SSL_CONF_CTX_set_flags(mctx->ssl_ctx_config, SSL_CONF_FLAG_FILE);
SSL_CONF_CTX_set_flags(mctx->ssl_ctx_config, SSL_CONF_FLAG_SERVER);
SSL_CONF_CTX_set_flags(mctx->ssl_ctx_config, SSL_CONF_FLAG_CERTIFICATE);
- mctx->ssl_ctx_param = apr_array_make(p, 10, sizeof(ssl_ctx_param_t));
+ mctx->ssl_ctx_param = apr_array_make(p, 5, sizeof(ssl_ctx_param_t));
#endif
}
#define cfgMergeBool(el) cfgMerge(el, UNSET)
#define cfgMergeInt(el) cfgMerge(el, UNSET)
-static void modssl_ctx_cfg_merge(modssl_ctx_t *base,
+static void modssl_ctx_cfg_merge(apr_pool_t *p,
+ modssl_ctx_t *base,
modssl_ctx_t *add,
modssl_ctx_t *mrg)
{
#endif
#ifdef HAVE_SSL_CONF_CMD
- apr_array_cat(mrg->ssl_ctx_param, base->ssl_ctx_param);
- apr_array_cat(mrg->ssl_ctx_param, add->ssl_ctx_param);
+ cfgMergeArray(ssl_ctx_param);
#endif
}
-static void modssl_ctx_cfg_merge_proxy(modssl_ctx_t *base,
+static void modssl_ctx_cfg_merge_proxy(apr_pool_t *p,
+ modssl_ctx_t *base,
modssl_ctx_t *add,
modssl_ctx_t *mrg)
{
- modssl_ctx_cfg_merge(base, add, mrg);
+ modssl_ctx_cfg_merge(p, base, add, mrg);
cfgMergeString(pkp->cert_file);
cfgMergeString(pkp->cert_path);
cfgMergeString(pkp->ca_cert_file);
}
-static void modssl_ctx_cfg_merge_server(modssl_ctx_t *base,
+static void modssl_ctx_cfg_merge_server(apr_pool_t *p,
+ modssl_ctx_t *base,
modssl_ctx_t *add,
modssl_ctx_t *mrg)
{
int i;
- modssl_ctx_cfg_merge(base, add, mrg);
+ modssl_ctx_cfg_merge(p, base, add, mrg);
for (i = 0; i < SSL_AIDX_MAX; i++) {
cfgMergeString(pks->cert_files[i]);
cfgMergeBool(compression);
#endif
- modssl_ctx_cfg_merge_proxy(base->proxy, add->proxy, mrg->proxy);
+ modssl_ctx_cfg_merge_proxy(p, base->proxy, add->proxy, mrg->proxy);
- modssl_ctx_cfg_merge_server(base->server, add->server, mrg->server);
+ modssl_ctx_cfg_merge_server(p, base->server, add->server, mrg->server);
return mrg;
}
}
#endif /* HAVE_OCSP_STAPLING */
+
#ifdef HAVE_SSL_CONF_CMD
const char *ssl_cmd_SSLOpenSSLConfCmd(cmd_parms *cmd, void *dcfg,
const char *arg1, const char *arg2)
{
SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
- ssl_ctx_param_t *param = apr_array_push(sc->server->ssl_ctx_param);
SSL_CONF_CTX *cctx = sc->server->ssl_ctx_config;
- const char *err;
int value_type = SSL_CONF_cmd_value_type(cctx, arg1);
+ const char *err;
+ ssl_ctx_param_t *param;
+
if (value_type == SSL_CONF_TYPE_UNKNOWN) {
return apr_psprintf(cmd->pool,
"'%s': invalid OpenSSL configuration command",
arg1);
}
+
if (value_type == SSL_CONF_TYPE_FILE) {
if ((err = ssl_cmd_check_file(cmd, &arg2)))
return err;
if ((err = ssl_cmd_check_dir(cmd, &arg2)))
return err;
}
+
+ param = apr_array_push(sc->server->ssl_ctx_param);
param->name = arg1;
param->value = arg2;
return NULL;
}
#endif
+
#ifdef HAVE_SRP
const char *ssl_cmd_SSLSRPVerifierFile(cmd_parms *cmd, void *dcfg,
SSL_CTX_set_options(ctx, SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION);
#endif
-#ifdef HAVE_SSL_CONF_CMD
-{
- ssl_ctx_param_t *param = (ssl_ctx_param_t *)mctx->ssl_ctx_param->elts;
- SSL_CONF_CTX *cctx = mctx->ssl_ctx_config;
- int i;
- SSL_CONF_CTX_set_ssl_ctx(cctx, ctx);
- for (i = 0; i < mctx->ssl_ctx_param->nelts; i++, param++) {
- if (SSL_CONF_cmd(cctx, param->name, param->value) <= 0) {
- ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, APLOGNO(02407)
- "Error SSL_CONF_cmd(\"%s\",\"%s\")",
- param->name, param->value);
- ssl_log_ssl_error(SSLLOG_MARK, APLOG_EMERG, s);
- return ssl_die(s);
- }
- }
- if (SSL_CONF_CTX_finish(cctx) == 0) {
- ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, APLOGNO(02547)
- "Error SSL_CONF_CTX_finish()");
- ssl_log_ssl_error(SSLLOG_MARK, APLOG_EMERG, s);
- return ssl_die(s);
- }
-}
-#endif
-
#ifdef SSL_MODE_RELEASE_BUFFERS
/* If httpd is configured to reduce mem usage, ask openssl to do so, too */
if (ap_max_mem_free != APR_ALLOCATOR_MAX_FREE_UNLIMITED)
SSLSrvConfigRec *sc)
{
apr_status_t rv;
+#ifdef HAVE_SSL_CONF_CMD
+ ssl_ctx_param_t *param = (ssl_ctx_param_t *)sc->server->ssl_ctx_param->elts;
+ SSL_CONF_CTX *cctx = sc->server->ssl_ctx_config;
+ int i;
+#endif
if ((rv = ssl_init_server_check(s, p, ptemp, sc->server)) != APR_SUCCESS) {
return rv;
return rv;
}
+#ifdef HAVE_SSL_CONF_CMD
+ SSL_CONF_CTX_set_ssl_ctx(cctx, sc->server->ssl_ctx);
+ for (i = 0; i < sc->server->ssl_ctx_param->nelts; i++, param++) {
+ if (SSL_CONF_cmd(cctx, param->name, param->value) <= 0) {
+ ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, APLOGNO(02407)
+ "\"SSLOpenSSLConfCmd %s %s\" failed for %s",
+ param->name, param->value, sc->vhost_id);
+ ssl_log_ssl_error(SSLLOG_MARK, APLOG_EMERG, s);
+ return ssl_die(s);
+ } else {
+ ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO(02556)
+ "\"SSLOpenSSLConfCmd %s %s\" applied to %s",
+ param->name, param->value, sc->vhost_id);
+ }
+ }
+ if (SSL_CONF_CTX_finish(cctx) == 0) {
+ ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, APLOGNO(02547)
+ "SSL_CONF_CTX_finish() failed");
+ SSL_CONF_CTX_free(cctx);
+ ssl_log_ssl_error(SSLLOG_MARK, APLOG_EMERG, s);
+ return ssl_die(s);
+ }
+ SSL_CONF_CTX_free(cctx);
+#endif
+
#ifdef HAVE_TLS_SESSION_TICKETS
if ((rv = ssl_init_ticket_key(s, p, ptemp, sc->server)) != APR_SUCCESS) {
return rv;
static void ssl_init_ctx_cleanup(modssl_ctx_t *mctx)
{
MODSSL_CFG_ITEM_FREE(SSL_CTX_free, mctx->ssl_ctx);
-#ifdef HAVE_SSL_CONF_CMD
- MODSSL_CFG_ITEM_FREE(SSL_CONF_CTX_free, mctx->ssl_ctx_config);
-#endif
#ifdef HAVE_SRP
if (mctx->srp_vbase != NULL) {
projects / thirdparty / apache / httpd.git / commitdiff
