[email protected] wrote: > Author: jkaluza > Date: Wed Dec 11 07:16:28 2013 > New Revision: 1550060 > > URL: http://svn.apache.org/r1550060 > Log: > mod_ssl: Add -t -DDUMP_CA_CERTS option which dumps the filenames of all > configured SSL CA certificates to stdout the same way as DUMP_CERTS does. > > Modified: > httpd/httpd/trunk/CHANGES > httpd/httpd/trunk/modules/ssl/ssl_engine_config.c >
> Modified: httpd/httpd/trunk/modules/ssl/ssl_engine_config.c > URL: > http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/ssl_engine_config.c?rev=1550060&r1=1550059&r2=1550060&view=diff > ============================================================================== > --- httpd/httpd/trunk/modules/ssl/ssl_engine_config.c (original) > +++ httpd/httpd/trunk/modules/ssl/ssl_engine_config.c Wed Dec 11 07:16:28 2013 > @@ -1870,30 +1870,95 @@ const char *ssl_cmd_SSLSRPUnknownUserSee > > #endif /* HAVE_SRP */ > > -void ssl_hook_ConfigTest(apr_pool_t *pconf, server_rec *s) > +static void dump_ca_cert_file(apr_file_t *out, const char *file) { > + X509 *rc; > + BIO *bioS; > + > + if ((bioS=BIO_new_file(file, "r")) == NULL) { > + return; > + } > + > + /* ca_cert_file is loaded using SSL_load_client_CA_file(). This method > + * loads only file of PEM formatted certificates, so we have to load > + * only PEM here too, to stay consistent. > + */ > + rc = PEM_read_bio_X509 (bioS, NULL, NULL, NULL); > + BIO_free(bioS); > + if (rc) { > + apr_file_printf(out, " %s\n", file); Hm, do I miss the point or why don't we print out anything from the cert we just loaded and just the filename? Do we just want to know if the cert file loads? Regards Rüdiger
