Commit 80e88084 authored by Yann Ylavic's avatar Yann Ylavic
Browse files

mod_ssl: follow up to r1781575 

Fix SSLOCSPNoVerify merging, and while at it capitalize Verify as suggested
by wrowe.



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1788430 13f79535-47bb-0310-9956-ffa450edef68
parent 9a4db4a7

modules/ssl/mod_ssl.c

+1 −1
Original line number Diff line number Diff line
@@ -265,7 +265,7 @@ static const command_rec ssl_config_cmds[] = { 
                "Proxy URL to use for OCSP requests")



/* Define OCSP Responder Certificate Verification Directive */

    SSL_CMD_SRV(OCSPNoverify, FLAG,

    SSL_CMD_SRV(OCSPNoVerify, FLAG,

                "Do not verify OCSP Responder certificate ('on', 'off')")

/* Define OCSP Responder File Configuration Directive */

    SSL_CMD_SRV(OCSPResponderCertificateFile, TAKE1,

modules/ssl/ssl_engine_config.c

+2 −2
Original line number Diff line number Diff line
@@ -147,7 +147,7 @@ static void modssl_ctx_init(modssl_ctx_t *mctx, apr_pool_t *p) 
    mctx->proxy_uri              = NULL;



/* Set OCSP Responder Certificate Verification variable */

    mctx->ocsp_noverify       = FALSE;

    mctx->ocsp_noverify       = UNSET;

/* Set OCSP Responder File variables */

    mctx->ocsp_verify_flags   = 0;

    mctx->ocsp_certs_file     = NULL;
@@ -1721,7 +1721,7 @@ const char *ssl_cmd_SSLOCSPProxyURL(cmd_parms *cmd, void *dcfg, 
}



/* Set OCSP responder certificate verification directive */

const char *ssl_cmd_SSLOCSPNoverify(cmd_parms *cmd, void *dcfg, int flag)

const char *ssl_cmd_SSLOCSPNoVerify(cmd_parms *cmd, void *dcfg, int flag)

{

    SSLSrvConfigRec *sc = mySrvConfig(cmd->server);

modules/ssl/ssl_engine_ocsp.c

+1 −1
Original line number Diff line number Diff line
@@ -184,7 +184,7 @@ static int verify_ocsp_status(X509 *cert, X509_STORE_CTX *ctx, conn_rec *c, 


    if (rc == V_OCSP_CERTSTATUS_GOOD) {

        /* Check if OCSP certificate verification required */

        if (!sc->server->ocsp_noverify) {

        if (sc->server->ocsp_noverify != TRUE) {

            /* Modify OCSP response verification to include OCSP Responder cert */

            if (OCSP_basic_verify(basicResponse, sc->server->ocsp_certs, X509_STORE_CTX_get0_store(ctx),

                                  sc->server->ocsp_verify_flags) != 1) {

modules/ssl/ssl_private.h

+1 −1
Original line number Diff line number Diff line
@@ -815,7 +815,7 @@ const char *ssl_cmd_SSLOCSPEnable(cmd_parms *cmd, void *dcfg, int flag); 
const char *ssl_cmd_SSLOCSPProxyURL(cmd_parms *cmd, void *dcfg, const char *arg);



/* Declare OCSP Responder Certificate Verification Directive */

const char *ssl_cmd_SSLOCSPNoverify(cmd_parms *cmd, void *dcfg, int flag);

const char *ssl_cmd_SSLOCSPNoVerify(cmd_parms *cmd, void *dcfg, int flag);

/* Declare OCSP Responder Certificate File Directive */

const char *ssl_cmd_SSLOCSPResponderCertificateFile(cmd_parms *cmd, void *dcfg, const char *arg);