httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bnicho...@apache.org
Subject cvs commit: httpd-2.0/modules/arch/netware mod_nw_ssl.c
Date Thu, 08 May 2003 16:08:43 GMT
bnicholes    2003/05/08 09:08:43

  Modified:    modules/arch/netware mod_nw_ssl.c
  Log:
  Allow blind accept when converting the proxy client socket to SSL if no client
  certificates have been provided.
  
  Revision  Changes    Path
  1.11      +26 -27    httpd-2.0/modules/arch/netware/mod_nw_ssl.c
  
  Index: mod_nw_ssl.c
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/modules/arch/netware/mod_nw_ssl.c,v
  retrieving revision 1.10
  retrieving revision 1.11
  diff -u -r1.10 -r1.11
  --- mod_nw_ssl.c	13 Mar 2003 23:20:03 -0000	1.10
  +++ mod_nw_ssl.c	8 May 2003 16:08:43 -0000	1.11
  @@ -285,8 +285,10 @@
   	int rcode;
   	struct tlsclientopts sWS2Opts;
   	struct nwtlsopts sNWTLSOpts;
  -	unsigned long ulFlags;
  +   	struct sslserveropts opts;
  +    unsigned long ulFlags;
       SOCKET sock;
  +    unicode_t keyFileName[60];
   
       apr_os_sock_get(&sock, csd);
   
  @@ -295,7 +297,7 @@
   	memset((char *)&sNWTLSOpts, 0, sizeof(struct nwtlsopts));
   
       /* turn on ssl for the socket */
  -	ulFlags = SO_TLS_ENABLE;
  +	ulFlags = (numcerts ? SO_TLS_ENABLE : SO_TLS_ENABLE | SO_TLS_BLIND_ACCEPT);
   	rcode = WSAIoctl(sock, SO_TLS_SET_FLAGS, &ulFlags, sizeof(unsigned long),
                        NULL, 0, NULL, NULL, NULL);
   	if (SOCKET_ERROR == rcode)
  @@ -305,33 +307,30 @@
   		return rcode;
   	}
   
  -
       /* setup the socket for SSL */
  -	sWS2Opts.wallet = NULL;    /* no client certificate */
  -	sWS2Opts.walletlen = 0;
  -	sWS2Opts.sidtimeout = 0;
  -	sWS2Opts.sidentries = 0;
  -	sWS2Opts.siddir = NULL;
  -	sWS2Opts.options = &sNWTLSOpts;
  -
  -	sNWTLSOpts.walletProvider 		= WAL_PROV_DER;	//the wallet provider defined in wdefs.h
  -	sNWTLSOpts.TrustedRootList 		= certarray;	//array of certs in UNICODE format
  -	sNWTLSOpts.numElementsInTRList 	= numcerts;     //number of certs in TRList
  -	sNWTLSOpts.keysList 			= NULL;
  -	sNWTLSOpts.numElementsInKeyList = 0;
  -	sNWTLSOpts.reservedforfutureuse = NULL;
  -	sNWTLSOpts.reservedforfutureCRL = NULL;
  -	sNWTLSOpts.reservedforfutureCRLLen = 0;
  -	sNWTLSOpts.reserved1			= NULL;
  -	sNWTLSOpts.reserved2			= NULL;
  -	sNWTLSOpts.reserved3			= NULL;
  -	
  -	
  +    memset (&sWS2Opts, 0, sizeof(sWS2Opts));
  +    memset (&sNWTLSOpts, 0, sizeof(sNWTLSOpts));
  +    sWS2Opts.options = &sNWTLSOpts;
  +
  +    if (numcerts) {
  +    	sNWTLSOpts.walletProvider 		= WAL_PROV_DER;	//the wallet provider defined in wdefs.h
  +    	sNWTLSOpts.TrustedRootList 		= certarray;	//array of certs in UNICODE format
  +    	sNWTLSOpts.numElementsInTRList 	= numcerts;     //number of certs in TRList
  +    }
  +    else {
  +        /* setup the socket for SSL */
  +    	unicpy(keyFileName, L"SSL CertificateIP");
  +    	sWS2Opts.wallet = keyFileName;    /* no client certificate */
  +    	sWS2Opts.walletlen = unilen(keyFileName);
  +    
  +    	sNWTLSOpts.walletProvider 		= WAL_PROV_KMO;	//the wallet provider defined in wdefs.h
  +    }
  +
       /* make the IOCTL call */
  -	rcode = WSAIoctl(sock, SO_TLS_SET_CLIENT, &sWS2Opts,
  -	  			     sizeof(struct tlsclientopts), NULL, 0, NULL,
  -				     NULL, NULL);
  -	
  +    rcode = WSAIoctl(sock, SO_TLS_SET_CLIENT, &sWS2Opts,
  +                     sizeof(struct tlsclientopts), NULL, 0, NULL,
  +                     NULL, NULL);
  +
       /* make sure that it was successfull */
   	if(SOCKET_ERROR == rcode ){
           ap_log_error(APLOG_MARK, APLOG_ERR, 0, c->base_server,
  
  
  

Mime
View raw message