+1.. This is great !!.. The only reason I'd started off with c->notes was that I wanted something to be persistant thru' the multiple requests.. This solution would be ideal..
-Madhu -----Original Message----- From: Doug MacEachern [mailto:[EMAIL PROTECTED]] Sent: Tuesday, November 20, 2001 8:30 PM To: [EMAIL PROTECTED] Subject: [patch] mod_ssl + c->notes-- mod_ssl currently does quite a bit of apr_table_{get,set}s. it would be much faster to use c->conn_config instead. the patch below attaches a new SSLConnRec structure to the c->conn_config and replaces all usage of apr_table_{get,set}(c->notes, "ssl") with conn_config. if this approach is ok, there are a few more c->notes table entries that could be moved to the conn_config. Index: modules/ssl/mod_ssl.c =================================================================== RCS file: /home/cvs/httpd-2.0/modules/ssl/mod_ssl.c,v retrieving revision 1.31 diff -u -r1.31 mod_ssl.c --- modules/ssl/mod_ssl.c 2001/10/11 01:49:21 1.31 +++ modules/ssl/mod_ssl.c 2001/11/21 04:02:00 @@ -224,11 +224,12 @@ SSL *ssl; unsigned char *cpVHostID; char *cpVHostMD5; + SSLConnRec *sslconn = apr_pcalloc(c->pool, sizeof(*sslconn)); /* * Create SSL context */ - apr_table_setn(c->notes, "ssl", NULL); + myConnConfigSet(c, sslconn); /* * Immediately stop processing if SSL is disabled for this connection @@ -258,7 +259,6 @@ if ((ssl = SSL_new(sc->pSSLCtx)) == NULL) { ssl_log(c->base_server, SSL_LOG_ERROR|SSL_ADD_SSLERR, "Unable to create a new SSL connection from the SSL context"); - apr_table_setn(c->notes, "ssl", NULL); c->aborted = 1; return DECLINED; /* XXX */ } @@ -268,7 +268,6 @@ strlen(cpVHostMD5))) { ssl_log(c->base_server, SSL_LOG_ERROR|SSL_ADD_SSLERR, "Unable to set session id context to `%s'", cpVHostMD5); - apr_table_setn(c->notes, "ssl", NULL); c->aborted = 1; return DECLINED; /* XXX */ } @@ -278,7 +277,7 @@ apr_table_setn(apctx, "ssl::verify::depth", AP_CTX_NUM2PTR(0)); SSL_set_app_data2(ssl, apctx); - apr_table_setn(c->notes, "ssl", (const char *)ssl); + sslconn->ssl = ssl; /* * Configure callbacks for SSL connection @@ -308,6 +307,7 @@ static apr_status_t ssl_abort(SSLFilterRec *pRec, conn_rec *c) { + SSLConnRec *sslconn = myConnConfig(c); /* * try to gracefully shutdown the connection: * - send an own shutdown message (be gracefully) @@ -320,7 +320,7 @@ SSL_smart_shutdown(pRec->pssl); SSL_free(pRec->pssl); pRec->pssl = NULL; /* so filters know we've been shutdown */ - apr_table_setn(c->notes, "ssl", NULL); + sslconn->ssl = NULL; c->aborted = 1; return APR_EGENERAL; Index: modules/ssl/mod_ssl.h =================================================================== RCS file: /home/cvs/httpd-2.0/modules/ssl/mod_ssl.h,v retrieving revision 1.34 diff -u -r1.34 mod_ssl.h --- modules/ssl/mod_ssl.h 2001/10/11 01:49:21 1.34 +++ modules/ssl/mod_ssl.h 2001/11/21 04:02:00 @@ -196,6 +196,10 @@ #define cfgMergeBool(el) cfgMerge(el, UNSET) #define cfgMergeInt(el) cfgMerge(el, UNSET) +#define myConnConfig(c) \ +(SSLConnRec *)ap_get_module_config(c->conn_config, &ssl_module) +#define myConnConfigSet(c, val) \ +ap_set_module_config(c->conn_config, &ssl_module, val) #define myModConfig(srv) (SSLModConfigRec *)ssl_util_getmodconfig(srv, "ssl_module") #define mySrvConfig(srv) (SSLSrvConfigRec *)ap_get_module_config(srv->module_config, &ssl_module) #define myDirConfig(req) (SSLDirConfigRec *)ap_get_module_config(req->per_dir_config, &ssl_module) @@ -445,6 +449,10 @@ apr_bucket_brigade *rawb; /* encrypted input */ apr_bucket_brigade *b; /* decrypted input */ } SSLFilterRec; + +typedef struct { + SSL *ssl; +} SSLConnRec; typedef struct { apr_pool_t *pPool; Index: modules/ssl/ssl_engine_kernel.c =================================================================== RCS file: /home/cvs/httpd-2.0/modules/ssl/ssl_engine_kernel.c,v retrieving revision 1.20 diff -u -r1.20 ssl_engine_kernel.c --- modules/ssl/ssl_engine_kernel.c 2001/11/12 22:01:14 1.20 +++ modules/ssl/ssl_engine_kernel.c 2001/11/21 04:02:02 @@ -146,7 +146,7 @@ /* deallocate the SSL connection */ SSL_free(ssl); - apr_table_setn(conn->notes, "ssl", NULL); + sslconn->ssl = NULL; filter->pssl = NULL; /* so filters know we've been shutdown */ return APR_SUCCESS; @@ -157,6 +157,7 @@ */ int ssl_hook_ReadReq(request_rec *r) { + SSLConnRec *sslconn = myConnConfig(r->connection); SSL *ssl; apr_table_t *apctx; @@ -164,7 +165,7 @@ * Get the SSL connection structure and perform the * delayed interlinking from SSL back to request_rec */ - ssl = (SSL *)apr_table_get(r->connection->notes, "ssl"); + ssl = sslconn->ssl; if (ssl != NULL) { apctx = (apr_table_t *)SSL_get_app_data2(ssl); apr_table_setn(apctx, "ssl::request_rec", (const char *)r); @@ -191,7 +192,9 @@ */ int ssl_hook_Translate(request_rec *r) { - if (apr_table_get(r->connection->notes, "ssl") == NULL) + SSLConnRec *sslconn = myConnConfig(r->connection); + + if (sslconn->ssl == NULL) return DECLINED; /* @@ -289,13 +292,13 @@ int argi, long argl, long rc) { request_rec *r = (request_rec *)BIO_get_callback_arg(bio); - SSL *ssl; + SSLConnRec *sslconn = myConnConfig(r->connection); + SSL *ssl = sslconn->ssl; int is_failed_read = (cmd == (BIO_CB_READ|BIO_CB_RETURN) && (rc == -1)); int is_flush = ((cmd == BIO_CB_CTRL) && (argi == BIO_CTRL_FLUSH)); if (is_flush || is_failed_read) { - ssl = (SSL *)apr_table_get(r->connection->notes, "ssl"); /* disable this callback to prevent recursion * and leave a "note" so the input filter leaves the rbio * as-as @@ -340,6 +343,7 @@ { SSLDirConfigRec *dc; SSLSrvConfigRec *sc; + SSLConnRec *sslconn; SSL *ssl; SSL_CTX *ctx = NULL; apr_array_header_t *apRequirement; @@ -373,7 +377,8 @@ dc = myDirConfig(r); sc = mySrvConfig(r->server); - ssl = (SSL *)apr_table_get(r->connection->notes, "ssl"); + sslconn = myConnConfig(r->connection); + ssl = sslconn->ssl; if (ssl != NULL) ctx = SSL_get_SSL_CTX(ssl); @@ -868,6 +873,7 @@ */ int ssl_hook_UserCheck(request_rec *r) { + SSLConnRec *sslconn = myConnConfig(r->connection); SSLSrvConfigRec *sc = mySrvConfig(r->server); SSLDirConfigRec *dc = myDirConfig(r); char b1[MAX_STRING_LEN], b2[MAX_STRING_LEN]; @@ -907,7 +913,7 @@ */ if (!sc->bEnabled) return DECLINED; - if (apr_table_get(r->connection->notes, "ssl") == NULL) + if (sslconn->ssl == NULL) return DECLINED; if (!(dc->nOptions & SSL_OPT_FAKEBASICAUTH)) return DECLINED; @@ -1040,6 +1046,7 @@ int ssl_hook_Fixup(request_rec *r) { + SSLConnRec *sslconn = myConnConfig(r->connection); SSLSrvConfigRec *sc = mySrvConfig(r->server); SSLDirConfigRec *dc = myDirConfig(r); apr_table_t *e = r->subprocess_env; @@ -1054,7 +1061,7 @@ */ if (!sc->bEnabled) return DECLINED; - if ((ssl = (SSL *)apr_table_get(r->connection->notes, "ssl")) == NULL) + if ((ssl = sslconn->ssl) == NULL) return DECLINED; /* Index: modules/ssl/ssl_engine_vars.c =================================================================== RCS file: /home/cvs/httpd-2.0/modules/ssl/ssl_engine_vars.c,v retrieving revision 1.8 diff -u -r1.8 ssl_engine_vars.c --- modules/ssl/ssl_engine_vars.c 2001/08/23 02:46:23 1.8 +++ modules/ssl/ssl_engine_vars.c 2001/11/21 04:02:02 @@ -89,6 +89,7 @@ char *ssl_var_lookup(apr_pool_t *p, server_rec *s, conn_rec *c, request_rec *r, char *var) { + SSLConnRec *sslconn; SSLModConfigRec *mc = myModConfig(s); char *result; BOOL resdup; @@ -169,6 +170,7 @@ * Connection stuff */ if (result == NULL && c != NULL) { + sslconn = myConnConfig(c); if (strcEQ(var, "REMOTE_ADDR")) result = c->remote_ip; else if (strcEQ(var, "REMOTE_USER")) @@ -178,7 +180,7 @@ else if (strlen(var) > 4 && strcEQn(var, "SSL_", 4)) result = ssl_var_lookup_ssl(p, c, var+4); else if (strcEQ(var, "HTTPS")) { - if (apr_table_get(c->notes, "ssl") != NULL) + if (sslconn->ssl != NULL) result = "on"; else result = "off"; @@ -264,6 +266,7 @@ static char *ssl_var_lookup_ssl(apr_pool_t *p, conn_rec *c, char *var) { + SSLConnRec *sslconn = myConnConfig(c); char *result; X509 *xs; STACK_OF(X509) *sk; @@ -271,7 +274,7 @@ result = NULL; - ssl = (SSL *)apr_table_get(c->notes, "ssl"); + ssl = sslconn->ssl; if (strlen(var) > 8 && strcEQn(var, "VERSION_", 8)) { result = ssl_var_lookup_ssl_version(p, var+8); } @@ -493,6 +496,7 @@ static char *ssl_var_lookup_ssl_cert_verify(apr_pool_t *p, conn_rec *c) { + SSLConnRec *sslconn = myConnConfig(c); char *result; long vrc; char *verr; @@ -501,7 +505,7 @@ X509 *xs; result = NULL; - ssl = (SSL *) apr_table_get(c->notes, "ssl"); + ssl = sslconn->ssl; verr = (char *)apr_table_get(c->notes, "ssl::verify::error"); vinfo = (char *)apr_table_get(c->notes, "ssl::verify::info"); vrc = SSL_get_verify_result(ssl); @@ -524,6 +528,7 @@ static char *ssl_var_lookup_ssl_cipher(apr_pool_t *p, conn_rec *c, char *var) { + SSLConnRec *sslconn = myConnConfig(c); char *result; BOOL resdup; int usekeysize, algkeysize; @@ -532,7 +537,7 @@ result = NULL; resdup = TRUE; - ssl = (SSL *)apr_table_get(c->notes, "ssl"); + ssl = sslconn->ssl; ssl_var_lookup_ssl_cipher_bits(ssl, &usekeysize, &algkeysize); if (strEQ(var, "")) @@ -627,9 +632,10 @@ */ static const char *ssl_var_log_handler_c(request_rec *r, char *a) { + SSLConnRec *sslconn = myConnConfig(r->connection); char *result; - if (apr_table_get(r->connection->notes, "ssl") == NULL) + if (sslconn->ssl == NULL) return NULL; result = NULL; if (strEQ(a, "version")) @@ -655,10 +661,11 @@ */ static const char *ssl_var_log_handler_x(request_rec *r, char *a) { + SSLConnRec *sslconn = myConnConfig(r->connection); char *result; result = NULL; - if (apr_table_get(r->connection->notes, "ssl") != NULL) + if (sslconn->ssl != NULL) result = ssl_var_lookup(r->pool, r->server, r->connection, r, a); if (result != NULL && result[0] == NUL) result = NULL;
