From: Doug MacEachern <dougm@apache.org>
Date: Sat, 30 Mar 2002 01:50:10 +0000 (+0000)
Subject: load SSLProxyMachineCertificate{File,Path}
X-Git-Tag: 2.0.34~21
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=5021db7bd67e8b749086071223890740a7937672;p=apache

load SSLProxyMachineCertificate{File,Path}


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94324 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/modules/ssl/ssl_engine_init.c b/modules/ssl/ssl_engine_init.c
index b065cf9f2e..4aa4bd9366 100644
--- a/modules/ssl/ssl_engine_init.c
+++ b/modules/ssl/ssl_engine_init.c
@@ -899,12 +899,50 @@ static void ssl_init_server_certs(server_rec *s,
     }
 }
 
+static void ssl_init_proxy_certs(server_rec *s,
+                                 apr_pool_t *p,
+                                 apr_pool_t *ptemp,
+                                 modssl_ctx_t *mctx)
+{
+    int ncerts = 0;
+    STACK_OF(X509_INFO) *sk;
+    modssl_pk_proxy_t *pkp = mctx->pkp;
+
+    if (!(pkp->cert_file || pkp->cert_path)) {
+        return;
+    }
+
+    sk = sk_X509_INFO_new_null();
+
+    if (pkp->cert_file) {
+        SSL_X509_INFO_load_file(ptemp, sk, pkp->cert_file);
+    }
+
+    if (pkp->cert_path) {
+        SSL_X509_INFO_load_file(ptemp, sk, pkp->cert_path);
+    }
+
+    if ((ncerts = sk_X509_INFO_num(sk)) > 0) {
+        ssl_log(s, SSL_LOG_TRACE|SSL_INIT,
+                "loaded %d client certs for SSL proxy",
+                ncerts);
+        pkp->certs = sk;
+    }
+    else {
+        ssl_log(s, SSL_LOG_WARN|SSL_INIT,
+                "no client certs found for SSL proxy");
+        sk_X509_INFO_free(sk);
+    }
+}
+
 static void ssl_init_proxy_ctx(server_rec *s,
                                apr_pool_t *p,
                                apr_pool_t *ptemp,
                                SSLSrvConfigRec *sc)
 {
     ssl_init_ctx(s, p, ptemp, sc->proxy);
+
+    ssl_init_proxy_certs(s, p, ptemp, sc->proxy);
 }
 
 static void ssl_init_server_ctx(server_rec *s,