📄 ssl_engine_config.c
字号:
arg+5, NULL); } if (!ssl_util_path_check(SSL_PCM_EXISTS, sc->server->pphrase_dialog_path, cmd->pool)) { return apr_pstrcat(cmd->pool, "SSLPassPhraseDialog: file '", sc->server->pphrase_dialog_path, "' does not exist", NULL); } } else if ((arglen > 1) && (arg[0] == '|')) { sc->server->pphrase_dialog_type = SSL_PPTYPE_PIPE; sc->server->pphrase_dialog_path = arg + 1; } else { return "SSLPassPhraseDialog: Invalid argument"; } return NULL;}#ifdef SSL_EXPERIMENTAL_ENGINEconst char *ssl_cmd_SSLCryptoDevice(cmd_parms *cmd, void *dcfg, const char *arg){ SSLModConfigRec *mc = myModConfig(cmd->server); const char *err; ENGINE *e;#if SSL_LIBRARY_VERSION >= 0x00907000 static int loaded_engines = FALSE; /* early loading to make sure the engines are already available for ENGINE_by_id() above... */ if (!loaded_engines) { ENGINE_load_builtin_engines(); loaded_engines = TRUE; }#endif if ((err = ap_check_cmd_context(cmd, GLOBAL_ONLY))) { return err; } if (strcEQ(arg, "builtin")) { mc->szCryptoDevice = NULL; } else if ((e = ENGINE_by_id(arg))) { mc->szCryptoDevice = arg; ENGINE_free(e); } else { return "SSLCryptoDevice: Invalid argument"; } return NULL;}#endifconst char *ssl_cmd_SSLRandomSeed(cmd_parms *cmd, void *dcfg, const char *arg1, const char *arg2, const char *arg3){ SSLModConfigRec *mc = myModConfig(cmd->server); const char *err; ssl_randseed_t *seed; int arg2len = strlen(arg2); if ((err = ap_check_cmd_context(cmd, GLOBAL_ONLY))) { return err; } if (ssl_config_global_isfixed(mc)) { return NULL; } seed = apr_array_push(mc->aRandSeed); if (strcEQ(arg1, "startup")) { seed->nCtx = SSL_RSCTX_STARTUP; } else if (strcEQ(arg1, "connect")) { seed->nCtx = SSL_RSCTX_CONNECT; } else { return apr_pstrcat(cmd->pool, "SSLRandomSeed: " "invalid context: `", arg1, "'", NULL); } if ((arg2len > 5) && strEQn(arg2, "file:", 5)) { seed->nSrc = SSL_RSSRC_FILE; seed->cpPath = ap_server_root_relative(mc->pPool, arg2+5); } else if ((arg2len > 5) && strEQn(arg2, "exec:", 5)) { seed->nSrc = SSL_RSSRC_EXEC; seed->cpPath = ap_server_root_relative(mc->pPool, arg2+5); } else if ((arg2len > 4) && strEQn(arg2, "egd:", 4)) {#ifdef HAVE_SSL_RAND_EGD seed->nSrc = SSL_RSSRC_EGD; seed->cpPath = ap_server_root_relative(mc->pPool, arg2+4);#else return "egd not supported with this SSL toolkit";#endif } else if (strcEQ(arg2, "builtin")) { seed->nSrc = SSL_RSSRC_BUILTIN; seed->cpPath = NULL; } else { seed->nSrc = SSL_RSSRC_FILE; seed->cpPath = ap_server_root_relative(mc->pPool, arg2); } if (seed->nSrc != SSL_RSSRC_BUILTIN) { if (!seed->cpPath) { return apr_pstrcat(cmd->pool, "Invalid SSLRandomSeed path ", arg2, NULL); } if (!ssl_util_path_check(SSL_PCM_EXISTS, seed->cpPath, cmd->pool)) { return apr_pstrcat(cmd->pool, "SSLRandomSeed: source path '", seed->cpPath, "' does not exist", NULL); } } if (!arg3) { seed->nBytes = 0; /* read whole file */ } else { if (seed->nSrc == SSL_RSSRC_BUILTIN) { return "SSLRandomSeed: byte specification not " "allowed for builtin seed source"; } seed->nBytes = atoi(arg3); if (seed->nBytes < 0) { return "SSLRandomSeed: invalid number of bytes specified"; } } return NULL;}const char *ssl_cmd_SSLEngine(cmd_parms *cmd, void *dcfg, int flag){ SSLSrvConfigRec *sc = mySrvConfig(cmd->server); sc->enabled = flag ? TRUE : FALSE; return NULL;}const char *ssl_cmd_SSLCipherSuite(cmd_parms *cmd, void *dcfg, const char *arg){ SSLSrvConfigRec *sc = mySrvConfig(cmd->server); SSLDirConfigRec *dc = (SSLDirConfigRec *)dcfg; if (cmd->path) { dc->szCipherSuite = arg; } else { sc->server->auth.cipher_suite = arg; } return NULL;}#define SSL_FLAGS_CHECK_FILE \ (SSL_PCM_EXISTS|SSL_PCM_ISREG|SSL_PCM_ISNONZERO)#define SSL_FLAGS_CHECK_DIR \ (SSL_PCM_EXISTS|SSL_PCM_ISDIR)static const char *ssl_cmd_check_file(cmd_parms *parms, const char **file){ const char *filepath = ap_server_root_relative(parms->pool, *file); if (!filepath) { return apr_pstrcat(parms->pool, parms->cmd->name, ": Invalid file path ", *file, NULL); } *file = filepath; if (ssl_util_path_check(SSL_FLAGS_CHECK_FILE, *file, parms->pool)) { return NULL; } return apr_pstrcat(parms->pool, parms->cmd->name, ": file '", *file, "' does not exist or is empty", NULL);}static const char *ssl_cmd_check_dir(cmd_parms *parms, const char **dir){ const char *dirpath = ap_server_root_relative(parms->pool, *dir); if (!dirpath) { return apr_pstrcat(parms->pool, parms->cmd->name, ": Invalid dir path ", *dir, NULL); } *dir = dirpath; if (ssl_util_path_check(SSL_FLAGS_CHECK_DIR, *dir, parms->pool)) { return NULL; } return apr_pstrcat(parms->pool, parms->cmd->name, ": directory '", *dir, "' does not exist", NULL);}#define SSL_AIDX_CERTS 1#define SSL_AIDX_KEYS 2static const char *ssl_cmd_check_aidx_max(cmd_parms *parms, const char *arg, int idx){ SSLSrvConfigRec *sc = mySrvConfig(parms->server); const char *err, *desc=NULL, **files=NULL; int i; if ((err = ssl_cmd_check_file(parms, &arg))) { return err; } switch (idx) { case SSL_AIDX_CERTS: desc = "certificates"; files = sc->server->pks->cert_files; break; case SSL_AIDX_KEYS: desc = "private keys"; files = sc->server->pks->key_files; break; } for (i = 0; i < SSL_AIDX_MAX; i++) { if (!files[i]) { files[i] = arg; return NULL; } } return apr_psprintf(parms->pool, "%s: only up to %d " "different %s per virtual host allowed", parms->cmd->name, SSL_AIDX_MAX, desc);}const char *ssl_cmd_SSLCertificateFile(cmd_parms *cmd, void *dcfg, const char *arg){ const char *err; if ((err = ssl_cmd_check_aidx_max(cmd, arg, SSL_AIDX_CERTS))) { return err; } return NULL;}const char *ssl_cmd_SSLCertificateKeyFile(cmd_parms *cmd, void *dcfg, const char *arg){ const char *err; if ((err = ssl_cmd_check_aidx_max(cmd, arg, SSL_AIDX_KEYS))) { return err; } return NULL;}const char *ssl_cmd_SSLCertificateChainFile(cmd_parms *cmd, void *dcfg, const char *arg){ SSLSrvConfigRec *sc = mySrvConfig(cmd->server); const char *err; if ((err = ssl_cmd_check_file(cmd, &arg))) { return err; } sc->server->cert_chain = arg; return NULL;}#define NO_PER_DIR_SSL_CA \ "Your ssl library does not have support for per-directory CA"#ifdef HAVE_SSL_SET_CERT_STORE# define MODSSL_HAVE_SSL_SET_CERT_STORE 1#else# define MODSSL_HAVE_SSL_SET_CERT_STORE 0#endif#define MODSSL_SET_CA(f) \ if (cmd->path) \ if (MODSSL_HAVE_SSL_SET_CERT_STORE) \ dc->f = arg; \ else \ return NO_PER_DIR_SSL_CA; \ else \ sc->f = arg \const char *ssl_cmd_SSLCACertificatePath(cmd_parms *cmd, void *dcfg, const char *arg){ /*SSLDirConfigRec *dc = (SSLDirConfigRec *)dcfg;*/ SSLSrvConfigRec *sc = mySrvConfig(cmd->server); const char *err; if ((err = ssl_cmd_check_dir(cmd, &arg))) { return err; } /* XXX: bring back per-dir */ sc->server->auth.ca_cert_path = arg; return NULL;}const char *ssl_cmd_SSLCACertificateFile(cmd_parms *cmd, void *dcfg, const char *arg){ /*SSLDirConfigRec *dc = (SSLDirConfigRec *)dcfg;*/ SSLSrvConfigRec *sc = mySrvConfig(cmd->server); const char *err; if ((err = ssl_cmd_check_file(cmd, &arg))) { return err; } /* XXX: bring back per-dir */ sc->server->auth.ca_cert_file = arg; return NULL;}const char *ssl_cmd_SSLCARevocationPath(cmd_parms *cmd, void *dcfg, const char *arg){ SSLSrvConfigRec *sc = mySrvConfig(cmd->server); const char *err; if ((err = ssl_cmd_check_dir(cmd, &arg))) { return err; } sc->server->crl_path = arg; return NULL;}const char *ssl_cmd_SSLCARevocationFile(cmd_parms *cmd, void *dcfg, const char *arg){ SSLSrvConfigRec *sc = mySrvConfig(cmd->server); const char *err; if ((err = ssl_cmd_check_file(cmd, &arg))) { return err; } sc->server->crl_file = arg; return NULL;}static const char *ssl_cmd_verify_parse(cmd_parms *parms, const char *arg, ssl_verify_t *id){ if (strcEQ(arg, "none") || strcEQ(arg, "off")) { *id = SSL_CVERIFY_NONE; } else if (strcEQ(arg, "optional")) { *id = SSL_CVERIFY_OPTIONAL; } else if (strcEQ(arg, "require") || strcEQ(arg, "on")) { *id = SSL_CVERIFY_REQUIRE; } else if (strcEQ(arg, "optional_no_ca")) { *id = SSL_CVERIFY_OPTIONAL_NO_CA; } else { return apr_pstrcat(parms->temp_pool, parms->cmd->name, ": Invalid argument '", arg, "'", NULL); } return NULL;}const char *ssl_cmd_SSLVerifyClient(cmd_parms *cmd, void *dcfg, const char *arg){ SSLDirConfigRec *dc = (SSLDirConfigRec *)dcfg; SSLSrvConfigRec *sc = mySrvConfig(cmd->server); ssl_verify_t mode; const char *err; if ((err = ssl_cmd_verify_parse(cmd, arg, &mode))) { return err; } if (cmd->path) { dc->nVerifyClient = mode; } else { sc->server->auth.verify_mode = mode; } return NULL;}static const char *ssl_cmd_verify_depth_parse(cmd_parms *parms, const char *arg, int *depth){ if ((*depth = atoi(arg)) >= 0) { return NULL; } return apr_pstrcat(parms->temp_pool, parms->cmd->name, ": Invalid argument '", arg, "'", NULL);}const char *ssl_cmd_SSLVerifyDepth(cmd_parms *cmd, void *dcfg, const char *arg){ SSLDirConfigRec *dc = (SSLDirConfigRec *)dcfg; SSLSrvConfigRec *sc = mySrvConfig(cmd->server); int depth; const char *err; if ((err = ssl_cmd_verify_depth_parse(cmd, arg, &depth))) { return err; } if (cmd->path) { dc->nVerifyDepth = depth;⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -