You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by Yann Ylavic <yl...@gmail.com> on 2018/05/29 21:54:51 UTC
Re: svn commit: r1805182 - in /httpd/httpd/trunk: CHANGES
docs/conf/extra/httpd-ssl.conf.in docs/manual/mod/mod_ssl.xml
modules/ssl/mod_ssl.c modules/ssl/ssl_engine_config.c modules/ssl/ssl_engine_init.c
modules/ssl/ssl_private.h
On Wed, Aug 16, 2017 at 2:22 PM, <ic...@apache.org> wrote:
> Author: icing
> Date: Wed Aug 16 12:22:28 2017
> New Revision: 1805182
>
> URL: http://svn.apache.org/viewvc?rev=1805182&view=rev
> Log:
> On the trunk:
>
> mod_ssl: adding SSLPolicy and SSLProxyPolicy directives plus documentation.
[]
> ==============================================================================
> --- httpd/httpd/trunk/modules/ssl/ssl_engine_config.c (original)
> +++ httpd/httpd/trunk/modules/ssl/ssl_engine_config.c Wed Aug 16 12:22:28 2017
[]
> @@ -2056,4 +2396,412 @@ void ssl_hook_ConfigTest(apr_pool_t *pco
> return;
> }
Can't we have/want both DUMP_CERTS and DUMP_SSL_POLICIES here?
(i.e. maybe we could remove "return;" in above and below "if" blocks)
>
> + if (ap_exists_config_define("DUMP_SSL_POLICIES")) {
> + apr_array_header_t *names = get_policy_names(pconf, 1);
> + SSLPolicyRec *policy;
> + const char *name, *sep = "";
> + int i;
> +
> + apr_file_open_stdout(&out, pconf);
> + apr_file_printf(out, "SSLPolicies: {");
> + for (i = 0; i < names->nelts; ++i) {
> + name = APR_ARRAY_IDX(names, i, const char*);
> + policy = ssl_policy_lookup(pconf, name);
> + if (policy) {
> + apr_file_printf(out, "%s\n \"%s\": {", sep, name);
> + sep = ", ";
> + ssl_policy_dump(policy, pconf, out, " ");
> + apr_file_printf(out, "\n }");
> + }
> + }
> + apr_file_printf(out, "\n}\n");
> + return;
> + }
> }
Re: svn commit: r1805182 - in /httpd/httpd/trunk: CHANGES
docs/conf/extra/httpd-ssl.conf.in docs/manual/mod/mod_ssl.xml
modules/ssl/mod_ssl.c modules/ssl/ssl_engine_config.c
modules/ssl/ssl_engine_init.c modules/ssl/ssl_private.h
Posted by Stefan Eissing <st...@greenbytes.de>.
> Am 29.05.2018 um 23:54 schrieb Yann Ylavic <yl...@gmail.com>:
>
> On Wed, Aug 16, 2017 at 2:22 PM, <ic...@apache.org> wrote:
>> Author: icing
>> Date: Wed Aug 16 12:22:28 2017
>> New Revision: 1805182
>>
>> URL: http://svn.apache.org/viewvc?rev=1805182&view=rev
>> Log:
>> On the trunk:
>>
>> mod_ssl: adding SSLPolicy and SSLProxyPolicy directives plus documentation.
> []
>> ==============================================================================
>> --- httpd/httpd/trunk/modules/ssl/ssl_engine_config.c (original)
>> +++ httpd/httpd/trunk/modules/ssl/ssl_engine_config.c Wed Aug 16 12:22:28 2017
> []
>> @@ -2056,4 +2396,412 @@ void ssl_hook_ConfigTest(apr_pool_t *pco
>> return;
>> }
>
> Can't we have/want both DUMP_CERTS and DUMP_SSL_POLICIES here?
> (i.e. maybe we could remove "return;" in above and below "if" blocks)
Possibly. I tried to do the addition in the spirit of what was already there. In order not to break things...it has happened.
Someone have an idea why the DUMP_XXX of mod_ssl have been made exclusive to each other?
>>
>> + if (ap_exists_config_define("DUMP_SSL_POLICIES")) {
>> + apr_array_header_t *names = get_policy_names(pconf, 1);
>> + SSLPolicyRec *policy;
>> + const char *name, *sep = "";
>> + int i;
>> +
>> + apr_file_open_stdout(&out, pconf);
>> + apr_file_printf(out, "SSLPolicies: {");
>> + for (i = 0; i < names->nelts; ++i) {
>> + name = APR_ARRAY_IDX(names, i, const char*);
>> + policy = ssl_policy_lookup(pconf, name);
>> + if (policy) {
>> + apr_file_printf(out, "%s\n \"%s\": {", sep, name);
>> + sep = ", ";
>> + ssl_policy_dump(policy, pconf, out, " ");
>> + apr_file_printf(out, "\n }");
>> + }
>> + }
>> + apr_file_printf(out, "\n}\n");
>> + return;
>> + }
>> }