Add -t -DDUMP_CERTS option to mod_ssl which dumps the filenames of all

configured SSL certificates to stdout, useful for cron-ing through a
"do I need to renew any of my certificates this week" tool:

* modules/ssl/ssl_engine_config.c (ssl_hook_ConfigTest): New function.

* modules/ssl/mod_ssl.c (ssl_register_hooks): ...register it as a
test_config hook.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@105741 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/CHANGES b/CHANGES
index 64ead43280181a5979d26c6ba496f05900cab5a0..e52c6c62bfffbfffafa7f4cd8d4e438952fec3f3 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -2,6 +2,10 @@ Changes with Apache 2.1.0-dev
 
   [Remove entries to the current 2.0 section below, when backported]
 
+  *) mod_ssl: Add support for command-line option "-t -DDUMP_CERTS" which
+     will dump the filenames of all configured SSL certificates to stdout.
+     [Joe Orton]
+
   *) mod_disk_cache: Remove a bunch of non-implemented garbage collection
      and cache size directives that are now available through htcacheclean.
      [Justin Erenkrantz]
@@ -11,11 +15,10 @@ Changes with Apache 2.1.0-dev
 
   *) mod_authnz_ldap: Added the directive "Requires ldap-filter" that
      allows the module to authorize a user based on a complex LDAP
-     search filter.
-     [Brad Nicholes]
+     search filter.  [Brad Nicholes]
 
   *) mod_usertrack: Run the fixups hook before other modules.
-     PR 29755. [Paul Querna]
+     PR 29755.  [Paul Querna]
 
   *) mod_authnz_ldap: Added the directive "Requires ldap-attribute" that
      allows the module to only authorize a user if the attribute value

diff --git a/modules/ssl/mod_ssl.c b/modules/ssl/mod_ssl.c
index 5e21a3bc1b7022a7f9cb35ff3d2679fdc7ff1402..f676f06e40e4bfef211af11242284af46afdc310 100644 (file)
--- a/modules/ssl/mod_ssl.c
+++ b/modules/ssl/mod_ssl.c
@@ -474,6 +474,7 @@ static void ssl_register_hooks(apr_pool_t *p)
     ssl_io_filter_register(p);
 
     ap_hook_pre_connection(ssl_hook_pre_connection,NULL,NULL, APR_HOOK_MIDDLE);
+    ap_hook_test_config   (ssl_hook_ConfigTest,    NULL,NULL, APR_HOOK_MIDDLE);
     ap_hook_post_config   (ssl_init_Module,        NULL,NULL, APR_HOOK_MIDDLE);
     ap_hook_http_method   (ssl_hook_http_method,   NULL,NULL, APR_HOOK_MIDDLE);
     ap_hook_default_port  (ssl_hook_default_port,  NULL,NULL, APR_HOOK_MIDDLE);

diff --git a/modules/ssl/ssl_engine_config.c b/modules/ssl/ssl_engine_config.c
index bd92b6a202538bcbeac0adbbb770b5b5d7888c19..d9cc5b8a1ebef6aca3a6e5937940e593b5b49a75 100644 (file)
--- a/modules/ssl/ssl_engine_config.c
+++ b/modules/ssl/ssl_engine_config.c
@@ -1380,3 +1380,28 @@ const char *ssl_cmd_SSLUserName(cmd_parms *cmd, void *dcfg,
     dc->szUserName = arg;
     return NULL;
 }
+
+void ssl_hook_ConfigTest(apr_pool_t *pconf, server_rec *s)
+{
+    if (!ap_exists_config_define("DUMP_CERTS")) {
+        return;
+    }
+
+    /* Dump the filenames of all configured server certificates to
+     * stdout. */
+    while (s) {
+        SSLSrvConfigRec *sc = mySrvConfig(s);
+
+        if (sc && sc->server && sc->server->pks) {
+            modssl_pk_server_t *const pks = sc->server->pks;
+            int i;
+
+            for (i = 0; (i < SSL_AIDX_MAX) && pks->cert_files[i]; i++) {
+                printf("%s\n", pks->cert_files[i]);
+            }
+        }
+
+        s = s->next;
+    }
+
+}

diff --git a/modules/ssl/ssl_private.h b/modules/ssl/ssl_private.h
index e044f3a80fa5768c2a1db1aff15bbd3e0796ffa6..4f834948ba111f151cea5d0767c7e8777c053ae3 100644 (file)
--- a/modules/ssl/ssl_private.h
+++ b/modules/ssl/ssl_private.h
@@ -530,6 +530,7 @@ int          ssl_hook_Access(request_rec *);
 int          ssl_hook_Fixup(request_rec *);
 int          ssl_hook_ReadReq(request_rec *);
 int          ssl_hook_Upgrade(request_rec *);
+void         ssl_hook_ConfigTest(apr_pool_t *pconf, server_rec *s);
 
 /*  OpenSSL callbacks */
 RSA         *ssl_callback_TmpRSA(SSL *, int, int);