add SSLProxyCARevocation{File,Path} directives to support CRLs in the proxy

author Doug MacEachern <dougm@apache.org>

Sat, 30 Mar 2002 06:46:24 +0000 (06:46 +0000)

committer Doug MacEachern <dougm@apache.org>

Sat, 30 Mar 2002 06:46:24 +0000 (06:46 +0000)
author Doug MacEachern <dougm@apache.org>
Sat, 30 Mar 2002 06:46:24 +0000 (06:46 +0000)
committer Doug MacEachern <dougm@apache.org>
Sat, 30 Mar 2002 06:46:24 +0000 (06:46 +0000)
diff --git a/modules/ssl/mod_ssl.c b/modules/ssl/mod_ssl.c

index 5fd48807dbf1260705d38de7f3993649c8586a56..12a0986a53fbc17e3ee592ac4ece00e57ae55323 100644 (file)
--- a/modules/ssl/mod_ssl.c
+++ b/modules/ssl/mod_ssl.c
@@ -175,6 +175,12 @@ static const command_rec ssl_config_cmds[] = {
      SSL_CMD_SRV(ProxyCACertificatePath, TAKE1,
                 "SSL Proxy: directory containing server certificates "
                 "(`/path/to/dir' - contains PEM encoded certificates)")
+    SSL_CMD_SRV(ProxyCARevocationPath, TAKE1,
+                "SSL Proxy: CA Certificate Revocation List (CRL) path "
+                "(`/path/to/dir' - contains PEM encoded files)")
+    SSL_CMD_SRV(ProxyCARevocationFile, TAKE1,
+                "SSL Proxy: CA Certificate Revocation List (CRL) file "
+                "(`/path/to/file' - PEM encoded)")
      SSL_CMD_SRV(ProxyMachineCertificateFile, TAKE1,
                 "SSL Proxy: file containing client certificates "
                 "(`/path/to/file' - PEM encoded certificates)")
diff --git a/modules/ssl/mod_ssl.h b/modules/ssl/mod_ssl.h

index b1461e16c6ecbaf41dbc38e7cdd6d17e07693a07..6388164b7aeba68273bc7ace3ecc2e01a669066a 100644 (file)
--- a/modules/ssl/mod_ssl.h
+++ b/modules/ssl/mod_ssl.h
@@ -598,6 +598,8 @@ const char  *ssl_cmd_SSLProxyVerify(cmd_parms *, void *, const char *);
  const char  *ssl_cmd_SSLProxyVerifyDepth(cmd_parms *, void *, const char *);
  const char  *ssl_cmd_SSLProxyCACertificatePath(cmd_parms *, void *, const char *);
  const char  *ssl_cmd_SSLProxyCACertificateFile(cmd_parms *, void *, const char *);
+const char  *ssl_cmd_SSLProxyCARevocationPath(cmd_parms *, void *, const char *);
+const char  *ssl_cmd_SSLProxyCARevocationFile(cmd_parms *, void *, const char *);
  const char  *ssl_cmd_SSLProxyMachineCertificatePath(cmd_parms *, void *, const char *);
  const char  *ssl_cmd_SSLProxyMachineCertificateFile(cmd_parms *, void *, const char *);
  
diff --git a/modules/ssl/ssl_engine_config.c b/modules/ssl/ssl_engine_config.c

index 5e659eef52530ca4109dc2f4ef130f699bf30eff..dba8a8b52628e554cd2f4837c2e67a09846ce63e 100644 (file)
--- a/modules/ssl/ssl_engine_config.c
+++ b/modules/ssl/ssl_engine_config.c
@@ -1354,6 +1354,38 @@ const char *ssl_cmd_SSLProxyCACertificatePath(cmd_parms *cmd,
      return NULL;
  }
  
+const char *ssl_cmd_SSLProxyCARevocationPath(cmd_parms *cmd,
+                                             void *dcfg,
+                                             const char *arg)
+{
+    SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
+    const char *err;
+
+    if ((err = ssl_cmd_check_dir(cmd, &arg))) {
+        return err;
+    }
+
+    sc->proxy->crl_path = arg;
+
+    return NULL;
+}
+
+const char *ssl_cmd_SSLProxyCARevocationFile(cmd_parms *cmd,
+                                             void *dcfg,
+                                             const char *arg)
+{
+    SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
+    const char *err;
+
+    if ((err = ssl_cmd_check_file(cmd, &arg))) {
+        return err;
+    }
+
+    sc->proxy->crl_file = arg;
+
+    return NULL;
+}
+
  const char *ssl_cmd_SSLProxyMachineCertificateFile(cmd_parms *cmd,
                                                     void *dcfg,
                                                     const char *arg)
author	Doug MacEachern <dougm@apache.org>
	Sat, 30 Mar 2002 06:46:24 +0000 (06:46 +0000)
committer	Doug MacEachern <dougm@apache.org>
	Sat, 30 Mar 2002 06:46:24 +0000 (06:46 +0000)
modules/ssl/mod_ssl.c		patch \| blob \| history
modules/ssl/mod_ssl.h		patch \| blob \| history
modules/ssl/ssl_engine_config.c		patch \| blob \| history