/* * Create per-server SSL configuration */ void *ssl_config_server_create(apr_pool_t *p, server_rec *s) { SSLSrvConfigRec *sc = ssl_config_server_new(p); sc->mc = ssl_config_global_create(s); return sc; }
/* * Per-module initialization */ int ssl_init_Module(apr_pool_t *p, apr_pool_t *plog, apr_pool_t *ptemp, server_rec *base_server) { SSLModConfigRec *mc = myModConfig(base_server); SSLSrvConfigRec *sc; server_rec *s; /* We initialize mc->pid per-process in the child init, * but it should be initialized for startup before we * call ssl_rand_seed() below. */ mc->pid = getpid(); /* * Let us cleanup on restarts and exists */ apr_pool_cleanup_register(p, base_server, ssl_init_ModuleKill, apr_pool_cleanup_null); /* * Any init round fixes the global config */ ssl_config_global_create(base_server); /* just to avoid problems */ ssl_config_global_fix(mc); /* * try to fix the configuration and open the dedicated SSL * logfile as early as possible */ for (s = base_server; s; s = s->next) { sc = mySrvConfig(s); if (sc->server) { sc->server->sc = sc; } if (sc->proxy) { sc->proxy->sc = sc; } /* * Create the server host:port string because we need it a lot */ sc->vhost_id = ssl_util_vhostid(p, s); sc->vhost_id_len = strlen(sc->vhost_id); if (ap_get_server_protocol(s) && strcmp("https", ap_get_server_protocol(s)) == 0) { sc->enabled = SSL_ENABLED_TRUE; } /* If sc->enabled is UNSET, then SSL is optional on this vhost */ /* Fix up stuff that may not have been set */ if (sc->enabled == SSL_ENABLED_UNSET) { sc->enabled = SSL_ENABLED_FALSE; } if (sc->proxy_enabled == UNSET) { sc->proxy_enabled = FALSE; } if (sc->session_cache_timeout == UNSET) { sc->session_cache_timeout = SSL_SESSION_CACHE_TIMEOUT; } if (sc->server->pphrase_dialog_type == SSL_PPTYPE_UNSET) { sc->server->pphrase_dialog_type = SSL_PPTYPE_BUILTIN; } } #if APR_HAS_THREADS ssl_util_thread_setup(p); #endif /* * SSL external crypto device ("engine") support */ #if defined(HAVE_OPENSSL_ENGINE_H) && defined(HAVE_ENGINE_INIT) ssl_init_Engine(base_server, p); #endif ap_log_error(APLOG_MARK, APLOG_INFO, 0, s, "Init: Initialized %s library", SSL_LIBRARY_NAME); /* * Seed the Pseudo Random Number Generator (PRNG) * only need ptemp here; nothing inside allocated from the pool * needs to live once we return from ssl_rand_seed(). */ ssl_rand_seed(base_server, ptemp, SSL_RSCTX_STARTUP, "Init: "); /* * read server private keys/public certs into memory. * decrypting any encrypted keys via configured SSLPassPhraseDialogs * anything that needs to live longer than ptemp needs to also survive * restarts, in which case they'll live inside s->process->pool. */ ssl_pphrase_Handle(base_server, ptemp); if (ssl_tmp_keys_init(base_server)) { return !OK; } /* * initialize the mutex handling */ if (!ssl_mutex_init(base_server, p)) { return HTTP_INTERNAL_SERVER_ERROR; } /* * initialize session caching */ ssl_scache_init(base_server, p); /* * initialize servers */ ap_log_error(APLOG_MARK, APLOG_INFO, 0, base_server, "Init: Initializing (virtual) servers for SSL"); for (s = base_server; s; s = s->next) { sc = mySrvConfig(s); /* * Either now skip this server when SSL is disabled for * it or give out some information about what we're * configuring. */ /* * Read the server certificate and key */ ssl_init_ConfigureServer(s, p, ptemp, sc); } /* * Configuration consistency checks */ ssl_init_CheckServers(base_server, ptemp); /* * Announce mod_ssl and SSL library in HTTP Server field * as ``mod_ssl/X.X.X OpenSSL/X.X.X'' */ ssl_add_version_components(p, base_server); SSL_init_app_data2_idx(); /* for SSL_get_app_data2() at request time */ return OK; }