break out certificate revocation list initialization into

author Doug MacEachern <dougm@apache.org>

Wed, 27 Mar 2002 23:53:27 +0000 (23:53 +0000)

committer Doug MacEachern <dougm@apache.org>

Wed, 27 Mar 2002 23:53:27 +0000 (23:53 +0000)
author Doug MacEachern <dougm@apache.org>
Wed, 27 Mar 2002 23:53:27 +0000 (23:53 +0000)
committer Doug MacEachern <dougm@apache.org>
Wed, 27 Mar 2002 23:53:27 +0000 (23:53 +0000)
diff --git a/ssl_engine_init.c b/ssl_engine_init.c

index 622f73d06c6cc03e7ef6468de7f39ec7d61cb0f8..000f3d5d67e62c4a072906660862887182dae3a8 100644 (file)
--- a/ssl_engine_init.c
+++ b/ssl_engine_init.c
@@ -557,6 +557,38 @@ static void ssl_init_cipher_suite(server_rec *s,
      }
  }
  
+static void ssl_init_crl(server_rec *s,
+                         apr_pool_t *p,
+                         apr_pool_t *ptemp,
+                         SSLSrvConfigRec *sc)
+{
+    const char *vhost_id = sc->szVHostID;
+
+    /*
+     * Configure Certificate Revocation List (CRL) Details
+     */
+
+    if (!(sc->szCARevocationFile || sc->szCARevocationPath)) {
+        return;
+    }
+
+    ssl_log(s, SSL_LOG_TRACE,
+            "Init: (%s) Configuring certificate revocation facility",
+            vhost_id);
+
+    sc->pRevocationStore =
+        SSL_X509_STORE_create((char *)sc->szCARevocationFile,
+                              (char *)sc->szCARevocationPath);
+
+    if (!sc->pRevocationStore) {
+        ssl_log(s, SSL_LOG_ERROR|SSL_ADD_SSLERR,
+                "Init: (%s) Unable to configure X.509 CRL storage "
+                "for certificate revocation",
+                vhost_id);
+        ssl_die();
+    }
+}
+
  /*
   * Configure a particular server
   */
@@ -613,6 +645,8 @@ void ssl_init_ConfigureServer(server_rec *s,
  
      ssl_init_cipher_suite(s, p, ptemp, sc);
  
+    ssl_init_crl(s, p, ptemp, sc);
+
      SSL_CTX_set_tmp_rsa_callback(ctx, ssl_callback_TmpRSA);
      SSL_CTX_set_tmp_dh_callback(ctx,  ssl_callback_TmpDH);
  
@@ -621,27 +655,6 @@ void ssl_init_ConfigureServer(server_rec *s,
          SSL_CTX_set_info_callback(ctx, ssl_callback_LogTracingState);
      }
  
-    /*
-     * Configure Certificate Revocation List (CRL) Details
-     */
-    if (sc->szCARevocationFile || sc->szCARevocationPath) {
-        ssl_log(s, SSL_LOG_TRACE,
-                "Init: (%s) Configuring certificate revocation facility",
-                vhost_id);
-
-        sc->pRevocationStore =
-            SSL_X509_STORE_create((char *)sc->szCARevocationFile,
-                                  (char *)sc->szCARevocationPath);
-
-        if (!sc->pRevocationStore) {
-            ssl_log(s, SSL_LOG_ERROR|SSL_ADD_SSLERR,
-                    "Init: (%s) Unable to configure X.509 CRL storage "
-                    "for certificate revocation",
-                    vhost_id);
-            ssl_die();
-        }
-    }
-
      /*
       *  Configure server certificate(s)
       */
author	Doug MacEachern <dougm@apache.org>
	Wed, 27 Mar 2002 23:53:27 +0000 (23:53 +0000)
committer	Doug MacEachern <dougm@apache.org>
	Wed, 27 Mar 2002 23:53:27 +0000 (23:53 +0000)