| 575 | } |
| 576 | |
| 577 | int ssl_init_ssl_connection(conn_rec *c, request_rec *r) |
| 578 | { |
| 579 | SSLSrvConfigRec *sc; |
| 580 | SSL *ssl; |
| 581 | SSLConnRec *sslconn; |
| 582 | char *vhost_md5; |
| 583 | int rc; |
| 584 | modssl_ctx_t *mctx; |
| 585 | server_rec *server; |
| 586 | |
| 587 | /* |
| 588 | * Create or retrieve SSL context |
| 589 | */ |
| 590 | sslconn = ssl_init_connection_ctx(c, r ? r->per_dir_config : NULL, 0); |
| 591 | server = sslconn->server; |
| 592 | sc = mySrvConfig(server); |
| 593 | |
| 594 | /* |
| 595 | * Seed the Pseudo Random Number Generator (PRNG) |
| 596 | */ |
| 597 | ssl_rand_seed(server, c->pool, SSL_RSCTX_CONNECT, |
| 598 | c->outgoing ? "Proxy: " : "Server: "); |
| 599 | |
| 600 | mctx = myConnCtxConfig(c, sc); |
| 601 | |
| 602 | /* |
| 603 | * Create a new SSL connection with the configured server SSL context and |
| 604 | * attach this to the socket. Additionally we register this attachment |
| 605 | * so we can detach later. |
| 606 | */ |
| 607 | if (!(sslconn->ssl = ssl = SSL_new(mctx->ssl_ctx))) { |
| 608 | ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, c, APLOGNO(01962) |
| 609 | "Unable to create a new SSL connection from the SSL " |
| 610 | "context"); |
| 611 | ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, server); |
| 612 | |
| 613 | c->aborted = 1; |
| 614 | |
| 615 | return DECLINED; /* XXX */ |
| 616 | } |
| 617 | |
| 618 | rc = ssl_run_pre_handshake(c, ssl, c->outgoing ? 1 : 0); |
| 619 | if (rc != OK && rc != DECLINED) { |
| 620 | return rc; |
| 621 | } |
| 622 | |
| 623 | vhost_md5 = ap_md5_binary(c->pool, (unsigned char *)sc->vhost_id, |
| 624 | sc->vhost_id_len); |
| 625 | |
| 626 | if (!SSL_set_session_id_context(ssl, (unsigned char *)vhost_md5, |
| 627 | APR_MD5_DIGESTSIZE*2)) |
| 628 | { |
| 629 | ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, c, APLOGNO(01963) |
| 630 | "Unable to set session id context to '%s'", vhost_md5); |
| 631 | ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, server); |
| 632 | |
| 633 | c->aborted = 1; |
| 634 |
no test coverage detected