Hi, please take a loot at this.
This patch enables apache2-peruser to use several ssl enabled Name based Virualhosts on a single pair of ip and port. All virtualhosts need to use same ServerEnvironment as the default (first) virtualhost on this port because we don't know the requested host yet (because it's encrypted) and we don't want to decrypt it in a MULTIPLEXER. Of course all the vhosts have to use the same certificates. It can be useful if we have a wildcard certificate. It requires mod_ssl compiled in because it uses ssl_module struct. I tested it on 2 my machines and it seems to work, but your mileage may vary. I'm no apache programmer so probably I missed a more elegant way of getting info about ssl and not requiring mod_ssl to compile. With this patch bellow config works as expected, without the patch apaches workers get plain "GET /" requests for a ssl enabled host and produces errors. Listen 127.0.0.1:443 NameVirtualhost 127.0.0.1:443 <VirtualHost 127.0.0.1:443> ServerEnvironment lazy lazy ServerName localhost SslEngine on SSLCertificateFile /usr/local/apache2_debug/conf/ssl-cert-snakeoil.pem SSLCertificateKeyFile /usr/local/apache2_debug/conf/ssl-cert-snakeoil.key DocumentRoot /usr/local/apache2_debug/3 </VirtualHost> <VirtualHost 127.0.0.1:443> ServerEnvironment lazy lazy ServerName test.localhost SslEngine on SSLCertificateFile /usr/local/apache2_debug/conf/ssl-cert-snakeoil.pem SSLCertificateKeyFile /usr/local/apache2_debug/conf/ssl-cert-snakeoil.key DocumentRoot /usr/local/apache2_debug/4 </VirtualHost> -- Michał Grzędzicki
--- httpd-2.0.61/server/mpm/experimental/peruser/peruser.c 2007-12-12 14:31:44.401267148 +0100 +++ httpd-2.0.61/server/mpm/experimental/peruser/peruser.c 2007-12-12 14:32:26.011867649 +0100 @@ -132,6 +132,35 @@ #include <sys/times.h> +//enable my dirty ssl vhost hack Michal Grzedzicki <[EMAIL PROTECTED]> +#define SSL_VIRTUALHOST_HACK + +#ifdef SSL_VIRTUALHOST_HACK + +//taken form mod_ssl.h +//we only use enabled so other pointers are casted to void +typedef struct { + void *mc; + unsigned int enabled; + unsigned int proxy_enabled; + const char *vhost_id; + int vhost_id_len; + int session_cache_timeout; + void *server; + void *proxy; +} SSLSrvConfigRec; + + +//not not sure if this is the right way to do it +//without ssl it will not work + +extern module AP_MODULE_DECLARE_DATA ssl_module; + +static SSLSrvConfigRec *ssl_config; + +#endif + + #ifdef MPM_PERUSER_DEBUG # define _DBG(text,par...) \ ap_log_error(APLOG_MARK, APLOG_WARNING, 0, NULL, \ @@ -966,7 +995,21 @@ current_conn->vhost_lookup_data ? "on" : "off"); } - if (current_conn && !current_conn->vhost_lookup_data && CHILD_INFO_TABLE[my_child_num].type == CHILD_TYPE_MULTIPLEXER) { +#ifdef SSL_VIRTUALHOST_HACK + + //check for ssl configuration for this server + ssl_config = (SSLSrvConfigRec *)ap_get_module_config(current_conn->base_server->module_config, &ssl_module); + + //pass socket if there is no NameVirtualhost or ssl is enabled on this server + if (current_conn && (!current_conn->vhost_lookup_data || ssl_config?ssl_config->enabled:0 ) && \ + CHILD_INFO_TABLE[my_child_num].type == CHILD_TYPE_MULTIPLEXER) { + +#else SSL_VIRTUALHOST_HACK + + if (current_conn && !current_conn->vhost_lookup_data && CHILD_INFO_TABLE[my_child_num].type == \ + CHILD_TYPE_MULTIPLEXER) { + +#endif _DBG("We are not using name based vhosts, we'll directly pass the socket."); sconf = PERUSER_SERVER_CONF(current_conn->base_server->module_config);
_______________________________________________ Peruser mailing list Peruser@telana.com http://www.telana.com/mailman/listinfo/peruser