of 0 (Syntax OK) or return code not equal to 0 (Syntax Error). If -D
<var>DUMP</var>_<var>VHOSTS </var>is also set, details of the virtual host
configuration will be printed. If -D <var>DUMP</var>_<var>MODULES </var> is
-set, all loaded modules will be printed.</dd>
+set, all loaded modules will be printed. If -D <var>DUMP</var>_<var>CERTS </var>
+is set and <module>mod_ssl</module> is used, configured SSL certificates will
+be printed. If -D <var>DUMP</var>_<var>CA</var>_<var>_CERTS </var> is set and
+<module>mod_ssl</module> is used, configured SSL CA certificates and configured
+directories containing SSL CA certificates will be printed.</dd>
<dt><code>-v</code></dt>
#endif /* HAVE_SRP */
-static void dump_ca_cert_file(apr_file_t *out, const char *file) {
- X509 *rc;
- BIO *bioS;
-
- if ((bioS=BIO_new_file(file, "r")) == NULL) {
- return;
- }
-
- /* ca_cert_file is loaded using SSL_load_client_CA_file(). This method
- * loads only file of PEM formatted certificates, so we have to load
- * only PEM here too, to stay consistent.
- */
- rc = PEM_read_bio_X509 (bioS, NULL, NULL, NULL);
- BIO_free(bioS);
- if (rc) {
- apr_file_printf(out, " %s\n", file);
- X509_free(rc);
- }
-}
-
-static void dump_ca_cert_path(apr_pool_t *pool, apr_file_t *out,
- const char *ca_cert_path)
+void ssl_hook_ConfigTest(apr_pool_t *pconf, server_rec *s)
{
- apr_dir_t *dir;
- apr_finfo_t direntry;
- apr_int32_t finfo_flags = APR_FINFO_TYPE|APR_FINFO_NAME;
-
- if (apr_dir_open(&dir, ca_cert_path, pool) != APR_SUCCESS) {
+ apr_file_t *out = NULL;
+ if (ap_exists_config_define("DUMP_CERTS") &&
+ ap_exists_config_define("DUMP_CA_CERTS")) {
return;
}
- while ((apr_dir_read(&direntry, finfo_flags, dir)) == APR_SUCCESS) {
- char *file;
- if (direntry.filetype == APR_DIR) {
- continue; /* don't try to load directories */
- }
- file = apr_pstrcat(pool, ca_cert_path, "/", direntry.name, NULL);
- dump_ca_cert_file(out, file);
- }
-}
-
-void ssl_hook_ConfigTest(apr_pool_t *pconf, server_rec *s)
-{
- apr_file_t *out = NULL;
if (ap_exists_config_define("DUMP_CERTS")) {
apr_file_open_stdout(&out, pconf);
apr_file_printf(out, "Server certificates:\n");
if (sc && sc->server) {
if (sc->server->auth.ca_cert_path) {
- dump_ca_cert_path(pconf, out,
- sc->server->auth.ca_cert_path);
+ apr_file_printf(out, " %s\n",
+ sc->server->auth.ca_cert_path);
}
if (sc->server->auth.ca_cert_file) {
- dump_ca_cert_file(out, sc->server->auth.ca_cert_file);
+ apr_file_printf(out, " %s\n",
+ sc->server->auth.ca_cert_file);
}
}