#include "mod_ssl_openssl.h"
#include "mpm_common.h"
+static apr_status_t ssl_init_ca_cert_path(server_rec *, apr_pool_t *, const char *,
+ STACK_OF(X509_NAME) *, STACK_OF(X509_INFO) *);
+
APR_IMPLEMENT_OPTIONAL_HOOK_RUN_ALL(ssl, SSL, int, init_server,
(server_rec *s,apr_pool_t *p,int is_proxy,SSL_CTX *ctx),
(s,p,is_proxy,ctx), OK, DECLINED)
}
if (pkp->cert_path) {
- apr_dir_t *dir;
- apr_finfo_t dirent;
- apr_int32_t finfo_flags = APR_FINFO_TYPE|APR_FINFO_NAME;
-
- if (apr_dir_open(&dir, pkp->cert_path, ptemp) == APR_SUCCESS) {
- while ((apr_dir_read(&dirent, finfo_flags, dir)) == APR_SUCCESS) {
- const char *fullname;
-
- if (dirent.filetype == APR_DIR) {
- continue; /* don't try to load directories */
- }
-
- fullname = apr_pstrcat(ptemp,
- pkp->cert_path, "/", dirent.name,
- NULL);
- load_x509_info(ptemp, sk, fullname);
- }
-
- apr_dir_close(dir);
- }
+ ssl_init_ca_cert_path(s, ptemp, pkp->cert_path, NULL, sk);
}
if ((ncerts = sk_X509_INFO_num(sk)) <= 0) {
sk_X509_NAME_free(sk);
}
+static apr_status_t ssl_init_ca_cert_path(server_rec *s,
+ apr_pool_t *ptemp,
+ const char *path,
+ STACK_OF(X509_NAME) *ca_list,
+ STACK_OF(X509_INFO) *xi_list)
+{
+ apr_dir_t *dir;
+ apr_finfo_t direntry;
+ apr_int32_t finfo_flags = APR_FINFO_TYPE|APR_FINFO_NAME;
+
+ if (!path || (!ca_list && !xi_list) ||
+ (apr_dir_open(&dir, path, ptemp) != APR_SUCCESS)) {
+ return APR_EGENERAL;
+ }
+
+ while ((apr_dir_read(&direntry, finfo_flags, dir)) == APR_SUCCESS) {
+ const char *file;
+ if (direntry.filetype == APR_DIR) {
+ continue; /* don't try to load directories */
+ }
+ file = apr_pstrcat(ptemp, path, "/", direntry.name, NULL);
+ if (ca_list) {
+ ssl_init_PushCAList(ca_list, s, ptemp, file);
+ }
+ if (xi_list) {
+ load_x509_info(ptemp, xi_list, file);
+ }
+ }
+
+ apr_dir_close(dir);
+
+ return APR_SUCCESS;
+}
+
STACK_OF(X509_NAME) *ssl_init_FindCAList(server_rec *s,
apr_pool_t *ptemp,
const char *ca_file,
/*
* Process CA certificate path files
*/
- if (ca_path) {
- apr_dir_t *dir;
- apr_finfo_t direntry;
- apr_int32_t finfo_flags = APR_FINFO_TYPE|APR_FINFO_NAME;
- apr_status_t rv;
-
- if ((rv = apr_dir_open(&dir, ca_path, ptemp)) != APR_SUCCESS) {
- ap_log_error(APLOG_MARK, APLOG_EMERG, rv, s, APLOGNO(02211)
- "Failed to open Certificate Path `%s'",
- ca_path);
- sk_X509_NAME_pop_free(ca_list, X509_NAME_free);
- return NULL;
- }
-
- while ((apr_dir_read(&direntry, finfo_flags, dir)) == APR_SUCCESS) {
- const char *file;
- if (direntry.filetype == APR_DIR) {
- continue; /* don't try to load directories */
- }
- file = apr_pstrcat(ptemp, ca_path, "/", direntry.name, NULL);
- ssl_init_PushCAList(ca_list, s, ptemp, file);
- }
-
- apr_dir_close(dir);
+ if (ca_path &&
+ ssl_init_ca_cert_path(s, ptemp,
+ ca_path, ca_list, NULL) != APR_SUCCESS) {
+ ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, APLOGNO(02211)
+ "Failed to open Certificate Path `%s'", ca_path);
+ sk_X509_NAME_pop_free(ca_list, X509_NAME_free);
+ return NULL;
}
/*
projects / apache / commitdiff