Return-Path: 
 <cvs-return-25502-apmail-httpd-cvs-archive=httpd.apache.org@httpd.apache.org>
Delivered-To: apmail-httpd-cvs-archive@www.apache.org
Received: (qmail 50787 invoked from network); 23 Jul 2006 11:12:22 -0000
Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199)
  by minotaur.apache.org with SMTP; 23 Jul 2006 11:12:22 -0000
Received: (qmail 54201 invoked by uid 500); 23 Jul 2006 11:12:21 -0000
Delivered-To: apmail-httpd-cvs-archive@httpd.apache.org
Received: (qmail 53990 invoked by uid 500); 23 Jul 2006 11:12:21 -0000
Mailing-List: contact cvs-help@httpd.apache.org; run by ezmlm
Precedence: bulk
Reply-To: dev@httpd.apache.org
list-help: <mailto:cvs-help@httpd.apache.org>
list-unsubscribe: <mailto:cvs-unsubscribe@httpd.apache.org>
List-Post: <mailto:cvs@httpd.apache.org>
List-Id: <cvs.httpd.apache.org>
Delivered-To: mailing list cvs@httpd.apache.org
Received: (qmail 53979 invoked by uid 99); 23 Jul 2006 11:12:21 -0000
Received: from asf.osuosl.org (HELO asf.osuosl.org) (140.211.166.49)
    by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 23 Jul 2006 04:12:21 -0700
X-ASF-Spam-Status: No, hits=-9.4 required=10.0
	tests=ALL_TRUSTED,NO_REAL_NAME
X-Spam-Check-By: apache.org
Received-SPF: pass (asf.osuosl.org: local policy)
Received: from [140.211.166.113] (HELO eris.apache.org) (140.211.166.113)
    by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 23 Jul 2006 04:12:20 -0700
Received: by eris.apache.org (Postfix, from userid 65534)
	id 2D1021A981A; Sun, 23 Jul 2006 04:12:00 -0700 (PDT)
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Subject: svn commit: r424711 - in /httpd/httpd/branches/2.2.x/modules/ssl:
 mod_ssl.c
 ssl_engine_config.c ssl_engine_init.c ssl_engine_pphrase.c ssl_private.h
 ssl_util.c
Date: Sun, 23 Jul 2006 11:11:59 -0000
To: cvs@httpd.apache.org
From: ben@apache.org
X-Mailer: svnmailer-1.0.8
Message-Id: <20060723111200.2D1021A981A@eris.apache.org>
X-Virus-Checked: Checked by ClamAV on apache.org
X-Spam-Rating: minotaur.apache.org 1.6.2 0/1000/N

Author: ben
Date: Sun Jul 23 04:11:58 2006
New Revision: 424711

URL: http://svn.apache.org/viewvc?rev=424711&view=rev
Log:
Reverse PKCS#7 patch.

Modified:
    httpd/httpd/branches/2.2.x/modules/ssl/mod_ssl.c
    httpd/httpd/branches/2.2.x/modules/ssl/ssl_engine_config.c
    httpd/httpd/branches/2.2.x/modules/ssl/ssl_engine_init.c
    httpd/httpd/branches/2.2.x/modules/ssl/ssl_engine_pphrase.c
    httpd/httpd/branches/2.2.x/modules/ssl/ssl_private.h
    httpd/httpd/branches/2.2.x/modules/ssl/ssl_util.c

Modified: httpd/httpd/branches/2.2.x/modules/ssl/mod_ssl.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/modules/ssl/mod_ssl.c?rev=424711&r1=424710&r2=424711&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/modules/ssl/mod_ssl.c (original)
+++ httpd/httpd/branches/2.2.x/modules/ssl/mod_ssl.c Sun Jul 23 04:11:58 2006
@@ -111,9 +111,6 @@
     SSL_CMD_SRV(CertificateChainFile, TAKE1,
                 "SSL Server CA Certificate Chain file "
                 "(`/path/to/file' - PEM encoded)")
-    SSL_CMD_SRV(PKCS7CertificateFile, TAKE1,
-		"PKCS#7 file containing server certificate and chain"
-		" certificates (`/path/to/file' - PEM ecnoded)")
     SSL_CMD_ALL(CACertificatePath, TAKE1,
                 "SSL CA Certificate path "
                 "(`/path/to/dir' - contains PEM encoded files)")

Modified: httpd/httpd/branches/2.2.x/modules/ssl/ssl_engine_config.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/modules/ssl/ssl_engine_config.c?rev=424711&r1=424710&r2=424711&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/modules/ssl/ssl_engine_config.c (original)
+++ httpd/httpd/branches/2.2.x/modules/ssl/ssl_engine_config.c Sun Jul 23 04:11:58 2006
@@ -777,22 +777,6 @@
     return NULL;
 }
 
-const char *ssl_cmd_SSLPKCS7CertificateFile(cmd_parms *cmd,
-                                            void *dcfg,
-                                            const char *arg)
-{
-    SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
-    const char *err;
-
-    if ((err = ssl_cmd_check_file(cmd, &arg))) {
-        return err;
-    }
-
-    sc->server->pkcs7 = arg;
-
-    return NULL;
-}
-
 #define NO_PER_DIR_SSL_CA \
     "Your ssl library does not have support for per-directory CA"
 

Modified: httpd/httpd/branches/2.2.x/modules/ssl/ssl_engine_init.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/modules/ssl/ssl_engine_init.c?rev=424711&r1=424710&r2=424711&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/modules/ssl/ssl_engine_init.c (original)
+++ httpd/httpd/branches/2.2.x/modules/ssl/ssl_engine_init.c Sun Jul 23 04:11:58 2006
@@ -357,7 +357,7 @@
      * check for important parameters and the
      * possibility that the user forgot to set them.
      */
-    if (!mctx->pks->cert_files[0] && !mctx->pkcs7) {
+    if (!mctx->pks->cert_files[0]) {
         ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
                 "No SSL Certificate set [hint: SSLCertificateFile]");
         ssl_die();
@@ -639,16 +639,6 @@
     }
 }
 
-static void ssl_init_ctx_pkcs7_cert_chain(server_rec *s,modssl_ctx_t *mctx)
-{
-    STACK_OF(X509) *certs=ssl_read_pkcs7(s, mctx->pkcs7);
-    int n;
-
-    if (!mctx->ssl_ctx->extra_certs)
-	for (n = 1; n < sk_X509_num(certs); ++n)
-	    SSL_CTX_add_extra_chain_cert(mctx->ssl_ctx, sk_X509_value(certs, n));
-}
-
 static void ssl_init_ctx_cert_chain(server_rec *s,
                                     apr_pool_t *p,
                                     apr_pool_t *ptemp,
@@ -657,11 +647,6 @@
     BOOL skip_first = FALSE;
     int i, n;
     const char *chain = mctx->cert_chain;
-
-    if (mctx->pkcs7) {
-	ssl_init_ctx_pkcs7_cert_chain(s,mctx);
-	return;
-    }
 
     /*
      * Optionally configure extra server certificate chain certificates.

Modified: httpd/httpd/branches/2.2.x/modules/ssl/ssl_engine_pphrase.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/modules/ssl/ssl_engine_pphrase.c?rev=424711&r1=424710&r2=424711&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/modules/ssl/ssl_engine_pphrase.c (original)
+++ httpd/httpd/branches/2.2.x/modules/ssl/ssl_engine_pphrase.c Sun Jul 23 04:11:58 2006
@@ -185,39 +185,30 @@
          * Read in server certificate(s): This is the easy part
          * because this file isn't encrypted in any way.
          */
-        if (sc->server->pks->cert_files[0] == NULL
-	    && sc->server->pkcs7 == NULL) {
+        if (sc->server->pks->cert_files[0] == NULL) {
             ap_log_error(APLOG_MARK, APLOG_ERR, 0, pServ,
                          "Server should be SSL-aware but has no certificate "
                          "configured [Hint: SSLCertificateFile]");
             ssl_die();
         }
-
         algoCert = SSL_ALGO_UNKNOWN;
         algoKey  = SSL_ALGO_UNKNOWN;
-        for (i = 0, j = 0; i < SSL_AIDX_MAX
-		 && (sc->server->pks->cert_files[i] != NULL
-		     || sc->server->pkcs7); i++) {
-	    if (sc->server->pkcs7) {
-		STACK_OF(X509) *certs = ssl_read_pkcs7(pServ, sc->server->pkcs7);
+        for (i = 0, j = 0; i < SSL_AIDX_MAX && sc->server->pks->cert_files[i] != NULL; i++) {
+
+            apr_cpystrn(szPath, sc->server->pks->cert_files[i], sizeof(szPath));
+            if ((rv = exists_and_readable(szPath, p, NULL)) != APR_SUCCESS) {
+                ap_log_error(APLOG_MARK, APLOG_ERR, rv, s,
+                             "Init: Can't open server certificate file %s",
+                             szPath);
+                ssl_die();
+            }
+            if ((pX509Cert = SSL_read_X509(szPath, NULL, NULL)) == NULL) {
+                ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
+                        "Init: Unable to read server certificate from file %s", szPath);
+                ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s);
+                ssl_die();
+            }
 
-		pX509Cert = sk_X509_value(certs, 0);
-		i = SSL_AIDX_MAX;
-	    } else {
-		apr_cpystrn(szPath, sc->server->pks->cert_files[i], sizeof(szPath));
-		if ((rv = exists_and_readable(szPath, p, NULL)) != APR_SUCCESS) {
-		    ap_log_error(APLOG_MARK, APLOG_ERR, rv, s,
-				 "Init: Can't open server certificate file %s",
-				 szPath);
-		    ssl_die();
-		}
-		if ((pX509Cert = SSL_read_X509(szPath, NULL, NULL)) == NULL) {
-		    ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
-				 "Init: Unable to read server certificate from file %s", szPath);
-		    ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s);
-		    ssl_die();
-		}
-	    }
             /*
              * check algorithm type of certificate and make
              * sure only one certificate per type is used.

Modified: httpd/httpd/branches/2.2.x/modules/ssl/ssl_private.h
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/modules/ssl/ssl_private.h?rev=424711&r1=424710&r2=424711&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/modules/ssl/ssl_private.h (original)
+++ httpd/httpd/branches/2.2.x/modules/ssl/ssl_private.h Sun Jul 23 04:11:58 2006
@@ -430,7 +430,6 @@
     const char   *pphrase_dialog_path;
 
     const char  *cert_chain;
-    const char  *pkcs7;
 
     /** certificate revocation list */
     const char  *crl_path;
@@ -498,7 +497,6 @@
 const char  *ssl_cmd_SSLCertificateFile(cmd_parms *, void *, const char *);
 const char  *ssl_cmd_SSLCertificateKeyFile(cmd_parms *, void *, const char *);
 const char  *ssl_cmd_SSLCertificateChainFile(cmd_parms *, void *, const char *);
-const char  *ssl_cmd_SSLPKCS7CertificateFile(cmd_parms *, void *, const char *);
 const char  *ssl_cmd_SSLCACertificatePath(cmd_parms *, void *, const char *);
 const char  *ssl_cmd_SSLCACertificateFile(cmd_parms *, void *, const char *);
 const char  *ssl_cmd_SSLCADNRequestPath(cmd_parms *, void *, const char *);
@@ -639,9 +637,6 @@
 const char *ssl_asn1_table_keyfmt(apr_pool_t *p,
                                   const char *id,
                                   int keytype);
-
-STACK_OF(X509) *ssl_read_pkcs7(server_rec *s, const char *pkcs7);
-
 /**  Mutex Support  */
 int          ssl_mutex_init(server_rec *, apr_pool_t *);
 int          ssl_mutex_reinit(server_rec *, apr_pool_t *);

Modified: httpd/httpd/branches/2.2.x/modules/ssl/ssl_util.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/modules/ssl/ssl_util.c?rev=424711&r1=424710&r2=424711&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/modules/ssl/ssl_util.c (original)
+++ httpd/httpd/branches/2.2.x/modules/ssl/ssl_util.c Sun Jul 23 04:11:58 2006
@@ -265,50 +265,6 @@
     return apr_pstrcat(p, id, ":", keystr, NULL);
 }
 
-STACK_OF(X509) *ssl_read_pkcs7(server_rec *s,const char *pkcs7)
-{
-    PKCS7 *p7;
-    STACK_OF(X509) *certs;
-    FILE *f;
-
-    f = fopen(pkcs7, "r");
-    if (!f) {
-        ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, "Can't open %s", pkcs7);
-	ssl_die();
-    }
-
-    p7 = PEM_read_PKCS7(f,NULL,NULL,NULL);
-    if (!p7) {
-	ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s,
-		     "Can't read PKCS7 object %s", pkcs7);
-	ssl_log_ssl_error(APLOG_MARK, APLOG_CRIT, s);
-	exit(1);
-    }
-
-    switch (OBJ_obj2nid(p7->type)) {
-    case NID_pkcs7_signed:
-	certs = p7->d.sign->cert;
-	break;
-
-    case NID_pkcs7_signedAndEnveloped:
-	certs = p7->d.signed_and_enveloped->cert;
-	break;
-
-    default:
-	ap_log_error(APLOG_MARK, APLOG_CRIT|APLOG_NOERRNO, 0, s,
-		     "Don't understand PKCS7 file %s", pkcs7);
-	ssl_die();
-    }
-
-    if (!certs) {
-	ap_log_error(APLOG_MARK, APLOG_CRIT|APLOG_NOERRNO, 0, s,
-		     "No certificates in %s", pkcs7);
-	ssl_die();
-    }
-
-    return certs;
-}
-
 
 #if APR_HAS_THREADS
 /*