www/apache
www/apache
1
0
Fork 0
mirror of https://github.com/apache/httpd.git synced 2025-06-07 20:02:05 +03:00
Code
12,714 Commits 62 Branches 297 Tags
Commit Graph

126 Commits

Author SHA1 Message Date
Doug MacEachern
44f93970ac copy DSA params to server server during key import 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94257 13f79535-47bb-0310-9956-ffa450edef68
 2002-03-28 02:28:06 +00:00
Doug MacEachern
0a76ba100d fix logic from last commit, need to always try importing _both_ rsa 
and dsa


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94256 13f79535-47bb-0310-9956-ffa450edef68
 2002-03-28 02:09:58 +00:00
Doug MacEachern
1712e063a9 fold some duplication into generic ssl_server_import_key function 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94255 13f79535-47bb-0310-9956-ffa450edef68
 2002-03-28 02:01:03 +00:00
Doug MacEachern
b63b80acf5 fold some duplication into generic ssl_server_import_cert function 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94253 13f79535-47bb-0310-9956-ffa450edef68
 2002-03-28 01:47:50 +00:00
Doug MacEachern
886376b4cb move server cert checking into generic ssl_check_public_cert function. 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94252 13f79535-47bb-0310-9956-ffa450edef68
 2002-03-28 01:32:41 +00:00
Doug MacEachern
e6f3b17fd0 move server specific init config checks into ssl_init_check_server 
function (ssl_init_check_proxy will be different)


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94250 13f79535-47bb-0310-9956-ffa450edef68
 2002-03-28 01:14:53 +00:00
Doug MacEachern
52d5e83027 break out certificate chain initialization into 
ssl_init_cert_chain function


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94249 13f79535-47bb-0310-9956-ffa450edef68
 2002-03-28 01:07:20 +00:00
Doug MacEachern
249519625c there is a heaping pile of: 
ssl_log(s, flags, "Init: (%s) ...", sc->szVHostID)
add SSL_INIT flag to cut down some noise and end up with:
 ssl_log(s, flags, "...")


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94247 13f79535-47bb-0310-9956-ffa450edef68
 2002-03-28 00:34:13 +00:00
Doug MacEachern
934bb7f29b break out certificate revocation list initialization into 
ssl_init_crl function


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94246 13f79535-47bb-0310-9956-ffa450edef68
 2002-03-27 23:53:27 +00:00
Doug MacEachern
a413cb6798 break out cipher suite initialization into ssl_init_cipher_suite function 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94245 13f79535-47bb-0310-9956-ffa450edef68
 2002-03-27 23:49:09 +00:00
Doug MacEachern
20ae69adba move warning about session cache not being configured to ssl_scache_init 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94243 13f79535-47bb-0310-9956-ffa450edef68
 2002-03-27 23:25:58 +00:00
Doug MacEachern
9379b72632 break out SSL_CTX session initialization into 
ssl_init_session_cache_ctx function


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94242 13f79535-47bb-0310-9956-ffa450edef68
 2002-03-27 23:19:08 +00:00
Cliff Woolley
af9bfbb2b3 "Oops" has two o's in it. :) 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94235 13f79535-47bb-0310-9956-ffa450edef68
 2002-03-27 21:16:37 +00:00
Doug MacEachern
948cab95a4 break SSL_CTX initialization into ssl_init_ctx function 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94234 13f79535-47bb-0310-9956-ffa450edef68
 2002-03-27 21:14:49 +00:00
Doug MacEachern
bbd6a5e76f (starting to break apart the init code into smaller, generic functions, 
preparing for proxy support)

break out verify code into ssl_init_verify function.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94233 13f79535-47bb-0310-9956-ffa450edef68
 2002-03-27 21:07:08 +00:00
William A. Rowe Jr
05ae021cfd Clear up a const warning, and recognize some arrays by changing the 
variable names to the plural [rather than aszFoo, which I hope continues
  to be cleaned up as folks have time.]


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93982 13f79535-47bb-0310-9956-ffa450edef68
 2002-03-17 17:32:24 +00:00
Roy T. Fielding
845cbfd508 Update our copyright for this year. 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93918 13f79535-47bb-0310-9956-ffa450edef68
 2002-03-13 20:48:07 +00:00
Doug MacEachern
e89fcb92f1 use ssl_asn1_keystr 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93913 13f79535-47bb-0310-9956-ffa450edef68
 2002-03-13 18:59:56 +00:00
Doug MacEachern
9432ed4273 use ssl_asn1_table_keyfmt() function and only format each (rsa,dsa) 
lookup key once, rather than twice.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93911 13f79535-47bb-0310-9956-ffa450edef68
 2002-03-13 18:51:35 +00:00
Doug MacEachern
9dbc0c3442 couple o minor style/log fixos 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93896 13f79535-47bb-0310-9956-ffa450edef68
 2002-03-13 05:05:51 +00:00
Doug MacEachern
55294115e5 use ptemp in ssl_init_FindCAList() rather than creating a subpool. 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93895 13f79535-47bb-0310-9956-ffa450edef68
 2002-03-13 04:59:19 +00:00
Doug MacEachern
e38e20775e switch to ptemp pool for ssl_pphrase_Handle 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93894 13f79535-47bb-0310-9956-ffa450edef68
 2002-03-13 04:49:23 +00:00
Doug MacEachern
22b44bf05c only call: ssl_rand_seed(s, p, SSL_RSCTX_STARTUP, "Init: "); 
once at startup.  if there is value in calling it more than once at
startup, it should be done explicitly rather than hidden in
ssl_tmp_keys_init().

switch to ptemp pool when calling ssl_rand_seed() at startup.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93893 13f79535-47bb-0310-9956-ffa450edef68
 2002-03-13 04:38:35 +00:00
Doug MacEachern
ec39586ace minor ssl_init_CheckServers() enhancements: 
- pass the ptemp (temporary pool) so we don't need to create a subpool
  and destroy it ourselves.

- change ssl_ds_table usage to apr_hash_t


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93887 13f79535-47bb-0310-9956-ffa450edef68
 2002-03-13 01:15:14 +00:00
Doug MacEachern
e7f00d8c09 folding more duplication in ssl_tmp_keys_init 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93886 13f79535-47bb-0310-9956-ffa450edef68
 2002-03-13 00:50:13 +00:00
Doug MacEachern
d9d26c6b82 for the sake of readablity, 
change: SSL_TKPIDX_{DH,RSA}{512,1024}
to:     SSL_TMP_KEY_{DH,RSA}_{512,1024}


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93883 13f79535-47bb-0310-9956-ffa450edef68
 2002-03-12 23:05:33 +00:00
Doug MacEachern
52ff7b736e split ssl_init_TmpKeysHandle function to init/free functions, 
and make them static to ssl_engine_init.c


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93882 13f79535-47bb-0310-9956-ffa450edef68
 2002-03-12 22:50:38 +00:00
Doug MacEachern
15d581b6fe it is not required that temporary keys survive restarts, since they 
are generated and destroyed on every restart.

so get rid of SSLModConfigRec.tTmpKeys table and mess that was
managing it.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93881 13f79535-47bb-0310-9956-ffa450edef68
 2002-03-12 22:34:31 +00:00
Doug MacEachern
e77f92b4e5 remove call to legacy X509V3_add_standard_extensions() function, 
not needed with OpenSSL 0.9.6+


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93878 13f79535-47bb-0310-9956-ffa450edef68
 2002-03-12 22:08:23 +00:00
Doug MacEachern
c502a4a518 removing unused ssl_init_ChildKill 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93875 13f79535-47bb-0310-9956-ffa450edef68
 2002-03-12 21:54:27 +00:00
Doug MacEachern
4e2c5954f9 making ssl_init_SSLLibrary() static 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93874 13f79535-47bb-0310-9956-ffa450edef68
 2002-03-12 21:53:44 +00:00
Doug MacEachern
7be8a550ae cleanup version component construction. 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93873 13f79535-47bb-0310-9956-ffa450edef68
 2002-03-12 21:48:48 +00:00
Doug MacEachern
72814e709a dropping hungarian notation 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93851 13f79535-47bb-0310-9956-ffa450edef68
 2002-03-12 04:41:57 +00:00
Doug MacEachern
c85b45e940 various style fixups / general changes to make code more readable. 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93847 13f79535-47bb-0310-9956-ffa450edef68
 2002-03-12 01:04:16 +00:00
Cliff Woolley
8097066e90 Consensus is that we should not use the scoreboard as a source of entropy. 
Reviewed by: OtherBill, Justin, Madhu


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93652 13f79535-47bb-0310-9956-ffa450edef68
 2002-03-01 04:35:17 +00:00
Doug MacEachern
ea9d330c32 remove an XXX: we already do CRYPTO_set_locking_callback() in ssl_util_thread_setup() 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93637 13f79535-47bb-0310-9956-ffa450edef68
 2002-02-28 05:58:49 +00:00
Doug MacEachern
2cd3334d76 remove #ifdef SHARED_MODULE around ssl library cleanup calls. 
SHARED_MODULE is no longer defined, so we were leaking.
plus we always do a full startup/teardown regardless of being a dso or
static.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93636 13f79535-47bb-0310-9956-ffa450edef68
 2002-02-28 05:28:43 +00:00
Doug MacEachern
7984837e03 move SSL_load_client_CA_file() comment to where we moved the call to it 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93635 13f79535-47bb-0310-9956-ffa450edef68
 2002-02-28 05:22:56 +00:00
Doug MacEachern
496a09a809 various SSLCACertificatePath fixes: 
- return value from apr_dir_read() was checking != APR_SUCCESS rather
  than == APR_SUCCESS, so no certs were ever loaded.

- wasn't checking return value of apr_dir_open(), now log an error and
  ssl_die() on failure.

- don't bother trying to load directories


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93634 13f79535-47bb-0310-9956-ffa450edef68
 2002-02-28 05:17:03 +00:00
Doug MacEachern
2ed45ef1b1 plug leak in ssl_init_FindCAList() where return value of 
X509_NAME_oneline() used for trace logging was not freed.
now passes in a static buffer so no buffer is malloced.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93633 13f79535-47bb-0310-9956-ffa450edef68
 2002-02-28 04:59:07 +00:00
Doug MacEachern
161b60fcff fold some duplication within ssl_init_FindCAList() into generic 
ssl_init_PushCAList() function.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93632 13f79535-47bb-0310-9956-ffa450edef68
 2002-02-28 04:35:29 +00:00
Doug MacEachern
c25e79513a need to free X509_NAME duplicates already found in the stack built by 
ssl_init_FindCAList().


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93626 13f79535-47bb-0310-9956-ffa450edef68
 2002-02-28 04:00:51 +00:00
Doug MacEachern
c892fe3559 need to free the stacks returned by calls to SSL_load_client_CA_file() 
in ssl_init_FindCAList().  values are pushed into another stack which
gets freed when SSL context is destroyed.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93625 13f79535-47bb-0310-9956-ffa450edef68
 2002-02-28 03:48:26 +00:00
Doug MacEachern
925dbed8b2 contrary to what comments say, DH* returned from ssl_dh_GetTmpParam() 
is _not_ static and needs to be freed via DH_free().


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93624 13f79535-47bb-0310-9956-ffa450edef68
 2002-02-28 03:21:51 +00:00
Doug MacEachern
a32ba5671e need to free sc->pRevocationStore at shutdown 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93623 13f79535-47bb-0310-9956-ffa450edef68
 2002-02-28 03:12:11 +00:00
Doug MacEachern
b4f77dcf27 switch SSLModConfigRec.tPublicCert to ssl_asn1_table api to prevent 
leakage on restarts.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93615 13f79535-47bb-0310-9956-ffa450edef68
 2002-02-28 00:28:05 +00:00
Doug MacEachern
e778179d1f switch SSLModConfigRec.tPrivateKey to ssl_asn1_table api to prevent 
leakage on restarts.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93614 13f79535-47bb-0310-9956-ffa450edef68
 2002-02-28 00:23:32 +00:00
Doug MacEachern
01b903dfc4 add ssl_asn1_table_get() wrapper and change ssl_init_TmpKeysHandle() 
to use it.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93613 13f79535-47bb-0310-9956-ffa450edef68
 2002-02-28 00:10:52 +00:00
Doug MacEachern
d6a76369d5 mod_ssl was "leaking" on restart since mc->tTmpKeys table entries 
were allocated using apr_palloc out of s->process->pool and pushed
into an apr_array_header_t.
solve the problem by moving from apr_array_header_t's to an apr_hash_t.
also add ssl_asn1_table_{set,unset} wrappers to use malloc/free so we
do not "leak" from s->process->pool.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93612 13f79535-47bb-0310-9956-ffa450edef68
 2002-02-28 00:01:57 +00:00
Doug MacEachern
0ba62becc5 changing mod_ssl to do a full startup/teardown on each restart rather 
than hack to only read passphrase on 1st round startup.  this change:
- fixes current segv on restarts (SHARED_MODULE is not defined)
- allows LoadModule ssl_module to be added to httpd.conf on restart
  (was core dumping previously)
- allows certs/keys to be changed on restart provided key is not
  encrypted or SSLPassPhraseDialog is exec.  if key is encrypted and
  SSLPassPhraseDialog is builtin, existing private keys will be reused
  on restart (which happens currently for any type of key/dialog).

note: mod_ssl currently leaks on restart; leaks more with this change.
      fixes to come.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93585 13f79535-47bb-0310-9956-ffa450edef68
 2002-02-27 03:21:09 +00:00