Roxen.git/ server/ base_server/ roxen.pike

Branch: Tag:

2001-04-18

2001-04-18 13:05:13 by Per Hedbor <ph@opera.com>

Tentative support for chained SSL certificates (with a really ugly syntax in the variable, though, and no documentation at all. Will do better later on)

Rev: server/base_server/roxen.pike:1.660

4:   // Per Hedbor, Henrik Grubbström, Pontus Hagland, David Hedbor and others.      // ABS and suicide systems contributed freely by Francesco Chemolli - constant cvs_version="$Id: roxen.pike,v 1.659 2001/04/18 04:25:08 mast Exp $"; + constant cvs_version="$Id: roxen.pike,v 1.660 2001/04/18 13:05:13 per Exp $";      // Used when running threaded to find out which thread is the backend thread.   Thread.Thread backend_thread;
1292: Inside #if constant(SSL.sslfile)
      restore();    -  Privs privs = Privs("Reading cert file"); -  +  object privs = Privs("Reading cert file"); +  int key_matches;    string f, f2; -  +  ctx->certificates = ({});    -  if( catch{ f = lopen(query_option("ssl_cert_file"), "r")->read(); } ) +  foreach( query_option("ssl_cert_file")/",", string cert_file )    { -  +  if( catch{ f = lopen(cert_file, "r")->read(); } ) +  {    report_error(LOC_M(8,"SSL3: Reading cert-file failed!")+"\n");    destruct();    return;
1311: Inside #if constant(SSL.sslfile)
   return;    }    -  if (privs) -  destruct(privs); -  +     object msg = Tools.PEM.pem_msg()->init( f );    object part = msg->parts["CERTIFICATE"] || msg->parts["X509 CERTIFICATE"];    string cert;
1371: Inside #if constant(SSL.sslfile)
   destruct();    return;    } -  if (!tbs->public_key->rsa->public_key_equal (rsa)) -  { -  report_error(LOC_M(14, "SSL3: Certificate and private key do not " -  "match.")+"\n"); -  destruct(); -  return; +  if (tbs->public_key->rsa->public_key_equal (rsa)) +  key_matches++; +  else +  continue;    } -  } +     else if (part = msg->parts["DSA PRIVATE KEY"])    {    string key;
1416: Inside #if constant(SSL.sslfile)
   return;    }    -  ctx->certificates = ({ cert }); +  ctx->certificates = ({ cert }) + ctx->certificates;    ctx->random = r; -  +  } +  if( !key_matches ) +  { +  report_error(LOC_M(14, "SSL3: Certificate and private key do not " +  "match.")+"\n"); +  destruct(); +  return; +  }   #if EXPORT    ctx->export_mode();   #endif