From e9ee30da452953c79b3b334039fd76dd5ab5c934 Mon Sep 17 00:00:00 2001
From: Doug MacEachern <dougm@apache.org>
Date: Tue, 12 Mar 2002 21:06:17 +0000
Subject: [PATCH] moving SSLVerifyClient directive parsing into
 ssl_cmd_verify_parse function, which can also be used for SSLProxyVerify
 directive.

dropping support for undocumented integer form of levels (0..3)


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@93870 13f79535-47bb-0310-9956-ffa450edef68
---
 ssl_engine_config.c | 44 +++++++++++++++++++++++++++++---------------
 1 file changed, 29 insertions(+), 15 deletions(-)

diff --git a/ssl_engine_config.c b/ssl_engine_config.c
index 1003b1dc01f..ae9e3bb8016 100644
--- a/ssl_engine_config.c
+++ b/ssl_engine_config.c
@@ -722,29 +722,43 @@ const char *ssl_cmd_SSLCARevocationFile(cmd_parms *cmd, void *ctx,
     return NULL;
 }
 
-const char *ssl_cmd_SSLVerifyClient(cmd_parms *cmd, void *ctx,
-                                    const char *level)
+static const char *ssl_cmd_verify_parse(cmd_parms *parms,
+                                        const char *arg,
+                                        ssl_verify_t *id)
 {
-    SSLDirConfigRec *dc = (SSLDirConfigRec *)ctx;
-    SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
-    ssl_verify_t id;
-
-    if (strEQ(level, "0") || strcEQ(level, "none")) {
-        id = SSL_CVERIFY_NONE;
+    if (strcEQ(arg, "none") || strcEQ(arg, "off")) {
+        *id = SSL_CVERIFY_NONE;
     }
-    else if (strEQ(level, "1") || strcEQ(level, "optional")) {
-        id = SSL_CVERIFY_OPTIONAL;
+    else if (strcEQ(arg, "optional")) {
+        *id = SSL_CVERIFY_OPTIONAL;
     }
-    else if (strEQ(level, "2") || strcEQ(level, "require")) {
-        id = SSL_CVERIFY_REQUIRE;
+    else if (strcEQ(arg, "require") || strcEQ(arg, "on")) {
+        *id = SSL_CVERIFY_REQUIRE;
     }
-    else if (strEQ(level, "3") || strcEQ(level, "optional_no_ca")) {
-        id = SSL_CVERIFY_OPTIONAL_NO_CA;
+    else if (strcEQ(arg, "optional_no_ca")) {
+        *id = SSL_CVERIFY_OPTIONAL_NO_CA;
     }
     else {
-        return "SSLVerifyClient: Invalid argument";
+        return apr_pstrcat(parms->temp_pool, parms->cmd->name,
+                           ": Invalid argument '", arg, "'",
+                           NULL);
     }
 
+    return NULL;
+}
+
+const char *ssl_cmd_SSLVerifyClient(cmd_parms *cmd, void *ctx,
+                                    const char *arg)
+{
+    SSLDirConfigRec *dc = (SSLDirConfigRec *)ctx;
+    SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
+    ssl_verify_t id;
+    const char *err;
+
+    if ((err = ssl_cmd_verify_parse(cmd, arg, &id))) {
+        return err;
+    }
+    
     if (!(cmd->path || dc)) {
         sc->nVerifyClient = id;
     }
-- 
2.47.2