httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From wr...@apache.org
Subject cvs commit: httpd-2.0/modules/ssl ssl_util_ssl.h ssl_util_ssl.c ssl_engine_pphrase.c
Date Tue, 31 Jul 2001 03:16:55 GMT
wrowe       01/07/30 20:16:55

  Modified:    modules/ssl ssl_util_ssl.h ssl_util_ssl.c
                        ssl_engine_pphrase.c
  Log:
  This patch eliminates the direct use of OS library calls (fopen and
  other depreciated Apache 1.3 library utilities) from ssl_engine_pphrase.c
  and ssl_util_ssl.c.
  
  Submitted by:	Madhusudan Mathihalli <madhusudan_mathihalli@hp.com>
  
  Revision  Changes    Path
  1.9       +2 -2      httpd-2.0/modules/ssl/ssl_util_ssl.h
  
  Index: ssl_util_ssl.h
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/modules/ssl/ssl_util_ssl.h,v
  retrieving revision 1.8
  retrieving revision 1.9
  diff -u -r1.8 -r1.9
  --- ssl_util_ssl.h	2001/07/19 16:08:01	1.8
  +++ ssl_util_ssl.h	2001/07/31 03:16:55	1.9
  @@ -94,8 +94,8 @@
   int         SSL_get_app_data2_idx(void);
   void       *SSL_get_app_data2(SSL *);
   void        SSL_set_app_data2(SSL *, void *);
  -X509       *SSL_read_X509(FILE *, X509 **, int (*)(char*,int,int,void*));
  -EVP_PKEY   *SSL_read_PrivateKey(FILE *, EVP_PKEY **, int (*)(char*,int,int,void*), void
*);
  +X509       *SSL_read_X509(char *, X509 **, int (*)(char*,int,int,void*));
  +EVP_PKEY   *SSL_read_PrivateKey(char *, EVP_PKEY **, int (*)(char*,int,int,void*), void
*);
   int         SSL_smart_shutdown(SSL *ssl);
   X509_STORE *SSL_X509_STORE_create(char *, char *);
   int         SSL_X509_STORE_lookup(X509_STORE *, int, X509_NAME *, X509_OBJECT *);
  
  
  
  1.7       +24 -30    httpd-2.0/modules/ssl/ssl_util_ssl.c
  
  Index: ssl_util_ssl.c
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/modules/ssl/ssl_util_ssl.c,v
  retrieving revision 1.6
  retrieving revision 1.7
  diff -u -r1.6 -r1.7
  --- ssl_util_ssl.c	2001/07/19 16:08:01	1.6
  +++ ssl_util_ssl.c	2001/07/31 03:16:55	1.7
  @@ -95,25 +95,24 @@
   **  _________________________________________________________________
   */
   
  -X509 *SSL_read_X509(FILE *fp, X509 **x509, int (*cb)(char*,int,int,void*))
  +X509 *SSL_read_X509(char* filename, X509 **x509, int (*cb)(char*,int,int,void*))
   {
       X509 *rc;
       BIO *bioS;
       BIO *bioF;
   
       /* 1. try PEM (= DER+Base64+headers) */
  -#if SSL_LIBRARY_VERSION < 0x00904000
  -    rc = PEM_read_X509(fp, x509, cb);
  -#else
  -    rc = PEM_read_X509(fp, x509, cb, NULL);
  -#endif
  +       if ((bioS=BIO_new_file(filename, "r")) == NULL)
  +               return NULL;
  +       rc=PEM_read_bio_X509 (bioS, x509, cb, NULL);
  +       BIO_free(bioS);
  +
       if (rc == NULL) {
           /* 2. try DER+Base64 */
  -        fseek(fp, 0L, SEEK_SET);
  -        if ((bioS = BIO_new(BIO_s_fd())) == NULL)
  -            return NULL;
  -        BIO_set_fd(bioS, fileno(fp), BIO_NOCLOSE);
  -        if ((bioF = BIO_new(BIO_f_base64())) == NULL) {
  +               if ((bioS=BIO_new_file(filename, "r")) == NULL)
  +                       return NULL;
  +                      
  +               if ((bioF = BIO_new(BIO_f_base64())) == NULL) {
               BIO_free(bioS);
               return NULL;
           }
  @@ -122,10 +121,8 @@
           BIO_free_all(bioS);
           if (rc == NULL) {
               /* 3. try plain DER */
  -            fseek(fp, 0L, SEEK_SET);
  -            if ((bioS = BIO_new(BIO_s_fd())) == NULL)
  -                return NULL;
  -            BIO_set_fd(bioS, fileno(fp), BIO_NOCLOSE);
  +                       if ((bioS=BIO_new_file(filename, "r")) == NULL)
  +                               return NULL;
               rc = d2i_X509_bio(bioS, NULL);
               BIO_free(bioS);
           }
  @@ -148,25 +145,24 @@
   }
   #endif
   
  -EVP_PKEY *SSL_read_PrivateKey(FILE *fp, EVP_PKEY **key, int (*cb)(char*,int,int,void*),
void *s)
  +EVP_PKEY *SSL_read_PrivateKey(char* filename, EVP_PKEY **key, int (*cb)(char*,int,int,void*),
void *s)
   {
       EVP_PKEY *rc;
       BIO *bioS;
       BIO *bioF;
   
       /* 1. try PEM (= DER+Base64+headers) */
  -#if SSL_LIBRARY_VERSION < 0x00904000
  -    rc = PEM_read_PrivateKey(fp, key, cb);
  -#else
  -    rc = PEM_read_PrivateKey(fp, key, cb, s);
  -#endif
  +       if ((bioS=BIO_new_file(filename, "r")) == NULL)
  +               return NULL;
  +       rc = PEM_read_bio_PrivateKey(bioS, key, cb, s);
  +       BIO_free(bioS);
  +
       if (rc == NULL) {
           /* 2. try DER+Base64 */
  -        fseek(fp, 0L, SEEK_SET);
  -        if ((bioS = BIO_new(BIO_s_fd())) == NULL)
  -            return NULL;
  -        BIO_set_fd(bioS, fileno(fp), BIO_NOCLOSE);
  -        if ((bioF = BIO_new(BIO_f_base64())) == NULL) {
  +               if ( (bioS = BIO_new_file(filename, "r")) == NULL )
  +                       return NULL;
  +
  +               if ((bioF = BIO_new(BIO_f_base64())) == NULL) {
               BIO_free(bioS);
               return NULL;
           }
  @@ -175,10 +171,8 @@
           BIO_free_all(bioS);
           if (rc == NULL) {
               /* 3. try plain DER */
  -            fseek(fp, 0L, SEEK_SET);
  -            if ((bioS = BIO_new(BIO_s_fd())) == NULL)
  -                return NULL;
  -            BIO_set_fd(bioS, fileno(fp), BIO_NOCLOSE);
  +                       if ( (bioS = BIO_new_file(filename, "r")) == NULL )
  +                               return NULL;
               rc = d2i_PrivateKey_bio(bioS, NULL);
               BIO_free(bioS);
           }
  
  
  
  1.9       +24 -28    httpd-2.0/modules/ssl/ssl_engine_pphrase.c
  
  Index: ssl_engine_pphrase.c
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/modules/ssl/ssl_engine_pphrase.c,v
  retrieving revision 1.8
  retrieving revision 1.9
  diff -u -r1.8 -r1.9
  --- ssl_engine_pphrase.c	2001/07/31 01:55:08	1.8
  +++ ssl_engine_pphrase.c	2001/07/31 03:16:55	1.9
  @@ -63,6 +63,21 @@
                                              -- Clifford Stoll     */
   #include "mod_ssl.h"
   
  +/*
  + * Return true if the named file exists and is readable
  + */
  +
  +static apr_status_t exists_and_readable(char *fname, apr_pool_t *pool)
  +{
  +    apr_finfo_t sbuf;
  +
  +    if ( apr_stat(&sbuf, fname, APR_FINFO_NORM, pool) != APR_SUCCESS )
  +        return APR_ENOSTAT;
  +
  +    return ( ((sbuf.filetype == APR_REG) && (sbuf.protection & APR_UREAD))
?
  +                   APR_SUCCESS : APR_EGENERAL);
  +}
  +
   /*  _________________________________________________________________
   **
   **  Pass Phrase and Private Key Handling
  @@ -84,7 +99,6 @@
       ssl_asn1_t *asn1;
       unsigned char *ucp;
       X509 *pX509Cert;
  -    FILE *fp;
       BOOL bReadable;
       ssl_ds_array *aPassPhrase;
       int nPassPhrase;
  @@ -136,25 +150,16 @@
           for (i = 0, j = 0; i < SSL_AIDX_MAX && sc->szPublicCertFile[i] !=
NULL; i++) {
   
               apr_cpystrn(szPath, sc->szPublicCertFile[i], sizeof(szPath));
  -#if 0 /* XXX */
  -            if ((fp = ap_pfopen(p, szPath, "r")) == NULL) {
  -#else
  -            if ((fp = fopen(szPath, "r")) == NULL) {
  -#endif
  +            if ( exists_and_readable(szPath, p) != APR_SUCCESS ) {
                   ssl_log(s, SSL_LOG_ERROR|SSL_ADD_ERRNO,
                           "Init: Can't open server certificate file %s", szPath);
                   ssl_die();
               }
  -            if ((pX509Cert = SSL_read_X509(fp, NULL, NULL)) == NULL) {
  +            if ((pX509Cert = SSL_read_X509(szPath, NULL, NULL)) == NULL) {
                   ssl_log(s, SSL_LOG_ERROR|SSL_ADD_SSLERR,
                           "Init: Unable to read server certificate from file %s", szPath);
                   ssl_die();
               }
  -#if 0 /* XXX */
  -            ap_pfclose(p, fp);
  -#else
  -            fclose(fp);
  -#endif
   
               /*
                * check algorithm type of certificate and make
  @@ -236,24 +241,15 @@
                    * the callback function which serves the pass
                    * phrases to OpenSSL
                    */
  -#if 0 /* XXX */
  -                if ((fp = ap_pfopen(p, szPath, "r")) == NULL) {
  -#else
  -                if ((fp = fopen(szPath, "r")) == NULL) {
  -#endif
  -                    ssl_log(s, SSL_LOG_ERROR|SSL_ADD_ERRNO,
  -                            "Init: Can't open server private key file %s", szPath);
  -                    ssl_die();
  +                if ( exists_and_readable(szPath, p) != APR_SUCCESS ) {
  +                     ssl_log(s, SSL_LOG_ERROR|SSL_ADD_ERRNO,
  +                         "Init: Can't open server private key file %s",szPath);
  +                     ssl_die();
                   }
                   cpPassPhraseCur = NULL;
  -                bReadable = ((pPrivateKey = SSL_read_PrivateKey(fp, NULL,
  -		         ssl_pphrase_Handle_CB, s)) != NULL ? TRUE : FALSE);
  -#if 0 /* XXX */
  -                ap_pfclose(p, fp);
  -#else
  -                fclose(fp);
  -#endif
  -
  +                bReadable = ((pPrivateKey = SSL_read_PrivateKey(szPath, NULL,
  +                            ssl_pphrase_Handle_CB, s)) != NULL ? TRUE : FALSE);
  +  
                   /*
                    * when the private key file now was readable,
                    * it's fine and we go out of the loop
  
  
  

Mime
View raw message