Re: [PATCH] mod_setenvif.c [was: ssl_ext_lookup #2]

Thu, 22 Sep 2005 05:55:47 -0700 

On Thu, Sep 22, 2005 at 01:45:28PM +0100, Joe Orton wrote:
> On Thu, Sep 22, 2005 at 01:04:25PM +0200, Martin Kraemer wrote:
> > If used for "allow from env=", you are right. But environment variables
> > do have a much more global usage scenario.
> > 
> > I see a usage scenario in anything from CGIs (and .shtml / .php / .pl)
> > to custom error documents, or rewriting and filtering. The patch
> 
> So you do just want to export env vars from mod_ssl?  Why does 
> mod_setenvif have to come into the equation at all then?  Why not add 
> something like "SSLOptions +ExportCertExts" to mod_ssl and export all 
> the ext values in appropriately named env vars?  
> SSL_EXT_S_1_3_6_etc="This is a comment", just as it does for the rest of 
> the cert info with +ExportCertData?

and/or below for using the stuff from mod_rewrite; again this will run 
as a fixup hook so works properly for both per-vhost and per-dir c.cert 
auth cases, and you can even extract env vars through [E=] rules for 
kicks too.

Index: modules/mappers/mod_rewrite.c
===================================================================
--- modules/mappers/mod_rewrite.c       (revision 290928)
+++ modules/mappers/mod_rewrite.c       (working copy)
@@ -375,6 +375,7 @@
 
 /* Optional functions imported from mod_ssl when loaded: */
 static APR_OPTIONAL_FN_TYPE(ssl_var_lookup) *rewrite_ssl_lookup = NULL;
+static APR_OPTIONAL_FN_TYPE(ssl_ext_list) *rewrite_ssl_ext_list = NULL;
 static APR_OPTIONAL_FN_TYPE(ssl_is_https) *rewrite_is_https = NULL;
 
 /*
@@ -1746,7 +1747,17 @@
             }
         }
     }
-
+    else if (varlen > strlen("sslpeerext:")
+             && !strncasecmp(var, "sslpeerext:", strlen("sslpeerext:"))
+             && rewrite_ssl_ext_list) {
+        apr_array_header_t *vals;
+        
+        vals = rewrite_ssl_ext_list(r->pool, r->connection, 1, 
+                                    var + strlen("sslpeerext:"));
+        if (vals) {
+            result = apr_array_pstrcat(r->pool, vals, ',');
+        }
+    }
     /* well, do it the hard way */
     else {
         char *p;
@@ -4083,6 +4094,7 @@
     }
 
     rewrite_ssl_lookup = APR_RETRIEVE_OPTIONAL_FN(ssl_var_lookup);
+    rewrite_ssl_ext_list = APR_RETRIEVE_OPTIONAL_FN(ssl_ext_list);
     rewrite_is_https = APR_RETRIEVE_OPTIONAL_FN(ssl_is_https);
 
     return OK;

Reply via email to