View | Details | Raw Unified | Return to bug 14104
Collapse All | Expand All

(-)httpd-2.2.8/configure (-1 / +1 lines)
Lines 14143-14149 Link Here
14143
  > $modpath_current/modules.mk
14143
  > $modpath_current/modules.mk
14144
14144
14145
14145
14146
ssl_objs="mod_ssl.lo ssl_engine_config.lo ssl_engine_dh.lo ssl_engine_init.lo ssl_engine_io.lo ssl_engine_kernel.lo ssl_engine_log.lo ssl_engine_mutex.lo ssl_engine_pphrase.lo ssl_engine_rand.lo ssl_engine_vars.lo ssl_expr.lo ssl_expr_eval.lo ssl_expr_parse.lo ssl_expr_scan.lo ssl_scache.lo ssl_scache_dbm.lo ssl_scache_shmcb.lo ssl_scache_dc.lo ssl_util.lo ssl_util_ssl.lo "
14146
ssl_objs="mod_ssl.lo ssl_engine_config.lo ssl_engine_dh.lo ssl_engine_init.lo ssl_engine_io.lo ssl_engine_kernel.lo ssl_engine_log.lo ssl_engine_mutex.lo ssl_engine_pphrase.lo ssl_engine_rand.lo ssl_engine_vars.lo ssl_expr.lo ssl_expr_eval.lo ssl_expr_parse.lo ssl_expr_scan.lo ssl_scache.lo ssl_scache_dbm.lo ssl_scache_shmcb.lo ssl_scache_dc.lo ssl_util.lo ssl_util_ssl.lo  ssl_crl_reloader.lo "
14147
14147
14148
  { echo "$as_me:$LINENO: checking whether to enable mod_ssl" >&5
14148
  { echo "$as_me:$LINENO: checking whether to enable mod_ssl" >&5
14149
echo $ECHO_N "checking whether to enable mod_ssl... $ECHO_C" >&6; }
14149
echo $ECHO_N "checking whether to enable mod_ssl... $ECHO_C" >&6; }
(-)httpd-2.2.8/modules/ssl/ssl_crl_reloader.c (+244 lines)
Line 0 Link Here
1
#include <openssl/buffer.h>
2
#include <openssl/x509.h>
3
#include <openssl/pem.h>
4
#include <string.h>
5
#include <sys/stat.h>
6
7
#include "ssl_crl_reloader.h"
8
9
10
typedef struct CRL_RELOADER_DATA_st
11
{
12
    time_t mtime;
13
    char *crl_file_name;
14
    X509_CRL *crl;
15
} CRL_RELOADER_DATA;
16
17
CRL_RELOADER_DATA *CRL_RELOADER_DATA_new()
18
{
19
    CRL_RELOADER_DATA *ret = NULL;
20
    ret = (CRL_RELOADER_DATA *) OPENSSL_malloc(sizeof(CRL_RELOADER_DATA));
21
    if (!ret) {
22
        return NULL;
23
    }
24
    ret->crl_file_name = NULL;
25
    ret->crl = NULL;
26
    return ret;
27
}
28
29
void CRL_RELOADER_DATA_free(CRL_RELOADER_DATA * data)
30
{
31
    if (!data) {
32
        return;
33
    }
34
    if (data->crl_file_name)
35
        free(data->crl_file_name);
36
    if (data->crl)
37
        X509_CRL_free(data->crl);
38
    OPENSSL_free(data);
39
}
40
41
static int crl_reloader_ctrl(X509_LOOKUP * ctx, int cmd, const char *argc,
42
                             long argl, char **ret);
43
static int crl_reloader_new(X509_LOOKUP * ctx);
44
static void crl_reloader_free(X509_LOOKUP * ctx);
45
static int crl_reloader_get_by_subject(X509_LOOKUP * ctx, int type,
46
                                       X509_NAME * name, X509_OBJECT * ret);
47
48
X509_LOOKUP_METHOD x509_crl_reloader = {
49
    "CRL file reloader",
50
    crl_reloader_new,           /* new */
51
    crl_reloader_free,          /* free */
52
    NULL,                       /* init */
53
    NULL,                       /* shutdown */
54
    crl_reloader_ctrl,          /* ctrl */
55
    crl_reloader_get_by_subject,        /* get_by_subject */
56
    NULL,                       /* get_by_issuer_serial */
57
    NULL,                       /* get_by_fingerprint */
58
    NULL,                       /* get_by_alias */
59
};
60
61
X509_LOOKUP_METHOD *X509_LOOKUP_crl_reloader(void)
62
{
63
    return (&x509_crl_reloader);
64
}
65
66
static int crl_reloader_new(X509_LOOKUP * ctx)
67
{
68
    int ok = 1;
69
    CRL_RELOADER_DATA *data = CRL_RELOADER_DATA_new();
70
71
    if (!data) {
72
        return 0;
73
    }
74
75
    ctx->method_data = (char *) data;
76
    return ok;
77
}
78
79
static void crl_reloader_free(X509_LOOKUP * ctx)
80
{
81
    CRL_RELOADER_DATA_free((CRL_RELOADER_DATA *) ctx->method_data);
82
    ctx->method_data = NULL;
83
}
84
85
static int crl_reloader_reload(X509_LOOKUP * ctx)
86
{
87
    int ok = 0;
88
    BIO *in = NULL;
89
    CRL_RELOADER_DATA *data;
90
    X509_CRL *crl = NULL;
91
    struct stat status;
92
93
    data = (CRL_RELOADER_DATA *) ctx->method_data;
94
    if (!data->crl_file_name) {
95
        goto err;
96
    }
97
98
    if (stat(data->crl_file_name, &status) != 0) {
99
        goto err;
100
    }
101
102
    in = BIO_new_file(data->crl_file_name, "r");
103
    if (!in) {
104
        goto err;
105
    }
106
107
    crl = PEM_read_bio_X509_CRL(in, NULL, NULL, NULL);
108
    if (!crl) {
109
        goto err;
110
    }
111
112
    if (data->crl)
113
        X509_CRL_free(data->crl);
114
    data->crl = crl;
115
    data->mtime = status.st_mtime;
116
    ok = 1;
117
  err:
118
    if (in)
119
        BIO_free(in);
120
    return ok;
121
}
122
123
static int crl_reloader_reload_if_newest(X509_LOOKUP * ctx)
124
{
125
    int ok = 0;
126
    CRL_RELOADER_DATA *data;
127
    struct stat status;
128
129
    data = (CRL_RELOADER_DATA *) ctx->method_data;
130
    if (!data->crl_file_name) {
131
        return ok;
132
    }
133
134
    if (stat(data->crl_file_name, &status) != 0) {
135
        return ok;
136
    }
137
138
    if (status.st_mtime > data->mtime) {
139
        ok = crl_reloader_reload(ctx);
140
        if (!ok) {
141
            goto err;
142
        }
143
    }
144
    ok = 1;
145
  err:
146
    return ok;
147
}
148
149
static int crl_reloader_file_load(X509_LOOKUP * ctx, const char *argp)
150
{
151
    int ok = 0;
152
    BIO *in = NULL;
153
    CRL_RELOADER_DATA *data;
154
155
    data = (CRL_RELOADER_DATA *) ctx->method_data;
156
    if (data->crl_file_name)
157
        free(data->crl_file_name);
158
    data->crl_file_name = strdup(argp);
159
160
    if (!data->crl_file_name) {
161
        goto err;
162
    }
163
164
    ok = crl_reloader_reload(ctx);
165
    if (!ok) {
166
        goto err;
167
    }
168
    ok = 1;
169
  err:
170
    if (in)
171
        BIO_free(in);
172
    return ok;
173
}
174
175
static int crl_reloader_ctrl(X509_LOOKUP * ctx, int cmd, const char *argp,
176
                             long argl, char **ret)
177
{
178
    int ok = 0;
179
    switch (cmd) {
180
    case X509_L_FILE_LOAD:
181
        ok = crl_reloader_file_load(ctx, argp);
182
        break;
183
    default:
184
        break;
185
    }
186
    return ok;
187
}
188
189
int X509_CRL_expired(X509_CRL * crl)
190
{
191
    if (!crl) {
192
        return 0;
193
    }
194
195
    int lastUpdate = X509_cmp_current_time(X509_CRL_get_lastUpdate(crl));
196
    int nextUpdate = X509_cmp_current_time(X509_CRL_get_nextUpdate(crl));
197
198
    if (lastUpdate < 0 && nextUpdate > 0) {
199
        return 0;
200
    }
201
    return 1;
202
}
203
204
int crl_reloader_get_by_subject(X509_LOOKUP * ctx, int type, X509_NAME * name,
205
                                X509_OBJECT * ret)
206
{
207
    int ok = 0;
208
    CRL_RELOADER_DATA *data = NULL;
209
210
    if (type != X509_LU_CRL) {
211
        return ok;
212
    }
213
214
    data = (CRL_RELOADER_DATA *) ctx->method_data;
215
    if (!data->crl) {
216
        return ok;
217
    }
218
219
    if (X509_CRL_expired(data->crl) && !crl_reloader_reload_if_newest(ctx)) {
220
        goto err;
221
    }
222
223
    if (X509_NAME_cmp(data->crl->crl->issuer, name)) {
224
        ret->type = 0;
225
        ret->data.crl = NULL;
226
        return ok;
227
    }
228
229
    ret->type = type;
230
    ret->data.crl = data->crl;
231
    ok = 1;
232
  err:
233
    return ok;
234
}
235
236
int X509_LOOKUP_load_crl(X509_LOOKUP * lu, const char *fname)
237
{
238
    int ok = 0;
239
    if (!fname) {
240
        return ok;
241
    }
242
    ok = X509_LOOKUP_ctrl(lu, X509_L_FILE_LOAD, fname, 0, NULL);
243
    return ok;
244
}
(-)httpd-2.2.8/modules/ssl/ssl_crl_reloader.h (+18 lines)
Line 0 Link Here
1
#ifndef by_crl_reloaderH
2
#define by_crl_reloaderH
3
4
#include <openssl/x509.h>
5
6
#ifdef __cplusplus
7
extern "C"
8
{
9
#endif
10
11
    X509_LOOKUP_METHOD *X509_LOOKUP_crl_reloader(void);
12
    int X509_LOOKUP_load_crl(X509_LOOKUP * lu, const char *fname);
13
14
#ifdef __cplusplus
15
}
16
#endif
17
18
#endif
(-)httpd-2.2.8/modules/ssl/ssl_util_ssl.c (-2 / +2 lines)
Lines 211-222 Link Here
211
    if ((pStore = X509_STORE_new()) == NULL)
211
    if ((pStore = X509_STORE_new()) == NULL)
212
        return NULL;
212
        return NULL;
213
    if (cpFile != NULL) {
213
    if (cpFile != NULL) {
214
        pLookup = X509_STORE_add_lookup(pStore, X509_LOOKUP_file());
214
        pLookup = X509_STORE_add_lookup(pStore, X509_LOOKUP_crl_reloader());
215
        if (pLookup == NULL) {
215
        if (pLookup == NULL) {
216
            X509_STORE_free(pStore);
216
            X509_STORE_free(pStore);
217
            return NULL;
217
            return NULL;
218
        }
218
        }
219
        rv = X509_LOOKUP_load_file(pLookup, cpFile, X509_FILETYPE_PEM);
219
        rv = X509_LOOKUP_load_crl(pLookup, cpFile);
220
    }
220
    }
221
    if (cpPath != NULL && rv == 1) {
221
    if (cpPath != NULL && rv == 1) {
222
        pLookup = X509_STORE_add_lookup(pStore, X509_LOOKUP_hash_dir());
222
        pLookup = X509_STORE_add_lookup(pStore, X509_LOOKUP_hash_dir());

Return to bug 14104