summaryrefslogtreecommitdiff
path: root/modules/ssl/ssl_util.c
diff options
context:
space:
mode:
Diffstat (limited to 'modules/ssl/ssl_util.c')
-rw-r--r--modules/ssl/ssl_util.c130
1 files changed, 1 insertions, 129 deletions
diff --git a/modules/ssl/ssl_util.c b/modules/ssl/ssl_util.c
index d2122784..476aa0b6 100644
--- a/modules/ssl/ssl_util.c
+++ b/modules/ssl/ssl_util.c
@@ -135,61 +135,8 @@ BOOL ssl_util_path_check(ssl_pathcheck_t pcm, const char *path, apr_pool_t *p)
return TRUE;
}
-ssl_algo_t ssl_util_algotypeof(X509 *pCert, EVP_PKEY *pKey)
-{
- ssl_algo_t t;
- EVP_PKEY *pFreeKey = NULL;
-
- t = SSL_ALGO_UNKNOWN;
- if (pCert != NULL)
- pFreeKey = pKey = X509_get_pubkey(pCert);
- if (pKey != NULL) {
- switch (EVP_PKEY_type(pKey->type)) {
- case EVP_PKEY_RSA:
- t = SSL_ALGO_RSA;
- break;
- case EVP_PKEY_DSA:
- t = SSL_ALGO_DSA;
- break;
-#ifdef HAVE_ECC
- case EVP_PKEY_EC:
- t = SSL_ALGO_ECC;
- break;
-#endif
- default:
- break;
- }
- }
- if (pFreeKey != NULL)
- EVP_PKEY_free(pFreeKey);
- return t;
-}
-
-char *ssl_util_algotypestr(ssl_algo_t t)
-{
- char *cp;
-
- cp = "UNKNOWN";
- switch (t) {
- case SSL_ALGO_RSA:
- cp = "RSA";
- break;
- case SSL_ALGO_DSA:
- cp = "DSA";
- break;
-#ifdef HAVE_ECC
- case SSL_ALGO_ECC:
- cp = "ECC";
- break;
-#endif
- default:
- break;
- }
- return cp;
-}
-
/*
- * certain key and cert data needs to survive restarts,
+ * certain key data needs to survive restarts,
* which are stored in the user data table of s->process->pool.
* to prevent "leaking" of this data, we use malloc/free
* rather than apr_palloc and these wrappers to help make sure
@@ -253,81 +200,6 @@ void ssl_asn1_table_unset(apr_hash_t *table,
apr_hash_set(table, key, klen, NULL);
}
-#ifdef HAVE_ECC
-static const char *ssl_asn1_key_types[] = {"RSA", "DSA", "ECC"};
-#else
-static const char *ssl_asn1_key_types[] = {"RSA", "DSA"};
-#endif
-
-const char *ssl_asn1_keystr(int keytype)
-{
- if (keytype >= SSL_AIDX_MAX) {
- return NULL;
- }
-
- return ssl_asn1_key_types[keytype];
-}
-
-const char *ssl_asn1_table_keyfmt(apr_pool_t *p,
- const char *id,
- int keytype)
-{
- const char *keystr = ssl_asn1_keystr(keytype);
-
- return apr_pstrcat(p, id, ":", keystr, NULL);
-}
-
-STACK_OF(X509) *ssl_read_pkcs7(server_rec *s, const char *pkcs7)
-{
- PKCS7 *p7;
- STACK_OF(X509) *certs = NULL;
- FILE *f;
-
- f = fopen(pkcs7, "r");
- if (!f) {
- ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, APLOGNO(02212) "Can't open %s", pkcs7);
- ssl_die(s);
- }
-
- p7 = PEM_read_PKCS7(f, NULL, NULL, NULL);
- if (!p7) {
- ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, APLOGNO(02274)
- "Can't read PKCS7 object %s", pkcs7);
- ssl_log_ssl_error(SSLLOG_MARK, APLOG_CRIT, s);
- exit(1);
- }
-
- switch (OBJ_obj2nid(p7->type)) {
- case NID_pkcs7_signed:
- certs = p7->d.sign->cert;
- p7->d.sign->cert = NULL;
- PKCS7_free(p7);
- break;
-
- case NID_pkcs7_signedAndEnveloped:
- certs = p7->d.signed_and_enveloped->cert;
- p7->d.signed_and_enveloped->cert = NULL;
- PKCS7_free(p7);
- break;
-
- default:
- ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, APLOGNO(02213)
- "Don't understand PKCS7 file %s", pkcs7);
- ssl_die(s);
- }
-
- if (!certs) {
- ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, APLOGNO(02214)
- "No certificates in %s", pkcs7);
- ssl_die(s);
- }
-
- fclose(f);
-
- return certs;
-}
-
-
#if APR_HAS_THREADS
/*
* To ensure thread-safetyness in OpenSSL - work in progress
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-14 00:27:11 +0000