diff options
Diffstat (limited to 'modules/ssl/ssl_util.c')
-rw-r--r-- | modules/ssl/ssl_util.c | 130 |
1 files changed, 1 insertions, 129 deletions
diff --git a/modules/ssl/ssl_util.c b/modules/ssl/ssl_util.c index d2122784..476aa0b6 100644 --- a/modules/ssl/ssl_util.c +++ b/modules/ssl/ssl_util.c @@ -135,61 +135,8 @@ BOOL ssl_util_path_check(ssl_pathcheck_t pcm, const char *path, apr_pool_t *p) return TRUE; } -ssl_algo_t ssl_util_algotypeof(X509 *pCert, EVP_PKEY *pKey) -{ - ssl_algo_t t; - EVP_PKEY *pFreeKey = NULL; - - t = SSL_ALGO_UNKNOWN; - if (pCert != NULL) - pFreeKey = pKey = X509_get_pubkey(pCert); - if (pKey != NULL) { - switch (EVP_PKEY_type(pKey->type)) { - case EVP_PKEY_RSA: - t = SSL_ALGO_RSA; - break; - case EVP_PKEY_DSA: - t = SSL_ALGO_DSA; - break; -#ifdef HAVE_ECC - case EVP_PKEY_EC: - t = SSL_ALGO_ECC; - break; -#endif - default: - break; - } - } - if (pFreeKey != NULL) - EVP_PKEY_free(pFreeKey); - return t; -} - -char *ssl_util_algotypestr(ssl_algo_t t) -{ - char *cp; - - cp = "UNKNOWN"; - switch (t) { - case SSL_ALGO_RSA: - cp = "RSA"; - break; - case SSL_ALGO_DSA: - cp = "DSA"; - break; -#ifdef HAVE_ECC - case SSL_ALGO_ECC: - cp = "ECC"; - break; -#endif - default: - break; - } - return cp; -} - /* - * certain key and cert data needs to survive restarts, + * certain key data needs to survive restarts, * which are stored in the user data table of s->process->pool. * to prevent "leaking" of this data, we use malloc/free * rather than apr_palloc and these wrappers to help make sure @@ -253,81 +200,6 @@ void ssl_asn1_table_unset(apr_hash_t *table, apr_hash_set(table, key, klen, NULL); } -#ifdef HAVE_ECC -static const char *ssl_asn1_key_types[] = {"RSA", "DSA", "ECC"}; -#else -static const char *ssl_asn1_key_types[] = {"RSA", "DSA"}; -#endif - -const char *ssl_asn1_keystr(int keytype) -{ - if (keytype >= SSL_AIDX_MAX) { - return NULL; - } - - return ssl_asn1_key_types[keytype]; -} - -const char *ssl_asn1_table_keyfmt(apr_pool_t *p, - const char *id, - int keytype) -{ - const char *keystr = ssl_asn1_keystr(keytype); - - return apr_pstrcat(p, id, ":", keystr, NULL); -} - -STACK_OF(X509) *ssl_read_pkcs7(server_rec *s, const char *pkcs7) -{ - PKCS7 *p7; - STACK_OF(X509) *certs = NULL; - FILE *f; - - f = fopen(pkcs7, "r"); - if (!f) { - ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, APLOGNO(02212) "Can't open %s", pkcs7); - ssl_die(s); - } - - p7 = PEM_read_PKCS7(f, NULL, NULL, NULL); - if (!p7) { - ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, APLOGNO(02274) - "Can't read PKCS7 object %s", pkcs7); - ssl_log_ssl_error(SSLLOG_MARK, APLOG_CRIT, s); - exit(1); - } - - switch (OBJ_obj2nid(p7->type)) { - case NID_pkcs7_signed: - certs = p7->d.sign->cert; - p7->d.sign->cert = NULL; - PKCS7_free(p7); - break; - - case NID_pkcs7_signedAndEnveloped: - certs = p7->d.signed_and_enveloped->cert; - p7->d.signed_and_enveloped->cert = NULL; - PKCS7_free(p7); - break; - - default: - ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, APLOGNO(02213) - "Don't understand PKCS7 file %s", pkcs7); - ssl_die(s); - } - - if (!certs) { - ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, APLOGNO(02214) - "No certificates in %s", pkcs7); - ssl_die(s); - } - - fclose(f); - - return certs; -} - - #if APR_HAS_THREADS /* * To ensure thread-safetyness in OpenSSL - work in progress |