You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by dr...@apache.org on 2013/10/22 21:55:43 UTC
svn commit: r1534754 - in /httpd/httpd/trunk:
docs/log-message-tags/next-number modules/ssl/ssl_engine_config.c
modules/ssl/ssl_engine_init.c modules/ssl/ssl_private.h
Author: drh
Date: Tue Oct 22 19:55:43 2013
New Revision: 1534754
URL: http://svn.apache.org/r1534754
Log:
SSL_CONF support for files and directories.
Modified:
httpd/httpd/trunk/docs/log-message-tags/next-number
httpd/httpd/trunk/modules/ssl/ssl_engine_config.c
httpd/httpd/trunk/modules/ssl/ssl_engine_init.c
httpd/httpd/trunk/modules/ssl/ssl_private.h
Modified: httpd/httpd/trunk/docs/log-message-tags/next-number
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/log-message-tags/next-number?rev=1534754&r1=1534753&r2=1534754&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/log-message-tags/next-number (original)
+++ httpd/httpd/trunk/docs/log-message-tags/next-number Tue Oct 22 19:55:43 2013
@@ -1 +1 @@
-2547
+2548
Modified: httpd/httpd/trunk/modules/ssl/ssl_engine_config.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/ssl_engine_config.c?rev=1534754&r1=1534753&r2=1534754&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/ssl/ssl_engine_config.c (original)
+++ httpd/httpd/trunk/modules/ssl/ssl_engine_config.c Tue Oct 22 19:55:43 2013
@@ -154,6 +154,10 @@ static void modssl_ctx_init(modssl_ctx_t
mctx->srp_vbase = NULL;
#endif
#ifdef HAVE_SSL_CONF_CMD
+ mctx->ssl_ctx_config = SSL_CONF_CTX_new();
+ SSL_CONF_CTX_set_flags(mctx->ssl_ctx_config, SSL_CONF_FLAG_FILE);
+ SSL_CONF_CTX_set_flags(mctx->ssl_ctx_config, SSL_CONF_FLAG_SERVER);
+ SSL_CONF_CTX_set_flags(mctx->ssl_ctx_config, SSL_CONF_FLAG_CERTIFICATE);
mctx->ssl_ctx_param = apr_array_make(p, 10, sizeof(ssl_ctx_param_t));
#endif
}
@@ -1826,9 +1830,24 @@ const char *ssl_cmd_SSLStaplingForceURL(
const char *ssl_cmd_SSLOpenSSLConfCmd(cmd_parms *cmd, void *dcfg,
const char *arg1, const char *arg2)
{
- ssl_ctx_param_t *param;
SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
- param = apr_array_push(sc->server->ssl_ctx_param);
+ ssl_ctx_param_t *param = apr_array_push(sc->server->ssl_ctx_param);
+ SSL_CONF_CTX *cctx = sc->server->ssl_ctx_config;
+ const char *err;
+ int value_type = SSL_CONF_cmd_value_type(cctx, arg1);
+ if (value_type == SSL_CONF_TYPE_UNKNOWN) {
+ return apr_psprintf(cmd->pool,
+ "'%s': invalid OpenSSL configuration command",
+ arg1);
+ }
+ if (value_type == SSL_CONF_TYPE_FILE) {
+ if ((err = ssl_cmd_check_file(cmd, &arg2)))
+ return err;
+ }
+ else if (value_type == SSL_CONF_TYPE_DIR) {
+ if ((err = ssl_cmd_check_dir(cmd, &arg2)))
+ return err;
+ }
param->name = arg1;
param->value = arg2;
return NULL;
Modified: httpd/httpd/trunk/modules/ssl/ssl_engine_init.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/ssl_engine_init.c?rev=1534754&r1=1534753&r2=1534754&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/ssl/ssl_engine_init.c (original)
+++ httpd/httpd/trunk/modules/ssl/ssl_engine_init.c Tue Oct 22 19:55:43 2013
@@ -515,20 +515,24 @@ static void ssl_init_ctx_protocol(server
#ifdef HAVE_SSL_CONF_CMD
{
ssl_ctx_param_t *param = (ssl_ctx_param_t *)mctx->ssl_ctx_param->elts;
- SSL_CONF_CTX *cctx;
+ SSL_CONF_CTX *cctx = mctx->ssl_ctx_config;
int i;
- cctx = SSL_CONF_CTX_new();
- SSL_CONF_CTX_set_flags(cctx, SSL_CONF_FLAG_FILE|SSL_CONF_FLAG_SERVER);
SSL_CONF_CTX_set_ssl_ctx(cctx, ctx);
for (i = 0; i < mctx->ssl_ctx_param->nelts; i++, param++) {
if (SSL_CONF_cmd(cctx, param->name, param->value) <= 0) {
ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, APLOGNO(02407)
- "Error SSL_CONF_cmd(%s,%s)", param->name, param->value);
+ "Error SSL_CONF_cmd(\"%s\",\"%s\")",
+ param->name, param->value);
+ ssl_log_ssl_error(SSLLOG_MARK, APLOG_EMERG, s);
+ ssl_die(s);
+ }
+ }
+ if (SSL_CONF_CTX_finish(cctx) == 0) {
+ ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, APLOGNO(02547)
+ "Error SSL_CONF_CTX_finish()");
ssl_log_ssl_error(SSLLOG_MARK, APLOG_EMERG, s);
ssl_die(s);
- }
}
- SSL_CONF_CTX_free(cctx);
}
#endif
@@ -1574,6 +1578,9 @@ void ssl_init_Child(apr_pool_t *p, serve
static void ssl_init_ctx_cleanup(modssl_ctx_t *mctx)
{
MODSSL_CFG_ITEM_FREE(SSL_CTX_free, mctx->ssl_ctx);
+#ifdef HAVE_SSL_CONF_CMD
+ MODSSL_CFG_ITEM_FREE(SSL_CONF_CTX_free, mctx->ssl_ctx_config);
+#endif
#ifdef HAVE_SRP
if (mctx->srp_vbase != NULL) {
Modified: httpd/httpd/trunk/modules/ssl/ssl_private.h
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/ssl_private.h?rev=1534754&r1=1534753&r2=1534754&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/ssl/ssl_private.h (original)
+++ httpd/httpd/trunk/modules/ssl/ssl_private.h Tue Oct 22 19:55:43 2013
@@ -656,6 +656,7 @@ typedef struct {
long ocsp_resp_maxage;
apr_interval_time_t ocsp_responder_timeout;
#ifdef HAVE_SSL_CONF_CMD
+ SSL_CONF_CTX *ssl_ctx_config; /* Configuration context */
apr_array_header_t *ssl_ctx_param; /* parameters to pass to SSL_CTX */
#endif
} modssl_ctx_t;