* modules/ssl/ssl_engine_pphrase.c (modssl_load_engine_keypair):

notroj · notroj · commit fcaf73d28cae · 2024-02-29T15:28:36.000Z
Update to avoid GCC warning for no-engine builds where the SSLModConfigRec is not used. Also log an error for the ENOTIMPL path. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1916057 13f79535-47bb-0310-9956-ffa450edef68
diff --git a/docs/log-message-tags/next-number b/docs/log-message-tags/next-number
@@ -1 +1 @@
-10496
+10497
diff --git a/modules/ssl/ssl_engine_pphrase.c b/modules/ssl/ssl_engine_pphrase.c
@@ -979,22 +979,23 @@ apr_status_t modssl_load_engine_keypair(server_rec *s, apr_pool_t *p,
                                         const char *certid, const char *keyid,
                                         X509 **pubkey, EVP_PKEY **privkey)
 {
-#if MODSSL_HAVE_OPENSSL_STORE
+#if MODSSL_HAVE_ENGINE_API 
     SSLModConfigRec *mc = myModConfig(s);
 
     /* For OpenSSL 3.x, use the STORE-based API if either ENGINE
      * support was not present compile-time, or if it's built but
      * SSLCryptoDevice is not configured. */
-#if MODSSL_HAVE_ENGINE_API 
-    if (!mc->szCryptoDevice) 
+    if (mc->szCryptoDevice)
+        return modssl_load_keypair_engine(s, p, vhostid, certid, keyid,
+                                          pubkey, privkey);
 #endif
-        return modssl_load_keypair_store(s, p, vhostid, certid, keyid,
-                                         pubkey, privkey);
-#endif
-#if MODSSL_HAVE_ENGINE_API
-    return modssl_load_keypair_engine(s, p, vhostid, certid, keyid,
-                                      pubkey, privkey);
+#if MODSSL_HAVE_OPENSSL_STORE
+    return modssl_load_keypair_store(s, p, vhostid, certid, keyid,
+                                     pubkey, privkey);
 #else
+    ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, APLOGNO(10496)
+                 "Init: no method for loading keypair for %s (%s | %s)",
+                 vhostid, certid ? certid : "no cert", keyid);
     return APR_ENOTIMPL;
 #endif
 }
