Hook into mod_ssl by retrieving the optional function. Using ssl_var_lookup directly means mod_authz_ldap won't load if mod_ssl isn't loaded. --- mod_authz_ldap-0.26/module/certmap.c.hook +++ mod_authz_ldap-0.26/module/certmap.c @@ -10,6 +10,8 @@ ** $Id: certmap.c,v 1.7 2004/03/30 23:35:50 afm Exp $ */ #include "mod_authz_ldap.h" +#include "mod_ssl.h" + #ifdef EAPI #include <openssl/pem.h> #include <openssl/x509v3.h> @@ -20,6 +22,24 @@ #endif /* AUTHZ_LDAP_HAVE_SSL */ #endif /* EAPI */ +static char *do_ssl_var_lookup(apr_pool_t *p, server_rec *s, conn_rec *c, + request_rec *r, char *v) +{ +#ifdef EAPI + return ssl_var_lookup(p, s, c, r, v); +#else + APR_OPTIONAL_FN_TYPE(ssl_var_lookup) *lookupfn; + + lookupfn = APR_RETRIEVE_OPTIONAL_FN(ssl_var_lookup); + + if (lookupfn) { + return lookupfn(p, s, c, r, v); + } else { + return NULL; + } +#endif +} + /************************************************************************* ** Certificate Retrieval ** *************************************************************************/ @@ -30,7 +50,7 @@ authz_ldap_config_rec *sec; sec = ap_get_module_config(r->per_dir_config, &authz_ldap_module); - issuer_dn = ssl_var_lookup(r->pool, r->server, r->connection, r, + issuer_dn = do_ssl_var_lookup(r->pool, r->server, r->connection, r, "SSL_CLIENT_I_DN"); AUTHZ_DEBUG3("[%d] client issuer DN: %s", (int)getpid(), (issuer_dn) ? issuer_dn : "(null)"); @@ -52,7 +72,7 @@ sec = ap_get_module_config(r->per_dir_config, &authz_ldap_module); /* retrieve the certificate in PEM form */ - xp = ssl_var_lookup(r->pool, r->server, r->connection, r, + xp = do_ssl_var_lookup(r->pool, r->server, r->connection, r, "SSL_CLIENT_CERT"); if (NULL == xp) { AUTHZ_DEBUG2("[%d] not certificate found", (int)getpid()); @@ -100,7 +120,7 @@ authz_ldap_config_rec *sec; sec = ap_get_module_config(r->per_dir_config, &authz_ldap_module); - subject_dn = ssl_var_lookup(r->pool, r->server, r->connection, r, + subject_dn = do_ssl_var_lookup(r->pool, r->server, r->connection, r, "SSL_CLIENT_S_DN"); AUTHZ_DEBUG3("[%d] client subject DN: %s", (int)getpid(), (subject_dn) ? subject_dn : "(null)"); @@ -118,7 +138,7 @@ sec = ap_get_module_config(r->per_dir_config, &authz_ldap_module); /* get serial number from X509 client certificate */ - cp = ssl_var_lookup(r->pool, r->server, r->connection, r, + cp = do_ssl_var_lookup(r->pool, r->server, r->connection, r, "SSL_CLIENT_M_SERIAL"); AUTHZ_DEBUG3("[%d] client serial: %s", (int)getpid(), (cp) ? cp : "(null)"); @@ -175,7 +195,7 @@ sec = ap_get_module_config(r->per_dir_config, &authz_ldap_module); /* retrieve the certificate in PEM form */ - xp = ssl_var_lookup(r->pool, r->server, r->connection, r, + xp = do_ssl_var_lookup(r->pool, r->server, r->connection, r, "SSL_CLIENT_CERT"); if (NULL == xp) { AUTHZ_DEBUG2("[%d] not certificate found", (int)getpid()); @@ -263,7 +283,7 @@ sec = ap_get_module_config(r->per_dir_config, &authz_ldap_module); /* retrieve the certificate in PEM form */ - xp = ssl_var_lookup(r->pool, r->server, r->connection, r, + xp = do_ssl_var_lookup(r->pool, r->server, r->connection, r, "SSL_CLIENT_CERT"); if (NULL == xp) { AUTHZ_DEBUG2("[%d] not certificate found", (int)getpid());