mod_ssl: Add support for loading TLS certificates through the PKCS#11

engine.

* modules/ssl/ssl_util.c (modssl_is_engine_id): Renamed
  from modssl_is_engine_key.
  
* modules/ssl/ssl_engine_config.c (ssl_cmd_SSLCertificateKeyFile):
  Adjust accordingly.
  (ssl_cmd_SSLCertificateFile): Also allow ENGINE cert ids.

* modules/ssl/ssl_engine_pphrase.c (modssl_load_engine_keypair):
  Rename from modssl_load_engine_key; load certificate if
  cert id is passed.

* modules/ssl/ssl_engine_init.c (ssl_init_server_certs): Optionally
  load the certificate from the engine as well.

* docs/manual/: Update manual.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1831168 13f79535-47bb-0310-9956-ffa450edef68

1 files changed, 4 insertions, 2 deletions

diff --git a/modules/ssl/ssl_engine_config.c b/modules/ssl/ssl_engine_config.c
index e1873cdd8e..425e455a57 100644
--- a/modules/ssl/ssl_engine_config.c
+++ b/modules/ssl/ssl_engine_config.c
@@ -1016,7 +1016,9 @@ const char *ssl_cmd_SSLCertificateFile(cmd_parms *cmd,
     SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
     const char *err;
 
-    if ((err = ssl_cmd_check_file(cmd, &arg))) {
+    /* Only check for non-ENGINE based certs. */
+    if (!modssl_is_engine_id(arg)
+        && (err = ssl_cmd_check_file(cmd, &arg))) {
         return err;
     }
 
@@ -1033,7 +1035,7 @@ const char *ssl_cmd_SSLCertificateKeyFile(cmd_parms *cmd,
     const char *err;
 
     /* Check keyfile exists for non-ENGINE keys. */
-    if (!modssl_is_engine_key(arg)
+    if (!modssl_is_engine_id(arg)
         && (err = ssl_cmd_check_file(cmd, &arg))) {
         return err;
     }