You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by jo...@apache.org on 2005/02/15 13:39:49 UTC
svn commit: r153933 - in httpd/httpd/trunk: CHANGES modules/ssl/mod_ssl.h
modules/ssl/ssl_engine_vars.c modules/ssl/ssl_private.h
Author: jorton
Date: Tue Feb 15 04:39:45 2005
New Revision: 153933
URL: http://svn.apache.org/viewcvs?view=rev&rev=153933
Log:
* modules/ssl/mod_ssl.h: Add ssl_ext_lookup optional hook declaration.
* modules/ssl/ssl_engine_vars.c (ssl_ext_lookup): New function.
(ssl_var_register): Register optional function.
* modules/ssl/ssl_private.h (ssl_ext_lookup): Add prototype.
Submitted by: David Reid, Joe Orton
Modified:
httpd/httpd/trunk/CHANGES
httpd/httpd/trunk/modules/ssl/mod_ssl.h
httpd/httpd/trunk/modules/ssl/ssl_engine_vars.c
httpd/httpd/trunk/modules/ssl/ssl_private.h
Modified: httpd/httpd/trunk/CHANGES
URL: http://svn.apache.org/viewcvs/httpd/httpd/trunk/CHANGES?view=diff&r1=153932&r2=153933
==============================================================================
--- httpd/httpd/trunk/CHANGES (original)
+++ httpd/httpd/trunk/CHANGES Tue Feb 15 04:39:45 2005
@@ -2,6 +2,9 @@
[Remove entries to the current 2.0 section below, when backported]
+ *) mod_ssl: Add ssl_ext_lookup optional function for accessing
+ certificate extensions. [David Reid, Joe Orton]
+
*) Add support for use of an external PCRE library; pass the
--with-pcre flag to configure. PR 27550. [Joe Orton,
Andres Salomon <dilinger voxel.net>]
Modified: httpd/httpd/trunk/modules/ssl/mod_ssl.h
URL: http://svn.apache.org/viewcvs/httpd/httpd/trunk/modules/ssl/mod_ssl.h?view=diff&r1=153932&r2=153933
==============================================================================
--- httpd/httpd/trunk/modules/ssl/mod_ssl.h (original)
+++ httpd/httpd/trunk/modules/ssl/mod_ssl.h Tue Feb 15 04:39:45 2005
@@ -27,6 +27,16 @@
conn_rec *, request_rec *,
char *));
+/* The ssl_ext_lookup() optional function retrieves the value of a SSL
+ * certificate X.509 extension. The client certificate is used if
+ * peer is non-zero; the server certificate is used otherwise. The
+ * oidnum parameter specifies the numeric OID (e.g. "1.2.3.4") of the
+ * desired extension. The string value of the extension is returned,
+ * or NULL on error. */
+APR_DECLARE_OPTIONAL_FN(const char *, ssl_ext_lookup,
+ (apr_pool_t *p, conn_rec *c, int peer,
+ const char *oidnum));
+
/* An optional function which returns non-zero if the given connection
* is using SSL/TLS. */
APR_DECLARE_OPTIONAL_FN(int, ssl_is_https, (conn_rec *));
Modified: httpd/httpd/trunk/modules/ssl/ssl_engine_vars.c
URL: http://svn.apache.org/viewcvs/httpd/httpd/trunk/modules/ssl/ssl_engine_vars.c?view=diff&r1=153932&r2=153933
==============================================================================
--- httpd/httpd/trunk/modules/ssl/ssl_engine_vars.c (original)
+++ httpd/httpd/trunk/modules/ssl/ssl_engine_vars.c Tue Feb 15 04:39:45 2005
@@ -61,6 +61,7 @@
{
APR_REGISTER_OPTIONAL_FN(ssl_is_https);
APR_REGISTER_OPTIONAL_FN(ssl_var_lookup);
+ APR_REGISTER_OPTIONAL_FN(ssl_ext_lookup);
return;
}
@@ -652,6 +653,61 @@
*cp2 = NUL;
}
}
+ return result;
+}
+
+const char *ssl_ext_lookup(apr_pool_t *p, conn_rec *c, int peer,
+ const char *oidnum)
+{
+ SSLConnRec *sslconn = myConnConfig(c);
+ SSL *ssl;
+ X509 *xs = NULL;
+ ASN1_OBJECT *oid;
+ int count = 0, j;
+ char *result = NULL;
+
+ if (!sslconn || !sslconn->ssl) {
+ return NULL;
+ }
+ ssl = sslconn->ssl;
+
+ oid = OBJ_txt2obj(oidnum, 1);
+ if (!oid) {
+ ERR_clear_error();
+ return NULL;
+ }
+
+ xs = peer ? SSL_get_peer_certificate(ssl) : SSL_get_certificate(ssl);
+ if (xs == NULL) {
+ return NULL;
+ }
+
+ count = X509_get_ext_count(xs);
+
+ for (j = 0; j < count; j++) {
+ X509_EXTENSION *ext = X509_get_ext(xs, j);
+
+ if (OBJ_cmp(ext->object, oid) == 0) {
+ BIO *bio = BIO_new(BIO_s_mem());
+
+ if (X509V3_EXT_print(bio, ext, 0, 0) == 1) {
+ BUF_MEM *buf;
+
+ BIO_get_mem_ptr(bio, &buf);
+ result = apr_pstrmemdup(p, buf->data, buf->length);
+ }
+
+ BIO_vfree(bio);
+ break;
+ }
+ }
+
+ if (peer) {
+ /* only SSL_get_peer_certificate raises the refcount */
+ X509_free(xs);
+ }
+
+ ERR_clear_error();
return result;
}
Modified: httpd/httpd/trunk/modules/ssl/ssl_private.h
URL: http://svn.apache.org/viewcvs/httpd/httpd/trunk/modules/ssl/ssl_private.h?view=diff&r1=153932&r2=153933
==============================================================================
--- httpd/httpd/trunk/modules/ssl/ssl_private.h (original)
+++ httpd/httpd/trunk/modules/ssl/ssl_private.h Tue Feb 15 04:39:45 2005
@@ -641,6 +641,8 @@
/* Variables */
void ssl_var_register(void);
char *ssl_var_lookup(apr_pool_t *, server_rec *, conn_rec *, request_rec *, char *);
+const char *ssl_ext_lookup(apr_pool_t *p, conn_rec *c, int peer, const char *oid);
+
void ssl_var_log_config_register(apr_pool_t *p);
#define APR_SHM_MAXSIZE (64 * 1024 * 1024)