From 482d6c9570761728ee5ca285fd95bf74bffbe340 Mon Sep 17 00:00:00 2001
From: Doug MacEachern <dougm@apache.org>
Date: Sat, 30 Mar 2002 06:46:24 +0000
Subject: [PATCH] add SSLProxyCARevocation{File,Path} directives to support
 CRLs in the proxy

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94338 13f79535-47bb-0310-9956-ffa450edef68
---
 modules/ssl/mod_ssl.c           |  6 ++++++
 modules/ssl/mod_ssl.h           |  2 ++
 modules/ssl/ssl_engine_config.c | 32 ++++++++++++++++++++++++++++++++
 3 files changed, 40 insertions(+)

diff --git a/modules/ssl/mod_ssl.c b/modules/ssl/mod_ssl.c
index 5fd48807db..12a0986a53 100644
--- a/modules/ssl/mod_ssl.c
+++ b/modules/ssl/mod_ssl.c
@@ -175,6 +175,12 @@ static const command_rec ssl_config_cmds[] = {
     SSL_CMD_SRV(ProxyCACertificatePath, TAKE1,
                "SSL Proxy: directory containing server certificates "
                "(`/path/to/dir' - contains PEM encoded certificates)")
+    SSL_CMD_SRV(ProxyCARevocationPath, TAKE1,
+                "SSL Proxy: CA Certificate Revocation List (CRL) path "
+                "(`/path/to/dir' - contains PEM encoded files)")
+    SSL_CMD_SRV(ProxyCARevocationFile, TAKE1,
+                "SSL Proxy: CA Certificate Revocation List (CRL) file "
+                "(`/path/to/file' - PEM encoded)")
     SSL_CMD_SRV(ProxyMachineCertificateFile, TAKE1,
                "SSL Proxy: file containing client certificates "
                "(`/path/to/file' - PEM encoded certificates)")
diff --git a/modules/ssl/mod_ssl.h b/modules/ssl/mod_ssl.h
index b1461e16c6..6388164b7a 100644
--- a/modules/ssl/mod_ssl.h
+++ b/modules/ssl/mod_ssl.h
@@ -598,6 +598,8 @@ const char  *ssl_cmd_SSLProxyVerify(cmd_parms *, void *, const char *);
 const char  *ssl_cmd_SSLProxyVerifyDepth(cmd_parms *, void *, const char *);
 const char  *ssl_cmd_SSLProxyCACertificatePath(cmd_parms *, void *, const char *);
 const char  *ssl_cmd_SSLProxyCACertificateFile(cmd_parms *, void *, const char *);
+const char  *ssl_cmd_SSLProxyCARevocationPath(cmd_parms *, void *, const char *);
+const char  *ssl_cmd_SSLProxyCARevocationFile(cmd_parms *, void *, const char *);
 const char  *ssl_cmd_SSLProxyMachineCertificatePath(cmd_parms *, void *, const char *);
 const char  *ssl_cmd_SSLProxyMachineCertificateFile(cmd_parms *, void *, const char *);
 
diff --git a/modules/ssl/ssl_engine_config.c b/modules/ssl/ssl_engine_config.c
index 5e659eef52..dba8a8b526 100644
--- a/modules/ssl/ssl_engine_config.c
+++ b/modules/ssl/ssl_engine_config.c
@@ -1354,6 +1354,38 @@ const char *ssl_cmd_SSLProxyCACertificatePath(cmd_parms *cmd,
     return NULL;
 }
 
+const char *ssl_cmd_SSLProxyCARevocationPath(cmd_parms *cmd,
+                                             void *dcfg,
+                                             const char *arg)
+{
+    SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
+    const char *err;
+
+    if ((err = ssl_cmd_check_dir(cmd, &arg))) {
+        return err;
+    }
+
+    sc->proxy->crl_path = arg;
+
+    return NULL;
+}
+
+const char *ssl_cmd_SSLProxyCARevocationFile(cmd_parms *cmd,
+                                             void *dcfg,
+                                             const char *arg)
+{
+    SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
+    const char *err;
+
+    if ((err = ssl_cmd_check_file(cmd, &arg))) {
+        return err;
+    }
+
+    sc->proxy->crl_file = arg;
+
+    return NULL;
+}
+
 const char *ssl_cmd_SSLProxyMachineCertificateFile(cmd_parms *cmd,
                                                    void *dcfg,
                                                    const char *arg)
-- 
2.40.0