| diff --git a/modules/ssl/ssl_engine_init.c b/modules/ssl/ssl_engine_init.c |
| index 19cb611..79d5219 100644 |
| |
| |
| @@ -2070,70 +2070,18 @@ int ssl_proxy_section_post_config(apr_pool_t *p, apr_pool_t *plog, |
| return OK; |
| } |
| |
| -static int ssl_init_FindCAList_X509NameCmp(const X509_NAME * const *a, |
| - const X509_NAME * const *b) |
| -{ |
| - return(X509_NAME_cmp(*a, *b)); |
| -} |
| - |
| -static void ssl_init_PushCAList(STACK_OF(X509_NAME) *ca_list, |
| - server_rec *s, apr_pool_t *ptemp, |
| - const char *file) |
| -{ |
| - int n; |
| - STACK_OF(X509_NAME) *sk; |
| - |
| - sk = (STACK_OF(X509_NAME) *) |
| - SSL_load_client_CA_file(file); |
| - |
| - if (!sk) { |
| - return; |
| - } |
| - |
| - for (n = 0; n < sk_X509_NAME_num(sk); n++) { |
| - X509_NAME *name = sk_X509_NAME_value(sk, n); |
| - |
| - ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO(02209) |
| - "CA certificate: %s", |
| - modssl_X509_NAME_to_string(ptemp, name, 0)); |
| - |
| - /* |
| - * note that SSL_load_client_CA_file() checks for duplicates, |
| - * but since we call it multiple times when reading a directory |
| - * we must also check for duplicates ourselves. |
| - */ |
| - |
| - if (sk_X509_NAME_find(ca_list, name) < 0) { |
| - /* this will be freed when ca_list is */ |
| - sk_X509_NAME_push(ca_list, name); |
| - } |
| - else { |
| - /* need to free this ourselves, else it will leak */ |
| - X509_NAME_free(name); |
| - } |
| - } |
| - |
| - sk_X509_NAME_free(sk); |
| -} |
| - |
| STACK_OF(X509_NAME) *ssl_init_FindCAList(server_rec *s, |
| apr_pool_t *ptemp, |
| const char *ca_file, |
| const char *ca_path) |
| { |
| - STACK_OF(X509_NAME) *ca_list; |
| - |
| - /* |
| - * Start with a empty stack/list where new |
| - * entries get added in sorted order. |
| - */ |
| - ca_list = sk_X509_NAME_new(ssl_init_FindCAList_X509NameCmp); |
| + STACK_OF(X509_NAME) *ca_list = sk_X509_NAME_new_null();; |
| |
| /* |
| * Process CA certificate bundle file |
| */ |
| if (ca_file) { |
| - ssl_init_PushCAList(ca_list, s, ptemp, ca_file); |
| + SSL_add_file_cert_subjects_to_stack(ca_list, ca_file); |
| /* |
| * If ca_list is still empty after trying to load ca_file |
| * then the file failed to load, and users should hear about that. |
| @@ -2168,17 +2116,12 @@ STACK_OF(X509_NAME) *ssl_init_FindCAList(server_rec *s, |
| continue; /* don't try to load directories */ |
| } |
| file = apr_pstrcat(ptemp, ca_path, "/", direntry.name, NULL); |
| - ssl_init_PushCAList(ca_list, s, ptemp, file); |
| + SSL_add_file_cert_subjects_to_stack(ca_list, file); |
| } |
| |
| apr_dir_close(dir); |
| } |
| |
| - /* |
| - * Cleanup |
| - */ |
| - (void) sk_X509_NAME_set_cmp_func(ca_list, NULL); |
| - |
| return ca_list; |
| } |
| |