示例#1
0
/*
 *  Merge per-directory SSL configurations
 */
void *ssl_config_perdir_merge(apr_pool_t *p, void *basev, void *addv)
{
    SSLDirConfigRec *base = (SSLDirConfigRec *)basev;
    SSLDirConfigRec *add  = (SSLDirConfigRec *)addv;
    SSLDirConfigRec *mrg  = (SSLDirConfigRec *)apr_palloc(p, sizeof(*mrg));

    cfgMerge(bSSLRequired, FALSE);
    cfgMergeArray(aRequirement);

    if (add->nOptions & SSL_OPT_RELSET) {
        mrg->nOptionsAdd =
            (base->nOptionsAdd & ~(add->nOptionsDel)) | add->nOptionsAdd;
        mrg->nOptionsDel =
            (base->nOptionsDel & ~(add->nOptionsAdd)) | add->nOptionsDel;
        mrg->nOptions    =
            (base->nOptions    & ~(mrg->nOptionsDel)) | mrg->nOptionsAdd;
    }
    else {
        mrg->nOptions    = add->nOptions;
        mrg->nOptionsAdd = add->nOptionsAdd;
        mrg->nOptionsDel = add->nOptionsDel;
    }

    cfgMergeString(szCipherSuite);
    cfgMerge(nVerifyClient, SSL_CVERIFY_UNSET);
    cfgMergeInt(nVerifyDepth);

    cfgMergeString(szCACertificatePath);
    cfgMergeString(szCACertificateFile);
    cfgMergeString(szUserName);

    cfgMergeInt(nRenegBufferSize);

    return mrg;
}
示例#2
0
/*
 *  Merge per-server SSL configurations
 */
void *ssl_config_server_merge(apr_pool_t *p, void *basev, void *addv)
{
    SSLSrvConfigRec *base = (SSLSrvConfigRec *)basev;
    SSLSrvConfigRec *add  = (SSLSrvConfigRec *)addv;
    SSLSrvConfigRec *mrg  = ssl_config_server_new(p);

    cfgMerge(mc, NULL);
    cfgMerge(enabled, SSL_ENABLED_UNSET);
    cfgMergeBool(proxy_enabled);
    cfgMergeInt(session_cache_timeout);
    cfgMergeBool(cipher_server_pref);
    cfgMergeBool(insecure_reneg);
    cfgMerge(proxy_ssl_check_peer_expire, SSL_ENABLED_UNSET);
    cfgMerge(proxy_ssl_check_peer_cn, SSL_ENABLED_UNSET);
#ifndef OPENSSL_NO_TLSEXT
    cfgMerge(strict_sni_vhost_check, SSL_ENABLED_UNSET);
#endif
#ifdef HAVE_FIPS
    cfgMergeBool(fips);
#endif
#ifndef OPENSSL_NO_COMP
    cfgMergeBool(compression);
#endif

    modssl_ctx_cfg_merge_proxy(base->proxy, add->proxy, mrg->proxy);

    modssl_ctx_cfg_merge_server(base->server, add->server, mrg->server);

    return mrg;
}
示例#3
0
static void modssl_ctx_cfg_merge(modssl_ctx_t *base,
                                 modssl_ctx_t *add,
                                 modssl_ctx_t *mrg)
{
    cfgMerge(protocol, SSL_PROTOCOL_ALL);

    cfgMerge(pphrase_dialog_type, SSL_PPTYPE_UNSET);
    cfgMergeString(pphrase_dialog_path);

    cfgMergeString(cert_chain);

    cfgMerge(crl_path, NULL);
    cfgMerge(crl_file, NULL);

    cfgMergeString(auth.ca_cert_path);
    cfgMergeString(auth.ca_cert_file);
    cfgMergeString(auth.cipher_suite);
    cfgMergeInt(auth.verify_depth);
    cfgMerge(auth.verify_mode, SSL_CVERIFY_UNSET);
}
/*
 *  Merge per-server SSL configurations
 */
void *nss_config_server_merge(apr_pool_t *p, void *basev, void *addv) {
    SSLSrvConfigRec *base = (SSLSrvConfigRec *)basev;
    SSLSrvConfigRec *add  = (SSLSrvConfigRec *)addv;
    SSLSrvConfigRec *mrg  = nss_config_server_new(p);

    cfgMerge(mc, NULL);
    cfgMergeBool(ocsp);
    cfgMergeBool(ocsp_default);
    cfgMerge(ocsp_url, NULL);
    cfgMerge(ocsp_name, NULL);
    cfgMergeBool(fips);
    cfgMergeBool(enabled);
    cfgMergeBool(proxy_enabled);
    cfgMergeBool(proxy_ssl_check_peer_cn);
    cfgMergeBool(session_tickets);

    modnss_ctx_cfg_merge_proxy(base->proxy, add->proxy, mrg->proxy);

    modnss_ctx_cfg_merge_server(base->server, add->server, mrg->server);

    return mrg;
}
static void modnss_ctx_cfg_merge(modnss_ctx_t *base,
                                 modnss_ctx_t *add,
                                 modnss_ctx_t *mrg)
{
    cfgMerge(auth.protocols, NULL);
    cfgMerge(auth.cipher_suite, NULL);
    cfgMerge(auth.verify_mode, SSL_CVERIFY_UNSET);

    cfgMerge(nickname, NULL);
#ifdef NSS_ENABLE_ECC
    cfgMerge(eccnickname, NULL);
#endif
    cfgMerge(enforce, PR_TRUE);
#ifdef SSL_ENABLE_RENEGOTIATION
    cfgMerge(enablerenegotiation, PR_FALSE);
    cfgMerge(requiresafenegotiation, PR_FALSE);
#endif
}