1
0
mirror of https://github.com/apache/httpd.git synced 2025-06-09 07:21:20 +03:00

134 Commits

Author SHA1 Message Date
Doug MacEachern
ea4cfaae7c setup sc->proxy->sc
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94281 13f79535-47bb-0310-9956-ffa450edef68
2002-03-29 02:01:49 +00:00
Doug MacEachern
78b02f8110 switch from SSLSrvConfigRec* to modssl_ctx_t* in the ssl_init_ctx*
functions


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94274 13f79535-47bb-0310-9956-ffa450edef68
2002-03-28 19:48:31 +00:00
Doug MacEachern
1d76ab39ff breakup SSLSrvConfigRec in preparation for proxy support:
+ modssl_pk_server_t - certs/keys for the server
+ modssl_pk_proxy_t  - certs/keys for the proxy
+ modssl_auth_ctx_t  - stuff related to authentication that can also
                       be per-dir, used by both server and proxy
+ modssl_ctx_t       - context that can be used by both server and proxy
+ SSLSrvConfigRec    - now contains original stuff specific to the
                       server config and modssl_ctx_t *server, *proxy


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94267 13f79535-47bb-0310-9956-ffa450edef68
2002-03-28 18:50:07 +00:00
Doug MacEachern
d5c395f0e7 de-hungarian-ize server config member names which are going to stay
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94264 13f79535-47bb-0310-9956-ffa450edef68
2002-03-28 17:11:12 +00:00
Doug MacEachern
d40a4f8d8e remove error msg hint that is no longer true
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94261 13f79535-47bb-0310-9956-ffa450edef68
2002-03-28 02:51:52 +00:00
Doug MacEachern
5a392794c4 fixup naming:
ssl_init_ctx_* will be used for both proxy and server
 ssl_init_server_* is specific to the server


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94260 13f79535-47bb-0310-9956-ffa450edef68
2002-03-28 02:46:28 +00:00
Doug MacEachern
f69256ac13 move context callback setting to ssl_init_ctx_callbacks function
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94259 13f79535-47bb-0310-9956-ffa450edef68
2002-03-28 02:40:01 +00:00
Doug MacEachern
972e8bdafe move server cert/key initialization to ssl_init_server_certs function
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94258 13f79535-47bb-0310-9956-ffa450edef68
2002-03-28 02:36:05 +00:00
Doug MacEachern
44f93970ac copy DSA params to server server during key import
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94257 13f79535-47bb-0310-9956-ffa450edef68
2002-03-28 02:28:06 +00:00
Doug MacEachern
0a76ba100d fix logic from last commit, need to always try importing _both_ rsa
and dsa


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94256 13f79535-47bb-0310-9956-ffa450edef68
2002-03-28 02:09:58 +00:00
Doug MacEachern
1712e063a9 fold some duplication into generic ssl_server_import_key function
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94255 13f79535-47bb-0310-9956-ffa450edef68
2002-03-28 02:01:03 +00:00
Doug MacEachern
b63b80acf5 fold some duplication into generic ssl_server_import_cert function
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94253 13f79535-47bb-0310-9956-ffa450edef68
2002-03-28 01:47:50 +00:00
Doug MacEachern
886376b4cb move server cert checking into generic ssl_check_public_cert function.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94252 13f79535-47bb-0310-9956-ffa450edef68
2002-03-28 01:32:41 +00:00
Doug MacEachern
e6f3b17fd0 move server specific init config checks into ssl_init_check_server
function (ssl_init_check_proxy will be different)


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94250 13f79535-47bb-0310-9956-ffa450edef68
2002-03-28 01:14:53 +00:00
Doug MacEachern
52d5e83027 break out certificate chain initialization into
ssl_init_cert_chain function


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94249 13f79535-47bb-0310-9956-ffa450edef68
2002-03-28 01:07:20 +00:00
Doug MacEachern
249519625c there is a heaping pile of:
ssl_log(s, flags, "Init: (%s) ...", sc->szVHostID)
add SSL_INIT flag to cut down some noise and end up with:
 ssl_log(s, flags, "...")


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94247 13f79535-47bb-0310-9956-ffa450edef68
2002-03-28 00:34:13 +00:00
Doug MacEachern
934bb7f29b break out certificate revocation list initialization into
ssl_init_crl function


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94246 13f79535-47bb-0310-9956-ffa450edef68
2002-03-27 23:53:27 +00:00
Doug MacEachern
a413cb6798 break out cipher suite initialization into ssl_init_cipher_suite function
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94245 13f79535-47bb-0310-9956-ffa450edef68
2002-03-27 23:49:09 +00:00
Doug MacEachern
20ae69adba move warning about session cache not being configured to ssl_scache_init
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94243 13f79535-47bb-0310-9956-ffa450edef68
2002-03-27 23:25:58 +00:00
Doug MacEachern
9379b72632 break out SSL_CTX session initialization into
ssl_init_session_cache_ctx function


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94242 13f79535-47bb-0310-9956-ffa450edef68
2002-03-27 23:19:08 +00:00
Cliff Woolley
af9bfbb2b3 "Oops" has two o's in it. :)
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94235 13f79535-47bb-0310-9956-ffa450edef68
2002-03-27 21:16:37 +00:00
Doug MacEachern
948cab95a4 break SSL_CTX initialization into ssl_init_ctx function
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94234 13f79535-47bb-0310-9956-ffa450edef68
2002-03-27 21:14:49 +00:00
Doug MacEachern
bbd6a5e76f (starting to break apart the init code into smaller, generic functions,
preparing for proxy support)

break out verify code into ssl_init_verify function.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94233 13f79535-47bb-0310-9956-ffa450edef68
2002-03-27 21:07:08 +00:00
William A. Rowe Jr
05ae021cfd Clear up a const warning, and recognize some arrays by changing the
variable names to the plural [rather than aszFoo, which I hope continues
  to be cleaned up as folks have time.]


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93982 13f79535-47bb-0310-9956-ffa450edef68
2002-03-17 17:32:24 +00:00
Roy T. Fielding
845cbfd508 Update our copyright for this year.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93918 13f79535-47bb-0310-9956-ffa450edef68
2002-03-13 20:48:07 +00:00
Doug MacEachern
e89fcb92f1 use ssl_asn1_keystr
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93913 13f79535-47bb-0310-9956-ffa450edef68
2002-03-13 18:59:56 +00:00
Doug MacEachern
9432ed4273 use ssl_asn1_table_keyfmt() function and only format each (rsa,dsa)
lookup key once, rather than twice.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93911 13f79535-47bb-0310-9956-ffa450edef68
2002-03-13 18:51:35 +00:00
Doug MacEachern
9dbc0c3442 couple o minor style/log fixos
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93896 13f79535-47bb-0310-9956-ffa450edef68
2002-03-13 05:05:51 +00:00
Doug MacEachern
55294115e5 use ptemp in ssl_init_FindCAList() rather than creating a subpool.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93895 13f79535-47bb-0310-9956-ffa450edef68
2002-03-13 04:59:19 +00:00
Doug MacEachern
e38e20775e switch to ptemp pool for ssl_pphrase_Handle
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93894 13f79535-47bb-0310-9956-ffa450edef68
2002-03-13 04:49:23 +00:00
Doug MacEachern
22b44bf05c only call: ssl_rand_seed(s, p, SSL_RSCTX_STARTUP, "Init: ");
once at startup.  if there is value in calling it more than once at
startup, it should be done explicitly rather than hidden in
ssl_tmp_keys_init().

switch to ptemp pool when calling ssl_rand_seed() at startup.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93893 13f79535-47bb-0310-9956-ffa450edef68
2002-03-13 04:38:35 +00:00
Doug MacEachern
ec39586ace minor ssl_init_CheckServers() enhancements:
- pass the ptemp (temporary pool) so we don't need to create a subpool
  and destroy it ourselves.

- change ssl_ds_table usage to apr_hash_t


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93887 13f79535-47bb-0310-9956-ffa450edef68
2002-03-13 01:15:14 +00:00
Doug MacEachern
e7f00d8c09 folding more duplication in ssl_tmp_keys_init
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93886 13f79535-47bb-0310-9956-ffa450edef68
2002-03-13 00:50:13 +00:00
Doug MacEachern
d9d26c6b82 for the sake of readablity,
change: SSL_TKPIDX_{DH,RSA}{512,1024}
to:     SSL_TMP_KEY_{DH,RSA}_{512,1024}


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93883 13f79535-47bb-0310-9956-ffa450edef68
2002-03-12 23:05:33 +00:00
Doug MacEachern
52ff7b736e split ssl_init_TmpKeysHandle function to init/free functions,
and make them static to ssl_engine_init.c


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93882 13f79535-47bb-0310-9956-ffa450edef68
2002-03-12 22:50:38 +00:00
Doug MacEachern
15d581b6fe it is not required that temporary keys survive restarts, since they
are generated and destroyed on every restart.

so get rid of SSLModConfigRec.tTmpKeys table and mess that was
managing it.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93881 13f79535-47bb-0310-9956-ffa450edef68
2002-03-12 22:34:31 +00:00
Doug MacEachern
e77f92b4e5 remove call to legacy X509V3_add_standard_extensions() function,
not needed with OpenSSL 0.9.6+


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93878 13f79535-47bb-0310-9956-ffa450edef68
2002-03-12 22:08:23 +00:00
Doug MacEachern
c502a4a518 removing unused ssl_init_ChildKill
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93875 13f79535-47bb-0310-9956-ffa450edef68
2002-03-12 21:54:27 +00:00
Doug MacEachern
4e2c5954f9 making ssl_init_SSLLibrary() static
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93874 13f79535-47bb-0310-9956-ffa450edef68
2002-03-12 21:53:44 +00:00
Doug MacEachern
7be8a550ae cleanup version component construction.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93873 13f79535-47bb-0310-9956-ffa450edef68
2002-03-12 21:48:48 +00:00
Doug MacEachern
72814e709a dropping hungarian notation
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93851 13f79535-47bb-0310-9956-ffa450edef68
2002-03-12 04:41:57 +00:00
Doug MacEachern
c85b45e940 various style fixups / general changes to make code more readable.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93847 13f79535-47bb-0310-9956-ffa450edef68
2002-03-12 01:04:16 +00:00
Cliff Woolley
8097066e90 Consensus is that we should not use the scoreboard as a source of entropy.
Reviewed by: OtherBill, Justin, Madhu


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93652 13f79535-47bb-0310-9956-ffa450edef68
2002-03-01 04:35:17 +00:00
Doug MacEachern
ea9d330c32 remove an XXX: we already do CRYPTO_set_locking_callback() in ssl_util_thread_setup()
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93637 13f79535-47bb-0310-9956-ffa450edef68
2002-02-28 05:58:49 +00:00
Doug MacEachern
2cd3334d76 remove #ifdef SHARED_MODULE around ssl library cleanup calls.
SHARED_MODULE is no longer defined, so we were leaking.
plus we always do a full startup/teardown regardless of being a dso or
static.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93636 13f79535-47bb-0310-9956-ffa450edef68
2002-02-28 05:28:43 +00:00
Doug MacEachern
7984837e03 move SSL_load_client_CA_file() comment to where we moved the call to it
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93635 13f79535-47bb-0310-9956-ffa450edef68
2002-02-28 05:22:56 +00:00
Doug MacEachern
496a09a809 various SSLCACertificatePath fixes:
- return value from apr_dir_read() was checking != APR_SUCCESS rather
  than == APR_SUCCESS, so no certs were ever loaded.

- wasn't checking return value of apr_dir_open(), now log an error and
  ssl_die() on failure.

- don't bother trying to load directories


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93634 13f79535-47bb-0310-9956-ffa450edef68
2002-02-28 05:17:03 +00:00
Doug MacEachern
2ed45ef1b1 plug leak in ssl_init_FindCAList() where return value of
X509_NAME_oneline() used for trace logging was not freed.
now passes in a static buffer so no buffer is malloced.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93633 13f79535-47bb-0310-9956-ffa450edef68
2002-02-28 04:59:07 +00:00
Doug MacEachern
161b60fcff fold some duplication within ssl_init_FindCAList() into generic
ssl_init_PushCAList() function.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93632 13f79535-47bb-0310-9956-ffa450edef68
2002-02-28 04:35:29 +00:00
Doug MacEachern
c25e79513a need to free X509_NAME duplicates already found in the stack built by
ssl_init_FindCAList().


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93626 13f79535-47bb-0310-9956-ffa450edef68
2002-02-28 04:00:51 +00:00