diff options
author | Stefan Eissing <icing@apache.org> | 2021-03-03 15:52:18 +0000 |
---|---|---|
committer | Stefan Eissing <icing@apache.org> | 2021-03-03 15:52:18 +0000 |
commit | 695140822068a20a7016b26b2c2c41f45efbac68 (patch) | |
tree | 4ca2a76f75aca7e5edd31de08d62b41a22e571a3 /include | |
parent | 33af74c29fbd85890f1f6e6454a81bab7a01de41 (diff) | |
download | httpd-695140822068a20a7016b26b2c2c41f45efbac68.tar.gz |
Changed ap_ssl_answer_challenge() and its hook to provide PEM data for
certificate and key instead of file names.
Added support for this in mod_ssl and verified with a local mod_md
version that uses it.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1887151 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'include')
-rw-r--r-- | include/http_protocol.h | 27 |
1 files changed, 19 insertions, 8 deletions
diff --git a/include/http_protocol.h b/include/http_protocol.h index c4f064a7c8..30faa131a9 100644 --- a/include/http_protocol.h +++ b/include/http_protocol.h @@ -1174,23 +1174,34 @@ AP_DECLARE(apr_status_t) ap_ssl_add_fallback_cert_files(server_rec *s, apr_pool_ apr_array_header_t *key_files); -/** - * On TLS connections that do not relate to a configured virtual host, - * allow modules to provide a certificate and key to - * be used on the connection. +/** + * On TLS connections that do not relate to a configured virtual host + * allow modules to provide a certificate and key to be used on the connection. + * + * A Certificate PEM added must be accompanied by a private key PEM. The private + * key PEM may be given by a NULL pointer, in which case it is expected to be found in + * the certificate PEM string. */ -AP_DECLARE_HOOK(int, ssl_answer_challenge, (conn_rec *c, const char *server_name, - const char **pcert_file, const char **pkey_file)) +AP_DECLARE_HOOK(int, ssl_answer_challenge, (conn_rec *c, const char *server_name, + const char **pcert_pem, const char **pkey_pem)) /** * Returns != 0 iff the connection is a challenge to the server, for example * as defined in RFC 8555 for the 'tls-alpn-01' domain verification, and needs * a specific certificate as answer in the handshake. + * * ALPN protocol negotiation via the hooks 'protocol_propose' and 'protocol_switch' * need to have run before this call is made. + * + * Certificate PEMs added must be accompanied by a private key PEM. The private + * key PEM may be given by a NULL pointer, in which case it is expected to be found in + * the certificate PEM string. + * + * A certificate provided this way needs to replace any other certificates selected + * by configuration or 'ssl_add_cert_pems` on this connection. */ -AP_DECLARE(int) ap_ssl_answer_challenge(conn_rec *c, const char *server_name, - const char **pcert_file, const char **pkey_file); +AP_DECLARE(int) ap_ssl_answer_challenge(conn_rec *c, const char *server_name, + const char **pcert_pem, const char **pkey_pem); #ifdef __cplusplus |