On Wed, Aug 16, 2017 at 2:22 PM, <ic...@apache.org> wrote: > Author: icing > Date: Wed Aug 16 12:22:28 2017 > New Revision: 1805182 > > URL: http://svn.apache.org/viewvc?rev=1805182&view=rev > Log: > On the trunk: > > mod_ssl: adding SSLPolicy and SSLProxyPolicy directives plus documentation. [] > ============================================================================== > --- httpd/httpd/trunk/modules/ssl/ssl_engine_config.c (original) > +++ httpd/httpd/trunk/modules/ssl/ssl_engine_config.c Wed Aug 16 12:22:28 2017 [] > @@ -2056,4 +2396,412 @@ void ssl_hook_ConfigTest(apr_pool_t *pco > return; > }
Can't we have/want both DUMP_CERTS and DUMP_SSL_POLICIES here? (i.e. maybe we could remove "return;" in above and below "if" blocks) > > + if (ap_exists_config_define("DUMP_SSL_POLICIES")) { > + apr_array_header_t *names = get_policy_names(pconf, 1); > + SSLPolicyRec *policy; > + const char *name, *sep = ""; > + int i; > + > + apr_file_open_stdout(&out, pconf); > + apr_file_printf(out, "SSLPolicies: {"); > + for (i = 0; i < names->nelts; ++i) { > + name = APR_ARRAY_IDX(names, i, const char*); > + policy = ssl_policy_lookup(pconf, name); > + if (policy) { > + apr_file_printf(out, "%s\n \"%s\": {", sep, name); > + sep = ", "; > + ssl_policy_dump(policy, pconf, out, " "); > + apr_file_printf(out, "\n }"); > + } > + } > + apr_file_printf(out, "\n}\n"); > + return; > + } > }