From 09aa85c245d99508b6039eda6d21f069a1b2ee28 Mon Sep 17 00:00:00 2001 From: Doug MacEachern Date: Wed, 27 Mar 2002 21:14:49 +0000 Subject: [PATCH] break SSL_CTX initialization into ssl_init_ctx function git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94234 13f79535-47bb-0310-9956-ffa450edef68 --- modules/ssl/ssl_engine_init.c | 115 +++++++++++++++++++--------------- 1 file changed, 65 insertions(+), 50 deletions(-) diff --git a/modules/ssl/ssl_engine_init.c b/modules/ssl/ssl_engine_init.c index f1099679fe..2ac2f7519c 100644 --- a/modules/ssl/ssl_engine_init.c +++ b/modules/ssl/ssl_engine_init.c @@ -371,6 +371,70 @@ void ssl_init_Engine(server_rec *s, apr_pool_t *p) } #endif +static SSL_CTX *ssl_init_ctx(server_rec *s, + apr_pool_t *p, + apr_pool_t *ptemp, + SSLSrvConfigRec *sc) +{ + SSL_CTX *ctx = NULL; + const char *vhost_id = sc->szVHostID; + char *cp; + int protocol = sc->nProtocol; + + /* + * Create the new per-server SSL context + */ + if (protocol == SSL_PROTOCOL_NONE) { + ssl_log(s, SSL_LOG_ERROR, + "Init: (%s) No SSL protocols available [hint: SSLProtocol]", + vhost_id); + ssl_die(); + } + + cp = apr_pstrcat(p, + (protocol & SSL_PROTOCOL_SSLV2 ? "SSLv2, " : ""), + (protocol & SSL_PROTOCOL_SSLV3 ? "SSLv3, " : ""), + (protocol & SSL_PROTOCOL_TLSV1 ? "TLSv1, " : ""), + NULL); + cp[strlen(cp)-2] = NUL; + + ssl_log(s, SSL_LOG_TRACE, + "Init: (%s) Creating new SSL context (protocols: %s)", + vhost_id, cp); + + if (protocol == SSL_PROTOCOL_SSLV2) { + ctx = SSL_CTX_new(SSLv2_server_method()); /* only SSLv2 is left */ + } + else { + ctx = SSL_CTX_new(SSLv23_server_method()); /* be more flexible */ + } + + sc->pSSLCtx = ctx; + + SSL_CTX_set_options(ctx, SSL_OP_ALL); + + if (!(protocol & SSL_PROTOCOL_SSLV2)) { + SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2); + } + + if (!(protocol & SSL_PROTOCOL_SSLV3)) { + SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv3); + } + + if (!(protocol & SSL_PROTOCOL_TLSV1)) { + SSL_CTX_set_options(ctx, SSL_OP_NO_TLSv1); + } + + SSL_CTX_set_app_data(ctx, s); + + /* + * Configure additional context ingredients + */ + SSL_CTX_set_options(ctx, SSL_OP_SINGLE_DH_USE); + + return ctx; +} + static void ssl_init_verify(server_rec *s, apr_pool_t *p, apr_pool_t *ptemp, @@ -501,56 +565,7 @@ void ssl_init_ConfigureServer(server_rec *s, ssl_die(); } - /* - * Create the new per-server SSL context - */ - if (sc->nProtocol == SSL_PROTOCOL_NONE) { - ssl_log(s, SSL_LOG_ERROR, - "Init: (%s) No SSL protocols available [hint: SSLProtocol]", - vhost_id); - ssl_die(); - } - - cp = apr_pstrcat(p, - (sc->nProtocol & SSL_PROTOCOL_SSLV2 ? "SSLv2, " : ""), - (sc->nProtocol & SSL_PROTOCOL_SSLV3 ? "SSLv3, " : ""), - (sc->nProtocol & SSL_PROTOCOL_TLSV1 ? "TLSv1, " : ""), - NULL); - cp[strlen(cp)-2] = NUL; - - ssl_log(s, SSL_LOG_TRACE, - "Init: (%s) Creating new SSL context (protocols: %s)", - vhost_id, cp); - - if (sc->nProtocol == SSL_PROTOCOL_SSLV2) { - ctx = SSL_CTX_new(SSLv2_server_method()); /* only SSLv2 is left */ - } - else { - ctx = SSL_CTX_new(SSLv23_server_method()); /* be more flexible */ - } - - sc->pSSLCtx = ctx; - - SSL_CTX_set_options(ctx, SSL_OP_ALL); - - if (!(sc->nProtocol & SSL_PROTOCOL_SSLV2)) { - SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2); - } - - if (!(sc->nProtocol & SSL_PROTOCOL_SSLV3)) { - SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv3); - } - - if (!(sc->nProtocol & SSL_PROTOCOL_TLSV1)) { - SSL_CTX_set_options(ctx, SSL_OP_NO_TLSv1); - } - - SSL_CTX_set_app_data(ctx, s); - - /* - * Configure additional context ingredients - */ - SSL_CTX_set_options(ctx, SSL_OP_SINGLE_DH_USE); + ctx = ssl_init_ctx(s, p, ptemp, sc); if (mc->nSessionCacheMode == SSL_SCMODE_NONE) { cache_mode = SSL_SESS_CACHE_OFF; -- 2.40.0