Tree - rpms/httpd - CentOS Git server

rpms / httpd

Blame SOURCES/httpd-2.4.6-r1825120.patch

Blob History Raw

		c0c6d9	`diff --git a/modules/ssl/ssl_engine_init.c b/modules/ssl/ssl_engine_init.c`
		c0c6d9	`index 57b76c0..814ec4f 100644`
		c0c6d9	`--- a/modules/ssl/ssl_engine_init.c`
		c0c6d9	`+++ b/modules/ssl/ssl_engine_init.c`
		c0c6d9	`@@ -1522,70 +1522,18 @@ void ssl_init_CheckServers(SSLModConfigRec mc, server_rec base_server, apr_poo`
		c0c6d9	`}`
		c0c6d9	`}`
		c0c6d9
		c0c6d9	`-static int ssl_init_FindCAList_X509NameCmp(const X509_NAME * const *a,`
		c0c6d9	`- const X509_NAME * const *b)`
		c0c6d9	`-{`
		c0c6d9	`- return(X509_NAME_cmp(a, b));`
		c0c6d9	`-}`
		c0c6d9	`-`
		c0c6d9	`-static void ssl_init_PushCAList(STACK_OF(X509_NAME) *ca_list,`
		c0c6d9	`- server_rec s, apr_pool_t ptemp,`
		c0c6d9	`- const char *file)`
		c0c6d9	`-{`
		c0c6d9	`- int n;`
		c0c6d9	`- STACK_OF(X509_NAME) *sk;`
		c0c6d9	`-`
		c0c6d9	`- sk = (STACK_OF(X509_NAME) *)`
		c0c6d9	`- SSL_load_client_CA_file(file);`
		c0c6d9	`-`
		c0c6d9	`- if (!sk) {`
		c0c6d9	`- return;`
		c0c6d9	`- }`
		c0c6d9	`-`
		c0c6d9	`- for (n = 0; n < sk_X509_NAME_num(sk); n++) {`
		c0c6d9	`- X509_NAME *name = sk_X509_NAME_value(sk, n);`
		c0c6d9	`-`
		c0c6d9	`- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO(02209)`
		c0c6d9	`- "CA certificate: %s",`
		c0c6d9	`- SSL_X509_NAME_to_string(ptemp, name, 0));`
		c0c6d9	`-`
		c0c6d9	`- /*`
		c0c6d9	`- * note that SSL_load_client_CA_file() checks for duplicates,`
		c0c6d9	`- * but since we call it multiple times when reading a directory`
		c0c6d9	`- * we must also check for duplicates ourselves.`
		c0c6d9	`- */`
		c0c6d9	`-`
		c0c6d9	`- if (sk_X509_NAME_find(ca_list, name) < 0) {`
		c0c6d9	`- /* this will be freed when ca_list is */`
		c0c6d9	`- sk_X509_NAME_push(ca_list, name);`
		c0c6d9	`- }`
		c0c6d9	`- else {`
		c0c6d9	`- /* need to free this ourselves, else it will leak */`
		c0c6d9	`- X509_NAME_free(name);`
		c0c6d9	`- }`
		c0c6d9	`- }`
		c0c6d9	`-`
		c0c6d9	`- sk_X509_NAME_free(sk);`
		c0c6d9	`-}`
		c0c6d9	`-`
		c0c6d9	`STACK_OF(X509_NAME) ssl_init_FindCAList(server_rec s,`
		c0c6d9	`apr_pool_t *ptemp,`
		c0c6d9	`const char *ca_file,`
		c0c6d9	`const char *ca_path)`
		c0c6d9	`{`
		c0c6d9	`- STACK_OF(X509_NAME) *ca_list;`
		c0c6d9	`-`
		c0c6d9	`- /*`
		c0c6d9	`- * Start with a empty stack/list where new`
		c0c6d9	`- * entries get added in sorted order.`
		c0c6d9	`- */`
		c0c6d9	`- ca_list = sk_X509_NAME_new(ssl_init_FindCAList_X509NameCmp);`
		c0c6d9	`+ STACK_OF(X509_NAME) *ca_list = sk_X509_NAME_new_null();;`
		c0c6d9
		c0c6d9	`/*`
		c0c6d9	`* Process CA certificate bundle file`
		c0c6d9	`*/`
		c0c6d9	`if (ca_file) {`
		c0c6d9	`- ssl_init_PushCAList(ca_list, s, ptemp, ca_file);`
		c0c6d9	`+ SSL_add_file_cert_subjects_to_stack(ca_list, ca_file);`
		c0c6d9	`/*`
		c0c6d9	`* If ca_list is still empty after trying to load ca_file`
		c0c6d9	`* then the file failed to load, and users should hear about that.`
		c0c6d9	`@@ -1619,17 +1567,12 @@ STACK_OF(X509_NAME) ssl_init_FindCAList(server_rec s,`
		c0c6d9	`continue; /* don't try to load directories */`
		c0c6d9	`}`
		c0c6d9	`file = apr_pstrcat(ptemp, ca_path, "/", direntry.name, NULL);`
		c0c6d9	`- ssl_init_PushCAList(ca_list, s, ptemp, file);`
		c0c6d9	`+ SSL_add_file_cert_subjects_to_stack(ca_list, file);`
		c0c6d9	`}`
		c0c6d9
		c0c6d9	`apr_dir_close(dir);`
		c0c6d9	`}`
		c0c6d9
		c0c6d9	`- /*`
		c0c6d9	`- * Cleanup`
		c0c6d9	`- */`
		c0c6d9	`- (void) sk_X509_NAME_set_cmp_func(ca_list, NULL);`
		c0c6d9	`-`
		c0c6d9	`return ca_list;`
		c0c6d9	`}`
		c0c6d9

rpms / httpd

Source Code

Blame SOURCES/httpd-2.4.6-r1825120.patch