You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by jo...@apache.org on 2020/12/15 09:52:44 UTC
svn commit: r1884452 - /httpd/httpd/trunk/modules/ssl/ssl_engine_init.c
Author: jorton
Date: Tue Dec 15 09:52:43 2020
New Revision: 1884452
URL: http://svn.apache.org/viewvc?rev=1884452&view=rev
Log:
* modules/ssl/ssl_engine_init.c (ssl_init_ctx_cert_chain): Log the
OpenSSL errors if CA certs cannot be loaded.
Modified:
httpd/httpd/trunk/modules/ssl/ssl_engine_init.c
Modified: httpd/httpd/trunk/modules/ssl/ssl_engine_init.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/ssl_engine_init.c?rev=1884452&r1=1884451&r2=1884452&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/ssl/ssl_engine_init.c (original)
+++ httpd/httpd/trunk/modules/ssl/ssl_engine_init.c Tue Dec 15 09:52:43 2020
@@ -1161,7 +1161,9 @@ static apr_status_t ssl_init_ctx_crl(ser
/*
* Read a file that optionally contains the server certificate in PEM
* format, possibly followed by a sequence of CA certificates that
- * should be sent to the peer in the SSL Certificate message.
+ * should be sent to the peer in the SSL Certificate message. Returns
+ * 0 on success, otherwise the OpenSSL error stack contents should be
+ * reported.
*/
static int use_certificate_chain(
SSL_CTX *ctx, char *file, int skipfirst, pem_password_cb *cb)
@@ -1258,6 +1260,7 @@ static apr_status_t ssl_init_ctx_cert_ch
if (n < 0) {
ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, APLOGNO(01903)
"Failed to configure CA certificate chain!");
+ ssl_log_ssl_error(SSLLOG_MARK, APLOG_EMERG, s);
return ssl_die(s);
}