|
Lines 137-143
static void modssl_ctx_init(modssl_ctx_t *mctx, apr_pool_t *p)
Link Here
|
| 137 |
mctx->auth.verify_depth = UNSET; |
137 |
mctx->auth.verify_depth = UNSET; |
| 138 |
mctx->auth.verify_mode = SSL_CVERIFY_UNSET; |
138 |
mctx->auth.verify_mode = SSL_CVERIFY_UNSET; |
| 139 |
|
139 |
|
| 140 |
mctx->ocsp_enabled = FALSE; |
140 |
mctx->ocsp_mask = UNSET; |
| 141 |
mctx->ocsp_force_default = FALSE; |
141 |
mctx->ocsp_force_default = FALSE; |
| 142 |
mctx->ocsp_responder = NULL; |
142 |
mctx->ocsp_responder = NULL; |
| 143 |
mctx->ocsp_resptime_skew = UNSET; |
143 |
mctx->ocsp_resptime_skew = UNSET; |
|
Lines 297-303
static void modssl_ctx_cfg_merge(apr_pool_t *p,
Link Here
|
| 297 |
cfgMergeInt(auth.verify_depth); |
297 |
cfgMergeInt(auth.verify_depth); |
| 298 |
cfgMerge(auth.verify_mode, SSL_CVERIFY_UNSET); |
298 |
cfgMerge(auth.verify_mode, SSL_CVERIFY_UNSET); |
| 299 |
|
299 |
|
| 300 |
cfgMergeBool(ocsp_enabled); |
300 |
cfgMergeInt(ocsp_mask); |
| 301 |
cfgMergeBool(ocsp_force_default); |
301 |
cfgMergeBool(ocsp_force_default); |
| 302 |
cfgMerge(ocsp_responder, NULL); |
302 |
cfgMerge(ocsp_responder, NULL); |
| 303 |
cfgMergeInt(ocsp_resptime_skew); |
303 |
cfgMergeInt(ocsp_resptime_skew); |
|
Lines 1638-1648
const char *ssl_cmd_SSLUserName(cmd_parms *cmd, void *dcfg,
Link Here
|
| 1638 |
return NULL; |
1638 |
return NULL; |
| 1639 |
} |
1639 |
} |
| 1640 |
|
1640 |
|
| 1641 |
const char *ssl_cmd_SSLOCSPEnable(cmd_parms *cmd, void *dcfg, int flag) |
1641 |
static const char *ssl_cmd_ocspcheck_parse(cmd_parms *parms, |
|
|
1642 |
const char *arg, |
| 1643 |
int *mask) |
| 1642 |
{ |
1644 |
{ |
| 1643 |
SSLSrvConfigRec *sc = mySrvConfig(cmd->server); |
1645 |
const char *w; |
| 1644 |
|
1646 |
|
| 1645 |
sc->server->ocsp_enabled = flag ? TRUE : FALSE; |
1647 |
w = ap_getword_conf(parms->temp_pool, &arg); |
|
|
1648 |
if (strcEQ(w, "none") || strcEQ(w, "off")) { |
| 1649 |
*mask = SSL_OCSPCHECK_NONE; |
| 1650 |
} |
| 1651 |
else if (strcEQ(w, "leaf")) { |
| 1652 |
*mask = SSL_OCSPCHECK_LEAF; |
| 1653 |
} |
| 1654 |
else if (strcEQ(w, "chain") || strcEQ(w, "on")) { |
| 1655 |
*mask = SSL_OCSPCHECK_CHAIN; |
| 1656 |
} |
| 1657 |
else { |
| 1658 |
return apr_pstrcat(parms->temp_pool, parms->cmd->name, |
| 1659 |
": Invalid argument '", w, "'", |
| 1660 |
NULL); |
| 1661 |
} |
| 1662 |
|
| 1663 |
while (*arg) { |
| 1664 |
w = ap_getword_conf(parms->temp_pool, &arg); |
| 1665 |
if (strcEQ(w, "no_ocsp_for_cert_ok")) { |
| 1666 |
*mask |= SSL_OCSPCHECK_NO_OCSP_FOR_CERT_OK; |
| 1667 |
} |
| 1668 |
else { |
| 1669 |
return apr_pstrcat(parms->temp_pool, parms->cmd->name, |
| 1670 |
": Invalid argument '", w, "'", |
| 1671 |
NULL); |
| 1672 |
} |
| 1673 |
} |
| 1674 |
|
| 1675 |
return NULL; |
| 1676 |
} |
| 1677 |
|
| 1678 |
const char *ssl_cmd_SSLOCSPEnable(cmd_parms *cmd, void *dcfg, const char *arg) |
| 1679 |
{ |
| 1680 |
SSLSrvConfigRec *sc = mySrvConfig(cmd->server); |
| 1646 |
|
1681 |
|
| 1647 |
#ifdef OPENSSL_NO_OCSP |
1682 |
#ifdef OPENSSL_NO_OCSP |
| 1648 |
if (flag) { |
1683 |
if (flag) { |
|
Lines 1651-1657
const char *ssl_cmd_SSLOCSPEnable(cmd_parms *cmd, void *dcfg, int flag)
Link Here
|
| 1651 |
} |
1686 |
} |
| 1652 |
#endif |
1687 |
#endif |
| 1653 |
|
1688 |
|
| 1654 |
return NULL; |
1689 |
return ssl_cmd_ocspcheck_parse(cmd, arg, &sc->server->ocsp_mask); |
| 1655 |
} |
1690 |
} |
| 1656 |
|
1691 |
|
| 1657 |
const char *ssl_cmd_SSLOCSPOverrideResponder(cmd_parms *cmd, void *dcfg, int flag) |
1692 |
const char *ssl_cmd_SSLOCSPOverrideResponder(cmd_parms *cmd, void *dcfg, int flag) |