[TLS] set SSL_PROTOCOL, SSL_CIPHER* (fixes #2511)
initialized for mod_magnet and dynamic CGI-like handlers (mod_cgi, mod_fastcgi, mod_scgi, mod_ssi) (*not* mod_proxy) Note: in the future a config flag (does not yet exist) might be required to activate initialization of these SSL_* env variables. This might occur if there are requests to access these variables in mod_accesslog, and/or if more SSL_* varables are created, which would be more work. x-ref: "pass protocol and cipher details to fcgi env" https://redmine.lighttpd.net/issues/2511personal/stbuehler/mod-csrf
parent
6155d7d9bb
commit
b8b38f3067
|
@ -1006,6 +1006,10 @@ int http_cgi_headers (server *srv, connection *con, http_cgi_opts *opts, http_cg
|
|||
}
|
||||
}
|
||||
|
||||
#ifdef USE_OPENSSL
|
||||
if (con->ssl) http_cgi_ssl_env(srv, con);
|
||||
#endif
|
||||
|
||||
for (n = 0; n < con->environment->used; n++) {
|
||||
data_string *ds = (data_string *)con->environment->data[n];
|
||||
if (!buffer_is_empty(ds->value) && !buffer_is_empty(ds->key)) {
|
||||
|
|
|
@ -1031,6 +1031,10 @@ static handler_t magnet_attract_array(server *srv, connection *con, plugin_data
|
|||
/* no filename set */
|
||||
if (files->used == 0) return HANDLER_GO_ON;
|
||||
|
||||
#ifdef USE_OPENSSL
|
||||
if (con->ssl) http_cgi_ssl_env(srv, con);
|
||||
#endif
|
||||
|
||||
/**
|
||||
* execute all files and jump out on the first !HANDLER_GO_ON
|
||||
*/
|
||||
|
|
|
@ -220,6 +220,37 @@ static void https_add_ssl_client_entries(server *srv, connection *con) {
|
|||
}
|
||||
X509_free(xs);
|
||||
}
|
||||
|
||||
void http_cgi_ssl_env(server *srv, connection *con) {
|
||||
const char *s;
|
||||
const SSL_CIPHER *cipher;
|
||||
UNUSED(srv);
|
||||
|
||||
if (!con->ssl) return;
|
||||
|
||||
s = SSL_get_version(con->ssl);
|
||||
array_set_key_value(con->environment,
|
||||
CONST_STR_LEN("SSL_PROTOCOL"),
|
||||
s, strlen(s));
|
||||
|
||||
if ((cipher = SSL_get_current_cipher(con->ssl))) {
|
||||
int usekeysize, algkeysize;
|
||||
char buf[LI_ITOSTRING_LENGTH];
|
||||
s = SSL_CIPHER_get_name(cipher);
|
||||
array_set_key_value(con->environment,
|
||||
CONST_STR_LEN("SSL_CIPHER"),
|
||||
s, strlen(s));
|
||||
usekeysize = SSL_CIPHER_get_bits(cipher, &algkeysize);
|
||||
li_itostrn(buf, sizeof(buf), usekeysize);
|
||||
array_set_key_value(con->environment,
|
||||
CONST_STR_LEN("SSL_CIPHER_USEKEYSIZE"),
|
||||
buf, strlen(buf));
|
||||
li_itostrn(buf, sizeof(buf), algkeysize);
|
||||
array_set_key_value(con->environment,
|
||||
CONST_STR_LEN("SSL_CIPHER_ALGKEYSIZE"),
|
||||
buf, strlen(buf));
|
||||
}
|
||||
}
|
||||
#endif
|
||||
|
||||
|
||||
|
|
|
@ -22,6 +22,9 @@ typedef struct http_cgi_opts_t {
|
|||
|
||||
typedef int (*http_cgi_header_append_cb)(void *vdata, const char *k, size_t klen, const char *v, size_t vlen);
|
||||
int http_cgi_headers(server *srv, connection *con, http_cgi_opts *opts, http_cgi_header_append_cb cb, void *vdata);
|
||||
#ifdef USE_OPENSSL
|
||||
void http_cgi_ssl_env(server *srv, connection *con);
|
||||
#endif
|
||||
|
||||
handler_t http_response_prepare(server *srv, connection *con);
|
||||
int http_response_redirect_to_directory(server *srv, connection *con);
|
||||
|
|
Loading…
Reference in New Issue