www/apache
1
0
Fork 0
mirror of https://github.com/apache/httpd.git synced 2025-08-08 15:02:10 +03:00
Code Activity

fold some duplication within ssl_init_FindCAList() into generic

Browse Source 
ssl_init_PushCAList() function.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93632 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Doug MacEachern
2002-02-28 04:35:29 +00:00
parent c25e79513a
commit 161b60fcff
1 changed files with 34 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files

64
modules/ssl/ssl_engine_init.c
View File

@@ -847,15 +847,38 @@ static int ssl_init_FindCAList_X509NameCmp(X509_NAME **a, X509_NAME **b)
return(X509_NAME_cmp(*a, *b)); return(X509_NAME_cmp(*a, *b));
} }
static void ssl_init_PushCAList(STACK_OF(X509_NAME) *skCAList,
server_rec *s, const char *file)
{
int n;
STACK_OF(X509_NAME) *sk;
sk = (STACK_OF(X509_NAME) *)SSL_load_client_CA_file(file);
for (n = 0; sk != NULL && n < sk_X509_NAME_num(sk); n++) {
X509_NAME *name = sk_X509_NAME_value(sk, n);
ssl_log(s, SSL_LOG_TRACE,
"CA certificate: %s",
X509_NAME_oneline(name, NULL, 0));
if (sk_X509_NAME_find(skCAList, name) < 0) {
/* this will be freed when skCAList is */
sk_X509_NAME_push(skCAList, name);
}
else {
/* need to free this ourselves, else it will leak */
X509_NAME_free(name);
}
}
sk_X509_NAME_free(sk);
}
STACK_OF(X509_NAME) *ssl_init_FindCAList(server_rec *s, apr_pool_t *pp, const char *cpCAfile, const char *cpCApath) STACK_OF(X509_NAME) *ssl_init_FindCAList(server_rec *s, apr_pool_t *pp, const char *cpCAfile, const char *cpCApath)
{ {
STACK_OF(X509_NAME) *skCAList; STACK_OF(X509_NAME) *skCAList;
STACK_OF(X509_NAME) *sk;
apr_dir_t *dir;
apr_finfo_t direntry;
char *cp;
apr_pool_t *p; apr_pool_t *p;
int n;
/* /*
* Use a subpool so we don't bloat up the server pool which * Use a subpool so we don't bloat up the server pool which
@@ -880,39 +903,20 @@ STACK_OF(X509_NAME) *ssl_init_FindCAList(server_rec *s, apr_pool_t *pp, const ch
* Process CA certificate bundle file * Process CA certificate bundle file
*/ */
if (cpCAfile != NULL) { if (cpCAfile != NULL) {
sk = (STACK_OF(X509_NAME) *)SSL_load_client_CA_file(cpCAfile); ssl_init_PushCAList(skCAList, s, cpCAfile);
for(n = 0; sk != NULL && n < sk_X509_NAME_num(sk); n++) {
X509_NAME *name = sk_X509_NAME_value(sk, n);
ssl_log(s, SSL_LOG_TRACE,
"CA certificate: %s",
X509_NAME_oneline(name, NULL, 0));
if (sk_X509_NAME_find(skCAList, name) < 0)
sk_X509_NAME_push(skCAList, name); /* this will be freed when skCAList is */
else
X509_NAME_free(name);
}
sk_X509_NAME_free(sk);
} }
/* /*
* Process CA certificate path files * Process CA certificate path files
*/ */
if (cpCApath != NULL) { if (cpCApath != NULL) {
apr_dir_t *dir;
apr_finfo_t direntry;
apr_dir_open(&dir, cpCApath, p); apr_dir_open(&dir, cpCApath, p);
while ((apr_dir_read(&direntry, APR_FINFO_DIRENT, dir)) != APR_SUCCESS) { while ((apr_dir_read(&direntry, APR_FINFO_DIRENT, dir)) != APR_SUCCESS) {
cp = apr_pstrcat(p, cpCApath, "/", direntry.name, NULL); const char *cp = apr_pstrcat(p, cpCApath, "/", direntry.name, NULL);
sk = (STACK_OF(X509_NAME) *)SSL_load_client_CA_file(cp); ssl_init_PushCAList(skCAList, s, cp);
for(n = 0; sk != NULL && n < sk_X509_NAME_num(sk); n++) {
X509_NAME *name = sk_X509_NAME_value(sk, n);
ssl_log(s, SSL_LOG_TRACE,
"CA certificate: %s",
X509_NAME_oneline(name, NULL, 0));
if (sk_X509_NAME_find(skCAList, name) < 0)
sk_X509_NAME_push(skCAList, name); /* this will be freed when skCAList is */
else
X509_NAME_free(name);
}
sk_X509_NAME_free(sk);
} }
apr_dir_close(dir); apr_dir_close(dir);
} }