diff options
| author | Stefan Fritsch <sf@sfritsch.de> | 2016-07-05 23:20:42 +0200 |
|---|---|---|
| committer | Stefan Fritsch <sf@sfritsch.de> | 2016-07-05 23:20:42 +0200 |
| commit | d5ffc4eb85d71c901c85119cf873e343349e97e2 (patch) | |
| tree | 564636012ef7538ed4d7096b83c994dbda76c9db /modules/ssl/ssl_engine_config.c | |
| parent | 48eddd3d39fa2668ee29198ebfb33c41d4738c21 (diff) | |
| download | apache2-upstream.tar.gz | |
Imported Upstream version 2.4.23upstream
Diffstat (limited to 'modules/ssl/ssl_engine_config.c')
| -rw-r--r-- | modules/ssl/ssl_engine_config.c | 39 |
1 files changed, 27 insertions, 12 deletions
diff --git a/modules/ssl/ssl_engine_config.c b/modules/ssl/ssl_engine_config.c index a3d5af52..129a01ff 100644 --- a/modules/ssl/ssl_engine_config.c +++ b/modules/ssl/ssl_engine_config.c @@ -121,7 +121,7 @@ static void modssl_ctx_init(modssl_ctx_t *mctx, apr_pool_t *p) mctx->crl_path = NULL; mctx->crl_file = NULL; - mctx->crl_check_mode = SSL_CRLCHECK_UNSET; + mctx->crl_check_mask = UNSET; mctx->auth.ca_cert_path = NULL; mctx->auth.ca_cert_file = NULL; @@ -271,7 +271,7 @@ static void modssl_ctx_cfg_merge(apr_pool_t *p, cfgMerge(crl_path, NULL); cfgMerge(crl_file, NULL); - cfgMerge(crl_check_mode, SSL_CRLCHECK_UNSET); + cfgMergeInt(crl_check_mask); cfgMergeString(auth.ca_cert_path); cfgMergeString(auth.ca_cert_file); @@ -1000,23 +1000,38 @@ const char *ssl_cmd_SSLCARevocationFile(cmd_parms *cmd, static const char *ssl_cmd_crlcheck_parse(cmd_parms *parms, const char *arg, - ssl_crlcheck_t *mode) + int *mask) { - if (strcEQ(arg, "none")) { - *mode = SSL_CRLCHECK_NONE; + const char *w; + + w = ap_getword_conf(parms->temp_pool, &arg); + if (strcEQ(w, "none")) { + *mask = SSL_CRLCHECK_NONE; } - else if (strcEQ(arg, "leaf")) { - *mode = SSL_CRLCHECK_LEAF; + else if (strcEQ(w, "leaf")) { + *mask = SSL_CRLCHECK_LEAF; } - else if (strcEQ(arg, "chain")) { - *mode = SSL_CRLCHECK_CHAIN; + else if (strcEQ(w, "chain")) { + *mask = SSL_CRLCHECK_CHAIN; } else { return apr_pstrcat(parms->temp_pool, parms->cmd->name, - ": Invalid argument '", arg, "'", + ": Invalid argument '", w, "'", NULL); } + while (*arg) { + w = ap_getword_conf(parms->temp_pool, &arg); + if (strcEQ(w, "no_crl_for_cert_ok")) { + *mask |= SSL_CRLCHECK_NO_CRL_FOR_CERT_OK; + } + else { + return apr_pstrcat(parms->temp_pool, parms->cmd->name, + ": Invalid argument '", w, "'", + NULL); + } + } + return NULL; } @@ -1026,7 +1041,7 @@ const char *ssl_cmd_SSLCARevocationCheck(cmd_parms *cmd, { SSLSrvConfigRec *sc = mySrvConfig(cmd->server); - return ssl_cmd_crlcheck_parse(cmd, arg, &sc->server->crl_check_mode); + return ssl_cmd_crlcheck_parse(cmd, arg, &sc->server->crl_check_mask); } static const char *ssl_cmd_verify_parse(cmd_parms *parms, @@ -1540,7 +1555,7 @@ const char *ssl_cmd_SSLProxyCARevocationCheck(cmd_parms *cmd, { SSLSrvConfigRec *sc = mySrvConfig(cmd->server); - return ssl_cmd_crlcheck_parse(cmd, arg, &sc->proxy->crl_check_mode); + return ssl_cmd_crlcheck_parse(cmd, arg, &sc->proxy->crl_check_mask); } const char *ssl_cmd_SSLProxyMachineCertificateFile(cmd_parms *cmd, |