www/apache
1
0
Fork 0
mirror of https://github.com/apache/httpd.git synced 2025-08-05 16:55:50 +03:00
Code Activity

* modules/ssl/ssl_engine_init.c (ssl_init_proxy_certs): Fail early

Browse Source 
(rather than segfault later) if a client cert is configured which is
missing either the certificate or private key.

PR: 24030


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@101878 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Joe Orton
2003-11-25 12:35:45 +00:00
parent a7db87b9ad
commit 2c999f855a
1 changed files with 24 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

34
modules/ssl/ssl_engine_init.c
View File

@@ -913,7 +913,7 @@ static void ssl_init_proxy_certs(server_rec *s,
apr_pool_t *ptemp,
modssl_ctx_t *mctx)
{
int ncerts = 0;
int n, ncerts = 0;
STACK_OF(X509_INFO) *sk;
modssl_pk_proxy_t *pkp = mctx->pkp;
@@ -934,18 +934,32 @@ static void ssl_init_proxy_certs(server_rec *s,
SSL_X509_INFO_load_path(ptemp, sk, pkp->cert_path);
}
if ((ncerts = sk_X509_INFO_num(sk)) > 0) {
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
"loaded %d client certs for SSL proxy",
ncerts);
pkp->certs = sk;
}
else {
if ((ncerts = sk_X509_INFO_num(sk)) <= 0) {
sk_X509_INFO_free(sk);
ap_log_error(APLOG_MARK, APLOG_WARNING, 0, s,
"no client certs found for SSL proxy");
sk_X509_INFO_free(sk);
return;
}
/* Check that all client certs have got certificates and private
* keys. */
for (n = 0; n < ncerts; n++) {
X509_INFO *inf = sk_X509_INFO_value(sk, n);
if (!inf->x509 || !inf->x_pkey) {
sk_X509_INFO_free(sk);
ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, s,
"incomplete client cert configured for SSL proxy "
"(missing or encrypted private key?)");
ssl_die();
return;
}
}
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
"loaded %d client certs for SSL proxy",
ncerts);
pkp->certs = sk;
}
static void ssl_init_proxy_ctx(server_rec *s,