On Wed, Aug 16, 2017 at 2:22 PM, <ic...@apache.org> wrote:
> Author: icing
> Date: Wed Aug 16 12:22:28 2017
> New Revision: 1805182
>
> URL: http://svn.apache.org/viewvc?rev=1805182&view=rev
> Log:
> On the trunk:
>
> mod_ssl: adding SSLPolicy and SSLProxyPolicy directives plus documentation.
[]
> ==============================================================================
> --- httpd/httpd/trunk/modules/ssl/ssl_engine_config.c (original)
> +++ httpd/httpd/trunk/modules/ssl/ssl_engine_config.c Wed Aug 16 12:22:28 2017
[]
> @@ -2056,4 +2396,412 @@ void ssl_hook_ConfigTest(apr_pool_t *pco
> return;
> }
Can't we have/want both DUMP_CERTS and DUMP_SSL_POLICIES here?
(i.e. maybe we could remove "return;" in above and below "if" blocks)
>
> + if (ap_exists_config_define("DUMP_SSL_POLICIES")) {
> + apr_array_header_t *names = get_policy_names(pconf, 1);
> + SSLPolicyRec *policy;
> + const char *name, *sep = "";
> + int i;
> +
> + apr_file_open_stdout(&out, pconf);
> + apr_file_printf(out, "SSLPolicies: {");
> + for (i = 0; i < names->nelts; ++i) {
> + name = APR_ARRAY_IDX(names, i, const char*);
> + policy = ssl_policy_lookup(pconf, name);
> + if (policy) {
> + apr_file_printf(out, "%s\n \"%s\": {", sep, name);
> + sep = ", ";
> + ssl_policy_dump(policy, pconf, out, " ");
> + apr_file_printf(out, "\n }");
> + }
> + }
> + apr_file_printf(out, "\n}\n");
> + return;
> + }
> }
