| 2090 | } |
| 2091 | |
| 2092 | static apr_status_t ssl_init_server_ctx(server_rec *s, |
| 2093 | apr_pool_t *p, |
| 2094 | apr_pool_t *ptemp, |
| 2095 | SSLSrvConfigRec *sc, |
| 2096 | apr_array_header_t *pphrases) |
| 2097 | { |
| 2098 | apr_status_t rv; |
| 2099 | modssl_pk_server_t *pks; |
| 2100 | #ifdef HAVE_SSL_CONF_CMD |
| 2101 | ssl_ctx_param_t *param = (ssl_ctx_param_t *)sc->server->ssl_ctx_param->elts; |
| 2102 | SSL_CONF_CTX *cctx = sc->server->ssl_ctx_config; |
| 2103 | int i; |
| 2104 | #endif |
| 2105 | int n; |
| 2106 | |
| 2107 | /* |
| 2108 | * Check for problematic re-initializations |
| 2109 | */ |
| 2110 | if (sc->server->ssl_ctx) { |
| 2111 | ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, APLOGNO(02569) |
| 2112 | "Illegal attempt to re-initialise SSL for server " |
| 2113 | "(SSLEngine On should go in the VirtualHost, not in global scope.)"); |
| 2114 | return APR_EGENERAL; |
| 2115 | } |
| 2116 | |
| 2117 | /* Allow others to provide certificate files */ |
| 2118 | pks = sc->server->pks; |
| 2119 | n = pks->cert_files->nelts; |
| 2120 | ap_ssl_add_cert_files(s, p, pks->cert_files, pks->key_files); |
| 2121 | ssl_run_add_cert_files(s, p, pks->cert_files, pks->key_files); |
| 2122 | |
| 2123 | if (apr_is_empty_array(pks->cert_files)) { |
| 2124 | /* does someone propose a certiciate to fall back on here? */ |
| 2125 | ap_ssl_add_fallback_cert_files(s, p, pks->cert_files, pks->key_files); |
| 2126 | ssl_run_add_fallback_cert_files(s, p, pks->cert_files, pks->key_files); |
| 2127 | if (n < pks->cert_files->nelts) { |
| 2128 | pks->service_unavailable = 1; |
| 2129 | ap_log_error(APLOG_MARK, APLOG_WARNING, 0, s, APLOGNO(10085) |
| 2130 | "Init: %s will respond with '503 Service Unavailable' for now. There " |
| 2131 | "are no SSL certificates configured and no other module contributed any.", |
| 2132 | ssl_util_vhostid(p, s)); |
| 2133 | } |
| 2134 | } |
| 2135 | |
| 2136 | if (n < pks->cert_files->nelts) { |
| 2137 | /* additionally installed certs overrides any old chain configuration */ |
| 2138 | sc->server->cert_chain = NULL; |
| 2139 | } |
| 2140 | |
| 2141 | if ((rv = ssl_init_ctx(s, p, ptemp, sc->server)) != APR_SUCCESS) { |
| 2142 | return rv; |
| 2143 | } |
| 2144 | |
| 2145 | if ((rv = ssl_init_server_certs(s, p, ptemp, sc->server, pphrases)) |
| 2146 | != APR_SUCCESS) { |
| 2147 | return rv; |
| 2148 | } |
| 2149 |
no test coverage detected