www/apache
1
0
Fork 0
mirror of https://github.com/apache/httpd.git synced 2025-08-05 16:55:50 +03:00
Code Activity

Layout and compiler warning.

Browse Source 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@424735 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Ben Laurie
2006-07-23 13:17:28 +00:00
parent 892785ce39
commit 20c7ffc756
4 changed files with 50 additions and 45 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
modules/ssl/mod_ssl.c
View File

@@ -112,8 +112,8 @@ static const command_rec ssl_config_cmds[] = {
"SSL Server CA Certificate Chain file "
"(`/path/to/file' - PEM encoded)")
SSL_CMD_SRV(PKCS7CertificateFile, TAKE1,
"PKCS#7 file containing server certificate and chain"
" certificates (`/path/to/file' - PEM ecnoded)")
"PKCS#7 file containing server certificate and chain"
" certificates (`/path/to/file' - PEM ecnoded)")
SSL_CMD_ALL(CACertificatePath, TAKE1,
"SSL CA Certificate path "
"(`/path/to/dir' - contains PEM encoded files)")

8
modules/ssl/ssl_engine_init.c
View File

@@ -654,8 +654,8 @@ static void ssl_init_ctx_pkcs7_cert_chain(server_rec *s,modssl_ctx_t *mctx)
int n;
if (!mctx->ssl_ctx->extra_certs)
for (n = 1; n < sk_X509_num(certs); ++n)
SSL_CTX_add_extra_chain_cert(mctx->ssl_ctx, sk_X509_value(certs, n));
for (n = 1; n < sk_X509_num(certs); ++n)
SSL_CTX_add_extra_chain_cert(mctx->ssl_ctx, sk_X509_value(certs, n));
}
static void ssl_init_ctx_cert_chain(server_rec *s,
@@ -668,8 +668,8 @@ static void ssl_init_ctx_cert_chain(server_rec *s,
const char *chain = mctx->cert_chain;
if (mctx->pkcs7) {
ssl_init_ctx_pkcs7_cert_chain(s,mctx);
return;
ssl_init_ctx_pkcs7_cert_chain(s, mctx);
return;
}
/*

49
modules/ssl/ssl_engine_pphrase.c
View File

@@ -186,7 +186,7 @@ void ssl_pphrase_Handle(server_rec *s, apr_pool_t *p)
* because this file isn't encrypted in any way.
*/
if (sc->server->pks->cert_files[0] == NULL
&& sc->server->pkcs7 == NULL) {
&& sc->server->pkcs7 == NULL) {
ap_log_error(APLOG_MARK, APLOG_ERR, 0, pServ,
"Server should be SSL-aware but has no certificate "
"configured [Hint: SSLCertificateFile]");
@@ -196,28 +196,31 @@ void ssl_pphrase_Handle(server_rec *s, apr_pool_t *p)
algoCert = SSL_ALGO_UNKNOWN;
algoKey = SSL_ALGO_UNKNOWN;
for (i = 0, j = 0; i < SSL_AIDX_MAX
&& (sc->server->pks->cert_files[i] != NULL
|| sc->server->pkcs7); i++) {
if (sc->server->pkcs7) {
STACK_OF(X509) *certs = ssl_read_pkcs7(pServ, sc->server->pkcs7);
pX509Cert = sk_X509_value(certs, 0);
i = SSL_AIDX_MAX;
} else {
apr_cpystrn(szPath, sc->server->pks->cert_files[i], sizeof(szPath));
if ((rv = exists_and_readable(szPath, p, NULL)) != APR_SUCCESS) {
ap_log_error(APLOG_MARK, APLOG_ERR, rv, s,
"Init: Can't open server certificate file %s",
szPath);
ssl_die();
}
if ((pX509Cert = SSL_read_X509(szPath, NULL, NULL)) == NULL) {
ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
"Init: Unable to read server certificate from file %s", szPath);
ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s);
ssl_die();
}
}
&& (sc->server->pks->cert_files[i] != NULL
|| sc->server->pkcs7); i++) {
if (sc->server->pkcs7) {
STACK_OF(X509) *certs = ssl_read_pkcs7(pServ,
sc->server->pkcs7);
pX509Cert = sk_X509_value(certs, 0);
i = SSL_AIDX_MAX;
} else {
apr_cpystrn(szPath, sc->server->pks->cert_files[i],
sizeof(szPath));
if ((rv = exists_and_readable(szPath, p, NULL))
!= APR_SUCCESS) {
ap_log_error(APLOG_MARK, APLOG_ERR, rv, s,
"Init: Can't open server certificate file %s",
szPath);
ssl_die();
}
if ((pX509Cert = SSL_read_X509(szPath, NULL, NULL)) == NULL) {
ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
"Init: Unable to read server certificate from"
" file %s", szPath);
ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s);
ssl_die();
}
}
/*
* check algorithm type of certificate and make
* sure only one certificate per type is used.

34
modules/ssl/ssl_util.c
View File

@@ -268,44 +268,46 @@ const char *ssl_asn1_table_keyfmt(apr_pool_t *p,
STACK_OF(X509) *ssl_read_pkcs7(server_rec *s,const char *pkcs7)
{
PKCS7 *p7;
STACK_OF(X509) *certs;
STACK_OF(X509) *certs = NULL;
FILE *f;
f = fopen(pkcs7, "r");
if (!f) {
ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, "Can't open %s", pkcs7);
ssl_die();
ssl_die();
}
p7 = PEM_read_PKCS7(f,NULL,NULL,NULL);
if (!p7) {
ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s,
"Can't read PKCS7 object %s", pkcs7);
ssl_log_ssl_error(APLOG_MARK, APLOG_CRIT, s);
exit(1);
ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s,
"Can't read PKCS7 object %s", pkcs7);
ssl_log_ssl_error(APLOG_MARK, APLOG_CRIT, s);
exit(1);
}
switch (OBJ_obj2nid(p7->type)) {
case NID_pkcs7_signed:
certs = p7->d.sign->cert;
break;
certs = p7->d.sign->cert;
break;
case NID_pkcs7_signedAndEnveloped:
certs = p7->d.signed_and_enveloped->cert;
break;
certs = p7->d.signed_and_enveloped->cert;
break;
default:
ap_log_error(APLOG_MARK, APLOG_CRIT|APLOG_NOERRNO, 0, s,
"Don't understand PKCS7 file %s", pkcs7);
ssl_die();
ap_log_error(APLOG_MARK, APLOG_CRIT|APLOG_NOERRNO, 0, s,
"Don't understand PKCS7 file %s", pkcs7);
ssl_die();
}
if (!certs) {
ap_log_error(APLOG_MARK, APLOG_CRIT|APLOG_NOERRNO, 0, s,
"No certificates in %s", pkcs7);
ssl_die();
ap_log_error(APLOG_MARK, APLOG_CRIT|APLOG_NOERRNO, 0, s,
"No certificates in %s", pkcs7);
ssl_die();
}
fclose(f);
return certs;
}