Lines 137-143
static void modssl_ctx_init(modssl_ctx_t *mctx, apr_pool_t *p)
Link Here
|
137 |
mctx->auth.verify_depth = UNSET; |
137 |
mctx->auth.verify_depth = UNSET; |
138 |
mctx->auth.verify_mode = SSL_CVERIFY_UNSET; |
138 |
mctx->auth.verify_mode = SSL_CVERIFY_UNSET; |
139 |
|
139 |
|
140 |
mctx->ocsp_enabled = FALSE; |
140 |
mctx->ocsp_mask = UNSET; |
141 |
mctx->ocsp_force_default = FALSE; |
141 |
mctx->ocsp_force_default = FALSE; |
142 |
mctx->ocsp_responder = NULL; |
142 |
mctx->ocsp_responder = NULL; |
143 |
mctx->ocsp_resptime_skew = UNSET; |
143 |
mctx->ocsp_resptime_skew = UNSET; |
Lines 297-303
static void modssl_ctx_cfg_merge(apr_pool_t *p,
Link Here
|
297 |
cfgMergeInt(auth.verify_depth); |
297 |
cfgMergeInt(auth.verify_depth); |
298 |
cfgMerge(auth.verify_mode, SSL_CVERIFY_UNSET); |
298 |
cfgMerge(auth.verify_mode, SSL_CVERIFY_UNSET); |
299 |
|
299 |
|
300 |
cfgMergeBool(ocsp_enabled); |
300 |
cfgMergeInt(ocsp_mask); |
301 |
cfgMergeBool(ocsp_force_default); |
301 |
cfgMergeBool(ocsp_force_default); |
302 |
cfgMerge(ocsp_responder, NULL); |
302 |
cfgMerge(ocsp_responder, NULL); |
303 |
cfgMergeInt(ocsp_resptime_skew); |
303 |
cfgMergeInt(ocsp_resptime_skew); |
Lines 1638-1648
const char *ssl_cmd_SSLUserName(cmd_parms *cmd, void *dcfg,
Link Here
|
1638 |
return NULL; |
1638 |
return NULL; |
1639 |
} |
1639 |
} |
1640 |
|
1640 |
|
1641 |
const char *ssl_cmd_SSLOCSPEnable(cmd_parms *cmd, void *dcfg, int flag) |
1641 |
static const char *ssl_cmd_ocspcheck_parse(cmd_parms *parms, |
|
|
1642 |
const char *arg, |
1643 |
int *mask) |
1642 |
{ |
1644 |
{ |
1643 |
SSLSrvConfigRec *sc = mySrvConfig(cmd->server); |
1645 |
const char *w; |
1644 |
|
1646 |
|
1645 |
sc->server->ocsp_enabled = flag ? TRUE : FALSE; |
1647 |
w = ap_getword_conf(parms->temp_pool, &arg); |
|
|
1648 |
if (strcEQ(w, "none") || strcEQ(w, "off")) { |
1649 |
*mask = SSL_OCSPCHECK_NONE; |
1650 |
} |
1651 |
else if (strcEQ(w, "leaf")) { |
1652 |
*mask = SSL_OCSPCHECK_LEAF; |
1653 |
} |
1654 |
else if (strcEQ(w, "chain") || strcEQ(w, "on")) { |
1655 |
*mask = SSL_OCSPCHECK_CHAIN; |
1656 |
} |
1657 |
else { |
1658 |
return apr_pstrcat(parms->temp_pool, parms->cmd->name, |
1659 |
": Invalid argument '", w, "'", |
1660 |
NULL); |
1661 |
} |
1662 |
|
1663 |
while (*arg) { |
1664 |
w = ap_getword_conf(parms->temp_pool, &arg); |
1665 |
if (strcEQ(w, "no_ocsp_for_cert_ok")) { |
1666 |
*mask |= SSL_OCSPCHECK_NO_OCSP_FOR_CERT_OK; |
1667 |
} |
1668 |
else { |
1669 |
return apr_pstrcat(parms->temp_pool, parms->cmd->name, |
1670 |
": Invalid argument '", w, "'", |
1671 |
NULL); |
1672 |
} |
1673 |
} |
1674 |
|
1675 |
return NULL; |
1676 |
} |
1677 |
|
1678 |
const char *ssl_cmd_SSLOCSPEnable(cmd_parms *cmd, void *dcfg, const char *arg) |
1679 |
{ |
1680 |
SSLSrvConfigRec *sc = mySrvConfig(cmd->server); |
1646 |
|
1681 |
|
1647 |
#ifdef OPENSSL_NO_OCSP |
1682 |
#ifdef OPENSSL_NO_OCSP |
1648 |
if (flag) { |
1683 |
if (flag) { |
Lines 1651-1657
const char *ssl_cmd_SSLOCSPEnable(cmd_parms *cmd, void *dcfg, int flag)
Link Here
|
1651 |
} |
1686 |
} |
1652 |
#endif |
1687 |
#endif |
1653 |
|
1688 |
|
1654 |
return NULL; |
1689 |
return ssl_cmd_ocspcheck_parse(cmd, arg, &sc->server->ocsp_mask); |
1655 |
} |
1690 |
} |
1656 |
|
1691 |
|
1657 |
const char *ssl_cmd_SSLOCSPOverrideResponder(cmd_parms *cmd, void *dcfg, int flag) |
1692 |
const char *ssl_cmd_SSLOCSPOverrideResponder(cmd_parms *cmd, void *dcfg, int flag) |