RSA *ssl_callback_TmpRSA(SSL *, int, int);
DH *ssl_callback_TmpDH(SSL *, int, int);
int ssl_callback_SSLVerify(int, X509_STORE_CTX *);
-int ssl_callback_SSLVerify_CRL(int, X509_STORE_CTX *, server_rec *);
+int ssl_callback_SSLVerify_CRL(int, X509_STORE_CTX *, conn_rec *);
int ssl_callback_proxy_cert(SSL *ssl, X509 **x509, EVP_PKEY **pkey);
int ssl_callback_NewSessionCacheEntry(SSL *, SSL_SESSION *);
SSL_SESSION *ssl_callback_GetSessionCacheEntry(SSL *, unsigned char *, int, int *);
* Additionally perform CRL-based revocation checks
*/
if (ok) {
- if (!(ok = ssl_callback_SSLVerify_CRL(ok, ctx, s))) {
+ if (!(ok = ssl_callback_SSLVerify_CRL(ok, ctx, conn))) {
errnum = X509_STORE_CTX_get_error(ctx);
}
}
return ok;
}
-int ssl_callback_SSLVerify_CRL(int ok, X509_STORE_CTX *ctx, server_rec *s)
+int ssl_callback_SSLVerify_CRL(int ok, X509_STORE_CTX *ctx, conn_rec *c)
{
+ server_rec *s = c->base_server;
SSLSrvConfigRec *sc = mySrvConfig(s);
+ SSLConnRec *sslconn = myConnConfig(c);
+ modssl_ctx_t *mctx = myCtxConfig(sslconn);
X509_OBJECT obj;
X509_NAME *subject, *issuer;
X509 *cert;
* Unless a revocation store for CRLs was created we
* cannot do any CRL-based verification, of course.
*/
- if (!sc->server->crl) {
+ if (!mctx->crl) {
return ok;
}
* the current certificate in order to verify it's integrity.
*/
memset((char *)&obj, 0, sizeof(obj));
- rc = SSL_X509_STORE_lookup(sc->server->crl,
+ rc = SSL_X509_STORE_lookup(mctx->crl,
X509_LU_CRL, subject, &obj);
crl = obj.data.crl;
* the current certificate in order to check for revocation.
*/
memset((char *)&obj, 0, sizeof(obj));
- rc = SSL_X509_STORE_lookup(sc->server->crl,
+ rc = SSL_X509_STORE_lookup(mctx->crl,
X509_LU_CRL, issuer, &obj);
crl = obj.data.crl;
projects / apache / commitdiff