From e4c98eb582e477ee22a5073e7b0ed3e431336f8d Mon Sep 17 00:00:00 2001
From: Doug MacEachern <dougm@apache.org>
Date: Sat, 30 Mar 2002 01:50:10 +0000
Subject: [PATCH] load SSLProxyMachineCertificate{File,Path}

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94324 13f79535-47bb-0310-9956-ffa450edef68
---
 modules/ssl/ssl_engine_init.c | 38 +++++++++++++++++++++++++++++++++++
 1 file changed, 38 insertions(+)

diff --git a/modules/ssl/ssl_engine_init.c b/modules/ssl/ssl_engine_init.c
index b065cf9f2e..4aa4bd9366 100644
--- a/modules/ssl/ssl_engine_init.c
+++ b/modules/ssl/ssl_engine_init.c
@@ -899,12 +899,50 @@ static void ssl_init_server_certs(server_rec *s,
     }
 }
 
+static void ssl_init_proxy_certs(server_rec *s,
+                                 apr_pool_t *p,
+                                 apr_pool_t *ptemp,
+                                 modssl_ctx_t *mctx)
+{
+    int ncerts = 0;
+    STACK_OF(X509_INFO) *sk;
+    modssl_pk_proxy_t *pkp = mctx->pkp;
+
+    if (!(pkp->cert_file || pkp->cert_path)) {
+        return;
+    }
+
+    sk = sk_X509_INFO_new_null();
+
+    if (pkp->cert_file) {
+        SSL_X509_INFO_load_file(ptemp, sk, pkp->cert_file);
+    }
+
+    if (pkp->cert_path) {
+        SSL_X509_INFO_load_file(ptemp, sk, pkp->cert_path);
+    }
+
+    if ((ncerts = sk_X509_INFO_num(sk)) > 0) {
+        ssl_log(s, SSL_LOG_TRACE|SSL_INIT,
+                "loaded %d client certs for SSL proxy",
+                ncerts);
+        pkp->certs = sk;
+    }
+    else {
+        ssl_log(s, SSL_LOG_WARN|SSL_INIT,
+                "no client certs found for SSL proxy");
+        sk_X509_INFO_free(sk);
+    }
+}
+
 static void ssl_init_proxy_ctx(server_rec *s,
                                apr_pool_t *p,
                                apr_pool_t *ptemp,
                                SSLSrvConfigRec *sc)
 {
     ssl_init_ctx(s, p, ptemp, sc->proxy);
+
+    ssl_init_proxy_certs(s, p, ptemp, sc->proxy);
 }
 
 static void ssl_init_server_ctx(server_rec *s,
-- 
2.50.1