You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by jk...@apache.org on 2014/01/16 13:49:37 UTC
svn commit: r1558775 - in /httpd/httpd/trunk: docs/manual/programs/httpd.xml
modules/ssl/ssl_engine_config.c
Author: jkaluza
Date: Thu Jan 16 12:49:37 2014
New Revision: 1558775
URL: http://svn.apache.org/r1558775
Log:
mod_ssl: Do not print content of SSL CA directories during -DDUMP_CA_CERTS, make
-DDUMP_CERTS and -DDUMP_CA_CERTS mutually exclusive and document them.
Modified:
httpd/httpd/trunk/docs/manual/programs/httpd.xml
httpd/httpd/trunk/modules/ssl/ssl_engine_config.c
Modified: httpd/httpd/trunk/docs/manual/programs/httpd.xml
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/programs/httpd.xml?rev=1558775&r1=1558774&r2=1558775&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/programs/httpd.xml (original)
+++ httpd/httpd/trunk/docs/manual/programs/httpd.xml Thu Jan 16 12:49:37 2014
@@ -158,7 +158,11 @@ immediately exits after these syntax par
of 0 (Syntax OK) or return code not equal to 0 (Syntax Error). If -D
<var>DUMP</var>_<var>VHOSTS </var>is also set, details of the virtual host
configuration will be printed. If -D <var>DUMP</var>_<var>MODULES </var> is
-set, all loaded modules will be printed.</dd>
+set, all loaded modules will be printed. If -D <var>DUMP</var>_<var>CERTS </var>
+is set and <module>mod_ssl</module> is used, configured SSL certificates will
+be printed. If -D <var>DUMP</var>_<var>CA</var>_<var>_CERTS </var> is set and
+<module>mod_ssl</module> is used, configured SSL CA certificates and configured
+directories containing SSL CA certificates will be printed.</dd>
<dt><code>-v</code></dt>
Modified: httpd/httpd/trunk/modules/ssl/ssl_engine_config.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/ssl_engine_config.c?rev=1558775&r1=1558774&r2=1558775&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/ssl/ssl_engine_config.c (original)
+++ httpd/httpd/trunk/modules/ssl/ssl_engine_config.c Thu Jan 16 12:49:37 2014
@@ -1851,50 +1851,14 @@ const char *ssl_cmd_SSLSRPUnknownUserSee
#endif /* HAVE_SRP */
-static void dump_ca_cert_file(apr_file_t *out, const char *file) {
- X509 *rc;
- BIO *bioS;
-
- if ((bioS=BIO_new_file(file, "r")) == NULL) {
- return;
- }
-
- /* ca_cert_file is loaded using SSL_load_client_CA_file(). This method
- * loads only file of PEM formatted certificates, so we have to load
- * only PEM here too, to stay consistent.
- */
- rc = PEM_read_bio_X509 (bioS, NULL, NULL, NULL);
- BIO_free(bioS);
- if (rc) {
- apr_file_printf(out, " %s\n", file);
- X509_free(rc);
- }
-}
-
-static void dump_ca_cert_path(apr_pool_t *pool, apr_file_t *out,
- const char *ca_cert_path)
+void ssl_hook_ConfigTest(apr_pool_t *pconf, server_rec *s)
{
- apr_dir_t *dir;
- apr_finfo_t direntry;
- apr_int32_t finfo_flags = APR_FINFO_TYPE|APR_FINFO_NAME;
-
- if (apr_dir_open(&dir, ca_cert_path, pool) != APR_SUCCESS) {
+ apr_file_t *out = NULL;
+ if (ap_exists_config_define("DUMP_CERTS") &&
+ ap_exists_config_define("DUMP_CA_CERTS")) {
return;
}
- while ((apr_dir_read(&direntry, finfo_flags, dir)) == APR_SUCCESS) {
- char *file;
- if (direntry.filetype == APR_DIR) {
- continue; /* don't try to load directories */
- }
- file = apr_pstrcat(pool, ca_cert_path, "/", direntry.name, NULL);
- dump_ca_cert_file(out, file);
- }
-}
-
-void ssl_hook_ConfigTest(apr_pool_t *pconf, server_rec *s)
-{
- apr_file_t *out = NULL;
if (ap_exists_config_define("DUMP_CERTS")) {
apr_file_open_stdout(&out, pconf);
apr_file_printf(out, "Server certificates:\n");
@@ -1933,11 +1897,12 @@ void ssl_hook_ConfigTest(apr_pool_t *pco
if (sc && sc->server) {
if (sc->server->auth.ca_cert_path) {
- dump_ca_cert_path(pconf, out,
- sc->server->auth.ca_cert_path);
+ apr_file_printf(out, " %s\n",
+ sc->server->auth.ca_cert_path);
}
if (sc->server->auth.ca_cert_file) {
- dump_ca_cert_file(out, sc->server->auth.ca_cert_file);
+ apr_file_printf(out, " %s\n",
+ sc->server->auth.ca_cert_file);
}
}