www/apache
1
0
Fork 0
mirror of https://github.com/apache/httpd.git synced 2025-08-07 04:02:58 +03:00
Code Activity

mod_ssl: follow up to r1734561.

Browse Source 
Simplify CRL check mode and flags handling/merging by using a single mask (int).

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1735337 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Yann Ylavic
2016-03-16 22:54:27 +00:00
parent e6622f1d5e
commit 5bc7c3ca2d
4 changed files with 45 additions and 79 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
modules/ssl/ssl_engine_kernel.c
View File

@@ -1569,12 +1569,14 @@ int ssl_callback_SSLVerify(int ok, X509_STORE_CTX *ctx)
SSLDirConfigRec *dc = r ? myDirConfig(r) : NULL;
SSLConnRec *sslconn = myConnConfig(conn);
modssl_ctx_t *mctx = myCtxConfig(sslconn, sc);
int crl_check_mode = mctx->crl_check_mask & ~SSL_CRLCHECK_FLAGS;
/* Get verify ingredients */
int errnum = X509_STORE_CTX_get_error(ctx);
int errdepth = X509_STORE_CTX_get_error_depth(ctx);
int depth, verify;
/*
* Log verification information
*/
@@ -1582,10 +1584,9 @@ int ssl_callback_SSLVerify(int ok, X509_STORE_CTX *ctx)
X509_STORE_CTX_get_current_cert(ctx), APLOGNO(02275)
"Certificate Verification, depth %d, "
"CRL checking mode: %s (%x)", errdepth,
mctx->crl_check_mode == SSL_CRLCHECK_CHAIN ?
"chain" : (mctx->crl_check_mode == SSL_CRLCHECK_LEAF ?
"leaf" : "none"),
mctx->crl_check_flags);
crl_check_mode == SSL_CRLCHECK_CHAIN ? "chain" :
crl_check_mode == SSL_CRLCHECK_LEAF ? "leaf" : "none",
mctx->crl_check_mask);
/*
* Check for optionally acceptable non-verifiable issuer situation
@@ -1635,7 +1636,7 @@ int ssl_callback_SSLVerify(int ok, X509_STORE_CTX *ctx)
}
if (!ok && errnum == X509_V_ERR_UNABLE_TO_GET_CRL
&& (mctx->crl_check_flags & MODSSL_CCF_NO_CRL_FOR_CERT_OK)) {
&& (mctx->crl_check_mask & SSL_CRLCHECK_NO_CRL_FOR_CERT_OK)) {
errnum = X509_V_OK;
ok = TRUE;
}