You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by jo...@apache.org on 2004/08/18 13:05:23 UTC
cvs commit: httpd-2.0/modules/ssl ssl_engine_kernel.c ssl_engine_vars.c
jorton 2004/08/18 04:05:22
Modified: . CHANGES
modules/ssl ssl_engine_kernel.c ssl_engine_vars.c
Log:
* modules/ssl/ssl_engine_vars.c (ssl_var_lookup_ssl_cert_remain): New
function. (ssl_var_lookup_ssl_cert): Support _V_REMAIN suffix for
SSL_{SERVER,CLIENT} as number of days until certificate expires.
* modules/ssl_engine_kernel.c: Export SSL_CLIENT_V_REMAIN if
+StdEnvVars is configured.
Revision Changes Path
1.1557 +3 -0 httpd-2.0/CHANGES
Index: CHANGES
===================================================================
RCS file: /home/cvs/httpd-2.0/CHANGES,v
retrieving revision 1.1556
retrieving revision 1.1557
diff -d -w -u -r1.1556 -r1.1557
--- CHANGES 18 Aug 2004 08:21:54 -0000 1.1556
+++ CHANGES 18 Aug 2004 11:05:15 -0000 1.1557
@@ -2,6 +2,9 @@
[Remove entries to the current 2.0 section below, when backported]
+ *) mod_ssl: Add SSL_CLIENT_V_REMAIN variable, representing the
+ number of days until the client cert expires. [Joe Orton]
+
*) mod_userdir: Ensure that the userdir identity is used for
suexec userdir access in a virtual host which has suexec configured.
PR 18156. [Joshua Slive]
1.110 +1 -0 httpd-2.0/modules/ssl/ssl_engine_kernel.c
Index: ssl_engine_kernel.c
===================================================================
RCS file: /home/cvs/httpd-2.0/modules/ssl/ssl_engine_kernel.c,v
retrieving revision 1.109
retrieving revision 1.110
diff -d -w -u -r1.109 -r1.110
--- ssl_engine_kernel.c 11 Aug 2004 14:25:30 -0000 1.109
+++ ssl_engine_kernel.c 18 Aug 2004 11:05:22 -0000 1.110
@@ -934,6 +934,7 @@
"SSL_CLIENT_M_SERIAL",
"SSL_CLIENT_V_START",
"SSL_CLIENT_V_END",
+ "SSL_CLIENT_V_REMAIN",
"SSL_CLIENT_S_DN",
"SSL_CLIENT_S_DN_C",
"SSL_CLIENT_S_DN_ST",
1.43 +42 -0 httpd-2.0/modules/ssl/ssl_engine_vars.c
Index: ssl_engine_vars.c
===================================================================
RCS file: /home/cvs/httpd-2.0/modules/ssl/ssl_engine_vars.c,v
retrieving revision 1.42
retrieving revision 1.43
diff -d -w -u -r1.42 -r1.43
--- ssl_engine_vars.c 29 Jun 2004 14:06:08 -0000 1.42
+++ ssl_engine_vars.c 18 Aug 2004 11:05:22 -0000 1.43
@@ -29,6 +29,8 @@
#include "ssl_private.h"
#include "mod_ssl.h"
+#include "apr_time.h"
+
/* _________________________________________________________________
**
** Variable Lookup
@@ -39,6 +41,7 @@
static char *ssl_var_lookup_ssl_cert(apr_pool_t *p, X509 *xs, char *var);
static char *ssl_var_lookup_ssl_cert_dn(apr_pool_t *p, X509_NAME *xsname, char *var);
static char *ssl_var_lookup_ssl_cert_valid(apr_pool_t *p, ASN1_UTCTIME *tm);
+static char *ssl_var_lookup_ssl_cert_remain(apr_pool_t *p, ASN1_UTCTIME *tm);
static char *ssl_var_lookup_ssl_cert_serial(apr_pool_t *p, X509 *xs);
static char *ssl_var_lookup_ssl_cert_chain(apr_pool_t *p, STACK_OF(X509) *sk, char *var);
static char *ssl_var_lookup_ssl_cert_PEM(apr_pool_t *p, X509 *xs);
@@ -318,6 +321,10 @@
else if (strcEQ(var, "V_END")) {
result = ssl_var_lookup_ssl_cert_valid(p, X509_get_notAfter(xs));
}
+ else if (strcEQ(var, "V_REMAIN")) {
+ result = ssl_var_lookup_ssl_cert_remain(p, X509_get_notAfter(xs));
+ resdup = FALSE;
+ }
else if (strcEQ(var, "S_DN")) {
xsname = X509_get_subject_name(xs);
cp = X509_NAME_oneline(xsname, NULL, 0);
@@ -447,6 +454,41 @@
result[n] = NUL;
BIO_free(bio);
return result;
+}
+
+#define DIGIT2NUM(x) (((x)[0] - '0') * 10 + (x)[1] - '0')
+
+/* Return a string giving the number of days remaining until 'tm', or
+ * "0" if this can't be determined. */
+static char *ssl_var_lookup_ssl_cert_remain(apr_pool_t *p, ASN1_UTCTIME *tm)
+{
+ apr_time_t then, now = apr_time_now();
+ apr_time_exp_t exp = {0};
+ long diff;
+
+ /* Fail if the time isn't a valid ASN.1 UTCTIME; RFC3280 mandates
+ * that the seconds digits are present even though ASN.1
+ * doesn't. */
+ if (tm->length < 11 || !ASN1_UTCTIME_check(tm)) {
+ return apr_pstrdup(p, "0");
+ }
+
+ exp.tm_year = DIGIT2NUM(tm->data);
+ exp.tm_mon = DIGIT2NUM(tm->data + 2) - 1;
+ exp.tm_mday = DIGIT2NUM(tm->data + 4) + 1;
+ exp.tm_hour = DIGIT2NUM(tm->data + 6);
+ exp.tm_min = DIGIT2NUM(tm->data + 8);
+ exp.tm_sec = DIGIT2NUM(tm->data + 10);
+
+ if (exp.tm_year <= 50) exp.tm_year += 100;
+
+ if (apr_time_exp_gmt_get(&then, &exp) != APR_SUCCESS) {
+ return apr_pstrdup(p, "0");
+ }
+
+ diff = (apr_time_sec(then) - apr_time_sec(now)) / (60*60*24);
+
+ return diff > 0 ? apr_ltoa(p, diff) : apr_pstrdup(p, "0");
}
static char *ssl_var_lookup_ssl_cert_serial(apr_pool_t *p, X509 *xs)