From: Doug MacEachern <dougm@apache.org>
Date: Thu, 28 Feb 2002 05:17:03 +0000 (+0000)
Subject: various SSLCACertificatePath fixes:
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=6924ef759e1f3bb73a44605b11b3e992f172da74;p=apache

various SSLCACertificatePath fixes:
- return value from apr_dir_read() was checking != APR_SUCCESS rather
  than == APR_SUCCESS, so no certs were ever loaded.

- wasn't checking return value of apr_dir_open(), now log an error and
  ssl_die() on failure.

- don't bother trying to load directories


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93634 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/modules/ssl/ssl_engine_init.c b/modules/ssl/ssl_engine_init.c
index 4107a891e6..3e0dbaaf43 100644
--- a/modules/ssl/ssl_engine_init.c
+++ b/modules/ssl/ssl_engine_init.c
@@ -913,10 +913,21 @@ STACK_OF(X509_NAME) *ssl_init_FindCAList(server_rec *s, apr_pool_t *pp, const ch
     if (cpCApath != NULL) {
         apr_dir_t *dir;
         apr_finfo_t direntry;
+        apr_int32_t finfo_flags = APR_FINFO_MIN|APR_FINFO_NAME;
 
-        apr_dir_open(&dir, cpCApath, p);
-        while ((apr_dir_read(&direntry, APR_FINFO_DIRENT, dir)) != APR_SUCCESS) {
-            const char *cp = apr_pstrcat(p, cpCApath, "/", direntry.name, NULL);
+        if (apr_dir_open(&dir, cpCApath, p) != APR_SUCCESS) {
+            ssl_log(s, SSL_LOG_ERROR|SSL_ADD_ERRNO,
+                    "Init: Failed to open SSLCACertificatePath `%s'",
+                    cpCApath);
+            ssl_die();
+        }
+
+        while ((apr_dir_read(&direntry, finfo_flags, dir)) == APR_SUCCESS) {
+            const char *cp;
+            if (direntry.filetype == APR_DIR) {
+                continue; /* don't try to load directories */
+            }
+            cp = apr_pstrcat(p, cpCApath, "/", direntry.name, NULL);
             ssl_init_PushCAList(skCAList, s, cp);
         }
         apr_dir_close(dir);