Provide a far more useful explanation when SSLCryptoDevice fails to

  find a device.  Still would be nice to implement dynamic:{options}
  but this gets us to display the usual, builtin devices.

  We now load builtin engines up front, in the pre_config phase, because
  this and any other config cmd processor must have an already valid
  library config.  So loading builtin engines becomes redundant in this
  cmd handler.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@100108 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/modules/ssl/ssl_engine_config.c b/modules/ssl/ssl_engine_config.c
index a2ee3d4d671506633abf3c417513bc3d52a0ce13..b3307293337f386fa5fc6225a817ed6f905cf245 100644 (file)
--- a/modules/ssl/ssl_engine_config.c
+++ b/modules/ssl/ssl_engine_config.c
@@ -518,16 +518,7 @@ const char *ssl_cmd_SSLCryptoDevice(cmd_parms *cmd,
     SSLModConfigRec *mc = myModConfig(cmd->server);
     const char *err;
     ENGINE *e;
-#ifdef HAVE_ENGINE_LOAD_BUILTIN_ENGINES
-    static int loaded_engines = FALSE;
 
-    /* early loading to make sure the engines are already 
-       available for ENGINE_by_id() above... */
-    if (!loaded_engines) {
-        ENGINE_load_builtin_engines();
-        loaded_engines = TRUE;
-    }
-#endif
     if ((err = ap_check_cmd_context(cmd, GLOBAL_ONLY))) {
         return err;
     }
@@ -540,7 +531,18 @@ const char *ssl_cmd_SSLCryptoDevice(cmd_parms *cmd,
         ENGINE_free(e);
     }
     else {
-        return "SSLCryptoDevice: Invalid argument";
+        err = "SSLCryptoDevice: Invalid argument; must be one of: "
+              "'builtin' (none)";
+        e = ENGINE_get_first(); 
+        while (e) {
+            ENGINE *en;
+            err = apr_pstrcat(cmd->pool, err, ", '", ENGINE_get_id(e), 
+                                         "' (", ENGINE_get_name(e), ")", NULL);
+            en = ENGINE_get_next(e);
+            ENGINE_free(e);
+            e = en;
+        }
+        return err;
     }
 
     return NULL;