[Bug 60899] New: provide utility function to return a servers SSL_CTX object

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

[Bug 60899] New: provide utility function to return a servers SSL_CTX object

Bugzilla from bugzilla@apache.org
https://bz.apache.org/bugzilla/show_bug.cgi?id=60899

            Bug ID: 60899
           Summary: provide utility function to return a servers SSL_CTX
                    object
           Product: Apache httpd-2
           Version: 2.5-HEAD
          Hardware: PC
                OS: All
            Status: NEW
          Severity: enhancement
          Priority: P2
         Component: mod_ssl
          Assignee: [hidden email]
          Reporter: [hidden email]
  Target Milestone: ---

I am prototyping an Apache module that performs certain security compliance
checks, one aspect of which requires access to the SSL_CTX that mod_ssl creates
for an SSL enabled server.

Access to that object is currently through the SSLSrvConfigRec->server and
modssl_ctx_t->ssl_ctx structures, which works well but I would like to avoid
directly accessing these private structures if possible.

It would be nice if the public API of mod_ssl (perhaps exposed in
ssl_util_ssl.h) defined a function such as:

/* please be a function not a macro! */
SSL_CTX *sslctx_from_server(server_rec *s)
{
        SSLSrvConfigRec *sc = mySrvConfig(s);                                  
        if (sc && sc->enabled > 0) {
            return sc->server->ssl_ctx;
        }
        return NULL;
}

--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

[Bug 60899] provide utility function to return a servers SSL_CTX object

Bugzilla from bugzilla@apache.org
https://bz.apache.org/bugzilla/show_bug.cgi?id=60899

Joe Orton <[hidden email]> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
         Resolution|---                         |CLOSED
             Status|NEW                         |RESOLVED

--- Comment #1 from Joe Orton <[hidden email]> ---
You should be able to do this using the hook exposed by mod_ssl_openssl.h:

APR_DECLARE_EXTERNAL_HOOK(ssl, SSL, int, init_server,
                          (server_rec *s, apr_pool_t *p, int is_proxy, SSL_CTX
*ctx))

--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]