diff options
| author | Joe Orton <jorton@apache.org> | 2007-11-29 12:18:40 +0100 |
|---|---|---|
| committer | Joe Orton <jorton@apache.org> | 2007-11-29 12:18:40 +0100 |
| commit | 33c045efb28d898557b25ca4308bdec23ee62921 (patch) | |
| tree | 4982e20340efea7aa1a47aa6a0919ae08bb18452 /modules/ssl/config.m4 | |
| parent | * Remove unneeded include of unistd.h. getpid is not used any longer since (diff) | |
| download | apache2-33c045efb28d898557b25ca4308bdec23ee62921.tar.xz apache2-33c045efb28d898557b25ca4308bdec23ee62921.zip | |
mod_ssl: Add support for OCSP validation of client certificates:
* modules/ssl/ssl_engine_config.c (modssl_ctx_init,
modssl_ctx_cfg_merge): Initialize and merge OCSP config options.
(ssl_cmd_SSLOCSPOverrideResponder, ssl_cmd_SSLOCSPDefaultResponder,
ssl_cmd_SSLOCSPEnable): Add functions.
* modules/ssl/mod_ssl.c (ssl_config_cmds): Add config options.
* modules/ssl/ssl_private.h: Add prototypes, config options to
modssl_ctx_t.
* modules/ssl/ssl_util_ocsp.c: New file, utility interface for
dispatching OCSP requests.
* modules/ssl/ssl_engine_ocsp.c: New file, interface for performing
OCSP validation.
* modules/ssl/ssl_engine_kernel.c (ssl_callback_SSLVerify): Perform
OCSP validation if configured, and the cert is so-far verified to be
trusted. Fail if OCSP validation is configured an the optional-no-ca
check tripped.
* modules/ssl/config.m4: Check for OCSP support, build new files.
* modules/ssl/mod_ssl.dsp: Build new files.
* modules/ssl/ssl_toolkit_compat.h: Include headers for OCSP
interfaces.
PR: 41123
Submitted by: Marc Stern <marc.stern approach.be>, Joe Orton
Reviewed by: Steve Henson <steve openssl.org>
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@599385 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'modules/ssl/config.m4')
| -rw-r--r-- | modules/ssl/config.m4 | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/modules/ssl/config.m4 b/modules/ssl/config.m4 index 336d03587c..f95e1d4b27 100644 --- a/modules/ssl/config.m4 +++ b/modules/ssl/config.m4 @@ -135,6 +135,11 @@ AC_DEFUN([CHECK_SSL_MEMCACHE], [ fi ]) +AC_DEFUN([CHECK_OCSP], [ +AC_CHECK_HEADERS(openssl/ocsp.h, + [AC_DEFINE([HAVE_OCSP], 1, [Define if OCSP is supported by OpenSSL])] +) +]) dnl # start of module specific part APACHE_MODPATH_INIT(ssl) @@ -163,6 +168,8 @@ ssl_scache_dc.lo dnl ssl_scache_memcache.lo dnl ssl_util.lo dnl ssl_util_ssl.lo dnl +ssl_engine_ocsp.lo dnl +ssl_util_ocsp.lo dnl " dnl # hook module into the Autoconf mechanism (--enable-ssl option) APACHE_MODULE(ssl, [SSL/TLS support (mod_ssl)], $ssl_objs, , no, [ @@ -170,6 +177,7 @@ APACHE_MODULE(ssl, [SSL/TLS support (mod_ssl)], $ssl_objs, , no, [ APR_SETVAR(MOD_SSL_LDADD, [\$(SSL_LIBS)]) CHECK_DISTCACHE CHECK_SSL_MEMCACHE + CHECK_OCSP if test "x$enable_ssl" = "xshared"; then # The only symbol which needs to be exported is the module # structure, so ask libtool to hide everything else: |