From d818b89870c6b38cfeb2d7fa01fa925345b1c343 Mon Sep 17 00:00:00 2001 From: Doug MacEachern Date: Sat, 30 Mar 2002 01:41:35 +0000 Subject: [PATCH] enable/cleanup SSL_X509_INFO_load_{file,path} functions for use in proxy context git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94323 13f79535-47bb-0310-9956-ffa450edef68 --- modules/ssl/ssl_toolkit_compat.h | 5 +++ modules/ssl/ssl_util_ssl.c | 52 ++++++++++++++++++-------------- modules/ssl/ssl_util_ssl.h | 6 ++-- 3 files changed, 36 insertions(+), 27 deletions(-) diff --git a/modules/ssl/ssl_toolkit_compat.h b/modules/ssl/ssl_toolkit_compat.h index 5397141546..0dacf1960c 100644 --- a/modules/ssl/ssl_toolkit_compat.h +++ b/modules/ssl/ssl_toolkit_compat.h @@ -99,6 +99,8 @@ #define modssl_PEM_read_bio_X509 PEM_read_bio_X509 +#define modssl_PEM_X509_INFO_read_bio PEM_X509_INFO_read_bio + #define modssl_PEM_read_bio_PrivateKey PEM_read_bio_PrivateKey #define modssl_set_cipher_list SSL_set_cipher_list @@ -124,6 +126,9 @@ #define modssl_PEM_read_bio_X509(b, x, cb, arg) \ PEM_read_bio_X509(b, x, cb) +#define modssl_PEM_X509_INFO_read_bio(b, x, cb, arg)\ + PEM_X509_INFO_read_bio(b, x, cb) + #define modssl_PEM_read_bio_PrivateKey(b, k, cb, arg) \ PEM_read_bio_PrivateKey(b, k, cb) diff --git a/modules/ssl/ssl_util_ssl.c b/modules/ssl/ssl_util_ssl.c index c2a0ca2350..030fac299d 100644 --- a/modules/ssl/ssl_util_ssl.c +++ b/modules/ssl/ssl_util_ssl.c @@ -416,56 +416,62 @@ BOOL SSL_X509_getCN(apr_pool_t *p, X509 *xs, char **cppCN) ** _________________________________________________________________ */ -#ifdef SSL_EXPERIMENTAL_PROXY - -BOOL SSL_load_CrtAndKeyInfo_file(apr_pool_t *p, STACK_OF(X509_INFO) *sk, char *filename) +BOOL SSL_X509_INFO_load_file(apr_pool_t *ptemp, + STACK_OF(X509_INFO) *sk, + const char *filename) { BIO *in; - if ((in = BIO_new(BIO_s_file())) == NULL) + if (!(in = BIO_new(BIO_s_file()))) { return FALSE; + } + if (BIO_read_filename(in, filename) <= 0) { BIO_free(in); return FALSE; } + ERR_clear_error(); -#if SSL_LIBRARY_VERSION < 0x00904000 - PEM_X509_INFO_read_bio(in, sk, NULL); -#else - PEM_X509_INFO_read_bio(in, sk, NULL, NULL); -#endif + + modssl_PEM_X509_INFO_read_bio(in, sk, NULL, NULL); + BIO_free(in); + return TRUE; } -BOOL SSL_load_CrtAndKeyInfo_path(apr_pool_t *p, STACK_OF(X509_INFO) *sk, char *pathname) +BOOL SSL_X509_INFO_load_path(apr_pool_t *ptemp, + STACK_OF(X509_INFO) *sk, + const char *pathname) { - apr_pool_t *sp; apr_dir_t *dir; apr_finfo_t dirent; - char *fullname; - BOOL ok; + const char *fullname; + BOOL ok = FALSE; - apr_pool_sub_make(&sp, p, NULL); - if (apr_dir_open(&dir, pathname, sp)) != APR_SUCCESS) { - apr_pool_destroy(sp); + if (apr_dir_open(&dir, pathname, ptemp) != APR_SUCCESS) { return FALSE; } - ok = FALSE; + while ((apr_dir_read(&dirent, APR_FINFO_DIRENT, dir)) == APR_SUCCESS) { - fullname = apr_pstrcat(sp, pathname, "/", dirent.name, NULL); - if (dirent.filetype != APR_REG) + fullname = apr_pstrcat(ptemp, + pathname, "/", dirent.name, + NULL); + + if (dirent.filetype != APR_REG) { continue; - if (SSL_load_CrtAndKeyInfo_file(sp, sk, fullname)) + } + + if (SSL_X509_INFO_load_file(ptemp, sk, fullname)) { ok = TRUE; + } } + apr_dir_close(dir); - apr_pool_destroy(sp); + return ok; } -#endif /* SSL_EXPERIMENTAL_PROXY */ - /* _________________________________________________________________ ** ** Extra Server Certificate Chain Support diff --git a/modules/ssl/ssl_util_ssl.h b/modules/ssl/ssl_util_ssl.h index 450addc742..3e090cf921 100644 --- a/modules/ssl/ssl_util_ssl.h +++ b/modules/ssl/ssl_util_ssl.h @@ -99,10 +99,8 @@ char *SSL_make_ciphersuite(apr_pool_t *, SSL *); BOOL SSL_X509_isSGC(X509 *); BOOL SSL_X509_getBC(X509 *, int *, int *); BOOL SSL_X509_getCN(apr_pool_t *, X509 *, char **); -#ifdef SSL_EXPERIMENTAL_PROXY -BOOL SSL_load_CrtAndKeyInfo_file(apr_pool_t *, STACK_OF(X509_INFO) *, char *); -BOOL SSL_load_CrtAndKeyInfo_path(apr_pool_t *, STACK_OF(X509_INFO) *, char *); -#endif /* SSL_EXPERIMENTAL_PROXY */ +BOOL SSL_X509_INFO_load_file(apr_pool_t *, STACK_OF(X509_INFO) *, const char *); +BOOL SSL_X509_INFO_load_path(apr_pool_t *, STACK_OF(X509_INFO) *, const char *); int SSL_CTX_use_certificate_chain(SSL_CTX *, char *, int, int (*)(char*,int,int,void*)); char *SSL_SESSION_id2sz(unsigned char *, int, char *, int); -- 2.40.0