www/apache
1
0
Fork 0
mirror of https://github.com/apache/httpd.git synced 2025-08-08 15:02:10 +03:00
Code Activity

More finishing touches for SSLOpenSSLConfCmd:

Browse Source 
- add documentation
- clear the error queue before executing the next SSL_CONF_cmd
- if needed, configure OCSP stapling after a "Certificate" command
- ifdef ssl_cmd_SSLOpenSSLConfCmd in ssl_private.h


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1555464 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Kaspar Brand
2014-01-05 07:38:28 +00:00
parent c0e4f862ad
commit a84af8f546
3 changed files with 58 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
modules/ssl/ssl_engine_init.c
View File

@@ -1286,6 +1286,7 @@ static apr_status_t ssl_init_server_ctx(server_rec *s,
#ifdef HAVE_SSL_CONF_CMD
SSL_CONF_CTX_set_ssl_ctx(cctx, sc->server->ssl_ctx);
for (i = 0; i < sc->server->ssl_ctx_param->nelts; i++, param++) {
ERR_clear_error();
if (SSL_CONF_cmd(cctx, param->name, param->value) <= 0) {
ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, APLOGNO(02407)
"\"SSLOpenSSLConfCmd %s %s\" failed for %s",
@@ -1297,6 +1298,23 @@ static apr_status_t ssl_init_server_ctx(server_rec *s,
"\"SSLOpenSSLConfCmd %s %s\" applied to %s",
param->name, param->value, sc->vhost_id);
}
#ifdef HAVE_OCSP_STAPLING
/*
* Special case: if OCSP stapling is enabled, and a certificate
* has been loaded via "SSLOpenSSLConfCmd Certificate ...", then
* we also need to call ssl_stapling_init_cert here.
*/
if ((sc->server->stapling_enabled == TRUE) &&
!strcasecmp(param->name, "Certificate")) {
X509 *cert = SSL_CTX_get0_certificate(sc->server->ssl_ctx);
if (!cert || !ssl_stapling_init_cert(s, sc->server, cert)) {
ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, APLOGNO(02571)
"Unable to configure certificate loaded "
"from %s for %s for stapling",
param->value, sc->vhost_id);
}
}
#endif
}
if (SSL_CONF_CTX_finish(cctx) == 0) {
ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, APLOGNO(02547)