📄 ssl_engine_vars.c
字号:
else if (strcEQ(var, "V_START")) { result = ssl_var_lookup_ssl_cert_valid(p, X509_get_notBefore(xs)); } else if (strcEQ(var, "V_END")) { result = ssl_var_lookup_ssl_cert_valid(p, X509_get_notAfter(xs)); } else if (strcEQ(var, "S_DN")) { xsname = X509_get_subject_name(xs); cp = X509_NAME_oneline(xsname, NULL, 0); result = ap_pstrdup(p, cp); free(cp); resdup = FALSE; } else if (strlen(var) > 5 && strcEQn(var, "S_DN_", 5)) { xsname = X509_get_subject_name(xs); result = ssl_var_lookup_ssl_cert_dn(p, xsname, var+5); resdup = FALSE; } else if (strcEQ(var, "I_DN")) { xsname = X509_get_issuer_name(xs); cp = X509_NAME_oneline(xsname, NULL, 0); result = ap_pstrdup(p, cp); free(cp); resdup = FALSE; } else if (strlen(var) > 5 && strcEQn(var, "I_DN_", 5)) { xsname = X509_get_issuer_name(xs); result = ssl_var_lookup_ssl_cert_dn(p, xsname, var+5); resdup = FALSE; } else if (strcEQ(var, "A_SIG")) { nid = OBJ_obj2nid(xs->cert_info->signature->algorithm); result = ap_pstrdup(p, (nid == NID_undef) ? "UNKNOWN" : OBJ_nid2ln(nid)); resdup = FALSE; } else if (strcEQ(var, "A_KEY")) { nid = OBJ_obj2nid(xs->cert_info->key->algor->algorithm); result = ap_pstrdup(p, (nid == NID_undef) ? "UNKNOWN" : OBJ_nid2ln(nid)); resdup = FALSE; } else if (strcEQ(var, "CERT")) { result = ssl_var_lookup_ssl_cert_PEM(p, xs); } if (result != NULL && resdup) result = ap_pstrdup(p, result); return result;}static const struct { char *name; int nid;} ssl_var_lookup_ssl_cert_dn_rec[] = { { "C", NID_countryName }, { "ST", NID_stateOrProvinceName }, /* officially (RFC2156) */ { "SP", NID_stateOrProvinceName }, /* compatibility (SSLeay) */ { "L", NID_localityName }, { "O", NID_organizationName }, { "OU", NID_organizationalUnitName }, { "CN", NID_commonName }, { "T", NID_title }, { "I", NID_initials }, { "G", NID_givenName }, { "S", NID_surname }, { "D", NID_description }, { "UID", NID_uniqueIdentifier }, { "Email", NID_pkcs9_emailAddress }, { NULL, 0 }};static char *ssl_var_lookup_ssl_cert_dn(pool *p, X509_NAME *xsname, char *var){ char *result; X509_NAME_ENTRY *xsne; int i, j, n; result = NULL; for (i = 0; ssl_var_lookup_ssl_cert_dn_rec[i].name != NULL; i++) { if (strEQ(var, ssl_var_lookup_ssl_cert_dn_rec[i].name)) { for (j = 0; j < sk_X509_NAME_ENTRY_num(xsname->entries); j++) { xsne = sk_X509_NAME_ENTRY_value(xsname->entries, j); n = OBJ_obj2nid(xsne->object); if (n == ssl_var_lookup_ssl_cert_dn_rec[i].nid) { result = ap_palloc(p, xsne->value->length+1); ap_cpystrn(result, (char *)xsne->value->data, xsne->value->length+1);#ifdef CHARSET_EBCDIC ascii2ebcdic(result, result, xsne->value->length);#endif /* CHARSET_EBCDIC */ result[xsne->value->length] = NUL; break; } } break; } } return result;}static char *ssl_var_lookup_ssl_cert_valid(pool *p, ASN1_UTCTIME *tm){ char *result; BIO* bio; int n; if ((bio = BIO_new(BIO_s_mem())) == NULL) return NULL; ASN1_UTCTIME_print(bio, tm); n = BIO_pending(bio); result = ap_pcalloc(p, n+1); n = BIO_read(bio, result, n); result[n] = NUL; BIO_free(bio); return result;}static char *ssl_var_lookup_ssl_cert_serial(pool *p, X509 *xs){ char *result; BIO *bio; int n; if ((bio = BIO_new(BIO_s_mem())) == NULL) return NULL; i2a_ASN1_INTEGER(bio, X509_get_serialNumber(xs)); n = BIO_pending(bio); result = ap_pcalloc(p, n+1); n = BIO_read(bio, result, n); result[n] = NUL; BIO_free(bio); return result;}static char *ssl_var_lookup_ssl_cert_chain(pool *p, STACK_OF(X509) *sk, char *var){ char *result; X509 *xs; int n; result = NULL; if (strspn(var, "0123456789") == strlen(var)) { n = atoi(var); if (n < sk_X509_num(sk)) { xs = sk_X509_value(sk, n); result = ssl_var_lookup_ssl_cert_PEM(p, xs); } } return result;}static char *ssl_var_lookup_ssl_cert_PEM(pool *p, X509 *xs){ char *result; BIO *bio; int n; if ((bio = BIO_new(BIO_s_mem())) == NULL) return NULL; PEM_write_bio_X509(bio, xs); n = BIO_pending(bio); result = ap_pcalloc(p, n+1); n = BIO_read(bio, result, n); result[n] = NUL; BIO_free(bio); return result;}static char *ssl_var_lookup_ssl_cert_verify(pool *p, conn_rec *c){ char *result; long vrc; char *verr; char *vinfo; SSL *ssl; X509 *xs; result = NULL; ssl = ap_ctx_get(c->client->ctx, "ssl"); verr = ap_ctx_get(c->client->ctx, "ssl::verify::error"); vinfo = ap_ctx_get(c->client->ctx, "ssl::verify::info"); vrc = SSL_get_verify_result(ssl); xs = SSL_get_peer_certificate(ssl); if (vrc == X509_V_OK && verr == NULL && vinfo == NULL && xs == NULL) /* no client verification done at all */ result = "NONE"; else if (vrc == X509_V_OK && verr == NULL && vinfo == NULL && xs != NULL) /* client verification done successful */ result = "SUCCESS"; else if (vrc == X509_V_OK && vinfo != NULL && strEQ(vinfo, "GENEROUS")) /* client verification done in generous way */ result = "GENEROUS"; else /* client verification failed */ result = ap_psprintf(p, "FAILED:%s", verr); return result;}static char *ssl_var_lookup_ssl_cipher(pool *p, conn_rec *c, char *var){ char *result; BOOL resdup; char *cipher; int usekeysize, algkeysize; SSL *ssl; result = NULL; resdup = TRUE; if (strEQ(var, "")) { ssl = ap_ctx_get(c->client->ctx, "ssl"); result = (char *)SSL_get_cipher_name(ssl); } else if (strcEQ(var, "_EXPORT")) { ssl = ap_ctx_get(c->client->ctx, "ssl"); cipher = (char *)SSL_get_cipher_name(ssl); ssl_var_lookup_ssl_cipher_bits(cipher, &usekeysize, &algkeysize); result = (usekeysize < 56 ? "true" : "false"); } else if (strcEQ(var, "_USEKEYSIZE")) { ssl = ap_ctx_get(c->client->ctx, "ssl"); cipher = (char *)SSL_get_cipher_name(ssl); ssl_var_lookup_ssl_cipher_bits(cipher, &usekeysize, &algkeysize); result = ap_psprintf(p, "%d", usekeysize); resdup = FALSE; } else if (strcEQ(var, "_ALGKEYSIZE")) { ssl = ap_ctx_get(c->client->ctx, "ssl"); cipher = (char *)SSL_get_cipher_name(ssl); ssl_var_lookup_ssl_cipher_bits(cipher, &usekeysize, &algkeysize); result = ap_psprintf(p, "%d", algkeysize); resdup = FALSE; } if (result != NULL && resdup) result = ap_pstrdup(p, result); return result;}/* * This structure is used instead of SSL_get_cipher_bits() because * this OpenSSL function has rounding problems, but we want the * correct sizes. */static const struct { char *szName; int nUseKeySize; int nAlgKeySize;} ssl_var_lookup_ssl_cipher_bits_rec[] = { { TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_MD5 /*EXP1024-RC4-MD5*/, 56, 128 }, { TLS1_TXT_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 /*EXP1024-RC2-CBC-MD5*/,56, 128 }, { TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA /*EXP1024-DES-CBC-SHA*/,56, 56 }, { SSL3_TXT_RSA_IDEA_128_SHA /*IDEA-CBC-SHA*/, 128, 128 }, { SSL3_TXT_RSA_NULL_MD5 /*NULL-MD5*/, 0, 0 }, { SSL3_TXT_RSA_NULL_SHA /*NULL-SHA*/, 0, 0 }, { SSL3_TXT_RSA_RC4_40_MD5 /*EXP-RC4-MD5*/, 40, 128 }, { SSL3_TXT_RSA_RC4_128_MD5 /*RC4-MD5*/, 128, 128 }, { SSL3_TXT_RSA_RC4_128_SHA /*RC4-SHA*/, 128, 128 }, { SSL3_TXT_RSA_RC2_40_MD5 /*EXP-RC2-CBC-MD5*/, 40, 128 }, { SSL3_TXT_RSA_DES_40_CBC_SHA /*EXP-DES-CBC-SHA*/, 40, 56 }, { SSL3_TXT_RSA_DES_64_CBC_SHA /*DES-CBC-SHA*/ , 56, 56 }, { SSL3_TXT_RSA_DES_192_CBC3_SHA /*DES-CBC3-SHA*/ , 168, 168 }, { SSL3_TXT_DH_DSS_DES_40_CBC_SHA /*EXP-DH-DSS-DES-CBC-SHA*/, 40, 56 }, { SSL3_TXT_DH_DSS_DES_64_CBC_SHA /*DH-DSS-DES-CBC-SHA*/, 56, 56 }, { SSL3_TXT_DH_DSS_DES_192_CBC3_SHA /*DH-DSS-DES-CBC3-SHA*/, 168, 168 }, { SSL3_TXT_DH_RSA_DES_40_CBC_SHA /*EXP-DH-RSA-DES-CBC-SHA*/, 40, 56 }, { SSL3_TXT_DH_RSA_DES_64_CBC_SHA /*DH-RSA-DES-CBC-SHA*/, 56, 56 }, { SSL3_TXT_DH_RSA_DES_192_CBC3_SHA /*DH-RSA-DES-CBC3-SHA*/, 168, 168 }, { SSL3_TXT_EDH_DSS_DES_40_CBC_SHA /*EXP-EDH-DSS-DES-CBC-SHA*/, 40, 56 }, { SSL3_TXT_EDH_DSS_DES_64_CBC_SHA /*EDH-DSS-DES-CBC-SHA*/, 56, 56 }, { SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA /*EDH-DSS-DES-CBC3-SHA*/, 168, 168 }, { SSL3_TXT_EDH_RSA_DES_40_CBC_SHA /*EXP-EDH-RSA-DES-CBC*/, 40, 56 }, { SSL3_TXT_EDH_RSA_DES_64_CBC_SHA /*EDH-RSA-DES-CBC-SHA*/, 56, 56 }, { SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA /*EDH-RSA-DES-CBC3-SHA*/, 168, 168 }, { SSL3_TXT_ADH_RC4_40_MD5 /*EXP-ADH-RC4-MD5*/, 40, 128 }, { SSL3_TXT_ADH_RC4_128_MD5 /*ADH-RC4-MD5*/, 128, 128 }, { SSL3_TXT_ADH_DES_40_CBC_SHA /*EXP-ADH-DES-CBC-SHA*/, 40, 128 }, { SSL3_TXT_ADH_DES_64_CBC_SHA /*ADH-DES-CBC-SHA*/, 56, 56 }, { SSL3_TXT_ADH_DES_192_CBC_SHA /*ADH-DES-CBC3-SHA*/, 168, 168 }, { SSL3_TXT_FZA_DMS_NULL_SHA /*FZA-NULL-SHA*/, 0, 0 }, { SSL3_TXT_FZA_DMS_FZA_SHA /*FZA-FZA-CBC-SHA*/, 0, 0 }, { SSL3_TXT_FZA_DMS_RC4_SHA /*FZA-RC4-SHA*/, 128, 128 }, { SSL2_TXT_IDEA_128_CBC_WITH_MD5 /*IDEA-CBC-MD5*/, 128, 128 }, { SSL2_TXT_DES_64_CFB64_WITH_MD5_1 /*DES-CFB-M1*/, 56, 56 }, { SSL2_TXT_RC2_128_CBC_WITH_MD5 /*RC2-CBC-MD5*/, 128, 128 }, { SSL2_TXT_DES_64_CBC_WITH_MD5 /*DES-CBC-MD5*/, 56, 56 }, { SSL2_TXT_DES_192_EDE3_CBC_WITH_MD5 /*DES-CBC3-MD5*/, 168, 168 }, { SSL2_TXT_RC4_64_WITH_MD5 /*RC4-64-MD5*/, 64, 64 }, { SSL2_TXT_NULL /*NULL*/, 0, 0 }, { NULL, 0, 0 }};static void ssl_var_lookup_ssl_cipher_bits(char *cipher, int *usekeysize, int *algkeysize){ int n; *usekeysize = 0; *algkeysize = 0; for (n = 0; ssl_var_lookup_ssl_cipher_bits_rec[n].szName; n++) { if (strEQ(cipher, ssl_var_lookup_ssl_cipher_bits_rec[n].szName)) { *algkeysize = ssl_var_lookup_ssl_cipher_bits_rec[n].nAlgKeySize; *usekeysize = ssl_var_lookup_ssl_cipher_bits_rec[n].nUseKeySize; break; } } return;}static char *ssl_var_lookup_ssl_version(pool *p, char *var){ char *result; char *cp, *cp2; result = NULL; if (strEQ(var, "PRODUCT")) {#if defined(SSL_PRODUCT_NAME) && defined(SSL_PRODUCT_VERSION) result = ap_psprintf(p, "%s/%s", SSL_PRODUCT_NAME, SSL_PRODUCT_VERSION);#else result = NULL;#endif } else if (strEQ(var, "INTERFACE")) { result = ap_psprintf(p, "mod_ssl/%s", MOD_SSL_VERSION); } else if (strEQ(var, "LIBRARY")) { result = ap_pstrdup(p, SSL_LIBRARY_TEXT); if ((cp = strchr(result, ' ')) != NULL) { *cp = '/'; if ((cp2 = strchr(cp, ' ')) != NULL) *cp2 = NUL; } } return result;}⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -