|
Apache2
|
|
Data Structures | |
| struct | etag_rec |
| A structure with the ingredients for a file based etag. More... | |
| struct | ap_bucket_error |
| A bucket referring to an HTTP error. More... | |
Macros | |
| #define | AP_METHOD_CHECK_ALLOWED(mask, methname) ((mask) & (AP_METHOD_BIT << ap_method_number_of((methname)))) |
| #define | AP_GET_BASIC_AUTH_PW_NOTE "AP_GET_BASIC_AUTH_PW_NOTE" |
| #define | AP_GETLINE_FOLD (1 << 0) /* Whether to merge continuation lines */ |
| #define | AP_GETLINE_CRLF (1 << 1) /* Whether line ends must be CRLF */ |
| #define | AP_GETLINE_NOSPC_EOL |
| #define | AP_GETLINE_NONBLOCK (1 << 3) /* Whether to read non-blocking */ |
| #define | AP_PROTOCOL_HTTP1 "http/1.1" |
| #define | AP_BUCKET_IS_ERROR(e) (e->type == &ap_bucket_type_error) |
Typedefs | |
| typedef struct etag_rec | etag_rec |
| typedef struct ap_bucket_error | ap_bucket_error |
| typedef void | ap_ssl_ocsp_copy_resp(const unsigned char *der, apr_size_t der_len, void *userdata) |
Enumerations | |
| enum | ap_condition_e { AP_CONDITION_NONE, AP_CONDITION_NOMATCH, AP_CONDITION_WEAK, AP_CONDITION_STRONG } |
Variables | |
| AP_DECLARE_DATA ap_filter_rec_t * | ap_old_write_func |
| AP_DECLARE_DATA const apr_bucket_type_t | ap_bucket_type_error |
| #define AP_BUCKET_IS_ERROR | ( | e | ) | (e->type == &ap_bucket_type_error) |
Determine if a bucket is an error bucket
| e | The bucket to inspect |
| #define AP_GET_BASIC_AUTH_PW_NOTE "AP_GET_BASIC_AUTH_PW_NOTE" |
| #define AP_GETLINE_CRLF (1 << 1) /* Whether line ends must be CRLF */ |
| #define AP_GETLINE_FOLD (1 << 0) /* Whether to merge continuation lines */ |
| #define AP_GETLINE_NONBLOCK (1 << 3) /* Whether to read non-blocking */ |
| #define AP_GETLINE_NOSPC_EOL |
| #define AP_METHOD_CHECK_ALLOWED | ( | mask, | |
| methname | |||
| ) | ((mask) & (AP_METHOD_BIT << ap_method_number_of((methname)))) |
This is a convenience macro to ease with checking a mask against a method name.
| #define AP_PROTOCOL_HTTP1 "http/1.1" |
| typedef struct ap_bucket_error ap_bucket_error |
| typedef void ap_ssl_ocsp_copy_resp(const unsigned char *der, apr_size_t der_len, void *userdata) |
Callback to copy over the OCSP response data. If OCSP response data is not available, this will be called with NULL, 0 parameters!
Memory allocation methods and lifetime of data will vary per module and SSL library used. The caller requesting OCSP data will need to make a copy for his own use. Any passed data may only be valid for the duration of the call.
| enum ap_condition_e |
| apr_bucket* ap_bucket_error_create | ( | int | error, |
| const char * | buf, | ||
| apr_pool_t * | p, | ||
| apr_bucket_alloc_t * | list | ||
| ) |
Create a bucket referring to an HTTP error.
| error | The HTTP error code to put in the bucket. |
| buf | An optional error string to put in the bucket. |
| p | A pool to allocate the error string out of. |
| list | The bucket allocator from which to allocate the bucket |
| apr_bucket* ap_bucket_error_make | ( | apr_bucket * | b, |
| int | error, | ||
| const char * | buf, | ||
| apr_pool_t * | p | ||
| ) |
Make the bucket passed in an error bucket
| b | The bucket to make into an error bucket |
| error | The HTTP error code to put in the bucket. |
| buf | An optional error string to put in the bucket. |
| p | A pool to allocate out of. |
| apr_status_t ap_byterange_filter | ( | ap_filter_t * | f, |
| apr_bucket_brigade * | b | ||
| ) |
| int ap_check_request_header | ( | request_rec * | r | ) |
Validate the request header and select vhost.
| r | The current request |
| void ap_clear_method_list | ( | ap_method_list_t * | l | ) |
Reset a method list to be completely empty.
| l | Pointer to a method list, such as r->allowed_methods. |
| ap_condition_e ap_condition_if_match | ( | request_rec * | r, |
| apr_table_t * | headers | ||
| ) |
Tests conditional request rules for the If-Match header.
| r | The current request |
| headers | The response headers to check against |
| ap_condition_e ap_condition_if_modified_since | ( | request_rec * | r, |
| apr_table_t * | headers | ||
| ) |
Tests conditional request rules for the If-Modified-Since header.
| r | The current request |
| headers | The response headers to check against |
| ap_condition_e ap_condition_if_none_match | ( | request_rec * | r, |
| apr_table_t * | headers | ||
| ) |
Tests conditional request rules for the If-None-Match header.
| r | The current request |
| headers | The response headers to check against |
| ap_condition_e ap_condition_if_range | ( | request_rec * | r, |
| apr_table_t * | headers | ||
| ) |
Tests conditional request rules for the If-Range header.
| r | The current request |
| headers | The response headers to check against |
| ap_condition_e ap_condition_if_unmodified_since | ( | request_rec * | r, |
| apr_table_t * | headers | ||
| ) |
Tests conditional request rules for the If-Unmodified-Since header.
| r | The current request |
| headers | The response headers to check against |
| apr_status_t ap_content_length_filter | ( | ap_filter_t * | , |
| apr_bucket_brigade * | |||
| ) |
| void ap_copy_method_list | ( | ap_method_list_t * | dest, |
| ap_method_list_t * | src | ||
| ) |
Copy a method list
| dest | List to copy to |
| src | List to copy from |
| request_rec* ap_create_request | ( | conn_rec * | c | ) |
Read an empty request and set reasonable defaults.
| c | The current connection |
| int ap_discard_request_body | ( | request_rec * | r | ) |
In HTTP/1.1, any method can have a body. However, most GET handlers wouldn't know what to do with a request body if they received one. This helper routine tests for and reads any message body in the request, simply discarding whatever it receives. We need to do this because failing to read the request body would cause it to be interpreted as the next request on a persistent connection.
| r | The current request |
| apr_status_t ap_fgetline | ( | char ** | s, |
| apr_size_t | n, | ||
| apr_size_t * | read, | ||
| ap_filter_t * | f, | ||
| int | flags, | ||
| apr_bucket_brigade * | bb, | ||
| apr_pool_t * | p | ||
| ) |
Get the next line from an input filter
| s | Pointer to the pointer to the buffer into which the line should be read; if *s==NULL, a buffer of the necessary size to hold the data will be allocated from p |
| n | The size of the buffer |
| read | The length of the line. |
| f | Input filter to read from |
| flags | Bit mask of AP_GETLINE_* options |
| bb | Working brigade to use when reading buckets |
| p | The pool to allocate the buffer from (if needed) |
| void ap_finalize_request_protocol | ( | request_rec * | r | ) |
Called at completion of sending the response. It sends the terminating protocol information.
| r | The current request |
| void ap_finalize_sub_req_protocol | ( | request_rec * | sub_r | ) |
A wrapup function to keep the internal accounting straight. Indicates that there is no more content coming.
| sub_r | Subrequest that is now compete |
| apr_status_t ap_get_basic_auth_components | ( | const request_rec * | r, |
| const char ** | username, | ||
| const char ** | password | ||
| ) |
Get the username and/or password from the request's Basic authentication headers. Unlike ap_get_basic_auth_pw(), calling this function has no side effects on the passed request_rec.
| r | The current request |
| username | If not NULL, set to the username sent by the client |
| password | If not NULL, set to the password sent by the client |
| int ap_get_basic_auth_pw | ( | request_rec * | r, |
| const char ** | pw | ||
| ) |
Get the password from the request headers. This function has multiple side effects due to its prior use in the old authentication framework, including setting r->user (which is supposed to indicate that the user in question has been authenticated for the current request).
Modules which call ap_get_basic_auth_pw() during the authentication phase MUST either immediately authenticate the user after the call, or else stop the request immediately with an error response, to avoid incorrectly authenticating the current request. (See CVE-2017-3167.) The replacement ap_get_basic_auth_components() API should be preferred.
| r | The current request |
| pw | The password as set in the headers |
| long ap_get_client_block | ( | request_rec * | r, |
| char * | buffer, | ||
| apr_size_t | bufsiz | ||
| ) |
Call this in a loop. It will put data into a buffer and return the length of the input block
| r | The current request |
| buffer | The buffer in which to store the data |
| bufsiz | The size of the buffer |
| void ap_get_mime_headers | ( | request_rec * | r | ) |
Read the mime-encoded headers.
| r | The current request |
| void ap_get_mime_headers_core | ( | request_rec * | r, |
| apr_bucket_brigade * | bb | ||
| ) |
Optimized version of ap_get_mime_headers() that requires a temporary brigade to work with
| r | The current request |
| bb | temp brigade |
| const char* ap_get_protocol | ( | conn_rec * | c | ) |
Call the protocol_get hook to determine the protocol currently in use for the given connection.
Unless another protocol has been switch to, will default to
| c | The connection to determine the protocol for |
| apr_status_t ap_get_protocol_upgrades | ( | conn_rec * | c, |
| request_rec * | r, | ||
| server_rec * | s, | ||
| int | report_all, | ||
| const apr_array_header_t ** | pupgrades | ||
| ) |
Get the protocols that the connection and optional request may upgrade to - besides the protocol currently active on the connection. These values may be used to announce to a client what choices it has.
If report_all == 0, only protocols more preferable than the one currently being used, are reported. Otherwise, all available protocols beside the current one are being reported.
| c | The current connection |
| r | The current request or NULL |
| s | The server/virtual host selected or NULL |
| report_all | include also protocols less preferred than the current one |
| pupgrades | on return, possible protocols to upgrade to in descending order of preference. Maybe NULL if none are available. |
| const char* ap_get_status_line | ( | int | status | ) |
Return the Status-Line for a given status code (excluding the HTTP-Version field). If an invalid or unknown status code is passed, "500 Internal Server Error" will be returned.
| status | The HTTP status code |
| const char* ap_get_status_line_ex | ( | apr_pool_t * | p, |
| int | status | ||
| ) |
Return the Status-Line for a given status code (excluding the HTTP-Version field). If an invalid status code is passed, "500 Internal Server Error" will be returned, whereas an unknown status will be returned like "xxx Status xxx".
| p | The pool to allocate from when status is unknown |
| status | The HTTP status code |
| int ap_getline | ( | char * | s, |
| int | n, | ||
| request_rec * | r, | ||
| int | flags | ||
| ) |
Get the next line of input for the request
| s | The buffer into which to read the line |
| n | The size of the buffer |
| r | The request |
| flags | Bit mask of AP_GETLINE_* options |
| apr_status_t ap_http_header_filter | ( | ap_filter_t * | f, |
| apr_bucket_brigade * | b | ||
| ) |
Index used in custom_responses array for a specific error code (only use outside protocol.c is in getting them configured).
| status | HTTP status code |
| int ap_is_allowed_protocol | ( | conn_rec * | c, |
| request_rec * | r, | ||
| server_rec * | s, | ||
| const char * | protocol | ||
| ) |
Check if the given protocol is an allowed choice on the given combination of connection, request and server.
When server is NULL, it is taken from request_rec, unless request_rec is NULL. Then it is taken from the connection base server.
| c | The current connection |
| r | The current request or NULL |
| s | The server/virtual host selected or NULL |
| protocol | the protocol to switch to |
| const char* ap_make_content_type | ( | request_rec * | r, |
| const char * | type | ||
| ) |
Build the content-type that should be sent to the client from the content-type specified. The following rules are followed:
| r | The current request |
| type | The content type |
| char* ap_make_etag | ( | request_rec * | r, |
| int | force_weak | ||
| ) |
Construct an entity tag from the resource information. If it's a real file, build in some of the file characteristics.
| r | The current request |
| force_weak | Force the entity tag to be weak - it could be modified again in as short an interval. |
| char* ap_make_etag_ex | ( | request_rec * | r, |
| etag_rec * | er | ||
| ) |
Construct an entity tag from information provided in the etag_rec structure.
| r | The current request |
| er | The etag record, containing ingredients for the etag. |
| ap_method_list_t* ap_make_method_list | ( | apr_pool_t * | p, |
| int | nelts | ||
| ) |
Create a new method list with the specified number of preallocated slots for extension methods.
| p | Pointer to a pool in which the structure should be allocated. |
| nelts | Number of preallocated extension slots |
| int ap_map_http_request_error | ( | apr_status_t | rv, |
| int | status | ||
| ) |
Map specific APR codes returned by the filter stack to HTTP error codes, or the default status code provided. Use it as follows:
return ap_map_http_request_error(rv, HTTP_BAD_REQUEST);
If the filter has already handled the error, AP_FILTER_ERROR will be returned, which is cleanly passed through.
These mappings imply that the filter stack is reading from the downstream client, the proxy will map these codes differently.
| rv | APR status code |
| status | Default HTTP code should the APR code not be recognised |
| int ap_meets_conditions | ( | request_rec * | r | ) |
Implements condition GET rules for HTTP/1.1 specification. This function inspects the client headers and determines if the response fulfills the requirements specified.
| r | The current request |
| int ap_method_in_list | ( | ap_method_list_t * | l, |
| const char * | method | ||
| ) |
Search for an HTTP method name in an ap_method_list_t structure, and return true if found.
| method | String containing the name of the method to check. |
| l | Pointer to a method list, such as r->allowed_methods. |
| void ap_method_list_add | ( | ap_method_list_t * | l, |
| const char * | method | ||
| ) |
Add an HTTP method name to an ap_method_list_t structure if it isn't already listed.
| method | String containing the name of the method to check. |
| l | Pointer to a method list, such as r->allowed_methods. |
| void ap_method_list_remove | ( | ap_method_list_t * | l, |
| const char * | method | ||
| ) |
Remove an HTTP method name from an ap_method_list_t structure.
| l | Pointer to a method list, such as r->allowed_methods. |
| method | String containing the name of the method to remove. |
| const char* ap_method_name_of | ( | apr_pool_t * | p, |
| int | methnum | ||
| ) |
Get the method name associated with the given internal method number. Returns NULL if not recognized.
| p | A pool to use for temporary allocations. |
| methnum | An integer value corresponding to an internal method number |
| int ap_method_number_of | ( | const char * | method | ) |
Get the method number associated with the given string, assumed to contain an HTTP method. Returns M_INVALID if not recognized.
| method | A string containing a valid HTTP method |
| int ap_method_register | ( | apr_pool_t * | p, |
| const char * | methname | ||
| ) |
Register a new request method, and return the offset that will be associated with that method.
| p | The pool to create registered method numbers from. |
| methname | The name of the new method to register. |
| void ap_method_registry_init | ( | apr_pool_t * | p | ) |
Initialize the method_registry and allocate memory for it.
| p | Pool to allocate memory for the registry from. |
| void ap_note_auth_failure | ( | request_rec * | r | ) |
Setup the output headers so that the client knows how to authenticate itself the next time, if an authentication request failed.
| r | The current request |
| void ap_note_basic_auth_failure | ( | request_rec * | r | ) |
| void ap_note_digest_auth_failure | ( | request_rec * | r | ) |
| apr_status_t ap_old_write_filter | ( | ap_filter_t * | f, |
| apr_bucket_brigade * | b | ||
| ) |
| int ap_parse_request_line | ( | request_rec * | r | ) |
Parse and validate the request line.
| r | The current request |
| void ap_parse_uri | ( | request_rec * | r, |
| const char * | uri | ||
| ) |
parse_uri: break apart the uri
| r | The current request |
| uri | The uri to break apart |
| apr_time_t ap_rationalize_mtime | ( | request_rec * | r, |
| apr_time_t | mtime | ||
| ) |
Return the latest rational time from a request/mtime pair. Mtime is returned unless it's in the future, in which case we return the current time.
| r | The current request |
| mtime | The last modified time |
| request_rec* ap_read_request | ( | conn_rec * | c | ) |
Read a request and fill in the fields.
| c | The current connection |
| int int ap_rflush | ( | request_rec * | r | ) |
Flush all of the data for the current request to the client
| r | The current request |
| apr_status_t ap_rgetline | ( | char ** | s, |
| apr_size_t | n, | ||
| apr_size_t * | read, | ||
| request_rec * | r, | ||
| int | flags, | ||
| apr_bucket_brigade * | bb | ||
| ) |
Note: genuinely calls, ap_fgetline(s, n, read, r->proto_input_filters, flags, bb, r->pool)
| int ap_rprintf | ( | request_rec * | r, |
| const char * | fmt, | ||
| ... | |||
| ) |
Output data to the client in a printf format
| r | The current request |
| fmt | The format string |
| ... | The arguments to use to fill out the format string |
| int ap_rputc | ( | int | c, |
| request_rec * | r | ||
| ) |
Output one character for this request
| c | the character to output |
| r | the current request |
| int ap_rvputs | ( | request_rec * | r, |
| ... | |||
| ) |
Write an unspecified number of strings to the request
| r | The current request |
| ... | The strings to write |
| int ap_rwrite | ( | const void * | buf, |
| int | nbyte, | ||
| request_rec * | r | ||
| ) |
Write a buffer for the current request
| buf | The buffer to write |
| nbyte | The number of bytes to send from the buffer |
| r | The current request |
| const char* ap_select_protocol | ( | conn_rec * | c, |
| request_rec * | r, | ||
| server_rec * | s, | ||
| const apr_array_header_t * | choices | ||
| ) |
Select a protocol for the given connection and optional request. Will return the protocol identifier selected which may be the protocol already in place on the connection. The selected protocol will be NULL if non of the given choices could be agreed upon (e.g. no proposal as made).
A special case is where the choices itself is NULL (instead of empty). In this case there are no restrictions imposed on protocol selection.
| c | The current connection |
| r | The current request or NULL |
| s | The server/virtual host selected |
| choices | A list of protocol identifiers, normally the client's wishes |
| void ap_send_error_response | ( | request_rec * | r, |
| int | recursive_error | ||
| ) |
Send error back to client.
| r | The current request |
| recursive_error | last arg indicates error status in case we get an error in the process of trying to deal with an ErrorDocument to handle some other error. In that case, we print the default report for the first thing that went wrong, and more briefly report on the problem with the ErrorDocument. |
| apr_status_t ap_send_fd | ( | apr_file_t * | fd, |
| request_rec * | r, | ||
| apr_off_t | offset, | ||
| apr_size_t | length, | ||
| apr_size_t * | nbytes | ||
| ) |
Send an entire file to the client, using sendfile if supported by the current platform
| fd | The file to send. |
| r | The current request |
| offset | Offset into the file to start sending. |
| length | Amount of data to send |
| nbytes | Amount of data actually sent |
| void ap_send_interim_response | ( | request_rec * | r, |
| int | send_headers | ||
| ) |
Send an interim (HTTP 1xx) response immediately.
| r | The request |
| send_headers | Whether to send&clear headers in r->headers_out |
| apr_size_t ap_send_mmap | ( | apr_mmap_t * | mm, |
| request_rec * | r, | ||
| apr_size_t | offset, | ||
| apr_size_t | length | ||
| ) |
Send an MMAP'ed file to the client
| mm | The MMAP'ed file to send |
| r | The current request |
| offset | The offset into the MMAP to start sending |
| length | The amount of data to send |
| void ap_set_accept_ranges | ( | request_rec * | r | ) |
Set the Accept-Ranges header for this response
| r | The current request |
| void ap_set_content_length | ( | request_rec * | r, |
| apr_off_t | length | ||
| ) |
Set the content length for this request
| r | The current request |
| length | The new content length |
| void ap_set_content_type | ( | request_rec * | r, |
| const char * | ct | ||
| ) |
Set the content type for this request (r->content_type).
| r | The current request |
| ct | The new content type |
| void ap_set_etag | ( | request_rec * | r | ) |
Set the E-tag outgoing header
| r | The current request |
| void ap_set_etag_fd | ( | request_rec * | r, |
| apr_file_t * | fd | ||
| ) |
Set the E-tag outgoing header, with the option of forcing a strong ETag.
| r | The current request |
| fd | The file descriptor |
| int ap_set_keepalive | ( | request_rec * | r | ) |
Set the keepalive status for this request
| r | The current request |
| void ap_set_last_modified | ( | request_rec * | r | ) |
Set the last modified time for the file being sent
| r | The current request |
| void ap_set_sub_req_protocol | ( | request_rec * | rnew, |
| const request_rec * | r | ||
| ) |
Sett up the protocol fields for subsidiary requests
| rnew | New Sub Request |
| r | current request |
| int ap_setup_client_block | ( | request_rec * | r, |
| int | read_policy | ||
| ) |
Setup the client to allow Apache to read the request body.
| r | The current request |
| read_policy | How the server should interpret a chunked transfer-encoding. One of: REQUEST_NO_BODY Send 413 error if message has any body REQUEST_CHUNKED_ERROR Send 411 error if body without Content-Length REQUEST_CHUNKED_DECHUNK If chunked, remove the chunks for me. |
| void ap_setup_make_content_type | ( | apr_pool_t * | pool | ) |
Precompile metadata structures used by ap_make_content_type()
| pool | The pool to use for allocations |
| void ap_setup_ssl_optional_fns | ( | apr_pool_t * | pool | ) |
Setup optional functions for ssl related queries so that functions registered by old-style SSL module functions are interrogated by the the new ap_is_ssl() and friends. Installs own optional functions, so that old modules looking for these find one and get the correct results (shadowing).
Needs to run in core's very early POST_CONFIG hook. Modules providing such functions register their own optionals during register_hooks(). Modules using such functions retrieve them often in their own post-config or in the even later retrieval hook. When shadowing other modules functions, core's early post-config is a good time.
| pool | The pool to use for allocations |
| int ap_should_client_block | ( | request_rec * | r | ) |
Determine if the client has sent any data. This also sends a 100 Continue response to HTTP/1.1 clients, so modules should not be called until the module is ready to read content.
| r | The current request |
| apr_status_t ap_ssl_add_cert_files | ( | server_rec * | s, |
| apr_pool_t * | p, | ||
| apr_array_header_t * | cert_files, | ||
| apr_array_header_t * | key_files | ||
| ) |
Collect certificate/key files from all providers registered. This includes providers registered at the global 'ssl_add_cert_files', as well as those installed in the OPTIONAL 'ssl_add_cert_files' hook as may be provided by ssl modules.
| s | the server certificates are collected for |
| p | the pool to use for allocations |
| cert_file | and array of const char* with the path to the certificate chain |
| key_file | and array of const char* with the path to the private key file |
| apr_status_t ap_ssl_add_fallback_cert_files | ( | server_rec * | s, |
| apr_pool_t * | p, | ||
| apr_array_header_t * | cert_files, | ||
| apr_array_header_t * | key_files | ||
| ) |
Collect 'fallback' certificate/key files from all registered providers, either in the global 'ssl_add_fallback_cert_files' hook or the optional one of similar name as provided by mod_ssl and sorts. Certificates obtained this way are commonly self signed, temporary crutches. To be used to the time it takes to retrieve a 'read', trusted certificate. A module using fallbacks is encouraged to answer all requests with a 503.
| s | the server certificates are collected for |
| p | the pool to use for allocations |
| cert_file | and array of const char* with the path to the certificate chain |
| key_file | and array of const char* with the path to the private key file |
| int ap_ssl_answer_challenge | ( | conn_rec * | c, |
| const char * | server_name, | ||
| const char ** | pcert_pem, | ||
| const char ** | pkey_pem | ||
| ) |
Returns != 0 iff the connection is a challenge to the server, for example as defined in RFC 8555 for the 'tls-alpn-01' domain verification, and needs a specific certificate as answer in the handshake.
ALPN protocol negotiation via the hooks 'protocol_propose' and 'protocol_switch' need to have run before this call is made.
Certificate PEMs added must be accompanied by a private key PEM. The private key PEM may be given by a NULL pointer, in which case it is expected to be found in the certificate PEM string.
A certificate provided this way needs to replace any other certificates selected by configuration or 'ssl_add_cert_pems` on this connection.
Return != 0 iff the connection is encrypted with SSL.
| c | the connection |
| apr_status_t ap_ssl_ocsp_get_resp | ( | server_rec * | s, |
| conn_rec * | c, | ||
| const ap_bytes_t * | id, | ||
| ap_ssl_ocsp_copy_resp * | cb, | ||
| void * | userdata | ||
| ) |
Retrieve the OCSP response data for a previously primed certificate. The id needs to be byte-wise identical to the one used on priming. If the call return ARP_SUCCESS, the callback has been invoked with the OCSP response DER data. Otherwise, a different status code must be returned. Callers in SSL connection handshakes are encouraged to continue the handshake without OCSP data for server reliability. The decision to accept or reject a handshake with missing OCSP stapling data needs to be done by the client. For similar reasons, providers of responses might return seemingly expired ones if they were unable to refresh a response in time.
The memory pointed to by id is only valid for the duration of the call. Also, the DER data passed to the callback is only valid for the duration of the call.
| s | the (SNI selected) server of the connection |
| c | the connection |
| id | identifier for the certifate, as used in ocsp_stapling_prime() |
| cb | callback to invoke when response data is available |
| userdata | caller supplied data passed to callback |
| apr_status_t ap_ssl_ocsp_prime | ( | server_rec * | s, |
| apr_pool_t * | p, | ||
| const ap_bytes_t * | id, | ||
| const char * | pem | ||
| ) |
Registering a certificate for Provisioning of OCSP responses. It is the caller's responsibility to provide a global (apache instance) unique id for the certificate that is then used later in retrieving the OCSP response. A certificate can be primed this way more than once, however the same identifier has to be provided each time (byte-wise same, not pointer same). The memory pointed to by id and pem is only valid for the duration of the call.
| s | the server being configured p a memory pool to use |
| id | opaque data uniquely identifying the certificate, provided by caller |
| pem | PEM data of certificate first, followed by chain certs, at least the issuer |
| const char* ap_ssl_var_lookup | ( | apr_pool_t * | p, |
| server_rec * | s, | ||
| conn_rec * | c, | ||
| request_rec * | r, | ||
| const char * | name | ||
| ) |
Lookup an SSL related variable for the server/connection/request or a global value when all those parameters are set to NULL. Pool and name must always be provided and the returned value (if not NULL) will be allocated fromt he pool.
| p | The pool to allocate a returned value in, MUST be provided |
| s | The server to inquire a value for, maybe NULL |
| c | The current connection, maybe NULL |
| r | The current request, maybe NULL |
| name | The name of the variable to retrieve, MUST be provided |
| apr_status_t ap_switch_protocol | ( | conn_rec * | c, |
| request_rec * | r, | ||
| server_rec * | s, | ||
| const char * | protocol | ||
| ) |
Perform the actual protocol switch. The protocol given must have been selected before on the very same connection and request pair.
| c | The current connection |
| r | The current request or NULL |
| s | The server/virtual host selected |
| protocol | the protocol to switch to |
| int ap_vrprintf | ( | request_rec * | r, |
| const char * | fmt, | ||
| va_list | vlist | ||
| ) |
Output data to the client in a printf format
| r | The current request |
| fmt | The format string |
| vlist | The arguments to use to fill out the format string |
| apr_port_t default_port | ( | const request_rec * | r | ) |
Return the default port from the current request
| r | The current request |
| const char* http_scheme | ( | const request_rec * | r | ) |
| int log_transaction | ( | request_rec * | r | ) |
This hook allows modules to perform any module-specific logging activities over and above the normal server things.
| r | The current request |
| int note_auth_failure | ( | request_rec * | r, |
| const char * | auth_type | ||
| ) |
This hook allows modules to add support for a specific auth type to ap_note_auth_failure
| r | the current request |
| auth_type | the configured auth_type |
| int post_read_request | ( | request_rec * | r | ) |
This hook allows modules to affect the request immediately after the request has been read, and before any other phases have been processes. This allows modules to make decisions based upon the input header fields
| r | The current request |
| void pre_read_request | ( | request_rec * | r, |
| conn_rec * | c | ||
| ) |
This hook allows modules to affect the request or connection immediately before the request has been read, and before any other phases have been processes.
| r | The current request of the soon-to-be-read request |
| c | The connection |
| const char* protocol_get | ( | const conn_rec * | c | ) |
Return the protocol used on the connection. Modules implementing protocol switching must register here and return the correct protocol identifier for connections they switched.
To find out the protocol for the current connection, better call
| c | The current connection |
| int protocol_propose | ( | conn_rec * | c, |
| request_rec * | r, | ||
| server_rec * | s, | ||
| const apr_array_header_t * | offers, | ||
| apr_array_header_t * | proposals | ||
| ) |
Determine the list of protocols available for a connection/request. This may be collected with or without any request sent, in which case the request is NULL. Or it may be triggered by the request received, e.g. through the "Upgrade" header.
This hook will be run whenever protocols are being negotiated (ALPN as one example). It may also be invoked at other times, e.g. when the server wants to advertise protocols it is capable of switching to.
The identifiers for protocols are taken from the TLS extension type ALPN: https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xml
If no protocols are added to the proposals, the server not perform any switch. If the protocol selected from the proposals is the protocol already in place, also no protocol switch will be invoked.
The client may already have announced the protocols it is willing to accept. These will then be listed as offers. This parameter may also be NULL, indicating that offers from the client are not known and the hooks should propose all protocols that are valid for the current connection/request.
All hooks are run, unless one returns an error. Proposals may contain duplicates. The order in which proposals are added is usually ignored.
| c | The current connection |
| r | The current request or NULL |
| s | The server/virtual host selected |
| offers | A list of protocol identifiers offered by the client or NULL to indicated that the hooks are free to propose |
| proposals | The list of protocol identifiers proposed by the hooks |
| int protocol_switch | ( | conn_rec * | c, |
| request_rec * | r, | ||
| server_rec * | s, | ||
| const char * | protocol | ||
| ) |
Perform a protocol switch on the connection. The exact requirements for that depend on the protocol in place and the one switched to. The first protocol module to handle the switch is the last module run.
For a connection level switch (r == NULL), the handler must on return leave the conn_rec in a state suitable for processing the switched protocol, e.g. correct filters in place.
For a request triggered switch (r != NULL), the protocol switch is done before the response is sent out. When switching from "http/1.1" via Upgrade header, the 101 intermediate response will have been sent. The hook needs then to process the connection until it can be closed. Which the server will enforce on hook return. Any error the hook might encounter must already be sent by the hook itself to the client in whatever form the new protocol requires.
| c | The current connection |
| r | The current request or NULL |
| s | The server/virtual host selected |
| protocol | The protocol identifier we try to switch to |
| int ssl_add_cert_files | ( | server_rec * | s, |
| apr_pool_t * | p, | ||
| apr_array_header_t * | cert_files, | ||
| apr_array_header_t * | key_files | ||
| ) |
Register to provide certificate/key files for servers. Certificate files are exepcted to contain the certificate chain, beginning with the server's certificate, excluding the trust anchor, in PEM format. They must be accompanied by a private key file, also in PEM format.
| s | the server certificates are collected for |
| p | the pool to use for allocations |
| cert_file | and array of const char* with the path to the certificate chain |
| key_file | and array of const char* with the path to the private key file |
| int ssl_add_fallback_cert_files | ( | server_rec * | s, |
| apr_pool_t * | p, | ||
| apr_array_header_t * | cert_files, | ||
| apr_array_header_t * | key_files | ||
| ) |
Register to provide 'fallback' certificates in case no 'real' certificates have been configured/added by other providers. Modules using these certificates are encouraged to answer requests to this server with a 503 response code.
| s | the server certificates are collected for |
| p | the pool to use for allocations |
| cert_file | and array of const char* with the path to the certificate chain |
| key_file | and array of const char* with the path to the private key file |
| int ssl_answer_challenge | ( | conn_rec * | c, |
| const char * | server_name, | ||
| const char ** | pcert_pem, | ||
| const char ** | pkey_pem | ||
| ) |
On TLS connections that do not relate to a configured virtual host allow modules to provide a certificate and key to be used on the connection.
A Certificate PEM added must be accompanied by a private key PEM. The private key PEM may be given by a NULL pointer, in which case it is expected to be found in the certificate PEM string.
| int ssl_ocsp_get_resp_hook | ( | server_rec * | s, |
| conn_rec * | c, | ||
| const ap_bytes_t * | id, | ||
| ap_ssl_ocsp_copy_resp * | cb, | ||
| void * | userdata | ||
| ) |
Asking for OCSP response DER data for a certificate formerly primed.
| s | the (SNI selected) server of the connection |
| c | the connection |
| id | identifier for the certifate, as used in ocsp_stapling_prime() |
| cb | callback to invoke when response data is available |
| userdata | caller supplied data passed to callback |
| int ssl_ocsp_prime_hook | ( | server_rec * | s, |
| apr_pool_t * | p, | ||
| const ap_bytes_t * | id, | ||
| const char * | pem | ||
| ) |
Providers of OCSP status responses register at this hook. Installed hooks returning OK are expected to provide later OCSP responses via a 'ap_ssl_ocsp_get_resp_hook'.
| s | the server being configured p a memory pool to use |
| id | opaque data uniquely identifying the certificate, provided by caller |
| pem | PEM data of certificate first, followed by PEM of issuer cert |
| AP_DECLARE_DATA const apr_bucket_type_t ap_bucket_type_error |
| AP_DECLARE_DATA ap_filter_rec_t* ap_old_write_func |
This is an optimization. We keep a record of the filter_rec that stores the old_write filter, so that we can avoid strcmp's later.
1.8.11 
