[rs-commit] r49 - in /mod_scep/trunk: ChangeLog mod_scep.c
rs-commit at redwax.eu
rs-commit at redwax.eu
Sat Apr 20 00:18:15 CEST 2019
Author: minfrin at redwax.eu
Date: Sat Apr 20 00:18:15 2019
New Revision: 49
Log:
Add support for the expression API, and remove the obsolete
CGI options.
Modified:
mod_scep/trunk/ChangeLog
mod_scep/trunk/mod_scep.c
Modified: mod_scep/trunk/ChangeLog
==============================================================================
--- mod_scep/trunk/ChangeLog (original)
+++ mod_scep/trunk/ChangeLog Sat Apr 20 00:18:15 2019
@@ -1,5 +1,8 @@
Changes with v0.2.0
+
+ *) Add support for the expression API, and remove the obsolete
+ CGI options. [Graham Leggett]
*) Add a cleanup for the EVP key. [Graham Leggett]
Modified: mod_scep/trunk/mod_scep.c
==============================================================================
--- mod_scep/trunk/mod_scep.c (original)
+++ mod_scep/trunk/mod_scep.c Sat Apr 20 00:18:15 2019
@@ -48,6 +48,7 @@
#include "http_protocol.h"
#include "http_request.h"
#include "util_script.h"
+#include "ap_expr.h"
#include "mod_ca.h"
@@ -61,8 +62,7 @@
{
const char *name; /* raw name of the object, NULL matches all */
int nid; /* name element from the request */
- const char *cgi; /* if present, take the value from the subprocess environment */
- const char *value; /* if present, use the absolute value */
+ const ap_expr_info_t *expr; /* if present, expression to be assigned to each name */
int limit; /* if present, take up to the limit number of names */
} name_rec;
@@ -473,7 +473,7 @@
return NULL;
}
-static const char *set_subject_cgi(cmd_parms *cmd, void *dconf,
+static const char *set_subject_set(cmd_parms *cmd, void *dconf,
const char *arg1, const char *arg2)
{
scep_config_rec *conf = dconf;
@@ -486,26 +486,16 @@
"Argument '%s' must be a valid subject identifier recognised by openssl",
arg1);
}
- name->cgi = arg2;
- conf->subject_set = 1;
-
- return NULL;
-}
-
-static const char *set_subject_set(cmd_parms *cmd, void *dconf,
- const char *arg1, const char *arg2)
-{
- scep_config_rec *conf = dconf;
- name_rec *name = apr_array_push(conf->subject);
-
- name->name = arg1;
- name->nid = OBJ_txt2nid(arg1);
- if (name->nid == NID_undef) {
- return apr_psprintf(cmd->pool,
- "Argument '%s' must be a valid subject identifier recognised by openssl",
- arg1);
- }
- name->value = arg2;
+ else {
+ const char *expr_err = NULL;
+ name->expr = ap_expr_parse_cmd(cmd, arg2, AP_EXPR_FLAG_STRING_RESULT,
+ &expr_err, NULL);
+ if (expr_err) {
+ return apr_pstrcat(cmd->temp_pool, "Cannot parse expression '",
+ arg2, "': ", expr_err, NULL);
+ }
+ }
+
conf->subject_set = 1;
return NULL;
@@ -586,7 +576,7 @@
return NULL;
}
-static const char *set_subjectaltname_cgi(cmd_parms *cmd, void *dconf,
+static const char *set_subjectaltname_set(cmd_parms *cmd, void *dconf,
const char *arg1, const char *arg2)
{
scep_config_rec *conf = dconf;
@@ -599,26 +589,16 @@
"Argument '%s' was not one of otherName, rfc822Name, dNSName, x400Address, directoryName, ediPartyName, uniformResourceIdentifier, iPAddress or registeredID",
arg1);
}
- name->cgi = arg2;
- conf->subjectaltname_set = 1;
-
- return NULL;
-}
-
-static const char *set_subjectaltname_set(cmd_parms *cmd, void *dconf,
- const char *arg1, const char *arg2)
-{
- scep_config_rec *conf = dconf;
- name_rec *name = apr_array_push(conf->subjectaltname);
-
- name->name = arg1;
- name->nid = type_from_subjectaltname(arg1);
- if (name->nid < 0) {
- return apr_psprintf(cmd->pool,
- "Argument '%s' was not one of otherName, rfc822Name, dNSName, x400Address, directoryName, ediPartyName, uniformResourceIdentifier, iPAddress or registeredID",
- arg1);
- }
- name->value = arg2;
+ else {
+ const char *expr_err = NULL;
+ name->expr = ap_expr_parse_cmd(cmd, arg2, AP_EXPR_FLAG_STRING_RESULT,
+ &expr_err, NULL);
+ if (expr_err) {
+ return apr_pstrcat(cmd->temp_pool, "Cannot parse expression '",
+ arg2, "': ", expr_err, NULL);
+ }
+ }
+
conf->subjectaltname_set = 1;
return NULL;
@@ -673,9 +653,6 @@
AP_INIT_TAKE12("ScepSubjectRequest", set_subject_request, NULL,
RSRC_CONF | ACCESS_CONF,
"Specify fields in the certificate request subject that will be copied over to the certificate, with optional limit to the number of fields that may appear."),
- AP_INIT_TAKE2("ScepSubjectCGI", set_subject_cgi, NULL,
- RSRC_CONF | ACCESS_CONF,
- "Specify CGI variables in the request that will be included in the certificate subject. DN attribute name first, then CGI variable."),
AP_INIT_TAKE2("ScepSubjectSet", set_subject_set, NULL,
RSRC_CONF | ACCESS_CONF,
"Specify subject attribute and value that will be included in the certificate."),
@@ -683,9 +660,6 @@
set_subjectaltname_request, NULL,
RSRC_CONF | ACCESS_CONF,
"Specify fields in the certificate request subjectAltName that will be copied over to the certificate, with optional limit to the number of fields that may appear."),
- AP_INIT_TAKE2("ScepSubjectAltNameCGI", set_subjectaltname_cgi,
- NULL, RSRC_CONF | ACCESS_CONF,
- "Specify CGI variables in the request that will be included in the certificate subjectAltName. DN attribute name first, then CGI variable."),
AP_INIT_TAKE2("ScepSubjectAltNameSet", set_subjectaltname_set,
NULL, RSRC_CONF | ACCESS_CONF,
"Specify subjectAltName attribute and value that will be included in the certificate."),
@@ -1759,38 +1733,23 @@
for (i = 0; i < conf->subject->nelts; i++) {
name_rec *name = ((name_rec *) conf->subject->elts) + i;
- if (name->cgi) {
- const char *val = (const char *) apr_table_get(r->subprocess_env,
- name->cgi);
- if (!val) {
+ if (name->expr) {
+ const char *err = NULL;
+ const char *arg = ap_expr_str_exec(r, name->expr, &err);
+ if (err || !arg) {
log_message(r, APR_SUCCESS,
apr_psprintf(r->pool,
- "CGI name '%s' was not found, and could not be added to the certificate subject as '%s'.",
- name->cgi, name->name));
+ "Expression for '%s' could not be executed, and could not be added to the certificate subject: %s",
+ name->name, err));
return HTTP_INTERNAL_SERVER_ERROR;
}
- if (val) {
- if (!X509_NAME_add_entry_by_NID(subject, name->nid,
- MBSTRING_UTF8, (unsigned char *) val, -1, -1, 0)) {
- log_message(r, APR_SUCCESS,
- apr_psprintf(r->pool,
- "CGI name '%s' with value '%s' could not be added to the certificate subject as '%s'.",
- name->cgi, val, name->name));
-
- return HTTP_INTERNAL_SERVER_ERROR;
- }
- }
-
- }
-
- else if (name->value) {
- if (!X509_NAME_add_entry_by_NID(subject, name->nid, MBSTRING_UTF8,
- (unsigned char *) name->value, -1, -1, 0)) {
+ if (!X509_NAME_add_entry_by_NID(subject, name->nid,
+ MBSTRING_UTF8, (unsigned char *) arg, -1, -1, 0)) {
log_message(r, APR_SUCCESS,
apr_psprintf(r->pool,
- "The value '%s' could not be added to the certificate subject as '%s'.",
- name->value, name->name));
+ "Expression with value '%s' could not be added to the certificate subject as '%s'.",
+ arg, name->name));
return HTTP_INTERNAL_SERVER_ERROR;
}
@@ -1849,43 +1808,24 @@
for (i = 0; i < conf->subjectaltname->nelts; i++) {
name_rec *name = ((name_rec *) conf->subjectaltname->elts) + i;
- if (name->cgi) {
- char *val = (char *) apr_table_get(r->subprocess_env, name->cgi);
- if (!val) {
+ if (name->expr) {
+ const char *err = NULL;
+ const char *arg = ap_expr_str_exec(r, name->expr, &err);
+ if (err || !arg) {
log_message(r, APR_SUCCESS,
apr_psprintf(r->pool,
- "CGI name '%s' was not found, and could not be added to the certificate subjectAltName as '%s'.",
- name->cgi, name->name));
+ "Expression for '%s' could not be executed, and could not be added to the certificate subjectAltName: %s",
+ name->name, err));
return HTTP_INTERNAL_SERVER_ERROR;
}
- if (val) {
- GENERAL_NAME *gen = a2i_GENERAL_NAME(NULL, NULL, NULL,
- name->nid, val, 0);
- if (!gen) {
- log_message(r, APR_SUCCESS,
- apr_psprintf(r->pool,
- "CGI name '%s' with value '%s' could not be added to the certificate subjectAltName as '%s'.",
- name->cgi, val, name->name));
-
- return HTTP_INTERNAL_SERVER_ERROR;
- }
- if (!sans) {
- sans = GENERAL_NAMES_new();
- }
- sk_GENERAL_NAME_push(sans, gen);
- }
-
- }
-
- else if (name->value) {
GENERAL_NAME *gen = a2i_GENERAL_NAME(NULL, NULL, NULL, name->nid,
- (char *) name->value, 0);
+ (char *) arg, 0);
if (!gen) {
log_message(r, APR_SUCCESS,
apr_psprintf(r->pool,
- "Value '%s' could not be added to the certificate subjectAltName as '%s'.",
- name->value, name->name));
+ "Expression with value '%s' could not be added to the certificate subjectAltName as '%s'.",
+ arg, name->name));
return HTTP_INTERNAL_SERVER_ERROR;
}
More information about the rs-commit
mailing list