Doug MacEachern
ea4cfaae7c
setup sc->proxy->sc
...
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94281 13f79535-47bb-0310-9956-ffa450edef68
2002-03-29 02:01:49 +00:00
Doug MacEachern
78b02f8110
switch from SSLSrvConfigRec* to modssl_ctx_t* in the ssl_init_ctx*
...
functions
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94274 13f79535-47bb-0310-9956-ffa450edef68
2002-03-28 19:48:31 +00:00
Doug MacEachern
1d76ab39ff
breakup SSLSrvConfigRec in preparation for proxy support:
...
+ modssl_pk_server_t - certs/keys for the server
+ modssl_pk_proxy_t - certs/keys for the proxy
+ modssl_auth_ctx_t - stuff related to authentication that can also
be per-dir, used by both server and proxy
+ modssl_ctx_t - context that can be used by both server and proxy
+ SSLSrvConfigRec - now contains original stuff specific to the
server config and modssl_ctx_t *server, *proxy
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94267 13f79535-47bb-0310-9956-ffa450edef68
2002-03-28 18:50:07 +00:00
Doug MacEachern
d5c395f0e7
de-hungarian-ize server config member names which are going to stay
...
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94264 13f79535-47bb-0310-9956-ffa450edef68
2002-03-28 17:11:12 +00:00
Doug MacEachern
d40a4f8d8e
remove error msg hint that is no longer true
...
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94261 13f79535-47bb-0310-9956-ffa450edef68
2002-03-28 02:51:52 +00:00
Doug MacEachern
5a392794c4
fixup naming:
...
ssl_init_ctx_* will be used for both proxy and server
ssl_init_server_* is specific to the server
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94260 13f79535-47bb-0310-9956-ffa450edef68
2002-03-28 02:46:28 +00:00
Doug MacEachern
f69256ac13
move context callback setting to ssl_init_ctx_callbacks function
...
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94259 13f79535-47bb-0310-9956-ffa450edef68
2002-03-28 02:40:01 +00:00
Doug MacEachern
972e8bdafe
move server cert/key initialization to ssl_init_server_certs function
...
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94258 13f79535-47bb-0310-9956-ffa450edef68
2002-03-28 02:36:05 +00:00
Doug MacEachern
44f93970ac
copy DSA params to server server during key import
...
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94257 13f79535-47bb-0310-9956-ffa450edef68
2002-03-28 02:28:06 +00:00
Doug MacEachern
0a76ba100d
fix logic from last commit, need to always try importing _both_ rsa
...
and dsa
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94256 13f79535-47bb-0310-9956-ffa450edef68
2002-03-28 02:09:58 +00:00
Doug MacEachern
1712e063a9
fold some duplication into generic ssl_server_import_key function
...
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94255 13f79535-47bb-0310-9956-ffa450edef68
2002-03-28 02:01:03 +00:00
Doug MacEachern
b63b80acf5
fold some duplication into generic ssl_server_import_cert function
...
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94253 13f79535-47bb-0310-9956-ffa450edef68
2002-03-28 01:47:50 +00:00
Doug MacEachern
886376b4cb
move server cert checking into generic ssl_check_public_cert function.
...
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94252 13f79535-47bb-0310-9956-ffa450edef68
2002-03-28 01:32:41 +00:00
Doug MacEachern
e6f3b17fd0
move server specific init config checks into ssl_init_check_server
...
function (ssl_init_check_proxy will be different)
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94250 13f79535-47bb-0310-9956-ffa450edef68
2002-03-28 01:14:53 +00:00
Doug MacEachern
52d5e83027
break out certificate chain initialization into
...
ssl_init_cert_chain function
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94249 13f79535-47bb-0310-9956-ffa450edef68
2002-03-28 01:07:20 +00:00
Doug MacEachern
249519625c
there is a heaping pile of:
...
ssl_log(s, flags, "Init: (%s) ...", sc->szVHostID)
add SSL_INIT flag to cut down some noise and end up with:
ssl_log(s, flags, "...")
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94247 13f79535-47bb-0310-9956-ffa450edef68
2002-03-28 00:34:13 +00:00
Doug MacEachern
934bb7f29b
break out certificate revocation list initialization into
...
ssl_init_crl function
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94246 13f79535-47bb-0310-9956-ffa450edef68
2002-03-27 23:53:27 +00:00
Doug MacEachern
a413cb6798
break out cipher suite initialization into ssl_init_cipher_suite function
...
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94245 13f79535-47bb-0310-9956-ffa450edef68
2002-03-27 23:49:09 +00:00
Doug MacEachern
20ae69adba
move warning about session cache not being configured to ssl_scache_init
...
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94243 13f79535-47bb-0310-9956-ffa450edef68
2002-03-27 23:25:58 +00:00
Doug MacEachern
9379b72632
break out SSL_CTX session initialization into
...
ssl_init_session_cache_ctx function
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94242 13f79535-47bb-0310-9956-ffa450edef68
2002-03-27 23:19:08 +00:00
Cliff Woolley
af9bfbb2b3
"Oops" has two o's in it. :)
...
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94235 13f79535-47bb-0310-9956-ffa450edef68
2002-03-27 21:16:37 +00:00
Doug MacEachern
948cab95a4
break SSL_CTX initialization into ssl_init_ctx function
...
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94234 13f79535-47bb-0310-9956-ffa450edef68
2002-03-27 21:14:49 +00:00
Doug MacEachern
bbd6a5e76f
(starting to break apart the init code into smaller, generic functions,
...
preparing for proxy support)
break out verify code into ssl_init_verify function.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94233 13f79535-47bb-0310-9956-ffa450edef68
2002-03-27 21:07:08 +00:00
William A. Rowe Jr
05ae021cfd
Clear up a const warning, and recognize some arrays by changing the
...
variable names to the plural [rather than aszFoo, which I hope continues
to be cleaned up as folks have time.]
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93982 13f79535-47bb-0310-9956-ffa450edef68
2002-03-17 17:32:24 +00:00
Roy T. Fielding
845cbfd508
Update our copyright for this year.
...
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93918 13f79535-47bb-0310-9956-ffa450edef68
2002-03-13 20:48:07 +00:00
Doug MacEachern
e89fcb92f1
use ssl_asn1_keystr
...
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93913 13f79535-47bb-0310-9956-ffa450edef68
2002-03-13 18:59:56 +00:00
Doug MacEachern
9432ed4273
use ssl_asn1_table_keyfmt() function and only format each (rsa,dsa)
...
lookup key once, rather than twice.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93911 13f79535-47bb-0310-9956-ffa450edef68
2002-03-13 18:51:35 +00:00
Doug MacEachern
9dbc0c3442
couple o minor style/log fixos
...
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93896 13f79535-47bb-0310-9956-ffa450edef68
2002-03-13 05:05:51 +00:00
Doug MacEachern
55294115e5
use ptemp in ssl_init_FindCAList() rather than creating a subpool.
...
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93895 13f79535-47bb-0310-9956-ffa450edef68
2002-03-13 04:59:19 +00:00
Doug MacEachern
e38e20775e
switch to ptemp pool for ssl_pphrase_Handle
...
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93894 13f79535-47bb-0310-9956-ffa450edef68
2002-03-13 04:49:23 +00:00
Doug MacEachern
22b44bf05c
only call: ssl_rand_seed(s, p, SSL_RSCTX_STARTUP, "Init: ");
...
once at startup. if there is value in calling it more than once at
startup, it should be done explicitly rather than hidden in
ssl_tmp_keys_init().
switch to ptemp pool when calling ssl_rand_seed() at startup.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93893 13f79535-47bb-0310-9956-ffa450edef68
2002-03-13 04:38:35 +00:00
Doug MacEachern
ec39586ace
minor ssl_init_CheckServers() enhancements:
...
- pass the ptemp (temporary pool) so we don't need to create a subpool
and destroy it ourselves.
- change ssl_ds_table usage to apr_hash_t
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93887 13f79535-47bb-0310-9956-ffa450edef68
2002-03-13 01:15:14 +00:00
Doug MacEachern
e7f00d8c09
folding more duplication in ssl_tmp_keys_init
...
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93886 13f79535-47bb-0310-9956-ffa450edef68
2002-03-13 00:50:13 +00:00
Doug MacEachern
d9d26c6b82
for the sake of readablity,
...
change: SSL_TKPIDX_{DH,RSA}{512,1024}
to: SSL_TMP_KEY_{DH,RSA}_{512,1024}
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93883 13f79535-47bb-0310-9956-ffa450edef68
2002-03-12 23:05:33 +00:00
Doug MacEachern
52ff7b736e
split ssl_init_TmpKeysHandle function to init/free functions,
...
and make them static to ssl_engine_init.c
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93882 13f79535-47bb-0310-9956-ffa450edef68
2002-03-12 22:50:38 +00:00
Doug MacEachern
15d581b6fe
it is not required that temporary keys survive restarts, since they
...
are generated and destroyed on every restart.
so get rid of SSLModConfigRec.tTmpKeys table and mess that was
managing it.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93881 13f79535-47bb-0310-9956-ffa450edef68
2002-03-12 22:34:31 +00:00
Doug MacEachern
e77f92b4e5
remove call to legacy X509V3_add_standard_extensions() function,
...
not needed with OpenSSL 0.9.6+
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93878 13f79535-47bb-0310-9956-ffa450edef68
2002-03-12 22:08:23 +00:00
Doug MacEachern
c502a4a518
removing unused ssl_init_ChildKill
...
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93875 13f79535-47bb-0310-9956-ffa450edef68
2002-03-12 21:54:27 +00:00
Doug MacEachern
4e2c5954f9
making ssl_init_SSLLibrary() static
...
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93874 13f79535-47bb-0310-9956-ffa450edef68
2002-03-12 21:53:44 +00:00
Doug MacEachern
7be8a550ae
cleanup version component construction.
...
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93873 13f79535-47bb-0310-9956-ffa450edef68
2002-03-12 21:48:48 +00:00
Doug MacEachern
72814e709a
dropping hungarian notation
...
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93851 13f79535-47bb-0310-9956-ffa450edef68
2002-03-12 04:41:57 +00:00
Doug MacEachern
c85b45e940
various style fixups / general changes to make code more readable.
...
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93847 13f79535-47bb-0310-9956-ffa450edef68
2002-03-12 01:04:16 +00:00
Cliff Woolley
8097066e90
Consensus is that we should not use the scoreboard as a source of entropy.
...
Reviewed by: OtherBill, Justin, Madhu
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93652 13f79535-47bb-0310-9956-ffa450edef68
2002-03-01 04:35:17 +00:00
Doug MacEachern
ea9d330c32
remove an XXX: we already do CRYPTO_set_locking_callback() in ssl_util_thread_setup()
...
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93637 13f79535-47bb-0310-9956-ffa450edef68
2002-02-28 05:58:49 +00:00
Doug MacEachern
2cd3334d76
remove #ifdef SHARED_MODULE around ssl library cleanup calls.
...
SHARED_MODULE is no longer defined, so we were leaking.
plus we always do a full startup/teardown regardless of being a dso or
static.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93636 13f79535-47bb-0310-9956-ffa450edef68
2002-02-28 05:28:43 +00:00
Doug MacEachern
7984837e03
move SSL_load_client_CA_file() comment to where we moved the call to it
...
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93635 13f79535-47bb-0310-9956-ffa450edef68
2002-02-28 05:22:56 +00:00
Doug MacEachern
496a09a809
various SSLCACertificatePath fixes:
...
- return value from apr_dir_read() was checking != APR_SUCCESS rather
than == APR_SUCCESS, so no certs were ever loaded.
- wasn't checking return value of apr_dir_open(), now log an error and
ssl_die() on failure.
- don't bother trying to load directories
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93634 13f79535-47bb-0310-9956-ffa450edef68
2002-02-28 05:17:03 +00:00
Doug MacEachern
2ed45ef1b1
plug leak in ssl_init_FindCAList() where return value of
...
X509_NAME_oneline() used for trace logging was not freed.
now passes in a static buffer so no buffer is malloced.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93633 13f79535-47bb-0310-9956-ffa450edef68
2002-02-28 04:59:07 +00:00
Doug MacEachern
161b60fcff
fold some duplication within ssl_init_FindCAList() into generic
...
ssl_init_PushCAList() function.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93632 13f79535-47bb-0310-9956-ffa450edef68
2002-02-28 04:35:29 +00:00
Doug MacEachern
c25e79513a
need to free X509_NAME duplicates already found in the stack built by
...
ssl_init_FindCAList().
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93626 13f79535-47bb-0310-9956-ffa450edef68
2002-02-28 04:00:51 +00:00