"SSL Server CA Certificate Chain file "
"(`/path/to/file' - PEM encoded)")
SSL_CMD_SRV(PKCS7CertificateFile, TAKE1,
- "PKCS#7 file containing server certificate and chain"
- " certificates (`/path/to/file' - PEM ecnoded)")
+ "PKCS#7 file containing server certificate and chain"
+ " certificates (`/path/to/file' - PEM ecnoded)")
SSL_CMD_ALL(CACertificatePath, TAKE1,
"SSL CA Certificate path "
"(`/path/to/dir' - contains PEM encoded files)")
int n;
if (!mctx->ssl_ctx->extra_certs)
- for (n = 1; n < sk_X509_num(certs); ++n)
- SSL_CTX_add_extra_chain_cert(mctx->ssl_ctx, sk_X509_value(certs, n));
+ for (n = 1; n < sk_X509_num(certs); ++n)
+ SSL_CTX_add_extra_chain_cert(mctx->ssl_ctx, sk_X509_value(certs, n));
}
static void ssl_init_ctx_cert_chain(server_rec *s,
const char *chain = mctx->cert_chain;
if (mctx->pkcs7) {
- ssl_init_ctx_pkcs7_cert_chain(s,mctx);
- return;
+ ssl_init_ctx_pkcs7_cert_chain(s, mctx);
+ return;
}
/*
* because this file isn't encrypted in any way.
*/
if (sc->server->pks->cert_files[0] == NULL
- && sc->server->pkcs7 == NULL) {
+ && sc->server->pkcs7 == NULL) {
ap_log_error(APLOG_MARK, APLOG_ERR, 0, pServ,
"Server should be SSL-aware but has no certificate "
"configured [Hint: SSLCertificateFile]");
algoCert = SSL_ALGO_UNKNOWN;
algoKey = SSL_ALGO_UNKNOWN;
for (i = 0, j = 0; i < SSL_AIDX_MAX
- && (sc->server->pks->cert_files[i] != NULL
- || sc->server->pkcs7); i++) {
- if (sc->server->pkcs7) {
- STACK_OF(X509) *certs = ssl_read_pkcs7(pServ, sc->server->pkcs7);
-
- pX509Cert = sk_X509_value(certs, 0);
- i = SSL_AIDX_MAX;
- } else {
- apr_cpystrn(szPath, sc->server->pks->cert_files[i], sizeof(szPath));
- if ((rv = exists_and_readable(szPath, p, NULL)) != APR_SUCCESS) {
- ap_log_error(APLOG_MARK, APLOG_ERR, rv, s,
- "Init: Can't open server certificate file %s",
- szPath);
- ssl_die();
- }
- if ((pX509Cert = SSL_read_X509(szPath, NULL, NULL)) == NULL) {
- ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
- "Init: Unable to read server certificate from file %s", szPath);
- ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s);
- ssl_die();
- }
- }
+ && (sc->server->pks->cert_files[i] != NULL
+ || sc->server->pkcs7); i++) {
+ if (sc->server->pkcs7) {
+ STACK_OF(X509) *certs = ssl_read_pkcs7(pServ,
+ sc->server->pkcs7);
+ pX509Cert = sk_X509_value(certs, 0);
+ i = SSL_AIDX_MAX;
+ } else {
+ apr_cpystrn(szPath, sc->server->pks->cert_files[i],
+ sizeof(szPath));
+ if ((rv = exists_and_readable(szPath, p, NULL))
+ != APR_SUCCESS) {
+ ap_log_error(APLOG_MARK, APLOG_ERR, rv, s,
+ "Init: Can't open server certificate file %s",
+ szPath);
+ ssl_die();
+ }
+ if ((pX509Cert = SSL_read_X509(szPath, NULL, NULL)) == NULL) {
+ ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
+ "Init: Unable to read server certificate from"
+ " file %s", szPath);
+ ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s);
+ ssl_die();
+ }
+ }
/*
* check algorithm type of certificate and make
* sure only one certificate per type is used.
STACK_OF(X509) *ssl_read_pkcs7(server_rec *s,const char *pkcs7)
{
PKCS7 *p7;
- STACK_OF(X509) *certs;
+ STACK_OF(X509) *certs = NULL;
FILE *f;
f = fopen(pkcs7, "r");
if (!f) {
ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, "Can't open %s", pkcs7);
- ssl_die();
+ ssl_die();
}
p7 = PEM_read_PKCS7(f,NULL,NULL,NULL);
if (!p7) {
- ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s,
- "Can't read PKCS7 object %s", pkcs7);
- ssl_log_ssl_error(APLOG_MARK, APLOG_CRIT, s);
- exit(1);
+ ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s,
+ "Can't read PKCS7 object %s", pkcs7);
+ ssl_log_ssl_error(APLOG_MARK, APLOG_CRIT, s);
+ exit(1);
}
switch (OBJ_obj2nid(p7->type)) {
case NID_pkcs7_signed:
- certs = p7->d.sign->cert;
- break;
+ certs = p7->d.sign->cert;
+ break;
case NID_pkcs7_signedAndEnveloped:
- certs = p7->d.signed_and_enveloped->cert;
- break;
+ certs = p7->d.signed_and_enveloped->cert;
+ break;
default:
- ap_log_error(APLOG_MARK, APLOG_CRIT|APLOG_NOERRNO, 0, s,
- "Don't understand PKCS7 file %s", pkcs7);
- ssl_die();
+ ap_log_error(APLOG_MARK, APLOG_CRIT|APLOG_NOERRNO, 0, s,
+ "Don't understand PKCS7 file %s", pkcs7);
+ ssl_die();
}
if (!certs) {
- ap_log_error(APLOG_MARK, APLOG_CRIT|APLOG_NOERRNO, 0, s,
- "No certificates in %s", pkcs7);
- ssl_die();
+ ap_log_error(APLOG_MARK, APLOG_CRIT|APLOG_NOERRNO, 0, s,
+ "No certificates in %s", pkcs7);
+ ssl_die();
}
+ fclose(f);
+
return certs;
}
projects / thirdparty / apache / httpd.git / commitdiff
