ssl_engine_compat.c

mod_ssl-2.8.31-1.3.41.tar.gz 好用的ssl工具

     */
    for (cpI = cpB, n = 1; cpI < cpE; cpI++)
        if ((*cpI == ' ' || *cpI == '\t') &&
            (cpI > cpB && *(cpI-1) != ' ' && *(cpI-1) != '\t'))
            n++;
    line = ap_palloc(p, (cpE-cpB)+(n*2)+n+1);
    cpI = cpB;
    cpO = line;
    while (cpI < cpE) {
        if (   (*cpI != ' ' && *cpI != '\t')
            && (   cpI == cpB
                || (   cpI > cpB
                    && (*(cpI-1) == ' ' || *(cpI-1) == '\t')))) {
            *cpO++ = '"';
            *cpO++ = *cpI++;
        }
        else if (   (*cpI == ' ' || *cpI == '\t')
                 && (   cpI > cpB
                     && (*(cpI-1) != ' ' && *(cpI-1) != '\t'))) {
            *cpO++ = '"';
            *cpO++ = ',';
            *cpO++ = *cpI++;
        }
        else {
            *cpO++ = *cpI++;
        }
    }
    if (cpI > cpB && (*(cpI-1) != ' ' && *(cpI-1) != '\t'))
        *cpO++ = '"';
    *cpO++ = NUL;
    return line;
}

char *ssl_compat_directive(server_rec *s, pool *p, const char *oline)
{
    int i;
    char *line;
    char *cp;
    char caCmd[1024];
    char *cpArgs;
    int match;

    /*
     * Skip comment lines
     */
    cp = (char *)oline;
    while ((*cp == ' ' || *cp == '\t' || *cp == '\n') && (*cp != NUL))
        cp++;
    if (*cp == '#' || *cp == NUL)
        return NULL;

    /*
     * Extract directive name
     */
    cp = (char *)oline;
    for (i = 0; *cp != ' ' && *cp != '\t' && *cp != NUL && i < sizeof(caCmd)-1; )
        caCmd[i++] = *cp++;
    caCmd[i] = NUL;
    cpArgs = cp;

    /*
     * Apply rewriting map
     */
    line = NULL;
    for (i = 0; !(ssl_cmd_rewrite_map[i].cpCommand == NULL &&
                  ssl_cmd_rewrite_map[i].cpPattern == NULL   ); i++) {
        /*
         * Matching
         */
        match = FALSE;
        if (ssl_cmd_rewrite_map[i].cpCommand != NULL) {
            if (strcEQ(ssl_cmd_rewrite_map[i].cpCommand, caCmd))
                match = TRUE;
        }
        else if (ssl_cmd_rewrite_map[i].cpSubstring != NULL) {
            if (strstr(oline, ssl_cmd_rewrite_map[i].cpSubstring) != NULL)
                match = TRUE;
        }
        else if (ssl_cmd_rewrite_map[i].cpPattern != NULL) {
            if (ap_fnmatch(ssl_cmd_rewrite_map[i].cpPattern, oline, 0))
                match = TRUE;
        }

        /*
         * Action Processing
         */
        if (match) {
            if (ssl_cmd_rewrite_map[i].cpMessage != NULL) {
                ap_log_error(APLOG_MARK, APLOG_WARNING|APLOG_NOERRNO, s,
                             "mod_ssl:Compat: OBSOLETE '%s' => %s",
                             oline, ssl_cmd_rewrite_map[i].cpMessage);
                line = "";
                break;
            }
            else if (ssl_cmd_rewrite_map[i].cpSubst != NULL) {
                if (ssl_cmd_rewrite_map[i].cpCommand != NULL)
                    line = ap_pstrcat(p, ssl_cmd_rewrite_map[i].cpSubst,
                                      cpArgs, NULL);
                else if (ssl_cmd_rewrite_map[i].cpSubstring != NULL)
                    line = ssl_util_ptxtsub(p, oline, ssl_cmd_rewrite_map[i].cpSubstring,
                                            ssl_cmd_rewrite_map[i].cpSubst);
                else
                    line = ssl_cmd_rewrite_map[i].cpSubst;
                break;
            }
            else if (ssl_cmd_rewrite_map[i].fpSubst != NULL) {
                line = ((char *(*)(pool *, const char *, const char *, const char *))
                        (ssl_cmd_rewrite_map[i].fpSubst))(p, oline, caCmd, cpArgs);
                break;
            }
        }
    }
    if (line != NULL && line[0] != NUL)
        ap_log_error(APLOG_MARK, APLOG_INFO|APLOG_NOERRNO, s,
                     "mod_ssl:Compat: MAPPED '%s' => '%s'", oline, line);
    return line;
}

/*
 * The mapping of obsolete environment variables to official ones...
 */

#define VRM_BEGIN              /* nop */
#define VRM_ENTRY(var,action)  { var, action },
#define VRM_END                { NULL, NULL, NULL }
#define VRM_VAR(old)           old
#define VRM_SUB(new)           new, NULL
#define VRM_LOG(msg)           NULL, msg

static struct {
    char *cpOld;
    char *cpNew;
    char *cpMsg;
} ssl_var_rewrite_map[] = {
    VRM_BEGIN

    /*
     * Apache-SSL 1.x, mod_ssl 2.0.x, Sioux 1.x
     * and Stronghold 2.x backward compatibility
     */
    VRM_ENTRY( VRM_VAR("SSL_PROTOCOL_VERSION"),          VRM_SUB("SSL_PROTOCOL")             )
    VRM_ENTRY( VRM_VAR("SSLEAY_VERSION"),                VRM_SUB("SSL_VERSION_LIBRARY")      )
    VRM_ENTRY( VRM_VAR("HTTPS_SECRETKEYSIZE"),           VRM_SUB("SSL_CIPHER_USEKEYSIZE")    )
    VRM_ENTRY( VRM_VAR("HTTPS_KEYSIZE"),                 VRM_SUB("SSL_CIPHER_ALGKEYSIZE")    )
    VRM_ENTRY( VRM_VAR("HTTPS_CIPHER"),                  VRM_SUB("SSL_CIPHER")               )
    VRM_ENTRY( VRM_VAR("HTTPS_EXPORT"),                  VRM_SUB("SSL_CIPHER_EXPORT")        )
    VRM_ENTRY( VRM_VAR("SSL_SERVER_KEY_SIZE"),           VRM_SUB("SSL_CIPHER_ALGKEYSIZE")    )
    VRM_ENTRY( VRM_VAR("SSL_SERVER_CERTIFICATE"),        VRM_SUB("SSL_SERVER_CERT")          )
    VRM_ENTRY( VRM_VAR("SSL_SERVER_CERT_START"),         VRM_SUB("SSL_SERVER_V_START")       )
    VRM_ENTRY( VRM_VAR("SSL_SERVER_CERT_END"),           VRM_SUB("SSL_SERVER_V_END")         )
    VRM_ENTRY( VRM_VAR("SSL_SERVER_CERT_SERIAL"),        VRM_SUB("SSL_SERVER_M_SERIAL")      )
    VRM_ENTRY( VRM_VAR("SSL_SERVER_SIGNATURE_ALGORITHM"),VRM_SUB("SSL_SERVER_A_SIG")         )
    VRM_ENTRY( VRM_VAR("SSL_SERVER_DN"),                 VRM_SUB("SSL_SERVER_S_DN")          )
    VRM_ENTRY( VRM_VAR("SSL_SERVER_CN"),                 VRM_SUB("SSL_SERVER_S_DN_CN")       )
    VRM_ENTRY( VRM_VAR("SSL_SERVER_EMAIL"),              VRM_SUB("SSL_SERVER_S_DN_Email")    )
    VRM_ENTRY( VRM_VAR("SSL_SERVER_O"),                  VRM_SUB("SSL_SERVER_S_DN_O")        )
    VRM_ENTRY( VRM_VAR("SSL_SERVER_OU"),                 VRM_SUB("SSL_SERVER_S_DN_OU")       )
    VRM_ENTRY( VRM_VAR("SSL_SERVER_C"),                  VRM_SUB("SSL_SERVER_S_DN_C")        )
    VRM_ENTRY( VRM_VAR("SSL_SERVER_SP"),                 VRM_SUB("SSL_SERVER_S_DN_SP")       )
    VRM_ENTRY( VRM_VAR("SSL_SERVER_L"),                  VRM_SUB("SSL_SERVER_S_DN_L")        )
    VRM_ENTRY( VRM_VAR("SSL_SERVER_IDN"),                VRM_SUB("SSL_SERVER_I_DN")          )
    VRM_ENTRY( VRM_VAR("SSL_SERVER_ICN"),                VRM_SUB("SSL_SERVER_I_DN_CN")       )
    VRM_ENTRY( VRM_VAR("SSL_SERVER_IEMAIL"),             VRM_SUB("SSL_SERVER_I_DN_Email")    )
    VRM_ENTRY( VRM_VAR("SSL_SERVER_IO"),                 VRM_SUB("SSL_SERVER_I_DN_O")        )
    VRM_ENTRY( VRM_VAR("SSL_SERVER_IOU"),                VRM_SUB("SSL_SERVER_I_DN_OU")       )
    VRM_ENTRY( VRM_VAR("SSL_SERVER_IC"),                 VRM_SUB("SSL_SERVER_I_DN_C")        )
    VRM_ENTRY( VRM_VAR("SSL_SERVER_ISP"),                VRM_SUB("SSL_SERVER_I_DN_SP")       )
    VRM_ENTRY( VRM_VAR("SSL_SERVER_IL"),                 VRM_SUB("SSL_SERVER_I_DN_L")        )
    VRM_ENTRY( VRM_VAR("SSL_CLIENT_CERTIFICATE"),        VRM_SUB("SSL_CLIENT_CERT")          )
    VRM_ENTRY( VRM_VAR("SSL_CLIENT_CERT_START"),         VRM_SUB("SSL_CLIENT_V_START")       )
    VRM_ENTRY( VRM_VAR("SSL_CLIENT_CERT_END"),           VRM_SUB("SSL_CLIENT_V_END")         )
    VRM_ENTRY( VRM_VAR("SSL_CLIENT_CERT_SERIAL"),        VRM_SUB("SSL_CLIENT_M_SERIAL")      )
    VRM_ENTRY( VRM_VAR("SSL_CLIENT_SIGNATURE_ALGORITHM"),VRM_SUB("SSL_CLIENT_A_SIG")         )
    VRM_ENTRY( VRM_VAR("SSL_CLIENT_DN"),                 VRM_SUB("SSL_CLIENT_S_DN")          )
    VRM_ENTRY( VRM_VAR("SSL_CLIENT_CN"),                 VRM_SUB("SSL_CLIENT_S_DN_CN")       )
    VRM_ENTRY( VRM_VAR("SSL_CLIENT_EMAIL"),              VRM_SUB("SSL_CLIENT_S_DN_Email")    )
    VRM_ENTRY( VRM_VAR("SSL_CLIENT_O"),                  VRM_SUB("SSL_CLIENT_S_DN_O")        )
    VRM_ENTRY( VRM_VAR("SSL_CLIENT_OU"),                 VRM_SUB("SSL_CLIENT_S_DN_OU")       )
    VRM_ENTRY( VRM_VAR("SSL_CLIENT_C"),                  VRM_SUB("SSL_CLIENT_S_DN_C")        )
    VRM_ENTRY( VRM_VAR("SSL_CLIENT_SP"),                 VRM_SUB("SSL_CLIENT_S_DN_SP")       )
    VRM_ENTRY( VRM_VAR("SSL_CLIENT_L"),                  VRM_SUB("SSL_CLIENT_S_DN_L")        )
    VRM_ENTRY( VRM_VAR("SSL_CLIENT_IDN"),                VRM_SUB("SSL_CLIENT_I_DN")          )
    VRM_ENTRY( VRM_VAR("SSL_CLIENT_ICN"),                VRM_SUB("SSL_CLIENT_I_DN_CN")       )
    VRM_ENTRY( VRM_VAR("SSL_CLIENT_IEMAIL"),             VRM_SUB("SSL_CLIENT_I_DN_Email")    )
    VRM_ENTRY( VRM_VAR("SSL_CLIENT_IO"),                 VRM_SUB("SSL_CLIENT_I_DN_O")        )
    VRM_ENTRY( VRM_VAR("SSL_CLIENT_IOU"),                VRM_SUB("SSL_CLIENT_I_DN_OU")       )
    VRM_ENTRY( VRM_VAR("SSL_CLIENT_IC"),                 VRM_SUB("SSL_CLIENT_I_DN_C")        )
    VRM_ENTRY( VRM_VAR("SSL_CLIENT_ISP"),                VRM_SUB("SSL_CLIENT_I_DN_SP")       )
    VRM_ENTRY( VRM_VAR("SSL_CLIENT_IL"),                 VRM_SUB("SSL_CLIENT_I_DN_L")        )
    VRM_ENTRY( VRM_VAR("SSL_EXPORT"),                    VRM_SUB("SSL_CIPHER_EXPORT")        )
    VRM_ENTRY( VRM_VAR("SSL_KEYSIZE"),                   VRM_SUB("SSL_CIPHER_ALGKEYSIZE")    )
    VRM_ENTRY( VRM_VAR("SSL_SECRETKEYSIZE"),             VRM_SUB("SSL_CIPHER_USEKEYSIZE")    )
    VRM_ENTRY( VRM_VAR("SSL_SSLEAY_VERSION"),            VRM_SUB("SSL_VERSION_LIBRARY")      )

    VRM_ENTRY( VRM_VAR("SSL_STRONG_CRYPTO"),             VRM_LOG("Not supported by mod_ssl") )
    VRM_ENTRY( VRM_VAR("SSL_SERVER_KEY_EXP"),            VRM_LOG("Not supported by mod_ssl") )
    VRM_ENTRY( VRM_VAR("SSL_SERVER_KEY_SIZE"),           VRM_LOG("Not supported by mod_ssl") )
    VRM_ENTRY( VRM_VAR("SSL_SERVER_KEY_ALGORITHM"),      VRM_LOG("Not supported by mod_ssl") )
    VRM_ENTRY( VRM_VAR("SSL_SERVER_SESSIONDIR"),         VRM_LOG("Not supported by mod_ssl") )
    VRM_ENTRY( VRM_VAR("SSL_SERVER_CERTIFICATELOGDIR"),  VRM_LOG("Not supported by mod_ssl") )
    VRM_ENTRY( VRM_VAR("SSL_SERVER_CERTFILE"),           VRM_LOG("Not supported by mod_ssl") )
    VRM_ENTRY( VRM_VAR("SSL_SERVER_KEYFILE"),            VRM_LOG("Not supported by mod_ssl") )
    VRM_ENTRY( VRM_VAR("SSL_SERVER_KEYFILETYPE"),        VRM_LOG("Not supported by mod_ssl") )
    VRM_ENTRY( VRM_VAR("SSL_CLIENT_KEY_EXP"),            VRM_LOG("Not supported by mod_ssl") )
    VRM_ENTRY( VRM_VAR("SSL_CLIENT_KEY_ALGORITHM"),      VRM_LOG("Not supported by mod_ssl") )
    VRM_ENTRY( VRM_VAR("SSL_CLIENT_KEY_SIZE"),           VRM_LOG("Not supported by mod_ssl") )

    VRM_END
};

void ssl_compat_variables(request_rec *r)
{
    char *cpOld;
    char *cpNew;
    char *cpMsg;
    char *cpVal;
    int i;

    for (i = 0; ssl_var_rewrite_map[i].cpOld != NULL; i++) {
        cpOld = ssl_var_rewrite_map[i].cpOld;
        cpMsg = ssl_var_rewrite_map[i].cpMsg;
        cpNew = ssl_var_rewrite_map[i].cpNew;
        if (cpNew != NULL) {
            cpVal = ssl_var_lookup(r->pool, r->server, r->connection, r, cpNew);
            if (!strIsEmpty(cpVal))
                ap_table_set(r->subprocess_env, cpOld, cpVal);
        }
        else if (cpMsg != NULL) {
#ifdef SSL_VENDOR
           /*
            * something that isn't provided by mod_ssl, so at least
            * let vendor extensions provide a reasonable value first.
            */
            cpVal = NULL;
            ap_hook_use("ap::mod_ssl::vendor::compat_variables_lookup",
                        AP_HOOK_SIG3(ptr,ptr,ptr),
                        AP_HOOK_DECLINE(NULL),
                        &cpVal, r, cpOld);
            if (cpVal != NULL) {
                ap_table_set(r->subprocess_env, cpOld, cpVal);
                continue;
            }
#endif

            /*
             * we cannot print a message, so we set at least
             * the variables content to the compat message
             */
            ap_table_set(r->subprocess_env, cpOld, cpMsg);
        }
    }
    return;
}

#endif /* SSL_COMPAT */