[rs-commit] r258 - /mod_ca/trunk/mod_ca_simple.c
rs-commit at redwax.eu
rs-commit at redwax.eu
Fri Jan 10 07:14:04 CET 2020
Author: dirkx at redwax.eu
Date: Fri Jan 10 07:14:03 2020
New Revision: 258
Log:
Some algoritms, such as 'X9.42 DH' have a space in them (full list with < openssl list -public-key-algorithms >). So we need to be slightly more careful with tokenizing - and thus vall back of ARGV which understands ticks and double quoted text.
Modified:
mod_ca/trunk/mod_ca_simple.c
Modified: mod_ca/trunk/mod_ca_simple.c
==============================================================================
--- mod_ca/trunk/mod_ca_simple.c (original)
+++ mod_ca/trunk/mod_ca_simple.c Fri Jan 10 07:14:03 2020
@@ -1099,24 +1099,24 @@
return NULL;
}
-static const char *set_ca_algorithm(cmd_parms *cmd, void *dconf, const char *args)
+static const char *set_ca_algorithm(cmd_parms *cmd, void *dconf,
+ int argc, char *const argv[])
{
ca_config_rec *conf = dconf;
-
- char *arg;
- char *tok;
const EVP_PKEY_ASN1_METHOD *method;
int pkey_id;
- arg = apr_strtok(apr_pstrdup(cmd->pool, args), " \t", &tok);
-
ERR_clear_error();
- method = EVP_PKEY_asn1_find_str(NULL, arg, -1);
+
+ if (argc < 1) return log_config(cmd, "CASimpleAlgorithm needs at least one "
+ "argument -- the name of the algoritm");
+
+ method = EVP_PKEY_asn1_find_str(NULL, argv[0], -1);
if (!method) {
return log_config(cmd,
apr_psprintf(cmd->pool,
- "CASimpleAlgorithm '%s' was not found", arg));
+ "CASimpleAlgorithm '%s' was not found", argv[0]));
}
EVP_PKEY_asn1_get0_info(&pkey_id, NULL, NULL, NULL, NULL, method);
@@ -1124,7 +1124,7 @@
if (!conf->pkey_ctx) {
return log_config(cmd,
apr_psprintf(cmd->pool,
- "CASimpleAlgorithm '%s': EVP_PKEY_CTX could not be created for private key ID %d", arg, pkey_id));
+ "CASimpleAlgorithm '%s': EVP_PKEY_CTX could not be created for private key ID %d", argv[0], pkey_id));
}
apr_pool_cleanup_register(cmd->pool, conf->pkey_ctx, ca_EVP_PKEY_CTX_cleanup,
@@ -1133,10 +1133,11 @@
if (EVP_PKEY_keygen_init(conf->pkey_ctx) <= 0) {
return log_config(cmd,
apr_psprintf(cmd->pool,
- "CASimpleAlgorithm '%s': EVP_PKEY keygen could not be initialised", arg));
- }
-
- while ((arg = apr_strtok(NULL,",", &tok))) {
+ "CASimpleAlgorithm '%s': EVP_PKEY keygen could not be initialised", argv[0]));
+ }
+
+ for(int i = 1; i < argc; i++) {
+ const char *arg = argv[i];
char *val = strchr(arg, '=');
if (val) {
*(val++) = 0;
@@ -1144,15 +1145,14 @@
else {
return log_config(cmd,
apr_psprintf(cmd->pool,
- "CASimpleAlgorithm parameter '%s' must be a name=value pair", arg));
+ "CASimpleAlgorithm parameter %d '%s' must be a name=value pair", i, arg));
}
if (EVP_PKEY_CTX_ctrl_str(conf->pkey_ctx, arg, val) <= 0) {
return log_config(cmd,
apr_psprintf(cmd->pool,
- "CASimpleAlgorithm parameter '%s' cannot be set to '%s'", arg, val));
- }
-
+ "CASimpleAlgorithm parameter %d '%s' cannot be set to '%s'", i, arg, val));
+ }
}
conf->pkey_ctx_set = 1;
@@ -1232,7 +1232,7 @@
AP_INIT_TAKE2("CASimpleExtension",
set_ca_extension, NULL, RSRC_CONF | ACCESS_CONF,
"Certificate extension to add to the certificate when signed."),
- AP_INIT_RAW_ARGS("CASimpleAlgorithm",
+ AP_INIT_TAKE_ARGV("CASimpleAlgorithm",
set_ca_algorithm, NULL, RSRC_CONF | ACCESS_CONF,
"When enabled, private keys will be generated with this algorithm."),
AP_INIT_TAKE1("CASimpleParamFile",
More information about the rs-commit
mailing list