use new upstream dh patch (2a1ed26) - keks-overlay.git

use new upstream dh patch

Hanno Böck commited on 2013-10-01 12:53:21
Zeige 3 geänderte Dateien mit 1560 Einfügungen und 2 Löschungen.

www-servers/apache/Manifest 34739ce..351a202
www-servers/apache/apache-2.4.6-r2.ebuild 94168d7..8ce2fa1
www-servers/apache/files/apache-2.4.6-modssl-dhparams.diff 0000000..040309a

@@ -1,10 +1,16 @@
+AUX 00_systemd.conf 88 SHA256 487e7451ce2d834d8af09a1db09bfe235fbc87b17b13a88bf849f0739b023ce3 SHA512 c510b77450f45d8ca5b8f00ebae5de9e3dc0ecb45f9857e391ac923dadb6b5193b13e9bc372790de20bb8829f2bee5bfc0e85ad03b3a72818c5dd6a0d7f45353 WHIRLPOOL 35ff7234f1ac513a522481ed08d2281dc331835cccd1049dbbadd9f2dff7fce1700a3ae9fd8f2f490f09d82edd960f4a0b4f00a91db2bafb7c647e3b54733cef
 AUX 2.2.22-envvars-std.in 1071 SHA256 1721b424f2335640e49d71e671a4be15424d29fe90f55fe4f52bd241a998d3ee SHA512 c18fd461f02ab79fc456a1ad99bf91c8891ecdabd90f41437ebf87e20b3d28d2006a10d6726164c2f0333e7aee350bd125838abaff3a188d8ab2f5f34d3e5466 WHIRLPOOL 59cbee68fc8012df01229b8d5e38045eb974bab3f08ebf5b01097dabb5275bb83e28cd09a058ce71949ca4a2439811cff457d4c7df88d7b3fc5318c6b7ef0075
 AUX apache-2.2.14-staticdhparameters.diff 11745 SHA256 1fecd496f7df6438cf44b331a0b15d6ceaa0522fcb20d7246772f10f7c3c41df SHA512 5c7fa11b29efd430ddc7144ed8d656c82d9609c9da720cd5d217626505b2257c074bea1ef0f4f2c50b123be58d82fbefac3240b71c3b8c3b9b087c30b090bcf9 WHIRLPOOL ced66883bd7fc4ec868a5d6091cdc765424541c183e53283749d73d4f4b53d0c9221950df816625de9bd115f610931e91b1fac819530294fcb12a0a39b7f6f2c
 AUX apache-2.2.23-tls-compression-option.diff 4211 SHA256 6ccc0003f486734e660292ac2640d99af830443c09a2d5c9d6aaf371b636d9bd SHA512 915044023b10afca9a67ca90fa4d1175d4d3ef7274308df74c78b0972fd7ec54e3fdb3f4b03ecbfc543b64153b232a140cc8e095b2f74abfcfa0cb86e21fb612 WHIRLPOOL 028be436ac78adcb631b109a23ab7f4b5c2349a95202f8ed33a111b9b2048675892b160ac737875ebe7a73937f8868d665d016a61bdbaec301eacbbad0d1cc05
 AUX apache-2.4.3-dhparam.diff 12684 SHA256 5185da7eecf04f26cc496a25fabe420db065e59dd088eca51b8c08f0238d12ad SHA512 c49e4c6e607cf5bf11e59c929791d806b15ff30d11e8473e633f2ef406e5d926a2ced1910672e5263f8ea45de6f30eb37048065c1d9fbd11fb7c52603e93bd4b WHIRLPOOL 41e2ac7c8c0734e3132639db7222e488b8ffd18a6c2f2e76b401fdc0b71fc528f3d80eb3d95710084b9fa88e29ce916df215c79b47d80c3ae25188f4cea79e9c
+AUX apache-2.4.6-modssl-dhparams.diff 48302 SHA256 529b747ab1858966011ed4ffab14bb8c1f015c98ecbdf72cd3a53c70a6a8f220 SHA512 9f8b0710c9b5134213415dc6dceaaad17536072250d403794b074fb690ad1168b9b408996a192017f988728b656d1cff2e18a66c5a9792580870970a6026a3f2 WHIRLPOOL 2252302acb1366c064a7f304282d480b7920989f2b0022ce8487a1da28b86164759f28fa57bd4d9ff0abf65550290e8feea4de4125bcd75cac35b7269d43a868
 AUX apache-noip.diff 417 SHA256 c9ed84fec20e69f711600261a395a3d4b3ae2685318f6354c4d2ebd01c0ec4cc SHA512 fa684688e707f5fb511b228b8fa9b0f996dbf615f2f9b6478ab478e801f14c65a7381137cdbda648d68f7818891085c744da3a8249843e73bdf5ef247a90d3fe WHIRLPOOL d2636a34b0d48139adef125e76ef477d84bf7cd9785f094fe57c1d81b45e7392622d232bee5f53896d8b48eb9b3241cd48cbb585ea70d97a872c5cd3f6bfe420
 AUX apache-npn 9799 SHA256 6e41b59680832b074246dd24a41aec56f9bb35ab4f34674cd20e32f1289c21ab SHA512 60d9c6f750562f087b607edf7939195f31b7e0101b9c8d1c883e3b01da192d354fc291d45832757ab50c029f99ac4ad06fa9b7ce4e5928367d1f89278fa79fa3 WHIRLPOOL 162dba8354efeccbb100a86cb61e47c0a96be11a057cfffccc194abd31721b99f4ef3e5fc9b4a7e82a7495d1369af1be3f7b3d4339ec33af24858a0049474331
+AUX apache.conf 55 SHA256 ea616c5cc37979a006d69c51bda43fca15a4327d33175762652b29f5cdea1c7b SHA512 3a53beb7a283d17c14383f16ad14c0602681ac1b193cce8f5aca50ae9d9af3a71054ce4a9ab11cbcb72fe913459e1b306fd54660154e66afe10272f8c0f149f3 WHIRLPOOL fa348414f320a9f70001386dfb77d57ca4836c3ef3d251976077b7ad545d7f6752e534efadbf28c7dcb777388e3d844eba84b939dcf48881983388daf6ac23f0
+AUX apache2.2.service 716 SHA256 e850ad73585fbba52ade58a39ca91adbfd52f56a0bbd426ebcadb340a7dcb62b SHA512 5f736c803772077598248bbb41f76dff396dfd2f11a60d1ba929a619275efb8c1b4c0dab78cbcdf83b9ec94db67b958b3333b01f67d71eb3b2e07dba4bca2a7c WHIRLPOOL 776a928422b8f37a12099111a1503674ca901934b60dca8596dc8bc287390be9a0e912d7ba6226dcb22eb7c669fa298ddc20fd7bf5c275b0cf019bae0d594839
+AUX apache2.4.service 728 SHA256 4420af10d1237f90ae519e56e75f1cc84e9f7c7b63aca9decf91a77f88ae0390 SHA512 6b43e5638d5da68a5408d45befd10a9e42197c1a393764e945ba22d47d0736e2b28bad36a96f4f4ad4ff928db6f2c1377bd22ce401056b2f21fb38933a3cd972 WHIRLPOOL 5526995c5f4772353fcccbd83ed93c8186cb47f80f5d1244dc454ca886189ac92539572c43978d2868b77002a2397ff4794b3c8f6c655fecb432b8013afaf38e
 AUX httpd-2.2.16-ecc.diff 8236 SHA256 e7fe97852875de06372d8413248fa20419946e2ab7de5198c93bffa6b5a68461 SHA512 8b54c30f9edc76bd8969ee894038f267d722d1ab8c7332a84fe21704bde0451e1a27503252fa87bd0f749dac3281eb266cda36aa7faec1a36ee6e67a8f9ae6c7 WHIRLPOOL 2d8ad3cd12b27937dcafef31df8c9fa048fb4e1ed06109e745fbe12dc869ceaa21fa2e62aa9bcb729d7fb426c1ee0a82171b5038cac56f8b8ebbc3cd3569daa9
+AUX httpd-2.4.3-mod_systemd.patch 5396 SHA256 d8f5c76dd5eb0edc9759ea300d3b320ee96b6e6f9fabb8a4043f8d1b77b646a2 SHA512 0db785fac6034aa431e9d816bd06020a5b287dbdae794f8b94eb267805981a1d2a97fdb92bd13e32d35329e6db3f799a03e98456329f6a80c5863e72a26e5c59 WHIRLPOOL 4016b9626af1a8ca001518e8a45262ca4dd27a998727db988a8f1234aa7c5d56d439f4ecfdc6219510f57c97991884a7f57eaa83535988cb72e9fd8ffdee7b6e
 DIST gentoo-apache-2.2.22-20120213.tar.bz2 64507 SHA256 737730dabf1e1ccfe9d409067dc3c4d37d16f7fa1e792f5bf39268d904ce1c31 SHA512 f364bdbee967b3bc797d2053b9eb347af963f99275441093930d0057465e1a12567106f5c5ac21a45a4bbd4b353ce67553038d6146f469a7bf980a9148471170 WHIRLPOOL f5a3ab44fc14ddf67ccf0785006b1d9f5c49b915114f9d7e97858fba447a5ee872c741e73c17e121b61cc0aa678b42dc154616cd64054461c552d3a8c29f4f17
 DIST gentoo-apache-2.2.23-20121012.tar.bz2 64135 SHA256 711a88f26c58b10b082f7ff411366cd768f9450101da050438a2f77abeab7333 SHA512 92a49f954b82d4427862f41977625a60641731cc25ab3efdd666be8db839038e7b1c2ef2f878d5efed243eaa63237e88ee4993cd25cca1dfbb0f56a6b2093d57 WHIRLPOOL 221d9c0cf999430afc11a8e48ae67019c7f31daca827a5db7615aca24859788743e5da00e4c99b7b7b375e58fafd6c148339e5671be939dbc30735031e12c49f
 DIST gentoo-apache-2.4.3-20121012.tar.bz2 24541 SHA256 aeed23c716f05d7430a6d905fb75c192418c9ba90feb96fcc474138c4addfd69 SHA512 fe37c91328bf090aacd4012030845b2e4461a116b9b60d95108c4a4749729bef5ac526d4bd3570406f3d7afe41b0f634c2e9a167ee416a56f5f82f46eb27cc26 WHIRLPOOL 421efb4a7940b52cbc2e054c5ef2f79ff19c13a3140941ec659da3ff61a70491485c1c375db29b1fa6c4dc45761df1f0fc63bd3d867c8937d33f5b6c948bade0
@@ -26,4 +32,4 @@ EBUILD apache-2.2.25.ebuild 3297 SHA256 f2a97144d474359d89e67248fa1f7a58c22e1268
 EBUILD apache-2.4.3.ebuild 7203 SHA256 082ee4bc36fe78621a32ad8ae3f3117943b5572e1456618d1b547cf344c4d687 SHA512 56786dc2e5f835e1894760ad85bfba6ffd531b50e7e9f782240ac2deb7464a2aa222cd04495ab7bd81f0e30c91972f417857c9fd4ee53587ebc91ba6a542c41e WHIRLPOOL 4e8e22861a21d8defd9c8eb57fc5548ba38a911db640fc63b6a15fdcfcf86c8fbf50b09f78321ea784bf81340718242d5a7fa6c6ed1c4e0c31a4e79affc64d24
 EBUILD apache-2.4.4-r1.ebuild 7252 SHA256 64b4537ade811698d002a19da3b32dc54fc590c76cab613095f7086502b34dca SHA512 30f72175c5093f6fcee56892b79e3c72106c7f160a5dff3f7f29c0be376ed94271b35f536ec4d3d539f352a90c9d741b368eb8aaeada501da8a22f1f8cfa67dc WHIRLPOOL 0bd24504dcbab1e364209e622f93a5baf78976761f9e4de7a85686417e6077829f8ca1ab7a87724f3c03362249de3fada01c06e9f553ec8bd24cf1bead516a4b
 EBUILD apache-2.4.6-r1.ebuild 7476 SHA256 6d6b9331dce777b11cfef9bd8b5e9ac006e93728f549225ab6945cb81037a1a9 SHA512 c5ceb713601e2372bb36bdb705d9a7d7dd8c76ffa09339124b11b0054c180606243b21e2c1e95346a7ac0d0ab302ff88e238a8447b553abf08b8a42b390d9e42 WHIRLPOOL 974cf7113269dfb87c138635abd610aaddf92aa94d9dad508b1c11c3636715d9dcce969e0d7e13db1bf854b0f9c2100c428c351795987708659d3ad3ab9ca9b1
-EBUILD apache-2.4.6-r2.ebuild 7479 SHA256 f03c11e0c4faf54b368158249ab5591d92d9a215ced2f345940c65d462843fac SHA512 16a1f8dbb234feb054b05146f190dab26df1f6b325b0dc4fae429d4864087df915e8a2cffb38395aebe121ff2028c7b7edbb302ce19f2d0781a57e00a59bae03 WHIRLPOOL a386b5572216edffbf829fa51ed65d3896204d0a6562b06bb89d33ffda74c5bc5eb9201ad449a3567f47232f1a5881fb9b84a233cb72ba888f7ceb28042fdd2c
+EBUILD apache-2.4.6-r2.ebuild 7487 SHA256 6d15eef1bc7ca1b70be5f61e2dfed5f8ae9feb5c3b42142c06ffc1c3a132c2cb SHA512 84d0cb9cf92a09775116702b65fc87cae08cdf0316602f9e1f05278414a9e3a9ebbbd05e4a6c2e61d7100dfb25db9b5535d3e6cc51f7294889ba370166c58be7 WHIRLPOOL 68b4c5223776d6e08c1da9e4caa93245fcf0a6f83327d6a719c0f202eb14b4a339e7105f872ca062e5f4f1f6fced87e6ddab6fc3c3f412fa6117d545e27a3dc2

www-servers/apache/apache-2.4.6-r2.ebuild

Zeige Datei @ 2a1ed26

@@ -136,7 +136,7 @@ RDEPEND="${RDEPEND}
 
 # init script fixup - should be rolled into next tarball #389965
 src_prepare() {
-	epatch "${FILESDIR}/apache-2.4.3-dhparam.diff"
+	epatch "${FILESDIR}/apache-2.4.6-modssl-dhparams.diff"
 
 	# the following patch can be removed once it is included in
 	# GENTOO_PATCHNAME="gentoo-apache-2.4.1" ...

www-servers/apache/files/apache-2.4.6-modssl-dhparams.diff

Zeige Datei @ 2a1ed26

...	...	@@ -0,0 +1,1552 @@
	1	+diff -Naur httpd-2.4.6-orig/LAYOUT httpd-2.4.6/LAYOUT
	2	+--- httpd-2.4.6-orig/LAYOUT 2013-10-01 12:20:45.706812951 +0200
	3	++++ httpd-2.4.6/LAYOUT 2013-10-01 12:20:50.988746918 +0200
	4	+@@ -108,7 +108,6 @@
	5	+ mod_ssl.c ............... main source file containing API structures
	6	+ mod_ssl.h ............... common header file of mod_ssl
	7	+ ssl_engine_config.c ..... module configuration handling
	8	+- ssl_engine_dh.c ......... DSA/DH support
	9	+ ssl_engine_init.c ....... module initialization
	10	+ ssl_engine_io.c ......... I/O support
	11	+ ssl_engine_kernel.c ..... SSL engine kernel
	12	+diff -Naur httpd-2.4.6-orig/modules/ssl/config.m4 httpd-2.4.6/modules/ssl/config.m4
	13	+--- httpd-2.4.6-orig/modules/ssl/config.m4 2013-10-01 12:20:45.774812101 +0200
	14	++++ httpd-2.4.6/modules/ssl/config.m4 2013-10-01 12:20:50.989746905 +0200
	15	+@@ -20,7 +20,6 @@
	16	+ ssl_objs="dnl
	17	+ mod_ssl.lo dnl
	18	+ ssl_engine_config.lo dnl
	19	+-ssl_engine_dh.lo dnl
	20	+ ssl_engine_init.lo dnl
	21	+ ssl_engine_io.lo dnl
	22	+ ssl_engine_kernel.lo dnl
	23	+diff -Naur httpd-2.4.6-orig/modules/ssl/mod_ssl.c httpd-2.4.6/modules/ssl/mod_ssl.c
	24	+--- httpd-2.4.6-orig/modules/ssl/mod_ssl.c 2013-10-01 12:20:45.775812088 +0200
	25	++++ httpd-2.4.6/modules/ssl/mod_ssl.c 2013-10-01 12:20:50.989746905 +0200
	26	+@@ -148,7 +148,7 @@
	27	+ SSL_CMD_SRV(StrictSNIVHostCheck, FLAG,
	28	+ "Strict SNI virtual host checking")
	29	+
	30	+-#ifndef OPENSSL_NO_SRP
	31	++#ifdef HAVE_SRP
	32	+ SSL_CMD_SRV(SRPVerifierFile, TAKE1,
	33	+ "SRP verifier file "
	34	+ "('/path/to/file' - created by srptool)")
	35	+@@ -471,15 +471,6 @@
	36	+
	37	+ sslconn->ssl = ssl;
	38	+
	39	+- /*
	40	+- * Configure callbacks for SSL connection
	41	+- */
	42	+- SSL_set_tmp_rsa_callback(ssl, ssl_callback_TmpRSA);
	43	+- SSL_set_tmp_dh_callback(ssl, ssl_callback_TmpDH);
	44	+-#ifndef OPENSSL_NO_EC
	45	+- SSL_set_tmp_ecdh_callback(ssl, ssl_callback_TmpECDH);
	46	+-#endif
	47	+-
	48	+ SSL_set_verify_result(ssl, X509_V_OK);
	49	+
	50	+ ssl_io_filter_init(c, r, ssl);
	51	+diff -Naur httpd-2.4.6-orig/modules/ssl/mod_ssl.dsp httpd-2.4.6/modules/ssl/mod_ssl.dsp
	52	+--- httpd-2.4.6-orig/modules/ssl/mod_ssl.dsp 2013-10-01 12:20:45.775812088 +0200
	53	++++ httpd-2.4.6/modules/ssl/mod_ssl.dsp 2013-10-01 12:20:50.989746905 +0200
	54	+@@ -112,10 +112,6 @@
	55	+ # End Source File
	56	+ # Begin Source File
	57	+
	58	+-SOURCE=.\ssl_engine_dh.c
	59	+-# End Source File
	60	+-# Begin Source File
	61	+-
	62	+ SOURCE=.\ssl_engine_init.c
	63	+ # End Source File
	64	+ # Begin Source File
	65	+diff -Naur httpd-2.4.6-orig/modules/ssl/ssl_engine_config.c httpd-2.4.6/modules/ssl/ssl_engine_config.c
	66	+--- httpd-2.4.6-orig/modules/ssl/ssl_engine_config.c 2013-10-01 12:20:45.776812076 +0200
	67	++++ httpd-2.4.6/modules/ssl/ssl_engine_config.c 2013-10-01 12:20:50.989746905 +0200
	68	+@@ -75,8 +75,6 @@
	69	+ mc->stapling_mutex = NULL;
	70	+ #endif
	71	+
	72	+- memset(mc->pTmpKeys, 0, sizeof(mc->pTmpKeys));
	73	+-
	74	+ apr_pool_userdata_set(mc, SSL_MOD_CONFIG_KEY,
	75	+ apr_pool_cleanup_null,
	76	+ pool);
	77	+@@ -150,7 +148,7 @@
	78	+ mctx->stapling_force_url = NULL;
	79	+ #endif
	80	+
	81	+-#ifndef OPENSSL_NO_SRP
	82	++#ifdef HAVE_SRP
	83	+ mctx->srp_vfile = NULL;
	84	+ mctx->srp_unknown_user_seed = NULL;
	85	+ mctx->srp_vbase = NULL;
	86	+@@ -208,7 +206,7 @@
	87	+ sc->proxy_ssl_check_peer_expire = SSL_ENABLED_UNSET;
	88	+ sc->proxy_ssl_check_peer_cn = SSL_ENABLED_UNSET;
	89	+ sc->proxy_ssl_check_peer_name = SSL_ENABLED_UNSET;
	90	+-#ifndef OPENSSL_NO_TLSEXT
	91	++#ifdef HAVE_TLSEXT
	92	+ sc->strict_sni_vhost_check = SSL_ENABLED_UNSET;
	93	+ #endif
	94	+ #ifdef HAVE_FIPS
	95	+@@ -282,7 +280,7 @@
	96	+ cfgMerge(stapling_force_url, NULL);
	97	+ #endif
	98	+
	99	+-#ifndef OPENSSL_NO_SRP
	100	++#ifdef HAVE_SRP
	101	+ cfgMergeString(srp_vfile);
	102	+ cfgMergeString(srp_unknown_user_seed);
	103	+ #endif
	104	+@@ -338,7 +336,7 @@
	105	+ cfgMerge(proxy_ssl_check_peer_expire, SSL_ENABLED_UNSET);
	106	+ cfgMerge(proxy_ssl_check_peer_cn, SSL_ENABLED_UNSET);
	107	+ cfgMerge(proxy_ssl_check_peer_name, SSL_ENABLED_UNSET);
	108	+-#ifndef OPENSSL_NO_TLSEXT
	109	++#ifdef HAVE_TLSEXT
	110	+ cfgMerge(strict_sni_vhost_check, SSL_ENABLED_UNSET);
	111	+ #endif
	112	+ #ifdef HAVE_FIPS
	113	+@@ -645,6 +643,9 @@
	114	+ SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
	115	+ SSLDirConfigRec dc = (SSLDirConfigRec )dcfg;
	116	+
	117	++ /* always disable null and export ciphers */
	118	++ arg = apr_pstrcat(cmd->pool, "!aNULL:!eNULL:!EXP:", arg, NULL);
	119	++
	120	+ if (cmd->path) {
	121	+ dc->szCipherSuite = arg;
	122	+ }
	123	+@@ -1384,6 +1385,9 @@
	124	+ {
	125	+ SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
	126	+
	127	++ /* always disable null and export ciphers */
	128	++ arg = apr_pstrcat(cmd->pool, "!aNULL:!eNULL:!EXP:", arg, NULL);
	129	++
	130	+ sc->proxy->auth.cipher_suite = arg;
	131	+
	132	+ return NULL;
	133	+@@ -1645,7 +1649,7 @@
	134	+
	135	+ const char ssl_cmd_SSLStrictSNIVHostCheck(cmd_parms cmd, void *dcfg, int flag)
	136	+ {
	137	+-#ifndef OPENSSL_NO_TLSEXT
	138	++#ifdef HAVE_TLSEXT
	139	+ SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
	140	+
	141	+ sc->strict_sni_vhost_check = flag ? SSL_ENABLED_TRUE : SSL_ENABLED_FALSE;
	142	+@@ -1804,7 +1808,7 @@
	143	+
	144	+ #endif /* HAVE_OCSP_STAPLING */
	145	+
	146	+-#ifndef OPENSSL_NO_SRP
	147	++#ifdef HAVE_SRP
	148	+
	149	+ const char ssl_cmd_SSLSRPVerifierFile(cmd_parms cmd, void *dcfg,
	150	+ const char *arg)
	151	+@@ -1828,7 +1832,7 @@
	152	+ return NULL;
	153	+ }
	154	+
	155	+-#endif /* OPENSSL_NO_SRP */
	156	++#endif /* HAVE_SRP */
	157	+
	158	+ void ssl_hook_ConfigTest(apr_pool_t pconf, server_rec s)
	159	+ {
	160	+diff -Naur httpd-2.4.6-orig/modules/ssl/ssl_engine_dh.c httpd-2.4.6/modules/ssl/ssl_engine_dh.c
	161	+--- httpd-2.4.6-orig/modules/ssl/ssl_engine_dh.c 2013-10-01 12:20:45.777812063 +0200
	162	++++ httpd-2.4.6/modules/ssl/ssl_engine_dh.c 2013-10-01 12:20:50.990746893 +0200
	163	+@@ -1,244 +0,0 @@
	164	+-#if 0
	165	+-=pod
	166	+-#endif
	167	+-
	168	+-/* Licensed to the Apache Software Foundation (ASF) under one or more
	169	+- * contributor license agreements. See the NOTICE file distributed with
	170	+- * this work for additional information regarding copyright ownership.
	171	+- * The ASF licenses this file to You under the Apache License, Version 2.0
	172	+- * (the "License"); you may not use this file except in compliance with
	173	+- * the License. You may obtain a copy of the License at
	174	+- *
	175	+- * http://www.apache.org/licenses/LICENSE-2.0
	176	+- *
	177	+- * Unless required by applicable law or agreed to in writing, software
	178	+- * distributed under the License is distributed on an "AS IS" BASIS,
	179	+- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	180	+- * See the License for the specific language governing permissions and
	181	+- * limitations under the License.
	182	+- */
	183	+-
	184	+-/* _ _
	185	+- * _ __ ___ ___ __\| \| ___ ___\| \| mod_ssl
	186	+- * \| '_ ` _ \ / _ \ / _` \| / __/ __\| \| Apache Interface to OpenSSL
	187	+- * \| \| \| \| \| \| (_) \| (_\| \| \__ \__ \ \|
	188	+- * \|_\| \|_\| \|_\|\___/ \__,_\|___\|___/___/_\|
	189	+- * \|_____\|
	190	+- * ssl_engine_dh.c
	191	+- * Diffie-Hellman Built-in Temporary Parameters
	192	+- */
	193	+-
	194	+-#include "ssl_private.h"
	195	+-
	196	+-/* ----BEGIN GENERATED SECTION-------- */
	197	+-
	198	+-/*
	199	+-** Diffie-Hellman-Parameters: (512 bit)
	200	+-** prime:
	201	+-** 00:9f:db:8b:8a:00:45:44:f0:04:5f:17:37:d0:ba:
	202	+-** 2e:0b:27:4c:df:1a:9f:58:82:18:fb:43:53:16:a1:
	203	+-** 6e:37:41:71:fd:19:d8:d8:f3:7c:39:bf:86:3f:d6:
	204	+-** 0e:3e:30:06:80:a3:03:0c:6e:4c:37:57:d0:8f:70:
	205	+-** e6:aa:87:10:33
	206	+-** generator: 2 (0x2)
	207	+-** Diffie-Hellman-Parameters: (1024 bit)
	208	+-** prime:
	209	+-** 00:d6:7d:e4:40:cb:bb:dc:19:36:d6:93:d3:4a:fd:
	210	+-** 0a:d5:0c:84:d2:39:a4:5f:52:0b:b8:81:74:cb:98:
	211	+-** bc:e9:51:84:9f:91:2e:63:9c:72:fb:13:b4:b4:d7:
	212	+-** 17:7e:16:d5:5a:c1:79:ba:42:0b:2a:29:fe:32:4a:
	213	+-** 46:7a:63:5e:81:ff:59:01:37:7b:ed:dc:fd:33:16:
	214	+-** 8a:46:1a:ad:3b:72:da:e8:86:00:78:04:5b:07:a7:
	215	+-** db:ca:78:74:08:7d:15:10:ea:9f:cc:9d:dd:33:05:
	216	+-** 07:dd:62:db:88:ae:aa:74:7d:e0:f4:d6:e2:bd:68:
	217	+-** b0:e7:39:3e:0f:24:21:8e:b3
	218	+-** generator: 2 (0x2)
	219	+-*/
	220	+-
	221	+-static unsigned char dh512_p[] = {
	222	+- 0x9F, 0xDB, 0x8B, 0x8A, 0x00, 0x45, 0x44, 0xF0, 0x04, 0x5F, 0x17, 0x37,
	223	+- 0xD0, 0xBA, 0x2E, 0x0B, 0x27, 0x4C, 0xDF, 0x1A, 0x9F, 0x58, 0x82, 0x18,
	224	+- 0xFB, 0x43, 0x53, 0x16, 0xA1, 0x6E, 0x37, 0x41, 0x71, 0xFD, 0x19, 0xD8,
	225	+- 0xD8, 0xF3, 0x7C, 0x39, 0xBF, 0x86, 0x3F, 0xD6, 0x0E, 0x3E, 0x30, 0x06,
	226	+- 0x80, 0xA3, 0x03, 0x0C, 0x6E, 0x4C, 0x37, 0x57, 0xD0, 0x8F, 0x70, 0xE6,
	227	+- 0xAA, 0x87, 0x10, 0x33,
	228	+-};
	229	+-static unsigned char dh512_g[] = {
	230	+- 0x02,
	231	+-};
	232	+-
	233	+-static DH *get_dh512(void)
	234	+-{
	235	+- DH *dh;
	236	+-
	237	+- if (!(dh = DH_new())) {
	238	+- return NULL;
	239	+- }
	240	+-
	241	+- dh->p = BN_bin2bn(dh512_p, sizeof(dh512_p), NULL);
	242	+- dh->g = BN_bin2bn(dh512_g, sizeof(dh512_g), NULL);
	243	+- if (!(dh->p && dh->g)) {
	244	+- DH_free(dh);
	245	+- return NULL;
	246	+- }
	247	+-
	248	+- return dh;
	249	+-}
	250	+-
	251	+-static unsigned char dh1024_p[] = {
	252	+- 0xD6, 0x7D, 0xE4, 0x40, 0xCB, 0xBB, 0xDC, 0x19, 0x36, 0xD6, 0x93, 0xD3,
	253	+- 0x4A, 0xFD, 0x0A, 0xD5, 0x0C, 0x84, 0xD2, 0x39, 0xA4, 0x5F, 0x52, 0x0B,
	254	+- 0xB8, 0x81, 0x74, 0xCB, 0x98, 0xBC, 0xE9, 0x51, 0x84, 0x9F, 0x91, 0x2E,
	255	+- 0x63, 0x9C, 0x72, 0xFB, 0x13, 0xB4, 0xB4, 0xD7, 0x17, 0x7E, 0x16, 0xD5,
	256	+- 0x5A, 0xC1, 0x79, 0xBA, 0x42, 0x0B, 0x2A, 0x29, 0xFE, 0x32, 0x4A, 0x46,
	257	+- 0x7A, 0x63, 0x5E, 0x81, 0xFF, 0x59, 0x01, 0x37, 0x7B, 0xED, 0xDC, 0xFD,
	258	+- 0x33, 0x16, 0x8A, 0x46, 0x1A, 0xAD, 0x3B, 0x72, 0xDA, 0xE8, 0x86, 0x00,
	259	+- 0x78, 0x04, 0x5B, 0x07, 0xA7, 0xDB, 0xCA, 0x78, 0x74, 0x08, 0x7D, 0x15,
	260	+- 0x10, 0xEA, 0x9F, 0xCC, 0x9D, 0xDD, 0x33, 0x05, 0x07, 0xDD, 0x62, 0xDB,
	261	+- 0x88, 0xAE, 0xAA, 0x74, 0x7D, 0xE0, 0xF4, 0xD6, 0xE2, 0xBD, 0x68, 0xB0,
	262	+- 0xE7, 0x39, 0x3E, 0x0F, 0x24, 0x21, 0x8E, 0xB3,
	263	+-};
	264	+-static unsigned char dh1024_g[] = {
	265	+- 0x02,
	266	+-};
	267	+-
	268	+-static DH *get_dh1024(void)
	269	+-{
	270	+- DH *dh;
	271	+-
	272	+- if (!(dh = DH_new())) {
	273	+- return NULL;
	274	+- }
	275	+-
	276	+- dh->p = BN_bin2bn(dh1024_p, sizeof(dh1024_p), NULL);
	277	+- dh->g = BN_bin2bn(dh1024_g, sizeof(dh1024_g), NULL);
	278	+- if (!(dh->p && dh->g)) {
	279	+- DH_free(dh);
	280	+- return NULL;
	281	+- }
	282	+-
	283	+- return dh;
	284	+-}
	285	+-
	286	+-/* ----END GENERATED SECTION---------- */
	287	+-
	288	+-DH *ssl_dh_GetTmpParam(int nKeyLen)
	289	+-{
	290	+- DH *dh;
	291	+-
	292	+- if (nKeyLen == 512)
	293	+- dh = get_dh512();
	294	+- else if (nKeyLen == 1024)
	295	+- dh = get_dh1024();
	296	+- else
	297	+- dh = get_dh1024();
	298	+- return dh;
	299	+-}
	300	+-
	301	+-DH ssl_dh_GetParamFromFile(char file)
	302	+-{
	303	+- DH *dh = NULL;
	304	+- BIO *bio;
	305	+-
	306	+- if ((bio = BIO_new_file(file, "r")) == NULL)
	307	+- return NULL;
	308	+- dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL);
	309	+- BIO_free(bio);
	310	+- return (dh);
	311	+-}
	312	+-
	313	+-/*
	314	+-=cut
	315	+-##
	316	+-## Embedded Perl script for generating the temporary DH parameters
	317	+-##
	318	+-
	319	+-require 5.003;
	320	+-use strict;
	321	+-
	322	+-# configuration
	323	+-my $file = $0;
	324	+-my $begin = '----BEGIN GENERATED SECTION--------';
	325	+-my $end = '----END GENERATED SECTION----------';
	326	+-
	327	+-# read ourself and keep a backup
	328	+-open(FP, "<$file") \|\| die;
	329	+-my $source = '';
	330	+-$source .= $_ while (<FP>);
	331	+-close(FP);
	332	+-open(FP, ">$file.bak") \|\| die;
	333	+-print FP $source;
	334	+-close(FP);
	335	+-
	336	+-# generate the DH parameters
	337	+-print "1. Generate 512 and 1024 bit Diffie-Hellman parameters (p, g)\n";
	338	+-my $rand = '';
	339	+-foreach $file (qw(/var/log/messages /var/adm/messages
	340	+- /kernel /vmunix /vmlinuz /etc/hosts /etc/resolv.conf)) {
	341	+- if (-f $file) {
	342	+- $rand = $file if ($rand eq '');
	343	+- $rand .= ":$file" if ($rand ne '');
	344	+- }
	345	+-}
	346	+-$rand = "-rand $rand" if ($rand ne '');
	347	+-system("openssl gendh $rand -out dh512.pem 512");
	348	+-system("openssl gendh $rand -out dh1024.pem 1024");
	349	+-
	350	+-# generate DH param info
	351	+-my $dhinfo = '';
	352	+-open(FP, "openssl dh -noout -text -in dh512.pem \|") \|\| die;
	353	+-$dhinfo .= $_ while (<FP>);
	354	+-close(FP);
	355	+-open(FP, "openssl dh -noout -text -in dh1024.pem \|") \|\| die;
	356	+-$dhinfo .= $_ while (<FP>);
	357	+-close(FP);
	358	+-$dhinfo =~ s\|^\|** \|mg;
	359	+-$dhinfo = "\n\/\\n$dhinfo\\/\n\n";
	360	+-
	361	+-my $indent_args = "-i4 -npsl -di0 -br -nce -d0 -cli0 -npcs -nfc1";
	362	+-
	363	+-# generate C source from DH params
	364	+-my $dhsource = '';
	365	+-open(FP, "openssl dh -noout -C -in dh512.pem \| indent $indent_args \| expand \|") \|\| die;
	366	+-$dhsource .= $_ while (<FP>);
	367	+-close(FP);
	368	+-open(FP, "openssl dh -noout -C -in dh1024.pem \| indent $indent_args \| expand \|") \|\| die;
	369	+-$dhsource .= $_ while (<FP>);
	370	+-close(FP);
	371	+-$dhsource =~ s\|(DH\s+\get_dh)(\d+)[^}]\n}\|static $1$2(void)
	372	+-{
	373	+- DH *dh;
	374	+-
	375	+- if (!(dh = DH_new())) {
	376	+- return NULL;
	377	+- }
	378	+-
	379	+- dh->p = BN_bin2bn(dh$2_p, sizeof(dh$2_p), NULL);
	380	+- dh->g = BN_bin2bn(dh$2_g, sizeof(dh$2_g), NULL);
	381	+- if (!(dh->p && dh->g)) {
	382	+- DH_free(dh);
	383	+- return NULL;
	384	+- }
	385	+-
	386	+- return dh;
	387	+-}
	388	+-\|sg;
	389	+-
	390	+-# generate output
	391	+-my $o = $dhinfo . $dhsource;
	392	+-
	393	+-# insert the generated code at the target location
	394	+-$source =~ s\|(\/\* $begin.+?\n).\n(.?\/\* $end)\|$1$o$2\|s;
	395	+-
	396	+-# and update the source on disk
	397	+-print "Updating file `$file'\n";
	398	+-open(FP, ">$file") \|\| die;
	399	+-print FP $source;
	400	+-close(FP);
	401	+-
	402	+-# cleanup
	403	+-unlink("dh512.pem");
	404	+-unlink("dh1024.pem");
	405	+-
	406	+-=pod
	407	+-*/
	408	+diff -Naur httpd-2.4.6-orig/modules/ssl/ssl_engine_init.c httpd-2.4.6/modules/ssl/ssl_engine_init.c
	409	+--- httpd-2.4.6-orig/modules/ssl/ssl_engine_init.c 2013-10-01 12:20:45.777812063 +0200
	410	++++ httpd-2.4.6/modules/ssl/ssl_engine_init.c 2013-10-01 12:20:50.990746893 +0200
	411	+@@ -35,7 +35,7 @@
	412	+ ** _________________________________________________________________
	413	+ */
	414	+
	415	+-#ifndef OPENSSL_NO_EC
	416	++#ifdef HAVE_ECC
	417	+ #define KEYTYPES "RSA, DSA or ECC"
	418	+ #else
	419	+ #define KEYTYPES "RSA or DSA"
	420	+@@ -56,180 +56,6 @@
	421	+ modver, AP_SERVER_BASEVERSION, incver);
	422	+ }
	423	+
	424	+-
	425	+-/*
	426	+- * Handle the Temporary RSA Keys and DH Params
	427	+- */
	428	+-
	429	+-#define MODSSL_TMP_KEY_FREE(mc, type, idx) \
	430	+- if (mc->pTmpKeys[idx]) { \
	431	+- type##_free((type *)mc->pTmpKeys[idx]); \
	432	+- mc->pTmpKeys[idx] = NULL; \
	433	+- }
	434	+-
	435	+-#define MODSSL_TMP_KEYS_FREE(mc, type) \
	436	+- MODSSL_TMP_KEY_FREE(mc, type, SSL_TMP_KEY_##type##_512); \
	437	+- MODSSL_TMP_KEY_FREE(mc, type, SSL_TMP_KEY_##type##_1024)
	438	+-
	439	+-static void ssl_tmp_keys_free(server_rec *s)
	440	+-{
	441	+- SSLModConfigRec *mc = myModConfig(s);
	442	+-
	443	+- MODSSL_TMP_KEYS_FREE(mc, RSA);
	444	+- MODSSL_TMP_KEYS_FREE(mc, DH);
	445	+-#ifndef OPENSSL_NO_EC
	446	+- MODSSL_TMP_KEY_FREE(mc, EC_KEY, SSL_TMP_KEY_EC_256);
	447	+-#endif
	448	+-}
	449	+-
	450	+-static int ssl_tmp_key_init_rsa(server_rec *s,
	451	+- int bits, int idx)
	452	+-{
	453	+- SSLModConfigRec *mc = myModConfig(s);
	454	+-
	455	+-#ifdef HAVE_FIPS
	456	+-
	457	+- if (FIPS_mode() && bits < 1024) {
	458	+- mc->pTmpKeys[idx] = NULL;
	459	+- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO(01877)
	460	+- "Init: Skipping generating temporary "
	461	+- "%d bit RSA private key in FIPS mode", bits);
	462	+- return OK;
	463	+- }
	464	+-
	465	+-#endif
	466	+-#ifdef HAVE_GENERATE_EX
	467	+- {
	468	+- RSA *tkey;
	469	+- BIGNUM *bn_f4;
	470	+- if (!(tkey = RSA_new())
	471	+- \|\| !(bn_f4 = BN_new())
	472	+- \|\| !BN_set_word(bn_f4, RSA_F4)
	473	+- \|\| !RSA_generate_key_ex(tkey, bits, bn_f4, NULL))
	474	+- {
	475	+- ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, APLOGNO(01878)
	476	+- "Init: Failed to generate temporary "
	477	+- "%d bit RSA private key", bits);
	478	+- ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, s);
	479	+- return !OK;
	480	+- }
	481	+- BN_free(bn_f4);
	482	+- mc->pTmpKeys[idx] = tkey;
	483	+- }
	484	+-#else
	485	+- if (!(mc->pTmpKeys[idx] =
	486	+- RSA_generate_key(bits, RSA_F4, NULL, NULL)))
	487	+- {
	488	+- ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, APLOGNO(01879)
	489	+- "Init: Failed to generate temporary "
	490	+- "%d bit RSA private key", bits);
	491	+- ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, s);
	492	+- return !OK;
	493	+- }
	494	+-#endif
	495	+-
	496	+- return OK;
	497	+-}
	498	+-
	499	+-static int ssl_tmp_key_init_dh(server_rec *s,
	500	+- int bits, int idx)
	501	+-{
	502	+- SSLModConfigRec *mc = myModConfig(s);
	503	+-
	504	+-#ifdef HAVE_FIPS
	505	+-
	506	+- if (FIPS_mode() && bits < 1024) {
	507	+- mc->pTmpKeys[idx] = NULL;
	508	+- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO(01880)
	509	+- "Init: Skipping generating temporary "
	510	+- "%d bit DH parameters in FIPS mode", bits);
	511	+- return OK;
	512	+- }
	513	+-
	514	+-#endif
	515	+-
	516	+- if (!(mc->pTmpKeys[idx] =
	517	+- ssl_dh_GetTmpParam(bits)))
	518	+- {
	519	+- ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, APLOGNO(01881)
	520	+- "Init: Failed to generate temporary "
	521	+- "%d bit DH parameters", bits);
	522	+- return !OK;
	523	+- }
	524	+-
	525	+- return OK;
	526	+-}
	527	+-
	528	+-#ifndef OPENSSL_NO_EC
	529	+-static int ssl_tmp_key_init_ec(server_rec *s,
	530	+- int bits, int idx)
	531	+-{
	532	+- SSLModConfigRec *mc = myModConfig(s);
	533	+- EC_KEY *ecdh = NULL;
	534	+-
	535	+- /* XXX: Are there any FIPS constraints we should enforce? */
	536	+-
	537	+- if (bits != 256) {
	538	+- ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, APLOGNO(02298)
	539	+- "Init: Failed to generate temporary "
	540	+- "%d bit EC parameters, only 256 bits supported", bits);
	541	+- return !OK;
	542	+- }
	543	+-
	544	+- if ((ecdh = EC_KEY_new()) == NULL \|\|
	545	+- EC_KEY_set_group(ecdh, EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1)) != 1)
	546	+- {
	547	+- ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, APLOGNO(02299)
	548	+- "Init: Failed to generate temporary "
	549	+- "%d bit EC parameters", bits);
	550	+- return !OK;
	551	+- }
	552	+-
	553	+- mc->pTmpKeys[idx] = ecdh;
	554	+- return OK;
	555	+-}
	556	+-
	557	+-#define MODSSL_TMP_KEY_INIT_EC(s, bits) \
	558	+- ssl_tmp_key_init_ec(s, bits, SSL_TMP_KEY_EC_##bits)
	559	+-
	560	+-#endif
	561	+-
	562	+-#define MODSSL_TMP_KEY_INIT_RSA(s, bits) \
	563	+- ssl_tmp_key_init_rsa(s, bits, SSL_TMP_KEY_RSA_##bits)
	564	+-
	565	+-#define MODSSL_TMP_KEY_INIT_DH(s, bits) \
	566	+- ssl_tmp_key_init_dh(s, bits, SSL_TMP_KEY_DH_##bits)
	567	+-
	568	+-static int ssl_tmp_keys_init(server_rec *s)
	569	+-{
	570	+- ap_log_error(APLOG_MARK, APLOG_TRACE1, 0, s,
	571	+- "Init: Generating temporary RSA private keys (512/1024 bits)");
	572	+-
	573	+- if (MODSSL_TMP_KEY_INIT_RSA(s, 512) \|\|
	574	+- MODSSL_TMP_KEY_INIT_RSA(s, 1024)) {
	575	+- return !OK;
	576	+- }
	577	+-
	578	+- ap_log_error(APLOG_MARK, APLOG_TRACE1, 0, s,
	579	+- "Init: Generating temporary DH parameters (512/1024 bits)");
	580	+-
	581	+- if (MODSSL_TMP_KEY_INIT_DH(s, 512) \|\|
	582	+- MODSSL_TMP_KEY_INIT_DH(s, 1024)) {
	583	+- return !OK;
	584	+- }
	585	+-
	586	+-#ifndef OPENSSL_NO_EC
	587	+- ap_log_error(APLOG_MARK, APLOG_TRACE1, 0, s,
	588	+- "Init: Generating temporary EC parameters (256 bits)");
	589	+-
	590	+- if (MODSSL_TMP_KEY_INIT_EC(s, 256)) {
	591	+- return !OK;
	592	+- }
	593	+-#endif
	594	+-
	595	+- return OK;
	596	+-}
	597	+-
	598	+ /*
	599	+ * Per-module initialization
	600	+ */
	601	+@@ -367,10 +193,6 @@
	602	+ */
	603	+ ssl_pphrase_Handle(base_server, ptemp);
	604	+
	605	+- if (ssl_tmp_keys_init(base_server)) {
	606	+- return !OK;
	607	+- }
	608	+-
	609	+ /*
	610	+ * initialize the mutex handling
	611	+ */
	612	+@@ -481,7 +303,7 @@
	613	+ */
	614	+ if (mctx->pks->certs[SSL_AIDX_RSA] \|\|
	615	+ mctx->pks->certs[SSL_AIDX_DSA]
	616	+-#ifndef OPENSSL_NO_EC
	617	++#ifdef HAVE_ECC
	618	+ \|\| mctx->pks->certs[SSL_AIDX_ECC]
	619	+ #endif
	620	+ )
	621	+@@ -493,7 +315,7 @@
	622	+ }
	623	+ }
	624	+
	625	+-#ifndef OPENSSL_NO_TLSEXT
	626	++#ifdef HAVE_TLSEXT
	627	+ static void ssl_init_ctx_tls_extensions(server_rec *s,
	628	+ apr_pool_t *p,
	629	+ apr_pool_t *ptemp,
	630	+@@ -527,7 +349,7 @@
	631	+ }
	632	+ #endif
	633	+
	634	+-#ifndef OPENSSL_NO_SRP
	635	++#ifdef HAVE_SRP
	636	+ /*
	637	+ * TLS-SRP support
	638	+ */
	639	+@@ -660,7 +482,7 @@
	640	+ #ifdef SSL_OP_NO_COMPRESSION
	641	+ /* OpenSSL >= 1.0 only */
	642	+ SSL_CTX_set_options(ctx, SSL_OP_NO_COMPRESSION);
	643	+-#elif OPENSSL_VERSION_NUMBER >= 0x00908000L
	644	++#else
	645	+ sk_SSL_COMP_zero(SSL_COMP_get_compression_methods());
	646	+ #endif
	647	+ }
	648	+@@ -678,6 +500,9 @@
	649	+ * Configure additional context ingredients
	650	+ */
	651	+ SSL_CTX_set_options(ctx, SSL_OP_SINGLE_DH_USE);
	652	++#ifdef HAVE_ECC
	653	++ SSL_CTX_set_options(ctx, SSL_OP_SINGLE_ECDH_USE);
	654	++#endif
	655	+
	656	+ #ifdef SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION
	657	+ /*
	658	+@@ -718,11 +543,7 @@
	659	+ {
	660	+ SSL_CTX *ctx = mctx->ssl_ctx;
	661	+
	662	+- SSL_CTX_set_tmp_rsa_callback(ctx, ssl_callback_TmpRSA);
	663	+ SSL_CTX_set_tmp_dh_callback(ctx, ssl_callback_TmpDH);
	664	+-#ifndef OPENSSL_NO_EC
	665	+- SSL_CTX_set_tmp_ecdh_callback(ctx,ssl_callback_TmpECDH);
	666	+-#endif
	667	+
	668	+ SSL_CTX_set_info_callback(ctx, ssl_callback_Info);
	669	+ }
	670	+@@ -818,14 +639,16 @@
	671	+ modssl_ctx_t *mctx)
	672	+ {
	673	+ SSL_CTX *ctx = mctx->ssl_ctx;
	674	+- const char *suite = mctx->auth.cipher_suite;
	675	++ const char *suite;
	676	+
	677	+ /*
	678	+- * Configure SSL Cipher Suite
	679	++ * Configure SSL Cipher Suite. Always disable NULL and export ciphers,
	680	++ * see also ssl_engine_config.c:ssl_cmd_SSLCipherSuite().
	681	++ * OpenSSL's SSL_DEFAULT_CIPHER_LIST already includes !aNULL:!eNULL,
	682	++ * so only prepend !EXP in this case.
	683	+ */
	684	+- if (!suite) {
	685	+- return;
	686	+- }
	687	++ suite = mctx->auth.cipher_suite ? mctx->auth.cipher_suite :
	688	++ apr_pstrcat(ptemp, "!EXP:", SSL_DEFAULT_CIPHER_LIST, NULL);
	689	+
	690	+ ap_log_error(APLOG_MARK, APLOG_TRACE1, 0, s,
	691	+ "Configuring permitted SSL ciphers [%s]",
	692	+@@ -988,7 +811,7 @@
	693	+ if (mctx->pks) {
	694	+ /* XXX: proxy support? */
	695	+ ssl_init_ctx_cert_chain(s, p, ptemp, mctx);
	696	+-#ifndef OPENSSL_NO_TLSEXT
	697	++#ifdef HAVE_TLSEXT
	698	+ ssl_init_ctx_tls_extensions(s, p, ptemp, mctx);
	699	+ #endif
	700	+ }
	701	+@@ -1001,7 +824,7 @@
	702	+ {
	703	+ SSLModConfigRec *mc = myModConfig(s);
	704	+ ssl_asn1_t *asn1;
	705	+- MODSSL_D2I_X509_CONST unsigned char *ptr;
	706	++ const unsigned char *ptr;
	707	+ const char *type = ssl_asn1_keystr(idx);
	708	+ X509 *cert;
	709	+
	710	+@@ -1048,12 +871,12 @@
	711	+ {
	712	+ SSLModConfigRec *mc = myModConfig(s);
	713	+ ssl_asn1_t *asn1;
	714	+- MODSSL_D2I_PrivateKey_CONST unsigned char *ptr;
	715	++ const unsigned char *ptr;
	716	+ const char *type = ssl_asn1_keystr(idx);
	717	+ int pkey_type;
	718	+ EVP_PKEY *pkey;
	719	+
	720	+-#ifndef OPENSSL_NO_EC
	721	++#ifdef HAVE_ECC
	722	+ if (idx == SSL_AIDX_ECC)
	723	+ pkey_type = EVP_PKEY_EC;
	724	+ else
	725	+@@ -1157,30 +980,34 @@
	726	+ modssl_ctx_t *mctx)
	727	+ {
	728	+ const char rsa_id, dsa_id;
	729	+-#ifndef OPENSSL_NO_EC
	730	++#ifdef HAVE_ECC
	731	+ const char *ecc_id;
	732	++ EC_GROUP *ecparams;
	733	++ int nid;
	734	++ EC_KEY *eckey;
	735	+ #endif
	736	+ const char *vhost_id = mctx->sc->vhost_id;
	737	+ int i;
	738	+ int have_rsa, have_dsa;
	739	+-#ifndef OPENSSL_NO_EC
	740	++ DH *dhparams;
	741	++#ifdef HAVE_ECC
	742	+ int have_ecc;
	743	+ #endif
	744	+
	745	+ rsa_id = ssl_asn1_table_keyfmt(ptemp, vhost_id, SSL_AIDX_RSA);
	746	+ dsa_id = ssl_asn1_table_keyfmt(ptemp, vhost_id, SSL_AIDX_DSA);
	747	+-#ifndef OPENSSL_NO_EC
	748	++#ifdef HAVE_ECC
	749	+ ecc_id = ssl_asn1_table_keyfmt(ptemp, vhost_id, SSL_AIDX_ECC);
	750	+ #endif
	751	+
	752	+ have_rsa = ssl_server_import_cert(s, mctx, rsa_id, SSL_AIDX_RSA);
	753	+ have_dsa = ssl_server_import_cert(s, mctx, dsa_id, SSL_AIDX_DSA);
	754	+-#ifndef OPENSSL_NO_EC
	755	++#ifdef HAVE_ECC
	756	+ have_ecc = ssl_server_import_cert(s, mctx, ecc_id, SSL_AIDX_ECC);
	757	+ #endif
	758	+
	759	+ if (!(have_rsa \|\| have_dsa
	760	+-#ifndef OPENSSL_NO_EC
	761	++#ifdef HAVE_ECC
	762	+ \|\| have_ecc
	763	+ #endif
	764	+ )) {
	765	+@@ -1196,12 +1023,12 @@
	766	+
	767	+ have_rsa = ssl_server_import_key(s, mctx, rsa_id, SSL_AIDX_RSA);
	768	+ have_dsa = ssl_server_import_key(s, mctx, dsa_id, SSL_AIDX_DSA);
	769	+-#ifndef OPENSSL_NO_EC
	770	++#ifdef HAVE_ECC
	771	+ have_ecc = ssl_server_import_key(s, mctx, ecc_id, SSL_AIDX_ECC);
	772	+ #endif
	773	+
	774	+ if (!(have_rsa \|\| have_dsa
	775	+-#ifndef OPENSSL_NO_EC
	776	++#ifdef HAVE_ECC
	777	+ \|\| have_ecc
	778	+ #endif
	779	+ )) {
	780	+@@ -1209,6 +1036,40 @@
	781	+ "Oops, no " KEYTYPES " server private key found?!");
	782	+ ssl_die(s);
	783	+ }
	784	++
	785	++ /*
	786	++ * Try to read DH parameters from the (first) SSLCertificateFile
	787	++ */
	788	++ if ((mctx->pks->cert_files[0] != NULL) &&
	789	++ (dhparams = ssl_dh_GetParamFromFile(mctx->pks->cert_files[0]))) {
	790	++ SSL_CTX_set_tmp_dh(mctx->ssl_ctx, dhparams);
	791	++ ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO(02540)
	792	++ "Custom DH parameters (%d bits) for %s loaded from %s",
	793	++ BN_num_bits(dhparams->p), vhost_id,
	794	++ mctx->pks->cert_files[0]);
	795	++ }
	796	++
	797	++#ifdef HAVE_ECC
	798	++ /*
	799	++ * Similarly, try to read the ECDH curve name from SSLCertificateFile...
	800	++ */
	801	++ if ((mctx->pks->cert_files[0] != NULL) &&
	802	++ (ecparams = ssl_ec_GetParamFromFile(mctx->pks->cert_files[0])) &&
	803	++ (nid = EC_GROUP_get_curve_name(ecparams)) &&
	804	++ (eckey = EC_KEY_new_by_curve_name(nid))) {
	805	++ SSL_CTX_set_tmp_ecdh(mctx->ssl_ctx, eckey);
	806	++ ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO(02541)
	807	++ "ECDH curve %s for %s specified in %s",
	808	++ OBJ_nid2sn(nid), vhost_id, mctx->pks->cert_files[0]);
	809	++ }
	810	++ /*
	811	++ * ...otherwise, configure NIST P-256 (required to enable ECDHE)
	812	++ */
	813	++ else {
	814	++ SSL_CTX_set_tmp_ecdh(mctx->ssl_ctx,
	815	++ EC_KEY_new_by_curve_name(NID_X9_62_prime256v1));
	816	++ }
	817	++#endif
	818	+ }
	819	+
	820	+ #ifdef HAVE_TLS_SESSION_TICKETS
	821	+@@ -1516,7 +1377,7 @@
	822	+ klen = strlen(key);
	823	+
	824	+ if ((ps = (server_rec *)apr_hash_get(table, key, klen))) {
	825	+-#ifdef OPENSSL_NO_TLSEXT
	826	++#ifndef HAVE_TLSEXT
	827	+ int level = APLOG_WARNING;
	828	+ const char *problem = "conflict";
	829	+ #else
	830	+@@ -1540,7 +1401,7 @@
	831	+ }
	832	+
	833	+ if (conflict) {
	834	+-#ifdef OPENSSL_NO_TLSEXT
	835	++#ifndef HAVE_TLSEXT
	836	+ ap_log_error(APLOG_MARK, APLOG_WARNING, 0, base_server, APLOGNO(01917)
	837	+ "Init: You should not use name-based "
	838	+ "virtual hosts in conjunction with SSL!!");
	839	+@@ -1689,7 +1550,7 @@
	840	+ {
	841	+ MODSSL_CFG_ITEM_FREE(SSL_CTX_free, mctx->ssl_ctx);
	842	+
	843	+-#ifndef OPENSSL_NO_SRP
	844	++#ifdef HAVE_SRP
	845	+ if (mctx->srp_vbase != NULL) {
	846	+ SRP_VBASE_free(mctx->srp_vbase);
	847	+ mctx->srp_vbase = NULL;
	848	+@@ -1745,11 +1606,6 @@
	849	+ ssl_scache_kill(base_server);
	850	+
	851	+ /*
	852	+- * Destroy the temporary keys and params
	853	+- */
	854	+- ssl_tmp_keys_free(base_server);
	855	+-
	856	+- /*
	857	+ * Free the non-pool allocated structures
	858	+ * in the per-server configurations
	859	+ */
	860	+diff -Naur httpd-2.4.6-orig/modules/ssl/ssl_engine_io.c httpd-2.4.6/modules/ssl/ssl_engine_io.c
	861	+--- httpd-2.4.6-orig/modules/ssl/ssl_engine_io.c 2013-10-01 12:20:45.775812088 +0200
	862	++++ httpd-2.4.6/modules/ssl/ssl_engine_io.c 2013-10-01 12:20:50.991746880 +0200
	863	+@@ -1048,7 +1048,7 @@
	864	+
	865	+ server = sslconn->server;
	866	+ if (sslconn->is_proxy) {
	867	+-#ifndef OPENSSL_NO_TLSEXT
	868	++#ifdef HAVE_TLSEXT
	869	+ apr_ipsubnet_t *ip;
	870	+ #endif
	871	+ const char *hostname_note = apr_table_get(c->notes,
	872	+@@ -1056,7 +1056,7 @@
	873	+ BOOL proxy_ssl_check_peer_ok = TRUE;
	874	+ sc = mySrvConfig(server);
	875	+
	876	+-#ifndef OPENSSL_NO_TLSEXT
	877	++#ifdef HAVE_TLSEXT
	878	+ /*
	879	+ * Enable SNI for backend requests. Make sure we don't do it for
	880	+ * pure SSLv3 connections, and also prevent IP addresses
	881	+diff -Naur httpd-2.4.6-orig/modules/ssl/ssl_engine_kernel.c httpd-2.4.6/modules/ssl/ssl_engine_kernel.c
	882	+--- httpd-2.4.6-orig/modules/ssl/ssl_engine_kernel.c 2013-10-01 12:20:45.776812076 +0200
	883	++++ httpd-2.4.6/modules/ssl/ssl_engine_kernel.c 2013-10-01 12:20:50.992746868 +0200
	884	+@@ -32,7 +32,7 @@
	885	+ #include "util_md5.h"
	886	+
	887	+ static void ssl_configure_env(request_rec r, SSLConnRec sslconn);
	888	+-#ifndef OPENSSL_NO_TLSEXT
	889	++#ifdef HAVE_TLSEXT
	890	+ static int ssl_find_vhost(void servername, conn_rec c, server_rec *s);
	891	+ #endif
	892	+
	893	+@@ -119,7 +119,7 @@
	894	+ SSLSrvConfigRec *sc = mySrvConfig(r->server);
	895	+ SSLConnRec *sslconn;
	896	+ const char *upgrade;
	897	+-#ifndef OPENSSL_NO_TLSEXT
	898	++#ifdef HAVE_TLSEXT
	899	+ const char *servername;
	900	+ #endif
	901	+ SSL *ssl;
	902	+@@ -162,7 +162,7 @@
	903	+ if (!ssl) {
	904	+ return DECLINED;
	905	+ }
	906	+-#ifndef OPENSSL_NO_TLSEXT
	907	++#ifdef HAVE_TLSEXT
	908	+ if ((servername = SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name))) {
	909	+ char host, scope_id;
	910	+ apr_port_t port;
	911	+@@ -329,7 +329,7 @@
	912	+ return DECLINED;
	913	+ }
	914	+
	915	+-#ifndef OPENSSL_NO_SRP
	916	++#ifdef HAVE_SRP
	917	+ /*
	918	+ * Support for per-directory reconfigured SSL connection parameters
	919	+ *
	920	+@@ -1101,7 +1101,7 @@
	921	+ "SSL_SERVER_A_SIG",
	922	+ "SSL_SESSION_ID",
	923	+ "SSL_SESSION_RESUMED",
	924	+-#ifndef OPENSSL_NO_SRP
	925	++#ifdef HAVE_SRP
	926	+ "SSL_SRP_USER",
	927	+ "SSL_SRP_USERINFO",
	928	+ #endif
	929	+@@ -1115,7 +1115,7 @@
	930	+ SSLDirConfigRec *dc = myDirConfig(r);
	931	+ apr_table_t *env = r->subprocess_env;
	932	+ char var, val = "";
	933	+-#ifndef OPENSSL_NO_TLSEXT
	934	++#ifdef HAVE_TLSEXT
	935	+ const char *servername;
	936	+ #endif
	937	+ STACK_OF(X509) *peer_certs;
	938	+@@ -1144,7 +1144,7 @@
	939	+ /* the always present HTTPS (=HTTP over SSL) flag! */
	940	+ apr_table_setn(env, "HTTPS", "on");
	941	+
	942	+-#ifndef OPENSSL_NO_TLSEXT
	943	++#ifdef HAVE_TLSEXT
	944	+ /* add content of SNI TLS extension (if supplied with ClientHello) */
	945	+ if ((servername = SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name))) {
	946	+ apr_table_set(env, "SSL_TLS_SNI", servername);
	947	+@@ -1287,117 +1287,70 @@
	948	+ */
	949	+
	950	+ /*
	951	+- * Handle out temporary RSA private keys on demand
	952	+- *
	953	+- * The background of this as the TLSv1 standard explains it:
	954	+- *
	955	+- * \| D.1. Temporary RSA keys
	956	+- * \|
	957	+- * \| US Export restrictions limit RSA keys used for encryption to 512
	958	+- * \| bits, but do not place any limit on lengths of RSA keys used for
	959	+- * \| signing operations. Certificates often need to be larger than 512
	960	+- * \| bits, since 512-bit RSA keys are not secure enough for high-value
	961	+- * \| transactions or for applications requiring long-term security. Some
	962	+- * \| certificates are also designated signing-only, in which case they
	963	+- * \| cannot be used for key exchange.
	964	+- * \|
	965	+- * \| When the public key in the certificate cannot be used for encryption,
	966	+- * \| the server signs a temporary RSA key, which is then exchanged. In
	967	+- * \| exportable applications, the temporary RSA key should be the maximum
	968	+- * \| allowable length (i.e., 512 bits). Because 512-bit RSA keys are
	969	+- * \| relatively insecure, they should be changed often. For typical
	970	+- * \| electronic commerce applications, it is suggested that keys be
	971	+- * \| changed daily or every 500 transactions, and more often if possible.
	972	+- * \| Note that while it is acceptable to use the same temporary key for
	973	+- * \| multiple transactions, it must be signed each time it is used.
	974	+- * \|
	975	+- * \| RSA key generation is a time-consuming process. In many cases, a
	976	+- * \| low-priority process can be assigned the task of key generation.
	977	+- * \| Whenever a new key is completed, the existing temporary key can be
	978	+- * \| replaced with the new one.
	979	+- *
	980	+- * XXX: base on comment above, if thread support is enabled,
	981	+- * we should spawn a low-priority thread to generate new keys
	982	+- * on the fly.
	983	+- *
	984	+- * So we generated 512 and 1024 bit temporary keys on startup
	985	+- * which we now just hand out on demand....
	986	++ * Grab well-defined DH parameters from OpenSSL, see <openssl/bn.h>
	987	++ * (get_rfc*) for all available primes.
	988	+ */
	989	+-
	990	+-RSA ssl_callback_TmpRSA(SSL ssl, int export, int keylen)
	991	+-{
	992	+- conn_rec c = (conn_rec )SSL_get_app_data(ssl);
	993	+- SSLModConfigRec *mc = myModConfigFromConn(c);
	994	+- int idx;
	995	+-
	996	+- ap_log_cerror(APLOG_MARK, APLOG_TRACE2, 0, c,
	997	+- "handing out temporary %d bit RSA key", keylen);
	998	+-
	999	+- /* doesn't matter if export flag is on,
	1000	+- * we won't be asked for keylen > 512 in that case.
	1001	+- * if we are asked for a keylen > 1024, it is too expensive
	1002	+- * to generate on the fly.
	1003	+- * XXX: any reason not to generate 2048 bit keys at startup?
	1004	+- */
	1005	+-
	1006	+- switch (keylen) {
	1007	+- case 512:
	1008	+- idx = SSL_TMP_KEY_RSA_512;
	1009	+- break;
	1010	+-
	1011	+- case 1024:
	1012	+- default:
	1013	+- idx = SSL_TMP_KEY_RSA_1024;
	1014	+- }
	1015	+-
	1016	+- return (RSA *)mc->pTmpKeys[idx];
	1017	++#define make_get_dh(rfc,size,gen) \
	1018	++static DH *get_dh##size(void) \
	1019	++{ \
	1020	++ DH *dh; \
	1021	++ if (!(dh = DH_new())) { \
	1022	++ return NULL; \
	1023	++ } \
	1024	++ dh->p = get_##rfc##_prime_##size(NULL); \
	1025	++ BN_dec2bn(&dh->g, #gen); \
	1026	++ if (!dh->p \|\| !dh->g) { \
	1027	++ DH_free(dh); \
	1028	++ return NULL; \
	1029	++ } \
	1030	++ return dh; \
	1031	+ }
	1032	+
	1033	+ /*
	1034	+- * Hand out the already generated DH parameters...
	1035	++ * Prepare DH parameters from 1024 to 4096 bits, in 1024-bit increments
	1036	++ */
	1037	++make_get_dh(rfc2409, 1024, 2)
	1038	++make_get_dh(rfc3526, 2048, 2)
	1039	++make_get_dh(rfc3526, 3072, 2)
	1040	++make_get_dh(rfc3526, 4096, 2)
	1041	++
	1042	++/*
	1043	++ * Hand out standard DH parameters, based on the authentication strength
	1044	+ */
	1045	+ DH ssl_callback_TmpDH(SSL ssl, int export, int keylen)
	1046	+ {
	1047	+ conn_rec c = (conn_rec )SSL_get_app_data(ssl);
	1048	+- SSLModConfigRec *mc = myModConfigFromConn(c);
	1049	+- int idx;
	1050	+-
	1051	+- ap_log_cerror(APLOG_MARK, APLOG_TRACE2, 0, c,
	1052	+- "handing out temporary %d bit DH key", keylen);
	1053	++ EVP_PKEY *pkey = SSL_get_privatekey(ssl);
	1054	++ int type = pkey ? EVP_PKEY_type(pkey->type) : EVP_PKEY_NONE;
	1055	+
	1056	+- switch (keylen) {
	1057	+- case 512:
	1058	+- idx = SSL_TMP_KEY_DH_512;
	1059	+- break;
	1060	+-
	1061	+- case 1024:
	1062	+- default:
	1063	+- idx = SSL_TMP_KEY_DH_1024;
	1064	++ /*
	1065	++ * OpenSSL will call us with either keylen == 512 or keylen == 1024
	1066	++ * (see the definition of SSL_EXPORT_PKEYLENGTH in ssl_locl.h).
	1067	++ * Adjust the DH parameter length according to the size of the
	1068	++ * RSA/DSA private key used for the current connection, and always
	1069	++ * use at least 1024-bit parameters.
	1070	++ * Note: This may cause interoperability issues with implementations
	1071	++ * which limit their DH support to 1024 bit - e.g. Java 7 and earlier.
	1072	++ * In this case, SSLCertificateFile can be used to specify fixed
	1073	++ * 1024-bit DH parameters (with the effect that OpenSSL skips this
	1074	++ * callback).
	1075	++ */
	1076	++ if ((type == EVP_PKEY_RSA) \|\| (type == EVP_PKEY_DSA)) {
	1077	++ keylen = EVP_PKEY_bits(pkey);
	1078	+ }
	1079	+
	1080	+- return (DH *)mc->pTmpKeys[idx];
	1081	+-}
	1082	+-
	1083	+-#ifndef OPENSSL_NO_EC
	1084	+-EC_KEY ssl_callback_TmpECDH(SSL ssl, int export, int keylen)
	1085	+-{
	1086	+- conn_rec c = (conn_rec )SSL_get_app_data(ssl);
	1087	+- SSLModConfigRec *mc = myModConfigFromConn(c);
	1088	+- int idx;
	1089	+-
	1090	+- /* XXX Uses 256-bit key for now. TODO: support other sizes. */
	1091	+ ap_log_cerror(APLOG_MARK, APLOG_TRACE2, 0, c,
	1092	+- "handing out temporary 256 bit ECC key");
	1093	++ "handing out built-in DH parameters for %d-bit authenticated connection", keylen);
	1094	+
	1095	+- switch (keylen) {
	1096	+- case 256:
	1097	+- default:
	1098	+- idx = SSL_TMP_KEY_EC_256;
	1099	+- }
	1100	+-
	1101	+- return (EC_KEY *)mc->pTmpKeys[idx];
	1102	++ if (keylen >= 4096)
	1103	++ return get_dh4096();
	1104	++ else if (keylen >= 3072)
	1105	++ return get_dh3072();
	1106	++ else if (keylen >= 2048)
	1107	++ return get_dh2048();
	1108	++ else
	1109	++ return get_dh1024();
	1110	+ }
	1111	+-#endif
	1112	+
	1113	+ /*
	1114	+ * This OpenSSL callback function is called when OpenSSL
	1115	+@@ -1938,7 +1891,7 @@
	1116	+ }
	1117	+ }
	1118	+
	1119	+-#ifndef OPENSSL_NO_TLSEXT
	1120	++#ifdef HAVE_TLSEXT
	1121	+ /*
	1122	+ * This callback function is executed when OpenSSL encounters an extended
	1123	+ * client hello with a server name indication extension ("SNI", cf. RFC 4366).
	1124	+@@ -2089,7 +2042,7 @@
	1125	+
	1126	+ return 0;
	1127	+ }
	1128	+-#endif /* OPENSSL_NO_TLSEXT */
	1129	++#endif /* HAVE_TLSEXT */
	1130	+
	1131	+ #ifdef HAVE_TLS_SESSION_TICKETS
	1132	+ /*
	1133	+@@ -2161,7 +2114,7 @@
	1134	+ }
	1135	+ #endif /* HAVE_TLS_SESSION_TICKETS */
	1136	+
	1137	+-#ifndef OPENSSL_NO_SRP
	1138	++#ifdef HAVE_SRP
	1139	+
	1140	+ int ssl_callback_SRPServerParams(SSL ssl, int ad, void *arg)
	1141	+ {
	1142	+@@ -2185,4 +2138,4 @@
	1143	+ return SSL_ERROR_NONE;
	1144	+ }
	1145	+
	1146	+-#endif /* OPENSSL_NO_SRP */
	1147	++#endif /* HAVE_SRP */
	1148	+diff -Naur httpd-2.4.6-orig/modules/ssl/ssl_engine_pphrase.c httpd-2.4.6/modules/ssl/ssl_engine_pphrase.c
	1149	+--- httpd-2.4.6-orig/modules/ssl/ssl_engine_pphrase.c 2013-10-01 12:20:45.777812063 +0200
	1150	++++ httpd-2.4.6/modules/ssl/ssl_engine_pphrase.c 2013-10-01 12:20:50.992746868 +0200
	1151	+@@ -708,7 +708,7 @@
	1152	+ ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, APLOGNO(01966)
	1153	+ "Init: Failed to create pass phrase pipe '%s'",
	1154	+ sc->server->pphrase_dialog_path);
	1155	+- PEMerr(PEM_F_DEF_CALLBACK,PEM_R_PROBLEMS_GETTING_PASSWORD);
	1156	++ PEMerr(PEM_F_PEM_DEF_CALLBACK,PEM_R_PROBLEMS_GETTING_PASSWORD);
	1157	+ memset(buf, 0, (unsigned int)bufsize);
	1158	+ return (-1);
	1159	+ }
	1160	+@@ -718,7 +718,7 @@
	1161	+ }
	1162	+ else { /* sc->server->pphrase_dialog_type == SSL_PPTYPE_BUILTIN */
	1163	+ #ifdef WIN32
	1164	+- PEMerr(PEM_F_DEF_CALLBACK,PEM_R_PROBLEMS_GETTING_PASSWORD);
	1165	++ PEMerr(PEM_F_PEM_DEF_CALLBACK,PEM_R_PROBLEMS_GETTING_PASSWORD);
	1166	+ memset(buf, 0, (unsigned int)bufsize);
	1167	+ return (-1);
	1168	+ #else
	1169	+@@ -769,7 +769,7 @@
	1170	+ i = EVP_read_pw_string(buf, bufsize, "", FALSE);
	1171	+ }
	1172	+ if (i != 0) {
	1173	+- PEMerr(PEM_F_DEF_CALLBACK,PEM_R_PROBLEMS_GETTING_PASSWORD);
	1174	++ PEMerr(PEM_F_PEM_DEF_CALLBACK,PEM_R_PROBLEMS_GETTING_PASSWORD);
	1175	+ memset(buf, 0, (unsigned int)bufsize);
	1176	+ return (-1);
	1177	+ }
	1178	+diff -Naur httpd-2.4.6-orig/modules/ssl/ssl_engine_vars.c httpd-2.4.6/modules/ssl/ssl_engine_vars.c
	1179	+--- httpd-2.4.6-orig/modules/ssl/ssl_engine_vars.c 2013-10-01 12:20:45.775812088 +0200
	1180	++++ httpd-2.4.6/modules/ssl/ssl_engine_vars.c 2013-10-01 12:20:50.992746868 +0200
	1181	+@@ -382,7 +382,7 @@
	1182	+ else if (ssl != NULL && strcEQ(var, "COMPRESS_METHOD")) {
	1183	+ result = ssl_var_lookup_ssl_compress_meth(ssl);
	1184	+ }
	1185	+-#ifndef OPENSSL_NO_TLSEXT
	1186	++#ifdef HAVE_TLSEXT
	1187	+ else if (ssl != NULL && strcEQ(var, "TLS_SNI")) {
	1188	+ result = apr_pstrdup(p, SSL_get_servername(ssl,
	1189	+ TLSEXT_NAMETYPE_host_name));
	1190	+@@ -395,7 +395,7 @@
	1191	+ #endif
	1192	+ result = apr_pstrdup(p, flag ? "true" : "false");
	1193	+ }
	1194	+-#ifndef OPENSSL_NO_SRP
	1195	++#ifdef HAVE_SRP
	1196	+ else if (ssl != NULL && strcEQ(var, "SRP_USER")) {
	1197	+ if ((result = SSL_get_srp_username(ssl)) != NULL) {
	1198	+ result = apr_pstrdup(p, result);
	1199	+@@ -879,7 +879,7 @@
	1200	+ * success and writes the string to the given bio. */
	1201	+ static int dump_extn_value(BIO bio, ASN1_OCTET_STRING str)
	1202	+ {
	1203	+- MODSSL_D2I_ASN1_type_bytes_CONST unsigned char *pp = str->data;
	1204	++ const unsigned char *pp = str->data;
	1205	+ ASN1_STRING *ret = ASN1_STRING_new();
	1206	+ int rv = 0;
	1207	+
	1208	+@@ -975,7 +975,7 @@
	1209	+ static char ssl_var_lookup_ssl_compress_meth(SSL ssl)
	1210	+ {
	1211	+ char *result = "NULL";
	1212	+-#if (OPENSSL_VERSION_NUMBER >= 0x00908000) && !defined(OPENSSL_NO_COMP)
	1213	++#ifndef OPENSSL_NO_COMP
	1214	+ SSL_SESSION *pSession = SSL_get_session(ssl);
	1215	+
	1216	+ if (pSession) {
	1217	+diff -Naur httpd-2.4.6-orig/modules/ssl/ssl_private.h httpd-2.4.6/modules/ssl/ssl_private.h
	1218	+--- httpd-2.4.6-orig/modules/ssl/ssl_private.h 2013-10-01 12:20:45.774812101 +0200
	1219	++++ httpd-2.4.6/modules/ssl/ssl_private.h 2013-10-01 12:20:50.993746855 +0200
	1220	+@@ -105,65 +105,55 @@
	1221	+ #include <openssl/engine.h>
	1222	+ #endif
	1223	+
	1224	+-#if (OPENSSL_VERSION_NUMBER < 0x0090700f)
	1225	+-#error mod_ssl requires OpenSSL 0.9.7 or later
	1226	+-#endif
	1227	+-
	1228	+-/* ...shifting sands of OpenSSL... */
	1229	+-#if (OPENSSL_VERSION_NUMBER >= 0x0090707f)
	1230	+-#define MODSSL_D2I_SSL_SESSION_CONST const
	1231	+-#else
	1232	+-#define MODSSL_D2I_SSL_SESSION_CONST
	1233	+-#endif
	1234	+-
	1235	+-#if (OPENSSL_VERSION_NUMBER >= 0x00908000)
	1236	+-#define HAVE_GENERATE_EX
	1237	+-#define MODSSL_D2I_ASN1_type_bytes_CONST const
	1238	+-#define MODSSL_D2I_PrivateKey_CONST const
	1239	+-#define MODSSL_D2I_X509_CONST const
	1240	+-#else
	1241	+-#define MODSSL_D2I_ASN1_type_bytes_CONST
	1242	+-#define MODSSL_D2I_PrivateKey_CONST
	1243	+-#define MODSSL_D2I_X509_CONST
	1244	+-#endif
	1245	+-
	1246	+-#if OPENSSL_VERSION_NUMBER >= 0x00908080 && !defined(OPENSSL_NO_OCSP) \
	1247	+- && !defined(OPENSSL_NO_TLSEXT)
	1248	+-#define HAVE_OCSP_STAPLING
	1249	+-#if (OPENSSL_VERSION_NUMBER < 0x10000000)
	1250	+-#define sk_OPENSSL_STRING_pop sk_pop
	1251	+-#endif
	1252	+-#endif
	1253	+-
	1254	+-#if (OPENSSL_VERSION_NUMBER >= 0x009080a0) && defined(OPENSSL_FIPS)
	1255	+-#define HAVE_FIPS
	1256	++#if (OPENSSL_VERSION_NUMBER < 0x0090801f)
	1257	++#error mod_ssl requires OpenSSL 0.9.8a or later
	1258	+ #endif
	1259	+
	1260	++/**
	1261	++ * ...shifting sands of OpenSSL...
	1262	++ * Note: when adding support for new OpenSSL features, avoid explicit
	1263	++ * version number checks whenever possible, and use "feature-based"
	1264	++ * detection instead (check for definitions of constants or functions)
	1265	++ */
	1266	+ #if (OPENSSL_VERSION_NUMBER >= 0x10000000)
	1267	+ #define MODSSL_SSL_CIPHER_CONST const
	1268	+ #define MODSSL_SSL_METHOD_CONST const
	1269	+ #else
	1270	+ #define MODSSL_SSL_CIPHER_CONST
	1271	+ #define MODSSL_SSL_METHOD_CONST
	1272	+-/* ECC support came along in OpenSSL 1.0.0 */
	1273	+-#define OPENSSL_NO_EC
	1274	+ #endif
	1275	+
	1276	+-#ifndef PEM_F_DEF_CALLBACK
	1277	+-#ifdef PEM_F_PEM_DEF_CALLBACK
	1278	+-/** In OpenSSL 0.9.8 PEM_F_DEF_CALLBACK was renamed */
	1279	+-#define PEM_F_DEF_CALLBACK PEM_F_PEM_DEF_CALLBACK
	1280	++#if defined(OPENSSL_FIPS)
	1281	++#define HAVE_FIPS
	1282	+ #endif
	1283	++
	1284	++#if defined(SSL_OP_NO_TLSv1_2)
	1285	++#define HAVE_TLSV1_X
	1286	+ #endif
	1287	+
	1288	+-#ifndef OPENSSL_NO_TLSEXT
	1289	+-#ifndef SSL_CTRL_SET_TLSEXT_HOSTNAME
	1290	+-#define OPENSSL_NO_TLSEXT
	1291	++/**
	1292	++ * The following features all depend on TLS extension support.
	1293	++ * Within this block, check again for features (not version numbers).
	1294	++ */
	1295	++#if !defined(OPENSSL_NO_TLSEXT) && defined(SSL_set_tlsext_host_name)
	1296	++
	1297	++#define HAVE_TLSEXT
	1298	++
	1299	++/* ECC: make sure we have at least 1.0.0 */
	1300	++#if !defined(OPENSSL_NO_EC) && defined(TLSEXT_ECPOINTFORMAT_uncompressed)
	1301	++#define HAVE_ECC
	1302	++#endif
	1303	++
	1304	++/* OCSP stapling */
	1305	++#if !defined(OPENSSL_NO_OCSP) && defined(SSL_CTX_set_tlsext_status_cb)
	1306	++#define HAVE_OCSP_STAPLING
	1307	++#ifndef sk_OPENSSL_STRING_pop
	1308	++#define sk_OPENSSL_STRING_pop sk_pop
	1309	+ #endif
	1310	+ #endif
	1311	+
	1312	+-#ifndef OPENSSL_NO_TLSEXT
	1313	+-#ifdef SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB
	1314	++/* TLS session tickets */
	1315	++#if defined(SSL_CTX_set_tlsext_ticket_key_cb)
	1316	+ #define HAVE_TLS_SESSION_TICKETS
	1317	+ #define TLSEXT_TICKET_KEY_LEN 48
	1318	+ #ifndef tlsext_tick_md
	1319	+@@ -174,26 +164,15 @@
	1320	+ #endif
	1321	+ #endif
	1322	+ #endif
	1323	+-#endif
	1324	+
	1325	+-#ifdef SSL_OP_NO_TLSv1_2
	1326	+-#define HAVE_TLSV1_X
	1327	+-#endif
	1328	+-
	1329	+-#if !defined(OPENSSL_NO_COMP) && !defined(SSL_OP_NO_COMPRESSION) \
	1330	+- && OPENSSL_VERSION_NUMBER < 0x00908000L
	1331	+-#define OPENSSL_NO_COMP
	1332	+-#endif
	1333	+-
	1334	+-/* SRP support came in OpenSSL 1.0.1 */
	1335	+-#ifndef OPENSSL_NO_SRP
	1336	+-#ifdef SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB
	1337	++/* Secure Remote Password */
	1338	++#if !defined(OPENSSL_NO_SRP) && defined(SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB)
	1339	++#define HAVE_SRP
	1340	+ #include <openssl/srp.h>
	1341	+-#else
	1342	+-#define OPENSSL_NO_SRP
	1343	+-#endif
	1344	+ #endif
	1345	+
	1346	++#endif /* !defined(OPENSSL_NO_TLSEXT) && defined(SSL_set_tlsext_host_name) */
	1347	++
	1348	+ /* mod_ssl headers */
	1349	+ #include "ssl_util_ssl.h"
	1350	+
	1351	+@@ -287,7 +266,7 @@
	1352	+ #define SSL_ALGO_UNKNOWN (0)
	1353	+ #define SSL_ALGO_RSA (1<<0)
	1354	+ #define SSL_ALGO_DSA (1<<1)
	1355	+-#ifndef OPENSSL_NO_EC
	1356	++#ifdef HAVE_ECC
	1357	+ #define SSL_ALGO_ECC (1<<2)
	1358	+ #define SSL_ALGO_ALL (SSL_ALGO_RSA\|SSL_ALGO_DSA\|SSL_ALGO_ECC)
	1359	+ #else
	1360	+@@ -296,29 +275,13 @@
	1361	+
	1362	+ #define SSL_AIDX_RSA (0)
	1363	+ #define SSL_AIDX_DSA (1)
	1364	+-#ifndef OPENSSL_NO_EC
	1365	++#ifdef HAVE_ECC
	1366	+ #define SSL_AIDX_ECC (2)
	1367	+ #define SSL_AIDX_MAX (3)
	1368	+ #else
	1369	+ #define SSL_AIDX_MAX (2)
	1370	+ #endif
	1371	+
	1372	+-
	1373	+-/**
	1374	+- * Define IDs for the temporary RSA keys and DH params
	1375	+- */
	1376	+-
	1377	+-#define SSL_TMP_KEY_RSA_512 (0)
	1378	+-#define SSL_TMP_KEY_RSA_1024 (1)
	1379	+-#define SSL_TMP_KEY_DH_512 (2)
	1380	+-#define SSL_TMP_KEY_DH_1024 (3)
	1381	+-#ifndef OPENSSL_NO_EC
	1382	+-#define SSL_TMP_KEY_EC_256 (4)
	1383	+-#define SSL_TMP_KEY_MAX (5)
	1384	+-#else
	1385	+-#define SSL_TMP_KEY_MAX (4)
	1386	+-#endif
	1387	+-
	1388	+ /**
	1389	+ * Define the SSL options
	1390	+ */
	1391	+@@ -534,7 +497,6 @@
	1392	+ apr_global_mutex_t *pMutex;
	1393	+ apr_array_header_t *aRandSeed;
	1394	+ apr_hash_t *tVHostKeys;
	1395	+- void *pTmpKeys[SSL_TMP_KEY_MAX];
	1396	+
	1397	+ /* Two hash tables of pointers to ssl_asn1_t structures. The
	1398	+ * structures are used to store certificates and private keys
	1399	+@@ -656,7 +618,7 @@
	1400	+ const char *stapling_force_url;
	1401	+ #endif
	1402	+
	1403	+-#ifndef OPENSSL_NO_SRP
	1404	++#ifdef HAVE_SRP
	1405	+ char *srp_vfile;
	1406	+ char *srp_unknown_user_seed;
	1407	+ SRP_VBASE *srp_vbase;
	1408	+@@ -688,7 +650,7 @@
	1409	+ ssl_enabled_t proxy_ssl_check_peer_expire;
	1410	+ ssl_enabled_t proxy_ssl_check_peer_cn;
	1411	+ ssl_enabled_t proxy_ssl_check_peer_name;
	1412	+-#ifndef OPENSSL_NO_TLSEXT
	1413	++#ifdef HAVE_TLSEXT
	1414	+ ssl_enabled_t strict_sni_vhost_check;
	1415	+ #endif
	1416	+ #ifdef HAVE_FIPS
	1417	+@@ -792,7 +754,7 @@
	1418	+ const char ssl_cmd_SSLOCSPResponderTimeout(cmd_parms cmd, void dcfg, const char arg);
	1419	+ const char ssl_cmd_SSLOCSPEnable(cmd_parms cmd, void *dcfg, int flag);
	1420	+
	1421	+-#ifndef OPENSSL_NO_SRP
	1422	++#ifdef HAVE_SRP
	1423	+ const char ssl_cmd_SSLSRPVerifierFile(cmd_parms cmd, void dcfg, const char arg);
	1424	+ const char ssl_cmd_SSLSRPUnknownUserSeed(cmd_parms cmd, void dcfg, const char arg);
	1425	+ #endif
	1426	+@@ -823,11 +785,7 @@
	1427	+ extern const authz_provider ssl_authz_provider_verify_client;
	1428	+
	1429	+ /** OpenSSL callbacks */
	1430	+-RSA ssl_callback_TmpRSA(SSL , int, int);
	1431	+ DH ssl_callback_TmpDH(SSL , int, int);
	1432	+-#ifndef OPENSSL_NO_EC
	1433	+-EC_KEY ssl_callback_TmpECDH(SSL , int, int);
	1434	+-#endif
	1435	+ int ssl_callback_SSLVerify(int, X509_STORE_CTX *);
	1436	+ int ssl_callback_SSLVerify_CRL(int, X509_STORE_CTX , conn_rec );
	1437	+ int ssl_callback_proxy_cert(SSL ssl, X509 x509, EVP_PKEY *pkey);
	1438	+@@ -835,7 +793,7 @@
	1439	+ SSL_SESSION ssl_callback_GetSessionCacheEntry(SSL , unsigned char , int, int );
	1440	+ void ssl_callback_DelSessionCacheEntry(SSL_CTX , SSL_SESSION );
	1441	+ void ssl_callback_Info(const SSL *, int, int);
	1442	+-#ifndef OPENSSL_NO_TLSEXT
	1443	++#ifdef HAVE_TLSEXT
	1444	+ int ssl_callback_ServerNameIndication(SSL , int , modssl_ctx_t *);
	1445	+ #endif
	1446	+ #ifdef HAVE_TLS_SESSION_TICKETS
	1447	+@@ -873,7 +831,7 @@
	1448	+ void ssl_stapling_ex_init(void);
	1449	+ int ssl_stapling_init_cert(server_rec s, modssl_ctx_t mctx, X509 *x);
	1450	+ #endif
	1451	+-#ifndef OPENSSL_NO_SRP
	1452	++#ifdef HAVE_SRP
	1453	+ int ssl_callback_SRPServerParams(SSL , int , void *);
	1454	+ #endif
	1455	+
	1456	+@@ -906,8 +864,10 @@
	1457	+ void ssl_pphrase_Handle(server_rec , apr_pool_t );
	1458	+
	1459	+ /** Diffie-Hellman Parameter Support */
	1460	+-DH *ssl_dh_GetTmpParam(int);
	1461	+-DH ssl_dh_GetParamFromFile(char );
	1462	++DH ssl_dh_GetParamFromFile(const char );
	1463	++#ifdef HAVE_ECC
	1464	++EC_GROUP ssl_ec_GetParamFromFile(const char );
	1465	++#endif
	1466	+
	1467	+ unsigned char ssl_asn1_table_set(apr_hash_t table,
	1468	+ const char *key,
	1469	+diff -Naur httpd-2.4.6-orig/modules/ssl/ssl_scache.c httpd-2.4.6/modules/ssl/ssl_scache.c
	1470	+--- httpd-2.4.6-orig/modules/ssl/ssl_scache.c 2013-10-01 12:20:45.776812076 +0200
	1471	++++ httpd-2.4.6/modules/ssl/ssl_scache.c 2013-10-01 12:20:50.993746855 +0200
	1472	+@@ -148,7 +148,7 @@
	1473	+ SSLModConfigRec *mc = myModConfig(s);
	1474	+ unsigned char dest[SSL_SESSION_MAX_DER];
	1475	+ unsigned int destlen = SSL_SESSION_MAX_DER;
	1476	+- MODSSL_D2I_SSL_SESSION_CONST unsigned char *ptr;
	1477	++ const unsigned char *ptr;
	1478	+ apr_status_t rv;
	1479	+
	1480	+ if (mc->sesscache->flags & AP_SOCACHE_FLAG_NOTMPSAFE) {
	1481	+diff -Naur httpd-2.4.6-orig/modules/ssl/ssl_util.c httpd-2.4.6/modules/ssl/ssl_util.c
	1482	+--- httpd-2.4.6-orig/modules/ssl/ssl_util.c 2013-10-01 12:20:45.775812088 +0200
	1483	++++ httpd-2.4.6/modules/ssl/ssl_util.c 2013-10-01 12:20:50.993746855 +0200
	1484	+@@ -151,7 +151,7 @@
	1485	+ case EVP_PKEY_DSA:
	1486	+ t = SSL_ALGO_DSA;
	1487	+ break;
	1488	+-#ifndef OPENSSL_NO_EC
	1489	++#ifdef HAVE_ECC
	1490	+ case EVP_PKEY_EC:
	1491	+ t = SSL_ALGO_ECC;
	1492	+ break;
	1493	+@@ -177,7 +177,7 @@
	1494	+ case SSL_ALGO_DSA:
	1495	+ cp = "DSA";
	1496	+ break;
	1497	+-#ifndef OPENSSL_NO_EC
	1498	++#ifdef HAVE_ECC
	1499	+ case SSL_ALGO_ECC:
	1500	+ cp = "ECC";
	1501	+ break;
	1502	+@@ -253,7 +253,7 @@
	1503	+ apr_hash_set(table, key, klen, NULL);
	1504	+ }
	1505	+
	1506	+-#ifndef OPENSSL_NO_EC
	1507	++#ifdef HAVE_ECC
	1508	+ static const char *ssl_asn1_key_types[] = {"RSA", "DSA", "ECC"};
	1509	+ #else
	1510	+ static const char *ssl_asn1_key_types[] = {"RSA", "DSA"};
	1511	+diff -Naur httpd-2.4.6-orig/modules/ssl/ssl_util_ssl.c httpd-2.4.6/modules/ssl/ssl_util_ssl.c
	1512	+--- httpd-2.4.6-orig/modules/ssl/ssl_util_ssl.c 2013-10-01 12:20:45.777812063 +0200
	1513	++++ httpd-2.4.6/modules/ssl/ssl_util_ssl.c 2013-10-01 12:20:50.993746855 +0200
	1514	+@@ -483,6 +483,38 @@
	1515	+
	1516	+ /* _________________________________________________________________
	1517	+ **
	1518	++** Custom (EC)DH parameter support
	1519	++** _________________________________________________________________
	1520	++*/
	1521	++
	1522	++DH ssl_dh_GetParamFromFile(const char file)
	1523	++{
	1524	++ DH *dh = NULL;
	1525	++ BIO *bio;
	1526	++
	1527	++ if ((bio = BIO_new_file(file, "r")) == NULL)
	1528	++ return NULL;
	1529	++ dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL);
	1530	++ BIO_free(bio);
	1531	++ return (dh);
	1532	++}
	1533	++
	1534	++#ifdef HAVE_ECC
	1535	++EC_GROUP ssl_ec_GetParamFromFile(const char file)
	1536	++{
	1537	++ EC_GROUP *group = NULL;
	1538	++ BIO *bio;
	1539	++
	1540	++ if ((bio = BIO_new_file(file, "r")) == NULL)
	1541	++ return NULL;
	1542	++ group = PEM_read_bio_ECPKParameters(bio, NULL, NULL, NULL);
	1543	++ BIO_free(bio);
	1544	++ return (group);
	1545	++}
	1546	++#endif
	1547	++
	1548	++/* _________________________________________________________________
	1549	++**
	1550	+ ** Extra Server Certificate Chain Support
	1551	+ ** _________________________________________________________________
	1552	+ */
0	1553

...	...	@@ -1,10 +1,16 @@
	1	+AUX 00_systemd.conf 88 SHA256 487e7451ce2d834d8af09a1db09bfe235fbc87b17b13a88bf849f0739b023ce3 SHA512 c510b77450f45d8ca5b8f00ebae5de9e3dc0ecb45f9857e391ac923dadb6b5193b13e9bc372790de20bb8829f2bee5bfc0e85ad03b3a72818c5dd6a0d7f45353 WHIRLPOOL 35ff7234f1ac513a522481ed08d2281dc331835cccd1049dbbadd9f2dff7fce1700a3ae9fd8f2f490f09d82edd960f4a0b4f00a91db2bafb7c647e3b54733cef
1	2	AUX 2.2.22-envvars-std.in 1071 SHA256 1721b424f2335640e49d71e671a4be15424d29fe90f55fe4f52bd241a998d3ee SHA512 c18fd461f02ab79fc456a1ad99bf91c8891ecdabd90f41437ebf87e20b3d28d2006a10d6726164c2f0333e7aee350bd125838abaff3a188d8ab2f5f34d3e5466 WHIRLPOOL 59cbee68fc8012df01229b8d5e38045eb974bab3f08ebf5b01097dabb5275bb83e28cd09a058ce71949ca4a2439811cff457d4c7df88d7b3fc5318c6b7ef0075
2	3	AUX apache-2.2.14-staticdhparameters.diff 11745 SHA256 1fecd496f7df6438cf44b331a0b15d6ceaa0522fcb20d7246772f10f7c3c41df SHA512 5c7fa11b29efd430ddc7144ed8d656c82d9609c9da720cd5d217626505b2257c074bea1ef0f4f2c50b123be58d82fbefac3240b71c3b8c3b9b087c30b090bcf9 WHIRLPOOL ced66883bd7fc4ec868a5d6091cdc765424541c183e53283749d73d4f4b53d0c9221950df816625de9bd115f610931e91b1fac819530294fcb12a0a39b7f6f2c
3	4	AUX apache-2.2.23-tls-compression-option.diff 4211 SHA256 6ccc0003f486734e660292ac2640d99af830443c09a2d5c9d6aaf371b636d9bd SHA512 915044023b10afca9a67ca90fa4d1175d4d3ef7274308df74c78b0972fd7ec54e3fdb3f4b03ecbfc543b64153b232a140cc8e095b2f74abfcfa0cb86e21fb612 WHIRLPOOL 028be436ac78adcb631b109a23ab7f4b5c2349a95202f8ed33a111b9b2048675892b160ac737875ebe7a73937f8868d665d016a61bdbaec301eacbbad0d1cc05
4	5	AUX apache-2.4.3-dhparam.diff 12684 SHA256 5185da7eecf04f26cc496a25fabe420db065e59dd088eca51b8c08f0238d12ad SHA512 c49e4c6e607cf5bf11e59c929791d806b15ff30d11e8473e633f2ef406e5d926a2ced1910672e5263f8ea45de6f30eb37048065c1d9fbd11fb7c52603e93bd4b WHIRLPOOL 41e2ac7c8c0734e3132639db7222e488b8ffd18a6c2f2e76b401fdc0b71fc528f3d80eb3d95710084b9fa88e29ce916df215c79b47d80c3ae25188f4cea79e9c
	6	+AUX apache-2.4.6-modssl-dhparams.diff 48302 SHA256 529b747ab1858966011ed4ffab14bb8c1f015c98ecbdf72cd3a53c70a6a8f220 SHA512 9f8b0710c9b5134213415dc6dceaaad17536072250d403794b074fb690ad1168b9b408996a192017f988728b656d1cff2e18a66c5a9792580870970a6026a3f2 WHIRLPOOL 2252302acb1366c064a7f304282d480b7920989f2b0022ce8487a1da28b86164759f28fa57bd4d9ff0abf65550290e8feea4de4125bcd75cac35b7269d43a868
5	7	AUX apache-noip.diff 417 SHA256 c9ed84fec20e69f711600261a395a3d4b3ae2685318f6354c4d2ebd01c0ec4cc SHA512 fa684688e707f5fb511b228b8fa9b0f996dbf615f2f9b6478ab478e801f14c65a7381137cdbda648d68f7818891085c744da3a8249843e73bdf5ef247a90d3fe WHIRLPOOL d2636a34b0d48139adef125e76ef477d84bf7cd9785f094fe57c1d81b45e7392622d232bee5f53896d8b48eb9b3241cd48cbb585ea70d97a872c5cd3f6bfe420
6	8	AUX apache-npn 9799 SHA256 6e41b59680832b074246dd24a41aec56f9bb35ab4f34674cd20e32f1289c21ab SHA512 60d9c6f750562f087b607edf7939195f31b7e0101b9c8d1c883e3b01da192d354fc291d45832757ab50c029f99ac4ad06fa9b7ce4e5928367d1f89278fa79fa3 WHIRLPOOL 162dba8354efeccbb100a86cb61e47c0a96be11a057cfffccc194abd31721b99f4ef3e5fc9b4a7e82a7495d1369af1be3f7b3d4339ec33af24858a0049474331
	9	+AUX apache.conf 55 SHA256 ea616c5cc37979a006d69c51bda43fca15a4327d33175762652b29f5cdea1c7b SHA512 3a53beb7a283d17c14383f16ad14c0602681ac1b193cce8f5aca50ae9d9af3a71054ce4a9ab11cbcb72fe913459e1b306fd54660154e66afe10272f8c0f149f3 WHIRLPOOL fa348414f320a9f70001386dfb77d57ca4836c3ef3d251976077b7ad545d7f6752e534efadbf28c7dcb777388e3d844eba84b939dcf48881983388daf6ac23f0
	10	+AUX apache2.2.service 716 SHA256 e850ad73585fbba52ade58a39ca91adbfd52f56a0bbd426ebcadb340a7dcb62b SHA512 5f736c803772077598248bbb41f76dff396dfd2f11a60d1ba929a619275efb8c1b4c0dab78cbcdf83b9ec94db67b958b3333b01f67d71eb3b2e07dba4bca2a7c WHIRLPOOL 776a928422b8f37a12099111a1503674ca901934b60dca8596dc8bc287390be9a0e912d7ba6226dcb22eb7c669fa298ddc20fd7bf5c275b0cf019bae0d594839
	11	+AUX apache2.4.service 728 SHA256 4420af10d1237f90ae519e56e75f1cc84e9f7c7b63aca9decf91a77f88ae0390 SHA512 6b43e5638d5da68a5408d45befd10a9e42197c1a393764e945ba22d47d0736e2b28bad36a96f4f4ad4ff928db6f2c1377bd22ce401056b2f21fb38933a3cd972 WHIRLPOOL 5526995c5f4772353fcccbd83ed93c8186cb47f80f5d1244dc454ca886189ac92539572c43978d2868b77002a2397ff4794b3c8f6c655fecb432b8013afaf38e
7	12	AUX httpd-2.2.16-ecc.diff 8236 SHA256 e7fe97852875de06372d8413248fa20419946e2ab7de5198c93bffa6b5a68461 SHA512 8b54c30f9edc76bd8969ee894038f267d722d1ab8c7332a84fe21704bde0451e1a27503252fa87bd0f749dac3281eb266cda36aa7faec1a36ee6e67a8f9ae6c7 WHIRLPOOL 2d8ad3cd12b27937dcafef31df8c9fa048fb4e1ed06109e745fbe12dc869ceaa21fa2e62aa9bcb729d7fb426c1ee0a82171b5038cac56f8b8ebbc3cd3569daa9
	13	+AUX httpd-2.4.3-mod_systemd.patch 5396 SHA256 d8f5c76dd5eb0edc9759ea300d3b320ee96b6e6f9fabb8a4043f8d1b77b646a2 SHA512 0db785fac6034aa431e9d816bd06020a5b287dbdae794f8b94eb267805981a1d2a97fdb92bd13e32d35329e6db3f799a03e98456329f6a80c5863e72a26e5c59 WHIRLPOOL 4016b9626af1a8ca001518e8a45262ca4dd27a998727db988a8f1234aa7c5d56d439f4ecfdc6219510f57c97991884a7f57eaa83535988cb72e9fd8ffdee7b6e
8	14	DIST gentoo-apache-2.2.22-20120213.tar.bz2 64507 SHA256 737730dabf1e1ccfe9d409067dc3c4d37d16f7fa1e792f5bf39268d904ce1c31 SHA512 f364bdbee967b3bc797d2053b9eb347af963f99275441093930d0057465e1a12567106f5c5ac21a45a4bbd4b353ce67553038d6146f469a7bf980a9148471170 WHIRLPOOL f5a3ab44fc14ddf67ccf0785006b1d9f5c49b915114f9d7e97858fba447a5ee872c741e73c17e121b61cc0aa678b42dc154616cd64054461c552d3a8c29f4f17
9	15	DIST gentoo-apache-2.2.23-20121012.tar.bz2 64135 SHA256 711a88f26c58b10b082f7ff411366cd768f9450101da050438a2f77abeab7333 SHA512 92a49f954b82d4427862f41977625a60641731cc25ab3efdd666be8db839038e7b1c2ef2f878d5efed243eaa63237e88ee4993cd25cca1dfbb0f56a6b2093d57 WHIRLPOOL 221d9c0cf999430afc11a8e48ae67019c7f31daca827a5db7615aca24859788743e5da00e4c99b7b7b375e58fafd6c148339e5671be939dbc30735031e12c49f
10	16	DIST gentoo-apache-2.4.3-20121012.tar.bz2 24541 SHA256 aeed23c716f05d7430a6d905fb75c192418c9ba90feb96fcc474138c4addfd69 SHA512 fe37c91328bf090aacd4012030845b2e4461a116b9b60d95108c4a4749729bef5ac526d4bd3570406f3d7afe41b0f634c2e9a167ee416a56f5f82f46eb27cc26 WHIRLPOOL 421efb4a7940b52cbc2e054c5ef2f79ff19c13a3140941ec659da3ff61a70491485c1c375db29b1fa6c4dc45761df1f0fc63bd3d867c8937d33f5b6c948bade0
...	...	@@ -26,4 +32,4 @@ EBUILD apache-2.2.25.ebuild 3297 SHA256 f2a97144d474359d89e67248fa1f7a58c22e1268
26	32	EBUILD apache-2.4.3.ebuild 7203 SHA256 082ee4bc36fe78621a32ad8ae3f3117943b5572e1456618d1b547cf344c4d687 SHA512 56786dc2e5f835e1894760ad85bfba6ffd531b50e7e9f782240ac2deb7464a2aa222cd04495ab7bd81f0e30c91972f417857c9fd4ee53587ebc91ba6a542c41e WHIRLPOOL 4e8e22861a21d8defd9c8eb57fc5548ba38a911db640fc63b6a15fdcfcf86c8fbf50b09f78321ea784bf81340718242d5a7fa6c6ed1c4e0c31a4e79affc64d24
27	33	EBUILD apache-2.4.4-r1.ebuild 7252 SHA256 64b4537ade811698d002a19da3b32dc54fc590c76cab613095f7086502b34dca SHA512 30f72175c5093f6fcee56892b79e3c72106c7f160a5dff3f7f29c0be376ed94271b35f536ec4d3d539f352a90c9d741b368eb8aaeada501da8a22f1f8cfa67dc WHIRLPOOL 0bd24504dcbab1e364209e622f93a5baf78976761f9e4de7a85686417e6077829f8ca1ab7a87724f3c03362249de3fada01c06e9f553ec8bd24cf1bead516a4b
28	34	EBUILD apache-2.4.6-r1.ebuild 7476 SHA256 6d6b9331dce777b11cfef9bd8b5e9ac006e93728f549225ab6945cb81037a1a9 SHA512 c5ceb713601e2372bb36bdb705d9a7d7dd8c76ffa09339124b11b0054c180606243b21e2c1e95346a7ac0d0ab302ff88e238a8447b553abf08b8a42b390d9e42 WHIRLPOOL 974cf7113269dfb87c138635abd610aaddf92aa94d9dad508b1c11c3636715d9dcce969e0d7e13db1bf854b0f9c2100c428c351795987708659d3ad3ab9ca9b1
29		-EBUILD apache-2.4.6-r2.ebuild 7479 SHA256 f03c11e0c4faf54b368158249ab5591d92d9a215ced2f345940c65d462843fac SHA512 16a1f8dbb234feb054b05146f190dab26df1f6b325b0dc4fae429d4864087df915e8a2cffb38395aebe121ff2028c7b7edbb302ce19f2d0781a57e00a59bae03 WHIRLPOOL a386b5572216edffbf829fa51ed65d3896204d0a6562b06bb89d33ffda74c5bc5eb9201ad449a3567f47232f1a5881fb9b84a233cb72ba888f7ceb28042fdd2c
	35	+EBUILD apache-2.4.6-r2.ebuild 7487 SHA256 6d15eef1bc7ca1b70be5f61e2dfed5f8ae9feb5c3b42142c06ffc1c3a132c2cb SHA512 84d0cb9cf92a09775116702b65fc87cae08cdf0316602f9e1f05278414a9e3a9ebbbd05e4a6c2e61d7100dfb25db9b5535d3e6cc51f7294889ba370166c58be7 WHIRLPOOL 68b4c5223776d6e08c1da9e4caa93245fcf0a6f83327d6a719c0f202eb14b4a339e7105f872ca062e5f4f1f6fced87e6ddab6fc3c3f412fa6117d545e27a3dc2

...	...	@@ -136,7 +136,7 @@ RDEPEND="${RDEPEND}
136	136
137	137	# init script fixup - should be rolled into next tarball #389965
138	138	src_prepare() {
139		- epatch "${FILESDIR}/apache-2.4.3-dhparam.diff"
	139	+ epatch "${FILESDIR}/apache-2.4.6-modssl-dhparams.diff"
140	140
141	141	# the following patch can be removed once it is included in
142	142	# GENTOO_PATCHNAME="gentoo-apache-2.4.1" ...