load SSLProxyMachineCertificate{File,Path}

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94324 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/modules/ssl/ssl_engine_init.c b/modules/ssl/ssl_engine_init.c
index b065cf9f2e0d7c19b2b9f4c6fe026dcdf7c179f1..4aa4bd93668c6df59acf3b35b366684571dba1e4 100644 (file)
--- a/modules/ssl/ssl_engine_init.c
+++ b/modules/ssl/ssl_engine_init.c
@@ -899,12 +899,50 @@ static void ssl_init_server_certs(server_rec *s,
     }
 }
 
+static void ssl_init_proxy_certs(server_rec *s,
+                                 apr_pool_t *p,
+                                 apr_pool_t *ptemp,
+                                 modssl_ctx_t *mctx)
+{
+    int ncerts = 0;
+    STACK_OF(X509_INFO) *sk;
+    modssl_pk_proxy_t *pkp = mctx->pkp;
+
+    if (!(pkp->cert_file || pkp->cert_path)) {
+        return;
+    }
+
+    sk = sk_X509_INFO_new_null();
+
+    if (pkp->cert_file) {
+        SSL_X509_INFO_load_file(ptemp, sk, pkp->cert_file);
+    }
+
+    if (pkp->cert_path) {
+        SSL_X509_INFO_load_file(ptemp, sk, pkp->cert_path);
+    }
+
+    if ((ncerts = sk_X509_INFO_num(sk)) > 0) {
+        ssl_log(s, SSL_LOG_TRACE|SSL_INIT,
+                "loaded %d client certs for SSL proxy",
+                ncerts);
+        pkp->certs = sk;
+    }
+    else {
+        ssl_log(s, SSL_LOG_WARN|SSL_INIT,
+                "no client certs found for SSL proxy");
+        sk_X509_INFO_free(sk);
+    }
+}
+
 static void ssl_init_proxy_ctx(server_rec *s,
                                apr_pool_t *p,
                                apr_pool_t *ptemp,
                                SSLSrvConfigRec *sc)
 {
     ssl_init_ctx(s, p, ptemp, sc->proxy);
+
+    ssl_init_proxy_certs(s, p, ptemp, sc->proxy);
 }
 
 static void ssl_init_server_ctx(server_rec *s,