> Am 29.05.2018 um 23:54 schrieb Yann Ylavic <[email protected]>:
>
> On Wed, Aug 16, 2017 at 2:22 PM, <[email protected]> wrote:
>> Author: icing
>> Date: Wed Aug 16 12:22:28 2017
>> New Revision: 1805182
>>
>> URL: http://svn.apache.org/viewvc?rev=1805182&view=rev
>> Log:
>> On the trunk:
>>
>> mod_ssl: adding SSLPolicy and SSLProxyPolicy directives plus documentation.
> []
>> ==============================================================================
>> --- httpd/httpd/trunk/modules/ssl/ssl_engine_config.c (original)
>> +++ httpd/httpd/trunk/modules/ssl/ssl_engine_config.c Wed Aug 16 12:22:28
>> 2017
> []
>> @@ -2056,4 +2396,412 @@ void ssl_hook_ConfigTest(apr_pool_t *pco
>> return;
>> }
>
> Can't we have/want both DUMP_CERTS and DUMP_SSL_POLICIES here?
> (i.e. maybe we could remove "return;" in above and below "if" blocks)
Possibly. I tried to do the addition in the spirit of what was already there.
In order not to break things...it has happened.
Someone have an idea why the DUMP_XXX of mod_ssl have been made exclusive to
each other?
>>
>> + if (ap_exists_config_define("DUMP_SSL_POLICIES")) {
>> + apr_array_header_t *names = get_policy_names(pconf, 1);
>> + SSLPolicyRec *policy;
>> + const char *name, *sep = "";
>> + int i;
>> +
>> + apr_file_open_stdout(&out, pconf);
>> + apr_file_printf(out, "SSLPolicies: {");
>> + for (i = 0; i < names->nelts; ++i) {
>> + name = APR_ARRAY_IDX(names, i, const char*);
>> + policy = ssl_policy_lookup(pconf, name);
>> + if (policy) {
>> + apr_file_printf(out, "%s\n \"%s\": {", sep, name);
>> + sep = ", ";
>> + ssl_policy_dump(policy, pconf, out, " ");
>> + apr_file_printf(out, "\n }");
>> + }
>> + }
>> + apr_file_printf(out, "\n}\n");
>> + return;
>> + }
>> }
