mod_ssl currently does quite a bit of apr_table_{get,set}s. it would be
much faster to use c->conn_config instead. the patch below attaches a new
SSLConnRec structure to the c->conn_config and replaces all usage of
apr_table_{get,set}(c->notes, "ssl") with conn_config. if this approach
is ok, there are a few more c->notes table entries that could be moved to
the conn_config.
Index: modules/ssl/mod_ssl.c
===================================================================
RCS file: /home/cvs/httpd-2.0/modules/ssl/mod_ssl.c,v
retrieving revision 1.31
diff -u -r1.31 mod_ssl.c
--- modules/ssl/mod_ssl.c 2001/10/11 01:49:21 1.31
+++ modules/ssl/mod_ssl.c 2001/11/21 04:02:00
@@ -224,11 +224,12 @@
SSL *ssl;
unsigned char *cpVHostID;
char *cpVHostMD5;
+ SSLConnRec *sslconn = apr_pcalloc(c->pool, sizeof(*sslconn));
/*
* Create SSL context
*/
- apr_table_setn(c->notes, "ssl", NULL);
+ myConnConfigSet(c, sslconn);
/*
* Immediately stop processing if SSL is disabled for this connection
@@ -258,7 +259,6 @@
if ((ssl = SSL_new(sc->pSSLCtx)) == NULL) {
ssl_log(c->base_server, SSL_LOG_ERROR|SSL_ADD_SSLERR,
"Unable to create a new SSL connection from the SSL context");
- apr_table_setn(c->notes, "ssl", NULL);
c->aborted = 1;
return DECLINED; /* XXX */
}
@@ -268,7 +268,6 @@
strlen(cpVHostMD5))) {
ssl_log(c->base_server, SSL_LOG_ERROR|SSL_ADD_SSLERR,
"Unable to set session id context to `%s'", cpVHostMD5);
- apr_table_setn(c->notes, "ssl", NULL);
c->aborted = 1;
return DECLINED; /* XXX */
}
@@ -278,7 +277,7 @@
apr_table_setn(apctx, "ssl::verify::depth", AP_CTX_NUM2PTR(0));
SSL_set_app_data2(ssl, apctx);
- apr_table_setn(c->notes, "ssl", (const char *)ssl);
+ sslconn->ssl = ssl;
/*
* Configure callbacks for SSL connection
@@ -308,6 +307,7 @@
static apr_status_t ssl_abort(SSLFilterRec *pRec, conn_rec *c)
{
+ SSLConnRec *sslconn = myConnConfig(c);
/*
* try to gracefully shutdown the connection:
* - send an own shutdown message (be gracefully)
@@ -320,7 +320,7 @@
SSL_smart_shutdown(pRec->pssl);
SSL_free(pRec->pssl);
pRec->pssl = NULL; /* so filters know we've been shutdown */
- apr_table_setn(c->notes, "ssl", NULL);
+ sslconn->ssl = NULL;
c->aborted = 1;
return APR_EGENERAL;
Index: modules/ssl/mod_ssl.h
===================================================================
RCS file: /home/cvs/httpd-2.0/modules/ssl/mod_ssl.h,v
retrieving revision 1.34
diff -u -r1.34 mod_ssl.h
--- modules/ssl/mod_ssl.h 2001/10/11 01:49:21 1.34
+++ modules/ssl/mod_ssl.h 2001/11/21 04:02:00
@@ -196,6 +196,10 @@
#define cfgMergeBool(el) cfgMerge(el, UNSET)
#define cfgMergeInt(el) cfgMerge(el, UNSET)
+#define myConnConfig(c) \
+(SSLConnRec *)ap_get_module_config(c->conn_config, &ssl_module)
+#define myConnConfigSet(c, val) \
+ap_set_module_config(c->conn_config, &ssl_module, val)
#define myModConfig(srv) (SSLModConfigRec *)ssl_util_getmodconfig(srv, "ssl_module")
#define mySrvConfig(srv) (SSLSrvConfigRec *)ap_get_module_config(srv->module_config,
&ssl_module)
#define myDirConfig(req) (SSLDirConfigRec *)ap_get_module_config(req->per_dir_config,
&ssl_module)
@@ -445,6 +449,10 @@
apr_bucket_brigade *rawb; /* encrypted input */
apr_bucket_brigade *b; /* decrypted input */
} SSLFilterRec;
+
+typedef struct {
+ SSL *ssl;
+} SSLConnRec;
typedef struct {
apr_pool_t *pPool;
Index: modules/ssl/ssl_engine_kernel.c
===================================================================
RCS file: /home/cvs/httpd-2.0/modules/ssl/ssl_engine_kernel.c,v
retrieving revision 1.20
diff -u -r1.20 ssl_engine_kernel.c
--- modules/ssl/ssl_engine_kernel.c 2001/11/12 22:01:14 1.20
+++ modules/ssl/ssl_engine_kernel.c 2001/11/21 04:02:02
@@ -146,7 +146,7 @@
/* deallocate the SSL connection */
SSL_free(ssl);
- apr_table_setn(conn->notes, "ssl", NULL);
+ sslconn->ssl = NULL;
filter->pssl = NULL; /* so filters know we've been shutdown */
return APR_SUCCESS;
@@ -157,6 +157,7 @@
*/
int ssl_hook_ReadReq(request_rec *r)
{
+ SSLConnRec *sslconn = myConnConfig(r->connection);
SSL *ssl;
apr_table_t *apctx;
@@ -164,7 +165,7 @@
* Get the SSL connection structure and perform the
* delayed interlinking from SSL back to request_rec
*/
- ssl = (SSL *)apr_table_get(r->connection->notes, "ssl");
+ ssl = sslconn->ssl;
if (ssl != NULL) {
apctx = (apr_table_t *)SSL_get_app_data2(ssl);
apr_table_setn(apctx, "ssl::request_rec", (const char *)r);
@@ -191,7 +192,9 @@
*/
int ssl_hook_Translate(request_rec *r)
{
- if (apr_table_get(r->connection->notes, "ssl") == NULL)
+ SSLConnRec *sslconn = myConnConfig(r->connection);
+
+ if (sslconn->ssl == NULL)
return DECLINED;
/*
@@ -289,13 +292,13 @@
int argi, long argl, long rc)
{
request_rec *r = (request_rec *)BIO_get_callback_arg(bio);
- SSL *ssl;
+ SSLConnRec *sslconn = myConnConfig(r->connection);
+ SSL *ssl = sslconn->ssl;
int is_failed_read = (cmd == (BIO_CB_READ|BIO_CB_RETURN) && (rc == -1));
int is_flush = ((cmd == BIO_CB_CTRL) && (argi == BIO_CTRL_FLUSH));
if (is_flush || is_failed_read) {
- ssl = (SSL *)apr_table_get(r->connection->notes, "ssl");
/* disable this callback to prevent recursion
* and leave a "note" so the input filter leaves the rbio
* as-as
@@ -340,6 +343,7 @@
{
SSLDirConfigRec *dc;
SSLSrvConfigRec *sc;
+ SSLConnRec *sslconn;
SSL *ssl;
SSL_CTX *ctx = NULL;
apr_array_header_t *apRequirement;
@@ -373,7 +377,8 @@
dc = myDirConfig(r);
sc = mySrvConfig(r->server);
- ssl = (SSL *)apr_table_get(r->connection->notes, "ssl");
+ sslconn = myConnConfig(r->connection);
+ ssl = sslconn->ssl;
if (ssl != NULL)
ctx = SSL_get_SSL_CTX(ssl);
@@ -868,6 +873,7 @@
*/
int ssl_hook_UserCheck(request_rec *r)
{
+ SSLConnRec *sslconn = myConnConfig(r->connection);
SSLSrvConfigRec *sc = mySrvConfig(r->server);
SSLDirConfigRec *dc = myDirConfig(r);
char b1[MAX_STRING_LEN], b2[MAX_STRING_LEN];
@@ -907,7 +913,7 @@
*/
if (!sc->bEnabled)
return DECLINED;
- if (apr_table_get(r->connection->notes, "ssl") == NULL)
+ if (sslconn->ssl == NULL)
return DECLINED;
if (!(dc->nOptions & SSL_OPT_FAKEBASICAUTH))
return DECLINED;
@@ -1040,6 +1046,7 @@
int ssl_hook_Fixup(request_rec *r)
{
+ SSLConnRec *sslconn = myConnConfig(r->connection);
SSLSrvConfigRec *sc = mySrvConfig(r->server);
SSLDirConfigRec *dc = myDirConfig(r);
apr_table_t *e = r->subprocess_env;
@@ -1054,7 +1061,7 @@
*/
if (!sc->bEnabled)
return DECLINED;
- if ((ssl = (SSL *)apr_table_get(r->connection->notes, "ssl")) == NULL)
+ if ((ssl = sslconn->ssl) == NULL)
return DECLINED;
/*
Index: modules/ssl/ssl_engine_vars.c
===================================================================
RCS file: /home/cvs/httpd-2.0/modules/ssl/ssl_engine_vars.c,v
retrieving revision 1.8
diff -u -r1.8 ssl_engine_vars.c
--- modules/ssl/ssl_engine_vars.c 2001/08/23 02:46:23 1.8
+++ modules/ssl/ssl_engine_vars.c 2001/11/21 04:02:02
@@ -89,6 +89,7 @@
char *ssl_var_lookup(apr_pool_t *p, server_rec *s, conn_rec *c, request_rec *r, char
*var)
{
+ SSLConnRec *sslconn;
SSLModConfigRec *mc = myModConfig(s);
char *result;
BOOL resdup;
@@ -169,6 +170,7 @@
* Connection stuff
*/
if (result == NULL && c != NULL) {
+ sslconn = myConnConfig(c);
if (strcEQ(var, "REMOTE_ADDR"))
result = c->remote_ip;
else if (strcEQ(var, "REMOTE_USER"))
@@ -178,7 +180,7 @@
else if (strlen(var) > 4 && strcEQn(var, "SSL_", 4))
result = ssl_var_lookup_ssl(p, c, var+4);
else if (strcEQ(var, "HTTPS")) {
- if (apr_table_get(c->notes, "ssl") != NULL)
+ if (sslconn->ssl != NULL)
result = "on";
else
result = "off";
@@ -264,6 +266,7 @@
static char *ssl_var_lookup_ssl(apr_pool_t *p, conn_rec *c, char *var)
{
+ SSLConnRec *sslconn = myConnConfig(c);
char *result;
X509 *xs;
STACK_OF(X509) *sk;
@@ -271,7 +274,7 @@
result = NULL;
- ssl = (SSL *)apr_table_get(c->notes, "ssl");
+ ssl = sslconn->ssl;
if (strlen(var) > 8 && strcEQn(var, "VERSION_", 8)) {
result = ssl_var_lookup_ssl_version(p, var+8);
}
@@ -493,6 +496,7 @@
static char *ssl_var_lookup_ssl_cert_verify(apr_pool_t *p, conn_rec *c)
{
+ SSLConnRec *sslconn = myConnConfig(c);
char *result;
long vrc;
char *verr;
@@ -501,7 +505,7 @@
X509 *xs;
result = NULL;
- ssl = (SSL *) apr_table_get(c->notes, "ssl");
+ ssl = sslconn->ssl;
verr = (char *)apr_table_get(c->notes, "ssl::verify::error");
vinfo = (char *)apr_table_get(c->notes, "ssl::verify::info");
vrc = SSL_get_verify_result(ssl);
@@ -524,6 +528,7 @@
static char *ssl_var_lookup_ssl_cipher(apr_pool_t *p, conn_rec *c, char *var)
{
+ SSLConnRec *sslconn = myConnConfig(c);
char *result;
BOOL resdup;
int usekeysize, algkeysize;
@@ -532,7 +537,7 @@
result = NULL;
resdup = TRUE;
- ssl = (SSL *)apr_table_get(c->notes, "ssl");
+ ssl = sslconn->ssl;
ssl_var_lookup_ssl_cipher_bits(ssl, &usekeysize, &algkeysize);
if (strEQ(var, ""))
@@ -627,9 +632,10 @@
*/
static const char *ssl_var_log_handler_c(request_rec *r, char *a)
{
+ SSLConnRec *sslconn = myConnConfig(r->connection);
char *result;
- if (apr_table_get(r->connection->notes, "ssl") == NULL)
+ if (sslconn->ssl == NULL)
return NULL;
result = NULL;
if (strEQ(a, "version"))
@@ -655,10 +661,11 @@
*/
static const char *ssl_var_log_handler_x(request_rec *r, char *a)
{
+ SSLConnRec *sslconn = myConnConfig(r->connection);
char *result;
result = NULL;
- if (apr_table_get(r->connection->notes, "ssl") != NULL)
+ if (sslconn->ssl != NULL)
result = ssl_var_lookup(r->pool, r->server, r->connection, r, a);
if (result != NULL && result[0] == NUL)
result = NULL;
