* modules/ssl/mod_ssl.c: Declare new config directives

SSLCADNRequestFile and SSLCADNRequestPath. * modules/ssl/ssl_private.h (modssl_pk_server_t): Add ca_name_path, ca_name_file fields. * modules/ssl/ssl_engine_init.c (ssl_init_ctx_verify): If either of SSLCADNRequestFile or SSLCADNRequestPath are configured, load the CA DN list sent in the CertificateRequest from those certificates. * modules/ssl/ssl_engine_config.c (modssl_ctx_init_server): Use pcalloc to zero-initialize the entire modssl_pk_server_t structure. (ssl_config_server_new): Merge the ca_name_* fields. (ssl_cmd_SSLCADNRequestPath, ssl_cmd_SSLCADNRequestFile): New functions. PR: 32848 Submitted by: Tim Taylor <tim.taylor dfas.mil> git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@125165 13f79535-47bb-0310-9956-ffa450edef68
2025-08-08 15:02:10 +03:00 · 2005-01-14 13:54:31 +00:00
parent 5d4ce7fb94
commit 3f6c23e40a
5 changed files with 63 additions and 15 deletions
--- a/modules/ssl/mod_ssl.c
+++ b/modules/ssl/mod_ssl.c
@@ -116,6 +116,12 @@ static const command_rec ssl_config_cmds[] = {
    SSL_CMD_ALL(CACertificateFile, TAKE1,
                "SSL CA Certificate file "
                "(`/path/to/file' - PEM encoded)")
+    SSL_CMD_SRV(CADNRequestPath, TAKE1,
+                "SSL CA Distinguished Name path "
+                "(`/path/to/dir' - symlink hashes to PEM of acceptable CA names to request)")
+    SSL_CMD_SRV(CADNRequestFile, TAKE1,
+                "SSL CA Distinguished Name file "
+                "(`/path/to/file' - PEM encoded to derive acceptable CA names to request)")
    SSL_CMD_SRV(CARevocationPath, TAKE1,
                "SSL CA Certificate Revocation List (CRL) path "
                "(`/path/to/dir' - contains PEM encoded files)")