* modules/ssl/mod_ssl.c: Declare new config directives

SSLCADNRequestFile and SSLCADNRequestPath.

* modules/ssl/ssl_private.h (modssl_pk_server_t): Add ca_name_path,
ca_name_file fields.

* modules/ssl/ssl_engine_init.c (ssl_init_ctx_verify): If either of
SSLCADNRequestFile or SSLCADNRequestPath are configured, load the CA
DN list sent in the CertificateRequest from those certificates.

* modules/ssl/ssl_engine_config.c (modssl_ctx_init_server): Use
pcalloc to zero-initialize the entire modssl_pk_server_t structure.
(ssl_config_server_new): Merge the ca_name_* fields.
(ssl_cmd_SSLCADNRequestPath, ssl_cmd_SSLCADNRequestFile): New
functions.

PR: 32848
Submitted by: Tim Taylor <tim.taylor dfas.mil>


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@125165 13f79535-47bb-0310-9956-ffa450edef68

1 files changed, 35 insertions, 10 deletions

diff --git a/modules/ssl/ssl_engine_config.c b/modules/ssl/ssl_engine_config.c
index d9cc5b8a1e..85831ea45f 100644
--- a/modules/ssl/ssl_engine_config.c
+++ b/modules/ssl/ssl_engine_config.c
@@ -152,17 +152,9 @@ static void modssl_ctx_init_server(SSLSrvConfigRec *sc,
 
     modssl_ctx_init(mctx);
 
-    mctx->pks = apr_palloc(p, sizeof(*mctx->pks));
+    mctx->pks = apr_pcalloc(p, sizeof(*mctx->pks));
 
-    memset((void*)mctx->pks->cert_files, 0, sizeof(mctx->pks->cert_files));
-
-    memset((void*)mctx->pks->key_files, 0, sizeof(mctx->pks->key_files));
-
-    /* certs/keys are set during module init */
-
-    memset(mctx->pks->certs, 0, sizeof(mctx->pks->certs));
-
-    memset(mctx->pks->keys, 0, sizeof(mctx->pks->keys));
+    /* mctx->pks->... certs/keys are set during module init */
 }
 
 static SSLSrvConfigRec *ssl_config_server_new(apr_pool_t *p)
@@ -245,6 +237,9 @@ static void modssl_ctx_cfg_merge_server(modssl_ctx_t *base,
         cfgMergeString(pks->cert_files[i]);
         cfgMergeString(pks->key_files[i]);
     }
+
+    cfgMergeString(pks->ca_name_path);
+    cfgMergeString(pks->ca_name_file);
 }
 
 /*
@@ -835,6 +830,36 @@ const char *ssl_cmd_SSLCACertificateFile(cmd_parms *cmd,
     return NULL;
 }
 
+const char *ssl_cmd_SSLCADNRequestPath(cmd_parms *cmd, void *dcfg,
+                                       const char *arg)
+{
+    SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
+    const char *err;
+
+    if ((err = ssl_cmd_check_dir(cmd, &arg))) {
+        return err;
+    }
+
+    sc->server->pks->ca_name_path = arg;
+
+    return NULL;
+}
+
+const char *ssl_cmd_SSLCADNRequestFile(cmd_parms *cmd, void *dcfg,
+                                       const char *arg)
+{
+    SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
+    const char *err;
+
+    if ((err = ssl_cmd_check_file(cmd, &arg))) {
+        return err;
+    }
+
+    sc->server->pks->ca_name_file = arg;
+
+    return NULL;
+}
+
 const char *ssl_cmd_SSLCARevocationPath(cmd_parms *cmd,
                                         void *dcfg,
                                         const char *arg)