#include "mpm_common.h"
#include "mod_md.h"
+static apr_status_t ssl_init_ca_cert_path(server_rec *, apr_pool_t *, const char *,
+ STACK_OF(X509_NAME) *, STACK_OF(X509_INFO) *);
+
APR_IMPLEMENT_OPTIONAL_HOOK_RUN_ALL(ssl, SSL, int, init_server,
(server_rec *s,apr_pool_t *p,int is_proxy,SSL_CTX *ctx),
(s,p,is_proxy,ctx), OK, DECLINED)
return NULL; /* impossible to reach. */
}
-static void ssl_add_version_components(apr_pool_t *p,
+static void ssl_add_version_components(apr_pool_t *ptemp, apr_pool_t *pconf,
server_rec *s)
{
- char *modver = ssl_var_lookup(p, s, NULL, NULL, "SSL_VERSION_INTERFACE");
- char *libver = ssl_var_lookup(p, s, NULL, NULL, "SSL_VERSION_LIBRARY");
- char *incver = ssl_var_lookup(p, s, NULL, NULL,
+ char *modver = ssl_var_lookup(ptemp, s, NULL, NULL, "SSL_VERSION_INTERFACE");
+ char *libver = ssl_var_lookup(ptemp, s, NULL, NULL, "SSL_VERSION_LIBRARY");
+ char *incver = ssl_var_lookup(ptemp, s, NULL, NULL,
"SSL_VERSION_LIBRARY_INTERFACE");
- ap_add_version_component(p, libver);
+ ap_add_version_component(pconf, libver);
ap_log_error(APLOG_MARK, APLOG_INFO, 0, s, APLOGNO(01876)
"%s compiled against Server: %s, Library: %s",
* Announce mod_ssl and SSL library in HTTP Server field
* as ``mod_ssl/X.X.X OpenSSL/X.X.X''
*/
- ssl_add_version_components(p, base_server);
+ ssl_add_version_components(ptemp, p, base_server);
modssl_init_app_data2_idx(); /* for modssl_get_app_data2() at request time */
}
if (pkp->cert_path) {
- apr_dir_t *dir;
- apr_finfo_t dirent;
- apr_int32_t finfo_flags = APR_FINFO_TYPE|APR_FINFO_NAME;
-
- if (apr_dir_open(&dir, pkp->cert_path, ptemp) == APR_SUCCESS) {
- while ((apr_dir_read(&dirent, finfo_flags, dir)) == APR_SUCCESS) {
- const char *fullname;
-
- if (dirent.filetype == APR_DIR) {
- continue; /* don't try to load directories */
- }
-
- fullname = apr_pstrcat(ptemp,
- pkp->cert_path, "/", dirent.name,
- NULL);
- load_x509_info(ptemp, sk, fullname);
- }
-
- apr_dir_close(dir);
- }
+ ssl_init_ca_cert_path(s, ptemp, pkp->cert_path, NULL, sk);
}
if ((ncerts = sk_X509_INFO_num(sk)) <= 0) {
sk_X509_NAME_free(sk);
}
+static apr_status_t ssl_init_ca_cert_path(server_rec *s,
+ apr_pool_t *ptemp,
+ const char *path,
+ STACK_OF(X509_NAME) *ca_list,
+ STACK_OF(X509_INFO) *xi_list)
+{
+ apr_dir_t *dir;
+ apr_finfo_t direntry;
+ apr_int32_t finfo_flags = APR_FINFO_TYPE|APR_FINFO_NAME;
+
+ if (!path || (!ca_list && !xi_list) ||
+ (apr_dir_open(&dir, path, ptemp) != APR_SUCCESS)) {
+ return APR_EGENERAL;
+ }
+
+ while ((apr_dir_read(&direntry, finfo_flags, dir)) == APR_SUCCESS) {
+ const char *file;
+ if (direntry.filetype == APR_DIR) {
+ continue; /* don't try to load directories */
+ }
+ file = apr_pstrcat(ptemp, path, "/", direntry.name, NULL);
+ if (ca_list) {
+ ssl_init_PushCAList(ca_list, s, ptemp, file);
+ }
+ if (xi_list) {
+ load_x509_info(ptemp, xi_list, file);
+ }
+ }
+
+ apr_dir_close(dir);
+
+ return APR_SUCCESS;
+}
+
STACK_OF(X509_NAME) *ssl_init_FindCAList(server_rec *s,
apr_pool_t *ptemp,
const char *ca_file,
/*
* Process CA certificate path files
*/
- if (ca_path) {
- apr_dir_t *dir;
- apr_finfo_t direntry;
- apr_int32_t finfo_flags = APR_FINFO_TYPE|APR_FINFO_NAME;
- apr_status_t rv;
-
- if ((rv = apr_dir_open(&dir, ca_path, ptemp)) != APR_SUCCESS) {
- ap_log_error(APLOG_MARK, APLOG_EMERG, rv, s, APLOGNO(02211)
- "Failed to open Certificate Path `%s'",
- ca_path);
- sk_X509_NAME_pop_free(ca_list, X509_NAME_free);
- return NULL;
- }
-
- while ((apr_dir_read(&direntry, finfo_flags, dir)) == APR_SUCCESS) {
- const char *file;
- if (direntry.filetype == APR_DIR) {
- continue; /* don't try to load directories */
- }
- file = apr_pstrcat(ptemp, ca_path, "/", direntry.name, NULL);
- ssl_init_PushCAList(ca_list, s, ptemp, file);
- }
-
- apr_dir_close(dir);
+ if (ca_path &&
+ ssl_init_ca_cert_path(s, ptemp,
+ ca_path, ca_list, NULL) != APR_SUCCESS) {
+ ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, APLOGNO(02211)
+ "Failed to open Certificate Path `%s'", ca_path);
+ sk_X509_NAME_pop_free(ca_list, X509_NAME_free);
+ return NULL;
}
/*
}
else {
BIO* bio;
- int n;
unsigned long flags = XN_FLAG_RFC2253 & ~ASN1_STRFLGS_ESC_MSB;
+
if ((bio = BIO_new(BIO_s_mem())) == NULL)
return NULL;
X509_NAME_print_ex(bio, xsname, 0, flags);
- n = BIO_pending(bio);
- if (n > 0) {
- result = apr_palloc(p, n+1);
- n = BIO_read(bio, result, n);
- result[n] = NUL;
- }
- BIO_free(bio);
+
+ result = modssl_bio_free_read(p, bio);
}
return result;
}
static char *ssl_var_lookup_ssl_cert_valid(apr_pool_t *p, ASN1_TIME *tm)
{
- char *result;
BIO* bio;
- int n;
if ((bio = BIO_new(BIO_s_mem())) == NULL)
return NULL;
ASN1_TIME_print(bio, tm);
- n = BIO_pending(bio);
- result = apr_pcalloc(p, n+1);
- n = BIO_read(bio, result, n);
- result[n] = NUL;
- BIO_free(bio);
- return result;
+
+ return modssl_bio_free_read(p, bio);
}
#define DIGIT2NUM(x) (((x)[0] - '0') * 10 + (x)[1] - '0')
static char *ssl_var_lookup_ssl_cert_serial(apr_pool_t *p, X509 *xs)
{
- char *result;
BIO *bio;
- int n;
if ((bio = BIO_new(BIO_s_mem())) == NULL)
return NULL;
i2a_ASN1_INTEGER(bio, X509_get_serialNumber(xs));
- n = BIO_pending(bio);
- result = apr_pcalloc(p, n+1);
- n = BIO_read(bio, result, n);
- result[n] = NUL;
- BIO_free(bio);
- return result;
+
+ return modssl_bio_free_read(p, bio);
}
static char *ssl_var_lookup_ssl_cert_chain(apr_pool_t *p, STACK_OF(X509) *sk, char *var)
static char *ssl_var_lookup_ssl_cert_PEM(apr_pool_t *p, X509 *xs)
{
- char *result;
BIO *bio;
- int n;
if ((bio = BIO_new(BIO_s_mem())) == NULL)
return NULL;
PEM_write_bio_X509(bio, xs);
- n = BIO_pending(bio);
- result = apr_pcalloc(p, n+1);
- n = BIO_read(bio, result, n);
- result[n] = NUL;
- BIO_free(bio);
- return result;
+
+ return modssl_bio_free_read(p, bio);
}
static char *ssl_var_lookup_ssl_cert_verify(apr_pool_t *p, SSLConnRec *sslconn)
return TRUE;
}
+char *modssl_bio_free_read(apr_pool_t *p, BIO *bio)
+{
+ int len = BIO_pending(bio);
+ char *result = NULL;
+
+ if (len > 0) {
+ result = apr_palloc(p, len+1);
+ len = BIO_read(bio, result, len);
+ result[len] = NUL;
+ }
+ BIO_free(bio);
+ return result;
+}
+
/* Convert ASN.1 string to a pool-allocated char * string, escaping
* control characters. If raw is zero, convert to UTF-8, otherwise
* unchanged from the character set. */
static char *asn1_string_convert(apr_pool_t *p, ASN1_STRING *asn1str, int raw)
{
- char *result = NULL;
BIO *bio;
- int len, flags = ASN1_STRFLGS_ESC_CTRL;
+ int flags = ASN1_STRFLGS_ESC_CTRL;
if ((bio = BIO_new(BIO_s_mem())) == NULL)
return NULL;
if (!raw) flags |= ASN1_STRFLGS_UTF8_CONVERT;
ASN1_STRING_print_ex(bio, asn1str, flags);
- len = BIO_pending(bio);
- if (len > 0) {
- result = apr_palloc(p, len+1);
- len = BIO_read(bio, result, len);
- result[len] = NUL;
- }
- BIO_free(bio);
- return result;
+
+ return modssl_bio_free_read(p, bio);
}
#define asn1_string_to_utf8(p, a) asn1_string_convert(p, a, 0)
projects / thirdparty / apache / httpd.git / commitdiff
