dcfg,
- const char *arg)
-{
- SSLModConfigRec *mc = myModConfig(cmd->server);
- const char *err;
- ENGINE *e;
-#if SSL_LIBRARY_VERSION >= 0x00907000
- static int loaded_engines = FALSE;
-
- /* early loading to make sure the engines are already
- available for ENGINE_by_id() above... */
- if (!loaded_engines) {
- ENGINE_load_builtin_engines();
- loaded_engines = TRUE;
- }
-#endif
- if ((err = ap_check_cmd_context(cmd, GLOBAL_ONLY))) {
- return err;
- }
-
- if (strcEQ(arg, "builtin")) {
- mc->szCryptoDevice = NULL;
- }
- else if ((e = ENGINE_by_id(arg))) {
- mc->szCryptoDevice = arg;
- ENGINE_free(e);
- }
- else {
- return "SSLCryptoDevice: Invalid argument";
- }
-
- return NULL;
-}
-#endif
-
-const char *ssl_cmd_SSLRandomSeed(cmd_parms *cmd,
- void *dcfg,
- const char *arg1,
- const char *arg2,
- const char *arg3)
-{
- SSLModConfigRec *mc = myModConfig(cmd->server);
- const char *err;
- ssl_randseed_t *seed;
- int arg2len = strlen(arg2);
-
- if ((err = ap_check_cmd_context(cmd, GLOBAL_ONLY))) {
- return err;
- }
-
- if (ssl_config_global_isfixed(mc)) {
- return NULL;
- }
-
- seed = apr_array_push(mc->aRandSeed);
-
- if (strcEQ(arg1, "startup")) {
- seed->nCtx = SSL_RSCTX_STARTUP;
- }
- else if (strcEQ(arg1, "connect")) {
- seed->nCtx = SSL_RSCTX_CONNECT;
- }
- else {
- return apr_pstrcat(cmd->pool, "SSLRandomSeed: "
- "invalid context: `", arg1, "'",
- NULL);
- }
-
- if ((arg2len > 5) && strEQn(arg2, "file:", 5)) {
- seed->nSrc = SSL_RSSRC_FILE;
- seed->cpPath = ap_server_root_relative(mc->pPool, arg2+5);
- }
- else if ((arg2len > 5) && strEQn(arg2, "exec:", 5)) {
- seed->nSrc = SSL_RSSRC_EXEC;
- seed->cpPath = ap_server_root_relative(mc->pPool, arg2+5);
- }
- else if ((arg2len > 4) && strEQn(arg2, "egd:", 4)) {
-#ifdef HAVE_SSL_RAND_EGD
- seed->nSrc = SSL_RSSRC_EGD;
- seed->cpPath = ap_server_root_relative(mc->pPool, arg2+4);
-#else
- return "egd not supported with this SSL toolkit";
-#endif
- }
- else if (strcEQ(arg2, "builtin")) {
- seed->nSrc = SSL_RSSRC_BUILTIN;
- seed->cpPath = NULL;
- }
- else {
- seed->nSrc = SSL_RSSRC_FILE;
- seed->cpPath = ap_server_root_relative(mc->pPool, arg2);
- }
-
- if (seed->nSrc != SSL_RSSRC_BUILTIN) {
- if (!seed->cpPath) {
- return apr_pstrcat(cmd->pool,
- "Invalid SSLRandomSeed path ",
- arg2, NULL);
- }
- if (!ssl_util_path_check(SSL_PCM_EXISTS, seed->cpPath, cmd->pool)) {
- return apr_pstrcat(cmd->pool,
- "SSLRandomSeed: source path '",
- seed->cpPath, "' does not exist", NULL);
- }
- }
-
- if (!arg3) {
- seed->nBytes = 0; /* read whole file */
- }
- else {
- if (seed->nSrc == SSL_RSSRC_BUILTIN) {
- return "SSLRandomSeed: byte specification not "
- "allowed for builtin seed source";
- }
-
- seed->nBytes = atoi(arg3);
-
- if (seed->nBytes < 0) {
- return "SSLRandomSeed: invalid number of bytes specified";
- }
- }
-
- return NULL;
-}
-
-const char *ssl_cmd_SSLEngine(cmd_parms *cmd, void *dcfg, int flag)
-{
- SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
-
- sc->enabled = flag ? TRUE : FALSE;
-
- return NULL;
-}
-
-const char *ssl_cmd_SSLCipherSuite(cmd_parms *cmd,
- void *dcfg,
- const char *arg)
-{
- SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
- SSLDirConfigRec *dc = (SSLDirConfigRec *)dcfg;
-
- if (cmd->path) {
- dc->szCipherSuite = arg;
- }
- else {
- sc->server->auth.cipher_suite = arg;
- }
-
- return NULL;
-}
-
-#define SSL_FLAGS_CHECK_FILE \
- (SSL_PCM_EXISTS|SSL_PCM_ISREG|SSL_PCM_ISNONZERO)
-
-#define SSL_FLAGS_CHECK_DIR \
- (SSL_PCM_EXISTS|SSL_PCM_ISDIR)
-
-static const char *ssl_cmd_check_file(cmd_parms *parms,
- const char **file)
-{
- const char *filepath = ap_server_root_relative(parms->pool, *file);
-
- if (!filepath) {
- return apr_pstrcat(parms->pool, parms->cmd->name,
- ": Invalid file path ", *file, NULL);
- }
- *file = filepath;
-
- if (ssl_util_path_check(SSL_FLAGS_CHECK_FILE, *file, parms->pool)) {
- return NULL;
- }
-
- return apr_pstrcat(parms->pool, parms->cmd->name,
- ": file '", *file,
- "' does not exist or is empty", NULL);
-
-}
-
-const char *ssl_cmd_SSLInsecureRenegotiation(cmd_parms *cmd, void *dcfg, int flag)
-{
-#ifdef SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION
- SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
- sc->insecure_reneg = flag?TRUE:FALSE;
- return NULL;
-#else
- return "The SSLInsecureRenegotiation directive is not available "
- "with this SSL library";
-#endif
-}
-
-
-static const char *ssl_cmd_check_dir(cmd_parms *parms,
- const char **dir)
-{
- const char *dirpath = ap_server_root_relative(parms->pool, *dir);
-
- if (!dirpath) {
- return apr_pstrcat(parms->pool, parms->cmd->name,
- ": Invalid dir path ", *dir, NULL);
- }
- *dir = dirpath;
-
- if (ssl_util_path_check(SSL_FLAGS_CHECK_DIR, *dir, parms->pool)) {
- return NULL;
- }
-
- return apr_pstrcat(parms->pool, parms->cmd->name,
- ": directory '", *dir,
- "' does not exist", NULL);
-
-}
-
-#define SSL_AIDX_CERTS 1
-#define SSL_AIDX_KEYS 2
-
-static const char *ssl_cmd_check_aidx_max(cmd_parms *parms,
- const char *arg,
- int idx)
-{
- SSLSrvConfigRec *sc = mySrvConfig(parms->server);
- const char *err, *desc=NULL, **files=NULL;
- int i;
-
- if ((err = ssl_cmd_check_file(parms, &arg))) {
- return err;
- }
-
- switch (idx) {
- case SSL_AIDX_CERTS:
- desc = "certificates";
- files = sc->server->pks->cert_files;
- break;
- case SSL_AIDX_KEYS:
- desc = "private keys";
- files = sc->server->pks->key_files;
- break;
- }
-
- for (i = 0; i < SSL_AIDX_MAX; i++) {
- if (!files[i]) {
- files[i] = arg;
- return NULL;
- }
- }
-
- return apr_psprintf(parms->pool,
- "%s: only up to %d "
- "different %s per virtual host allowed",
- parms->cmd->name, SSL_AIDX_MAX, desc);
-}
-
-const char *ssl_cmd_SSLCertificateFile(cmd_parms *cmd,
- void *dcfg,
- const char *arg)
-{
-
- const char *err;
-
- if ((err = ssl_cmd_check_aidx_max(cmd, arg, SSL_AIDX_CERTS))) {
- return err;
- }
-
- return NULL;
-}
-
-const char *ssl_cmd_SSLCertificateKeyFile(cmd_parms *cmd,
- void *dcfg,
- const char *arg)
-{
- const char *err;
-
- if ((err = ssl_cmd_check_aidx_max(cmd, arg, SSL_AIDX_KEYS))) {
- return err;
- }
-
- return NULL;
-}
-
-const char *ssl_cmd_SSLCertificateChainFile(cmd_parms *cmd,
- void *dcfg,
- const char *arg)
-{
- SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
- const char *err;
-
- if ((err = ssl_cmd_check_file(cmd, &arg))) {
- return err;
- }
-
- sc->server->cert_chain = arg;
-
- return NULL;
-}
-
-#define NO_PER_DIR_SSL_CA \
- "Your ssl library does not have support for per-directory CA"
-
-#ifdef HAVE_SSL_SET_CERT_STORE
-# define MODSSL_HAVE_SSL_SET_CERT_STORE 1
-#else
-# define MODSSL_HAVE_SSL_SET_CERT_STORE 0
-#endif
-
-#define MODSSL_SET_CA(f) \
- if (cmd->path) \
- if (MODSSL_HAVE_SSL_SET_CERT_STORE) \
- dc->f = arg; \
- else \
- return NO_PER_DIR_SSL_CA; \
- else \
- sc->f = arg \
-
-const char *ssl_cmd_SSLCACertificatePath(cmd_parms *cmd,
- void *dcfg,
- const char *arg)
-{
- /*SSLDirConfigRec *dc = (SSLDirConfigRec *)dcfg;*/
- SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
- const char *err;
-
- if ((err = ssl_cmd_check_dir(cmd, &arg))) {
- return err;
- }
-
- /* XXX: bring back per-dir */
- sc->server->auth.ca_cert_path = arg;
-
- return NULL;
-}
-
-const char *ssl_cmd_SSLCACertificateFile(cmd_parms *cmd,
- void *dcfg,
- const char *arg)
-{
- /*SSLDirConfigRec *dc = (SSLDirConfigRec *)dcfg;*/
- SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
- const char *err;
-
- if ((err = ssl_cmd_check_file(cmd, &arg))) {
- return err;
- }
-
- /* XXX: bring back per-dir */
- sc->server->auth.ca_cert_file = arg;
-
- return NULL;
-}
-
-const char *ssl_cmd_SSLCARevocationPath(cmd_parms *cmd,
- void *dcfg,
- const char *arg)
-{
- SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
- const char *err;
-
- if ((err = ssl_cmd_check_dir(cmd, &arg))) {
- return err;
- }
-
- sc->server->crl_path = arg;
-
- return NULL;
-}
-
-const char *ssl_cmd_SSLCARevocationFile(cmd_parms *cmd,
- void *dcfg,
- const char *arg)
-{
- SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
- const char *err;
-
- if ((err = ssl_cmd_check_file(cmd, &arg))) {
- return err;
- }
-
- sc->server->crl_file = arg;
-
- return NULL;
-}
-
-static const char *ssl_cmd_verify_parse(cmd_parms *parms,
- const char *arg,
- ssl_verify_t *id)
-{
- if (strcEQ(arg, "none") || strcEQ(arg, "off")) {
- *id = SSL_CVERIFY_NONE;
- }
- else if (strcEQ(arg, "optional")) {
- *id = SSL_CVERIFY_OPTIONAL;
- }
- else if (strcEQ(arg, "require") || strcEQ(arg, "on")) {
- *id = SSL_CVERIFY_REQUIRE;
- }
- else if (strcEQ(arg, "optional_no_ca")) {
- *id = SSL_CVERIFY_OPTIONAL_NO_CA;
- }
- else {
- return apr_pstrcat(parms->temp_pool, parms->cmd->name,
- ": Invalid argument '", arg, "'",
- NULL);
- }
-
- return NULL;
-}
-
-const char *ssl_cmd_SSLVerifyClient(cmd_parms *cmd,
- void *dcfg,
- const char *arg)
-{
- SSLDirConfigRec *dc = (SSLDirConfigRec *)dcfg;
- SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
- ssl_verify_t mode;
- const char *err;
-
- if ((err = ssl_cmd_verify_parse(cmd, arg, &mode))) {
- return err;
- }
-
- if (cmd->path) {
- dc->nVerifyClient = mode;
- }
- else {
- sc->server->auth.verify_mode = mode;
- }
-
- return NULL;
-}
-
-static const char *ssl_cmd_verify_depth_parse(cmd_parms *parms,
- const char *arg,
- int *depth)
-{
- if ((*depth = atoi(arg)) >= 0) {
- return NULL;
- }
-
- return apr_pstrcat(parms->temp_pool, parms->cmd->name,
- ": Invalid argument '", arg, "'",
- NULL);
-}
-
-const char *ssl_cmd_SSLVerifyDepth(cmd_parms *cmd,
- void *dcfg,
- const char *arg)
-{
- SSLDirConfigRec *dc = (SSLDirConfigRec *)dcfg;
- SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
- int depth;
- const char *err;
-
- if ((err = ssl_cmd_verify_depth_parse(cmd, arg, &depth))) {
- return err;
- }
-
- if (cmd->path) {
- dc->nVerifyDepth = depth;
- }
- else {
- sc->server->auth.verify_depth = depth;
- }
-
- return NULL;
-}
-
-#define MODSSL_NO_SHARED_MEMORY_ERROR \
- "SSLSessionCache: shared memory cache not useable on this platform"
-
-const char *ssl_cmd_SSLSessionCache(cmd_parms *cmd,
- void *dcfg,
- const char *arg)
-{
- SSLModConfigRec *mc = myModConfig(cmd->server);
- const char *err, *colon;
- char *cp, *cp2;
- int arglen = strlen(arg);
-
- if ((err = ap_check_cmd_context(cmd, GLOBAL_ONLY))) {
- return err;
- }
-
- if (ssl_config_global_isfixed(mc)) {
- return NULL;
- }
-
- if (strcEQ(arg, "none")) {
- mc->nSessionCacheMode = SSL_SCMODE_NONE;
- mc->szSessionCacheDataFile = NULL;
- }
- else if ((arglen > 4) && strcEQn(arg, "dbm:", 4)) {
- mc->nSessionCacheMode = SSL_SCMODE_DBM;
- mc->szSessionCacheDataFile = ap_server_root_relative(mc->pPool, arg+4);
- if (!mc->szSessionCacheDataFile) {
- return apr_psprintf(cmd->pool,
- "SSLSessionCache: Invalid cache file path %s",
- arg+4);
- }
- }
- else if ((arglen > 6) && strcEQn(arg, "shmht:", 6)) {
-#if !APR_HAS_SHARED_MEMORY
- return MODSSL_NO_SHARED_MEMORY_ERROR;
-#endif
- mc->nSessionCacheMode = SSL_SCMODE_SHMHT;
- colon = ap_strchr_c(arg, ':');
- mc->szSessionCacheDataFile =
- ap_server_root_relative(mc->pPool, colon+1);
- if (!mc->szSessionCacheDataFile) {
- return apr_psprintf(cmd->pool,
- "SSLSessionCache: Invalid cache file path %s",
- colon+1);
- }
- mc->tSessionCacheDataTable = NULL;
- mc->nSessionCacheDataSize = 1024*512; /* 512KB */
-
- if ((cp = strchr(mc->szSessionCacheDataFile, '('))) {
- *cp++ = NUL;
-
- if (!(cp2 = strchr(cp, ')'))) {
- return "SSLSessionCache: Invalid argument: "
- "no closing parenthesis";
- }
-
- *cp2 = NUL;
-
- mc->nSessionCacheDataSize = atoi(cp);
-
- if (mc->nSessionCacheDataSize < 8192) {
- return "SSLSessionCache: Invalid argument: "
- "size has to be >= 8192 bytes";
- }
-
- if (mc->nSessionCacheDataSize >= APR_SHM_MAXSIZE) {
- return apr_psprintf(cmd->pool,
- "SSLSessionCache: Invalid argument: "
- "size has to be < %d bytes on this "
- "platform", APR_SHM_MAXSIZE);
- }
- }
- }
- else if (((arglen > 4) && strcEQn(arg, "shm:", 4)) ||
- ((arglen > 6) && strcEQn(arg, "shmcb:", 6))) {
-#if !APR_HAS_SHARED_MEMORY
- return MODSSL_NO_SHARED_MEMORY_ERROR;
-#endif
- mc->nSessionCacheMode = SSL_SCMODE_SHMCB;
- colon = ap_strchr_c(arg, ':');
- mc->szSessionCacheDataFile =
- ap_server_root_relative(mc->pPool, colon+1);
- if (!mc->szSessionCacheDataFile) {
- return apr_psprintf(cmd->pool,
- "SSLSessionCache: Invalid cache file path %s",
- colon+1);
- }
- mc->tSessionCacheDataTable = NULL;
- mc->nSessionCacheDataSize = 1024*512; /* 512KB */
-
- if ((cp = strchr(mc->szSessionCacheDataFile, '('))) {
- *cp++ = NUL;
-
- if (!(cp2 = strchr(cp, ')'))) {
- return "SSLSessionCache: Invalid argument: "
- "no closing parenthesis";
- }
-
- *cp2 = NUL;
-
- mc->nSessionCacheDataSize = atoi(cp);
-
- if (mc->nSessionCacheDataSize < 8192) {
- return "SSLSessionCache: Invalid argument: "
- "size has to be >= 8192 bytes";
-
- }
-
- if (mc->nSessionCacheDataSize >= APR_SHM_MAXSIZE) {
- return apr_psprintf(cmd->pool,
- "SSLSessionCache: Invalid argument: "
- "size has to be < %d bytes on this "
- "platform", APR_SHM_MAXSIZE);
-
- }
- }
- }
- else {
- return "SSLSessionCache: Invalid argument";
- }
-
- return NULL;
-}
-
-const char *ssl_cmd_SSLSessionCacheTimeout(cmd_parms *cmd,
- void *dcfg,
- const char *arg)
-{
- SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
-
- sc->session_cache_timeout = atoi(arg);
-
- if (sc->session_cache_timeout < 0) {
- return "SSLSessionCacheTimeout: Invalid argument";
- }
-
- return NULL;
-}
-
-const char *ssl_cmd_SSLOptions(cmd_parms *cmd,
- void *dcfg,
- const char *arg)
-{
- SSLDirConfigRec *dc = (SSLDirConfigRec *)dcfg;
- ssl_opt_t opt;
- int first = TRUE;
- char action, *w;
-
- while (*arg) {
- w = ap_getword_conf(cmd->pool, &arg);
- action = NUL;
-
- if ((*w == '+') || (*w == '-')) {
- action = *(w++);
- }
- else if (first) {
- dc->nOptions = SSL_OPT_NONE;
- first = FALSE;
- }
-
- if (strcEQ(w, "StdEnvVars")) {
- opt = SSL_OPT_STDENVVARS;
- }
- else if (strcEQ(w, "CompatEnvVars")) {
- opt = SSL_OPT_COMPATENVVARS;
- }
- else if (strcEQ(w, "ExportCertData")) {
- opt = SSL_OPT_EXPORTCERTDATA;
- }
- else if (strcEQ(w, "FakeBasicAuth")) {
- opt = SSL_OPT_FAKEBASICAUTH;
- }
- else if (strcEQ(w, "StrictRequire")) {
- opt = SSL_OPT_STRICTREQUIRE;
- }
- else if (strcEQ(w, "OptRenegotiate")) {
- opt = SSL_OPT_OPTRENEGOTIATE;
- }
- else {
- return apr_pstrcat(cmd->pool,
- "SSLOptions: Illegal option '", w, "'",
- NULL);
- }
-
- if (action == '-') {
- dc->nOptionsAdd &= ~opt;
- dc->nOptionsDel |= opt;
- dc->nOptions &= ~opt;
- }
- else if (action == '+') {
- dc->nOptionsAdd |= opt;
- dc->nOptionsDel &= ~opt;
- dc->nOptions |= opt;
- }
- else {
- dc->nOptions = opt;
- dc->nOptionsAdd = opt;
- dc->nOptionsDel = SSL_OPT_NONE;
- }
- }
-
- return NULL;
-}
-
-const char *ssl_cmd_SSLRequireSSL(cmd_parms *cmd, void *dcfg)
-{
- SSLDirConfigRec *dc = (SSLDirConfigRec *)dcfg;
-
- dc->bSSLRequired = TRUE;
-
- return NULL;
-}
-
-const char *ssl_cmd_SSLRequire(cmd_parms *cmd,
- void *dcfg,
- const char *arg)
-{
- SSLDirConfigRec *dc = (SSLDirConfigRec *)dcfg;
- ssl_expr *expr;
- ssl_require_t *require;
-
- if (!(expr = ssl_expr_comp(cmd->pool, (char *)arg))) {
- return apr_pstrcat(cmd->pool, "SSLRequire: ",
- ssl_expr_get_error(), NULL);
- }
-
- require = apr_array_push(dc->aRequirement);
- require->cpExpr = apr_pstrdup(cmd->pool, arg);
- require->mpExpr = expr;
-
- return NULL;
-}
-
-static const char *ssl_cmd_protocol_parse(cmd_parms *parms,
- const char *arg,
- ssl_proto_t *options)
-{
- ssl_proto_t thisopt;
-
- *options = SSL_PROTOCOL_NONE;
-
- while (*arg) {
- char *w = ap_getword_conf(parms->temp_pool, &arg);
- char action = '\0';
-
- if ((*w == '+') || (*w == '-')) {
- action = *(w++);
- }
-
- if (strcEQ(w, "SSLv2")) {
- thisopt = SSL_PROTOCOL_SSLV2;
- }
- else if (strcEQ(w, "SSLv3")) {
- thisopt = SSL_PROTOCOL_SSLV3;
- }
- else if (strcEQ(w, "TLSv1")) {
- thisopt = SSL_PROTOCOL_TLSV1;
- }
- else if (strcEQ(w, "all")) {
- thisopt = SSL_PROTOCOL_ALL;
- }
- else {
- return apr_pstrcat(parms->temp_pool,
- parms->cmd->name,
- ": Illegal protocol '",
- w, "'", NULL);
- }
-
- if (action == '-') {
- *options &= ~thisopt;
- }
- else if (action == '+') {
- *options |= thisopt;
- }
- else {
- *options = thisopt;
- }
- }
-
- return NULL;
-}
-
-const char *ssl_cmd_SSLProtocol(cmd_parms *cmd,
- void *dcfg,
- const char *arg)
-{
- SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
-
- return ssl_cmd_protocol_parse(cmd, arg, &sc->server->protocol);
-}
-
-const char *ssl_cmd_SSLProxyEngine(cmd_parms *cmd, void *dcfg, int flag)
-{
- SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
-
- sc->proxy_enabled = flag ? TRUE : FALSE;
-
- return NULL;
-}
-
-const char *ssl_cmd_SSLProxyProtocol(cmd_parms *cmd,
- void *dcfg,
- const char *arg)
-{
- SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
-
- return ssl_cmd_protocol_parse(cmd, arg, &sc->proxy->protocol);
-}
-
-const char *ssl_cmd_SSLProxyCipherSuite(cmd_parms *cmd,
- void *dcfg,
- const char *arg)
-{
- SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
-
- sc->proxy->auth.cipher_suite = arg;
-
- return NULL;
-}
-
-const char *ssl_cmd_SSLProxyVerify(cmd_parms *cmd,
- void *dcfg,
- const char *arg)
-{
- SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
- ssl_verify_t mode;
- const char *err;
-
- if ((err = ssl_cmd_verify_parse(cmd, arg, &mode))) {
- return err;
- }
-
- sc->proxy->auth.verify_mode = mode;
-
- return NULL;
-}
-
-const char *ssl_cmd_SSLProxyVerifyDepth(cmd_parms *cmd,
- void *dcfg,
- const char *arg)
-{
- SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
- int depth;
- const char *err;
-
- if ((err = ssl_cmd_verify_depth_parse(cmd, arg, &depth))) {
- return err;
- }
-
- sc->proxy->auth.verify_depth = depth;
-
- return NULL;
-}
-
-const char *ssl_cmd_SSLProxyCACertificateFile(cmd_parms *cmd,
- void *dcfg,
- const char *arg)
-{
- SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
- const char *err;
-
- if ((err = ssl_cmd_check_file(cmd, &arg))) {
- return err;
- }
-
- sc->proxy->auth.ca_cert_file = arg;
-
- return NULL;
-}
-
-const char *ssl_cmd_SSLProxyCACertificatePath(cmd_parms *cmd,
- void *dcfg,
- const char *arg)
-{
- SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
- const char *err;
-
- if ((err = ssl_cmd_check_dir(cmd, &arg))) {
- return err;
- }
-
- sc->proxy->auth.ca_cert_path = arg;
-
- return NULL;
-}
-
-const char *ssl_cmd_SSLProxyCARevocationPath(cmd_parms *cmd,
- void *dcfg,
- const char *arg)
-{
- SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
- const char *err;
-
- if ((err = ssl_cmd_check_dir(cmd, &arg))) {
- return err;
- }
-
- sc->proxy->crl_path = arg;
-
- return NULL;
-}
-
-const char *ssl_cmd_SSLProxyCARevocationFile(cmd_parms *cmd,
- void *dcfg,
- const char *arg)
-{
- SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
- const char *err;
-
- if ((err = ssl_cmd_check_file(cmd, &arg))) {
- return err;
- }
-
- sc->proxy->crl_file = arg;
-
- return NULL;
-}
-
-const char *ssl_cmd_SSLProxyMachineCertificateFile(cmd_parms *cmd,
- void *dcfg,
- const char *arg)
-{
- SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
- const char *err;
-
- if ((err = ssl_cmd_check_file(cmd, &arg))) {
- return err;
- }
-
- sc->proxy->pkp->cert_file = arg;
-
- return NULL;
-}
-
-const char *ssl_cmd_SSLProxyMachineCertificatePath(cmd_parms *cmd,
- void *dcfg,
- const char *arg)
-{
- SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
- const char *err;
-
- if ((err = ssl_cmd_check_dir(cmd, &arg))) {
- return err;
- }
-
- sc->proxy->pkp->cert_path = arg;
-
- return NULL;
-}
-
-
-const char *ssl_cmd_SSLUserName(cmd_parms *cmd, void *dcfg,
- const char *arg)
-{
- SSLDirConfigRec *dc = (SSLDirConfigRec *)dcfg;
- dc->szUserName = arg;
- return NULL;
-}
diff --git a/rubbos/app/httpd-2.0.64/modules/ssl/ssl_engine_dh.c b/rubbos/app/httpd-2.0.64/modules/ssl/ssl_engine_dh.c
deleted file mode 100644
index ec66f050..00000000
--- a/rubbos/app/httpd-2.0.64/modules/ssl/ssl_engine_dh.c
+++ /dev/null
@@ -1,207 +0,0 @@
-#if 0
-=pod
-#endif
-/* Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-/* _ _
- * _ __ ___ ___ __| | ___ ___| | mod_ssl
- * | '_ ` _ \ / _ \ / _` | / __/ __| | Apache Interface to OpenSSL
- * | | | | | | (_) | (_| | \__ \__ \ |
- * |_| |_| |_|\___/ \__,_|___|___/___/_|
- * |_____|
- * ssl_engine_dh.c
- * Diffie-Hellman Built-in Temporary Parameters
- */
-
-#include "mod_ssl.h"
-
-/* ----BEGIN GENERATED SECTION-------- */
-
-/*
-** Diffie-Hellman-Parameters: (512 bit)
-** prime:
-** 00:d4:bc:d5:24:06:f6:9b:35:99:4b:88:de:5d:b8:
-** 96:82:c8:15:7f:62:d8:f3:36:33:ee:57:72:f1:1f:
-** 05:ab:22:d6:b5:14:5b:9f:24:1e:5a:cc:31:ff:09:
-** 0a:4b:c7:11:48:97:6f:76:79:50:94:e7:1e:79:03:
-** 52:9f:5a:82:4b
-** generator: 2 (0x2)
-** Diffie-Hellman-Parameters: (1024 bit)
-** prime:
-** 00:e6:96:9d:3d:49:5b:e3:2c:7c:f1:80:c3:bd:d4:
-** 79:8e:91:b7:81:82:51:bb:05:5e:2a:20:64:90:4a:
-** 79:a7:70:fa:15:a2:59:cb:d5:23:a6:a6:ef:09:c4:
-** 30:48:d5:a2:2f:97:1f:3c:20:12:9b:48:00:0e:6e:
-** dd:06:1c:bc:05:3e:37:1d:79:4e:53:27:df:61:1e:
-** bb:be:1b:ac:9b:5c:60:44:cf:02:3d:76:e0:5e:ea:
-** 9b:ad:99:1b:13:a6:3c:97:4e:9e:f1:83:9e:b5:db:
-** 12:51:36:f7:26:2e:56:a8:87:15:38:df:d8:23:c6:
-** 50:50:85:e2:1f:0d:d5:c8:6b
-** generator: 2 (0x2)
-*/
-
-static unsigned char dh512_p[] =
-{
- 0xD4, 0xBC, 0xD5, 0x24, 0x06, 0xF6, 0x9B, 0x35, 0x99, 0x4B, 0x88, 0xDE,
- 0x5D, 0xB8, 0x96, 0x82, 0xC8, 0x15, 0x7F, 0x62, 0xD8, 0xF3, 0x36, 0x33,
- 0xEE, 0x57, 0x72, 0xF1, 0x1F, 0x05, 0xAB, 0x22, 0xD6, 0xB5, 0x14, 0x5B,
- 0x9F, 0x24, 0x1E, 0x5A, 0xCC, 0x31, 0xFF, 0x09, 0x0A, 0x4B, 0xC7, 0x11,
- 0x48, 0x97, 0x6F, 0x76, 0x79, 0x50, 0x94, 0xE7, 0x1E, 0x79, 0x03, 0x52,
- 0x9F, 0x5A, 0x82, 0x4B,
-};
-static unsigned char dh512_g[] =
-{
- 0x02,
-};
-
-static DH *get_dh512(void)
-{
- return modssl_dh_configure(dh512_p, sizeof(dh512_p),
- dh512_g, sizeof(dh512_g));
-}
-
-static unsigned char dh1024_p[] =
-{
- 0xE6, 0x96, 0x9D, 0x3D, 0x49, 0x5B, 0xE3, 0x2C, 0x7C, 0xF1, 0x80, 0xC3,
- 0xBD, 0xD4, 0x79, 0x8E, 0x91, 0xB7, 0x81, 0x82, 0x51, 0xBB, 0x05, 0x5E,
- 0x2A, 0x20, 0x64, 0x90, 0x4A, 0x79, 0xA7, 0x70, 0xFA, 0x15, 0xA2, 0x59,
- 0xCB, 0xD5, 0x23, 0xA6, 0xA6, 0xEF, 0x09, 0xC4, 0x30, 0x48, 0xD5, 0xA2,
- 0x2F, 0x97, 0x1F, 0x3C, 0x20, 0x12, 0x9B, 0x48, 0x00, 0x0E, 0x6E, 0xDD,
- 0x06, 0x1C, 0xBC, 0x05, 0x3E, 0x37, 0x1D, 0x79, 0x4E, 0x53, 0x27, 0xDF,
- 0x61, 0x1E, 0xBB, 0xBE, 0x1B, 0xAC, 0x9B, 0x5C, 0x60, 0x44, 0xCF, 0x02,
- 0x3D, 0x76, 0xE0, 0x5E, 0xEA, 0x9B, 0xAD, 0x99, 0x1B, 0x13, 0xA6, 0x3C,
- 0x97, 0x4E, 0x9E, 0xF1, 0x83, 0x9E, 0xB5, 0xDB, 0x12, 0x51, 0x36, 0xF7,
- 0x26, 0x2E, 0x56, 0xA8, 0x87, 0x15, 0x38, 0xDF, 0xD8, 0x23, 0xC6, 0x50,
- 0x50, 0x85, 0xE2, 0x1F, 0x0D, 0xD5, 0xC8, 0x6B,
-};
-static unsigned char dh1024_g[] =
-{
- 0x02,
-};
-
-static DH *get_dh1024(void)
-{
- return modssl_dh_configure(dh1024_p, sizeof(dh1024_p),
- dh1024_g, sizeof(dh1024_g));
-}
-/* ----END GENERATED SECTION---------- */
-
-DH *ssl_dh_GetTmpParam(int nKeyLen)
-{
- DH *dh;
-
- if (nKeyLen == 512)
- dh = get_dh512();
- else if (nKeyLen == 1024)
- dh = get_dh1024();
- else
- dh = get_dh1024();
- return dh;
-}
-
-DH *ssl_dh_GetParamFromFile(char *file)
-{
- DH *dh = NULL;
- BIO *bio;
-
- if ((bio = BIO_new_file(file, "r")) == NULL)
- return NULL;
-#if SSL_LIBRARY_VERSION < 0x00904000
- dh = PEM_read_bio_DHparams(bio, NULL, NULL);
-#else
- dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL);
-#endif
- BIO_free(bio);
- return (dh);
-}
-
-/*
-=cut
-##
-## Embedded Perl script for generating the temporary DH parameters
-##
-
-require 5.003;
-use strict;
-
-# configuration
-my $file = $0;
-my $begin = '----BEGIN GENERATED SECTION--------';
-my $end = '----END GENERATED SECTION----------';
-
-# read ourself and keep a backup
-open(FP, "<$file") || die;
-my $source = '';
-$source .= $_ while (<FP>);
-close(FP);
-open(FP, ">$file.bak") || die;
-print FP $source;
-close(FP);
-
-# generate the DH parameters
-print "1. Generate 512 and 1024 bit Diffie-Hellman parameters (p, g)\n";
-my $rand = '';
-foreach $file (qw(/var/log/messages /var/adm/messages
- /kernel /vmunix /vmlinuz /etc/hosts /etc/resolv.conf)) {
- if (-f $file) {
- $rand = $file if ($rand eq '');
- $rand .= ":$file" if ($rand ne '');
- }
-}
-$rand = "-rand $rand" if ($rand ne '');
-system("openssl gendh $rand -out dh512.pem 512");
-system("openssl gendh $rand -out dh1024.pem 1024");
-
-# generate DH param info
-my $dhinfo = '';
-open(FP, "openssl dh -noout -text -in dh512.pem |") || die;
-$dhinfo .= $_ while (<FP>);
-close(FP);
-open(FP, "openssl dh -noout -text -in dh1024.pem |") || die;
-$dhinfo .= $_ while (<FP>);
-close(FP);
-$dhinfo =~ s|^|** |mg;
-$dhinfo = "\n\/\*\n$dhinfo\*\/\n\n";
-
-# generate C source from DH params
-my $dhsource = '';
-open(FP, "openssl dh -noout -C -in dh512.pem | indent | expand |") || die;
-$dhsource .= $_ while (<FP>);
-close(FP);
-open(FP, "openssl dh -noout -C -in dh1024.pem | indent | expand |") || die;
-$dhsource .= $_ while (<FP>);
-close(FP);
-$dhsource =~ s|(DH\s+\*get_dh)|static $1|sg;
-
-# generate output
-my $o = $dhinfo . $dhsource;
-
-# insert the generated code at the target location
-$source =~ s|(\/\* $begin.+?\n).*\n(.*?\/\* $end)|$1$o$2|s;
-
-# and update the source on disk
-print "Updating file `$file'\n";
-open(FP, ">$file") || die;
-print FP $source;
-close(FP);
-
-# cleanup
-unlink("dh512.pem");
-unlink("dh1024.pem");
-
-=pod
-*/
diff --git a/rubbos/app/httpd-2.0.64/modules/ssl/ssl_engine_init.c b/rubbos/app/httpd-2.0.64/modules/ssl/ssl_engine_init.c
deleted file mode 100644
index 92c3395d..00000000
--- a/rubbos/app/httpd-2.0.64/modules/ssl/ssl_engine_init.c
+++ /dev/null
@@ -1,1243 +0,0 @@
-/* Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-/* _ _
- * _ __ ___ ___ __| | ___ ___| | mod_ssl
- * | '_ ` _ \ / _ \ / _` | / __/ __| | Apache Interface to OpenSSL
- * | | | | | | (_) | (_| | \__ \__ \ |
- * |_| |_| |_|\___/ \__,_|___|___/___/_|
- * |_____|
- * ssl_engine_init.c
- * Initialization of Servers
- */
- /* ``Recursive, adj.;
- see Recursive.''
- -- Unknown */
-#include "mod_ssl.h"
-
-/* _________________________________________________________________
-**
-** Module Initialization
-** _________________________________________________________________
-*/
-
-
-static void ssl_add_version_components(apr_pool_t *p,
- server_rec *s)
-{
- char *modver = ssl_var_lookup(p, s, NULL, NULL, "SSL_VERSION_INTERFACE");
- char *libver = ssl_var_lookup(p, s, NULL, NULL, "SSL_VERSION_LIBRARY");
- char *incver = ssl_var_lookup(p, s, NULL, NULL,
- "SSL_VERSION_LIBRARY_INTERFACE");
-
- ap_add_version_component(p, modver);
- ap_add_version_component(p, libver);
-
- ap_log_error(APLOG_MARK, APLOG_INFO, 0, s,
- "%s compiled against Server: %s, Library: %s",
- modver, AP_SERVER_BASEVERSION, incver);
-}
-
-
-/*
- * Initialize SSL library
- */
-static void ssl_init_SSLLibrary(server_rec *s)
-{
- ap_log_error(APLOG_MARK, APLOG_INFO, 0, s,
- "Init: Initializing %s library", SSL_LIBRARY_NAME);
-
- SSL_load_error_strings();
- SSL_library_init();
- OpenSSL_add_all_algorithms(); /* Required for eg SHA256 client certs */
-}
-
-/*
- * Handle the Temporary RSA Keys and DH Params
- */
-
-#define MODSSL_TMP_KEY_FREE(mc, type, idx) \
- if (mc->pTmpKeys[idx]) { \
- type##_free((type *)mc->pTmpKeys[idx]); \
- mc->pTmpKeys[idx] = NULL; \
- }
-
-#define MODSSL_TMP_KEYS_FREE(mc, type) \
- MODSSL_TMP_KEY_FREE(mc, type, SSL_TMP_KEY_##type##_512); \
- MODSSL_TMP_KEY_FREE(mc, type, SSL_TMP_KEY_##type##_1024)
-
-static void ssl_tmp_keys_free(server_rec *s)
-{
- SSLModConfigRec *mc = myModConfig(s);
-
- MODSSL_TMP_KEYS_FREE(mc, RSA);
- MODSSL_TMP_KEYS_FREE(mc, DH);
-}
-
-static int ssl_tmp_key_init_rsa(server_rec *s,
- int bits, int idx)
-{
- SSLModConfigRec *mc = myModConfig(s);
-
- if (!(mc->pTmpKeys[idx] =
- RSA_generate_key(bits, RSA_F4, NULL, NULL)))
- {
- ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
- "Init: Failed to generate temporary "
- "%d bit RSA private key", bits);
- return !OK;
- }
-
- return OK;
-}
-
-static int ssl_tmp_key_init_dh(server_rec *s,
- int bits, int idx)
-{
- SSLModConfigRec *mc = myModConfig(s);
-
- if (!(mc->pTmpKeys[idx] =
- ssl_dh_GetTmpParam(bits)))
- {
- ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
- "Init: Failed to generate temporary "
- "%d bit DH parameters", bits);
- return !OK;
- }
-
- return OK;
-}
-
-#define MODSSL_TMP_KEY_INIT_RSA(s, bits) \
- ssl_tmp_key_init_rsa(s, bits, SSL_TMP_KEY_RSA_##bits)
-
-#define MODSSL_TMP_KEY_INIT_DH(s, bits) \
- ssl_tmp_key_init_dh(s, bits, SSL_TMP_KEY_DH_##bits)
-
-static int ssl_tmp_keys_init(server_rec *s)
-{
- ap_log_error(APLOG_MARK, APLOG_INFO, 0, s,
- "Init: Generating temporary RSA private keys (512/1024 bits)");
-
- if (MODSSL_TMP_KEY_INIT_RSA(s, 512) ||
- MODSSL_TMP_KEY_INIT_RSA(s, 1024)) {
- return !OK;
- }
-
- ap_log_error(APLOG_MARK, APLOG_INFO, 0, s,
- "Init: Generating temporary DH parameters (512/1024 bits)");
-
- if (MODSSL_TMP_KEY_INIT_DH(s, 512) ||
- MODSSL_TMP_KEY_INIT_DH(s, 1024)) {
- return !OK;
- }
-
- return OK;
-}
-
-/*
- * Per-module initialization
- */
-int ssl_init_Module(apr_pool_t *p, apr_pool_t *plog,
- apr_pool_t *ptemp,
- server_rec *base_server)
-{
- SSLModConfigRec *mc = myModConfig(base_server);
- SSLSrvConfigRec *sc;
- server_rec *s;
-
- /*
- * Let us cleanup on restarts and exists
- */
- apr_pool_cleanup_register(p, base_server,
- ssl_init_ModuleKill,
- apr_pool_cleanup_null);
-
- /*
- * Any init round fixes the global config
- */
- ssl_config_global_create(base_server); /* just to avoid problems */
- ssl_config_global_fix(mc);
-
- /*
- * try to fix the configuration and open the dedicated SSL
- * logfile as early as possible
- */
- for (s = base_server; s; s = s->next) {
- sc = mySrvConfig(s);
-
- if (sc->server) {
- sc->server->sc = sc;
- }
-
- if (sc->proxy) {
- sc->proxy->sc = sc;
- }
-
- /*
- * Create the server host:port string because we need it a lot
- */
- sc->vhost_id = ssl_util_vhostid(p, s);
- sc->vhost_id_len = strlen(sc->vhost_id);
-
- /* Fix up stuff that may not have been set */
- if (sc->enabled == UNSET) {
- sc->enabled = FALSE;
- }
-
- if (sc->proxy_enabled == UNSET) {
- sc->proxy_enabled = FALSE;
- }
-
- if (sc->session_cache_timeout == UNSET) {
- sc->session_cache_timeout = SSL_SESSION_CACHE_TIMEOUT;
- }
-
- if (sc->server->pphrase_dialog_type == SSL_PPTYPE_UNSET) {
- sc->server->pphrase_dialog_type = SSL_PPTYPE_BUILTIN;
- }
-
- }
-
-#if APR_HAS_THREADS
- ssl_util_thread_setup(p);
-#endif
-
- /*
- * SSL external crypto device ("engine") support
- */
-#ifdef SSL_EXPERIMENTAL_ENGINE
- ssl_init_Engine(base_server, p);
-#endif
-
- ssl_init_SSLLibrary(base_server);
-
- /*
- * Seed the Pseudo Random Number Generator (PRNG)
- * only need ptemp here; nothing inside allocated from the pool
- * needs to live once we return from ssl_rand_seed().
- */
- ssl_rand_seed(base_server, ptemp, SSL_RSCTX_STARTUP, "Init: ");
-
- /*
- * read server private keys/public certs into memory.
- * decrypting any encrypted keys via configured SSLPassPhraseDialogs
- * anything that needs to live longer than ptemp needs to also survive
- * restarts, in which case they'll live inside s->process->pool.
- */
- ssl_pphrase_Handle(base_server, ptemp);
-
- if (ssl_tmp_keys_init(base_server)) {
- return !OK;
- }
-
- /*
- * initialize the mutex handling
- */
- if (!ssl_mutex_init(base_server, p)) {
- return HTTP_INTERNAL_SERVER_ERROR;
- }
-
- /*
- * initialize session caching
- */
- ssl_scache_init(base_server, p);
-
- /*
- * initialize servers
- */
- ap_log_error(APLOG_MARK, APLOG_INFO, 0, base_server,
- "Init: Initializing (virtual) servers for SSL");
-
- for (s = base_server; s; s = s->next) {
- sc = mySrvConfig(s);
- /*
- * Either now skip this server when SSL is disabled for
- * it or give out some information about what we're
- * configuring.
- */
-
- /*
- * Read the server certificate and key
- */
- ssl_init_ConfigureServer(s, p, ptemp, sc);
- }
-
- /*
- * Configuration consistency checks
- */
- ssl_init_CheckServers(base_server, ptemp);
-
- /*
- * Announce mod_ssl and SSL library in HTTP Server field
- * as ``mod_ssl/X.X.X OpenSSL/X.X.X''
- */
- ssl_add_version_components(p, base_server);
-
- SSL_init_app_data2_idx(); /* for SSL_get_app_data2() at request time */
-
- return OK;
-}
-
-/*
- * Support for external a Crypto Device ("engine"), usually
- * a hardware accellerator card for crypto operations.
- */
-#ifdef SSL_EXPERIMENTAL_ENGINE
-void ssl_init_Engine(server_rec *s, apr_pool_t *p)
-{
- SSLModConfigRec *mc = myModConfig(s);
- ENGINE *e;
-
- if (mc->szCryptoDevice) {
- if (!(e = ENGINE_by_id(mc->szCryptoDevice))) {
- ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
- "Init: Failed to load Crypto Device API `%s'",
- mc->szCryptoDevice);
- ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s);
- ssl_die();
- }
-
- if (strEQ(mc->szCryptoDevice, "chil")) {
- ENGINE_ctrl(e, ENGINE_CTRL_CHIL_SET_FORKCHECK, 1, 0, 0);
- }
-
- if (!ENGINE_set_default(e, ENGINE_METHOD_ALL)) {
- ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
- "Init: Failed to enable Crypto Device API `%s'",
- mc->szCryptoDevice);
- ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s);
- ssl_die();
- }
-
- ENGINE_free(e);
- }
-}
-#endif
-
-static void ssl_init_server_check(server_rec *s,
- apr_pool_t *p,
- apr_pool_t *ptemp,
- modssl_ctx_t *mctx)
-{
- /*
- * check for important parameters and the
- * possibility that the user forgot to set them.
- */
- if (!mctx->pks->cert_files[0]) {
- ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
- "No SSL Certificate set [hint: SSLCertificateFile]");
- ssl_die();
- }
-
- /*
- * Check for problematic re-initializations
- */
- if (mctx->pks->certs[SSL_AIDX_RSA] ||
- mctx->pks->certs[SSL_AIDX_DSA])
- {
- ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
- "Illegal attempt to re-initialise SSL for server "
- "(theoretically shouldn't happen!)");
- ssl_die();
- }
-}
-
-static void ssl_init_ctx_protocol(server_rec *s,
- apr_pool_t *p,
- apr_pool_t *ptemp,
- modssl_ctx_t *mctx)
-{
- SSL_CTX *ctx = NULL;
- SSL_METHOD *method = NULL;
- char *cp;
- int protocol = mctx->protocol;
- SSLSrvConfigRec *sc = mySrvConfig(s);
-
- /*
- * Create the new per-server SSL context
- */
- if (protocol == SSL_PROTOCOL_NONE) {
- ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
- "No SSL protocols available [hint: SSLProtocol]");
- ssl_die();
- }
-
- cp = apr_pstrcat(p,
- (protocol & SSL_PROTOCOL_SSLV2 ? "SSLv2, " : ""),
- (protocol & SSL_PROTOCOL_SSLV3 ? "SSLv3, " : ""),
- (protocol & SSL_PROTOCOL_TLSV1 ? "TLSv1, " : ""),
- NULL);
- cp[strlen(cp)-2] = NUL;
-
- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
- "Creating new SSL context (protocols: %s)", cp);
-
- if (protocol == SSL_PROTOCOL_SSLV2) {
- method = mctx->pkp ?
- SSLv2_client_method() : /* proxy */
- SSLv2_server_method(); /* server */
- ctx = SSL_CTX_new(method); /* only SSLv2 is left */
- }
- else {
- method = mctx->pkp ?
- SSLv23_client_method() : /* proxy */
- SSLv23_server_method(); /* server */
- ctx = SSL_CTX_new(method); /* be more flexible */
- }
-
- mctx->ssl_ctx = ctx;
-
- SSL_CTX_set_options(ctx, SSL_OP_ALL);
-
- if (!(protocol & SSL_PROTOCOL_SSLV2)) {
- SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2);
- }
-
- if (!(protocol & SSL_PROTOCOL_SSLV3)) {
- SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv3);
- }
-
- if (!(protocol & SSL_PROTOCOL_TLSV1)) {
- SSL_CTX_set_options(ctx, SSL_OP_NO_TLSv1);
- }
-
-#ifdef SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION
- if (sc->insecure_reneg == TRUE) {
- SSL_CTX_set_options(ctx, SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION);
- }
-#endif
-
- SSL_CTX_set_app_data(ctx, s);
-
- /*
- * Configure additional context ingredients
- */
- SSL_CTX_set_options(ctx, SSL_OP_SINGLE_DH_USE);
-
-#ifdef SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION
- /*
- * Disallow a session from being resumed during a renegotiation,
- * so that an acceptable cipher suite can be negotiated.
- */
- SSL_CTX_set_options(ctx, SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION);
-#endif
-}
-
-static void ssl_init_ctx_session_cache(server_rec *s,
- apr_pool_t *p,
- apr_pool_t *ptemp,
- modssl_ctx_t *mctx)
-{
- SSL_CTX *ctx = mctx->ssl_ctx;
- SSLModConfigRec *mc = myModConfig(s);
- long cache_mode = SSL_SESS_CACHE_OFF;
-
- if (mc->nSessionCacheMode != SSL_SCMODE_NONE) {
- /* SSL_SESS_CACHE_NO_INTERNAL will force OpenSSL
- * to ignore process local-caching and
- * to always get/set/delete sessions using mod_ssl's callbacks.
- */
- cache_mode = SSL_SESS_CACHE_SERVER|SSL_SESS_CACHE_NO_INTERNAL;
- }
-
- SSL_CTX_set_session_cache_mode(ctx, cache_mode);
-
- SSL_CTX_sess_set_new_cb(ctx, ssl_callback_NewSessionCacheEntry);
- SSL_CTX_sess_set_get_cb(ctx, ssl_callback_GetSessionCacheEntry);
- SSL_CTX_sess_set_remove_cb(ctx, ssl_callback_DelSessionCacheEntry);
-}
-
-static void ssl_init_ctx_callbacks(server_rec *s,
- apr_pool_t *p,
- apr_pool_t *ptemp,
- modssl_ctx_t *mctx)
-{
- SSL_CTX *ctx = mctx->ssl_ctx;
-
- SSL_CTX_set_tmp_rsa_callback(ctx, ssl_callback_TmpRSA);
- SSL_CTX_set_tmp_dh_callback(ctx, ssl_callback_TmpDH);
-
- SSL_CTX_set_info_callback(ctx, ssl_callback_Info);
-}
-
-static void ssl_init_ctx_verify(server_rec *s,
- apr_pool_t *p,
- apr_pool_t *ptemp,
- modssl_ctx_t *mctx)
-{
- SSL_CTX *ctx = mctx->ssl_ctx;
-
- int verify = SSL_VERIFY_NONE;
- STACK_OF(X509_NAME) *ca_list;
-
- if (mctx->auth.verify_mode == SSL_CVERIFY_UNSET) {
- mctx->auth.verify_mode = SSL_CVERIFY_NONE;
- }
-
- if (mctx->auth.verify_depth == UNSET) {
- mctx->auth.verify_depth = 1;
- }
-
- /*
- * Configure callbacks for SSL context
- */
- if (mctx->auth.verify_mode == SSL_CVERIFY_REQUIRE) {
- verify |= SSL_VERIFY_PEER_STRICT;
- }
-
- if ((mctx->auth.verify_mode == SSL_CVERIFY_OPTIONAL) ||
- (mctx->auth.verify_mode == SSL_CVERIFY_OPTIONAL_NO_CA))
- {
- verify |= SSL_VERIFY_PEER;
- }
-
- SSL_CTX_set_verify(ctx, verify, ssl_callback_SSLVerify);
-
- /*
- * Configure Client Authentication details
- */
- if (mctx->auth.ca_cert_file || mctx->auth.ca_cert_path) {
- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
- "Configuring client authentication");
-
- if (!SSL_CTX_load_verify_locations(ctx,
- MODSSL_PCHAR_CAST mctx->auth.ca_cert_file,
- MODSSL_PCHAR_CAST mctx->auth.ca_cert_path))
- {
- ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
- "Unable to configure verify locations "
- "for client authentication");
- ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s);
- ssl_die();
- }
-
- ca_list = ssl_init_FindCAList(s, ptemp,
- mctx->auth.ca_cert_file,
- mctx->auth.ca_cert_path);
- if (!ca_list) {
- ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
- "Unable to determine list of available "
- "CA certificates for client authentication");
- ssl_die();
- }
-
- SSL_CTX_set_client_CA_list(ctx, (STACK *)ca_list);
- }
-
- /*
- * Give a warning when no CAs were configured but client authentication
- * should take place. This cannot work.
- */
- if (mctx->auth.verify_mode == SSL_CVERIFY_REQUIRE) {
- ca_list = (STACK_OF(X509_NAME) *)SSL_CTX_get_client_CA_list(ctx);
-
- if (sk_X509_NAME_num(ca_list) == 0) {
- ap_log_error(APLOG_MARK, APLOG_WARNING, 0, s,
- "Init: Oops, you want to request client "
- "authentication, but no CAs are known for "
- "verification!? [Hint: SSLCACertificate*]");
- }
- }
-}
-
-static void ssl_init_ctx_cipher_suite(server_rec *s,
- apr_pool_t *p,
- apr_pool_t *ptemp,
- modssl_ctx_t *mctx)
-{
- SSL_CTX *ctx = mctx->ssl_ctx;
- const char *suite = mctx->auth.cipher_suite;
-
- /*
- * Configure SSL Cipher Suite
- */
- if (!suite) {
- return;
- }
-
- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
- "Configuring permitted SSL ciphers [%s]",
- suite);
-
- if (!SSL_CTX_set_cipher_list(ctx, MODSSL_PCHAR_CAST suite)) {
- ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
- "Unable to configure permitted SSL ciphers");
- ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s);
- ssl_die();
- }
-}
-
-static void ssl_init_ctx_crl(server_rec *s,
- apr_pool_t *p,
- apr_pool_t *ptemp,
- modssl_ctx_t *mctx)
-{
- /*
- * Configure Certificate Revocation List (CRL) Details
- */
-
- if (!(mctx->crl_file || mctx->crl_path)) {
- return;
- }
-
- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
- "Configuring certificate revocation facility");
-
- mctx->crl =
- SSL_X509_STORE_create((char *)mctx->crl_file,
- (char *)mctx->crl_path);
-
- if (!mctx->crl) {
- ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
- "Unable to configure X.509 CRL storage "
- "for certificate revocation");
- ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s);
- ssl_die();
- }
-}
-
-static void ssl_init_ctx_cert_chain(server_rec *s,
- apr_pool_t *p,
- apr_pool_t *ptemp,
- modssl_ctx_t *mctx)
-{
- BOOL skip_first = FALSE;
- int i, n;
- const char *chain = mctx->cert_chain;
-
- /*
- * Optionally configure extra server certificate chain certificates.
- * This is usually done by OpenSSL automatically when one of the
- * server cert issuers are found under SSLCACertificatePath or in
- * SSLCACertificateFile. But because these are intended for client
- * authentication it can conflict. For instance when you use a
- * Global ID server certificate you've to send out the intermediate
- * CA certificate, too. When you would just configure this with
- * SSLCACertificateFile and also use client authentication mod_ssl
- * would accept all clients also issued by this CA. Obviously this
- * isn't what we want in this situation. So this feature here exists
- * to allow one to explicity configure CA certificates which are
- * used only for the server certificate chain.
- */
- if (!chain) {
- return;
- }
-
- for (i = 0; (i < SSL_AIDX_MAX) && mctx->pks->cert_files[i]; i++) {
- if (strEQ(mctx->pks->cert_files[i], chain)) {
- skip_first = TRUE;
- break;
- }
- }
-
- n = SSL_CTX_use_certificate_chain(mctx->ssl_ctx,
- (char *)chain,
- skip_first, NULL);
- if (n < 0) {
- ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
- "Failed to configure CA certificate chain!");
- ssl_die();
- }
-
- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
- "Configuring server certificate chain "
- "(%d CA certificate%s)",
- n, n == 1 ? "" : "s");
-}
-
-static void ssl_init_ctx(server_rec *s,
- apr_pool_t *p,
- apr_pool_t *ptemp,
- modssl_ctx_t *mctx)
-{
- ssl_init_ctx_protocol(s, p, ptemp, mctx);
-
- ssl_init_ctx_session_cache(s, p, ptemp, mctx);
-
- ssl_init_ctx_callbacks(s, p, ptemp, mctx);
-
- ssl_init_ctx_verify(s, p, ptemp, mctx);
-
- ssl_init_ctx_cipher_suite(s, p, ptemp, mctx);
-
- ssl_init_ctx_crl(s, p, ptemp, mctx);
-
- if (mctx->pks) {
- /* XXX: proxy support? */
- ssl_init_ctx_cert_chain(s, p, ptemp, mctx);
- }
-}
-
-static int ssl_server_import_cert(server_rec *s,
- modssl_ctx_t *mctx,
- const char *id,
- int idx)
-{
- SSLModConfigRec *mc = myModConfig(s);
- ssl_asn1_t *asn1;
- MODSSL_D2I_X509_CONST unsigned char *ptr;
- const char *type = ssl_asn1_keystr(idx);
- X509 *cert;
-
- if (!(asn1 = ssl_asn1_table_get(mc->tPublicCert, id))) {
- return FALSE;
- }
-
- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
- "Configuring %s server certificate", type);
-
- ptr = asn1->cpData;
- if (!(cert = d2i_X509(NULL, &ptr, asn1->nData))) {
- ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
- "Unable to import %s server certificate", type);
- ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s);
- ssl_die();
- }
-
- if (SSL_CTX_use_certificate(mctx->ssl_ctx, cert) <= 0) {
- ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
- "Unable to configure %s server certificate", type);
- ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s);
- ssl_die();
- }
-
- mctx->pks->certs[idx] = cert;
-
- return TRUE;
-}
-
-static int ssl_server_import_key(server_rec *s,
- modssl_ctx_t *mctx,
- const char *id,
- int idx)
-{
- SSLModConfigRec *mc = myModConfig(s);
- ssl_asn1_t *asn1;
- MODSSL_D2I_PrivateKey_CONST unsigned char *ptr;
- const char *type = ssl_asn1_keystr(idx);
- int pkey_type = (idx == SSL_AIDX_RSA) ? EVP_PKEY_RSA : EVP_PKEY_DSA;
- EVP_PKEY *pkey;
-
- if (!(asn1 = ssl_asn1_table_get(mc->tPrivateKey, id))) {
- return FALSE;
- }
-
- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
- "Configuring %s server private key", type);
-
- ptr = asn1->cpData;
- if (!(pkey = d2i_PrivateKey(pkey_type, NULL, &ptr, asn1->nData)))
- {
- ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
- "Unable to import %s server private key", type);
- ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s);
- ssl_die();
- }
-
- if (SSL_CTX_use_PrivateKey(mctx->ssl_ctx, pkey) <= 0) {
- ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
- "Unable to configure %s server private key", type);
- ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s);
- ssl_die();
- }
-
- /*
- * XXX: wonder if this is still needed, this is old todo doc.
- * (see http://www.psy.uq.edu.au/~ftp/Crypto/ssleay/TODO.html)
- */
- if ((pkey_type == EVP_PKEY_DSA) && mctx->pks->certs[idx]) {
- EVP_PKEY *pubkey = X509_get_pubkey(mctx->pks->certs[idx]);
-
- if (pubkey && EVP_PKEY_missing_parameters(pubkey)) {
- EVP_PKEY_copy_parameters(pubkey, pkey);
- ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
- "Copying DSA parameters from private key to certificate");
- ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s);
- EVP_PKEY_free(pubkey);
- }
- }
-
- mctx->pks->keys[idx] = pkey;
-
- return TRUE;
-}
-
-static void ssl_check_public_cert(server_rec *s,
- apr_pool_t *ptemp,
- X509 *cert,
- int type)
-{
- int is_ca, pathlen;
- char *cn;
-
- if (!cert) {
- return;
- }
-
- /*
- * Some information about the certificate(s)
- */
-
- if (SSL_X509_isSGC(cert)) {
- ap_log_error(APLOG_MARK, APLOG_INFO, 0, s,
- "%s server certificate enables "
- "Server Gated Cryptography (SGC)",
- ssl_asn1_keystr(type));
- }
-
- if (SSL_X509_getBC(cert, &is_ca, &pathlen)) {
- if (is_ca) {
- ap_log_error(APLOG_MARK, APLOG_WARNING, 0, s,
- "%s server certificate is a CA certificate "
- "(BasicConstraints: CA == TRUE !?)",
- ssl_asn1_keystr(type));
- }
-
- if (pathlen > 0) {
- ap_log_error(APLOG_MARK, APLOG_WARNING, 0, s,
- "%s server certificate is not a leaf certificate "
- "(BasicConstraints: pathlen == %d > 0 !?)",
- ssl_asn1_keystr(type), pathlen);
- }
- }
-
- if (SSL_X509_getCN(ptemp, cert, &cn)) {
- int fnm_flags = FNM_PERIOD|FNM_CASE_BLIND;
-
- if (apr_fnmatch_test(cn) &&
- (apr_fnmatch(cn, s->server_hostname,
- fnm_flags) == FNM_NOMATCH))
- {
- ap_log_error(APLOG_MARK, APLOG_WARNING, 0, s,
- "%s server certificate wildcard CommonName (CN) `%s' "
- "does NOT match server name!?",
- ssl_asn1_keystr(type), cn);
- }
- else if (strNE(s->server_hostname, cn)) {
- ap_log_error(APLOG_MARK, APLOG_WARNING, 0, s,
- "%s server certificate CommonName (CN) `%s' "
- "does NOT match server name!?",
- ssl_asn1_keystr(type), cn);
- }
- }
-}
-
-static void ssl_init_server_certs(server_rec *s,
- apr_pool_t *p,
- apr_pool_t *ptemp,
- modssl_ctx_t *mctx)
-{
- const char *rsa_id, *dsa_id;
- const char *vhost_id = mctx->sc->vhost_id;
- int i;
- int have_rsa, have_dsa;
-
- rsa_id = ssl_asn1_table_keyfmt(ptemp, vhost_id, SSL_AIDX_RSA);
- dsa_id = ssl_asn1_table_keyfmt(ptemp, vhost_id, SSL_AIDX_DSA);
-
- have_rsa = ssl_server_import_cert(s, mctx, rsa_id, SSL_AIDX_RSA);
- have_dsa = ssl_server_import_cert(s, mctx, dsa_id, SSL_AIDX_DSA);
-
- if (!(have_rsa || have_dsa)) {
- ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
- "Oops, no RSA or DSA server certificate found?!");
- ssl_die();
- }
-
- for (i = 0; i < SSL_AIDX_MAX; i++) {
- ssl_check_public_cert(s, ptemp, mctx->pks->certs[i], i);
- }
-
- have_rsa = ssl_server_import_key(s, mctx, rsa_id, SSL_AIDX_RSA);
- have_dsa = ssl_server_import_key(s, mctx, dsa_id, SSL_AIDX_DSA);
-
- if (!(have_rsa || have_dsa)) {
- ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
- "Oops, no RSA or DSA server private key found?!");
- ssl_die();
- }
-}
-
-static void ssl_init_proxy_certs(server_rec *s,
- apr_pool_t *p,
- apr_pool_t *ptemp,
- modssl_ctx_t *mctx)
-{
- int n, ncerts = 0;
- STACK_OF(X509_INFO) *sk;
- modssl_pk_proxy_t *pkp = mctx->pkp;
-
- SSL_CTX_set_client_cert_cb(mctx->ssl_ctx,
- ssl_callback_proxy_cert);
-
- if (!(pkp->cert_file || pkp->cert_path)) {
- return;
- }
-
- sk = sk_X509_INFO_new_null();
-
- if (pkp->cert_file) {
- SSL_X509_INFO_load_file(ptemp, sk, pkp->cert_file);
- }
-
- if (pkp->cert_path) {
- SSL_X509_INFO_load_path(ptemp, sk, pkp->cert_path);
- }
-
- if ((ncerts = sk_X509_INFO_num(sk)) <= 0) {
- sk_X509_INFO_free(sk);
- ap_log_error(APLOG_MARK, APLOG_WARNING, 0, s,
- "no client certs found for SSL proxy");
- return;
- }
-
- /* Check that all client certs have got certificates and private
- * keys. */
- for (n = 0; n < ncerts; n++) {
- X509_INFO *inf = sk_X509_INFO_value(sk, n);
-
- if (!inf->x509 || !inf->x_pkey) {
- sk_X509_INFO_free(sk);
- ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, s,
- "incomplete client cert configured for SSL proxy "
- "(missing or encrypted private key?)");
- ssl_die();
- return;
- }
- }
-
- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
- "loaded %d client certs for SSL proxy",
- ncerts);
- pkp->certs = sk;
-}
-
-static void ssl_init_proxy_ctx(server_rec *s,
- apr_pool_t *p,
- apr_pool_t *ptemp,
- SSLSrvConfigRec *sc)
-{
- ssl_init_ctx(s, p, ptemp, sc->proxy);
-
- ssl_init_proxy_certs(s, p, ptemp, sc->proxy);
-}
-
-static void ssl_init_server_ctx(server_rec *s,
- apr_pool_t *p,
- apr_pool_t *ptemp,
- SSLSrvConfigRec *sc)
-{
- ssl_init_server_check(s, p, ptemp, sc->server);
-
- ssl_init_ctx(s, p, ptemp, sc->server);
-
- ssl_init_server_certs(s, p, ptemp, sc->server);
-}
-
-/*
- * Configure a particular server
- */
-void ssl_init_ConfigureServer(server_rec *s,
- apr_pool_t *p,
- apr_pool_t *ptemp,
- SSLSrvConfigRec *sc)
-{
- if (sc->enabled) {
- ap_log_error(APLOG_MARK, APLOG_INFO, 0, s,
- "Configuring server for SSL protocol");
- ssl_init_server_ctx(s, p, ptemp, sc);
- }
-
- if (sc->proxy_enabled) {
- ssl_init_proxy_ctx(s, p, ptemp, sc);
- }
-}
-
-void ssl_init_CheckServers(server_rec *base_server, apr_pool_t *p)
-{
- server_rec *s, *ps;
- SSLSrvConfigRec *sc;
- apr_hash_t *table;
- const char *key;
- apr_ssize_t klen;
-
- BOOL conflict = FALSE;
-
- /*
- * Give out warnings when a server has HTTPS configured
- * for the HTTP port or vice versa
- */
- for (s = base_server; s; s = s->next) {
- sc = mySrvConfig(s);
-
- if (sc->enabled && (s->port == DEFAULT_HTTP_PORT)) {
- ap_log_error(APLOG_MARK, APLOG_WARNING, 0,
- base_server,
- "Init: (%s) You configured HTTPS(%d) "
- "on the standard HTTP(%d) port!",
- ssl_util_vhostid(p, s),
- DEFAULT_HTTPS_PORT, DEFAULT_HTTP_PORT);
- }
-
- if (!sc->enabled && (s->port == DEFAULT_HTTPS_PORT)) {
- ap_log_error(APLOG_MARK, APLOG_WARNING, 0,
- base_server,
- "Init: (%s) You configured HTTP(%d) "
- "on the standard HTTPS(%d) port!",
- ssl_util_vhostid(p, s),
- DEFAULT_HTTP_PORT, DEFAULT_HTTPS_PORT);
- }
- }
-
- /*
- * Give out warnings when more than one SSL-aware virtual server uses the
- * same IP:port. This doesn't work because mod_ssl then will always use
- * just the certificate/keys of one virtual host (which one cannot be said
- * easily - but that doesn't matter here).
- */
- table = apr_hash_make(p);
-
- for (s = base_server; s; s = s->next) {
- sc = mySrvConfig(s);
-
- if (!(sc->enabled && s->addrs)) {
- continue;
- }
-
- key = apr_psprintf(p, "%pA:%u",
- &s->addrs->host_addr, s->addrs->host_port);
- klen = strlen(key);
-
- if ((ps = (server_rec *)apr_hash_get(table, key, klen))) {
- ap_log_error(APLOG_MARK, APLOG_WARNING, 0,
- base_server,
- "Init: SSL server IP/port conflict: "
- "%s (%s:%d) vs. %s (%s:%d)",
- ssl_util_vhostid(p, s),
- (s->defn_name ? s->defn_name : "unknown"),
- s->defn_line_number,
- ssl_util_vhostid(p, ps),
- (ps->defn_name ? ps->defn_name : "unknown"),
- ps->defn_line_number);
- conflict = TRUE;
- continue;
- }
-
- apr_hash_set(table, key, klen, s);
- }
-
- if (conflict) {
- ap_log_error(APLOG_MARK, APLOG_WARNING, 0, base_server,
- "Init: You should not use name-based "
- "virtual hosts in conjunction with SSL!!");
- }
-}
-
-#ifdef SSLC_VERSION_NUMBER
-static int ssl_init_FindCAList_X509NameCmp(char **a, char **b)
-{
- return(X509_NAME_cmp((void*)*a, (void*)*b));
-}
-#else
-static int ssl_init_FindCAList_X509NameCmp(X509_NAME **a, X509_NAME **b)
-{
- return(X509_NAME_cmp(*a, *b));
-}
-#endif
-
-static void ssl_init_PushCAList(STACK_OF(X509_NAME) *ca_list,
- server_rec *s, const char *file)
-{
- int n;
- STACK_OF(X509_NAME) *sk;
-
- sk = (STACK_OF(X509_NAME) *)
- SSL_load_client_CA_file(MODSSL_PCHAR_CAST file);
-
- if (!sk) {
- return;
- }
-
- for (n = 0; n < sk_X509_NAME_num(sk); n++) {
- char name_buf[256];
- X509_NAME *name = sk_X509_NAME_value(sk, n);
-
- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
- "CA certificate: %s",
- X509_NAME_oneline(name, name_buf, sizeof(name_buf)));
-
- /*
- * note that SSL_load_client_CA_file() checks for duplicates,
- * but since we call it multiple times when reading a directory
- * we must also check for duplicates ourselves.
- */
-
- if (sk_X509_NAME_find(ca_list, name) < 0) {
- /* this will be freed when ca_list is */
- sk_X509_NAME_push(ca_list, name);
- }
- else {
- /* need to free this ourselves, else it will leak */
- X509_NAME_free(name);
- }
- }
-
- sk_X509_NAME_free(sk);
-}
-
-STACK_OF(X509_NAME) *ssl_init_FindCAList(server_rec *s,
- apr_pool_t *ptemp,
- const char *ca_file,
- const char *ca_path)
-{
- STACK_OF(X509_NAME) *ca_list;
-
- /*
- * Start with a empty stack/list where new
- * entries get added in sorted order.
- */
- ca_list = sk_X509_NAME_new(ssl_init_FindCAList_X509NameCmp);
-
- /*
- * Process CA certificate bundle file
- */
- if (ca_file) {
- ssl_init_PushCAList(ca_list, s, ca_file);
- }
-
- /*
- * Process CA certificate path files
- */
- if (ca_path) {
- apr_dir_t *dir;
- apr_finfo_t direntry;
- apr_int32_t finfo_flags = APR_FINFO_TYPE|APR_FINFO_NAME;
- apr_status_t rv;
-
- if ((rv = apr_dir_open(&dir, ca_path, ptemp)) != APR_SUCCESS) {
- ap_log_error(APLOG_MARK, APLOG_ERR, rv, s,
- "Failed to open SSLCACertificatePath `%s'",
- ca_path);
- ssl_die();
- }
-
- while ((apr_dir_read(&direntry, finfo_flags, dir)) == APR_SUCCESS) {
- const char *file;
- if (direntry.filetype == APR_DIR) {
- continue; /* don't try to load directories */
- }
- file = apr_pstrcat(ptemp, ca_path, "/", direntry.name, NULL);
- ssl_init_PushCAList(ca_list, s, file);
- }
-
- apr_dir_close(dir);
- }
-
- /*
- * Cleanup
- */
- sk_X509_NAME_set_cmp_func(ca_list, NULL);
-
- return ca_list;
-}
-
-void ssl_init_Child(apr_pool_t *p, server_rec *s)
-{
- SSLModConfigRec *mc = myModConfig(s);
- mc->pid = getpid(); /* only call getpid() once per-process */
-
- /* XXX: there should be an ap_srand() function */
- srand((unsigned int)time(NULL));
-
- /* open the mutex lockfile */
- ssl_mutex_reinit(s, p);
-}
-
-#define MODSSL_CFG_ITEM_FREE(func, item) \
- if (item) { \
- func(item); \
- item = NULL; \
- }
-
-static void ssl_init_ctx_cleanup(modssl_ctx_t *mctx)
-{
- MODSSL_CFG_ITEM_FREE(X509_STORE_free, mctx->crl);
-
- MODSSL_CFG_ITEM_FREE(SSL_CTX_free, mctx->ssl_ctx);
-}
-
-static void ssl_init_ctx_cleanup_proxy(modssl_ctx_t *mctx)
-{
- ssl_init_ctx_cleanup(mctx);
-
- if (mctx->pkp->certs) {
- sk_X509_INFO_pop_free(mctx->pkp->certs, X509_INFO_free);
- }
-}
-
-static void ssl_init_ctx_cleanup_server(modssl_ctx_t *mctx)
-{
- int i;
-
- ssl_init_ctx_cleanup(mctx);
-
- for (i=0; i < SSL_AIDX_MAX; i++) {
- MODSSL_CFG_ITEM_FREE(X509_free,
- mctx->pks->certs[i]);
-
- MODSSL_CFG_ITEM_FREE(EVP_PKEY_free,
- mctx->pks->keys[i]);
- }
-}
-
-apr_status_t ssl_init_ModuleKill(void *data)
-{
- SSLSrvConfigRec *sc;
- server_rec *base_server = (server_rec *)data;
- server_rec *s;
-
- /*
- * Drop the session cache and mutex
- */
- ssl_scache_kill(base_server);
-
- /*
- * Destroy the temporary keys and params
- */
- ssl_tmp_keys_free(base_server);
-
- /*
- * Free the non-pool allocated structures
- * in the per-server configurations
- */
- for (s = base_server; s; s = s->next) {
- sc = mySrvConfig(s);
-
- ssl_init_ctx_cleanup_proxy(sc->proxy);
-
- ssl_init_ctx_cleanup_server(sc->server);
- }
-
- /*
- * Try to kill the internals of the SSL library.
- */
- ERR_remove_state(0);
- EVP_cleanup();
-
- return APR_SUCCESS;
-}
-
diff --git a/rubbos/app/httpd-2.0.64/modules/ssl/ssl_engine_io.c b/rubbos/app/httpd-2.0.64/modules/ssl/ssl_engine_io.c
deleted file mode 100644
index c5fe6b8c..00000000
--- a/rubbos/app/httpd-2.0.64/modules/ssl/ssl_engine_io.c
+++ /dev/null
@@ -1,1746 +0,0 @@
-/* Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-/* _ _
- * _ __ ___ ___ __| | ___ ___| | mod_ssl
- * | '_ ` _ \ / _ \ / _` | / __/ __| | Apache Interface to OpenSSL
- * | | | | | | (_) | (_| | \__ \__ \ |
- * |_| |_| |_|\___/ \__,_|___|___/___/_|
- * |_____|
- * ssl_engine_io.c
- * I/O Functions
- */
- /* ``MY HACK: This universe.
- Just one little problem:
- core keeps dumping.''
- -- Unknown */
-#include "mod_ssl.h"
-
-/* _________________________________________________________________
-**
-** I/O Hooks
-** _________________________________________________________________
-*/
-
-/* This file is designed to be the bridge between OpenSSL and httpd.
- * However, we really don't expect anyone (let alone ourselves) to
- * remember what is in this file. So, first, a quick overview.
- *
- * In this file, you will find:
- * - ssl_io_filter_input (Apache input filter)
- * - ssl_io_filter_output (Apache output filter)
- *
- * - bio_filter_in_* (OpenSSL input filter)
- * - bio_filter_out_* (OpenSSL output filter)
- *
- * The input chain is roughly:
- *
- * ssl_io_filter_input->ssl_io_input_read->SSL_read->...
- * ...->bio_filter_in_read->ap_get_brigade/next-httpd-filter
- *
- * In mortal terminology, we do the following:
- * - Receive a request for data to the SSL input filter
- * - Call a helper function once we know we should perform a read
- * - Call OpenSSL's SSL_read()
- * - SSL_read() will then call bio_filter_in_read
- * - bio_filter_in_read will then try to fetch data from the next httpd filter
- * - bio_filter_in_read will flatten that data and return it to SSL_read
- * - SSL_read will then decrypt the data
- * - ssl_io_input_read will then receive decrypted data as a char* and
- * ensure that there were no read errors
- * - The char* is placed in a brigade and returned
- *
- * Since connection-level input filters in httpd need to be able to
- * handle AP_MODE_GETLINE calls (namely identifying LF-terminated strings),
- * ssl_io_input_getline which will handle this special case.
- *
- * Due to AP_MODE_GETLINE and AP_MODE_SPECULATIVE, we may sometimes have
- * 'leftover' decoded data which must be setaside for the next read. That
- * is currently handled by the char_buffer_{read|write} functions. So,
- * ssl_io_input_read may be able to fulfill reads without invoking
- * SSL_read().
- *
- * Note that the filter context of ssl_io_filter_input and bio_filter_in_*
- * are shared as bio_filter_in_ctx_t.
- *
- * Note that the filter is by choice limited to reading at most
- * AP_IOBUFSIZE (8192 bytes) per call.
- *
- */
-
-/* this custom BIO allows us to hook SSL_write directly into
- * an apr_bucket_brigade and use transient buckets with the SSL
- * malloc-ed buffer, rather than copying into a mem BIO.
- * also allows us to pass the brigade as data is being written
- * rather than buffering up the entire response in the mem BIO.
- *
- * when SSL needs to flush (e.g. SSL_accept()), it will call BIO_flush()
- * which will trigger a call to bio_filter_out_ctrl() -> bio_filter_out_flush().
- * so we only need to flush the output ourselves if we receive an
- * EOS or FLUSH bucket. this was not possible with the mem BIO where we
- * had to flush all over the place not really knowing when it was required
- * to do so.
- */
-
-typedef struct {
- SSL *pssl;
- BIO *pbioRead;
- BIO *pbioWrite;
- ap_filter_t *pInputFilter;
- ap_filter_t *pOutputFilter;
- int nobuffer; /* non-zero to prevent buffering */
- SSLConnRec *config;
-} ssl_filter_ctx_t;
-
-typedef struct {
- ssl_filter_ctx_t *filter_ctx;
- conn_rec *c;
- apr_bucket_brigade *bb;
- apr_size_t length;
- char buffer[AP_IOBUFSIZE];
- apr_size_t blen;
- apr_status_t rc;
-} bio_filter_out_ctx_t;
-
-static bio_filter_out_ctx_t *bio_filter_out_ctx_new(ssl_filter_ctx_t *filter_ctx,
- conn_rec *c)
-{
- bio_filter_out_ctx_t *outctx = apr_palloc(c->pool, sizeof(*outctx));
-
- outctx->filter_ctx = filter_ctx;
- outctx->c = c;
- outctx->bb = apr_brigade_create(c->pool, c->bucket_alloc);
- outctx->blen = 0;
- outctx->length = 0;
-
- return outctx;
-}
-
-static int bio_filter_out_flush(BIO *bio)
-{
- bio_filter_out_ctx_t *outctx = (bio_filter_out_ctx_t *)(bio->ptr);
- apr_bucket *e;
-
- if (!(outctx->blen || outctx->length)) {
- outctx->rc = APR_SUCCESS;
- return 1;
- }
-
- if (outctx->blen) {
- e = apr_bucket_transient_create(outctx->buffer, outctx->blen,
- outctx->bb->bucket_alloc);
- /* we filled this buffer first so add it to the
- * head of the brigade
- */
- APR_BRIGADE_INSERT_HEAD(outctx->bb, e);
- outctx->blen = 0;
- }
-
- outctx->length = 0;
- e = apr_bucket_flush_create(outctx->bb->bucket_alloc);
- APR_BRIGADE_INSERT_TAIL(outctx->bb, e);
-
- outctx->rc = ap_pass_brigade(outctx->filter_ctx->pOutputFilter->next,
- outctx->bb);
- /* Fail if the connection was reset: */
- if (outctx->rc == APR_SUCCESS && outctx->c->aborted) {
- outctx->rc = APR_ECONNRESET;
- }
- return (outctx->rc == APR_SUCCESS) ? 1 : -1;
-}
-
-static int bio_filter_create(BIO *bio)
-{
- bio->shutdown = 1;
- bio->init = 1;
- bio->num = -1;
- bio->ptr = NULL;
-
- return 1;
-}
-
-static int bio_filter_destroy(BIO *bio)
-{
- if (bio == NULL) {
- return 0;
- }
-
- /* nothing to free here.
- * apache will destroy the bucket brigade for us
- */
- return 1;
-}
-
-static int bio_filter_out_read(BIO *bio, char *out, int outl)
-{
- /* this is never called */
- return -1;
-}
-
-static int bio_filter_out_write(BIO *bio, const char *in, int inl)
-{
- bio_filter_out_ctx_t *outctx = (bio_filter_out_ctx_t *)(bio->ptr);
-
- /* Abort early if the client has initiated a renegotiation. */
- if (outctx->filter_ctx->config->reneg_state == RENEG_ABORT) {
- outctx->rc = APR_ECONNABORTED;
- return -1;
- }
-
- /* when handshaking we'll have a small number of bytes.
- * max size SSL will pass us here is about 16k.
- * (16413 bytes to be exact)
- */
- BIO_clear_retry_flags(bio);
-
- if (!outctx->length && (inl + outctx->blen < sizeof(outctx->buffer)) &&
- !outctx->filter_ctx->nobuffer) {
- /* the first two SSL_writes (of 1024 and 261 bytes)
- * need to be in the same packet (vec[0].iov_base)
- */
- /* XXX: could use apr_brigade_write() to make code look cleaner
- * but this way we avoid the malloc(APR_BUCKET_BUFF_SIZE)
- * and free() of it later
- */
- memcpy(&outctx->buffer[outctx->blen], in, inl);
- outctx->blen += inl;
- }
- else {
- /* pass along the encrypted data
- * need to flush since we're using SSL's malloc-ed buffer
- * which will be overwritten once we leave here
- */
- apr_bucket *bucket = apr_bucket_transient_create(in, inl,
- outctx->bb->bucket_alloc);
-
- outctx->length += inl;
- APR_BRIGADE_INSERT_TAIL(outctx->bb, bucket);
-
- if (bio_filter_out_flush(bio) < 0) {
- return -1;
- }
- }
-
- return inl;
-}
-
-static long bio_filter_out_ctrl(BIO *bio, int cmd, long num, void *ptr)
-{
- long ret = 1;
- char **pptr;
-
- bio_filter_out_ctx_t *outctx = (bio_filter_out_ctx_t *)(bio->ptr);
-
- switch (cmd) {
- case BIO_CTRL_RESET:
- outctx->blen = outctx->length = 0;
- break;
- case BIO_CTRL_EOF:
- ret = (long)((outctx->blen + outctx->length) == 0);
- break;
- case BIO_C_SET_BUF_MEM_EOF_RETURN:
- outctx->blen = outctx->length = (apr_size_t)num;
- break;
- case BIO_CTRL_INFO:
- ret = (long)(outctx->blen + outctx->length);
- if (ptr) {
- pptr = (char **)ptr;
- *pptr = (char *)&(outctx->buffer[0]);
- }
- break;
- case BIO_CTRL_GET_CLOSE:
- ret = (long)bio->shutdown;
- break;
- case BIO_CTRL_SET_CLOSE:
- bio->shutdown = (int)num;
- break;
- case BIO_CTRL_WPENDING:
- ret = 0L;
- break;
- case BIO_CTRL_PENDING:
- ret = (long)(outctx->blen + outctx->length);
- break;
- case BIO_CTRL_FLUSH:
- ret = bio_filter_out_flush(bio);
- break;
- case BIO_CTRL_DUP:
- ret = 1;
- break;
- /* N/A */
- case BIO_C_SET_BUF_MEM:
- case BIO_C_GET_BUF_MEM_PTR:
- /* we don't care */
- case BIO_CTRL_PUSH:
- case BIO_CTRL_POP:
- default:
- ret = 0;
- break;
- }
-
- return ret;
-}
-
-static int bio_filter_out_gets(BIO *bio, char *buf, int size)
-{
- /* this is never called */
- return -1;
-}
-
-static int bio_filter_out_puts(BIO *bio, const char *str)
-{
- /* this is never called */
- return -1;
-}
-
-static BIO_METHOD bio_filter_out_method = {
- BIO_TYPE_MEM,
- "APR output filter",
- bio_filter_out_write,
- bio_filter_out_read, /* read is never called */
- bio_filter_out_puts, /* puts is never called */
- bio_filter_out_gets, /* gets is never called */
- bio_filter_out_ctrl,
- bio_filter_create,
- bio_filter_destroy,
-#ifdef OPENSSL_VERSION_NUMBER
- NULL /* sslc does not have the callback_ctrl field */
-#endif
-};
-
-typedef struct {
- int length;
- char *value;
-} char_buffer_t;
-
-typedef struct {
- SSL *ssl;
- BIO *bio_out;
- ap_filter_t *f;
- apr_status_t rc;
- ap_input_mode_t mode;
- apr_read_type_e block;
- apr_bucket_brigade *bb;
- char_buffer_t cbuf;
- apr_pool_t *pool;
- char buffer[AP_IOBUFSIZE];
- ssl_filter_ctx_t *filter_ctx;
-} bio_filter_in_ctx_t;
-
-/*
- * this char_buffer api might seem silly, but we don't need to copy
- * any of this data and we need to remember the length.
- */
-
-/* Copy up to INL bytes from the char_buffer BUFFER into IN. Note
- * that due to the strange way this API is designed/used, the
- * char_buffer object is used to cache a segment of inctx->buffer, and
- * then this function called to copy (part of) that segment to the
- * beginning of inctx->buffer. So the segments to copy cannot be
- * presumed to be non-overlapping, and memmove must be used. */
-static int char_buffer_read(char_buffer_t *buffer, char *in, int inl)
-{
- if (!buffer->length) {
- return 0;
- }
-
- if (buffer->length > inl) {
- /* we have have enough to fill the caller's buffer */
- memmove(in, buffer->value, inl);
- buffer->value += inl;
- buffer->length -= inl;
- }
- else {
- /* swallow remainder of the buffer */
- memmove(in, buffer->value, buffer->length);
- inl = buffer->length;
- buffer->value = NULL;
- buffer->length = 0;
- }
-
- return inl;
-}
-
-static int char_buffer_write(char_buffer_t *buffer, char *in, int inl)
-{
- buffer->value = in;
- buffer->length = inl;
- return inl;
-}
-
-/* This function will read from a brigade and discard the read buckets as it
- * proceeds. It will read at most *len bytes.
- */
-static apr_status_t brigade_consume(apr_bucket_brigade *bb,
- apr_read_type_e block,
- char *c, apr_size_t *len)
-{
- apr_size_t actual = 0;
- apr_status_t status = APR_SUCCESS;
-
- while (!APR_BRIGADE_EMPTY(bb)) {
- apr_bucket *b = APR_BRIGADE_FIRST(bb);
- const char *str;
- apr_size_t str_len;
- apr_size_t consume;
-
- /* Justin points out this is an http-ism that might
- * not fit if brigade_consume is added to APR. Perhaps
- * apr_bucket_read(eos_bucket) should return APR_EOF?
- * Then this becomes mainline instead of a one-off.
- */
- if (APR_BUCKET_IS_EOS(b)) {
- status = APR_EOF;
- break;
- }
-
- /* The reason I'm not offering brigade_consume yet
- * across to apr-util is that the following call
- * illustrates how borked that API really is. For
- * this sort of case (caller provided buffer) it
- * would be much more trivial for apr_bucket_consume
- * to do all the work that follows, based on the
- * particular characteristics of the bucket we are
- * consuming here.
- */
- status = apr_bucket_read(b, &str, &str_len, block);
-
- if (status != APR_SUCCESS) {
- if (APR_STATUS_IS_EOF(status)) {
- /* This stream bucket was consumed */
- apr_bucket_delete(b);
- continue;
- }
- break;
- }
-
- if (str_len > 0) {
- /* Do not block once some data has been consumed */
- block = APR_NONBLOCK_READ;
-
- /* Assure we don't overflow. */
- consume = (str_len + actual > *len) ? *len - actual : str_len;
-
- memcpy(c, str, consume);
-
- c += consume;
- actual += consume;
-
- if (consume >= b->length) {
- /* This physical bucket was consumed */
- apr_bucket_delete(b);
- }
- else {
- /* Only part of this physical bucket was consumed */
- b->start += consume;
- b->length -= consume;
- }
- }
- else if (b->length == 0) {
- apr_bucket_delete(b);
- }
-
- /* This could probably be actual == *len, but be safe from stray
- * photons. */
- if (actual >= *len) {
- break;
- }
- }
-
- *len = actual;
- return status;
-}
-
-/*
- * this is the function called by SSL_read()
- */
-static int bio_filter_in_read(BIO *bio, char *in, int inlen)
-{
- apr_size_t inl = inlen;
- bio_filter_in_ctx_t *inctx = (bio_filter_in_ctx_t *)(bio->ptr);
- apr_read_type_e block = inctx->block;
- SSLConnRec *sslconn = myConnConfig(inctx->f->c);
-
- inctx->rc = APR_SUCCESS;
-
- /* OpenSSL catches this case, so should we. */
- if (!in)
- return 0;
-
- /* Abort early if the client has initiated a renegotiation. */
- if (inctx->filter_ctx->config->reneg_state == RENEG_ABORT) {
- inctx->rc = APR_ECONNABORTED;
- return -1;
- }
-
- /* XXX: flush here only required for SSLv2;
- * OpenSSL calls BIO_flush() at the appropriate times for
- * the other protocols.
- */
- if ((SSL_version(inctx->ssl) == SSL2_VERSION) || sslconn->is_proxy) {
- if (bio_filter_out_flush(inctx->bio_out) < 0) {
- bio_filter_out_ctx_t *outctx =
- (bio_filter_out_ctx_t *)(inctx->bio_out->ptr);
- inctx->rc = outctx->rc;
- return -1;
- }
- }
-
- BIO_clear_retry_flags(bio);
-
- if (!inctx->bb) {
- inctx->rc = APR_EOF;
- return -1;
- }
-
- if (APR_BRIGADE_EMPTY(inctx->bb)) {
-
- inctx->rc = ap_get_brigade(inctx->f->next, inctx->bb,
- AP_MODE_READBYTES, block,
- inl);
-
- /* Not a problem, there was simply no data ready yet.
- */
- if (APR_STATUS_IS_EAGAIN(inctx->rc) || APR_STATUS_IS_EINTR(inctx->rc)
- || (inctx->rc == APR_SUCCESS && APR_BRIGADE_EMPTY(inctx->bb))) {
- BIO_set_retry_read(bio);
- return 0;
- }
-
- if (inctx->rc != APR_SUCCESS) {
- /* Unexpected errors discard the brigade */
- apr_brigade_cleanup(inctx->bb);
- inctx->bb = NULL;
- return -1;
- }
- }
-
- inctx->rc = brigade_consume(inctx->bb, block, in, &inl);
-
- if (inctx->rc == APR_SUCCESS) {
- return (int)inl;
- }
-
- if (APR_STATUS_IS_EAGAIN(inctx->rc)
- || APR_STATUS_IS_EINTR(inctx->rc)) {
- BIO_set_retry_read(bio);
- return (int)inl;
- }
-
- /* Unexpected errors and APR_EOF clean out the brigade.
- * Subsequent calls will return APR_EOF.
- */
- apr_brigade_cleanup(inctx->bb);
- inctx->bb = NULL;
-
- if (APR_STATUS_IS_EOF(inctx->rc) && inl) {
- /* Provide the results of this read pass,
- * without resetting the BIO retry_read flag
- */
- return (int)inl;
- }
-
- return -1;
-}
-
-
-static BIO_METHOD bio_filter_in_method = {
- BIO_TYPE_MEM,
- "APR input filter",
- NULL, /* write is never called */
- bio_filter_in_read,
- NULL, /* puts is never called */
- NULL, /* gets is never called */
- NULL, /* ctrl is never called */
- bio_filter_create,
- bio_filter_destroy,
-#ifdef OPENSSL_VERSION_NUMBER
- NULL /* sslc does not have the callback_ctrl field */
-#endif
-};
-
-
-static apr_status_t ssl_io_input_read(bio_filter_in_ctx_t *inctx,
- char *buf,
- apr_size_t *len)
-{
- apr_size_t wanted = *len;
- apr_size_t bytes = 0;
- int rc;
-
- *len = 0;
-
- /* If we have something leftover from last time, try that first. */
- if ((bytes = char_buffer_read(&inctx->cbuf, buf, wanted))) {
- *len = bytes;
- if (inctx->mode == AP_MODE_SPECULATIVE) {
- /* We want to rollback this read. */
- if (inctx->cbuf.length > 0) {
- inctx->cbuf.value -= bytes;
- inctx->cbuf.length += bytes;
- } else {
- char_buffer_write(&inctx->cbuf, buf, (int)bytes);
- }
- return APR_SUCCESS;
- }
- /* This could probably be *len == wanted, but be safe from stray
- * photons.
- */
- if (*len >= wanted) {
- return APR_SUCCESS;
- }
- if (inctx->mode == AP_MODE_GETLINE) {
- if (memchr(buf, APR_ASCII_LF, *len)) {
- return APR_SUCCESS;
- }
- }
- else {
- /* Down to a nonblock pattern as we have some data already
- */
- inctx->block = APR_NONBLOCK_READ;
- }
- }
-
- while (1) {
-
- if (!inctx->filter_ctx->pssl) {
- /* Ensure a non-zero error code is returned */
- if (inctx->rc == APR_SUCCESS) {
- inctx->rc = APR_EGENERAL;
- }
- break;
- }
-
- /* SSL_read may not read because we haven't taken enough data
- * from the stack. This is where we want to consider all of
- * the blocking and SPECULATIVE semantics
- */
- rc = SSL_read(inctx->filter_ctx->pssl, buf + bytes, wanted - bytes);
-
- if (rc > 0) {
- *len += rc;
- if (inctx->mode == AP_MODE_SPECULATIVE) {
- /* We want to rollback this read. */
- char_buffer_write(&inctx->cbuf, buf, rc);
- }
- return inctx->rc;
- }
- else if (rc == 0) {
- /* If EAGAIN, we will loop given a blocking read,
- * otherwise consider ourselves at EOF.
- */
- if (APR_STATUS_IS_EAGAIN(inctx->rc)
- || APR_STATUS_IS_EINTR(inctx->rc)) {
- /* Already read something, return APR_SUCCESS instead.
- * On win32 in particular, but perhaps on other kernels,
- * a blocking call isn't 'always' blocking.
- */
- if (*len > 0) {
- inctx->rc = APR_SUCCESS;
- break;
- }
- if (inctx->block == APR_NONBLOCK_READ) {
- break;
- }
- }
- else {
- if (*len > 0) {
- inctx->rc = APR_SUCCESS;
- }
- else {
- inctx->rc = APR_EOF;
- }
- break;
- }
- }
- else /* (rc < 0) */ {
- int ssl_err = SSL_get_error(inctx->filter_ctx->pssl, rc);
- conn_rec *c = (conn_rec*)SSL_get_app_data(inctx->filter_ctx->pssl);
-
- if (ssl_err == SSL_ERROR_WANT_READ) {
- /*
- * If OpenSSL wants to read more, and we were nonblocking,
- * report as an EAGAIN. Otherwise loop, pulling more
- * data from network filter.
- *
- * (This is usually the case when the client forces an SSL
- * renegotation which is handled implicitly by OpenSSL.)
- */
- inctx->rc = APR_EAGAIN;
-
- if (*len > 0) {
- inctx->rc = APR_SUCCESS;
- break;
- }
- if (inctx->block == APR_NONBLOCK_READ) {
- break;
- }
- continue; /* Blocking and nothing yet? Try again. */
- }
- else if (ssl_err == SSL_ERROR_SYSCALL) {
- if (APR_STATUS_IS_EAGAIN(inctx->rc)
- || APR_STATUS_IS_EINTR(inctx->rc)) {
- /* Already read something, return APR_SUCCESS instead. */
- if (*len > 0) {
- inctx->rc = APR_SUCCESS;
- break;
- }
- if (inctx->block == APR_NONBLOCK_READ) {
- break;
- }
- continue; /* Blocking and nothing yet? Try again. */
- }
- else {
- ap_log_error(APLOG_MARK, APLOG_INFO, inctx->rc, c->base_server,
- "SSL input filter read failed.");
- }
- }
- else /* if (ssl_err == SSL_ERROR_SSL) */ {
- /*
- * Log SSL errors and any unexpected conditions.
- */
- ap_log_error(APLOG_MARK, APLOG_INFO, inctx->rc, c->base_server,
- "SSL library error %d reading data", ssl_err);
- ssl_log_ssl_error(APLOG_MARK, APLOG_INFO, c->base_server);
-
- }
- if (inctx->rc == APR_SUCCESS) {
- inctx->rc = APR_EGENERAL;
- }
- break;
- }
- }
- return inctx->rc;
-}
-
-static apr_status_t ssl_io_input_getline(bio_filter_in_ctx_t *inctx,
- char *buf,
- apr_size_t *len)
-{
- const char *pos = NULL;
- apr_status_t status;
- apr_size_t tmplen = *len, buflen = *len, offset = 0;
-
- *len = 0;
-
- /*
- * in most cases we get all the headers on the first SSL_read.
- * however, in certain cases SSL_read will only get a partial
- * chunk of the headers, so we try to read until LF is seen.
- */
-
- while (tmplen > 0) {
- status = ssl_io_input_read(inctx, buf + offset, &tmplen);
-
- if (status != APR_SUCCESS) {
- return status;
- }
-
- *len += tmplen;
-
- if ((pos = memchr(buf, APR_ASCII_LF, *len))) {
- break;
- }
-
- offset += tmplen;
- tmplen = buflen - offset;
- }
-
- if (pos) {
- char *value;
- int length;
- apr_size_t bytes = pos - buf;
-
- bytes += 1;
- value = buf + bytes;
- length = *len - bytes;
-
- char_buffer_write(&inctx->cbuf, value, length);
-
- *len = bytes;
- }
-
- return APR_SUCCESS;
-}
-
-
-static apr_status_t ssl_filter_write(ap_filter_t *f,
- const char *data,
- apr_size_t len)
-{
- ssl_filter_ctx_t *filter_ctx = f->ctx;
- bio_filter_out_ctx_t *outctx;
- int res;
-
- /* write SSL */
- if (filter_ctx->pssl == NULL) {
- return APR_EGENERAL;
- }
-
- outctx = (bio_filter_out_ctx_t *)filter_ctx->pbioWrite->ptr;
- res = SSL_write(filter_ctx->pssl, (unsigned char *)data, len);
-
- if (res < 0) {
- int ssl_err = SSL_get_error(filter_ctx->pssl, res);
- conn_rec *c = (conn_rec*)SSL_get_app_data(outctx->filter_ctx->pssl);
-
- if (ssl_err == SSL_ERROR_WANT_WRITE) {
- /*
- * If OpenSSL wants to write more, and we were nonblocking,
- * report as an EAGAIN. Otherwise loop, pushing more
- * data at the network filter.
- *
- * (This is usually the case when the client forces an SSL
- * renegotation which is handled implicitly by OpenSSL.)
- */
- outctx->rc = APR_EAGAIN;
- }
- else if (ssl_err == SSL_ERROR_SYSCALL) {
- ap_log_error(APLOG_MARK, APLOG_INFO, outctx->rc, c->base_server,
- "SSL output filter write failed.");
- }
- else /* if (ssl_err == SSL_ERROR_SSL) */ {
- /*
- * Log SSL errors
- */
- ap_log_error(APLOG_MARK, APLOG_INFO, outctx->rc, c->base_server,
- "SSL library error %d writing data", ssl_err);
- ssl_log_ssl_error(APLOG_MARK, APLOG_INFO, c->base_server);
- }
- if (outctx->rc == APR_SUCCESS) {
- outctx->rc = APR_EGENERAL;
- }
- }
- else if ((apr_size_t)res != len) {
- conn_rec *c = f->c;
- char *reason = "reason unknown";
-
- /* XXX: probably a better way to determine this */
- if (SSL_total_renegotiations(filter_ctx->pssl)) {
- reason = "likely due to failed renegotiation";
- }
-
- ap_log_error(APLOG_MARK, APLOG_INFO, outctx->rc, c->base_server,
- "failed to write %d of %d bytes (%s)",
- len - (apr_size_t)res, len, reason);
-
- outctx->rc = APR_EGENERAL;
- }
- return outctx->rc;
-}
-
-/* Just use a simple request. Any request will work for this, because
- * we use a flag in the conn_rec->conn_vector now. The fake request just
- * gets the request back to the Apache core so that a response can be sent.
- *
- * To avoid calling back for more data from the socket, use an HTTP/0.9
- * request, and tack on an EOS bucket.
- */
-#define HTTP_ON_HTTPS_PORT \
- "GET /" CRLF
-
-#define HTTP_ON_HTTPS_PORT_BUCKET(alloc) \
- apr_bucket_immortal_create(HTTP_ON_HTTPS_PORT, \
- sizeof(HTTP_ON_HTTPS_PORT) - 1, \
- alloc)
-
-static void ssl_io_filter_disable(SSLConnRec *sslconn, ap_filter_t *f)
-{
- bio_filter_in_ctx_t *inctx = f->ctx;
- SSL_free(inctx->ssl);
- sslconn->ssl = NULL;
- inctx->ssl = NULL;
- inctx->filter_ctx->pssl = NULL;
-}
-
-static apr_status_t ssl_io_filter_error(ap_filter_t *f,
- apr_bucket_brigade *bb,
- apr_status_t status)
-{
- SSLConnRec *sslconn = myConnConfig(f->c);
- apr_bucket *bucket;
-
- switch (status) {
- case HTTP_BAD_REQUEST:
- /* log the situation */
- ap_log_error(APLOG_MARK, APLOG_INFO, 0,
- f->c->base_server,
- "SSL handshake failed: HTTP spoken on HTTPS port; "
- "trying to send HTML error page");
- ssl_log_ssl_error(APLOG_MARK, APLOG_INFO, f->c->base_server);
-
- sslconn->non_ssl_request = 1;
- ssl_io_filter_disable(sslconn, f);
-
- /* fake the request line */
- bucket = HTTP_ON_HTTPS_PORT_BUCKET(f->c->bucket_alloc);
- break;
-
- default:
- return status;
- }
-
- APR_BRIGADE_INSERT_TAIL(bb, bucket);
- bucket = apr_bucket_eos_create(f->c->bucket_alloc);
- APR_BRIGADE_INSERT_TAIL(bb, bucket);
-
- return APR_SUCCESS;
-}
-
-static const char ssl_io_filter[] = "SSL/TLS Filter";
-static const char ssl_io_buffer[] = "SSL/TLS Buffer";
-
-/*
- * Close the SSL part of the socket connection
- * (called immediately _before_ the socket is closed)
- * or called with
- */
-static apr_status_t ssl_filter_io_shutdown(ssl_filter_ctx_t *filter_ctx,
- conn_rec *c,
- int abortive)
-{
- SSL *ssl = filter_ctx->pssl;
- const char *type = "";
- SSLConnRec *sslconn = myConnConfig(c);
- int shutdown_type;
-
- if (!ssl) {
- return APR_SUCCESS;
- }
-
- /*
- * Now close the SSL layer of the connection. We've to take
- * the TLSv1 standard into account here:
- *
- * | 7.2.1. Closure alerts
- * |
- * | The client and the server must share knowledge that the connection is
- * | ending in order to avoid a truncation attack. Either party may
- * | initiate the exchange of closing messages.
- * |
- * | close_notify
- * | This message notifies the recipient that the sender will not send
- * | any more messages on this connection. The session becomes
- * | unresumable if any connection is terminated without proper
- * | close_notify messages with level equal to warning.
- * |
- * | Either party may initiate a close by sending a close_notify alert.
- * | Any data received after a closure alert is ignored.
- * |
- * | Each party is required to send a close_notify alert before closing
- * | the write side of the connection. It is required that the other party
- * | respond with a close_notify alert of its own and close down the
- * | connection immediately, discarding any pending writes. It is not
- * | required for the initiator of the close to wait for the responding
- * | close_notify alert before closing the read side of the connection.
- *
- * This means we've to send a close notify message, but haven't to wait
- * for the close notify of the client. Actually we cannot wait for the
- * close notify of the client because some clients (including Netscape
- * 4.x) don't send one, so we would hang.
- */
-
- /*
- * exchange close notify messages, but allow the user
- * to force the type of handshake via SetEnvIf directive
- */
- if (abortive) {
- shutdown_type = SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN;
- type = "abortive";
- }
- else switch (sslconn->shutdown_type) {
- case SSL_SHUTDOWN_TYPE_UNCLEAN:
- /* perform no close notify handshake at all
- (violates the SSL/TLS standard!) */
- shutdown_type = SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN;
- type = "unclean";
- break;
- case SSL_SHUTDOWN_TYPE_ACCURATE:
- /* send close notify and wait for clients close notify
- (standard compliant, but usually causes connection hangs) */
- shutdown_type = 0;
- type = "accurate";
- break;
- default:
- /*
- * case SSL_SHUTDOWN_TYPE_UNSET:
- * case SSL_SHUTDOWN_TYPE_STANDARD:
- */
- /* send close notify, but don't wait for clients close notify
- (standard compliant and safe, so it's the DEFAULT!) */
- shutdown_type = SSL_RECEIVED_SHUTDOWN;
- type = "standard";
- break;
- }
-
- SSL_set_shutdown(ssl, shutdown_type);
- SSL_smart_shutdown(ssl);
-
- /* and finally log the fact that we've closed the connection */
- if (c->base_server->loglevel >= APLOG_INFO) {
- ap_log_error(APLOG_MARK, APLOG_INFO, 0, c->base_server,
- "Connection to child %ld closed with %s shutdown"
- "(server %s, client %s)",
- c->id, type,
- ssl_util_vhostid(c->pool, c->base_server),
- c->remote_ip ? c->remote_ip : "unknown");
- }
-
- /* deallocate the SSL connection */
- if (sslconn->client_cert) {
- X509_free(sslconn->client_cert);
- sslconn->client_cert = NULL;
- }
- SSL_free(ssl);
- sslconn->ssl = NULL;
- filter_ctx->pssl = NULL; /* so filters know we've been shutdown */
-
- if (abortive) {
- /* prevent any further I/O */
- c->aborted = 1;
- }
-
- return APR_SUCCESS;
-}
-
-static apr_status_t ssl_io_filter_cleanup(void *data)
-{
- ssl_filter_ctx_t *filter_ctx = data;
-
- if (filter_ctx->pssl) {
- conn_rec *c = (conn_rec *)SSL_get_app_data(filter_ctx->pssl);
- SSLConnRec *sslconn = myConnConfig(c);
-
- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, NULL,
- "SSL connection destroyed without being closed");
-
- SSL_free(filter_ctx->pssl);
- sslconn->ssl = filter_ctx->pssl = NULL;
- }
-
- return APR_SUCCESS;
-}
-
-/*
- * The hook is NOT registered with ap_hook_process_connection. Instead, it is
- * called manually from the churn () before it tries to read any data.
- * There is some problem if I accept conn_rec *. Still investigating..
- * Adv. if conn_rec * can be accepted is we can hook this function using the
- * ap_hook_process_connection hook.
- */
-static int ssl_io_filter_connect(ssl_filter_ctx_t *filter_ctx)
-{
- conn_rec *c = (conn_rec *)SSL_get_app_data(filter_ctx->pssl);
- SSLConnRec *sslconn = myConnConfig(c);
- SSLSrvConfigRec *sc = mySrvConfig(c->base_server);
- X509 *cert;
- int n;
- int ssl_err;
- long verify_result;
-
- if (SSL_is_init_finished(filter_ctx->pssl)) {
- return APR_SUCCESS;
- }
-
- if (sslconn->is_proxy) {
- if ((n = SSL_connect(filter_ctx->pssl)) <= 0) {
- ap_log_error(APLOG_MARK, APLOG_INFO, 0,
- c->base_server,
- "SSL Proxy connect failed");
- ssl_log_ssl_error(APLOG_MARK, APLOG_INFO, c->base_server);
- return ssl_filter_io_shutdown(filter_ctx, c, 1);
- }
-
- return APR_SUCCESS;
- }
-
- if ((n = SSL_accept(filter_ctx->pssl)) <= 0) {
- bio_filter_in_ctx_t *inctx = (bio_filter_in_ctx_t *)
- (filter_ctx->pbioRead->ptr);
- bio_filter_out_ctx_t *outctx = (bio_filter_out_ctx_t *)
- (filter_ctx->pbioWrite->ptr);
- apr_status_t rc = inctx->rc ? inctx->rc : outctx->rc ;
- ssl_err = SSL_get_error(filter_ctx->pssl, n);
-
- if (ssl_err == SSL_ERROR_ZERO_RETURN) {
- /*
- * The case where the connection was closed before any data
- * was transferred. That's not a real error and can occur
- * sporadically with some clients.
- */
- ap_log_error(APLOG_MARK, APLOG_INFO, rc,
- c->base_server,
- "SSL handshake stopped: connection was closed");
- }
- else if (ssl_err == SSL_ERROR_WANT_READ) {
- /*
- * This is in addition to what was present earlier. It is
- * borrowed from openssl_state_machine.c [mod_tls].
- * TBD.
- */
- outctx->rc = APR_EAGAIN;
- return SSL_ERROR_WANT_READ;
- }
- else if (ERR_GET_LIB(ERR_peek_error()) == ERR_LIB_SSL &&
- ERR_GET_REASON(ERR_peek_error()) == SSL_R_HTTP_REQUEST) {
- /*
- * The case where OpenSSL has recognized a HTTP request:
- * This means the client speaks plain HTTP on our HTTPS port.
- * ssl_io_filter_error will disable the ssl filters when it
- * sees this status code.
- */
- return HTTP_BAD_REQUEST;
- }
- else if (ssl_err == SSL_ERROR_SYSCALL) {
- ap_log_error(APLOG_MARK, APLOG_INFO, rc, c->base_server,
- "SSL handshake interrupted by system "
- "[Hint: Stop button pressed in browser?!]");
- }
- else /* if (ssl_err == SSL_ERROR_SSL) */ {
- /*
- * Log SSL errors and any unexpected conditions.
- */
- ap_log_error(APLOG_MARK, APLOG_INFO, rc, c->base_server,
- "SSL library error %d in handshake "
- "(server %s, client %s)", ssl_err,
- ssl_util_vhostid(c->pool, c->base_server),
- c->remote_ip ? c->remote_ip : "unknown");
- ssl_log_ssl_error(APLOG_MARK, APLOG_INFO, c->base_server);
-
- }
- if (inctx->rc == APR_SUCCESS) {
- inctx->rc = APR_EGENERAL;
- }
-
- return ssl_filter_io_shutdown(filter_ctx, c, 1);
- }
-
- /*
- * Check for failed client authentication
- */
- verify_result = SSL_get_verify_result(filter_ctx->pssl);
-
- if ((verify_result != X509_V_OK) ||
- sslconn->verify_error)
- {
- if (ssl_verify_error_is_optional(verify_result) &&
- (sc->server->auth.verify_mode == SSL_CVERIFY_OPTIONAL_NO_CA))
- {
- /* leaving this log message as an error for the moment,
- * according to the mod_ssl docs:
- * "level optional_no_ca is actually against the idea
- * of authentication (but can be used to establish
- * SSL test pages, etc.)"
- * optional_no_ca doesn't appear to work as advertised
- * in 1.x
- */
- ap_log_error(APLOG_MARK, APLOG_INFO, 0,
- c->base_server,
- "SSL client authentication failed, "
- "accepting certificate based on "
- "\"SSLVerifyClient optional_no_ca\" "
- "configuration");
- ssl_log_ssl_error(APLOG_MARK, APLOG_INFO, c->base_server);
- }
- else {
- const char *error = sslconn->verify_error ?
- sslconn->verify_error :
- X509_verify_cert_error_string(verify_result);
-
- ap_log_error(APLOG_MARK, APLOG_INFO, 0,
- c->base_server,
- "SSL client authentication failed: %s",
- error ? error : "unknown");
- ssl_log_ssl_error(APLOG_MARK, APLOG_INFO, c->base_server);
-
- return ssl_filter_io_shutdown(filter_ctx, c, 1);
- }
- }
-
- /*
- * Remember the peer certificate's DN
- */
- if ((cert = SSL_get_peer_certificate(filter_ctx->pssl))) {
- if (sslconn->client_cert) {
- X509_free(sslconn->client_cert);
- }
- sslconn->client_cert = cert;
- sslconn->client_dn = NULL;
- }
-
- /*
- * Make really sure that when a peer certificate
- * is required we really got one... (be paranoid)
- */
- if ((sc->server->auth.verify_mode == SSL_CVERIFY_REQUIRE) &&
- !sslconn->client_cert)
- {
- ap_log_error(APLOG_MARK, APLOG_INFO, 0, c->base_server,
- "No acceptable peer certificate available");
-
- return ssl_filter_io_shutdown(filter_ctx, c, 1);
- }
-
- return APR_SUCCESS;
-}
-
-static apr_status_t ssl_io_filter_input(ap_filter_t *f,
- apr_bucket_brigade *bb,
- ap_input_mode_t mode,
- apr_read_type_e block,
- apr_off_t readbytes)
-{
- apr_status_t status;
- bio_filter_in_ctx_t *inctx = f->ctx;
-
- apr_size_t len = sizeof(inctx->buffer);
- int is_init = (mode == AP_MODE_INIT);
-
- if (f->c->aborted) {
- /* XXX: Ok, if we aborted, we ARE at the EOS. We also have
- * aborted. This 'double protection' is probably redundant,
- * but also effective against just about anything.
- */
- apr_bucket *bucket = apr_bucket_eos_create(f->c->bucket_alloc);
- APR_BRIGADE_INSERT_TAIL(bb, bucket);
- return APR_ECONNABORTED;
- }
-
- if (!inctx->ssl) {
- return ap_get_brigade(f->next, bb, mode, block, readbytes);
- }
-
- /* XXX: we don't currently support anything other than these modes. */
- if (mode != AP_MODE_READBYTES && mode != AP_MODE_GETLINE &&
- mode != AP_MODE_SPECULATIVE && mode != AP_MODE_INIT) {
- return APR_ENOTIMPL;
- }
-
- inctx->mode = mode;
- inctx->block = block;
-
- /* XXX: we could actually move ssl_io_filter_connect to an
- * ap_hook_process_connection but would still need to call it for
- * AP_MODE_INIT for protocols that may upgrade the connection
- * rather than have SSLEngine On configured.
- */
- if ((status = ssl_io_filter_connect(inctx->filter_ctx)) != APR_SUCCESS) {
- return ssl_io_filter_error(f, bb, status);
- }
-
- if (is_init) {
- /* protocol module needs to handshake before sending
- * data to client (e.g. NNTP or FTP)
- */
- return APR_SUCCESS;
- }
-
- if (inctx->mode == AP_MODE_READBYTES ||
- inctx->mode == AP_MODE_SPECULATIVE) {
- /* Protected from truncation, readbytes < MAX_SIZE_T
- * FIXME: No, it's *not* protected. -- jre */
- if (readbytes < len) {
- len = (apr_size_t)readbytes;
- }
- status = ssl_io_input_read(inctx, inctx->buffer, &len);
- }
- else if (inctx->mode == AP_MODE_GETLINE) {
- status = ssl_io_input_getline(inctx, inctx->buffer, &len);
- }
- else {
- /* We have no idea what you are talking about, so return an error. */
- status = APR_ENOTIMPL;
- }
-
- /* It is possible for mod_ssl's BIO to be used outside of the
- * direct control of mod_ssl's input or output filter -- notably,
- * when mod_ssl initiates a renegotiation. Switching the BIO mode
- * back to "blocking" here ensures such operations don't fail with
- * SSL_ERROR_WANT_READ. */
- inctx->block = APR_BLOCK_READ;
-
- /* Handle custom errors. */
- if (status != APR_SUCCESS) {
- return ssl_io_filter_error(f, bb, status);
- }
-
- /* Create a transient bucket out of the decrypted data. */
- if (len > 0) {
- apr_bucket *bucket =
- apr_bucket_transient_create(inctx->buffer, len, f->c->bucket_alloc);
- APR_BRIGADE_INSERT_TAIL(bb, bucket);
- }
-
- return APR_SUCCESS;
-}
-
-static apr_status_t ssl_io_filter_output(ap_filter_t *f,
- apr_bucket_brigade *bb)
-{
- apr_status_t status = APR_SUCCESS;
- ssl_filter_ctx_t *filter_ctx = f->ctx;
- bio_filter_in_ctx_t *inctx;
- bio_filter_out_ctx_t *outctx;
- apr_read_type_e rblock = APR_NONBLOCK_READ;
-
- if (f->c->aborted) {
- apr_brigade_cleanup(bb);
- return APR_ECONNABORTED;
- }
-
- if (!filter_ctx->pssl) {
- /* ssl_filter_io_shutdown was called */
- return ap_pass_brigade(f->next, bb);
- }
-
- inctx = (bio_filter_in_ctx_t *)filter_ctx->pbioRead->ptr;
- outctx = (bio_filter_out_ctx_t *)filter_ctx->pbioWrite->ptr;
-
- /* When we are the writer, we must initialize the inctx
- * mode so that we block for any required ssl input, because
- * output filtering is always nonblocking.
- */
- inctx->mode = AP_MODE_READBYTES;
- inctx->block = APR_BLOCK_READ;
-
- if ((status = ssl_io_filter_connect(filter_ctx)) != APR_SUCCESS) {
- return ssl_io_filter_error(f, bb, status);
- }
-
- while (!APR_BRIGADE_EMPTY(bb)) {
- apr_bucket *bucket = APR_BRIGADE_FIRST(bb);
-
- /* If it is a flush or EOS, we need to pass this down.
- * These types do not require translation by OpenSSL.
- */
- if (APR_BUCKET_IS_EOS(bucket) || APR_BUCKET_IS_FLUSH(bucket)) {
- if (bio_filter_out_flush(filter_ctx->pbioWrite) < 0) {
- status = outctx->rc;
- break;
- }
-
- if (APR_BUCKET_IS_EOS(bucket)) {
- /*
- * By definition, nothing can come after EOS.
- * which also means we can pass the rest of this brigade
- * without creating a new one since it only contains the
- * EOS bucket.
- */
-
- if ((status = ap_pass_brigade(f->next, bb)) != APR_SUCCESS) {
- return status;
- }
- break;
- }
- else {
- /* bio_filter_out_flush() already passed down a flush bucket
- * if there was any data to be flushed.
- */
- apr_bucket_delete(bucket);
- }
- }
- else if (AP_BUCKET_IS_EOC(bucket)) {
- /* The special "EOC" bucket means a shutdown is needed;
- * - turn off buffering in bio_filter_out_write
- * - issue the SSL_shutdown
- */
- filter_ctx->nobuffer = 1;
- status = ssl_filter_io_shutdown(filter_ctx, f->c, 0);
- if (status != APR_SUCCESS) {
- ap_log_error(APLOG_MARK, APLOG_INFO, status, NULL,
- "SSL filter error shutting down I/O");
- }
- if ((status = ap_pass_brigade(f->next, bb)) != APR_SUCCESS) {
- return status;
- }
- break;
- }
- else {
- /* filter output */
- const char *data;
- apr_size_t len;
-
- status = apr_bucket_read(bucket, &data, &len, rblock);
-
- if (APR_STATUS_IS_EAGAIN(status)) {
- /* No data available: flush... */
- if (bio_filter_out_flush(filter_ctx->pbioWrite) < 0) {
- status = outctx->rc;
- break;
- }
- rblock = APR_BLOCK_READ;
- continue; /* and try again with a blocking read. */
- }
-
- rblock = APR_NONBLOCK_READ;
-
- if (!APR_STATUS_IS_EOF(status) && (status != APR_SUCCESS)) {
- break;
- }
-
- status = ssl_filter_write(f, data, len);
- apr_bucket_delete(bucket);
-
- if (status != APR_SUCCESS) {
- break;
- }
- }
- }
-
- return status;
-}
-
-/* 128K maximum buffer size by default. */
-#ifndef SSL_MAX_IO_BUFFER
-#define SSL_MAX_IO_BUFFER (128 * 1024)
-#endif
-
-struct modssl_buffer_ctx {
- apr_bucket_brigade *bb;
- apr_pool_t *pool;
-};
-
-int ssl_io_buffer_fill(request_rec *r)
-{
- conn_rec *c = r->connection;
- struct modssl_buffer_ctx *ctx;
- apr_bucket_brigade *tempb;
- apr_off_t total = 0; /* total length buffered */
- int eos = 0; /* non-zero once EOS is seen */
-
- /* Create the context which will be passed to the input filter;
- * containing a setaside pool and a brigade which constrain the
- * lifetime of the buffered data. */
- ctx = apr_palloc(r->pool, sizeof *ctx);
- apr_pool_create(&ctx->pool, r->pool);
- ctx->bb = apr_brigade_create(ctx->pool, c->bucket_alloc);
-
- /* ... and a temporary brigade. */
- tempb = apr_brigade_create(r->pool, c->bucket_alloc);
-
- ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, "filling buffer");
-
- do {
- apr_status_t rv;
- apr_bucket *e, *next;
-
- /* The request body is read from the protocol-level input
- * filters; the buffering filter will reinject it from that
- * level, allowing content/resource filters to run later, if
- * necessary. */
-
- rv = ap_get_brigade(r->proto_input_filters, tempb, AP_MODE_READBYTES,
- APR_BLOCK_READ, 8192);
- if (rv) {
- ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r,
- "could not read request body for SSL buffer");
- return HTTP_INTERNAL_SERVER_ERROR;
- }
-
- /* Iterate through the returned brigade: setaside each bucket
- * into the context's pool and move it into the brigade. */
- for (e = APR_BRIGADE_FIRST(tempb);
- e != APR_BRIGADE_SENTINEL(tempb) && !eos; e = next) {
- const char *data;
- apr_size_t len;
-
- next = APR_BUCKET_NEXT(e);
-
- if (APR_BUCKET_IS_EOS(e)) {
- eos = 1;
- } else if (!APR_BUCKET_IS_METADATA(e)) {
- rv = apr_bucket_read(e, &data, &len, APR_BLOCK_READ);
- if (rv != APR_SUCCESS) {
- ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r,
- "could not read bucket for SSL buffer");
- return HTTP_INTERNAL_SERVER_ERROR;
- }
- total += len;
- }
-
- rv = apr_bucket_setaside(e, ctx->pool);
- if (rv != APR_SUCCESS) {
- ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r,
- "could not setaside bucket for SSL buffer");
- return HTTP_INTERNAL_SERVER_ERROR;
- }
-
- APR_BUCKET_REMOVE(e);
- APR_BRIGADE_INSERT_TAIL(ctx->bb, e);
- }
-
- ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
- "total of %" APR_OFF_T_FMT " bytes in buffer, eos=%d",
- total, eos);
-
- /* Fail if this exceeds the maximum buffer size. */
- if (total > SSL_MAX_IO_BUFFER) {
- ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
- "request body exceeds maximum size for SSL buffer");
- return HTTP_REQUEST_ENTITY_TOO_LARGE;
- }
-
- } while (!eos);
-
- apr_brigade_destroy(tempb);
-
- /* Insert the filter which will supply the buffered data. */
- ap_add_input_filter(ssl_io_buffer, ctx, r, c);
-
- return 0;
-}
-
-/* This input filter supplies the buffered request body to the caller
- * from the brigade stored in f->ctx. */
-static apr_status_t ssl_io_filter_buffer(ap_filter_t *f,
- apr_bucket_brigade *bb,
- ap_input_mode_t mode,
- apr_read_type_e block,
- apr_off_t bytes)
-{
- struct modssl_buffer_ctx *ctx = f->ctx;
- apr_status_t rv;
-
- ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, f->r,
- "read from buffered SSL brigade, mode %d, "
- "%" APR_OFF_T_FMT " bytes",
- mode, bytes);
-
- if (mode != AP_MODE_READBYTES && mode != AP_MODE_GETLINE) {
- return APR_ENOTIMPL;
- }
-
- if (mode == AP_MODE_READBYTES) {
- apr_bucket *e;
-
- /* Partition the buffered brigade. */
- rv = apr_brigade_partition(ctx->bb, bytes, &e);
- if (rv && rv != APR_INCOMPLETE) {
- ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, f->r,
- "could not partition buffered SSL brigade");
- ap_remove_input_filter(f);
- return rv;
- }
-
- /* If the buffered brigade contains less then the requested
- * length, just pass it all back. */
- if (rv == APR_INCOMPLETE) {
- APR_BRIGADE_CONCAT(bb, ctx->bb);
- } else {
- apr_bucket *d = APR_BRIGADE_FIRST(ctx->bb);
-
- e = APR_BUCKET_PREV(e);
-
- /* Unsplice the partitioned segment and move it into the
- * passed-in brigade; no convenient way to do this with
- * the APR_BRIGADE_* macros. */
- APR_RING_UNSPLICE(d, e, link);
- APR_RING_SPLICE_HEAD(&bb->list, d, e, apr_bucket, link);
-
- APR_BRIGADE_CHECK_CONSISTENCY(bb);
- APR_BRIGADE_CHECK_CONSISTENCY(ctx->bb);
- }
- }
- else {
- /* Split a line into the passed-in brigade. */
- rv = apr_brigade_split_line(bb, ctx->bb, mode, bytes);
-
- if (rv) {
- ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, f->r,
- "could not split line from buffered SSL brigade");
- ap_remove_input_filter(f);
- return rv;
- }
- }
-
- if (APR_BRIGADE_EMPTY(ctx->bb)) {
- apr_bucket *e = APR_BRIGADE_LAST(bb);
-
- /* Ensure that the brigade is terminated by an EOS if the
- * buffered request body has been entirely consumed. */
- if (e == APR_BRIGADE_SENTINEL(bb) || !APR_BUCKET_IS_EOS(e)) {
- e = apr_bucket_eos_create(f->c->bucket_alloc);
- APR_BRIGADE_INSERT_TAIL(bb, e);
- }
-
- ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, f->r,
- "buffered SSL brigade now exhausted; removing filter");
- ap_remove_input_filter(f);
- }
-
- return APR_SUCCESS;
-}
-
-static void ssl_io_input_add_filter(ssl_filter_ctx_t *filter_ctx, conn_rec *c,
- SSL *ssl)
-{
- bio_filter_in_ctx_t *inctx;
-
- inctx = apr_palloc(c->pool, sizeof(*inctx));
-
- filter_ctx->pInputFilter = ap_add_input_filter(ssl_io_filter, inctx, NULL, c);
-
- filter_ctx->pbioRead = BIO_new(&bio_filter_in_method);
- filter_ctx->pbioRead->ptr = (void *)inctx;
-
- inctx->ssl = ssl;
- inctx->bio_out = filter_ctx->pbioWrite;
- inctx->f = filter_ctx->pInputFilter;
- inctx->rc = APR_SUCCESS;
- inctx->mode = AP_MODE_READBYTES;
- inctx->cbuf.length = 0;
- inctx->bb = apr_brigade_create(c->pool, c->bucket_alloc);
- inctx->block = APR_BLOCK_READ;
- inctx->pool = c->pool;
- inctx->filter_ctx = filter_ctx;
-}
-
-void ssl_io_filter_init(conn_rec *c, SSL *ssl)
-{
- ssl_filter_ctx_t *filter_ctx;
-
- filter_ctx = apr_palloc(c->pool, sizeof(ssl_filter_ctx_t));
-
- filter_ctx->config = myConnConfig(c);
-
- filter_ctx->nobuffer = 0;
- filter_ctx->pOutputFilter = ap_add_output_filter(ssl_io_filter,
- filter_ctx, NULL, c);
-
- filter_ctx->pbioWrite = BIO_new(&bio_filter_out_method);
- filter_ctx->pbioWrite->ptr = (void *)bio_filter_out_ctx_new(filter_ctx, c);
-
- ssl_io_input_add_filter(filter_ctx, c, ssl);
-
- SSL_set_bio(ssl, filter_ctx->pbioRead, filter_ctx->pbioWrite);
- filter_ctx->pssl = ssl;
-
- apr_pool_cleanup_register(c->pool, (void*)filter_ctx,
- ssl_io_filter_cleanup, apr_pool_cleanup_null);
-
- if (c->base_server->loglevel >= APLOG_DEBUG) {
- BIO_set_callback(SSL_get_rbio(ssl), ssl_io_data_cb);
- BIO_set_callback_arg(SSL_get_rbio(ssl), (void *)ssl);
- }
-
- return;
-}
-
-void ssl_io_filter_register(apr_pool_t *p)
-{
- ap_register_input_filter (ssl_io_filter, ssl_io_filter_input, NULL, AP_FTYPE_CONNECTION + 5);
- ap_register_output_filter (ssl_io_filter, ssl_io_filter_output, NULL, AP_FTYPE_CONNECTION + 5);
-
- ap_register_input_filter (ssl_io_buffer, ssl_io_filter_buffer, NULL, AP_FTYPE_PROTOCOL - 1);
-
- return;
-}
-
-/* _________________________________________________________________
-**
-** I/O Data Debugging
-** _________________________________________________________________
-*/
-
-#define DUMP_WIDTH 16
-
-static void ssl_io_data_dump(server_rec *srvr,
- MODSSL_BIO_CB_ARG_TYPE *s,
- long len)
-{
- char buf[256];
- char tmp[64];
- int i, j, rows, trunc;
- unsigned char ch;
-
- trunc = 0;
- for(; (len > 0) && ((s[len-1] == ' ') || (s[len-1] == '\0')); len--)
- trunc++;
- rows = (len / DUMP_WIDTH);
- if ((rows * DUMP_WIDTH) < len)
- rows++;
- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, srvr,
- "+-------------------------------------------------------------------------+");
- for(i = 0 ; i< rows; i++) {
- apr_snprintf(tmp, sizeof(tmp), "| %04x: ", i * DUMP_WIDTH);
- apr_cpystrn(buf, tmp, sizeof(buf));
- for (j = 0; j < DUMP_WIDTH; j++) {
- if (((i * DUMP_WIDTH) + j) >= len)
- apr_cpystrn(buf+strlen(buf), " ", sizeof(buf)-strlen(buf));
- else {
- ch = ((unsigned char)*((char *)(s) + i * DUMP_WIDTH + j)) & 0xff;
- apr_snprintf(tmp, sizeof(tmp), "%02x%c", ch , j==7 ? '-' : ' ');
- apr_cpystrn(buf+strlen(buf), tmp, sizeof(buf)-strlen(buf));
- }
- }
- apr_cpystrn(buf+strlen(buf), " ", sizeof(buf)-strlen(buf));
- for (j = 0; j < DUMP_WIDTH; j++) {
- if (((i * DUMP_WIDTH) + j) >= len)
- apr_cpystrn(buf+strlen(buf), " ", sizeof(buf)-strlen(buf));
- else {
- ch = ((unsigned char)*((char *)(s) + i * DUMP_WIDTH + j)) & 0xff;
- apr_snprintf(tmp, sizeof(tmp), "%c", ((ch >= ' ') && (ch <= '~')) ? ch : '.');
- apr_cpystrn(buf+strlen(buf), tmp, sizeof(buf)-strlen(buf));
- }
- }
- apr_cpystrn(buf+strlen(buf), " |", sizeof(buf)-strlen(buf));
- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, srvr,
- "%s", buf);
- }
- if (trunc > 0)
- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, srvr,
- "| %04ld - <SPACES/NULS>", len + trunc);
- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, srvr,
- "+-------------------------------------------------------------------------+");
- return;
-}
-
-long ssl_io_data_cb(BIO *bio, int cmd,
- MODSSL_BIO_CB_ARG_TYPE *argp,
- int argi, long argl, long rc)
-{
- SSL *ssl;
- conn_rec *c;
- server_rec *s;
-
- if ((ssl = (SSL *)BIO_get_callback_arg(bio)) == NULL)
- return rc;
- if ((c = (conn_rec *)SSL_get_app_data(ssl)) == NULL)
- return rc;
- s = c->base_server;
-
- if ( cmd == (BIO_CB_WRITE|BIO_CB_RETURN)
- || cmd == (BIO_CB_READ |BIO_CB_RETURN) ) {
- if (rc >= 0) {
- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
- "%s: %s %ld/%d bytes %s BIO#%pp [mem: %pp] %s",
- SSL_LIBRARY_NAME,
- (cmd == (BIO_CB_WRITE|BIO_CB_RETURN) ? "write" : "read"),
- rc, argi, (cmd == (BIO_CB_WRITE|BIO_CB_RETURN) ? "to" : "from"),
- bio, argp,
- (argp != NULL ? "(BIO dump follows)" : "(Oops, no memory buffer?)"));
- if (argp != NULL)
- ssl_io_data_dump(s, argp, rc);
- }
- else {
- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
- "%s: I/O error, %d bytes expected to %s on BIO#%pp [mem: %pp]",
- SSL_LIBRARY_NAME, argi,
- (cmd == (BIO_CB_WRITE|BIO_CB_RETURN) ? "write" : "read"),
- bio, argp);
- }
- }
- return rc;
-}
diff --git a/rubbos/app/httpd-2.0.64/modules/ssl/ssl_engine_kernel.c b/rubbos/app/httpd-2.0.64/modules/ssl/ssl_engine_kernel.c
deleted file mode 100644
index 60133f7c..00000000
--- a/rubbos/app/httpd-2.0.64/modules/ssl/ssl_engine_kernel.c
+++ /dev/null
@@ -1,1876 +0,0 @@
-/* Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-/* _ _
- * _ __ ___ ___ __| | ___ ___| | mod_ssl
- * | '_ ` _ \ / _ \ / _` | / __/ __| | Apache Interface to OpenSSL
- * | | | | | | (_) | (_| | \__ \__ \ |
- * |_| |_| |_|\___/ \__,_|___|___/___/_|
- * |_____|
- * ssl_engine_kernel.c
- * The SSL engine kernel
- */
- /* ``It took me fifteen years to discover
- I had no talent for programming, but
- I couldn't give it up because by that
- time I was too famous.''
- -- Unknown */
-#include "mod_ssl.h"
-
-static void ssl_configure_env(request_rec *r, SSLConnRec *sslconn);
-
-/* Perform a speculative (and non-blocking) read from the connection
- * filters for the given request, to determine whether there is any
- * pending data to read. Return non-zero if there is, else zero. */
-static int has_buffered_data(request_rec *r)
-{
- apr_bucket_brigade *bb;
- apr_off_t len;
- apr_status_t rv;
- int result;
-
- bb = apr_brigade_create(r->pool, r->connection->bucket_alloc);
-
- rv = ap_get_brigade(r->connection->input_filters, bb, AP_MODE_SPECULATIVE,
- APR_NONBLOCK_READ, 1);
- result = rv == APR_SUCCESS
- && apr_brigade_length(bb, 1, &len) == APR_SUCCESS
- && len > 0;
-
- apr_brigade_destroy(bb);
-
- return result;
-}
-
-/*
- * Post Read Request Handler
- */
-int ssl_hook_ReadReq(request_rec *r)
-{
- SSLConnRec *sslconn = myConnConfig(r->connection);
- SSL *ssl;
-
- if (!sslconn) {
- return DECLINED;
- }
-
- if (sslconn->non_ssl_request) {
- const char *errmsg;
- char *thisurl;
- char *thisport = "";
- int port = ap_get_server_port(r);
-
- if (!ap_is_default_port(port, r)) {
- thisport = apr_psprintf(r->pool, ":%u", port);
- }
-
- thisurl = ap_escape_html(r->pool,
- apr_psprintf(r->pool, "https://%s%s/",
- ap_get_server_name(r),
- thisport));
-
- errmsg = apr_psprintf(r->pool,
- "Reason: You're speaking plain HTTP "
- "to an SSL-enabled server port.<br />\n"
- "Instead use the HTTPS scheme to access "
- "this URL, please.<br />\n"
- "<blockquote>Hint: "
- "<a href=\"%s\"><b>%s</b></a></blockquote>",
- thisurl, thisurl);
-
- apr_table_setn(r->notes, "error-notes", errmsg);
-
- /* Now that we have caught this error, forget it. we are done
- * with using SSL on this request.
- */
- sslconn->non_ssl_request = 0;
-
-
- return HTTP_BAD_REQUEST;
- }
-
- /*
- * Get the SSL connection structure and perform the
- * delayed interlinking from SSL back to request_rec
- */
- ssl = sslconn->ssl;
- if (!ssl) {
- return DECLINED;
- }
- SSL_set_app_data2(ssl, r);
-
- /*
- * Log information about incoming HTTPS requests
- */
- if (r->server->loglevel >= APLOG_INFO && ap_is_initial_req(r)) {
- ap_log_error(APLOG_MARK, APLOG_INFO, 0, r->server,
- "%s HTTPS request received for child %ld (server %s)",
- (r->connection->keepalives <= 0 ?
- "Initial (No.1)" :
- apr_psprintf(r->pool, "Subsequent (No.%d)",
- r->connection->keepalives+1)),
- r->connection->id,
- ssl_util_vhostid(r->pool, r->server));
- }
-
- /* SetEnvIf ssl-*-shutdown flags can only be per-server,
- * so they won't change across keepalive requests
- */
- if (sslconn->shutdown_type == SSL_SHUTDOWN_TYPE_UNSET) {
- ssl_configure_env(r, sslconn);
- }
-
- return DECLINED;
-}
-
-/*
- * Move SetEnvIf information from request_rec to conn_rec/BUFF
- * to allow the close connection handler to use them.
- */
-
-static void ssl_configure_env(request_rec *r, SSLConnRec *sslconn)
-{
- int i;
- const apr_array_header_t *arr = apr_table_elts(r->subprocess_env);
- const apr_table_entry_t *elts = (const apr_table_entry_t *)arr->elts;
-
- sslconn->shutdown_type = SSL_SHUTDOWN_TYPE_STANDARD;
-
- for (i = 0; i < arr->nelts; i++) {
- const char *key = elts[i].key;
-
- switch (*key) {
- case 's':
- /* being case-sensitive here.
- * and not checking for the -shutdown since these are the only
- * SetEnvIf "flags" we support
- */
- if (!strncmp(key+1, "sl-", 3)) {
- key += 4;
- if (!strncmp(key, "unclean", 7)) {
- sslconn->shutdown_type = SSL_SHUTDOWN_TYPE_UNCLEAN;
- }
- else if (!strncmp(key, "accurate", 8)) {
- sslconn->shutdown_type = SSL_SHUTDOWN_TYPE_ACCURATE;
- }
- return; /* should only ever be one ssl-*-shutdown */
- }
- break;
- }
- }
-}
-
-/*
- * Access Handler
- */
-int ssl_hook_Access(request_rec *r)
-{
- SSLDirConfigRec *dc = myDirConfig(r);
- SSLSrvConfigRec *sc = mySrvConfig(r->server);
- SSLConnRec *sslconn = myConnConfig(r->connection);
- SSL *ssl = sslconn ? sslconn->ssl : NULL;
- SSL_CTX *ctx = NULL;
- apr_array_header_t *requires;
- ssl_require_t *ssl_requires;
- char *cp;
- int ok, i;
- BOOL renegotiate = FALSE, renegotiate_quick = FALSE;
- X509 *cert;
- X509 *peercert;
- X509_STORE *cert_store = NULL;
- X509_STORE_CTX cert_store_ctx;
- STACK_OF(SSL_CIPHER) *cipher_list_old = NULL, *cipher_list = NULL;
- SSL_CIPHER *cipher = NULL;
- int depth, verify_old, verify, n;
-
- if (ssl) {
- ctx = SSL_get_SSL_CTX(ssl);
- }
-
- /*
- * Support for SSLRequireSSL directive
- */
- if (dc->bSSLRequired && !ssl) {
- ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
- "access to %s failed, reason: %s",
- r->filename, "SSL connection required");
-
- /* remember forbidden access for strict require option */
- apr_table_setn(r->notes, "ssl-access-forbidden", "1");
-
- return HTTP_FORBIDDEN;
- }
-
- /*
- * Check to see whether SSL is in use; if it's not, then no
- * further access control checks are relevant. (the test for
- * sc->enabled is probably strictly unnecessary)
- */
- if (!sc->enabled || !ssl) {
- return DECLINED;
- }
-
- /*
- * Support for per-directory reconfigured SSL connection parameters.
- *
- * This is implemented by forcing an SSL renegotiation with the
- * reconfigured parameter suite. But Apache's internal API processing
- * makes our life very hard here, because when internal sub-requests occur
- * we nevertheless should avoid multiple unnecessary SSL handshakes (they
- * require extra network I/O and especially time to perform).
- *
- * But the optimization for filtering out the unnecessary handshakes isn't
- * obvious and trivial. Especially because while Apache is in its
- * sub-request processing the client could force additional handshakes,
- * too. And these take place perhaps without our notice. So the only
- * possibility is to explicitly _ask_ OpenSSL whether the renegotiation
- * has to be performed or not. It has to performed when some parameters
- * which were previously known (by us) are not those we've now
- * reconfigured (as known by OpenSSL) or (in optimized way) at least when
- * the reconfigured parameter suite is stronger (more restrictions) than
- * the currently active one.
- */
-
- /*
- * Override of SSLCipherSuite
- *
- * We provide two options here:
- *
- * o The paranoid and default approach where we force a renegotiation when
- * the cipher suite changed in _any_ way (which is straight-forward but
- * often forces renegotiations too often and is perhaps not what the
- * user actually wanted).
- *
- * o The optimized and still secure way where we force a renegotiation
- * only if the currently active cipher is no longer contained in the
- * reconfigured/new cipher suite. Any other changes are not important
- * because it's the servers choice to select a cipher from the ones the
- * client supports. So as long as the current cipher is still in the new
- * cipher suite we're happy. Because we can assume we would have
- * selected it again even when other (better) ciphers exists now in the
- * new cipher suite. This approach is fine because the user explicitly
- * has to enable this via ``SSLOptions +OptRenegotiate''. So we do no
- * implicit optimizations.
- */
- if (dc->szCipherSuite) {
- /* remember old state */
-
- if (dc->nOptions & SSL_OPT_OPTRENEGOTIATE) {
- cipher = SSL_get_current_cipher(ssl);
- }
- else {
- cipher_list_old = (STACK_OF(SSL_CIPHER) *)SSL_get_ciphers(ssl);
-
- if (cipher_list_old) {
- cipher_list_old = sk_SSL_CIPHER_dup(cipher_list_old);
- }
- }
-
- /* configure new state */
- if (!modssl_set_cipher_list(ssl, dc->szCipherSuite)) {
- ap_log_error(APLOG_MARK, APLOG_WARNING, 0,
- r->server,
- "Unable to reconfigure (per-directory) "
- "permitted SSL ciphers");
- ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, r->server);
-
- if (cipher_list_old) {
- sk_SSL_CIPHER_free(cipher_list_old);
- }
-
- return HTTP_FORBIDDEN;
- }
-
- /* determine whether a renegotiation has to be forced */
- cipher_list = (STACK_OF(SSL_CIPHER) *)SSL_get_ciphers(ssl);
-
- if (dc->nOptions & SSL_OPT_OPTRENEGOTIATE) {
- /* optimized way */
- if ((!cipher && cipher_list) ||
- (cipher && !cipher_list))
- {
- renegotiate = TRUE;
- }
- else if (cipher && cipher_list &&
- (sk_SSL_CIPHER_find(cipher_list, cipher) < 0))
- {
- renegotiate = TRUE;
- }
- }
- else {
- /* paranoid way */
- if ((!cipher_list_old && cipher_list) ||
- (cipher_list_old && !cipher_list))
- {
- renegotiate = TRUE;
- }
- else if (cipher_list_old && cipher_list) {
- for (n = 0;
- !renegotiate && (n < sk_SSL_CIPHER_num(cipher_list));
- n++)
- {
- SSL_CIPHER *value = sk_SSL_CIPHER_value(cipher_list, n);
-
- if (sk_SSL_CIPHER_find(cipher_list_old, value) < 0) {
- renegotiate = TRUE;
- }
- }
-
- for (n = 0;
- !renegotiate && (n < sk_SSL_CIPHER_num(cipher_list_old));
- n++)
- {
- SSL_CIPHER *value = sk_SSL_CIPHER_value(cipher_list_old, n);
-
- if (sk_SSL_CIPHER_find(cipher_list, value) < 0) {
- renegotiate = TRUE;
- }
- }
- }
- }
-
- /* cleanup */
- if (cipher_list_old) {
- sk_SSL_CIPHER_free(cipher_list_old);
- }
-
- /* tracing */
- if (renegotiate) {
- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
- "Reconfigured cipher suite will force renegotiation");
- }
- }
-
- /*
- * override of SSLVerifyDepth
- *
- * The depth checks are handled by us manually inside the verify callback
- * function and not by OpenSSL internally (and our function is aware of
- * both the per-server and per-directory contexts). So we cannot ask
- * OpenSSL about the currently verify depth. Instead we remember it in our
- * ap_ctx attached to the SSL* of OpenSSL. We've to force the
- * renegotiation if the reconfigured/new verify depth is less than the
- * currently active/remembered verify depth (because this means more
- * restriction on the certificate chain).
- */
- if (dc->nVerifyDepth != UNSET) {
- /* XXX: doesnt look like sslconn->verify_depth is actually used */
- if (!(n = sslconn->verify_depth)) {
- sslconn->verify_depth = n = sc->server->auth.verify_depth;
- }
-
- /* determine whether a renegotiation has to be forced */
- if (dc->nVerifyDepth < n) {
- renegotiate = TRUE;
- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
- "Reduced client verification depth will force "
- "renegotiation");
- }
- }
-
- /*
- * override of SSLVerifyClient
- *
- * We force a renegotiation if the reconfigured/new verify type is
- * stronger than the currently active verify type.
- *
- * The order is: none << optional_no_ca << optional << require
- *
- * Additionally the following optimization is possible here: When the
- * currently active verify type is "none" but a client certificate is
- * already known/present, it's enough to manually force a client
- * verification but at least skip the I/O-intensive renegotation
- * handshake.
- */
- if (dc->nVerifyClient != SSL_CVERIFY_UNSET) {
- /* remember old state */
- verify_old = SSL_get_verify_mode(ssl);
- /* configure new state */
- verify = SSL_VERIFY_NONE;
-
- if (dc->nVerifyClient == SSL_CVERIFY_REQUIRE) {
- verify |= SSL_VERIFY_PEER_STRICT;
- }
-
- if ((dc->nVerifyClient == SSL_CVERIFY_OPTIONAL) ||
- (dc->nVerifyClient == SSL_CVERIFY_OPTIONAL_NO_CA))
- {
- verify |= SSL_VERIFY_PEER;
- }
-
- modssl_set_verify(ssl, verify, ssl_callback_SSLVerify);
- SSL_set_verify_result(ssl, X509_V_OK);
-
- /* determine whether we've to force a renegotiation */
- if (!renegotiate && verify != verify_old) {
- if (((verify_old == SSL_VERIFY_NONE) &&
- (verify != SSL_VERIFY_NONE)) ||
-
- (!(verify_old & SSL_VERIFY_PEER) &&
- (verify & SSL_VERIFY_PEER)) ||
-
- (!(verify_old & SSL_VERIFY_FAIL_IF_NO_PEER_CERT) &&
- (verify & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)))
- {
- renegotiate = TRUE;
- /* optimization */
-
- if ((dc->nOptions & SSL_OPT_OPTRENEGOTIATE) &&
- (verify_old == SSL_VERIFY_NONE) &&
- ((peercert = SSL_get_peer_certificate(ssl)) != NULL))
- {
- renegotiate_quick = TRUE;
- X509_free(peercert);
- }
-
- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0,
- r->server,
- "Changed client verification type will force "
- "%srenegotiation",
- renegotiate_quick ? "quick " : "");
- }
- }
- }
-
- /*
- * override SSLCACertificateFile & SSLCACertificatePath
- * This is only enabled if the SSL_set_cert_store() function
- * is available in the ssl library. the 1.x based mod_ssl
- * used SSL_CTX_set_cert_store which is not thread safe.
- */
-
-#ifdef HAVE_SSL_SET_CERT_STORE
- /*
- * check if per-dir and per-server config field are not the same.
- * if f is defined in per-dir and not defined in per-server
- * or f is defined in both but not the equal ...
- */
-#define MODSSL_CFG_NE(f) \
- (dc->f && (!sc->f || (sc->f && strNE(dc->f, sc->f))))
-
-#define MODSSL_CFG_CA(f) \
- (dc->f ? dc->f : sc->f)
-
- if (MODSSL_CFG_NE(szCACertificateFile) ||
- MODSSL_CFG_NE(szCACertificatePath))
- {
- STACK_OF(X509_NAME) *ca_list;
- const char *ca_file = MODSSL_CFG_CA(szCACertificateFile);
- const char *ca_path = MODSSL_CFG_CA(szCACertificatePath);
-
- cert_store = X509_STORE_new();
-
- if (!X509_STORE_load_locations(cert_store, ca_file, ca_path)) {
- ap_log_error(APLOG_MARK, APLOG_ERR, 0, r->server,
- "Unable to reconfigure verify locations "
- "for client authentication");
- ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, r->server);
-
- X509_STORE_free(cert_store);
-
- return HTTP_FORBIDDEN;
- }
-
- /* SSL_free will free cert_store */
- SSL_set_cert_store(ssl, cert_store);
-
- if (!(ca_list = ssl_init_FindCAList(r->server, r->pool,
- ca_file, ca_path)))
- {
- ap_log_error(APLOG_MARK, APLOG_ERR, 0, r->server,
- "Unable to determine list of available "
- "CA certificates for client authentication");
-
- return HTTP_FORBIDDEN;
- }
-
- SSL_set_client_CA_list(ssl, ca_list);
- renegotiate = TRUE;
-
- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
- "Changed client verification locations will force "
- "renegotiation");
- }
-#endif /* HAVE_SSL_SET_CERT_STORE */
-
- /* If a renegotiation is now required for this location, and the
- * request includes a message body (and the client has not
- * requested a "100 Continue" response), then the client will be
- * streaming the request body over the wire already. In that
- * case, it is not possible to stop and perform a new SSL
- * handshake immediately; once the SSL library moves to the
- * "accept" state, it will reject the SSL packets which the client
- * is sending for the request body.
- *
- * To allow authentication to complete in this auth hook, the
- * solution used here is to fill a (bounded) buffer with the
- * request body, and then to reinject that request body later.
- */
- if (renegotiate && !renegotiate_quick
- && (apr_table_get(r->headers_in, "transfer-encoding")
- || (apr_table_get(r->headers_in, "content-length")
- && strcmp(apr_table_get(r->headers_in, "content-length"), "0")))
- && !r->expecting_100) {
- int rv;
-
- /* Fill the I/O buffer with the request body if possible. */
- rv = ssl_io_buffer_fill(r);
-
- if (rv) {
- ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
- "could not buffer message body to allow "
- "SSL renegotiation to proceed");
- return rv;
- }
- }
-
- /*
- * now do the renegotiation if anything was actually reconfigured
- */
- if (renegotiate) {
- /*
- * Now we force the SSL renegotation by sending the Hello Request
- * message to the client. Here we have to do a workaround: Actually
- * OpenSSL returns immediately after sending the Hello Request (the
- * intent AFAIK is because the SSL/TLS protocol says it's not a must
- * that the client replies to a Hello Request). But because we insist
- * on a reply (anything else is an error for us) we have to go to the
- * ACCEPT state manually. Using SSL_set_accept_state() doesn't work
- * here because it resets too much of the connection. So we set the
- * state explicitly and continue the handshake manually.
- */
- ap_log_error(APLOG_MARK, APLOG_INFO, 0, r->server,
- "Requesting connection re-negotiation");
-
- if (renegotiate_quick) {
- STACK_OF(X509) *cert_stack;
-
- /* perform just a manual re-verification of the peer */
- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
- "Performing quick renegotiation: "
- "just re-verifying the peer");
-
- cert_stack = (STACK_OF(X509) *)SSL_get_peer_cert_chain(ssl);
-
- cert = SSL_get_peer_certificate(ssl);
-
- if (!cert_stack && cert) {
- /* client cert is in the session cache, but there is
- * no chain, since ssl3_get_client_certificate()
- * sk_X509_shift-ed the peer cert out of the chain.
- * we put it back here for the purpose of quick_renegotiation.
- */
- cert_stack = sk_new_null();
- sk_X509_push(cert_stack, MODSSL_PCHAR_CAST cert);
- }
-
- if (!cert_stack || (sk_X509_num(cert_stack) == 0)) {
- ap_log_error(APLOG_MARK, APLOG_ERR, 0, r->server,
- "Cannot find peer certificate chain");
-
- return HTTP_FORBIDDEN;
- }
-
- if (!(cert_store ||
- (cert_store = SSL_CTX_get_cert_store(ctx))))
- {
- ap_log_error(APLOG_MARK, APLOG_ERR, 0, r->server,
- "Cannot find certificate storage");
-
- return HTTP_FORBIDDEN;
- }
-
- if (!cert) {
- cert = sk_X509_value(cert_stack, 0);
- }
-
- X509_STORE_CTX_init(&cert_store_ctx, cert_store, cert, cert_stack);
- depth = SSL_get_verify_depth(ssl);
-
- if (depth >= 0) {
- X509_STORE_CTX_set_depth(&cert_store_ctx, depth);
- }
-
- X509_STORE_CTX_set_ex_data(&cert_store_ctx,
- SSL_get_ex_data_X509_STORE_CTX_idx(),
- (char *)ssl);
-
- if (!modssl_X509_verify_cert(&cert_store_ctx)) {
- ap_log_error(APLOG_MARK, APLOG_ERR, 0, r->server,
- "Re-negotiation verification step failed");
- ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, r->server);
- }
-
- SSL_set_verify_result(ssl, cert_store_ctx.error);
- X509_STORE_CTX_cleanup(&cert_store_ctx);
-
- if (cert_stack != SSL_get_peer_cert_chain(ssl)) {
- /* we created this ourselves, so free it */
- sk_X509_pop_free(cert_stack, X509_free);
- }
- }
- else {
- request_rec *id = r->main ? r->main : r;
-
- /* Additional mitigation for CVE-2009-3555: At this point,
- * before renegotiating, an (entire) request has been read
- * from the connection. An attacker may have sent further
- * data to "prefix" any subsequent request by the victim's
- * client after the renegotiation; this data may already
- * have been read and buffered. Forcing a connection
- * closure after the response ensures such data will be
- * discarded. Legimately pipelined HTTP requests will be
- * retried anyway with this approach. */
- if (has_buffered_data(r)) {
- ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
- "insecure SSL re-negotiation required, but "
- "a pipelined request is present; keepalive "
- "disabled");
- r->connection->keepalive = AP_CONN_CLOSE;
- }
-
- /* Perform a full renegotiation. */
- ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
- "Performing full renegotiation: complete handshake "
- "protocol (%s support secure renegotiation)",
-#if defined(SSL_get_secure_renegotiation_support)
- SSL_get_secure_renegotiation_support(ssl) ?
- "client does" : "client does not"
-#else
- "server does not"
-#endif
- );
-
- SSL_set_session_id_context(ssl,
- (unsigned char *)&id,
- sizeof(id));
-
- /* Toggle the renegotiation state to allow the new
- * handshake to proceed. */
- sslconn->reneg_state = RENEG_ALLOW;
-
- SSL_renegotiate(ssl);
- SSL_do_handshake(ssl);
-
- if (SSL_get_state(ssl) != SSL_ST_OK) {
- ap_log_error(APLOG_MARK, APLOG_ERR, 0, r->server,
- "Re-negotiation request failed");
- ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, r->server);
-
- r->connection->aborted = 1;
- return HTTP_FORBIDDEN;
- }
-
- ap_log_error(APLOG_MARK, APLOG_INFO, 0, r->server,
- "Awaiting re-negotiation handshake");
-
- SSL_set_state(ssl, SSL_ST_ACCEPT);
- SSL_do_handshake(ssl);
-
- sslconn->reneg_state = RENEG_REJECT;
-
- if (SSL_get_state(ssl) != SSL_ST_OK) {
- ap_log_error(APLOG_MARK, APLOG_ERR, 0, r->server,
- "Re-negotiation handshake failed: "
- "Not accepted by client!?");
-
- r->connection->aborted = 1;
- return HTTP_FORBIDDEN;
- }
- }
-
- /*
- * Remember the peer certificate's DN
- */
- if ((cert = SSL_get_peer_certificate(ssl))) {
- if (sslconn->client_cert) {
- X509_free(sslconn->client_cert);
- }
- sslconn->client_cert = cert;
- sslconn->client_dn = NULL;
- }
-
- /*
- * Finally check for acceptable renegotiation results
- */
- if (dc->nVerifyClient != SSL_CVERIFY_NONE) {
- BOOL do_verify = (dc->nVerifyClient == SSL_CVERIFY_REQUIRE);
-
- if (do_verify && (SSL_get_verify_result(ssl) != X509_V_OK)) {
- ap_log_error(APLOG_MARK, APLOG_ERR, 0, r->server,
- "Re-negotiation handshake failed: "
- "Client verification failed");
-
- return HTTP_FORBIDDEN;
- }
-
- if (do_verify) {
- if ((peercert = SSL_get_peer_certificate(ssl)) == NULL) {
- ap_log_error(APLOG_MARK, APLOG_ERR, 0, r->server,
- "Re-negotiation handshake failed: "
- "Client certificate missing");
-
- return HTTP_FORBIDDEN;
- }
-
- X509_free(peercert);
- }
- }
-
- /*
- * Also check that SSLCipherSuite has been enforced as expected.
- */
- if (cipher_list) {
- cipher = SSL_get_current_cipher(ssl);
- if (sk_SSL_CIPHER_find(cipher_list, cipher) < 0) {
- ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
- "SSL cipher suite not renegotiated: "
- "access to %s denied using cipher %s",
- r->filename,
- SSL_CIPHER_get_name(cipher));
- return HTTP_FORBIDDEN;
- }
- }
- }
-
- /* If we're trying to have the user name set from a client
- * certificate then we need to set it here. This should be safe as
- * the user name probably isn't important from an auth checking point
- * of view as the certificate supplied acts in that capacity.
- * However, if FakeAuth is being used then this isn't the case so
- * we need to postpone setting the username until later.
- */
- if ((dc->nOptions & SSL_OPT_FAKEBASICAUTH) == 0 && dc->szUserName) {
- char *val = ssl_var_lookup(r->pool, r->server, r->connection,
- r, (char *)dc->szUserName);
- if (val && val[0])
- r->user = val;
- }
-
- /*
- * Check SSLRequire boolean expressions
- */
- requires = dc->aRequirement;
- ssl_requires = (ssl_require_t *)requires->elts;
-
- for (i = 0; i < requires->nelts; i++) {
- ssl_require_t *req = &ssl_requires[i];
- ok = ssl_expr_exec(r, req->mpExpr);
-
- if (ok < 0) {
- cp = apr_psprintf(r->pool,
- "Failed to execute "
- "SSL requirement expression: %s",
- ssl_expr_get_error());
-
- ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
- "access to %s failed, reason: %s",
- r->filename, cp);
-
- /* remember forbidden access for strict require option */
- apr_table_setn(r->notes, "ssl-access-forbidden", "1");
-
- return HTTP_FORBIDDEN;
- }
-
- if (ok != 1) {
- ap_log_error(APLOG_MARK, APLOG_INFO, 0, r->server,
- "Access to %s denied for %s "
- "(requirement expression not fulfilled)",
- r->filename, r->connection->remote_ip);
-
- ap_log_error(APLOG_MARK, APLOG_INFO, 0, r->server,
- "Failed expression: %s", req->cpExpr);
-
- ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
- "access to %s failed, reason: %s",
- r->filename,
- "SSL requirement expression not fulfilled "
- "(see SSL logfile for more details)");
-
- /* remember forbidden access for strict require option */
- apr_table_setn(r->notes, "ssl-access-forbidden", "1");
-
- return HTTP_FORBIDDEN;
- }
- }
-
- /*
- * Else access is granted from our point of view (except vendor
- * handlers override). But we have to return DECLINED here instead
- * of OK, because mod_auth and other modules still might want to
- * deny access.
- */
-
- return DECLINED;
-}
-
-/*
- * Authentication Handler:
- * Fake a Basic authentication from the X509 client certificate.
- *
- * This must be run fairly early on to prevent a real authentication from
- * occuring, in particular it must be run before anything else that
- * authenticates a user. This means that the Module statement for this
- * module should be LAST in the Configuration file.
- */
-int ssl_hook_UserCheck(request_rec *r)
-{
- SSLConnRec *sslconn = myConnConfig(r->connection);
- SSLSrvConfigRec *sc = mySrvConfig(r->server);
- SSLDirConfigRec *dc = myDirConfig(r);
- char *clientdn;
- const char *auth_line, *username, *password;
-
- /*
- * Additionally forbid access (again)
- * when strict require option is used.
- */
- if ((dc->nOptions & SSL_OPT_STRICTREQUIRE) &&
- (apr_table_get(r->notes, "ssl-access-forbidden")))
- {
- return HTTP_FORBIDDEN;
- }
-
- /*
- * We decline when we are in a subrequest. The Authorization header
- * would already be present if it was added in the main request.
- */
- if (!ap_is_initial_req(r)) {
- return DECLINED;
- }
-
- /*
- * Make sure the user is not able to fake the client certificate
- * based authentication by just entering an X.509 Subject DN
- * ("/XX=YYY/XX=YYY/..") as the username and "password" as the
- * password.
- */
- if ((auth_line = apr_table_get(r->headers_in, "Authorization"))) {
- if (strcEQ(ap_getword(r->pool, &auth_line, ' '), "Basic")) {
- while ((*auth_line == ' ') || (*auth_line == '\t')) {
- auth_line++;
- }
-
- auth_line = ap_pbase64decode(r->pool, auth_line);
- username = ap_getword_nulls(r->pool, &auth_line, ':');
- password = auth_line;
-
- if ((username[0] == '/') && strEQ(password, "password")) {
- ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
- "Encountered FakeBasicAuth spoof: %s", username);
- return HTTP_FORBIDDEN;
- }
- }
- }
-
- /*
- * We decline operation in various situations...
- * - SSLOptions +FakeBasicAuth not configured
- * - r->user already authenticated
- * - ssl not enabled
- * - client did not present a certificate
- */
- if (!(sc->enabled && sslconn && sslconn->ssl && sslconn->client_cert) ||
- !(dc->nOptions & SSL_OPT_FAKEBASICAUTH) || r->user)
- {
- return DECLINED;
- }
-
- if (!sslconn->client_dn) {
- X509_NAME *name = X509_get_subject_name(sslconn->client_cert);
- char *cp = X509_NAME_oneline(name, NULL, 0);
- sslconn->client_dn = apr_pstrdup(r->connection->pool, cp);
- modssl_free(cp);
- }
-
- clientdn = (char *)sslconn->client_dn;
-
- /*
- * Fake a password - which one would be immaterial, as, it seems, an empty
- * password in the users file would match ALL incoming passwords, if only
- * we were using the standard crypt library routine. Unfortunately, OpenSSL
- * "fixes" a "bug" in crypt and thus prevents blank passwords from
- * working. (IMHO what they really fix is a bug in the users of the code
- * - failing to program correctly for shadow passwords). We need,
- * therefore, to provide a password. This password can be matched by
- * adding the string "xxj31ZMTZzkVA" as the password in the user file.
- * This is just the crypted variant of the word "password" ;-)
- */
- auth_line = apr_pstrcat(r->pool, "Basic ",
- ap_pbase64encode(r->pool,
- apr_pstrcat(r->pool, clientdn,
- ":password", NULL)),
- NULL);
- apr_table_set(r->headers_in, "Authorization", auth_line);
-
- ap_log_error(APLOG_MARK, APLOG_INFO, 0, r->server,
- "Faking HTTP Basic Auth header: \"Authorization: %s\"",
- auth_line);
-
- return DECLINED;
-}
-
-/* authorization phase */
-int ssl_hook_Auth(request_rec *r)
-{
- SSLDirConfigRec *dc = myDirConfig(r);
-
- /*
- * Additionally forbid access (again)
- * when strict require option is used.
- */
- if ((dc->nOptions & SSL_OPT_STRICTREQUIRE) &&
- (apr_table_get(r->notes, "ssl-access-forbidden")))
- {
- return HTTP_FORBIDDEN;
- }
-
- return DECLINED;
-}
-
-/*
- * Fixup Handler
- */
-
-static const char *ssl_hook_Fixup_vars[] = {
- "SSL_VERSION_INTERFACE",
- "SSL_VERSION_LIBRARY",
- "SSL_PROTOCOL",
- "SSL_SECURE_RENEG",
- "SSL_CIPHER",
- "SSL_CIPHER_EXPORT",
- "SSL_CIPHER_USEKEYSIZE",
- "SSL_CIPHER_ALGKEYSIZE",
- "SSL_CLIENT_VERIFY",
- "SSL_CLIENT_M_VERSION",
- "SSL_CLIENT_M_SERIAL",
- "SSL_CLIENT_V_START",
- "SSL_CLIENT_V_END",
- "SSL_CLIENT_S_DN",
- "SSL_CLIENT_S_DN_C",
- "SSL_CLIENT_S_DN_ST",
- "SSL_CLIENT_S_DN_L",
- "SSL_CLIENT_S_DN_O",
- "SSL_CLIENT_S_DN_OU",
- "SSL_CLIENT_S_DN_CN",
- "SSL_CLIENT_S_DN_T",
- "SSL_CLIENT_S_DN_I",
- "SSL_CLIENT_S_DN_G",
- "SSL_CLIENT_S_DN_S",
- "SSL_CLIENT_S_DN_D",
- "SSL_CLIENT_S_DN_UID",
- "SSL_CLIENT_S_DN_Email",
- "SSL_CLIENT_I_DN",
- "SSL_CLIENT_I_DN_C",
- "SSL_CLIENT_I_DN_ST",
- "SSL_CLIENT_I_DN_L",
- "SSL_CLIENT_I_DN_O",
- "SSL_CLIENT_I_DN_OU",
- "SSL_CLIENT_I_DN_CN",
- "SSL_CLIENT_I_DN_T",
- "SSL_CLIENT_I_DN_I",
- "SSL_CLIENT_I_DN_G",
- "SSL_CLIENT_I_DN_S",
- "SSL_CLIENT_I_DN_D",
- "SSL_CLIENT_I_DN_UID",
- "SSL_CLIENT_I_DN_Email",
- "SSL_CLIENT_A_KEY",
- "SSL_CLIENT_A_SIG",
- "SSL_SERVER_M_VERSION",
- "SSL_SERVER_M_SERIAL",
- "SSL_SERVER_V_START",
- "SSL_SERVER_V_END",
- "SSL_SERVER_S_DN",
- "SSL_SERVER_S_DN_C",
- "SSL_SERVER_S_DN_ST",
- "SSL_SERVER_S_DN_L",
- "SSL_SERVER_S_DN_O",
- "SSL_SERVER_S_DN_OU",
- "SSL_SERVER_S_DN_CN",
- "SSL_SERVER_S_DN_T",
- "SSL_SERVER_S_DN_I",
- "SSL_SERVER_S_DN_G",
- "SSL_SERVER_S_DN_S",
- "SSL_SERVER_S_DN_D",
- "SSL_SERVER_S_DN_UID",
- "SSL_SERVER_S_DN_Email",
- "SSL_SERVER_I_DN",
- "SSL_SERVER_I_DN_C",
- "SSL_SERVER_I_DN_ST",
- "SSL_SERVER_I_DN_L",
- "SSL_SERVER_I_DN_O",
- "SSL_SERVER_I_DN_OU",
- "SSL_SERVER_I_DN_CN",
- "SSL_SERVER_I_DN_T",
- "SSL_SERVER_I_DN_I",
- "SSL_SERVER_I_DN_G",
- "SSL_SERVER_I_DN_S",
- "SSL_SERVER_I_DN_D",
- "SSL_SERVER_I_DN_UID",
- "SSL_SERVER_I_DN_Email",
- "SSL_SERVER_A_KEY",
- "SSL_SERVER_A_SIG",
- "SSL_SESSION_ID",
- NULL
-};
-
-int ssl_hook_Fixup(request_rec *r)
-{
- SSLConnRec *sslconn = myConnConfig(r->connection);
- SSLSrvConfigRec *sc = mySrvConfig(r->server);
- SSLDirConfigRec *dc = myDirConfig(r);
- apr_table_t *env = r->subprocess_env;
- char *var, *val = "";
- STACK_OF(X509) *peer_certs;
- SSL *ssl;
- int i;
-
- /*
- * Check to see if SSL is on
- */
- if (!(sc->enabled && sslconn && (ssl = sslconn->ssl))) {
- return DECLINED;
- }
-
- /*
- * Annotate the SSI/CGI environment with standard SSL information
- */
- /* the always present HTTPS (=HTTP over SSL) flag! */
- apr_table_setn(env, "HTTPS", "on");
-
- /* standard SSL environment variables */
- if (dc->nOptions & SSL_OPT_STDENVVARS) {
- for (i = 0; ssl_hook_Fixup_vars[i]; i++) {
- var = (char *)ssl_hook_Fixup_vars[i];
- val = ssl_var_lookup(r->pool, r->server, r->connection, r, var);
- if (!strIsEmpty(val)) {
- apr_table_setn(env, var, val);
- }
- }
- }
-
- /*
- * On-demand bloat up the SSI/CGI environment with certificate data
- */
- if (dc->nOptions & SSL_OPT_EXPORTCERTDATA) {
- val = ssl_var_lookup(r->pool, r->server, r->connection,
- r, "SSL_SERVER_CERT");
-
- apr_table_setn(env, "SSL_SERVER_CERT", val);
-
- val = ssl_var_lookup(r->pool, r->server, r->connection,
- r, "SSL_CLIENT_CERT");
-
- apr_table_setn(env, "SSL_CLIENT_CERT", val);
-
- if ((peer_certs = (STACK_OF(X509) *)SSL_get_peer_cert_chain(ssl))) {
- for (i = 0; i < sk_X509_num(peer_certs); i++) {
- var = apr_psprintf(r->pool, "SSL_CLIENT_CERT_CHAIN_%d", i);
- val = ssl_var_lookup(r->pool, r->server, r->connection,
- r, var);
- if (val) {
- apr_table_setn(env, var, val);
- }
- }
- }
- }
-
-
-#ifdef SSL_get_secure_renegotiation_support
- apr_table_setn(r->notes, "ssl-secure-reneg",
- SSL_get_secure_renegotiation_support(ssl) ? "1" : "0");
-#endif
-
- return DECLINED;
-}
-
-/* _________________________________________________________________
-**
-** OpenSSL Callback Functions
-** _________________________________________________________________
-*/
-
-/*
- * Handle out temporary RSA private keys on demand
- *
- * The background of this as the TLSv1 standard explains it:
- *
- * | D.1. Temporary RSA keys
- * |
- * | US Export restrictions limit RSA keys used for encryption to 512
- * | bits, but do not place any limit on lengths of RSA keys used for
- * | signing operations. Certificates often need to be larger than 512
- * | bits, since 512-bit RSA keys are not secure enough for high-value
- * | transactions or for applications requiring long-term security. Some
- * | certificates are also designated signing-only, in which case they
- * | cannot be used for key exchange.
- * |
- * | When the public key in the certificate cannot be used for encryption,
- * | the server signs a temporary RSA key, which is then exchanged. In
- * | exportable applications, the temporary RSA key should be the maximum
- * | allowable length (i.e., 512 bits). Because 512-bit RSA keys are
- * | relatively insecure, they should be changed often. For typical
- * | electronic commerce applications, it is suggested that keys be
- * | changed daily or every 500 transactions, and more often if possible.
- * | Note that while it is acceptable to use the same temporary key for
- * | multiple transactions, it must be signed each time it is used.
- * |
- * | RSA key generation is a time-consuming process. In many cases, a
- * | low-priority process can be assigned the task of key generation.
- * | Whenever a new key is completed, the existing temporary key can be
- * | replaced with the new one.
- *
- * XXX: base on comment above, if thread support is enabled,
- * we should spawn a low-priority thread to generate new keys
- * on the fly.
- *
- * So we generated 512 and 1024 bit temporary keys on startup
- * which we now just hand out on demand....
- */
-
-RSA *ssl_callback_TmpRSA(SSL *ssl, int export, int keylen)
-{
- conn_rec *c = (conn_rec *)SSL_get_app_data(ssl);
- SSLModConfigRec *mc = myModConfig(c->base_server);
- int idx;
-
- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, c->base_server,
- "handing out temporary %d bit RSA key", keylen);
-
- /* doesn't matter if export flag is on,
- * we won't be asked for keylen > 512 in that case.
- * if we are asked for a keylen > 1024, it is too expensive
- * to generate on the fly.
- * XXX: any reason not to generate 2048 bit keys at startup?
- */
-
- switch (keylen) {
- case 512:
- idx = SSL_TMP_KEY_RSA_512;
- break;
-
- case 1024:
- default:
- idx = SSL_TMP_KEY_RSA_1024;
- }
-
- return (RSA *)mc->pTmpKeys[idx];
-}
-
-/*
- * Hand out the already generated DH parameters...
- */
-DH *ssl_callback_TmpDH(SSL *ssl, int export, int keylen)
-{
- conn_rec *c = (conn_rec *)SSL_get_app_data(ssl);
- SSLModConfigRec *mc = myModConfig(c->base_server);
- int idx;
-
- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, c->base_server,
- "handing out temporary %d bit DH key", keylen);
-
- switch (keylen) {
- case 512:
- idx = SSL_TMP_KEY_DH_512;
- break;
-
- case 1024:
- default:
- idx = SSL_TMP_KEY_DH_1024;
- }
-
- return (DH *)mc->pTmpKeys[idx];
-}
-
-/*
- * This OpenSSL callback function is called when OpenSSL
- * does client authentication and verifies the certificate chain.
- */
-int ssl_callback_SSLVerify(int ok, X509_STORE_CTX *ctx)
-{
- /* Get Apache context back through OpenSSL context */
- SSL *ssl = X509_STORE_CTX_get_ex_data(ctx,
- SSL_get_ex_data_X509_STORE_CTX_idx());
- conn_rec *conn = (conn_rec *)SSL_get_app_data(ssl);
- server_rec *s = conn->base_server;
- request_rec *r = (request_rec *)SSL_get_app_data2(ssl);
-
- SSLSrvConfigRec *sc = mySrvConfig(s);
- SSLDirConfigRec *dc = r ? myDirConfig(r) : NULL;
- SSLConnRec *sslconn = myConnConfig(conn);
- modssl_ctx_t *mctx = myCtxConfig(sslconn, sc);
-
- /* Get verify ingredients */
- int errnum = X509_STORE_CTX_get_error(ctx);
- int errdepth = X509_STORE_CTX_get_error_depth(ctx);
- int depth, verify;
-
- /*
- * Log verification information
- */
- if (s->loglevel >= APLOG_DEBUG) {
- X509 *cert = X509_STORE_CTX_get_current_cert(ctx);
- char *sname = X509_NAME_oneline(X509_get_subject_name(cert), NULL, 0);
- char *iname = X509_NAME_oneline(X509_get_issuer_name(cert), NULL, 0);
-
- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
- "Certificate Verification: "
- "depth: %d, subject: %s, issuer: %s",
- errdepth,
- sname ? sname : "-unknown-",
- iname ? iname : "-unknown-");
-
- if (sname) {
- modssl_free(sname);
- }
-
- if (iname) {
- modssl_free(iname);
- }
- }
-
- /*
- * Check for optionally acceptable non-verifiable issuer situation
- */
- if (dc && (dc->nVerifyClient != SSL_CVERIFY_UNSET)) {
- verify = dc->nVerifyClient;
- }
- else {
- verify = mctx->auth.verify_mode;
- }
-
- if (verify == SSL_CVERIFY_NONE) {
- /*
- * SSLProxyVerify is either not configured or set to "none".
- * (this callback doesn't happen in the server context if SSLVerify
- * is not configured or set to "none")
- */
- return TRUE;
- }
-
- if (ssl_verify_error_is_optional(errnum) &&
- (verify == SSL_CVERIFY_OPTIONAL_NO_CA))
- {
- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
- "Certificate Verification: Verifiable Issuer is "
- "configured as optional, therefore we're accepting "
- "the certificate");
-
- sslconn->verify_info = "GENEROUS";
- ok = TRUE;
- }
-
- /*
- * Additionally perform CRL-based revocation checks
- */
- if (ok) {
- if (!(ok = ssl_callback_SSLVerify_CRL(ok, ctx, conn))) {
- errnum = X509_STORE_CTX_get_error(ctx);
- }
- }
-
- /*
- * If we already know it's not ok, log the real reason
- */
- if (!ok) {
- ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
- "Certificate Verification: Error (%d): %s",
- errnum, X509_verify_cert_error_string(errnum));
-
- if (sslconn->client_cert) {
- X509_free(sslconn->client_cert);
- sslconn->client_cert = NULL;
- }
- sslconn->client_dn = NULL;
- sslconn->verify_error = X509_verify_cert_error_string(errnum);
- }
-
- /*
- * Finally check the depth of the certificate verification
- */
- if (dc && (dc->nVerifyDepth != UNSET)) {
- depth = dc->nVerifyDepth;
- }
- else {
- depth = mctx->auth.verify_depth;
- }
-
- if (errdepth > depth) {
- ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
- "Certificate Verification: Certificate Chain too long "
- "(chain has %d certificates, but maximum allowed are "
- "only %d)",
- errdepth, depth);
-
- errnum = X509_V_ERR_CERT_CHAIN_TOO_LONG;
- sslconn->verify_error = X509_verify_cert_error_string(errnum);
-
- ok = FALSE;
- }
-
- /*
- * And finally signal OpenSSL the (perhaps changed) state
- */
- return ok;
-}
-
-int ssl_callback_SSLVerify_CRL(int ok, X509_STORE_CTX *ctx, conn_rec *c)
-{
- server_rec *s = c->base_server;
- SSLSrvConfigRec *sc = mySrvConfig(s);
- SSLConnRec *sslconn = myConnConfig(c);
- modssl_ctx_t *mctx = myCtxConfig(sslconn, sc);
- X509_OBJECT obj;
- X509_NAME *subject, *issuer;
- X509 *cert;
- X509_CRL *crl;
- EVP_PKEY *pubkey;
- int i, n, rc;
-
- /*
- * Unless a revocation store for CRLs was created we
- * cannot do any CRL-based verification, of course.
- */
- if (!mctx->crl) {
- return ok;
- }
-
- /*
- * Determine certificate ingredients in advance
- */
- cert = X509_STORE_CTX_get_current_cert(ctx);
- subject = X509_get_subject_name(cert);
- issuer = X509_get_issuer_name(cert);
-
- /*
- * OpenSSL provides the general mechanism to deal with CRLs but does not
- * use them automatically when verifying certificates, so we do it
- * explicitly here. We will check the CRL for the currently checked
- * certificate, if there is such a CRL in the store.
- *
- * We come through this procedure for each certificate in the certificate
- * chain, starting with the root-CA's certificate. At each step we've to
- * both verify the signature on the CRL (to make sure it's a valid CRL)
- * and it's revocation list (to make sure the current certificate isn't
- * revoked). But because to check the signature on the CRL we need the
- * public key of the issuing CA certificate (which was already processed
- * one round before), we've a little problem. But we can both solve it and
- * at the same time optimize the processing by using the following
- * verification scheme (idea and code snippets borrowed from the GLOBUS
- * project):
- *
- * 1. We'll check the signature of a CRL in each step when we find a CRL
- * through the _subject_ name of the current certificate. This CRL
- * itself will be needed the first time in the next round, of course.
- * But we do the signature processing one round before this where the
- * public key of the CA is available.
- *
- * 2. We'll check the revocation list of a CRL in each step when
- * we find a CRL through the _issuer_ name of the current certificate.
- * This CRLs signature was then already verified one round before.
- *
- * This verification scheme allows a CA to revoke its own certificate as
- * well, of course.
- */
-
- /*
- * Try to retrieve a CRL corresponding to the _subject_ of
- * the current certificate in order to verify it's integrity.
- */
- memset((char *)&obj, 0, sizeof(obj));
- rc = SSL_X509_STORE_lookup(mctx->crl,
- X509_LU_CRL, subject, &obj);
- crl = obj.data.crl;
-
- if ((rc > 0) && crl) {
- /*
- * Log information about CRL
- * (A little bit complicated because of ASN.1 and BIOs...)
- */
- if (s->loglevel >= APLOG_DEBUG) {
- char buff[512]; /* should be plenty */
- BIO *bio = BIO_new(BIO_s_mem());
-
- BIO_printf(bio, "CA CRL: Issuer: ");
- X509_NAME_print(bio, issuer, 0);
-
- BIO_printf(bio, ", lastUpdate: ");
- ASN1_UTCTIME_print(bio, X509_CRL_get_lastUpdate(crl));
-
- BIO_printf(bio, ", nextUpdate: ");
- ASN1_UTCTIME_print(bio, X509_CRL_get_nextUpdate(crl));
-
- n = BIO_read(bio, buff, sizeof(buff) - 1);
- buff[n] = '\0';
-
- BIO_free(bio);
-
- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, buff);
- }
-
- /*
- * Verify the signature on this CRL
- */
- pubkey = X509_get_pubkey(cert);
- rc = X509_CRL_verify(crl, pubkey);
-#ifdef OPENSSL_VERSION_NUMBER
- /* Only refcounted in OpenSSL */
- if (pubkey)
- EVP_PKEY_free(pubkey);
-#endif
- if (rc <= 0) {
- ap_log_error(APLOG_MARK, APLOG_WARNING, 0, s,
- "Invalid signature on CRL");
-
- X509_STORE_CTX_set_error(ctx, X509_V_ERR_CRL_SIGNATURE_FAILURE);
- X509_OBJECT_free_contents(&obj);
- return FALSE;
- }
-
- /*
- * Check date of CRL to make sure it's not expired
- */
- i = X509_cmp_current_time(X509_CRL_get_nextUpdate(crl));
-
- if (i == 0) {
- ap_log_error(APLOG_MARK, APLOG_WARNING, 0, s,
- "Found CRL has invalid nextUpdate field");
-
- X509_STORE_CTX_set_error(ctx,
- X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD);
- X509_OBJECT_free_contents(&obj);
-
- return FALSE;
- }
-
- if (i < 0) {
- ap_log_error(APLOG_MARK, APLOG_WARNING, 0, s,
- "Found CRL is expired - "
- "revoking all certificates until you get updated CRL");
-
- X509_STORE_CTX_set_error(ctx, X509_V_ERR_CRL_HAS_EXPIRED);
- X509_OBJECT_free_contents(&obj);
-
- return FALSE;
- }
-
- X509_OBJECT_free_contents(&obj);
- }
-
- /*
- * Try to retrieve a CRL corresponding to the _issuer_ of
- * the current certificate in order to check for revocation.
- */
- memset((char *)&obj, 0, sizeof(obj));
- rc = SSL_X509_STORE_lookup(mctx->crl,
- X509_LU_CRL, issuer, &obj);
-
- crl = obj.data.crl;
- if ((rc > 0) && crl) {
- /*
- * Check if the current certificate is revoked by this CRL
- */
- n = sk_X509_REVOKED_num(X509_CRL_get_REVOKED(crl));
-
- for (i = 0; i < n; i++) {
- X509_REVOKED *revoked =
- sk_X509_REVOKED_value(X509_CRL_get_REVOKED(crl), i);
-
- ASN1_INTEGER *sn = X509_REVOKED_get_serialNumber(revoked);
-
- if (!ASN1_INTEGER_cmp(sn, X509_get_serialNumber(cert))) {
- if (s->loglevel >= APLOG_DEBUG) {
- char *cp = X509_NAME_oneline(issuer, NULL, 0);
- long serial = ASN1_INTEGER_get(sn);
-
- ap_log_error(APLOG_MARK, APLOG_INFO, 0, s,
- "Certificate with serial %ld (0x%lX) "
- "revoked per CRL from issuer %s",
- serial, serial, cp);
- modssl_free(cp);
- }
-
- X509_STORE_CTX_set_error(ctx, X509_V_ERR_CERT_REVOKED);
- X509_OBJECT_free_contents(&obj);
-
- return FALSE;
- }
- }
-
- X509_OBJECT_free_contents(&obj);
- }
-
- return ok;
-}
-
-#define SSLPROXY_CERT_CB_LOG_FMT \
- "Proxy client certificate callback: (%s) "
-
-static void modssl_proxy_info_log(server_rec *s,
- X509_INFO *info,
- const char *msg)
-{
- SSLSrvConfigRec *sc = mySrvConfig(s);
- char name_buf[256];
- X509_NAME *name;
- char *dn;
-
- if (s->loglevel < APLOG_DEBUG) {
- return;
- }
-
- name = X509_get_subject_name(info->x509);
- dn = X509_NAME_oneline(name, name_buf, sizeof(name_buf));
-
- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
- SSLPROXY_CERT_CB_LOG_FMT "%s, sending %s",
- sc->vhost_id, msg, dn ? dn : "-uknown-");
-}
-
-/*
- * caller will decrement the cert and key reference
- * so we need to increment here to prevent them from
- * being freed.
- */
-#define modssl_set_cert_info(info, cert, pkey) \
- *cert = info->x509; \
- X509_reference_inc(*cert); \
- *pkey = info->x_pkey->dec_pkey; \
- EVP_PKEY_reference_inc(*pkey)
-
-int ssl_callback_proxy_cert(SSL *ssl, MODSSL_CLIENT_CERT_CB_ARG_TYPE **x509, EVP_PKEY **pkey)
-{
- conn_rec *c = (conn_rec *)SSL_get_app_data(ssl);
- server_rec *s = c->base_server;
- SSLSrvConfigRec *sc = mySrvConfig(s);
- X509_NAME *ca_name, *issuer;
- X509_INFO *info;
- STACK_OF(X509_NAME) *ca_list;
- STACK_OF(X509_INFO) *certs = sc->proxy->pkp->certs;
- int i, j;
-
- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
- SSLPROXY_CERT_CB_LOG_FMT "entered",
- sc->vhost_id);
-
- if (!certs || (sk_X509_INFO_num(certs) <= 0)) {
- ap_log_error(APLOG_MARK, APLOG_WARNING, 0, s,
- SSLPROXY_CERT_CB_LOG_FMT
- "downstream server wanted client certificate "
- "but none are configured", sc->vhost_id);
- return FALSE;
- }
-
- ca_list = SSL_get_client_CA_list(ssl);
-
- if (!ca_list || (sk_X509_NAME_num(ca_list) <= 0)) {
- /*
- * downstream server didn't send us a list of acceptable CA certs,
- * so we send the first client cert in the list.
- */
- info = sk_X509_INFO_value(certs, 0);
-
- modssl_proxy_info_log(s, info, "no acceptable CA list");
-
- modssl_set_cert_info(info, x509, pkey);
-
- return TRUE;
- }
-
- for (i = 0; i < sk_X509_NAME_num(ca_list); i++) {
- ca_name = sk_X509_NAME_value(ca_list, i);
-
- for (j = 0; j < sk_X509_INFO_num(certs); j++) {
- info = sk_X509_INFO_value(certs, j);
- issuer = X509_get_issuer_name(info->x509);
-
- if (X509_NAME_cmp(issuer, ca_name) == 0) {
- modssl_proxy_info_log(s, info, "found acceptable cert");
-
- modssl_set_cert_info(info, x509, pkey);
-
- return TRUE;
- }
- }
- }
-
- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
- SSLPROXY_CERT_CB_LOG_FMT
- "no client certificate found!?", sc->vhost_id);
-
- return FALSE;
-}
-
-static void ssl_session_log(server_rec *s,
- const char *request,
- unsigned char *id,
- unsigned int idlen,
- const char *status,
- const char *result,
- long timeout)
-{
- char buf[SSL_SESSION_ID_STRING_LEN];
- char timeout_str[56] = {'\0'};
-
- if (s->loglevel < APLOG_DEBUG) {
- return;
- }
-
- if (timeout) {
- apr_snprintf(timeout_str, sizeof(timeout_str),
- "timeout=%lds ", (timeout - time(NULL)));
- }
-
- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
- "Inter-Process Session Cache: "
- "request=%s status=%s id=%s %s(session %s)",
- request, status,
- SSL_SESSION_id2sz(id, idlen, buf, sizeof(buf)),
- timeout_str, result);
-}
-
-/*
- * This callback function is executed by OpenSSL whenever a new SSL_SESSION is
- * added to the internal OpenSSL session cache. We use this hook to spread the
- * SSL_SESSION also to the inter-process disk-cache to make share it with our
- * other Apache pre-forked server processes.
- */
-int ssl_callback_NewSessionCacheEntry(SSL *ssl, SSL_SESSION *session)
-{
- /* Get Apache context back through OpenSSL context */
- conn_rec *conn = (conn_rec *)SSL_get_app_data(ssl);
- server_rec *s = conn->base_server;
- SSLSrvConfigRec *sc = mySrvConfig(s);
- long timeout = sc->session_cache_timeout;
- BOOL rc;
- unsigned char *id;
- unsigned int idlen;
-
- /*
- * Set the timeout also for the internal OpenSSL cache, because this way
- * our inter-process cache is consulted only when it's really necessary.
- */
- SSL_set_timeout(session, timeout);
-
- /*
- * Store the SSL_SESSION in the inter-process cache with the
- * same expire time, so it expires automatically there, too.
- */
- id = SSL_SESSION_get_session_id(session);
- idlen = SSL_SESSION_get_session_id_length(session);
-
- timeout += modssl_session_get_time(session);
-
- rc = ssl_scache_store(s, id, idlen, timeout, session);
-
- ssl_session_log(s, "SET", id, idlen,
- rc == TRUE ? "OK" : "BAD",
- "caching", timeout);
-
- /*
- * return 0 which means to OpenSSL that the session is still
- * valid and was not freed by us with SSL_SESSION_free().
- */
- return 0;
-}
-
-/*
- * This callback function is executed by OpenSSL whenever a
- * SSL_SESSION is looked up in the internal OpenSSL cache and it
- * was not found. We use this to lookup the SSL_SESSION in the
- * inter-process disk-cache where it was perhaps stored by one
- * of our other Apache pre-forked server processes.
- */
-SSL_SESSION *ssl_callback_GetSessionCacheEntry(SSL *ssl,
- unsigned char *id,
- int idlen, int *do_copy)
-{
- /* Get Apache context back through OpenSSL context */
- conn_rec *conn = (conn_rec *)SSL_get_app_data(ssl);
- server_rec *s = conn->base_server;
- SSL_SESSION *session;
-
- /*
- * Try to retrieve the SSL_SESSION from the inter-process cache
- */
- session = ssl_scache_retrieve(s, id, idlen);
-
- ssl_session_log(s, "GET", id, idlen,
- session ? "FOUND" : "MISSED",
- session ? "reuse" : "renewal", 0);
-
- /*
- * Return NULL or the retrieved SSL_SESSION. But indicate (by
- * setting do_copy to 0) that the reference count on the
- * SSL_SESSION should not be incremented by the SSL library,
- * because we will no longer hold a reference to it ourself.
- */
- *do_copy = 0;
-
- return session;
-}
-
-/*
- * This callback function is executed by OpenSSL whenever a
- * SSL_SESSION is removed from the the internal OpenSSL cache.
- * We use this to remove the SSL_SESSION in the inter-process
- * disk-cache, too.
- */
-void ssl_callback_DelSessionCacheEntry(SSL_CTX *ctx,
- SSL_SESSION *session)
-{
- server_rec *s;
- SSLSrvConfigRec *sc;
- unsigned char *id;
- unsigned int idlen;
-
- /*
- * Get Apache context back through OpenSSL context
- */
- if (!(s = (server_rec *)SSL_CTX_get_app_data(ctx))) {
- return; /* on server shutdown Apache is already gone */
- }
-
- sc = mySrvConfig(s);
-
- /*
- * Remove the SSL_SESSION from the inter-process cache
- */
- id = SSL_SESSION_get_session_id(session);
- idlen = SSL_SESSION_get_session_id_length(session);
-
- ssl_scache_remove(s, id, idlen);
-
- ssl_session_log(s, "REM", id, idlen,
- "OK", "dead", 0);
-
- return;
-}
-
-/* Dump debugginfo trace to the log file. */
-static void log_tracing_state(MODSSL_INFO_CB_ARG_TYPE ssl, conn_rec *c,
- server_rec *s, int where, int rc)
-{
- /*
- * create the various trace messages
- */
- if (where & SSL_CB_HANDSHAKE_START) {
- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
- "%s: Handshake: start", SSL_LIBRARY_NAME);
- }
- else if (where & SSL_CB_HANDSHAKE_DONE) {
- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
- "%s: Handshake: done", SSL_LIBRARY_NAME);
- }
- else if (where & SSL_CB_LOOP) {
- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
- "%s: Loop: %s",
- SSL_LIBRARY_NAME, SSL_state_string_long(ssl));
- }
- else if (where & SSL_CB_READ) {
- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
- "%s: Read: %s",
- SSL_LIBRARY_NAME, SSL_state_string_long(ssl));
- }
- else if (where & SSL_CB_WRITE) {
- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
- "%s: Write: %s",
- SSL_LIBRARY_NAME, SSL_state_string_long(ssl));
- }
- else if (where & SSL_CB_ALERT) {
- char *str = (where & SSL_CB_READ) ? "read" : "write";
- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
- "%s: Alert: %s:%s:%s",
- SSL_LIBRARY_NAME, str,
- SSL_alert_type_string_long(rc),
- SSL_alert_desc_string_long(rc));
- }
- else if (where & SSL_CB_EXIT) {
- if (rc == 0) {
- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
- "%s: Exit: failed in %s",
- SSL_LIBRARY_NAME, SSL_state_string_long(ssl));
- }
- else if (rc < 0) {
- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
- "%s: Exit: error in %s",
- SSL_LIBRARY_NAME, SSL_state_string_long(ssl));
- }
- }
-
- /*
- * Because SSL renegotations can happen at any time (not only after
- * SSL_accept()), the best way to log the current connection details is
- * right after a finished handshake.
- */
- if (where & SSL_CB_HANDSHAKE_DONE) {
- ap_log_error(APLOG_MARK, APLOG_INFO, 0, s,
- "Connection: Client IP: %s, Protocol: %s, "
- "Cipher: %s (%s/%s bits)",
- ssl_var_lookup(NULL, s, c, NULL, "REMOTE_ADDR"),
- ssl_var_lookup(NULL, s, c, NULL, "SSL_PROTOCOL"),
- ssl_var_lookup(NULL, s, c, NULL, "SSL_CIPHER"),
- ssl_var_lookup(NULL, s, c, NULL, "SSL_CIPHER_USEKEYSIZE"),
- ssl_var_lookup(NULL, s, c, NULL, "SSL_CIPHER_ALGKEYSIZE"));
- }
-}
-
-/*
- * This callback function is executed while OpenSSL processes the SSL
- * handshake and does SSL record layer stuff. It's used to trap
- * client-initiated renegotiations, and for dumping everything to the
- * log.
- */
-void ssl_callback_Info(MODSSL_INFO_CB_ARG_TYPE ssl, int where, int rc)
-{
- conn_rec *c;
- server_rec *s;
- SSLConnRec *scr;
-
- /* Retrieve the conn_rec and the associated SSLConnRec. */
- if ((c = (conn_rec *)SSL_get_app_data((SSL *)ssl)) == NULL) {
- return;
- }
-
- if ((scr = myConnConfig(c)) == NULL) {
- return;
- }
-
- /* If the reneg state is to reject renegotiations, check the SSL
- * state machine and move to ABORT if a Client Hello is being
- * read. */
- if ((where & SSL_CB_ACCEPT_LOOP) && scr->reneg_state == RENEG_REJECT) {
- int state = SSL_get_state((SSL *)ssl);
-
- if (state == SSL3_ST_SR_CLNT_HELLO_A
- || state == SSL23_ST_SR_CLNT_HELLO_A) {
- scr->reneg_state = RENEG_ABORT;
- ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, c,
- "rejecting client initiated renegotiation");
- }
- }
- /* If the first handshake is complete, change state to reject any
- * subsequent client-initated renegotiation. */
- else if ((where & SSL_CB_HANDSHAKE_DONE) && scr->reneg_state == RENEG_INIT) {
- scr->reneg_state = RENEG_REJECT;
- }
-
- s = c->base_server;
- if (s && s->loglevel >= APLOG_DEBUG) {
- log_tracing_state(ssl, c, s, where, rc);
- }
-}
diff --git a/rubbos/app/httpd-2.0.64/modules/ssl/ssl_engine_log.c b/rubbos/app/httpd-2.0.64/modules/ssl/ssl_engine_log.c
deleted file mode 100644
index 5ca1b6c0..00000000
--- a/rubbos/app/httpd-2.0.64/modules/ssl/ssl_engine_log.c
+++ /dev/null
@@ -1,101 +0,0 @@
-/* Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-/* _ _
- * _ __ ___ ___ __| | ___ ___| | mod_ssl
- * | '_ ` _ \ / _ \ / _` | / __/ __| | Apache Interface to OpenSSL
- * | | | | | | (_) | (_| | \__ \__ \ |
- * |_| |_| |_|\___/ \__,_|___|___/___/_|
- * |_____|
- * ssl_engine_log.c
- * Logging Facility
- */
- /* ``The difference between a computer
- industry job and open-source software
- hacking is about 30 hours a week.''
- -- Ralf S. Engelschall */
-#include "mod_ssl.h"
-
-/* _________________________________________________________________
-**
-** Logfile Support
-** _________________________________________________________________
-*/
-
-static const struct {
- const char *cpPattern;
- const char *cpAnnotation;
-} ssl_log_annotate[] = {
- { "*envelope*bad*decrypt*", "wrong pass phrase!?" },
- { "*CLIENT_HELLO*unknown*protocol*", "speaking not SSL to HTTPS port!?" },
- { "*CLIENT_HELLO*http*request*", "speaking HTTP to HTTPS port!?" },
- { "*SSL3_READ_BYTES:sslv3*alert*bad*certificate*", "Subject CN in certificate not server name or identical to CA!?" },
- { "*self signed certificate in certificate chain*", "Client certificate signed by CA not known to server?" },
- { "*peer did not return a certificate*", "No CAs known to server for verification?" },
- { "*no shared cipher*", "Too restrictive SSLCipherSuite or using DSA server certificate?" },
- { "*no start line*", "Bad file contents or format - or even just a forgotten SSLCertificateKeyFile?" },
- { "*bad password read*", "You entered an incorrect pass phrase!?" },
- { "*bad mac decode*", "Browser still remembered details of a re-created server certificate?" },
- { NULL, NULL }
-};
-
-static const char *ssl_log_annotation(const char *error)
-{
- int i = 0;
-
- while (ssl_log_annotate[i].cpPattern != NULL
- && ap_strcmp_match(error, ssl_log_annotate[i].cpPattern) != 0)
- i++;
-
- return ssl_log_annotate[i].cpAnnotation;
-}
-
-void ssl_die(void)
-{
- /*
- * This is used for fatal errors and here
- * it is common module practice to really
- * exit from the complete program.
- */
- exit(1);
-}
-
-/*
- * Prints the SSL library error information.
- */
-void ssl_log_ssl_error(const char *file, int line, int level, server_rec *s)
-{
- unsigned long e;
-
- while ((e = ERR_get_error())) {
- const char *annotation;
- char err[256];
-
- ERR_error_string_n(e, err, sizeof err);
- annotation = ssl_log_annotation(err);
-
- if (annotation) {
- ap_log_error(file, line, level, 0, s,
- "SSL Library Error: %lu %s %s",
- e, err, annotation);
- }
- else {
- ap_log_error(file, line, level, 0, s,
- "SSL Library Error: %lu %s",
- e, err);
- }
- }
-}
diff --git a/rubbos/app/httpd-2.0.64/modules/ssl/ssl_engine_mutex.c b/rubbos/app/httpd-2.0.64/modules/ssl/ssl_engine_mutex.c
deleted file mode 100644
index 1e65f4fe..00000000
--- a/rubbos/app/httpd-2.0.64/modules/ssl/ssl_engine_mutex.c
+++ /dev/null
@@ -1,120 +0,0 @@
-/* Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-/* _ _
- * _ __ ___ ___ __| | ___ ___| | mod_ssl
- * | '_ ` _ \ / _ \ / _` | / __/ __| | Apache Interface to OpenSSL
- * | | | | | | (_) | (_| | \__ \__ \ |
- * |_| |_| |_|\___/ \__,_|___|___/___/_|
- * |_____|
- * ssl_engine_mutex.c
- * Semaphore for Mutual Exclusion
- */
- /* ``Real programmers confuse
- Christmas and Halloween
- because DEC 25 = OCT 31.''
- -- Unknown */
-
-#include "mod_ssl.h"
-#if !defined(OS2) && !defined(WIN32) && !defined(BEOS) && !defined(NETWARE)
-#include "unixd.h"
-#define MOD_SSL_SET_MUTEX_PERMS /* XXX Apache should define something */
-#endif
-
-int ssl_mutex_init(server_rec *s, apr_pool_t *p)
-{
- SSLModConfigRec *mc = myModConfig(s);
- apr_status_t rv;
-
- if (mc->nMutexMode == SSL_MUTEXMODE_NONE)
- return TRUE;
-
- if ((rv = apr_global_mutex_create(&mc->pMutex, mc->szMutexFile,
- mc->nMutexMech, p)) != APR_SUCCESS) {
- if (mc->szMutexFile)
- ap_log_error(APLOG_MARK, APLOG_ERR, rv, s,
- "Cannot create SSLMutex with file `%s'",
- mc->szMutexFile);
- else
- ap_log_error(APLOG_MARK, APLOG_ERR, rv, s,
- "Cannot create SSLMutex");
- return FALSE;
- }
-
-#ifdef MOD_SSL_SET_MUTEX_PERMS
- rv = unixd_set_global_mutex_perms(mc->pMutex);
- if (rv != APR_SUCCESS) {
- ap_log_error(APLOG_MARK, APLOG_ERR, rv, s,
- "Could not set permissions on ssl_mutex; check User "
- "and Group directives");
- return FALSE;
- }
-#endif
- return TRUE;
-}
-
-int ssl_mutex_reinit(server_rec *s, apr_pool_t *p)
-{
- SSLModConfigRec *mc = myModConfig(s);
- apr_status_t rv;
-
- if (mc->nMutexMode == SSL_MUTEXMODE_NONE)
- return TRUE;
-
- if ((rv = apr_global_mutex_child_init(&mc->pMutex,
- mc->szMutexFile, p)) != APR_SUCCESS) {
- if (mc->szMutexFile)
- ap_log_error(APLOG_MARK, APLOG_ERR, rv, s,
- "Cannot reinit SSLMutex with file `%s'",
- mc->szMutexFile);
- else
- ap_log_error(APLOG_MARK, APLOG_WARNING, rv, s,
- "Cannot reinit SSLMutex");
- return FALSE;
- }
- return TRUE;
-}
-
-int ssl_mutex_on(server_rec *s)
-{
- SSLModConfigRec *mc = myModConfig(s);
- apr_status_t rv;
-
- if (mc->nMutexMode == SSL_MUTEXMODE_NONE)
- return TRUE;
- if ((rv = apr_global_mutex_lock(mc->pMutex)) != APR_SUCCESS) {
- ap_log_error(APLOG_MARK, APLOG_WARNING, rv, s,
- "Failed to acquire global mutex lock");
- return FALSE;
- }
- return TRUE;
-}
-
-int ssl_mutex_off(server_rec *s)
-{
- SSLModConfigRec *mc = myModConfig(s);
- apr_status_t rv;
-
- if (mc->nMutexMode == SSL_MUTEXMODE_NONE)
- return TRUE;
- if ((rv = apr_global_mutex_unlock(mc->pMutex)) != APR_SUCCESS) {
- ap_log_error(APLOG_MARK, APLOG_WARNING, rv, s,
- "Failed to release global mutex lock");
- return FALSE;
- }
- return TRUE;
-}
-
diff --git a/rubbos/app/httpd-2.0.64/modules/ssl/ssl_engine_pphrase.c b/rubbos/app/httpd-2.0.64/modules/ssl/ssl_engine_pphrase.c
deleted file mode 100644
index 1ca3f32f..00000000
--- a/rubbos/app/httpd-2.0.64/modules/ssl/ssl_engine_pphrase.c
+++ /dev/null
@@ -1,789 +0,0 @@
-/* Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-/* _ _
- * _ __ ___ ___ __| | ___ ___| | mod_ssl
- * | '_ ` _ \ / _ \ / _` | / __/ __| | Apache Interface to OpenSSL
- * | | | | | | (_) | (_| | \__ \__ \ |
- * |_| |_| |_|\___/ \__,_|___|___/___/_|
- * |_____|
- * ssl_engine_pphrase.c
- * Pass Phrase Dialog
- */
- /* ``Treat your password like your
- toothbrush. Don't let anybody
- else use it, and get a new one
- every six months.''
- -- Clifford Stoll */
-#include "mod_ssl.h"
-
-/*
- * Return true if the named file exists and is readable
- */
-
-static apr_status_t exists_and_readable(char *fname, apr_pool_t *pool, apr_time_t *mtime)
-{
- apr_status_t stat;
- apr_finfo_t sbuf;
- apr_file_t *fd;
-
- if ((stat = apr_stat(&sbuf, fname, APR_FINFO_MIN, pool)) != APR_SUCCESS)
- return stat;
-
- if (sbuf.filetype != APR_REG)
- return APR_EGENERAL;
-
- if ((stat = apr_file_open(&fd, fname, APR_READ, 0, pool)) != APR_SUCCESS)
- return stat;
-
- if (mtime) {
- *mtime = sbuf.mtime;
- }
-
- apr_file_close(fd);
- return APR_SUCCESS;
-}
-
-/*
- * reuse vhost keys for asn1 tables where keys are allocated out
- * of s->process->pool to prevent "leaking" each time we format
- * a vhost key. since the key is stored in a table with lifetime
- * of s->process->pool, the key needs to have the same lifetime.
- *
- * XXX: probably seems silly to use a hash table with keys and values
- * being the same, but it is easier than doing a linear search
- * and will make it easier to remove keys if needed in the future.
- * also have the problem with apr_array_header_t that if we
- * underestimate the number of vhost keys when we apr_array_make(),
- * the array will get resized when we push past the initial number
- * of elts. this resizing in the s->process->pool means "leaking"
- * since apr_array_push() will apr_alloc arr->nalloc * 2 elts,
- * leaving the original arr->elts to waste.
- */
-static char *asn1_table_vhost_key(SSLModConfigRec *mc, apr_pool_t *p,
- char *id, char *an)
-{
- /* 'p' pool used here is cleared on restarts (or sooner) */
- char *key = apr_psprintf(p, "%s:%s", id, an);
- void *keyptr = apr_hash_get(mc->tVHostKeys, key,
- APR_HASH_KEY_STRING);
-
- if (!keyptr) {
- /* make a copy out of s->process->pool */
- keyptr = apr_pstrdup(mc->pPool, key);
- apr_hash_set(mc->tVHostKeys, keyptr,
- APR_HASH_KEY_STRING, keyptr);
- }
-
- return (char *)keyptr;
-}
-
-/* _________________________________________________________________
-**
-** Pass Phrase and Private Key Handling
-** _________________________________________________________________
-*/
-
-#define BUILTIN_DIALOG_BACKOFF 2
-#define BUILTIN_DIALOG_RETRIES 5
-
-static apr_file_t *writetty = NULL;
-static apr_file_t *readtty = NULL;
-
-/*
- * sslc has a nasty flaw where its
- * PEM_read_bio_PrivateKey does not take a callback arg.
- */
-static server_rec *ssl_pphrase_server_rec = NULL;
-
-#ifdef SSLC_VERSION_NUMBER
-int ssl_pphrase_Handle_CB(char *, int, int);
-#else
-int ssl_pphrase_Handle_CB(char *, int, int, void *);
-#endif
-
-static char *pphrase_array_get(apr_array_header_t *arr, int idx)
-{
- if ((idx < 0) || (idx >= arr->nelts)) {
- return NULL;
- }
-
- return ((char **)arr->elts)[idx];
-}
-
-static void pphrase_array_clear(apr_array_header_t *arr)
-{
- if (arr->nelts > 0) {
- memset(arr->elts, 0, arr->elt_size * arr->nelts);
- }
- arr->nelts = 0;
-}
-
-void ssl_pphrase_Handle(server_rec *s, apr_pool_t *p)
-{
- SSLModConfigRec *mc = myModConfig(s);
- SSLSrvConfigRec *sc;
- server_rec *pServ;
- char *cpVHostID;
- char szPath[MAX_STRING_LEN];
- EVP_PKEY *pPrivateKey;
- ssl_asn1_t *asn1;
- unsigned char *ucp;
- long int length;
- X509 *pX509Cert;
- BOOL bReadable;
- apr_array_header_t *aPassPhrase;
- int nPassPhrase;
- int nPassPhraseCur;
- char *cpPassPhraseCur;
- int nPassPhraseRetry;
- int nPassPhraseDialog;
- int nPassPhraseDialogCur;
- BOOL bPassPhraseDialogOnce;
- char **cpp;
- int i, j;
- ssl_algo_t algoCert, algoKey, at;
- char *an;
- char *cp;
- apr_time_t pkey_mtime = 0;
- int isterm = 1;
- apr_status_t rv;
- /*
- * Start with a fresh pass phrase array
- */
- aPassPhrase = apr_array_make(p, 2, sizeof(char *));
- nPassPhrase = 0;
- nPassPhraseDialog = 0;
-
- /*
- * Walk through all configured servers
- */
- for (pServ = s; pServ != NULL; pServ = pServ->next) {
- sc = mySrvConfig(pServ);
-
- if (!sc->enabled)
- continue;
-
- cpVHostID = ssl_util_vhostid(p, pServ);
- ap_log_error(APLOG_MARK, APLOG_INFO, 0, pServ,
- "Loading certificate & private key of SSL-aware server");
-
- /*
- * Read in server certificate(s): This is the easy part
- * because this file isn't encrypted in any way.
- */
- if (sc->server->pks->cert_files[0] == NULL) {
- ap_log_error(APLOG_MARK, APLOG_ERR, 0, pServ,
- "Server should be SSL-aware but has no certificate "
- "configured [Hint: SSLCertificateFile]");
- ssl_die();
- }
- algoCert = SSL_ALGO_UNKNOWN;
- algoKey = SSL_ALGO_UNKNOWN;
- for (i = 0, j = 0; i < SSL_AIDX_MAX && sc->server->pks->cert_files[i] != NULL; i++) {
-
- apr_cpystrn(szPath, sc->server->pks->cert_files[i], sizeof(szPath));
- if ((rv = exists_and_readable(szPath, p, NULL)) != APR_SUCCESS) {
- ap_log_error(APLOG_MARK, APLOG_ERR, rv, s,
- "Init: Can't open server certificate file %s",
- szPath);
- ssl_die();
- }
- if ((pX509Cert = SSL_read_X509(szPath, NULL, NULL)) == NULL) {
- ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
- "Init: Unable to read server certificate from file %s", szPath);
- ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s);
- ssl_die();
- }
-
- /*
- * check algorithm type of certificate and make
- * sure only one certificate per type is used.
- */
- at = ssl_util_algotypeof(pX509Cert, NULL);
- an = ssl_util_algotypestr(at);
- if (algoCert & at) {
- ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
- "Init: Multiple %s server certificates not "
- "allowed", an);
- ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s);
- ssl_die();
- }
- algoCert |= at;
-
- /*
- * Insert the certificate into global module configuration to let it
- * survive the processing between the 1st Apache API init round (where
- * we operate here) and the 2nd Apache init round (where the
- * certificate is actually used to configure mod_ssl's per-server
- * configuration structures).
- */
- cp = asn1_table_vhost_key(mc, p, cpVHostID, an);
- length = i2d_X509(pX509Cert, NULL);
- ucp = ssl_asn1_table_set(mc->tPublicCert, cp, length);
- (void)i2d_X509(pX509Cert, &ucp); /* 2nd arg increments */
-
- /*
- * Free the X509 structure
- */
- X509_free(pX509Cert);
-
- /*
- * Read in the private key: This is the non-trivial part, because the
- * key is typically encrypted, so a pass phrase dialog has to be used
- * to request it from the user (or it has to be alternatively gathered
- * from a dialog program). The important point here is that ISPs
- * usually have hundrets of virtual servers configured and a lot of
- * them use SSL, so really we have to minimize the pass phrase
- * dialogs.
- *
- * The idea is this: When N virtual hosts are configured and all of
- * them use encrypted private keys with different pass phrases, we
- * have no chance and have to pop up N pass phrase dialogs. But
- * usually the admin is clever enough and uses the same pass phrase
- * for more private key files (typically he even uses one single pass
- * phrase for all). When this is the case we can minimize the dialogs
- * by trying to re-use already known/entered pass phrases.
- */
- if (sc->server->pks->key_files[j] != NULL)
- apr_cpystrn(szPath, sc->server->pks->key_files[j++], sizeof(szPath));
-
- /*
- * Try to read the private key file with the help of
- * the callback function which serves the pass
- * phrases to OpenSSL
- */
- myCtxVarSet(mc, 1, pServ);
- myCtxVarSet(mc, 2, p);
- myCtxVarSet(mc, 3, aPassPhrase);
- myCtxVarSet(mc, 4, &nPassPhraseCur);
- myCtxVarSet(mc, 5, &cpPassPhraseCur);
- myCtxVarSet(mc, 6, cpVHostID);
- myCtxVarSet(mc, 7, an);
- myCtxVarSet(mc, 8, &nPassPhraseDialog);
- myCtxVarSet(mc, 9, &nPassPhraseDialogCur);
- myCtxVarSet(mc, 10, &bPassPhraseDialogOnce);
-
- nPassPhraseCur = 0;
- nPassPhraseRetry = 0;
- nPassPhraseDialogCur = 0;
- bPassPhraseDialogOnce = TRUE;
-
- pPrivateKey = NULL;
-
- for (;;) {
- /*
- * Try to read the private key file with the help of
- * the callback function which serves the pass
- * phrases to OpenSSL
- */
- if ((rv = exists_and_readable(szPath, p,
- &pkey_mtime)) != APR_SUCCESS ) {
- ap_log_error(APLOG_MARK, APLOG_ERR, rv, s,
- "Init: Can't open server private key file "
- "%s",szPath);
- ssl_die();
- }
-
- /*
- * if the private key is encrypted and SSLPassPhraseDialog
- * is configured to "builtin" it isn't possible to prompt for
- * a password after httpd has detached from the tty.
- * in this case if we already have a private key and the
- * file name/mtime hasn't changed, then reuse the existing key.
- * we also reuse existing private keys that were encrypted for
- * exec: and pipe: dialogs to minimize chances to snoop the
- * password. that and pipe: dialogs might prompt the user
- * for password, which on win32 for example could happen 4
- * times at startup. twice for each child and twice within
- * each since apache "restarts itself" on startup.
- * of course this will not work for the builtin dialog if
- * the server was started without LoadModule ssl_module
- * configured, then restarted with it configured.
- * but we fall through with a chance of success if the key
- * is not encrypted or can be handled via exec or pipe dialog.
- * and in the case of fallthrough, pkey_mtime and isatty()
- * are used to give a better idea as to what failed.
- */
- if (pkey_mtime) {
- int i;
-
- for (i=0; i < SSL_AIDX_MAX; i++) {
- const char *key_id =
- ssl_asn1_table_keyfmt(p, cpVHostID, i);
- ssl_asn1_t *asn1 =
- ssl_asn1_table_get(mc->tPrivateKey, key_id);
-
- if (asn1 && (asn1->source_mtime == pkey_mtime)) {
- ap_log_error(APLOG_MARK, APLOG_INFO,
- 0, pServ,
- "%s reusing existing "
- "%s private key on restart",
- cpVHostID, ssl_asn1_keystr(i));
- return;
- }
- }
- }
-
- cpPassPhraseCur = NULL;
- ssl_pphrase_server_rec = s; /* to make up for sslc flaw */
-
- /* Ensure that the error stack is empty; some SSL
- * functions will fail spuriously if the error stack
- * is not empty. */
- ERR_clear_error();
-
- bReadable = ((pPrivateKey = SSL_read_PrivateKey(szPath, NULL,
- ssl_pphrase_Handle_CB, s)) != NULL ? TRUE : FALSE);
-
- /*
- * when the private key file now was readable,
- * it's fine and we go out of the loop
- */
- if (bReadable)
- break;
-
- /*
- * when we have more remembered pass phrases
- * try to reuse these first.
- */
- if (nPassPhraseCur < nPassPhrase) {
- nPassPhraseCur++;
- continue;
- }
-
- /*
- * else it's not readable and we have no more
- * remembered pass phrases. Then this has to mean
- * that the callback function popped up the dialog
- * but a wrong pass phrase was entered. We give the
- * user (but not the dialog program) a few more
- * chances...
- */
-#ifndef WIN32
- if ((sc->server->pphrase_dialog_type == SSL_PPTYPE_BUILTIN
- || sc->server->pphrase_dialog_type == SSL_PPTYPE_PIPE)
-#else
- if (sc->server->pphrase_dialog_type == SSL_PPTYPE_PIPE
-#endif
- && cpPassPhraseCur != NULL
- && nPassPhraseRetry < BUILTIN_DIALOG_RETRIES ) {
- apr_file_printf(writetty, "Apache:mod_ssl:Error: Pass phrase incorrect "
- "(%d more retr%s permitted).\n",
- (BUILTIN_DIALOG_RETRIES-nPassPhraseRetry),
- (BUILTIN_DIALOG_RETRIES-nPassPhraseRetry) == 1 ? "y" : "ies");
- nPassPhraseRetry++;
- if (nPassPhraseRetry > BUILTIN_DIALOG_BACKOFF)
- apr_sleep((nPassPhraseRetry-BUILTIN_DIALOG_BACKOFF)
- * 5 * APR_USEC_PER_SEC);
- continue;
- }
-#ifdef WIN32
- if (sc->server->pphrase_dialog_type == SSL_PPTYPE_BUILTIN) {
- ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
- "Init: SSLPassPhraseDialog builtin is not "
- "supported on Win32 (key file "
- "%s)", szPath);
- ssl_die();
- }
-#endif /* WIN32 */
-
- /*
- * Ok, anything else now means a fatal error.
- */
- if (cpPassPhraseCur == NULL) {
- if (nPassPhraseDialogCur && pkey_mtime &&
- !(isterm = isatty(fileno(stdout)))) /* XXX: apr_isatty() */
- {
- ap_log_error(APLOG_MARK, APLOG_ERR, 0,
- pServ,
- "Init: Unable to read pass phrase "
- "[Hint: key introduced or changed "
- "before restart?]");
- ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, pServ);
- }
- else {
- ap_log_error(APLOG_MARK, APLOG_ERR, 0,
- pServ, "Init: Private key not found");
- ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, pServ);
- }
- if (writetty) {
- apr_file_printf(writetty, "Apache:mod_ssl:Error: Private key not found.\n");
- apr_file_printf(writetty, "**Stopped\n");
- }
- }
- else {
- ap_log_error(APLOG_MARK, APLOG_ERR, 0,
- pServ, "Init: Pass phrase incorrect");
- ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, pServ);
-
- if (writetty) {
- apr_file_printf(writetty, "Apache:mod_ssl:Error: Pass phrase incorrect.\n");
- apr_file_printf(writetty, "**Stopped\n");
- }
- }
- ssl_die();
- }
-
- if (pPrivateKey == NULL) {
- ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
- "Init: Unable to read server private key from "
- "file %s [Hint: Perhaps it is in a separate file? "
- " See SSLCertificateKeyFile]", szPath);
- ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s);
- ssl_die();
- }
-
- /*
- * check algorithm type of private key and make
- * sure only one private key per type is used.
- */
- at = ssl_util_algotypeof(NULL, pPrivateKey);
- an = ssl_util_algotypestr(at);
- if (algoKey & at) {
- ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
- "Init: Multiple %s server private keys not "
- "allowed", an);
- ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s);
- ssl_die();
- }
- algoKey |= at;
-
- /*
- * Log the type of reading
- */
- if (nPassPhraseDialogCur == 0) {
- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, pServ,
- "unencrypted %s private key - pass phrase not "
- "required", an);
- }
- else {
- if (cpPassPhraseCur != NULL) {
- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0,
- pServ,
- "encrypted %s private key - pass phrase "
- "requested", an);
- }
- else {
- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0,
- pServ,
- "encrypted %s private key - pass phrase"
- " reused", an);
- }
- }
-
- /*
- * Ok, when we have one more pass phrase store it
- */
- if (cpPassPhraseCur != NULL) {
- cpp = (char **)apr_array_push(aPassPhrase);
- *cpp = cpPassPhraseCur;
- nPassPhrase++;
- }
-
- /*
- * Insert private key into the global module configuration
- * (we convert it to a stand-alone DER byte sequence
- * because the SSL library uses static variables inside a
- * RSA structure which do not survive DSO reloads!)
- */
- cp = asn1_table_vhost_key(mc, p, cpVHostID, an);
- length = i2d_PrivateKey(pPrivateKey, NULL);
- ucp = ssl_asn1_table_set(mc->tPrivateKey, cp, length);
- (void)i2d_PrivateKey(pPrivateKey, &ucp); /* 2nd arg increments */
-
- if (nPassPhraseDialogCur != 0) {
- /* remember mtime of encrypted keys */
- asn1 = ssl_asn1_table_get(mc->tPrivateKey, cp);
- asn1->source_mtime = pkey_mtime;
- }
-
- /*
- * Free the private key structure
- */
- EVP_PKEY_free(pPrivateKey);
- }
- }
-
- /*
- * Let the user know when we're successful.
- */
- if (nPassPhraseDialog > 0) {
- sc = mySrvConfig(s);
- if (writetty) {
- apr_file_printf(writetty, "\n");
- apr_file_printf(writetty, "Ok: Pass Phrase Dialog successful.\n");
- }
- }
-
- /*
- * Wipe out the used memory from the
- * pass phrase array and then deallocate it
- */
- if (aPassPhrase->nelts) {
- pphrase_array_clear(aPassPhrase);
- ap_log_error(APLOG_MARK, APLOG_INFO, 0, s,
- "Init: Wiped out the queried pass phrases from memory");
- }
-
- /* Close the pipes if they were opened
- */
- if (readtty) {
- apr_file_close(readtty);
- apr_file_close(writetty);
- readtty = writetty = NULL;
- }
- return;
-}
-
-static apr_status_t ssl_pipe_child_create(apr_pool_t *p, const char *progname)
-{
- /* Child process code for 'ErrorLog "|..."';
- * may want a common framework for this, since I expect it will
- * be common for other foo-loggers to want this sort of thing...
- */
- apr_status_t rc;
- apr_procattr_t *procattr;
- apr_proc_t *procnew;
-
- if (((rc = apr_procattr_create(&procattr, p)) == APR_SUCCESS) &&
- ((rc = apr_procattr_io_set(procattr,
- APR_FULL_BLOCK,
- APR_FULL_BLOCK,
- APR_NO_PIPE)) == APR_SUCCESS)) {
- char **args;
- const char *pname;
-
- apr_tokenize_to_argv(progname, &args, p);
- pname = apr_pstrdup(p, args[0]);
- procnew = (apr_proc_t *)apr_pcalloc(p, sizeof(*procnew));
- rc = apr_proc_create(procnew, pname, (const char * const *)args,
- NULL, procattr, p);
- if (rc == APR_SUCCESS) {
- /* XXX: not sure if we aught to...
- * apr_pool_note_subprocess(p, procnew, APR_KILL_AFTER_TIMEOUT);
- */
- writetty = procnew->in;
- readtty = procnew->out;
- }
- }
-
- return rc;
-}
-
-static int pipe_get_passwd_cb(char *buf, int length, char *prompt, int verify)
-{
- apr_status_t rc;
- char *p;
-
- apr_file_puts(prompt, writetty);
-
- buf[0]='\0';
- rc = apr_file_gets(buf, length, readtty);
- apr_file_puts(APR_EOL_STR, writetty);
-
- if (rc != APR_SUCCESS || apr_file_eof(readtty)) {
- memset(buf, 0, length);
- return 1; /* failure */
- }
- if ((p = strchr(buf, '\n')) != NULL) {
- *p = '\0';
- }
-#ifdef WIN32
- /* XXX: apr_sometest */
- if ((p = strchr(buf, '\r')) != NULL) {
- *p = '\0';
- }
-#endif
- return 0;
-}
-
-#ifdef SSLC_VERSION_NUMBER
-int ssl_pphrase_Handle_CB(char *buf, int bufsize, int verify)
-{
- void *srv = ssl_pphrase_server_rec;
-#else
-int ssl_pphrase_Handle_CB(char *buf, int bufsize, int verify, void *srv)
-{
-#endif
- SSLModConfigRec *mc;
- server_rec *s;
- apr_pool_t *p;
- apr_array_header_t *aPassPhrase;
- SSLSrvConfigRec *sc;
- int *pnPassPhraseCur;
- char **cppPassPhraseCur;
- char *cpVHostID;
- char *cpAlgoType;
- int *pnPassPhraseDialog;
- int *pnPassPhraseDialogCur;
- BOOL *pbPassPhraseDialogOnce;
- char *cpp;
- int len = -1;
-
- mc = myModConfig((server_rec *)srv);
-
- /*
- * Reconnect to the context of ssl_phrase_Handle()
- */
- s = myCtxVarGet(mc, 1, server_rec *);
- p = myCtxVarGet(mc, 2, apr_pool_t *);
- aPassPhrase = myCtxVarGet(mc, 3, apr_array_header_t *);
- pnPassPhraseCur = myCtxVarGet(mc, 4, int *);
- cppPassPhraseCur = myCtxVarGet(mc, 5, char **);
- cpVHostID = myCtxVarGet(mc, 6, char *);
- cpAlgoType = myCtxVarGet(mc, 7, char *);
- pnPassPhraseDialog = myCtxVarGet(mc, 8, int *);
- pnPassPhraseDialogCur = myCtxVarGet(mc, 9, int *);
- pbPassPhraseDialogOnce = myCtxVarGet(mc, 10, BOOL *);
- sc = mySrvConfig(s);
-
- (*pnPassPhraseDialog)++;
- (*pnPassPhraseDialogCur)++;
-
- /*
- * When remembered pass phrases are available use them...
- */
- if ((cpp = pphrase_array_get(aPassPhrase, *pnPassPhraseCur)) != NULL) {
- apr_cpystrn(buf, cpp, bufsize);
- len = strlen(buf);
- return len;
- }
-
- /*
- * Builtin or Pipe dialog
- */
- if (sc->server->pphrase_dialog_type == SSL_PPTYPE_BUILTIN
- || sc->server->pphrase_dialog_type == SSL_PPTYPE_PIPE) {
- char *prompt;
- int i;
-
- if (sc->server->pphrase_dialog_type == SSL_PPTYPE_PIPE) {
- if (!readtty) {
- ap_log_error(APLOG_MARK, APLOG_INFO, 0, s,
- "Init: Creating pass phrase dialog pipe child "
- "'%s'", sc->server->pphrase_dialog_path);
- if (ssl_pipe_child_create(p, sc->server->pphrase_dialog_path)
- != APR_SUCCESS) {
- ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
- "Init: Failed to create pass phrase pipe '%s'",
- sc->server->pphrase_dialog_path);
- PEMerr(PEM_F_DEF_CALLBACK,PEM_R_PROBLEMS_GETTING_PASSWORD);
- memset(buf, 0, (unsigned int)bufsize);
- return (-1);
- }
- }
- ap_log_error(APLOG_MARK, APLOG_INFO, 0, s,
- "Init: Requesting pass phrase via piped dialog");
- }
- else { /* sc->server->pphrase_dialog_type == SSL_PPTYPE_BUILTIN */
-#ifdef WIN32
- PEMerr(PEM_F_DEF_CALLBACK,PEM_R_PROBLEMS_GETTING_PASSWORD);
- memset(buf, 0, (unsigned int)bufsize);
- return (-1);
-#else
- /*
- * stderr has already been redirected to the error_log.
- * rather than attempting to temporarily rehook it to the terminal,
- * we print the prompt to stdout before EVP_read_pw_string turns
- * off tty echo
- */
- apr_file_open_stdout(&writetty, p);
-
- ap_log_error(APLOG_MARK, APLOG_INFO, 0, s,
- "Init: Requesting pass phrase via builtin terminal "
- "dialog");
-#endif
- }
-
- /*
- * The first time display a header to inform the user about what
- * program he actually speaks to, which module is responsible for
- * this terminal dialog and why to the hell he has to enter
- * something...
- */
- if (*pnPassPhraseDialog == 1) {
- apr_file_printf(writetty, "%s mod_ssl/%s (Pass Phrase Dialog)\n",
- AP_SERVER_BASEVERSION, MOD_SSL_VERSION);
- apr_file_printf(writetty, "Some of your private key files are encrypted for security reasons.\n");
- apr_file_printf(writetty, "In order to read them you have to provide us with the pass phrases.\n");
- }
- if (*pbPassPhraseDialogOnce) {
- *pbPassPhraseDialogOnce = FALSE;
- apr_file_printf(writetty, "\n");
- apr_file_printf(writetty, "Server %s (%s)\n", cpVHostID, cpAlgoType);
- }
-
- /*
- * Emulate the OpenSSL internal pass phrase dialog
- * (see crypto/pem/pem_lib.c:def_callback() for details)
- */
- prompt = "Enter pass phrase:";
-
- for (;;) {
- apr_file_puts(prompt, writetty);
- if (sc->server->pphrase_dialog_type == SSL_PPTYPE_PIPE) {
- i = pipe_get_passwd_cb(buf, bufsize, "", FALSE);
- }
- else { /* sc->server->pphrase_dialog_type == SSL_PPTYPE_BUILTIN */
- i = EVP_read_pw_string(buf, bufsize, "", FALSE);
- }
- if (i != 0) {
- PEMerr(PEM_F_DEF_CALLBACK,PEM_R_PROBLEMS_GETTING_PASSWORD);
- memset(buf, 0, (unsigned int)bufsize);
- return (-1);
- }
- len = strlen(buf);
- if (len < 1)
- apr_file_printf(writetty, "Apache:mod_ssl:Error: Pass phrase empty (needs to be at least 1 character).\n");
- else
- break;
- }
- }
-
- /*
- * Filter program
- */
- else if (sc->server->pphrase_dialog_type == SSL_PPTYPE_FILTER) {
- const char *cmd = sc->server->pphrase_dialog_path;
- const char **argv = apr_palloc(p, sizeof(char *) * 4);
- char *result;
-
- ap_log_error(APLOG_MARK, APLOG_INFO, 0, s,
- "Init: Requesting pass phrase from dialog filter "
- "program (%s)", cmd);
-
- argv[0] = cmd;
- argv[1] = cpVHostID;
- argv[2] = cpAlgoType;
- argv[3] = NULL;
-
- result = ssl_util_readfilter(s, p, cmd, argv);
- apr_cpystrn(buf, result, bufsize);
- len = strlen(buf);
- }
-
- /*
- * Ok, we now have the pass phrase, so give it back
- */
- *cppPassPhraseCur = apr_pstrdup(p, buf);
-
- /*
- * And return it's length to OpenSSL...
- */
- return (len);
-}
-
diff --git a/rubbos/app/httpd-2.0.64/modules/ssl/ssl_engine_rand.c b/rubbos/app/httpd-2.0.64/modules/ssl/ssl_engine_rand.c
deleted file mode 100644
index b640e3f9..00000000
--- a/rubbos/app/httpd-2.0.64/modules/ssl/ssl_engine_rand.c
+++ /dev/null
@@ -1,179 +0,0 @@
-/* Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-/* _ _
- * _ __ ___ ___ __| | ___ ___| | mod_ssl
- * | '_ ` _ \ / _ \ / _` | / __/ __| | Apache Interface to OpenSSL
- * | | | | | | (_) | (_| | \__ \__ \ |
- * |_| |_| |_|\___/ \__,_|___|___/___/_|
- * |_____|
- * ssl_engine_rand.c
- * Random Number Generator Seeding
- */
- /* ``The generation of random
- numbers is too important
- to be left to chance.'' */
-
-#include "mod_ssl.h"
-
-/* _________________________________________________________________
-**
-** Support for better seeding of SSL library's RNG
-** _________________________________________________________________
-*/
-
-static int ssl_rand_choosenum(int, int);
-static int ssl_rand_feedfp(apr_pool_t *, apr_file_t *, int);
-
-int ssl_rand_seed(server_rec *s, apr_pool_t *p, ssl_rsctx_t nCtx, char *prefix)
-{
- SSLModConfigRec *mc;
- apr_array_header_t *apRandSeed;
- ssl_randseed_t *pRandSeeds;
- ssl_randseed_t *pRandSeed;
- unsigned char stackdata[256];
- int nReq, nDone;
- apr_file_t *fp;
- int i, n, l;
-
- mc = myModConfig(s);
- nReq = 0;
- nDone = 0;
- apRandSeed = mc->aRandSeed;
- pRandSeeds = (ssl_randseed_t *)apRandSeed->elts;
- for (i = 0; i < apRandSeed->nelts; i++) {
- pRandSeed = &pRandSeeds[i];
- if (pRandSeed->nCtx == nCtx) {
- nReq += pRandSeed->nBytes;
- if (pRandSeed->nSrc == SSL_RSSRC_FILE) {
- /*
- * seed in contents of an external file
- */
- if (apr_file_open(&fp, pRandSeed->cpPath,
- APR_READ, APR_OS_DEFAULT, p) != APR_SUCCESS)
- continue;
- nDone += ssl_rand_feedfp(p, fp, pRandSeed->nBytes);
- apr_file_close(fp);
- }
- else if (pRandSeed->nSrc == SSL_RSSRC_EXEC) {
- const char *cmd = pRandSeed->cpPath;
- const char **argv = apr_palloc(p, sizeof(char *) * 3);
- /*
- * seed in contents generated by an external program
- */
- argv[0] = cmd;
- argv[1] = apr_itoa(p, pRandSeed->nBytes);
- argv[2] = NULL;
-
- if ((fp = ssl_util_ppopen(s, p, cmd, argv)) == NULL)
- continue;
- nDone += ssl_rand_feedfp(p, fp, pRandSeed->nBytes);
- ssl_util_ppclose(s, p, fp);
- }
-#ifdef HAVE_SSL_RAND_EGD
- else if (pRandSeed->nSrc == SSL_RSSRC_EGD) {
- /*
- * seed in contents provided by the external
- * Entropy Gathering Daemon (EGD)
- */
- if ((n = RAND_egd(pRandSeed->cpPath)) == -1)
- continue;
- nDone += n;
- }
-#endif
- else if (pRandSeed->nSrc == SSL_RSSRC_BUILTIN) {
- struct {
- time_t t;
- pid_t pid;
- } my_seed;
-
- /*
- * seed in the current time (usually just 4 bytes)
- */
- my_seed.t = time(NULL);
-
- /*
- * seed in the current process id (usually just 4 bytes)
- */
- my_seed.pid = mc->pid;
-
- l = sizeof(my_seed);
- RAND_seed((unsigned char *)&my_seed, l);
- nDone += l;
-
- /*
- * seed in some current state of the run-time stack (128 bytes)
- */
- n = ssl_rand_choosenum(0, sizeof(stackdata)-128-1);
- RAND_seed(stackdata+n, 128);
- nDone += 128;
-
- }
- }
- }
- ap_log_error(APLOG_MARK, APLOG_INFO, 0, s,
- "%sSeeding PRNG with %d bytes of entropy", prefix, nDone);
-
- if (RAND_status() == 0)
- ap_log_error(APLOG_MARK, APLOG_WARNING, 0, s,
- "%sPRNG still contains insufficient entropy!", prefix);
-
- return nDone;
-}
-
-#define BUFSIZE 8192
-
-static int ssl_rand_feedfp(apr_pool_t *p, apr_file_t *fp, int nReq)
-{
- apr_size_t nDone;
- unsigned char caBuf[BUFSIZE];
- apr_size_t nBuf;
- apr_size_t nRead;
- apr_size_t nTodo;
-
- nDone = 0;
- nRead = BUFSIZE;
- nTodo = nReq;
- while (1) {
- if (nReq > 0)
- nRead = (nTodo < BUFSIZE ? nTodo : BUFSIZE);
- nBuf = nRead;
- if (apr_file_read(fp, caBuf, &nBuf) != APR_SUCCESS)
- break;
- RAND_seed(caBuf, nBuf);
- nDone += nBuf;
- if (nReq > 0) {
- nTodo -= nBuf;
- if (nTodo <= 0)
- break;
- }
- }
- return nDone;
-}
-
-static int ssl_rand_choosenum(int l, int h)
-{
- int i;
- char buf[50];
-
- apr_snprintf(buf, sizeof(buf), "%.0f",
- (((double)(rand()%RAND_MAX)/RAND_MAX)*(h-l)));
- i = atoi(buf)+1;
- if (i < l) i = l;
- if (i > h) i = h;
- return i;
-}
-
diff --git a/rubbos/app/httpd-2.0.64/modules/ssl/ssl_engine_vars.c b/rubbos/app/httpd-2.0.64/modules/ssl/ssl_engine_vars.c
deleted file mode 100644
index 661e99d8..00000000
--- a/rubbos/app/httpd-2.0.64/modules/ssl/ssl_engine_vars.c
+++ /dev/null
@@ -1,687 +0,0 @@
-/* Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-/* _ _
- * _ __ ___ ___ __| | ___ ___| | mod_ssl
- * | '_ ` _ \ / _ \ / _` | / __/ __| | Apache Interface to OpenSSL
- * | | | | | | (_) | (_| | \__ \__ \ |
- * |_| |_| |_|\___/ \__,_|___|___/___/_|
- * |_____|
- * ssl_engine_vars.c
- * Variable Lookup Facility
- */
- /* ``Those of you who think they
- know everything are very annoying
- to those of us who do.''
- -- Unknown */
-#include "mod_ssl.h"
-
-/* _________________________________________________________________
-**
-** Variable Lookup
-** _________________________________________________________________
-*/
-
-static char *ssl_var_lookup_header(apr_pool_t *p, request_rec *r, const char *name);
-static char *ssl_var_lookup_ssl(apr_pool_t *p, conn_rec *c, char *var);
-static char *ssl_var_lookup_ssl_cert(apr_pool_t *p, X509 *xs, char *var);
-static char *ssl_var_lookup_ssl_cert_dn(apr_pool_t *p, X509_NAME *xsname, char *var);
-static char *ssl_var_lookup_ssl_cert_valid(apr_pool_t *p, ASN1_UTCTIME *tm);
-static char *ssl_var_lookup_ssl_cert_serial(apr_pool_t *p, X509 *xs);
-static char *ssl_var_lookup_ssl_cert_chain(apr_pool_t *p, STACK_OF(X509) *sk, char *var);
-static char *ssl_var_lookup_ssl_cert_PEM(apr_pool_t *p, X509 *xs);
-static char *ssl_var_lookup_ssl_cert_verify(apr_pool_t *p, conn_rec *c);
-static char *ssl_var_lookup_ssl_cipher(apr_pool_t *p, conn_rec *c, char *var);
-static void ssl_var_lookup_ssl_cipher_bits(SSL *ssl, int *usekeysize, int *algkeysize);
-static char *ssl_var_lookup_ssl_version(apr_pool_t *pp, apr_pool_t *p, char *var);
-
-static int ssl_is_https(conn_rec *c)
-{
- SSLConnRec *sslconn = myConnConfig(c);
- return sslconn && sslconn->ssl;
-}
-
-void ssl_var_register(void)
-{
- APR_REGISTER_OPTIONAL_FN(ssl_is_https);
- APR_REGISTER_OPTIONAL_FN(ssl_var_lookup);
- return;
-}
-
-/* This function must remain safe to use for a non-SSL connection. */
-char *ssl_var_lookup(apr_pool_t *p, server_rec *s, conn_rec *c, request_rec *r, char *var)
-{
- SSLModConfigRec *mc = myModConfig(s);
- char *result;
- BOOL resdup;
- apr_time_exp_t tm;
-
- result = NULL;
- resdup = TRUE;
-
- /*
- * When no pool is given try to find one
- */
- if (p == NULL) {
- if (r != NULL)
- p = r->pool;
- else if (c != NULL)
- p = c->pool;
- else
- p = mc->pPool;
- }
-
- /*
- * Request dependent stuff
- */
- if (r != NULL) {
- if (strcEQ(var, "HTTP_USER_AGENT"))
- result = ssl_var_lookup_header(p, r, "User-Agent");
- else if (strcEQ(var, "HTTP_REFERER"))
- result = ssl_var_lookup_header(p, r, "Referer");
- else if (strcEQ(var, "HTTP_COOKIE"))
- result = ssl_var_lookup_header(p, r, "Cookie");
- else if (strcEQ(var, "HTTP_FORWARDED"))
- result = ssl_var_lookup_header(p, r, "Forwarded");
- else if (strcEQ(var, "HTTP_HOST"))
- result = ssl_var_lookup_header(p, r, "Host");
- else if (strcEQ(var, "HTTP_PROXY_CONNECTION"))
- result = ssl_var_lookup_header(p, r, "Proxy-Connection");
- else if (strcEQ(var, "HTTP_ACCEPT"))
- result = ssl_var_lookup_header(p, r, "Accept");
- else if (strlen(var) > 5 && strcEQn(var, "HTTP:", 5))
- /* all other headers from which we are still not know about */
- result = ssl_var_lookup_header(p, r, var+5);
- else if (strcEQ(var, "THE_REQUEST"))
- result = r->the_request;
- else if (strcEQ(var, "REQUEST_METHOD"))
- result = (char *)(r->method);
- else if (strcEQ(var, "REQUEST_SCHEME"))
- result = (char *)ap_http_method(r);
- else if (strcEQ(var, "REQUEST_URI"))
- result = r->uri;
- else if (strcEQ(var, "SCRIPT_FILENAME") ||
- strcEQ(var, "REQUEST_FILENAME"))
- result = r->filename;
- else if (strcEQ(var, "PATH_INFO"))
- result = r->path_info;
- else if (strcEQ(var, "QUERY_STRING"))
- result = r->args;
- else if (strcEQ(var, "REMOTE_HOST"))
- result = (char *)ap_get_remote_host(r->connection,
- r->per_dir_config, REMOTE_NAME, NULL);
- else if (strcEQ(var, "REMOTE_IDENT"))
- result = (char *)ap_get_remote_logname(r);
- else if (strcEQ(var, "IS_SUBREQ"))
- result = (r->main != NULL ? "true" : "false");
- else if (strcEQ(var, "DOCUMENT_ROOT"))
- result = (char *)ap_document_root(r);
- else if (strcEQ(var, "SERVER_ADMIN"))
- result = r->server->server_admin;
- else if (strcEQ(var, "SERVER_NAME"))
- result = (char *)ap_get_server_name(r);
- else if (strcEQ(var, "SERVER_PORT"))
- result = apr_psprintf(p, "%u", ap_get_server_port(r));
- else if (strcEQ(var, "SERVER_PROTOCOL"))
- result = r->protocol;
- }
-
- /*
- * Connection stuff
- */
- if (result == NULL && c != NULL) {
- SSLConnRec *sslconn = myConnConfig(c);
- if (strcEQ(var, "REMOTE_ADDR"))
- result = c->remote_ip;
- else if (strcEQ(var, "REMOTE_USER"))
- result = r->user;
- else if (strcEQ(var, "AUTH_TYPE"))
- result = r->ap_auth_type;
- else if (strlen(var) > 4 && strcEQn(var, "SSL_", 4)
- && sslconn && sslconn->ssl)
- result = ssl_var_lookup_ssl(p, c, var+4);
- else if (strcEQ(var, "HTTPS")) {
- if (sslconn && sslconn->ssl)
- result = "on";
- else
- result = "off";
- }
- }
-
- /*
- * Totally independent stuff
- */
- if (result == NULL) {
- if (strlen(var) > 12 && strcEQn(var, "SSL_VERSION_", 12))
- result = ssl_var_lookup_ssl_version(s->process->pool, p, var+12);
- else if (strcEQ(var, "SERVER_SOFTWARE"))
- result = (char *)ap_get_server_version();
- else if (strcEQ(var, "API_VERSION")) {
- result = apr_psprintf(p, "%d", MODULE_MAGIC_NUMBER);
- resdup = FALSE;
- }
- else if (strcEQ(var, "TIME_YEAR")) {
- apr_time_exp_lt(&tm, apr_time_now());
- result = apr_psprintf(p, "%02d%02d",
- (tm.tm_year / 100) + 19, tm.tm_year % 100);
- resdup = FALSE;
- }
-#define MKTIMESTR(format, tmfield) \
- apr_time_exp_lt(&tm, apr_time_now()); \
- result = apr_psprintf(p, format, tm.tmfield); \
- resdup = FALSE;
- else if (strcEQ(var, "TIME_MON")) {
- MKTIMESTR("%02d", tm_mon+1)
- }
- else if (strcEQ(var, "TIME_DAY")) {
- MKTIMESTR("%02d", tm_mday)
- }
- else if (strcEQ(var, "TIME_HOUR")) {
- MKTIMESTR("%02d", tm_hour)
- }
- else if (strcEQ(var, "TIME_MIN")) {
- MKTIMESTR("%02d", tm_min)
- }
- else if (strcEQ(var, "TIME_SEC")) {
- MKTIMESTR("%02d", tm_sec)
- }
- else if (strcEQ(var, "TIME_WDAY")) {
- MKTIMESTR("%d", tm_wday)
- }
- else if (strcEQ(var, "TIME")) {
- apr_time_exp_lt(&tm, apr_time_now());
- result = apr_psprintf(p,
- "%02d%02d%02d%02d%02d%02d%02d", (tm.tm_year / 100) + 19,
- (tm.tm_year % 100), tm.tm_mon+1, tm.tm_mday,
- tm.tm_hour, tm.tm_min, tm.tm_sec);
- resdup = FALSE;
- }
- /* all other env-variables from the parent Apache process */
- else if (strlen(var) > 4 && strcEQn(var, "ENV:", 4)) {
- result = (char *)apr_table_get(r->notes, var+4);
- if (result == NULL)
- result = (char *)apr_table_get(r->subprocess_env, var+4);
- if (result == NULL)
- result = getenv(var+4);
- }
- }
-
- if (result != NULL && resdup)
- result = apr_pstrdup(p, result);
- if (result == NULL)
- result = "";
- return result;
-}
-
-static char *ssl_var_lookup_header(apr_pool_t *p, request_rec *r, const char *name)
-{
- char *hdr = NULL;
-
- if ((hdr = (char *)apr_table_get(r->headers_in, name)) != NULL)
- hdr = apr_pstrdup(p, hdr);
- return hdr;
-}
-
-static char *ssl_var_lookup_ssl(apr_pool_t *p, conn_rec *c, char *var)
-{
- SSLConnRec *sslconn = myConnConfig(c);
- char *result;
- X509 *xs;
- STACK_OF(X509) *sk;
- SSL *ssl;
-
- result = NULL;
-
- ssl = sslconn->ssl;
- if (strlen(var) > 8 && strcEQn(var, "VERSION_", 8)) {
- result = ssl_var_lookup_ssl_version(c->base_server->process->pool,
- p, var+8);
- }
- else if (ssl != NULL && strcEQ(var, "PROTOCOL")) {
- result = (char *)SSL_get_version(ssl);
- }
- else if (ssl != NULL && strcEQ(var, "SESSION_ID")) {
- char buf[SSL_SESSION_ID_STRING_LEN];
- SSL_SESSION *pSession = SSL_get_session(ssl);
- if (pSession) {
- result = apr_pstrdup(p, SSL_SESSION_id2sz(
- SSL_SESSION_get_session_id(pSession),
- SSL_SESSION_get_session_id_length(pSession),
- buf, sizeof(buf)));
- }
- }
- else if (ssl != NULL && strlen(var) >= 6 && strcEQn(var, "CIPHER", 6)) {
- result = ssl_var_lookup_ssl_cipher(p, c, var+6);
- }
- else if (ssl != NULL && strlen(var) > 18 && strcEQn(var, "CLIENT_CERT_CHAIN_", 18)) {
- sk = SSL_get_peer_cert_chain(ssl);
- result = ssl_var_lookup_ssl_cert_chain(p, sk, var+18);
- }
- else if (ssl != NULL && strcEQ(var, "CLIENT_VERIFY")) {
- result = ssl_var_lookup_ssl_cert_verify(p, c);
- }
- else if (ssl != NULL && strlen(var) > 7 && strcEQn(var, "CLIENT_", 7)) {
- if ((xs = SSL_get_peer_certificate(ssl)) != NULL) {
- result = ssl_var_lookup_ssl_cert(p, xs, var+7);
- X509_free(xs);
- }
- }
- else if (ssl != NULL && strlen(var) > 7 && strcEQn(var, "SERVER_", 7)) {
- if ((xs = SSL_get_certificate(ssl)) != NULL)
- result = ssl_var_lookup_ssl_cert(p, xs, var+7);
- }
- else if (ssl != NULL && strcEQ(var, "SECURE_RENEG")) {
- int flag = 0;
-#ifdef SSL_get_secure_renegotiation_support
- flag = SSL_get_secure_renegotiation_support(ssl);
-#endif
- result = apr_pstrdup(p, flag ? "true" : "false");
- }
-
- return result;
-}
-
-static char *ssl_var_lookup_ssl_cert(apr_pool_t *p, X509 *xs, char *var)
-{
- char *result;
- BOOL resdup;
- X509_NAME *xsname;
- int nid;
- char *cp;
-
- result = NULL;
- resdup = TRUE;
-
- if (strcEQ(var, "M_VERSION")) {
- result = apr_psprintf(p, "%lu", X509_get_version(xs)+1);
- resdup = FALSE;
- }
- else if (strcEQ(var, "M_SERIAL")) {
- result = ssl_var_lookup_ssl_cert_serial(p, xs);
- }
- else if (strcEQ(var, "V_START")) {
- result = ssl_var_lookup_ssl_cert_valid(p, X509_get_notBefore(xs));
- }
- else if (strcEQ(var, "V_END")) {
- result = ssl_var_lookup_ssl_cert_valid(p, X509_get_notAfter(xs));
- }
- else if (strcEQ(var, "S_DN")) {
- xsname = X509_get_subject_name(xs);
- cp = X509_NAME_oneline(xsname, NULL, 0);
- result = apr_pstrdup(p, cp);
- modssl_free(cp);
- resdup = FALSE;
- }
- else if (strlen(var) > 5 && strcEQn(var, "S_DN_", 5)) {
- xsname = X509_get_subject_name(xs);
- result = ssl_var_lookup_ssl_cert_dn(p, xsname, var+5);
- resdup = FALSE;
- }
- else if (strcEQ(var, "I_DN")) {
- xsname = X509_get_issuer_name(xs);
- cp = X509_NAME_oneline(xsname, NULL, 0);
- result = apr_pstrdup(p, cp);
- modssl_free(cp);
- resdup = FALSE;
- }
- else if (strlen(var) > 5 && strcEQn(var, "I_DN_", 5)) {
- xsname = X509_get_issuer_name(xs);
- result = ssl_var_lookup_ssl_cert_dn(p, xsname, var+5);
- resdup = FALSE;
- }
- else if (strcEQ(var, "A_SIG")) {
- nid = OBJ_obj2nid((ASN1_OBJECT *)X509_get_signature_algorithm(xs));
- result = apr_pstrdup(p,
- (nid == NID_undef) ? "UNKNOWN" : OBJ_nid2ln(nid));
- resdup = FALSE;
- }
- else if (strcEQ(var, "A_KEY")) {
- nid = OBJ_obj2nid((ASN1_OBJECT *)X509_get_key_algorithm(xs));
- result = apr_pstrdup(p,
- (nid == NID_undef) ? "UNKNOWN" : OBJ_nid2ln(nid));
- resdup = FALSE;
- }
- else if (strcEQ(var, "CERT")) {
- result = ssl_var_lookup_ssl_cert_PEM(p, xs);
- }
-
- if (result != NULL && resdup)
- result = apr_pstrdup(p, result);
- return result;
-}
-
-static const struct {
- char *name;
- int nid;
-} ssl_var_lookup_ssl_cert_dn_rec[] = {
- { "C", NID_countryName },
- { "ST", NID_stateOrProvinceName }, /* officially (RFC2156) */
- { "SP", NID_stateOrProvinceName }, /* compatibility (SSLeay) */
- { "L", NID_localityName },
- { "O", NID_organizationName },
- { "OU", NID_organizationalUnitName },
- { "CN", NID_commonName },
- { "T", NID_title },
- { "I", NID_initials },
- { "G", NID_givenName },
- { "S", NID_surname },
- { "D", NID_description },
-/* This has been removed in OpenSSL 0.9.8-dev. */
-#ifdef NID_uniqueIdentifier
- { "UID", NID_uniqueIdentifier },
-#endif
- { "Email", NID_pkcs9_emailAddress },
- { NULL, 0 }
-};
-
-static char *ssl_var_lookup_ssl_cert_dn(apr_pool_t *p, X509_NAME *xsname, char *var)
-{
- char *result;
- X509_NAME_ENTRY *xsne;
- int i, j, n;
- unsigned char *data_ptr;
- int data_len;
-
- result = NULL;
-
- for (i = 0; ssl_var_lookup_ssl_cert_dn_rec[i].name != NULL; i++) {
- if (strEQ(var, ssl_var_lookup_ssl_cert_dn_rec[i].name)) {
- for (j = 0; j < sk_X509_NAME_ENTRY_num((STACK_OF(X509_NAME_ENTRY) *)
- X509_NAME_get_entries(xsname));
- j++) {
- xsne = sk_X509_NAME_ENTRY_value((STACK_OF(X509_NAME_ENTRY) *)
- X509_NAME_get_entries(xsname), j);
-
- n =OBJ_obj2nid((ASN1_OBJECT *)X509_NAME_ENTRY_get_object(xsne));
- data_ptr = X509_NAME_ENTRY_get_data_ptr(xsne);
- data_len = X509_NAME_ENTRY_get_data_len(xsne);
-
- if (n == ssl_var_lookup_ssl_cert_dn_rec[i].nid) {
- result = apr_palloc(p, data_len+1);
- apr_cpystrn(result, (char *)data_ptr, data_len+1);
-#ifdef CHARSET_EBCDIC
- ascii2ebcdic(result, result, xsne->value->length);
-#endif /* CHARSET_EBCDIC */
- result[data_len] = NUL;
- break;
- }
- }
- break;
- }
- }
- return result;
-}
-
-static char *ssl_var_lookup_ssl_cert_valid(apr_pool_t *p, ASN1_UTCTIME *tm)
-{
- char *result;
- BIO* bio;
- int n;
-
- if ((bio = BIO_new(BIO_s_mem())) == NULL)
- return NULL;
- ASN1_UTCTIME_print(bio, tm);
- n = BIO_pending(bio);
- result = apr_pcalloc(p, n+1);
- n = BIO_read(bio, result, n);
- result[n] = NUL;
- BIO_free(bio);
- return result;
-}
-
-static char *ssl_var_lookup_ssl_cert_serial(apr_pool_t *p, X509 *xs)
-{
- char *result;
- BIO *bio;
- int n;
-
- if ((bio = BIO_new(BIO_s_mem())) == NULL)
- return NULL;
- i2a_ASN1_INTEGER(bio, X509_get_serialNumber(xs));
- n = BIO_pending(bio);
- result = apr_pcalloc(p, n+1);
- n = BIO_read(bio, result, n);
- result[n] = NUL;
- BIO_free(bio);
- return result;
-}
-
-static char *ssl_var_lookup_ssl_cert_chain(apr_pool_t *p, STACK_OF(X509) *sk, char *var)
-{
- char *result;
- X509 *xs;
- int n;
-
- result = NULL;
-
- if (strspn(var, "0123456789") == strlen(var)) {
- n = atoi(var);
- if (n < sk_X509_num(sk)) {
- xs = sk_X509_value(sk, n);
- result = ssl_var_lookup_ssl_cert_PEM(p, xs);
- }
- }
-
- return result;
-}
-
-static char *ssl_var_lookup_ssl_cert_PEM(apr_pool_t *p, X509 *xs)
-{
- char *result;
- BIO *bio;
- int n;
-
- if ((bio = BIO_new(BIO_s_mem())) == NULL)
- return NULL;
- PEM_write_bio_X509(bio, xs);
- n = BIO_pending(bio);
- result = apr_pcalloc(p, n+1);
- n = BIO_read(bio, result, n);
- result[n] = NUL;
- BIO_free(bio);
- return result;
-}
-
-static char *ssl_var_lookup_ssl_cert_verify(apr_pool_t *p, conn_rec *c)
-{
- SSLConnRec *sslconn = myConnConfig(c);
- char *result;
- long vrc;
- const char *verr;
- const char *vinfo;
- SSL *ssl;
- X509 *xs;
-
- result = NULL;
- ssl = sslconn->ssl;
- verr = sslconn->verify_error;
- vinfo = sslconn->verify_info;
- vrc = SSL_get_verify_result(ssl);
- xs = SSL_get_peer_certificate(ssl);
-
- if (vrc == X509_V_OK && verr == NULL && vinfo == NULL && xs == NULL)
- /* no client verification done at all */
- result = "NONE";
- else if (vrc == X509_V_OK && verr == NULL && vinfo == NULL && xs != NULL)
- /* client verification done successful */
- result = "SUCCESS";
- else if (vrc == X509_V_OK && vinfo != NULL && strEQ(vinfo, "GENEROUS"))
- /* client verification done in generous way */
- result = "GENEROUS";
- else
- /* client verification failed */
- result = apr_psprintf(p, "FAILED:%s", verr);
-
- if (xs)
- X509_free(xs);
- return result;
-}
-
-static char *ssl_var_lookup_ssl_cipher(apr_pool_t *p, conn_rec *c, char *var)
-{
- SSLConnRec *sslconn = myConnConfig(c);
- char *result;
- BOOL resdup;
- int usekeysize, algkeysize;
- SSL *ssl;
-
- result = NULL;
- resdup = TRUE;
-
- ssl = sslconn->ssl;
- ssl_var_lookup_ssl_cipher_bits(ssl, &usekeysize, &algkeysize);
-
- if (ssl && strEQ(var, "")) {
- SSL_CIPHER *cipher = SSL_get_current_cipher(ssl);
- result = (cipher != NULL ? (char *)SSL_CIPHER_get_name(cipher) : NULL);
- }
- else if (strcEQ(var, "_EXPORT"))
- result = (usekeysize < 56 ? "true" : "false");
- else if (strcEQ(var, "_USEKEYSIZE")) {
- result = apr_psprintf(p, "%d", usekeysize);
- resdup = FALSE;
- }
- else if (strcEQ(var, "_ALGKEYSIZE")) {
- result = apr_psprintf(p, "%d", algkeysize);
- resdup = FALSE;
- }
-
- if (result != NULL && resdup)
- result = apr_pstrdup(p, result);
- return result;
-}
-
-static void ssl_var_lookup_ssl_cipher_bits(SSL *ssl, int *usekeysize, int *algkeysize)
-{
- SSL_CIPHER *cipher;
-
- *usekeysize = 0;
- *algkeysize = 0;
- if (ssl != NULL)
- if ((cipher = SSL_get_current_cipher(ssl)) != NULL)
- *usekeysize = SSL_CIPHER_get_bits(cipher, algkeysize);
- return;
-}
-
-static char *ssl_var_lookup_ssl_version(apr_pool_t *pp, apr_pool_t *p, char *var)
-{
- static char interface[] = "mod_ssl/" MOD_SSL_VERSION;
- static char library_interface[] = SSL_LIBRARY_TEXT;
- static char *library = NULL;
- char *result;
-
- if (!library) {
- char *cp, *cp2;
- library = apr_pstrdup(pp, SSL_LIBRARY_DYNTEXT);
- if ((cp = strchr(library, ' ')) != NULL) {
- *cp = '/';
- if ((cp2 = strchr(cp, ' ')) != NULL)
- *cp2 = NUL;
- }
- if ((cp = strchr(library_interface, ' ')) != NULL) {
- *cp = '/';
- if ((cp2 = strchr(cp, ' ')) != NULL)
- *cp2 = NUL;
- }
- }
-
- if (strEQ(var, "INTERFACE")) {
- result = apr_pstrdup(p, interface);
- }
- else if (strEQ(var, "LIBRARY_INTERFACE")) {
- result = apr_pstrdup(p, library_interface);
- }
- else if (strEQ(var, "LIBRARY")) {
- result = apr_pstrdup(p, library);
- }
- else {
- result = NULL;
- }
- return result;
-}
-
-
-/* _________________________________________________________________
-**
-** SSL Extension to mod_log_config
-** _________________________________________________________________
-*/
-
-#include "../../modules/loggers/mod_log_config.h"
-
-static const char *ssl_var_log_handler_c(request_rec *r, char *a);
-static const char *ssl_var_log_handler_x(request_rec *r, char *a);
-
-/*
- * register us for the mod_log_config function registering phase
- * to establish %{...}c and to be able to expand %{...}x variables.
- */
-void ssl_var_log_config_register(apr_pool_t *p)
-{
- static APR_OPTIONAL_FN_TYPE(ap_register_log_handler) *log_pfn_register;
-
- log_pfn_register = APR_RETRIEVE_OPTIONAL_FN(ap_register_log_handler);
-
- if (log_pfn_register) {
- log_pfn_register(p, "c", ssl_var_log_handler_c, 0);
- log_pfn_register(p, "x", ssl_var_log_handler_x, 0);
- }
- return;
-}
-
-/*
- * implement the %{..}c log function
- * (we are the only function)
- */
-static const char *ssl_var_log_handler_c(request_rec *r, char *a)
-{
- SSLConnRec *sslconn = myConnConfig(r->connection);
- char *result;
-
- if (sslconn == NULL || sslconn->ssl == NULL)
- return NULL;
- result = NULL;
- if (strEQ(a, "version"))
- result = ssl_var_lookup(r->pool, r->server, r->connection, r, "SSL_PROTOCOL");
- else if (strEQ(a, "cipher"))
- result = ssl_var_lookup(r->pool, r->server, r->connection, r, "SSL_CIPHER");
- else if (strEQ(a, "subjectdn") || strEQ(a, "clientcert"))
- result = ssl_var_lookup(r->pool, r->server, r->connection, r, "SSL_CLIENT_S_DN");
- else if (strEQ(a, "issuerdn") || strEQ(a, "cacert"))
- result = ssl_var_lookup(r->pool, r->server, r->connection, r, "SSL_CLIENT_I_DN");
- else if (strEQ(a, "errcode"))
- result = "-";
- else if (strEQ(a, "errstr"))
- result = (char *)sslconn->verify_error;
- if (result != NULL && result[0] == NUL)
- result = NULL;
- return result;
-}
-
-/*
- * extend the implementation of the %{..}x log function
- * (there can be more functions)
- */
-static const char *ssl_var_log_handler_x(request_rec *r, char *a)
-{
- char *result;
-
- result = ssl_var_lookup(r->pool, r->server, r->connection, r, a);
- if (result != NULL && result[0] == NUL)
- result = NULL;
- return result;
-}
-
diff --git a/rubbos/app/httpd-2.0.64/modules/ssl/ssl_expr.c b/rubbos/app/httpd-2.0.64/modules/ssl/ssl_expr.c
deleted file mode 100644
index 19e3d757..00000000
--- a/rubbos/app/httpd-2.0.64/modules/ssl/ssl_expr.c
+++ /dev/null
@@ -1,82 +0,0 @@
-/* Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-/* _ _
- * _ __ ___ ___ __| | ___ ___| | mod_ssl
- * | '_ ` _ \ / _ \ / _` | / __/ __| | Apache Interface to OpenSSL
- * | | | | | | (_) | (_| | \__ \__ \ |
- * |_| |_| |_|\___/ \__,_|___|___/___/_|
- * |_____|
- * ssl_expr.c
- * Expression Handling
- */
- /* ``It is hard to fly with
- the eagles when you work
- with the turkeys.''
- -- Unknown */
-#include "mod_ssl.h"
-
-/* _________________________________________________________________
-**
-** Expression Handling
-** _________________________________________________________________
-*/
-
-ssl_expr_info_type ssl_expr_info;
-char *ssl_expr_error;
-
-ssl_expr *ssl_expr_comp(apr_pool_t *p, char *expr)
-{
- ssl_expr_info.pool = p;
- ssl_expr_info.inputbuf = expr;
- ssl_expr_info.inputlen = strlen(expr);
- ssl_expr_info.inputptr = ssl_expr_info.inputbuf;
- ssl_expr_info.expr = FALSE;
-
- ssl_expr_error = NULL;
- if (ssl_expr_yyparse())
- return NULL;
- return ssl_expr_info.expr;
-}
-
-char *ssl_expr_get_error(void)
-{
- if (ssl_expr_error == NULL)
- return "";
- return ssl_expr_error;
-}
-
-ssl_expr *ssl_expr_make(ssl_expr_node_op op, void *a1, void *a2)
-{
- ssl_expr *node;
-
- node = (ssl_expr *)apr_palloc(ssl_expr_info.pool, sizeof(ssl_expr));
- node->node_op = op;
- node->node_arg1 = (char *)a1;
- node->node_arg2 = (char *)a2;
- return node;
-}
-
-int ssl_expr_exec(request_rec *r, ssl_expr *expr)
-{
- BOOL rc;
-
- rc = ssl_expr_eval(r, expr);
- if (ssl_expr_error != NULL)
- return (-1);
- else
- return (rc ? 1 : 0);
-}
diff --git a/rubbos/app/httpd-2.0.64/modules/ssl/ssl_expr.h b/rubbos/app/httpd-2.0.64/modules/ssl/ssl_expr.h
deleted file mode 100644
index 20b9fbdb..00000000
--- a/rubbos/app/httpd-2.0.64/modules/ssl/ssl_expr.h
+++ /dev/null
@@ -1,104 +0,0 @@
-/* Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-/* _ _
- * _ __ ___ ___ __| | ___ ___| | mod_ssl
- * | '_ ` _ \ / _ \ / _` | / __/ __| | Apache Interface to OpenSSL
- * | | | | | | (_) | (_| | \__ \__ \ |
- * |_| |_| |_|\___/ \__,_|___|___/___/_|
- * |_____|
- * ssl_expr.h
- * Expression Handling (Header)
- */
- /* ``May all your PUSHes be POPed.'' */
-
-#ifndef __SSL_EXPR_H__
-#define __SSL_EXPR_H__
-
-#ifndef FALSE
-#define FALSE 0
-#endif
-
-#ifndef TRUE
-#define TRUE !FALSE
-#endif
-
-#ifndef YY_NULL
-#define YY_NULL 0
-#endif
-
-#ifndef MIN
-#define MIN(a,b) (((a)<(b))?(a):(b))
-#endif
-
-#ifndef BOOL
-#define BOOL unsigned int
-#endif
-
-#ifndef NULL
-#define NULL (void *)0
-#endif
-
-#ifndef NUL
-#define NUL '\0'
-#endif
-
-#ifndef YYDEBUG
-#define YYDEBUG 0
-#endif
-
-typedef enum {
- op_NOP, op_ListElement,
- op_True, op_False, op_Not, op_Or, op_And, op_Comp,
- op_EQ, op_NE, op_LT, op_LE, op_GT, op_GE, op_IN, op_REG, op_NRE,
- op_Digit, op_String, op_Regex, op_Var, op_Func
-} ssl_expr_node_op;
-
-typedef struct {
- ssl_expr_node_op node_op;
- void *node_arg1;
- void *node_arg2;
- apr_pool_t *p;
-} ssl_expr_node;
-
-typedef ssl_expr_node ssl_expr;
-
-typedef struct {
- apr_pool_t *pool;
- char *inputbuf;
- int inputlen;
- char *inputptr;
- ssl_expr *expr;
-} ssl_expr_info_type;
-
-extern ssl_expr_info_type ssl_expr_info;
-extern char *ssl_expr_error;
-
-#define yylval ssl_expr_yylval
-#define yyerror ssl_expr_yyerror
-#define yyinput ssl_expr_yyinput
-
-extern int ssl_expr_yyparse(void);
-extern int ssl_expr_yyerror(char *);
-extern int ssl_expr_yylex(void);
-
-extern ssl_expr *ssl_expr_comp(apr_pool_t *, char *);
-extern int ssl_expr_exec(request_rec *, ssl_expr *);
-extern char *ssl_expr_get_error(void);
-extern ssl_expr *ssl_expr_make(ssl_expr_node_op, void *, void *);
-extern BOOL ssl_expr_eval(request_rec *, ssl_expr *);
-
-#endif /* __SSL_EXPR_H__ */
diff --git a/rubbos/app/httpd-2.0.64/modules/ssl/ssl_expr_eval.c b/rubbos/app/httpd-2.0.64/modules/ssl/ssl_expr_eval.c
deleted file mode 100644
index 30adeefc..00000000
--- a/rubbos/app/httpd-2.0.64/modules/ssl/ssl_expr_eval.c
+++ /dev/null
@@ -1,254 +0,0 @@
-/* Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-/* _ _
- * _ __ ___ ___ __| | ___ ___| | mod_ssl
- * | '_ ` _ \ / _ \ / _` | / __/ __| | Apache Interface to OpenSSL
- * | | | | | | (_) | (_| | \__ \__ \ |
- * |_| |_| |_|\___/ \__,_|___|___/___/_|
- * |_____|
- * ssl_expr_eval.c
- * Expression Evaluation
- */
- /* ``Make love,
- not software!''
- -- Unknown */
-#include "mod_ssl.h"
-
-/* _________________________________________________________________
-**
-** Expression Evaluation
-** _________________________________________________________________
-*/
-
-static BOOL ssl_expr_eval_comp(request_rec *, ssl_expr *);
-static char *ssl_expr_eval_word(request_rec *, ssl_expr *);
-static char *ssl_expr_eval_func_file(request_rec *, char *);
-static int ssl_expr_eval_strcmplex(char *, char *);
-
-BOOL ssl_expr_eval(request_rec *r, ssl_expr *node)
-{
- switch (node->node_op) {
- case op_True: {
- return TRUE;
- }
- case op_False: {
- return FALSE;
- }
- case op_Not: {
- ssl_expr *e = (ssl_expr *)node->node_arg1;
- return (!ssl_expr_eval(r, e));
- }
- case op_Or: {
- ssl_expr *e1 = (ssl_expr *)node->node_arg1;
- ssl_expr *e2 = (ssl_expr *)node->node_arg2;
- return (ssl_expr_eval(r, e1) || ssl_expr_eval(r, e2));
- }
- case op_And: {
- ssl_expr *e1 = (ssl_expr *)node->node_arg1;
- ssl_expr *e2 = (ssl_expr *)node->node_arg2;
- return (ssl_expr_eval(r, e1) && ssl_expr_eval(r, e2));
- }
- case op_Comp: {
- ssl_expr *e = (ssl_expr *)node->node_arg1;
- return ssl_expr_eval_comp(r, e);
- }
- default: {
- ssl_expr_error = "Internal evaluation error: Unknown expression node";
- return FALSE;
- }
- }
-}
-
-static BOOL ssl_expr_eval_comp(request_rec *r, ssl_expr *node)
-{
- switch (node->node_op) {
- case op_EQ: {
- ssl_expr *e1 = (ssl_expr *)node->node_arg1;
- ssl_expr *e2 = (ssl_expr *)node->node_arg2;
- return (strcmp(ssl_expr_eval_word(r, e1), ssl_expr_eval_word(r, e2)) == 0);
- }
- case op_NE: {
- ssl_expr *e1 = (ssl_expr *)node->node_arg1;
- ssl_expr *e2 = (ssl_expr *)node->node_arg2;
- return (strcmp(ssl_expr_eval_word(r, e1), ssl_expr_eval_word(r, e2)) != 0);
- }
- case op_LT: {
- ssl_expr *e1 = (ssl_expr *)node->node_arg1;
- ssl_expr *e2 = (ssl_expr *)node->node_arg2;
- return (ssl_expr_eval_strcmplex(ssl_expr_eval_word(r, e1), ssl_expr_eval_word(r, e2)) < 0);
- }
- case op_LE: {
- ssl_expr *e1 = (ssl_expr *)node->node_arg1;
- ssl_expr *e2 = (ssl_expr *)node->node_arg2;
- return (ssl_expr_eval_strcmplex(ssl_expr_eval_word(r, e1), ssl_expr_eval_word(r, e2)) <= 0);
- }
- case op_GT: {
- ssl_expr *e1 = (ssl_expr *)node->node_arg1;
- ssl_expr *e2 = (ssl_expr *)node->node_arg2;
- return (ssl_expr_eval_strcmplex(ssl_expr_eval_word(r, e1), ssl_expr_eval_word(r, e2)) > 0);
- }
- case op_GE: {
- ssl_expr *e1 = (ssl_expr *)node->node_arg1;
- ssl_expr *e2 = (ssl_expr *)node->node_arg2;
- return (ssl_expr_eval_strcmplex(ssl_expr_eval_word(r, e1), ssl_expr_eval_word(r, e2)) >= 0);
- }
- case op_IN: {
- ssl_expr *e1 = (ssl_expr *)node->node_arg1;
- ssl_expr *e2 = (ssl_expr *)node->node_arg2;
- ssl_expr *e3;
- char *w1 = ssl_expr_eval_word(r, e1);
- BOOL found = FALSE;
- do {
- e3 = (ssl_expr *)e2->node_arg1;
- e2 = (ssl_expr *)e2->node_arg2;
- if (strcmp(w1, ssl_expr_eval_word(r, e3)) == 0) {
- found = TRUE;
- break;
- }
- } while (e2 != NULL);
- return found;
- }
- case op_REG: {
- ssl_expr *e1;
- ssl_expr *e2;
- char *word;
- regex_t *regex;
-
- e1 = (ssl_expr *)node->node_arg1;
- e2 = (ssl_expr *)node->node_arg2;
- word = ssl_expr_eval_word(r, e1);
- regex = (regex_t *)(e2->node_arg1);
- return (ap_regexec(regex, word, 0, NULL, 0) == 0);
- }
- case op_NRE: {
- ssl_expr *e1;
- ssl_expr *e2;
- char *word;
- regex_t *regex;
-
- e1 = (ssl_expr *)node->node_arg1;
- e2 = (ssl_expr *)node->node_arg2;
- word = ssl_expr_eval_word(r, e1);
- regex = (regex_t *)(e2->node_arg1);
- return !(ap_regexec(regex, word, 0, NULL, 0) == 0);
- }
- default: {
- ssl_expr_error = "Internal evaluation error: Unknown expression node";
- return FALSE;
- }
- }
-}
-
-static char *ssl_expr_eval_word(request_rec *r, ssl_expr *node)
-{
- switch (node->node_op) {
- case op_Digit: {
- char *string = (char *)node->node_arg1;
- return string;
- }
- case op_String: {
- char *string = (char *)node->node_arg1;
- return string;
- }
- case op_Var: {
- char *var = (char *)node->node_arg1;
- char *val = ssl_var_lookup(r->pool, r->server, r->connection, r, var);
- return (val == NULL ? "" : val);
- }
- case op_Func: {
- char *name = (char *)node->node_arg1;
- ssl_expr *args = (ssl_expr *)node->node_arg2;
- if (strEQ(name, "file"))
- return ssl_expr_eval_func_file(r, (char *)(args->node_arg1));
- else {
- ssl_expr_error = "Internal evaluation error: Unknown function name";
- return "";
- }
- }
- default: {
- ssl_expr_error = "Internal evaluation error: Unknown expression node";
- return FALSE;
- }
- }
-}
-
-static char *ssl_expr_eval_func_file(request_rec *r, char *filename)
-{
- apr_file_t *fp;
- char *buf;
- apr_off_t offset;
- apr_size_t len;
- apr_finfo_t finfo;
-
- if (apr_file_open(&fp, filename, APR_READ|APR_BUFFERED,
- APR_OS_DEFAULT, r->pool) != APR_SUCCESS) {
- ssl_expr_error = "Cannot open file";
- return "";
- }
- apr_file_info_get(&finfo, APR_FINFO_SIZE, fp);
- if ((finfo.size + 1) != ((apr_size_t)finfo.size + 1)) {
- ssl_expr_error = "Huge file cannot be read";
- apr_file_close(fp);
- return "";
- }
- len = (apr_size_t)finfo.size;
- if (len == 0) {
- buf = (char *)apr_palloc(r->pool, sizeof(char) * 1);
- *buf = NUL;
- }
- else {
- if ((buf = (char *)apr_palloc(r->pool, sizeof(char)*(len+1))) == NULL) {
- ssl_expr_error = "Cannot allocate memory";
- apr_file_close(fp);
- return "";
- }
- offset = 0;
- apr_file_seek(fp, APR_SET, &offset);
- if (apr_file_read(fp, buf, &len) != APR_SUCCESS) {
- ssl_expr_error = "Cannot read from file";
- apr_file_close(fp);
- return "";
- }
- buf[len] = NUL;
- }
- apr_file_close(fp);
- return buf;
-}
-
-/* a variant of strcmp(3) which works correctly also for number strings */
-static int ssl_expr_eval_strcmplex(char *cpNum1, char *cpNum2)
-{
- int i, n1, n2;
-
- if (cpNum1 == NULL)
- return -1;
- if (cpNum2 == NULL)
- return +1;
- n1 = strlen(cpNum1);
- n2 = strlen(cpNum2);
- if (n1 > n2)
- return 1;
- if (n1 < n2)
- return -1;
- for (i = 0; i < n1; i++) {
- if (cpNum1[i] > cpNum2[i])
- return 1;
- if (cpNum1[i] < cpNum2[i])
- return -1;
- }
- return 0;
-}
diff --git a/rubbos/app/httpd-2.0.64/modules/ssl/ssl_expr_parse.c b/rubbos/app/httpd-2.0.64/modules/ssl/ssl_expr_parse.c
deleted file mode 100644
index 6f3f990e..00000000
--- a/rubbos/app/httpd-2.0.64/modules/ssl/ssl_expr_parse.c
+++ /dev/null
@@ -1,1081 +0,0 @@
-
-/* A Bison parser, made from ssl_expr_parse.y
- by GNU Bison version 1.28 */
-
-#define YYBISON 1 /* Identify Bison output. */
-
-#define T_TRUE 257
-#define T_FALSE 258
-#define T_DIGIT 259
-#define T_ID 260
-#define T_STRING 261
-#define T_REGEX 262
-#define T_REGEX_I 263
-#define T_FUNC_FILE 264
-#define T_OP_EQ 265
-#define T_OP_NE 266
-#define T_OP_LT 267
-#define T_OP_LE 268
-#define T_OP_GT 269
-#define T_OP_GE 270
-#define T_OP_REG 271
-#define T_OP_NRE 272
-#define T_OP_IN 273
-#define T_OP_OR 274
-#define T_OP_AND 275
-#define T_OP_NOT 276
-
-#line 68 "ssl_expr_parse.y"
-
-#include "mod_ssl.h"
-
-#line 72 "ssl_expr_parse.y"
-typedef union {
- char *cpVal;
- ssl_expr *exVal;
-} YYSTYPE;
-#include <stdio.h>
-
-#ifndef __cplusplus
-#ifndef __STDC__
-#define const
-#endif
-#endif
-
-
-
-#define YYFINAL 53
-#define YYFLAG -32768
-#define YYNTBASE 29
-
-#define YYTRANSLATE(x) ((unsigned)(x) <= 276 ? ssl_expr_yytranslate[x] : 36)
-
-static const char ssl_expr_yytranslate[] = { 0,
- 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
- 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
- 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
- 2, 2, 2, 2, 2, 2, 28, 2, 2, 23,
- 24, 2, 2, 27, 2, 2, 2, 2, 2, 2,
- 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
- 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
- 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
- 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
- 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
- 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
- 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
- 2, 2, 25, 2, 26, 2, 2, 2, 2, 2,
- 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
- 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
- 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
- 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
- 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
- 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
- 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
- 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
- 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
- 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
- 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
- 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
- 2, 2, 2, 2, 2, 1, 3, 4, 5, 6,
- 7, 8, 9, 10, 11, 12, 13, 14, 15, 16,
- 17, 18, 19, 20, 21, 22
-};
-
-#if YYDEBUG != 0
-static const short ssl_expr_yyprhs[] = { 0,
- 0, 2, 4, 6, 9, 13, 17, 19, 23, 27,
- 31, 35, 39, 43, 47, 53, 57, 61, 63, 67,
- 69, 71, 76, 78, 80, 82
-};
-
-static const short ssl_expr_yyrhs[] = { 30,
- 0, 3, 0, 4, 0, 22, 30, 0, 30, 20,
- 30, 0, 30, 21, 30, 0, 31, 0, 23, 30,
- 24, 0, 33, 11, 33, 0, 33, 12, 33, 0,
- 33, 13, 33, 0, 33, 14, 33, 0, 33, 15,
- 33, 0, 33, 16, 33, 0, 33, 19, 25, 32,
- 26, 0, 33, 17, 34, 0, 33, 18, 34, 0,
- 33, 0, 32, 27, 33, 0, 5, 0, 7, 0,
- 28, 25, 6, 26, 0, 35, 0, 8, 0, 9,
- 0, 10, 23, 7, 24, 0
-};
-
-#endif
-
-#if YYDEBUG != 0
-static const short ssl_expr_yyrline[] = { 0,
- 115, 118, 119, 120, 121, 122, 123, 124, 127, 128,
- 129, 130, 131, 132, 133, 134, 135, 138, 139, 142,
- 143, 144, 145, 148, 158, 170
-};
-#endif
-
-
-#if YYDEBUG != 0 || defined (YYERROR_VERBOSE)
-
-static const char * const ssl_expr_yytname[] = { "$","error","$undefined.","T_TRUE",
-"T_FALSE","T_DIGIT","T_ID","T_STRING","T_REGEX","T_REGEX_I","T_FUNC_FILE","T_OP_EQ",
-"T_OP_NE","T_OP_LT","T_OP_LE","T_OP_GT","T_OP_GE","T_OP_REG","T_OP_NRE","T_OP_IN",
-"T_OP_OR","T_OP_AND","T_OP_NOT","'('","')'","'{'","'}'","','","'%'","root","expr",
-"comparison","words","word","regex","funccall", NULL
-};
-#endif
-
-static const short ssl_expr_yyr1[] = { 0,
- 29, 30, 30, 30, 30, 30, 30, 30, 31, 31,
- 31, 31, 31, 31, 31, 31, 31, 32, 32, 33,
- 33, 33, 33, 34, 34, 35
-};
-
-static const short ssl_expr_yyr2[] = { 0,
- 1, 1, 1, 2, 3, 3, 1, 3, 3, 3,
- 3, 3, 3, 3, 5, 3, 3, 1, 3, 1,
- 1, 4, 1, 1, 1, 4
-};
-
-static const short ssl_expr_yydefact[] = { 0,
- 2, 3, 20, 21, 0, 0, 0, 0, 1, 7,
- 0, 23, 0, 4, 0, 0, 0, 0, 0, 0,
- 0, 0, 0, 0, 0, 0, 0, 0, 8, 0,
- 5, 6, 9, 10, 11, 12, 13, 14, 24, 25,
- 16, 17, 0, 26, 22, 0, 18, 15, 0, 19,
- 0, 0, 0
-};
-
-static const short ssl_expr_yydefgoto[] = { 51,
- 9, 10, 46, 11, 41, 12
-};
-
-static const short ssl_expr_yypact[] = { 3,
--32768,-32768,-32768,-32768, -11, 3, 3, -10, 0,-32768,
- 22,-32768, 16,-32768, -2, 23, 3, 3, 4, 4,
- 4, 4, 4, 4, 34, 34, 21, 24,-32768, 25,
- 26,-32768,-32768,-32768,-32768,-32768,-32768,-32768,-32768,-32768,
--32768,-32768, 4,-32768,-32768, 18,-32768,-32768, 4,-32768,
- 49, 50,-32768
-};
-
-static const short ssl_expr_yypgoto[] = {-32768,
- 10,-32768,-32768, -19, 27,-32768
-};
-
-
-#define YYLAST 53
-
-
-static const short ssl_expr_yytable[] = { 33,
- 34, 35, 36, 37, 38, 1, 2, 3, 3, 4,
- 4, 13, 5, 5, 16, 14, 15, 17, 18, 17,
- 18, 29, 28, 47, 6, 7, 31, 32, 30, 50,
- 8, 8, 19, 20, 21, 22, 23, 24, 25, 26,
- 27, 39, 40, 48, 49, 43, 18, 44, 52, 53,
- 45, 0, 42
-};
-
-static const short ssl_expr_yycheck[] = { 19,
- 20, 21, 22, 23, 24, 3, 4, 5, 5, 7,
- 7, 23, 10, 10, 25, 6, 7, 20, 21, 20,
- 21, 24, 7, 43, 22, 23, 17, 18, 6, 49,
- 28, 28, 11, 12, 13, 14, 15, 16, 17, 18,
- 19, 8, 9, 26, 27, 25, 21, 24, 0, 0,
- 26, -1, 26
-};
-/* -*-C-*- Note some compilers choke on comments on `#line' lines. */
-#line 3 "/usr/local/share/bison.simple"
-/* This file comes from bison-1.28. */
-
-/* Skeleton output parser for bison,
- Copyright (C) 1984, 1989, 1990 Free Software Foundation, Inc.
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2, or (at your option)
- any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 59 Temple Place - Suite 330,
- Boston, MA 02111-1307, USA. */
-
-/* As a special exception, when this file is copied by Bison into a
- Bison output file, you may use that output file without restriction.
- This special exception was added by the Free Software Foundation
- in version 1.24 of Bison. */
-
-/* This is the parser code that is written into each bison parser
- when the %semantic_parser declaration is not specified in the grammar.
- It was written by Richard Stallman by simplifying the hairy parser
- used when %semantic_parser is specified. */
-
-#ifndef YYSTACK_USE_ALLOCA
-#ifdef alloca
-#define YYSTACK_USE_ALLOCA
-#else /* alloca not defined */
-#ifdef __GNUC__
-#define YYSTACK_USE_ALLOCA
-#define alloca __builtin_alloca
-#else /* not GNU C. */
-#if (!defined (__STDC__) && defined (sparc)) || defined (__sparc__) || defined (__sparc) || defined (__sgi) || (defined (__sun) && defined (__i386))
-#define YYSTACK_USE_ALLOCA
-#include <alloca.h>
-#else /* not sparc */
-/* We think this test detects Watcom and Microsoft C. */
-/* This used to test MSDOS, but that is a bad idea
- since that symbol is in the user namespace. */
-#if (defined (_MSDOS) || defined (_MSDOS_)) && !defined (__TURBOC__)
-#if 0 /* No need for malloc.h, which pollutes the namespace;
- instead, just don't use alloca. */
-#include <malloc.h>
-#endif
-#else /* not MSDOS, or __TURBOC__ */
-#if defined(_AIX)
-/* I don't know what this was needed for, but it pollutes the namespace.
- So I turned it off. rms, 2 May 1997. */
-/* #include <malloc.h> */
-#pragma alloca
-#define YYSTACK_USE_ALLOCA
-#else /* not MSDOS, or __TURBOC__, or _AIX */
-#if 0
-#ifdef __hpux /* haible@ilog.fr says this works for HPUX 9.05 and up,
- and on HPUX 10. Eventually we can turn this on. */
-#define YYSTACK_USE_ALLOCA
-#define alloca __builtin_alloca
-#endif /* __hpux */
-#endif
-#endif /* not _AIX */
-#endif /* not MSDOS, or __TURBOC__ */
-#endif /* not sparc */
-#endif /* not GNU C */
-#endif /* alloca not defined */
-#endif /* YYSTACK_USE_ALLOCA not defined */
-
-#ifdef YYSTACK_USE_ALLOCA
-#define YYSTACK_ALLOC alloca
-#else
-#define YYSTACK_ALLOC malloc
-#endif
-
-/* Note: there must be only one dollar sign in this file.
- It is replaced by the list of actions, each action
- as one case of the switch. */
-
-#define ssl_expr_yyerrok (ssl_expr_yyerrstatus = 0)
-#define ssl_expr_yyclearin (ssl_expr_yychar = YYEMPTY)
-#define YYEMPTY -2
-#define YYEOF 0
-#define YYACCEPT goto ssl_expr_yyacceptlab
-#define YYABORT goto ssl_expr_yyabortlab
-#define YYERROR goto ssl_expr_yyerrlab1
-/* Like YYERROR except do call ssl_expr_yyerror.
- This remains here temporarily to ease the
- transition to the new meaning of YYERROR, for GCC.
- Once GCC version 2 has supplanted version 1, this can go. */
-#define YYFAIL goto ssl_expr_yyerrlab
-#define YYRECOVERING() (!!ssl_expr_yyerrstatus)
-#define YYBACKUP(token, value) \
-do \
- if (ssl_expr_yychar == YYEMPTY && ssl_expr_yylen == 1) \
- { ssl_expr_yychar = (token), ssl_expr_yylval = (value); \
- ssl_expr_yychar1 = YYTRANSLATE (ssl_expr_yychar); \
- YYPOPSTACK; \
- goto ssl_expr_yybackup; \
- } \
- else \
- { ssl_expr_yyerror ("syntax error: cannot back up"); YYERROR; } \
-while (0)
-
-#define YYTERROR 1
-#define YYERRCODE 256
-
-#ifndef YYPURE
-#define YYLEX ssl_expr_yylex()
-#endif
-
-#ifdef YYPURE
-#ifdef YYLSP_NEEDED
-#ifdef YYLEX_PARAM
-#define YYLEX ssl_expr_yylex(&ssl_expr_yylval, &ssl_expr_yylloc, YYLEX_PARAM)
-#else
-#define YYLEX ssl_expr_yylex(&ssl_expr_yylval, &ssl_expr_yylloc)
-#endif
-#else /* not YYLSP_NEEDED */
-#ifdef YYLEX_PARAM
-#define YYLEX ssl_expr_yylex(&ssl_expr_yylval, YYLEX_PARAM)
-#else
-#define YYLEX ssl_expr_yylex(&ssl_expr_yylval)
-#endif
-#endif /* not YYLSP_NEEDED */
-#endif
-
-/* If nonreentrant, generate the variables here */
-
-#ifndef YYPURE
-
-int ssl_expr_yychar; /* the lookahead symbol */
-YYSTYPE ssl_expr_yylval; /* the semantic value of the */
- /* lookahead symbol */
-
-#ifdef YYLSP_NEEDED
-YYLTYPE ssl_expr_yylloc; /* location data for the lookahead */
- /* symbol */
-#endif
-
-int ssl_expr_yynerrs; /* number of parse errors so far */
-#endif /* not YYPURE */
-
-#if YYDEBUG != 0
-int ssl_expr_yydebug; /* nonzero means print parse trace */
-/* Since this is uninitialized, it does not stop multiple parsers
- from coexisting. */
-#endif
-
-/* YYINITDEPTH indicates the initial size of the parser's stacks */
-
-#ifndef YYINITDEPTH
-#define YYINITDEPTH 200
-#endif
-
-/* YYMAXDEPTH is the maximum size the stacks can grow to
- (effective only if the built-in stack extension method is used). */
-
-#if YYMAXDEPTH == 0
-#undef YYMAXDEPTH
-#endif
-
-#ifndef YYMAXDEPTH
-#define YYMAXDEPTH 10000
-#endif
-
-/* Define __ssl_expr_yy_memcpy. Note that the size argument
- should be passed with type unsigned int, because that is what the non-GCC
- definitions require. With GCC, __builtin_memcpy takes an arg
- of type size_t, but it can handle unsigned int. */
-
-#if __GNUC__ > 1 /* GNU C and GNU C++ define this. */
-#define __ssl_expr_yy_memcpy(TO,FROM,COUNT) __builtin_memcpy(TO,FROM,COUNT)
-#else /* not GNU C or C++ */
-#ifndef __cplusplus
-
-/* This is the most reliable way to avoid incompatibilities
- in available built-in functions on various systems. */
-static void
-__ssl_expr_yy_memcpy (to, from, count)
- char *to;
- char *from;
- unsigned int count;
-{
- register char *f = from;
- register char *t = to;
- register int i = count;
-
- while (i-- > 0)
- *t++ = *f++;
-}
-
-#else /* __cplusplus */
-
-/* This is the most reliable way to avoid incompatibilities
- in available built-in functions on various systems. */
-static void
-__ssl_expr_yy_memcpy (char *to, char *from, unsigned int count)
-{
- register char *t = to;
- register char *f = from;
- register int i = count;
-
- while (i-- > 0)
- *t++ = *f++;
-}
-
-#endif
-#endif
-
-#line 217 "/usr/local/share/bison.simple"
-
-/* The user can define YYPARSE_PARAM as the name of an argument to be passed
- into ssl_expr_yyparse. The argument should have type void *.
- It should actually point to an object.
- Grammar actions can access the variable by casting it
- to the proper pointer type. */
-
-#ifdef YYPARSE_PARAM
-#ifdef __cplusplus
-#define YYPARSE_PARAM_ARG void *YYPARSE_PARAM
-#define YYPARSE_PARAM_DECL
-#else /* not __cplusplus */
-#define YYPARSE_PARAM_ARG YYPARSE_PARAM
-#define YYPARSE_PARAM_DECL void *YYPARSE_PARAM;
-#endif /* not __cplusplus */
-#else /* not YYPARSE_PARAM */
-#define YYPARSE_PARAM_ARG
-#define YYPARSE_PARAM_DECL
-#endif /* not YYPARSE_PARAM */
-
-/* Prevent warning if -Wstrict-prototypes. */
-#ifdef __GNUC__
-#ifdef YYPARSE_PARAM
-int ssl_expr_yyparse (void *);
-#else
-int ssl_expr_yyparse (void);
-#endif
-#endif
-
-int
-ssl_expr_yyparse(YYPARSE_PARAM_ARG)
- YYPARSE_PARAM_DECL
-{
- register int ssl_expr_yystate;
- register int ssl_expr_yyn;
- register short *ssl_expr_yyssp;
- register YYSTYPE *ssl_expr_yyvsp;
- int ssl_expr_yyerrstatus; /* number of tokens to shift before error messages enabled */
- int ssl_expr_yychar1 = 0; /* lookahead token as an internal (translated) token number */
-
- short ssl_expr_yyssa[YYINITDEPTH]; /* the state stack */
- YYSTYPE ssl_expr_yyvsa[YYINITDEPTH]; /* the semantic value stack */
-
- short *ssl_expr_yyss = ssl_expr_yyssa; /* refer to the stacks thru separate pointers */
- YYSTYPE *ssl_expr_yyvs = ssl_expr_yyvsa; /* to allow ssl_expr_yyoverflow to reallocate them elsewhere */
-
-#ifdef YYLSP_NEEDED
- YYLTYPE ssl_expr_yylsa[YYINITDEPTH]; /* the location stack */
- YYLTYPE *ssl_expr_yyls = ssl_expr_yylsa;
- YYLTYPE *ssl_expr_yylsp;
-
-#define YYPOPSTACK (ssl_expr_yyvsp--, ssl_expr_yyssp--, ssl_expr_yylsp--)
-#else
-#define YYPOPSTACK (ssl_expr_yyvsp--, ssl_expr_yyssp--)
-#endif
-
- int ssl_expr_yystacksize = YYINITDEPTH;
- int ssl_expr_yyfree_stacks = 0;
-
-#ifdef YYPURE
- int ssl_expr_yychar;
- YYSTYPE ssl_expr_yylval;
- int ssl_expr_yynerrs;
-#ifdef YYLSP_NEEDED
- YYLTYPE ssl_expr_yylloc;
-#endif
-#endif
-
- YYSTYPE ssl_expr_yyval; /* the variable used to return */
- /* semantic values from the action */
- /* routines */
-
- int ssl_expr_yylen;
-
-#if YYDEBUG != 0
- if (ssl_expr_yydebug)
- fprintf(stderr, "Starting parse\n");
-#endif
-
- ssl_expr_yystate = 0;
- ssl_expr_yyerrstatus = 0;
- ssl_expr_yynerrs = 0;
- ssl_expr_yychar = YYEMPTY; /* Cause a token to be read. */
-
- /* Initialize stack pointers.
- Waste one element of value and location stack
- so that they stay on the same level as the state stack.
- The wasted elements are never initialized. */
-
- ssl_expr_yyssp = ssl_expr_yyss - 1;
- ssl_expr_yyvsp = ssl_expr_yyvs;
-#ifdef YYLSP_NEEDED
- ssl_expr_yylsp = ssl_expr_yyls;
-#endif
-
-/* Push a new state, which is found in ssl_expr_yystate . */
-/* In all cases, when you get here, the value and location stacks
- have just been pushed. so pushing a state here evens the stacks. */
-ssl_expr_yynewstate:
-
- *++ssl_expr_yyssp = ssl_expr_yystate;
-
- if (ssl_expr_yyssp >= ssl_expr_yyss + ssl_expr_yystacksize - 1)
- {
- /* Give user a chance to reallocate the stack */
- /* Use copies of these so that the &'s don't force the real ones into memory. */
- YYSTYPE *ssl_expr_yyvs1 = ssl_expr_yyvs;
- short *ssl_expr_yyss1 = ssl_expr_yyss;
-#ifdef YYLSP_NEEDED
- YYLTYPE *ssl_expr_yyls1 = ssl_expr_yyls;
-#endif
-
- /* Get the current used size of the three stacks, in elements. */
- int size = ssl_expr_yyssp - ssl_expr_yyss + 1;
-
-#ifdef ssl_expr_yyoverflow
- /* Each stack pointer address is followed by the size of
- the data in use in that stack, in bytes. */
-#ifdef YYLSP_NEEDED
- /* This used to be a conditional around just the two extra args,
- but that might be undefined if ssl_expr_yyoverflow is a macro. */
- ssl_expr_yyoverflow("parser stack overflow",
- &ssl_expr_yyss1, size * sizeof (*ssl_expr_yyssp),
- &ssl_expr_yyvs1, size * sizeof (*ssl_expr_yyvsp),
- &ssl_expr_yyls1, size * sizeof (*ssl_expr_yylsp),
- &ssl_expr_yystacksize);
-#else
- ssl_expr_yyoverflow("parser stack overflow",
- &ssl_expr_yyss1, size * sizeof (*ssl_expr_yyssp),
- &ssl_expr_yyvs1, size * sizeof (*ssl_expr_yyvsp),
- &ssl_expr_yystacksize);
-#endif
-
- ssl_expr_yyss = ssl_expr_yyss1; ssl_expr_yyvs = ssl_expr_yyvs1;
-#ifdef YYLSP_NEEDED
- ssl_expr_yyls = ssl_expr_yyls1;
-#endif
-#else /* no ssl_expr_yyoverflow */
- /* Extend the stack our own way. */
- if (ssl_expr_yystacksize >= YYMAXDEPTH)
- {
- ssl_expr_yyerror("parser stack overflow");
- if (ssl_expr_yyfree_stacks)
- {
- free (ssl_expr_yyss);
- free (ssl_expr_yyvs);
-#ifdef YYLSP_NEEDED
- free (ssl_expr_yyls);
-#endif
- }
- return 2;
- }
- ssl_expr_yystacksize *= 2;
- if (ssl_expr_yystacksize > YYMAXDEPTH)
- ssl_expr_yystacksize = YYMAXDEPTH;
-#ifndef YYSTACK_USE_ALLOCA
- ssl_expr_yyfree_stacks = 1;
-#endif
- ssl_expr_yyss = (short *) YYSTACK_ALLOC (ssl_expr_yystacksize * sizeof (*ssl_expr_yyssp));
- __ssl_expr_yy_memcpy ((char *)ssl_expr_yyss, (char *)ssl_expr_yyss1,
- size * (unsigned int) sizeof (*ssl_expr_yyssp));
- ssl_expr_yyvs = (YYSTYPE *) YYSTACK_ALLOC (ssl_expr_yystacksize * sizeof (*ssl_expr_yyvsp));
- __ssl_expr_yy_memcpy ((char *)ssl_expr_yyvs, (char *)ssl_expr_yyvs1,
- size * (unsigned int) sizeof (*ssl_expr_yyvsp));
-#ifdef YYLSP_NEEDED
- ssl_expr_yyls = (YYLTYPE *) YYSTACK_ALLOC (ssl_expr_yystacksize * sizeof (*ssl_expr_yylsp));
- __ssl_expr_yy_memcpy ((char *)ssl_expr_yyls, (char *)ssl_expr_yyls1,
- size * (unsigned int) sizeof (*ssl_expr_yylsp));
-#endif
-#endif /* no ssl_expr_yyoverflow */
-
- ssl_expr_yyssp = ssl_expr_yyss + size - 1;
- ssl_expr_yyvsp = ssl_expr_yyvs + size - 1;
-#ifdef YYLSP_NEEDED
- ssl_expr_yylsp = ssl_expr_yyls + size - 1;
-#endif
-
-#if YYDEBUG != 0
- if (ssl_expr_yydebug)
- fprintf(stderr, "Stack size increased to %d\n", ssl_expr_yystacksize);
-#endif
-
- if (ssl_expr_yyssp >= ssl_expr_yyss + ssl_expr_yystacksize - 1)
- YYABORT;
- }
-
-#if YYDEBUG != 0
- if (ssl_expr_yydebug)
- fprintf(stderr, "Entering state %d\n", ssl_expr_yystate);
-#endif
-
- goto ssl_expr_yybackup;
- ssl_expr_yybackup:
-
-/* Do appropriate processing given the current state. */
-/* Read a lookahead token if we need one and don't already have one. */
-/* ssl_expr_yyresume: */
-
- /* First try to decide what to do without reference to lookahead token. */
-
- ssl_expr_yyn = ssl_expr_yypact[ssl_expr_yystate];
- if (ssl_expr_yyn == YYFLAG)
- goto ssl_expr_yydefault;
-
- /* Not known => get a lookahead token if don't already have one. */
-
- /* ssl_expr_yychar is either YYEMPTY or YYEOF
- or a valid token in external form. */
-
- if (ssl_expr_yychar == YYEMPTY)
- {
-#if YYDEBUG != 0
- if (ssl_expr_yydebug)
- fprintf(stderr, "Reading a token: ");
-#endif
- ssl_expr_yychar = YYLEX;
- }
-
- /* Convert token to internal form (in ssl_expr_yychar1) for indexing tables with */
-
- if (ssl_expr_yychar <= 0) /* This means end of input. */
- {
- ssl_expr_yychar1 = 0;
- ssl_expr_yychar = YYEOF; /* Don't call YYLEX any more */
-
-#if YYDEBUG != 0
- if (ssl_expr_yydebug)
- fprintf(stderr, "Now at end of input.\n");
-#endif
- }
- else
- {
- ssl_expr_yychar1 = YYTRANSLATE(ssl_expr_yychar);
-
-#if YYDEBUG != 0
- if (ssl_expr_yydebug)
- {
- fprintf (stderr, "Next token is %d (%s", ssl_expr_yychar, ssl_expr_yytname[ssl_expr_yychar1]);
- /* Give the individual parser a way to print the precise meaning
- of a token, for further debugging info. */
-#ifdef YYPRINT
- YYPRINT (stderr, ssl_expr_yychar, ssl_expr_yylval);
-#endif
- fprintf (stderr, ")\n");
- }
-#endif
- }
-
- ssl_expr_yyn += ssl_expr_yychar1;
- if (ssl_expr_yyn < 0 || ssl_expr_yyn > YYLAST || ssl_expr_yycheck[ssl_expr_yyn] != ssl_expr_yychar1)
- goto ssl_expr_yydefault;
-
- ssl_expr_yyn = ssl_expr_yytable[ssl_expr_yyn];
-
- /* ssl_expr_yyn is what to do for this token type in this state.
- Negative => reduce, -ssl_expr_yyn is rule number.
- Positive => shift, ssl_expr_yyn is new state.
- New state is final state => don't bother to shift,
- just return success.
- 0, or most negative number => error. */
-
- if (ssl_expr_yyn < 0)
- {
- if (ssl_expr_yyn == YYFLAG)
- goto ssl_expr_yyerrlab;
- ssl_expr_yyn = -ssl_expr_yyn;
- goto ssl_expr_yyreduce;
- }
- else if (ssl_expr_yyn == 0)
- goto ssl_expr_yyerrlab;
-
- if (ssl_expr_yyn == YYFINAL)
- YYACCEPT;
-
- /* Shift the lookahead token. */
-
-#if YYDEBUG != 0
- if (ssl_expr_yydebug)
- fprintf(stderr, "Shifting token %d (%s), ", ssl_expr_yychar, ssl_expr_yytname[ssl_expr_yychar1]);
-#endif
-
- /* Discard the token being shifted unless it is eof. */
- if (ssl_expr_yychar != YYEOF)
- ssl_expr_yychar = YYEMPTY;
-
- *++ssl_expr_yyvsp = ssl_expr_yylval;
-#ifdef YYLSP_NEEDED
- *++ssl_expr_yylsp = ssl_expr_yylloc;
-#endif
-
- /* count tokens shifted since error; after three, turn off error status. */
- if (ssl_expr_yyerrstatus) ssl_expr_yyerrstatus--;
-
- ssl_expr_yystate = ssl_expr_yyn;
- goto ssl_expr_yynewstate;
-
-/* Do the default action for the current state. */
-ssl_expr_yydefault:
-
- ssl_expr_yyn = ssl_expr_yydefact[ssl_expr_yystate];
- if (ssl_expr_yyn == 0)
- goto ssl_expr_yyerrlab;
-
-/* Do a reduction. ssl_expr_yyn is the number of a rule to reduce with. */
-ssl_expr_yyreduce:
- ssl_expr_yylen = ssl_expr_yyr2[ssl_expr_yyn];
- if (ssl_expr_yylen > 0)
- ssl_expr_yyval = ssl_expr_yyvsp[1-ssl_expr_yylen]; /* implement default value of the action */
-
-#if YYDEBUG != 0
- if (ssl_expr_yydebug)
- {
- int i;
-
- fprintf (stderr, "Reducing via rule %d (line %d), ",
- ssl_expr_yyn, ssl_expr_yyrline[ssl_expr_yyn]);
-
- /* Print the symbols being reduced, and their result. */
- for (i = ssl_expr_yyprhs[ssl_expr_yyn]; ssl_expr_yyrhs[i] > 0; i++)
- fprintf (stderr, "%s ", ssl_expr_yytname[ssl_expr_yyrhs[i]]);
- fprintf (stderr, " -> %s\n", ssl_expr_yytname[ssl_expr_yyr1[ssl_expr_yyn]]);
- }
-#endif
-
-
- switch (ssl_expr_yyn) {
-
-case 1:
-#line 115 "ssl_expr_parse.y"
-{ ssl_expr_info.expr = ssl_expr_yyvsp[0].exVal; ;
- break;}
-case 2:
-#line 118 "ssl_expr_parse.y"
-{ ssl_expr_yyval.exVal = ssl_expr_make(op_True, NULL, NULL); ;
- break;}
-case 3:
-#line 119 "ssl_expr_parse.y"
-{ ssl_expr_yyval.exVal = ssl_expr_make(op_False, NULL, NULL); ;
- break;}
-case 4:
-#line 120 "ssl_expr_parse.y"
-{ ssl_expr_yyval.exVal = ssl_expr_make(op_Not, ssl_expr_yyvsp[0].exVal, NULL); ;
- break;}
-case 5:
-#line 121 "ssl_expr_parse.y"
-{ ssl_expr_yyval.exVal = ssl_expr_make(op_Or, ssl_expr_yyvsp[-2].exVal, ssl_expr_yyvsp[0].exVal); ;
- break;}
-case 6:
-#line 122 "ssl_expr_parse.y"
-{ ssl_expr_yyval.exVal = ssl_expr_make(op_And, ssl_expr_yyvsp[-2].exVal, ssl_expr_yyvsp[0].exVal); ;
- break;}
-case 7:
-#line 123 "ssl_expr_parse.y"
-{ ssl_expr_yyval.exVal = ssl_expr_make(op_Comp, ssl_expr_yyvsp[0].exVal, NULL); ;
- break;}
-case 8:
-#line 124 "ssl_expr_parse.y"
-{ ssl_expr_yyval.exVal = ssl_expr_yyvsp[-1].exVal; ;
- break;}
-case 9:
-#line 127 "ssl_expr_parse.y"
-{ ssl_expr_yyval.exVal = ssl_expr_make(op_EQ, ssl_expr_yyvsp[-2].exVal, ssl_expr_yyvsp[0].exVal); ;
- break;}
-case 10:
-#line 128 "ssl_expr_parse.y"
-{ ssl_expr_yyval.exVal = ssl_expr_make(op_NE, ssl_expr_yyvsp[-2].exVal, ssl_expr_yyvsp[0].exVal); ;
- break;}
-case 11:
-#line 129 "ssl_expr_parse.y"
-{ ssl_expr_yyval.exVal = ssl_expr_make(op_LT, ssl_expr_yyvsp[-2].exVal, ssl_expr_yyvsp[0].exVal); ;
- break;}
-case 12:
-#line 130 "ssl_expr_parse.y"
-{ ssl_expr_yyval.exVal = ssl_expr_make(op_LE, ssl_expr_yyvsp[-2].exVal, ssl_expr_yyvsp[0].exVal); ;
- break;}
-case 13:
-#line 131 "ssl_expr_parse.y"
-{ ssl_expr_yyval.exVal = ssl_expr_make(op_GT, ssl_expr_yyvsp[-2].exVal, ssl_expr_yyvsp[0].exVal); ;
- break;}
-case 14:
-#line 132 "ssl_expr_parse.y"
-{ ssl_expr_yyval.exVal = ssl_expr_make(op_GE, ssl_expr_yyvsp[-2].exVal, ssl_expr_yyvsp[0].exVal); ;
- break;}
-case 15:
-#line 133 "ssl_expr_parse.y"
-{ ssl_expr_yyval.exVal = ssl_expr_make(op_IN, ssl_expr_yyvsp[-4].exVal, ssl_expr_yyvsp[-1].exVal); ;
- break;}
-case 16:
-#line 134 "ssl_expr_parse.y"
-{ ssl_expr_yyval.exVal = ssl_expr_make(op_REG, ssl_expr_yyvsp[-2].exVal, ssl_expr_yyvsp[0].exVal); ;
- break;}
-case 17:
-#line 135 "ssl_expr_parse.y"
-{ ssl_expr_yyval.exVal = ssl_expr_make(op_NRE, ssl_expr_yyvsp[-2].exVal, ssl_expr_yyvsp[0].exVal); ;
- break;}
-case 18:
-#line 138 "ssl_expr_parse.y"
-{ ssl_expr_yyval.exVal = ssl_expr_make(op_ListElement, ssl_expr_yyvsp[0].exVal, NULL); ;
- break;}
-case 19:
-#line 139 "ssl_expr_parse.y"
-{ ssl_expr_yyval.exVal = ssl_expr_make(op_ListElement, ssl_expr_yyvsp[0].exVal, ssl_expr_yyvsp[-2].exVal); ;
- break;}
-case 20:
-#line 142 "ssl_expr_parse.y"
-{ ssl_expr_yyval.exVal = ssl_expr_make(op_Digit, ssl_expr_yyvsp[0].cpVal, NULL); ;
- break;}
-case 21:
-#line 143 "ssl_expr_parse.y"
-{ ssl_expr_yyval.exVal = ssl_expr_make(op_String, ssl_expr_yyvsp[0].cpVal, NULL); ;
- break;}
-case 22:
-#line 144 "ssl_expr_parse.y"
-{ ssl_expr_yyval.exVal = ssl_expr_make(op_Var, ssl_expr_yyvsp[-1].cpVal, NULL); ;
- break;}
-case 23:
-#line 145 "ssl_expr_parse.y"
-{ ssl_expr_yyval.exVal = ssl_expr_yyvsp[0].exVal; ;
- break;}
-case 24:
-#line 148 "ssl_expr_parse.y"
-{
- regex_t *regex;
- if ((regex = ap_pregcomp(ssl_expr_info.pool, ssl_expr_yyvsp[0].cpVal,
- REG_EXTENDED|REG_NOSUB)) == NULL) {
- ssl_expr_error = "Failed to compile regular expression";
- YYERROR;
- regex = NULL;
- }
- ssl_expr_yyval.exVal = ssl_expr_make(op_Regex, regex, NULL);
- ;
- break;}
-case 25:
-#line 158 "ssl_expr_parse.y"
-{
- regex_t *regex;
- if ((regex = ap_pregcomp(ssl_expr_info.pool, ssl_expr_yyvsp[0].cpVal,
- REG_EXTENDED|REG_NOSUB|REG_ICASE)) == NULL) {
- ssl_expr_error = "Failed to compile regular expression";
- YYERROR;
- regex = NULL;
- }
- ssl_expr_yyval.exVal = ssl_expr_make(op_Regex, regex, NULL);
- ;
- break;}
-case 26:
-#line 170 "ssl_expr_parse.y"
-{
- ssl_expr *args = ssl_expr_make(op_ListElement, ssl_expr_yyvsp[-1].cpVal, NULL);
- ssl_expr_yyval.exVal = ssl_expr_make(op_Func, "file", args);
- ;
- break;}
-}
- /* the action file gets copied in in place of this dollarsign */
-#line 543 "/usr/local/share/bison.simple"
-
- ssl_expr_yyvsp -= ssl_expr_yylen;
- ssl_expr_yyssp -= ssl_expr_yylen;
-#ifdef YYLSP_NEEDED
- ssl_expr_yylsp -= ssl_expr_yylen;
-#endif
-
-#if YYDEBUG != 0
- if (ssl_expr_yydebug)
- {
- short *ssp1 = ssl_expr_yyss - 1;
- fprintf (stderr, "state stack now");
- while (ssp1 != ssl_expr_yyssp)
- fprintf (stderr, " %d", *++ssp1);
- fprintf (stderr, "\n");
- }
-#endif
-
- *++ssl_expr_yyvsp = ssl_expr_yyval;
-
-#ifdef YYLSP_NEEDED
- ssl_expr_yylsp++;
- if (ssl_expr_yylen == 0)
- {
- ssl_expr_yylsp->first_line = ssl_expr_yylloc.first_line;
- ssl_expr_yylsp->first_column = ssl_expr_yylloc.first_column;
- ssl_expr_yylsp->last_line = (ssl_expr_yylsp-1)->last_line;
- ssl_expr_yylsp->last_column = (ssl_expr_yylsp-1)->last_column;
- ssl_expr_yylsp->text = 0;
- }
- else
- {
- ssl_expr_yylsp->last_line = (ssl_expr_yylsp+ssl_expr_yylen-1)->last_line;
- ssl_expr_yylsp->last_column = (ssl_expr_yylsp+ssl_expr_yylen-1)->last_column;
- }
-#endif
-
- /* Now "shift" the result of the reduction.
- Determine what state that goes to,
- based on the state we popped back to
- and the rule number reduced by. */
-
- ssl_expr_yyn = ssl_expr_yyr1[ssl_expr_yyn];
-
- ssl_expr_yystate = ssl_expr_yypgoto[ssl_expr_yyn - YYNTBASE] + *ssl_expr_yyssp;
- if (ssl_expr_yystate >= 0 && ssl_expr_yystate <= YYLAST && ssl_expr_yycheck[ssl_expr_yystate] == *ssl_expr_yyssp)
- ssl_expr_yystate = ssl_expr_yytable[ssl_expr_yystate];
- else
- ssl_expr_yystate = ssl_expr_yydefgoto[ssl_expr_yyn - YYNTBASE];
-
- goto ssl_expr_yynewstate;
-
-ssl_expr_yyerrlab: /* here on detecting error */
-
- if (! ssl_expr_yyerrstatus)
- /* If not already recovering from an error, report this error. */
- {
- ++ssl_expr_yynerrs;
-
-#ifdef YYERROR_VERBOSE
- ssl_expr_yyn = ssl_expr_yypact[ssl_expr_yystate];
-
- if (ssl_expr_yyn > YYFLAG && ssl_expr_yyn < YYLAST)
- {
- int size = 0;
- char *msg;
- int x, count;
-
- count = 0;
- /* Start X at -ssl_expr_yyn if nec to avoid negative indexes in ssl_expr_yycheck. */
- for (x = (ssl_expr_yyn < 0 ? -ssl_expr_yyn : 0);
- x < (sizeof(ssl_expr_yytname) / sizeof(char *)); x++)
- if (ssl_expr_yycheck[x + ssl_expr_yyn] == x)
- size += strlen(ssl_expr_yytname[x]) + 15, count++;
- msg = (char *) malloc(size + 15);
- if (msg != 0)
- {
- strcpy(msg, "parse error");
-
- if (count < 5)
- {
- count = 0;
- for (x = (ssl_expr_yyn < 0 ? -ssl_expr_yyn : 0);
- x < (sizeof(ssl_expr_yytname) / sizeof(char *)); x++)
- if (ssl_expr_yycheck[x + ssl_expr_yyn] == x)
- {
- strcat(msg, count == 0 ? ", expecting `" : " or `");
- strcat(msg, ssl_expr_yytname[x]);
- strcat(msg, "'");
- count++;
- }
- }
- ssl_expr_yyerror(msg);
- free(msg);
- }
- else
- ssl_expr_yyerror ("parse error; also virtual memory exceeded");
- }
- else
-#endif /* YYERROR_VERBOSE */
- ssl_expr_yyerror("parse error");
- }
-
- goto ssl_expr_yyerrlab1;
-ssl_expr_yyerrlab1: /* here on error raised explicitly by an action */
-
- if (ssl_expr_yyerrstatus == 3)
- {
- /* if just tried and failed to reuse lookahead token after an error, discard it. */
-
- /* return failure if at end of input */
- if (ssl_expr_yychar == YYEOF)
- YYABORT;
-
-#if YYDEBUG != 0
- if (ssl_expr_yydebug)
- fprintf(stderr, "Discarding token %d (%s).\n", ssl_expr_yychar, ssl_expr_yytname[ssl_expr_yychar1]);
-#endif
-
- ssl_expr_yychar = YYEMPTY;
- }
-
- /* Else will try to reuse lookahead token
- after shifting the error token. */
-
- ssl_expr_yyerrstatus = 3; /* Each real token shifted decrements this */
-
- goto ssl_expr_yyerrhandle;
-
-ssl_expr_yyerrdefault: /* current state does not do anything special for the error token. */
-
-#if 0
- /* This is wrong; only states that explicitly want error tokens
- should shift them. */
- ssl_expr_yyn = ssl_expr_yydefact[ssl_expr_yystate]; /* If its default is to accept any token, ok. Otherwise pop it.*/
- if (ssl_expr_yyn) goto ssl_expr_yydefault;
-#endif
-
-ssl_expr_yyerrpop: /* pop the current state because it cannot handle the error token */
-
- if (ssl_expr_yyssp == ssl_expr_yyss) YYABORT;
- ssl_expr_yyvsp--;
- ssl_expr_yystate = *--ssl_expr_yyssp;
-#ifdef YYLSP_NEEDED
- ssl_expr_yylsp--;
-#endif
-
-#if YYDEBUG != 0
- if (ssl_expr_yydebug)
- {
- short *ssp1 = ssl_expr_yyss - 1;
- fprintf (stderr, "Error: state stack now");
- while (ssp1 != ssl_expr_yyssp)
- fprintf (stderr, " %d", *++ssp1);
- fprintf (stderr, "\n");
- }
-#endif
-
-ssl_expr_yyerrhandle:
-
- ssl_expr_yyn = ssl_expr_yypact[ssl_expr_yystate];
- if (ssl_expr_yyn == YYFLAG)
- goto ssl_expr_yyerrdefault;
-
- ssl_expr_yyn += YYTERROR;
- if (ssl_expr_yyn < 0 || ssl_expr_yyn > YYLAST || ssl_expr_yycheck[ssl_expr_yyn] != YYTERROR)
- goto ssl_expr_yyerrdefault;
-
- ssl_expr_yyn = ssl_expr_yytable[ssl_expr_yyn];
- if (ssl_expr_yyn < 0)
- {
- if (ssl_expr_yyn == YYFLAG)
- goto ssl_expr_yyerrpop;
- ssl_expr_yyn = -ssl_expr_yyn;
- goto ssl_expr_yyreduce;
- }
- else if (ssl_expr_yyn == 0)
- goto ssl_expr_yyerrpop;
-
- if (ssl_expr_yyn == YYFINAL)
- YYACCEPT;
-
-#if YYDEBUG != 0
- if (ssl_expr_yydebug)
- fprintf(stderr, "Shifting error token, ");
-#endif
-
- *++ssl_expr_yyvsp = ssl_expr_yylval;
-#ifdef YYLSP_NEEDED
- *++ssl_expr_yylsp = ssl_expr_yylloc;
-#endif
-
- ssl_expr_yystate = ssl_expr_yyn;
- goto ssl_expr_yynewstate;
-
- ssl_expr_yyacceptlab:
- /* YYACCEPT comes here. */
- if (ssl_expr_yyfree_stacks)
- {
- free (ssl_expr_yyss);
- free (ssl_expr_yyvs);
-#ifdef YYLSP_NEEDED
- free (ssl_expr_yyls);
-#endif
- }
- return 0;
-
- ssl_expr_yyabortlab:
- /* YYABORT comes here. */
- if (ssl_expr_yyfree_stacks)
- {
- free (ssl_expr_yyss);
- free (ssl_expr_yyvs);
-#ifdef YYLSP_NEEDED
- free (ssl_expr_yyls);
-#endif
- }
- return 1;
-}
-#line 176 "ssl_expr_parse.y"
-
-
-int ssl_expr_yyerror(char *s)
-{
- ssl_expr_error = s;
- return 2;
-}
-
diff --git a/rubbos/app/httpd-2.0.64/modules/ssl/ssl_expr_parse.h b/rubbos/app/httpd-2.0.64/modules/ssl/ssl_expr_parse.h
deleted file mode 100644
index 5378e287..00000000
--- a/rubbos/app/httpd-2.0.64/modules/ssl/ssl_expr_parse.h
+++ /dev/null
@@ -1,27 +0,0 @@
-typedef union {
- char *cpVal;
- ssl_expr *exVal;
-} YYSTYPE;
-#define T_TRUE 257
-#define T_FALSE 258
-#define T_DIGIT 259
-#define T_ID 260
-#define T_STRING 261
-#define T_REGEX 262
-#define T_REGEX_I 263
-#define T_FUNC_FILE 264
-#define T_OP_EQ 265
-#define T_OP_NE 266
-#define T_OP_LT 267
-#define T_OP_LE 268
-#define T_OP_GT 269
-#define T_OP_GE 270
-#define T_OP_REG 271
-#define T_OP_NRE 272
-#define T_OP_IN 273
-#define T_OP_OR 274
-#define T_OP_AND 275
-#define T_OP_NOT 276
-
-
-extern YYSTYPE ssl_expr_yylval;
diff --git a/rubbos/app/httpd-2.0.64/modules/ssl/ssl_expr_parse.y b/rubbos/app/httpd-2.0.64/modules/ssl/ssl_expr_parse.y
deleted file mode 100644
index 649e1541..00000000
--- a/rubbos/app/httpd-2.0.64/modules/ssl/ssl_expr_parse.y
+++ /dev/null
@@ -1,148 +0,0 @@
-/* Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-/* _ _
- * _ __ ___ ___ __| | ___ ___| |
- * | '_ ` _ \ / _ \ / _` | / __/ __| |
- * | | | | | | (_) | (_| | \__ \__ \ | mod_ssl - Apache Interface to OpenSSL
- * |_| |_| |_|\___/ \__,_|___|___/___/_| http://www.modssl.org/
- * |_____|
- * ssl_expr_parse.y
- * Expression LR(1) Parser
- */
- /* ``What you see is all you get.''
- -- Brian Kernighan */
-
-/* _________________________________________________________________
-**
-** Expression Parser
-** _________________________________________________________________
-*/
-
-%{
-#include "mod_ssl.h"
-%}
-
-%union {
- char *cpVal;
- ssl_expr *exVal;
-}
-
-%token T_TRUE
-%token T_FALSE
-
-%token <cpVal> T_DIGIT
-%token <cpVal> T_ID
-%token <cpVal> T_STRING
-%token <cpVal> T_REGEX
-%token <cpVal> T_REGEX_I
-
-%token T_FUNC_FILE
-
-%token T_OP_EQ
-%token T_OP_NE
-%token T_OP_LT
-%token T_OP_LE
-%token T_OP_GT
-%token T_OP_GE
-%token T_OP_REG
-%token T_OP_NRE
-%token T_OP_IN
-
-%token T_OP_OR
-%token T_OP_AND
-%token T_OP_NOT
-
-%left T_OP_OR
-%left T_OP_AND
-%left T_OP_NOT
-
-%type <exVal> expr
-%type <exVal> comparison
-%type <exVal> funccall
-%type <exVal> regex
-%type <exVal> words
-%type <exVal> word
-
-%%
-
-root : expr { ssl_expr_info.expr = $1; }
- ;
-
-expr : T_TRUE { $$ = ssl_expr_make(op_True, NULL, NULL); }
- | T_FALSE { $$ = ssl_expr_make(op_False, NULL, NULL); }
- | T_OP_NOT expr { $$ = ssl_expr_make(op_Not, $2, NULL); }
- | expr T_OP_OR expr { $$ = ssl_expr_make(op_Or, $1, $3); }
- | expr T_OP_AND expr { $$ = ssl_expr_make(op_And, $1, $3); }
- | comparison { $$ = ssl_expr_make(op_Comp, $1, NULL); }
- | '(' expr ')' { $$ = $2; }
- ;
-
-comparison: word T_OP_EQ word { $$ = ssl_expr_make(op_EQ, $1, $3); }
- | word T_OP_NE word { $$ = ssl_expr_make(op_NE, $1, $3); }
- | word T_OP_LT word { $$ = ssl_expr_make(op_LT, $1, $3); }
- | word T_OP_LE word { $$ = ssl_expr_make(op_LE, $1, $3); }
- | word T_OP_GT word { $$ = ssl_expr_make(op_GT, $1, $3); }
- | word T_OP_GE word { $$ = ssl_expr_make(op_GE, $1, $3); }
- | word T_OP_IN '{' words '}' { $$ = ssl_expr_make(op_IN, $1, $4); }
- | word T_OP_REG regex { $$ = ssl_expr_make(op_REG, $1, $3); }
- | word T_OP_NRE regex { $$ = ssl_expr_make(op_NRE, $1, $3); }
- ;
-
-words : word { $$ = ssl_expr_make(op_ListElement, $1, NULL); }
- | words ',' word { $$ = ssl_expr_make(op_ListElement, $3, $1); }
- ;
-
-word : T_DIGIT { $$ = ssl_expr_make(op_Digit, $1, NULL); }
- | T_STRING { $$ = ssl_expr_make(op_String, $1, NULL); }
- | '%' '{' T_ID '}' { $$ = ssl_expr_make(op_Var, $3, NULL); }
- | funccall { $$ = $1; }
- ;
-
-regex : T_REGEX {
- regex_t *regex;
- if ((regex = ap_pregcomp(ssl_expr_info.pool, $1,
- REG_EXTENDED|REG_NOSUB)) == NULL) {
- ssl_expr_error = "Failed to compile regular expression";
- YYERROR;
- }
- $$ = ssl_expr_make(op_Regex, regex, NULL);
- }
- | T_REGEX_I {
- regex_t *regex;
- if ((regex = ap_pregcomp(ssl_expr_info.pool, $1,
- REG_EXTENDED|REG_NOSUB|REG_ICASE)) == NULL) {
- ssl_expr_error = "Failed to compile regular expression";
- YYERROR;
- }
- $$ = ssl_expr_make(op_Regex, regex, NULL);
- }
- ;
-
-funccall : T_FUNC_FILE '(' T_STRING ')' {
- ssl_expr *args = ssl_expr_make(op_ListElement, $3, NULL);
- $$ = ssl_expr_make(op_Func, "file", args);
- }
- ;
-
-%%
-
-int yyerror(char *s)
-{
- ssl_expr_error = s;
- return 2;
-}
-
diff --git a/rubbos/app/httpd-2.0.64/modules/ssl/ssl_expr_scan.c b/rubbos/app/httpd-2.0.64/modules/ssl/ssl_expr_scan.c
deleted file mode 100644
index 12977a3e..00000000
--- a/rubbos/app/httpd-2.0.64/modules/ssl/ssl_expr_scan.c
+++ /dev/null
@@ -1,1969 +0,0 @@
-#define yy_create_buffer ssl_expr_yy_create_buffer
-#define yy_delete_buffer ssl_expr_yy_delete_buffer
-#define yy_scan_buffer ssl_expr_yy_scan_buffer
-#define yy_scan_string ssl_expr_yy_scan_string
-#define yy_scan_bytes ssl_expr_yy_scan_bytes
-#define yy_flex_debug ssl_expr_yy_flex_debug
-#define yy_init_buffer ssl_expr_yy_init_buffer
-#define yy_flush_buffer ssl_expr_yy_flush_buffer
-#define yy_load_buffer_state ssl_expr_yy_load_buffer_state
-#define yy_switch_to_buffer ssl_expr_yy_switch_to_buffer
-#define yyin ssl_expr_yyin
-#define yyleng ssl_expr_yyleng
-#define yylex ssl_expr_yylex
-#define yyout ssl_expr_yyout
-#define yyrestart ssl_expr_yyrestart
-#define yytext ssl_expr_yytext
-
-/* A lexical scanner generated by flex */
-
-/* Scanner skeleton version:
- * $Header: /home/striker/cvs2svn/dumps/httpd-2.0/../../httpd-2.0/modules/ssl/ssl_expr_scan.c,v 1.12.2.4 2004/02/09 20:53:20 nd Exp $
- */
-
-#define FLEX_SCANNER
-#define YY_FLEX_MAJOR_VERSION 2
-#define YY_FLEX_MINOR_VERSION 5
-
-#include <stdio.h>
-
-
-/* cfront 1.2 defines "c_plusplus" instead of "__cplusplus" */
-#ifdef c_plusplus
-#ifndef __cplusplus
-#define __cplusplus
-#endif
-#endif
-
-
-#ifdef __cplusplus
-
-#include <stdlib.h>
-#include <unistd.h>
-
-/* Use prototypes in function declarations. */
-#define YY_USE_PROTOS
-
-/* The "const" storage-class-modifier is valid. */
-#define YY_USE_CONST
-
-#else /* ! __cplusplus */
-
-#if __STDC__
-
-#define YY_USE_PROTOS
-#define YY_USE_CONST
-
-#endif /* __STDC__ */
-#endif /* ! __cplusplus */
-
-#ifdef __TURBOC__
-#pragma warn -rch
-#pragma warn -use
-#include <io.h>
-#include <stdlib.h>
-#define YY_USE_CONST
-#define YY_USE_PROTOS
-#endif
-
-#ifdef YY_USE_CONST
-#define yyconst const
-#else
-#define yyconst
-#endif
-
-
-#ifdef YY_USE_PROTOS
-#define YY_PROTO(proto) proto
-#else
-#define YY_PROTO(proto) ()
-#endif
-
-/* Returned upon end-of-file. */
-#define YY_NULL 0
-
-/* Promotes a possibly negative, possibly signed char to an unsigned
- * integer for use as an array index. If the signed char is negative,
- * we want to instead treat it as an 8-bit unsigned char, hence the
- * double cast.
- */
-#define YY_SC_TO_UI(c) ((unsigned int) (unsigned char) c)
-
-/* Enter a start condition. This macro really ought to take a parameter,
- * but we do it the disgusting crufty way forced on us by the ()-less
- * definition of BEGIN.
- */
-#define BEGIN yy_start = 1 + 2 *
-
-/* Translate the current start state into a value that can be later handed
- * to BEGIN to return to the state. The YYSTATE alias is for lex
- * compatibility.
- */
-#define YY_START ((yy_start - 1) / 2)
-#define YYSTATE YY_START
-
-/* Action number for EOF rule of a given start state. */
-#define YY_STATE_EOF(state) (YY_END_OF_BUFFER + state + 1)
-
-/* Special action meaning "start processing a new file". */
-#define YY_NEW_FILE yyrestart( yyin )
-
-#define YY_END_OF_BUFFER_CHAR 0
-
-/* Size of default input buffer. */
-#define YY_BUF_SIZE 16384
-
-typedef struct yy_buffer_state *YY_BUFFER_STATE;
-
-extern int yyleng;
-extern FILE *yyin, *yyout;
-
-#define EOB_ACT_CONTINUE_SCAN 0
-#define EOB_ACT_END_OF_FILE 1
-#define EOB_ACT_LAST_MATCH 2
-
-/* The funky do-while in the following #define is used to turn the definition
- * int a single C statement (which needs a semi-colon terminator). This
- * avoids problems with code like:
- *
- * if ( condition_holds )
- * yyless( 5 );
- * else
- * do_something_else();
- *
- * Prior to using the do-while the compiler would get upset at the
- * "else" because it interpreted the "if" statement as being all
- * done when it reached the ';' after the yyless() call.
- */
-
-/* Return all but the first 'n' matched characters back to the input stream. */
-
-#define yyless(n) \
- do \
- { \
- /* Undo effects of setting up yytext. */ \
- *yy_cp = yy_hold_char; \
- YY_RESTORE_YY_MORE_OFFSET \
- yy_c_buf_p = yy_cp = yy_bp + n - YY_MORE_ADJ; \
- YY_DO_BEFORE_ACTION; /* set up yytext again */ \
- } \
- while ( 0 )
-
-#define unput(c) yyunput( c, yytext_ptr )
-
-/* The following is because we cannot portably get our hands on size_t
- * (without autoconf's help, which isn't available because we want
- * flex-generated scanners to compile on their own).
- */
-typedef unsigned int yy_size_t;
-
-
-struct yy_buffer_state
- {
- FILE *yy_input_file;
-
- char *yy_ch_buf; /* input buffer */
- char *yy_buf_pos; /* current position in input buffer */
-
- /* Size of input buffer in bytes, not including room for EOB
- * characters.
- */
- yy_size_t yy_buf_size;
-
- /* Number of characters read into yy_ch_buf, not including EOB
- * characters.
- */
- int yy_n_chars;
-
- /* Whether we "own" the buffer - i.e., we know we created it,
- * and can realloc() it to grow it, and should free() it to
- * delete it.
- */
- int yy_is_our_buffer;
-
- /* Whether this is an "interactive" input source; if so, and
- * if we're using stdio for input, then we want to use getc()
- * instead of fread(), to make sure we stop fetching input after
- * each newline.
- */
- int yy_is_interactive;
-
- /* Whether we're considered to be at the beginning of a line.
- * If so, '^' rules will be active on the next match, otherwise
- * not.
- */
- int yy_at_bol;
-
- /* Whether to try to fill the input buffer when we reach the
- * end of it.
- */
- int yy_fill_buffer;
-
- int yy_buffer_status;
-#define YY_BUFFER_NEW 0
-#define YY_BUFFER_NORMAL 1
- /* When an EOF's been seen but there's still some text to process
- * then we mark the buffer as YY_EOF_PENDING, to indicate that we
- * shouldn't try reading from the input source any more. We might
- * still have a bunch of tokens to match, though, because of
- * possible backing-up.
- *
- * When we actually see the EOF, we change the status to "new"
- * (via yyrestart()), so that the user can continue scanning by
- * just pointing yyin at a new input file.
- */
-#define YY_BUFFER_EOF_PENDING 2
- };
-
-static YY_BUFFER_STATE yy_current_buffer = 0;
-
-/* We provide macros for accessing buffer states in case in the
- * future we want to put the buffer states in a more general
- * "scanner state".
- */
-#define YY_CURRENT_BUFFER yy_current_buffer
-
-
-/* yy_hold_char holds the character lost when yytext is formed. */
-static char yy_hold_char;
-
-static int yy_n_chars; /* number of characters read into yy_ch_buf */
-
-
-int yyleng;
-
-/* Points to current character in buffer. */
-static char *yy_c_buf_p = (char *) 0;
-static int yy_init = 1; /* whether we need to initialize */
-static int yy_start = 0; /* start state number */
-
-/* Flag which is used to allow yywrap()'s to do buffer switches
- * instead of setting up a fresh yyin. A bit of a hack ...
- */
-static int yy_did_buffer_switch_on_eof;
-
-void yyrestart YY_PROTO(( FILE *input_file ));
-
-void yy_switch_to_buffer YY_PROTO(( YY_BUFFER_STATE new_buffer ));
-void yy_load_buffer_state YY_PROTO(( void ));
-YY_BUFFER_STATE yy_create_buffer YY_PROTO(( FILE *file, int size ));
-void yy_delete_buffer YY_PROTO(( YY_BUFFER_STATE b ));
-void yy_init_buffer YY_PROTO(( YY_BUFFER_STATE b, FILE *file ));
-void yy_flush_buffer YY_PROTO(( YY_BUFFER_STATE b ));
-#define YY_FLUSH_BUFFER yy_flush_buffer( yy_current_buffer )
-
-YY_BUFFER_STATE yy_scan_buffer YY_PROTO(( char *base, yy_size_t size ));
-YY_BUFFER_STATE yy_scan_string YY_PROTO(( yyconst char *yy_str ));
-YY_BUFFER_STATE yy_scan_bytes YY_PROTO(( yyconst char *bytes, int len ));
-
-static void *yy_flex_alloc YY_PROTO(( yy_size_t ));
-static void *yy_flex_realloc YY_PROTO(( void *, yy_size_t ));
-static void yy_flex_free YY_PROTO(( void * ));
-
-#define yy_new_buffer yy_create_buffer
-
-#define yy_set_interactive(is_interactive) \
- { \
- if ( ! yy_current_buffer ) \
- yy_current_buffer = yy_create_buffer( yyin, YY_BUF_SIZE ); \
- yy_current_buffer->yy_is_interactive = is_interactive; \
- }
-
-#define yy_set_bol(at_bol) \
- { \
- if ( ! yy_current_buffer ) \
- yy_current_buffer = yy_create_buffer( yyin, YY_BUF_SIZE ); \
- yy_current_buffer->yy_at_bol = at_bol; \
- }
-
-#define YY_AT_BOL() (yy_current_buffer->yy_at_bol)
-
-
-#define yywrap() 1
-#define YY_SKIP_YYWRAP
-typedef unsigned char YY_CHAR;
-FILE *yyin = (FILE *) 0, *yyout = (FILE *) 0;
-typedef int yy_state_type;
-extern char *yytext;
-#define yytext_ptr yytext
-
-static yy_state_type yy_get_previous_state YY_PROTO(( void ));
-static yy_state_type yy_try_NUL_trans YY_PROTO(( yy_state_type current_state ));
-static int yy_get_next_buffer YY_PROTO(( void ));
-static void yy_fatal_error YY_PROTO(( yyconst char msg[] ));
-
-/* Done after the current pattern has been matched and before the
- * corresponding action - sets up yytext.
- */
-#define YY_DO_BEFORE_ACTION \
- yytext_ptr = yy_bp; \
- yyleng = (int) (yy_cp - yy_bp); \
- yy_hold_char = *yy_cp; \
- *yy_cp = '\0'; \
- yy_c_buf_p = yy_cp;
-
-#define YY_NUM_RULES 46
-#define YY_END_OF_BUFFER 47
-static yyconst short int yy_accept[86] =
- { 0,
- 0, 0, 0, 0, 0, 0, 0, 0, 47, 45,
- 1, 38, 2, 45, 43, 24, 45, 28, 44, 44,
- 44, 44, 44, 44, 44, 44, 44, 44, 44, 45,
- 13, 4, 3, 14, 16, 18, 17, 1, 22, 32,
- 34, 43, 26, 20, 31, 30, 44, 44, 19, 44,
- 44, 29, 27, 39, 25, 23, 15, 15, 21, 44,
- 35, 44, 36, 13, 12, 5, 6, 10, 11, 7,
- 8, 9, 33, 44, 44, 37, 44, 5, 6, 44,
- 40, 41, 5, 42, 0
- } ;
-
-static yyconst int yy_ec[256] =
- { 0,
- 1, 1, 1, 1, 1, 1, 1, 1, 2, 3,
- 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
- 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
- 1, 2, 4, 5, 1, 1, 1, 6, 1, 1,
- 1, 1, 1, 1, 7, 1, 1, 8, 8, 8,
- 8, 8, 8, 8, 8, 9, 9, 7, 1, 10,
- 11, 12, 1, 1, 13, 13, 13, 13, 13, 13,
- 13, 13, 13, 13, 13, 13, 13, 13, 13, 13,
- 13, 13, 13, 13, 13, 13, 13, 13, 13, 13,
- 1, 14, 1, 1, 7, 1, 15, 16, 13, 17,
-
- 18, 19, 20, 13, 21, 13, 13, 22, 23, 24,
- 25, 13, 26, 27, 28, 29, 30, 13, 13, 13,
- 13, 13, 1, 31, 1, 32, 1, 1, 1, 1,
- 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
- 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
- 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
- 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
- 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
- 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
- 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
-
- 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
- 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
- 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
- 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
- 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
- 1, 1, 1, 1, 1
- } ;
-
-static yyconst int yy_meta[33] =
- { 0,
- 1, 1, 2, 1, 3, 1, 4, 4, 4, 1,
- 1, 1, 4, 3, 4, 4, 4, 4, 4, 4,
- 4, 4, 4, 4, 4, 4, 4, 4, 4, 4,
- 1, 1
- } ;
-
-static yyconst short int yy_base[93] =
- { 0,
- 0, 0, 30, 31, 0, 0, 82, 81, 101, 142,
- 35, 28, 142, 94, 32, 88, 31, 87, 0, 69,
- 66, 28, 28, 67, 29, 63, 30, 63, 62, 57,
- 0, 142, 142, 88, 142, 142, 142, 48, 142, 142,
- 142, 44, 142, 142, 142, 142, 0, 70, 0, 64,
- 63, 0, 0, 0, 0, 0, 142, 0, 0, 55,
- 0, 46, 142, 0, 142, 53, 62, 142, 142, 142,
- 142, 142, 0, 44, 48, 0, 41, 70, 72, 38,
- 0, 0, 74, 0, 142, 117, 121, 125, 50, 129,
- 133, 137
-
- } ;
-
-static yyconst short int yy_def[93] =
- { 0,
- 85, 1, 86, 86, 87, 87, 88, 88, 85, 85,
- 85, 85, 85, 85, 85, 85, 85, 85, 89, 89,
- 89, 89, 89, 89, 89, 90, 89, 89, 89, 85,
- 91, 85, 85, 92, 85, 85, 85, 85, 85, 85,
- 85, 85, 85, 85, 85, 85, 89, 89, 89, 89,
- 89, 89, 89, 89, 89, 89, 85, 89, 89, 89,
- 89, 89, 85, 91, 85, 85, 85, 85, 85, 85,
- 85, 85, 89, 89, 89, 89, 89, 85, 85, 89,
- 89, 89, 85, 89, 0, 85, 85, 85, 85, 85,
- 85, 85
-
- } ;
-
-static yyconst short int yy_nxt[175] =
- { 0,
- 10, 11, 11, 12, 13, 14, 10, 15, 15, 16,
- 17, 18, 19, 10, 20, 19, 19, 21, 22, 23,
- 24, 25, 26, 27, 28, 19, 19, 19, 29, 19,
- 30, 10, 32, 32, 33, 33, 38, 38, 39, 42,
- 42, 44, 50, 34, 34, 52, 55, 59, 51, 38,
- 38, 42, 42, 47, 60, 84, 53, 56, 82, 40,
- 78, 79, 45, 57, 57, 81, 57, 57, 57, 79,
- 79, 80, 57, 57, 57, 77, 57, 83, 79, 79,
- 79, 79, 79, 76, 75, 74, 73, 63, 62, 61,
- 54, 49, 48, 57, 57, 66, 67, 46, 43, 41,
-
- 85, 37, 37, 68, 85, 85, 69, 85, 85, 85,
- 85, 70, 85, 85, 71, 85, 72, 31, 31, 31,
- 31, 35, 35, 35, 35, 36, 36, 36, 36, 58,
- 85, 58, 58, 64, 85, 85, 64, 65, 65, 65,
- 65, 9, 85, 85, 85, 85, 85, 85, 85, 85,
- 85, 85, 85, 85, 85, 85, 85, 85, 85, 85,
- 85, 85, 85, 85, 85, 85, 85, 85, 85, 85,
- 85, 85, 85, 85
- } ;
-
-static yyconst short int yy_chk[175] =
- { 0,
- 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
- 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
- 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
- 1, 1, 3, 4, 3, 4, 11, 11, 12, 15,
- 15, 17, 22, 3, 4, 23, 25, 27, 22, 38,
- 38, 42, 42, 89, 27, 80, 23, 25, 77, 12,
- 66, 66, 17, 26, 26, 75, 26, 26, 26, 67,
- 67, 74, 26, 26, 26, 62, 26, 78, 78, 79,
- 79, 83, 83, 60, 51, 50, 48, 30, 29, 28,
- 24, 21, 20, 26, 26, 34, 34, 18, 16, 14,
-
- 9, 8, 7, 34, 0, 0, 34, 0, 0, 0,
- 0, 34, 0, 0, 34, 0, 34, 86, 86, 86,
- 86, 87, 87, 87, 87, 88, 88, 88, 88, 90,
- 0, 90, 90, 91, 0, 0, 91, 92, 92, 92,
- 92, 85, 85, 85, 85, 85, 85, 85, 85, 85,
- 85, 85, 85, 85, 85, 85, 85, 85, 85, 85,
- 85, 85, 85, 85, 85, 85, 85, 85, 85, 85,
- 85, 85, 85, 85
- } ;
-
-static yy_state_type yy_last_accepting_state;
-static char *yy_last_accepting_cpos;
-
-/* The intent behind this definition is that it'll catch
- * any uses of REJECT which flex missed.
- */
-#define REJECT reject_used_but_not_detected
-#define yymore() yymore_used_but_not_detected
-#define YY_MORE_ADJ 0
-#define YY_RESTORE_YY_MORE_OFFSET
-char *yytext;
-#line 1 "ssl_expr_scan.l"
-#define INITIAL 0
-/* Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-/* _ _
- * _ __ ___ ___ __| | ___ ___| |
- * | '_ ` _ \ / _ \ / _` | / __/ __| |
- * | | | | | | (_) | (_| | \__ \__ \ | mod_ssl - Apache Interface to OpenSSL
- * |_| |_| |_|\___/ \__,_|___|___/___/_| http://www.modssl.org/
- * |_____|
- * ssl_expr_scan.l
- * Expression Scanner
- */
-/* ``Killing for peace is
-like fucking for virginity.''
--- Unknown */
-/* _________________________________________________________________
-**
-** Expression Scanner
-** _________________________________________________________________
-*/
-#line 38 "ssl_expr_scan.l"
-#include "mod_ssl.h"
-
-#include "ssl_expr_parse.h"
-
-#define YY_NO_UNPUT 1
-int yyinput(char *buf, int max_size);
-
-#undef YY_INPUT
-#define YY_INPUT(buf,result,max_size) \
- (result = yyinput(buf, max_size))
-
-#define MAX_STR_LEN 2048
-/* %option stack */
-#define YY_NEVER_INTERACTIVE 1
-#define str 1
-
-#define regex 2
-#define regex_flags 3
-
-#line 535 "lex.ssl_expr_yy.c"
-
-/* Macros after this point can all be overridden by user definitions in
- * section 1.
- */
-
-#ifndef YY_SKIP_YYWRAP
-#ifdef __cplusplus
-extern "C" int yywrap YY_PROTO(( void ));
-#else
-extern int yywrap YY_PROTO(( void ));
-#endif
-#endif
-
-#ifndef YY_NO_UNPUT
-static void yyunput YY_PROTO(( int c, char *buf_ptr ));
-#endif
-
-#ifndef yytext_ptr
-static void yy_flex_strncpy YY_PROTO(( char *, yyconst char *, int ));
-#endif
-
-#ifdef YY_NEED_STRLEN
-static int yy_flex_strlen YY_PROTO(( yyconst char * ));
-#endif
-
-#ifndef YY_NO_INPUT
-#ifdef __cplusplus
-static int yyinput YY_PROTO(( void ));
-#else
-static int input YY_PROTO(( void ));
-#endif
-#endif
-
-#if YY_STACK_USED
-static int yy_start_stack_ptr = 0;
-static int yy_start_stack_depth = 0;
-static int *yy_start_stack = 0;
-#ifndef YY_NO_PUSH_STATE
-static void yy_push_state YY_PROTO(( int new_state ));
-#endif
-#ifndef YY_NO_POP_STATE
-static void yy_pop_state YY_PROTO(( void ));
-#endif
-#ifndef YY_NO_TOP_STATE
-static int yy_top_state YY_PROTO(( void ));
-#endif
-
-#else
-#define YY_NO_PUSH_STATE 1
-#define YY_NO_POP_STATE 1
-#define YY_NO_TOP_STATE 1
-#endif
-
-#ifdef YY_MALLOC_DECL
-YY_MALLOC_DECL
-#else
-#if __STDC__
-#ifndef __cplusplus
-#include <stdlib.h>
-#endif
-#else
-/* Just try to get by without declaring the routines. This will fail
- * miserably on non-ANSI systems for which sizeof(size_t) != sizeof(int)
- * or sizeof(void*) != sizeof(int).
- */
-#endif
-#endif
-
-/* Amount of stuff to slurp up with each read. */
-#ifndef YY_READ_BUF_SIZE
-#define YY_READ_BUF_SIZE 8192
-#endif
-
-/* Copy whatever the last rule matched to the standard output. */
-
-#ifndef ECHO
-/* This used to be an fputs(), but since the string might contain NUL's,
- * we now use fwrite().
- */
-#define ECHO (void) fwrite( yytext, yyleng, 1, yyout )
-#endif
-
-/* Gets input and stuffs it into "buf". number of characters read, or YY_NULL,
- * is returned in "result".
- */
-#ifndef YY_INPUT
-#define YY_INPUT(buf,result,max_size) \
- if ( yy_current_buffer->yy_is_interactive ) \
- { \
- int c = '*', n; \
- for ( n = 0; n < max_size && \
- (c = getc( yyin )) != EOF && c != '\n'; ++n ) \
- buf[n] = (char) c; \
- if ( c == '\n' ) \
- buf[n++] = (char) c; \
- if ( c == EOF && ferror( yyin ) ) \
- YY_FATAL_ERROR( "input in flex scanner failed" ); \
- result = n; \
- } \
- else if ( ((result = fread( buf, 1, max_size, yyin )) == 0) \
- && ferror( yyin ) ) \
- YY_FATAL_ERROR( "input in flex scanner failed" );
-#endif
-
-/* No semi-colon after return; correct usage is to write "yyterminate();" -
- * we don't want an extra ';' after the "return" because that will cause
- * some compilers to complain about unreachable statements.
- */
-#ifndef yyterminate
-#define yyterminate() return YY_NULL
-#endif
-
-/* Number of entries by which start-condition stack grows. */
-#ifndef YY_START_STACK_INCR
-#define YY_START_STACK_INCR 25
-#endif
-
-/* Report a fatal error. */
-#ifndef YY_FATAL_ERROR
-#define YY_FATAL_ERROR(msg) yy_fatal_error( msg )
-#endif
-
-/* Default declaration of generated scanner - a define so the user can
- * easily add parameters.
- */
-#ifndef YY_DECL
-#define YY_DECL int yylex YY_PROTO(( void ))
-#endif
-
-/* Code executed at the beginning of each rule, after yytext and yyleng
- * have been set up.
- */
-#ifndef YY_USER_ACTION
-#define YY_USER_ACTION
-#endif
-
-/* Code executed at the end of each rule. */
-#ifndef YY_BREAK
-#define YY_BREAK break;
-#endif
-
-#define YY_RULE_SETUP \
- YY_USER_ACTION
-
-YY_DECL
- {
- register yy_state_type yy_current_state;
- register char *yy_cp, *yy_bp;
- register int yy_act;
-
-#line 91 "ssl_expr_scan.l"
-
-
- char caStr[MAX_STR_LEN];
- char *cpStr = NULL;
- char caRegex[MAX_STR_LEN];
- char *cpRegex = NULL;
- char cRegexDel = NUL;
-
- /*
- * Whitespaces
- */
-#line 698 "lex.ssl_expr_yy.c"
-
- if ( yy_init )
- {
- yy_init = 0;
-
-#ifdef YY_USER_INIT
- YY_USER_INIT;
-#endif
-
- if ( ! yy_start )
- yy_start = 1; /* first start state */
-
- if ( ! yyin )
- yyin = stdin;
-
- if ( ! yyout )
- yyout = stdout;
-
- if ( ! yy_current_buffer )
- yy_current_buffer =
- yy_create_buffer( yyin, YY_BUF_SIZE );
-
- yy_load_buffer_state();
- }
-
- while ( 1 ) /* loops until end-of-file is reached */
- {
- yy_cp = yy_c_buf_p;
-
- /* Support of yytext. */
- *yy_cp = yy_hold_char;
-
- /* yy_bp points to the position in yy_ch_buf of the start of
- * the current run.
- */
- yy_bp = yy_cp;
-
- yy_current_state = yy_start;
-yy_match:
- do
- {
- register YY_CHAR yy_c = yy_ec[YY_SC_TO_UI(*yy_cp)];
- if ( yy_accept[yy_current_state] )
- {
- yy_last_accepting_state = yy_current_state;
- yy_last_accepting_cpos = yy_cp;
- }
- while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state )
- {
- yy_current_state = (int) yy_def[yy_current_state];
- if ( yy_current_state >= 86 )
- yy_c = yy_meta[(unsigned int) yy_c];
- }
- yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c];
- ++yy_cp;
- }
- while ( yy_current_state != 85 );
- yy_cp = yy_last_accepting_cpos;
- yy_current_state = yy_last_accepting_state;
-
-yy_find_action:
- yy_act = yy_accept[yy_current_state];
-
- YY_DO_BEFORE_ACTION;
-
-
-do_action: /* This label is used only to access EOF actions. */
-
-
- switch ( yy_act )
- { /* beginning of action switch */
- case 0: /* must back up */
- /* undo the effects of YY_DO_BEFORE_ACTION */
- *yy_cp = yy_hold_char;
- yy_cp = yy_last_accepting_cpos;
- yy_current_state = yy_last_accepting_state;
- goto yy_find_action;
-
-case 1:
-YY_RULE_SETUP
-#line 102 "ssl_expr_scan.l"
-{
- /* NOP */
-}
- YY_BREAK
-/*
- * C-style strings ("...")
- */
-case 2:
-YY_RULE_SETUP
-#line 109 "ssl_expr_scan.l"
-{
- cpStr = caStr;
- BEGIN(str);
-}
- YY_BREAK
-case 3:
-YY_RULE_SETUP
-#line 113 "ssl_expr_scan.l"
-{
- BEGIN(INITIAL);
- *cpStr = NUL;
- yylval.cpVal = apr_pstrdup(ssl_expr_info.pool, caStr);
- return T_STRING;
-}
- YY_BREAK
-case 4:
-YY_RULE_SETUP
-#line 119 "ssl_expr_scan.l"
-{
- yyerror("Unterminated string");
-}
- YY_BREAK
-case 5:
-YY_RULE_SETUP
-#line 122 "ssl_expr_scan.l"
-{
- int result;
-
- (void)sscanf(yytext+1, "%o", &result);
- if (result > 0xff)
- yyerror("Escape sequence out of bound");
- else
- *cpStr++ = result;
-}
- YY_BREAK
-case 6:
-YY_RULE_SETUP
-#line 131 "ssl_expr_scan.l"
-{
- yyerror("Bad escape sequence");
-}
- YY_BREAK
-case 7:
-YY_RULE_SETUP
-#line 134 "ssl_expr_scan.l"
-{ *cpStr++ = '\n'; }
- YY_BREAK
-case 8:
-YY_RULE_SETUP
-#line 135 "ssl_expr_scan.l"
-{ *cpStr++ = '\r'; }
- YY_BREAK
-case 9:
-YY_RULE_SETUP
-#line 136 "ssl_expr_scan.l"
-{ *cpStr++ = '\t'; }
- YY_BREAK
-case 10:
-YY_RULE_SETUP
-#line 137 "ssl_expr_scan.l"
-{ *cpStr++ = '\b'; }
- YY_BREAK
-case 11:
-YY_RULE_SETUP
-#line 138 "ssl_expr_scan.l"
-{ *cpStr++ = '\f'; }
- YY_BREAK
-case 12:
-YY_RULE_SETUP
-#line 139 "ssl_expr_scan.l"
-{
- *cpStr++ = yytext[1];
-}
- YY_BREAK
-case 13:
-YY_RULE_SETUP
-#line 142 "ssl_expr_scan.l"
-{
- char *cp = yytext;
- while (*cp != NUL)
- *cpStr++ = *cp++;
-}
- YY_BREAK
-case 14:
-YY_RULE_SETUP
-#line 147 "ssl_expr_scan.l"
-{
- *cpStr++ = yytext[1];
-}
- YY_BREAK
-/*
- * Regular Expression
- */
-case 15:
-YY_RULE_SETUP
-#line 154 "ssl_expr_scan.l"
-{
- cRegexDel = yytext[1];
- cpRegex = caRegex;
- BEGIN(regex);
-}
- YY_BREAK
-case 16:
-YY_RULE_SETUP
-#line 159 "ssl_expr_scan.l"
-{
- if (yytext[0] == cRegexDel) {
- *cpRegex = NUL;
- BEGIN(regex_flags);
- }
- else {
- *cpRegex++ = yytext[0];
- }
-}
- YY_BREAK
-case 17:
-YY_RULE_SETUP
-#line 168 "ssl_expr_scan.l"
-{
- yylval.cpVal = apr_pstrdup(ssl_expr_info.pool, caRegex);
- BEGIN(INITIAL);
- return T_REGEX_I;
-}
- YY_BREAK
-case 18:
-YY_RULE_SETUP
-#line 173 "ssl_expr_scan.l"
-{
- yylval.cpVal = apr_pstrdup(ssl_expr_info.pool, caRegex);
- yyless(0);
- BEGIN(INITIAL);
- return T_REGEX;
-}
- YY_BREAK
-case YY_STATE_EOF(regex_flags):
-#line 179 "ssl_expr_scan.l"
-{
- yylval.cpVal = apr_pstrdup(ssl_expr_info.pool, caRegex);
- BEGIN(INITIAL);
- return T_REGEX;
-}
- YY_BREAK
-/*
- * Operators
- */
-case 19:
-YY_RULE_SETUP
-#line 188 "ssl_expr_scan.l"
-{ return T_OP_EQ; }
- YY_BREAK
-case 20:
-YY_RULE_SETUP
-#line 189 "ssl_expr_scan.l"
-{ return T_OP_EQ; }
- YY_BREAK
-case 21:
-YY_RULE_SETUP
-#line 190 "ssl_expr_scan.l"
-{ return T_OP_NE; }
- YY_BREAK
-case 22:
-YY_RULE_SETUP
-#line 191 "ssl_expr_scan.l"
-{ return T_OP_NE; }
- YY_BREAK
-case 23:
-YY_RULE_SETUP
-#line 192 "ssl_expr_scan.l"
-{ return T_OP_LT; }
- YY_BREAK
-case 24:
-YY_RULE_SETUP
-#line 193 "ssl_expr_scan.l"
-{ return T_OP_LT; }
- YY_BREAK
-case 25:
-YY_RULE_SETUP
-#line 194 "ssl_expr_scan.l"
-{ return T_OP_LE; }
- YY_BREAK
-case 26:
-YY_RULE_SETUP
-#line 195 "ssl_expr_scan.l"
-{ return T_OP_LE; }
- YY_BREAK
-case 27:
-YY_RULE_SETUP
-#line 196 "ssl_expr_scan.l"
-{ return T_OP_GT; }
- YY_BREAK
-case 28:
-YY_RULE_SETUP
-#line 197 "ssl_expr_scan.l"
-{ return T_OP_GT; }
- YY_BREAK
-case 29:
-YY_RULE_SETUP
-#line 198 "ssl_expr_scan.l"
-{ return T_OP_GE; }
- YY_BREAK
-case 30:
-YY_RULE_SETUP
-#line 199 "ssl_expr_scan.l"
-{ return T_OP_GE; }
- YY_BREAK
-case 31:
-YY_RULE_SETUP
-#line 200 "ssl_expr_scan.l"
-{ return T_OP_REG; }
- YY_BREAK
-case 32:
-YY_RULE_SETUP
-#line 201 "ssl_expr_scan.l"
-{ return T_OP_NRE; }
- YY_BREAK
-case 33:
-YY_RULE_SETUP
-#line 202 "ssl_expr_scan.l"
-{ return T_OP_AND; }
- YY_BREAK
-case 34:
-YY_RULE_SETUP
-#line 203 "ssl_expr_scan.l"
-{ return T_OP_AND; }
- YY_BREAK
-case 35:
-YY_RULE_SETUP
-#line 204 "ssl_expr_scan.l"
-{ return T_OP_OR; }
- YY_BREAK
-case 36:
-YY_RULE_SETUP
-#line 205 "ssl_expr_scan.l"
-{ return T_OP_OR; }
- YY_BREAK
-case 37:
-YY_RULE_SETUP
-#line 206 "ssl_expr_scan.l"
-{ return T_OP_NOT; }
- YY_BREAK
-case 38:
-YY_RULE_SETUP
-#line 207 "ssl_expr_scan.l"
-{ return T_OP_NOT; }
- YY_BREAK
-case 39:
-YY_RULE_SETUP
-#line 208 "ssl_expr_scan.l"
-{ return T_OP_IN; }
- YY_BREAK
-/*
- * Functions
- */
-case 40:
-YY_RULE_SETUP
-#line 213 "ssl_expr_scan.l"
-{ return T_FUNC_FILE; }
- YY_BREAK
-/*
- * Specials
- */
-case 41:
-YY_RULE_SETUP
-#line 218 "ssl_expr_scan.l"
-{ return T_TRUE; }
- YY_BREAK
-case 42:
-YY_RULE_SETUP
-#line 219 "ssl_expr_scan.l"
-{ return T_FALSE; }
- YY_BREAK
-/*
- * Digits
- */
-case 43:
-YY_RULE_SETUP
-#line 224 "ssl_expr_scan.l"
-{
- yylval.cpVal = apr_pstrdup(ssl_expr_info.pool, yytext);
- return T_DIGIT;
-}
- YY_BREAK
-/*
- * Identifiers
- */
-case 44:
-YY_RULE_SETUP
-#line 232 "ssl_expr_scan.l"
-{
- yylval.cpVal = apr_pstrdup(ssl_expr_info.pool, yytext);
- return T_ID;
-}
- YY_BREAK
-/*
- * Anything else is returned as is...
- */
-case 45:
-YY_RULE_SETUP
-#line 240 "ssl_expr_scan.l"
-{
- return yytext[0];
-}
- YY_BREAK
-case 46:
-YY_RULE_SETUP
-#line 244 "ssl_expr_scan.l"
-YY_FATAL_ERROR( "flex scanner jammed" );
- YY_BREAK
-#line 1098 "lex.ssl_expr_yy.c"
-case YY_STATE_EOF(INITIAL):
-case YY_STATE_EOF(str):
-case YY_STATE_EOF(regex):
- yyterminate();
-
- case YY_END_OF_BUFFER:
- {
- /* Amount of text matched not including the EOB char. */
- int yy_amount_of_matched_text = (int) (yy_cp - yytext_ptr) - 1;
-
- /* Undo the effects of YY_DO_BEFORE_ACTION. */
- *yy_cp = yy_hold_char;
- YY_RESTORE_YY_MORE_OFFSET
-
- if ( yy_current_buffer->yy_buffer_status == YY_BUFFER_NEW )
- {
- /* We're scanning a new file or input source. It's
- * possible that this happened because the user
- * just pointed yyin at a new source and called
- * yylex(). If so, then we have to assure
- * consistency between yy_current_buffer and our
- * globals. Here is the right place to do so, because
- * this is the first action (other than possibly a
- * back-up) that will match for the new input source.
- */
- yy_n_chars = yy_current_buffer->yy_n_chars;
- yy_current_buffer->yy_input_file = yyin;
- yy_current_buffer->yy_buffer_status = YY_BUFFER_NORMAL;
- }
-
- /* Note that here we test for yy_c_buf_p "<=" to the position
- * of the first EOB in the buffer, since yy_c_buf_p will
- * already have been incremented past the NUL character
- * (since all states make transitions on EOB to the
- * end-of-buffer state). Contrast this with the test
- * in input().
- */
- if ( yy_c_buf_p <= &yy_current_buffer->yy_ch_buf[yy_n_chars] )
- { /* This was really a NUL. */
- yy_state_type yy_next_state;
-
- yy_c_buf_p = yytext_ptr + yy_amount_of_matched_text;
-
- yy_current_state = yy_get_previous_state();
-
- /* Okay, we're now positioned to make the NUL
- * transition. We couldn't have
- * yy_get_previous_state() go ahead and do it
- * for us because it doesn't know how to deal
- * with the possibility of jamming (and we don't
- * want to build jamming into it because then it
- * will run more slowly).
- */
-
- yy_next_state = yy_try_NUL_trans( yy_current_state );
-
- yy_bp = yytext_ptr + YY_MORE_ADJ;
-
- if ( yy_next_state )
- {
- /* Consume the NUL. */
- yy_cp = ++yy_c_buf_p;
- yy_current_state = yy_next_state;
- goto yy_match;
- }
-
- else
- {
- yy_cp = yy_last_accepting_cpos;
- yy_current_state = yy_last_accepting_state;
- goto yy_find_action;
- }
- }
-
- else switch ( yy_get_next_buffer() )
- {
- case EOB_ACT_END_OF_FILE:
- {
- yy_did_buffer_switch_on_eof = 0;
-
- if ( yywrap() )
- {
- /* Note: because we've taken care in
- * yy_get_next_buffer() to have set up
- * yytext, we can now set up
- * yy_c_buf_p so that if some total
- * hoser (like flex itself) wants to
- * call the scanner after we return the
- * YY_NULL, it'll still work - another
- * YY_NULL will get returned.
- */
- yy_c_buf_p = yytext_ptr + YY_MORE_ADJ;
-
- yy_act = YY_STATE_EOF(YY_START);
- goto do_action;
- }
-
- else
- {
- if ( ! yy_did_buffer_switch_on_eof )
- YY_NEW_FILE;
- }
- break;
- }
-
- case EOB_ACT_CONTINUE_SCAN:
- yy_c_buf_p =
- yytext_ptr + yy_amount_of_matched_text;
-
- yy_current_state = yy_get_previous_state();
-
- yy_cp = yy_c_buf_p;
- yy_bp = yytext_ptr + YY_MORE_ADJ;
- goto yy_match;
-
- case EOB_ACT_LAST_MATCH:
- yy_c_buf_p =
- &yy_current_buffer->yy_ch_buf[yy_n_chars];
-
- yy_current_state = yy_get_previous_state();
-
- yy_cp = yy_c_buf_p;
- yy_bp = yytext_ptr + YY_MORE_ADJ;
- goto yy_find_action;
- }
- break;
- }
-
- default:
- YY_FATAL_ERROR(
- "fatal flex scanner internal error--no action found" );
- } /* end of action switch */
- } /* end of scanning one token */
- } /* end of yylex */
-
-
-/* yy_get_next_buffer - try to read in a new buffer
- *
- * Returns a code representing an action:
- * EOB_ACT_LAST_MATCH -
- * EOB_ACT_CONTINUE_SCAN - continue scanning from current position
- * EOB_ACT_END_OF_FILE - end of file
- */
-
-static int yy_get_next_buffer()
- {
- register char *dest = yy_current_buffer->yy_ch_buf;
- register char *source = yytext_ptr;
- register int number_to_move, i;
- int ret_val;
-
- if ( yy_c_buf_p > &yy_current_buffer->yy_ch_buf[yy_n_chars + 1] )
- YY_FATAL_ERROR(
- "fatal flex scanner internal error--end of buffer missed" );
-
- if ( yy_current_buffer->yy_fill_buffer == 0 )
- { /* Don't try to fill the buffer, so this is an EOF. */
- if ( yy_c_buf_p - yytext_ptr - YY_MORE_ADJ == 1 )
- {
- /* We matched a single character, the EOB, so
- * treat this as a final EOF.
- */
- return EOB_ACT_END_OF_FILE;
- }
-
- else
- {
- /* We matched some text prior to the EOB, first
- * process it.
- */
- return EOB_ACT_LAST_MATCH;
- }
- }
-
- /* Try to read more data. */
-
- /* First move last chars to start of buffer. */
- number_to_move = (int) (yy_c_buf_p - yytext_ptr) - 1;
-
- for ( i = 0; i < number_to_move; ++i )
- *(dest++) = *(source++);
-
- if ( yy_current_buffer->yy_buffer_status == YY_BUFFER_EOF_PENDING )
- /* don't do the read, it's not guaranteed to return an EOF,
- * just force an EOF
- */
- yy_current_buffer->yy_n_chars = yy_n_chars = 0;
-
- else
- {
- int num_to_read =
- yy_current_buffer->yy_buf_size - number_to_move - 1;
-
- while ( num_to_read <= 0 )
- { /* Not enough room in the buffer - grow it. */
-#ifdef YY_USES_REJECT
- YY_FATAL_ERROR(
-"input buffer overflow, can't enlarge buffer because scanner uses REJECT" );
-#else
-
- /* just a shorter name for the current buffer */
- YY_BUFFER_STATE b = yy_current_buffer;
-
- int yy_c_buf_p_offset =
- (int) (yy_c_buf_p - b->yy_ch_buf);
-
- if ( b->yy_is_our_buffer )
- {
- int new_size = b->yy_buf_size * 2;
-
- if ( new_size <= 0 )
- b->yy_buf_size += b->yy_buf_size / 8;
- else
- b->yy_buf_size *= 2;
-
- b->yy_ch_buf = (char *)
- /* Include room in for 2 EOB chars. */
- yy_flex_realloc( (void *) b->yy_ch_buf,
- b->yy_buf_size + 2 );
- }
- else
- /* Can't grow it, we don't own it. */
- b->yy_ch_buf = 0;
-
- if ( ! b->yy_ch_buf )
- YY_FATAL_ERROR(
- "fatal error - scanner input buffer overflow" );
-
- yy_c_buf_p = &b->yy_ch_buf[yy_c_buf_p_offset];
-
- num_to_read = yy_current_buffer->yy_buf_size -
- number_to_move - 1;
-#endif
- }
-
- if ( num_to_read > YY_READ_BUF_SIZE )
- num_to_read = YY_READ_BUF_SIZE;
-
- /* Read in more data. */
- YY_INPUT( (&yy_current_buffer->yy_ch_buf[number_to_move]),
- yy_n_chars, num_to_read );
-
- yy_current_buffer->yy_n_chars = yy_n_chars;
- }
-
- if ( yy_n_chars == 0 )
- {
- if ( number_to_move == YY_MORE_ADJ )
- {
- ret_val = EOB_ACT_END_OF_FILE;
- yyrestart( yyin );
- }
-
- else
- {
- ret_val = EOB_ACT_LAST_MATCH;
- yy_current_buffer->yy_buffer_status =
- YY_BUFFER_EOF_PENDING;
- }
- }
-
- else
- ret_val = EOB_ACT_CONTINUE_SCAN;
-
- yy_n_chars += number_to_move;
- yy_current_buffer->yy_ch_buf[yy_n_chars] = YY_END_OF_BUFFER_CHAR;
- yy_current_buffer->yy_ch_buf[yy_n_chars + 1] = YY_END_OF_BUFFER_CHAR;
-
- yytext_ptr = &yy_current_buffer->yy_ch_buf[0];
-
- return ret_val;
- }
-
-
-/* yy_get_previous_state - get the state just before the EOB char was reached */
-
-static yy_state_type yy_get_previous_state()
- {
- register yy_state_type yy_current_state;
- register char *yy_cp;
-
- yy_current_state = yy_start;
-
- for ( yy_cp = yytext_ptr + YY_MORE_ADJ; yy_cp < yy_c_buf_p; ++yy_cp )
- {
- register YY_CHAR yy_c = (*yy_cp ? yy_ec[YY_SC_TO_UI(*yy_cp)] : 1);
- if ( yy_accept[yy_current_state] )
- {
- yy_last_accepting_state = yy_current_state;
- yy_last_accepting_cpos = yy_cp;
- }
- while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state )
- {
- yy_current_state = (int) yy_def[yy_current_state];
- if ( yy_current_state >= 86 )
- yy_c = yy_meta[(unsigned int) yy_c];
- }
- yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c];
- }
-
- return yy_current_state;
- }
-
-
-/* yy_try_NUL_trans - try to make a transition on the NUL character
- *
- * synopsis
- * next_state = yy_try_NUL_trans( current_state );
- */
-
-#ifdef YY_USE_PROTOS
-static yy_state_type yy_try_NUL_trans( yy_state_type yy_current_state )
-#else
-static yy_state_type yy_try_NUL_trans( yy_current_state )
-yy_state_type yy_current_state;
-#endif
- {
- register int yy_is_jam;
- register char *yy_cp = yy_c_buf_p;
-
- register YY_CHAR yy_c = 1;
- if ( yy_accept[yy_current_state] )
- {
- yy_last_accepting_state = yy_current_state;
- yy_last_accepting_cpos = yy_cp;
- }
- while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state )
- {
- yy_current_state = (int) yy_def[yy_current_state];
- if ( yy_current_state >= 86 )
- yy_c = yy_meta[(unsigned int) yy_c];
- }
- yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c];
- yy_is_jam = (yy_current_state == 85);
-
- return yy_is_jam ? 0 : yy_current_state;
- }
-
-
-#ifndef YY_NO_UNPUT
-#ifdef YY_USE_PROTOS
-static void yyunput( int c, register char *yy_bp )
-#else
-static void yyunput( c, yy_bp )
-int c;
-register char *yy_bp;
-#endif
- {
- register char *yy_cp = yy_c_buf_p;
-
- /* undo effects of setting up yytext */
- *yy_cp = yy_hold_char;
-
- if ( yy_cp < yy_current_buffer->yy_ch_buf + 2 )
- { /* need to shift things up to make room */
- /* +2 for EOB chars. */
- register int number_to_move = yy_n_chars + 2;
- register char *dest = &yy_current_buffer->yy_ch_buf[
- yy_current_buffer->yy_buf_size + 2];
- register char *source =
- &yy_current_buffer->yy_ch_buf[number_to_move];
-
- while ( source > yy_current_buffer->yy_ch_buf )
- *--dest = *--source;
-
- yy_cp += (int) (dest - source);
- yy_bp += (int) (dest - source);
- yy_current_buffer->yy_n_chars =
- yy_n_chars = yy_current_buffer->yy_buf_size;
-
- if ( yy_cp < yy_current_buffer->yy_ch_buf + 2 )
- YY_FATAL_ERROR( "flex scanner push-back overflow" );
- }
-
- *--yy_cp = (char) c;
-
-
- yytext_ptr = yy_bp;
- yy_hold_char = *yy_cp;
- yy_c_buf_p = yy_cp;
- }
-#endif /* ifndef YY_NO_UNPUT */
-
-
-#ifdef __cplusplus
-static int yyinput()
-#else
-static int input()
-#endif
- {
- int c;
-
- *yy_c_buf_p = yy_hold_char;
-
- if ( *yy_c_buf_p == YY_END_OF_BUFFER_CHAR )
- {
- /* yy_c_buf_p now points to the character we want to return.
- * If this occurs *before* the EOB characters, then it's a
- * valid NUL; if not, then we've hit the end of the buffer.
- */
- if ( yy_c_buf_p < &yy_current_buffer->yy_ch_buf[yy_n_chars] )
- /* This was really a NUL. */
- *yy_c_buf_p = '\0';
-
- else
- { /* need more input */
- int offset = yy_c_buf_p - yytext_ptr;
- ++yy_c_buf_p;
-
- switch ( yy_get_next_buffer() )
- {
- case EOB_ACT_LAST_MATCH:
- /* This happens because yy_g_n_b()
- * sees that we've accumulated a
- * token and flags that we need to
- * try matching the token before
- * proceeding. But for input(),
- * there's no matching to consider.
- * So convert the EOB_ACT_LAST_MATCH
- * to EOB_ACT_END_OF_FILE.
- */
-
- /* Reset buffer status. */
- yyrestart( yyin );
-
- /* fall through */
-
- case EOB_ACT_END_OF_FILE:
- {
- if ( yywrap() )
- return EOF;
-
- if ( ! yy_did_buffer_switch_on_eof )
- YY_NEW_FILE;
-#ifdef __cplusplus
- return yyinput();
-#else
- return input();
-#endif
- }
-
- case EOB_ACT_CONTINUE_SCAN:
- yy_c_buf_p = yytext_ptr + offset;
- break;
- }
- }
- }
-
- c = *(unsigned char *) yy_c_buf_p; /* cast for 8-bit char's */
- *yy_c_buf_p = '\0'; /* preserve yytext */
- yy_hold_char = *++yy_c_buf_p;
-
-
- return c;
- }
-
-
-#ifdef YY_USE_PROTOS
-void yyrestart( FILE *input_file )
-#else
-void yyrestart( input_file )
-FILE *input_file;
-#endif
- {
- if ( ! yy_current_buffer )
- yy_current_buffer = yy_create_buffer( yyin, YY_BUF_SIZE );
-
- yy_init_buffer( yy_current_buffer, input_file );
- yy_load_buffer_state();
- }
-
-
-#ifdef YY_USE_PROTOS
-void yy_switch_to_buffer( YY_BUFFER_STATE new_buffer )
-#else
-void yy_switch_to_buffer( new_buffer )
-YY_BUFFER_STATE new_buffer;
-#endif
- {
- if ( yy_current_buffer == new_buffer )
- return;
-
- if ( yy_current_buffer )
- {
- /* Flush out information for old buffer. */
- *yy_c_buf_p = yy_hold_char;
- yy_current_buffer->yy_buf_pos = yy_c_buf_p;
- yy_current_buffer->yy_n_chars = yy_n_chars;
- }
-
- yy_current_buffer = new_buffer;
- yy_load_buffer_state();
-
- /* We don't actually know whether we did this switch during
- * EOF (yywrap()) processing, but the only time this flag
- * is looked at is after yywrap() is called, so it's safe
- * to go ahead and always set it.
- */
- yy_did_buffer_switch_on_eof = 1;
- }
-
-
-#ifdef YY_USE_PROTOS
-void yy_load_buffer_state( void )
-#else
-void yy_load_buffer_state()
-#endif
- {
- yy_n_chars = yy_current_buffer->yy_n_chars;
- yytext_ptr = yy_c_buf_p = yy_current_buffer->yy_buf_pos;
- yyin = yy_current_buffer->yy_input_file;
- yy_hold_char = *yy_c_buf_p;
- }
-
-
-#ifdef YY_USE_PROTOS
-YY_BUFFER_STATE yy_create_buffer( FILE *file, int size )
-#else
-YY_BUFFER_STATE yy_create_buffer( file, size )
-FILE *file;
-int size;
-#endif
- {
- YY_BUFFER_STATE b;
-
- b = (YY_BUFFER_STATE) yy_flex_alloc( sizeof( struct yy_buffer_state ) );
- if ( ! b )
- YY_FATAL_ERROR( "out of dynamic memory in yy_create_buffer()" );
-
- b->yy_buf_size = size;
-
- /* yy_ch_buf has to be 2 characters longer than the size given because
- * we need to put in 2 end-of-buffer characters.
- */
- b->yy_ch_buf = (char *) yy_flex_alloc( b->yy_buf_size + 2 );
- if ( ! b->yy_ch_buf )
- YY_FATAL_ERROR( "out of dynamic memory in yy_create_buffer()" );
-
- b->yy_is_our_buffer = 1;
-
- yy_init_buffer( b, file );
-
- return b;
- }
-
-
-#ifdef YY_USE_PROTOS
-void yy_delete_buffer( YY_BUFFER_STATE b )
-#else
-void yy_delete_buffer( b )
-YY_BUFFER_STATE b;
-#endif
- {
- if ( ! b )
- return;
-
- if ( b == yy_current_buffer )
- yy_current_buffer = (YY_BUFFER_STATE) 0;
-
- if ( b->yy_is_our_buffer )
- yy_flex_free( (void *) b->yy_ch_buf );
-
- yy_flex_free( (void *) b );
- }
-
-
-#ifndef YY_ALWAYS_INTERACTIVE
-#ifndef YY_NEVER_INTERACTIVE
-extern int isatty YY_PROTO(( int ));
-#endif
-#endif
-
-#ifdef YY_USE_PROTOS
-void yy_init_buffer( YY_BUFFER_STATE b, FILE *file )
-#else
-void yy_init_buffer( b, file )
-YY_BUFFER_STATE b;
-FILE *file;
-#endif
-
-
- {
- yy_flush_buffer( b );
-
- b->yy_input_file = file;
- b->yy_fill_buffer = 1;
-
-#if YY_ALWAYS_INTERACTIVE
- b->yy_is_interactive = 1;
-#else
-#if YY_NEVER_INTERACTIVE
- b->yy_is_interactive = 0;
-#else
- b->yy_is_interactive = file ? (isatty( fileno(file) ) > 0) : 0;
-#endif
-#endif
- }
-
-
-#ifdef YY_USE_PROTOS
-void yy_flush_buffer( YY_BUFFER_STATE b )
-#else
-void yy_flush_buffer( b )
-YY_BUFFER_STATE b;
-#endif
-
- {
- if ( ! b )
- return;
-
- b->yy_n_chars = 0;
-
- /* We always need two end-of-buffer characters. The first causes
- * a transition to the end-of-buffer state. The second causes
- * a jam in that state.
- */
- b->yy_ch_buf[0] = YY_END_OF_BUFFER_CHAR;
- b->yy_ch_buf[1] = YY_END_OF_BUFFER_CHAR;
-
- b->yy_buf_pos = &b->yy_ch_buf[0];
-
- b->yy_at_bol = 1;
- b->yy_buffer_status = YY_BUFFER_NEW;
-
- if ( b == yy_current_buffer )
- yy_load_buffer_state();
- }
-
-
-#ifndef YY_NO_SCAN_BUFFER
-#ifdef YY_USE_PROTOS
-YY_BUFFER_STATE yy_scan_buffer( char *base, yy_size_t size )
-#else
-YY_BUFFER_STATE yy_scan_buffer( base, size )
-char *base;
-yy_size_t size;
-#endif
- {
- YY_BUFFER_STATE b;
-
- if ( size < 2 ||
- base[size-2] != YY_END_OF_BUFFER_CHAR ||
- base[size-1] != YY_END_OF_BUFFER_CHAR )
- /* They forgot to leave room for the EOB's. */
- return 0;
-
- b = (YY_BUFFER_STATE) yy_flex_alloc( sizeof( struct yy_buffer_state ) );
- if ( ! b )
- YY_FATAL_ERROR( "out of dynamic memory in yy_scan_buffer()" );
-
- b->yy_buf_size = size - 2; /* "- 2" to take care of EOB's */
- b->yy_buf_pos = b->yy_ch_buf = base;
- b->yy_is_our_buffer = 0;
- b->yy_input_file = 0;
- b->yy_n_chars = b->yy_buf_size;
- b->yy_is_interactive = 0;
- b->yy_at_bol = 1;
- b->yy_fill_buffer = 0;
- b->yy_buffer_status = YY_BUFFER_NEW;
-
- yy_switch_to_buffer( b );
-
- return b;
- }
-#endif
-
-
-#ifndef YY_NO_SCAN_STRING
-#ifdef YY_USE_PROTOS
-YY_BUFFER_STATE yy_scan_string( yyconst char *yy_str )
-#else
-YY_BUFFER_STATE yy_scan_string( yy_str )
-yyconst char *yy_str;
-#endif
- {
- int len;
- for ( len = 0; yy_str[len]; ++len )
- ;
-
- return yy_scan_bytes( yy_str, len );
- }
-#endif
-
-
-#ifndef YY_NO_SCAN_BYTES
-#ifdef YY_USE_PROTOS
-YY_BUFFER_STATE yy_scan_bytes( yyconst char *bytes, int len )
-#else
-YY_BUFFER_STATE yy_scan_bytes( bytes, len )
-yyconst char *bytes;
-int len;
-#endif
- {
- YY_BUFFER_STATE b;
- char *buf;
- yy_size_t n;
- int i;
-
- /* Get memory for full buffer, including space for trailing EOB's. */
- n = len + 2;
- buf = (char *) yy_flex_alloc( n );
- if ( ! buf )
- YY_FATAL_ERROR( "out of dynamic memory in yy_scan_bytes()" );
-
- for ( i = 0; i < len; ++i )
- buf[i] = bytes[i];
-
- buf[len] = buf[len+1] = YY_END_OF_BUFFER_CHAR;
-
- b = yy_scan_buffer( buf, n );
- if ( ! b )
- YY_FATAL_ERROR( "bad buffer in yy_scan_bytes()" );
-
- /* It's okay to grow etc. this buffer, and we should throw it
- * away when we're done.
- */
- b->yy_is_our_buffer = 1;
-
- return b;
- }
-#endif
-
-
-#ifndef YY_NO_PUSH_STATE
-#ifdef YY_USE_PROTOS
-static void yy_push_state( int new_state )
-#else
-static void yy_push_state( new_state )
-int new_state;
-#endif
- {
- if ( yy_start_stack_ptr >= yy_start_stack_depth )
- {
- yy_size_t new_size;
-
- yy_start_stack_depth += YY_START_STACK_INCR;
- new_size = yy_start_stack_depth * sizeof( int );
-
- if ( ! yy_start_stack )
- yy_start_stack = (int *) yy_flex_alloc( new_size );
-
- else
- yy_start_stack = (int *) yy_flex_realloc(
- (void *) yy_start_stack, new_size );
-
- if ( ! yy_start_stack )
- YY_FATAL_ERROR(
- "out of memory expanding start-condition stack" );
- }
-
- yy_start_stack[yy_start_stack_ptr++] = YY_START;
-
- BEGIN(new_state);
- }
-#endif
-
-
-#ifndef YY_NO_POP_STATE
-static void yy_pop_state()
- {
- if ( --yy_start_stack_ptr < 0 )
- YY_FATAL_ERROR( "start-condition stack underflow" );
-
- BEGIN(yy_start_stack[yy_start_stack_ptr]);
- }
-#endif
-
-
-#ifndef YY_NO_TOP_STATE
-static int yy_top_state()
- {
- return yy_start_stack[yy_start_stack_ptr - 1];
- }
-#endif
-
-#ifndef YY_EXIT_FAILURE
-#define YY_EXIT_FAILURE 2
-#endif
-
-#ifdef YY_USE_PROTOS
-static void yy_fatal_error( yyconst char msg[] )
-#else
-static void yy_fatal_error( msg )
-char msg[];
-#endif
- {
- (void) fprintf( stderr, "%s\n", msg );
- exit( YY_EXIT_FAILURE );
- }
-
-
-
-/* Redefine yyless() so it works in section 3 code. */
-
-#undef yyless
-#define yyless(n) \
- do \
- { \
- /* Undo effects of setting up yytext. */ \
- yytext[yyleng] = yy_hold_char; \
- yy_c_buf_p = yytext + n; \
- yy_hold_char = *yy_c_buf_p; \
- *yy_c_buf_p = '\0'; \
- yyleng = n; \
- } \
- while ( 0 )
-
-
-/* Internal utility routines. */
-
-#ifndef yytext_ptr
-#ifdef YY_USE_PROTOS
-static void yy_flex_strncpy( char *s1, yyconst char *s2, int n )
-#else
-static void yy_flex_strncpy( s1, s2, n )
-char *s1;
-yyconst char *s2;
-int n;
-#endif
- {
- register int i;
- for ( i = 0; i < n; ++i )
- s1[i] = s2[i];
- }
-#endif
-
-#ifdef YY_NEED_STRLEN
-#ifdef YY_USE_PROTOS
-static int yy_flex_strlen( yyconst char *s )
-#else
-static int yy_flex_strlen( s )
-yyconst char *s;
-#endif
- {
- register int n;
- for ( n = 0; s[n]; ++n )
- ;
-
- return n;
- }
-#endif
-
-
-#ifdef YY_USE_PROTOS
-static void *yy_flex_alloc( yy_size_t size )
-#else
-static void *yy_flex_alloc( size )
-yy_size_t size;
-#endif
- {
- return (void *) malloc( size );
- }
-
-#ifdef YY_USE_PROTOS
-static void *yy_flex_realloc( void *ptr, yy_size_t size )
-#else
-static void *yy_flex_realloc( ptr, size )
-void *ptr;
-yy_size_t size;
-#endif
- {
- /* The cast to (char *) in the following accommodates both
- * implementations that use char* generic pointers, and those
- * that use void* generic pointers. It works with the latter
- * because both ANSI C and C++ allow castless assignment from
- * any pointer type to void*, and deal with argument conversions
- * as though doing an assignment.
- */
- return (void *) realloc( (char *) ptr, size );
- }
-
-#ifdef YY_USE_PROTOS
-static void yy_flex_free( void *ptr )
-#else
-static void yy_flex_free( ptr )
-void *ptr;
-#endif
- {
- free( ptr );
- }
-
-#if YY_MAIN
-int main()
- {
- yylex();
- return 0;
- }
-#endif
-#line 244 "ssl_expr_scan.l"
-
-
-int yyinput(char *buf, int max_size)
-{
- int n;
-
- if ((n = MIN(max_size, ssl_expr_info.inputbuf
- + ssl_expr_info.inputlen
- - ssl_expr_info.inputptr)) <= 0)
- return YY_NULL;
- memcpy(buf, ssl_expr_info.inputptr, n);
- ssl_expr_info.inputptr += n;
- return n;
-}
-
diff --git a/rubbos/app/httpd-2.0.64/modules/ssl/ssl_expr_scan.l b/rubbos/app/httpd-2.0.64/modules/ssl/ssl_expr_scan.l
deleted file mode 100644
index 86ba3b49..00000000
--- a/rubbos/app/httpd-2.0.64/modules/ssl/ssl_expr_scan.l
+++ /dev/null
@@ -1,225 +0,0 @@
-/* Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-/* _ _
- * _ __ ___ ___ __| | ___ ___| |
- * | '_ ` _ \ / _ \ / _` | / __/ __| |
- * | | | | | | (_) | (_| | \__ \__ \ | mod_ssl - Apache Interface to OpenSSL
- * |_| |_| |_|\___/ \__,_|___|___/___/_| http://www.modssl.org/
- * |_____|
- * ssl_expr_scan.l
- * Expression Scanner
- */
- /* ``Killing for peace is
- like fucking for virginity.''
- -- Unknown */
-
-/* _________________________________________________________________
-**
-** Expression Scanner
-** _________________________________________________________________
-*/
-
-%{
-#include "mod_ssl.h"
-
-#include "ssl_expr_parse.h"
-
-#define YY_NO_UNPUT 1
-int yyinput(char *buf, int max_size);
-
-#undef YY_INPUT
-#define YY_INPUT(buf,result,max_size) \
- (result = yyinput(buf, max_size))
-
-#define MAX_STR_LEN 2048
-%}
-
-%pointer
-/* %option stack */
-%option never-interactive
-%option noyywrap
-%x str
-%x regex regex_flags
-
-%%
-
- char caStr[MAX_STR_LEN];
- char *cpStr = NULL;
- char caRegex[MAX_STR_LEN];
- char *cpRegex = NULL;
- char cRegexDel = NUL;
-
- /*
- * Whitespaces
- */
-[ \t\n]+ {
- /* NOP */
-}
-
- /*
- * C-style strings ("...")
- */
-\" {
- cpStr = caStr;
- BEGIN(str);
-}
-<str>\" {
- BEGIN(INITIAL);
- *cpStr = NUL;
- yylval.cpVal = apr_pstrdup(ssl_expr_info.pool, caStr);
- return T_STRING;
-}
-<str>\n {
- yyerror("Unterminated string");
-}
-<str>\\[0-7]{1,3} {
- int result;
-
- (void)sscanf(yytext+1, "%o", &result);
- if (result > 0xff)
- yyerror("Escape sequence out of bound");
- else
- *cpStr++ = result;
-}
-<str>\\[0-9]+ {
- yyerror("Bad escape sequence");
-}
-<str>\\n { *cpStr++ = '\n'; }
-<str>\\r { *cpStr++ = '\r'; }
-<str>\\t { *cpStr++ = '\t'; }
-<str>\\b { *cpStr++ = '\b'; }
-<str>\\f { *cpStr++ = '\f'; }
-<str>\\(.|\n) {
- *cpStr++ = yytext[1];
-}
-<str>[^\\\n\"]+ {
- char *cp = yytext;
- while (*cp != NUL)
- *cpStr++ = *cp++;
-}
-<str>. {
- *cpStr++ = yytext[1];
-}
-
- /*
- * Regular Expression
- */
-"m". {
- cRegexDel = yytext[1];
- cpRegex = caRegex;
- BEGIN(regex);
-}
-<regex>.|\n {
- if (yytext[0] == cRegexDel) {
- *cpRegex = NUL;
- BEGIN(regex_flags);
- }
- else {
- *cpRegex++ = yytext[0];
- }
-}
-<regex_flags>i {
- yylval.cpVal = apr_pstrdup(ssl_expr_info.pool, caRegex);
- BEGIN(INITIAL);
- return T_REGEX_I;
-}
-<regex_flags>.|\n {
- yylval.cpVal = apr_pstrdup(ssl_expr_info.pool, caRegex);
- yyless(0);
- BEGIN(INITIAL);
- return T_REGEX;
-}
-<regex_flags><<EOF>> {
- yylval.cpVal = apr_pstrdup(ssl_expr_info.pool, caRegex);
- BEGIN(INITIAL);
- return T_REGEX;
-}
-
- /*
- * Operators
- */
-"eq" { return T_OP_EQ; }
-"==" { return T_OP_EQ; }
-"ne" { return T_OP_NE; }
-"!=" { return T_OP_NE; }
-"lt" { return T_OP_LT; }
-"<" { return T_OP_LT; }
-"le" { return T_OP_LE; }
-"<=" { return T_OP_LE; }
-"gt" { return T_OP_GT; }
-">" { return T_OP_GT; }
-"ge" { return T_OP_GE; }
-">=" { return T_OP_GE; }
-"=~" { return T_OP_REG; }
-"!~" { return T_OP_NRE; }
-"and" { return T_OP_AND; }
-"&&" { return T_OP_AND; }
-"or" { return T_OP_OR; }
-"||" { return T_OP_OR; }
-"not" { return T_OP_NOT; }
-"!" { return T_OP_NOT; }
-"in" { return T_OP_IN; }
-
- /*
- * Functions
- */
-"file" { return T_FUNC_FILE; }
-
- /*
- * Specials
- */
-"true" { return T_TRUE; }
-"false" { return T_FALSE; }
-
- /*
- * Digits
- */
-[0-9]+ {
- yylval.cpVal = apr_pstrdup(ssl_expr_info.pool, yytext);
- return T_DIGIT;
-}
-
- /*
- * Identifiers
- */
-[a-zA-Z][a-zA-Z0-9_:-]* {
- yylval.cpVal = apr_pstrdup(ssl_expr_info.pool, yytext);
- return T_ID;
-}
-
- /*
- * Anything else is returned as is...
- */
-.|\n {
- return yytext[0];
-}
-
-%%
-
-int yyinput(char *buf, int max_size)
-{
- int n;
-
- if ((n = MIN(max_size, ssl_expr_info.inputbuf
- + ssl_expr_info.inputlen
- - ssl_expr_info.inputptr)) <= 0)
- return YY_NULL;
- memcpy(buf, ssl_expr_info.inputptr, n);
- ssl_expr_info.inputptr += n;
- return n;
-}
-
diff --git a/rubbos/app/httpd-2.0.64/modules/ssl/ssl_scache.c b/rubbos/app/httpd-2.0.64/modules/ssl/ssl_scache.c
deleted file mode 100644
index d74b853b..00000000
--- a/rubbos/app/httpd-2.0.64/modules/ssl/ssl_scache.c
+++ /dev/null
@@ -1,199 +0,0 @@
-/* Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-/* _ _
- * _ __ ___ ___ __| | ___ ___| | mod_ssl
- * | '_ ` _ \ / _ \ / _` | / __/ __| | Apache Interface to OpenSSL
- * | | | | | | (_) | (_| | \__ \__ \ |
- * |_| |_| |_|\___/ \__,_|___|___/___/_|
- * |_____|
- * ssl_scache.c
- * Session Cache Abstraction
- */
- /* ``Open-Source Software: generous
- programmers from around the world all
- join forces to help you shoot
- yourself in the foot for free.''
- -- Unknown */
-#include "mod_ssl.h"
-
-/* _________________________________________________________________
-**
-** Session Cache: Common Abstraction Layer
-** _________________________________________________________________
-*/
-
-void ssl_scache_init(server_rec *s, apr_pool_t *p)
-{
- SSLModConfigRec *mc = myModConfig(s);
-
- /*
- * Warn the user that he should use the session cache.
- * But we can operate without it, of course.
- */
- if (mc->nSessionCacheMode == SSL_SCMODE_UNSET) {
- ap_log_error(APLOG_MARK, APLOG_WARNING, 0, s,
- "Init: Session Cache is not configured "
- "[hint: SSLSessionCache]");
- mc->nSessionCacheMode = SSL_SCMODE_NONE;
- return;
- }
-
- if (mc->nSessionCacheMode == SSL_SCMODE_DBM)
- ssl_scache_dbm_init(s, p);
- else if ((mc->nSessionCacheMode == SSL_SCMODE_SHMHT) ||
- (mc->nSessionCacheMode == SSL_SCMODE_SHMCB)) {
- void *data;
- const char *userdata_key = "ssl_scache_init";
-
- apr_pool_userdata_get(&data, userdata_key, s->process->pool);
- if (!data) {
- apr_pool_userdata_set((const void *)1, userdata_key,
- apr_pool_cleanup_null, s->process->pool);
- return;
- }
- if (mc->nSessionCacheMode == SSL_SCMODE_SHMHT)
- ssl_scache_shmht_init(s, p);
- else if (mc->nSessionCacheMode == SSL_SCMODE_SHMCB)
- ssl_scache_shmcb_init(s, p);
- }
-}
-
-void ssl_scache_kill(server_rec *s)
-{
- SSLModConfigRec *mc = myModConfig(s);
-
- if (mc->nSessionCacheMode == SSL_SCMODE_DBM)
- ssl_scache_dbm_kill(s);
- else if (mc->nSessionCacheMode == SSL_SCMODE_SHMHT)
- ssl_scache_shmht_kill(s);
- else if (mc->nSessionCacheMode == SSL_SCMODE_SHMCB)
- ssl_scache_shmcb_kill(s);
- return;
-}
-
-BOOL ssl_scache_store(server_rec *s, UCHAR *id, int idlen, time_t expiry, SSL_SESSION *sess)
-{
- SSLModConfigRec *mc = myModConfig(s);
- BOOL rv = FALSE;
-
- if (mc->nSessionCacheMode == SSL_SCMODE_DBM)
- rv = ssl_scache_dbm_store(s, id, idlen, expiry, sess);
- else if (mc->nSessionCacheMode == SSL_SCMODE_SHMHT)
- rv = ssl_scache_shmht_store(s, id, idlen, expiry, sess);
- else if (mc->nSessionCacheMode == SSL_SCMODE_SHMCB)
- rv = ssl_scache_shmcb_store(s, id, idlen, expiry, sess);
- return rv;
-}
-
-SSL_SESSION *ssl_scache_retrieve(server_rec *s, UCHAR *id, int idlen)
-{
- SSLModConfigRec *mc = myModConfig(s);
- SSL_SESSION *sess = NULL;
-
- if (mc->nSessionCacheMode == SSL_SCMODE_DBM)
- sess = ssl_scache_dbm_retrieve(s, id, idlen);
- else if (mc->nSessionCacheMode == SSL_SCMODE_SHMHT)
- sess = ssl_scache_shmht_retrieve(s, id, idlen);
- else if (mc->nSessionCacheMode == SSL_SCMODE_SHMCB)
- sess = ssl_scache_shmcb_retrieve(s, id, idlen);
- return sess;
-}
-
-void ssl_scache_remove(server_rec *s, UCHAR *id, int idlen)
-{
- SSLModConfigRec *mc = myModConfig(s);
-
- if (mc->nSessionCacheMode == SSL_SCMODE_DBM)
- ssl_scache_dbm_remove(s, id, idlen);
- else if (mc->nSessionCacheMode == SSL_SCMODE_SHMHT)
- ssl_scache_shmht_remove(s, id, idlen);
- else if (mc->nSessionCacheMode == SSL_SCMODE_SHMCB)
- ssl_scache_shmcb_remove(s, id, idlen);
- return;
-}
-
-void ssl_scache_status(server_rec *s, apr_pool_t *p, void (*func)(char *, void *), void *arg)
-{
- SSLModConfigRec *mc = myModConfig(s);
-
- if (mc->nSessionCacheMode == SSL_SCMODE_DBM)
- ssl_scache_dbm_status(s, p, func, arg);
- else if (mc->nSessionCacheMode == SSL_SCMODE_SHMHT)
- ssl_scache_shmht_status(s, p, func, arg);
- else if (mc->nSessionCacheMode == SSL_SCMODE_SHMCB)
- ssl_scache_shmcb_status(s, p, func, arg);
- return;
-}
-
-void ssl_scache_expire(server_rec *s)
-{
- SSLModConfigRec *mc = myModConfig(s);
-
- if (mc->nSessionCacheMode == SSL_SCMODE_DBM)
- ssl_scache_dbm_expire(s);
- else if (mc->nSessionCacheMode == SSL_SCMODE_SHMHT)
- ssl_scache_shmht_expire(s);
- else if (mc->nSessionCacheMode == SSL_SCMODE_SHMCB)
- ssl_scache_shmcb_expire(s);
- return;
-}
-
-/* _________________________________________________________________
-**
-** SSL Extension to mod_status
-** _________________________________________________________________
-*/
-#if 0 /* NOT YET */
-static void ssl_ext_ms_display(request_rec *, int, int);
-
-void ssl_scache_status_register(apr_pool_t *p)
-{
- /* XXX point mod_status to this update, when it grows the opt fn */
-#if 0
- ap_hook_register("ap::mod_status::display", ssl_ext_ms_display, AP_HOOK_NOCTX);
-#endif
- return;
-}
-
-static void ssl_ext_ms_display_cb(char *str, void *_r)
-{
- request_rec *r = (request_rec *)_r;
- if (str != NULL)
- ap_rputs(str, r);
- return;
-}
-
-static void ssl_ext_ms_display(request_rec *r, int no_table_report, int short_report)
-{
- SSLSrvConfigRec *sc = mySrvConfig(r->server);
-
- if (sc == NULL)
- return;
- if (short_report)
- return;
- ap_rputs("<hr>\n", r);
- ap_rputs("<table cellspacing=0 cellpadding=0>\n", r);
- ap_rputs("<tr><td bgcolor=\"#000000\">\n", r);
- ap_rputs("<b><font color=\"#ffffff\" face=\"Arial,Helvetica\">SSL/TLS Session Cache Status:</font></b>\r", r);
- ap_rputs("</td></tr>\n", r);
- ap_rputs("<tr><td bgcolor=\"#ffffff\">\n", r);
- ssl_scache_status(r->server, r->pool, ssl_ext_ms_display_cb, r);
- ap_rputs("</td></tr>\n", r);
- ap_rputs("</table>\n", r);
- return;
-}
-#endif
diff --git a/rubbos/app/httpd-2.0.64/modules/ssl/ssl_scache_dbm.c b/rubbos/app/httpd-2.0.64/modules/ssl/ssl_scache_dbm.c
deleted file mode 100644
index 10ab9c89..00000000
--- a/rubbos/app/httpd-2.0.64/modules/ssl/ssl_scache_dbm.c
+++ /dev/null
@@ -1,462 +0,0 @@
-/* Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-/* _ _
- * _ __ ___ ___ __| | ___ ___| | mod_ssl
- * | '_ ` _ \ / _ \ / _` | / __/ __| | Apache Interface to OpenSSL
- * | | | | | | (_) | (_| | \__ \__ \ |
- * |_| |_| |_|\___/ \__,_|___|___/___/_|
- * |_____|
- * ssl_scache_dbm.c
- * Session Cache via DBM
- */
-
-#include "mod_ssl.h"
-
-void ssl_scache_dbm_init(server_rec *s, apr_pool_t *p)
-{
- SSLModConfigRec *mc = myModConfig(s);
- apr_dbm_t *dbm;
- apr_status_t rv;
-
- /* for the DBM we need the data file */
- if (mc->szSessionCacheDataFile == NULL) {
- ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
- "SSLSessionCache required");
- ssl_die();
- }
-
- /* open it once to create it and to make sure it _can_ be created */
- ssl_mutex_on(s);
- if ((rv = apr_dbm_open(&dbm, mc->szSessionCacheDataFile,
- APR_DBM_RWCREATE, SSL_DBM_FILE_MODE, mc->pPool)) != APR_SUCCESS) {
- ap_log_error(APLOG_MARK, APLOG_ERR, rv, s,
- "Cannot create SSLSessionCache DBM file `%s'",
- mc->szSessionCacheDataFile);
- ssl_mutex_off(s);
- return;
- }
- apr_dbm_close(dbm);
-
-#if !defined(OS2) && !defined(WIN32) && !defined(BEOS) && !defined(NETWARE)
- /*
- * We have to make sure the Apache child processes have access to
- * the DBM file. But because there are brain-dead platforms where we
- * cannot exactly determine the suffixes we try all possibilities.
- */
- if (geteuid() == 0 /* is superuser */) {
- chown(mc->szSessionCacheDataFile, unixd_config.user_id, -1 /* no gid change */);
- if (chown(apr_pstrcat(p, mc->szSessionCacheDataFile, SSL_DBM_FILE_SUFFIX_DIR, NULL),
- unixd_config.user_id, -1) == -1) {
- if (chown(apr_pstrcat(p, mc->szSessionCacheDataFile, ".db", NULL),
- unixd_config.user_id, -1) == -1)
- chown(apr_pstrcat(p, mc->szSessionCacheDataFile, ".dir", NULL),
- unixd_config.user_id, -1);
- }
- if (chown(apr_pstrcat(p, mc->szSessionCacheDataFile, SSL_DBM_FILE_SUFFIX_PAG, NULL),
- unixd_config.user_id, -1) == -1) {
- if (chown(apr_pstrcat(p, mc->szSessionCacheDataFile, ".db", NULL),
- unixd_config.user_id, -1) == -1)
- chown(apr_pstrcat(p, mc->szSessionCacheDataFile, ".pag", NULL),
- unixd_config.user_id, -1);
- }
- }
-#endif
- ssl_mutex_off(s);
- ssl_scache_dbm_expire(s);
- return;
-}
-
-void ssl_scache_dbm_kill(server_rec *s)
-{
- SSLModConfigRec *mc = myModConfig(s);
- apr_pool_t *p;
-
- apr_pool_sub_make(&p, mc->pPool, NULL);
- if (p != NULL) {
- /* the correct way */
- unlink(apr_pstrcat(p, mc->szSessionCacheDataFile, SSL_DBM_FILE_SUFFIX_DIR, NULL));
- unlink(apr_pstrcat(p, mc->szSessionCacheDataFile, SSL_DBM_FILE_SUFFIX_PAG, NULL));
- /* the additional ways to be sure */
- unlink(apr_pstrcat(p, mc->szSessionCacheDataFile, ".dir", NULL));
- unlink(apr_pstrcat(p, mc->szSessionCacheDataFile, ".pag", NULL));
- unlink(apr_pstrcat(p, mc->szSessionCacheDataFile, ".db", NULL));
- unlink(mc->szSessionCacheDataFile);
- apr_pool_destroy(p);
- }
- return;
-}
-
-BOOL ssl_scache_dbm_store(server_rec *s, UCHAR *id, int idlen, time_t expiry, SSL_SESSION *sess)
-{
- SSLModConfigRec *mc = myModConfig(s);
- apr_dbm_t *dbm;
- apr_datum_t dbmkey;
- apr_datum_t dbmval;
- UCHAR ucaData[SSL_SESSION_MAX_DER];
- int nData;
- UCHAR *ucp;
- apr_status_t rv;
-
- /* streamline session data */
- if ((nData = i2d_SSL_SESSION(sess, NULL)) > sizeof(ucaData)) {
- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
- "streamline session data size too large: %d > %d",
- nData, sizeof(ucaData));
- return FALSE;
- }
- ucp = ucaData;
- i2d_SSL_SESSION(sess, &ucp);
-
- /* be careful: do not try to store too much bytes in a DBM file! */
-#ifdef PAIRMAX
- if ((idlen + nData) >= PAIRMAX) {
- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
- "data size too large for DBM session cache: %d >= %d",
- (idlen + nData), PAIRMAX);
- return FALSE;
- }
-#else
- if ((idlen + nData) >= 950 /* at least less than approx. 1KB */) {
- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
- "data size too large for DBM session cache: %d >= %d",
- (idlen + nData), 950);
- return FALSE;
- }
-#endif
-
- /* create DBM key */
- dbmkey.dptr = (char *)id;
- dbmkey.dsize = idlen;
-
- /* create DBM value */
- dbmval.dsize = sizeof(time_t) + nData;
- dbmval.dptr = (char *)malloc(dbmval.dsize);
- if (dbmval.dptr == NULL) {
- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
- "malloc error creating DBM value");
- return FALSE;
- }
- memcpy((char *)dbmval.dptr, &expiry, sizeof(time_t));
- memcpy((char *)dbmval.dptr+sizeof(time_t), ucaData, nData);
-
- /* and store it to the DBM file */
- ssl_mutex_on(s);
- if ((rv = apr_dbm_open(&dbm, mc->szSessionCacheDataFile,
- APR_DBM_RWCREATE, SSL_DBM_FILE_MODE, mc->pPool)) != APR_SUCCESS) {
- ap_log_error(APLOG_MARK, APLOG_ERR, rv, s,
- "Cannot open SSLSessionCache DBM file `%s' for writing "
- "(store)",
- mc->szSessionCacheDataFile);
- ssl_mutex_off(s);
- free(dbmval.dptr);
- return FALSE;
- }
- if ((rv = apr_dbm_store(dbm, dbmkey, dbmval)) != APR_SUCCESS) {
- ap_log_error(APLOG_MARK, APLOG_ERR, rv, s,
- "Cannot store SSL session to DBM file `%s'",
- mc->szSessionCacheDataFile);
- apr_dbm_close(dbm);
- ssl_mutex_off(s);
- free(dbmval.dptr);
- return FALSE;
- }
- apr_dbm_close(dbm);
- ssl_mutex_off(s);
-
- /* free temporary buffers */
- free(dbmval.dptr);
-
- /* allow the regular expiring to occur */
- ssl_scache_dbm_expire(s);
-
- return TRUE;
-}
-
-SSL_SESSION *ssl_scache_dbm_retrieve(server_rec *s, UCHAR *id, int idlen)
-{
- SSLModConfigRec *mc = myModConfig(s);
- apr_dbm_t *dbm;
- apr_datum_t dbmkey;
- apr_datum_t dbmval;
- SSL_SESSION *sess = NULL;
- MODSSL_D2I_SSL_SESSION_CONST unsigned char *ucpData;
- int nData;
- time_t expiry;
- time_t now;
- apr_status_t rc;
-
- /* allow the regular expiring to occur */
- ssl_scache_dbm_expire(s);
-
- /* create DBM key and values */
- dbmkey.dptr = (char *)id;
- dbmkey.dsize = idlen;
-
- /* and fetch it from the DBM file
- * XXX: Should we open the dbm against r->pool so the cleanup will
- * do the apr_dbm_close? This would make the code a bit cleaner.
- */
- ssl_mutex_on(s);
- if ((rc = apr_dbm_open(&dbm, mc->szSessionCacheDataFile,
- APR_DBM_RWCREATE, SSL_DBM_FILE_MODE, mc->pPool)) != APR_SUCCESS) {
- ap_log_error(APLOG_MARK, APLOG_ERR, rc, s,
- "Cannot open SSLSessionCache DBM file `%s' for reading "
- "(fetch)",
- mc->szSessionCacheDataFile);
- ssl_mutex_off(s);
- return NULL;
- }
- rc = apr_dbm_fetch(dbm, dbmkey, &dbmval);
- if (rc != APR_SUCCESS) {
- apr_dbm_close(dbm);
- ssl_mutex_off(s);
- return NULL;
- }
- if (dbmval.dptr == NULL || dbmval.dsize <= sizeof(time_t)) {
- apr_dbm_close(dbm);
- ssl_mutex_off(s);
- return NULL;
- }
-
- /* parse resulting data */
- nData = dbmval.dsize-sizeof(time_t);
- ucpData = malloc(nData);
- if (ucpData == NULL) {
- apr_dbm_close(dbm);
- ssl_mutex_off(s);
- return NULL;
- }
- /* Cast needed, ucpData may be const */
- memcpy((unsigned char *)ucpData,
- (char *)dbmval.dptr + sizeof(time_t), nData);
- memcpy(&expiry, dbmval.dptr, sizeof(time_t));
-
- apr_dbm_close(dbm);
- ssl_mutex_off(s);
-
- /* make sure the stuff is still not expired */
- now = time(NULL);
- if (expiry <= now) {
- ssl_scache_dbm_remove(s, id, idlen);
- return NULL;
- }
-
- /* unstreamed SSL_SESSION */
- sess = d2i_SSL_SESSION(NULL, &ucpData, nData);
-
- return sess;
-}
-
-void ssl_scache_dbm_remove(server_rec *s, UCHAR *id, int idlen)
-{
- SSLModConfigRec *mc = myModConfig(s);
- apr_dbm_t *dbm;
- apr_datum_t dbmkey;
- apr_status_t rv;
-
- /* create DBM key and values */
- dbmkey.dptr = (char *)id;
- dbmkey.dsize = idlen;
-
- /* and delete it from the DBM file */
- ssl_mutex_on(s);
- if ((rv = apr_dbm_open(&dbm, mc->szSessionCacheDataFile,
- APR_DBM_RWCREATE, SSL_DBM_FILE_MODE, mc->pPool)) != APR_SUCCESS) {
- ap_log_error(APLOG_MARK, APLOG_ERR, rv, s,
- "Cannot open SSLSessionCache DBM file `%s' for writing "
- "(delete)",
- mc->szSessionCacheDataFile);
- ssl_mutex_off(s);
- return;
- }
- apr_dbm_delete(dbm, dbmkey);
- apr_dbm_close(dbm);
- ssl_mutex_off(s);
-
- return;
-}
-
-void ssl_scache_dbm_expire(server_rec *s)
-{
- SSLModConfigRec *mc = myModConfig(s);
- SSLSrvConfigRec *sc = mySrvConfig(s);
- static time_t tLast = 0;
- apr_dbm_t *dbm;
- apr_datum_t dbmkey;
- apr_datum_t dbmval;
- apr_pool_t *p;
- time_t tExpiresAt;
- int nElements = 0;
- int nDeleted = 0;
- int bDelete;
- apr_datum_t *keylist;
- int keyidx;
- int i;
- time_t tNow;
- apr_status_t rv;
-
- /*
- * make sure the expiration for still not-accessed session
- * cache entries is done only from time to time
- */
- tNow = time(NULL);
- if (tNow < tLast+sc->session_cache_timeout)
- return;
- tLast = tNow;
-
- /*
- * Here we have to be very carefully: Not all DBM libraries are
- * smart enough to allow one to iterate over the elements and at the
- * same time delete expired ones. Some of them get totally crazy
- * while others have no problems. So we have to do it the slower but
- * more safe way: we first iterate over all elements and remember
- * those which have to be expired. Then in a second pass we delete
- * all those expired elements. Additionally we reopen the DBM file
- * to be really safe in state.
- */
-
-#define KEYMAX 1024
-
- ssl_mutex_on(s);
- for (;;) {
- /* allocate the key array in a memory sub pool */
- apr_pool_sub_make(&p, mc->pPool, NULL);
- if (p == NULL)
- break;
- if ((keylist = apr_palloc(p, sizeof(dbmkey)*KEYMAX)) == NULL) {
- apr_pool_destroy(p);
- break;
- }
-
- /* pass 1: scan DBM database */
- keyidx = 0;
- if ((rv = apr_dbm_open(&dbm, mc->szSessionCacheDataFile,
- APR_DBM_RWCREATE,SSL_DBM_FILE_MODE,
- p)) != APR_SUCCESS) {
- ap_log_error(APLOG_MARK, APLOG_ERR, rv, s,
- "Cannot open SSLSessionCache DBM file `%s' for "
- "scanning",
- mc->szSessionCacheDataFile);
- apr_pool_destroy(p);
- break;
- }
- apr_dbm_firstkey(dbm, &dbmkey);
- while (dbmkey.dptr != NULL) {
- nElements++;
- bDelete = FALSE;
- apr_dbm_fetch(dbm, dbmkey, &dbmval);
- if (dbmval.dsize <= sizeof(time_t) || dbmval.dptr == NULL)
- bDelete = TRUE;
- else {
- memcpy(&tExpiresAt, dbmval.dptr, sizeof(time_t));
- if (tExpiresAt <= tNow)
- bDelete = TRUE;
- }
- if (bDelete) {
- if ((keylist[keyidx].dptr = apr_palloc(p, dbmkey.dsize)) != NULL) {
- memcpy(keylist[keyidx].dptr, dbmkey.dptr, dbmkey.dsize);
- keylist[keyidx].dsize = dbmkey.dsize;
- keyidx++;
- if (keyidx == KEYMAX)
- break;
- }
- }
- apr_dbm_nextkey(dbm, &dbmkey);
- }
- apr_dbm_close(dbm);
-
- /* pass 2: delete expired elements */
- if (apr_dbm_open(&dbm, mc->szSessionCacheDataFile,
- APR_DBM_RWCREATE,SSL_DBM_FILE_MODE, p) != APR_SUCCESS) {
- ap_log_error(APLOG_MARK, APLOG_ERR, rv, s,
- "Cannot re-open SSLSessionCache DBM file `%s' for "
- "expiring",
- mc->szSessionCacheDataFile);
- apr_pool_destroy(p);
- break;
- }
- for (i = 0; i < keyidx; i++) {
- apr_dbm_delete(dbm, keylist[i]);
- nDeleted++;
- }
- apr_dbm_close(dbm);
-
- /* destroy temporary pool */
- apr_pool_destroy(p);
-
- if (keyidx < KEYMAX)
- break;
- }
- ssl_mutex_off(s);
-
- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
- "Inter-Process Session Cache (DBM) Expiry: "
- "old: %d, new: %d, removed: %d",
- nElements, nElements-nDeleted, nDeleted);
- return;
-}
-
-void ssl_scache_dbm_status(server_rec *s, apr_pool_t *p, void (*func)(char *, void *), void *arg)
-{
- SSLModConfigRec *mc = myModConfig(s);
- apr_dbm_t *dbm;
- apr_datum_t dbmkey;
- apr_datum_t dbmval;
- int nElem;
- int nSize;
- int nAverage;
- apr_status_t rv;
-
- nElem = 0;
- nSize = 0;
- ssl_mutex_on(s);
- /*
- * XXX - Check what pool is to be used - TBD
- */
- if ((rv = apr_dbm_open(&dbm, mc->szSessionCacheDataFile,
- APR_DBM_RWCREATE, SSL_DBM_FILE_MODE,
- mc->pPool)) != APR_SUCCESS) {
- ap_log_error(APLOG_MARK, APLOG_ERR, rv, s,
- "Cannot open SSLSessionCache DBM file `%s' for status "
- "retrival",
- mc->szSessionCacheDataFile);
- ssl_mutex_off(s);
- return;
- }
- /*
- * XXX - Check the return value of apr_dbm_firstkey, apr_dbm_fetch - TBD
- */
- apr_dbm_firstkey(dbm, &dbmkey);
- for ( ; dbmkey.dptr != NULL; apr_dbm_nextkey(dbm, &dbmkey)) {
- apr_dbm_fetch(dbm, dbmkey, &dbmval);
- if (dbmval.dptr == NULL)
- continue;
- nElem += 1;
- nSize += dbmval.dsize;
- }
- apr_dbm_close(dbm);
- ssl_mutex_off(s);
- if (nSize > 0 && nElem > 0)
- nAverage = nSize / nElem;
- else
- nAverage = 0;
- func(apr_psprintf(p, "cache type: <b>DBM</b>, maximum size: <b>unlimited</b><br>"), arg);
- func(apr_psprintf(p, "current sessions: <b>%d</b>, current size: <b>%d</b> bytes<br>", nElem, nSize), arg);
- func(apr_psprintf(p, "average session size: <b>%d</b> bytes<br>", nAverage), arg);
- return;
-}
-
diff --git a/rubbos/app/httpd-2.0.64/modules/ssl/ssl_scache_shmcb.c b/rubbos/app/httpd-2.0.64/modules/ssl/ssl_scache_shmcb.c
deleted file mode 100644
index cee66bf5..00000000
--- a/rubbos/app/httpd-2.0.64/modules/ssl/ssl_scache_shmcb.c
+++ /dev/null
@@ -1,1362 +0,0 @@
-/* Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-/* _ _
- * _ __ ___ ___ __| | ___ ___| | mod_ssl
- * | '_ ` _ \ / _ \ / _` | / __/ __| | Apache Interface to OpenSSL
- * | | | | | | (_) | (_| | \__ \__ \ |
- * |_| |_| |_|\___/ \__,_|___|___/___/_|
- * |_____|
- * ssl_scache_shmcb.c
- * Session Cache via Shared Memory (Cyclic Buffer Variant)
- */
-
-#include "mod_ssl.h"
-
-/*
- * This shared memory based SSL session cache implementation was
- * originally written by Geoff Thorpe <geoff@geoffthorpe.net> for C2Net
- * Europe as a contribution to Ralf Engelschall's mod_ssl project.
- */
-
-/*
- * The shared-memory segment header can be cast to and from the
- * SHMCBHeader type, all other structures need to be initialised by
- * utility functions.
- *
- * The "header" looks like this;
- *
- * data applying to the overall structure:
- * - division_offset (unsigned int):
- * how far into the shared memory segment the first division is.
- * - division_size (unsigned int):
- * how many bytes each division occupies.
- * (NB: This includes the queue and the cache)
- * - division_mask (unsigned char):
- * the "mask" in the next line. Add one to this,
- * and that's the number of divisions.
- *
- * data applying to within each division:
- * - queue_size (unsigned int):
- * how big each "queue" is. NB: The queue is the first block in each
- * division and is followed immediately by the cache itself so so
- * there's no cache_offset value.
- *
- * data applying to within each queue:
- * - index_num (unsigned char):
- * how many indexes in each cache's queue
- * - index_offset (unsigned char):
- * how far into the queue the first index is.
- * - index_size:
- * how big each index is.
- *
- * data applying to within each cache:
- * - cache_data_offset (unsigned int):
- * how far into the cache the session-data array is stored.
- * - cache_data_size (unsigned int):
- * how big each cache's data block is.
- *
- * statistics data (this will eventually be per-division but right now
- * there's only one mutex):
- * - stores (unsigned long):
- * how many stores have been performed in the cache.
- * - expiries (unsigned long):
- * how many session have been expired from the cache.
- * - scrolled (unsigned long):
- * how many sessions have been scrolled out of full cache during a
- * "store" operation. This is different to the "removes" stats as
- * they are requested by mod_ssl/Apache, these are done because of
- * cache logistics. (NB: Also, this value should be deducible from
- * the others if my code has no bugs, but I count it anyway - plus
- * it helps debugging :-).
- * - retrieves_hit (unsigned long):
- * how many session-retrieves have succeeded.
- * - retrieves_miss (unsigned long):
- * how many session-retrieves have failed.
- * - removes_hit (unsigned long):
- * - removes_miss (unsigned long):
- *
- * Following immediately after the header is an array of "divisions".
- * Each division is simply a "queue" immediately followed by its
- * corresponding "cache". Each division handles some pre-defined band
- * of sessions by using the "division_mask" in the header. Eg. if
- * division_mask=0x1f then there are 32 divisions, the first of which
- * will store sessions whose least-significant 5 bits are 0, the second
- * stores session whose LS 5 bits equal 1, etc. A queue is an indexing
- * structure referring to its corresponding cache.
- *
- * A "queue" looks like this;
- *
- * - first_pos (unsigned int):
- * the location within the array of indexes where the virtual
- * "left-hand-edge" of the cyclic buffer is.
- * - pos_count (unsigned int):
- * the number of indexes occupied from first_pos onwards.
- *
- * ...followed by an array of indexes, each of which can be
- * memcpy'd to and from an SHMCBIndex, and look like this;
- *
- * - expires (time_t):
- * the time() value at which this session expires.
- * - offset (unsigned int):
- * the offset within the cache data block where the corresponding
- * session is stored.
- * - s_id2 (unsigned char):
- * the second byte of the session_id, stored as an optimisation to
- * reduce the number of d2i_SSL_SESSION calls that are made when doing
- * a lookup.
- * - removed (unsigned char):
- * a byte used to indicate whether a session has been "passively"
- * removed. Ie. it is still in the cache but is to be disregarded by
- * any "retrieve" operation.
- *
- * A "cache" looks like this;
- *
- * - first_pos (unsigned int):
- * the location within the data block where the virtual
- * "left-hand-edge" of the cyclic buffer is.
- * - pos_count (unsigned int):
- * the number of bytes used in the data block from first_pos onwards.
- *
- * ...followed by the data block in which actual DER-encoded SSL
- * sessions are stored.
- */
-
-/*
- * Header - can be memcpy'd to and from the front of the shared
- * memory segment. NB: The first copy (commented out) has the
- * elements in a meaningful order, but due to data-alignment
- * braindeadness, the second (uncommented) copy has the types grouped
- * so as to decrease "struct-bloat". sigh.
- */
-typedef struct {
- unsigned long num_stores;
- unsigned long num_expiries;
- unsigned long num_scrolled;
- unsigned long num_retrieves_hit;
- unsigned long num_retrieves_miss;
- unsigned long num_removes_hit;
- unsigned long num_removes_miss;
- unsigned int division_offset;
- unsigned int division_size;
- unsigned int queue_size;
- unsigned int cache_data_offset;
- unsigned int cache_data_size;
- unsigned char division_mask;
- unsigned int index_num;
- unsigned int index_offset;
- unsigned int index_size;
-} SHMCBHeader;
-
-/*
- * Index - can be memcpy'd to and from an index inside each
- * queue's index array.
- */
-typedef struct {
- time_t expires;
- unsigned int offset;
- unsigned char s_id2;
- unsigned char removed;
-} SHMCBIndex;
-
-/*
- * Queue - must be populated by a call to shmcb_get_division
- * and the structure's pointers are used for updating (ie.
- * the structure doesn't need any "set" to update values).
- */
-typedef struct {
- SHMCBHeader *header;
- unsigned int *first_pos;
- unsigned int *pos_count;
- SHMCBIndex *indexes;
-} SHMCBQueue;
-
-/*
- * Cache - same comment as for Queue. 'Queue's are in a 1-1
- * correspondance with 'Cache's and are usually carried round
- * in a pair, they are only seperated for clarity.
- */
-typedef struct {
- SHMCBHeader *header;
- unsigned int *first_pos;
- unsigned int *pos_count;
- unsigned char *data;
-} SHMCBCache;
-
-/*
- * Forward function prototypes.
- */
-
-/* Functions for working around data-alignment-picky systems (sparcs,
- Irix, etc). These use "memcpy" as a way of foxing these systems into
- treating the composite types as byte-arrays rather than higher-level
- primitives that it prefers to have 4-(or 8-)byte aligned. I don't
- envisage this being a performance issue as a couple of 2 or 4 byte
- memcpys can hardly make a dent on the massive memmove operations this
- cache technique avoids, nor the overheads of ASN en/decoding. */
-static unsigned int shmcb_get_safe_uint(unsigned int *);
-static void shmcb_set_safe_uint_ex(unsigned char *, const unsigned char *);
-#define shmcb_set_safe_uint(pdest, src) \
- do { \
- unsigned int tmp_uint = src; \
- shmcb_set_safe_uint_ex((unsigned char *)pdest, \
- (const unsigned char *)(&tmp_uint)); \
- } while(0)
-#if 0 /* Unused so far */
-static unsigned long shmcb_get_safe_ulong(unsigned long *);
-static void shmcb_set_safe_ulong_ex(unsigned char *, const unsigned char *);
-#define shmcb_set_safe_ulong(pdest, src) \
- do { \
- unsigned long tmp_ulong = src; \
- shmcb_set_safe_ulong_ex((unsigned char *)pdest, \
- (const unsigned char *)(&tmp_ulong)); \
- } while(0)
-#endif
-static time_t shmcb_get_safe_time(time_t *);
-static void shmcb_set_safe_time_ex(unsigned char *, const unsigned char *);
-#define shmcb_set_safe_time(pdest, src) \
- do { \
- time_t tmp_time = src; \
- shmcb_set_safe_time_ex((unsigned char *)pdest, \
- (const unsigned char *)(&tmp_time)); \
- } while(0)
-
-/* This is necessary simply so that the size passed to memset() is not a
- * compile-time constant, preventing the compiler from optimising it. */
-static void shmcb_safe_clear(void *ptr, size_t size)
-{
- memset(ptr, 0, size);
-}
-
-/* Underlying functions for session-caching */
-static BOOL shmcb_init_memory(server_rec *, void *, unsigned int);
-static BOOL shmcb_store_session(server_rec *, void *, UCHAR *, int, SSL_SESSION *, time_t);
-static SSL_SESSION *shmcb_retrieve_session(server_rec *, void *, UCHAR *, int);
-static BOOL shmcb_remove_session(server_rec *, void *, UCHAR *, int);
-
-/* Utility functions for manipulating the structures */
-static void shmcb_get_header(void *, SHMCBHeader **);
-static BOOL shmcb_get_division(SHMCBHeader *, SHMCBQueue *, SHMCBCache *, unsigned int);
-static SHMCBIndex *shmcb_get_index(const SHMCBQueue *, unsigned int);
-static unsigned int shmcb_expire_division(server_rec *, SHMCBQueue *, SHMCBCache *);
-static BOOL shmcb_insert_encoded_session(server_rec *, SHMCBQueue *, SHMCBCache *, unsigned char *, unsigned int, unsigned char *, time_t);
-static SSL_SESSION *shmcb_lookup_session_id(server_rec *, SHMCBQueue *, SHMCBCache *, UCHAR *, unsigned int);
-static BOOL shmcb_remove_session_id(server_rec *, SHMCBQueue *, SHMCBCache *, UCHAR *, unsigned int);
-
-/*
- * Data-alignment functions (a.k.a. avoidance tactics)
- *
- * NB: On HPUX (and possibly others) there is a *very* mischievous little
- * "optimisation" in the compilers where it will convert the following;
- * memcpy(dest_ptr, &source, sizeof(unsigned int));
- * (where dest_ptr is of type (unsigned int *) and source is (unsigned int))
- * into;
- * *dest_ptr = source; (or *dest_ptr = *(&source), not sure).
- * Either way, it completely destroys the whole point of these _safe_
- * functions, because the assignment operation will fall victim to the
- * architecture's byte-alignment dictations, whereas the memcpy (as a
- * byte-by-byte copy) should not. sigh. So, if you're wondering about the
- * apparently unnecessary conversions to (unsigned char *) in these
- * functions, you now have an explanation. Don't just revert them back and
- * say "ooh look, it still works" - if you try it on HPUX (well, 32-bit
- * HPUX 11.00 at least) you may find it fails with a SIGBUS. :-(
- */
-
-static unsigned int shmcb_get_safe_uint(unsigned int *ptr)
-{
- unsigned int ret;
- shmcb_set_safe_uint_ex((unsigned char *)(&ret),
- (const unsigned char *)ptr);
- return ret;
-}
-
-static void shmcb_set_safe_uint_ex(unsigned char *dest,
- const unsigned char *src)
-{
- memcpy(dest, src, sizeof(unsigned int));
-}
-
-#if 0 /* Unused so far */
-static unsigned long shmcb_get_safe_ulong(unsigned long *ptr)
-{
- unsigned long ret;
- shmcb_set_safe_ulong_ex((unsigned char *)(&ret),
- (const unsigned char *)ptr);
- return ret;
-}
-
-static void shmcb_set_safe_ulong_ex(unsigned char *dest,
- const unsigned char *src)
-{
- memcpy(dest, src, sizeof(unsigned long));
-}
-#endif
-
-static time_t shmcb_get_safe_time(time_t * ptr)
-{
- time_t ret;
- shmcb_set_safe_time_ex((unsigned char *)(&ret),
- (const unsigned char *)ptr);
- return ret;
-}
-
-static void shmcb_set_safe_time_ex(unsigned char *dest,
- const unsigned char *src)
-{
- memcpy(dest, src, sizeof(time_t));
-}
-/*
-**
-** High-Level "handlers" as per ssl_scache.c
-**
-*/
-
-void ssl_scache_shmcb_init(server_rec *s, apr_pool_t *p)
-{
- SSLModConfigRec *mc = myModConfig(s);
- void *shm_segment;
- apr_size_t shm_segsize;
- apr_status_t rv;
-
- /*
- * Create shared memory segment
- */
- if (mc->szSessionCacheDataFile == NULL) {
- ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
- "SSLSessionCache required");
- ssl_die();
- }
-
- /* Use anonymous shm by default, fall back on name-based. */
- rv = apr_shm_create(&(mc->pSessionCacheDataMM),
- mc->nSessionCacheDataSize,
- NULL, mc->pPool);
-
- if (APR_STATUS_IS_ENOTIMPL(rv)) {
- rv = apr_shm_create(&(mc->pSessionCacheDataMM),
- mc->nSessionCacheDataSize,
- mc->szSessionCacheDataFile,
- mc->pPool);
- }
-
- if (rv != APR_SUCCESS) {
- char buf[100];
- ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
- "Cannot allocate shared memory: (%d)%s", rv,
- apr_strerror(rv, buf, sizeof(buf)));
- ssl_die();
- }
- shm_segment = apr_shm_baseaddr_get(mc->pSessionCacheDataMM);
- shm_segsize = apr_shm_size_get(mc->pSessionCacheDataMM);
-
- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
- "shmcb_init allocated %" APR_SIZE_T_FMT
- " bytes of shared memory",
- shm_segsize);
- if (!shmcb_init_memory(s, shm_segment, shm_segsize)) {
- ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
- "Failure initialising 'shmcb' shared memory");
- ssl_die();
- }
- ap_log_error(APLOG_MARK, APLOG_INFO, 0, s,
- "Shared memory session cache initialised");
-
- /*
- * Success ... we hack the memory block into place by cheating for
- * now and stealing a member variable the original shared memory
- * cache was using. :-)
- */
- mc->tSessionCacheDataTable = (table_t *) shm_segment;
- return;
-}
-
-void ssl_scache_shmcb_kill(server_rec *s)
-{
- SSLModConfigRec *mc = myModConfig(s);
-
- if (mc->pSessionCacheDataMM != NULL) {
- apr_shm_destroy(mc->pSessionCacheDataMM);
- mc->pSessionCacheDataMM = NULL;
- }
- return;
-}
-
-BOOL ssl_scache_shmcb_store(server_rec *s, UCHAR *id, int idlen,
- time_t timeout, SSL_SESSION * pSession)
-{
- SSLModConfigRec *mc = myModConfig(s);
- void *shm_segment;
- BOOL to_return = FALSE;
-
- /* We've kludged our pointer into the other cache's member variable. */
- shm_segment = (void *) mc->tSessionCacheDataTable;
- ssl_mutex_on(s);
- if (!shmcb_store_session(s, shm_segment, id, idlen, pSession, timeout))
- /* in this cache engine, "stores" should never fail. */
- ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
- "'shmcb' code was unable to store a "
- "session in the cache.");
- else {
- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
- "shmcb_store successful");
- to_return = TRUE;
- }
- ssl_mutex_off(s);
- return to_return;
-}
-
-SSL_SESSION *ssl_scache_shmcb_retrieve(server_rec *s, UCHAR *id, int idlen)
-{
- SSLModConfigRec *mc = myModConfig(s);
- void *shm_segment;
- SSL_SESSION *pSession;
-
- /* We've kludged our pointer into the other cache's member variable. */
- shm_segment = (void *) mc->tSessionCacheDataTable;
- ssl_mutex_on(s);
- pSession = shmcb_retrieve_session(s, shm_segment, id, idlen);
- ssl_mutex_off(s);
- if (pSession)
- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
- "shmcb_retrieve had a hit");
- else {
- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
- "shmcb_retrieve had a miss");
- ap_log_error(APLOG_MARK, APLOG_INFO, 0, s,
- "Client requested a 'session-resume' but "
- "we have no such session.");
- }
- return pSession;
-}
-
-void ssl_scache_shmcb_remove(server_rec *s, UCHAR *id, int idlen)
-{
- SSLModConfigRec *mc = myModConfig(s);
- void *shm_segment;
-
- /* We've kludged our pointer into the other cache's member variable. */
- shm_segment = (void *) mc->tSessionCacheDataTable;
- ssl_mutex_on(s);
- shmcb_remove_session(s, shm_segment, id, idlen);
- ssl_mutex_off(s);
-}
-
-void ssl_scache_shmcb_expire(server_rec *s)
-{
- /* NOP */
- return;
-}
-
-void ssl_scache_shmcb_status(server_rec *s, apr_pool_t *p,
- void (*func) (char *, void *), void *arg)
-{
- SSLModConfigRec *mc = myModConfig(s);
- SHMCBHeader *header;
- SHMCBQueue queue;
- SHMCBCache cache;
- SHMCBIndex *idx;
- void *shm_segment;
- unsigned int loop, total, cache_total, non_empty_divisions;
- int index_pct, cache_pct;
- double expiry_total;
- time_t average_expiry, now, max_expiry, min_expiry, idxexpiry;
-
- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
- "inside ssl_scache_shmcb_status");
-
- /* We've kludged our pointer into the other cache's member variable. */
- shm_segment = (void *) mc->tSessionCacheDataTable;
-
- /* Get the header structure. */
- shmcb_get_header(shm_segment, &header);
- total = cache_total = non_empty_divisions = 0;
- average_expiry = max_expiry = min_expiry = 0;
- expiry_total = 0;
-
- /* It may seem strange to grab "now" at this point, but in theory
- * we should never have a negative threshold but grabbing "now" after
- * the loop (which performs expiries) could allow that chance. */
- now = time(NULL);
- for (loop = 0; loop <= header->division_mask; loop++) {
- if (shmcb_get_division(header, &queue, &cache, loop)) {
- shmcb_expire_division(s, &queue, &cache);
- total += shmcb_get_safe_uint(queue.pos_count);
- cache_total += shmcb_get_safe_uint(cache.pos_count);
- if (shmcb_get_safe_uint(queue.pos_count) > 0) {
- idx = shmcb_get_index(&queue,
- shmcb_get_safe_uint(queue.first_pos));
- non_empty_divisions++;
- idxexpiry = shmcb_get_safe_time(&(idx->expires));
- expiry_total += (double) idxexpiry;
- max_expiry = (idxexpiry > max_expiry ? idxexpiry :
- max_expiry);
- if (min_expiry == 0)
- min_expiry = idxexpiry;
- else
- min_expiry = (idxexpiry < min_expiry ? idxexpiry :
- min_expiry);
- }
- }
- }
- index_pct = (100 * total) / (header->index_num * (header->division_mask + 1));
- cache_pct = (100 * cache_total) / (header->cache_data_size * (header->division_mask + 1));
- func(apr_psprintf(p, "cache type: <b>SHMCB</b>, shared memory: <b>%d</b> "
- "bytes, current sessions: <b>%d</b><br>",
- mc->nSessionCacheDataSize, total), arg);
- func(apr_psprintf(p, "sub-caches: <b>%d</b>, indexes per sub-cache: "
- "<b>%d</b><br>", (int) header->division_mask + 1,
- (int) header->index_num), arg);
- if (non_empty_divisions != 0) {
- average_expiry = (time_t)(expiry_total / (double)non_empty_divisions);
- func(apr_psprintf(p, "time left on oldest entries' SSL sessions: "), arg);
- if (now < average_expiry)
- func(apr_psprintf(p, "avg: <b>%d</b> seconds, (range: %d...%d)<br>",
- (int)(average_expiry - now), (int) (min_expiry - now),
- (int)(max_expiry - now)), arg);
- else
- func(apr_psprintf(p, "expiry threshold: <b>Calculation Error!</b>"
- "<br>"), arg);
-
- }
- func(apr_psprintf(p, "index usage: <b>%d%%</b>, cache usage: <b>%d%%</b>"
- "<br>", index_pct, cache_pct), arg);
- func(apr_psprintf(p, "total sessions stored since starting: <b>%lu</b><br>",
- header->num_stores), arg);
- func(apr_psprintf(p,"total sessions expired since starting: <b>%lu</b><br>",
- header->num_expiries), arg);
- func(apr_psprintf(p, "total (pre-expiry) sessions scrolled out of the "
- "cache: <b>%lu</b><br>", header->num_scrolled), arg);
- func(apr_psprintf(p, "total retrieves since starting: <b>%lu</b> hit, "
- "<b>%lu</b> miss<br>", header->num_retrieves_hit,
- header->num_retrieves_miss), arg);
- func(apr_psprintf(p, "total removes since starting: <b>%lu</b> hit, "
- "<b>%lu</b> miss<br>", header->num_removes_hit,
- header->num_removes_miss), arg);
- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
- "leaving shmcb_status");
- return;
-}
-
-/*
-**
-** Memory manipulation and low-level cache operations
-**
-*/
-
-static BOOL shmcb_init_memory(
- server_rec *s, void *shm_mem,
- unsigned int shm_mem_size)
-{
- SHMCBHeader *header;
- SHMCBQueue queue;
- SHMCBCache cache;
- unsigned int temp, loop, granularity;
-
- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
- "entered shmcb_init_memory()");
-
- /* Calculate some sizes... */
- temp = sizeof(SHMCBHeader);
-
- /* If the segment is ridiculously too small, bail out */
- if (shm_mem_size < (2*temp)) {
- ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
- "shared memory segment too small");
- return FALSE;
- }
-
- /* Make temp the amount of memory without the header */
- temp = shm_mem_size - temp;
-
- /* Work on the basis that you need 10 bytes index for each session
- * (approx 150 bytes), which is to divide temp by 160 - and then
- * make sure we err on having too index space to burn even when
- * the cache is full, which is a lot less stupid than having
- * having not enough index space to utilise the whole cache!. */
- temp /= 120;
- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
- "for %u bytes, recommending %u indexes",
- shm_mem_size, temp);
-
- /* We should divide these indexes evenly amongst the queues. Try
- * to get it so that there are roughly half the number of divisions
- * as there are indexes in each division. */
- granularity = 256;
- while ((temp / granularity) < (2 * granularity))
- granularity /= 2;
-
- /* So we have 'granularity' divisions, set 'temp' equal to the
- * number of indexes in each division. */
- temp /= granularity;
-
- /* Too small? Bail ... */
- if (temp < 5) {
- ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
- "shared memory segment too small");
- return FALSE;
- }
-
- /* OK, we're sorted - from here on in, the return should be TRUE */
- header = (SHMCBHeader *)shm_mem;
- header->division_mask = (unsigned char)(granularity - 1);
- header->division_offset = sizeof(SHMCBHeader);
- header->index_num = temp;
- header->index_offset = (2 * sizeof(unsigned int));
- header->index_size = sizeof(SHMCBIndex);
- header->queue_size = header->index_offset +
- (header->index_num * header->index_size);
-
- /* Now calculate the space for each division */
- temp = shm_mem_size - header->division_offset;
- header->division_size = temp / granularity;
-
- /* Calculate the space left in each division for the cache */
- temp -= header->queue_size;
- header->cache_data_offset = (2 * sizeof(unsigned int));
- header->cache_data_size = header->division_size -
- header->queue_size - header->cache_data_offset;
-
- /* Output trace info */
- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
- "shmcb_init_memory choices follow");
- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
- "division_mask = 0x%02X", header->division_mask);
- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
- "division_offset = %u", header->division_offset);
- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
- "division_size = %u", header->division_size);
- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
- "queue_size = %u", header->queue_size);
- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
- "index_num = %u", header->index_num);
- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
- "index_offset = %u", header->index_offset);
- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
- "index_size = %u", header->index_size);
- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
- "cache_data_offset = %u", header->cache_data_offset);
- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
- "cache_data_size = %u", header->cache_data_size);
-
- /* The header is done, make the caches empty */
- for (loop = 0; loop < granularity; loop++) {
- if (!shmcb_get_division(header, &queue, &cache, loop))
- ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, "shmcb_init_memory, " "internal error");
- shmcb_set_safe_uint(cache.first_pos, 0);
- shmcb_set_safe_uint(cache.pos_count, 0);
- shmcb_set_safe_uint(queue.first_pos, 0);
- shmcb_set_safe_uint(queue.pos_count, 0);
- }
-
- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
- "leaving shmcb_init_memory()");
- return TRUE;
-}
-
-static BOOL shmcb_store_session(
- server_rec *s, void *shm_segment, UCHAR *id,
- int idlen, SSL_SESSION * pSession,
- time_t timeout)
-{
- SHMCBHeader *header;
- SHMCBQueue queue;
- SHMCBCache cache;
- unsigned char masked_index;
- unsigned char encoded[SSL_SESSION_MAX_DER];
- unsigned char *ptr_encoded;
- unsigned int len_encoded;
- time_t expiry_time;
- unsigned char *session_id = SSL_SESSION_get_session_id(pSession);
-
- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
- "inside shmcb_store_session");
-
- /* Get the header structure, which division this session will fall into etc. */
- shmcb_get_header(shm_segment, &header);
- masked_index = session_id[0] & header->division_mask;
- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
- "session_id[0]=%u, masked index=%u",
- session_id[0], masked_index);
- if (!shmcb_get_division(header, &queue, &cache, (unsigned int)masked_index)) {
- ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
- "shmcb_store_session internal error");
- return FALSE;
- }
-
- /* Serialise the session, work out how much we're dealing
- * with. NB: This check could be removed if we're not paranoid
- * or we find some assurance that it will never be necessary. */
- len_encoded = i2d_SSL_SESSION(pSession, NULL);
- if (len_encoded > SSL_SESSION_MAX_DER) {
- ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
- "session is too big (%u bytes)", len_encoded);
- return FALSE;
- }
- ptr_encoded = encoded;
- len_encoded = i2d_SSL_SESSION(pSession, &ptr_encoded);
- expiry_time = timeout;
- if (!shmcb_insert_encoded_session(s, &queue, &cache, encoded,
- len_encoded, session_id,
- expiry_time)) {
- ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
- "can't store a session!");
- return FALSE;
- }
- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
- "leaving shmcb_store successfully");
- header->num_stores++;
- return TRUE;
-}
-
-static SSL_SESSION *shmcb_retrieve_session(
- server_rec *s, void *shm_segment,
- UCHAR *id, int idlen)
-{
- SHMCBHeader *header;
- SHMCBQueue queue;
- SHMCBCache cache;
- unsigned char masked_index;
- SSL_SESSION *pSession;
-
- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
- "inside shmcb_retrieve_session");
- if (idlen < 2) {
- ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, "unusably short session_id provided "
- "(%u bytes)", idlen);
- return FALSE;
- }
-
- /* Get the header structure, which division this session lookup
- * will come from etc. */
- shmcb_get_header(shm_segment, &header);
- masked_index = id[0] & header->division_mask;
- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
- "id[0]=%u, masked index=%u", id[0], masked_index);
- if (!shmcb_get_division(header, &queue, &cache, (unsigned int) masked_index)) {
- ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
- "shmcb_retrieve_session internal error");
- header->num_retrieves_miss++;
- return FALSE;
- }
-
- /* Get the session corresponding to the session_id or NULL if it
- * doesn't exist (or is flagged as "removed"). */
- pSession = shmcb_lookup_session_id(s, &queue, &cache, id, idlen);
- if (pSession)
- header->num_retrieves_hit++;
- else
- header->num_retrieves_miss++;
- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
- "leaving shmcb_retrieve_session");
- return pSession;
-}
-
-static BOOL shmcb_remove_session(
- server_rec *s, void *shm_segment,
- UCHAR *id, int idlen)
-{
- SHMCBHeader *header;
- SHMCBQueue queue;
- SHMCBCache cache;
- unsigned char masked_index;
- BOOL res;
-
- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
- "inside shmcb_remove_session");
- if (id == NULL) {
- ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, "remove called with NULL session_id!");
- return FALSE;
- }
-
- /* Get the header structure, which division this session remove
- * will happen in etc. */
- shmcb_get_header(shm_segment, &header);
- masked_index = id[0] & header->division_mask;
- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
- "id[0]=%u, masked index=%u", id[0], masked_index);
- if (!shmcb_get_division(header, &queue, &cache, (unsigned int)masked_index)) {
- ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, "shmcb_remove_session, internal error");
- header->num_removes_miss++;
- return FALSE;
- }
- res = shmcb_remove_session_id(s, &queue, &cache, id, idlen);
- if (res)
- header->num_removes_hit++;
- else
- header->num_removes_miss++;
- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
- "leaving shmcb_remove_session");
- return res;
-}
-
-
-/*
-**
-** Weirdo cyclic buffer functions
-**
-*/
-
-/* This gets used in the cyclic "index array" (in the 'Queue's) and
- * in the cyclic 'Cache's too ... you provide the "width" of the
- * cyclic store, the starting position and how far to move (with
- * wrapping if necessary). Basically it's addition modulo buf_size. */
-static unsigned int shmcb_cyclic_increment(
- unsigned int buf_size,
- unsigned int start_pos,
- unsigned int to_add)
-{
- start_pos += to_add;
- while (start_pos >= buf_size)
- start_pos -= buf_size;
- return start_pos;
-}
-
-/* Given two positions in a cyclic buffer, calculate the "distance".
- * This is to cover the case ("non-trivial") where the 'next' offset
- * is to the left of the 'start' offset. NB: This calculates the
- * space inclusive of one end-point but not the other. There is an
- * ambiguous case (which is why we use the <start_pos,offset>
- * coordinate system rather than <start_pos,end_pos> one) when 'start'
- * is the same as 'next'. It could indicate the buffer is full or it
- * can indicate the buffer is empty ... I choose the latter as it's
- * easier and usually necessary to check if the buffer is full anyway
- * before doing incremental logic (which is this useful for), but we
- * definitely need the empty case handled - in fact it's our starting
- * state!! */
-static unsigned int shmcb_cyclic_space(
- unsigned int buf_size,
- unsigned int start_offset,
- unsigned int next_offset)
-{
- /* Is it the trivial case? */
- if (start_offset <= next_offset)
- return (next_offset - start_offset); /* yes */
- else
- return ((buf_size - start_offset) + next_offset); /* no */
-}
-
-/* A "normal-to-cyclic" memcpy ... this takes a linear block of
- * memory and copies it onto a cyclic buffer. The purpose and
- * function of this is pretty obvious, you need to cover the case
- * that the destination (cyclic) buffer has to wrap round. */
-static void shmcb_cyclic_ntoc_memcpy(
- unsigned int buf_size,
- unsigned char *data,
- unsigned int dest_offset,
- unsigned char *src, unsigned int src_len)
-{
- /* Cover the case that src_len > buf_size */
- if (src_len > buf_size)
- src_len = buf_size;
-
- /* Can it be copied all in one go? */
- if (dest_offset + src_len < buf_size)
- /* yes */
- memcpy(data + dest_offset, src, src_len);
- else {
- /* no */
- memcpy(data + dest_offset, src, buf_size - dest_offset);
- memcpy(data, src + buf_size - dest_offset,
- src_len + dest_offset - buf_size);
- }
- return;
-}
-
-/* A "cyclic-to-normal" memcpy ... given the last function, this
- * one's purpose is clear, it copies out of a cyclic buffer handling
- * wrapping. */
-static void shmcb_cyclic_cton_memcpy(
- unsigned int buf_size,
- unsigned char *dest,
- unsigned char *data,
- unsigned int src_offset,
- unsigned int src_len)
-{
- /* Cover the case that src_len > buf_size */
- if (src_len > buf_size)
- src_len = buf_size;
-
- /* Can it be copied all in one go? */
- if (src_offset + src_len < buf_size)
- /* yes */
- memcpy(dest, data + src_offset, src_len);
- else {
- /* no */
- memcpy(dest, data + src_offset, buf_size - src_offset);
- memcpy(dest + buf_size - src_offset, data,
- src_len + src_offset - buf_size);
- }
- return;
-}
-
-/* Here's the cool hack that makes it all work ... by simply
- * making the first collection of bytes *be* our header structure
- * (casting it into the C structure), we have the perfect way to
- * maintain state in a shared-memory session cache from one call
- * (and process) to the next, use the shared memory itself! The
- * original mod_ssl shared-memory session cache uses variables
- * inside the context, but we simply use that for storing the
- * pointer to the shared memory itself. And don't forget, after
- * Apache's initialisation, this "header" is constant/read-only
- * so we can read it outside any locking.
- * <grin> - sometimes I just *love* coding y'know?! */
-static void shmcb_get_header(void *shm_mem, SHMCBHeader **header)
-{
- *header = (SHMCBHeader *)shm_mem;
- return;
-}
-
-/* This is what populates our "interesting" structures. Given a
- * pointer to the header, and an index into the appropriate
- * division (this must have already been masked using the
- * division_mask by the caller!), we can populate the provided
- * SHMCBQueue and SHMCBCache structures with values and
- * pointers to the underlying shared memory. Upon returning
- * (if not FALSE), the caller can meddle with the pointer
- * values and they will map into the shared-memory directly,
- * as such there's no need to "free" or "set" the Queue or
- * Cache values, they were themselves references to the *real*
- * data. */
-static BOOL shmcb_get_division(
- SHMCBHeader *header, SHMCBQueue *queue,
- SHMCBCache *cache, unsigned int idx)
-{
- unsigned char *pQueue;
- unsigned char *pCache;
-
- /* bounds check */
- if (idx > (unsigned int) header->division_mask)
- return FALSE;
-
- /* Locate the blocks of memory storing the corresponding data */
- pQueue = ((unsigned char *) header) + header->division_offset +
- (idx * header->division_size);
- pCache = pQueue + header->queue_size;
-
- /* Populate the structures with appropriate pointers */
- queue->first_pos = (unsigned int *) pQueue;
-
- /* Our structures stay packed, no matter what the system's
- * data-alignment regime is. */
- queue->pos_count = (unsigned int *) (pQueue + sizeof(unsigned int));
- queue->indexes = (SHMCBIndex *) (pQueue + (2 * sizeof(unsigned int)));
- cache->first_pos = (unsigned int *) pCache;
- cache->pos_count = (unsigned int *) (pCache + sizeof(unsigned int));
- cache->data = (unsigned char *) (pCache + (2 * sizeof(unsigned int)));
- queue->header = cache->header = header;
-
- return TRUE;
-}
-
-/* This returns a pointer to the piece of shared memory containing
- * a specified 'Index'. SHMCBIndex, like SHMCBHeader, is a fixed
- * width non-referencing structure of primitive types that can be
- * cast onto the corresponding block of shared memory. Thus, by
- * returning a cast pointer to that section of shared memory, the
- * caller can read and write values to and from the "structure" and
- * they are actually reading and writing the underlying shared
- * memory. */
-static SHMCBIndex *shmcb_get_index(
- const SHMCBQueue *queue, unsigned int idx)
-{
- /* bounds check */
- if (idx > queue->header->index_num)
- return NULL;
-
- /* Return a pointer to the index. NB: I am being horribly pendantic
- * here so as to avoid any potential data-alignment assumptions being
- * placed on the pointer arithmetic by the compiler (sigh). */
- return (SHMCBIndex *)(((unsigned char *) queue->indexes) +
- (idx * sizeof(SHMCBIndex)));
-}
-
-/* This functions rolls expired cache (and index) entries off the front
- * of the cyclic buffers in a division. The function returns the number
- * of expired sessions. */
-static unsigned int shmcb_expire_division(
- server_rec *s, SHMCBQueue *queue, SHMCBCache *cache)
-{
- SHMCBIndex *idx;
- time_t now;
- unsigned int loop, index_num, pos_count, new_pos;
- SHMCBHeader *header;
-
- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
- "entering shmcb_expire_division");
-
- /* We must calculate num and space ourselves based on expiry times. */
- now = time(NULL);
- loop = 0;
- new_pos = shmcb_get_safe_uint(queue->first_pos);
-
- /* Cache useful values */
- header = queue->header;
- index_num = header->index_num;
- pos_count = shmcb_get_safe_uint(queue->pos_count);
- while (loop < pos_count) {
- idx = shmcb_get_index(queue, new_pos);
- if (shmcb_get_safe_time(&(idx->expires)) > now)
- /* it hasn't expired yet, we're done iterating */
- break;
- /* This one should be expired too. Shift to the next entry. */
- loop++;
- new_pos = shmcb_cyclic_increment(index_num, new_pos, 1);
- }
-
- /* Find the new_offset and make the expiries happen. */
- if (loop > 0) {
- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
- "will be expiring %u sessions", loop);
- /* We calculate the new_offset by "peeking" (or in the
- * case it's the last entry, "sneaking" ;-). */
- if (loop == pos_count) {
- /* We are expiring everything! This is easy to do... */
- shmcb_set_safe_uint(queue->pos_count, 0);
- shmcb_set_safe_uint(cache->pos_count, 0);
- }
- else {
- /* The Queue is easy to adjust */
- shmcb_set_safe_uint(queue->pos_count,
- shmcb_get_safe_uint(queue->pos_count) - loop);
- shmcb_set_safe_uint(queue->first_pos, new_pos);
- /* peek to the start of the next session */
- idx = shmcb_get_index(queue, new_pos);
- /* We can use shmcb_cyclic_space because we've guaranteed
- * we don't fit the ambiguous full/empty case. */
- shmcb_set_safe_uint(cache->pos_count,
- shmcb_get_safe_uint(cache->pos_count) -
- shmcb_cyclic_space(header->cache_data_size,
- shmcb_get_safe_uint(cache->first_pos),
- shmcb_get_safe_uint(&(idx->offset))));
- shmcb_set_safe_uint(cache->first_pos, shmcb_get_safe_uint(&(idx->offset)));
- }
- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
- "we now have %u sessions",
- shmcb_get_safe_uint(queue->pos_count));
- }
- header->num_expiries += loop;
- return loop;
-}
-
-/* Inserts a new encoded session into a queue/cache pair - expiring
- * (early or otherwise) any leading sessions as necessary to ensure
- * there is room. An error return (FALSE) should only happen in the
- * event of surreal values being passed on, or ridiculously small
- * cache sizes. NB: For tracing purposes, this function is also given
- * the server_rec to allow "ssl_log()". */
-static BOOL shmcb_insert_encoded_session(
- server_rec *s, SHMCBQueue * queue,
- SHMCBCache * cache,
- unsigned char *encoded,
- unsigned int encoded_len,
- unsigned char *session_id,
- time_t expiry_time)
-{
- SHMCBHeader *header;
- SHMCBIndex *idx = NULL;
- unsigned int gap, new_pos, loop, new_offset;
- int need;
-
- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
- "entering shmcb_insert_encoded_session, "
- "*queue->pos_count = %u",
- shmcb_get_safe_uint(queue->pos_count));
-
- /* If there's entries to expire, ditch them first thing. */
- shmcb_expire_division(s, queue, cache);
- header = cache->header;
- gap = header->cache_data_size - shmcb_get_safe_uint(cache->pos_count);
- if (gap < encoded_len) {
- new_pos = shmcb_get_safe_uint(queue->first_pos);
- loop = 0;
- need = (int) encoded_len - (int) gap;
- while ((need > 0) && (loop + 1 < shmcb_get_safe_uint(queue->pos_count))) {
- new_pos = shmcb_cyclic_increment(header->index_num, new_pos, 1);
- loop += 1;
- idx = shmcb_get_index(queue, new_pos);
- need = (int) encoded_len - (int) gap -
- shmcb_cyclic_space(header->cache_data_size,
- shmcb_get_safe_uint(cache->first_pos),
- shmcb_get_safe_uint(&(idx->offset)));
- }
- if (loop > 0) {
- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
- "about to scroll %u sessions from %u",
- loop, shmcb_get_safe_uint(queue->pos_count));
- /* We are removing "loop" items from the cache. */
- shmcb_set_safe_uint(cache->pos_count,
- shmcb_get_safe_uint(cache->pos_count) -
- shmcb_cyclic_space(header->cache_data_size,
- shmcb_get_safe_uint(cache->first_pos),
- shmcb_get_safe_uint(&(idx->offset))));
- shmcb_set_safe_uint(cache->first_pos, shmcb_get_safe_uint(&(idx->offset)));
- shmcb_set_safe_uint(queue->pos_count, shmcb_get_safe_uint(queue->pos_count) - loop);
- shmcb_set_safe_uint(queue->first_pos, new_pos);
- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
- "now only have %u sessions",
- shmcb_get_safe_uint(queue->pos_count));
- /* Update the stats!!! */
- header->num_scrolled += loop;
- }
- }
-
- /* probably unecessary checks, but I'll leave them until this code
- * is verified. */
- if (shmcb_get_safe_uint(cache->pos_count) + encoded_len >
- header->cache_data_size) {
- ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
- "shmcb_insert_encoded_session internal error");
- return FALSE;
- }
- if (shmcb_get_safe_uint(queue->pos_count) == header->index_num) {
- ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
- "shmcb_insert_encoded_session internal error");
- return FALSE;
- }
- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
- "we have %u bytes and %u indexes free - enough",
- header->cache_data_size -
- shmcb_get_safe_uint(cache->pos_count), header->index_num -
- shmcb_get_safe_uint(queue->pos_count));
-
-
- /* HERE WE ASSUME THAT THE NEW SESSION SHOULD GO ON THE END! I'M NOT
- * CHECKING WHETHER IT SHOULD BE GENUINELY "INSERTED" SOMEWHERE.
- *
- * We either fix that, or find out at a "higher" (read "mod_ssl")
- * level whether it is possible to have distinct session caches for
- * any attempted tomfoolery to do with different session timeouts.
- * Knowing in advance that we can have a cache-wide constant timeout
- * would make this stuff *MUCH* more efficient. Mind you, it's very
- * efficient right now because I'm ignoring this problem!!!
- */
-
- /* Increment to the first unused byte */
- new_offset = shmcb_cyclic_increment(header->cache_data_size,
- shmcb_get_safe_uint(cache->first_pos),
- shmcb_get_safe_uint(cache->pos_count));
- /* Copy the DER-encoded session into place */
- shmcb_cyclic_ntoc_memcpy(header->cache_data_size, cache->data,
- new_offset, encoded, encoded_len);
- /* Get the new index that this session is stored in. */
- new_pos = shmcb_cyclic_increment(header->index_num,
- shmcb_get_safe_uint(queue->first_pos),
- shmcb_get_safe_uint(queue->pos_count));
- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
- "storing in index %u, at offset %u",
- new_pos, new_offset);
- idx = shmcb_get_index(queue, new_pos);
- if (idx == NULL) {
- ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
- "shmcb_insert_encoded_session internal error");
- return FALSE;
- }
- shmcb_safe_clear(idx, sizeof(SHMCBIndex));
- shmcb_set_safe_time(&(idx->expires), expiry_time);
- shmcb_set_safe_uint(&(idx->offset), new_offset);
-
- /* idx->removed = (unsigned char)0; */ /* Not needed given the memset above. */
- idx->s_id2 = session_id[1];
- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
- "session_id[0]=%u, idx->s_id2=%u",
- session_id[0], session_id[1]);
-
- /* All that remains is to adjust the cache's and queue's "pos_count"s. */
- shmcb_set_safe_uint(cache->pos_count,
- shmcb_get_safe_uint(cache->pos_count) + encoded_len);
- shmcb_set_safe_uint(queue->pos_count,
- shmcb_get_safe_uint(queue->pos_count) + 1);
-
- /* And just for good debugging measure ... */
- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
- "leaving now with %u bytes in the cache and %u indexes",
- shmcb_get_safe_uint(cache->pos_count),
- shmcb_get_safe_uint(queue->pos_count));
- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
- "leaving shmcb_insert_encoded_session");
- return TRUE;
-}
-
-/* Performs a lookup into a queue/cache pair for a
- * session_id. If found, the session is deserialised
- * and returned, otherwise NULL. */
-static SSL_SESSION *shmcb_lookup_session_id(
- server_rec *s, SHMCBQueue *queue,
- SHMCBCache *cache, UCHAR *id,
- unsigned int idlen)
-{
- unsigned char tempasn[SSL_SESSION_MAX_DER];
- SHMCBIndex *idx;
- SHMCBHeader *header;
- SSL_SESSION *pSession = NULL;
- unsigned int curr_pos, loop, count;
- MODSSL_D2I_SSL_SESSION_CONST unsigned char *ptr;
- time_t now;
-
- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
- "entering shmcb_lookup_session_id");
-
- /* If there are entries to expire, ditch them first thing. */
- shmcb_expire_division(s, queue, cache);
- now = time(NULL);
- curr_pos = shmcb_get_safe_uint(queue->first_pos);
- count = shmcb_get_safe_uint(queue->pos_count);
- header = queue->header;
- for (loop = 0; loop < count; loop++) {
- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
- "loop=%u, count=%u, curr_pos=%u",
- loop, count, curr_pos);
- idx = shmcb_get_index(queue, curr_pos);
- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
- "idx->s_id2=%u, id[1]=%u, offset=%u",
- idx->s_id2, id[1], shmcb_get_safe_uint(&(idx->offset)));
- /* Only look into the session further if;
- * (a) the second byte of the session_id matches,
- * (b) the "removed" flag isn't set,
- * (c) the session hasn't expired yet.
- * We do (c) like this so that it saves us having to
- * do natural expiries ... naturally expired sessions
- * scroll off the front anyway when the cache is full and
- * "rotating", the only real issue that remains is the
- * removal or disabling of forcibly killed sessions. */
- if ((idx->s_id2 == id[1]) && !idx->removed &&
- (shmcb_get_safe_time(&(idx->expires)) > now)) {
- unsigned int session_id_length;
- unsigned char *session_id;
-
- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
- "at index %u, found possible session match",
- curr_pos);
- shmcb_cyclic_cton_memcpy(header->cache_data_size,
- tempasn, cache->data,
- shmcb_get_safe_uint(&(idx->offset)),
- SSL_SESSION_MAX_DER);
- ptr = tempasn;
- pSession = d2i_SSL_SESSION(NULL, &ptr, SSL_SESSION_MAX_DER);
- session_id_length = SSL_SESSION_get_session_id_length(pSession);
- session_id = SSL_SESSION_get_session_id(pSession);
-
- if (pSession == NULL) {
- ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
- "scach2_lookup_session_id internal error");
- return NULL;
- }
- if ((session_id_length == idlen) &&
- (memcmp(session_id, id, idlen) == 0)) {
- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
- "a match!");
- return pSession;
- }
- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
- "not a match");
- SSL_SESSION_free(pSession);
- pSession = NULL;
- }
- curr_pos = shmcb_cyclic_increment(header->index_num, curr_pos, 1);
- }
- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
- "no matching sessions were found");
- return NULL;
-}
-
-static BOOL shmcb_remove_session_id(
- server_rec *s, SHMCBQueue *queue,
- SHMCBCache *cache, UCHAR *id, unsigned int idlen)
-{
- unsigned char tempasn[SSL_SESSION_MAX_DER];
- SSL_SESSION *pSession = NULL;
- SHMCBIndex *idx;
- SHMCBHeader *header;
- unsigned int curr_pos, loop, count;
- MODSSL_D2I_SSL_SESSION_CONST unsigned char *ptr;
- BOOL to_return = FALSE;
-
- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
- "entering shmcb_remove_session_id");
-
- /* If there's entries to expire, ditch them first thing. */
- /* shmcb_expire_division(s, queue, cache); */
-
- /* Regarding the above ... hmmm ... I know my expiry code is slightly
- * "faster" than all this remove stuff ... but if the higher level
- * code calls a "remove" operation (and this *only* seems to happen
- * when it has spotted an expired session before we had a chance to)
- * then it should get credit for a remove (stats-wise). Also, in the
- * off-chance that the server *requests* a renegotiate and wants to
- * wipe the session clean we should give that priority over our own
- * routine expiry handling. So I've moved the expiry check to *after*
- * this general remove stuff. */
- curr_pos = shmcb_get_safe_uint(queue->first_pos);
- count = shmcb_get_safe_uint(queue->pos_count);
- header = cache->header;
- for (loop = 0; loop < count; loop++) {
- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
- "loop=%u, count=%u, curr_pos=%u",
- loop, count, curr_pos);
- idx = shmcb_get_index(queue, curr_pos);
- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
- "idx->s_id2=%u, id[1]=%u", idx->s_id2,
- id[1]);
- /* Only look into the session further if the second byte of the
- * session_id matches. */
- if (idx->s_id2 == id[1]) {
- unsigned int session_id_length;
- unsigned char *session_id;
-
- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
- "at index %u, found possible "
- "session match", curr_pos);
- shmcb_cyclic_cton_memcpy(header->cache_data_size,
- tempasn, cache->data,
- shmcb_get_safe_uint(&(idx->offset)),
- SSL_SESSION_MAX_DER);
- ptr = tempasn;
- pSession = d2i_SSL_SESSION(NULL, &ptr, SSL_SESSION_MAX_DER);
- if (pSession == NULL) {
- ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
- "shmcb_remove_session_id, internal error");
- goto end;
- }
- session_id_length = SSL_SESSION_get_session_id_length(pSession);
- session_id = SSL_SESSION_get_session_id(pSession);
-
- if ((session_id_length == idlen)
- && (memcmp(id, session_id, idlen) == 0)) {
- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
- "a match!");
- /* Scrub out this session "quietly" */
- idx->removed = (unsigned char) 1;
- SSL_SESSION_free(pSession);
- to_return = TRUE;
- goto end;
- }
- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
- "not a match");
- SSL_SESSION_free(pSession);
- pSession = NULL;
- }
- curr_pos = shmcb_cyclic_increment(header->index_num, curr_pos, 1);
- }
- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
- "no matching sessions were found");
-
- /* If there's entries to expire, ditch them now. */
- shmcb_expire_division(s, queue, cache);
-end:
- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
- "leaving shmcb_remove_session_id");
- return to_return;
-}
diff --git a/rubbos/app/httpd-2.0.64/modules/ssl/ssl_scache_shmht.c b/rubbos/app/httpd-2.0.64/modules/ssl/ssl_scache_shmht.c
deleted file mode 100644
index 28def647..00000000
--- a/rubbos/app/httpd-2.0.64/modules/ssl/ssl_scache_shmht.c
+++ /dev/null
@@ -1,351 +0,0 @@
-/* Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-/* _ _
- * _ __ ___ ___ __| | ___ ___| | mod_ssl
- * | '_ ` _ \ / _ \ / _` | / __/ __| | Apache Interface to OpenSSL
- * | | | | | | (_) | (_| | \__ \__ \ |
- * |_| |_| |_|\___/ \__,_|___|___/___/_|
- * |_____|
- * ssl_scache_shmht.c
- * Session Cache via Shared Memory (Hash Table Variant)
- */
-
-#include "mod_ssl.h"
-
-/*
- * Wrapper functions for table library which resemble malloc(3) & Co
- * but use the variants from the MM shared memory library.
- */
-
-static void *ssl_scache_shmht_malloc(void *opt_param, size_t size)
-{
- SSLModConfigRec *mc = myModConfig((server_rec *)opt_param);
-
- apr_rmm_off_t off = apr_rmm_calloc(mc->pSessionCacheDataRMM, size);
- return apr_rmm_addr_get(mc->pSessionCacheDataRMM, off);
-}
-
-static void *ssl_scache_shmht_calloc(void *opt_param,
- size_t number, size_t size)
-{
- SSLModConfigRec *mc = myModConfig((server_rec *)opt_param);
-
- apr_rmm_off_t off = apr_rmm_calloc(mc->pSessionCacheDataRMM, (number*size));
-
- return apr_rmm_addr_get(mc->pSessionCacheDataRMM, off);
-}
-
-static void *ssl_scache_shmht_realloc(void *opt_param, void *ptr, size_t size)
-{
- SSLModConfigRec *mc = myModConfig((server_rec *)opt_param);
-
- apr_rmm_off_t off = apr_rmm_realloc(mc->pSessionCacheDataRMM, ptr, size);
- return apr_rmm_addr_get(mc->pSessionCacheDataRMM, off);
-}
-
-static void ssl_scache_shmht_free(void *opt_param, void *ptr)
-{
- SSLModConfigRec *mc = myModConfig((server_rec *)opt_param);
-
- apr_rmm_off_t off = apr_rmm_offset_get(mc->pSessionCacheDataRMM, ptr);
- apr_rmm_free(mc->pSessionCacheDataRMM, off);
- return;
-}
-
-/*
- * Now the actual session cache implementation
- * based on a hash table inside a shared memory segment.
- */
-
-void ssl_scache_shmht_init(server_rec *s, apr_pool_t *p)
-{
- SSLModConfigRec *mc = myModConfig(s);
- table_t *ta;
- int ta_errno;
- apr_size_t avail;
- int n;
- apr_status_t rv;
-
- /*
- * Create shared memory segment
- */
- if (mc->szSessionCacheDataFile == NULL) {
- ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
- "SSLSessionCache required");
- ssl_die();
- }
-
- if ((rv = apr_shm_create(&(mc->pSessionCacheDataMM),
- mc->nSessionCacheDataSize,
- mc->szSessionCacheDataFile, mc->pPool)) != APR_SUCCESS) {
- ap_log_error(APLOG_MARK, APLOG_ERR, rv, s,
- "Cannot allocate shared memory");
- ssl_die();
- }
-
- if ((rv = apr_rmm_init(&(mc->pSessionCacheDataRMM), NULL,
- apr_shm_baseaddr_get(mc->pSessionCacheDataMM),
- mc->nSessionCacheDataSize, mc->pPool)) != APR_SUCCESS) {
- ap_log_error(APLOG_MARK, APLOG_ERR, rv, s,
- "Cannot initialize rmm");
- ssl_die();
- }
- ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
- "initialize MM %pp RMM %pp",
- mc->pSessionCacheDataMM, mc->pSessionCacheDataRMM);
-
- /*
- * Create hash table in shared memory segment
- */
- avail = mc->nSessionCacheDataSize;
- n = (avail/2) / 1024;
- n = n < 10 ? 10 : n;
-
- /*
- * Passing server_rec as opt_param to table_alloc so that we can do
- * logging if required ssl_util_table. Otherwise, mc is sufficient.
- */
- if ((ta = table_alloc(n, &ta_errno,
- ssl_scache_shmht_malloc,
- ssl_scache_shmht_calloc,
- ssl_scache_shmht_realloc,
- ssl_scache_shmht_free, s )) == NULL) {
- ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
- "Cannot allocate hash table in shared memory: %s",
- table_strerror(ta_errno));
- ssl_die();
- }
-
- table_attr(ta, TABLE_FLAG_AUTO_ADJUST|TABLE_FLAG_ADJUST_DOWN);
- table_set_data_alignment(ta, sizeof(char *));
- table_clear(ta);
- mc->tSessionCacheDataTable = ta;
-
- /*
- * Log the done work
- */
- ap_log_error(APLOG_MARK, APLOG_INFO, 0, s,
- "Init: Created hash-table (%d buckets) "
- "in shared memory (%" APR_SIZE_T_FMT
- " bytes) for SSL session cache",
- n, avail);
- return;
-}
-
-void ssl_scache_shmht_kill(server_rec *s)
-{
- SSLModConfigRec *mc = myModConfig(s);
-
- if (mc->pSessionCacheDataRMM != NULL) {
- apr_rmm_destroy(mc->pSessionCacheDataRMM);
- mc->pSessionCacheDataRMM = NULL;
- }
-
- if (mc->pSessionCacheDataMM != NULL) {
- apr_shm_destroy(mc->pSessionCacheDataMM);
- mc->pSessionCacheDataMM = NULL;
- }
- return;
-}
-
-BOOL ssl_scache_shmht_store(server_rec *s, UCHAR *id, int idlen, time_t expiry, SSL_SESSION *sess)
-{
- SSLModConfigRec *mc = myModConfig(s);
- void *vp;
- UCHAR ucaData[SSL_SESSION_MAX_DER];
- int nData;
- UCHAR *ucp;
-
- /* streamline session data */
- if ((nData = i2d_SSL_SESSION(sess, NULL)) > sizeof(ucaData))
- return FALSE;
- ucp = ucaData;
- i2d_SSL_SESSION(sess, &ucp);
-
- ssl_mutex_on(s);
- if (table_insert_kd(mc->tSessionCacheDataTable,
- id, idlen, NULL, sizeof(time_t)+nData,
- NULL, &vp, 1) != TABLE_ERROR_NONE) {
- ssl_mutex_off(s);
- return FALSE;
- }
- memcpy(vp, &expiry, sizeof(time_t));
- memcpy((char *)vp+sizeof(time_t), ucaData, nData);
- ssl_mutex_off(s);
-
- /* allow the regular expiring to occur */
- ssl_scache_shmht_expire(s);
-
- return TRUE;
-}
-
-SSL_SESSION *ssl_scache_shmht_retrieve(server_rec *s, UCHAR *id, int idlen)
-{
- SSLModConfigRec *mc = myModConfig(s);
- void *vp;
- SSL_SESSION *sess = NULL;
- MODSSL_D2I_SSL_SESSION_CONST UCHAR *ucpData;
- int nData;
- time_t expiry;
- time_t now;
- int n;
-
- /* allow the regular expiring to occur */
- ssl_scache_shmht_expire(s);
-
- /* lookup key in table */
- ssl_mutex_on(s);
- if (table_retrieve(mc->tSessionCacheDataTable,
- id, idlen, &vp, &n) != TABLE_ERROR_NONE) {
- ssl_mutex_off(s);
- return NULL;
- }
-
- /* copy over the information to the SCI */
- nData = n-sizeof(time_t);
- ucpData = (UCHAR *)malloc(nData);
- if (ucpData == NULL) {
- ssl_mutex_off(s);
- return NULL;
- }
- memcpy(&expiry, vp, sizeof(time_t));
- memcpy((void *)ucpData, (char *)vp+sizeof(time_t), nData);
- ssl_mutex_off(s);
-
- /* make sure the stuff is still not expired */
- now = time(NULL);
- if (expiry <= now) {
- ssl_scache_shmht_remove(s, id, idlen);
- return NULL;
- }
-
- /* unstreamed SSL_SESSION */
- sess = d2i_SSL_SESSION(NULL, &ucpData, nData);
-
- return sess;
-}
-
-void ssl_scache_shmht_remove(server_rec *s, UCHAR *id, int idlen)
-{
- SSLModConfigRec *mc = myModConfig(s);
-
- /* remove value under key in table */
- ssl_mutex_on(s);
- table_delete(mc->tSessionCacheDataTable, id, idlen, NULL, NULL);
- ssl_mutex_off(s);
- return;
-}
-
-void ssl_scache_shmht_expire(server_rec *s)
-{
- SSLModConfigRec *mc = myModConfig(s);
- SSLSrvConfigRec *sc = mySrvConfig(s);
- static time_t tLast = 0;
- table_linear_t iterator;
- time_t tExpiresAt;
- void *vpKey;
- void *vpKeyThis;
- void *vpData;
- int nKey;
- int nKeyThis;
- int nData;
- int nElements = 0;
- int nDeleted = 0;
- int bDelete;
- int rc;
- time_t tNow;
-
- /*
- * make sure the expiration for still not-accessed session
- * cache entries is done only from time to time
- */
- tNow = time(NULL);
- if (tNow < tLast+sc->session_cache_timeout)
- return;
- tLast = tNow;
-
- ssl_mutex_on(s);
- if (table_first_r(mc->tSessionCacheDataTable, &iterator,
- &vpKey, &nKey, &vpData, &nData) == TABLE_ERROR_NONE) {
- do {
- bDelete = FALSE;
- nElements++;
- if (nData < sizeof(time_t) || vpData == NULL)
- bDelete = TRUE;
- else {
- memcpy(&tExpiresAt, vpData, sizeof(time_t));
- /*
- * XXX : Force the record to be cleaned up. TBD (Madhu)
- * tExpiresAt = tNow;
- */
- if (tExpiresAt <= tNow)
- bDelete = TRUE;
- }
- vpKeyThis = vpKey;
- nKeyThis = nKey;
- rc = table_next_r(mc->tSessionCacheDataTable, &iterator,
- &vpKey, &nKey, &vpData, &nData);
- if (bDelete) {
- table_delete(mc->tSessionCacheDataTable,
- vpKeyThis, nKeyThis, NULL, NULL);
- nDeleted++;
- }
- } while (rc == TABLE_ERROR_NONE);
- /* (vpKeyThis != vpKey) && (nKeyThis != nKey) */
- }
- ssl_mutex_off(s);
- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
- "Inter-Process Session Cache (SHMHT) Expiry: "
- "old: %d, new: %d, removed: %d",
- nElements, nElements-nDeleted, nDeleted);
- return;
-}
-
-void ssl_scache_shmht_status(server_rec *s, apr_pool_t *p, void (*func)(char *, void *), void *arg)
-{
- SSLModConfigRec *mc = myModConfig(s);
- void *vpKey;
- void *vpData;
- int nKey;
- int nData;
- int nElem;
- int nSize;
- int nAverage;
-
- nElem = 0;
- nSize = 0;
- ssl_mutex_on(s);
- if (table_first(mc->tSessionCacheDataTable,
- &vpKey, &nKey, &vpData, &nData) == TABLE_ERROR_NONE) {
- do {
- if (vpKey == NULL || vpData == NULL)
- continue;
- nElem += 1;
- nSize += nData;
- } while (table_next(mc->tSessionCacheDataTable,
- &vpKey, &nKey, &vpData, &nData) == TABLE_ERROR_NONE);
- }
- ssl_mutex_off(s);
- if (nSize > 0 && nElem > 0)
- nAverage = nSize / nElem;
- else
- nAverage = 0;
- func(apr_psprintf(p, "cache type: <b>SHMHT</b>, maximum size: <b>%d</b> bytes<br>", mc->nSessionCacheDataSize), arg);
- func(apr_psprintf(p, "current sessions: <b>%d</b>, current size: <b>%d</b> bytes<br>", nElem, nSize), arg);
- func(apr_psprintf(p, "average session size: <b>%d</b> bytes<br>", nAverage), arg);
- return;
-}
diff --git a/rubbos/app/httpd-2.0.64/modules/ssl/ssl_toolkit_compat.h b/rubbos/app/httpd-2.0.64/modules/ssl/ssl_toolkit_compat.h
deleted file mode 100644
index 72772150..00000000
--- a/rubbos/app/httpd-2.0.64/modules/ssl/ssl_toolkit_compat.h
+++ /dev/null
@@ -1,239 +0,0 @@
-/* Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#ifndef SSL_TOOLKIT_COMPAT_H
-#define SSL_TOOLKIT_COMPAT_H
-
-/*
- * this header file provides a compatiblity layer
- * between OpenSSL and RSA sslc
- */
-
-#ifdef OPENSSL_VERSION_NUMBER
-
-/*
- * rsa sslc uses incomplete types for most structures
- * so we macroize for OpenSSL those which cannot be dereferenced
- * using the same sames as the sslc functions
- */
-
-#define EVP_PKEY_key_type(k) (EVP_PKEY_type(k->type))
-
-#define X509_NAME_get_entries(xs) (xs->entries)
-#define X509_REVOKED_get_serialNumber(xs) (xs->serialNumber)
-
-#define X509_get_signature_algorithm(xs) (xs->cert_info->signature->algorithm)
-#define X509_get_key_algorithm(xs) (xs->cert_info->key->algor->algorithm)
-
-#define X509_NAME_ENTRY_get_data_ptr(xs) (xs->value->data)
-#define X509_NAME_ENTRY_get_data_len(xs) (xs->value->length)
-
-#define SSL_CTX_get_extra_certs(ctx) (ctx->extra_certs)
-#define SSL_CTX_set_extra_certs(ctx,value) {ctx->extra_certs = value;}
-
-#define SSL_CIPHER_get_name(s) (s->name)
-#define SSL_CIPHER_get_valid(s) (s->valid)
-
-#define SSL_SESSION_get_session_id(s) (s->session_id)
-#define SSL_SESSION_get_session_id_length(s) (s->session_id_length)
-
-/*
- * Support for retrieving/overriding states
- */
-#ifndef SSL_get_state
-#define SSL_get_state(ssl) SSL_state(ssl)
-#endif
-
-#define SSL_set_state(ssl,val) (ssl)->state = val
-
-#define MODSSL_BIO_CB_ARG_TYPE const char
-#define MODSSL_CRYPTO_CB_ARG_TYPE const char
-#if (OPENSSL_VERSION_NUMBER < 0x00907000)
-#define MODSSL_INFO_CB_ARG_TYPE SSL*
-#else
-#define MODSSL_INFO_CB_ARG_TYPE const SSL*
-#endif
-#define MODSSL_CLIENT_CERT_CB_ARG_TYPE X509
-#define MODSSL_PCHAR_CAST
-
-/* ...shifting sands of openssl... */
-#if (OPENSSL_VERSION_NUMBER >= 0x0090707f)
-# define MODSSL_D2I_SSL_SESSION_CONST const
-#else
-# define MODSSL_D2I_SSL_SESSION_CONST
-#endif
-
-#if (OPENSSL_VERSION_NUMBER >= 0x00908000)
-# define MODSSL_D2I_PrivateKey_CONST const
-# define MODSSL_D2I_X509_CONST const
-#else
-# define MODSSL_D2I_PrivateKey_CONST
-# define MODSSL_D2I_X509_CONST
-#endif
-
-#define modssl_X509_verify_cert X509_verify_cert
-
-typedef int (modssl_read_bio_cb_fn)(char*,int,int,void*);
-
-#if (OPENSSL_VERSION_NUMBER < 0x00904000)
-#define modssl_PEM_read_bio_X509(b, x, cb, arg) PEM_read_bio_X509(b, x, cb)
-#else
-#define modssl_PEM_read_bio_X509(b, x, cb, arg) PEM_read_bio_X509(b, x, cb, arg)
-#endif
-
-#define modssl_PEM_X509_INFO_read_bio PEM_X509_INFO_read_bio
-
-#define modssl_PEM_read_bio_PrivateKey PEM_read_bio_PrivateKey
-
-#define modssl_set_cipher_list SSL_set_cipher_list
-
-#define modssl_free OPENSSL_free
-
-#define EVP_PKEY_reference_inc(pkey) \
- CRYPTO_add(&((pkey)->references), +1, CRYPTO_LOCK_X509_PKEY)
-
-#define X509_reference_inc(cert) \
- CRYPTO_add(&((cert)->references), +1, CRYPTO_LOCK_X509)
-
-#define HAVE_SSL_RAND_EGD /* since 9.5.1 */
-
-#ifdef HAVE_SSL_X509V3_H
-#define HAVE_SSL_X509V3_EXT_d2i
-#endif
-
-#ifndef PEM_F_DEF_CALLBACK
-#ifdef PEM_F_PEM_DEF_CALLBACK
-/* In OpenSSL 0.9.8 PEM_F_DEF_CALLBACK was renamed */
-#define PEM_F_DEF_CALLBACK PEM_F_PEM_DEF_CALLBACK
-#endif
-#endif
-
-#elif defined (SSLC_VERSION_NUMBER) /* RSA */
-
-/* sslc does not support this function, OpenSSL has since 9.5.1 */
-#define RAND_status() 1
-
-/* sslc names this function a bit differently */
-#define CRYPTO_num_locks() CRYPTO_get_num_locks()
-
-#ifndef STACK_OF
-#define STACK_OF(type) STACK
-#endif
-
-#define MODSSL_BIO_CB_ARG_TYPE char
-#define MODSSL_CRYPTO_CB_ARG_TYPE char
-#define MODSSL_INFO_CB_ARG_TYPE SSL*
-#define MODSSL_CLIENT_CERT_CB_ARG_TYPE void
-#define MODSSL_PCHAR_CAST (char *)
-#define MODSSL_D2I_SSL_SESSION_CONST
-#define MODSSL_D2I_PrivateKey_CONST
-#define MODSSL_D2I_X509_CONST
-
-typedef int (modssl_read_bio_cb_fn)(char*,int,int);
-
-#define modssl_X509_verify_cert(c) X509_verify_cert(c, NULL)
-
-#define modssl_PEM_read_bio_X509(b, x, cb, arg) \
- PEM_read_bio_X509(b, x, cb)
-
-#define modssl_PEM_X509_INFO_read_bio(b, x, cb, arg)\
- PEM_X509_INFO_read_bio(b, x, cb)
-
-#define modssl_PEM_read_bio_PrivateKey(b, k, cb, arg) \
- PEM_read_bio_PrivateKey(b, k, cb)
-
-#ifndef HAVE_SSL_SET_STATE
-#define SSL_set_state(ssl, state) /* XXX: should throw an error */
-#endif
-
-#define modssl_set_cipher_list(ssl, l) \
- SSL_set_cipher_list(ssl, (char *)l)
-
-#define modssl_free free
-
-#ifndef PEM_F_DEF_CALLBACK
-#define PEM_F_DEF_CALLBACK PEM_F_DEF_CB
-#endif
-
-#if SSLC_VERSION_NUMBER < 0x2000
-
-#define X509_STORE_CTX_set_depth(st, d)
-#define X509_CRL_get_lastUpdate(x) ((x)->crl->lastUpdate)
-#define X509_CRL_get_nextUpdate(x) ((x)->crl->nextUpdate)
-#define X509_CRL_get_REVOKED(x) ((x)->crl->revoked)
-#define X509_REVOKED_get_serialNumber(xs) (xs->serialNumber)
-
-#define modssl_set_verify(ssl, verify, cb) \
- SSL_set_verify(ssl, verify)
-
-#define NO_SSL_X509V3_H
-
-#else /* SSLC_VERSION_NUMBER >= 0x2000 */
-
-#define CRYPTO_malloc_init R_malloc_init
-
-#define EVP_cleanup()
-
-#endif /* SSLC_VERSION_NUMBER >= 0x2000 */
-
-typedef void (*modssl_popfree_fn)(char *data);
-
-#define sk_SSL_CIPHER_dup sk_dup
-#define sk_SSL_CIPHER_find(st, data) sk_find(st, (void *)data)
-#define sk_SSL_CIPHER_free sk_free
-#define sk_SSL_CIPHER_num sk_num
-#define sk_SSL_CIPHER_value (SSL_CIPHER *)sk_value
-#define sk_X509_num sk_num
-#define sk_X509_push sk_push
-#define sk_X509_pop_free(st, free) sk_pop_free((STACK*)(st), (modssl_popfree_fn)(free))
-#define sk_X509_value (X509 *)sk_value
-#define sk_X509_INFO_free sk_free
-#define sk_X509_INFO_pop_free(st, free) sk_pop_free((STACK*)(st), (modssl_popfree_fn)(free))
-#define sk_X509_INFO_num sk_num
-#define sk_X509_INFO_new_null sk_new_null
-#define sk_X509_INFO_value (X509_INFO *)sk_value
-#define sk_X509_NAME_find(st, data) sk_find(st, (void *)data)
-#define sk_X509_NAME_free sk_free
-#define sk_X509_NAME_new sk_new
-#define sk_X509_NAME_num sk_num
-#define sk_X509_NAME_push(st, data) sk_push(st, (void *)data)
-#define sk_X509_NAME_value (X509_NAME *)sk_value
-#define sk_X509_NAME_ENTRY_num sk_num
-#define sk_X509_NAME_ENTRY_value (X509_NAME_ENTRY *)sk_value
-#define sk_X509_NAME_set_cmp_func sk_set_cmp_func
-#define sk_X509_REVOKED_num sk_num
-#define sk_X509_REVOKED_value (X509_REVOKED *)sk_value
-
-#else /* ! OPENSSL_VERSION_NUMBER && ! SSLC_VERSION_NUMBER */
-
-#error "Unrecognized SSL Toolkit!"
-
-#endif /* ! OPENSSL_VERSION_NUMBER && ! SSLC_VERSION_NUMBER */
-
-#ifndef modssl_set_verify
-#define modssl_set_verify(ssl, verify, cb) \
- SSL_set_verify(ssl, verify, cb)
-#endif
-
-#ifndef NO_SSL_X509V3_H
-#define HAVE_SSL_X509V3_H
-#endif
-
-#ifndef SSL_SESS_CACHE_NO_INTERNAL
-#define SSL_SESS_CACHE_NO_INTERNAL SSL_SESS_CACHE_NO_INTERNAL_LOOKUP
-#endif
-
-#endif /* SSL_TOOLKIT_COMPAT_H */
diff --git a/rubbos/app/httpd-2.0.64/modules/ssl/ssl_util.c b/rubbos/app/httpd-2.0.64/modules/ssl/ssl_util.c
deleted file mode 100644
index f1319547..00000000
--- a/rubbos/app/httpd-2.0.64/modules/ssl/ssl_util.c
+++ /dev/null
@@ -1,449 +0,0 @@
-/* Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-/* _ _
- * _ __ ___ ___ __| | ___ ___| | mod_ssl
- * | '_ ` _ \ / _ \ / _` | / __/ __| | Apache Interface to OpenSSL
- * | | | | | | (_) | (_| | \__ \__ \ |
- * |_| |_| |_|\___/ \__,_|___|___/___/_|
- * |_____|
- * ssl_util.c
- * Utility Functions
- */
- /* ``Every day of my life
- I am forced to add another
- name to the list of people
- who piss me off!''
- -- Calvin */
-
-#include "mod_ssl.h"
-#include "ap_mpm.h"
-#include "apr_thread_mutex.h"
-
-/* _________________________________________________________________
-**
-** Utility Functions
-** _________________________________________________________________
-*/
-
-char *ssl_util_vhostid(apr_pool_t *p, server_rec *s)
-{
- char *id;
- SSLSrvConfigRec *sc;
- char *host;
- apr_port_t port;
-
- host = s->server_hostname;
- if (s->port != 0)
- port = s->port;
- else {
- sc = mySrvConfig(s);
- if (sc->enabled)
- port = DEFAULT_HTTPS_PORT;
- else
- port = DEFAULT_HTTP_PORT;
- }
- id = apr_psprintf(p, "%s:%lu", host, (unsigned long)port);
- return id;
-}
-
-void ssl_util_strupper(char *s)
-{
- for (; *s; ++s)
- *s = apr_toupper(*s);
- return;
-}
-
-static const char ssl_util_uuencode_six2pr[64+1] =
- "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
-
-void ssl_util_uuencode(char *szTo, const char *szFrom, BOOL bPad)
-{
- ssl_util_uuencode_binary((unsigned char *)szTo,
- (const unsigned char *)szFrom,
- strlen(szFrom), bPad);
-}
-
-void ssl_util_uuencode_binary(unsigned char *szTo,
- const unsigned char *szFrom,
- int nLength, BOOL bPad)
-{
- const unsigned char *s;
- int nPad = 0;
-
- for (s = szFrom; nLength > 0; s += 3) {
- *szTo++ = ssl_util_uuencode_six2pr[s[0] >> 2];
- *szTo++ = ssl_util_uuencode_six2pr[(s[0] << 4 | s[1] >> 4) & 0x3f];
- if (--nLength == 0) {
- nPad = 2;
- break;
- }
- *szTo++ = ssl_util_uuencode_six2pr[(s[1] << 2 | s[2] >> 6) & 0x3f];
- if (--nLength == 0) {
- nPad = 1;
- break;
- }
- *szTo++ = ssl_util_uuencode_six2pr[s[2] & 0x3f];
- --nLength;
- }
- while(bPad && nPad--) {
- *szTo++ = NUL;
- }
- *szTo = NUL;
- return;
-}
-
-apr_file_t *ssl_util_ppopen(server_rec *s, apr_pool_t *p, const char *cmd,
- const char * const *argv)
-{
- apr_procattr_t *procattr;
- apr_proc_t *proc;
-
- if (apr_procattr_create(&procattr, p) != APR_SUCCESS)
- return NULL;
- if (apr_procattr_io_set(procattr, APR_FULL_BLOCK, APR_FULL_BLOCK,
- APR_FULL_BLOCK) != APR_SUCCESS)
- return NULL;
- if (apr_procattr_dir_set(procattr,
- ap_make_dirstr_parent(p, cmd)) != APR_SUCCESS)
- return NULL;
- if (apr_procattr_cmdtype_set(procattr, APR_PROGRAM) != APR_SUCCESS)
- return NULL;
- if ((proc = (apr_proc_t *)apr_pcalloc(p, sizeof(apr_proc_t))) == NULL)
- return NULL;
- if (apr_proc_create(proc, cmd, argv, NULL, procattr, p) != APR_SUCCESS)
- return NULL;
- return proc->out;
-}
-
-void ssl_util_ppclose(server_rec *s, apr_pool_t *p, apr_file_t *fp)
-{
- apr_file_close(fp);
- return;
-}
-
-/*
- * Run a filter program and read the first line of its stdout output
- */
-char *ssl_util_readfilter(server_rec *s, apr_pool_t *p, const char *cmd,
- const char * const *argv)
-{
- static char buf[MAX_STRING_LEN];
- apr_file_t *fp;
- apr_size_t nbytes = 1;
- char c;
- int k;
-
- if ((fp = ssl_util_ppopen(s, p, cmd, argv)) == NULL)
- return NULL;
- /* XXX: we are reading 1 byte at a time here */
- for (k = 0; apr_file_read(fp, &c, &nbytes) == APR_SUCCESS
- && nbytes == 1 && (k < MAX_STRING_LEN-1) ; ) {
- if (c == '\n' || c == '\r')
- break;
- buf[k++] = c;
- }
- buf[k] = NUL;
- ssl_util_ppclose(s, p, fp);
-
- return buf;
-}
-
-BOOL ssl_util_path_check(ssl_pathcheck_t pcm, const char *path, apr_pool_t *p)
-{
- apr_finfo_t finfo;
-
- if (path == NULL)
- return FALSE;
- if (pcm & SSL_PCM_EXISTS && apr_stat(&finfo, path,
- APR_FINFO_TYPE|APR_FINFO_SIZE, p) != 0)
- return FALSE;
- if (pcm & SSL_PCM_ISREG && finfo.filetype != APR_REG)
- return FALSE;
- if (pcm & SSL_PCM_ISDIR && finfo.filetype != APR_DIR)
- return FALSE;
- if (pcm & SSL_PCM_ISNONZERO && finfo.size <= 0)
- return FALSE;
- return TRUE;
-}
-
-ssl_algo_t ssl_util_algotypeof(X509 *pCert, EVP_PKEY *pKey)
-{
- ssl_algo_t t;
-
- t = SSL_ALGO_UNKNOWN;
- if (pCert != NULL)
- pKey = X509_get_pubkey(pCert);
- if (pKey != NULL) {
- switch (EVP_PKEY_key_type(pKey)) {
- case EVP_PKEY_RSA:
- t = SSL_ALGO_RSA;
- break;
- case EVP_PKEY_DSA:
- t = SSL_ALGO_DSA;
- break;
- default:
- break;
- }
- }
- return t;
-}
-
-char *ssl_util_algotypestr(ssl_algo_t t)
-{
- char *cp;
-
- cp = "UNKNOWN";
- switch (t) {
- case SSL_ALGO_RSA:
- cp = "RSA";
- break;
- case SSL_ALGO_DSA:
- cp = "DSA";
- break;
- default:
- break;
- }
- return cp;
-}
-
-char *ssl_util_ptxtsub(apr_pool_t *p, const char *cpLine,
- const char *cpMatch, char *cpSubst)
-{
-#define MAX_PTXTSUB 100
- char *cppMatch[MAX_PTXTSUB];
- char *cpResult;
- int nResult;
- int nLine;
- int nSubst;
- int nMatch;
- char *cpI;
- char *cpO;
- char *cp;
- int i;
-
- /*
- * Pass 1: find substitution locations and calculate sizes
- */
- nLine = strlen(cpLine);
- nMatch = strlen(cpMatch);
- nSubst = strlen(cpSubst);
- for (cpI = (char *)cpLine, i = 0, nResult = 0;
- cpI < cpLine+nLine && i < MAX_PTXTSUB; ) {
- if ((cp = strstr(cpI, cpMatch)) != NULL) {
- cppMatch[i++] = cp;
- nResult += ((cp-cpI)+nSubst);
- cpI = (cp+nMatch);
- }
- else {
- nResult += strlen(cpI);
- break;
- }
- }
- cppMatch[i] = NULL;
- if (i == 0)
- return NULL;
-
- /*
- * Pass 2: allocate memory and assemble result
- */
- cpResult = apr_pcalloc(p, nResult+1);
- for (cpI = (char *)cpLine, cpO = cpResult, i = 0;
- cppMatch[i] != NULL;
- i++) {
- apr_cpystrn(cpO, cpI, cppMatch[i]-cpI+1);
- cpO += (cppMatch[i]-cpI);
- apr_cpystrn(cpO, cpSubst, nSubst+1);
- cpO += nSubst;
- cpI = (cppMatch[i]+nMatch);
- }
- apr_cpystrn(cpO, cpI, cpResult+nResult-cpO+1);
-
- return cpResult;
-}
-
-/*
- * certain key and cert data needs to survive restarts,
- * which are stored in the user data table of s->process->pool.
- * to prevent "leaking" of this data, we use malloc/free
- * rather than apr_palloc and these wrappers to help make sure
- * we do not leak the malloc-ed data.
- */
-unsigned char *ssl_asn1_table_set(apr_hash_t *table,
- const char *key,
- long int length)
-{
- apr_ssize_t klen = strlen(key);
- ssl_asn1_t *asn1 = apr_hash_get(table, key, klen);
-
- /*
- * if a value for this key already exists,
- * reuse as much of the already malloc-ed data
- * as possible.
- */
- if (asn1) {
- if (asn1->nData != length) {
- free(asn1->cpData); /* XXX: realloc? */
- asn1->cpData = NULL;
- }
- }
- else {
- asn1 = malloc(sizeof(*asn1));
- asn1->source_mtime = 0; /* used as a note for encrypted private keys */
- asn1->cpData = NULL;
- }
-
- asn1->nData = length;
- if (!asn1->cpData) {
- asn1->cpData = malloc(length);
- }
-
- apr_hash_set(table, key, klen, asn1);
-
- return asn1->cpData; /* caller will assign a value to this */
-}
-
-ssl_asn1_t *ssl_asn1_table_get(apr_hash_t *table,
- const char *key)
-{
- return (ssl_asn1_t *)apr_hash_get(table, key, APR_HASH_KEY_STRING);
-}
-
-void ssl_asn1_table_unset(apr_hash_t *table,
- const char *key)
-{
- apr_ssize_t klen = strlen(key);
- ssl_asn1_t *asn1 = apr_hash_get(table, key, klen);
-
- if (!asn1) {
- return;
- }
-
- if (asn1->cpData) {
- free(asn1->cpData);
- }
- free(asn1);
-
- apr_hash_set(table, key, klen, NULL);
-}
-
-static const char *ssl_asn1_key_types[] = {"RSA", "DSA"};
-
-const char *ssl_asn1_keystr(int keytype)
-{
- if (keytype >= SSL_AIDX_MAX) {
- return NULL;
- }
-
- return ssl_asn1_key_types[keytype];
-}
-
-const char *ssl_asn1_table_keyfmt(apr_pool_t *p,
- const char *id,
- int keytype)
-{
- const char *keystr = ssl_asn1_keystr(keytype);
-
- return apr_pstrcat(p, id, ":", keystr, NULL);
-}
-
-
-#if APR_HAS_THREADS
-/*
- * To ensure thread-safetyness in OpenSSL - work in progress
- */
-
-static apr_thread_mutex_t **lock_cs;
-static int lock_num_locks;
-
-#ifdef SSLC_VERSION_NUMBER
-#if SSLC_VERSION_NUMBER >= 0x2000
-static int ssl_util_thr_lock(int mode, int type,
- const char *file, int line)
-#else
-static void ssl_util_thr_lock(int mode, int type,
- const char *file, int line)
-#endif
-#else
-static void ssl_util_thr_lock(int mode, int type,
- const char *file, int line)
-#endif
-{
- if (type < lock_num_locks) {
- if (mode & CRYPTO_LOCK) {
- apr_thread_mutex_lock(lock_cs[type]);
- }
- else {
- apr_thread_mutex_unlock(lock_cs[type]);
- }
-#ifdef SSLC_VERSION_NUMBER
-#if SSLC_VERSION_NUMBER >= 0x2000
- return 1;
- }
- else {
- return -1;
-#endif
-#endif
- }
-}
-
-static unsigned long ssl_util_thr_id(void)
-{
- /* OpenSSL needs this to return an unsigned long. On OS/390, the pthread
- * id is a structure twice that big. Use the TCB pointer instead as a
- * unique unsigned long.
- */
-#ifdef __MVS__
- struct PSA {
- char unmapped[540];
- unsigned long PSATOLD;
- } *psaptr = 0;
-
- return psaptr->PSATOLD;
-#else
- return (unsigned long) apr_os_thread_current();
-#endif
-}
-
-static apr_status_t ssl_util_thread_cleanup(void *data)
-{
- CRYPTO_set_locking_callback(NULL);
- CRYPTO_set_id_callback(NULL);
-
- /* Let the registered mutex cleanups do their own thing
- */
- return APR_SUCCESS;
-}
-
-void ssl_util_thread_setup(apr_pool_t *p)
-{
- int i;
-
- lock_num_locks = CRYPTO_num_locks();
- lock_cs = apr_palloc(p, lock_num_locks * sizeof(*lock_cs));
-
- for (i = 0; i < lock_num_locks; i++) {
- apr_thread_mutex_create(&(lock_cs[i]), APR_THREAD_MUTEX_DEFAULT, p);
- }
-
- CRYPTO_set_id_callback(ssl_util_thr_id);
-
- CRYPTO_set_locking_callback(ssl_util_thr_lock);
-
- apr_pool_cleanup_register(p, NULL, ssl_util_thread_cleanup,
- apr_pool_cleanup_null);
-}
-#endif
diff --git a/rubbos/app/httpd-2.0.64/modules/ssl/ssl_util_ssl.c b/rubbos/app/httpd-2.0.64/modules/ssl/ssl_util_ssl.c
deleted file mode 100644
index 857bc304..00000000
--- a/rubbos/app/httpd-2.0.64/modules/ssl/ssl_util_ssl.c
+++ /dev/null
@@ -1,574 +0,0 @@
-/* Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-/* _ _
- * _ __ ___ ___ __| | ___ ___| | mod_ssl
- * | '_ ` _ \ / _ \ / _` | / __/ __| | Apache Interface to OpenSSL
- * | | | | | | (_) | (_| | \__ \__ \ |
- * |_| |_| |_|\___/ \__,_|___|___/___/_|
- * |_____|
- * ssl_util_ssl.c
- * Additional Utility Functions for OpenSSL
- */
-
-#include "mod_ssl.h"
-
-/* _________________________________________________________________
-**
-** Additional High-Level Functions for OpenSSL
-** _________________________________________________________________
-*/
-
-/* we initialize this index at startup time
- * and never write to it at request time,
- * so this static is thread safe.
- * also note that OpenSSL increments at static variable when
- * SSL_get_ex_new_index() is called, so we _must_ do this at startup.
- */
-static int SSL_app_data2_idx = -1;
-
-void SSL_init_app_data2_idx(void)
-{
- int i;
-
- if (SSL_app_data2_idx > -1) {
- return;
- }
-
- /* we _do_ need to call this twice */
- for (i=0; i<=1; i++) {
- SSL_app_data2_idx =
- SSL_get_ex_new_index(0,
- "Second Application Data for SSL",
- NULL, NULL, NULL);
- }
-}
-
-void *SSL_get_app_data2(SSL *ssl)
-{
- return (void *)SSL_get_ex_data(ssl, SSL_app_data2_idx);
-}
-
-void SSL_set_app_data2(SSL *ssl, void *arg)
-{
- SSL_set_ex_data(ssl, SSL_app_data2_idx, (char *)arg);
- return;
-}
-
-/* _________________________________________________________________
-**
-** High-Level Certificate / Private Key Loading
-** _________________________________________________________________
-*/
-
-X509 *SSL_read_X509(char* filename, X509 **x509, modssl_read_bio_cb_fn *cb)
-{
- X509 *rc;
- BIO *bioS;
- BIO *bioF;
-
- /* 1. try PEM (= DER+Base64+headers) */
- if ((bioS=BIO_new_file(filename, "r")) == NULL)
- return NULL;
- rc = modssl_PEM_read_bio_X509 (bioS, x509, cb, NULL);
- BIO_free(bioS);
-
- if (rc == NULL) {
- /* 2. try DER+Base64 */
- if ((bioS=BIO_new_file(filename, "r")) == NULL)
- return NULL;
-
- if ((bioF = BIO_new(BIO_f_base64())) == NULL) {
- BIO_free(bioS);
- return NULL;
- }
- bioS = BIO_push(bioF, bioS);
- rc = d2i_X509_bio(bioS, NULL);
- BIO_free_all(bioS);
-
- if (rc == NULL) {
- /* 3. try plain DER */
- if ((bioS=BIO_new_file(filename, "r")) == NULL)
- return NULL;
- rc = d2i_X509_bio(bioS, NULL);
- BIO_free(bioS);
- }
- }
- if (rc != NULL && x509 != NULL) {
- if (*x509 != NULL)
- X509_free(*x509);
- *x509 = rc;
- }
- return rc;
-}
-
-#if SSL_LIBRARY_VERSION <= 0x00904100
-static EVP_PKEY *d2i_PrivateKey_bio(BIO *bio, EVP_PKEY **key)
-{
- return ((EVP_PKEY *)ASN1_d2i_bio(
- (char *(*)())EVP_PKEY_new,
- (char *(*)())d2i_PrivateKey,
- (bio), (unsigned char **)(key)));
-}
-#endif
-
-EVP_PKEY *SSL_read_PrivateKey(char* filename, EVP_PKEY **key, modssl_read_bio_cb_fn *cb, void *s)
-{
- EVP_PKEY *rc;
- BIO *bioS;
- BIO *bioF;
-
- /* 1. try PEM (= DER+Base64+headers) */
- if ((bioS=BIO_new_file(filename, "r")) == NULL)
- return NULL;
- rc = modssl_PEM_read_bio_PrivateKey(bioS, key, cb, s);
- BIO_free(bioS);
-
- if (rc == NULL) {
- /* 2. try DER+Base64 */
- if ((bioS = BIO_new_file(filename, "r")) == NULL)
- return NULL;
-
- if ((bioF = BIO_new(BIO_f_base64())) == NULL) {
- BIO_free(bioS);
- return NULL;
- }
- bioS = BIO_push(bioF, bioS);
- rc = d2i_PrivateKey_bio(bioS, NULL);
- BIO_free_all(bioS);
-
- if (rc == NULL) {
- /* 3. try plain DER */
- if ((bioS = BIO_new_file(filename, "r")) == NULL)
- return NULL;
- rc = d2i_PrivateKey_bio(bioS, NULL);
- BIO_free(bioS);
- }
- }
- if (rc != NULL && key != NULL) {
- if (*key != NULL)
- EVP_PKEY_free(*key);
- *key = rc;
- }
- return rc;
-}
-
-/* _________________________________________________________________
-**
-** Smart shutdown
-** _________________________________________________________________
-*/
-
-int SSL_smart_shutdown(SSL *ssl)
-{
- int i;
- int rc;
-
- /*
- * Repeat the calls, because SSL_shutdown internally dispatches through a
- * little state machine. Usually only one or two interation should be
- * needed, so we restrict the total number of restrictions in order to
- * avoid process hangs in case the client played bad with the socket
- * connection and OpenSSL cannot recognize it.
- */
- rc = 0;
- for (i = 0; i < 4 /* max 2x pending + 2x data = 4 */; i++) {
- if ((rc = SSL_shutdown(ssl)))
- break;
- }
- return rc;
-}
-
-/* _________________________________________________________________
-**
-** Certificate Revocation List (CRL) Storage
-** _________________________________________________________________
-*/
-
-X509_STORE *SSL_X509_STORE_create(char *cpFile, char *cpPath)
-{
- X509_STORE *pStore;
- X509_LOOKUP *pLookup;
-
- if (cpFile == NULL && cpPath == NULL)
- return NULL;
- if ((pStore = X509_STORE_new()) == NULL)
- return NULL;
- if (cpFile != NULL) {
- pLookup = X509_STORE_add_lookup(pStore, X509_LOOKUP_file());
- if (pLookup == NULL) {
- X509_STORE_free(pStore);
- return NULL;
- }
- X509_LOOKUP_load_file(pLookup, cpFile, X509_FILETYPE_PEM);
- }
- if (cpPath != NULL) {
- pLookup = X509_STORE_add_lookup(pStore, X509_LOOKUP_hash_dir());
- if (pLookup == NULL) {
- X509_STORE_free(pStore);
- return NULL;
- }
- X509_LOOKUP_add_dir(pLookup, cpPath, X509_FILETYPE_PEM);
- }
- return pStore;
-}
-
-int SSL_X509_STORE_lookup(X509_STORE *pStore, int nType,
- X509_NAME *pName, X509_OBJECT *pObj)
-{
- X509_STORE_CTX pStoreCtx;
- int rc;
-
- X509_STORE_CTX_init(&pStoreCtx, pStore, NULL, NULL);
- rc = X509_STORE_get_by_subject(&pStoreCtx, nType, pName, pObj);
- X509_STORE_CTX_cleanup(&pStoreCtx);
- return rc;
-}
-
-/* _________________________________________________________________
-**
-** Cipher Suite Spec String Creation
-** _________________________________________________________________
-*/
-
-char *SSL_make_ciphersuite(apr_pool_t *p, SSL *ssl)
-{
- STACK_OF(SSL_CIPHER) *sk;
- SSL_CIPHER *c;
- int i;
- int l;
- char *cpCipherSuite;
- char *cp;
-
- if (ssl == NULL)
- return "";
- if ((sk = (STACK_OF(SSL_CIPHER) *)SSL_get_ciphers(ssl)) == NULL)
- return "";
- l = 0;
- for (i = 0; i < sk_SSL_CIPHER_num(sk); i++) {
- c = sk_SSL_CIPHER_value(sk, i);
- l += strlen(SSL_CIPHER_get_name(c))+2+1;
- }
- if (l == 0)
- return "";
- cpCipherSuite = (char *)apr_palloc(p, l+1);
- cp = cpCipherSuite;
- for (i = 0; i < sk_SSL_CIPHER_num(sk); i++) {
- c = sk_SSL_CIPHER_value(sk, i);
- l = strlen(SSL_CIPHER_get_name(c));
- memcpy(cp, SSL_CIPHER_get_name(c), l);
- cp += l;
- *cp++ = '/';
- *cp++ = (SSL_CIPHER_get_valid(c) == 1 ? '1' : '0');
- *cp++ = ':';
- }
- *(cp-1) = NUL;
- return cpCipherSuite;
-}
-
-/* _________________________________________________________________
-**
-** Certificate Checks
-** _________________________________________________________________
-*/
-
-/* check whether cert contains extended key usage with a SGC tag */
-BOOL SSL_X509_isSGC(X509 *cert)
-{
-#ifdef HAVE_SSL_X509V3_EXT_d2i
- X509_EXTENSION *ext;
- int ext_nid;
- STACK *sk;
- BOOL is_sgc;
- int idx;
- int i;
-
- is_sgc = FALSE;
- idx = X509_get_ext_by_NID(cert, NID_ext_key_usage, -1);
- if (idx >= 0) {
- ext = X509_get_ext(cert, idx);
- if ((sk = (STACK *)X509V3_EXT_d2i(ext)) != NULL) {
- for (i = 0; i < sk_num(sk); i++) {
- ext_nid = OBJ_obj2nid((ASN1_OBJECT *)sk_value(sk, i));
- if (ext_nid == NID_ms_sgc || ext_nid == NID_ns_sgc) {
- is_sgc = TRUE;
- break;
- }
- }
- }
- }
- return is_sgc;
-#else
- return FALSE;
-#endif
-}
-
-/* retrieve basic constraints ingredients */
-BOOL SSL_X509_getBC(X509 *cert, int *ca, int *pathlen)
-{
-#ifdef HAVE_SSL_X509V3_EXT_d2i
- X509_EXTENSION *ext;
- BASIC_CONSTRAINTS *bc;
- int idx;
- BIGNUM *bn = NULL;
- char *cp;
-
- if ((idx = X509_get_ext_by_NID(cert, NID_basic_constraints, -1)) < 0)
- return FALSE;
- ext = X509_get_ext(cert, idx);
- if (ext == NULL)
- return FALSE;
- if ((bc = (BASIC_CONSTRAINTS *)X509V3_EXT_d2i(ext)) == NULL)
- return FALSE;
- *ca = bc->ca;
- *pathlen = -1 /* unlimited */;
- if (bc->pathlen != NULL) {
- if ((bn = ASN1_INTEGER_to_BN(bc->pathlen, NULL)) == NULL)
- return FALSE;
- if ((cp = BN_bn2dec(bn)) == NULL)
- return FALSE;
- *pathlen = atoi(cp);
- free(cp);
- BN_free(bn);
- }
- BASIC_CONSTRAINTS_free(bc);
- return TRUE;
-#else
- return FALSE;
-#endif
-}
-
-/* retrieve subject CommonName of certificate */
-BOOL SSL_X509_getCN(apr_pool_t *p, X509 *xs, char **cppCN)
-{
- X509_NAME *xsn;
- X509_NAME_ENTRY *xsne;
- int i, nid;
- unsigned char *data_ptr;
- int data_len;
-
- xsn = X509_get_subject_name(xs);
- for (i = 0; i < sk_X509_NAME_ENTRY_num((STACK_OF(X509_NAME_ENTRY) *)
- X509_NAME_get_entries(xsn)); i++) {
- xsne = sk_X509_NAME_ENTRY_value((STACK_OF(X509_NAME_ENTRY) *)
- X509_NAME_get_entries(xsn), i);
- nid = OBJ_obj2nid((ASN1_OBJECT *)X509_NAME_ENTRY_get_object(xsne));
- if (nid == NID_commonName) {
- data_ptr = X509_NAME_ENTRY_get_data_ptr(xsne);
- data_len = X509_NAME_ENTRY_get_data_len(xsne);
- *cppCN = apr_palloc(p, data_len+1);
- apr_cpystrn(*cppCN, (char *)data_ptr, data_len+1);
- (*cppCN)[data_len] = NUL;
-#ifdef CHARSET_EBCDIC
- ascii2ebcdic(*cppCN, *cppCN, strlen(*cppCN));
-#endif
- return TRUE;
- }
- }
- return FALSE;
-}
-
-/* _________________________________________________________________
-**
-** Low-Level CA Certificate Loading
-** _________________________________________________________________
-*/
-
-BOOL SSL_X509_INFO_load_file(apr_pool_t *ptemp,
- STACK_OF(X509_INFO) *sk,
- const char *filename)
-{
- BIO *in;
-
- if (!(in = BIO_new(BIO_s_file()))) {
- return FALSE;
- }
-
- if (BIO_read_filename(in, MODSSL_PCHAR_CAST filename) <= 0) {
- BIO_free(in);
- return FALSE;
- }
-
- ERR_clear_error();
-
- modssl_PEM_X509_INFO_read_bio(in, sk, NULL, NULL);
-
- BIO_free(in);
-
- return TRUE;
-}
-
-BOOL SSL_X509_INFO_load_path(apr_pool_t *ptemp,
- STACK_OF(X509_INFO) *sk,
- const char *pathname)
-{
- /* XXX: this dir read code is exactly the same as that in
- * ssl_engine_init.c, only the call to handle the fullname is different,
- * should fold the duplication.
- */
- apr_dir_t *dir;
- apr_finfo_t dirent;
- apr_int32_t finfo_flags = APR_FINFO_TYPE|APR_FINFO_NAME;
- const char *fullname;
- BOOL ok = FALSE;
-
- if (apr_dir_open(&dir, pathname, ptemp) != APR_SUCCESS) {
- return FALSE;
- }
-
- while ((apr_dir_read(&dirent, finfo_flags, dir)) == APR_SUCCESS) {
- if (dirent.filetype == APR_DIR) {
- continue; /* don't try to load directories */
- }
-
- fullname = apr_pstrcat(ptemp,
- pathname, "/", dirent.name,
- NULL);
-
- if (SSL_X509_INFO_load_file(ptemp, sk, fullname)) {
- ok = TRUE;
- }
- }
-
- apr_dir_close(dir);
-
- return ok;
-}
-
-/* _________________________________________________________________
-**
-** Extra Server Certificate Chain Support
-** _________________________________________________________________
-*/
-
-/*
- * Read a file that optionally contains the server certificate in PEM
- * format, possibly followed by a sequence of CA certificates that
- * should be sent to the peer in the SSL Certificate message.
- */
-int SSL_CTX_use_certificate_chain(
- SSL_CTX *ctx, char *file, int skipfirst, modssl_read_bio_cb_fn *cb)
-{
- BIO *bio;
- X509 *x509;
- unsigned long err;
- int n;
- STACK *extra_certs;
-
- if ((bio = BIO_new(BIO_s_file_internal())) == NULL)
- return -1;
- if (BIO_read_filename(bio, file) <= 0) {
- BIO_free(bio);
- return -1;
- }
- /* optionally skip a leading server certificate */
- if (skipfirst) {
- if ((x509 = modssl_PEM_read_bio_X509(bio, NULL, cb, NULL)) == NULL) {
- BIO_free(bio);
- return -1;
- }
- X509_free(x509);
- }
- /* free a perhaps already configured extra chain */
- extra_certs=SSL_CTX_get_extra_certs(ctx);
- if (extra_certs != NULL) {
- sk_X509_pop_free((STACK_OF(X509) *)extra_certs, X509_free);
- SSL_CTX_set_extra_certs(ctx,NULL);
- }
- /* create new extra chain by loading the certs */
- n = 0;
- while ((x509 = modssl_PEM_read_bio_X509(bio, NULL, cb, NULL)) != NULL) {
- if (!SSL_CTX_add_extra_chain_cert(ctx, x509)) {
- X509_free(x509);
- BIO_free(bio);
- return -1;
- }
- n++;
- }
- /* Make sure that only the error is just an EOF */
- if ((err = ERR_peek_error()) > 0) {
- if (!( ERR_GET_LIB(err) == ERR_LIB_PEM
- && ERR_GET_REASON(err) == PEM_R_NO_START_LINE)) {
- BIO_free(bio);
- return -1;
- }
- while (ERR_get_error() > 0) ;
- }
- BIO_free(bio);
- return n;
-}
-
-/* _________________________________________________________________
-**
-** Session Stuff
-** _________________________________________________________________
-*/
-
-char *SSL_SESSION_id2sz(unsigned char *id, int idlen,
- char *str, int strsize)
-{
- char *cp;
- int n;
-
- cp = str;
- for (n = 0; n < idlen && n < SSL_MAX_SSL_SESSION_ID_LENGTH; n++) {
- apr_snprintf(cp, strsize - (cp-str), "%02X", id[n]);
- cp += 2;
- }
- *cp = NUL;
- return str;
-}
-
-/* sslc+OpenSSL compat */
-
-int modssl_session_get_time(SSL_SESSION *session)
-{
-#ifdef OPENSSL_VERSION_NUMBER
- return SSL_SESSION_get_time(session);
-#else /* assume sslc */
- CRYPTO_TIME_T ct;
- SSL_SESSION_get_time(session, &ct);
- return CRYPTO_time_to_int(&ct);
-#endif
-}
-
-#ifndef SSLC_VERSION_NUMBER
-#define SSLC_VERSION_NUMBER 0x0000
-#endif
-
-DH *modssl_dh_configure(unsigned char *p, int plen,
- unsigned char *g, int glen)
-{
- DH *dh;
-
- if (!(dh = DH_new())) {
- return NULL;
- }
-
-#if defined(OPENSSL_VERSION_NUMBER) || (SSLC_VERSION_NUMBER < 0x2000)
- dh->p = BN_bin2bn(p, plen, NULL);
- dh->g = BN_bin2bn(g, glen, NULL);
- if (!(dh->p && dh->g)) {
- DH_free(dh);
- return NULL;
- }
-#else
- R_EITEMS_add(dh->data, PK_TYPE_DH, PK_DH_P, 0, p, plen, R_EITEMS_PF_COPY);
- R_EITEMS_add(dh->data, PK_TYPE_DH, PK_DH_G, 0, g, glen, R_EITEMS_PF_COPY);
-#endif
-
- return dh;
-}
diff --git a/rubbos/app/httpd-2.0.64/modules/ssl/ssl_util_ssl.h b/rubbos/app/httpd-2.0.64/modules/ssl/ssl_util_ssl.h
deleted file mode 100644
index d5c48f16..00000000
--- a/rubbos/app/httpd-2.0.64/modules/ssl/ssl_util_ssl.h
+++ /dev/null
@@ -1,93 +0,0 @@
-/* Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-/* _ _
- * _ __ ___ ___ __| | ___ ___| | mod_ssl
- * | '_ ` _ \ / _ \ / _` | / __/ __| | Apache Interface to OpenSSL
- * | | | | | | (_) | (_| | \__ \__ \ |
- * |_| |_| |_|\___/ \__,_|___|___/___/_|
- * |_____|
- * ssl_util_ssl.h
- * Additional Utility Functions for OpenSSL
- */
-
-#ifndef __SSL_UTIL_SSL_H__
-#define __SSL_UTIL_SSL_H__
-
-/*
- * Determine SSL library version number
- */
-#define SSL_NIBBLE(x,n) ((x >> (n * 4)) & 0xF)
-
-#ifdef OPENSSL_VERSION_NUMBER
-#define SSL_LIBRARY_VERSION OPENSSL_VERSION_NUMBER
-#define SSL_LIBRARY_NAME "OpenSSL"
-#define SSL_LIBRARY_TEXT OPENSSL_VERSION_TEXT
-#define SSL_LIBRARY_DYNTEXT SSLeay_version(SSLEAY_VERSION)
-#elif defined(SSLC_VERSION_NUMBER)
-#define SSL_LIBRARY_VERSION SSLC_VERSION_NUMBER
-#define SSL_LIBRARY_NAME "SSL-C"
-#define SSL_LIBRARY_TEXT { 'S', 'S', 'L', '-', 'C', ' ', \
- '0' + SSL_NIBBLE(SSLC_VERSION_NUMBER,3), '.', \
- '0' + SSL_NIBBLE(SSLC_VERSION_NUMBER,2), '.', \
- '0' + SSL_NIBBLE(SSLC_VERSION_NUMBER,1), '.', \
- '0' + SSL_NIBBLE(SSLC_VERSION_NUMBER,0), 0 }
-#define SSL_LIBRARY_DYNTEXT SSLC_library_info(SSLC_INFO_VERSION)
-#elif !defined(SSL_LIBRARY_VERSION)
-#define SSL_LIBRARY_VERSION 0x0000
-#define SSL_LIBRARY_NAME "OtherSSL"
-#define SSL_LIBRARY_TEXT "OtherSSL 0.0.0 00 XXX 0000"
-#define SSL_LIBRARY_DYNTEXT "OtherSSL 0.0.0 00 XXX 0000"
-#endif
-
-/*
- * Maximum length of a DER encoded session.
- * FIXME: There is no define in OpenSSL, but OpenSSL uses 1024*10,
- * so this value should be ok. Although we have no warm feeling.
- */
-#define SSL_SESSION_MAX_DER 1024*10
-
-/* max length for SSL_SESSION_id2sz */
-#define SSL_SESSION_ID_STRING_LEN \
- ((SSL_MAX_SSL_SESSION_ID_LENGTH + 1) * 2)
-
-/*
- * Additional Functions
- */
-void SSL_init_app_data2_idx(void);
-void *SSL_get_app_data2(SSL *);
-void SSL_set_app_data2(SSL *, void *);
-X509 *SSL_read_X509(char *, X509 **, modssl_read_bio_cb_fn *);
-EVP_PKEY *SSL_read_PrivateKey(char *, EVP_PKEY **, modssl_read_bio_cb_fn *, void *);
-int SSL_smart_shutdown(SSL *ssl);
-X509_STORE *SSL_X509_STORE_create(char *, char *);
-int SSL_X509_STORE_lookup(X509_STORE *, int, X509_NAME *, X509_OBJECT *);
-char *SSL_make_ciphersuite(apr_pool_t *, SSL *);
-BOOL SSL_X509_isSGC(X509 *);
-BOOL SSL_X509_getBC(X509 *, int *, int *);
-BOOL SSL_X509_getCN(apr_pool_t *, X509 *, char **);
-BOOL SSL_X509_INFO_load_file(apr_pool_t *, STACK_OF(X509_INFO) *, const char *);
-BOOL SSL_X509_INFO_load_path(apr_pool_t *, STACK_OF(X509_INFO) *, const char *);
-int SSL_CTX_use_certificate_chain(SSL_CTX *, char *, int, modssl_read_bio_cb_fn *);
-char *SSL_SESSION_id2sz(unsigned char *, int, char *, int);
-
-/* util functions for OpenSSL+sslc compat */
-int modssl_session_get_time(SSL_SESSION *session);
-
-DH *modssl_dh_configure(unsigned char *p, int plen,
- unsigned char *g, int glen);
-
-#endif /* __SSL_UTIL_SSL_H__ */
diff --git a/rubbos/app/httpd-2.0.64/modules/ssl/ssl_util_table.c b/rubbos/app/httpd-2.0.64/modules/ssl/ssl_util_table.c
deleted file mode 100644
index 5eb98ec8..00000000
--- a/rubbos/app/httpd-2.0.64/modules/ssl/ssl_util_table.c
+++ /dev/null
@@ -1,2518 +0,0 @@
-/* Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-/* _ _
- * _ __ ___ ___ __| | ___ ___| | mod_ssl
- * | '_ ` _ \ / _ \ / _` | / __/ __| | Apache Interface to OpenSSL
- * | | | | | | (_) | (_| | \__ \__ \ |
- * |_| |_| |_|\___/ \__,_|___|___/___/_|
- * |_____|
- * ssl_util_table.c
- * High Performance Hash Table Functions
- */
-
-/*
- * Generic hash table handler
- * Table 4.1.0 July-28-1998
- *
- * This library is a generic open hash table with buckets and
- * linked lists. It is pretty high performance. Each element
- * has a key and a data. The user indexes on the key to find the
- * data.
- *
- * Copyright 1998 by Gray Watson <gray@letters.com>
- *
- * Permission to use, copy, modify, and distribute this software for any
- * purpose and without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies,
- * and that the name of Gray Watson not be used in advertising or
- * publicity pertaining to distribution of the document or software
- * without specific, written prior permission.
- *
- * Gray Watson makes no representations about the suitability of the
- * software described herein for any purpose. It is provided "as is"
- * without express or implied warranty.
- *
- * Modified in March 1999 by Ralf S. Engelschall <rse@engelschall.com>
- * for use in the mod_ssl project:
- * o merged table_loc.h header into table.c
- * o removed fillproto-comments from table.h
- * o removed mmap() support because it's too unportable
- * o added support for MM library via ta_{malloc,calloc,realloc,free}
- */
-
-#include <stdlib.h>
-#include <string.h>
-
-/* forward definitions for table.h */
-typedef struct table_st table_t;
-typedef struct table_entry_st table_entry_t;
-
-#define TABLE_PRIVATE
-#include "ssl_util_table.h"
-#include "mod_ssl.h"
-
-/****************************** local defines ******************************/
-
-#ifndef BITSPERBYTE
-#define BITSPERBYTE 8
-#endif
-#ifndef BITS
-#define BITS(type) (BITSPERBYTE * (int)sizeof(type))
-#endif
-
-#define TABLE_MAGIC 0xBADF00D /* very magic magicness */
-#define LINEAR_MAGIC 0xAD00D00 /* magic value for linear struct */
-#define DEFAULT_SIZE 1024 /* default table size */
-#define MAX_ALIGNMENT 128 /* max alignment value */
-#define MAX_SORT_SPLITS 128 /* qsort can handle 2^128 entries */
-
-/* returns 1 when we should grow or shrink the table */
-#define SHOULD_TABLE_GROW(tab) ((tab)->ta_entry_n > (tab)->ta_bucket_n * 2)
-#define SHOULD_TABLE_SHRINK(tab) ((tab)->ta_entry_n < (tab)->ta_bucket_n / 2)
-
-/*
- * void HASH_MIX
- *
- * DESCRIPTION:
- *
- * Mix 3 32-bit values reversibly. For every delta with one or two bits
- * set, and the deltas of all three high bits or all three low bits,
- * whether the original value of a,b,c is almost all zero or is
- * uniformly distributed.
- *
- * If HASH_MIX() is run forward or backward, at least 32 bits in a,b,c
- * have at least 1/4 probability of changing. If mix() is run
- * forward, every bit of c will change between 1/3 and 2/3 of the
- * time. (Well, 22/100 and 78/100 for some 2-bit deltas.)
- *
- * HASH_MIX() takes 36 machine instructions, but only 18 cycles on a
- * superscalar machine (like a Pentium or a Sparc). No faster mixer
- * seems to work, that's the result of my brute-force search. There
- * were about 2^68 hashes to choose from. I only tested about a
- * billion of those.
- */
-#define HASH_MIX(a, b, c) \
- do { \
- a -= b; a -= c; a ^= (c >> 13); \
- b -= c; b -= a; b ^= (a << 8); \
- c -= a; c -= b; c ^= (b >> 13); \
- a -= b; a -= c; a ^= (c >> 12); \
- b -= c; b -= a; b ^= (a << 16); \
- c -= a; c -= b; c ^= (b >> 5); \
- a -= b; a -= c; a ^= (c >> 3); \
- b -= c; b -= a; b ^= (a << 10); \
- c -= a; c -= b; c ^= (b >> 15); \
- } while(0)
-
-#define TABLE_POINTER(table, type, pnt) (pnt)
-
-/*
- * Macros to get at the key and the data pointers
- */
-#define ENTRY_KEY_BUF(entry_p) ((entry_p)->te_key_buf)
-#define ENTRY_DATA_BUF(tab_p, entry_p) \
- (ENTRY_KEY_BUF(entry_p) + (entry_p)->te_key_size)
-
-/*
- * Table structures...
- */
-
-/*
- * HACK: this should be equiv as the table_entry_t without the key_buf
- * char. We use this with the ENTRY_SIZE() macro above which solves
- * the problem with the lack of the [0] GNU hack. We use the
- * table_entry_t structure to better map the memory and make things
- * faster.
- */
-typedef struct table_shell_st {
- unsigned int te_key_size; /* size of data */
- unsigned int te_data_size; /* size of data */
- struct table_shell_st *te_next_p; /* pointer to next in the list */
- /* NOTE: this does not have the te_key_buf field here */
-} table_shell_t;
-
-/*
- * Elements in the bucket linked-lists. The key[1] is the start of
- * the key with the rest of the key and all of the data information
- * packed in memory directly after the end of this structure.
- *
- * NOTE: if this structure is changed, the table_shell_t must be changed
- * to match.
- */
-struct table_entry_st {
- unsigned int te_key_size; /* size of data */
- unsigned int te_data_size; /* size of data */
- struct table_entry_st *te_next_p; /* pointer to next in the list */
- unsigned char te_key_buf[1]; /* 1st byte of key buf */
-};
-
-/* external structure for debuggers be able to see void */
-typedef table_entry_t table_entry_ext_t;
-
-/* main table structure */
-struct table_st {
- unsigned int ta_magic; /* magic number */
- unsigned int ta_flags; /* table's flags defined in table.h */
- unsigned int ta_bucket_n; /* num of buckets, should be 2^X */
- unsigned int ta_entry_n; /* num of entries in all buckets */
- unsigned int ta_data_align; /* data alignment value */
- table_entry_t **ta_buckets; /* array of linked lists */
- table_linear_t ta_linear; /* linear tracking */
- unsigned long ta_file_size; /* size of on-disk space */
- void *(*ta_malloc)(void *opt_param, size_t size);
- void *(*ta_calloc)(void *opt_param, size_t number, size_t size);
- void *(*ta_realloc)(void *opt_param, void *ptr, size_t size);
- void (*ta_free)(void *opt_param, void *ptr);
- void *opt_param;
-};
-
-/* external table structure for debuggers */
-typedef table_t table_ext_t;
-
-/* local comparison functions */
-typedef int (*compare_t) (const void *element1_p, const void *element2_p,
- table_compare_t user_compare,
- const table_t * table_p);
-
-/*
- * to map error to string
- */
-typedef struct {
- int es_error; /* error number */
- char *es_string; /* assocaited string */
-} error_str_t;
-
-static error_str_t errors[] =
-{
- {TABLE_ERROR_NONE, "no error"},
- {TABLE_ERROR_PNT, "invalid table pointer"},
- {TABLE_ERROR_ARG_NULL, "buffer argument is null"},
- {TABLE_ERROR_SIZE, "incorrect size argument"},
- {TABLE_ERROR_OVERWRITE, "key exists and no overwrite"},
- {TABLE_ERROR_NOT_FOUND, "key does not exist"},
- {TABLE_ERROR_ALLOC, "error allocating memory"},
- {TABLE_ERROR_LINEAR, "linear access not in progress"},
- {TABLE_ERROR_OPEN, "could not open file"},
- {TABLE_ERROR_SEEK, "could not seek to position in file"},
- {TABLE_ERROR_READ, "could not read from file"},
- {TABLE_ERROR_WRITE, "could not write to file"},
- {TABLE_ERROR_EMPTY, "table is empty"},
- {TABLE_ERROR_NOT_EMPTY, "table contains data"},
- {TABLE_ERROR_ALIGNMENT, "invalid alignment value"},
- {0}
-};
-
-#define INVALID_ERROR "invalid error code"
-
-
-/********************** wrappers for system functions ************************/
-static void *sys_malloc(void *param, size_t size)
-{
- return malloc(size);
-}
-
-static void *sys_calloc(void *param, size_t size1, size_t size2)
-{
- return calloc(size1, size2);
-}
-
-static void *sys_realloc(void *param, void *ptr, size_t size)
-{
- return realloc(ptr, size);
-}
-
-static void sys_free(void *param, void *ptr)
-{
- free(ptr);
-}
-
-/****************************** local functions ******************************/
-
-/*
- * static table_entry_t *first_entry
- *
- * DESCRIPTION:
- *
- * Return the first entry in the table. It will set the linear
- * structure counter to the position of the first entry.
- *
- * RETURNS:
- *
- * Success: A pointer to the first entry in the table.
- *
- * Failure: NULL if there is no first entry.
- *
- * ARGUMENTS:
- *
- * table_p - Table whose next entry we are finding.
- *
- * linear_p - Pointer to a linear structure which we will advance and
- * then find the corresponding entry.
- */
-static table_entry_t *first_entry(table_t * table_p,
- table_linear_t * linear_p)
-{
- table_entry_t *entry_p;
- unsigned int bucket_c = 0;
-
- /* look for the first non-empty bucket */
- for (bucket_c = 0; bucket_c < table_p->ta_bucket_n; bucket_c++) {
- entry_p = table_p->ta_buckets[bucket_c];
- if (entry_p != NULL) {
- if (linear_p != NULL) {
- linear_p->tl_bucket_c = bucket_c;
- linear_p->tl_entry_c = 0;
- }
- return TABLE_POINTER(table_p, table_entry_t *, entry_p);
- }
- }
-
- return NULL;
-}
-
-/*
- * static table_entry_t *next_entry
- *
- * DESCRIPTION:
- *
- * Return the next entry in the table which is past the position in
- * our linear pointer. It will advance the linear structure counters.
- *
- * RETURNS:
- *
- * Success: A pointer to the next entry in the table.
- *
- * Failure: NULL.
- *
- * ARGUMENTS:
- *
- * table_p - Table whose next entry we are finding.
- *
- * linear_p - Pointer to a linear structure which we will advance and
- * then find the corresponding entry.
- *
- * error_p - Pointer to an integer which when the routine returns will
- * contain a table error code.
- */
-static table_entry_t *next_entry(table_t * table_p, table_linear_t * linear_p,
- int *error_p)
-{
- table_entry_t *entry_p;
- int entry_c;
-
- /* can't next if we haven't first-ed */
- if (linear_p == NULL) {
- if (error_p != NULL)
- *error_p = TABLE_ERROR_LINEAR;
- return NULL;
- }
-
- if (linear_p->tl_bucket_c >= table_p->ta_bucket_n) {
- /*
- * NOTE: this might happen if we delete an item which shortens the
- * table bucket numbers.
- */
- if (error_p != NULL)
- *error_p = TABLE_ERROR_NOT_FOUND;
- return NULL;
- }
-
- linear_p->tl_entry_c++;
-
- /* find the entry which is the nth in the list */
- entry_p = table_p->ta_buckets[linear_p->tl_bucket_c];
- /* NOTE: we swap the order here to be more efficient */
- for (entry_c = linear_p->tl_entry_c; entry_c > 0; entry_c--) {
- /* did we reach the end of the list? */
- if (entry_p == NULL)
- break;
- entry_p = TABLE_POINTER(table_p, table_entry_t *, entry_p)->te_next_p;
- }
-
- /* did we find an entry in the current bucket? */
- if (entry_p != NULL) {
- if (error_p != NULL)
- *error_p = TABLE_ERROR_NONE;
- return TABLE_POINTER(table_p, table_entry_t *, entry_p);
- }
-
- /* find the first entry in the next non-empty bucket */
-
- linear_p->tl_entry_c = 0;
- for (linear_p->tl_bucket_c++; linear_p->tl_bucket_c < table_p->ta_bucket_n;
- linear_p->tl_bucket_c++) {
- entry_p = table_p->ta_buckets[linear_p->tl_bucket_c];
- if (entry_p != NULL) {
- if (error_p != NULL)
- *error_p = TABLE_ERROR_NONE;
- return TABLE_POINTER(table_p, table_entry_t *, entry_p);
- }
- }
-
- if (error_p != NULL)
- *error_p = TABLE_ERROR_NOT_FOUND;
- return NULL;
-}
-
-/*
- * static unsigned int hash
- *
- * DESCRIPTION:
- *
- * Hash a variable-length key into a 32-bit value. Every bit of the
- * key affects every bit of the return value. Every 1-bit and 2-bit
- * delta achieves avalanche. About (6 * len + 35) instructions. The
- * best hash table sizes are powers of 2. There is no need to use mod
- * (sooo slow!). If you need less than 32 bits, use a bitmask. For
- * example, if you need only 10 bits, do h = (h & hashmask(10)); In
- * which case, the hash table should have hashsize(10) elements.
- *
- * By Bob Jenkins, 1996. bob_jenkins@compuserve.com. You may use
- * this code any way you wish, private, educational, or commercial.
- * It's free. See
- * http://ourworld.compuserve.com/homepages/bob_jenkins/evahash.htm
- * Use for hash table lookup, or anything where one collision in 2^^32
- * is acceptable. Do NOT use for cryptographic purposes.
- *
- * RETURNS:
- *
- * Returns a 32-bit hash value.
- *
- * ARGUMENTS:
- *
- * key - Key (the unaligned variable-length array of bytes) that we
- * are hashing.
- *
- * length - Length of the key in bytes.
- *
- * init_val - Initialization value of the hash if you need to hash a
- * number of strings together. For instance, if you are hashing N
- * strings (unsigned char **)keys, do it like this:
- *
- * for (i=0, h=0; i<N; ++i) h = hash( keys[i], len[i], h);
- */
-static unsigned int hash(const unsigned char *key,
- const unsigned int length,
- const unsigned int init_val)
-{
- const unsigned char *key_p = key;
- unsigned int a, b, c, len;
-
- /* set up the internal state */
- a = 0x9e3779b9; /* the golden ratio; an arbitrary value */
- b = 0x9e3779b9;
- c = init_val; /* the previous hash value */
-
- /* handle most of the key */
- for (len = length; len >= 12; len -= 12) {
- a += (key_p[0]
- + ((unsigned long) key_p[1] << 8)
- + ((unsigned long) key_p[2] << 16)
- + ((unsigned long) key_p[3] << 24));
- b += (key_p[4]
- + ((unsigned long) key_p[5] << 8)
- + ((unsigned long) key_p[6] << 16)
- + ((unsigned long) key_p[7] << 24));
- c += (key_p[8]
- + ((unsigned long) key_p[9] << 8)
- + ((unsigned long) key_p[10] << 16)
- + ((unsigned long) key_p[11] << 24));
- HASH_MIX(a, b, c);
- key_p += 12;
- }
-
- c += length;
-
- /* all the case statements fall through to the next */
- switch (len) {
- case 11:
- c += ((unsigned long) key_p[10] << 24);
- case 10:
- c += ((unsigned long) key_p[9] << 16);
- case 9:
- c += ((unsigned long) key_p[8] << 8);
- /* the first byte of c is reserved for the length */
- case 8:
- b += ((unsigned long) key_p[7] << 24);
- case 7:
- b += ((unsigned long) key_p[6] << 16);
- case 6:
- b += ((unsigned long) key_p[5] << 8);
- case 5:
- b += key_p[4];
- case 4:
- a += ((unsigned long) key_p[3] << 24);
- case 3:
- a += ((unsigned long) key_p[2] << 16);
- case 2:
- a += ((unsigned long) key_p[1] << 8);
- case 1:
- a += key_p[0];
- /* case 0: nothing left to add */
- }
- HASH_MIX(a, b, c);
-
- return c;
-}
-
-/*
- * static int entry_size
- *
- * DESCRIPTION:
- *
- * Calculates the appropriate size of an entry to include the key and
- * data sizes as well as any associated alignment to the data.
- *
- * RETURNS:
- *
- * The associated size of the entry.
- *
- * ARGUMENTS:
- *
- * table_p - Table associated with the entries whose size we are
- * determining.
- *
- * key_size - Size of the entry key.
- *
- * data - Size of the entry data.
- */
-static int entry_size(const table_t * table_p, const unsigned int key_size,
- const unsigned int data_size)
-{
- int size, left;
-
- /* initial size -- key is already aligned if right after struct */
- size = sizeof(struct table_shell_st) + key_size;
-
- /* if there is no alignment then it is easy */
- if (table_p->ta_data_align == 0)
- return size + data_size;
- /* add in our alignement */
- left = size & (table_p->ta_data_align - 1);
- if (left > 0)
- size += table_p->ta_data_align - left;
- /* we add the data size here after the alignment */
- size += data_size;
-
- return size;
-}
-
-/*
- * static unsigned char *entry_data_buf
- *
- * DESCRIPTION:
- *
- * Companion to the ENTRY_DATA_BUF macro but this handles any
- * associated alignment to the data in the entry.
- *
- * RETURNS:
- *
- * Pointer to the data segment of the entry.
- *
- * ARGUMENTS:
- *
- * table_p - Table associated with the entry.
- *
- * entry_p - Entry whose data pointer we are determining.
- */
-static unsigned char *entry_data_buf(const table_t * table_p,
- const table_entry_t * entry_p)
-{
- const unsigned char *buf_p;
- int size, pad;
-
- buf_p = entry_p->te_key_buf + entry_p->te_key_size;
-
- /* if there is no alignment then it is easy */
- if (table_p->ta_data_align == 0)
- return (unsigned char *) buf_p;
- /* we need the size of the space before the data */
- size = sizeof(struct table_shell_st) + entry_p->te_key_size;
-
- /* add in our alignment */
- pad = size & (table_p->ta_data_align - 1);
- if (pad > 0)
- pad = table_p->ta_data_align - pad;
- return (unsigned char *) buf_p + pad;
-}
-
-/******************************* sort routines *******************************/
-
-/*
- * static int our_compare
- *
- * DESCRIPTION:
- *
- * Compare two entries by calling user's compare program or by using
- * memcmp.
- *
- * RETURNS:
- *
- * < 0, == 0, or > 0 depending on whether p1 is > p2, == p2, < p2.
- *
- * ARGUMENTS:
- *
- * p1 - First entry pointer to compare.
- *
- * p2 - Second entry pointer to compare.
- *
- * compare - User comparison function. Ignored.
- *
- * table_p - Associated table being ordered. Ignored.
- */
-static int local_compare(const void *p1, const void *p2,
- table_compare_t compare, const table_t * table_p)
-{
- const table_entry_t *const *ent1_p = p1, *const *ent2_p = p2;
- int cmp;
- unsigned int size;
-
- /* compare as many bytes as we can */
- size = (*ent1_p)->te_key_size;
- if ((*ent2_p)->te_key_size < size)
- size = (*ent2_p)->te_key_size;
- cmp = memcmp(ENTRY_KEY_BUF(*ent1_p), ENTRY_KEY_BUF(*ent2_p), size);
- /* if common-size equal, then if next more bytes, it is larger */
- if (cmp == 0)
- cmp = (*ent1_p)->te_key_size - (*ent2_p)->te_key_size;
- return cmp;
-}
-
-/*
- * static int external_compare
- *
- * DESCRIPTION:
- *
- * Compare two entries by calling user's compare program or by using
- * memcmp.
- *
- * RETURNS:
- *
- * < 0, == 0, or > 0 depending on whether p1 is > p2, == p2, < p2.
- *
- * ARGUMENTS:
- *
- * p1 - First entry pointer to compare.
- *
- * p2 - Second entry pointer to compare.
- *
- * user_compare - User comparison function.
- *
- * table_p - Associated table being ordered.
- */
-static int external_compare(const void *p1, const void *p2,
- table_compare_t user_compare,
- const table_t * table_p)
-{
- const table_entry_t *const *ent1_p = p1, *const *ent2_p = p2;
- /* since we know we are not aligned we can use the EXTRY_DATA_BUF macro */
- return user_compare(ENTRY_KEY_BUF(*ent1_p), (*ent1_p)->te_key_size,
- ENTRY_DATA_BUF(table_p, *ent1_p),
- (*ent1_p)->te_data_size,
- ENTRY_KEY_BUF(*ent2_p), (*ent2_p)->te_key_size,
- ENTRY_DATA_BUF(table_p, *ent2_p),
- (*ent2_p)->te_data_size);
-}
-
-/*
- * static int external_compare_align
- *
- * DESCRIPTION:
- *
- * Compare two entries by calling user's compare program or by using
- * memcmp. Alignment information is necessary.
- *
- * RETURNS:
- *
- * < 0, == 0, or > 0 depending on whether p1 is > p2, == p2, < p2.
- *
- * ARGUMENTS:
- *
- * p1 - First entry pointer to compare.
- *
- * p2 - Second entry pointer to compare.
- *
- * user_compare - User comparison function.
- *
- * table_p - Associated table being ordered.
- */
-static int external_compare_align(const void *p1, const void *p2,
- table_compare_t user_compare,
- const table_t * table_p)
-{
- const table_entry_t *const *ent1_p = p1, *const *ent2_p = p2;
- /* since we are aligned we have to use the entry_data_buf function */
- return user_compare(ENTRY_KEY_BUF(*ent1_p), (*ent1_p)->te_key_size,
- entry_data_buf(table_p, *ent1_p),
- (*ent1_p)->te_data_size,
- ENTRY_KEY_BUF(*ent2_p), (*ent2_p)->te_key_size,
- entry_data_buf(table_p, *ent2_p),
- (*ent2_p)->te_data_size);
-}
-
-/*
- * static void split
- *
- * DESCRIPTION:
- *
- * This sorts an array of longs via the quick sort algorithm (it's
- * pretty quick)
- *
- * RETURNS:
- *
- * None.
- *
- * ARGUMENTS:
- *
- * first_p - Start of the list that we are splitting.
- *
- * last_p - Last entry in the list that we are splitting.
- *
- * compare - Comparison function which is handling the actual
- * elements. This is either a local function or a function to setup
- * the problem element key and data pointers which then hands off to
- * the user function.
- *
- * user_compare - User comparison function. Could be NULL if we are
- * just using a local comparison function.
- *
- * table_p - Associated table being sorted.
- */
-static void split(void *first_p, void *last_p, compare_t compare,
- table_compare_t user_compare, table_t * table_p)
-{
- void *pivot_p, *left_p, *right_p, *left_last_p, *right_first_p;
- void *firsts[MAX_SORT_SPLITS], *lasts[MAX_SORT_SPLITS];
- int split_c = 0;
-
- for (;;) {
-
- /* no need to split the list if it is < 2 elements */
- while (first_p >= last_p) {
- if (split_c == 0) {
- /* we are done */
- return;
- }
- split_c--;
- first_p = firsts[split_c];
- last_p = lasts[split_c];
- }
-
- left_p = first_p;
- right_p = last_p;
- pivot_p = first_p;
-
- do {
- /* scan from right hand side */
- while (right_p > left_p
- && compare(right_p, pivot_p, user_compare, table_p) > 0)
- right_p = (char *) right_p - sizeof(table_entry_t *);
- /* scan from left hand side */
- while (right_p > left_p
- && compare(pivot_p, left_p, user_compare, table_p) >= 0)
- left_p = (char *) left_p + sizeof(table_entry_t *);
- /* if the pointers haven't met then swap values */
- if (right_p > left_p) {
- /* swap_bytes(left_p, right_p) */
- table_entry_t *temp;
-
- temp = *(table_entry_t **) left_p;
- *(table_entry_t **) left_p = *(table_entry_t **) right_p;
- *(table_entry_t **) right_p = temp;
- }
- } while (right_p > left_p);
-
- /* now we swap the pivot with the right-hand side */
- {
- /* swap_bytes(pivot_p, right_p); */
- table_entry_t *temp;
-
- temp = *(table_entry_t **) pivot_p;
- *(table_entry_t **) pivot_p = *(table_entry_t **) right_p;
- *(table_entry_t **) right_p = temp;
- }
- pivot_p = right_p;
-
- /* save the section to the right of the pivot in our stack */
- right_first_p = (char *) pivot_p + sizeof(table_entry_t *);
- left_last_p = (char *) pivot_p - sizeof(table_entry_t *);
-
- /* do we need to save the righthand side? */
- if (right_first_p < last_p) {
- if (split_c >= MAX_SORT_SPLITS) {
- /* sanity check here -- we should never get here */
- abort();
- }
- firsts[split_c] = right_first_p;
- lasts[split_c] = last_p;
- split_c++;
- }
-
- /* do the left hand side of the pivot */
- /* first_p = first_p */
- last_p = left_last_p;
- }
-}
-
-/*************************** exported routines *******************************/
-
-/*
- * table_t *table_alloc
- *
- * DESCRIPTION:
- *
- * Allocate a new table structure.
- *
- * RETURNS:
- *
- * A pointer to the new table structure which must be passed to
- * table_free to be deallocated. On error a NULL is returned.
- *
- * ARGUMENTS:
- *
- * bucket_n - Number of buckets for the hash table. Our current hash
- * value works best with base two numbers. Set to 0 to take the
- * library default of 1024.
- *
- * error_p - Pointer to an integer which, if not NULL, will contain a
- * table error code.
- *
- * malloc_f, realloc_f, free_f - Pointers to malloc(3)-, realloc(3)-
- * and free(3)-style functions.
- */
-table_t *table_alloc(const unsigned int bucket_n, int *error_p,
- void *(*malloc_f)(void *opt_param, size_t size),
- void *(*calloc_f)(void *opt_param, size_t number, size_t size),
- void *(*realloc_f)(void *opt_param, void *ptr, size_t size),
- void (*free_f)(void *opt_param, void *ptr), void *opt_param)
-{
- table_t *table_p = NULL;
- unsigned int buck_n;
-
- /* allocate a table structure */
- if (malloc_f != NULL)
- table_p = malloc_f(opt_param, sizeof(table_t));
- else
- table_p = malloc(sizeof(table_t));
- if (table_p == NULL) {
- if (error_p != NULL)
- *error_p = TABLE_ERROR_ALLOC;
- return NULL;
- }
-
- if (bucket_n > 0)
- buck_n = bucket_n;
- else
- buck_n = DEFAULT_SIZE;
- /* allocate the buckets which are NULLed */
- if (calloc_f != NULL)
- table_p->ta_buckets = (table_entry_t **)calloc_f(opt_param, buck_n,
- sizeof(table_entry_t *));
- else
- table_p->ta_buckets = (table_entry_t **)calloc(buck_n, sizeof(table_entry_t *));
- if (table_p->ta_buckets == NULL) {
- if (error_p != NULL)
- *error_p = TABLE_ERROR_ALLOC;
- if (free_f != NULL)
- free_f(opt_param, table_p);
- else
- free(table_p);
- return NULL;
- }
-
- /* initialize structure */
- table_p->ta_magic = TABLE_MAGIC;
- table_p->ta_flags = 0;
- table_p->ta_bucket_n = buck_n;
- table_p->ta_entry_n = 0;
- table_p->ta_data_align = 0;
- table_p->ta_linear.tl_magic = 0;
- table_p->ta_linear.tl_bucket_c = 0;
- table_p->ta_linear.tl_entry_c = 0;
- table_p->ta_file_size = 0;
- table_p->ta_malloc = malloc_f != NULL ? malloc_f : sys_malloc;
- table_p->ta_calloc = calloc_f != NULL ? calloc_f : sys_calloc;
- table_p->ta_realloc = realloc_f != NULL ? realloc_f : sys_realloc;
- table_p->ta_free = free_f != NULL ? free_f : sys_free;
- table_p->opt_param = opt_param;
-
- if (error_p != NULL)
- *error_p = TABLE_ERROR_NONE;
- return table_p;
-}
-
-/*
- * int table_attr
- *
- * DESCRIPTION:
- *
- * Set the attributes for the table. The available attributes are
- * specified at the top of table.h.
- *
- * RETURNS:
- *
- * Success - TABLE_ERROR_NONE
- *
- * Failure - Table error code.
- *
- * ARGUMENTS:
- *
- * table_p - Pointer to a table structure which we will be altering.
- *
- * attr - Attribute(s) that we will be applying to the table.
- */
-int table_attr(table_t * table_p, const int attr)
-{
- if (table_p == NULL)
- return TABLE_ERROR_ARG_NULL;
- if (table_p->ta_magic != TABLE_MAGIC)
- return TABLE_ERROR_PNT;
- table_p->ta_flags = attr;
-
- return TABLE_ERROR_NONE;
-}
-
-/*
- * int table_set_data_alignment
- *
- * DESCRIPTION:
- *
- * Set the alignment for the data in the table. For data elements
- * sizeof(long) is recommended unless you use smaller data types
- * exclusively.
- *
- * WARNING: This must be done before any data gets put into the table.
- *
- * RETURNS:
- *
- * Success - TABLE_ERROR_NONE
- *
- * Failure - Table error code.
- *
- * ARGUMENTS:
- *
- * table_p - Pointer to a table structure which we will be altering.
- *
- * alignment - Alignment requested for the data. Must be a power of
- * 2. Set to 0 for none.
- */
-int table_set_data_alignment(table_t * table_p, const int alignment)
-{
- int val;
-
- if (table_p == NULL)
- return TABLE_ERROR_ARG_NULL;
- if (table_p->ta_magic != TABLE_MAGIC)
- return TABLE_ERROR_PNT;
- if (table_p->ta_entry_n > 0)
- return TABLE_ERROR_NOT_EMPTY;
- /* defaults */
- if (alignment < 2)
- table_p->ta_data_align = 0;
- else {
- /* verify we have a base 2 number */
- for (val = 2; val < MAX_ALIGNMENT; val *= 2) {
- if (val == alignment)
- break;
- }
- if (val >= MAX_ALIGNMENT)
- return TABLE_ERROR_ALIGNMENT;
- table_p->ta_data_align = alignment;
- }
-
- return TABLE_ERROR_NONE;
-}
-
-/*
- * int table_clear
- *
- * DESCRIPTION:
- *
- * Clear out and free all elements in a table structure.
- *
- * RETURNS:
- *
- * Success - TABLE_ERROR_NONE
- *
- * Failure - Table error code.
- *
- * ARGUMENTS:
- *
- * table_p - Table structure pointer that we will be clearing.
- */
-int table_clear(table_t * table_p)
-{
- table_entry_t *entry_p, *next_p;
- table_entry_t **bucket_p, **bounds_p;
-
- if (table_p == NULL)
- return TABLE_ERROR_ARG_NULL;
- if (table_p->ta_magic != TABLE_MAGIC)
- return TABLE_ERROR_PNT;
- /* free the table allocation and table structure */
- bounds_p = table_p->ta_buckets + table_p->ta_bucket_n;
- for (bucket_p = table_p->ta_buckets; bucket_p < bounds_p; bucket_p++) {
- for (entry_p = *bucket_p; entry_p != NULL; entry_p = next_p) {
- /* record the next pointer before we free */
- next_p = entry_p->te_next_p;
- table_p->ta_free(table_p->opt_param, entry_p);
- }
- /* clear the bucket entry after we free its entries */
- *bucket_p = NULL;
- }
-
- /* reset table state info */
- table_p->ta_entry_n = 0;
- table_p->ta_linear.tl_magic = 0;
- table_p->ta_linear.tl_bucket_c = 0;
- table_p->ta_linear.tl_entry_c = 0;
-
- return TABLE_ERROR_NONE;
-}
-
-/*
- * int table_free
- *
- * DESCRIPTION:
- *
- * Deallocates a table structure.
- *
- * RETURNS:
- *
- * Success - TABLE_ERROR_NONE
- *
- * Failure - Table error code.
- *
- * ARGUMENTS:
- *
- * table_p - Table structure pointer that we will be freeing.
- */
-int table_free(table_t * table_p)
-{
- int ret;
-
- if (table_p == NULL)
- return TABLE_ERROR_ARG_NULL;
- if (table_p->ta_magic != TABLE_MAGIC)
- return TABLE_ERROR_PNT;
- ret = table_clear(table_p);
-
- if (table_p->ta_buckets != NULL)
- table_p->ta_free(table_p->opt_param, table_p->ta_buckets);
- table_p->ta_magic = 0;
- table_p->ta_free(table_p->opt_param, table_p);
-
- return ret;
-}
-
-/*
- * int table_insert_kd
- *
- * DESCRIPTION:
- *
- * Like table_insert except it passes back a pointer to the key and
- * the data buffers after they have been inserted into the table
- * structure.
- *
- * This routine adds a key/data pair both of which are made up of a
- * buffer of bytes and an associated size. Both the key and the data
- * will be copied into buffers allocated inside the table. If the key
- * exists already, the associated data will be replaced if the
- * overwrite flag is set, otherwise an error is returned.
- *
- * NOTE: be very careful changing the values since the table library
- * provides the pointers to its memory. The key can _never_ be
- * changed otherwise you will not find it again. The data can be
- * changed but its length can never be altered unless you delete and
- * re-insert it into the table.
- *
- * WARNING: The pointers to the key and data are not in any specific
- * alignment. Accessing the key and/or data as an short, integer, or
- * long pointer directly can cause problems.
- *
- * WARNING: Replacing a data cell (not inserting) will cause the table
- * linked list to be temporarily invalid. Care must be taken with
- * multiple threaded programs which are relying on the first/next
- * linked list to be always valid.
- *
- * RETURNS:
- *
- * Success - TABLE_ERROR_NONE
- *
- * Failure - Table error code.
- *
- * ARGUMENTS:
- *
- * table_p - Table structure pointer into which we will be inserting a
- * new key/data pair.
- *
- * key_buf - Buffer of bytes of the key that we are inserting. If you
- * are storing an (int) as the key (for example) then key_buf should
- * be a (int *).
- *
- * key_size - Size of the key_buf buffer. If set to < 0 then the
- * library will do a strlen of key_buf and add 1 for the '\0'. If you
- * are storing an (int) as the key (for example) then key_size should
- * be sizeof(int).
- *
- * data_buf - Buffer of bytes of the data that we are inserting. If
- * it is NULL then the library will allocate space for the data in the
- * table without copying in any information. If data_buf is NULL and
- * data_size is 0 then the library will associate a NULL data pointer
- * with the key. If you are storing a (long) as the data (for
- * example) then data_buf should be a (long *).
- *
- * data_size - Size of the data_buf buffer. If set to < 0 then the
- * library will do a strlen of data_buf and add 1 for the '\0'. If
- * you are storing an (long) as the key (for example) then key_size
- * should be sizeof(long).
- *
- * key_buf_p - Pointer which, if not NULL, will be set to the address
- * of the key storage that was allocated in the table. If you are
- * storing an (int) as the key (for example) then key_buf_p should be
- * (int **) i.e. the address of a (int *).
- *
- * data_buf_p - Pointer which, if not NULL, will be set to the address
- * of the data storage that was allocated in the table. If you are
- * storing an (long) as the data (for example) then data_buf_p should
- * be (long **) i.e. the address of a (long *).
- *
- * overwrite - Flag which, if set to 1, will allow the overwriting of
- * the data in the table with the new data if the key already exists
- * in the table.
- */
-int table_insert_kd(table_t * table_p,
- const void *key_buf, const int key_size,
- const void *data_buf, const int data_size,
- void **key_buf_p, void **data_buf_p,
- const char overwrite_b)
-{
- int bucket;
- unsigned int ksize, dsize;
- table_entry_t *entry_p, *last_p;
- void *key_copy_p, *data_copy_p;
-
- /* check the arguments */
- if (table_p == NULL)
- return TABLE_ERROR_ARG_NULL;
- if (table_p->ta_magic != TABLE_MAGIC)
- return TABLE_ERROR_PNT;
- if (key_buf == NULL)
- return TABLE_ERROR_ARG_NULL;
- /* data_buf can be null but size must be >= 0, if it isn't null size != 0 */
- if ((data_buf == NULL && data_size < 0)
- || (data_buf != NULL && data_size == 0))
- return TABLE_ERROR_SIZE;
- /* determine sizes of key and data */
- if (key_size < 0)
- ksize = strlen((char *) key_buf) + sizeof(char);
- else
- ksize = key_size;
- if (data_size < 0)
- dsize = strlen((char *) data_buf) + sizeof(char);
- else
- dsize = data_size;
- /* get the bucket number via a hash function */
- bucket = hash(key_buf, ksize, 0) % table_p->ta_bucket_n;
-
- /* look for the entry in this bucket, only check keys of the same size */
- last_p = NULL;
- for (entry_p = table_p->ta_buckets[bucket];
- (entry_p != NULL) && (entry_p->te_next_p != last_p);
- last_p = entry_p, entry_p = entry_p->te_next_p) {
- if (entry_p->te_key_size == ksize
- && memcmp(ENTRY_KEY_BUF(entry_p), key_buf, ksize) == 0)
- break;
- }
-
- /* did we find it? then we are in replace mode. */
- if (entry_p != NULL) {
-
- /* can we not overwrite existing data? */
- if (!overwrite_b) {
- if (key_buf_p != NULL)
- *key_buf_p = ENTRY_KEY_BUF(entry_p);
- if (data_buf_p != NULL) {
- if (entry_p->te_data_size == 0)
- *data_buf_p = NULL;
- else {
- if (table_p->ta_data_align == 0)
- *data_buf_p = ENTRY_DATA_BUF(table_p, entry_p);
- else
- *data_buf_p = entry_data_buf(table_p, entry_p);
- }
- }
- return TABLE_ERROR_OVERWRITE;
- }
-
- /* re-alloc entry's data if the new size != the old */
- if (dsize != entry_p->te_data_size) {
-
- /*
- * First we delete it from the list to keep the list whole.
- * This properly preserves the linked list in case we have a
- * thread marching through the linked list while we are
- * inserting. Maybe this is an unnecessary protection but it
- * should not harm that much.
- */
- if (last_p == NULL)
- table_p->ta_buckets[bucket] = entry_p->te_next_p;
- else
- last_p->te_next_p = entry_p->te_next_p;
- /*
- * Realloc the structure which may change its pointer. NOTE:
- * this may change any previous data_key_p and data_copy_p
- * pointers.
- */
- entry_p = (table_entry_t *)
- table_p->ta_realloc(table_p->opt_param, entry_p,
- entry_size(table_p, entry_p->te_key_size, dsize));
- if (entry_p == NULL)
- return TABLE_ERROR_ALLOC;
- /* add it back to the front of the list */
- entry_p->te_data_size = dsize;
- entry_p->te_next_p = table_p->ta_buckets[bucket];
- table_p->ta_buckets[bucket] = entry_p;
- }
-
- /* copy or replace data in storage */
- if (dsize > 0) {
- if (table_p->ta_data_align == 0)
- data_copy_p = ENTRY_DATA_BUF(table_p, entry_p);
- else
- data_copy_p = entry_data_buf(table_p, entry_p);
- if (data_buf != NULL)
- memcpy(data_copy_p, data_buf, dsize);
- }
- else
- data_copy_p = NULL;
- if (key_buf_p != NULL)
- *key_buf_p = ENTRY_KEY_BUF(entry_p);
- if (data_buf_p != NULL)
- *data_buf_p = data_copy_p;
- /* returning from the section where we were overwriting table data */
- return TABLE_ERROR_NONE;
- }
-
- /*
- * It is a new entry.
- */
-
- /* allocate a new entry */
- entry_p = (table_entry_t *)
- table_p->ta_malloc(table_p->opt_param,
- entry_size(table_p, ksize, dsize));
- if (entry_p == NULL)
- return TABLE_ERROR_ALLOC;
- /* copy key into storage */
- entry_p->te_key_size = ksize;
- key_copy_p = ENTRY_KEY_BUF(entry_p);
- memcpy(key_copy_p, key_buf, ksize);
-
- /* copy data in */
- entry_p->te_data_size = dsize;
- if (dsize > 0) {
- if (table_p->ta_data_align == 0)
- data_copy_p = ENTRY_DATA_BUF(table_p, entry_p);
- else
- data_copy_p = entry_data_buf(table_p, entry_p);
- if (data_buf != NULL)
- memcpy(data_copy_p, data_buf, dsize);
- }
- else
- data_copy_p = NULL;
- if (key_buf_p != NULL)
- *key_buf_p = key_copy_p;
- if (data_buf_p != NULL)
- *data_buf_p = data_copy_p;
- /* insert into list, no need to append */
- entry_p->te_next_p = table_p->ta_buckets[bucket];
- table_p->ta_buckets[bucket] = entry_p;
-
- table_p->ta_entry_n++;
-
- /* do we need auto-adjust? */
- if (table_p->ta_flags & TABLE_FLAG_AUTO_ADJUST
- && SHOULD_TABLE_GROW(table_p))
- return table_adjust(table_p, table_p->ta_entry_n);
- return TABLE_ERROR_NONE;
-}
-
-/*
- * int table_insert
- *
- * DESCRIPTION:
- *
- * Exactly the same as table_insert_kd except it does not pass back a
- * pointer to the key after they have been inserted into the table
- * structure. This is still here for backwards compatibility.
- *
- * See table_insert_kd for more information.
- *
- * RETURNS:
- *
- * Success - TABLE_ERROR_NONE
- *
- * Failure - Table error code.
- *
- * ARGUMENTS:
- *
- * table_p - Table structure pointer into which we will be inserting a
- * new key/data pair.
- *
- * key_buf - Buffer of bytes of the key that we are inserting. If you
- * are storing an (int) as the key (for example) then key_buf should
- * be a (int *).
- *
- * key_size - Size of the key_buf buffer. If set to < 0 then the
- * library will do a strlen of key_buf and add 1 for the '\0'. If you
- * are storing an (int) as the key (for example) then key_size should
- * be sizeof(int).
- *
- * data_buf - Buffer of bytes of the data that we are inserting. If
- * it is NULL then the library will allocate space for the data in the
- * table without copying in any information. If data_buf is NULL and
- * data_size is 0 then the library will associate a NULL data pointer
- * with the key. If you are storing a (long) as the data (for
- * example) then data_buf should be a (long *).
- *
- * data_size - Size of the data_buf buffer. If set to < 0 then the
- * library will do a strlen of data_buf and add 1 for the '\0'. If
- * you are storing an (long) as the key (for example) then key_size
- * should be sizeof(long).
- *
- * data_buf_p - Pointer which, if not NULL, will be set to the address
- * of the data storage that was allocated in the table. If you are
- * storing an (long) as the data (for example) then data_buf_p should
- * be (long **) i.e. the address of a (long *).
- *
- * overwrite - Flag which, if set to 1, will allow the overwriting of
- * the data in the table with the new data if the key already exists
- * in the table.
- */
-int table_insert(table_t * table_p,
- const void *key_buf, const int key_size,
- const void *data_buf, const int data_size,
- void **data_buf_p, const char overwrite_b)
-{
- return table_insert_kd(table_p, key_buf, key_size, data_buf, data_size,
- NULL, data_buf_p, overwrite_b);
-}
-
-/*
- * int table_retrieve
- *
- * DESCRIPTION:
- *
- * This routine looks up a key made up of a buffer of bytes and an
- * associated size in the table. If found then it returns the
- * associated data information.
- *
- * RETURNS:
- *
- * Success - TABLE_ERROR_NONE
- *
- * Failure - Table error code.
- *
- * ARGUMENTS:
- *
- * table_p - Table structure pointer into which we will be searching
- * for the key.
- *
- * key_buf - Buffer of bytes of the key that we are searching for. If
- * you are looking for an (int) as the key (for example) then key_buf
- * should be a (int *).
- *
- * key_size - Size of the key_buf buffer. If set to < 0 then the
- * library will do a strlen of key_buf and add 1 for the '\0'. If you
- * are looking for an (int) as the key (for example) then key_size
- * should be sizeof(int).
- *
- * data_buf_p - Pointer which, if not NULL, will be set to the address
- * of the data storage that was allocated in the table and that is
- * associated with the key. If a (long) was stored as the data (for
- * example) then data_buf_p should be (long **) i.e. the address of a
- * (long *).
- *
- * data_size_p - Pointer to an integer which, if not NULL, will be set
- * to the size of the data stored in the table that is associated with
- * the key.
- */
-int table_retrieve(table_t * table_p,
- const void *key_buf, const int key_size,
- void **data_buf_p, int *data_size_p)
-{
- int bucket;
- unsigned int ksize;
- table_entry_t *entry_p, **buckets;
-
- if (table_p == NULL)
- return TABLE_ERROR_ARG_NULL;
- if (table_p->ta_magic != TABLE_MAGIC)
- return TABLE_ERROR_PNT;
- if (key_buf == NULL)
- return TABLE_ERROR_ARG_NULL;
- /* find key size */
- if (key_size < 0)
- ksize = strlen((char *) key_buf) + sizeof(char);
- else
- ksize = key_size;
- /* get the bucket number via a has function */
- bucket = hash(key_buf, ksize, 0) % table_p->ta_bucket_n;
-
- /* look for the entry in this bucket, only check keys of the same size */
- buckets = table_p->ta_buckets;
- for (entry_p = buckets[bucket];
- entry_p != NULL;
- entry_p = entry_p->te_next_p) {
- entry_p = TABLE_POINTER(table_p, table_entry_t *, entry_p);
- if (entry_p->te_key_size == ksize
- && memcmp(ENTRY_KEY_BUF(entry_p), key_buf, ksize) == 0)
- break;
- }
-
- /* not found? */
- if (entry_p == NULL)
- return TABLE_ERROR_NOT_FOUND;
- if (data_buf_p != NULL) {
- if (entry_p->te_data_size == 0)
- *data_buf_p = NULL;
- else {
- if (table_p->ta_data_align == 0)
- *data_buf_p = ENTRY_DATA_BUF(table_p, entry_p);
- else
- *data_buf_p = entry_data_buf(table_p, entry_p);
- }
- }
- if (data_size_p != NULL)
- *data_size_p = entry_p->te_data_size;
- return TABLE_ERROR_NONE;
-}
-
-/*
- * int table_delete
- *
- * DESCRIPTION:
- *
- * This routine looks up a key made up of a buffer of bytes and an
- * associated size in the table. If found then it will be removed
- * from the table. The associated data can be passed back to the user
- * if requested.
- *
- * RETURNS:
- *
- * Success - TABLE_ERROR_NONE
- *
- * Failure - Table error code.
- *
- * NOTE: this could be an allocation error if the library is to return
- * the data to the user.
- *
- * ARGUMENTS:
- *
- * table_p - Table structure pointer from which we will be deleteing
- * the key.
- *
- * key_buf - Buffer of bytes of the key that we are searching for to
- * delete. If you are deleting an (int) key (for example) then
- * key_buf should be a (int *).
- *
- * key_size - Size of the key_buf buffer. If set to < 0 then the
- * library will do a strlen of key_buf and add 1 for the '\0'. If you
- * are deleting an (int) key (for example) then key_size should be
- * sizeof(int).
- *
- * data_buf_p - Pointer which, if not NULL, will be set to the address
- * of the data storage that was allocated in the table and that was
- * associated with the key. If a (long) was stored as the data (for
- * example) then data_buf_p should be (long **) i.e. the address of a
- * (long *). If a pointer is passed in, the caller is responsible for
- * freeing it after use. If data_buf_p is NULL then the library will
- * free up the data allocation itself.
- *
- * data_size_p - Pointer to an integer which, if not NULL, will be set
- * to the size of the data that was stored in the table and that was
- * associated with the key.
- */
-int table_delete(table_t * table_p,
- const void *key_buf, const int key_size,
- void **data_buf_p, int *data_size_p)
-{
- int bucket;
- unsigned int ksize;
- unsigned char *data_copy_p;
- table_entry_t *entry_p, *last_p;
-
- if (table_p == NULL)
- return TABLE_ERROR_ARG_NULL;
- if (table_p->ta_magic != TABLE_MAGIC)
- return TABLE_ERROR_PNT;
- if (key_buf == NULL)
- return TABLE_ERROR_ARG_NULL;
- /* get the key size */
- if (key_size < 0)
- ksize = strlen((char *) key_buf) + sizeof(char);
- else
- ksize = key_size;
- /* find our bucket */
- bucket = hash(key_buf, ksize, 0) % table_p->ta_bucket_n;
-
- /* look for the entry in this bucket, only check keys of the same size */
- for (last_p = NULL, entry_p = table_p->ta_buckets[bucket]; entry_p != NULL;
- last_p = entry_p, entry_p = entry_p->te_next_p) {
- if (entry_p->te_key_size == ksize
- && memcmp(ENTRY_KEY_BUF(entry_p), key_buf, ksize) == 0)
- break;
- }
-
- /* did we find it? */
- if (entry_p == NULL)
- return TABLE_ERROR_NOT_FOUND;
- /*
- * NOTE: we may want to adjust the linear counters here if the entry
- * we are deleting is the one we are pointing on or is ahead of the
- * one in the bucket list
- */
-
- /* remove entry from the linked list */
- if (last_p == NULL)
- table_p->ta_buckets[bucket] = entry_p->te_next_p;
- else
- last_p->te_next_p = entry_p->te_next_p;
- /* free entry */
- if (data_buf_p != NULL) {
- if (entry_p->te_data_size == 0)
- *data_buf_p = NULL;
- else {
- /*
- * if we were storing it compacted, we now need to malloc some
- * space if the user wants the value after the delete.
- */
- *data_buf_p = table_p->ta_malloc(table_p->opt_param,
- entry_p->te_data_size);
- if (*data_buf_p == NULL)
- return TABLE_ERROR_ALLOC;
- if (table_p->ta_data_align == 0)
- data_copy_p = ENTRY_DATA_BUF(table_p, entry_p);
- else
- data_copy_p = entry_data_buf(table_p, entry_p);
- memcpy(*data_buf_p, data_copy_p, entry_p->te_data_size);
- }
- }
- if (data_size_p != NULL)
- *data_size_p = entry_p->te_data_size;
- table_p->ta_free(table_p->opt_param, entry_p);
- entry_p = NULL;
-
- table_p->ta_entry_n--;
-
- /* do we need auto-adjust down? */
- if ((table_p->ta_flags & TABLE_FLAG_AUTO_ADJUST)
- && (table_p->ta_flags & TABLE_FLAG_ADJUST_DOWN)
- && SHOULD_TABLE_SHRINK(table_p))
- return table_adjust(table_p, table_p->ta_entry_n);
- return TABLE_ERROR_NONE;
-}
-
-/*
- * int table_delete_first
- *
- * DESCRIPTION:
- *
- * This is like the table_delete routines except it deletes the first
- * key/data pair in the table instead of an entry corresponding to a
- * particular key. The associated key and data information can be
- * passed back to the user if requested. This routines is handy to
- * clear out a table.
- *
- * RETURNS:
- *
- * Success - TABLE_ERROR_NONE
- *
- * Failure - Table error code.
- *
- * NOTE: this could be an allocation error if the library is to return
- * the data to the user.
- *
- * ARGUMENTS:
- *
- * table_p - Table structure pointer from which we will be deleteing
- * the first key.
- *
- * key_buf_p - Pointer which, if not NULL, will be set to the address
- * of the storage of the first key that was allocated in the table.
- * If an (int) was stored as the first key (for example) then
- * key_buf_p should be (int **) i.e. the address of a (int *). If a
- * pointer is passed in, the caller is responsible for freeing it
- * after use. If key_buf_p is NULL then the library will free up the
- * key allocation itself.
- *
- * key_size_p - Pointer to an integer which, if not NULL, will be set
- * to the size of the key that was stored in the table and that was
- * associated with the key.
- *
- * data_buf_p - Pointer which, if not NULL, will be set to the address
- * of the data storage that was allocated in the table and that was
- * associated with the key. If a (long) was stored as the data (for
- * example) then data_buf_p should be (long **) i.e. the address of a
- * (long *). If a pointer is passed in, the caller is responsible for
- * freeing it after use. If data_buf_p is NULL then the library will
- * free up the data allocation itself.
- *
- * data_size_p - Pointer to an integer which, if not NULL, will be set
- * to the size of the data that was stored in the table and that was
- * associated with the key.
- */
-int table_delete_first(table_t * table_p,
- void **key_buf_p, int *key_size_p,
- void **data_buf_p, int *data_size_p)
-{
- unsigned char *data_copy_p;
- table_entry_t *entry_p;
- table_linear_t linear;
-
- if (table_p == NULL)
- return TABLE_ERROR_ARG_NULL;
- if (table_p->ta_magic != TABLE_MAGIC)
- return TABLE_ERROR_PNT;
- /* take the first entry */
- entry_p = first_entry(table_p, &linear);
- if (entry_p == NULL)
- return TABLE_ERROR_NOT_FOUND;
- /*
- * NOTE: we may want to adjust the linear counters here if the entry
- * we are deleting is the one we are pointing on or is ahead of the
- * one in the bucket list
- */
-
- /* remove entry from the linked list */
- table_p->ta_buckets[linear.tl_bucket_c] = entry_p->te_next_p;
-
- /* free entry */
- if (key_buf_p != NULL) {
- if (entry_p->te_key_size == 0)
- *key_buf_p = NULL;
- else {
- /*
- * if we were storing it compacted, we now need to malloc some
- * space if the user wants the value after the delete.
- */
- *key_buf_p = table_p->ta_malloc(table_p->opt_param,
- entry_p->te_key_size);
- if (*key_buf_p == NULL)
- return TABLE_ERROR_ALLOC;
- memcpy(*key_buf_p, ENTRY_KEY_BUF(entry_p), entry_p->te_key_size);
- }
- }
- if (key_size_p != NULL)
- *key_size_p = entry_p->te_key_size;
- if (data_buf_p != NULL) {
- if (entry_p->te_data_size == 0)
- *data_buf_p = NULL;
- else {
- /*
- * if we were storing it compacted, we now need to malloc some
- * space if the user wants the value after the delete.
- */
- *data_buf_p = table_p->ta_malloc(table_p->opt_param,
- entry_p->te_data_size);
- if (*data_buf_p == NULL)
- return TABLE_ERROR_ALLOC;
- if (table_p->ta_data_align == 0)
- data_copy_p = ENTRY_DATA_BUF(table_p, entry_p);
- else
- data_copy_p = entry_data_buf(table_p, entry_p);
- memcpy(*data_buf_p, data_copy_p, entry_p->te_data_size);
- }
- }
- if (data_size_p != NULL)
- *data_size_p = entry_p->te_data_size;
- table_p->ta_free(table_p->opt_param, entry_p);
-
- table_p->ta_entry_n--;
-
- /* do we need auto-adjust down? */
- if ((table_p->ta_flags & TABLE_FLAG_AUTO_ADJUST)
- && (table_p->ta_flags & TABLE_FLAG_ADJUST_DOWN)
- && SHOULD_TABLE_SHRINK(table_p))
- return table_adjust(table_p, table_p->ta_entry_n);
- return TABLE_ERROR_NONE;
-}
-
-/*
- * int table_info
- *
- * DESCRIPTION:
- *
- * Get some information about a table_p structure.
- *
- * RETURNS:
- *
- * Success - TABLE_ERROR_NONE
- *
- * Failure - Table error code.
- *
- * ARGUMENTS:
- *
- * table_p - Table structure pointer from which we are getting
- * information.
- *
- * num_buckets_p - Pointer to an integer which, if not NULL, will
- * contain the number of buckets in the table.
- *
- * num_entries_p - Pointer to an integer which, if not NULL, will
- * contain the number of entries stored in the table.
- */
-int table_info(table_t * table_p, int *num_buckets_p, int *num_entries_p)
-{
- if (table_p == NULL)
- return TABLE_ERROR_ARG_NULL;
- if (table_p->ta_magic != TABLE_MAGIC)
- return TABLE_ERROR_PNT;
- if (num_buckets_p != NULL)
- *num_buckets_p = table_p->ta_bucket_n;
- if (num_entries_p != NULL)
- *num_entries_p = table_p->ta_entry_n;
- return TABLE_ERROR_NONE;
-}
-
-/*
- * int table_adjust
- *
- * DESCRIPTION:
- *
- * Set the number of buckets in a table to a certain value.
- *
- * RETURNS:
- *
- * Success - TABLE_ERROR_NONE
- *
- * Failure - Table error code.
- *
- * ARGUMENTS:
- *
- * table_p - Table structure pointer of which we are adjusting.
- *
- * bucket_n - Number buckets to adjust the table to. Set to 0 to
- * adjust the table to its number of entries.
- */
-int table_adjust(table_t * table_p, const int bucket_n)
-{
- table_entry_t *entry_p, *next_p;
- table_entry_t **buckets, **bucket_p, **bounds_p;
- int bucket;
- unsigned int buck_n;
-
- if (table_p == NULL)
- return TABLE_ERROR_ARG_NULL;
- if (table_p->ta_magic != TABLE_MAGIC)
- return TABLE_ERROR_PNT;
- /*
- * NOTE: we walk through the entries and rehash them. If we stored
- * the hash value as a full int in the table-entry, all we would
- * have to do is remod it.
- */
-
- /* normalize to the number of entries */
- if (bucket_n == 0)
- buck_n = table_p->ta_entry_n;
- else
- buck_n = bucket_n;
- /* we must have at least 1 bucket */
- if (buck_n == 0)
- buck_n = 1;
- /* make sure we have somethign to do */
- if (buck_n <= table_p->ta_bucket_n)
- return TABLE_ERROR_NONE;
- /* allocate a new bucket list */
- buckets = (table_entry_t **)
- table_p->ta_calloc(table_p->opt_param,
- buck_n, sizeof(table_entry_t *));
- if (table_p->ta_buckets == NULL)
- return TABLE_ERROR_ALLOC;
- /*
- * run through each of the items in the current table and rehash
- * them into the newest bucket sizes
- */
- bounds_p = table_p->ta_buckets + table_p->ta_bucket_n;
- for (bucket_p = table_p->ta_buckets; bucket_p < bounds_p; bucket_p++) {
- for (entry_p = *bucket_p; entry_p != NULL; entry_p = next_p) {
-
- /* hash the old data into the new table size */
- bucket = hash(ENTRY_KEY_BUF(entry_p), entry_p->te_key_size, 0) % buck_n;
-
- /* record the next one now since we overwrite next below */
- next_p = entry_p->te_next_p;
-
- /* insert into new list, no need to append */
- entry_p->te_next_p = buckets[bucket];
- buckets[bucket] = entry_p;
-
- /*
- * NOTE: we may want to adjust the bucket_c linear entry here to
- * keep it current
- */
- }
- /* remove the old table pointers as we go by */
- *bucket_p = NULL;
- }
-
- /* replace the table buckets with the new ones */
- table_p->ta_free(table_p->opt_param, table_p->ta_buckets);
- table_p->ta_buckets = buckets;
- table_p->ta_bucket_n = buck_n;
-
- return TABLE_ERROR_NONE;
-}
-
-/*
- * const char *table_strerror
- *
- * DESCRIPTION:
- *
- * Return the corresponding string for the error number.
- *
- * RETURNS:
- *
- * Success - String equivalient of the error.
- *
- * Failure - String "invalid error code"
- *
- * ARGUMENTS:
- *
- * error - Error number that we are converting.
- */
-const char *table_strerror(const int error)
-{
- error_str_t *err_p;
-
- for (err_p = errors; err_p->es_error != 0; err_p++) {
- if (err_p->es_error == error)
- return err_p->es_string;
- }
-
- return INVALID_ERROR;
-}
-
-/*
- * int table_type_size
- *
- * DESCRIPTION:
- *
- * Return the size of the internal table type.
- *
- * RETURNS:
- *
- * The size of the table_t type.
- *
- * ARGUMENTS:
- *
- * None.
- */
-int table_type_size(void)
-{
- return sizeof(table_t);
-}
-
-/************************* linear access routines ****************************/
-
-/*
- * int table_first
- *
- * DESCRIPTION:
- *
- * Find first element in a table and pass back information about the
- * key/data pair. If any of the key/data pointers are NULL then they
- * are ignored.
- *
- * NOTE: This function is not reentrant. More than one thread cannot
- * be doing a first and next on the same table at the same time. Use
- * the table_first_r version below for this.
- *
- * RETURNS:
- *
- * Success - TABLE_ERROR_NONE
- *
- * Failure - Table error code.
- *
- * ARGUMENTS:
- *
- * table_p - Table structure pointer from which we are getting the
- * first element.
- *
- * key_buf_p - Pointer which, if not NULL, will be set to the address
- * of the storage of the first key that is allocated in the table. If
- * an (int) is stored as the first key (for example) then key_buf_p
- * should be (int **) i.e. the address of a (int *).
- *
- * key_size_p - Pointer to an integer which, if not NULL, will be set
- * to the size of the key that is stored in the table and that is
- * associated with the first key.
- *
- * data_buf_p - Pointer which, if not NULL, will be set to the address
- * of the data storage that is allocated in the table and that is
- * associated with the first key. If a (long) is stored as the data
- * (for example) then data_buf_p should be (long **) i.e. the address
- * of a (long *).
- *
- * data_size_p - Pointer to an integer which, if not NULL, will be set
- * to the size of the data that is stored in the table and that is
- * associated with the first key.
- */
-int table_first(table_t * table_p,
- void **key_buf_p, int *key_size_p,
- void **data_buf_p, int *data_size_p)
-{
- table_entry_t *entry_p;
-
- if (table_p == NULL)
- return TABLE_ERROR_ARG_NULL;
- if (table_p->ta_magic != TABLE_MAGIC)
- return TABLE_ERROR_PNT;
- /* initialize our linear magic number */
- table_p->ta_linear.tl_magic = LINEAR_MAGIC;
-
- entry_p = first_entry(table_p, &table_p->ta_linear);
- if (entry_p == NULL)
- return TABLE_ERROR_NOT_FOUND;
- if (key_buf_p != NULL)
- *key_buf_p = ENTRY_KEY_BUF(entry_p);
- if (key_size_p != NULL)
- *key_size_p = entry_p->te_key_size;
- if (data_buf_p != NULL) {
- if (entry_p->te_data_size == 0)
- *data_buf_p = NULL;
- else {
- if (table_p->ta_data_align == 0)
- *data_buf_p = ENTRY_DATA_BUF(table_p, entry_p);
- else
- *data_buf_p = entry_data_buf(table_p, entry_p);
- }
- }
- if (data_size_p != NULL)
- *data_size_p = entry_p->te_data_size;
- return TABLE_ERROR_NONE;
-}
-
-/*
- * int table_next
- *
- * DESCRIPTION:
- *
- * Find the next element in a table and pass back information about
- * the key/data pair. If any of the key/data pointers are NULL then
- * they are ignored.
- *
- * NOTE: This function is not reentrant. More than one thread cannot
- * be doing a first and next on the same table at the same time. Use
- * the table_next_r version below for this.
- *
- * RETURNS:
- *
- * Success - TABLE_ERROR_NONE
- *
- * Failure - Table error code.
- *
- * ARGUMENTS:
- *
- * table_p - Table structure pointer from which we are getting the
- * next element.
- *
- * key_buf_p - Pointer which, if not NULL, will be set to the address
- * of the storage of the next key that is allocated in the table. If
- * an (int) is stored as the next key (for example) then key_buf_p
- * should be (int **) i.e. the address of a (int *).
- *
- * key_size_p - Pointer to an integer which, if not NULL, will be set
- * to the size of the key that is stored in the table and that is
- * associated with the next key.
- *
- * data_buf_p - Pointer which, if not NULL, will be set to the address
- * of the data storage that is allocated in the table and that is
- * associated with the next key. If a (long) is stored as the data
- * (for example) then data_buf_p should be (long **) i.e. the address
- * of a (long *).
- *
- * data_size_p - Pointer to an integer which, if not NULL, will be set
- * to the size of the data that is stored in the table and that is
- * associated with the next key.
- */
-int table_next(table_t * table_p,
- void **key_buf_p, int *key_size_p,
- void **data_buf_p, int *data_size_p)
-{
- table_entry_t *entry_p;
- int error;
-
- if (table_p == NULL)
- return TABLE_ERROR_ARG_NULL;
- if (table_p->ta_magic != TABLE_MAGIC)
- return TABLE_ERROR_PNT;
- if (table_p->ta_linear.tl_magic != LINEAR_MAGIC)
- return TABLE_ERROR_LINEAR;
- /* move to the next entry */
- entry_p = next_entry(table_p, &table_p->ta_linear, &error);
- if (entry_p == NULL)
- return error;
- if (key_buf_p != NULL)
- *key_buf_p = ENTRY_KEY_BUF(entry_p);
- if (key_size_p != NULL)
- *key_size_p = entry_p->te_key_size;
- if (data_buf_p != NULL) {
- if (entry_p->te_data_size == 0)
- *data_buf_p = NULL;
- else {
- if (table_p->ta_data_align == 0)
- *data_buf_p = ENTRY_DATA_BUF(table_p, entry_p);
- else
- *data_buf_p = entry_data_buf(table_p, entry_p);
- }
- }
- if (data_size_p != NULL)
- *data_size_p = entry_p->te_data_size;
- return TABLE_ERROR_NONE;
-}
-
-/*
- * int table_this
- *
- * DESCRIPTION:
- *
- * Find the current element in a table and pass back information about
- * the key/data pair. If any of the key/data pointers are NULL then
- * they are ignored.
- *
- * NOTE: This function is not reentrant. Use the table_current_r
- * version below.
- *
- * RETURNS:
- *
- * Success - TABLE_ERROR_NONE
- *
- * Failure - Table error code.
- *
- * ARGUMENTS:
- *
- * table_p - Table structure pointer from which we are getting the
- * current element.
- *
- * key_buf_p - Pointer which, if not NULL, will be set to the address
- * of the storage of the current key that is allocated in the table.
- * If an (int) is stored as the current key (for example) then
- * key_buf_p should be (int **) i.e. the address of a (int *).
- *
- * key_size_p - Pointer to an integer which, if not NULL, will be set
- * to the size of the key that is stored in the table and that is
- * associated with the current key.
- *
- * data_buf_p - Pointer which, if not NULL, will be set to the address
- * of the data storage that is allocated in the table and that is
- * associated with the current key. If a (long) is stored as the data
- * (for example) then data_buf_p should be (long **) i.e. the address
- * of a (long *).
- *
- * data_size_p - Pointer to an integer which, if not NULL, will be set
- * to the size of the data that is stored in the table and that is
- * associated with the current key.
- */
-int table_this(table_t * table_p,
- void **key_buf_p, int *key_size_p,
- void **data_buf_p, int *data_size_p)
-{
- table_entry_t *entry_p = NULL;
- int entry_c;
-
- if (table_p == NULL)
- return TABLE_ERROR_ARG_NULL;
- if (table_p->ta_magic != TABLE_MAGIC)
- return TABLE_ERROR_PNT;
- if (table_p->ta_linear.tl_magic != LINEAR_MAGIC)
- return TABLE_ERROR_LINEAR;
- /* if we removed an item that shorted the bucket list, we may get this */
- if (table_p->ta_linear.tl_bucket_c >= table_p->ta_bucket_n) {
- /*
- * NOTE: this might happen if we delete an item which shortens the
- * table bucket numbers.
- */
- return TABLE_ERROR_NOT_FOUND;
- }
-
- /* find the entry which is the nth in the list */
- entry_p = table_p->ta_buckets[table_p->ta_linear.tl_bucket_c];
- /* NOTE: we swap the order here to be more efficient */
- for (entry_c = table_p->ta_linear.tl_entry_c; entry_c > 0; entry_c--) {
- /* did we reach the end of the list? */
- if (entry_p == NULL)
- break;
- entry_p = TABLE_POINTER(table_p, table_entry_t *, entry_p)->te_next_p;
- }
-
- /* is this a NOT_FOUND or a LINEAR error */
- if (entry_p == NULL)
- return TABLE_ERROR_NOT_FOUND;
- if (key_buf_p != NULL)
- *key_buf_p = ENTRY_KEY_BUF(entry_p);
- if (key_size_p != NULL)
- *key_size_p = entry_p->te_key_size;
- if (data_buf_p != NULL) {
- if (entry_p->te_data_size == 0)
- *data_buf_p = NULL;
- else {
- if (table_p->ta_data_align == 0)
- *data_buf_p = ENTRY_DATA_BUF(table_p, entry_p);
- else
- *data_buf_p = entry_data_buf(table_p, entry_p);
- }
- }
- if (data_size_p != NULL)
- *data_size_p = entry_p->te_data_size;
- return TABLE_ERROR_NONE;
-}
-
-/*
- * int table_first_r
- *
- * DESCRIPTION:
- *
- * Reetrant version of the table_first routine above. Find first
- * element in a table and pass back information about the key/data
- * pair. If any of the key/data pointers are NULL then they are
- * ignored.
- *
- * RETURNS:
- *
- * Success - TABLE_ERROR_NONE
- *
- * Failure - Table error code.
- *
- * ARGUMENTS:
- *
- * table_p - Table structure pointer from which we are getting the
- * first element.
- *
- * linear_p - Pointer to a table linear structure which is initialized
- * here. The same pointer should then be passed to table_next_r
- * below.
- *
- * key_buf_p - Pointer which, if not NULL, will be set to the address
- * of the storage of the first key that is allocated in the table. If
- * an (int) is stored as the first key (for example) then key_buf_p
- * should be (int **) i.e. the address of a (int *).
- *
- * key_size_p - Pointer to an integer which, if not NULL, will be set
- * to the size of the key that is stored in the table and that is
- * associated with the first key.
- *
- * data_buf_p - Pointer which, if not NULL, will be set to the address
- * of the data storage that is allocated in the table and that is
- * associated with the first key. If a (long) is stored as the data
- * (for example) then data_buf_p should be (long **) i.e. the address
- * of a (long *).
- *
- * data_size_p - Pointer to an integer which, if not NULL, will be set
- * to the size of the data that is stored in the table and that is
- * associated with the first key.
- */
-int table_first_r(table_t * table_p, table_linear_t * linear_p,
- void **key_buf_p, int *key_size_p,
- void **data_buf_p, int *data_size_p)
-{
- table_entry_t *entry_p;
-
- if (table_p == NULL)
- return TABLE_ERROR_ARG_NULL;
- if (table_p->ta_magic != TABLE_MAGIC)
- return TABLE_ERROR_PNT;
- if (linear_p == NULL)
- return TABLE_ERROR_ARG_NULL;
- /* initialize our linear magic number */
- linear_p->tl_magic = LINEAR_MAGIC;
-
- entry_p = first_entry(table_p, linear_p);
- if (entry_p == NULL)
- return TABLE_ERROR_NOT_FOUND;
- if (key_buf_p != NULL)
- *key_buf_p = ENTRY_KEY_BUF(entry_p);
- if (key_size_p != NULL)
- *key_size_p = entry_p->te_key_size;
- if (data_buf_p != NULL) {
- if (entry_p->te_data_size == 0)
- *data_buf_p = NULL;
- else {
- if (table_p->ta_data_align == 0)
- *data_buf_p = ENTRY_DATA_BUF(table_p, entry_p);
- else
- *data_buf_p = entry_data_buf(table_p, entry_p);
- }
- }
- if (data_size_p != NULL)
- *data_size_p = entry_p->te_data_size;
- return TABLE_ERROR_NONE;
-}
-
-/*
- * int table_next_r
- *
- * DESCRIPTION:
- *
- * Reetrant version of the table_next routine above. Find next
- * element in a table and pass back information about the key/data
- * pair. If any of the key/data pointers are NULL then they are
- * ignored.
- *
- * RETURNS:
- *
- * Success - TABLE_ERROR_NONE
- *
- * Failure - Table error code.
- *
- * ARGUMENTS:
- *
- * table_p - Table structure pointer from which we are getting the
- * next element.
- *
- * linear_p - Pointer to a table linear structure which is incremented
- * here. The same pointer must have been passed to table_first_r
- * first so that it can be initialized.
- *
- * key_buf_p - Pointer which, if not NULL, will be set to the address
- * of the storage of the next key that is allocated in the table. If
- * an (int) is stored as the next key (for example) then key_buf_p
- * should be (int **) i.e. the address of a (int *).
- *
- * key_size_p - Pointer to an integer which, if not NULL will be set
- * to the size of the key that is stored in the table and that is
- * associated with the next key.
- *
- * data_buf_p - Pointer which, if not NULL, will be set to the address
- * of the data storage that is allocated in the table and that is
- * associated with the next key. If a (long) is stored as the data
- * (for example) then data_buf_p should be (long **) i.e. the address
- * of a (long *).
- *
- * data_size_p - Pointer to an integer which, if not NULL, will be set
- * to the size of the data that is stored in the table and that is
- * associated with the next key.
- */
-int table_next_r(table_t * table_p, table_linear_t * linear_p,
- void **key_buf_p, int *key_size_p,
- void **data_buf_p, int *data_size_p)
-{
- table_entry_t *entry_p;
- int error;
-
- if (table_p == NULL)
- return TABLE_ERROR_ARG_NULL;
- if (table_p->ta_magic != TABLE_MAGIC)
- return TABLE_ERROR_PNT;
- if (linear_p == NULL)
- return TABLE_ERROR_ARG_NULL;
- if (linear_p->tl_magic != LINEAR_MAGIC)
- return TABLE_ERROR_LINEAR;
- /* move to the next entry */
- entry_p = next_entry(table_p, linear_p, &error);
- if (entry_p == NULL)
- return error;
- if (key_buf_p != NULL)
- *key_buf_p = ENTRY_KEY_BUF(entry_p);
- if (key_size_p != NULL)
- *key_size_p = entry_p->te_key_size;
- if (data_buf_p != NULL) {
- if (entry_p->te_data_size == 0)
- *data_buf_p = NULL;
- else {
- if (table_p->ta_data_align == 0)
- *data_buf_p = ENTRY_DATA_BUF(table_p, entry_p);
- else
- *data_buf_p = entry_data_buf(table_p, entry_p);
- }
- }
- if (data_size_p != NULL)
- *data_size_p = entry_p->te_data_size;
- return TABLE_ERROR_NONE;
-}
-
-/*
- * int table_this_r
- *
- * DESCRIPTION:
- *
- * Reetrant version of the table_this routine above. Find current
- * element in a table and pass back information about the key/data
- * pair. If any of the key/data pointers are NULL then they are
- * ignored.
- *
- * RETURNS:
- *
- * Success - TABLE_ERROR_NONE
- *
- * Failure - Table error code.
- *
- * ARGUMENTS:
- *
- * table_p - Table structure pointer from which we are getting the
- * current element.
- *
- * linear_p - Pointer to a table linear structure which is accessed
- * here. The same pointer must have been passed to table_first_r
- * first so that it can be initialized.
- *
- * key_buf_p - Pointer which, if not NULL, will be set to the address
- * of the storage of the current key that is allocated in the table.
- * If an (int) is stored as the current key (for example) then
- * key_buf_p should be (int **) i.e. the address of a (int *).
- *
- * key_size_p - Pointer to an integer which, if not NULL, will be set
- * to the size of the key that is stored in the table and that is
- * associated with the current key.
- *
- * data_buf_p - Pointer which, if not NULL, will be set to the address
- * of the data storage that is allocated in the table and that is
- * associated with the current key. If a (long) is stored as the data
- * (for example) then data_buf_p should be (long **) i.e. the address
- * of a (long *).
- *
- * data_size_p - Pointer to an integer which, if not NULL, will be set
- * to the size of the data that is stored in the table and that is
- * associated with the current key.
- */
-int table_this_r(table_t * table_p, table_linear_t * linear_p,
- void **key_buf_p, int *key_size_p,
- void **data_buf_p, int *data_size_p)
-{
- table_entry_t *entry_p;
- int entry_c;
-
- if (table_p == NULL)
- return TABLE_ERROR_ARG_NULL;
- if (table_p->ta_magic != TABLE_MAGIC)
- return TABLE_ERROR_PNT;
- if (linear_p->tl_magic != LINEAR_MAGIC)
- return TABLE_ERROR_LINEAR;
- /* if we removed an item that shorted the bucket list, we may get this */
- if (linear_p->tl_bucket_c >= table_p->ta_bucket_n) {
- /*
- * NOTE: this might happen if we delete an item which shortens the
- * table bucket numbers.
- */
- return TABLE_ERROR_NOT_FOUND;
- }
-
- /* find the entry which is the nth in the list */
- for (entry_c = linear_p->tl_entry_c,
- entry_p = table_p->ta_buckets[linear_p->tl_bucket_c];
- entry_p != NULL && entry_c > 0;
- entry_c--, entry_p = TABLE_POINTER(table_p, table_entry_t *,
- entry_p)->te_next_p) {
- }
-
- if (entry_p == NULL)
- return TABLE_ERROR_NOT_FOUND;
- if (key_buf_p != NULL)
- *key_buf_p = ENTRY_KEY_BUF(entry_p);
- if (key_size_p != NULL)
- *key_size_p = entry_p->te_key_size;
- if (data_buf_p != NULL) {
- if (entry_p->te_data_size == 0)
- *data_buf_p = NULL;
- else {
- if (table_p->ta_data_align == 0)
- *data_buf_p = ENTRY_DATA_BUF(table_p, entry_p);
- else
- *data_buf_p = entry_data_buf(table_p, entry_p);
- }
- }
- if (data_size_p != NULL)
- *data_size_p = entry_p->te_data_size;
- return TABLE_ERROR_NONE;
-}
-
-/******************************** table order ********************************/
-
-/*
- * table_entry_t *table_order
- *
- * DESCRIPTION:
- *
- * Order a table by building an array of table entry pointers and then
- * sorting this array using the qsort function. To retrieve the
- * sorted entries, you can then use the table_entry routine to access
- * each entry in order.
- *
- * NOTE: This routine is now thread safe in that two table_order calls
- * can now happen at the same time, even on the same table.
- *
- * RETURNS:
- *
- * An allocated list of entry pointers which must be freed later.
- * Returns null on error.
- *
- * ARGUMENTS:
- *
- * table_p - Pointer to the table that we are ordering.
- *
- * compare - Comparison function defined by the user. Its definition
- * is at the top of the table.h file. If this is NULL then it will
- * order the table my memcmp-ing the keys.
- *
- * num_entries_p - Pointer to an integer which, if not NULL, will
- * contain the number of entries in the returned entry pointer array.
- *
- * error_p - Pointer to an integer which, if not NULL, will contain a
- * table error code.
- */
-table_entry_t **table_order(table_t * table_p, table_compare_t compare,
- int *num_entries_p, int *error_p)
-{
- table_entry_t *entry_p, **entries, **entries_p;
- table_linear_t linear;
- compare_t comp_func;
- int error;
-
- if (table_p == NULL) {
- if (error_p != NULL)
- *error_p = TABLE_ERROR_ARG_NULL;
- return NULL;
- }
- if (table_p->ta_magic != TABLE_MAGIC) {
- if (error_p != NULL)
- *error_p = TABLE_ERROR_PNT;
- return NULL;
- }
-
- /* there must be at least 1 element in the table for this to work */
- if (table_p->ta_entry_n == 0) {
- if (error_p != NULL)
- *error_p = TABLE_ERROR_EMPTY;
- return NULL;
- }
-
- entries = (table_entry_t **)
- table_p->ta_malloc(table_p->opt_param,
- table_p->ta_entry_n *sizeof(table_entry_t *));
- if (entries == NULL) {
- if (error_p != NULL)
- *error_p = TABLE_ERROR_ALLOC;
- return NULL;
- }
-
- /* get a pointer to all entries */
- entry_p = first_entry(table_p, &linear);
- if (entry_p == NULL) {
- if (error_p != NULL)
- *error_p = TABLE_ERROR_NOT_FOUND;
- return NULL;
- }
-
- /* add all of the entries to the array */
- for (entries_p = entries;
- entry_p != NULL;
- entry_p = next_entry(table_p, &linear, &error))
- *entries_p++ = entry_p;
- if (error != TABLE_ERROR_NOT_FOUND) {
- if (error_p != NULL)
- *error_p = error;
- return NULL;
- }
-
- if (compare == NULL) {
- /* this is regardless of the alignment */
- comp_func = local_compare;
- }
- else if (table_p->ta_data_align == 0)
- comp_func = external_compare;
- else
- comp_func = external_compare_align;
- /* now qsort the entire entries array from first to last element */
- split(entries, entries + table_p->ta_entry_n - 1, comp_func, compare,
- table_p);
-
- if (num_entries_p != NULL)
- *num_entries_p = table_p->ta_entry_n;
- if (error_p != NULL)
- *error_p = TABLE_ERROR_NONE;
- return entries;
-}
-
-/*
- * int table_entry
- *
- * DESCRIPTION:
- *
- * Get information about an element. The element is one from the
- * array returned by the table_order function. If any of the key/data
- * pointers are NULL then they are ignored.
- *
- * RETURNS:
- *
- * Success - TABLE_ERROR_NONE
- *
- * Failure - Table error code.
- *
- * ARGUMENTS:
- *
- * table_p - Table structure pointer from which we are getting the
- * element.
- *
- * entry_p - Pointer to a table entry from the array returned by the
- * table_order function.
- *
- * key_buf_p - Pointer which, if not NULL, will be set to the address
- * of the storage of this entry that is allocated in the table. If an
- * (int) is stored as this entry (for example) then key_buf_p should
- * be (int **) i.e. the address of a (int *).
- *
- * key_size_p - Pointer to an integer which, if not NULL, will be set
- * to the size of the key that is stored in the table.
- *
- * data_buf_p - Pointer which, if not NULL, will be set to the address
- * of the data storage of this entry that is allocated in the table.
- * If a (long) is stored as this entry data (for example) then
- * data_buf_p should be (long **) i.e. the address of a (long *).
- *
- * data_size_p - Pointer to an integer which, if not NULL, will be set
- * to the size of the data that is stored in the table.
- */
-int table_entry_info(table_t * table_p, table_entry_t * entry_p,
- void **key_buf_p, int *key_size_p,
- void **data_buf_p, int *data_size_p)
-{
- if (table_p == NULL)
- return TABLE_ERROR_ARG_NULL;
- if (table_p->ta_magic != TABLE_MAGIC)
- return TABLE_ERROR_PNT;
- if (entry_p == NULL)
- return TABLE_ERROR_ARG_NULL;
- if (key_buf_p != NULL)
- *key_buf_p = ENTRY_KEY_BUF(entry_p);
- if (key_size_p != NULL)
- *key_size_p = entry_p->te_key_size;
- if (data_buf_p != NULL) {
- if (entry_p->te_data_size == 0)
- *data_buf_p = NULL;
- else {
- if (table_p->ta_data_align == 0)
- *data_buf_p = ENTRY_DATA_BUF(table_p, entry_p);
- else
- *data_buf_p = entry_data_buf(table_p, entry_p);
- }
- }
- if (data_size_p != NULL)
- *data_size_p = entry_p->te_data_size;
- return TABLE_ERROR_NONE;
-}
-
diff --git a/rubbos/app/httpd-2.0.64/modules/ssl/ssl_util_table.h b/rubbos/app/httpd-2.0.64/modules/ssl/ssl_util_table.h
deleted file mode 100644
index 33438b2f..00000000
--- a/rubbos/app/httpd-2.0.64/modules/ssl/ssl_util_table.h
+++ /dev/null
@@ -1,152 +0,0 @@
-/* Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-/* _ _
- * _ __ ___ ___ __| | ___ ___| | mod_ssl
- * | '_ ` _ \ / _ \ / _` | / __/ __| | Apache Interface to OpenSSL
- * | | | | | | (_) | (_| | \__ \__ \ |
- * |_| |_| |_|\___/ \__,_|___|___/___/_|
- * |_____|
- * ssl_util_table.h
- * High Performance Hash Table Header
- */
-
-/*
- * Generic hash table defines
- * Table 4.1.0 July-28-1998
- *
- * This library is a generic open hash table with buckets and
- * linked lists. It is pretty high performance. Each element
- * has a key and a data. The user indexes on the key to find the
- * data.
- *
- * Copyright 1998 by Gray Watson <gray@letters.com>
- *
- * Permission to use, copy, modify, and distribute this software for any
- * purpose and without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies,
- * and that the name of Gray Watson not be used in advertising or
- * publicity pertaining to distribution of the document or software
- * without specific, written prior permission.
- *
- * Gray Watson makes no representations about the suitability of the
- * software described herein for any purpose. It is provided "as is"
- * without express or implied warranty.
- */
-
-#ifndef __SSL_UTIL_TABLE_H__
-#define __SSL_UTIL_TABLE_H__
-
-#ifdef __cplusplus
-extern "C" {
-#endif /* __cplusplus */
-
-/*
- * To build a "key" in any of the below routines, pass in a pointer to
- * the key and its size [i.e. sizeof(int), etc]. With any of the
- * "key" or "data" arguments, if their size is < 0, it will do an
- * internal strlen of the item and add 1 for the \0.
- *
- * If you are using firstkey() and nextkey() functions, be careful if,
- * after starting your firstkey loop, you use delete or insert, it
- * will not crash but may produce interesting results. If you are
- * deleting from firstkey to NULL it will work fine.
- */
-
-/* return types for table functions */
-#define TABLE_ERROR_NONE 1 /* no error from function */
-#define TABLE_ERROR_PNT 2 /* bad table pointer */
-#define TABLE_ERROR_ARG_NULL 3 /* buffer args were null */
-#define TABLE_ERROR_SIZE 4 /* size of data was bad */
-#define TABLE_ERROR_OVERWRITE 5 /* key exists and we cant overwrite */
-#define TABLE_ERROR_NOT_FOUND 6 /* key does not exist */
-#define TABLE_ERROR_ALLOC 7 /* memory allocation error */
-#define TABLE_ERROR_LINEAR 8 /* no linear access started */
-#define TABLE_ERROR_OPEN 9 /* could not open file */
-#define TABLE_ERROR_SEEK 10 /* could not seek to pos in file */
-#define TABLE_ERROR_READ 11 /* could not read from file */
-#define TABLE_ERROR_WRITE 12 /* could not write to file */
-#define TABLE_ERROR_EMPTY 13 /* table is empty */
-#define TABLE_ERROR_NOT_EMPTY 14 /* table contains data */
-#define TABLE_ERROR_ALIGNMENT 15 /* invalid alignment value */
-
-/*
- * Table flags set with table_attr.
- */
-
-/*
- * Automatically adjust the number of table buckets on the fly.
- * Whenever the number of entries gets above some threshold, the
- * number of buckets is realloced to a new size and each entry is
- * re-hashed. Although this may take some time when it re-hashes, the
- * table will perform better over time.
- */
-#define TABLE_FLAG_AUTO_ADJUST (1<<0)
-
-/*
- * If the above auto-adjust flag is set, also adjust the number of
- * table buckets down as we delete entries.
- */
-#define TABLE_FLAG_ADJUST_DOWN (1<<1)
-
-/* structure to walk through the fields in a linear order */
-typedef struct {
- unsigned int tl_magic; /* magic structure to ensure correct init */
- unsigned int tl_bucket_c; /* where in the table buck array we are */
- unsigned int tl_entry_c; /* in the bucket, which entry we are on */
-} table_linear_t;
-
-typedef int (*table_compare_t)(const void *key1, const int key1_size,
- const void *data1, const int data1_size,
- const void *key2, const int key2_size,
- const void *data2, const int data2_size);
-
-#ifndef TABLE_PRIVATE
-typedef void table_t;
-typedef void table_entry_t;
-#endif
-
-/*
- * Prototypes
- */
-extern table_t *table_alloc(const unsigned int bucket_n, int *error_p, void *(*malloc_f)(void *opt_param, size_t size), void *(*calloc_f)(void *opt_param, size_t number, size_t size), void *(*realloc_f)(void *opt_param, void *ptr, size_t size), void (*free_f)(void *opt_param, void *ptr), void *opt_param);
-extern int table_attr(table_t *table_p, const int attr);
-extern int table_set_data_alignment(table_t *table_p, const int alignment);
-extern int table_clear(table_t *table_p);
-extern int table_free(table_t *table_p);
-extern int table_insert_kd(table_t *table_p, const void *key_buf, const int key_size, const void *data_buf, const int data_size, void **key_buf_p, void **data_buf_p, const char overwrite_b);
-extern int table_insert(table_t *table_p, const void *key_buf, const int key_size, const void *data_buf, const int data_size, void **data_buf_p, const char overwrite_b);
-extern int table_retrieve(table_t *table_p, const void *key_buf, const int key_size, void **data_buf_p, int *data_size_p);
-extern int table_delete(table_t *table_p, const void *key_buf, const int key_size, void **data_buf_p, int *data_size_p);
-extern int table_delete_first(table_t *table_p, void **key_buf_p, int *key_size_p, void **data_buf_p, int *data_size_p);
-extern int table_info(table_t *table_p, int *num_buckets_p, int *num_entries_p);
-extern int table_adjust(table_t *table_p, const int bucket_n);
-extern const char *table_strerror(const int error);
-extern int table_type_size(void);
-extern int table_first(table_t *table_p, void **key_buf_p, int *key_size_p, void **data_buf_p, int *data_size_p);
-extern int table_next(table_t *table_p, void **key_buf_p, int *key_size_p, void **data_buf_p, int *data_size_p);
-extern int table_this(table_t *table_p, void **key_buf_p, int *key_size_p, void **data_buf_p, int *data_size_p);
-extern int table_first_r(table_t *table_p, table_linear_t *linear_p, void **key_buf_p, int *key_size_p, void **data_buf_p, int *data_size_p);
-extern int table_next_r(table_t *table_p, table_linear_t *linear_p, void **key_buf_p, int *key_size_p, void **data_buf_p, int *data_size_p);
-extern int table_this_r(table_t *table_p, table_linear_t *linear_p, void **key_buf_p, int *key_size_p, void **data_buf_p, int *data_size_p);
-extern table_entry_t **table_order(table_t *table_p, table_compare_t compare, int *num_entries_p, int *error_p);
-extern int table_entry_info(table_t *table_p, table_entry_t *entry_p, void **key_buf_p, int *key_size_p, void **data_buf_p, int *data_size_p);
-
-#ifdef __cplusplus
-}
-#endif /* __cplusplus */
-
-#endif /* __SSL_UTIL_TABLE_H__ */