From: Doug MacEachern <dougm@apache.org>
Date: Sat, 30 Mar 2002 01:50:10 +0000 (+0000)
Subject: load SSLProxyMachineCertificate{File,Path}
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=9d470beb4f3deca4e30c025d2936b087a55e6368;p=thirdparty%2Fapache%2Fhttpd.git

load SSLProxyMachineCertificate{File,Path}


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94324 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/ssl_engine_init.c b/ssl_engine_init.c
index b065cf9f2e0..4aa4bd93668 100644
--- a/ssl_engine_init.c
+++ b/ssl_engine_init.c
@@ -899,12 +899,50 @@ static void ssl_init_server_certs(server_rec *s,
     }
 }
 
+static void ssl_init_proxy_certs(server_rec *s,
+                                 apr_pool_t *p,
+                                 apr_pool_t *ptemp,
+                                 modssl_ctx_t *mctx)
+{
+    int ncerts = 0;
+    STACK_OF(X509_INFO) *sk;
+    modssl_pk_proxy_t *pkp = mctx->pkp;
+
+    if (!(pkp->cert_file || pkp->cert_path)) {
+        return;
+    }
+
+    sk = sk_X509_INFO_new_null();
+
+    if (pkp->cert_file) {
+        SSL_X509_INFO_load_file(ptemp, sk, pkp->cert_file);
+    }
+
+    if (pkp->cert_path) {
+        SSL_X509_INFO_load_file(ptemp, sk, pkp->cert_path);
+    }
+
+    if ((ncerts = sk_X509_INFO_num(sk)) > 0) {
+        ssl_log(s, SSL_LOG_TRACE|SSL_INIT,
+                "loaded %d client certs for SSL proxy",
+                ncerts);
+        pkp->certs = sk;
+    }
+    else {
+        ssl_log(s, SSL_LOG_WARN|SSL_INIT,
+                "no client certs found for SSL proxy");
+        sk_X509_INFO_free(sk);
+    }
+}
+
 static void ssl_init_proxy_ctx(server_rec *s,
                                apr_pool_t *p,
                                apr_pool_t *ptemp,
                                SSLSrvConfigRec *sc)
 {
     ssl_init_ctx(s, p, ptemp, sc->proxy);
+
+    ssl_init_proxy_certs(s, p, ptemp, sc->proxy);
 }
 
 static void ssl_init_server_ctx(server_rec *s,