📄 ssl_engine_config.c
字号:
SSLDirConfigRec *dc = (SSLDirConfigRec *)dcfg; SSLSrvConfigRec *sc = mySrvConfig(cmd->server); int depth; const char *err; if ((err = ssl_cmd_verify_depth_parse(cmd, arg, &depth))) { return err; } if (cmd->path) { dc->nVerifyDepth = depth; } else { sc->server->auth.verify_depth = depth; } return NULL;}#define MODSSL_NO_SHARED_MEMORY_ERROR \ "SSLSessionCache: shared memory cache not useable on this platform"const char *ssl_cmd_SSLSessionCache(cmd_parms *cmd, void *dcfg, const char *arg){ SSLModConfigRec *mc = myModConfig(cmd->server); const char *err, *colon; char *cp, *cp2; int arglen = strlen(arg); if ((err = ap_check_cmd_context(cmd, GLOBAL_ONLY))) { return err; } if (ssl_config_global_isfixed(mc)) { return NULL; } if (strcEQ(arg, "none")) { mc->nSessionCacheMode = SSL_SCMODE_NONE; mc->szSessionCacheDataFile = NULL; } else if (strcEQ(arg, "nonenotnull")) { mc->nSessionCacheMode = SSL_SCMODE_NONE_NOT_NULL; mc->szSessionCacheDataFile = NULL; } else if ((arglen > 4) && strcEQn(arg, "dbm:", 4)) { mc->nSessionCacheMode = SSL_SCMODE_DBM; mc->szSessionCacheDataFile = ap_server_root_relative(mc->pPool, arg+4); if (!mc->szSessionCacheDataFile) { return apr_psprintf(cmd->pool, "SSLSessionCache: Invalid cache file path %s", arg+4); } } else if (((arglen > 4) && strcEQn(arg, "shm:", 4)) || ((arglen > 6) && strcEQn(arg, "shmht:", 6)) || ((arglen > 6) && strcEQn(arg, "shmcb:", 6))) {#if !APR_HAS_SHARED_MEMORY return MODSSL_NO_SHARED_MEMORY_ERROR;#endif mc->nSessionCacheMode = SSL_SCMODE_SHMCB; colon = ap_strchr_c(arg, ':'); mc->szSessionCacheDataFile = ap_server_root_relative(mc->pPool, colon+1); if (!mc->szSessionCacheDataFile) { return apr_psprintf(cmd->pool, "SSLSessionCache: Invalid cache file path %s", colon+1); } mc->tSessionCacheDataTable = NULL; mc->nSessionCacheDataSize = 1024*512; /* 512KB */ if ((cp = strchr(mc->szSessionCacheDataFile, '('))) { *cp++ = NUL; if (!(cp2 = strchr(cp, ')'))) { return "SSLSessionCache: Invalid argument: " "no closing parenthesis"; } *cp2 = NUL; mc->nSessionCacheDataSize = atoi(cp); if (mc->nSessionCacheDataSize < 8192) { return "SSLSessionCache: Invalid argument: " "size has to be >= 8192 bytes"; } if (mc->nSessionCacheDataSize >= APR_SHM_MAXSIZE) { return apr_psprintf(cmd->pool, "SSLSessionCache: Invalid argument: " "size has to be < %d bytes on this " "platform", APR_SHM_MAXSIZE); } } } else if ((arglen > 3) && strcEQn(arg, "dc:", 3)) {#ifdef HAVE_DISTCACHE mc->nSessionCacheMode = SSL_SCMODE_DC; mc->szSessionCacheDataFile = apr_pstrdup(mc->pPool, arg+3); if (!mc->szSessionCacheDataFile) { return apr_pstrcat(cmd->pool, "SSLSessionCache: Invalid cache file path: ", arg+3, NULL); }#else return "SSLSessionCache: distcache support disabled";#endif } else { return "SSLSessionCache: Invalid argument"; } return NULL;}const char *ssl_cmd_SSLSessionCacheTimeout(cmd_parms *cmd, void *dcfg, const char *arg){ SSLSrvConfigRec *sc = mySrvConfig(cmd->server); sc->session_cache_timeout = atoi(arg); if (sc->session_cache_timeout < 0) { return "SSLSessionCacheTimeout: Invalid argument"; } return NULL;}const char *ssl_cmd_SSLOptions(cmd_parms *cmd, void *dcfg, const char *arg){ SSLDirConfigRec *dc = (SSLDirConfigRec *)dcfg; ssl_opt_t opt; int first = TRUE; char action, *w; while (*arg) { w = ap_getword_conf(cmd->pool, &arg); action = NUL; if ((*w == '+') || (*w == '-')) { action = *(w++); } else if (first) { dc->nOptions = SSL_OPT_NONE; first = FALSE; } if (strcEQ(w, "StdEnvVars")) { opt = SSL_OPT_STDENVVARS; } else if (strcEQ(w, "ExportCertData")) { opt = SSL_OPT_EXPORTCERTDATA; } else if (strcEQ(w, "FakeBasicAuth")) { opt = SSL_OPT_FAKEBASICAUTH; } else if (strcEQ(w, "StrictRequire")) { opt = SSL_OPT_STRICTREQUIRE; } else if (strcEQ(w, "OptRenegotiate")) { opt = SSL_OPT_OPTRENEGOTIATE; } else { return apr_pstrcat(cmd->pool, "SSLOptions: Illegal option '", w, "'", NULL); } if (action == '-') { dc->nOptionsAdd &= ~opt; dc->nOptionsDel |= opt; dc->nOptions &= ~opt; } else if (action == '+') { dc->nOptionsAdd |= opt; dc->nOptionsDel &= ~opt; dc->nOptions |= opt; } else { dc->nOptions = opt; dc->nOptionsAdd = opt; dc->nOptionsDel = SSL_OPT_NONE; } } return NULL;}const char *ssl_cmd_SSLRequireSSL(cmd_parms *cmd, void *dcfg){ SSLDirConfigRec *dc = (SSLDirConfigRec *)dcfg; dc->bSSLRequired = TRUE; return NULL;}const char *ssl_cmd_SSLRequire(cmd_parms *cmd, void *dcfg, const char *arg){ SSLDirConfigRec *dc = (SSLDirConfigRec *)dcfg; ssl_expr *expr; ssl_require_t *require; if (!(expr = ssl_expr_comp(cmd->pool, (char *)arg))) { return apr_pstrcat(cmd->pool, "SSLRequire: ", ssl_expr_get_error(), NULL); } require = apr_array_push(dc->aRequirement); require->cpExpr = apr_pstrdup(cmd->pool, arg); require->mpExpr = expr; return NULL;}static const char *ssl_cmd_protocol_parse(cmd_parms *parms, const char *arg, ssl_proto_t *options){ ssl_proto_t thisopt; *options = SSL_PROTOCOL_NONE; while (*arg) { char *w = ap_getword_conf(parms->temp_pool, &arg); char action = '\0'; if ((*w == '+') || (*w == '-')) { action = *(w++); } if (strcEQ(w, "SSLv2")) { thisopt = SSL_PROTOCOL_SSLV2; } else if (strcEQ(w, "SSLv3")) { thisopt = SSL_PROTOCOL_SSLV3; } else if (strcEQ(w, "TLSv1")) { thisopt = SSL_PROTOCOL_TLSV1; } else if (strcEQ(w, "all")) { thisopt = SSL_PROTOCOL_ALL; } else { return apr_pstrcat(parms->temp_pool, parms->cmd->name, ": Illegal protocol '", w, "'", NULL); } if (action == '-') { *options &= ~thisopt; } else if (action == '+') { *options |= thisopt; } else { *options = thisopt; } } return NULL;}const char *ssl_cmd_SSLProtocol(cmd_parms *cmd, void *dcfg, const char *arg){ SSLSrvConfigRec *sc = mySrvConfig(cmd->server); return ssl_cmd_protocol_parse(cmd, arg, &sc->server->protocol);}const char *ssl_cmd_SSLProxyEngine(cmd_parms *cmd, void *dcfg, int flag){ SSLSrvConfigRec *sc = mySrvConfig(cmd->server); sc->proxy_enabled = flag ? TRUE : FALSE; return NULL;}const char *ssl_cmd_SSLProxyProtocol(cmd_parms *cmd, void *dcfg, const char *arg){ SSLSrvConfigRec *sc = mySrvConfig(cmd->server); return ssl_cmd_protocol_parse(cmd, arg, &sc->proxy->protocol);}const char *ssl_cmd_SSLProxyCipherSuite(cmd_parms *cmd, void *dcfg, const char *arg){ SSLSrvConfigRec *sc = mySrvConfig(cmd->server); sc->proxy->auth.cipher_suite = arg; return NULL;}const char *ssl_cmd_SSLProxyVerify(cmd_parms *cmd, void *dcfg, const char *arg){ SSLSrvConfigRec *sc = mySrvConfig(cmd->server); ssl_verify_t mode; const char *err; if ((err = ssl_cmd_verify_parse(cmd, arg, &mode))) { return err; } sc->proxy->auth.verify_mode = mode; return NULL;}const char *ssl_cmd_SSLProxyVerifyDepth(cmd_parms *cmd, void *dcfg, const char *arg){ SSLSrvConfigRec *sc = mySrvConfig(cmd->server); int depth; const char *err; if ((err = ssl_cmd_verify_depth_parse(cmd, arg, &depth))) { return err; } sc->proxy->auth.verify_depth = depth; return NULL;}const char *ssl_cmd_SSLProxyCACertificateFile(cmd_parms *cmd, void *dcfg, const char *arg){ SSLSrvConfigRec *sc = mySrvConfig(cmd->server); const char *err; if ((err = ssl_cmd_check_file(cmd, &arg))) { return err; } sc->proxy->auth.ca_cert_file = arg; return NULL;}const char *ssl_cmd_SSLProxyCACertificatePath(cmd_parms *cmd, void *dcfg, const char *arg){ SSLSrvConfigRec *sc = mySrvConfig(cmd->server); const char *err; if ((err = ssl_cmd_check_dir(cmd, &arg))) { return err; } sc->proxy->auth.ca_cert_path = arg; return NULL;}const char *ssl_cmd_SSLProxyCARevocationPath(cmd_parms *cmd, void *dcfg, const char *arg){ SSLSrvConfigRec *sc = mySrvConfig(cmd->server); const char *err; if ((err = ssl_cmd_check_dir(cmd, &arg))) { return err; } sc->proxy->crl_path = arg; return NULL;}const char *ssl_cmd_SSLProxyCARevocationFile(cmd_parms *cmd, void *dcfg, const char *arg){ SSLSrvConfigRec *sc = mySrvConfig(cmd->server); const char *err; if ((err = ssl_cmd_check_file(cmd, &arg))) { return err; } sc->proxy->crl_file = arg; return NULL;}const char *ssl_cmd_SSLProxyMachineCertificateFile(cmd_parms *cmd, void *dcfg, const char *arg){ SSLSrvConfigRec *sc = mySrvConfig(cmd->server); const char *err; if ((err = ssl_cmd_check_file(cmd, &arg))) { return err; } sc->proxy->pkp->cert_file = arg; return NULL;}const char *ssl_cmd_SSLProxyMachineCertificatePath(cmd_parms *cmd, void *dcfg, const char *arg){ SSLSrvConfigRec *sc = mySrvConfig(cmd->server); const char *err; if ((err = ssl_cmd_check_dir(cmd, &arg))) { return err; } sc->proxy->pkp->cert_path = arg; return NULL;}const char *ssl_cmd_SSLUserName(cmd_parms *cmd, void *dcfg, const char *arg){ SSLDirConfigRec *dc = (SSLDirConfigRec *)dcfg; dc->szUserName = arg; return NULL;}void ssl_hook_ConfigTest(apr_pool_t *pconf, server_rec *s){ if (!ap_exists_config_define("DUMP_CERTS")) { return; } /* Dump the filenames of all configured server certificates to * stdout. */ while (s) { SSLSrvConfigRec *sc = mySrvConfig(s); if (sc && sc->server && sc->server->pks) { modssl_pk_server_t *const pks = sc->server->pks; int i; for (i = 0; (i < SSL_AIDX_MAX) && pks->cert_files[i]; i++) { printf("%s\n", pks->cert_files[i]); } } s = s->next; }}⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -