www/apache
1
0
Fork 0
mirror of https://github.com/apache/httpd.git synced 2025-08-07 04:02:58 +03:00
Code Activity

breakup SSLSrvConfigRec in preparation for proxy support:

Browse Source 
+ modssl_pk_server_t - certs/keys for the server
+ modssl_pk_proxy_t  - certs/keys for the proxy
+ modssl_auth_ctx_t  - stuff related to authentication that can also
                       be per-dir, used by both server and proxy
+ modssl_ctx_t       - context that can be used by both server and proxy
+ SSLSrvConfigRec    - now contains original stuff specific to the
                       server config and modssl_ctx_t *server, *proxy


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94267 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Doug MacEachern
2002-03-28 18:50:07 +00:00
parent e90c7fb27f
commit 1d76ab39ff
6 changed files with 239 additions and 168 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
modules/ssl/ssl_engine_kernel.c
View File

@@ -497,7 +497,7 @@ int ssl_hook_Access(request_rec *r)
if (dc->nVerifyDepth != UNSET) {
/* XXX: doesnt look like sslconn->verify_depth is actually used */
if (!(n = sslconn->verify_depth)) {
sslconn->verify_depth = n = sc->nVerifyDepth;
sslconn->verify_depth = n = sc->server->auth.verify_depth;
}
/* determine whether a renegotiation has to be forced */
@@ -1301,7 +1301,7 @@ int ssl_callback_SSLVerify(int ok, X509_STORE_CTX *ctx)
verify = dc->nVerifyClient;
}
else {
verify = sc->nVerifyClient;
verify = sc->server->auth.verify_mode;
}
if (ssl_verify_error_is_optional(errnum) &&
@@ -1344,7 +1344,7 @@ int ssl_callback_SSLVerify(int ok, X509_STORE_CTX *ctx)
depth = dc->nVerifyDepth;
}
else {
depth = sc->nVerifyDepth;
depth = sc->server->auth.verify_depth;
}
if (errdepth > depth) {
@@ -1378,7 +1378,7 @@ int ssl_callback_SSLVerify_CRL(int ok, X509_STORE_CTX *ctx, server_rec *s)
* Unless a revocation store for CRLs was created we
* cannot do any CRL-based verification, of course.
*/
if (!sc->pRevocationStore) {
if (!sc->server->crl) {
return ok;
}
@@ -1425,7 +1425,7 @@ int ssl_callback_SSLVerify_CRL(int ok, X509_STORE_CTX *ctx, server_rec *s)
* the current certificate in order to verify it's integrity.
*/
memset((char *)&obj, 0, sizeof(obj));
rc = SSL_X509_STORE_lookup(sc->pRevocationStore,
rc = SSL_X509_STORE_lookup(sc->server->crl,
X509_LU_CRL, subject, &obj);
crl = obj.data.crl;
@@ -1502,7 +1502,7 @@ int ssl_callback_SSLVerify_CRL(int ok, X509_STORE_CTX *ctx, server_rec *s)
* the current certificate in order to check for revocation.
*/
memset((char *)&obj, 0, sizeof(obj));
rc = SSL_X509_STORE_lookup(sc->pRevocationStore,
rc = SSL_X509_STORE_lookup(sc->server->crl,
X509_LU_CRL, issuer, &obj);
crl = obj.data.crl;