www/apache
1
0
Fork 0
mirror of https://github.com/apache/httpd.git synced 2025-08-05 16:55:50 +03:00
Code Activity

Layout and compiler warning.

Browse Source 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@424735 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Ben Laurie
2006-07-23 13:17:28 +00:00
parent 892785ce39
commit 20c7ffc756
4 changed files with 50 additions and 45 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
modules/ssl/mod_ssl.c
View File

@@ -112,8 +112,8 @@ static const command_rec ssl_config_cmds[] = {
"SSL Server CA Certificate Chain file " "SSL Server CA Certificate Chain file "
"(`/path/to/file' - PEM encoded)") "(`/path/to/file' - PEM encoded)")
SSL_CMD_SRV(PKCS7CertificateFile, TAKE1, SSL_CMD_SRV(PKCS7CertificateFile, TAKE1,
"PKCS#7 file containing server certificate and chain" "PKCS#7 file containing server certificate and chain"
" certificates (`/path/to/file' - PEM ecnoded)") " certificates (`/path/to/file' - PEM ecnoded)")
SSL_CMD_ALL(CACertificatePath, TAKE1, SSL_CMD_ALL(CACertificatePath, TAKE1,
"SSL CA Certificate path " "SSL CA Certificate path "
"(`/path/to/dir' - contains PEM encoded files)") "(`/path/to/dir' - contains PEM encoded files)")

8
modules/ssl/ssl_engine_init.c
View File

@@ -654,8 +654,8 @@ static void ssl_init_ctx_pkcs7_cert_chain(server_rec *s,modssl_ctx_t *mctx)
int n; int n;
if (!mctx->ssl_ctx->extra_certs) if (!mctx->ssl_ctx->extra_certs)
for (n = 1; n < sk_X509_num(certs); ++n) for (n = 1; n < sk_X509_num(certs); ++n)
SSL_CTX_add_extra_chain_cert(mctx->ssl_ctx, sk_X509_value(certs, n)); SSL_CTX_add_extra_chain_cert(mctx->ssl_ctx, sk_X509_value(certs, n));
} }
static void ssl_init_ctx_cert_chain(server_rec *s, static void ssl_init_ctx_cert_chain(server_rec *s,
@@ -668,8 +668,8 @@ static void ssl_init_ctx_cert_chain(server_rec *s,
const char *chain = mctx->cert_chain; const char *chain = mctx->cert_chain;
if (mctx->pkcs7) { if (mctx->pkcs7) {
ssl_init_ctx_pkcs7_cert_chain(s,mctx); ssl_init_ctx_pkcs7_cert_chain(s, mctx);
return; return;
} }
/* /*

49
modules/ssl/ssl_engine_pphrase.c
View File

@@ -186,7 +186,7 @@ void ssl_pphrase_Handle(server_rec *s, apr_pool_t *p)
* because this file isn't encrypted in any way. * because this file isn't encrypted in any way.
*/ */
if (sc->server->pks->cert_files[0] == NULL if (sc->server->pks->cert_files[0] == NULL
&& sc->server->pkcs7 == NULL) { && sc->server->pkcs7 == NULL) {
ap_log_error(APLOG_MARK, APLOG_ERR, 0, pServ, ap_log_error(APLOG_MARK, APLOG_ERR, 0, pServ,
"Server should be SSL-aware but has no certificate " "Server should be SSL-aware but has no certificate "
"configured [Hint: SSLCertificateFile]"); "configured [Hint: SSLCertificateFile]");
@@ -196,28 +196,31 @@ void ssl_pphrase_Handle(server_rec *s, apr_pool_t *p)
algoCert = SSL_ALGO_UNKNOWN; algoCert = SSL_ALGO_UNKNOWN;
algoKey = SSL_ALGO_UNKNOWN; algoKey = SSL_ALGO_UNKNOWN;
for (i = 0, j = 0; i < SSL_AIDX_MAX for (i = 0, j = 0; i < SSL_AIDX_MAX
&& (sc->server->pks->cert_files[i] != NULL && (sc->server->pks->cert_files[i] != NULL
|| sc->server->pkcs7); i++) { || sc->server->pkcs7); i++) {
if (sc->server->pkcs7) { if (sc->server->pkcs7) {
STACK_OF(X509) *certs = ssl_read_pkcs7(pServ, sc->server->pkcs7); STACK_OF(X509) *certs = ssl_read_pkcs7(pServ,
sc->server->pkcs7);
pX509Cert = sk_X509_value(certs, 0); pX509Cert = sk_X509_value(certs, 0);
i = SSL_AIDX_MAX; i = SSL_AIDX_MAX;
} else { } else {
apr_cpystrn(szPath, sc->server->pks->cert_files[i], sizeof(szPath)); apr_cpystrn(szPath, sc->server->pks->cert_files[i],
if ((rv = exists_and_readable(szPath, p, NULL)) != APR_SUCCESS) { sizeof(szPath));
ap_log_error(APLOG_MARK, APLOG_ERR, rv, s, if ((rv = exists_and_readable(szPath, p, NULL))
"Init: Can't open server certificate file %s", != APR_SUCCESS) {
szPath); ap_log_error(APLOG_MARK, APLOG_ERR, rv, s,
ssl_die(); "Init: Can't open server certificate file %s",
} szPath);
if ((pX509Cert = SSL_read_X509(szPath, NULL, NULL)) == NULL) { ssl_die();
ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, }
"Init: Unable to read server certificate from file %s", szPath); if ((pX509Cert = SSL_read_X509(szPath, NULL, NULL)) == NULL) {
ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s); ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
ssl_die(); "Init: Unable to read server certificate from"
} " file %s", szPath);
} ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s);
ssl_die();
}
}
/* /*
* check algorithm type of certificate and make * check algorithm type of certificate and make
* sure only one certificate per type is used. * sure only one certificate per type is used.

34
modules/ssl/ssl_util.c
View File

@@ -268,44 +268,46 @@ const char *ssl_asn1_table_keyfmt(apr_pool_t *p,
STACK_OF(X509) *ssl_read_pkcs7(server_rec *s,const char *pkcs7) STACK_OF(X509) *ssl_read_pkcs7(server_rec *s,const char *pkcs7)
{ {
PKCS7 *p7; PKCS7 *p7;
STACK_OF(X509) *certs; STACK_OF(X509) *certs = NULL;
FILE *f; FILE *f;
f = fopen(pkcs7, "r"); f = fopen(pkcs7, "r");
if (!f) { if (!f) {
ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, "Can't open %s", pkcs7); ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, "Can't open %s", pkcs7);
ssl_die(); ssl_die();
} }
p7 = PEM_read_PKCS7(f,NULL,NULL,NULL); p7 = PEM_read_PKCS7(f,NULL,NULL,NULL);
if (!p7) { if (!p7) {
ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s, ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s,
"Can't read PKCS7 object %s", pkcs7); "Can't read PKCS7 object %s", pkcs7);
ssl_log_ssl_error(APLOG_MARK, APLOG_CRIT, s); ssl_log_ssl_error(APLOG_MARK, APLOG_CRIT, s);
exit(1); exit(1);
} }
switch (OBJ_obj2nid(p7->type)) { switch (OBJ_obj2nid(p7->type)) {
case NID_pkcs7_signed: case NID_pkcs7_signed:
certs = p7->d.sign->cert; certs = p7->d.sign->cert;
break; break;
case NID_pkcs7_signedAndEnveloped: case NID_pkcs7_signedAndEnveloped:
certs = p7->d.signed_and_enveloped->cert; certs = p7->d.signed_and_enveloped->cert;
break; break;
default: default:
ap_log_error(APLOG_MARK, APLOG_CRIT|APLOG_NOERRNO, 0, s, ap_log_error(APLOG_MARK, APLOG_CRIT|APLOG_NOERRNO, 0, s,
"Don't understand PKCS7 file %s", pkcs7); "Don't understand PKCS7 file %s", pkcs7);
ssl_die(); ssl_die();
} }
if (!certs) { if (!certs) {
ap_log_error(APLOG_MARK, APLOG_CRIT|APLOG_NOERRNO, 0, s, ap_log_error(APLOG_MARK, APLOG_CRIT|APLOG_NOERRNO, 0, s,
"No certificates in %s", pkcs7); "No certificates in %s", pkcs7);
ssl_die(); ssl_die();
} }
fclose(f);
return certs; return certs;
} }