/*
* Merge per-directory SSL configurations
*/
void *ssl_config_perdir_merge(apr_pool_t *p, void *basev, void *addv)
{
SSLDirConfigRec *base = (SSLDirConfigRec *)basev;
SSLDirConfigRec *add = (SSLDirConfigRec *)addv;
SSLDirConfigRec *mrg = (SSLDirConfigRec *)apr_palloc(p, sizeof(*mrg));
cfgMerge(bSSLRequired, FALSE);
cfgMergeArray(aRequirement);
if (add->nOptions & SSL_OPT_RELSET) {
mrg->nOptionsAdd =
(base->nOptionsAdd & ~(add->nOptionsDel)) | add->nOptionsAdd;
mrg->nOptionsDel =
(base->nOptionsDel & ~(add->nOptionsAdd)) | add->nOptionsDel;
mrg->nOptions =
(base->nOptions & ~(mrg->nOptionsDel)) | mrg->nOptionsAdd;
}
else {
mrg->nOptions = add->nOptions;
mrg->nOptionsAdd = add->nOptionsAdd;
mrg->nOptionsDel = add->nOptionsDel;
}
cfgMergeString(szCipherSuite);
cfgMerge(nVerifyClient, SSL_CVERIFY_UNSET);
cfgMergeInt(nVerifyDepth);
cfgMergeString(szCACertificatePath);
cfgMergeString(szCACertificateFile);
cfgMergeString(szUserName);
cfgMergeInt(nRenegBufferSize);
return mrg;
}
/*
* Merge per-server SSL configurations
*/
void *ssl_config_server_merge(apr_pool_t *p, void *basev, void *addv)
{
SSLSrvConfigRec *base = (SSLSrvConfigRec *)basev;
SSLSrvConfigRec *add = (SSLSrvConfigRec *)addv;
SSLSrvConfigRec *mrg = ssl_config_server_new(p);
cfgMerge(mc, NULL);
cfgMerge(enabled, SSL_ENABLED_UNSET);
cfgMergeBool(proxy_enabled);
cfgMergeInt(session_cache_timeout);
cfgMergeBool(cipher_server_pref);
cfgMergeBool(insecure_reneg);
cfgMerge(proxy_ssl_check_peer_expire, SSL_ENABLED_UNSET);
cfgMerge(proxy_ssl_check_peer_cn, SSL_ENABLED_UNSET);
#ifndef OPENSSL_NO_TLSEXT
cfgMerge(strict_sni_vhost_check, SSL_ENABLED_UNSET);
#endif
#ifdef HAVE_FIPS
cfgMergeBool(fips);
#endif
#ifndef OPENSSL_NO_COMP
cfgMergeBool(compression);
#endif
modssl_ctx_cfg_merge_proxy(base->proxy, add->proxy, mrg->proxy);
modssl_ctx_cfg_merge_server(base->server, add->server, mrg->server);
return mrg;
}
static void modssl_ctx_cfg_merge(modssl_ctx_t *base,
modssl_ctx_t *add,
modssl_ctx_t *mrg)
{
cfgMerge(protocol, SSL_PROTOCOL_ALL);
cfgMerge(pphrase_dialog_type, SSL_PPTYPE_UNSET);
cfgMergeString(pphrase_dialog_path);
cfgMergeString(cert_chain);
cfgMerge(crl_path, NULL);
cfgMerge(crl_file, NULL);
cfgMergeString(auth.ca_cert_path);
cfgMergeString(auth.ca_cert_file);
cfgMergeString(auth.cipher_suite);
cfgMergeInt(auth.verify_depth);
cfgMerge(auth.verify_mode, SSL_CVERIFY_UNSET);
}
/*
* Merge per-server SSL configurations
*/
void *nss_config_server_merge(apr_pool_t *p, void *basev, void *addv) {
SSLSrvConfigRec *base = (SSLSrvConfigRec *)basev;
SSLSrvConfigRec *add = (SSLSrvConfigRec *)addv;
SSLSrvConfigRec *mrg = nss_config_server_new(p);
cfgMerge(mc, NULL);
cfgMergeBool(ocsp);
cfgMergeBool(ocsp_default);
cfgMerge(ocsp_url, NULL);
cfgMerge(ocsp_name, NULL);
cfgMergeBool(fips);
cfgMergeBool(enabled);
cfgMergeBool(proxy_enabled);
cfgMergeBool(proxy_ssl_check_peer_cn);
cfgMergeBool(session_tickets);
modnss_ctx_cfg_merge_proxy(base->proxy, add->proxy, mrg->proxy);
modnss_ctx_cfg_merge_server(base->server, add->server, mrg->server);
return mrg;
}
static void modnss_ctx_cfg_merge(modnss_ctx_t *base,
modnss_ctx_t *add,
modnss_ctx_t *mrg)
{
cfgMerge(auth.protocols, NULL);
cfgMerge(auth.cipher_suite, NULL);
cfgMerge(auth.verify_mode, SSL_CVERIFY_UNSET);
cfgMerge(nickname, NULL);
#ifdef NSS_ENABLE_ECC
cfgMerge(eccnickname, NULL);
#endif
cfgMerge(enforce, PR_TRUE);
#ifdef SSL_ENABLE_RENEGOTIATION
cfgMerge(enablerenegotiation, PR_FALSE);
cfgMerge(requiresafenegotiation, PR_FALSE);
#endif
}