Let me developp.
1) Apache 2.0 is supporting SSL now via mod_ssl
and mod_tls, BUT, use allways the same API.
No more EAPI problems like in Apache 1.3
2) Same configuration directive that the one
found in Apache 1.3.
JkHTTPSIndicator
JkCERTSIndicator
JkCIPHERIndicator
JkSESSIONIndicator
JkExtractSSL
By default SSL is supported and will use mod_ssl
env vars.
3) Also added EnvVars which could be forwarded to
tomcat, even if not yet implemented on the java side.
Worked configuration with Apache 2.0.24 on Linux Redhat 6.2
As usually RPM is available for Apache 2.0.24, and is built
with mod_ssl support :)
-
Henri Gomez ___[_]____
EMAIL : [EMAIL PROTECTED] (. .)
PGP KEY : 697ECEDD ...oOOo..(_)..oOOo...
PGP Fingerprint : 9DF8 1EA8 ED53 2F39 DC9B 904A 364F 80E6
>-----Original Message-----
>From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
>Sent: Wednesday, September 05, 2001 11:35 AM
>To: [EMAIL PROTECTED]
>Subject: cvs commit:
>jakarta-tomcat/src/native/mod_jk/apache2.0 mod_jk.c
>
>
>hgomez 01/09/05 02:34:44
>
> Modified: src/native/mod_jk/apache2.0 mod_jk.c
> Log:
> workers.properties and log files could be
> defined in relative mode
> SSL support added, using mod_ssl port
>
> Revision Changes Path
> 1.16 +228 -35
>jakarta-tomcat/src/native/mod_jk/apache2.0/mod_jk.c
>
> Index: mod_jk.c
> ===================================================================
> RCS file:
>/home/cvs/jakarta-tomcat/src/native/mod_jk/apache2.0/mod_jk.c,v
> retrieving revision 1.15
> retrieving revision 1.16
> diff -u -r1.15 -r1.16
> --- mod_jk.c 2001/09/03 12:03:45 1.15
> +++ mod_jk.c 2001/09/05 09:34:44 1.16
> @@ -120,8 +120,15 @@
> char *cipher_indicator;
> char *sesion_indicator;
>
> + /*
> + * Environment variables support
> + */
> + int envvars_in_use;
> + apr_table_t *envvars;
> +
> int was_initialized;
> server_rec *s;
> +
> } jk_server_conf_t;
>
> /*
> @@ -396,10 +403,14 @@
> * of these fields mean.
> */
> static int init_ws_service(apache_private_data_t *private_data,
> - jk_ws_service_t *s)
> + jk_ws_service_t *s,
> + jk_server_conf_t *conf)
> {
> request_rec *r = private_data->r;
> - s->jvm_route = NULL;
> + char *ssl_temp = NULL;
> + s->jvm_route = NULL; /* Used for sticky session
>routing */
> +
> + /* Copy in function pointers (which are really methods) */
> s->start_response = ws_start_response;
> s->read = ws_read;
> s->write = ws_write;
> @@ -422,36 +433,8 @@
> r->server->port
> );
>
> -#ifdef NOTNEEDEDFORNOW
> - /* Wrong: s->server_name = (char
>*)ap_get_server_name( r ); */
> - s->server_name= (char *)(r->hostname ? r->hostname :
> - r->server->server_hostname);
> -
> -
> - s->server_port= htons( r->connection->local_addr.sin_port );
> - /* Wrong: s->server_port = r->server->port; */
> -
> -
> - /* Winners: htons( r->connection->local_addr.sin_port )
> - (r->hostname ? r->hostname :
> - r->server->server_hostname),
> - */
> - /* printf( "Port %u %u %u %s %s %s %d %d \n",
> - ap_get_server_port( r ),
> - htons( r->connection->local_addr.sin_port ),
> - ntohs( r->connection->local_addr.sin_port ),
> - ap_get_server_name( r ),
> - (r->hostname ? r->hostname : r->server->server_hostname),
> - r->hostname,
> - r->connection->base_server->port,
> - r->server->port
> - );
> - */
> -#else
> s->server_name = (char *)ap_get_server_name( r );
> s->server_port = r->server->port;
> -#endif
> -
> s->server_software = ap_get_server_version();
>
> s->method = (char *)r->method;
> @@ -467,6 +450,48 @@
> s->ssl_cipher = NULL;
> s->ssl_session = NULL;
>
> + if(conf->ssl_enable || conf->envvars_in_use) {
> + ap_add_common_vars(r);
> +
> + if(conf->ssl_enable) {
> + ssl_temp = (char *)apr_table_get(r->subprocess_env,
> + conf->https_indicator);
> + if(ssl_temp && !strcasecmp(ssl_temp, "on")) {
> + s->is_ssl = JK_TRUE;
> + s->ssl_cert = (char
>*)apr_table_get(r->subprocess_env,
> +
>conf->certs_indicator);
> + if(s->ssl_cert) {
> + s->ssl_cert_len = strlen(s->ssl_cert);
> + }
> + s->ssl_cipher = (char
>*)apr_table_get(r->subprocess_env,
> +
>conf->cipher_indicator);
> + s->ssl_session = (char
>*)apr_table_get(r->subprocess_env,
> +
>conf->sesion_indicator);
> + }
> + }
> +
> + if(conf->envvars_in_use) {
> + apr_array_header_t *t = ap_table_elts(conf->envvars);
> + if(t && t->nelts) {
> + int i;
> + apr_table_entry_t *elts =
>(apr_table_entry_t *)t->elts;
> + s->attributes_names = ap_palloc(r->pool,
>sizeof(char *) * t->nelts);
> + s->attributes_values = ap_palloc(r->pool,
>sizeof(char *) * t->nelts);
> +
> + for(i = 0 ; i < t->nelts ; i++) {
> + s->attributes_names[i] = elts[i].key;
> + s->attributes_values[i] = (char
>*)apr_table_get(r->subprocess_env,
> +
> elts[i].key);
> + if(!s->attributes_values[i]) {
> + s->attributes_values[i] = elts[i].val;
> + }
> + }
> +
> + s->num_attributes = t->nelts;
> + }
> + }
> + }
> +
> s->headers_names = NULL;
> s->headers_values = NULL;
> s->num_headers = 0;
> @@ -572,10 +597,14 @@
>
> jk_server_conf_t *conf =
> (jk_server_conf_t
>*)ap_get_module_config(s->module_config, &jk_module);
> -
> - conf->worker_file = worker_file;
>
> - if (stat(worker_file, &statbuf) == -1)
> + /* we need an absolute path (ap_server_root_relative
>does the ap_pstrdup) */
> + conf->worker_file =
>ap_server_root_relative(cmd->pool,worker_file);
> +
> + if (conf->worker_file == NULL)
> + return "JkWorkersFile file_name invalid";
> +
> + if (stat(conf->worker_file, &statbuf) == -1)
> return "Can't find the workers file specified";
>
> return NULL;
> @@ -589,7 +618,11 @@
> jk_server_conf_t *conf =
> (jk_server_conf_t
>*)ap_get_module_config(s->module_config, &jk_module);
>
> - conf->log_file = log_file;
> + /* we need an absolute path */
> + conf->log_file = ap_server_root_relative(cmd->pool,log_file);
> +
> + if (conf->log_file == NULL)
> + return "JkLogFile file_name invalid";
>
> return NULL;
> }
> @@ -615,20 +648,149 @@
> return NULL;
> }
>
> +static const char *jk_set_enable_ssl(cmd_parms *cmd,
> + void *dummy,
> + int flag)
> +{
> + server_rec *s = cmd->server;
> + jk_server_conf_t *conf =
> + (jk_server_conf_t
>*)ap_get_module_config(s->module_config, &jk_module);
> +
> + /* Set up our value */
> + conf->ssl_enable = flag ? JK_TRUE : JK_FALSE;
> +
> + return NULL;
> +}
> +
> +static const char *jk_set_https_indicator(cmd_parms *cmd,
> + void *dummy,
> + char *indicator)
> +{
> + server_rec *s = cmd->server;
> + jk_server_conf_t *conf =
> + (jk_server_conf_t
>*)ap_get_module_config(s->module_config, &jk_module);
> +
> + conf->https_indicator = indicator;
> +
> + return NULL;
> +}
> +
> +static const char *jk_set_certs_indicator(cmd_parms *cmd,
> + void *dummy,
> + char *indicator)
> +{
> + server_rec *s = cmd->server;
> + jk_server_conf_t *conf =
> + (jk_server_conf_t
>*)ap_get_module_config(s->module_config, &jk_module);
> +
> + conf->certs_indicator = indicator;
> +
> + return NULL;
> +}
> +
> +static const char *jk_set_cipher_indicator(cmd_parms *cmd,
> + void *dummy,
> + char *indicator)
> +{
> + server_rec *s = cmd->server;
> + jk_server_conf_t *conf =
> + (jk_server_conf_t
>*)ap_get_module_config(s->module_config, &jk_module);
> +
> + conf->cipher_indicator = indicator;
> +
> + return NULL;
> +}
> +
> +static const char *jk_set_session_indicator(cmd_parms *cmd,
> + void *dummy,
> + char *indicator)
> +{
> + server_rec *s = cmd->server;
> + jk_server_conf_t *conf =
> + (jk_server_conf_t
>*)ap_get_module_config(s->module_config, &jk_module);
> +
> + conf->sesion_indicator = indicator;
> +
> + return NULL;
> +}
> +
> +static const char *jk_add_env_var(cmd_parms *cmd,
> + void *dummy,
> + char *env_name,
> + char *default_value)
> +{
> + server_rec *s = cmd->server;
> + jk_server_conf_t *conf =
> + (jk_server_conf_t
>*)ap_get_module_config(s->module_config, &jk_module);
> +
> + conf->envvars_in_use = JK_TRUE;
> +
> + ap_table_add(conf->envvars, env_name, default_value);
> +
> + return NULL;
> +}
> +
> +
> static const command_rec jk_cmds[] =
> {
> + /*
> + * JkWorkersFile specifies a full path to the location
>of the worker
> + * properties file.
> + *
> + * This file defines the different workers used by
>apache to redirect
> + * servlet requests.
> + */
> {"JkWorkersFile", jk_set_worker_file, NULL, RSRC_CONF, TAKE1,
> "the name of a worker file for the Jakarta servlet
>containers"},
> + /*
> + * JkMount mounts a url prefix to a worker (the worker
>need to be
> + * defined in the worker properties file.
> + */
> {"JkMount", jk_mount_context, NULL, RSRC_CONF, TAKE23,
> "A mount point from a context to a Tomcat worker"},
> + /*
> + * JkMountCopy specifies if mod_jk should copy the mount points
> + * from the main server to the virtual servers.
> + */
> {"JkMountCopy", jk_set_mountcopy, NULL, RSRC_CONF, FLAG,
> "Should the base server mounts be copied to the
>virtual server"},
> + /*
> + * JkLogFile & JkLogLevel specifies to where should the
>plugin log
> + * its information and how much.
> + */
> {"JkLogFile", jk_set_log_file, NULL, RSRC_CONF, TAKE1,
> "Full path to the Jakarta Tomcat module log file"},
> {"JkLogLevel", jk_set_log_level, NULL, RSRC_CONF, TAKE1,
> "The Jakarta Tomcat module log level, can be debug,
>info, error or emerg"},
> {"JkLogStampFormat", jk_set_log_fmt, NULL, RSRC_CONF, TAKE1,
> "The Jakarta Tomcat module log format, follow strftime
>synthax"},
> + /*
> + * Apache 1.3 used to have multiple SSL modules (for
>example apache_ssl, stronghold
> + * IHS ...).
> + * in Apache 2.0, we've got now mod_ssl and mod_tls.
> + * Each of these can have a different SSL environment names
> + * The following properties let the administrator
>specify the envoiroment
> + * variables names.
> + *
> + * HTTPS - indication for SSL
> + * CERTS - Base64-Der-encoded client certificates.
> + * CIPHER - A string specifing the ciphers suite in use.
> + * SESSION - A string specifing the current SSL session.
> + */
> + {"JkHTTPSIndicator", jk_set_https_indicator, NULL,
>RSRC_CONF, TAKE1,
> + "Name of the Apache environment that contains SSL indication"},
> + {"JkCERTSIndicator", jk_set_certs_indicator, NULL,
>RSRC_CONF, TAKE1,
> + "Name of the Apache environment that contains SSL
>client certificates"},
> + {"JkCIPHERIndicator", jk_set_cipher_indicator, NULL,
>RSRC_CONF, TAKE1,
> + "Name of the Apache environment that contains SSL
>client cipher"},
> + {"JkSESSIONIndicator", jk_set_session_indicator, NULL,
>RSRC_CONF, TAKE1,
> + "Name of the Apache environment that contains SSL session"},
> + {"JkExtractSSL", jk_set_enable_ssl, NULL, RSRC_CONF, FLAG,
> + "Turns on SSL processing and information gathering by mod_jk"},
> +
> + {"JkEnvVar", jk_add_env_var, NULL, RSRC_CONF, TAKE2,
> + "Adds a name of environment variable that should be
>sent to Tomcat"},
> +
> {NULL}
> };
>
> @@ -696,7 +858,7 @@
> s.ws_private = &private_data;
> s.pool = &private_data.p;
>
> - if(init_ws_service(&private_data, &s)) {
> + if(init_ws_service(&private_data, &s, conf)) {
> jk_endpoint_t *end = NULL;
>
> /* Use per/thread pool ( or "context" ) to reuse the
> @@ -761,11 +923,42 @@
> c->mountcopy = JK_FALSE;
> c->was_initialized = JK_FALSE;
>
> + /*
> + * By default we will try to gather SSL info.
> + * Disable this functionality through JkExtractSSL
> + */
> + c->ssl_enable = JK_TRUE;
> + /*
> + * The defaults ssl indicators match those in mod_ssl (seems
> + * to be in more use).
> + */
> + c->https_indicator = "HTTPS";
> + c->certs_indicator = "SSL_CLIENT_CERT";
> +
> + /*
> + * The following (comented out) environment variables
>match apache_ssl!
> + * If you are using apache_sslapache_ssl uncomment them
>(or use the
> + * configuration directives to set them.
> + *
> + c->cipher_indicator = "HTTPS_CIPHER";
> + c->sesion_indicator = NULL;
> + */
> +
> + /*
> + * The following environment variables match mod_ssl! If you
> + * are using another module (say apache_ssl) comment them out.
> + */
> + c->cipher_indicator = "SSL_CIPHER";
> + c->sesion_indicator = "SSL_SESSION_ID";
> +
> if(!map_alloc(&(c->uri_to_context))) {
> jk_error_exit(APLOG_MARK, APLOG_EMERG, s, "Memory error");
> }
> c->uw_map = NULL;
> c->s = s;
> +
> + c->envvars_in_use = JK_FALSE;
> + c->envvars = apr_table_make(p, 0);
>
> return c;
> }
>
>
>
>
