add tls compression disabling option
Hanno Böck commited on 2012-10-17 12:05:50
Zeige 3 geänderte Dateien mit 131 Einfügungen und 1 Löschungen.
- www-servers/apache/Manifest dce90cc..cb0acb3
- www-servers/apache/apache-2.2.23.ebuild c16b092..4c67de0
- www-servers/apache/files/apache-2.2.23-tls-compression-option.diff 0000000..0535772
| ... | ... |
@@ -1,5 +1,6 @@ |
| 1 | 1 |
AUX 2.2.22-envvars-std.in 1071 SHA256 1721b424f2335640e49d71e671a4be15424d29fe90f55fe4f52bd241a998d3ee SHA512 c18fd461f02ab79fc456a1ad99bf91c8891ecdabd90f41437ebf87e20b3d28d2006a10d6726164c2f0333e7aee350bd125838abaff3a188d8ab2f5f34d3e5466 WHIRLPOOL 59cbee68fc8012df01229b8d5e38045eb974bab3f08ebf5b01097dabb5275bb83e28cd09a058ce71949ca4a2439811cff457d4c7df88d7b3fc5318c6b7ef0075 |
| 2 | 2 |
AUX apache-2.2.14-staticdhparameters.diff 11745 SHA256 1fecd496f7df6438cf44b331a0b15d6ceaa0522fcb20d7246772f10f7c3c41df SHA512 5c7fa11b29efd430ddc7144ed8d656c82d9609c9da720cd5d217626505b2257c074bea1ef0f4f2c50b123be58d82fbefac3240b71c3b8c3b9b087c30b090bcf9 WHIRLPOOL ced66883bd7fc4ec868a5d6091cdc765424541c183e53283749d73d4f4b53d0c9221950df816625de9bd115f610931e91b1fac819530294fcb12a0a39b7f6f2c |
| 3 |
+AUX apache-2.2.23-tls-compression-option.diff 4211 SHA256 6ccc0003f486734e660292ac2640d99af830443c09a2d5c9d6aaf371b636d9bd SHA512 915044023b10afca9a67ca90fa4d1175d4d3ef7274308df74c78b0972fd7ec54e3fdb3f4b03ecbfc543b64153b232a140cc8e095b2f74abfcfa0cb86e21fb612 WHIRLPOOL 028be436ac78adcb631b109a23ab7f4b5c2349a95202f8ed33a111b9b2048675892b160ac737875ebe7a73937f8868d665d016a61bdbaec301eacbbad0d1cc05 |
|
| 3 | 4 |
AUX apache-noip.diff 417 SHA256 c9ed84fec20e69f711600261a395a3d4b3ae2685318f6354c4d2ebd01c0ec4cc SHA512 fa684688e707f5fb511b228b8fa9b0f996dbf615f2f9b6478ab478e801f14c65a7381137cdbda648d68f7818891085c744da3a8249843e73bdf5ef247a90d3fe WHIRLPOOL d2636a34b0d48139adef125e76ef477d84bf7cd9785f094fe57c1d81b45e7392622d232bee5f53896d8b48eb9b3241cd48cbb585ea70d97a872c5cd3f6bfe420 |
| 4 | 5 |
AUX httpd-2.2.16-ecc.diff 8236 SHA256 e7fe97852875de06372d8413248fa20419946e2ab7de5198c93bffa6b5a68461 SHA512 8b54c30f9edc76bd8969ee894038f267d722d1ab8c7332a84fe21704bde0451e1a27503252fa87bd0f749dac3281eb266cda36aa7faec1a36ee6e67a8f9ae6c7 WHIRLPOOL 2d8ad3cd12b27937dcafef31df8c9fa048fb4e1ed06109e745fbe12dc869ceaa21fa2e62aa9bcb729d7fb426c1ee0a82171b5038cac56f8b8ebbc3cd3569daa9 |
| 5 | 6 |
DIST gentoo-apache-2.2.22-20120213.tar.bz2 64507 SHA256 737730dabf1e1ccfe9d409067dc3c4d37d16f7fa1e792f5bf39268d904ce1c31 SHA512 f364bdbee967b3bc797d2053b9eb347af963f99275441093930d0057465e1a12567106f5c5ac21a45a4bbd4b353ce67553038d6146f469a7bf980a9148471170 WHIRLPOOL f5a3ab44fc14ddf67ccf0785006b1d9f5c49b915114f9d7e97858fba447a5ee872c741e73c17e121b61cc0aa678b42dc154616cd64054461c552d3a8c29f4f17 |
| ... | ... |
@@ -8,4 +9,4 @@ DIST httpd-2.2.22.tar.bz2 5378934 SHA256 dcdc9f1dc722f84798caf69d69dca78daa5e09a |
| 8 | 9 |
DIST httpd-2.2.23.tar.bz2 5485205 SHA256 14fe79bd6edd957c02cb41f4175e132c08e6ff74a7d08dc1858dd8224e351c34 SHA512 69b3bc942b2a91cdb57356a5c57078794db2d8404a23080a2621cdf33ae2d9bdbbacd0f6e95fd6e71fbfa87e94942be0a014c3e8709148f991e391d03aa6dee2 WHIRLPOOL 8d00184aff654b2d7f1c5ebd471f19ffcb57107ea37179fa05c424424d7b70ff0c9abf3be68ed9f0d091b3c057f1ba24cb989937e35087c3199f82e3dddbbd4f |
| 9 | 10 |
EBUILD apache-2.2.22-r1.ebuild 3206 SHA256 4c72b2164c32c34e85c6a8e99c68464e5505eeb79bf94eed7ad1d62ba2045c0e SHA512 bafab5ef6f8d8675614473c01ae71655b1cd94b75658353e8351df1cb8b9667b2164d501f98b4492810a2ec2d3415db6c5df416bc51aed4fc4ec6fc4a155288b WHIRLPOOL d6f4c9b06b3cfcad613084bb7902c7ba942848a8233b50ff48474e7407c3e1d4523f44a0ca9f0790510122719609ec767afbaf3fdd60b6dd7918fe409e9b08a2 |
| 10 | 11 |
EBUILD apache-2.2.22.ebuild 3001 SHA256 cf930cea2f7e8a8bd2f7cabe7de9ecf56efb33d10bd3fe2d70acaa6e86cebb0c SHA512 1de2c503698334b00c3b44cad9680d8699e7ad21c80a746af4154d03433da4bcc072cf572d2ce9dbf478f6c97423ee2650521d877f2c62a27ec0189d5c66c045 WHIRLPOOL aadae0ae48a37cdd5ed3995c92fa5bf925fd2c12792cdcce08305191c09703a80bd7bc264c61165e8c26687bde97ad543722d04e090620cd7fe473c76688e233 |
| 11 |
-EBUILD apache-2.2.23.ebuild 3117 SHA256 a6bac3fd35f4e4f46c5002a174f93fad298e20d5d7062d43d67bdad6e3265d43 SHA512 0e779d36a4101b6ec0c8a5c4ea617d1a6e27966633fa8685adf5bbdea86401d519b027b8353ae4c4769d7b5c870998c226e718dbab5f44b15b5cc1c09937a32b WHIRLPOOL 89fa649375ec0f7552e8318c77c91f4f98e38824d00d964f2f8a6a9889ccfd90491e6a628c5896bff2e99f326353917c7fc76d7e378050f058591d1777e892a1 |
|
| 12 |
+EBUILD apache-2.2.23.ebuild 3181 SHA256 b6502801683bcd8708e247fd11e8d7a639a7412f77d3a631827705f20e43c878 SHA512 860dce68ab969c4bacdedc3fec4d48937d7a331921e86fe02d6b1481a59cd8997d336b9c9bbc6cf9a69dd3719acc411abae1809e7770b42d31adb1cefd5dc560 WHIRLPOOL e2e128e74236c6a306d511cdc8d1e9799e9818fc842a1884eb48a8ef8683669ba321ca228ec780015e1c88044cff2904652c4a1c93a2f3af84e3552c8e7d3363 |
| ... | ... |
@@ -106,6 +106,7 @@ RDEPEND="${RDEPEND}
|
| 106 | 106 |
src_prepare() {
|
| 107 | 107 |
|
| 108 | 108 |
epatch "${FILESDIR}"/apache-noip.diff
|
| 109 |
+ epatch "${FILESDIR}"/apache-2.2.23-tls-compression-option.diff
|
|
| 109 | 110 |
|
| 110 | 111 |
apache-2_src_prepare |
| 111 | 112 |
sed -i -e 's/! test -f/test -f/' "${GENTOO_PATCHDIR}"/init/apache2.initd || die "Failed to fix init script"
|
| ... | ... |
@@ -0,0 +1,128 @@ |
| 1 |
+Index: modules/ssl/ssl_private.h |
|
| 2 |
+=================================================================== |
|
| 3 |
+--- modules/ssl/ssl_private.h (revision 1395230) |
|
| 4 |
++++ modules/ssl/ssl_private.h (revision 1395231) |
|
| 5 |
+@@ -64,6 +64,11 @@ |
|
| 6 |
+ #define HAVE_TLSV1_X |
|
| 7 |
+ #endif |
|
| 8 |
+ |
|
| 9 |
++#if !defined(OPENSSL_NO_COMP) && !defined(SSL_OP_NO_COMPRESSION) \ |
|
| 10 |
++ && OPENSSL_VERSION_NUMBER < 0x00908000L |
|
| 11 |
++#define OPENSSL_NO_COMP |
|
| 12 |
++#endif |
|
| 13 |
++ |
|
| 14 |
+ #include "ssl_util_ssl.h" |
|
| 15 |
+ |
|
| 16 |
+ /** The #ifdef macros are only defined AFTER including the above |
|
| 17 |
+@@ -504,6 +509,9 @@ |
|
| 18 |
+ #ifdef HAVE_FIPS |
|
| 19 |
+ BOOL fips; |
|
| 20 |
+ #endif |
|
| 21 |
++#ifndef OPENSSL_NO_COMP |
|
| 22 |
++ BOOL compression; |
|
| 23 |
++#endif |
|
| 24 |
+ }; |
|
| 25 |
+ |
|
| 26 |
+ /** |
|
| 27 |
+@@ -560,6 +568,7 @@ |
|
| 28 |
+ const char *ssl_cmd_SSLCARevocationPath(cmd_parms *, void *, const char *); |
|
| 29 |
+ const char *ssl_cmd_SSLCARevocationFile(cmd_parms *, void *, const char *); |
|
| 30 |
+ const char *ssl_cmd_SSLHonorCipherOrder(cmd_parms *cmd, void *dcfg, int flag); |
|
| 31 |
++const char *ssl_cmd_SSLCompression(cmd_parms *, void *, int flag); |
|
| 32 |
+ const char *ssl_cmd_SSLVerifyClient(cmd_parms *, void *, const char *); |
|
| 33 |
+ const char *ssl_cmd_SSLVerifyDepth(cmd_parms *, void *, const char *); |
|
| 34 |
+ const char *ssl_cmd_SSLSessionCache(cmd_parms *, void *, const char *); |
|
| 35 |
+Index: modules/ssl/ssl_engine_init.c |
|
| 36 |
+=================================================================== |
|
| 37 |
+--- modules/ssl/ssl_engine_init.c (revision 1395230) |
|
| 38 |
++++ modules/ssl/ssl_engine_init.c (revision 1395231) |
|
| 39 |
+@@ -533,6 +533,18 @@ |
|
| 40 |
+ } |
|
| 41 |
+ #endif |
|
| 42 |
+ |
|
| 43 |
++ |
|
| 44 |
++#ifndef OPENSSL_NO_COMP |
|
| 45 |
++ if (sc->compression == FALSE) {
|
|
| 46 |
++#ifdef SSL_OP_NO_COMPRESSION |
|
| 47 |
++ /* OpenSSL >= 1.0 only */ |
|
| 48 |
++ SSL_CTX_set_options(ctx, SSL_OP_NO_COMPRESSION); |
|
| 49 |
++#elif OPENSSL_VERSION_NUMBER >= 0x00908000L |
|
| 50 |
++ sk_SSL_COMP_zero(SSL_COMP_get_compression_methods()); |
|
| 51 |
++#endif |
|
| 52 |
++ } |
|
| 53 |
++#endif |
|
| 54 |
++ |
|
| 55 |
+ #ifdef SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION |
|
| 56 |
+ if (sc->insecure_reneg == TRUE) {
|
|
| 57 |
+ SSL_CTX_set_options(ctx, SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION); |
|
| 58 |
+Index: modules/ssl/ssl_engine_config.c |
|
| 59 |
+=================================================================== |
|
| 60 |
+--- modules/ssl/ssl_engine_config.c (revision 1395230) |
|
| 61 |
++++ modules/ssl/ssl_engine_config.c (revision 1395231) |
|
| 62 |
+@@ -180,6 +180,9 @@ |
|
| 63 |
+ #ifdef HAVE_FIPS |
|
| 64 |
+ sc->fips = UNSET; |
|
| 65 |
+ #endif |
|
| 66 |
++#ifndef OPENSSL_NO_COMP |
|
| 67 |
++ sc->compression = UNSET; |
|
| 68 |
++#endif |
|
| 69 |
+ |
|
| 70 |
+ modssl_ctx_init_proxy(sc, p); |
|
| 71 |
+ |
|
| 72 |
+@@ -278,6 +281,9 @@ |
|
| 73 |
+ #ifdef HAVE_FIPS |
|
| 74 |
+ cfgMergeBool(fips); |
|
| 75 |
+ #endif |
|
| 76 |
++#ifndef OPENSSL_NO_COMP |
|
| 77 |
++ cfgMergeBool(compression); |
|
| 78 |
++#endif |
|
| 79 |
+ |
|
| 80 |
+ modssl_ctx_cfg_merge_proxy(base->proxy, add->proxy, mrg->proxy); |
|
| 81 |
+ |
|
| 82 |
+@@ -711,6 +717,23 @@ |
|
| 83 |
+ |
|
| 84 |
+ } |
|
| 85 |
+ |
|
| 86 |
++const char *ssl_cmd_SSLCompression(cmd_parms *cmd, void *dcfg, int flag) |
|
| 87 |
++{
|
|
| 88 |
++#if !defined(OPENSSL_NO_COMP) |
|
| 89 |
++ SSLSrvConfigRec *sc = mySrvConfig(cmd->server); |
|
| 90 |
++#ifndef SSL_OP_NO_COMPRESSION |
|
| 91 |
++ const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY); |
|
| 92 |
++ if (err) |
|
| 93 |
++ return "This version of openssl does not support configuring " |
|
| 94 |
++ "compression within <VirtualHost> sections."; |
|
| 95 |
++#endif |
|
| 96 |
++ sc->compression = flag ? TRUE : FALSE; |
|
| 97 |
++ return NULL; |
|
| 98 |
++#else |
|
| 99 |
++ return "Setting Compression mode unsupported; not implemented by the SSL library"; |
|
| 100 |
++#endif |
|
| 101 |
++} |
|
| 102 |
++ |
|
| 103 |
+ const char *ssl_cmd_SSLHonorCipherOrder(cmd_parms *cmd, void *dcfg, int flag) |
|
| 104 |
+ {
|
|
| 105 |
+ #ifdef SSL_OP_CIPHER_SERVER_PREFERENCE |
|
| 106 |
+Index: modules/ssl/mod_ssl.c |
|
| 107 |
+=================================================================== |
|
| 108 |
+--- modules/ssl/mod_ssl.c (revision 1395230) |
|
| 109 |
++++ modules/ssl/mod_ssl.c (revision 1395231) |
|
| 110 |
+@@ -156,6 +156,9 @@ |
|
| 111 |
+ "('[+-][" SSL_PROTOCOLS "] ...' - see manual)")
|
|
| 112 |
+ SSL_CMD_SRV(HonorCipherOrder, FLAG, |
|
| 113 |
+ "Use the server's cipher ordering preference") |
|
| 114 |
++ SSL_CMD_SRV(Compression, FLAG, |
|
| 115 |
++ "Enable SSL level compression" |
|
| 116 |
++ "(`on', `off')") |
|
| 117 |
+ SSL_CMD_SRV(InsecureRenegotiation, FLAG, |
|
| 118 |
+ "Enable support for insecure renegotiation") |
|
| 119 |
+ SSL_CMD_ALL(UserName, TAKE1, |
|
| 120 |
+Index: . |
|
| 121 |
+=================================================================== |
|
| 122 |
+--- . (revision 1395230) |
|
| 123 |
++++ . (revision 1395231) |
|
| 124 |
+ |
|
| 125 |
+Property changes on: . |
|
| 126 |
+___________________________________________________________________ |
|
| 127 |
+Modified: svn:mergeinfo |
|
| 128 |
+ Merged /httpd/httpd/trunk:r1345319,1348656 |
|
| 0 | 129 |