You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
99 lines
3.2 KiB
99 lines
3.2 KiB
diff --git a/modules/ssl/ssl_engine_init.c b/modules/ssl/ssl_engine_init.c |
|
index 4e2e80d..10a2c86 100644 |
|
--- a/modules/ssl/ssl_engine_init.c |
|
+++ b/modules/ssl/ssl_engine_init.c |
|
@@ -2256,51 +2256,6 @@ int ssl_proxy_section_post_config(apr_pool_t *p, apr_pool_t *plog, |
|
return OK; |
|
} |
|
|
|
-static int ssl_init_FindCAList_X509NameCmp(const X509_NAME * const *a, |
|
- const X509_NAME * const *b) |
|
-{ |
|
- return(X509_NAME_cmp(*a, *b)); |
|
-} |
|
- |
|
-static void ssl_init_PushCAList(STACK_OF(X509_NAME) *ca_list, |
|
- server_rec *s, apr_pool_t *ptemp, |
|
- const char *file) |
|
-{ |
|
- int n; |
|
- STACK_OF(X509_NAME) *sk; |
|
- |
|
- sk = (STACK_OF(X509_NAME) *) |
|
- SSL_load_client_CA_file(file); |
|
- |
|
- if (!sk) { |
|
- return; |
|
- } |
|
- |
|
- for (n = 0; n < sk_X509_NAME_num(sk); n++) { |
|
- X509_NAME *name = sk_X509_NAME_value(sk, n); |
|
- |
|
- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO(02209) |
|
- "CA certificate: %s", |
|
- modssl_X509_NAME_to_string(ptemp, name, 0)); |
|
- |
|
- /* |
|
- * note that SSL_load_client_CA_file() checks for duplicates, |
|
- * but since we call it multiple times when reading a directory |
|
- * we must also check for duplicates ourselves. |
|
- */ |
|
- |
|
- if (sk_X509_NAME_find(ca_list, name) < 0) { |
|
- /* this will be freed when ca_list is */ |
|
- sk_X509_NAME_push(ca_list, name); |
|
- } |
|
- else { |
|
- /* need to free this ourselves, else it will leak */ |
|
- X509_NAME_free(name); |
|
- } |
|
- } |
|
- |
|
- sk_X509_NAME_free(sk); |
|
-} |
|
|
|
static apr_status_t ssl_init_ca_cert_path(server_rec *s, |
|
apr_pool_t *ptemp, |
|
@@ -2324,7 +2279,7 @@ static apr_status_t ssl_init_ca_cert_path(server_rec *s, |
|
} |
|
file = apr_pstrcat(ptemp, path, "/", direntry.name, NULL); |
|
if (ca_list) { |
|
- ssl_init_PushCAList(ca_list, s, ptemp, file); |
|
+ SSL_add_file_cert_subjects_to_stack(ca_list, file); |
|
} |
|
if (xi_list) { |
|
load_x509_info(ptemp, xi_list, file); |
|
@@ -2341,19 +2296,13 @@ STACK_OF(X509_NAME) *ssl_init_FindCAList(server_rec *s, |
|
const char *ca_file, |
|
const char *ca_path) |
|
{ |
|
- STACK_OF(X509_NAME) *ca_list; |
|
- |
|
- /* |
|
- * Start with a empty stack/list where new |
|
- * entries get added in sorted order. |
|
- */ |
|
- ca_list = sk_X509_NAME_new(ssl_init_FindCAList_X509NameCmp); |
|
+ STACK_OF(X509_NAME) *ca_list = sk_X509_NAME_new_null();; |
|
|
|
/* |
|
* Process CA certificate bundle file |
|
*/ |
|
if (ca_file) { |
|
- ssl_init_PushCAList(ca_list, s, ptemp, ca_file); |
|
+ SSL_add_file_cert_subjects_to_stack(ca_list, ca_file); |
|
/* |
|
* If ca_list is still empty after trying to load ca_file |
|
* then the file failed to load, and users should hear about that. |
|
@@ -2377,11 +2326,6 @@ STACK_OF(X509_NAME) *ssl_init_FindCAList(server_rec *s, |
|
return NULL; |
|
} |
|
|
|
- /* |
|
- * Cleanup |
|
- */ |
|
- (void) sk_X509_NAME_set_cmp_func(ca_list, NULL); |
|
- |
|
return ca_list; |
|
} |
|
|
|
|