Changeset 2871
- Timestamp:
- 19/02/09 19:36:27 (1 year ago)
- Files:
-
- cherokee/trunk/ChangeLog (modified) (1 diff)
- cherokee/trunk/admin/PageVServer.py (modified) (3 diffs)
- cherokee/trunk/cherokee/cryptor_libssl.c (modified) (1 diff)
- cherokee/trunk/cherokee/virtual_server.c (modified) (6 diffs)
- cherokee/trunk/cherokee/virtual_server.h (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
- Modified
- Copied
- Moved
cherokee/trunk/ChangeLog
r2870 r2871 1 2009-02-19 Antonio Perez <aperez@skarcha.com> 2 3 * cherokee/virtual_server.c, cherokee/virtual_server.h, 4 cherokee/cryptor_libssl.c, admin/PageVServer.py: SSL Certificate 5 and chained SSL Certificate entries are merged. 6 1 7 2009-02-19 Alvaro Lopez Ortega <alvaro@octality.com> 2 8 cherokee/trunk/admin/PageVServer.py
r2869 r2871 13 13 ("vserver!.*?!document_root", (validations.is_dev_null_or_local_dir_exists, 'cfg')), 14 14 ("vserver!.*?!ssl_certificate_file", (validations.is_local_file_exists, 'cfg', 'nochroot')), 15 ("vserver!.*?!ssl_certificate_chain_file",(validations.is_local_file_exists, 'cfg', 'nochroot')),16 15 ("vserver!.*?!ssl_certificate_key_file", (validations.is_local_file_exists, 'cfg', 'nochroot')), 17 16 ("vserver!.*?!ssl_ca_list_file", (validations.is_local_file_exists, 'cfg', 'nochroot')), … … 27 26 NOTE_NICKNAME = 'Nickname for the virtual server.' 28 27 NOTE_CERT = 'This directive points to the PEM-encoded Certificate file for the server (Full path to the file)' 29 NOTE_CERT_CHAIN = 'Optional: PEM-encoded Certificate Chain file for the server (Full path to the file)'30 28 NOTE_CERT_KEY = 'PEM-encoded Private Key file for the server (Full path to the file)' 31 29 NOTE_CA_LIST = 'Optional: File containing the trusted CA certificates, utilized for checking the client certificates (Full path to the file)' … … 238 236 table = TableProps() 239 237 self.AddPropEntry (table, 'Certificate', '%s!ssl_certificate_file' % (pre), NOTE_CERT) 240 self.AddPropEntry (table, 'Certificate Chain','%s!ssl_certificate_chain_file' % (pre), NOTE_CERT_CHAIN)241 238 self.AddPropEntry (table, 'Certificate key', '%s!ssl_certificate_key_file' % (pre), NOTE_CERT_KEY) 242 239 txt += self.Indent(table) cherokee/trunk/cherokee/cryptor_libssl.c
r2866 r2871 193 193 /* Certificate 194 194 */ 195 if (! cherokee_buffer_is_empty (&vsrv->server_cert_chain)) {196 197 195 #if (OPENSSL_VERSION_NUMBER < 0x0090808fL) 198 199 200 196 /* OpenSSL < 0.9.8h 197 */ 198 ERR_clear_error(); 201 199 #endif 202 rc = SSL_CTX_use_certificate_chain_file (n->context, vsrv->server_cert_chain.buf); 203 if (rc != 1) { 204 OPENSSL_LAST_ERROR(error); 205 PRINT_ERROR("ERROR: OpenSSL: Can not use certificate chain file '%s': %s\n", 206 vsrv->server_cert_chain.buf, error); 207 return ret_error; 208 } 209 } else { 210 rc = SSL_CTX_use_certificate_file (n->context, vsrv->server_cert.buf, SSL_FILETYPE_PEM); 211 if (rc != 1) { 212 OPENSSL_LAST_ERROR(error); 213 PRINT_ERROR("ERROR: OpenSSL: Can not use certificate file '%s': %s\n", 214 vsrv->server_cert.buf, error); 215 return ret_error; 216 } 200 rc = SSL_CTX_use_certificate_chain_file (n->context, vsrv->server_cert.buf); 201 if (rc != 1) { 202 OPENSSL_LAST_ERROR(error); 203 PRINT_ERROR("ERROR: OpenSSL: Can not use certificate file '%s': %s\n", 204 vsrv->server_cert.buf, error); 205 return ret_error; 217 206 } 218 207 cherokee/trunk/cherokee/virtual_server.c
r2862 r2871 78 78 n->verify_depth = 1; 79 79 cherokee_buffer_init (&n->server_cert); 80 cherokee_buffer_init (&n->server_cert_chain);81 80 cherokee_buffer_init (&n->server_key); 82 81 cherokee_buffer_init (&n->certs_ca); … … 108 107 { 109 108 cherokee_buffer_mrproper (&vserver->server_cert); 110 cherokee_buffer_mrproper (&vserver->server_cert_chain);111 109 cherokee_buffer_mrproper (&vserver->server_key); 112 110 cherokee_buffer_mrproper (&vserver->certs_ca); … … 163 161 if (! cherokee_buffer_is_empty (&vserver->server_cert)) 164 162 return ret_ok; 165 if (! cherokee_buffer_is_empty (&vserver->server_cert_chain))166 return ret_ok;167 163 if (! cherokee_buffer_is_empty (&vserver->server_key)) 168 164 return ret_ok; … … 181 177 */ 182 178 if (cherokee_buffer_is_empty (&vsrv->server_cert) && 183 cherokee_buffer_is_empty (&vsrv->server_cert_chain) &&184 179 cherokee_buffer_is_empty (&vsrv->server_key)) 185 180 return ret_not_found; … … 187 182 /* Check if key or certificate are empty 188 183 */ 189 if (cherokee_buffer_is_empty (&vsrv->server_key) || 190 (cherokee_buffer_is_empty (&vsrv->server_cert) && 191 cherokee_buffer_is_empty (&vsrv->server_cert_chain))) 184 if (cherokee_buffer_is_empty (&vsrv->server_cert) || 185 cherokee_buffer_is_empty (&vsrv->server_key)) 192 186 return ret_error; 193 187 … … 710 704 cherokee_buffer_add_buffer (&vserver->server_cert, &conf->val); 711 705 712 } else if (equal_buf_str (&conf->key, "ssl_certificate_chain_file")) {713 cherokee_buffer_init (&vserver->server_cert_chain);714 cherokee_buffer_add_buffer (&vserver->server_cert_chain, &conf->val);715 716 706 } else if (equal_buf_str (&conf->key, "ssl_certificate_key_file")) { 717 707 cherokee_buffer_init (&vserver->server_key); cherokee/trunk/cherokee/virtual_server.h
r2862 r2871 70 70 cuint_t verify_depth; 71 71 cherokee_buffer_t server_cert; 72 cherokee_buffer_t server_cert_chain;73 72 cherokee_buffer_t server_key; 74 73 cherokee_buffer_t certs_ca;