From: Joe Orton Date: Wed, 10 Nov 2004 15:21:44 +0000 (+0000) Subject: Add -t -DDUMP_CERTS option to mod_ssl which dumps the filenames of all X-Git-Tag: 2.1.1~32 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=6e5cdad44510fcb63a30782682739f4a17b7bf0f;p=apache Add -t -DDUMP_CERTS option to mod_ssl which dumps the filenames of all configured SSL certificates to stdout, useful for cron-ing through a "do I need to renew any of my certificates this week" tool: * modules/ssl/ssl_engine_config.c (ssl_hook_ConfigTest): New function. * modules/ssl/mod_ssl.c (ssl_register_hooks): ...register it as a test_config hook. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@105741 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/CHANGES b/CHANGES index 64ead43280..e52c6c62bf 100644 --- a/CHANGES +++ b/CHANGES @@ -2,6 +2,10 @@ Changes with Apache 2.1.0-dev [Remove entries to the current 2.0 section below, when backported] + *) mod_ssl: Add support for command-line option "-t -DDUMP_CERTS" which + will dump the filenames of all configured SSL certificates to stdout. + [Joe Orton] + *) mod_disk_cache: Remove a bunch of non-implemented garbage collection and cache size directives that are now available through htcacheclean. [Justin Erenkrantz] @@ -11,11 +15,10 @@ Changes with Apache 2.1.0-dev *) mod_authnz_ldap: Added the directive "Requires ldap-filter" that allows the module to authorize a user based on a complex LDAP - search filter. - [Brad Nicholes] + search filter. [Brad Nicholes] *) mod_usertrack: Run the fixups hook before other modules. - PR 29755. [Paul Querna] + PR 29755. [Paul Querna] *) mod_authnz_ldap: Added the directive "Requires ldap-attribute" that allows the module to only authorize a user if the attribute value diff --git a/modules/ssl/mod_ssl.c b/modules/ssl/mod_ssl.c index 5e21a3bc1b..f676f06e40 100644 --- a/modules/ssl/mod_ssl.c +++ b/modules/ssl/mod_ssl.c @@ -474,6 +474,7 @@ static void ssl_register_hooks(apr_pool_t *p) ssl_io_filter_register(p); ap_hook_pre_connection(ssl_hook_pre_connection,NULL,NULL, APR_HOOK_MIDDLE); + ap_hook_test_config (ssl_hook_ConfigTest, NULL,NULL, APR_HOOK_MIDDLE); ap_hook_post_config (ssl_init_Module, NULL,NULL, APR_HOOK_MIDDLE); ap_hook_http_method (ssl_hook_http_method, NULL,NULL, APR_HOOK_MIDDLE); ap_hook_default_port (ssl_hook_default_port, NULL,NULL, APR_HOOK_MIDDLE); diff --git a/modules/ssl/ssl_engine_config.c b/modules/ssl/ssl_engine_config.c index bd92b6a202..d9cc5b8a1e 100644 --- a/modules/ssl/ssl_engine_config.c +++ b/modules/ssl/ssl_engine_config.c @@ -1380,3 +1380,28 @@ const char *ssl_cmd_SSLUserName(cmd_parms *cmd, void *dcfg, dc->szUserName = arg; return NULL; } + +void ssl_hook_ConfigTest(apr_pool_t *pconf, server_rec *s) +{ + if (!ap_exists_config_define("DUMP_CERTS")) { + return; + } + + /* Dump the filenames of all configured server certificates to + * stdout. */ + while (s) { + SSLSrvConfigRec *sc = mySrvConfig(s); + + if (sc && sc->server && sc->server->pks) { + modssl_pk_server_t *const pks = sc->server->pks; + int i; + + for (i = 0; (i < SSL_AIDX_MAX) && pks->cert_files[i]; i++) { + printf("%s\n", pks->cert_files[i]); + } + } + + s = s->next; + } + +} diff --git a/modules/ssl/ssl_private.h b/modules/ssl/ssl_private.h index e044f3a80f..4f834948ba 100644 --- a/modules/ssl/ssl_private.h +++ b/modules/ssl/ssl_private.h @@ -530,6 +530,7 @@ int ssl_hook_Access(request_rec *); int ssl_hook_Fixup(request_rec *); int ssl_hook_ReadReq(request_rec *); int ssl_hook_Upgrade(request_rec *); +void ssl_hook_ConfigTest(apr_pool_t *pconf, server_rec *s); /* OpenSSL callbacks */ RSA *ssl_callback_TmpRSA(SSL *, int, int);