httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From do...@apache.org
Subject cvs commit: httpd-2.0/modules/ssl mod_ssl.c mod_ssl.h ssl_engine_kernel.c ssl_engine_vars.c
Date Wed, 21 Nov 2001 22:29:14 GMT
dougm       01/11/21 14:29:14

  Modified:    modules/ssl mod_ssl.c mod_ssl.h ssl_engine_kernel.c
                        ssl_engine_vars.c
  Log:
  move c->notes.ssl::verify::{info,error} to SSLConnRec.verify_{info,error}
  
  Revision  Changes    Path
  1.34      +5 -11     httpd-2.0/modules/ssl/mod_ssl.c
  
  Index: mod_ssl.c
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/modules/ssl/mod_ssl.c,v
  retrieving revision 1.33
  retrieving revision 1.34
  diff -u -r1.33 -r1.34
  --- mod_ssl.c	2001/11/21 18:08:33	1.33
  +++ mod_ssl.c	2001/11/21 22:29:14	1.34
  @@ -285,11 +285,6 @@
       SSL_set_tmp_rsa_callback(ssl, ssl_callback_TmpRSA);
       SSL_set_tmp_dh_callback(ssl,  ssl_callback_TmpDH);
   
  -    /*
  -     * Predefine some client verification results
  -     */
  -    apr_table_setn(c->notes, "ssl::verify::error", NULL);
  -    apr_table_setn(c->notes, "ssl::verify::info", NULL);
       SSL_set_verify_result(ssl, X509_V_OK);
   
       /*
  @@ -336,7 +331,6 @@
   {
       int n, err;
       X509 *xs;
  -    char *cp = NULL;
       conn_rec *c = (conn_rec*)SSL_get_app_data (pRec->pssl);
       SSLConnRec *sslconn = myConnConfig(c);
       SSLSrvConfigRec *sc = mySrvConfig(c->base_server);
  @@ -412,8 +406,7 @@
           verify_result = SSL_get_verify_result(pRec->pssl);
   
           if (verify_result != X509_V_OK ||
  -            ((cp = (char *)apr_table_get(c->notes,
  -                                         "ssl::verify::error")) != NULL))
  +            sslconn->verify_error != NULL)
           {
               if (ssl_verify_error_is_optional(verify_result) &&
                   (sc->nVerifyClient == SSL_CVERIFY_OPTIONAL_NO_CA))
  @@ -433,11 +426,12 @@
   
               }
               else {
  -                const char *verror =
  +                const char *error = sslconn->verify_error ?
  +                    sslconn->verify_error :
                       X509_verify_cert_error_string(verify_result);
                   ssl_log(c->base_server, SSL_LOG_ERROR|SSL_ADD_SSLERR,
                           "SSL client authentication failed: %s",
  -                        cp ? cp : verror ? verror : "unknown");
  +                        error ? error : "unknown");
                   return ssl_abort(pRec, c);
               }
           }
  @@ -446,7 +440,7 @@
            * Remember the peer certificate's DN
            */
           if ((xs = SSL_get_peer_certificate(pRec->pssl)) != NULL) {
  -            cp = X509_NAME_oneline(X509_get_subject_name(xs), NULL, 0);
  +            char *cp = X509_NAME_oneline(X509_get_subject_name(xs), NULL, 0);
               sslconn->client_dn = apr_pstrdup(c->pool, cp);
               free(cp);
           }
  
  
  
  1.38      +2 -0      httpd-2.0/modules/ssl/mod_ssl.h
  
  Index: mod_ssl.h
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/modules/ssl/mod_ssl.h,v
  retrieving revision 1.37
  retrieving revision 1.38
  diff -u -r1.37 -r1.38
  --- mod_ssl.h	2001/11/21 19:22:46	1.37
  +++ mod_ssl.h	2001/11/21 22:29:14	1.38
  @@ -460,6 +460,8 @@
       SSL *ssl;
       const char *client_dn;
       ssl_shutdown_type_e shutdown_type;
  +    const char *verify_info;
  +    const char *verify_error;
   } SSLConnRec;
   
   typedef struct {
  
  
  
  1.24      +5 -5      httpd-2.0/modules/ssl/ssl_engine_kernel.c
  
  Index: ssl_engine_kernel.c
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/modules/ssl/ssl_engine_kernel.c,v
  retrieving revision 1.23
  retrieving revision 1.24
  diff -u -r1.23 -r1.24
  --- ssl_engine_kernel.c	2001/11/21 19:22:46	1.23
  +++ ssl_engine_kernel.c	2001/11/21 22:29:14	1.24
  @@ -1258,7 +1258,7 @@
           ssl_log(s, SSL_LOG_TRACE,
                   "Certificate Verification: Verifiable Issuer is configured as "
                   "optional, therefore we're accepting the certificate");
  -        apr_table_setn(conn->notes, "ssl::verify::info", "GENEROUS");
  +        sslconn->verify_info = "GENEROUS";
           ok = TRUE;
       }
   
  @@ -1278,8 +1278,8 @@
           ssl_log(s, SSL_LOG_ERROR, "Certificate Verification: Error (%d): %s",
                   errnum, X509_verify_cert_error_string(errnum));
           sslconn->client_dn = NULL;
  -        apr_table_setn(conn->notes, "ssl::verify::error",
  -                   (void *)X509_verify_cert_error_string(errnum));
  +        sslconn->verify_error = 
  +            X509_verify_cert_error_string(errnum);
       }
   
       /*
  @@ -1294,8 +1294,8 @@
                   "Certificate Verification: Certificate Chain too long "
                   "(chain has %d certificates, but maximum allowed are only %d)",
                   errdepth, depth);
  -        apr_table_setn(conn->notes, "ssl::verify::error",
  -                   (void *)X509_verify_cert_error_string(X509_V_ERR_CERT_CHAIN_TOO_LONG));
  +        sslconn->verify_error = 
  +            X509_verify_cert_error_string(X509_V_ERR_CERT_CHAIN_TOO_LONG);
           ok = FALSE;
       }
   
  
  
  
  1.10      +5 -5      httpd-2.0/modules/ssl/ssl_engine_vars.c
  
  Index: ssl_engine_vars.c
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/modules/ssl/ssl_engine_vars.c,v
  retrieving revision 1.9
  retrieving revision 1.10
  diff -u -r1.9 -r1.10
  --- ssl_engine_vars.c	2001/11/21 17:45:24	1.9
  +++ ssl_engine_vars.c	2001/11/21 22:29:14	1.10
  @@ -499,15 +499,15 @@
       SSLConnRec *sslconn = myConnConfig(c);
       char *result;
       long vrc;
  -    char *verr;
  -    char *vinfo;
  +    const char *verr;
  +    const char *vinfo;
       SSL *ssl;
       X509 *xs;
   
       result = NULL;
       ssl   = sslconn->ssl;
  -    verr  = (char *)apr_table_get(c->notes, "ssl::verify::error");
  -    vinfo = (char *)apr_table_get(c->notes, "ssl::verify::info");
  +    verr  = sslconn->verify_error;
  +    vinfo = sslconn->verify_info;
       vrc   = SSL_get_verify_result(ssl);
       xs    = SSL_get_peer_certificate(ssl);
   
  @@ -649,7 +649,7 @@
       else if (strEQ(a, "errcode"))
           result = "-";
       else if (strEQ(a, "errstr"))
  -        result = (char *)apr_table_get(r->connection->notes, "ssl::verify::error");
  +        result = (char *)sslconn->verify_error;
       if (result != NULL && result[0] == NUL)
           result = NULL;
       return result;
  
  
  

Mime
View raw message