rpms / httpd

Clone
Source Code
GIT

Blame SOURCES/httpd-2.4.6-r1825120.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8-beta-stream-2.4 c8-sig-artwork c8-stream-2.4 c8s-stream-2.4 c9 c9-beta
  1.   21a02326b64a97d69a9b653af96c16fce9a41533
  2.   SOURCES
  3.   httpd-2.4.6-r1825120.patch
Blob History Raw
c0c6d9 
diff --git a/modules/ssl/ssl_engine_init.c b/modules/ssl/ssl_engine_init.c
c0c6d9 
index 57b76c0..814ec4f 100644
c0c6d9 
--- a/modules/ssl/ssl_engine_init.c
c0c6d9 
+++ b/modules/ssl/ssl_engine_init.c
c0c6d9 
@@ -1522,70 +1522,18 @@ void ssl_init_CheckServers(SSLModConfigRec *mc, server_rec *base_server, apr_poo
c0c6d9 
     }
c0c6d9 
 }
c0c6d9
c0c6d9 
-static int ssl_init_FindCAList_X509NameCmp(const X509_NAME * const *a,
c0c6d9 
-                                           const X509_NAME * const *b)
c0c6d9 
-{
c0c6d9 
-    return(X509_NAME_cmp(*a, *b));
c0c6d9 
-}
c0c6d9 
-
c0c6d9 
-static void ssl_init_PushCAList(STACK_OF(X509_NAME) *ca_list,
c0c6d9 
-                                server_rec *s, apr_pool_t *ptemp,
c0c6d9 
-                                const char *file)
c0c6d9 
-{
c0c6d9 
-    int n;
c0c6d9 
-    STACK_OF(X509_NAME) *sk;
c0c6d9 
-
c0c6d9 
-    sk = (STACK_OF(X509_NAME) *)
c0c6d9 
-             SSL_load_client_CA_file(file);
c0c6d9 
-
c0c6d9 
-    if (!sk) {
c0c6d9 
-        return;
c0c6d9 
-    }
c0c6d9 
-
c0c6d9 
-    for (n = 0; n < sk_X509_NAME_num(sk); n++) {
c0c6d9 
-        X509_NAME *name = sk_X509_NAME_value(sk, n);
c0c6d9 
-
c0c6d9 
-        ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO(02209)
c0c6d9 
-                     "CA certificate: %s",
c0c6d9 
-                     SSL_X509_NAME_to_string(ptemp, name, 0));
c0c6d9 
-
c0c6d9 
-        /*
c0c6d9 
-         * note that SSL_load_client_CA_file() checks for duplicates,
c0c6d9 
-         * but since we call it multiple times when reading a directory
c0c6d9 
-         * we must also check for duplicates ourselves.
c0c6d9 
-         */
c0c6d9 
-
c0c6d9 
-        if (sk_X509_NAME_find(ca_list, name) < 0) {
c0c6d9 
-            /* this will be freed when ca_list is */
c0c6d9 
-            sk_X509_NAME_push(ca_list, name);
c0c6d9 
-        }
c0c6d9 
-        else {
c0c6d9 
-            /* need to free this ourselves, else it will leak */
c0c6d9 
-            X509_NAME_free(name);
c0c6d9 
-        }
c0c6d9 
-    }
c0c6d9 
-
c0c6d9 
-    sk_X509_NAME_free(sk);
c0c6d9 
-}
c0c6d9 
-
c0c6d9 
 STACK_OF(X509_NAME) *ssl_init_FindCAList(server_rec *s,
c0c6d9 
                                          apr_pool_t *ptemp,
c0c6d9 
                                          const char *ca_file,
c0c6d9 
                                          const char *ca_path)
c0c6d9 
 {
c0c6d9 
-    STACK_OF(X509_NAME) *ca_list;
c0c6d9 
-
c0c6d9 
-    /*
c0c6d9 
-     * Start with a empty stack/list where new
c0c6d9 
-     * entries get added in sorted order.
c0c6d9 
-     */
c0c6d9 
-    ca_list = sk_X509_NAME_new(ssl_init_FindCAList_X509NameCmp);
c0c6d9 
+    STACK_OF(X509_NAME) *ca_list = sk_X509_NAME_new_null();;
c0c6d9
c0c6d9 
     /*
c0c6d9 
      * Process CA certificate bundle file
c0c6d9 
      */
c0c6d9 
     if (ca_file) {
c0c6d9 
-        ssl_init_PushCAList(ca_list, s, ptemp, ca_file);
c0c6d9 
+        SSL_add_file_cert_subjects_to_stack(ca_list, ca_file);
c0c6d9 
         /*
c0c6d9 
          * If ca_list is still empty after trying to load ca_file
c0c6d9 
          * then the file failed to load, and users should hear about that.
c0c6d9 
@@ -1619,17 +1567,12 @@ STACK_OF(X509_NAME) *ssl_init_FindCAList(server_rec *s,
c0c6d9 
                 continue; /* don't try to load directories */
c0c6d9 
             }
c0c6d9 
             file = apr_pstrcat(ptemp, ca_path, "/", direntry.name, NULL);
c0c6d9 
-            ssl_init_PushCAList(ca_list, s, ptemp, file);
c0c6d9 
+            SSL_add_file_cert_subjects_to_stack(ca_list, file);
c0c6d9 
         }
c0c6d9
c0c6d9 
         apr_dir_close(dir);
c0c6d9 
     }
c0c6d9
c0c6d9 
-    /*
c0c6d9 
-     * Cleanup
c0c6d9 
-     */
c0c6d9 
-    (void) sk_X509_NAME_set_cmp_func(ca_list, NULL);
c0c6d9 
-
c0c6d9 
     return ca_list;
c0c6d9 
 }
c0c6d9

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation