mctx->srp_vbase = NULL;
#endif
#ifdef HAVE_SSL_CONF_CMD
+ mctx->ssl_ctx_config = SSL_CONF_CTX_new();
+ SSL_CONF_CTX_set_flags(mctx->ssl_ctx_config, SSL_CONF_FLAG_FILE);
+ SSL_CONF_CTX_set_flags(mctx->ssl_ctx_config, SSL_CONF_FLAG_SERVER);
+ SSL_CONF_CTX_set_flags(mctx->ssl_ctx_config, SSL_CONF_FLAG_CERTIFICATE);
mctx->ssl_ctx_param = apr_array_make(p, 10, sizeof(ssl_ctx_param_t));
#endif
}
const char *ssl_cmd_SSLOpenSSLConfCmd(cmd_parms *cmd, void *dcfg,
const char *arg1, const char *arg2)
{
- ssl_ctx_param_t *param;
SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
- param = apr_array_push(sc->server->ssl_ctx_param);
+ ssl_ctx_param_t *param = apr_array_push(sc->server->ssl_ctx_param);
+ SSL_CONF_CTX *cctx = sc->server->ssl_ctx_config;
+ const char *err;
+ int value_type = SSL_CONF_cmd_value_type(cctx, arg1);
+ if (value_type == SSL_CONF_TYPE_UNKNOWN) {
+ return apr_psprintf(cmd->pool,
+ "'%s': invalid OpenSSL configuration command",
+ arg1);
+ }
+ if (value_type == SSL_CONF_TYPE_FILE) {
+ if ((err = ssl_cmd_check_file(cmd, &arg2)))
+ return err;
+ }
+ else if (value_type == SSL_CONF_TYPE_DIR) {
+ if ((err = ssl_cmd_check_dir(cmd, &arg2)))
+ return err;
+ }
param->name = arg1;
param->value = arg2;
return NULL;
#ifdef HAVE_SSL_CONF_CMD
{
ssl_ctx_param_t *param = (ssl_ctx_param_t *)mctx->ssl_ctx_param->elts;
- SSL_CONF_CTX *cctx;
+ SSL_CONF_CTX *cctx = mctx->ssl_ctx_config;
int i;
- cctx = SSL_CONF_CTX_new();
- SSL_CONF_CTX_set_flags(cctx, SSL_CONF_FLAG_FILE|SSL_CONF_FLAG_SERVER);
SSL_CONF_CTX_set_ssl_ctx(cctx, ctx);
for (i = 0; i < mctx->ssl_ctx_param->nelts; i++, param++) {
if (SSL_CONF_cmd(cctx, param->name, param->value) <= 0) {
ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, APLOGNO(02407)
- "Error SSL_CONF_cmd(%s,%s)", param->name, param->value);
+ "Error SSL_CONF_cmd(\"%s\",\"%s\")",
+ param->name, param->value);
+ ssl_log_ssl_error(SSLLOG_MARK, APLOG_EMERG, s);
+ ssl_die(s);
+ }
+ }
+ if (SSL_CONF_CTX_finish(cctx) == 0) {
+ ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, APLOGNO(02547)
+ "Error SSL_CONF_CTX_finish()");
ssl_log_ssl_error(SSLLOG_MARK, APLOG_EMERG, s);
ssl_die(s);
- }
}
- SSL_CONF_CTX_free(cctx);
}
#endif
static void ssl_init_ctx_cleanup(modssl_ctx_t *mctx)
{
MODSSL_CFG_ITEM_FREE(SSL_CTX_free, mctx->ssl_ctx);
+#ifdef HAVE_SSL_CONF_CMD
+ MODSSL_CFG_ITEM_FREE(SSL_CONF_CTX_free, mctx->ssl_ctx_config);
+#endif
#ifdef HAVE_SRP
if (mctx->srp_vbase != NULL) {
projects / thirdparty / apache / httpd.git / commitdiff
