granicus.if.org Git - apache/commit

author	Kaspar Brand <kbrand@apache.org>
	Tue, 7 Jan 2014 17:52:34 +0000 (17:52 +0000)
committer	Kaspar Brand <kbrand@apache.org>
	Tue, 7 Jan 2014 17:52:34 +0000 (17:52 +0000)
commit	1278feaa72d7b5580aff1627dd88f25d2d3a3a96
tree	90b32f61a023ecb8e98bce8b70ce490416ab7f0c	tree \| snapshot
parent	07d46e71ebaa662e0eee92acef366fac8a802eea	commit \| diff

Backport r1544784 from trunk:

Remove SSLPKCS7CertificateFile support:

- was never documented, so very unlikely that it was ever used

- adds complexity without apparent benefit; PKCS#7 files can
  be trivially converted to a file for use with SSLCertificateChainFile
  (concatenated X509 CERTIFICATE chunks, openssl pkcs7 -print_certs...)

- only supports PKCS7 files with PEM encoding, i.e. relies on a
  non-standardized PEM header (cf. RFC 2315 and draft-josefsson-pkix-textual)

- issues pointed out in http://mail-archives.apache.org/mod_mbox/httpd-dev/200607.mbox/%3C20060723093125.GA19423@redhat.com%3E
  were never fully addressed (cf. r424707 and r424735)

- has never worked in vhost context due to a cfgMergeString
  call missing from modssl_ctx_cfg_merge

Proposed by: kbrand
Reviewed by: covener, druggeri

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1556290 13f79535-47bb-0310-9956-ffa450edef68

STATUS		diff \| blob \| history
modules/ssl/mod_ssl.c		diff \| blob \| history
modules/ssl/ssl_engine_config.c		diff \| blob \| history
modules/ssl/ssl_engine_init.c		diff \| blob \| history
modules/ssl/ssl_engine_pphrase.c		diff \| blob \| history
modules/ssl/ssl_private.h		diff \| blob \| history
modules/ssl/ssl_util.c		diff \| blob \| history