Lines 73-78
Link Here
|
73 |
#if defined(HAVE_OPENSSL_ENGINE_H) && defined(HAVE_ENGINE_INIT) |
73 |
#if defined(HAVE_OPENSSL_ENGINE_H) && defined(HAVE_ENGINE_INIT) |
74 |
mc->szCryptoDevice = NULL; |
74 |
mc->szCryptoDevice = NULL; |
75 |
#endif |
75 |
#endif |
|
|
76 |
#ifdef HAVE_OCSP_STAPLING |
77 |
mc->Staplingcache = NULL; |
78 |
mc->nStaplingMutexMode = SSL_MUTEXMODE_UNSET; |
79 |
mc->nStaplingMutexMech = APR_LOCK_DEFAULT; |
80 |
mc->szStaplingMutexFile = NULL; |
81 |
mc->pStaplingMutex = NULL; |
82 |
#endif |
76 |
|
83 |
|
77 |
memset(mc->pTmpKeys, 0, sizeof(mc->pTmpKeys)); |
84 |
memset(mc->pTmpKeys, 0, sizeof(mc->pTmpKeys)); |
78 |
|
85 |
|
Lines 129-134
Link Here
|
129 |
mctx->ocsp_enabled = FALSE; |
136 |
mctx->ocsp_enabled = FALSE; |
130 |
mctx->ocsp_force_default = FALSE; |
137 |
mctx->ocsp_force_default = FALSE; |
131 |
mctx->ocsp_responder = NULL; |
138 |
mctx->ocsp_responder = NULL; |
|
|
139 |
|
140 |
#ifdef HAVE_OCSP_STAPLING |
141 |
mctx->useStapling = UNSET; |
142 |
mctx->StaplingResponseTimeSkew = UNSET; |
143 |
mctx->StaplingResponseMaxAge = UNSET; |
144 |
mctx->StaplingStandardCacheTimeout = UNSET; |
145 |
mctx->StaplingReturnResponderErrors = UNSET; |
146 |
mctx->StaplingFakeTryLater = UNSET; |
147 |
mctx->StaplingErrorCacheTimeout = UNSET; |
148 |
mctx->StaplingResponderTimeout = UNSET; |
149 |
mctx->StaplingForceURL = NULL; |
150 |
#endif |
132 |
} |
151 |
} |
133 |
|
152 |
|
134 |
static void modssl_ctx_init_proxy(SSLSrvConfigRec *sc, |
153 |
static void modssl_ctx_init_proxy(SSLSrvConfigRec *sc, |
Lines 222-227
Link Here
|
222 |
cfgMergeBool(ocsp_enabled); |
241 |
cfgMergeBool(ocsp_enabled); |
223 |
cfgMergeBool(ocsp_force_default); |
242 |
cfgMergeBool(ocsp_force_default); |
224 |
cfgMerge(ocsp_responder, NULL); |
243 |
cfgMerge(ocsp_responder, NULL); |
|
|
244 |
#ifdef HAVE_OCSP_STAPLING |
245 |
cfgMergeBool(useStapling); |
246 |
cfgMergeInt(StaplingResponseTimeSkew); |
247 |
cfgMergeInt(StaplingResponseMaxAge); |
248 |
cfgMergeInt(StaplingStandardCacheTimeout); |
249 |
cfgMergeBool(StaplingReturnResponderErrors); |
250 |
cfgMergeBool(StaplingFakeTryLater); |
251 |
cfgMergeInt(StaplingErrorCacheTimeout); |
252 |
cfgMergeInt(StaplingResponderTimeout); |
253 |
cfgMerge(StaplingForceURL, NULL); |
254 |
#endif |
225 |
} |
255 |
} |
226 |
|
256 |
|
227 |
static void modssl_ctx_cfg_merge_proxy(modssl_ctx_t *base, |
257 |
static void modssl_ctx_cfg_merge_proxy(modssl_ctx_t *base, |
Lines 1425-1430
Link Here
|
1425 |
return NULL; |
1455 |
return NULL; |
1426 |
} |
1456 |
} |
1427 |
|
1457 |
|
|
|
1458 |
#ifdef HAVE_OCSP_STAPLING |
1459 |
|
1460 |
const char *ssl_cmd_SSLStaplingCache(cmd_parms *cmd, |
1461 |
void *dcfg, |
1462 |
const char *arg) |
1463 |
{ |
1464 |
SSLModConfigRec *mc = myModConfig(cmd->server); |
1465 |
const char *err, *sep; |
1466 |
|
1467 |
if ((err = ap_check_cmd_context(cmd, GLOBAL_ONLY))) { |
1468 |
return err; |
1469 |
} |
1470 |
|
1471 |
if ((sep = ap_strchr_c(arg, ':')) != NULL) { |
1472 |
char *name = apr_pstrmemdup(cmd->pool, arg, sep - arg); |
1473 |
|
1474 |
/* Find the provider of given name. */ |
1475 |
mc->Staplingcache = ap_lookup_provider(AP_SOCACHE_PROVIDER_GROUP, |
1476 |
name, |
1477 |
AP_SOCACHE_PROVIDER_VERSION); |
1478 |
if (mc->Staplingcache) { |
1479 |
/* Cache found; create it, passing anything beyond the colon. */ |
1480 |
err = mc->Staplingcache->create(&mc->Staplingcache_context, |
1481 |
sep + 1, cmd->temp_pool, cmd->pool); |
1482 |
} |
1483 |
else { |
1484 |
apr_array_header_t *name_list; |
1485 |
const char *all_names; |
1486 |
|
1487 |
/* Build a comma-separated list of all registered provider |
1488 |
* names: */ |
1489 |
name_list = ap_list_provider_names(cmd->pool, |
1490 |
AP_SOCACHE_PROVIDER_GROUP, |
1491 |
AP_SOCACHE_PROVIDER_VERSION); |
1492 |
all_names = apr_array_pstrcat(cmd->pool, name_list, ','); |
1493 |
|
1494 |
err = apr_psprintf(cmd->pool, "'%s' stapling cache not supported " |
1495 |
"(known names: %s)", name, all_names); |
1496 |
} |
1497 |
} |
1498 |
else { |
1499 |
err = apr_psprintf(cmd->pool, "'%s' stapling cache not supported or missing argument", |
1500 |
arg); |
1501 |
} |
1502 |
|
1503 |
if (err) { |
1504 |
return apr_psprintf(cmd->pool, "SSLStaplingCache: %s", err); |
1505 |
} |
1506 |
|
1507 |
return NULL; |
1508 |
} |
1509 |
|
1510 |
const char *ssl_cmd_SSLStaplingMutex(cmd_parms *cmd, |
1511 |
void *dcfg, |
1512 |
const char *arg_) |
1513 |
{ |
1514 |
apr_status_t rv; |
1515 |
const char *err; |
1516 |
SSLModConfigRec *mc = myModConfig(cmd->server); |
1517 |
|
1518 |
if ((err = ap_check_cmd_context(cmd, GLOBAL_ONLY))) { |
1519 |
return err; |
1520 |
} |
1521 |
|
1522 |
if (ssl_config_global_isfixed(mc)) { |
1523 |
return NULL; |
1524 |
} |
1525 |
|
1526 |
rv = ap_parse_mutex(arg_, cmd->server->process->pool, |
1527 |
&mc->nStaplingMutexMech, &mc->szStaplingMutexFile); |
1528 |
|
1529 |
if (rv == APR_ENOLOCK) { |
1530 |
mc->nStaplingMutexMode = SSL_MUTEXMODE_NONE; |
1531 |
return NULL; |
1532 |
} else if (rv == APR_ENOTIMPL) { |
1533 |
return apr_pstrcat(cmd->pool, "Invalid SSLStaplingMutex argument ", |
1534 |
arg_, |
1535 |
" (" AP_ALL_AVAILABLE_MUTEXES_STRING ")", NULL); |
1536 |
} else if (rv == APR_BADARG) { |
1537 |
return apr_pstrcat(cmd->pool, "Invalid SSLStaplingMutex filepath ", |
1538 |
arg_, NULL); |
1539 |
} |
1540 |
|
1541 |
mc->nStaplingMutexMode = SSL_MUTEXMODE_USED; |
1542 |
|
1543 |
return NULL; |
1544 |
} |
1545 |
|
1546 |
const char *ssl_cmd_SSLUseStapling(cmd_parms *cmd, void *dcfg, int flag) |
1547 |
{ |
1548 |
SSLSrvConfigRec *sc = mySrvConfig(cmd->server); |
1549 |
sc->server->useStapling = flag ? TRUE : FALSE; |
1550 |
return NULL; |
1551 |
} |
1552 |
|
1553 |
const char *ssl_cmd_SSLStaplingResponseTimeSkew(cmd_parms *cmd, void *dcfg, |
1554 |
const char *arg) |
1555 |
{ |
1556 |
SSLSrvConfigRec *sc = mySrvConfig(cmd->server); |
1557 |
sc->server->StaplingResponseTimeSkew = atoi(arg); |
1558 |
if (sc->server->StaplingResponseTimeSkew < 0) { |
1559 |
return "SSLStaplingResponseTimeSkew: invalid argument"; |
1560 |
} |
1561 |
return NULL; |
1562 |
} |
1563 |
|
1564 |
const char *ssl_cmd_SSLStaplingResponseMaxAge(cmd_parms *cmd, void *dcfg, |
1565 |
const char *arg) |
1566 |
{ |
1567 |
SSLSrvConfigRec *sc = mySrvConfig(cmd->server); |
1568 |
sc->server->StaplingResponseMaxAge = atoi(arg); |
1569 |
if (sc->server->StaplingResponseMaxAge < 0) { |
1570 |
return "SSLStaplingResponseMaxAge: invalid argument"; |
1571 |
} |
1572 |
return NULL; |
1573 |
} |
1574 |
|
1575 |
const char *ssl_cmd_SSLStaplingStandardCacheTimeout(cmd_parms *cmd, void *dcfg, |
1576 |
const char *arg) |
1577 |
{ |
1578 |
SSLSrvConfigRec *sc = mySrvConfig(cmd->server); |
1579 |
sc->server->StaplingStandardCacheTimeout = atoi(arg); |
1580 |
if (sc->server->StaplingStandardCacheTimeout < 0) { |
1581 |
return "SSLStaplingStandardCacheTimeout: invalid argument"; |
1582 |
} |
1583 |
return NULL; |
1584 |
} |
1585 |
|
1586 |
const char *ssl_cmd_SSLStaplingErrorCacheTimeout(cmd_parms *cmd, void *dcfg, |
1587 |
const char *arg) |
1588 |
{ |
1589 |
SSLSrvConfigRec *sc = mySrvConfig(cmd->server); |
1590 |
sc->server->StaplingErrorCacheTimeout = atoi(arg); |
1591 |
if (sc->server->StaplingErrorCacheTimeout < 0) { |
1592 |
return "SSLStaplingErrorCacheTimeout: invalid argument"; |
1593 |
} |
1594 |
return NULL; |
1595 |
} |
1596 |
|
1597 |
const char *ssl_cmd_SSLStaplingReturnResponderErrors(cmd_parms *cmd, |
1598 |
void *dcfg, int flag) |
1599 |
{ |
1600 |
SSLSrvConfigRec *sc = mySrvConfig(cmd->server); |
1601 |
sc->server->StaplingReturnResponderErrors = flag ? TRUE : FALSE; |
1602 |
return NULL; |
1603 |
} |
1604 |
|
1605 |
const char *ssl_cmd_SSLStaplingFakeTryLater(cmd_parms *cmd, |
1606 |
void *dcfg, int flag) |
1607 |
{ |
1608 |
SSLSrvConfigRec *sc = mySrvConfig(cmd->server); |
1609 |
sc->server->StaplingFakeTryLater = flag ? TRUE : FALSE; |
1610 |
return NULL; |
1611 |
} |
1612 |
|
1613 |
const char *ssl_cmd_SSLStaplingResponderTimeout(cmd_parms *cmd, void *dcfg, |
1614 |
const char *arg) |
1615 |
{ |
1616 |
SSLSrvConfigRec *sc = mySrvConfig(cmd->server); |
1617 |
sc->server->StaplingResponderTimeout = atoi(arg); |
1618 |
sc->server->StaplingResponderTimeout *= APR_USEC_PER_SEC; |
1619 |
if (sc->server->StaplingResponderTimeout < 0) { |
1620 |
return "SSLStaplingResponderTimeout: invalid argument"; |
1621 |
} |
1622 |
return NULL; |
1623 |
} |
1624 |
|
1625 |
const char *ssl_cmd_SSLStaplingForceURL(cmd_parms *cmd, void *dcfg, |
1626 |
const char *arg) |
1627 |
{ |
1628 |
SSLSrvConfigRec *sc = mySrvConfig(cmd->server); |
1629 |
sc->server->StaplingForceURL = arg; |
1630 |
return NULL; |
1631 |
} |
1632 |
|
1633 |
#endif |
1634 |
|
1635 |
|
1636 |
|
1428 |
void ssl_hook_ConfigTest(apr_pool_t *pconf, server_rec *s) |
1637 |
void ssl_hook_ConfigTest(apr_pool_t *pconf, server_rec *s) |
1429 |
{ |
1638 |
{ |
1430 |
if (!ap_exists_config_define("DUMP_CERTS")) { |
1639 |
if (!ap_exists_config_define("DUMP_CERTS")) { |