httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jkal...@apache.org
Subject svn commit: r1550060 - in /httpd/httpd/trunk: CHANGES modules/ssl/ssl_engine_config.c
Date Wed, 11 Dec 2013 07:16:28 GMT
Author: jkaluza
Date: Wed Dec 11 07:16:28 2013
New Revision: 1550060

URL: http://svn.apache.org/r1550060
Log:
mod_ssl: Add -t -DDUMP_CA_CERTS option which dumps the filenames of all
configured SSL CA certificates to stdout the same way as DUMP_CERTS does.

Modified:
    httpd/httpd/trunk/CHANGES
    httpd/httpd/trunk/modules/ssl/ssl_engine_config.c

Modified: httpd/httpd/trunk/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?rev=1550060&r1=1550059&r2=1550060&view=diff
==============================================================================
--- httpd/httpd/trunk/CHANGES [utf-8] (original)
+++ httpd/httpd/trunk/CHANGES [utf-8] Wed Dec 11 07:16:28 2013
@@ -1,5 +1,8 @@
                                                          -*- coding: utf-8 -*-
 Changes with Apache 2.5.0
+  *) mod_ssl: Add -t -DDUMP_CA_CERTS option which dumps the filenames of all
+     configured SSL CA certificates to stdout the same way as DUMP_CERTS does.
+     [Jan Kaluza]
 
   *) mod_cache_disk: Fix potential hangs on Windows when using mod_cache_disk. 
      PR55833. [Eric Covener]

Modified: httpd/httpd/trunk/modules/ssl/ssl_engine_config.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/ssl_engine_config.c?rev=1550060&r1=1550059&r2=1550060&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/ssl/ssl_engine_config.c (original)
+++ httpd/httpd/trunk/modules/ssl/ssl_engine_config.c Wed Dec 11 07:16:28 2013
@@ -1870,30 +1870,95 @@ const char *ssl_cmd_SSLSRPUnknownUserSee
 
 #endif /* HAVE_SRP */
 
-void ssl_hook_ConfigTest(apr_pool_t *pconf, server_rec *s)
+static void dump_ca_cert_file(apr_file_t *out, const char *file) {
+    X509 *rc;
+    BIO *bioS;
+
+    if ((bioS=BIO_new_file(file, "r")) == NULL) {
+        return;
+    }
+
+    /* ca_cert_file is loaded using SSL_load_client_CA_file(). This method
+     * loads only file of PEM formatted certificates, so we have to load
+     * only PEM here too, to stay consistent.
+     */
+    rc = PEM_read_bio_X509 (bioS, NULL, NULL, NULL);
+    BIO_free(bioS);
+    if (rc) {
+        apr_file_printf(out, "  %s\n", file);
+        X509_free(rc);
+    }
+}
+
+static void dump_ca_cert_path(apr_pool_t *pool, apr_file_t *out,
+                              const char *ca_cert_path)
 {
-    apr_file_t *out = NULL;
-    if (!ap_exists_config_define("DUMP_CERTS")) {
+    apr_dir_t *dir;
+    apr_finfo_t direntry;
+    apr_int32_t finfo_flags = APR_FINFO_TYPE|APR_FINFO_NAME;
+
+    if (apr_dir_open(&dir, ca_cert_path, pool) != APR_SUCCESS) {
         return;
     }
-    apr_file_open_stdout(&out, pconf);
-    apr_file_printf(out, "Server certificates:\n");
 
-    /* Dump the filenames of all configured server certificates to
-     * stdout. */
-    while (s) {
-        SSLSrvConfigRec *sc = mySrvConfig(s);
-
-        if (sc && sc->server && sc->server->pks) {
-            modssl_pk_server_t *const pks = sc->server->pks;
-            int i;
+    while ((apr_dir_read(&direntry, finfo_flags, dir)) == APR_SUCCESS) {
+        char *file;
+        if (direntry.filetype == APR_DIR) {
+            continue; /* don't try to load directories */
+        }
+        file = apr_pstrcat(pool, ca_cert_path, "/", direntry.name, NULL);
+        dump_ca_cert_file(out, file);
+    }
+}
 
-            for (i = 0; (i < SSL_AIDX_MAX) && pks->cert_files[i]; i++) {
-                apr_file_printf(out, "  %s\n", pks->cert_files[i]);
+void ssl_hook_ConfigTest(apr_pool_t *pconf, server_rec *s)
+{
+    apr_file_t *out = NULL;
+    if (ap_exists_config_define("DUMP_CERTS")) {
+        apr_file_open_stdout(&out, pconf);
+        apr_file_printf(out, "Server certificates:\n");
+
+        /* Dump the filenames of all configured server certificates to
+        * stdout. */
+        while (s) {
+            SSLSrvConfigRec *sc = mySrvConfig(s);
+
+            if (sc && sc->server && sc->server->pks) {
+                modssl_pk_server_t *const pks = sc->server->pks;
+                int i;
+
+                for (i = 0; (i < SSL_AIDX_MAX) && pks->cert_files[i]; i++)
{
+                    apr_file_printf(out, "  %s\n", pks->cert_files[i]);
+                }
             }
+
+            s = s->next;
         }
+        return;
+    }
+
+    if (ap_exists_config_define("DUMP_CA_CERTS")) {
+        apr_file_open_stdout(&out, pconf);
+        apr_file_printf(out, "Server CA certificates:\n");
+
+        /* Dump the filenames of all configured server CA certificates to
+        * stdout. */
+        while (s) {
+            SSLSrvConfigRec *sc = mySrvConfig(s);
+
+            if (sc && sc->server) {
+                if (sc->server->auth.ca_cert_path) {
+                    dump_ca_cert_path(pconf, out,
+                                      sc->server->auth.ca_cert_path);
+                }
+                if (sc->server->auth.ca_cert_file) {
+                    dump_ca_cert_file(out, sc->server->auth.ca_cert_file);
+                }
+            }
 
-        s = s->next;
+            s = s->next;
+        }
+        return;
     }
 
 }



Mime
View raw message