You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by yl...@apache.org on 2017/03/24 12:40:27 UTC
svn commit: r1788430 - in /httpd/httpd/trunk/modules/ssl: mod_ssl.c
ssl_engine_config.c ssl_engine_ocsp.c ssl_private.h
Author: ylavic
Date: Fri Mar 24 12:40:27 2017
New Revision: 1788430
URL: http://svn.apache.org/viewvc?rev=1788430&view=rev
Log:
mod_ssl: follow up to r1781575
Fix SSLOCSPNoVerify merging, and while at it capitalize Verify as suggested
by wrowe.
Modified:
httpd/httpd/trunk/modules/ssl/mod_ssl.c
httpd/httpd/trunk/modules/ssl/ssl_engine_config.c
httpd/httpd/trunk/modules/ssl/ssl_engine_ocsp.c
httpd/httpd/trunk/modules/ssl/ssl_private.h
Modified: httpd/httpd/trunk/modules/ssl/mod_ssl.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/mod_ssl.c?rev=1788430&r1=1788429&r2=1788430&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/ssl/mod_ssl.c (original)
+++ httpd/httpd/trunk/modules/ssl/mod_ssl.c Fri Mar 24 12:40:27 2017
@@ -265,7 +265,7 @@ static const command_rec ssl_config_cmds
"Proxy URL to use for OCSP requests")
/* Define OCSP Responder Certificate Verification Directive */
- SSL_CMD_SRV(OCSPNoverify, FLAG,
+ SSL_CMD_SRV(OCSPNoVerify, FLAG,
"Do not verify OCSP Responder certificate ('on', 'off')")
/* Define OCSP Responder File Configuration Directive */
SSL_CMD_SRV(OCSPResponderCertificateFile, TAKE1,
Modified: httpd/httpd/trunk/modules/ssl/ssl_engine_config.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/ssl_engine_config.c?rev=1788430&r1=1788429&r2=1788430&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/ssl/ssl_engine_config.c (original)
+++ httpd/httpd/trunk/modules/ssl/ssl_engine_config.c Fri Mar 24 12:40:27 2017
@@ -147,7 +147,7 @@ static void modssl_ctx_init(modssl_ctx_t
mctx->proxy_uri = NULL;
/* Set OCSP Responder Certificate Verification variable */
- mctx->ocsp_noverify = FALSE;
+ mctx->ocsp_noverify = UNSET;
/* Set OCSP Responder File variables */
mctx->ocsp_verify_flags = 0;
mctx->ocsp_certs_file = NULL;
@@ -1721,7 +1721,7 @@ const char *ssl_cmd_SSLOCSPProxyURL(cmd_
}
/* Set OCSP responder certificate verification directive */
-const char *ssl_cmd_SSLOCSPNoverify(cmd_parms *cmd, void *dcfg, int flag)
+const char *ssl_cmd_SSLOCSPNoVerify(cmd_parms *cmd, void *dcfg, int flag)
{
SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
Modified: httpd/httpd/trunk/modules/ssl/ssl_engine_ocsp.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/ssl_engine_ocsp.c?rev=1788430&r1=1788429&r2=1788430&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/ssl/ssl_engine_ocsp.c (original)
+++ httpd/httpd/trunk/modules/ssl/ssl_engine_ocsp.c Fri Mar 24 12:40:27 2017
@@ -184,7 +184,7 @@ static int verify_ocsp_status(X509 *cert
if (rc == V_OCSP_CERTSTATUS_GOOD) {
/* Check if OCSP certificate verification required */
- if (!sc->server->ocsp_noverify) {
+ if (sc->server->ocsp_noverify != TRUE) {
/* Modify OCSP response verification to include OCSP Responder cert */
if (OCSP_basic_verify(basicResponse, sc->server->ocsp_certs, X509_STORE_CTX_get0_store(ctx),
sc->server->ocsp_verify_flags) != 1) {
Modified: httpd/httpd/trunk/modules/ssl/ssl_private.h
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/ssl_private.h?rev=1788430&r1=1788429&r2=1788430&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/ssl/ssl_private.h (original)
+++ httpd/httpd/trunk/modules/ssl/ssl_private.h Fri Mar 24 12:40:27 2017
@@ -815,7 +815,7 @@ const char *ssl_cmd_SSLOCSPEnable(cmd_pa
const char *ssl_cmd_SSLOCSPProxyURL(cmd_parms *cmd, void *dcfg, const char *arg);
/* Declare OCSP Responder Certificate Verification Directive */
-const char *ssl_cmd_SSLOCSPNoverify(cmd_parms *cmd, void *dcfg, int flag);
+const char *ssl_cmd_SSLOCSPNoVerify(cmd_parms *cmd, void *dcfg, int flag);
/* Declare OCSP Responder Certificate File Directive */
const char *ssl_cmd_SSLOCSPResponderCertificateFile(cmd_parms *cmd, void *dcfg, const char *arg);