httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From s...@apache.org
Subject svn commit: r1677834 - in /httpd/httpd/trunk/modules/ssl: ssl_engine_init.c ssl_util_ssl.c ssl_util_ssl.h
Date Tue, 05 May 2015 14:29:11 GMT
Author: stsp
Date: Tue May  5 14:29:11 2015
New Revision: 1677834

URL: http://svn.apache.org/r1677834
Log:
mod_ssl namespacing: Move SSL_CTX_use_certificate_chain() into ssl_engine_init.c
and make it a static function called use_certificate_chain().

Modified:
    httpd/httpd/trunk/modules/ssl/ssl_engine_init.c
    httpd/httpd/trunk/modules/ssl/ssl_util_ssl.c
    httpd/httpd/trunk/modules/ssl/ssl_util_ssl.h

Modified: httpd/httpd/trunk/modules/ssl/ssl_engine_init.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/ssl_engine_init.c?rev=1677834&r1=1677833&r2=1677834&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/ssl/ssl_engine_init.c (original)
+++ httpd/httpd/trunk/modules/ssl/ssl_engine_init.c Tue May  5 14:29:11 2015
@@ -830,6 +830,65 @@ static apr_status_t ssl_init_ctx_crl(ser
     return APR_SUCCESS;
 }
 
+/*
+ * Read a file that optionally contains the server certificate in PEM
+ * format, possibly followed by a sequence of CA certificates that
+ * should be sent to the peer in the SSL Certificate message.
+ */
+static int use_certificate_chain(
+    SSL_CTX *ctx, char *file, int skipfirst, pem_password_cb *cb)
+{
+    BIO *bio;
+    X509 *x509;
+    unsigned long err;
+    int n;
+
+    if ((bio = BIO_new(BIO_s_file_internal())) == NULL)
+        return -1;
+    if (BIO_read_filename(bio, file) <= 0) {
+        BIO_free(bio);
+        return -1;
+    }
+    /* optionally skip a leading server certificate */
+    if (skipfirst) {
+        if ((x509 = PEM_read_bio_X509(bio, NULL, cb, NULL)) == NULL) {
+            BIO_free(bio);
+            return -1;
+        }
+        X509_free(x509);
+    }
+    /* free a perhaps already configured extra chain */
+#ifdef OPENSSL_NO_SSL_INTERN
+    SSL_CTX_clear_extra_chain_certs(ctx);
+#else
+    if (ctx->extra_certs != NULL) {
+        sk_X509_pop_free((STACK_OF(X509) *)ctx->extra_certs, X509_free);
+        ctx->extra_certs = NULL;
+    }
+#endif
+    /* create new extra chain by loading the certs */
+    n = 0;
+    while ((x509 = PEM_read_bio_X509(bio, NULL, cb, NULL)) != NULL) {
+        if (!SSL_CTX_add_extra_chain_cert(ctx, x509)) {
+            X509_free(x509);
+            BIO_free(bio);
+            return -1;
+        }
+        n++;
+    }
+    /* Make sure that only the error is just an EOF */
+    if ((err = ERR_peek_error()) > 0) {
+        if (!(   ERR_GET_LIB(err) == ERR_LIB_PEM
+              && ERR_GET_REASON(err) == PEM_R_NO_START_LINE)) {
+            BIO_free(bio);
+            return -1;
+        }
+        while (ERR_get_error() > 0) ;
+    }
+    BIO_free(bio);
+    return n;
+}
+
 static apr_status_t ssl_init_ctx_cert_chain(server_rec *s,
                                             apr_pool_t *p,
                                             apr_pool_t *ptemp,
@@ -865,9 +924,7 @@ static apr_status_t ssl_init_ctx_cert_ch
         }
     }
 
-    n = SSL_CTX_use_certificate_chain(mctx->ssl_ctx,
-                                      (char *)chain,
-                                      skip_first, NULL);
+    n = use_certificate_chain(mctx->ssl_ctx, (char *)chain, skip_first, NULL);
     if (n < 0) {
         ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, APLOGNO(01903)
                 "Failed to configure CA certificate chain!");

Modified: httpd/httpd/trunk/modules/ssl/ssl_util_ssl.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/ssl_util_ssl.c?rev=1677834&r1=1677833&r2=1677834&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/ssl/ssl_util_ssl.c (original)
+++ httpd/httpd/trunk/modules/ssl/ssl_util_ssl.c Tue May  5 14:29:11 2015
@@ -445,71 +445,6 @@ EC_GROUP *ssl_ec_GetParamFromFile(const
 
 /*  _________________________________________________________________
 **
-**  Extra Server Certificate Chain Support
-**  _________________________________________________________________
-*/
-
-/*
- * Read a file that optionally contains the server certificate in PEM
- * format, possibly followed by a sequence of CA certificates that
- * should be sent to the peer in the SSL Certificate message.
- */
-int SSL_CTX_use_certificate_chain(
-    SSL_CTX *ctx, char *file, int skipfirst, pem_password_cb *cb)
-{
-    BIO *bio;
-    X509 *x509;
-    unsigned long err;
-    int n;
-
-    if ((bio = BIO_new(BIO_s_file_internal())) == NULL)
-        return -1;
-    if (BIO_read_filename(bio, file) <= 0) {
-        BIO_free(bio);
-        return -1;
-    }
-    /* optionally skip a leading server certificate */
-    if (skipfirst) {
-        if ((x509 = PEM_read_bio_X509(bio, NULL, cb, NULL)) == NULL) {
-            BIO_free(bio);
-            return -1;
-        }
-        X509_free(x509);
-    }
-    /* free a perhaps already configured extra chain */
-#ifdef OPENSSL_NO_SSL_INTERN
-    SSL_CTX_clear_extra_chain_certs(ctx);
-#else
-    if (ctx->extra_certs != NULL) {
-        sk_X509_pop_free((STACK_OF(X509) *)ctx->extra_certs, X509_free);
-        ctx->extra_certs = NULL;
-    }
-#endif
-    /* create new extra chain by loading the certs */
-    n = 0;
-    while ((x509 = PEM_read_bio_X509(bio, NULL, cb, NULL)) != NULL) {
-        if (!SSL_CTX_add_extra_chain_cert(ctx, x509)) {
-            X509_free(x509);
-            BIO_free(bio);
-            return -1;
-        }
-        n++;
-    }
-    /* Make sure that only the error is just an EOF */
-    if ((err = ERR_peek_error()) > 0) {
-        if (!(   ERR_GET_LIB(err) == ERR_LIB_PEM
-              && ERR_GET_REASON(err) == PEM_R_NO_START_LINE)) {
-            BIO_free(bio);
-            return -1;
-        }
-        while (ERR_get_error() > 0) ;
-    }
-    BIO_free(bio);
-    return n;
-}
-
-/*  _________________________________________________________________
-**
 **  Session Stuff
 **  _________________________________________________________________
 */

Modified: httpd/httpd/trunk/modules/ssl/ssl_util_ssl.h
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/ssl_util_ssl.h?rev=1677834&r1=1677833&r2=1677834&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/ssl/ssl_util_ssl.h (original)
+++ httpd/httpd/trunk/modules/ssl/ssl_util_ssl.h Tue May  5 14:29:11 2015
@@ -67,7 +67,6 @@ char       *modssl_X509_NAME_ENTRY_to_st
 char       *modssl_X509_NAME_to_string(apr_pool_t *, X509_NAME *, int);
 BOOL        modssl_X509_getSAN(apr_pool_t *, X509 *, int, int, apr_array_header_t **);
 BOOL        modssl_X509_match_name(apr_pool_t *, X509 *, const char *, BOOL, server_rec *);
-int         SSL_CTX_use_certificate_chain(SSL_CTX *, char *, int, pem_password_cb *);
 char       *SSL_SESSION_id2sz(unsigned char *, int, char *, int);
 
 #endif /* __SSL_UTIL_SSL_H__ */



Mime
View raw message