Hanno Böck commited on 2014-05-04 11:45:42
Zeige 23 geänderte Dateien mit 252 Einfügungen und 4291 Löschungen.
... | ... |
@@ -1,34 +1,11 @@ |
1 |
+AUX 00_systemd.conf 88 SHA256 487e7451ce2d834d8af09a1db09bfe235fbc87b17b13a88bf849f0739b023ce3 SHA512 c510b77450f45d8ca5b8f00ebae5de9e3dc0ecb45f9857e391ac923dadb6b5193b13e9bc372790de20bb8829f2bee5bfc0e85ad03b3a72818c5dd6a0d7f45353 WHIRLPOOL 35ff7234f1ac513a522481ed08d2281dc331835cccd1049dbbadd9f2dff7fce1700a3ae9fd8f2f490f09d82edd960f4a0b4f00a91db2bafb7c647e3b54733cef |
|
1 | 2 |
AUX 2.2.22-envvars-std.in 1071 SHA256 1721b424f2335640e49d71e671a4be15424d29fe90f55fe4f52bd241a998d3ee SHA512 c18fd461f02ab79fc456a1ad99bf91c8891ecdabd90f41437ebf87e20b3d28d2006a10d6726164c2f0333e7aee350bd125838abaff3a188d8ab2f5f34d3e5466 WHIRLPOOL 59cbee68fc8012df01229b8d5e38045eb974bab3f08ebf5b01097dabb5275bb83e28cd09a058ce71949ca4a2439811cff457d4c7df88d7b3fc5318c6b7ef0075 |
2 |
-AUX apache-2.2.14-staticdhparameters.diff 11745 SHA256 1fecd496f7df6438cf44b331a0b15d6ceaa0522fcb20d7246772f10f7c3c41df SHA512 5c7fa11b29efd430ddc7144ed8d656c82d9609c9da720cd5d217626505b2257c074bea1ef0f4f2c50b123be58d82fbefac3240b71c3b8c3b9b087c30b090bcf9 WHIRLPOOL ced66883bd7fc4ec868a5d6091cdc765424541c183e53283749d73d4f4b53d0c9221950df816625de9bd115f610931e91b1fac819530294fcb12a0a39b7f6f2c |
|
3 |
-AUX apache-2.2.23-tls-compression-option.diff 4211 SHA256 6ccc0003f486734e660292ac2640d99af830443c09a2d5c9d6aaf371b636d9bd SHA512 915044023b10afca9a67ca90fa4d1175d4d3ef7274308df74c78b0972fd7ec54e3fdb3f4b03ecbfc543b64153b232a140cc8e095b2f74abfcfa0cb86e21fb612 WHIRLPOOL 028be436ac78adcb631b109a23ab7f4b5c2349a95202f8ed33a111b9b2048675892b160ac737875ebe7a73937f8868d665d016a61bdbaec301eacbbad0d1cc05 |
|
4 |
-AUX apache-2.4.3-dhparam.diff 12684 SHA256 5185da7eecf04f26cc496a25fabe420db065e59dd088eca51b8c08f0238d12ad SHA512 c49e4c6e607cf5bf11e59c929791d806b15ff30d11e8473e633f2ef406e5d926a2ced1910672e5263f8ea45de6f30eb37048065c1d9fbd11fb7c52603e93bd4b WHIRLPOOL 41e2ac7c8c0734e3132639db7222e488b8ffd18a6c2f2e76b401fdc0b71fc528f3d80eb3d95710084b9fa88e29ce916df215c79b47d80c3ae25188f4cea79e9c |
|
5 |
-AUX apache-2.4.6-modssl-dhparams.diff 48302 SHA256 529b747ab1858966011ed4ffab14bb8c1f015c98ecbdf72cd3a53c70a6a8f220 SHA512 9f8b0710c9b5134213415dc6dceaaad17536072250d403794b074fb690ad1168b9b408996a192017f988728b656d1cff2e18a66c5a9792580870970a6026a3f2 WHIRLPOOL 2252302acb1366c064a7f304282d480b7920989f2b0022ce8487a1da28b86164759f28fa57bd4d9ff0abf65550290e8feea4de4125bcd75cac35b7269d43a868 |
|
6 | 3 |
AUX apache-fix-sni.diff 621 SHA256 272ea68c8af38fb48a805124e5e467448cfc9e1c4a00b8ceef7d84677c8eb1b7 SHA512 865f1148fd5f38dbbea1960275ac29764cfd36369d5df81e7c1029c4363fafdda8dacce760d6424664649df20f4e3bbc15afaa1de693e79605ce2472f721d38e WHIRLPOOL ef1dfd348871d0dd13071fddc74f348ab4ea5114b78fb8db22ccefb781f2f3ca600c18752c284ccb0c7f77783a7e2332865f35a38d4766636c772628874e459e |
7 |
-AUX apache-noip.diff 417 SHA256 c9ed84fec20e69f711600261a395a3d4b3ae2685318f6354c4d2ebd01c0ec4cc SHA512 fa684688e707f5fb511b228b8fa9b0f996dbf615f2f9b6478ab478e801f14c65a7381137cdbda648d68f7818891085c744da3a8249843e73bdf5ef247a90d3fe WHIRLPOOL d2636a34b0d48139adef125e76ef477d84bf7cd9785f094fe57c1d81b45e7392622d232bee5f53896d8b48eb9b3241cd48cbb585ea70d97a872c5cd3f6bfe420 |
|
8 |
-AUX apache-npn 9799 SHA256 6e41b59680832b074246dd24a41aec56f9bb35ab4f34674cd20e32f1289c21ab SHA512 60d9c6f750562f087b607edf7939195f31b7e0101b9c8d1c883e3b01da192d354fc291d45832757ab50c029f99ac4ad06fa9b7ce4e5928367d1f89278fa79fa3 WHIRLPOOL 162dba8354efeccbb100a86cb61e47c0a96be11a057cfffccc194abd31721b99f4ef3e5fc9b4a7e82a7495d1369af1be3f7b3d4339ec33af24858a0049474331 |
|
9 |
-AUX httpd-2.2.16-ecc.diff 8236 SHA256 e7fe97852875de06372d8413248fa20419946e2ab7de5198c93bffa6b5a68461 SHA512 8b54c30f9edc76bd8969ee894038f267d722d1ab8c7332a84fe21704bde0451e1a27503252fa87bd0f749dac3281eb266cda36aa7faec1a36ee6e67a8f9ae6c7 WHIRLPOOL 2d8ad3cd12b27937dcafef31df8c9fa048fb4e1ed06109e745fbe12dc869ceaa21fa2e62aa9bcb729d7fb426c1ee0a82171b5038cac56f8b8ebbc3cd3569daa9 |
|
10 |
-DIST gentoo-apache-2.2.22-20120213.tar.bz2 64507 SHA256 737730dabf1e1ccfe9d409067dc3c4d37d16f7fa1e792f5bf39268d904ce1c31 SHA512 f364bdbee967b3bc797d2053b9eb347af963f99275441093930d0057465e1a12567106f5c5ac21a45a4bbd4b353ce67553038d6146f469a7bf980a9148471170 WHIRLPOOL f5a3ab44fc14ddf67ccf0785006b1d9f5c49b915114f9d7e97858fba447a5ee872c741e73c17e121b61cc0aa678b42dc154616cd64054461c552d3a8c29f4f17 |
|
11 |
-DIST gentoo-apache-2.2.23-20121012.tar.bz2 64135 SHA256 711a88f26c58b10b082f7ff411366cd768f9450101da050438a2f77abeab7333 SHA512 92a49f954b82d4427862f41977625a60641731cc25ab3efdd666be8db839038e7b1c2ef2f878d5efed243eaa63237e88ee4993cd25cca1dfbb0f56a6b2093d57 WHIRLPOOL 221d9c0cf999430afc11a8e48ae67019c7f31daca827a5db7615aca24859788743e5da00e4c99b7b7b375e58fafd6c148339e5671be939dbc30735031e12c49f |
|
12 |
-DIST gentoo-apache-2.4.3-20121012.tar.bz2 24541 SHA256 aeed23c716f05d7430a6d905fb75c192418c9ba90feb96fcc474138c4addfd69 SHA512 fe37c91328bf090aacd4012030845b2e4461a116b9b60d95108c4a4749729bef5ac526d4bd3570406f3d7afe41b0f634c2e9a167ee416a56f5f82f46eb27cc26 WHIRLPOOL 421efb4a7940b52cbc2e054c5ef2f79ff19c13a3140941ec659da3ff61a70491485c1c375db29b1fa6c4dc45761df1f0fc63bd3d867c8937d33f5b6c948bade0 |
|
13 |
-DIST gentoo-apache-2.4.4-20130227.tar.bz2 24579 SHA256 cf27447dc87b4c145e50a6850245e3ed8d350bc3500bb249035322b23d03ccd2 SHA512 d6e8e37c53c37e9791c9d0ed3501d271212f0d2e2aac757a8a1914f20eb7b3dc0ca7e2d33a6f17dcb3572bc1f01b2c2f5876329ac8c2a4aaa7d2bca8e71f1d84 WHIRLPOOL 6364049b25c0aa21c4336dab7d1af8d3f3d06a60766fe401fc4f818f8ff7764564d136a414c444811612698221d830040ff4c5afb2a379607d5bd32b60260be6 |
|
14 |
-DIST gentoo-apache-2.4.4-20130725.tar.bz2 24525 SHA256 c155dae39d87acc43ef34b385a2eaf2a45ff9c11d31b1c1791a74f9946335c39 SHA512 95489af418e3674b9d20dc988f4473d5d088d892bb2e6660a46a225667b0427c904d883a19fa3a847778fa00eb8ac0f27e1a5f76f0d65a28eaf0a39747353bbb WHIRLPOOL 1fd36df2db6814d01846cb40be9443aa963a0df9b45647859e901981872f64a8b4ba95aff9a14a8985feb74d51c551ab10c6734a63d5e9d001c53ab3c4383c42 |
|
15 |
-DIST gentoo-apache-2.4.4-20130801.tar.bz2 24536 SHA256 bae819de1ded2104a65dabc759e8a7bc6b442d2588ffb99e563be8482b3d87bf SHA512 97474e7d7f17d6537337b51385be4d093f9a15cf3a0a5f567ad883c4cc653d9bd3bed6e5f308e1bb9cf648be2c4a67a3099a95bd36b1be7c15ca8c512e01b2b0 WHIRLPOOL 4b75f5477b601f4159cb1b12c5f76ae4f678c83cef4441eba0e90a9be8222e4abd981a0d2205a54ddeebd8276567670c5ad827aa19f22f17196986bfd5c05c73 |
|
4 |
+AUX apache.conf 55 SHA256 ea616c5cc37979a006d69c51bda43fca15a4327d33175762652b29f5cdea1c7b SHA512 3a53beb7a283d17c14383f16ad14c0602681ac1b193cce8f5aca50ae9d9af3a71054ce4a9ab11cbcb72fe913459e1b306fd54660154e66afe10272f8c0f149f3 WHIRLPOOL fa348414f320a9f70001386dfb77d57ca4836c3ef3d251976077b7ad545d7f6752e534efadbf28c7dcb777388e3d844eba84b939dcf48881983388daf6ac23f0 |
|
5 |
+AUX apache2.2.service 716 SHA256 e850ad73585fbba52ade58a39ca91adbfd52f56a0bbd426ebcadb340a7dcb62b SHA512 5f736c803772077598248bbb41f76dff396dfd2f11a60d1ba929a619275efb8c1b4c0dab78cbcdf83b9ec94db67b958b3333b01f67d71eb3b2e07dba4bca2a7c WHIRLPOOL 776a928422b8f37a12099111a1503674ca901934b60dca8596dc8bc287390be9a0e912d7ba6226dcb22eb7c669fa298ddc20fd7bf5c275b0cf019bae0d594839 |
|
6 |
+AUX apache2.4.service 728 SHA256 4420af10d1237f90ae519e56e75f1cc84e9f7c7b63aca9decf91a77f88ae0390 SHA512 6b43e5638d5da68a5408d45befd10a9e42197c1a393764e945ba22d47d0736e2b28bad36a96f4f4ad4ff928db6f2c1377bd22ce401056b2f21fb38933a3cd972 WHIRLPOOL 5526995c5f4772353fcccbd83ed93c8186cb47f80f5d1244dc454ca886189ac92539572c43978d2868b77002a2397ff4794b3c8f6c655fecb432b8013afaf38e |
|
7 |
+AUX gentoo-apache-2.2.23-initd_fixups.patch 963 SHA256 ea8cdb5ad98416fcc3daf496bc996d23c09212f325980e0328da5e76deb8ad5d SHA512 3250d94e9fc5c3f921c756d3d5cfc670b0221a06dab376ef162cc8ecec8d1300cb95266b2a96d5a608a710326de2144662d450c8a2142a12200b1210fbc9cdb0 WHIRLPOOL 314e1d2c6d156cbf1a0330ab822f64a32d2b6b52adf46e1db4d8f148eb1e471712ebd65948056e4e2e85585499cbc1f9a0d0616f2a6c1ec9b382af35bdf8f194 |
|
8 |
+AUX httpd-2.4.3-mod_systemd.patch 5396 SHA256 d8f5c76dd5eb0edc9759ea300d3b320ee96b6e6f9fabb8a4043f8d1b77b646a2 SHA512 0db785fac6034aa431e9d816bd06020a5b287dbdae794f8b94eb267805981a1d2a97fdb92bd13e32d35329e6db3f799a03e98456329f6a80c5863e72a26e5c59 WHIRLPOOL 4016b9626af1a8ca001518e8a45262ca4dd27a998727db988a8f1234aa7c5d56d439f4ecfdc6219510f57c97991884a7f57eaa83535988cb72e9fd8ffdee7b6e |
|
16 | 9 |
DIST gentoo-apache-2.4.9-r2-20140421.tar.bz2 24952 SHA256 0494a3e2fbcfc2139b2edeeb04fa87e66d31e0335c22a47e93dbb24289f13a10 SHA512 19dabea049730ab0ea177ec95cc34364835ec11185e87851e1ad31a4b08e3a2855a79d4be0eef2c72fe07bc4647fcf1ffc444be57f7af92b798decc20270552f WHIRLPOOL 96210b689696214d689e4842da4b3795f02732abedb5b9508a3e0c881b8f8bf67a41cf06a8cb6a353f267ddad1af9202a32a0b1b41c9ad49dbc98e5c0841f1d5 |
17 |
-DIST httpd-2.2.22.tar.bz2 5378934 SHA256 dcdc9f1dc722f84798caf69d69dca78daa5e09a4269060045aeca7e4f44cb231 SHA512 b6901453aaef3cac31cf763f7748e06a2492e1f72e4158627f38e45423a9bcd9bea1f74ba1a1ec9a5c7fc554eb062ea61b944e2001f19825def2e530ce8a42bc WHIRLPOOL 32a03d638f82d791effdce888a02e66189d6fe87c2179ab9f3de034fbf5c8311d24835f28e9a18addb847aa6859ed817bf2e11833e315285474eefcea6f56891 |
|
18 |
-DIST httpd-2.2.23.tar.bz2 5485205 SHA256 14fe79bd6edd957c02cb41f4175e132c08e6ff74a7d08dc1858dd8224e351c34 SHA512 69b3bc942b2a91cdb57356a5c57078794db2d8404a23080a2621cdf33ae2d9bdbbacd0f6e95fd6e71fbfa87e94942be0a014c3e8709148f991e391d03aa6dee2 WHIRLPOOL 8d00184aff654b2d7f1c5ebd471f19ffcb57107ea37179fa05c424424d7b70ff0c9abf3be68ed9f0d091b3c057f1ba24cb989937e35087c3199f82e3dddbbd4f |
|
19 |
-DIST httpd-2.2.24.tar.bz2 5490439 SHA256 0453f5d2d7e3b1975a1c6a8a22b6d6ff768715a3b0a89b51e5f7b5851628fad7 SHA512 e1c24535bb0ae309c249c0a6fbd390064a929d960241e5e68737744f120a88b615bd5d9065fc2f749ee664ed96621c9373576e6ca32bd189d625fcd4dc1b8f01 WHIRLPOOL b24bf388e1be29cc52341d66af00318b3a60ad6db6b4df8c6cc0abf496c4e603d3b733529d21d3d1c37dad0008cacafa8078abdff6c25cb42b3874b6e176713e |
|
20 |
-DIST httpd-2.2.25.tar.bz2 5524905 SHA256 4bcaf3524796a514b31aa5c64ce80b0cdb484bab5735416de29d00f6d50fa65a SHA512 4750e79bdab4ca28c602a808531dfc1482e86bf425d5cb3bcb42a9ccfbbfde5bfd05e66649ea741523c96de6582f5e12facbb1e7d67257bcf78a3ed7a66f80d9 WHIRLPOOL 7ce37be9b66de24cc7259c6e8a0696b496c893933b1c5dbdff5147c279fb644b5d5fc77ed02531b0f081f0c217f684d1bcd98bac26938b23c1d7a4ec085162f6 |
|
21 |
-DIST httpd-2.4.3.tar.bz2 4559279 SHA256 d82102b9c111f1892fb20a2bccf4370de579c6521b2f172ed0b36f2759fb249e SHA512 d4501ae69aacb75d960bc8cb61c9e1ff52e6e42a37c37ca84c839262e183ca2f305794da28266aa2119d211ba0f4531705f66330079ab594c05e92ae8196d1ab WHIRLPOOL 4ffb7dc8057200f676557a70591d6938e92a8990d88dc88237d278f185290d260312dd8cfdd08994ffd7b7280502b3debea0f3e02acc718dd9db613222b6d2ae |
|
22 |
-DIST httpd-2.4.4.tar.bz2 4780289 SHA256 92aabddeca76a4ac7330b143df1407bbf35574c7291c15172238ac598d97655c SHA512 d68789e1e585b4acf26e4e32d063fa512525f8fcc2077b1dbf573dd9f4b47667772d94bb65fefb354fbfae331e87b3fdea422a732838c86d8887eed4b3a76af0 WHIRLPOOL c2ec29a0d52ff1d674f103d0d59c0acd15b194b1102ba5078ef76b62aa959ff92adc5977e095b30c6a778cd9385f9c4ded9bfdc6ce8fba381735ca1aa84aa9f0 |
|
23 |
-DIST httpd-2.4.6.tar.bz2 4949897 SHA256 dc9f3625ebc08bea55eeb0d16e71fba656f252e6cd0aa244ee7806dc3b022fea SHA512 8ade7ec5291f07a60e279f7a73a79c11c150dbf09c9e7b059e136fcb250130aa0f381b118f84e230184b065d452d5e946df8a5766991be8cdc6e8f5d4c4bac01 WHIRLPOOL 81f036bb438afa30106a402e256d641a2687b619ef7f6ea3e4ab61f30715560e1c9dd3afa3e53c4d99c77de72f100e8a1894a5a898247c381100ceb165b8a146 |
|
24 | 10 |
DIST httpd-2.4.9.tar.bz2 4994460 SHA256 f78cc90dfa47caf3d83ad18fd6b4e85f237777c1733fc9088594b70ce2847603 SHA512 3a66302e18a2d165b3851665dc73be7d3849fc3359c1ff9dd9e2eaebf1f1d8fb89b7b0a05929d6247750bf0ed1abf9cf3c236a373b2d99635c8ca41698719c96 WHIRLPOOL 735677695d3b1497d554dd3e8d97733359140f3bb524335ab474275ca2b5546ceab8f5f3778948fabee2d152bf5b096d99b3dabb1011a4b68905c7cd5012a648 |
25 |
-EBUILD apache-2.2.22-r1.ebuild 3206 SHA256 4c72b2164c32c34e85c6a8e99c68464e5505eeb79bf94eed7ad1d62ba2045c0e SHA512 bafab5ef6f8d8675614473c01ae71655b1cd94b75658353e8351df1cb8b9667b2164d501f98b4492810a2ec2d3415db6c5df416bc51aed4fc4ec6fc4a155288b WHIRLPOOL d6f4c9b06b3cfcad613084bb7902c7ba942848a8233b50ff48474e7407c3e1d4523f44a0ca9f0790510122719609ec767afbaf3fdd60b6dd7918fe409e9b08a2 |
|
26 |
-EBUILD apache-2.2.22.ebuild 3001 SHA256 cf930cea2f7e8a8bd2f7cabe7de9ecf56efb33d10bd3fe2d70acaa6e86cebb0c SHA512 1de2c503698334b00c3b44cad9680d8699e7ad21c80a746af4154d03433da4bcc072cf572d2ce9dbf478f6c97423ee2650521d877f2c62a27ec0189d5c66c045 WHIRLPOOL aadae0ae48a37cdd5ed3995c92fa5bf925fd2c12792cdcce08305191c09703a80bd7bc264c61165e8c26687bde97ad543722d04e090620cd7fe473c76688e233 |
|
27 |
-EBUILD apache-2.2.23.ebuild 3181 SHA256 b6502801683bcd8708e247fd11e8d7a639a7412f77d3a631827705f20e43c878 SHA512 860dce68ab969c4bacdedc3fec4d48937d7a331921e86fe02d6b1481a59cd8997d336b9c9bbc6cf9a69dd3719acc411abae1809e7770b42d31adb1cefd5dc560 WHIRLPOOL e2e128e74236c6a306d511cdc8d1e9799e9818fc842a1884eb48a8ef8683669ba321ca228ec780015e1c88044cff2904652c4a1c93a2f3af84e3552c8e7d3363 |
|
28 |
-EBUILD apache-2.2.24.ebuild 3102 SHA256 b751f4d8aa98faf4f78a695368cd294777084c1d0a7dce153fb48795dd4b05c8 SHA512 3f00a8ee05dd124ed85f152bd71a328c0d62901c4b39da59464fa31182dd492cb4c8109f23936a545b72bc0a8385219b858939664a914eb65a0a593bb02f318a WHIRLPOOL b70b72cd25136eda395e283e03f7aede0197fb5bc0f6a762f60b90b2e291f5e0a98065897a9a25e6d9cd172253eac6829952cca0a1bfde3adfbab3f0034c69e1 |
|
29 |
-EBUILD apache-2.2.25.ebuild 3297 SHA256 f2a97144d474359d89e67248fa1f7a58c22e1268357b1a9978800b8b8816767a SHA512 0f3af89b8d9a70b75e3888bfd110625875ed48aa9348033c9f316401b38468f34d11bd49e223e62b81d0a52abf4a94a5c44ea8c757e51a391d6dbd659c83c1c3 WHIRLPOOL 5608f8deaf9c90eb92a03237b3516af15c0a140f0decbc9a6e874b18e0135a8969435b3d85611ceb058453071e38ce2e3f0392e142843241c7040fecb8f072a6 |
|
30 |
-EBUILD apache-2.4.3.ebuild 7203 SHA256 082ee4bc36fe78621a32ad8ae3f3117943b5572e1456618d1b547cf344c4d687 SHA512 56786dc2e5f835e1894760ad85bfba6ffd531b50e7e9f782240ac2deb7464a2aa222cd04495ab7bd81f0e30c91972f417857c9fd4ee53587ebc91ba6a542c41e WHIRLPOOL 4e8e22861a21d8defd9c8eb57fc5548ba38a911db640fc63b6a15fdcfcf86c8fbf50b09f78321ea784bf81340718242d5a7fa6c6ed1c4e0c31a4e79affc64d24 |
|
31 |
-EBUILD apache-2.4.4-r1.ebuild 7252 SHA256 64b4537ade811698d002a19da3b32dc54fc590c76cab613095f7086502b34dca SHA512 30f72175c5093f6fcee56892b79e3c72106c7f160a5dff3f7f29c0be376ed94271b35f536ec4d3d539f352a90c9d741b368eb8aaeada501da8a22f1f8cfa67dc WHIRLPOOL 0bd24504dcbab1e364209e622f93a5baf78976761f9e4de7a85686417e6077829f8ca1ab7a87724f3c03362249de3fada01c06e9f553ec8bd24cf1bead516a4b |
|
32 |
-EBUILD apache-2.4.6-r1.ebuild 7476 SHA256 6d6b9331dce777b11cfef9bd8b5e9ac006e93728f549225ab6945cb81037a1a9 SHA512 c5ceb713601e2372bb36bdb705d9a7d7dd8c76ffa09339124b11b0054c180606243b21e2c1e95346a7ac0d0ab302ff88e238a8447b553abf08b8a42b390d9e42 WHIRLPOOL 974cf7113269dfb87c138635abd610aaddf92aa94d9dad508b1c11c3636715d9dcce969e0d7e13db1bf854b0f9c2100c428c351795987708659d3ad3ab9ca9b1 |
|
33 |
-EBUILD apache-2.4.6-r2.ebuild 7487 SHA256 6d15eef1bc7ca1b70be5f61e2dfed5f8ae9feb5c3b42142c06ffc1c3a132c2cb SHA512 84d0cb9cf92a09775116702b65fc87cae08cdf0316602f9e1f05278414a9e3a9ebbbd05e4a6c2e61d7100dfb25db9b5535d3e6cc51f7294889ba370166c58be7 WHIRLPOOL 68b4c5223776d6e08c1da9e4caa93245fcf0a6f83327d6a719c0f202eb14b4a339e7105f872ca062e5f4f1f6fced87e6ddab6fc3c3f412fa6117d545e27a3dc2 |
|
34 | 11 |
EBUILD apache-2.4.9-r2.ebuild 7545 SHA256 091b49a8545fca2d4cdc487e7df224a3d9006e899d7e8aa9f91aa7f87edd7467 SHA512 28c9cb35ab96a69b63f19ec62d5b95737da329981591502b1e4fed1038d203ef1a77673e446ee6cdff37e300bf5cbf8129f056550b05c2fa3553df068c9a6e8c WHIRLPOOL 5d55e4130a30261a0827f1a2f5925c7321a03b915b2f8cf9464762751d97b415e13f0cb6c42698b3d030e093d1021a038ee4dec6541493e4f5c401a146f568ad |
... | ... |
@@ -1,113 +0,0 @@ |
1 |
-# Copyright 1999-2012 Gentoo Foundation |
|
2 |
-# Distributed under the terms of the GNU General Public License v2 |
|
3 |
-# $Header: /var/cvsroot/gentoo-x86/www-servers/apache/apache-2.2.22-r1.ebuild,v 1.1 2012/04/20 04:22:46 patrick Exp $ |
|
4 |
- |
|
5 |
-EAPI="2" |
|
6 |
- |
|
7 |
-# latest gentoo apache files |
|
8 |
-GENTOO_PATCHSTAMP="20120213" |
|
9 |
-GENTOO_DEVELOPER="jmbsvicetto" |
|
10 |
-GENTOO_PATCHNAME="gentoo-apache-2.2.22" |
|
11 |
- |
|
12 |
-# IUSE/USE_EXPAND magic |
|
13 |
-IUSE_MPMS_FORK="itk peruser prefork" |
|
14 |
-IUSE_MPMS_THREAD="event worker" |
|
15 |
- |
|
16 |
-IUSE_MODULES="actions alias asis auth_basic auth_digest authn_alias authn_anon |
|
17 |
-authn_dbd authn_dbm authn_default authn_file authz_dbm authz_default |
|
18 |
-authz_groupfile authz_host authz_owner authz_user autoindex cache cern_meta |
|
19 |
-charset_lite cgi cgid dav dav_fs dav_lock dbd deflate dir disk_cache dumpio |
|
20 |
-env expires ext_filter file_cache filter headers ident imagemap include info |
|
21 |
-log_config log_forensic logio mem_cache mime mime_magic negotiation proxy |
|
22 |
-proxy_ajp proxy_balancer proxy_connect proxy_ftp proxy_http proxy_scgi rewrite |
|
23 |
-reqtimeout setenvif speling status substitute unique_id userdir usertrack |
|
24 |
-version vhost_alias" |
|
25 |
-# The following are also in the source as of this version, but are not available |
|
26 |
-# for user selection: |
|
27 |
-# bucketeer case_filter case_filter_in echo http isapi optional_fn_export |
|
28 |
-# optional_fn_import optional_hook_export optional_hook_import |
|
29 |
- |
|
30 |
-# inter-module dependencies |
|
31 |
-# TODO: this may still be incomplete |
|
32 |
-MODULE_DEPENDS=" |
|
33 |
- dav_fs:dav |
|
34 |
- dav_lock:dav |
|
35 |
- deflate:filter |
|
36 |
- disk_cache:cache |
|
37 |
- ext_filter:filter |
|
38 |
- file_cache:cache |
|
39 |
- log_forensic:log_config |
|
40 |
- logio:log_config |
|
41 |
- mem_cache:cache |
|
42 |
- mime_magic:mime |
|
43 |
- proxy_ajp:proxy |
|
44 |
- proxy_balancer:proxy |
|
45 |
- proxy_connect:proxy |
|
46 |
- proxy_ftp:proxy |
|
47 |
- proxy_http:proxy |
|
48 |
- proxy_scgi:proxy |
|
49 |
- substitute:filter |
|
50 |
-" |
|
51 |
- |
|
52 |
-# module<->define mappings |
|
53 |
-MODULE_DEFINES=" |
|
54 |
- auth_digest:AUTH_DIGEST |
|
55 |
- authnz_ldap:AUTHNZ_LDAP |
|
56 |
- cache:CACHE |
|
57 |
- dav:DAV |
|
58 |
- dav_fs:DAV |
|
59 |
- dav_lock:DAV |
|
60 |
- disk_cache:CACHE |
|
61 |
- file_cache:CACHE |
|
62 |
- info:INFO |
|
63 |
- ldap:LDAP |
|
64 |
- mem_cache:CACHE |
|
65 |
- proxy:PROXY |
|
66 |
- proxy_ajp:PROXY |
|
67 |
- proxy_balancer:PROXY |
|
68 |
- proxy_connect:PROXY |
|
69 |
- proxy_ftp:PROXY |
|
70 |
- proxy_http:PROXY |
|
71 |
- ssl:SSL |
|
72 |
- status:STATUS |
|
73 |
- suexec:SUEXEC |
|
74 |
- userdir:USERDIR |
|
75 |
-" |
|
76 |
- |
|
77 |
-# critical modules for the default config |
|
78 |
-MODULE_CRITICAL=" |
|
79 |
- authz_host |
|
80 |
- dir |
|
81 |
- mime |
|
82 |
-" |
|
83 |
- |
|
84 |
-inherit apache-2 |
|
85 |
- |
|
86 |
-DESCRIPTION="The Apache Web Server." |
|
87 |
-HOMEPAGE="http://httpd.apache.org/" |
|
88 |
- |
|
89 |
-# some helper scripts are Apache-1.1, thus both are here |
|
90 |
-LICENSE="Apache-2.0 Apache-1.1" |
|
91 |
-SLOT="2" |
|
92 |
-KEYWORDS="alpha amd64 arm hppa ia64 ~mips ppc ppc64 s390 sh sparc x86 ~sparc-fbsd ~x86-fbsd" |
|
93 |
-IUSE="" |
|
94 |
- |
|
95 |
-DEPEND="${DEPEND} |
|
96 |
- >=dev-libs/openssl-0.9.8m |
|
97 |
- apache2_modules_deflate? ( sys-libs/zlib )" |
|
98 |
- |
|
99 |
-# dependency on >=dev-libs/apr-1.4.5 for bug #368651 |
|
100 |
-RDEPEND="${RDEPEND} |
|
101 |
- >=dev-libs/apr-1.4.5 |
|
102 |
- >=dev-libs/openssl-0.9.8m |
|
103 |
- apache2_modules_mime? ( app-misc/mime-types )" |
|
104 |
- |
|
105 |
-# init script fixup - should be rolled into next tarball #389965 |
|
106 |
-src_prepare() { |
|
107 |
- epatch "${FILESDIR}"/apache-noip.diff |
|
108 |
- #epatch "${FILESDIR}"/httpd-2.2.16-ecc.diff |
|
109 |
- #epatch "${FILESDIR}"/apache-2.2.14-staticdhparameters.diff |
|
110 |
- apache-2_src_prepare |
|
111 |
- sed -i -e 's/! test -f/test -f/' "${GENTOO_PATCHDIR}"/init/apache2.initd || die "Failed to fix init script" |
|
112 |
- cp ${FILESDIR}/2.2.22-envvars-std.in ${S}/support/envvars-std.in || die "Failed to apply LD_PRELOAD fix" |
|
113 |
-} |
... | ... |
@@ -1,110 +0,0 @@ |
1 |
-# Copyright 1999-2012 Gentoo Foundation |
|
2 |
-# Distributed under the terms of the GNU General Public License v2 |
|
3 |
-# $Header: /var/cvsroot/gentoo-x86/www-servers/apache/apache-2.2.22.ebuild,v 1.3 2012/03/29 10:40:41 ago Exp $ |
|
4 |
- |
|
5 |
-EAPI="2" |
|
6 |
- |
|
7 |
-# latest gentoo apache files |
|
8 |
-GENTOO_PATCHSTAMP="20120213" |
|
9 |
-GENTOO_DEVELOPER="jmbsvicetto" |
|
10 |
- |
|
11 |
-# IUSE/USE_EXPAND magic |
|
12 |
-IUSE_MPMS_FORK="itk peruser prefork" |
|
13 |
-IUSE_MPMS_THREAD="event worker" |
|
14 |
- |
|
15 |
-IUSE_MODULES="actions alias asis auth_basic auth_digest authn_alias authn_anon |
|
16 |
-authn_dbd authn_dbm authn_default authn_file authz_dbm authz_default |
|
17 |
-authz_groupfile authz_host authz_owner authz_user autoindex cache cern_meta |
|
18 |
-charset_lite cgi cgid dav dav_fs dav_lock dbd deflate dir disk_cache dumpio |
|
19 |
-env expires ext_filter file_cache filter headers ident imagemap include info |
|
20 |
-log_config log_forensic logio mem_cache mime mime_magic negotiation proxy |
|
21 |
-proxy_ajp proxy_balancer proxy_connect proxy_ftp proxy_http proxy_scgi rewrite |
|
22 |
-reqtimeout setenvif speling status substitute unique_id userdir usertrack |
|
23 |
-version vhost_alias" |
|
24 |
-# The following are also in the source as of this version, but are not available |
|
25 |
-# for user selection: |
|
26 |
-# bucketeer case_filter case_filter_in echo http isapi optional_fn_export |
|
27 |
-# optional_fn_import optional_hook_export optional_hook_import |
|
28 |
- |
|
29 |
-# inter-module dependencies |
|
30 |
-# TODO: this may still be incomplete |
|
31 |
-MODULE_DEPENDS=" |
|
32 |
- dav_fs:dav |
|
33 |
- dav_lock:dav |
|
34 |
- deflate:filter |
|
35 |
- disk_cache:cache |
|
36 |
- ext_filter:filter |
|
37 |
- file_cache:cache |
|
38 |
- log_forensic:log_config |
|
39 |
- logio:log_config |
|
40 |
- mem_cache:cache |
|
41 |
- mime_magic:mime |
|
42 |
- proxy_ajp:proxy |
|
43 |
- proxy_balancer:proxy |
|
44 |
- proxy_connect:proxy |
|
45 |
- proxy_ftp:proxy |
|
46 |
- proxy_http:proxy |
|
47 |
- proxy_scgi:proxy |
|
48 |
- substitute:filter |
|
49 |
-" |
|
50 |
- |
|
51 |
-# module<->define mappings |
|
52 |
-MODULE_DEFINES=" |
|
53 |
- auth_digest:AUTH_DIGEST |
|
54 |
- authnz_ldap:AUTHNZ_LDAP |
|
55 |
- cache:CACHE |
|
56 |
- dav:DAV |
|
57 |
- dav_fs:DAV |
|
58 |
- dav_lock:DAV |
|
59 |
- disk_cache:CACHE |
|
60 |
- file_cache:CACHE |
|
61 |
- info:INFO |
|
62 |
- ldap:LDAP |
|
63 |
- mem_cache:CACHE |
|
64 |
- proxy:PROXY |
|
65 |
- proxy_ajp:PROXY |
|
66 |
- proxy_balancer:PROXY |
|
67 |
- proxy_connect:PROXY |
|
68 |
- proxy_ftp:PROXY |
|
69 |
- proxy_http:PROXY |
|
70 |
- ssl:SSL |
|
71 |
- status:STATUS |
|
72 |
- suexec:SUEXEC |
|
73 |
- userdir:USERDIR |
|
74 |
-" |
|
75 |
- |
|
76 |
-# critical modules for the default config |
|
77 |
-MODULE_CRITICAL=" |
|
78 |
- authz_host |
|
79 |
- dir |
|
80 |
- mime |
|
81 |
-" |
|
82 |
- |
|
83 |
-inherit apache-2 |
|
84 |
- |
|
85 |
-DESCRIPTION="The Apache Web Server." |
|
86 |
-HOMEPAGE="http://httpd.apache.org/" |
|
87 |
- |
|
88 |
-# some helper scripts are Apache-1.1, thus both are here |
|
89 |
-LICENSE="Apache-2.0 Apache-1.1" |
|
90 |
-SLOT="2" |
|
91 |
-KEYWORDS="~alpha amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~sparc-fbsd ~x86-fbsd" |
|
92 |
-IUSE="" |
|
93 |
- |
|
94 |
-DEPEND="${DEPEND} |
|
95 |
- >=dev-libs/openssl-0.9.8m |
|
96 |
- apache2_modules_deflate? ( sys-libs/zlib )" |
|
97 |
- |
|
98 |
-# dependency on >=dev-libs/apr-1.4.5 for bug #368651 |
|
99 |
-RDEPEND="${RDEPEND} |
|
100 |
- >=dev-libs/apr-1.4.5 |
|
101 |
- >=dev-libs/openssl-0.9.8m |
|
102 |
- apache2_modules_mime? ( app-misc/mime-types )" |
|
103 |
- |
|
104 |
-# init script fixup - should be rolled into next tarball #389965 |
|
105 |
-src_prepare() { |
|
106 |
- epatch "${FILESDIR}"/apache-noip.diff |
|
107 |
- epatch "${FILESDIR}"/httpd-2.2.16-ecc.diff |
|
108 |
- apache-2_src_prepare |
|
109 |
- sed -i -e 's/! test -f/test -f/' "${GENTOO_PATCHDIR}"/init/apache2.initd || die "Failed to fix init script" |
|
110 |
-} |
... | ... |
@@ -1,114 +0,0 @@ |
1 |
-# Copyright 1999-2012 Gentoo Foundation |
|
2 |
-# Distributed under the terms of the GNU General Public License v2 |
|
3 |
-# $Header: /var/cvsroot/gentoo-x86/www-servers/apache/apache-2.2.23.ebuild,v 1.3 2012/10/13 18:57:10 blueness Exp $ |
|
4 |
- |
|
5 |
-EAPI="2" |
|
6 |
- |
|
7 |
-# latest gentoo apache files |
|
8 |
-GENTOO_PATCHSTAMP="20121012" |
|
9 |
-GENTOO_DEVELOPER="patrick" |
|
10 |
-#GENTOO_PATCHNAME="gentoo-apache-2.2.22" |
|
11 |
- |
|
12 |
-# IUSE/USE_EXPAND magic |
|
13 |
-IUSE_MPMS_FORK="itk peruser prefork" |
|
14 |
-IUSE_MPMS_THREAD="event worker" |
|
15 |
- |
|
16 |
-IUSE_MODULES="actions alias asis auth_basic auth_digest authn_alias authn_anon |
|
17 |
-authn_dbd authn_dbm authn_default authn_file authz_dbm authz_default |
|
18 |
-authz_groupfile authz_host authz_owner authz_user autoindex cache cern_meta |
|
19 |
-charset_lite cgi cgid dav dav_fs dav_lock dbd deflate dir disk_cache dumpio |
|
20 |
-env expires ext_filter file_cache filter headers ident imagemap include info |
|
21 |
-log_config log_forensic logio mem_cache mime mime_magic negotiation proxy |
|
22 |
-proxy_ajp proxy_balancer proxy_connect proxy_ftp proxy_http proxy_scgi rewrite |
|
23 |
-reqtimeout setenvif speling status substitute unique_id userdir usertrack |
|
24 |
-version vhost_alias" |
|
25 |
-# The following are also in the source as of this version, but are not available |
|
26 |
-# for user selection: |
|
27 |
-# bucketeer case_filter case_filter_in echo http isapi optional_fn_export |
|
28 |
-# optional_fn_import optional_hook_export optional_hook_import |
|
29 |
- |
|
30 |
-# inter-module dependencies |
|
31 |
-# TODO: this may still be incomplete |
|
32 |
-MODULE_DEPENDS=" |
|
33 |
- dav_fs:dav |
|
34 |
- dav_lock:dav |
|
35 |
- deflate:filter |
|
36 |
- disk_cache:cache |
|
37 |
- ext_filter:filter |
|
38 |
- file_cache:cache |
|
39 |
- log_forensic:log_config |
|
40 |
- logio:log_config |
|
41 |
- mem_cache:cache |
|
42 |
- mime_magic:mime |
|
43 |
- proxy_ajp:proxy |
|
44 |
- proxy_balancer:proxy |
|
45 |
- proxy_connect:proxy |
|
46 |
- proxy_ftp:proxy |
|
47 |
- proxy_http:proxy |
|
48 |
- proxy_scgi:proxy |
|
49 |
- substitute:filter |
|
50 |
-" |
|
51 |
- |
|
52 |
-# module<->define mappings |
|
53 |
-MODULE_DEFINES=" |
|
54 |
- auth_digest:AUTH_DIGEST |
|
55 |
- authnz_ldap:AUTHNZ_LDAP |
|
56 |
- cache:CACHE |
|
57 |
- dav:DAV |
|
58 |
- dav_fs:DAV |
|
59 |
- dav_lock:DAV |
|
60 |
- disk_cache:CACHE |
|
61 |
- file_cache:CACHE |
|
62 |
- info:INFO |
|
63 |
- ldap:LDAP |
|
64 |
- mem_cache:CACHE |
|
65 |
- proxy:PROXY |
|
66 |
- proxy_ajp:PROXY |
|
67 |
- proxy_balancer:PROXY |
|
68 |
- proxy_connect:PROXY |
|
69 |
- proxy_ftp:PROXY |
|
70 |
- proxy_http:PROXY |
|
71 |
- ssl:SSL |
|
72 |
- status:STATUS |
|
73 |
- suexec:SUEXEC |
|
74 |
- userdir:USERDIR |
|
75 |
-" |
|
76 |
- |
|
77 |
-# critical modules for the default config |
|
78 |
-MODULE_CRITICAL=" |
|
79 |
- authz_host |
|
80 |
- dir |
|
81 |
- mime |
|
82 |
-" |
|
83 |
- |
|
84 |
-inherit apache-2 |
|
85 |
- |
|
86 |
-DESCRIPTION="The Apache Web Server." |
|
87 |
-HOMEPAGE="http://httpd.apache.org/" |
|
88 |
- |
|
89 |
-# some helper scripts are Apache-1.1, thus both are here |
|
90 |
-LICENSE="Apache-2.0 Apache-1.1" |
|
91 |
-SLOT="2" |
|
92 |
-KEYWORDS="~alpha amd64 ~arm ~hppa ~ia64 ~mips ppc ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd" |
|
93 |
-IUSE="" |
|
94 |
- |
|
95 |
-DEPEND="${DEPEND} |
|
96 |
- >=dev-libs/openssl-0.9.8m |
|
97 |
- apache2_modules_deflate? ( sys-libs/zlib )" |
|
98 |
- |
|
99 |
-# dependency on >=dev-libs/apr-1.4.5 for bug #368651 |
|
100 |
-RDEPEND="${RDEPEND} |
|
101 |
- >=dev-libs/apr-1.4.5 |
|
102 |
- >=dev-libs/openssl-0.9.8m |
|
103 |
- apache2_modules_mime? ( app-misc/mime-types )" |
|
104 |
- |
|
105 |
-# init script fixup - should be rolled into next tarball #389965 |
|
106 |
-src_prepare() { |
|
107 |
- |
|
108 |
- epatch "${FILESDIR}"/apache-noip.diff |
|
109 |
- epatch "${FILESDIR}"/apache-2.2.23-tls-compression-option.diff |
|
110 |
- |
|
111 |
- apache-2_src_prepare |
|
112 |
- sed -i -e 's/! test -f/test -f/' "${GENTOO_PATCHDIR}"/init/apache2.initd || die "Failed to fix init script" |
|
113 |
- cp ${FILESDIR}/2.2.22-envvars-std.in ${S}/support/envvars-std.in || die "Failed to apply LD_PRELOAD fix" |
|
114 |
-} |
... | ... |
@@ -1,111 +0,0 @@ |
1 |
-# Copyright 1999-2013 Gentoo Foundation |
|
2 |
-# Distributed under the terms of the GNU General Public License v2 |
|
3 |
-# $Header: /var/cvsroot/gentoo-x86/www-servers/apache/apache-2.2.24.ebuild,v 1.12 2013/03/05 09:18:51 ago Exp $ |
|
4 |
- |
|
5 |
-EAPI="2" |
|
6 |
- |
|
7 |
-# latest gentoo apache files |
|
8 |
-GENTOO_PATCHSTAMP="20121012" |
|
9 |
-GENTOO_DEVELOPER="patrick" |
|
10 |
-GENTOO_PATCHNAME="gentoo-apache-2.2.23" |
|
11 |
- |
|
12 |
-# IUSE/USE_EXPAND magic |
|
13 |
-IUSE_MPMS_FORK="itk peruser prefork" |
|
14 |
-IUSE_MPMS_THREAD="event worker" |
|
15 |
- |
|
16 |
-IUSE_MODULES="actions alias asis auth_basic auth_digest authn_alias authn_anon |
|
17 |
-authn_dbd authn_dbm authn_default authn_file authz_dbm authz_default |
|
18 |
-authz_groupfile authz_host authz_owner authz_user autoindex cache cern_meta |
|
19 |
-charset_lite cgi cgid dav dav_fs dav_lock dbd deflate dir disk_cache dumpio |
|
20 |
-env expires ext_filter file_cache filter headers ident imagemap include info |
|
21 |
-log_config log_forensic logio mem_cache mime mime_magic negotiation proxy |
|
22 |
-proxy_ajp proxy_balancer proxy_connect proxy_ftp proxy_http proxy_scgi rewrite |
|
23 |
-reqtimeout setenvif speling status substitute unique_id userdir usertrack |
|
24 |
-version vhost_alias" |
|
25 |
-# The following are also in the source as of this version, but are not available |
|
26 |
-# for user selection: |
|
27 |
-# bucketeer case_filter case_filter_in echo http isapi optional_fn_export |
|
28 |
-# optional_fn_import optional_hook_export optional_hook_import |
|
29 |
- |
|
30 |
-# inter-module dependencies |
|
31 |
-# TODO: this may still be incomplete |
|
32 |
-MODULE_DEPENDS=" |
|
33 |
- dav_fs:dav |
|
34 |
- dav_lock:dav |
|
35 |
- deflate:filter |
|
36 |
- disk_cache:cache |
|
37 |
- ext_filter:filter |
|
38 |
- file_cache:cache |
|
39 |
- log_forensic:log_config |
|
40 |
- logio:log_config |
|
41 |
- mem_cache:cache |
|
42 |
- mime_magic:mime |
|
43 |
- proxy_ajp:proxy |
|
44 |
- proxy_balancer:proxy |
|
45 |
- proxy_connect:proxy |
|
46 |
- proxy_ftp:proxy |
|
47 |
- proxy_http:proxy |
|
48 |
- proxy_scgi:proxy |
|
49 |
- substitute:filter |
|
50 |
-" |
|
51 |
- |
|
52 |
-# module<->define mappings |
|
53 |
-MODULE_DEFINES=" |
|
54 |
- auth_digest:AUTH_DIGEST |
|
55 |
- authnz_ldap:AUTHNZ_LDAP |
|
56 |
- cache:CACHE |
|
57 |
- dav:DAV |
|
58 |
- dav_fs:DAV |
|
59 |
- dav_lock:DAV |
|
60 |
- disk_cache:CACHE |
|
61 |
- file_cache:CACHE |
|
62 |
- info:INFO |
|
63 |
- ldap:LDAP |
|
64 |
- mem_cache:CACHE |
|
65 |
- proxy:PROXY |
|
66 |
- proxy_ajp:PROXY |
|
67 |
- proxy_balancer:PROXY |
|
68 |
- proxy_connect:PROXY |
|
69 |
- proxy_ftp:PROXY |
|
70 |
- proxy_http:PROXY |
|
71 |
- ssl:SSL |
|
72 |
- status:STATUS |
|
73 |
- suexec:SUEXEC |
|
74 |
- userdir:USERDIR |
|
75 |
-" |
|
76 |
- |
|
77 |
-# critical modules for the default config |
|
78 |
-MODULE_CRITICAL=" |
|
79 |
- authz_host |
|
80 |
- dir |
|
81 |
- mime |
|
82 |
-" |
|
83 |
- |
|
84 |
-inherit apache-2 |
|
85 |
- |
|
86 |
-DESCRIPTION="The Apache Web Server." |
|
87 |
-HOMEPAGE="http://httpd.apache.org/" |
|
88 |
- |
|
89 |
-# some helper scripts are Apache-1.1, thus both are here |
|
90 |
-LICENSE="Apache-2.0 Apache-1.1" |
|
91 |
-SLOT="2" |
|
92 |
-KEYWORDS="alpha amd64 arm hppa ia64 ~mips ppc ppc64 s390 sh sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd" |
|
93 |
-IUSE="" |
|
94 |
- |
|
95 |
-DEPEND="${DEPEND} |
|
96 |
- >=dev-libs/openssl-0.9.8m |
|
97 |
- apache2_modules_deflate? ( sys-libs/zlib )" |
|
98 |
- |
|
99 |
-# dependency on >=dev-libs/apr-1.4.5 for bug #368651 |
|
100 |
-RDEPEND="${RDEPEND} |
|
101 |
- >=dev-libs/apr-1.4.5 |
|
102 |
- >=dev-libs/openssl-0.9.8m |
|
103 |
- apache2_modules_mime? ( app-misc/mime-types )" |
|
104 |
- |
|
105 |
-# init script fixup - should be rolled into next tarball #389965 |
|
106 |
-src_prepare() { |
|
107 |
- epatch "${FILESDIR}"/apache-noip.diff |
|
108 |
- apache-2_src_prepare |
|
109 |
- sed -i -e 's/! test -f/test -f/' "${GENTOO_PATCHDIR}"/init/apache2.initd || die "Failed to fix init script" |
|
110 |
- cp ${FILESDIR}/2.2.22-envvars-std.in ${S}/support/envvars-std.in || die "Failed to apply LD_PRELOAD fix" |
|
111 |
-} |
... | ... |
@@ -1,120 +0,0 @@ |
1 |
-# Copyright 1999-2013 Gentoo Foundation |
|
2 |
-# Distributed under the terms of the GNU General Public License v2 |
|
3 |
-# $Header: /var/cvsroot/gentoo-x86/www-servers/apache/apache-2.2.25.ebuild,v 1.5 2013/07/23 20:02:10 ago Exp $ |
|
4 |
- |
|
5 |
-EAPI="2" |
|
6 |
- |
|
7 |
-WANT_AUTOMAKE="1.11" |
|
8 |
- |
|
9 |
-# latest gentoo apache files |
|
10 |
-GENTOO_PATCHSTAMP="20121012" |
|
11 |
-GENTOO_DEVELOPER="patrick" |
|
12 |
-GENTOO_PATCHNAME="gentoo-apache-2.2.23" |
|
13 |
- |
|
14 |
-# IUSE/USE_EXPAND magic |
|
15 |
-IUSE_MPMS_FORK="itk peruser prefork" |
|
16 |
-IUSE_MPMS_THREAD="event worker" |
|
17 |
- |
|
18 |
-IUSE_MODULES="actions alias asis auth_basic auth_digest authn_alias authn_anon |
|
19 |
-authn_dbd authn_dbm authn_default authn_file authz_dbm authz_default |
|
20 |
-authz_groupfile authz_host authz_owner authz_user autoindex cache cern_meta |
|
21 |
-charset_lite cgi cgid dav dav_fs dav_lock dbd deflate dir disk_cache dumpio |
|
22 |
-env expires ext_filter file_cache filter headers ident imagemap include info |
|
23 |
-log_config log_forensic logio mem_cache mime mime_magic negotiation proxy |
|
24 |
-proxy_ajp proxy_balancer proxy_connect proxy_ftp proxy_http proxy_scgi rewrite |
|
25 |
-reqtimeout setenvif speling status substitute unique_id userdir usertrack |
|
26 |
-version vhost_alias" |
|
27 |
-# The following are also in the source as of this version, but are not available |
|
28 |
-# for user selection: |
|
29 |
-# bucketeer case_filter case_filter_in echo http isapi optional_fn_export |
|
30 |
-# optional_fn_import optional_hook_export optional_hook_import |
|
31 |
- |
|
32 |
-# inter-module dependencies |
|
33 |
-# TODO: this may still be incomplete |
|
34 |
-MODULE_DEPENDS=" |
|
35 |
- dav_fs:dav |
|
36 |
- dav_lock:dav |
|
37 |
- deflate:filter |
|
38 |
- disk_cache:cache |
|
39 |
- ext_filter:filter |
|
40 |
- file_cache:cache |
|
41 |
- log_forensic:log_config |
|
42 |
- logio:log_config |
|
43 |
- mem_cache:cache |
|
44 |
- mime_magic:mime |
|
45 |
- proxy_ajp:proxy |
|
46 |
- proxy_balancer:proxy |
|
47 |
- proxy_connect:proxy |
|
48 |
- proxy_ftp:proxy |
|
49 |
- proxy_http:proxy |
|
50 |
- proxy_scgi:proxy |
|
51 |
- substitute:filter |
|
52 |
-" |
|
53 |
- |
|
54 |
-# module<->define mappings |
|
55 |
-MODULE_DEFINES=" |
|
56 |
- auth_digest:AUTH_DIGEST |
|
57 |
- authnz_ldap:AUTHNZ_LDAP |
|
58 |
- cache:CACHE |
|
59 |
- dav:DAV |
|
60 |
- dav_fs:DAV |
|
61 |
- dav_lock:DAV |
|
62 |
- disk_cache:CACHE |
|
63 |
- file_cache:CACHE |
|
64 |
- info:INFO |
|
65 |
- ldap:LDAP |
|
66 |
- mem_cache:CACHE |
|
67 |
- proxy:PROXY |
|
68 |
- proxy_ajp:PROXY |
|
69 |
- proxy_balancer:PROXY |
|
70 |
- proxy_connect:PROXY |
|
71 |
- proxy_ftp:PROXY |
|
72 |
- proxy_http:PROXY |
|
73 |
- ssl:SSL |
|
74 |
- status:STATUS |
|
75 |
- suexec:SUEXEC |
|
76 |
- userdir:USERDIR |
|
77 |
-" |
|
78 |
- |
|
79 |
-# critical modules for the default config |
|
80 |
-MODULE_CRITICAL=" |
|
81 |
- authz_host |
|
82 |
- dir |
|
83 |
- mime |
|
84 |
-" |
|
85 |
- |
|
86 |
-inherit apache-2 systemd |
|
87 |
- |
|
88 |
-DESCRIPTION="The Apache Web Server." |
|
89 |
-HOMEPAGE="http://httpd.apache.org/" |
|
90 |
- |
|
91 |
-# some helper scripts are Apache-1.1, thus both are here |
|
92 |
-LICENSE="Apache-2.0 Apache-1.1" |
|
93 |
-SLOT="2" |
|
94 |
-KEYWORDS="~alpha amd64 arm hppa ~ia64 ~mips ppc ~ppc64 ~s390 ~sh ~sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd" |
|
95 |
-IUSE="" |
|
96 |
- |
|
97 |
-DEPEND="${DEPEND} |
|
98 |
- >=dev-libs/openssl-0.9.8m |
|
99 |
- apache2_modules_deflate? ( sys-libs/zlib )" |
|
100 |
- |
|
101 |
-# dependency on >=dev-libs/apr-1.4.5 for bug #368651 |
|
102 |
-RDEPEND="${RDEPEND} |
|
103 |
- >=dev-libs/apr-1.4.5 |
|
104 |
- >=dev-libs/openssl-0.9.8m |
|
105 |
- apache2_modules_mime? ( app-misc/mime-types )" |
|
106 |
- |
|
107 |
-# init script fixup - should be rolled into next tarball #389965 |
|
108 |
-src_prepare() { |
|
109 |
- apache-2_src_prepare |
|
110 |
- epatch "${FILESDIR}"/apache-noip.diff |
|
111 |
- sed -i -e 's/! test -f/test -f/' "${GENTOO_PATCHDIR}"/init/apache2.initd || die "Failed to fix init script" |
|
112 |
- cp "${FILESDIR}"/2.2.22-envvars-std.in "${S}"/support/envvars-std.in || die "Failed to apply LD_PRELOAD fix" |
|
113 |
-} |
|
114 |
- |
|
115 |
-src_install() { |
|
116 |
- apache-2_src_install |
|
117 |
- |
|
118 |
- systemd_newunit "${FILESDIR}/apache2.2.service" "apache2.service" |
|
119 |
- systemd_dotmpfilesd "${FILESDIR}/apache.conf" |
|
120 |
-} |
... | ... |
@@ -1,214 +0,0 @@ |
1 |
-# Copyright 1999-2012 Gentoo Foundation |
|
2 |
-# Distributed under the terms of the GNU General Public License v2 |
|
3 |
-# $Header: /var/cvsroot/gentoo-x86/www-servers/apache/apache-2.4.3.ebuild,v 1.2 2012/10/13 03:13:09 mr_bones_ Exp $ |
|
4 |
- |
|
5 |
-EAPI="2" |
|
6 |
- |
|
7 |
-# latest gentoo apache files |
|
8 |
-GENTOO_PATCHSTAMP="20121012" |
|
9 |
-GENTOO_DEVELOPER="patrick" |
|
10 |
-#GENTOO_PATCHNAME="gentoo-apache-2.4.1" |
|
11 |
- |
|
12 |
-# IUSE/USE_EXPAND magic |
|
13 |
-IUSE_MPMS_FORK="itk peruser prefork" |
|
14 |
-IUSE_MPMS_THREAD="event worker" |
|
15 |
- |
|
16 |
-# << obsolete modules: |
|
17 |
-# authn_default authz_default mem_cache |
|
18 |
-# mem_cache is replaced by cache_disk |
|
19 |
-# ?? buggy modules |
|
20 |
-# proxy_scgi: startup error: undefined symbol "ap_proxy_release_connection", no fix found |
|
21 |
-# >> added modules for reason: |
|
22 |
-# compat: compatibility with 2.2 access control |
|
23 |
-# authz_host: new module for access control |
|
24 |
-# authn_core: functionality provided by authn_alias in previous versions |
|
25 |
-# authz_core: new module, provides core authorization capabilities |
|
26 |
-# cache_disk: replacement for mem_cache |
|
27 |
-# lbmethod_byrequests: Split off from mod_proxy_balancer in 2.3 |
|
28 |
-# lbmethod_bytraffic: Split off from mod_proxy_balancer in 2.3 |
|
29 |
-# lbmethod_bybusyness: Split off from mod_proxy_balancer in 2.3 |
|
30 |
-# lbmethod_heartbeat: Split off from mod_proxy_balancer in 2.3 |
|
31 |
-# slotmem_shm: Slot-based shared memory provider (for lbmethod_byrequests). |
|
32 |
-# socache_shmcb: shared object cache provider. Default config with ssl needs it |
|
33 |
-# unixd: fixes startup error: Invalid command 'User' |
|
34 |
-IUSE_MODULES="access_compat actions alias asis auth_basic auth_digest authn_alias authn_anon |
|
35 |
-authn_core authn_dbd authn_dbm authn_file authz_core authz_dbm |
|
36 |
-authz_groupfile authz_host authz_owner authz_user autoindex cache cache_disk cern_meta |
|
37 |
-charset_lite cgi cgid dav dav_fs dav_lock dbd deflate dir dumpio |
|
38 |
-env expires ext_filter file_cache filter headers ident imagemap include info |
|
39 |
-lbmethod_byrequests lbmethod_bytraffic lbmethod_bybusyness lbmethod_heartbeat |
|
40 |
-log_config log_forensic logio mime mime_magic negotiation proxy |
|
41 |
-proxy_ajp proxy_balancer proxy_connect proxy_ftp proxy_http proxy_scgi rewrite |
|
42 |
-reqtimeout setenvif slotmem_shm speling socache_shmcb status substitute unique_id userdir usertrack |
|
43 |
-unixd version vhost_alias" |
|
44 |
-# The following are also in the source as of this version, but are not available |
|
45 |
-# for user selection: |
|
46 |
-# bucketeer case_filter case_filter_in echo http isapi optional_fn_export |
|
47 |
-# optional_fn_import optional_hook_export optional_hook_import |
|
48 |
- |
|
49 |
-# inter-module dependencies |
|
50 |
-# TODO: this may still be incomplete |
|
51 |
-MODULE_DEPENDS=" |
|
52 |
- dav_fs:dav |
|
53 |
- dav_lock:dav |
|
54 |
- deflate:filter |
|
55 |
- cache_disk:cache |
|
56 |
- ext_filter:filter |
|
57 |
- file_cache:cache |
|
58 |
- lbmethod_byrequests:proxy_balancer |
|
59 |
- lbmethod_byrequests:slotmem_shm |
|
60 |
- lbmethod_bytraffic:proxy_balancer |
|
61 |
- lbmethod_bybusyness:proxy_balancer |
|
62 |
- lbmethod_heartbeat:proxy_balancer |
|
63 |
- log_forensic:log_config |
|
64 |
- logio:log_config |
|
65 |
- cache_disk:cache |
|
66 |
- mime_magic:mime |
|
67 |
- proxy_ajp:proxy |
|
68 |
- proxy_balancer:proxy |
|
69 |
- proxy_connect:proxy |
|
70 |
- proxy_ftp:proxy |
|
71 |
- proxy_http:proxy |
|
72 |
- proxy_scgi:proxy |
|
73 |
- substitute:filter |
|
74 |
-" |
|
75 |
- |
|
76 |
-# module<->define mappings |
|
77 |
-MODULE_DEFINES=" |
|
78 |
- auth_digest:AUTH_DIGEST |
|
79 |
- authnz_ldap:AUTHNZ_LDAP |
|
80 |
- cache:CACHE |
|
81 |
- cache_disk:CACHE |
|
82 |
- dav:DAV |
|
83 |
- dav_fs:DAV |
|
84 |
- dav_lock:DAV |
|
85 |
- file_cache:CACHE |
|
86 |
- info:INFO |
|
87 |
- ldap:LDAP |
|
88 |
- proxy:PROXY |
|
89 |
- proxy_ajp:PROXY |
|
90 |
- proxy_balancer:PROXY |
|
91 |
- proxy_connect:PROXY |
|
92 |
- proxy_ftp:PROXY |
|
93 |
- proxy_http:PROXY |
|
94 |
- socache_shmcb:SSL |
|
95 |
- ssl:SSL |
|
96 |
- status:STATUS |
|
97 |
- suexec:SUEXEC |
|
98 |
- userdir:USERDIR |
|
99 |
-" |
|
100 |
- |
|
101 |
-# critical modules for the default config |
|
102 |
-MODULE_CRITICAL=" |
|
103 |
- authn_core |
|
104 |
- authz_core |
|
105 |
- authz_host |
|
106 |
- dir |
|
107 |
- mime |
|
108 |
- unixd |
|
109 |
-" |
|
110 |
-# dependend criticals |
|
111 |
-use ssl && MODULE_CRITICAL+=" socache_shmcb" |
|
112 |
-use doc && MODULE_CRITICAL+=" alias negotiation setenvif" |
|
113 |
- |
|
114 |
-inherit eutils apache-2 |
|
115 |
- |
|
116 |
-DESCRIPTION="The Apache Web Server." |
|
117 |
-HOMEPAGE="http://httpd.apache.org/" |
|
118 |
- |
|
119 |
-# some helper scripts are Apache-1.1, thus both are here |
|
120 |
-LICENSE="Apache-2.0 Apache-1.1" |
|
121 |
-SLOT="2" |
|
122 |
-KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~sparc-fbsd ~x86-fbsd" |
|
123 |
-IUSE="" |
|
124 |
- |
|
125 |
-DEPEND="${DEPEND} |
|
126 |
- >=dev-libs/openssl-0.9.8m |
|
127 |
- apache2_modules_deflate? ( sys-libs/zlib )" |
|
128 |
- |
|
129 |
-# dependency on >=dev-libs/apr-1.4.5 for bug #368651 |
|
130 |
-RDEPEND="${RDEPEND} |
|
131 |
- >=dev-libs/apr-1.4.5 |
|
132 |
- >=dev-libs/openssl-0.9.8m |
|
133 |
- apache2_modules_mime? ( app-misc/mime-types )" |
|
134 |
- |
|
135 |
-# init script fixup - should be rolled into next tarball #389965 |
|
136 |
-src_prepare() { |
|
137 |
- epatch "${FILESDIR}"/apache-npn |
|
138 |
- epatch "${FILESDIR}"/apache-2.4.3-dhparam.diff |
|
139 |
- # the following patch can be removed once it is included in |
|
140 |
- # GENTOO_PATCHNAME="gentoo-apache-2.4.1" ... |
|
141 |
- if [ -f "${FILESDIR}/${GENTOO_PATCHNAME}-${GENTOO_DEVELOPER}-${GENTOO_PATCHSTAMP}-${PVR}.patch" ]; then |
|
142 |
- cd "${GENTOO_PATCHDIR}" || die "Failed to cd to ${GENTOO_PATCHDIR}" |
|
143 |
- epatch "${FILESDIR}/${GENTOO_PATCHNAME}-${GENTOO_DEVELOPER}-${GENTOO_PATCHSTAMP}-${PVR}.patch" \ |
|
144 |
- || die "epatch failed" |
|
145 |
- cd "${S}" || die "Failed to cd to ${S}" |
|
146 |
- fi |
|
147 |
- apache-2_src_prepare |
|
148 |
- sed -i -e 's/! test -f/test -f/' "${GENTOO_PATCHDIR}"/init/apache2.initd || die "Failed to fix init script" |
|
149 |
-} |
|
150 |
- |
|
151 |
-src_install() { |
|
152 |
- apache-2_src_install |
|
153 |
- for i in /usr/bin/{htdigest,logresolve,htpasswd,htdbm,ab,httxt2dbm}; do |
|
154 |
- rm "${D}"/$i || die "Failed to prune apache-tools bits" |
|
155 |
- done |
|
156 |
- for i in /usr/share/man/man8/{rotatelogs.8,htcacheclean.8}; do |
|
157 |
- rm "${D}"/$i || die "Failed to prune apache-tools bits" |
|
158 |
- done |
|
159 |
- for i in /usr/share/man/man1/{logresolve.1,htdbm.1,htdigest.1,htpasswd.1,dbmmanage.1,ab.1}; do |
|
160 |
- rm "${D}"/$i || die "Failed to prune apache-tools bits" |
|
161 |
- done |
|
162 |
- for i in /usr/sbin/{checkgid,fcgistarter,htcacheclean,rotatelogs}; do |
|
163 |
- rm "${D}/"$i || die "Failed to prune apache-tools bits" |
|
164 |
- done |
|
165 |
- |
|
166 |
- # well, actually installing things makes them more installed, I guess? |
|
167 |
- cp "${S}"/support/apxs "${D}"/usr/sbin/apxs || die "Failed to install apxs" |
|
168 |
- chmod 0755 "${D}"/usr/sbin/apxs |
|
169 |
- |
|
170 |
- # create dir defined in 40_mod_ssl.conf |
|
171 |
- if use ssl; then |
|
172 |
- dodir /var/run/apache_ssl_mutex || die "Failed to mkdir ssl_mutex" |
|
173 |
- fi |
|
174 |
-} |
|
175 |
- |
|
176 |
-pkg_postinst() |
|
177 |
-{ |
|
178 |
- apache-2_pkg_postinst || die "apache-2_pkg_postinst failed" |
|
179 |
- # warnings that default config might not work out of the box |
|
180 |
- for mod in $MODULE_CRITICAL; do |
|
181 |
- if ! use "apache2_modules_${mod}"; then |
|
182 |
- echo |
|
183 |
- ewarn "Warning: Critical module not installed!" |
|
184 |
- ewarn "Modules 'authn_core', 'authz_core' and 'unixd'" |
|
185 |
- ewarn "are highly recomended but might not be in the base profile yet." |
|
186 |
- ewarn "Default config for ssl needs module 'socache_shmcb'." |
|
187 |
- ewarn "Enabling the following flags is highly recommended:" |
|
188 |
- for cmod in $MODULE_CRITICAL; do |
|
189 |
- use "apache2_modules_${cmod}" || \ |
|
190 |
- ewarn "+ apache2_modules_${cmod}" |
|
191 |
- done |
|
192 |
- echo |
|
193 |
- break |
|
194 |
- fi |
|
195 |
- done |
|
196 |
- # warning for proxy_balancer and missing load balancing scheduler |
|
197 |
- if use apache2_modules_proxy_balancer; then |
|
198 |
- local lbset= |
|
199 |
- for mod in lbmethod_byrequests lbmethod_bytraffic lbmethod_bybusyness lbmethod_heartbeat; do |
|
200 |
- if use "apache2_modules_${mod}"; then |
|
201 |
- lbset=1 && break |
|
202 |
- fi |
|
203 |
- done |
|
204 |
- if [ ! $lbset ]; then |
|
205 |
- echo |
|
206 |
- ewarn "Info: Missing load balancing scheduler algorithm module" |
|
207 |
- ewarn "(They were split off from proxy_balancer in 2.3)" |
|
208 |
- ewarn "In order to get the ability of load balancing, at least" |
|
209 |
- ewarn "one of these modules has to be present:" |
|
210 |
- ewarn "lbmethod_byrequests lbmethod_bytraffic lbmethod_bybusyness lbmethod_heartbeat" |
|
211 |
- echo |
|
212 |
- fi |
|
213 |
- fi |
|
214 |
-} |
... | ... |
@@ -1,216 +0,0 @@ |
1 |
-# Copyright 1999-2013 Gentoo Foundation |
|
2 |
-# Distributed under the terms of the GNU General Public License v2 |
|
3 |
-# $Header: /var/cvsroot/gentoo-x86/www-servers/apache/apache-2.4.4-r1.ebuild,v 1.1 2013/02/27 15:49:15 chainsaw Exp $ |
|
4 |
- |
|
5 |
-EAPI="2" |
|
6 |
- |
|
7 |
-# latest gentoo apache files |
|
8 |
-GENTOO_PATCHSTAMP="20130227" |
|
9 |
-GENTOO_DEVELOPER="patrick" |
|
10 |
-GENTOO_PATCHNAME="gentoo-apache-2.4.4" |
|
11 |
- |
|
12 |
-# IUSE/USE_EXPAND magic |
|
13 |
-IUSE_MPMS_FORK="itk peruser prefork" |
|
14 |
-IUSE_MPMS_THREAD="event worker" |
|
15 |
- |
|
16 |
-# << obsolete modules: |
|
17 |
-# authn_default authz_default mem_cache |
|
18 |
-# mem_cache is replaced by cache_disk |
|
19 |
-# ?? buggy modules |
|
20 |
-# proxy_scgi: startup error: undefined symbol "ap_proxy_release_connection", no fix found |
|
21 |
-# >> added modules for reason: |
|
22 |
-# compat: compatibility with 2.2 access control |
|
23 |
-# authz_host: new module for access control |
|
24 |
-# authn_core: functionality provided by authn_alias in previous versions |
|
25 |
-# authz_core: new module, provides core authorization capabilities |
|
26 |
-# cache_disk: replacement for mem_cache |
|
27 |
-# lbmethod_byrequests: Split off from mod_proxy_balancer in 2.3 |
|
28 |
-# lbmethod_bytraffic: Split off from mod_proxy_balancer in 2.3 |
|
29 |
-# lbmethod_bybusyness: Split off from mod_proxy_balancer in 2.3 |
|
30 |
-# lbmethod_heartbeat: Split off from mod_proxy_balancer in 2.3 |
|
31 |
-# slotmem_shm: Slot-based shared memory provider (for lbmethod_byrequests). |
|
32 |
-# socache_shmcb: shared object cache provider. Default config with ssl needs it |
|
33 |
-# unixd: fixes startup error: Invalid command 'User' |
|
34 |
-IUSE_MODULES="access_compat actions alias asis auth_basic auth_digest authn_alias authn_anon |
|
35 |
-authn_core authn_dbd authn_dbm authn_file authz_core authz_dbm |
|
36 |
-authz_groupfile authz_host authz_owner authz_user autoindex cache cache_disk cern_meta |
|
37 |
-charset_lite cgi cgid dav dav_fs dav_lock dbd deflate dir dumpio |
|
38 |
-env expires ext_filter file_cache filter headers ident imagemap include info |
|
39 |
-lbmethod_byrequests lbmethod_bytraffic lbmethod_bybusyness lbmethod_heartbeat |
|
40 |
-log_config log_forensic logio mime mime_magic negotiation proxy |
|
41 |
-proxy_ajp proxy_balancer proxy_connect proxy_ftp proxy_http proxy_scgi proxy_fcgi rewrite |
|
42 |
-reqtimeout setenvif slotmem_shm speling socache_shmcb status substitute unique_id userdir usertrack |
|
43 |
-unixd version vhost_alias" |
|
44 |
-# The following are also in the source as of this version, but are not available |
|
45 |
-# for user selection: |
|
46 |
-# bucketeer case_filter case_filter_in echo http isapi optional_fn_export |
|
47 |
-# optional_fn_import optional_hook_export optional_hook_import |
|
48 |
- |
|
49 |
-# inter-module dependencies |
|
50 |
-# TODO: this may still be incomplete |
|
51 |
-MODULE_DEPENDS=" |
|
52 |
- dav_fs:dav |
|
53 |
- dav_lock:dav |
|
54 |
- deflate:filter |
|
55 |
- cache_disk:cache |
|
56 |
- ext_filter:filter |
|
57 |
- file_cache:cache |
|
58 |
- lbmethod_byrequests:proxy_balancer |
|
59 |
- lbmethod_byrequests:slotmem_shm |
|
60 |
- lbmethod_bytraffic:proxy_balancer |
|
61 |
- lbmethod_bybusyness:proxy_balancer |
|
62 |
- lbmethod_heartbeat:proxy_balancer |
|
63 |
- log_forensic:log_config |
|
64 |
- logio:log_config |
|
65 |
- cache_disk:cache |
|
66 |
- mime_magic:mime |
|
67 |
- proxy_ajp:proxy |
|
68 |
- proxy_balancer:proxy |
|
69 |
- proxy_connect:proxy |
|
70 |
- proxy_ftp:proxy |
|
71 |
- proxy_http:proxy |
|
72 |
- proxy_scgi:proxy |
|
73 |
- proxy_fcgi:proxy |
|
74 |
- substitute:filter |
|
75 |
-" |
|
76 |
- |
|
77 |
-# module<->define mappings |
|
78 |
-MODULE_DEFINES=" |
|
79 |
- auth_digest:AUTH_DIGEST |
|
80 |
- authnz_ldap:AUTHNZ_LDAP |
|
81 |
- cache:CACHE |
|
82 |
- cache_disk:CACHE |
|
83 |
- dav:DAV |
|
84 |
- dav_fs:DAV |
|
85 |
- dav_lock:DAV |
|
86 |
- file_cache:CACHE |
|
87 |
- info:INFO |
|
88 |
- ldap:LDAP |
|
89 |
- proxy:PROXY |
|
90 |
- proxy_ajp:PROXY |
|
91 |
- proxy_balancer:PROXY |
|
92 |
- proxy_connect:PROXY |
|
93 |
- proxy_ftp:PROXY |
|
94 |
- proxy_http:PROXY |
|
95 |
- proxy_fcgi:PROXY |
|
96 |
- socache_shmcb:SSL |
|
97 |
- ssl:SSL |
|
98 |
- status:STATUS |
|
99 |
- suexec:SUEXEC |
|
100 |
- userdir:USERDIR |
|
101 |
-" |
|
102 |
- |
|
103 |
-# critical modules for the default config |
|
104 |
-MODULE_CRITICAL=" |
|
105 |
- authn_core |
|
106 |
- authz_core |
|
107 |
- authz_host |
|
108 |
- dir |
|
109 |
- mime |
|
110 |
- unixd |
|
111 |
-" |
|
112 |
-# dependend criticals |
|
113 |
-use ssl && MODULE_CRITICAL+=" socache_shmcb" |
|
114 |
-use doc && MODULE_CRITICAL+=" alias negotiation setenvif" |
|
115 |
- |
|
116 |
-inherit eutils apache-2 |
|
117 |
- |
|
118 |
-DESCRIPTION="The Apache Web Server." |
|
119 |
-HOMEPAGE="http://httpd.apache.org/" |
|
120 |
- |
|
121 |
-# some helper scripts are Apache-1.1, thus both are here |
|
122 |
-LICENSE="Apache-2.0 Apache-1.1" |
|
123 |
-SLOT="2" |
|
124 |
-KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~sparc-fbsd ~x86-fbsd" |
|
125 |
-IUSE="" |
|
126 |
- |
|
127 |
-DEPEND="${DEPEND} |
|
128 |
- >=dev-libs/openssl-0.9.8m |
|
129 |
- apache2_modules_deflate? ( sys-libs/zlib )" |
|
130 |
- |
|
131 |
-# dependency on >=dev-libs/apr-1.4.5 for bug #368651 |
|
132 |
-RDEPEND="${RDEPEND} |
|
133 |
- >=dev-libs/apr-1.4.5 |
|
134 |
- >=dev-libs/openssl-0.9.8m |
|
135 |
- apache2_modules_mime? ( app-misc/mime-types )" |
|
136 |
- |
|
137 |
-# init script fixup - should be rolled into next tarball #389965 |
|
138 |
-src_prepare() { |
|
139 |
- #epatch "${FILESDIR}"/apache-npn |
|
140 |
- epatch "${FILESDIR}"/apache-2.4.3-dhparam.diff |
|
141 |
- # the following patch can be removed once it is included in |
|
142 |
- # GENTOO_PATCHNAME="gentoo-apache-2.4.1" ... |
|
143 |
- if [ -f "${FILESDIR}/${GENTOO_PATCHNAME}-${GENTOO_DEVELOPER}-${GENTOO_PATCHSTAMP}-${PVR}.patch" ]; then |
|
144 |
- cd "${GENTOO_PATCHDIR}" || die "Failed to cd to ${GENTOO_PATCHDIR}" |
|
145 |
- epatch "${FILESDIR}/${GENTOO_PATCHNAME}-${GENTOO_DEVELOPER}-${GENTOO_PATCHSTAMP}-${PVR}.patch" \ |
|
146 |
- || die "epatch failed" |
|
147 |
- cd "${S}" || die "Failed to cd to ${S}" |
|
148 |
- fi |
|
149 |
- apache-2_src_prepare |
|
150 |
- sed -i -e 's/! test -f/test -f/' "${GENTOO_PATCHDIR}"/init/apache2.initd || die "Failed to fix init script" |
|
151 |
-} |
|
152 |
- |
|
153 |
-src_install() { |
|
154 |
- apache-2_src_install |
|
155 |
- for i in /usr/bin/{htdigest,logresolve,htpasswd,htdbm,ab,httxt2dbm}; do |
|
156 |
- rm "${D}"/$i || die "Failed to prune apache-tools bits" |
|
157 |
- done |
|
158 |
- for i in /usr/share/man/man8/{rotatelogs.8,htcacheclean.8}; do |
|
159 |
- rm "${D}"/$i || die "Failed to prune apache-tools bits" |
|
160 |
- done |
|
161 |
- for i in /usr/share/man/man1/{logresolve.1,htdbm.1,htdigest.1,htpasswd.1,dbmmanage.1,ab.1}; do |
|
162 |
- rm "${D}"/$i || die "Failed to prune apache-tools bits" |
|
163 |
- done |
|
164 |
- for i in /usr/sbin/{checkgid,fcgistarter,htcacheclean,rotatelogs}; do |
|
165 |
- rm "${D}/"$i || die "Failed to prune apache-tools bits" |
|
166 |
- done |
|
167 |
- |
|
168 |
- # well, actually installing things makes them more installed, I guess? |
|
169 |
- cp "${S}"/support/apxs "${D}"/usr/sbin/apxs || die "Failed to install apxs" |
|
170 |
- chmod 0755 "${D}"/usr/sbin/apxs |
|
171 |
- |
|
172 |
- # create dir defined in 40_mod_ssl.conf |
|
173 |
- if use ssl; then |
|
174 |
- dodir /var/run/apache_ssl_mutex || die "Failed to mkdir ssl_mutex" |
|
175 |
- fi |
|
176 |
-} |
|
177 |
- |
|
178 |
-pkg_postinst() |
|
179 |
-{ |
|
180 |
- apache-2_pkg_postinst || die "apache-2_pkg_postinst failed" |
|
181 |
- # warnings that default config might not work out of the box |
|
182 |
- for mod in $MODULE_CRITICAL; do |
|
183 |
- if ! use "apache2_modules_${mod}"; then |
|
184 |
- echo |
|
185 |
- ewarn "Warning: Critical module not installed!" |
|
186 |
- ewarn "Modules 'authn_core', 'authz_core' and 'unixd'" |
|
187 |
- ewarn "are highly recomended but might not be in the base profile yet." |
|
188 |
- ewarn "Default config for ssl needs module 'socache_shmcb'." |
|
189 |
- ewarn "Enabling the following flags is highly recommended:" |
|
190 |
- for cmod in $MODULE_CRITICAL; do |
|
191 |
- use "apache2_modules_${cmod}" || \ |
|
192 |
- ewarn "+ apache2_modules_${cmod}" |
|
193 |
- done |
|
194 |
- echo |
|
195 |
- break |
|
196 |
- fi |
|
197 |
- done |
|
198 |
- # warning for proxy_balancer and missing load balancing scheduler |
|
199 |
- if use apache2_modules_proxy_balancer; then |
|
200 |
- local lbset= |
|
201 |
- for mod in lbmethod_byrequests lbmethod_bytraffic lbmethod_bybusyness lbmethod_heartbeat; do |
|
202 |
- if use "apache2_modules_${mod}"; then |
|
203 |
- lbset=1 && break |
|
204 |
- fi |
|
205 |
- done |
|
206 |
- if [ ! $lbset ]; then |
|
207 |
- echo |
|
208 |
- ewarn "Info: Missing load balancing scheduler algorithm module" |
|
209 |
- ewarn "(They were split off from proxy_balancer in 2.3)" |
|
210 |
- ewarn "In order to get the ability of load balancing, at least" |
|
211 |
- ewarn "one of these modules has to be present:" |
|
212 |
- ewarn "lbmethod_byrequests lbmethod_bytraffic lbmethod_bybusyness lbmethod_heartbeat" |
|
213 |
- echo |
|
214 |
- fi |
|
215 |
- fi |
|
216 |
-} |
... | ... |
@@ -1,218 +0,0 @@ |
1 |
-# Copyright 1999-2013 Gentoo Foundation |
|
2 |
-# Distributed under the terms of the GNU General Public License v2 |
|
3 |
-# $Header: /var/cvsroot/gentoo-x86/www-servers/apache/apache-2.4.6-r1.ebuild,v 1.2 2013/07/28 01:39:37 aballier Exp $ |
|
4 |
- |
|
5 |
-EAPI="2" |
|
6 |
- |
|
7 |
-# latest gentoo apache files |
|
8 |
-GENTOO_PATCHSTAMP="20130725" |
|
9 |
-GENTOO_DEVELOPER="kensington" |
|
10 |
-GENTOO_PATCHNAME="gentoo-apache-2.4.4" |
|
11 |
- |
|
12 |
-# IUSE/USE_EXPAND magic |
|
13 |
-IUSE_MPMS_FORK="itk peruser prefork" |
|
14 |
-IUSE_MPMS_THREAD="event worker" |
|
15 |
- |
|
16 |
-# << obsolete modules: |
|
17 |
-# authn_default authz_default mem_cache |
|
18 |
-# mem_cache is replaced by cache_disk |
|
19 |
-# ?? buggy modules |
|
20 |
-# proxy_scgi: startup error: undefined symbol "ap_proxy_release_connection", no fix found |
|
21 |
-# >> added modules for reason: |
|
22 |
-# compat: compatibility with 2.2 access control |
|
23 |
-# authz_host: new module for access control |
|
24 |
-# authn_core: functionality provided by authn_alias in previous versions |
|
25 |
-# authz_core: new module, provides core authorization capabilities |
|
26 |
-# cache_disk: replacement for mem_cache |
|
27 |
-# lbmethod_byrequests: Split off from mod_proxy_balancer in 2.3 |
|
28 |
-# lbmethod_bytraffic: Split off from mod_proxy_balancer in 2.3 |
|
29 |
-# lbmethod_bybusyness: Split off from mod_proxy_balancer in 2.3 |
|
30 |
-# lbmethod_heartbeat: Split off from mod_proxy_balancer in 2.3 |
|
31 |
-# slotmem_shm: Slot-based shared memory provider (for lbmethod_byrequests). |
|
32 |
-# socache_shmcb: shared object cache provider. Default config with ssl needs it |
|
33 |
-# unixd: fixes startup error: Invalid command 'User' |
|
34 |
-IUSE_MODULES="access_compat actions alias asis auth_basic auth_digest authn_alias authn_anon |
|
35 |
-authn_core authn_dbd authn_dbm authn_file authz_core authz_dbm |
|
36 |
-authz_groupfile authz_host authz_owner authz_user autoindex cache cache_disk cern_meta |
|
37 |
-charset_lite cgi cgid dav dav_fs dav_lock dbd deflate dir dumpio |
|
38 |
-env expires ext_filter file_cache filter headers ident imagemap include info |
|
39 |
-lbmethod_byrequests lbmethod_bytraffic lbmethod_bybusyness lbmethod_heartbeat |
|
40 |
-log_config log_forensic logio mime mime_magic negotiation proxy |
|
41 |
-proxy_ajp proxy_balancer proxy_connect proxy_ftp proxy_http proxy_scgi proxy_fcgi |
|
42 |
-rewrite ratelimit remoteip reqtimeout setenvif slotmem_shm speling socache_shmcb status substitute |
|
43 |
-unique_id userdir usertrack unixd version vhost_alias" |
|
44 |
-# The following are also in the source as of this version, but are not available |
|
45 |
-# for user selection: |
|
46 |
-# bucketeer case_filter case_filter_in echo http isapi optional_fn_export |
|
47 |
-# optional_fn_import optional_hook_export optional_hook_import |
|
48 |
- |
|
49 |
-# inter-module dependencies |
|
50 |
-# TODO: this may still be incomplete |
|
51 |
-MODULE_DEPENDS=" |
|
52 |
- dav_fs:dav |
|
53 |
- dav_lock:dav |
|
54 |
- deflate:filter |
|
55 |
- cache_disk:cache |
|
56 |
- ext_filter:filter |
|
57 |
- file_cache:cache |
|
58 |
- lbmethod_byrequests:proxy_balancer |
|
59 |
- lbmethod_byrequests:slotmem_shm |
|
60 |
- lbmethod_bytraffic:proxy_balancer |
|
61 |
- lbmethod_bybusyness:proxy_balancer |
|
62 |
- lbmethod_heartbeat:proxy_balancer |
|
63 |
- log_forensic:log_config |
|
64 |
- logio:log_config |
|
65 |
- cache_disk:cache |
|
66 |
- mime_magic:mime |
|
67 |
- proxy_ajp:proxy |
|
68 |
- proxy_balancer:proxy |
|
69 |
- proxy_connect:proxy |
|
70 |
- proxy_ftp:proxy |
|
71 |
- proxy_http:proxy |
|
72 |
- proxy_scgi:proxy |
|
73 |
- proxy_fcgi:proxy |
|
74 |
- substitute:filter |
|
75 |
-" |
|
76 |
- |
|
77 |
-# module<->define mappings |
|
78 |
-MODULE_DEFINES=" |
|
79 |
- auth_digest:AUTH_DIGEST |
|
80 |
- authnz_ldap:AUTHNZ_LDAP |
|
81 |
- cache:CACHE |
|
82 |
- cache_disk:CACHE |
|
83 |
- dav:DAV |
|
84 |
- dav_fs:DAV |
|
85 |
- dav_lock:DAV |
|
86 |
- file_cache:CACHE |
|
87 |
- info:INFO |
|
88 |
- ldap:LDAP |
|
89 |
- proxy:PROXY |
|
90 |
- proxy_ajp:PROXY |
|
91 |
- proxy_balancer:PROXY |
|
92 |
- proxy_connect:PROXY |
|
93 |
- proxy_ftp:PROXY |
|
94 |
- proxy_http:PROXY |
|
95 |
- proxy_fcgi:PROXY |
|
96 |
- socache_shmcb:SSL |
|
97 |
- ssl:SSL |
|
98 |
- status:STATUS |
|
99 |
- suexec:SUEXEC |
|
100 |
- userdir:USERDIR |
|
101 |
-" |
|
102 |
- |
|
103 |
-# critical modules for the default config |
|
104 |
-MODULE_CRITICAL=" |
|
105 |
- authn_core |
|
106 |
- authz_core |
|
107 |
- authz_host |
|
108 |
- dir |
|
109 |
- mime |
|
110 |
- unixd |
|
111 |
-" |
|
112 |
-# dependend criticals |
|
113 |
-use ssl && MODULE_CRITICAL+=" socache_shmcb" |
|
114 |
-use doc && MODULE_CRITICAL+=" alias negotiation setenvif" |
|
115 |
- |
|
116 |
-inherit eutils apache-2 systemd |
|
117 |
- |
|
118 |
-DESCRIPTION="The Apache Web Server." |
|
119 |
-HOMEPAGE="http://httpd.apache.org/" |
|
120 |
- |
|
121 |
-# some helper scripts are Apache-1.1, thus both are here |
|
122 |
-LICENSE="Apache-2.0 Apache-1.1" |
|
123 |
-SLOT="2" |
|
124 |
-KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd" |
|
125 |
-IUSE="" |
|
126 |
- |
|
127 |
-DEPEND="${DEPEND} |
|
128 |
- >=dev-libs/openssl-0.9.8m |
|
129 |
- apache2_modules_deflate? ( sys-libs/zlib )" |
|
130 |
- |
|
131 |
-# dependency on >=dev-libs/apr-1.4.5 for bug #368651 |
|
132 |
-RDEPEND="${RDEPEND} |
|
133 |
- >=dev-libs/apr-1.4.5 |
|
134 |
- >=dev-libs/openssl-0.9.8m |
|
135 |
- apache2_modules_mime? ( app-misc/mime-types )" |
|
136 |
- |
|
137 |
-# init script fixup - should be rolled into next tarball #389965 |
|
138 |
-src_prepare() { |
|
139 |
- epatch "${FILESDIR}"/apache-2.4.3-dhparam.diff |
|
140 |
- # the following patch can be removed once it is included in |
|
141 |
- # GENTOO_PATCHNAME="gentoo-apache-2.4.1" ... |
|
142 |
- if [ -f "${FILESDIR}/${GENTOO_PATCHNAME}-${GENTOO_DEVELOPER}-${GENTOO_PATCHSTAMP}-${PVR}.patch" ]; then |
|
143 |
- cd "${GENTOO_PATCHDIR}" || die "Failed to cd to ${GENTOO_PATCHDIR}" |
|
144 |
- epatch "${FILESDIR}/${GENTOO_PATCHNAME}-${GENTOO_DEVELOPER}-${GENTOO_PATCHSTAMP}-${PVR}.patch" \ |
|
145 |
- || die "epatch failed" |
|
146 |
- cd "${S}" || die "Failed to cd to ${S}" |
|
147 |
- fi |
|
148 |
- apache-2_src_prepare |
|
149 |
- sed -i -e 's/! test -f/test -f/' "${GENTOO_PATCHDIR}"/init/apache2.initd || die "Failed to fix init script" |
|
150 |
-} |
|
151 |
- |
|
152 |
-src_install() { |
|
153 |
- apache-2_src_install |
|
154 |
- for i in /usr/bin/{htdigest,logresolve,htpasswd,htdbm,ab,httxt2dbm}; do |
|
155 |
- rm "${D}"/$i || die "Failed to prune apache-tools bits" |
|
156 |
- done |
|
157 |
- for i in /usr/share/man/man8/{rotatelogs.8,htcacheclean.8}; do |
|
158 |
- rm "${D}"/$i || die "Failed to prune apache-tools bits" |
|
159 |
- done |
|
160 |
- for i in /usr/share/man/man1/{logresolve.1,htdbm.1,htdigest.1,htpasswd.1,dbmmanage.1,ab.1}; do |
|
161 |
- rm "${D}"/$i || die "Failed to prune apache-tools bits" |
|
162 |
- done |
|
163 |
- for i in /usr/sbin/{checkgid,fcgistarter,htcacheclean,rotatelogs}; do |
|
164 |
- rm "${D}/"$i || die "Failed to prune apache-tools bits" |
|
165 |
- done |
|
166 |
- |
|
167 |
- # well, actually installing things makes them more installed, I guess? |
|
168 |
- cp "${S}"/support/apxs "${D}"/usr/sbin/apxs || die "Failed to install apxs" |
|
169 |
- chmod 0755 "${D}"/usr/sbin/apxs |
|
170 |
- |
|
171 |
- # Note: wait for mod_systemd to be included in the next release, |
|
172 |
- # then apache2.4.service can be used and systemd support controlled |
|
173 |
- # through --enable-systemd |
|
174 |
- systemd_newunit "${FILESDIR}/apache2.2.service" "apache2.service" |
|
175 |
- systemd_dotmpfilesd "${FILESDIR}/apache.conf" |
|
176 |
- #insinto /etc/apache2/modules.d |
|
177 |
- #doins "${FILESDIR}/00_systemd.conf" |
|
178 |
-} |
|
179 |
- |
|
180 |
-pkg_postinst() |
|
181 |
-{ |
|
182 |
- apache-2_pkg_postinst || die "apache-2_pkg_postinst failed" |
|
183 |
- # warnings that default config might not work out of the box |
|
184 |
- for mod in $MODULE_CRITICAL; do |
|
185 |
- if ! use "apache2_modules_${mod}"; then |
|
186 |
- echo |
|
187 |
- ewarn "Warning: Critical module not installed!" |
|
188 |
- ewarn "Modules 'authn_core', 'authz_core' and 'unixd'" |
|
189 |
- ewarn "are highly recomended but might not be in the base profile yet." |
|
190 |
- ewarn "Default config for ssl needs module 'socache_shmcb'." |
|
191 |
- ewarn "Enabling the following flags is highly recommended:" |
|
192 |
- for cmod in $MODULE_CRITICAL; do |
|
193 |
- use "apache2_modules_${cmod}" || \ |
|
194 |
- ewarn "+ apache2_modules_${cmod}" |
|
195 |
- done |
|
196 |
- echo |
|
197 |
- break |
|
198 |
- fi |
|
199 |
- done |
|
200 |
- # warning for proxy_balancer and missing load balancing scheduler |
|
201 |
- if use apache2_modules_proxy_balancer; then |
|
202 |
- local lbset= |
|
203 |
- for mod in lbmethod_byrequests lbmethod_bytraffic lbmethod_bybusyness lbmethod_heartbeat; do |
|
204 |
- if use "apache2_modules_${mod}"; then |
|
205 |
- lbset=1 && break |
|
206 |
- fi |
|
207 |
- done |
|
208 |
- if [ ! $lbset ]; then |
|
209 |
- echo |
|
210 |
- ewarn "Info: Missing load balancing scheduler algorithm module" |
|
211 |
- ewarn "(They were split off from proxy_balancer in 2.3)" |
|
212 |
- ewarn "In order to get the ability of load balancing, at least" |
|
213 |
- ewarn "one of these modules has to be present:" |
|
214 |
- ewarn "lbmethod_byrequests lbmethod_bytraffic lbmethod_bybusyness lbmethod_heartbeat" |
|
215 |
- echo |
|
216 |
- fi |
|
217 |
- fi |
|
218 |
-} |
... | ... |
@@ -1,219 +0,0 @@ |
1 |
-# Copyright 1999-2013 Gentoo Foundation |
|
2 |
-# Distributed under the terms of the GNU General Public License v2 |
|
3 |
-# $Header: /var/cvsroot/gentoo-x86/www-servers/apache/apache-2.4.6-r2.ebuild,v 1.1 2013/08/01 07:16:18 kensington Exp $ |
|
4 |
- |
|
5 |
-EAPI="2" |
|
6 |
- |
|
7 |
-# latest gentoo apache files |
|
8 |
-GENTOO_PATCHSTAMP="20130801" |
|
9 |
-GENTOO_DEVELOPER="kensington" |
|
10 |
-GENTOO_PATCHNAME="gentoo-apache-2.4.4" |
|
11 |
- |
|
12 |
-# IUSE/USE_EXPAND magic |
|
13 |
-IUSE_MPMS_FORK="itk peruser prefork" |
|
14 |
-IUSE_MPMS_THREAD="event worker" |
|
15 |
- |
|
16 |
-# << obsolete modules: |
|
17 |
-# authn_default authz_default mem_cache |
|
18 |
-# mem_cache is replaced by cache_disk |
|
19 |
-# ?? buggy modules |
|
20 |
-# proxy_scgi: startup error: undefined symbol "ap_proxy_release_connection", no fix found |
|
21 |
-# >> added modules for reason: |
|
22 |
-# compat: compatibility with 2.2 access control |
|
23 |
-# authz_host: new module for access control |
|
24 |
-# authn_core: functionality provided by authn_alias in previous versions |
|
25 |
-# authz_core: new module, provides core authorization capabilities |
|
26 |
-# cache_disk: replacement for mem_cache |
|
27 |
-# lbmethod_byrequests: Split off from mod_proxy_balancer in 2.3 |
|
28 |
-# lbmethod_bytraffic: Split off from mod_proxy_balancer in 2.3 |
|
29 |
-# lbmethod_bybusyness: Split off from mod_proxy_balancer in 2.3 |
|
30 |
-# lbmethod_heartbeat: Split off from mod_proxy_balancer in 2.3 |
|
31 |
-# slotmem_shm: Slot-based shared memory provider (for lbmethod_byrequests). |
|
32 |
-# socache_shmcb: shared object cache provider. Default config with ssl needs it |
|
33 |
-# unixd: fixes startup error: Invalid command 'User' |
|
34 |
-IUSE_MODULES="access_compat actions alias asis auth_basic auth_digest authn_alias authn_anon |
|
35 |
-authn_core authn_dbd authn_dbm authn_file authz_core authz_dbm |
|
36 |
-authz_groupfile authz_host authz_owner authz_user autoindex cache cache_disk cern_meta |
|
37 |
-charset_lite cgi cgid dav dav_fs dav_lock dbd deflate dir dumpio |
|
38 |
-env expires ext_filter file_cache filter headers ident imagemap include info |
|
39 |
-lbmethod_byrequests lbmethod_bytraffic lbmethod_bybusyness lbmethod_heartbeat |
|
40 |
-log_config log_forensic logio mime mime_magic negotiation proxy |
|
41 |
-proxy_ajp proxy_balancer proxy_connect proxy_ftp proxy_http proxy_scgi proxy_fcgi |
|
42 |
-rewrite ratelimit remoteip reqtimeout setenvif slotmem_shm speling socache_shmcb status substitute |
|
43 |
-unique_id userdir usertrack unixd version vhost_alias" |
|
44 |
-# The following are also in the source as of this version, but are not available |
|
45 |
-# for user selection: |
|
46 |
-# bucketeer case_filter case_filter_in echo http isapi optional_fn_export |
|
47 |
-# optional_fn_import optional_hook_export optional_hook_import |
|
48 |
- |
|
49 |
-# inter-module dependencies |
|
50 |
-# TODO: this may still be incomplete |
|
51 |
-MODULE_DEPENDS=" |
|
52 |
- dav_fs:dav |
|
53 |
- dav_lock:dav |
|
54 |
- deflate:filter |
|
55 |
- cache_disk:cache |
|
56 |
- ext_filter:filter |
|
57 |
- file_cache:cache |
|
58 |
- lbmethod_byrequests:proxy_balancer |
|
59 |
- lbmethod_byrequests:slotmem_shm |
|
60 |
- lbmethod_bytraffic:proxy_balancer |
|
61 |
- lbmethod_bybusyness:proxy_balancer |
|
62 |
- lbmethod_heartbeat:proxy_balancer |
|
63 |
- log_forensic:log_config |
|
64 |
- logio:log_config |
|
65 |
- cache_disk:cache |
|
66 |
- mime_magic:mime |
|
67 |
- proxy_ajp:proxy |
|
68 |
- proxy_balancer:proxy |
|
69 |
- proxy_connect:proxy |
|
70 |
- proxy_ftp:proxy |
|
71 |
- proxy_http:proxy |
|
72 |
- proxy_scgi:proxy |
|
73 |
- proxy_fcgi:proxy |
|
74 |
- substitute:filter |
|
75 |
-" |
|
76 |
- |
|
77 |
-# module<->define mappings |
|
78 |
-MODULE_DEFINES=" |
|
79 |
- auth_digest:AUTH_DIGEST |
|
80 |
- authnz_ldap:AUTHNZ_LDAP |
|
81 |
- cache:CACHE |
|
82 |
- cache_disk:CACHE |
|
83 |
- dav:DAV |
|
84 |
- dav_fs:DAV |
|
85 |
- dav_lock:DAV |
|
86 |
- file_cache:CACHE |
|
87 |
- info:INFO |
|
88 |
- ldap:LDAP |
|
89 |
- proxy:PROXY |
|
90 |
- proxy_ajp:PROXY |
|
91 |
- proxy_balancer:PROXY |
|
92 |
- proxy_connect:PROXY |
|
93 |
- proxy_ftp:PROXY |
|
94 |
- proxy_http:PROXY |
|
95 |
- proxy_fcgi:PROXY |
|
96 |
- socache_shmcb:SSL |
|
97 |
- ssl:SSL |
|
98 |
- status:STATUS |
|
99 |
- suexec:SUEXEC |
|
100 |
- userdir:USERDIR |
|
101 |
-" |
|
102 |
- |
|
103 |
-# critical modules for the default config |
|
104 |
-MODULE_CRITICAL=" |
|
105 |
- authn_core |
|
106 |
- authz_core |
|
107 |
- authz_host |
|
108 |
- dir |
|
109 |
- mime |
|
110 |
- unixd |
|
111 |
-" |
|
112 |
-# dependend criticals |
|
113 |
-use ssl && MODULE_CRITICAL+=" socache_shmcb" |
|
114 |
-use doc && MODULE_CRITICAL+=" alias negotiation setenvif" |
|
115 |
- |
|
116 |
-inherit eutils apache-2 systemd |
|
117 |
- |
|
118 |
-DESCRIPTION="The Apache Web Server." |
|
119 |
-HOMEPAGE="http://httpd.apache.org/" |
|
120 |
- |
|
121 |
-# some helper scripts are Apache-1.1, thus both are here |
|
122 |
-LICENSE="Apache-2.0 Apache-1.1" |
|
123 |
-SLOT="2" |
|
124 |
-KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd" |
|
125 |
-IUSE="" |
|
126 |
- |
|
127 |
-DEPEND="${DEPEND} |
|
128 |
- >=dev-libs/openssl-0.9.8m |
|
129 |
- apache2_modules_deflate? ( sys-libs/zlib )" |
|
130 |
- |
|
131 |
-# dependency on >=dev-libs/apr-1.4.5 for bug #368651 |
|
132 |
-RDEPEND="${RDEPEND} |
|
133 |
- >=dev-libs/apr-1.4.5 |
|
134 |
- >=dev-libs/openssl-0.9.8m |
|
135 |
- apache2_modules_mime? ( app-misc/mime-types )" |
|
136 |
- |
|
137 |
-# init script fixup - should be rolled into next tarball #389965 |
|
138 |
-src_prepare() { |
|
139 |
- epatch "${FILESDIR}/apache-2.4.6-modssl-dhparams.diff" |
|
140 |
- |
|
141 |
- # the following patch can be removed once it is included in |
|
142 |
- # GENTOO_PATCHNAME="gentoo-apache-2.4.1" ... |
|
143 |
- if [ -f "${FILESDIR}/${GENTOO_PATCHNAME}-${GENTOO_DEVELOPER}-${GENTOO_PATCHSTAMP}-${PVR}.patch" ]; then |
|
144 |
- cd "${GENTOO_PATCHDIR}" || die "Failed to cd to ${GENTOO_PATCHDIR}" |
|
145 |
- epatch "${FILESDIR}/${GENTOO_PATCHNAME}-${GENTOO_DEVELOPER}-${GENTOO_PATCHSTAMP}-${PVR}.patch" \ |
|
146 |
- || die "epatch failed" |
|
147 |
- cd "${S}" || die "Failed to cd to ${S}" |
|
148 |
- fi |
|
149 |
- apache-2_src_prepare |
|
150 |
- sed -i -e 's/! test -f/test -f/' "${GENTOO_PATCHDIR}"/init/apache2.initd || die "Failed to fix init script" |
|
151 |
-} |
|
152 |
- |
|
153 |
-src_install() { |
|
154 |
- apache-2_src_install |
|
155 |
- for i in /usr/bin/{htdigest,logresolve,htpasswd,htdbm,ab,httxt2dbm}; do |
|
156 |
- rm "${D}"/$i || die "Failed to prune apache-tools bits" |
|
157 |
- done |
|
158 |
- for i in /usr/share/man/man8/{rotatelogs.8,htcacheclean.8}; do |
|
159 |
- rm "${D}"/$i || die "Failed to prune apache-tools bits" |
|
160 |
- done |
|
161 |
- for i in /usr/share/man/man1/{logresolve.1,htdbm.1,htdigest.1,htpasswd.1,dbmmanage.1,ab.1}; do |
|
162 |
- rm "${D}"/$i || die "Failed to prune apache-tools bits" |
|
163 |
- done |
|
164 |
- for i in /usr/sbin/{checkgid,fcgistarter,htcacheclean,rotatelogs}; do |
|
165 |
- rm "${D}/"$i || die "Failed to prune apache-tools bits" |
|
166 |
- done |
|
167 |
- |
|
168 |
- # well, actually installing things makes them more installed, I guess? |
|
169 |
- cp "${S}"/support/apxs "${D}"/usr/sbin/apxs || die "Failed to install apxs" |
|
170 |
- chmod 0755 "${D}"/usr/sbin/apxs |
|
171 |
- |
|
172 |
- # Note: wait for mod_systemd to be included in the next release, |
|
173 |
- # then apache2.4.service can be used and systemd support controlled |
|
174 |
- # through --enable-systemd |
|
175 |
- systemd_newunit "${FILESDIR}/apache2.2.service" "apache2.service" |
|
176 |
- systemd_dotmpfilesd "${FILESDIR}/apache.conf" |
|
177 |
- #insinto /etc/apache2/modules.d |
|
178 |
- #doins "${FILESDIR}/00_systemd.conf" |
|
179 |
-} |
|
180 |
- |
|
181 |
-pkg_postinst() |
|
182 |
-{ |
|
183 |
- apache-2_pkg_postinst || die "apache-2_pkg_postinst failed" |
|
184 |
- # warnings that default config might not work out of the box |
|
185 |
- for mod in $MODULE_CRITICAL; do |
|
186 |
- if ! use "apache2_modules_${mod}"; then |
|
187 |
- echo |
|
188 |
- ewarn "Warning: Critical module not installed!" |
|
189 |
- ewarn "Modules 'authn_core', 'authz_core' and 'unixd'" |
|
190 |
- ewarn "are highly recomended but might not be in the base profile yet." |
|
191 |
- ewarn "Default config for ssl needs module 'socache_shmcb'." |
|
192 |
- ewarn "Enabling the following flags is highly recommended:" |
|
193 |
- for cmod in $MODULE_CRITICAL; do |
|
194 |
- use "apache2_modules_${cmod}" || \ |
|
195 |
- ewarn "+ apache2_modules_${cmod}" |
|
196 |
- done |
|
197 |
- echo |
|
198 |
- break |
|
199 |
- fi |
|
200 |
- done |
|
201 |
- # warning for proxy_balancer and missing load balancing scheduler |
|
202 |
- if use apache2_modules_proxy_balancer; then |
|
203 |
- local lbset= |
|
204 |
- for mod in lbmethod_byrequests lbmethod_bytraffic lbmethod_bybusyness lbmethod_heartbeat; do |
|
205 |
- if use "apache2_modules_${mod}"; then |
|
206 |
- lbset=1 && break |
|
207 |
- fi |
|
208 |
- done |
|
209 |
- if [ ! $lbset ]; then |
|
210 |
- echo |
|
211 |
- ewarn "Info: Missing load balancing scheduler algorithm module" |
|
212 |
- ewarn "(They were split off from proxy_balancer in 2.3)" |
|
213 |
- ewarn "In order to get the ability of load balancing, at least" |
|
214 |
- ewarn "one of these modules has to be present:" |
|
215 |
- ewarn "lbmethod_byrequests lbmethod_bytraffic lbmethod_bybusyness lbmethod_heartbeat" |
|
216 |
- echo |
|
217 |
- fi |
|
218 |
- fi |
|
219 |
-} |
... | ... |
@@ -1,314 +0,0 @@ |
1 |
-diff -ru httpd-2.2.14.orig/modules/ssl/mod_ssl.c httpd-2.2.14.new/modules/ssl/mod_ssl.c |
|
2 |
---- httpd-2.2.14.orig/modules/ssl/mod_ssl.c 2009-05-19 13:44:59.000000000 +0200 |
|
3 |
-+++ httpd-2.2.14.new/modules/ssl/mod_ssl.c 2010-07-06 11:56:50.897588899 +0200 |
|
4 |
-@@ -108,6 +108,9 @@ |
|
5 |
- SSL_CMD_SRV(CertificateKeyFile, TAKE1, |
|
6 |
- "SSL Server Private Key file " |
|
7 |
- "(`/path/to/file' - PEM or DER encoded)") |
|
8 |
-+ SSL_CMD_SRV(DHParametersFile, TAKE1, |
|
9 |
-+ "SSL Server Diffie-Hellman parameters file " |
|
10 |
-+ "(`/path/to/file' - PEM or DER encoded)") |
|
11 |
- SSL_CMD_SRV(CertificateChainFile, TAKE1, |
|
12 |
- "SSL Server CA Certificate Chain file " |
|
13 |
- "(`/path/to/file' - PEM encoded)") |
|
14 |
-diff -ru httpd-2.2.14.orig/modules/ssl/ssl_engine_config.c httpd-2.2.14.new/modules/ssl/ssl_engine_config.c |
|
15 |
---- httpd-2.2.14.orig/modules/ssl/ssl_engine_config.c 2009-05-19 13:44:59.000000000 +0200 |
|
16 |
-+++ httpd-2.2.14.new/modules/ssl/ssl_engine_config.c 2010-07-06 11:56:50.897588899 +0200 |
|
17 |
-@@ -72,6 +72,7 @@ |
|
18 |
- mc->tVHostKeys = apr_hash_make(pool); |
|
19 |
- mc->tPrivateKey = apr_hash_make(pool); |
|
20 |
- mc->tPublicCert = apr_hash_make(pool); |
|
21 |
-+ mc->tDHParams = apr_hash_make(pool); |
|
22 |
- #if defined(HAVE_OPENSSL_ENGINE_H) && defined(HAVE_ENGINE_INIT) |
|
23 |
- mc->szCryptoDevice = NULL; |
|
24 |
- #endif |
|
25 |
-@@ -156,6 +157,9 @@ |
|
26 |
- mctx->pks = apr_pcalloc(p, sizeof(*mctx->pks)); |
|
27 |
- |
|
28 |
- /* mctx->pks->... certs/keys are set during module init */ |
|
29 |
-+ |
|
30 |
-+ mctx->pks->dhparams_file = NULL; |
|
31 |
-+ mctx->pks->dhparams = NULL; |
|
32 |
- } |
|
33 |
- |
|
34 |
- static SSLSrvConfigRec *ssl_config_server_new(apr_pool_t *p) |
|
35 |
-@@ -246,6 +250,7 @@ |
|
36 |
- |
|
37 |
- cfgMergeString(pks->ca_name_path); |
|
38 |
- cfgMergeString(pks->ca_name_file); |
|
39 |
-+ cfgMergeString(pks->dhparams_file); |
|
40 |
- } |
|
41 |
- |
|
42 |
- /* |
|
43 |
-@@ -762,6 +767,22 @@ |
|
44 |
- return NULL; |
|
45 |
- } |
|
46 |
- |
|
47 |
-+const char *ssl_cmd_SSLDHParametersFile(cmd_parms *cmd, |
|
48 |
-+ void *dcfg, |
|
49 |
-+ const char *arg) |
|
50 |
-+{ |
|
51 |
-+ SSLSrvConfigRec *sc = mySrvConfig(cmd->server); |
|
52 |
-+ const char *err; |
|
53 |
-+ |
|
54 |
-+ if ((err = ssl_cmd_check_file(cmd, &arg))) { |
|
55 |
-+ return err; |
|
56 |
-+ } |
|
57 |
-+ |
|
58 |
-+ sc->server->pks->dhparams_file = arg; |
|
59 |
-+ |
|
60 |
-+ return NULL; |
|
61 |
-+} |
|
62 |
-+ |
|
63 |
- const char *ssl_cmd_SSLCertificateKeyFile(cmd_parms *cmd, |
|
64 |
- void *dcfg, |
|
65 |
- const char *arg) |
|
66 |
-diff -ru httpd-2.2.14.orig/modules/ssl/ssl_engine_init.c httpd-2.2.14.new/modules/ssl/ssl_engine_init.c |
|
67 |
---- httpd-2.2.14.orig/modules/ssl/ssl_engine_init.c 2009-08-16 17:53:12.000000000 +0200 |
|
68 |
-+++ httpd-2.2.14.new/modules/ssl/ssl_engine_init.c 2010-07-06 11:56:50.897588899 +0200 |
|
69 |
-@@ -723,6 +723,42 @@ |
|
70 |
- } |
|
71 |
- } |
|
72 |
- |
|
73 |
-+static int ssl_server_import_dhparams(server_rec *s, |
|
74 |
-+ modssl_ctx_t *mctx, |
|
75 |
-+ const char *id) |
|
76 |
-+{ |
|
77 |
-+ SSLModConfigRec *mc = myModConfig(s); |
|
78 |
-+ ssl_asn1_t *asn1; |
|
79 |
-+ MODSSL_D2I_DHparams_CONST unsigned char *ptr; |
|
80 |
-+ DH *dhparams = NULL; |
|
81 |
-+ |
|
82 |
-+ if (!(asn1 = ssl_asn1_table_get(mc->tDHParams, id))) { |
|
83 |
-+ return FALSE; |
|
84 |
-+ } |
|
85 |
-+ |
|
86 |
-+ ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, |
|
87 |
-+ "Configuring server Diffie-Hellman parameters"); |
|
88 |
-+ |
|
89 |
-+ ptr = asn1->cpData; |
|
90 |
-+ if (!(dhparams = d2i_DHparams(NULL, &ptr, asn1->nData))) { |
|
91 |
-+ ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, |
|
92 |
-+ "Unable to import server Diffie-Hellman parameters"); |
|
93 |
-+ ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s); |
|
94 |
-+ ssl_die(); |
|
95 |
-+ } |
|
96 |
-+ |
|
97 |
-+ if (SSL_CTX_set_tmp_dh(mctx->ssl_ctx, dhparams) <= 0) { |
|
98 |
-+ ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, |
|
99 |
-+ "Unable to configure server Diffie-Hellman parameters"); |
|
100 |
-+ ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s); |
|
101 |
-+ ssl_die(); |
|
102 |
-+ } |
|
103 |
-+ |
|
104 |
-+ mctx->pks->dhparams = dhparams; |
|
105 |
-+ |
|
106 |
-+ return TRUE; |
|
107 |
-+} |
|
108 |
-+ |
|
109 |
- static int ssl_server_import_cert(server_rec *s, |
|
110 |
- modssl_ctx_t *mctx, |
|
111 |
- const char *id, |
|
112 |
-@@ -882,16 +918,18 @@ |
|
113 |
- apr_pool_t *ptemp, |
|
114 |
- modssl_ctx_t *mctx) |
|
115 |
- { |
|
116 |
-- const char *rsa_id, *dsa_id; |
|
117 |
-+ const char *rsa_id, *dsa_id, *dh_id; |
|
118 |
- const char *vhost_id = mctx->sc->vhost_id; |
|
119 |
- int i; |
|
120 |
- int have_rsa, have_dsa; |
|
121 |
- |
|
122 |
- rsa_id = ssl_asn1_table_keyfmt(ptemp, vhost_id, SSL_AIDX_RSA); |
|
123 |
- dsa_id = ssl_asn1_table_keyfmt(ptemp, vhost_id, SSL_AIDX_DSA); |
|
124 |
-+ dh_id = apr_pstrcat(ptemp, vhost_id, ":", "DH", NULL); |
|
125 |
- |
|
126 |
- have_rsa = ssl_server_import_cert(s, mctx, rsa_id, SSL_AIDX_RSA); |
|
127 |
- have_dsa = ssl_server_import_cert(s, mctx, dsa_id, SSL_AIDX_DSA); |
|
128 |
-+ (void)ssl_server_import_dhparams(s, mctx, dh_id); |
|
129 |
- |
|
130 |
- if (!(have_rsa || have_dsa)) { |
|
131 |
- ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, |
|
132 |
-@@ -1265,6 +1303,7 @@ |
|
133 |
- MODSSL_CFG_ITEM_FREE(EVP_PKEY_free, |
|
134 |
- mctx->pks->keys[i]); |
|
135 |
- } |
|
136 |
-+ MODSSL_CFG_ITEM_FREE(DH_free, mctx->pks->dhparams); |
|
137 |
- } |
|
138 |
- |
|
139 |
- apr_status_t ssl_init_ModuleKill(void *data) |
|
140 |
-diff -ru httpd-2.2.14.orig/modules/ssl/ssl_engine_pphrase.c httpd-2.2.14.new/modules/ssl/ssl_engine_pphrase.c |
|
141 |
---- httpd-2.2.14.orig/modules/ssl/ssl_engine_pphrase.c 2009-09-16 22:06:05.000000000 +0200 |
|
142 |
-+++ httpd-2.2.14.new/modules/ssl/ssl_engine_pphrase.c 2010-07-06 11:56:50.897588899 +0200 |
|
143 |
-@@ -144,6 +144,7 @@ |
|
144 |
- unsigned char *ucp; |
|
145 |
- long int length; |
|
146 |
- X509 *pX509Cert; |
|
147 |
-+ DH *pDHParams; |
|
148 |
- BOOL bReadable; |
|
149 |
- apr_array_header_t *aPassPhrase; |
|
150 |
- int nPassPhrase; |
|
151 |
-@@ -192,8 +193,10 @@ |
|
152 |
- pServ->defn_name, pServ->defn_line_number); |
|
153 |
- ssl_die(); |
|
154 |
- } |
|
155 |
-+ |
|
156 |
- algoCert = SSL_ALGO_UNKNOWN; |
|
157 |
- algoKey = SSL_ALGO_UNKNOWN; |
|
158 |
-+ |
|
159 |
- for (i = 0, j = 0; i < SSL_AIDX_MAX && sc->server->pks->cert_files[i] != NULL; i++) { |
|
160 |
- |
|
161 |
- apr_cpystrn(szPath, sc->server->pks->cert_files[i], sizeof(szPath)); |
|
162 |
-@@ -517,6 +520,45 @@ |
|
163 |
- */ |
|
164 |
- EVP_PKEY_free(pPrivateKey); |
|
165 |
- } |
|
166 |
-+ |
|
167 |
-+ /* |
|
168 |
-+ * Read in Diffie-Hellman parameters file if such a file is |
|
169 |
-+ * specified. |
|
170 |
-+ */ |
|
171 |
-+ if (sc->server->pks->dhparams_file) { |
|
172 |
-+ apr_cpystrn(szPath, sc->server->pks->dhparams_file, sizeof(szPath)); |
|
173 |
-+ if ((rv = exists_and_readable(szPath, p, NULL)) != APR_SUCCESS) { |
|
174 |
-+ ap_log_error(APLOG_MARK, APLOG_ERR, rv, s, |
|
175 |
-+ "Init: Can't open server Diffie-Hellman parameters file %s", |
|
176 |
-+ szPath); |
|
177 |
-+ ssl_die(); |
|
178 |
-+ } |
|
179 |
-+ if ((pDHParams = SSL_read_DHparams(szPath, NULL, NULL)) == NULL) { |
|
180 |
-+ ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, |
|
181 |
-+ "Init: Unable to read server Diffie-Hellman parameters from file %s", szPath); |
|
182 |
-+ ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s); |
|
183 |
-+ ssl_die(); |
|
184 |
-+ } |
|
185 |
-+ |
|
186 |
-+ /* |
|
187 |
-+ * Insert the DH params into global module configuration |
|
188 |
-+ * to let it survive the processing between the 1st Apache |
|
189 |
-+ * API init round (where we operate here) and the 2nd |
|
190 |
-+ * Apache init round (where it will be actually used to |
|
191 |
-+ * configure mod_ssl's per-server configuration |
|
192 |
-+ * structures). |
|
193 |
-+ */ |
|
194 |
-+ cp = asn1_table_vhost_key(mc, p, cpVHostID, "DH"); |
|
195 |
-+ length = i2d_DHparams(pDHParams, NULL); |
|
196 |
-+ ucp = ssl_asn1_table_set(mc->tDHParams, cp, length); |
|
197 |
-+ (void)i2d_DHparams(pDHParams, &ucp); /* 2nd arg increments */ |
|
198 |
-+ |
|
199 |
-+ /* |
|
200 |
-+ * Free the DH structure |
|
201 |
-+ */ |
|
202 |
-+ DH_free(pDHParams); |
|
203 |
-+ } |
|
204 |
-+ |
|
205 |
- } |
|
206 |
- |
|
207 |
- /* |
|
208 |
-diff -ru httpd-2.2.14.orig/modules/ssl/ssl_private.h httpd-2.2.14.new/modules/ssl/ssl_private.h |
|
209 |
---- httpd-2.2.14.orig/modules/ssl/ssl_private.h 2009-05-19 13:44:59.000000000 +0200 |
|
210 |
-+++ httpd-2.2.14.new/modules/ssl/ssl_private.h 2010-07-06 11:56:50.897588899 +0200 |
|
211 |
-@@ -378,6 +378,7 @@ |
|
212 |
- void *pTmpKeys[SSL_TMP_KEY_MAX]; |
|
213 |
- apr_hash_t *tPublicCert; |
|
214 |
- apr_hash_t *tPrivateKey; |
|
215 |
-+ apr_hash_t *tDHParams; |
|
216 |
- #if defined(HAVE_OPENSSL_ENGINE_H) && defined(HAVE_ENGINE_INIT) |
|
217 |
- const char *szCryptoDevice; |
|
218 |
- #endif |
|
219 |
-@@ -394,8 +395,10 @@ |
|
220 |
- */ |
|
221 |
- const char *cert_files[SSL_AIDX_MAX]; |
|
222 |
- const char *key_files[SSL_AIDX_MAX]; |
|
223 |
-+ const char *dhparams_file; |
|
224 |
- X509 *certs[SSL_AIDX_MAX]; |
|
225 |
- EVP_PKEY *keys[SSL_AIDX_MAX]; |
|
226 |
-+ DH *dhparams; |
|
227 |
- |
|
228 |
- /** Certificates which specify the set of CA names which should be |
|
229 |
- * sent in the CertificateRequest message: */ |
|
230 |
-@@ -510,6 +513,7 @@ |
|
231 |
- const char *ssl_cmd_SSLRandomSeed(cmd_parms *, void *, const char *, const char *, const char *); |
|
232 |
- const char *ssl_cmd_SSLEngine(cmd_parms *, void *, const char *); |
|
233 |
- const char *ssl_cmd_SSLCipherSuite(cmd_parms *, void *, const char *); |
|
234 |
-+const char *ssl_cmd_SSLDHParametersFile(cmd_parms *, void *, const char *); |
|
235 |
- const char *ssl_cmd_SSLCertificateFile(cmd_parms *, void *, const char *); |
|
236 |
- const char *ssl_cmd_SSLCertificateKeyFile(cmd_parms *, void *, const char *); |
|
237 |
- const char *ssl_cmd_SSLCertificateChainFile(cmd_parms *, void *, const char *); |
|
238 |
-diff -ru httpd-2.2.14.orig/modules/ssl/ssl_toolkit_compat.h httpd-2.2.14.new/modules/ssl/ssl_toolkit_compat.h |
|
239 |
---- httpd-2.2.14.orig/modules/ssl/ssl_toolkit_compat.h 2009-05-19 13:44:59.000000000 +0200 |
|
240 |
-+++ httpd-2.2.14.new/modules/ssl/ssl_toolkit_compat.h 2010-07-06 11:56:50.897588899 +0200 |
|
241 |
-@@ -100,9 +100,11 @@ |
|
242 |
- #if (OPENSSL_VERSION_NUMBER >= 0x00908000) |
|
243 |
- # define MODSSL_D2I_PrivateKey_CONST const |
|
244 |
- # define MODSSL_D2I_X509_CONST const |
|
245 |
-+# define MODSSL_D2I_DHparams_CONST const |
|
246 |
- #else |
|
247 |
- # define MODSSL_D2I_PrivateKey_CONST |
|
248 |
- # define MODSSL_D2I_X509_CONST |
|
249 |
-+# define MODSSL_D2I_DHparams_CONST |
|
250 |
- #endif |
|
251 |
- |
|
252 |
- #if (OPENSSL_VERSION_NUMBER >= 0x00909000) |
|
253 |
-@@ -117,8 +119,10 @@ |
|
254 |
- |
|
255 |
- #if (OPENSSL_VERSION_NUMBER < 0x00904000) |
|
256 |
- #define modssl_PEM_read_bio_X509(b, x, cb, arg) PEM_read_bio_X509(b, x, cb) |
|
257 |
-+#define modssl_PEM_read_bio_DHparams(b, x, cb, arg) PEM_read_bio_DHparams(b, x, cb) |
|
258 |
- #else |
|
259 |
- #define modssl_PEM_read_bio_X509(b, x, cb, arg) PEM_read_bio_X509(b, x, cb, arg) |
|
260 |
-+#define modssl_PEM_read_bio_DHparams(b, x, cb, arg) PEM_read_bio_DHparams(b, x, cb, arg) |
|
261 |
- #endif |
|
262 |
- |
|
263 |
- #define modssl_PEM_X509_INFO_read_bio PEM_X509_INFO_read_bio |
|
264 |
-diff -ru httpd-2.2.14.orig/modules/ssl/ssl_util_ssl.c httpd-2.2.14.new/modules/ssl/ssl_util_ssl.c |
|
265 |
---- httpd-2.2.14.orig/modules/ssl/ssl_util_ssl.c 2009-08-06 09:28:47.000000000 +0200 |
|
266 |
-+++ httpd-2.2.14.new/modules/ssl/ssl_util_ssl.c 2010-07-06 11:56:50.897588899 +0200 |
|
267 |
-@@ -115,6 +115,47 @@ |
|
268 |
- return rc; |
|
269 |
- } |
|
270 |
- |
|
271 |
-+DH *SSL_read_DHparams(char* filename, DH **DHparams, modssl_read_bio_cb_fn *cb) |
|
272 |
-+{ |
|
273 |
-+ DH *rc; |
|
274 |
-+ BIO *bioS; |
|
275 |
-+ BIO *bioF; |
|
276 |
-+ |
|
277 |
-+ /* 1. try PEM (= DER+Base64+headers) */ |
|
278 |
-+ if ((bioS=BIO_new_file(filename, "r")) == NULL) |
|
279 |
-+ return NULL; |
|
280 |
-+ rc = modssl_PEM_read_bio_DHparams (bioS, DHparams, cb, NULL); |
|
281 |
-+ BIO_free(bioS); |
|
282 |
-+ |
|
283 |
-+ if (rc == NULL) { |
|
284 |
-+ /* 2. try DER+Base64 */ |
|
285 |
-+ if ((bioS=BIO_new_file(filename, "r")) == NULL) |
|
286 |
-+ return NULL; |
|
287 |
-+ |
|
288 |
-+ if ((bioF = BIO_new(BIO_f_base64())) == NULL) { |
|
289 |
-+ BIO_free(bioS); |
|
290 |
-+ return NULL; |
|
291 |
-+ } |
|
292 |
-+ bioS = BIO_push(bioF, bioS); |
|
293 |
-+ rc = d2i_DHparams_bio(bioS, NULL); |
|
294 |
-+ BIO_free_all(bioS); |
|
295 |
-+ |
|
296 |
-+ if (rc == NULL) { |
|
297 |
-+ /* 3. try plain DER */ |
|
298 |
-+ if ((bioS=BIO_new_file(filename, "r")) == NULL) |
|
299 |
-+ return NULL; |
|
300 |
-+ rc = d2i_DHparams_bio(bioS, NULL); |
|
301 |
-+ BIO_free(bioS); |
|
302 |
-+ } |
|
303 |
-+ } |
|
304 |
-+ if (rc != NULL && DHparams != NULL) { |
|
305 |
-+ if (*DHparams != NULL) |
|
306 |
-+ DH_free(*DHparams); |
|
307 |
-+ *DHparams = rc; |
|
308 |
-+ } |
|
309 |
-+ return rc; |
|
310 |
-+} |
|
311 |
-+ |
|
312 |
- #if SSL_LIBRARY_VERSION <= 0x00904100 |
|
313 |
- static EVP_PKEY *d2i_PrivateKey_bio(BIO *bio, EVP_PKEY **key) |
|
314 |
- { |
... | ... |
@@ -1,128 +0,0 @@ |
1 |
-Index: modules/ssl/ssl_private.h |
|
2 |
-=================================================================== |
|
3 |
---- modules/ssl/ssl_private.h (revision 1395230) |
|
4 |
-+++ modules/ssl/ssl_private.h (revision 1395231) |
|
5 |
-@@ -64,6 +64,11 @@ |
|
6 |
- #define HAVE_TLSV1_X |
|
7 |
- #endif |
|
8 |
- |
|
9 |
-+#if !defined(OPENSSL_NO_COMP) && !defined(SSL_OP_NO_COMPRESSION) \ |
|
10 |
-+ && OPENSSL_VERSION_NUMBER < 0x00908000L |
|
11 |
-+#define OPENSSL_NO_COMP |
|
12 |
-+#endif |
|
13 |
-+ |
|
14 |
- #include "ssl_util_ssl.h" |
|
15 |
- |
|
16 |
- /** The #ifdef macros are only defined AFTER including the above |
|
17 |
-@@ -504,6 +509,9 @@ |
|
18 |
- #ifdef HAVE_FIPS |
|
19 |
- BOOL fips; |
|
20 |
- #endif |
|
21 |
-+#ifndef OPENSSL_NO_COMP |
|
22 |
-+ BOOL compression; |
|
23 |
-+#endif |
|
24 |
- }; |
|
25 |
- |
|
26 |
- /** |
|
27 |
-@@ -560,6 +568,7 @@ |
|
28 |
- const char *ssl_cmd_SSLCARevocationPath(cmd_parms *, void *, const char *); |
|
29 |
- const char *ssl_cmd_SSLCARevocationFile(cmd_parms *, void *, const char *); |
|
30 |
- const char *ssl_cmd_SSLHonorCipherOrder(cmd_parms *cmd, void *dcfg, int flag); |
|
31 |
-+const char *ssl_cmd_SSLCompression(cmd_parms *, void *, int flag); |
|
32 |
- const char *ssl_cmd_SSLVerifyClient(cmd_parms *, void *, const char *); |
|
33 |
- const char *ssl_cmd_SSLVerifyDepth(cmd_parms *, void *, const char *); |
|
34 |
- const char *ssl_cmd_SSLSessionCache(cmd_parms *, void *, const char *); |
|
35 |
-Index: modules/ssl/ssl_engine_init.c |
|
36 |
-=================================================================== |
|
37 |
---- modules/ssl/ssl_engine_init.c (revision 1395230) |
|
38 |
-+++ modules/ssl/ssl_engine_init.c (revision 1395231) |
|
39 |
-@@ -533,6 +533,18 @@ |
|
40 |
- } |
|
41 |
- #endif |
|
42 |
- |
|
43 |
-+ |
|
44 |
-+#ifndef OPENSSL_NO_COMP |
|
45 |
-+ if (sc->compression == FALSE) { |
|
46 |
-+#ifdef SSL_OP_NO_COMPRESSION |
|
47 |
-+ /* OpenSSL >= 1.0 only */ |
|
48 |
-+ SSL_CTX_set_options(ctx, SSL_OP_NO_COMPRESSION); |
|
49 |
-+#elif OPENSSL_VERSION_NUMBER >= 0x00908000L |
|
50 |
-+ sk_SSL_COMP_zero(SSL_COMP_get_compression_methods()); |
|
51 |
-+#endif |
|
52 |
-+ } |
|
53 |
-+#endif |
|
54 |
-+ |
|
55 |
- #ifdef SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION |
|
56 |
- if (sc->insecure_reneg == TRUE) { |
|
57 |
- SSL_CTX_set_options(ctx, SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION); |
|
58 |
-Index: modules/ssl/ssl_engine_config.c |
|
59 |
-=================================================================== |
|
60 |
---- modules/ssl/ssl_engine_config.c (revision 1395230) |
|
61 |
-+++ modules/ssl/ssl_engine_config.c (revision 1395231) |
|
62 |
-@@ -180,6 +180,9 @@ |
|
63 |
- #ifdef HAVE_FIPS |
|
64 |
- sc->fips = UNSET; |
|
65 |
- #endif |
|
66 |
-+#ifndef OPENSSL_NO_COMP |
|
67 |
-+ sc->compression = UNSET; |
|
68 |
-+#endif |
|
69 |
- |
|
70 |
- modssl_ctx_init_proxy(sc, p); |
|
71 |
- |
|
72 |
-@@ -278,6 +281,9 @@ |
|
73 |
- #ifdef HAVE_FIPS |
|
74 |
- cfgMergeBool(fips); |
|
75 |
- #endif |
|
76 |
-+#ifndef OPENSSL_NO_COMP |
|
77 |
-+ cfgMergeBool(compression); |
|
78 |
-+#endif |
|
79 |
- |
|
80 |
- modssl_ctx_cfg_merge_proxy(base->proxy, add->proxy, mrg->proxy); |
|
81 |
- |
|
82 |
-@@ -711,6 +717,23 @@ |
|
83 |
- |
|
84 |
- } |
|
85 |
- |
|
86 |
-+const char *ssl_cmd_SSLCompression(cmd_parms *cmd, void *dcfg, int flag) |
|
87 |
-+{ |
|
88 |
-+#if !defined(OPENSSL_NO_COMP) |
|
89 |
-+ SSLSrvConfigRec *sc = mySrvConfig(cmd->server); |
|
90 |
-+#ifndef SSL_OP_NO_COMPRESSION |
|
91 |
-+ const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY); |
|
92 |
-+ if (err) |
|
93 |
-+ return "This version of openssl does not support configuring " |
|
94 |
-+ "compression within <VirtualHost> sections."; |
|
95 |
-+#endif |
|
96 |
-+ sc->compression = flag ? TRUE : FALSE; |
|
97 |
-+ return NULL; |
|
98 |
-+#else |
|
99 |
-+ return "Setting Compression mode unsupported; not implemented by the SSL library"; |
|
100 |
-+#endif |
|
101 |
-+} |
|
102 |
-+ |
|
103 |
- const char *ssl_cmd_SSLHonorCipherOrder(cmd_parms *cmd, void *dcfg, int flag) |
|
104 |
- { |
|
105 |
- #ifdef SSL_OP_CIPHER_SERVER_PREFERENCE |
|
106 |
-Index: modules/ssl/mod_ssl.c |
|
107 |
-=================================================================== |
|
108 |
---- modules/ssl/mod_ssl.c (revision 1395230) |
|
109 |
-+++ modules/ssl/mod_ssl.c (revision 1395231) |
|
110 |
-@@ -156,6 +156,9 @@ |
|
111 |
- "('[+-][" SSL_PROTOCOLS "] ...' - see manual)") |
|
112 |
- SSL_CMD_SRV(HonorCipherOrder, FLAG, |
|
113 |
- "Use the server's cipher ordering preference") |
|
114 |
-+ SSL_CMD_SRV(Compression, FLAG, |
|
115 |
-+ "Enable SSL level compression" |
|
116 |
-+ "(`on', `off')") |
|
117 |
- SSL_CMD_SRV(InsecureRenegotiation, FLAG, |
|
118 |
- "Enable support for insecure renegotiation") |
|
119 |
- SSL_CMD_ALL(UserName, TAKE1, |
|
120 |
-Index: . |
|
121 |
-=================================================================== |
|
122 |
---- . (revision 1395230) |
|
123 |
-+++ . (revision 1395231) |
|
124 |
- |
|
125 |
-Property changes on: . |
|
126 |
-___________________________________________________________________ |
|
127 |
-Modified: svn:mergeinfo |
|
128 |
- Merged /httpd/httpd/trunk:r1345319,1348656 |
... | ... |
@@ -1,331 +0,0 @@ |
1 |
-diff -Naur httpd-2.4.3/modules/ssl/mod_ssl.c httpd-2.4.3-dh/modules/ssl/mod_ssl.c |
|
2 |
---- httpd-2.4.3/modules/ssl/mod_ssl.c 2012-08-05 15:48:40.000000000 +0200 |
|
3 |
-+++ httpd-2.4.3-dh/modules/ssl/mod_ssl.c 2012-10-23 16:10:39.905810300 +0200 |
|
4 |
-@@ -88,6 +88,9 @@ |
|
5 |
- SSL_CMD_SRV(CertificateKeyFile, TAKE1, |
|
6 |
- "SSL Server Private Key file " |
|
7 |
- "('/path/to/file' - PEM or DER encoded)") |
|
8 |
-+ SSL_CMD_SRV(DHParametersFile, TAKE1, |
|
9 |
-+ "SSL Server Diffie-Hellman parameters file " |
|
10 |
-+ "(`/path/to/file' - PEM or DER encoded)") |
|
11 |
- SSL_CMD_SRV(CertificateChainFile, TAKE1, |
|
12 |
- "SSL Server CA Certificate Chain file " |
|
13 |
- "('/path/to/file' - PEM encoded)") |
|
14 |
-diff -Naur httpd-2.4.3/modules/ssl/ssl_engine_config.c httpd-2.4.3-dh/modules/ssl/ssl_engine_config.c |
|
15 |
---- httpd-2.4.3/modules/ssl/ssl_engine_config.c 2012-08-05 15:48:40.000000000 +0200 |
|
16 |
-+++ httpd-2.4.3-dh/modules/ssl/ssl_engine_config.c 2012-10-23 16:10:39.907810276 +0200 |
|
17 |
-@@ -67,6 +67,7 @@ |
|
18 |
- mc->tVHostKeys = apr_hash_make(pool); |
|
19 |
- mc->tPrivateKey = apr_hash_make(pool); |
|
20 |
- mc->tPublicCert = apr_hash_make(pool); |
|
21 |
-+ mc->tDHParams = apr_hash_make(pool); |
|
22 |
- #if defined(HAVE_OPENSSL_ENGINE_H) && defined(HAVE_ENGINE_INIT) |
|
23 |
- mc->szCryptoDevice = NULL; |
|
24 |
- #endif |
|
25 |
-@@ -182,6 +183,9 @@ |
|
26 |
- |
|
27 |
- /* mctx->pks->... certs/keys are set during module init */ |
|
28 |
- |
|
29 |
-+ mctx->pks->dhparams_file = NULL; |
|
30 |
-+ mctx->pks->dhparams = NULL; |
|
31 |
-+ |
|
32 |
- #ifdef HAVE_TLS_SESSION_TICKETS |
|
33 |
- mctx->ticket_key = apr_pcalloc(p, sizeof(*mctx->ticket_key)); |
|
34 |
- #endif |
|
35 |
-@@ -302,6 +306,7 @@ |
|
36 |
- |
|
37 |
- cfgMergeString(pks->ca_name_path); |
|
38 |
- cfgMergeString(pks->ca_name_file); |
|
39 |
-+ cfgMergeString(pks->dhparams_file); |
|
40 |
- |
|
41 |
- #ifdef HAVE_TLS_SESSION_TICKETS |
|
42 |
- cfgMergeString(ticket_key->file_path); |
|
43 |
-@@ -783,6 +788,22 @@ |
|
44 |
- |
|
45 |
- return NULL; |
|
46 |
- } |
|
47 |
-+ |
|
48 |
-+const char *ssl_cmd_SSLDHParametersFile(cmd_parms *cmd, |
|
49 |
-+ void *dcfg, |
|
50 |
-+ const char *arg) |
|
51 |
-+{ |
|
52 |
-+ SSLSrvConfigRec *sc = mySrvConfig(cmd->server); |
|
53 |
-+ const char *err; |
|
54 |
-+ |
|
55 |
-+ if ((err = ssl_cmd_check_file(cmd, &arg))) { |
|
56 |
-+ return err; |
|
57 |
-+ } |
|
58 |
-+ |
|
59 |
-+ sc->server->pks->dhparams_file = arg; |
|
60 |
-+ |
|
61 |
-+ return NULL; |
|
62 |
-+} |
|
63 |
- |
|
64 |
- const char *ssl_cmd_SSLCertificateKeyFile(cmd_parms *cmd, |
|
65 |
- void *dcfg, |
|
66 |
-diff -Naur httpd-2.4.3/modules/ssl/ssl_engine_init.c httpd-2.4.3-dh/modules/ssl/ssl_engine_init.c |
|
67 |
---- httpd-2.4.3/modules/ssl/ssl_engine_init.c 2012-08-05 15:48:40.000000000 +0200 |
|
68 |
-+++ httpd-2.4.3-dh/modules/ssl/ssl_engine_init.c 2012-10-23 16:11:28.481213388 +0200 |
|
69 |
-@@ -962,6 +962,42 @@ |
|
70 |
- } |
|
71 |
- } |
|
72 |
- |
|
73 |
-+static int ssl_server_import_dhparams(server_rec *s, |
|
74 |
-+ modssl_ctx_t *mctx, |
|
75 |
-+ const char *id) |
|
76 |
-+{ |
|
77 |
-+ SSLModConfigRec *mc = myModConfig(s); |
|
78 |
-+ ssl_asn1_t *asn1; |
|
79 |
-+ MODSSL_D2I_DHparams_CONST unsigned char *ptr; |
|
80 |
-+ DH *dhparams = NULL; |
|
81 |
-+ |
|
82 |
-+ if (!(asn1 = ssl_asn1_table_get(mc->tDHParams, id))) { |
|
83 |
-+ return FALSE; |
|
84 |
-+ } |
|
85 |
-+ |
|
86 |
-+ ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, |
|
87 |
-+ "Configuring server Diffie-Hellman parameters"); |
|
88 |
-+ |
|
89 |
-+ ptr = asn1->cpData; |
|
90 |
-+ if (!(dhparams = d2i_DHparams(NULL, &ptr, asn1->nData))) { |
|
91 |
-+ ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, |
|
92 |
-+ "Unable to import server Diffie-Hellman parameters"); |
|
93 |
-+ ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, s); |
|
94 |
-+ ssl_die(s); |
|
95 |
-+ } |
|
96 |
-+ |
|
97 |
-+ if (SSL_CTX_set_tmp_dh(mctx->ssl_ctx, dhparams) <= 0) { |
|
98 |
-+ ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, |
|
99 |
-+ "Unable to configure server Diffie-Hellman parameters"); |
|
100 |
-+ ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, s); |
|
101 |
-+ ssl_die(s); |
|
102 |
-+ } |
|
103 |
-+ |
|
104 |
-+ mctx->pks->dhparams = dhparams; |
|
105 |
-+ |
|
106 |
-+ return TRUE; |
|
107 |
-+} |
|
108 |
-+ |
|
109 |
- static int ssl_server_import_cert(server_rec *s, |
|
110 |
- modssl_ctx_t *mctx, |
|
111 |
- const char *id, |
|
112 |
-@@ -1169,7 +1205,7 @@ |
|
113 |
- apr_pool_t *ptemp, |
|
114 |
- modssl_ctx_t *mctx) |
|
115 |
- { |
|
116 |
-- const char *rsa_id, *dsa_id; |
|
117 |
-+ const char *rsa_id, *dsa_id, *dh_id; |
|
118 |
- #ifndef OPENSSL_NO_EC |
|
119 |
- const char *ecc_id; |
|
120 |
- #endif |
|
121 |
-@@ -1182,12 +1218,14 @@ |
|
122 |
- |
|
123 |
- rsa_id = ssl_asn1_table_keyfmt(ptemp, vhost_id, SSL_AIDX_RSA); |
|
124 |
- dsa_id = ssl_asn1_table_keyfmt(ptemp, vhost_id, SSL_AIDX_DSA); |
|
125 |
-+ dh_id = apr_pstrcat(ptemp, vhost_id, ":", "DH", NULL); |
|
126 |
- #ifndef OPENSSL_NO_EC |
|
127 |
- ecc_id = ssl_asn1_table_keyfmt(ptemp, vhost_id, SSL_AIDX_ECC); |
|
128 |
- #endif |
|
129 |
- |
|
130 |
- have_rsa = ssl_server_import_cert(s, mctx, rsa_id, SSL_AIDX_RSA); |
|
131 |
- have_dsa = ssl_server_import_cert(s, mctx, dsa_id, SSL_AIDX_DSA); |
|
132 |
-+ (void)ssl_server_import_dhparams(s, mctx, dh_id); |
|
133 |
- #ifndef OPENSSL_NO_EC |
|
134 |
- have_ecc = ssl_server_import_cert(s, mctx, ecc_id, SSL_AIDX_ECC); |
|
135 |
- #endif |
|
136 |
-@@ -1723,6 +1761,7 @@ |
|
137 |
- MODSSL_CFG_ITEM_FREE(EVP_PKEY_free, |
|
138 |
- mctx->pks->keys[i]); |
|
139 |
- } |
|
140 |
-+ MODSSL_CFG_ITEM_FREE(DH_free, mctx->pks->dhparams); |
|
141 |
- } |
|
142 |
- |
|
143 |
- apr_status_t ssl_init_ModuleKill(void *data) |
|
144 |
-diff -Naur httpd-2.4.3/modules/ssl/ssl_engine_pphrase.c httpd-2.4.3-dh/modules/ssl/ssl_engine_pphrase.c |
|
145 |
---- httpd-2.4.3/modules/ssl/ssl_engine_pphrase.c 2012-08-04 23:22:38.000000000 +0200 |
|
146 |
-+++ httpd-2.4.3-dh/modules/ssl/ssl_engine_pphrase.c 2012-10-23 16:16:39.306422234 +0200 |
|
147 |
-@@ -147,6 +147,7 @@ |
|
148 |
- unsigned char *ucp; |
|
149 |
- long int length; |
|
150 |
- X509 *pX509Cert; |
|
151 |
-+ DH *pDHParams; |
|
152 |
- BOOL bReadable; |
|
153 |
- apr_array_header_t *aPassPhrase; |
|
154 |
- int nPassPhrase; |
|
155 |
-@@ -162,6 +163,7 @@ |
|
156 |
- char *an; |
|
157 |
- apr_time_t pkey_mtime = 0; |
|
158 |
- apr_status_t rv; |
|
159 |
-+ const char *dhid; |
|
160 |
- /* |
|
161 |
- * Start with a fresh pass phrase array |
|
162 |
- */ |
|
163 |
-@@ -225,14 +227,14 @@ |
|
164 |
- ap_log_error(APLOG_MARK, APLOG_EMERG, rv, s, APLOGNO(02201) |
|
165 |
- "Init: Can't open server certificate file %s", |
|
166 |
- szPath); |
|
167 |
-- ssl_die(s); |
|
168 |
-+ ssl_die(pServ); |
|
169 |
- } |
|
170 |
- if ((pX509Cert = SSL_read_X509(szPath, NULL, NULL)) == NULL) { |
|
171 |
- ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, APLOGNO(02241) |
|
172 |
- "Init: Unable to read server certificate from" |
|
173 |
- " file %s", szPath); |
|
174 |
- ssl_log_ssl_error(SSLLOG_MARK, APLOG_EMERG, s); |
|
175 |
-- ssl_die(s); |
|
176 |
-+ ssl_die(pServ); |
|
177 |
- } |
|
178 |
- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO(02202) |
|
179 |
- "Init: Read server certificate from '%s'", |
|
180 |
-@@ -550,6 +552,43 @@ |
|
181 |
- */ |
|
182 |
- EVP_PKEY_free(pPrivateKey); |
|
183 |
- } |
|
184 |
-+ /* |
|
185 |
-+ * Read in Diffie-Hellman parameters file if such a file is |
|
186 |
-+ * specified. |
|
187 |
-+ */ |
|
188 |
-+ if (sc->server->pks->dhparams_file) { |
|
189 |
-+ apr_cpystrn(szPath, sc->server->pks->dhparams_file, sizeof(szPath)); |
|
190 |
-+ if ((rv = exists_and_readable(szPath, p, NULL)) != APR_SUCCESS) { |
|
191 |
-+ ap_log_error(APLOG_MARK, APLOG_ERR, rv, s, |
|
192 |
-+ "Init: Can't open server Diffie-Hellman parameters file %s", |
|
193 |
-+ szPath); |
|
194 |
-+ ssl_die(s); |
|
195 |
-+ } |
|
196 |
-+ if ((pDHParams = SSL_read_DHparams(szPath, NULL, NULL)) == NULL) { |
|
197 |
-+ ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, |
|
198 |
-+ "Init: Unable to read server Diffie-Hellman parameters from file %s", szPath); |
|
199 |
-+ ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, s); |
|
200 |
-+ ssl_die(s); |
|
201 |
-+ } |
|
202 |
-+ |
|
203 |
-+ /* |
|
204 |
-+ * Insert the DH params into global module configuration |
|
205 |
-+ * to let it survive the processing between the 1st Apache |
|
206 |
-+ * API init round (where we operate here) and the 2nd |
|
207 |
-+ * Apache init round (where it will be actually used to |
|
208 |
-+ * configure mod_ssl's per-server configuration |
|
209 |
-+ * structures). |
|
210 |
-+ */ |
|
211 |
-+ dhid = asn1_table_vhost_key(mc, p, cpVHostID, "DH"); |
|
212 |
-+ length = i2d_DHparams(pDHParams, NULL); |
|
213 |
-+ ucp = ssl_asn1_table_set(mc->tDHParams, dhid, length); |
|
214 |
-+ (void)i2d_DHparams(pDHParams, &ucp); /* 2nd arg increments */ |
|
215 |
-+ |
|
216 |
-+ /* |
|
217 |
-+ * Free the DH structure |
|
218 |
-+ */ |
|
219 |
-+ DH_free(pDHParams); |
|
220 |
-+ } |
|
221 |
- } |
|
222 |
- |
|
223 |
- /* |
|
224 |
-diff -Naur httpd-2.4.3/modules/ssl/ssl_private.h httpd-2.4.3-dh/modules/ssl/ssl_private.h |
|
225 |
---- httpd-2.4.3/modules/ssl/ssl_private.h 2012-08-05 15:48:40.000000000 +0200 |
|
226 |
-+++ httpd-2.4.3-dh/modules/ssl/ssl_private.h 2012-10-23 16:10:39.911810230 +0200 |
|
227 |
-@@ -121,10 +121,12 @@ |
|
228 |
- #define MODSSL_D2I_ASN1_type_bytes_CONST const |
|
229 |
- #define MODSSL_D2I_PrivateKey_CONST const |
|
230 |
- #define MODSSL_D2I_X509_CONST const |
|
231 |
-+#define MODSSL_D2I_DHparams_CONST const |
|
232 |
- #else |
|
233 |
- #define MODSSL_D2I_ASN1_type_bytes_CONST |
|
234 |
- #define MODSSL_D2I_PrivateKey_CONST |
|
235 |
- #define MODSSL_D2I_X509_CONST |
|
236 |
-+#define MODSSL_D2I_DHparams_CONST |
|
237 |
- #endif |
|
238 |
- |
|
239 |
- #if OPENSSL_VERSION_NUMBER >= 0x00908080 && !defined(OPENSSL_NO_OCSP) \ |
|
240 |
-@@ -535,6 +537,7 @@ |
|
241 |
- * example the string "vhost.example.com:443:RSA". */ |
|
242 |
- apr_hash_t *tPublicCert; |
|
243 |
- apr_hash_t *tPrivateKey; |
|
244 |
-+ apr_hash_t *tDHParams; |
|
245 |
- |
|
246 |
- #if defined(HAVE_OPENSSL_ENGINE_H) && defined(HAVE_ENGINE_INIT) |
|
247 |
- const char *szCryptoDevice; |
|
248 |
-@@ -561,11 +564,13 @@ |
|
249 |
- * unordered lists. */ |
|
250 |
- const char *cert_files[SSL_AIDX_MAX]; |
|
251 |
- const char *key_files[SSL_AIDX_MAX]; |
|
252 |
-+ const char *dhparams_file; |
|
253 |
- /* Loaded certs and keys; these arrays ARE indexed by the |
|
254 |
- * algorithm type, i.e. keys[SSL_AIDX_RSA] maps to the RSA |
|
255 |
- * private key. */ |
|
256 |
- X509 *certs[SSL_AIDX_MAX]; |
|
257 |
- EVP_PKEY *keys[SSL_AIDX_MAX]; |
|
258 |
-+ DH *dhparams; |
|
259 |
- |
|
260 |
- /** Certificates which specify the set of CA names which should be |
|
261 |
- * sent in the CertificateRequest message: */ |
|
262 |
-@@ -723,6 +728,7 @@ |
|
263 |
- const char *ssl_cmd_SSLRandomSeed(cmd_parms *, void *, const char *, const char *, const char *); |
|
264 |
- const char *ssl_cmd_SSLEngine(cmd_parms *, void *, const char *); |
|
265 |
- const char *ssl_cmd_SSLCipherSuite(cmd_parms *, void *, const char *); |
|
266 |
-+const char *ssl_cmd_SSLDHParametersFile(cmd_parms *, void *, const char *); |
|
267 |
- const char *ssl_cmd_SSLCertificateFile(cmd_parms *, void *, const char *); |
|
268 |
- const char *ssl_cmd_SSLCertificateKeyFile(cmd_parms *, void *, const char *); |
|
269 |
- const char *ssl_cmd_SSLCertificateChainFile(cmd_parms *, void *, const char *); |
|
270 |
-diff -Naur httpd-2.4.3/modules/ssl/ssl_util_ssl.c httpd-2.4.3-dh/modules/ssl/ssl_util_ssl.c |
|
271 |
---- httpd-2.4.3/modules/ssl/ssl_util_ssl.c 2012-02-28 13:07:31.000000000 +0100 |
|
272 |
-+++ httpd-2.4.3-dh/modules/ssl/ssl_util_ssl.c 2012-10-23 16:10:39.911810230 +0200 |
|
273 |
-@@ -156,6 +156,47 @@ |
|
274 |
- return rc; |
|
275 |
- } |
|
276 |
- |
|
277 |
-+DH *SSL_read_DHparams(char* filename, DH **DHparams, void *cb) |
|
278 |
-+{ |
|
279 |
-+ DH *rc; |
|
280 |
-+ BIO *bioS; |
|
281 |
-+ BIO *bioF; |
|
282 |
-+ |
|
283 |
-+ /* 1. try PEM (= DER+Base64+headers) */ |
|
284 |
-+ if ((bioS=BIO_new_file(filename, "r")) == NULL) |
|
285 |
-+ return NULL; |
|
286 |
-+ rc = PEM_read_bio_DHparams(bioS, DHparams, cb, NULL); |
|
287 |
-+ BIO_free(bioS); |
|
288 |
-+ |
|
289 |
-+ if (rc == NULL) { |
|
290 |
-+ /* 2. try DER+Base64 */ |
|
291 |
-+ if ((bioS=BIO_new_file(filename, "r")) == NULL) |
|
292 |
-+ return NULL; |
|
293 |
-+ |
|
294 |
-+ if ((bioF = BIO_new(BIO_f_base64())) == NULL) { |
|
295 |
-+ BIO_free(bioS); |
|
296 |
-+ return NULL; |
|
297 |
-+ } |
|
298 |
-+ bioS = BIO_push(bioF, bioS); |
|
299 |
-+ rc = d2i_DHparams_bio(bioS, NULL); |
|
300 |
-+ BIO_free_all(bioS); |
|
301 |
-+ |
|
302 |
-+ if (rc == NULL) { |
|
303 |
-+ /* 3. try plain DER */ |
|
304 |
-+ if ((bioS=BIO_new_file(filename, "r")) == NULL) |
|
305 |
-+ return NULL; |
|
306 |
-+ rc = d2i_DHparams_bio(bioS, NULL); |
|
307 |
-+ BIO_free(bioS); |
|
308 |
-+ } |
|
309 |
-+ } |
|
310 |
-+ if (rc != NULL && DHparams != NULL) { |
|
311 |
-+ if (*DHparams != NULL) |
|
312 |
-+ DH_free(*DHparams); |
|
313 |
-+ *DHparams = rc; |
|
314 |
-+ } |
|
315 |
-+ return rc; |
|
316 |
-+} |
|
317 |
-+ |
|
318 |
- /* _________________________________________________________________ |
|
319 |
- ** |
|
320 |
- ** Smart shutdown |
|
321 |
-diff -Naur httpd-2.4.3/modules/ssl/ssl_util_ssl.h httpd-2.4.3-dh/modules/ssl/ssl_util_ssl.h |
|
322 |
---- httpd-2.4.3/modules/ssl/ssl_util_ssl.h 2012-01-08 11:12:18.000000000 +0100 |
|
323 |
-+++ httpd-2.4.3-dh/modules/ssl/ssl_util_ssl.h 2012-10-23 16:10:39.912810219 +0200 |
|
324 |
-@@ -62,6 +62,7 @@ |
|
325 |
- void SSL_set_app_data2(SSL *, void *); |
|
326 |
- X509 *SSL_read_X509(char *, X509 **, pem_password_cb *); |
|
327 |
- EVP_PKEY *SSL_read_PrivateKey(char *, EVP_PKEY **, pem_password_cb *, void *); |
|
328 |
-+DH *SSL_read_DHparams(char* filename, DH **DHparams, void *cb); |
|
329 |
- int SSL_smart_shutdown(SSL *ssl); |
|
330 |
- BOOL SSL_X509_isSGC(X509 *); |
|
331 |
- BOOL SSL_X509_getBC(X509 *, int *, int *); |
... | ... |
@@ -1,1552 +0,0 @@ |
1 |
-diff -Naur httpd-2.4.6-orig/LAYOUT httpd-2.4.6/LAYOUT |
|
2 |
---- httpd-2.4.6-orig/LAYOUT 2013-10-01 12:20:45.706812951 +0200 |
|
3 |
-+++ httpd-2.4.6/LAYOUT 2013-10-01 12:20:50.988746918 +0200 |
|
4 |
-@@ -108,7 +108,6 @@ |
|
5 |
- mod_ssl.c ............... main source file containing API structures |
|
6 |
- mod_ssl.h ............... common header file of mod_ssl |
|
7 |
- ssl_engine_config.c ..... module configuration handling |
|
8 |
-- ssl_engine_dh.c ......... DSA/DH support |
|
9 |
- ssl_engine_init.c ....... module initialization |
|
10 |
- ssl_engine_io.c ......... I/O support |
|
11 |
- ssl_engine_kernel.c ..... SSL engine kernel |
|
12 |
-diff -Naur httpd-2.4.6-orig/modules/ssl/config.m4 httpd-2.4.6/modules/ssl/config.m4 |
|
13 |
---- httpd-2.4.6-orig/modules/ssl/config.m4 2013-10-01 12:20:45.774812101 +0200 |
|
14 |
-+++ httpd-2.4.6/modules/ssl/config.m4 2013-10-01 12:20:50.989746905 +0200 |
|
15 |
-@@ -20,7 +20,6 @@ |
|
16 |
- ssl_objs="dnl |
|
17 |
- mod_ssl.lo dnl |
|
18 |
- ssl_engine_config.lo dnl |
|
19 |
--ssl_engine_dh.lo dnl |
|
20 |
- ssl_engine_init.lo dnl |
|
21 |
- ssl_engine_io.lo dnl |
|
22 |
- ssl_engine_kernel.lo dnl |
|
23 |
-diff -Naur httpd-2.4.6-orig/modules/ssl/mod_ssl.c httpd-2.4.6/modules/ssl/mod_ssl.c |
|
24 |
---- httpd-2.4.6-orig/modules/ssl/mod_ssl.c 2013-10-01 12:20:45.775812088 +0200 |
|
25 |
-+++ httpd-2.4.6/modules/ssl/mod_ssl.c 2013-10-01 12:20:50.989746905 +0200 |
|
26 |
-@@ -148,7 +148,7 @@ |
|
27 |
- SSL_CMD_SRV(StrictSNIVHostCheck, FLAG, |
|
28 |
- "Strict SNI virtual host checking") |
|
29 |
- |
|
30 |
--#ifndef OPENSSL_NO_SRP |
|
31 |
-+#ifdef HAVE_SRP |
|
32 |
- SSL_CMD_SRV(SRPVerifierFile, TAKE1, |
|
33 |
- "SRP verifier file " |
|
34 |
- "('/path/to/file' - created by srptool)") |
|
35 |
-@@ -471,15 +471,6 @@ |
|
36 |
- |
|
37 |
- sslconn->ssl = ssl; |
|
38 |
- |
|
39 |
-- /* |
|
40 |
-- * Configure callbacks for SSL connection |
|
41 |
-- */ |
|
42 |
-- SSL_set_tmp_rsa_callback(ssl, ssl_callback_TmpRSA); |
|
43 |
-- SSL_set_tmp_dh_callback(ssl, ssl_callback_TmpDH); |
|
44 |
--#ifndef OPENSSL_NO_EC |
|
45 |
-- SSL_set_tmp_ecdh_callback(ssl, ssl_callback_TmpECDH); |
|
46 |
--#endif |
|
47 |
-- |
|
48 |
- SSL_set_verify_result(ssl, X509_V_OK); |
|
49 |
- |
|
50 |
- ssl_io_filter_init(c, r, ssl); |
|
51 |
-diff -Naur httpd-2.4.6-orig/modules/ssl/mod_ssl.dsp httpd-2.4.6/modules/ssl/mod_ssl.dsp |
|
52 |
---- httpd-2.4.6-orig/modules/ssl/mod_ssl.dsp 2013-10-01 12:20:45.775812088 +0200 |
|
53 |
-+++ httpd-2.4.6/modules/ssl/mod_ssl.dsp 2013-10-01 12:20:50.989746905 +0200 |
|
54 |
-@@ -112,10 +112,6 @@ |
|
55 |
- # End Source File |
|
56 |
- # Begin Source File |
|
57 |
- |
|
58 |
--SOURCE=.\ssl_engine_dh.c |
|
59 |
--# End Source File |
|
60 |
--# Begin Source File |
|
61 |
-- |
|
62 |
- SOURCE=.\ssl_engine_init.c |
|
63 |
- # End Source File |
|
64 |
- # Begin Source File |
|
65 |
-diff -Naur httpd-2.4.6-orig/modules/ssl/ssl_engine_config.c httpd-2.4.6/modules/ssl/ssl_engine_config.c |
|
66 |
---- httpd-2.4.6-orig/modules/ssl/ssl_engine_config.c 2013-10-01 12:20:45.776812076 +0200 |
|
67 |
-+++ httpd-2.4.6/modules/ssl/ssl_engine_config.c 2013-10-01 12:20:50.989746905 +0200 |
|
68 |
-@@ -75,8 +75,6 @@ |
|
69 |
- mc->stapling_mutex = NULL; |
|
70 |
- #endif |
|
71 |
- |
|
72 |
-- memset(mc->pTmpKeys, 0, sizeof(mc->pTmpKeys)); |
|
73 |
-- |
|
74 |
- apr_pool_userdata_set(mc, SSL_MOD_CONFIG_KEY, |
|
75 |
- apr_pool_cleanup_null, |
|
76 |
- pool); |
|
77 |
-@@ -150,7 +148,7 @@ |
|
78 |
- mctx->stapling_force_url = NULL; |
|
79 |
- #endif |
|
80 |
- |
|
81 |
--#ifndef OPENSSL_NO_SRP |
|
82 |
-+#ifdef HAVE_SRP |
|
83 |
- mctx->srp_vfile = NULL; |
|
84 |
- mctx->srp_unknown_user_seed = NULL; |
|
85 |
- mctx->srp_vbase = NULL; |
|
86 |
-@@ -208,7 +206,7 @@ |
|
87 |
- sc->proxy_ssl_check_peer_expire = SSL_ENABLED_UNSET; |
|
88 |
- sc->proxy_ssl_check_peer_cn = SSL_ENABLED_UNSET; |
|
89 |
- sc->proxy_ssl_check_peer_name = SSL_ENABLED_UNSET; |
|
90 |
--#ifndef OPENSSL_NO_TLSEXT |
|
91 |
-+#ifdef HAVE_TLSEXT |
|
92 |
- sc->strict_sni_vhost_check = SSL_ENABLED_UNSET; |
|
93 |
- #endif |
|
94 |
- #ifdef HAVE_FIPS |
|
95 |
-@@ -282,7 +280,7 @@ |
|
96 |
- cfgMerge(stapling_force_url, NULL); |
|
97 |
- #endif |
|
98 |
- |
|
99 |
--#ifndef OPENSSL_NO_SRP |
|
100 |
-+#ifdef HAVE_SRP |
|
101 |
- cfgMergeString(srp_vfile); |
|
102 |
- cfgMergeString(srp_unknown_user_seed); |
|
103 |
- #endif |
|
104 |
-@@ -338,7 +336,7 @@ |
|
105 |
- cfgMerge(proxy_ssl_check_peer_expire, SSL_ENABLED_UNSET); |
|
106 |
- cfgMerge(proxy_ssl_check_peer_cn, SSL_ENABLED_UNSET); |
|
107 |
- cfgMerge(proxy_ssl_check_peer_name, SSL_ENABLED_UNSET); |
|
108 |
--#ifndef OPENSSL_NO_TLSEXT |
|
109 |
-+#ifdef HAVE_TLSEXT |
|
110 |
- cfgMerge(strict_sni_vhost_check, SSL_ENABLED_UNSET); |
|
111 |
- #endif |
|
112 |
- #ifdef HAVE_FIPS |
|
113 |
-@@ -645,6 +643,9 @@ |
|
114 |
- SSLSrvConfigRec *sc = mySrvConfig(cmd->server); |
|
115 |
- SSLDirConfigRec *dc = (SSLDirConfigRec *)dcfg; |
|
116 |
- |
|
117 |
-+ /* always disable null and export ciphers */ |
|
118 |
-+ arg = apr_pstrcat(cmd->pool, "!aNULL:!eNULL:!EXP:", arg, NULL); |
|
119 |
-+ |
|
120 |
- if (cmd->path) { |
|
121 |
- dc->szCipherSuite = arg; |
|
122 |
- } |
|
123 |
-@@ -1384,6 +1385,9 @@ |
|
124 |
- { |
|
125 |
- SSLSrvConfigRec *sc = mySrvConfig(cmd->server); |
|
126 |
- |
|
127 |
-+ /* always disable null and export ciphers */ |
|
128 |
-+ arg = apr_pstrcat(cmd->pool, "!aNULL:!eNULL:!EXP:", arg, NULL); |
|
129 |
-+ |
|
130 |
- sc->proxy->auth.cipher_suite = arg; |
|
131 |
- |
|
132 |
- return NULL; |
|
133 |
-@@ -1645,7 +1649,7 @@ |
|
134 |
- |
|
135 |
- const char *ssl_cmd_SSLStrictSNIVHostCheck(cmd_parms *cmd, void *dcfg, int flag) |
|
136 |
- { |
|
137 |
--#ifndef OPENSSL_NO_TLSEXT |
|
138 |
-+#ifdef HAVE_TLSEXT |
|
139 |
- SSLSrvConfigRec *sc = mySrvConfig(cmd->server); |
|
140 |
- |
|
141 |
- sc->strict_sni_vhost_check = flag ? SSL_ENABLED_TRUE : SSL_ENABLED_FALSE; |
|
142 |
-@@ -1804,7 +1808,7 @@ |
|
143 |
- |
|
144 |
- #endif /* HAVE_OCSP_STAPLING */ |
|
145 |
- |
|
146 |
--#ifndef OPENSSL_NO_SRP |
|
147 |
-+#ifdef HAVE_SRP |
|
148 |
- |
|
149 |
- const char *ssl_cmd_SSLSRPVerifierFile(cmd_parms *cmd, void *dcfg, |
|
150 |
- const char *arg) |
|
151 |
-@@ -1828,7 +1832,7 @@ |
|
152 |
- return NULL; |
|
153 |
- } |
|
154 |
- |
|
155 |
--#endif /* OPENSSL_NO_SRP */ |
|
156 |
-+#endif /* HAVE_SRP */ |
|
157 |
- |
|
158 |
- void ssl_hook_ConfigTest(apr_pool_t *pconf, server_rec *s) |
|
159 |
- { |
|
160 |
-diff -Naur httpd-2.4.6-orig/modules/ssl/ssl_engine_dh.c httpd-2.4.6/modules/ssl/ssl_engine_dh.c |
|
161 |
---- httpd-2.4.6-orig/modules/ssl/ssl_engine_dh.c 2013-10-01 12:20:45.777812063 +0200 |
|
162 |
-+++ httpd-2.4.6/modules/ssl/ssl_engine_dh.c 2013-10-01 12:20:50.990746893 +0200 |
|
163 |
-@@ -1,244 +0,0 @@ |
|
164 |
--#if 0 |
|
165 |
--=pod |
|
166 |
--#endif |
|
167 |
-- |
|
168 |
--/* Licensed to the Apache Software Foundation (ASF) under one or more |
|
169 |
-- * contributor license agreements. See the NOTICE file distributed with |
|
170 |
-- * this work for additional information regarding copyright ownership. |
|
171 |
-- * The ASF licenses this file to You under the Apache License, Version 2.0 |
|
172 |
-- * (the "License"); you may not use this file except in compliance with |
|
173 |
-- * the License. You may obtain a copy of the License at |
|
174 |
-- * |
|
175 |
-- * http://www.apache.org/licenses/LICENSE-2.0 |
|
176 |
-- * |
|
177 |
-- * Unless required by applicable law or agreed to in writing, software |
|
178 |
-- * distributed under the License is distributed on an "AS IS" BASIS, |
|
179 |
-- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
|
180 |
-- * See the License for the specific language governing permissions and |
|
181 |
-- * limitations under the License. |
|
182 |
-- */ |
|
183 |
-- |
|
184 |
--/* _ _ |
|
185 |
-- * _ __ ___ ___ __| | ___ ___| | mod_ssl |
|
186 |
-- * | '_ ` _ \ / _ \ / _` | / __/ __| | Apache Interface to OpenSSL |
|
187 |
-- * | | | | | | (_) | (_| | \__ \__ \ | |
|
188 |
-- * |_| |_| |_|\___/ \__,_|___|___/___/_| |
|
189 |
-- * |_____| |
|
190 |
-- * ssl_engine_dh.c |
|
191 |
-- * Diffie-Hellman Built-in Temporary Parameters |
|
192 |
-- */ |
|
193 |
-- |
|
194 |
--#include "ssl_private.h" |
|
195 |
-- |
|
196 |
--/* ----BEGIN GENERATED SECTION-------- */ |
|
197 |
-- |
|
198 |
--/* |
|
199 |
--** Diffie-Hellman-Parameters: (512 bit) |
|
200 |
--** prime: |
|
201 |
--** 00:9f:db:8b:8a:00:45:44:f0:04:5f:17:37:d0:ba: |
|
202 |
--** 2e:0b:27:4c:df:1a:9f:58:82:18:fb:43:53:16:a1: |
|
203 |
--** 6e:37:41:71:fd:19:d8:d8:f3:7c:39:bf:86:3f:d6: |
|
204 |
--** 0e:3e:30:06:80:a3:03:0c:6e:4c:37:57:d0:8f:70: |
|
205 |
--** e6:aa:87:10:33 |
|
206 |
--** generator: 2 (0x2) |
|
207 |
--** Diffie-Hellman-Parameters: (1024 bit) |
|
208 |
--** prime: |
|
209 |
--** 00:d6:7d:e4:40:cb:bb:dc:19:36:d6:93:d3:4a:fd: |
|
210 |
--** 0a:d5:0c:84:d2:39:a4:5f:52:0b:b8:81:74:cb:98: |
|
211 |
--** bc:e9:51:84:9f:91:2e:63:9c:72:fb:13:b4:b4:d7: |
|
212 |
--** 17:7e:16:d5:5a:c1:79:ba:42:0b:2a:29:fe:32:4a: |
|
213 |
--** 46:7a:63:5e:81:ff:59:01:37:7b:ed:dc:fd:33:16: |
|
214 |
--** 8a:46:1a:ad:3b:72:da:e8:86:00:78:04:5b:07:a7: |
|
215 |
--** db:ca:78:74:08:7d:15:10:ea:9f:cc:9d:dd:33:05: |
|
216 |
--** 07:dd:62:db:88:ae:aa:74:7d:e0:f4:d6:e2:bd:68: |
|
217 |
--** b0:e7:39:3e:0f:24:21:8e:b3 |
|
218 |
--** generator: 2 (0x2) |
|
219 |
--*/ |
|
220 |
-- |
|
221 |
--static unsigned char dh512_p[] = { |
|
222 |
-- 0x9F, 0xDB, 0x8B, 0x8A, 0x00, 0x45, 0x44, 0xF0, 0x04, 0x5F, 0x17, 0x37, |
|
223 |
-- 0xD0, 0xBA, 0x2E, 0x0B, 0x27, 0x4C, 0xDF, 0x1A, 0x9F, 0x58, 0x82, 0x18, |
|
224 |
-- 0xFB, 0x43, 0x53, 0x16, 0xA1, 0x6E, 0x37, 0x41, 0x71, 0xFD, 0x19, 0xD8, |
|
225 |
-- 0xD8, 0xF3, 0x7C, 0x39, 0xBF, 0x86, 0x3F, 0xD6, 0x0E, 0x3E, 0x30, 0x06, |
|
226 |
-- 0x80, 0xA3, 0x03, 0x0C, 0x6E, 0x4C, 0x37, 0x57, 0xD0, 0x8F, 0x70, 0xE6, |
|
227 |
-- 0xAA, 0x87, 0x10, 0x33, |
|
228 |
--}; |
|
229 |
--static unsigned char dh512_g[] = { |
|
230 |
-- 0x02, |
|
231 |
--}; |
|
232 |
-- |
|
233 |
--static DH *get_dh512(void) |
|
234 |
--{ |
|
235 |
-- DH *dh; |
|
236 |
-- |
|
237 |
-- if (!(dh = DH_new())) { |
|
238 |
-- return NULL; |
|
239 |
-- } |
|
240 |
-- |
|
241 |
-- dh->p = BN_bin2bn(dh512_p, sizeof(dh512_p), NULL); |
|
242 |
-- dh->g = BN_bin2bn(dh512_g, sizeof(dh512_g), NULL); |
|
243 |
-- if (!(dh->p && dh->g)) { |
|
244 |
-- DH_free(dh); |
|
245 |
-- return NULL; |
|
246 |
-- } |
|
247 |
-- |
|
248 |
-- return dh; |
|
249 |
--} |
|
250 |
-- |
|
251 |
--static unsigned char dh1024_p[] = { |
|
252 |
-- 0xD6, 0x7D, 0xE4, 0x40, 0xCB, 0xBB, 0xDC, 0x19, 0x36, 0xD6, 0x93, 0xD3, |
|
253 |
-- 0x4A, 0xFD, 0x0A, 0xD5, 0x0C, 0x84, 0xD2, 0x39, 0xA4, 0x5F, 0x52, 0x0B, |
|
254 |
-- 0xB8, 0x81, 0x74, 0xCB, 0x98, 0xBC, 0xE9, 0x51, 0x84, 0x9F, 0x91, 0x2E, |
|
255 |
-- 0x63, 0x9C, 0x72, 0xFB, 0x13, 0xB4, 0xB4, 0xD7, 0x17, 0x7E, 0x16, 0xD5, |
|
256 |
-- 0x5A, 0xC1, 0x79, 0xBA, 0x42, 0x0B, 0x2A, 0x29, 0xFE, 0x32, 0x4A, 0x46, |
|
257 |
-- 0x7A, 0x63, 0x5E, 0x81, 0xFF, 0x59, 0x01, 0x37, 0x7B, 0xED, 0xDC, 0xFD, |
|
258 |
-- 0x33, 0x16, 0x8A, 0x46, 0x1A, 0xAD, 0x3B, 0x72, 0xDA, 0xE8, 0x86, 0x00, |
|
259 |
-- 0x78, 0x04, 0x5B, 0x07, 0xA7, 0xDB, 0xCA, 0x78, 0x74, 0x08, 0x7D, 0x15, |
|
260 |
-- 0x10, 0xEA, 0x9F, 0xCC, 0x9D, 0xDD, 0x33, 0x05, 0x07, 0xDD, 0x62, 0xDB, |
|
261 |
-- 0x88, 0xAE, 0xAA, 0x74, 0x7D, 0xE0, 0xF4, 0xD6, 0xE2, 0xBD, 0x68, 0xB0, |
|
262 |
-- 0xE7, 0x39, 0x3E, 0x0F, 0x24, 0x21, 0x8E, 0xB3, |
|
263 |
--}; |
|
264 |
--static unsigned char dh1024_g[] = { |
|
265 |
-- 0x02, |
|
266 |
--}; |
|
267 |
-- |
|
268 |
--static DH *get_dh1024(void) |
|
269 |
--{ |
|
270 |
-- DH *dh; |
|
271 |
-- |
|
272 |
-- if (!(dh = DH_new())) { |
|
273 |
-- return NULL; |
|
274 |
-- } |
|
275 |
-- |
|
276 |
-- dh->p = BN_bin2bn(dh1024_p, sizeof(dh1024_p), NULL); |
|
277 |
-- dh->g = BN_bin2bn(dh1024_g, sizeof(dh1024_g), NULL); |
|
278 |
-- if (!(dh->p && dh->g)) { |
|
279 |
-- DH_free(dh); |
|
280 |
-- return NULL; |
|
281 |
-- } |
|
282 |
-- |
|
283 |
-- return dh; |
|
284 |
--} |
|
285 |
-- |
|
286 |
--/* ----END GENERATED SECTION---------- */ |
|
287 |
-- |
|
288 |
--DH *ssl_dh_GetTmpParam(int nKeyLen) |
|
289 |
--{ |
|
290 |
-- DH *dh; |
|
291 |
-- |
|
292 |
-- if (nKeyLen == 512) |
|
293 |
-- dh = get_dh512(); |
|
294 |
-- else if (nKeyLen == 1024) |
|
295 |
-- dh = get_dh1024(); |
|
296 |
-- else |
|
297 |
-- dh = get_dh1024(); |
|
298 |
-- return dh; |
|
299 |
--} |
|
300 |
-- |
|
301 |
--DH *ssl_dh_GetParamFromFile(char *file) |
|
302 |
--{ |
|
303 |
-- DH *dh = NULL; |
|
304 |
-- BIO *bio; |
|
305 |
-- |
|
306 |
-- if ((bio = BIO_new_file(file, "r")) == NULL) |
|
307 |
-- return NULL; |
|
308 |
-- dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL); |
|
309 |
-- BIO_free(bio); |
|
310 |
-- return (dh); |
|
311 |
--} |
|
312 |
-- |
|
313 |
--/* |
|
314 |
--=cut |
|
315 |
--## |
|
316 |
--## Embedded Perl script for generating the temporary DH parameters |
|
317 |
--## |
|
318 |
-- |
|
319 |
--require 5.003; |
|
320 |
--use strict; |
|
321 |
-- |
|
322 |
--# configuration |
|
323 |
--my $file = $0; |
|
324 |
--my $begin = '----BEGIN GENERATED SECTION--------'; |
|
325 |
--my $end = '----END GENERATED SECTION----------'; |
|
326 |
-- |
|
327 |
--# read ourself and keep a backup |
|
328 |
--open(FP, "<$file") || die; |
|
329 |
--my $source = ''; |
|
330 |
--$source .= $_ while (<FP>); |
|
331 |
--close(FP); |
|
332 |
--open(FP, ">$file.bak") || die; |
|
333 |
--print FP $source; |
|
334 |
--close(FP); |
|
335 |
-- |
|
336 |
--# generate the DH parameters |
|
337 |
--print "1. Generate 512 and 1024 bit Diffie-Hellman parameters (p, g)\n"; |
|
338 |
--my $rand = ''; |
|
339 |
--foreach $file (qw(/var/log/messages /var/adm/messages |
|
340 |
-- /kernel /vmunix /vmlinuz /etc/hosts /etc/resolv.conf)) { |
|
341 |
-- if (-f $file) { |
|
342 |
-- $rand = $file if ($rand eq ''); |
|
343 |
-- $rand .= ":$file" if ($rand ne ''); |
|
344 |
-- } |
|
345 |
--} |
|
346 |
--$rand = "-rand $rand" if ($rand ne ''); |
|
347 |
--system("openssl gendh $rand -out dh512.pem 512"); |
|
348 |
--system("openssl gendh $rand -out dh1024.pem 1024"); |
|
349 |
-- |
|
350 |
--# generate DH param info |
|
351 |
--my $dhinfo = ''; |
|
352 |
--open(FP, "openssl dh -noout -text -in dh512.pem |") || die; |
|
353 |
--$dhinfo .= $_ while (<FP>); |
|
354 |
--close(FP); |
|
355 |
--open(FP, "openssl dh -noout -text -in dh1024.pem |") || die; |
|
356 |
--$dhinfo .= $_ while (<FP>); |
|
357 |
--close(FP); |
|
358 |
--$dhinfo =~ s|^|** |mg; |
|
359 |
--$dhinfo = "\n\/\*\n$dhinfo\*\/\n\n"; |
|
360 |
-- |
|
361 |
--my $indent_args = "-i4 -npsl -di0 -br -nce -d0 -cli0 -npcs -nfc1"; |
|
362 |
-- |
|
363 |
--# generate C source from DH params |
|
364 |
--my $dhsource = ''; |
|
365 |
--open(FP, "openssl dh -noout -C -in dh512.pem | indent $indent_args | expand |") || die; |
|
366 |
--$dhsource .= $_ while (<FP>); |
|
367 |
--close(FP); |
|
368 |
--open(FP, "openssl dh -noout -C -in dh1024.pem | indent $indent_args | expand |") || die; |
|
369 |
--$dhsource .= $_ while (<FP>); |
|
370 |
--close(FP); |
|
371 |
--$dhsource =~ s|(DH\s+\*get_dh)(\d+)[^}]*\n}|static $1$2(void) |
|
372 |
--{ |
|
373 |
-- DH *dh; |
|
374 |
-- |
|
375 |
-- if (!(dh = DH_new())) { |
|
376 |
-- return NULL; |
|
377 |
-- } |
|
378 |
-- |
|
379 |
-- dh->p = BN_bin2bn(dh$2_p, sizeof(dh$2_p), NULL); |
|
380 |
-- dh->g = BN_bin2bn(dh$2_g, sizeof(dh$2_g), NULL); |
|
381 |
-- if (!(dh->p && dh->g)) { |
|
382 |
-- DH_free(dh); |
|
383 |
-- return NULL; |
|
384 |
-- } |
|
385 |
-- |
|
386 |
-- return dh; |
|
387 |
--} |
|
388 |
--|sg; |
|
389 |
-- |
|
390 |
--# generate output |
|
391 |
--my $o = $dhinfo . $dhsource; |
|
392 |
-- |
|
393 |
--# insert the generated code at the target location |
|
394 |
--$source =~ s|(\/\* $begin.+?\n).*\n(.*?\/\* $end)|$1$o$2|s; |
|
395 |
-- |
|
396 |
--# and update the source on disk |
|
397 |
--print "Updating file `$file'\n"; |
|
398 |
--open(FP, ">$file") || die; |
|
399 |
--print FP $source; |
|
400 |
--close(FP); |
|
401 |
-- |
|
402 |
--# cleanup |
|
403 |
--unlink("dh512.pem"); |
|
404 |
--unlink("dh1024.pem"); |
|
405 |
-- |
|
406 |
--=pod |
|
407 |
--*/ |
|
408 |
-diff -Naur httpd-2.4.6-orig/modules/ssl/ssl_engine_init.c httpd-2.4.6/modules/ssl/ssl_engine_init.c |
|
409 |
---- httpd-2.4.6-orig/modules/ssl/ssl_engine_init.c 2013-10-01 12:20:45.777812063 +0200 |
|
410 |
-+++ httpd-2.4.6/modules/ssl/ssl_engine_init.c 2013-10-01 12:20:50.990746893 +0200 |
|
411 |
-@@ -35,7 +35,7 @@ |
|
412 |
- ** _________________________________________________________________ |
|
413 |
- */ |
|
414 |
- |
|
415 |
--#ifndef OPENSSL_NO_EC |
|
416 |
-+#ifdef HAVE_ECC |
|
417 |
- #define KEYTYPES "RSA, DSA or ECC" |
|
418 |
- #else |
|
419 |
- #define KEYTYPES "RSA or DSA" |
|
420 |
-@@ -56,180 +56,6 @@ |
|
421 |
- modver, AP_SERVER_BASEVERSION, incver); |
|
422 |
- } |
|
423 |
- |
|
424 |
-- |
|
425 |
--/* |
|
426 |
-- * Handle the Temporary RSA Keys and DH Params |
|
427 |
-- */ |
|
428 |
-- |
|
429 |
--#define MODSSL_TMP_KEY_FREE(mc, type, idx) \ |
|
430 |
-- if (mc->pTmpKeys[idx]) { \ |
|
431 |
-- type##_free((type *)mc->pTmpKeys[idx]); \ |
|
432 |
-- mc->pTmpKeys[idx] = NULL; \ |
|
433 |
-- } |
|
434 |
-- |
|
435 |
--#define MODSSL_TMP_KEYS_FREE(mc, type) \ |
|
436 |
-- MODSSL_TMP_KEY_FREE(mc, type, SSL_TMP_KEY_##type##_512); \ |
|
437 |
-- MODSSL_TMP_KEY_FREE(mc, type, SSL_TMP_KEY_##type##_1024) |
|
438 |
-- |
|
439 |
--static void ssl_tmp_keys_free(server_rec *s) |
|
440 |
--{ |
|
441 |
-- SSLModConfigRec *mc = myModConfig(s); |
|
442 |
-- |
|
443 |
-- MODSSL_TMP_KEYS_FREE(mc, RSA); |
|
444 |
-- MODSSL_TMP_KEYS_FREE(mc, DH); |
|
445 |
--#ifndef OPENSSL_NO_EC |
|
446 |
-- MODSSL_TMP_KEY_FREE(mc, EC_KEY, SSL_TMP_KEY_EC_256); |
|
447 |
--#endif |
|
448 |
--} |
|
449 |
-- |
|
450 |
--static int ssl_tmp_key_init_rsa(server_rec *s, |
|
451 |
-- int bits, int idx) |
|
452 |
--{ |
|
453 |
-- SSLModConfigRec *mc = myModConfig(s); |
|
454 |
-- |
|
455 |
--#ifdef HAVE_FIPS |
|
456 |
-- |
|
457 |
-- if (FIPS_mode() && bits < 1024) { |
|
458 |
-- mc->pTmpKeys[idx] = NULL; |
|
459 |
-- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO(01877) |
|
460 |
-- "Init: Skipping generating temporary " |
|
461 |
-- "%d bit RSA private key in FIPS mode", bits); |
|
462 |
-- return OK; |
|
463 |
-- } |
|
464 |
-- |
|
465 |
--#endif |
|
466 |
--#ifdef HAVE_GENERATE_EX |
|
467 |
-- { |
|
468 |
-- RSA *tkey; |
|
469 |
-- BIGNUM *bn_f4; |
|
470 |
-- if (!(tkey = RSA_new()) |
|
471 |
-- || !(bn_f4 = BN_new()) |
|
472 |
-- || !BN_set_word(bn_f4, RSA_F4) |
|
473 |
-- || !RSA_generate_key_ex(tkey, bits, bn_f4, NULL)) |
|
474 |
-- { |
|
475 |
-- ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, APLOGNO(01878) |
|
476 |
-- "Init: Failed to generate temporary " |
|
477 |
-- "%d bit RSA private key", bits); |
|
478 |
-- ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, s); |
|
479 |
-- return !OK; |
|
480 |
-- } |
|
481 |
-- BN_free(bn_f4); |
|
482 |
-- mc->pTmpKeys[idx] = tkey; |
|
483 |
-- } |
|
484 |
--#else |
|
485 |
-- if (!(mc->pTmpKeys[idx] = |
|
486 |
-- RSA_generate_key(bits, RSA_F4, NULL, NULL))) |
|
487 |
-- { |
|
488 |
-- ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, APLOGNO(01879) |
|
489 |
-- "Init: Failed to generate temporary " |
|
490 |
-- "%d bit RSA private key", bits); |
|
491 |
-- ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, s); |
|
492 |
-- return !OK; |
|
493 |
-- } |
|
494 |
--#endif |
|
495 |
-- |
|
496 |
-- return OK; |
|
497 |
--} |
|
498 |
-- |
|
499 |
--static int ssl_tmp_key_init_dh(server_rec *s, |
|
500 |
-- int bits, int idx) |
|
501 |
--{ |
|
502 |
-- SSLModConfigRec *mc = myModConfig(s); |
|
503 |
-- |
|
504 |
--#ifdef HAVE_FIPS |
|
505 |
-- |
|
506 |
-- if (FIPS_mode() && bits < 1024) { |
|
507 |
-- mc->pTmpKeys[idx] = NULL; |
|
508 |
-- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO(01880) |
|
509 |
-- "Init: Skipping generating temporary " |
|
510 |
-- "%d bit DH parameters in FIPS mode", bits); |
|
511 |
-- return OK; |
|
512 |
-- } |
|
513 |
-- |
|
514 |
--#endif |
|
515 |
-- |
|
516 |
-- if (!(mc->pTmpKeys[idx] = |
|
517 |
-- ssl_dh_GetTmpParam(bits))) |
|
518 |
-- { |
|
519 |
-- ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, APLOGNO(01881) |
|
520 |
-- "Init: Failed to generate temporary " |
|
521 |
-- "%d bit DH parameters", bits); |
|
522 |
-- return !OK; |
|
523 |
-- } |
|
524 |
-- |
|
525 |
-- return OK; |
|
526 |
--} |
|
527 |
-- |
|
528 |
--#ifndef OPENSSL_NO_EC |
|
529 |
--static int ssl_tmp_key_init_ec(server_rec *s, |
|
530 |
-- int bits, int idx) |
|
531 |
--{ |
|
532 |
-- SSLModConfigRec *mc = myModConfig(s); |
|
533 |
-- EC_KEY *ecdh = NULL; |
|
534 |
-- |
|
535 |
-- /* XXX: Are there any FIPS constraints we should enforce? */ |
|
536 |
-- |
|
537 |
-- if (bits != 256) { |
|
538 |
-- ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, APLOGNO(02298) |
|
539 |
-- "Init: Failed to generate temporary " |
|
540 |
-- "%d bit EC parameters, only 256 bits supported", bits); |
|
541 |
-- return !OK; |
|
542 |
-- } |
|
543 |
-- |
|
544 |
-- if ((ecdh = EC_KEY_new()) == NULL || |
|
545 |
-- EC_KEY_set_group(ecdh, EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1)) != 1) |
|
546 |
-- { |
|
547 |
-- ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, APLOGNO(02299) |
|
548 |
-- "Init: Failed to generate temporary " |
|
549 |
-- "%d bit EC parameters", bits); |
|
550 |
-- return !OK; |
|
551 |
-- } |
|
552 |
-- |
|
553 |
-- mc->pTmpKeys[idx] = ecdh; |
|
554 |
-- return OK; |
|
555 |
--} |
|
556 |
-- |
|
557 |
--#define MODSSL_TMP_KEY_INIT_EC(s, bits) \ |
|
558 |
-- ssl_tmp_key_init_ec(s, bits, SSL_TMP_KEY_EC_##bits) |
|
559 |
-- |
|
560 |
--#endif |
|
561 |
-- |
|
562 |
--#define MODSSL_TMP_KEY_INIT_RSA(s, bits) \ |
|
563 |
-- ssl_tmp_key_init_rsa(s, bits, SSL_TMP_KEY_RSA_##bits) |
|
564 |
-- |
|
565 |
--#define MODSSL_TMP_KEY_INIT_DH(s, bits) \ |
|
566 |
-- ssl_tmp_key_init_dh(s, bits, SSL_TMP_KEY_DH_##bits) |
|
567 |
-- |
|
568 |
--static int ssl_tmp_keys_init(server_rec *s) |
|
569 |
--{ |
|
570 |
-- ap_log_error(APLOG_MARK, APLOG_TRACE1, 0, s, |
|
571 |
-- "Init: Generating temporary RSA private keys (512/1024 bits)"); |
|
572 |
-- |
|
573 |
-- if (MODSSL_TMP_KEY_INIT_RSA(s, 512) || |
|
574 |
-- MODSSL_TMP_KEY_INIT_RSA(s, 1024)) { |
|
575 |
-- return !OK; |
|
576 |
-- } |
|
577 |
-- |
|
578 |
-- ap_log_error(APLOG_MARK, APLOG_TRACE1, 0, s, |
|
579 |
-- "Init: Generating temporary DH parameters (512/1024 bits)"); |
|
580 |
-- |
|
581 |
-- if (MODSSL_TMP_KEY_INIT_DH(s, 512) || |
|
582 |
-- MODSSL_TMP_KEY_INIT_DH(s, 1024)) { |
|
583 |
-- return !OK; |
|
584 |
-- } |
|
585 |
-- |
|
586 |
--#ifndef OPENSSL_NO_EC |
|
587 |
-- ap_log_error(APLOG_MARK, APLOG_TRACE1, 0, s, |
|
588 |
-- "Init: Generating temporary EC parameters (256 bits)"); |
|
589 |
-- |
|
590 |
-- if (MODSSL_TMP_KEY_INIT_EC(s, 256)) { |
|
591 |
-- return !OK; |
|
592 |
-- } |
|
593 |
--#endif |
|
594 |
-- |
|
595 |
-- return OK; |
|
596 |
--} |
|
597 |
-- |
|
598 |
- /* |
|
599 |
- * Per-module initialization |
|
600 |
- */ |
|
601 |
-@@ -367,10 +193,6 @@ |
|
602 |
- */ |
|
603 |
- ssl_pphrase_Handle(base_server, ptemp); |
|
604 |
- |
|
605 |
-- if (ssl_tmp_keys_init(base_server)) { |
|
606 |
-- return !OK; |
|
607 |
-- } |
|
608 |
-- |
|
609 |
- /* |
|
610 |
- * initialize the mutex handling |
|
611 |
- */ |
|
612 |
-@@ -481,7 +303,7 @@ |
|
613 |
- */ |
|
614 |
- if (mctx->pks->certs[SSL_AIDX_RSA] || |
|
615 |
- mctx->pks->certs[SSL_AIDX_DSA] |
|
616 |
--#ifndef OPENSSL_NO_EC |
|
617 |
-+#ifdef HAVE_ECC |
|
618 |
- || mctx->pks->certs[SSL_AIDX_ECC] |
|
619 |
- #endif |
|
620 |
- ) |
|
621 |
-@@ -493,7 +315,7 @@ |
|
622 |
- } |
|
623 |
- } |
|
624 |
- |
|
625 |
--#ifndef OPENSSL_NO_TLSEXT |
|
626 |
-+#ifdef HAVE_TLSEXT |
|
627 |
- static void ssl_init_ctx_tls_extensions(server_rec *s, |
|
628 |
- apr_pool_t *p, |
|
629 |
- apr_pool_t *ptemp, |
|
630 |
-@@ -527,7 +349,7 @@ |
|
631 |
- } |
|
632 |
- #endif |
|
633 |
- |
|
634 |
--#ifndef OPENSSL_NO_SRP |
|
635 |
-+#ifdef HAVE_SRP |
|
636 |
- /* |
|
637 |
- * TLS-SRP support |
|
638 |
- */ |
|
639 |
-@@ -660,7 +482,7 @@ |
|
640 |
- #ifdef SSL_OP_NO_COMPRESSION |
|
641 |
- /* OpenSSL >= 1.0 only */ |
|
642 |
- SSL_CTX_set_options(ctx, SSL_OP_NO_COMPRESSION); |
|
643 |
--#elif OPENSSL_VERSION_NUMBER >= 0x00908000L |
|
644 |
-+#else |
|
645 |
- sk_SSL_COMP_zero(SSL_COMP_get_compression_methods()); |
|
646 |
- #endif |
|
647 |
- } |
|
648 |
-@@ -678,6 +500,9 @@ |
|
649 |
- * Configure additional context ingredients |
|
650 |
- */ |
|
651 |
- SSL_CTX_set_options(ctx, SSL_OP_SINGLE_DH_USE); |
|
652 |
-+#ifdef HAVE_ECC |
|
653 |
-+ SSL_CTX_set_options(ctx, SSL_OP_SINGLE_ECDH_USE); |
|
654 |
-+#endif |
|
655 |
- |
|
656 |
- #ifdef SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION |
|
657 |
- /* |
|
658 |
-@@ -718,11 +543,7 @@ |
|
659 |
- { |
|
660 |
- SSL_CTX *ctx = mctx->ssl_ctx; |
|
661 |
- |
|
662 |
-- SSL_CTX_set_tmp_rsa_callback(ctx, ssl_callback_TmpRSA); |
|
663 |
- SSL_CTX_set_tmp_dh_callback(ctx, ssl_callback_TmpDH); |
|
664 |
--#ifndef OPENSSL_NO_EC |
|
665 |
-- SSL_CTX_set_tmp_ecdh_callback(ctx,ssl_callback_TmpECDH); |
|
666 |
--#endif |
|
667 |
- |
|
668 |
- SSL_CTX_set_info_callback(ctx, ssl_callback_Info); |
|
669 |
- } |
|
670 |
-@@ -818,14 +639,16 @@ |
|
671 |
- modssl_ctx_t *mctx) |
|
672 |
- { |
|
673 |
- SSL_CTX *ctx = mctx->ssl_ctx; |
|
674 |
-- const char *suite = mctx->auth.cipher_suite; |
|
675 |
-+ const char *suite; |
|
676 |
- |
|
677 |
- /* |
|
678 |
-- * Configure SSL Cipher Suite |
|
679 |
-+ * Configure SSL Cipher Suite. Always disable NULL and export ciphers, |
|
680 |
-+ * see also ssl_engine_config.c:ssl_cmd_SSLCipherSuite(). |
|
681 |
-+ * OpenSSL's SSL_DEFAULT_CIPHER_LIST already includes !aNULL:!eNULL, |
|
682 |
-+ * so only prepend !EXP in this case. |
|
683 |
- */ |
|
684 |
-- if (!suite) { |
|
685 |
-- return; |
|
686 |
-- } |
|
687 |
-+ suite = mctx->auth.cipher_suite ? mctx->auth.cipher_suite : |
|
688 |
-+ apr_pstrcat(ptemp, "!EXP:", SSL_DEFAULT_CIPHER_LIST, NULL); |
|
689 |
- |
|
690 |
- ap_log_error(APLOG_MARK, APLOG_TRACE1, 0, s, |
|
691 |
- "Configuring permitted SSL ciphers [%s]", |
|
692 |
-@@ -988,7 +811,7 @@ |
|
693 |
- if (mctx->pks) { |
|
694 |
- /* XXX: proxy support? */ |
|
695 |
- ssl_init_ctx_cert_chain(s, p, ptemp, mctx); |
|
696 |
--#ifndef OPENSSL_NO_TLSEXT |
|
697 |
-+#ifdef HAVE_TLSEXT |
|
698 |
- ssl_init_ctx_tls_extensions(s, p, ptemp, mctx); |
|
699 |
- #endif |
|
700 |
- } |
|
701 |
-@@ -1001,7 +824,7 @@ |
|
702 |
- { |
|
703 |
- SSLModConfigRec *mc = myModConfig(s); |
|
704 |
- ssl_asn1_t *asn1; |
|
705 |
-- MODSSL_D2I_X509_CONST unsigned char *ptr; |
|
706 |
-+ const unsigned char *ptr; |
|
707 |
- const char *type = ssl_asn1_keystr(idx); |
|
708 |
- X509 *cert; |
|
709 |
- |
|
710 |
-@@ -1048,12 +871,12 @@ |
|
711 |
- { |
|
712 |
- SSLModConfigRec *mc = myModConfig(s); |
|
713 |
- ssl_asn1_t *asn1; |
|
714 |
-- MODSSL_D2I_PrivateKey_CONST unsigned char *ptr; |
|
715 |
-+ const unsigned char *ptr; |
|
716 |
- const char *type = ssl_asn1_keystr(idx); |
|
717 |
- int pkey_type; |
|
718 |
- EVP_PKEY *pkey; |
|
719 |
- |
|
720 |
--#ifndef OPENSSL_NO_EC |
|
721 |
-+#ifdef HAVE_ECC |
|
722 |
- if (idx == SSL_AIDX_ECC) |
|
723 |
- pkey_type = EVP_PKEY_EC; |
|
724 |
- else |
|
725 |
-@@ -1157,30 +980,34 @@ |
|
726 |
- modssl_ctx_t *mctx) |
|
727 |
- { |
|
728 |
- const char *rsa_id, *dsa_id; |
|
729 |
--#ifndef OPENSSL_NO_EC |
|
730 |
-+#ifdef HAVE_ECC |
|
731 |
- const char *ecc_id; |
|
732 |
-+ EC_GROUP *ecparams; |
|
733 |
-+ int nid; |
|
734 |
-+ EC_KEY *eckey; |
|
735 |
- #endif |
|
736 |
- const char *vhost_id = mctx->sc->vhost_id; |
|
737 |
- int i; |
|
738 |
- int have_rsa, have_dsa; |
|
739 |
--#ifndef OPENSSL_NO_EC |
|
740 |
-+ DH *dhparams; |
|
741 |
-+#ifdef HAVE_ECC |
|
742 |
- int have_ecc; |
|
743 |
- #endif |
|
744 |
- |
|
745 |
- rsa_id = ssl_asn1_table_keyfmt(ptemp, vhost_id, SSL_AIDX_RSA); |
|
746 |
- dsa_id = ssl_asn1_table_keyfmt(ptemp, vhost_id, SSL_AIDX_DSA); |
|
747 |
--#ifndef OPENSSL_NO_EC |
|
748 |
-+#ifdef HAVE_ECC |
|
749 |
- ecc_id = ssl_asn1_table_keyfmt(ptemp, vhost_id, SSL_AIDX_ECC); |
|
750 |
- #endif |
|
751 |
- |
|
752 |
- have_rsa = ssl_server_import_cert(s, mctx, rsa_id, SSL_AIDX_RSA); |
|
753 |
- have_dsa = ssl_server_import_cert(s, mctx, dsa_id, SSL_AIDX_DSA); |
|
754 |
--#ifndef OPENSSL_NO_EC |
|
755 |
-+#ifdef HAVE_ECC |
|
756 |
- have_ecc = ssl_server_import_cert(s, mctx, ecc_id, SSL_AIDX_ECC); |
|
757 |
- #endif |
|
758 |
- |
|
759 |
- if (!(have_rsa || have_dsa |
|
760 |
--#ifndef OPENSSL_NO_EC |
|
761 |
-+#ifdef HAVE_ECC |
|
762 |
- || have_ecc |
|
763 |
- #endif |
|
764 |
- )) { |
|
765 |
-@@ -1196,12 +1023,12 @@ |
|
766 |
- |
|
767 |
- have_rsa = ssl_server_import_key(s, mctx, rsa_id, SSL_AIDX_RSA); |
|
768 |
- have_dsa = ssl_server_import_key(s, mctx, dsa_id, SSL_AIDX_DSA); |
|
769 |
--#ifndef OPENSSL_NO_EC |
|
770 |
-+#ifdef HAVE_ECC |
|
771 |
- have_ecc = ssl_server_import_key(s, mctx, ecc_id, SSL_AIDX_ECC); |
|
772 |
- #endif |
|
773 |
- |
|
774 |
- if (!(have_rsa || have_dsa |
|
775 |
--#ifndef OPENSSL_NO_EC |
|
776 |
-+#ifdef HAVE_ECC |
|
777 |
- || have_ecc |
|
778 |
- #endif |
|
779 |
- )) { |
|
780 |
-@@ -1209,6 +1036,40 @@ |
|
781 |
- "Oops, no " KEYTYPES " server private key found?!"); |
|
782 |
- ssl_die(s); |
|
783 |
- } |
|
784 |
-+ |
|
785 |
-+ /* |
|
786 |
-+ * Try to read DH parameters from the (first) SSLCertificateFile |
|
787 |
-+ */ |
|
788 |
-+ if ((mctx->pks->cert_files[0] != NULL) && |
|
789 |
-+ (dhparams = ssl_dh_GetParamFromFile(mctx->pks->cert_files[0]))) { |
|
790 |
-+ SSL_CTX_set_tmp_dh(mctx->ssl_ctx, dhparams); |
|
791 |
-+ ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO(02540) |
|
792 |
-+ "Custom DH parameters (%d bits) for %s loaded from %s", |
|
793 |
-+ BN_num_bits(dhparams->p), vhost_id, |
|
794 |
-+ mctx->pks->cert_files[0]); |
|
795 |
-+ } |
|
796 |
-+ |
|
797 |
-+#ifdef HAVE_ECC |
|
798 |
-+ /* |
|
799 |
-+ * Similarly, try to read the ECDH curve name from SSLCertificateFile... |
|
800 |
-+ */ |
|
801 |
-+ if ((mctx->pks->cert_files[0] != NULL) && |
|
802 |
-+ (ecparams = ssl_ec_GetParamFromFile(mctx->pks->cert_files[0])) && |
|
803 |
-+ (nid = EC_GROUP_get_curve_name(ecparams)) && |
|
804 |
-+ (eckey = EC_KEY_new_by_curve_name(nid))) { |
|
805 |
-+ SSL_CTX_set_tmp_ecdh(mctx->ssl_ctx, eckey); |
|
806 |
-+ ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO(02541) |
|
807 |
-+ "ECDH curve %s for %s specified in %s", |
|
808 |
-+ OBJ_nid2sn(nid), vhost_id, mctx->pks->cert_files[0]); |
|
809 |
-+ } |
|
810 |
-+ /* |
|
811 |
-+ * ...otherwise, configure NIST P-256 (required to enable ECDHE) |
|
812 |
-+ */ |
|
813 |
-+ else { |
|
814 |
-+ SSL_CTX_set_tmp_ecdh(mctx->ssl_ctx, |
|
815 |
-+ EC_KEY_new_by_curve_name(NID_X9_62_prime256v1)); |
|
816 |
-+ } |
|
817 |
-+#endif |
|
818 |
- } |
|
819 |
- |
|
820 |
- #ifdef HAVE_TLS_SESSION_TICKETS |
|
821 |
-@@ -1516,7 +1377,7 @@ |
|
822 |
- klen = strlen(key); |
|
823 |
- |
|
824 |
- if ((ps = (server_rec *)apr_hash_get(table, key, klen))) { |
|
825 |
--#ifdef OPENSSL_NO_TLSEXT |
|
826 |
-+#ifndef HAVE_TLSEXT |
|
827 |
- int level = APLOG_WARNING; |
|
828 |
- const char *problem = "conflict"; |
|
829 |
- #else |
|
830 |
-@@ -1540,7 +1401,7 @@ |
|
831 |
- } |
|
832 |
- |
|
833 |
- if (conflict) { |
|
834 |
--#ifdef OPENSSL_NO_TLSEXT |
|
835 |
-+#ifndef HAVE_TLSEXT |
|
836 |
- ap_log_error(APLOG_MARK, APLOG_WARNING, 0, base_server, APLOGNO(01917) |
|
837 |
- "Init: You should not use name-based " |
|
838 |
- "virtual hosts in conjunction with SSL!!"); |
|
839 |
-@@ -1689,7 +1550,7 @@ |
|
840 |
- { |
|
841 |
- MODSSL_CFG_ITEM_FREE(SSL_CTX_free, mctx->ssl_ctx); |
|
842 |
- |
|
843 |
--#ifndef OPENSSL_NO_SRP |
|
844 |
-+#ifdef HAVE_SRP |
|
845 |
- if (mctx->srp_vbase != NULL) { |
|
846 |
- SRP_VBASE_free(mctx->srp_vbase); |
|
847 |
- mctx->srp_vbase = NULL; |
|
848 |
-@@ -1745,11 +1606,6 @@ |
|
849 |
- ssl_scache_kill(base_server); |
|
850 |
- |
|
851 |
- /* |
|
852 |
-- * Destroy the temporary keys and params |
|
853 |
-- */ |
|
854 |
-- ssl_tmp_keys_free(base_server); |
|
855 |
-- |
|
856 |
-- /* |
|
857 |
- * Free the non-pool allocated structures |
|
858 |
- * in the per-server configurations |
|
859 |
- */ |
|
860 |
-diff -Naur httpd-2.4.6-orig/modules/ssl/ssl_engine_io.c httpd-2.4.6/modules/ssl/ssl_engine_io.c |
|
861 |
---- httpd-2.4.6-orig/modules/ssl/ssl_engine_io.c 2013-10-01 12:20:45.775812088 +0200 |
|
862 |
-+++ httpd-2.4.6/modules/ssl/ssl_engine_io.c 2013-10-01 12:20:50.991746880 +0200 |
|
863 |
-@@ -1048,7 +1048,7 @@ |
|
864 |
- |
|
865 |
- server = sslconn->server; |
|
866 |
- if (sslconn->is_proxy) { |
|
867 |
--#ifndef OPENSSL_NO_TLSEXT |
|
868 |
-+#ifdef HAVE_TLSEXT |
|
869 |
- apr_ipsubnet_t *ip; |
|
870 |
- #endif |
|
871 |
- const char *hostname_note = apr_table_get(c->notes, |
|
872 |
-@@ -1056,7 +1056,7 @@ |
|
873 |
- BOOL proxy_ssl_check_peer_ok = TRUE; |
|
874 |
- sc = mySrvConfig(server); |
|
875 |
- |
|
876 |
--#ifndef OPENSSL_NO_TLSEXT |
|
877 |
-+#ifdef HAVE_TLSEXT |
|
878 |
- /* |
|
879 |
- * Enable SNI for backend requests. Make sure we don't do it for |
|
880 |
- * pure SSLv3 connections, and also prevent IP addresses |
|
881 |
-diff -Naur httpd-2.4.6-orig/modules/ssl/ssl_engine_kernel.c httpd-2.4.6/modules/ssl/ssl_engine_kernel.c |
|
882 |
---- httpd-2.4.6-orig/modules/ssl/ssl_engine_kernel.c 2013-10-01 12:20:45.776812076 +0200 |
|
883 |
-+++ httpd-2.4.6/modules/ssl/ssl_engine_kernel.c 2013-10-01 12:20:50.992746868 +0200 |
|
884 |
-@@ -32,7 +32,7 @@ |
|
885 |
- #include "util_md5.h" |
|
886 |
- |
|
887 |
- static void ssl_configure_env(request_rec *r, SSLConnRec *sslconn); |
|
888 |
--#ifndef OPENSSL_NO_TLSEXT |
|
889 |
-+#ifdef HAVE_TLSEXT |
|
890 |
- static int ssl_find_vhost(void *servername, conn_rec *c, server_rec *s); |
|
891 |
- #endif |
|
892 |
- |
|
893 |
-@@ -119,7 +119,7 @@ |
|
894 |
- SSLSrvConfigRec *sc = mySrvConfig(r->server); |
|
895 |
- SSLConnRec *sslconn; |
|
896 |
- const char *upgrade; |
|
897 |
--#ifndef OPENSSL_NO_TLSEXT |
|
898 |
-+#ifdef HAVE_TLSEXT |
|
899 |
- const char *servername; |
|
900 |
- #endif |
|
901 |
- SSL *ssl; |
|
902 |
-@@ -162,7 +162,7 @@ |
|
903 |
- if (!ssl) { |
|
904 |
- return DECLINED; |
|
905 |
- } |
|
906 |
--#ifndef OPENSSL_NO_TLSEXT |
|
907 |
-+#ifdef HAVE_TLSEXT |
|
908 |
- if ((servername = SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name))) { |
|
909 |
- char *host, *scope_id; |
|
910 |
- apr_port_t port; |
|
911 |
-@@ -329,7 +329,7 @@ |
|
912 |
- return DECLINED; |
|
913 |
- } |
|
914 |
- |
|
915 |
--#ifndef OPENSSL_NO_SRP |
|
916 |
-+#ifdef HAVE_SRP |
|
917 |
- /* |
|
918 |
- * Support for per-directory reconfigured SSL connection parameters |
|
919 |
- * |
|
920 |
-@@ -1101,7 +1101,7 @@ |
|
921 |
- "SSL_SERVER_A_SIG", |
|
922 |
- "SSL_SESSION_ID", |
|
923 |
- "SSL_SESSION_RESUMED", |
|
924 |
--#ifndef OPENSSL_NO_SRP |
|
925 |
-+#ifdef HAVE_SRP |
|
926 |
- "SSL_SRP_USER", |
|
927 |
- "SSL_SRP_USERINFO", |
|
928 |
- #endif |
|
929 |
-@@ -1115,7 +1115,7 @@ |
|
930 |
- SSLDirConfigRec *dc = myDirConfig(r); |
|
931 |
- apr_table_t *env = r->subprocess_env; |
|
932 |
- char *var, *val = ""; |
|
933 |
--#ifndef OPENSSL_NO_TLSEXT |
|
934 |
-+#ifdef HAVE_TLSEXT |
|
935 |
- const char *servername; |
|
936 |
- #endif |
|
937 |
- STACK_OF(X509) *peer_certs; |
|
938 |
-@@ -1144,7 +1144,7 @@ |
|
939 |
- /* the always present HTTPS (=HTTP over SSL) flag! */ |
|
940 |
- apr_table_setn(env, "HTTPS", "on"); |
|
941 |
- |
|
942 |
--#ifndef OPENSSL_NO_TLSEXT |
|
943 |
-+#ifdef HAVE_TLSEXT |
|
944 |
- /* add content of SNI TLS extension (if supplied with ClientHello) */ |
|
945 |
- if ((servername = SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name))) { |
|
946 |
- apr_table_set(env, "SSL_TLS_SNI", servername); |
|
947 |
-@@ -1287,117 +1287,70 @@ |
|
948 |
- */ |
|
949 |
- |
|
950 |
- /* |
|
951 |
-- * Handle out temporary RSA private keys on demand |
|
952 |
-- * |
|
953 |
-- * The background of this as the TLSv1 standard explains it: |
|
954 |
-- * |
|
955 |
-- * | D.1. Temporary RSA keys |
|
956 |
-- * | |
|
957 |
-- * | US Export restrictions limit RSA keys used for encryption to 512 |
|
958 |
-- * | bits, but do not place any limit on lengths of RSA keys used for |
|
959 |
-- * | signing operations. Certificates often need to be larger than 512 |
|
960 |
-- * | bits, since 512-bit RSA keys are not secure enough for high-value |
|
961 |
-- * | transactions or for applications requiring long-term security. Some |
|
962 |
-- * | certificates are also designated signing-only, in which case they |
|
963 |
-- * | cannot be used for key exchange. |
|
964 |
-- * | |
|
965 |
-- * | When the public key in the certificate cannot be used for encryption, |
|
966 |
-- * | the server signs a temporary RSA key, which is then exchanged. In |
|
967 |
-- * | exportable applications, the temporary RSA key should be the maximum |
|
968 |
-- * | allowable length (i.e., 512 bits). Because 512-bit RSA keys are |
|
969 |
-- * | relatively insecure, they should be changed often. For typical |
|
970 |
-- * | electronic commerce applications, it is suggested that keys be |
|
971 |
-- * | changed daily or every 500 transactions, and more often if possible. |
|
972 |
-- * | Note that while it is acceptable to use the same temporary key for |
|
973 |
-- * | multiple transactions, it must be signed each time it is used. |
|
974 |
-- * | |
|
975 |
-- * | RSA key generation is a time-consuming process. In many cases, a |
|
976 |
-- * | low-priority process can be assigned the task of key generation. |
|
977 |
-- * | Whenever a new key is completed, the existing temporary key can be |
|
978 |
-- * | replaced with the new one. |
|
979 |
-- * |
|
980 |
-- * XXX: base on comment above, if thread support is enabled, |
|
981 |
-- * we should spawn a low-priority thread to generate new keys |
|
982 |
-- * on the fly. |
|
983 |
-- * |
|
984 |
-- * So we generated 512 and 1024 bit temporary keys on startup |
|
985 |
-- * which we now just hand out on demand.... |
|
986 |
-+ * Grab well-defined DH parameters from OpenSSL, see <openssl/bn.h> |
|
987 |
-+ * (get_rfc*) for all available primes. |
|
988 |
- */ |
|
989 |
-- |
|
990 |
--RSA *ssl_callback_TmpRSA(SSL *ssl, int export, int keylen) |
|
991 |
--{ |
|
992 |
-- conn_rec *c = (conn_rec *)SSL_get_app_data(ssl); |
|
993 |
-- SSLModConfigRec *mc = myModConfigFromConn(c); |
|
994 |
-- int idx; |
|
995 |
-- |
|
996 |
-- ap_log_cerror(APLOG_MARK, APLOG_TRACE2, 0, c, |
|
997 |
-- "handing out temporary %d bit RSA key", keylen); |
|
998 |
-- |
|
999 |
-- /* doesn't matter if export flag is on, |
|
1000 |
-- * we won't be asked for keylen > 512 in that case. |
|
1001 |
-- * if we are asked for a keylen > 1024, it is too expensive |
|
1002 |
-- * to generate on the fly. |
|
1003 |
-- * XXX: any reason not to generate 2048 bit keys at startup? |
|
1004 |
-- */ |
|
1005 |
-- |
|
1006 |
-- switch (keylen) { |
|
1007 |
-- case 512: |
|
1008 |
-- idx = SSL_TMP_KEY_RSA_512; |
|
1009 |
-- break; |
|
1010 |
-- |
|
1011 |
-- case 1024: |
|
1012 |
-- default: |
|
1013 |
-- idx = SSL_TMP_KEY_RSA_1024; |
|
1014 |
-- } |
|
1015 |
-- |
|
1016 |
-- return (RSA *)mc->pTmpKeys[idx]; |
|
1017 |
-+#define make_get_dh(rfc,size,gen) \ |
|
1018 |
-+static DH *get_dh##size(void) \ |
|
1019 |
-+{ \ |
|
1020 |
-+ DH *dh; \ |
|
1021 |
-+ if (!(dh = DH_new())) { \ |
|
1022 |
-+ return NULL; \ |
|
1023 |
-+ } \ |
|
1024 |
-+ dh->p = get_##rfc##_prime_##size(NULL); \ |
|
1025 |
-+ BN_dec2bn(&dh->g, #gen); \ |
|
1026 |
-+ if (!dh->p || !dh->g) { \ |
|
1027 |
-+ DH_free(dh); \ |
|
1028 |
-+ return NULL; \ |
|
1029 |
-+ } \ |
|
1030 |
-+ return dh; \ |
|
1031 |
- } |
|
1032 |
- |
|
1033 |
- /* |
|
1034 |
-- * Hand out the already generated DH parameters... |
|
1035 |
-+ * Prepare DH parameters from 1024 to 4096 bits, in 1024-bit increments |
|
1036 |
-+ */ |
|
1037 |
-+make_get_dh(rfc2409, 1024, 2) |
|
1038 |
-+make_get_dh(rfc3526, 2048, 2) |
|
1039 |
-+make_get_dh(rfc3526, 3072, 2) |
|
1040 |
-+make_get_dh(rfc3526, 4096, 2) |
|
1041 |
-+ |
|
1042 |
-+/* |
|
1043 |
-+ * Hand out standard DH parameters, based on the authentication strength |
|
1044 |
- */ |
|
1045 |
- DH *ssl_callback_TmpDH(SSL *ssl, int export, int keylen) |
|
1046 |
- { |
|
1047 |
- conn_rec *c = (conn_rec *)SSL_get_app_data(ssl); |
|
1048 |
-- SSLModConfigRec *mc = myModConfigFromConn(c); |
|
1049 |
-- int idx; |
|
1050 |
-- |
|
1051 |
-- ap_log_cerror(APLOG_MARK, APLOG_TRACE2, 0, c, |
|
1052 |
-- "handing out temporary %d bit DH key", keylen); |
|
1053 |
-+ EVP_PKEY *pkey = SSL_get_privatekey(ssl); |
|
1054 |
-+ int type = pkey ? EVP_PKEY_type(pkey->type) : EVP_PKEY_NONE; |
|
1055 |
- |
|
1056 |
-- switch (keylen) { |
|
1057 |
-- case 512: |
|
1058 |
-- idx = SSL_TMP_KEY_DH_512; |
|
1059 |
-- break; |
|
1060 |
-- |
|
1061 |
-- case 1024: |
|
1062 |
-- default: |
|
1063 |
-- idx = SSL_TMP_KEY_DH_1024; |
|
1064 |
-+ /* |
|
1065 |
-+ * OpenSSL will call us with either keylen == 512 or keylen == 1024 |
|
1066 |
-+ * (see the definition of SSL_EXPORT_PKEYLENGTH in ssl_locl.h). |
|
1067 |
-+ * Adjust the DH parameter length according to the size of the |
|
1068 |
-+ * RSA/DSA private key used for the current connection, and always |
|
1069 |
-+ * use at least 1024-bit parameters. |
|
1070 |
-+ * Note: This may cause interoperability issues with implementations |
|
1071 |
-+ * which limit their DH support to 1024 bit - e.g. Java 7 and earlier. |
|
1072 |
-+ * In this case, SSLCertificateFile can be used to specify fixed |
|
1073 |
-+ * 1024-bit DH parameters (with the effect that OpenSSL skips this |
|
1074 |
-+ * callback). |
|
1075 |
-+ */ |
|
1076 |
-+ if ((type == EVP_PKEY_RSA) || (type == EVP_PKEY_DSA)) { |
|
1077 |
-+ keylen = EVP_PKEY_bits(pkey); |
|
1078 |
- } |
|
1079 |
- |
|
1080 |
-- return (DH *)mc->pTmpKeys[idx]; |
|
1081 |
--} |
|
1082 |
-- |
|
1083 |
--#ifndef OPENSSL_NO_EC |
|
1084 |
--EC_KEY *ssl_callback_TmpECDH(SSL *ssl, int export, int keylen) |
|
1085 |
--{ |
|
1086 |
-- conn_rec *c = (conn_rec *)SSL_get_app_data(ssl); |
|
1087 |
-- SSLModConfigRec *mc = myModConfigFromConn(c); |
|
1088 |
-- int idx; |
|
1089 |
-- |
|
1090 |
-- /* XXX Uses 256-bit key for now. TODO: support other sizes. */ |
|
1091 |
- ap_log_cerror(APLOG_MARK, APLOG_TRACE2, 0, c, |
|
1092 |
-- "handing out temporary 256 bit ECC key"); |
|
1093 |
-+ "handing out built-in DH parameters for %d-bit authenticated connection", keylen); |
|
1094 |
- |
|
1095 |
-- switch (keylen) { |
|
1096 |
-- case 256: |
|
1097 |
-- default: |
|
1098 |
-- idx = SSL_TMP_KEY_EC_256; |
|
1099 |
-- } |
|
1100 |
-- |
|
1101 |
-- return (EC_KEY *)mc->pTmpKeys[idx]; |
|
1102 |
-+ if (keylen >= 4096) |
|
1103 |
-+ return get_dh4096(); |
|
1104 |
-+ else if (keylen >= 3072) |
|
1105 |
-+ return get_dh3072(); |
|
1106 |
-+ else if (keylen >= 2048) |
|
1107 |
-+ return get_dh2048(); |
|
1108 |
-+ else |
|
1109 |
-+ return get_dh1024(); |
|
1110 |
- } |
|
1111 |
--#endif |
|
1112 |
- |
|
1113 |
- /* |
|
1114 |
- * This OpenSSL callback function is called when OpenSSL |
|
1115 |
-@@ -1938,7 +1891,7 @@ |
|
1116 |
- } |
|
1117 |
- } |
|
1118 |
- |
|
1119 |
--#ifndef OPENSSL_NO_TLSEXT |
|
1120 |
-+#ifdef HAVE_TLSEXT |
|
1121 |
- /* |
|
1122 |
- * This callback function is executed when OpenSSL encounters an extended |
|
1123 |
- * client hello with a server name indication extension ("SNI", cf. RFC 4366). |
|
1124 |
-@@ -2089,7 +2042,7 @@ |
|
1125 |
- |
|
1126 |
- return 0; |
|
1127 |
- } |
|
1128 |
--#endif /* OPENSSL_NO_TLSEXT */ |
|
1129 |
-+#endif /* HAVE_TLSEXT */ |
|
1130 |
- |
|
1131 |
- #ifdef HAVE_TLS_SESSION_TICKETS |
|
1132 |
- /* |
|
1133 |
-@@ -2161,7 +2114,7 @@ |
|
1134 |
- } |
|
1135 |
- #endif /* HAVE_TLS_SESSION_TICKETS */ |
|
1136 |
- |
|
1137 |
--#ifndef OPENSSL_NO_SRP |
|
1138 |
-+#ifdef HAVE_SRP |
|
1139 |
- |
|
1140 |
- int ssl_callback_SRPServerParams(SSL *ssl, int *ad, void *arg) |
|
1141 |
- { |
|
1142 |
-@@ -2185,4 +2138,4 @@ |
|
1143 |
- return SSL_ERROR_NONE; |
|
1144 |
- } |
|
1145 |
- |
|
1146 |
--#endif /* OPENSSL_NO_SRP */ |
|
1147 |
-+#endif /* HAVE_SRP */ |
|
1148 |
-diff -Naur httpd-2.4.6-orig/modules/ssl/ssl_engine_pphrase.c httpd-2.4.6/modules/ssl/ssl_engine_pphrase.c |
|
1149 |
---- httpd-2.4.6-orig/modules/ssl/ssl_engine_pphrase.c 2013-10-01 12:20:45.777812063 +0200 |
|
1150 |
-+++ httpd-2.4.6/modules/ssl/ssl_engine_pphrase.c 2013-10-01 12:20:50.992746868 +0200 |
|
1151 |
-@@ -708,7 +708,7 @@ |
|
1152 |
- ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, APLOGNO(01966) |
|
1153 |
- "Init: Failed to create pass phrase pipe '%s'", |
|
1154 |
- sc->server->pphrase_dialog_path); |
|
1155 |
-- PEMerr(PEM_F_DEF_CALLBACK,PEM_R_PROBLEMS_GETTING_PASSWORD); |
|
1156 |
-+ PEMerr(PEM_F_PEM_DEF_CALLBACK,PEM_R_PROBLEMS_GETTING_PASSWORD); |
|
1157 |
- memset(buf, 0, (unsigned int)bufsize); |
|
1158 |
- return (-1); |
|
1159 |
- } |
|
1160 |
-@@ -718,7 +718,7 @@ |
|
1161 |
- } |
|
1162 |
- else { /* sc->server->pphrase_dialog_type == SSL_PPTYPE_BUILTIN */ |
|
1163 |
- #ifdef WIN32 |
|
1164 |
-- PEMerr(PEM_F_DEF_CALLBACK,PEM_R_PROBLEMS_GETTING_PASSWORD); |
|
1165 |
-+ PEMerr(PEM_F_PEM_DEF_CALLBACK,PEM_R_PROBLEMS_GETTING_PASSWORD); |
|
1166 |
- memset(buf, 0, (unsigned int)bufsize); |
|
1167 |
- return (-1); |
|
1168 |
- #else |
|
1169 |
-@@ -769,7 +769,7 @@ |
|
1170 |
- i = EVP_read_pw_string(buf, bufsize, "", FALSE); |
|
1171 |
- } |
|
1172 |
- if (i != 0) { |
|
1173 |
-- PEMerr(PEM_F_DEF_CALLBACK,PEM_R_PROBLEMS_GETTING_PASSWORD); |
|
1174 |
-+ PEMerr(PEM_F_PEM_DEF_CALLBACK,PEM_R_PROBLEMS_GETTING_PASSWORD); |
|
1175 |
- memset(buf, 0, (unsigned int)bufsize); |
|
1176 |
- return (-1); |
|
1177 |
- } |
|
1178 |
-diff -Naur httpd-2.4.6-orig/modules/ssl/ssl_engine_vars.c httpd-2.4.6/modules/ssl/ssl_engine_vars.c |
|
1179 |
---- httpd-2.4.6-orig/modules/ssl/ssl_engine_vars.c 2013-10-01 12:20:45.775812088 +0200 |
|
1180 |
-+++ httpd-2.4.6/modules/ssl/ssl_engine_vars.c 2013-10-01 12:20:50.992746868 +0200 |
|
1181 |
-@@ -382,7 +382,7 @@ |
|
1182 |
- else if (ssl != NULL && strcEQ(var, "COMPRESS_METHOD")) { |
|
1183 |
- result = ssl_var_lookup_ssl_compress_meth(ssl); |
|
1184 |
- } |
|
1185 |
--#ifndef OPENSSL_NO_TLSEXT |
|
1186 |
-+#ifdef HAVE_TLSEXT |
|
1187 |
- else if (ssl != NULL && strcEQ(var, "TLS_SNI")) { |
|
1188 |
- result = apr_pstrdup(p, SSL_get_servername(ssl, |
|
1189 |
- TLSEXT_NAMETYPE_host_name)); |
|
1190 |
-@@ -395,7 +395,7 @@ |
|
1191 |
- #endif |
|
1192 |
- result = apr_pstrdup(p, flag ? "true" : "false"); |
|
1193 |
- } |
|
1194 |
--#ifndef OPENSSL_NO_SRP |
|
1195 |
-+#ifdef HAVE_SRP |
|
1196 |
- else if (ssl != NULL && strcEQ(var, "SRP_USER")) { |
|
1197 |
- if ((result = SSL_get_srp_username(ssl)) != NULL) { |
|
1198 |
- result = apr_pstrdup(p, result); |
|
1199 |
-@@ -879,7 +879,7 @@ |
|
1200 |
- * success and writes the string to the given bio. */ |
|
1201 |
- static int dump_extn_value(BIO *bio, ASN1_OCTET_STRING *str) |
|
1202 |
- { |
|
1203 |
-- MODSSL_D2I_ASN1_type_bytes_CONST unsigned char *pp = str->data; |
|
1204 |
-+ const unsigned char *pp = str->data; |
|
1205 |
- ASN1_STRING *ret = ASN1_STRING_new(); |
|
1206 |
- int rv = 0; |
|
1207 |
- |
|
1208 |
-@@ -975,7 +975,7 @@ |
|
1209 |
- static char *ssl_var_lookup_ssl_compress_meth(SSL *ssl) |
|
1210 |
- { |
|
1211 |
- char *result = "NULL"; |
|
1212 |
--#if (OPENSSL_VERSION_NUMBER >= 0x00908000) && !defined(OPENSSL_NO_COMP) |
|
1213 |
-+#ifndef OPENSSL_NO_COMP |
|
1214 |
- SSL_SESSION *pSession = SSL_get_session(ssl); |
|
1215 |
- |
|
1216 |
- if (pSession) { |
|
1217 |
-diff -Naur httpd-2.4.6-orig/modules/ssl/ssl_private.h httpd-2.4.6/modules/ssl/ssl_private.h |
|
1218 |
---- httpd-2.4.6-orig/modules/ssl/ssl_private.h 2013-10-01 12:20:45.774812101 +0200 |
|
1219 |
-+++ httpd-2.4.6/modules/ssl/ssl_private.h 2013-10-01 12:20:50.993746855 +0200 |
|
1220 |
-@@ -105,65 +105,55 @@ |
|
1221 |
- #include <openssl/engine.h> |
|
1222 |
- #endif |
|
1223 |
- |
|
1224 |
--#if (OPENSSL_VERSION_NUMBER < 0x0090700f) |
|
1225 |
--#error mod_ssl requires OpenSSL 0.9.7 or later |
|
1226 |
--#endif |
|
1227 |
-- |
|
1228 |
--/* ...shifting sands of OpenSSL... */ |
|
1229 |
--#if (OPENSSL_VERSION_NUMBER >= 0x0090707f) |
|
1230 |
--#define MODSSL_D2I_SSL_SESSION_CONST const |
|
1231 |
--#else |
|
1232 |
--#define MODSSL_D2I_SSL_SESSION_CONST |
|
1233 |
--#endif |
|
1234 |
-- |
|
1235 |
--#if (OPENSSL_VERSION_NUMBER >= 0x00908000) |
|
1236 |
--#define HAVE_GENERATE_EX |
|
1237 |
--#define MODSSL_D2I_ASN1_type_bytes_CONST const |
|
1238 |
--#define MODSSL_D2I_PrivateKey_CONST const |
|
1239 |
--#define MODSSL_D2I_X509_CONST const |
|
1240 |
--#else |
|
1241 |
--#define MODSSL_D2I_ASN1_type_bytes_CONST |
|
1242 |
--#define MODSSL_D2I_PrivateKey_CONST |
|
1243 |
--#define MODSSL_D2I_X509_CONST |
|
1244 |
--#endif |
|
1245 |
-- |
|
1246 |
--#if OPENSSL_VERSION_NUMBER >= 0x00908080 && !defined(OPENSSL_NO_OCSP) \ |
|
1247 |
-- && !defined(OPENSSL_NO_TLSEXT) |
|
1248 |
--#define HAVE_OCSP_STAPLING |
|
1249 |
--#if (OPENSSL_VERSION_NUMBER < 0x10000000) |
|
1250 |
--#define sk_OPENSSL_STRING_pop sk_pop |
|
1251 |
--#endif |
|
1252 |
--#endif |
|
1253 |
-- |
|
1254 |
--#if (OPENSSL_VERSION_NUMBER >= 0x009080a0) && defined(OPENSSL_FIPS) |
|
1255 |
--#define HAVE_FIPS |
|
1256 |
-+#if (OPENSSL_VERSION_NUMBER < 0x0090801f) |
|
1257 |
-+#error mod_ssl requires OpenSSL 0.9.8a or later |
|
1258 |
- #endif |
|
1259 |
- |
|
1260 |
-+/** |
|
1261 |
-+ * ...shifting sands of OpenSSL... |
|
1262 |
-+ * Note: when adding support for new OpenSSL features, avoid explicit |
|
1263 |
-+ * version number checks whenever possible, and use "feature-based" |
|
1264 |
-+ * detection instead (check for definitions of constants or functions) |
|
1265 |
-+ */ |
|
1266 |
- #if (OPENSSL_VERSION_NUMBER >= 0x10000000) |
|
1267 |
- #define MODSSL_SSL_CIPHER_CONST const |
|
1268 |
- #define MODSSL_SSL_METHOD_CONST const |
|
1269 |
- #else |
|
1270 |
- #define MODSSL_SSL_CIPHER_CONST |
|
1271 |
- #define MODSSL_SSL_METHOD_CONST |
|
1272 |
--/* ECC support came along in OpenSSL 1.0.0 */ |
|
1273 |
--#define OPENSSL_NO_EC |
|
1274 |
- #endif |
|
1275 |
- |
|
1276 |
--#ifndef PEM_F_DEF_CALLBACK |
|
1277 |
--#ifdef PEM_F_PEM_DEF_CALLBACK |
|
1278 |
--/** In OpenSSL 0.9.8 PEM_F_DEF_CALLBACK was renamed */ |
|
1279 |
--#define PEM_F_DEF_CALLBACK PEM_F_PEM_DEF_CALLBACK |
|
1280 |
-+#if defined(OPENSSL_FIPS) |
|
1281 |
-+#define HAVE_FIPS |
|
1282 |
- #endif |
|
1283 |
-+ |
|
1284 |
-+#if defined(SSL_OP_NO_TLSv1_2) |
|
1285 |
-+#define HAVE_TLSV1_X |
|
1286 |
- #endif |
|
1287 |
- |
|
1288 |
--#ifndef OPENSSL_NO_TLSEXT |
|
1289 |
--#ifndef SSL_CTRL_SET_TLSEXT_HOSTNAME |
|
1290 |
--#define OPENSSL_NO_TLSEXT |
|
1291 |
-+/** |
|
1292 |
-+ * The following features all depend on TLS extension support. |
|
1293 |
-+ * Within this block, check again for features (not version numbers). |
|
1294 |
-+ */ |
|
1295 |
-+#if !defined(OPENSSL_NO_TLSEXT) && defined(SSL_set_tlsext_host_name) |
|
1296 |
-+ |
|
1297 |
-+#define HAVE_TLSEXT |
|
1298 |
-+ |
|
1299 |
-+/* ECC: make sure we have at least 1.0.0 */ |
|
1300 |
-+#if !defined(OPENSSL_NO_EC) && defined(TLSEXT_ECPOINTFORMAT_uncompressed) |
|
1301 |
-+#define HAVE_ECC |
|
1302 |
-+#endif |
|
1303 |
-+ |
|
1304 |
-+/* OCSP stapling */ |
|
1305 |
-+#if !defined(OPENSSL_NO_OCSP) && defined(SSL_CTX_set_tlsext_status_cb) |
|
1306 |
-+#define HAVE_OCSP_STAPLING |
|
1307 |
-+#ifndef sk_OPENSSL_STRING_pop |
|
1308 |
-+#define sk_OPENSSL_STRING_pop sk_pop |
|
1309 |
- #endif |
|
1310 |
- #endif |
|
1311 |
- |
|
1312 |
--#ifndef OPENSSL_NO_TLSEXT |
|
1313 |
--#ifdef SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB |
|
1314 |
-+/* TLS session tickets */ |
|
1315 |
-+#if defined(SSL_CTX_set_tlsext_ticket_key_cb) |
|
1316 |
- #define HAVE_TLS_SESSION_TICKETS |
|
1317 |
- #define TLSEXT_TICKET_KEY_LEN 48 |
|
1318 |
- #ifndef tlsext_tick_md |
|
1319 |
-@@ -174,26 +164,15 @@ |
|
1320 |
- #endif |
|
1321 |
- #endif |
|
1322 |
- #endif |
|
1323 |
--#endif |
|
1324 |
- |
|
1325 |
--#ifdef SSL_OP_NO_TLSv1_2 |
|
1326 |
--#define HAVE_TLSV1_X |
|
1327 |
--#endif |
|
1328 |
-- |
|
1329 |
--#if !defined(OPENSSL_NO_COMP) && !defined(SSL_OP_NO_COMPRESSION) \ |
|
1330 |
-- && OPENSSL_VERSION_NUMBER < 0x00908000L |
|
1331 |
--#define OPENSSL_NO_COMP |
|
1332 |
--#endif |
|
1333 |
-- |
|
1334 |
--/* SRP support came in OpenSSL 1.0.1 */ |
|
1335 |
--#ifndef OPENSSL_NO_SRP |
|
1336 |
--#ifdef SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB |
|
1337 |
-+/* Secure Remote Password */ |
|
1338 |
-+#if !defined(OPENSSL_NO_SRP) && defined(SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB) |
|
1339 |
-+#define HAVE_SRP |
|
1340 |
- #include <openssl/srp.h> |
|
1341 |
--#else |
|
1342 |
--#define OPENSSL_NO_SRP |
|
1343 |
--#endif |
|
1344 |
- #endif |
|
1345 |
- |
|
1346 |
-+#endif /* !defined(OPENSSL_NO_TLSEXT) && defined(SSL_set_tlsext_host_name) */ |
|
1347 |
-+ |
|
1348 |
- /* mod_ssl headers */ |
|
1349 |
- #include "ssl_util_ssl.h" |
|
1350 |
- |
|
1351 |
-@@ -287,7 +266,7 @@ |
|
1352 |
- #define SSL_ALGO_UNKNOWN (0) |
|
1353 |
- #define SSL_ALGO_RSA (1<<0) |
|
1354 |
- #define SSL_ALGO_DSA (1<<1) |
|
1355 |
--#ifndef OPENSSL_NO_EC |
|
1356 |
-+#ifdef HAVE_ECC |
|
1357 |
- #define SSL_ALGO_ECC (1<<2) |
|
1358 |
- #define SSL_ALGO_ALL (SSL_ALGO_RSA|SSL_ALGO_DSA|SSL_ALGO_ECC) |
|
1359 |
- #else |
|
1360 |
-@@ -296,29 +275,13 @@ |
|
1361 |
- |
|
1362 |
- #define SSL_AIDX_RSA (0) |
|
1363 |
- #define SSL_AIDX_DSA (1) |
|
1364 |
--#ifndef OPENSSL_NO_EC |
|
1365 |
-+#ifdef HAVE_ECC |
|
1366 |
- #define SSL_AIDX_ECC (2) |
|
1367 |
- #define SSL_AIDX_MAX (3) |
|
1368 |
- #else |
|
1369 |
- #define SSL_AIDX_MAX (2) |
|
1370 |
- #endif |
|
1371 |
- |
|
1372 |
-- |
|
1373 |
--/** |
|
1374 |
-- * Define IDs for the temporary RSA keys and DH params |
|
1375 |
-- */ |
|
1376 |
-- |
|
1377 |
--#define SSL_TMP_KEY_RSA_512 (0) |
|
1378 |
--#define SSL_TMP_KEY_RSA_1024 (1) |
|
1379 |
--#define SSL_TMP_KEY_DH_512 (2) |
|
1380 |
--#define SSL_TMP_KEY_DH_1024 (3) |
|
1381 |
--#ifndef OPENSSL_NO_EC |
|
1382 |
--#define SSL_TMP_KEY_EC_256 (4) |
|
1383 |
--#define SSL_TMP_KEY_MAX (5) |
|
1384 |
--#else |
|
1385 |
--#define SSL_TMP_KEY_MAX (4) |
|
1386 |
--#endif |
|
1387 |
-- |
|
1388 |
- /** |
|
1389 |
- * Define the SSL options |
|
1390 |
- */ |
|
1391 |
-@@ -534,7 +497,6 @@ |
|
1392 |
- apr_global_mutex_t *pMutex; |
|
1393 |
- apr_array_header_t *aRandSeed; |
|
1394 |
- apr_hash_t *tVHostKeys; |
|
1395 |
-- void *pTmpKeys[SSL_TMP_KEY_MAX]; |
|
1396 |
- |
|
1397 |
- /* Two hash tables of pointers to ssl_asn1_t structures. The |
|
1398 |
- * structures are used to store certificates and private keys |
|
1399 |
-@@ -656,7 +618,7 @@ |
|
1400 |
- const char *stapling_force_url; |
|
1401 |
- #endif |
|
1402 |
- |
|
1403 |
--#ifndef OPENSSL_NO_SRP |
|
1404 |
-+#ifdef HAVE_SRP |
|
1405 |
- char *srp_vfile; |
|
1406 |
- char *srp_unknown_user_seed; |
|
1407 |
- SRP_VBASE *srp_vbase; |
|
1408 |
-@@ -688,7 +650,7 @@ |
|
1409 |
- ssl_enabled_t proxy_ssl_check_peer_expire; |
|
1410 |
- ssl_enabled_t proxy_ssl_check_peer_cn; |
|
1411 |
- ssl_enabled_t proxy_ssl_check_peer_name; |
|
1412 |
--#ifndef OPENSSL_NO_TLSEXT |
|
1413 |
-+#ifdef HAVE_TLSEXT |
|
1414 |
- ssl_enabled_t strict_sni_vhost_check; |
|
1415 |
- #endif |
|
1416 |
- #ifdef HAVE_FIPS |
|
1417 |
-@@ -792,7 +754,7 @@ |
|
1418 |
- const char *ssl_cmd_SSLOCSPResponderTimeout(cmd_parms *cmd, void *dcfg, const char *arg); |
|
1419 |
- const char *ssl_cmd_SSLOCSPEnable(cmd_parms *cmd, void *dcfg, int flag); |
|
1420 |
- |
|
1421 |
--#ifndef OPENSSL_NO_SRP |
|
1422 |
-+#ifdef HAVE_SRP |
|
1423 |
- const char *ssl_cmd_SSLSRPVerifierFile(cmd_parms *cmd, void *dcfg, const char *arg); |
|
1424 |
- const char *ssl_cmd_SSLSRPUnknownUserSeed(cmd_parms *cmd, void *dcfg, const char *arg); |
|
1425 |
- #endif |
|
1426 |
-@@ -823,11 +785,7 @@ |
|
1427 |
- extern const authz_provider ssl_authz_provider_verify_client; |
|
1428 |
- |
|
1429 |
- /** OpenSSL callbacks */ |
|
1430 |
--RSA *ssl_callback_TmpRSA(SSL *, int, int); |
|
1431 |
- DH *ssl_callback_TmpDH(SSL *, int, int); |
|
1432 |
--#ifndef OPENSSL_NO_EC |
|
1433 |
--EC_KEY *ssl_callback_TmpECDH(SSL *, int, int); |
|
1434 |
--#endif |
|
1435 |
- int ssl_callback_SSLVerify(int, X509_STORE_CTX *); |
|
1436 |
- int ssl_callback_SSLVerify_CRL(int, X509_STORE_CTX *, conn_rec *); |
|
1437 |
- int ssl_callback_proxy_cert(SSL *ssl, X509 **x509, EVP_PKEY **pkey); |
|
1438 |
-@@ -835,7 +793,7 @@ |
|
1439 |
- SSL_SESSION *ssl_callback_GetSessionCacheEntry(SSL *, unsigned char *, int, int *); |
|
1440 |
- void ssl_callback_DelSessionCacheEntry(SSL_CTX *, SSL_SESSION *); |
|
1441 |
- void ssl_callback_Info(const SSL *, int, int); |
|
1442 |
--#ifndef OPENSSL_NO_TLSEXT |
|
1443 |
-+#ifdef HAVE_TLSEXT |
|
1444 |
- int ssl_callback_ServerNameIndication(SSL *, int *, modssl_ctx_t *); |
|
1445 |
- #endif |
|
1446 |
- #ifdef HAVE_TLS_SESSION_TICKETS |
|
1447 |
-@@ -873,7 +831,7 @@ |
|
1448 |
- void ssl_stapling_ex_init(void); |
|
1449 |
- int ssl_stapling_init_cert(server_rec *s, modssl_ctx_t *mctx, X509 *x); |
|
1450 |
- #endif |
|
1451 |
--#ifndef OPENSSL_NO_SRP |
|
1452 |
-+#ifdef HAVE_SRP |
|
1453 |
- int ssl_callback_SRPServerParams(SSL *, int *, void *); |
|
1454 |
- #endif |
|
1455 |
- |
|
1456 |
-@@ -906,8 +864,10 @@ |
|
1457 |
- void ssl_pphrase_Handle(server_rec *, apr_pool_t *); |
|
1458 |
- |
|
1459 |
- /** Diffie-Hellman Parameter Support */ |
|
1460 |
--DH *ssl_dh_GetTmpParam(int); |
|
1461 |
--DH *ssl_dh_GetParamFromFile(char *); |
|
1462 |
-+DH *ssl_dh_GetParamFromFile(const char *); |
|
1463 |
-+#ifdef HAVE_ECC |
|
1464 |
-+EC_GROUP *ssl_ec_GetParamFromFile(const char *); |
|
1465 |
-+#endif |
|
1466 |
- |
|
1467 |
- unsigned char *ssl_asn1_table_set(apr_hash_t *table, |
|
1468 |
- const char *key, |
|
1469 |
-diff -Naur httpd-2.4.6-orig/modules/ssl/ssl_scache.c httpd-2.4.6/modules/ssl/ssl_scache.c |
|
1470 |
---- httpd-2.4.6-orig/modules/ssl/ssl_scache.c 2013-10-01 12:20:45.776812076 +0200 |
|
1471 |
-+++ httpd-2.4.6/modules/ssl/ssl_scache.c 2013-10-01 12:20:50.993746855 +0200 |
|
1472 |
-@@ -148,7 +148,7 @@ |
|
1473 |
- SSLModConfigRec *mc = myModConfig(s); |
|
1474 |
- unsigned char dest[SSL_SESSION_MAX_DER]; |
|
1475 |
- unsigned int destlen = SSL_SESSION_MAX_DER; |
|
1476 |
-- MODSSL_D2I_SSL_SESSION_CONST unsigned char *ptr; |
|
1477 |
-+ const unsigned char *ptr; |
|
1478 |
- apr_status_t rv; |
|
1479 |
- |
|
1480 |
- if (mc->sesscache->flags & AP_SOCACHE_FLAG_NOTMPSAFE) { |
|
1481 |
-diff -Naur httpd-2.4.6-orig/modules/ssl/ssl_util.c httpd-2.4.6/modules/ssl/ssl_util.c |
|
1482 |
---- httpd-2.4.6-orig/modules/ssl/ssl_util.c 2013-10-01 12:20:45.775812088 +0200 |
|
1483 |
-+++ httpd-2.4.6/modules/ssl/ssl_util.c 2013-10-01 12:20:50.993746855 +0200 |
|
1484 |
-@@ -151,7 +151,7 @@ |
|
1485 |
- case EVP_PKEY_DSA: |
|
1486 |
- t = SSL_ALGO_DSA; |
|
1487 |
- break; |
|
1488 |
--#ifndef OPENSSL_NO_EC |
|
1489 |
-+#ifdef HAVE_ECC |
|
1490 |
- case EVP_PKEY_EC: |
|
1491 |
- t = SSL_ALGO_ECC; |
|
1492 |
- break; |
|
1493 |
-@@ -177,7 +177,7 @@ |
|
1494 |
- case SSL_ALGO_DSA: |
|
1495 |
- cp = "DSA"; |
|
1496 |
- break; |
|
1497 |
--#ifndef OPENSSL_NO_EC |
|
1498 |
-+#ifdef HAVE_ECC |
|
1499 |
- case SSL_ALGO_ECC: |
|
1500 |
- cp = "ECC"; |
|
1501 |
- break; |
|
1502 |
-@@ -253,7 +253,7 @@ |
|
1503 |
- apr_hash_set(table, key, klen, NULL); |
|
1504 |
- } |
|
1505 |
- |
|
1506 |
--#ifndef OPENSSL_NO_EC |
|
1507 |
-+#ifdef HAVE_ECC |
|
1508 |
- static const char *ssl_asn1_key_types[] = {"RSA", "DSA", "ECC"}; |
|
1509 |
- #else |
|
1510 |
- static const char *ssl_asn1_key_types[] = {"RSA", "DSA"}; |
|
1511 |
-diff -Naur httpd-2.4.6-orig/modules/ssl/ssl_util_ssl.c httpd-2.4.6/modules/ssl/ssl_util_ssl.c |
|
1512 |
---- httpd-2.4.6-orig/modules/ssl/ssl_util_ssl.c 2013-10-01 12:20:45.777812063 +0200 |
|
1513 |
-+++ httpd-2.4.6/modules/ssl/ssl_util_ssl.c 2013-10-01 12:20:50.993746855 +0200 |
|
1514 |
-@@ -483,6 +483,38 @@ |
|
1515 |
- |
|
1516 |
- /* _________________________________________________________________ |
|
1517 |
- ** |
|
1518 |
-+** Custom (EC)DH parameter support |
|
1519 |
-+** _________________________________________________________________ |
|
1520 |
-+*/ |
|
1521 |
-+ |
|
1522 |
-+DH *ssl_dh_GetParamFromFile(const char *file) |
|
1523 |
-+{ |
|
1524 |
-+ DH *dh = NULL; |
|
1525 |
-+ BIO *bio; |
|
1526 |
-+ |
|
1527 |
-+ if ((bio = BIO_new_file(file, "r")) == NULL) |
|
1528 |
-+ return NULL; |
|
1529 |
-+ dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL); |
|
1530 |
-+ BIO_free(bio); |
|
1531 |
-+ return (dh); |
|
1532 |
-+} |
|
1533 |
-+ |
|
1534 |
-+#ifdef HAVE_ECC |
|
1535 |
-+EC_GROUP *ssl_ec_GetParamFromFile(const char *file) |
|
1536 |
-+{ |
|
1537 |
-+ EC_GROUP *group = NULL; |
|
1538 |
-+ BIO *bio; |
|
1539 |
-+ |
|
1540 |
-+ if ((bio = BIO_new_file(file, "r")) == NULL) |
|
1541 |
-+ return NULL; |
|
1542 |
-+ group = PEM_read_bio_ECPKParameters(bio, NULL, NULL, NULL); |
|
1543 |
-+ BIO_free(bio); |
|
1544 |
-+ return (group); |
|
1545 |
-+} |
|
1546 |
-+#endif |
|
1547 |
-+ |
|
1548 |
-+/* _________________________________________________________________ |
|
1549 |
-+** |
|
1550 |
- ** Extra Server Certificate Chain Support |
|
1551 |
- ** _________________________________________________________________ |
|
1552 |
- */ |
... | ... |
@@ -1,11 +0,0 @@ |
1 |
---- server/log.c.1 2007-10-04 16:34:00.000000000 +0200 |
|
2 |
-+++ server/log.c 2007-10-04 16:35:46.000000000 +0200 |
|
3 |
-@@ -595,7 +595,7 @@ |
|
4 |
- * first. -djg |
|
5 |
- */ |
|
6 |
- len += apr_snprintf(errstr + len, MAX_STRING_LEN - len, |
|
7 |
-- "[client %s] ", c->remote_ip); |
|
8 |
-+ "[client 0.0.0.0] "); |
|
9 |
- } |
|
10 |
- if (status != 0) { |
|
11 |
- if (status < APR_OS_START_EAIERR) { |
... | ... |
@@ -1,242 +0,0 @@ |
1 |
-diff -Naur httpd-2.4.3/modules/ssl/mod_ssl.c httpd-2.4.3-1/modules/ssl/mod_ssl.c |
|
2 |
---- httpd-2.4.3/modules/ssl/mod_ssl.c 2012-08-05 15:48:40.000000000 +0200 |
|
3 |
-+++ httpd-2.4.3-1/modules/ssl/mod_ssl.c 2012-10-23 15:53:15.014424913 +0200 |
|
4 |
-@@ -263,6 +263,18 @@ |
|
5 |
- AP_END_CMD |
|
6 |
- }; |
|
7 |
- |
|
8 |
-+/* Implement 'modssl_run_npn_advertise_protos_hook'. */ |
|
9 |
-+APR_IMPLEMENT_OPTIONAL_HOOK_RUN_ALL( |
|
10 |
-+ modssl, AP, int, npn_advertise_protos_hook, |
|
11 |
-+ (conn_rec *connection, apr_array_header_t *protos), |
|
12 |
-+ (connection, protos), OK, DECLINED); |
|
13 |
-+ |
|
14 |
-+/* Implement 'modssl_run_npn_proto_negotiated_hook'. */ |
|
15 |
-+APR_IMPLEMENT_OPTIONAL_HOOK_RUN_ALL( |
|
16 |
-+ modssl, AP, int, npn_proto_negotiated_hook, |
|
17 |
-+ (conn_rec *connection, const char *proto_name, apr_size_t proto_name_len), |
|
18 |
-+ (connection, proto_name, proto_name_len), OK, DECLINED); |
|
19 |
-+ |
|
20 |
- /* |
|
21 |
- * the various processing hooks |
|
22 |
- */ |
|
23 |
-diff -Naur httpd-2.4.3/modules/ssl/mod_ssl.h httpd-2.4.3-1/modules/ssl/mod_ssl.h |
|
24 |
---- httpd-2.4.3/modules/ssl/mod_ssl.h 2011-09-23 15:38:09.000000000 +0200 |
|
25 |
-+++ httpd-2.4.3-1/modules/ssl/mod_ssl.h 2012-10-23 15:53:15.014424913 +0200 |
|
26 |
-@@ -63,5 +63,26 @@ |
|
27 |
- |
|
28 |
- APR_DECLARE_OPTIONAL_FN(int, ssl_engine_disable, (conn_rec *)); |
|
29 |
- |
|
30 |
-+/** The npn_advertise_protos optional hook allows other modules to add entries |
|
31 |
-+ * to the list of protocol names advertised by the server during the Next |
|
32 |
-+ * Protocol Negotiation (NPN) portion of the SSL handshake. The hook callee is |
|
33 |
-+ * given the connection and an APR array; it should push one or more char*'s |
|
34 |
-+ * pointing to null-terminated strings (such as "http/1.1" or "spdy/2") onto |
|
35 |
-+ * the array and return OK, or do nothing and return DECLINED. */ |
|
36 |
-+APR_DECLARE_EXTERNAL_HOOK(modssl, AP, int, npn_advertise_protos_hook, |
|
37 |
-+ (conn_rec *connection, apr_array_header_t *protos)); |
|
38 |
-+ |
|
39 |
-+/** The npn_proto_negotiated optional hook allows other modules to discover the |
|
40 |
-+ * name of the protocol that was chosen during the Next Protocol Negotiation |
|
41 |
-+ * (NPN) portion of the SSL handshake. Note that this may be the empty string |
|
42 |
-+ * (in which case modules should probably assume HTTP), or it may be a protocol |
|
43 |
-+ * that was never even advertised by the server. The hook callee is given the |
|
44 |
-+ * connection, a non-null-terminated string containing the protocol name, and |
|
45 |
-+ * the length of the string; it should do something appropriate (i.e. insert or |
|
46 |
-+ * remove filters) and return OK, or do nothing and return DECLINED. */ |
|
47 |
-+APR_DECLARE_EXTERNAL_HOOK(modssl, AP, int, npn_proto_negotiated_hook, |
|
48 |
-+ (conn_rec *connection, const char *proto_name, |
|
49 |
-+ apr_size_t proto_name_len)); |
|
50 |
-+ |
|
51 |
- #endif /* __MOD_SSL_H__ */ |
|
52 |
- /** @} */ |
|
53 |
-diff -Naur httpd-2.4.3/modules/ssl/ssl_engine_init.c httpd-2.4.3-1/modules/ssl/ssl_engine_init.c |
|
54 |
---- httpd-2.4.3/modules/ssl/ssl_engine_init.c 2012-08-05 15:48:40.000000000 +0200 |
|
55 |
-+++ httpd-2.4.3-1/modules/ssl/ssl_engine_init.c 2012-10-23 15:53:15.030424726 +0200 |
|
56 |
-@@ -693,6 +693,11 @@ |
|
57 |
- #endif |
|
58 |
- |
|
59 |
- SSL_CTX_set_info_callback(ctx, ssl_callback_Info); |
|
60 |
-+ |
|
61 |
-+#ifdef HAVE_TLS_NPN |
|
62 |
-+ SSL_CTX_set_next_protos_advertised_cb( |
|
63 |
-+ ctx, ssl_callback_AdvertiseNextProtos, NULL); |
|
64 |
-+#endif |
|
65 |
- } |
|
66 |
- |
|
67 |
- static void ssl_init_ctx_verify(server_rec *s, |
|
68 |
-diff -Naur httpd-2.4.3/modules/ssl/ssl_engine_io.c httpd-2.4.3-1/modules/ssl/ssl_engine_io.c |
|
69 |
---- httpd-2.4.3/modules/ssl/ssl_engine_io.c 2012-05-05 10:44:19.000000000 +0200 |
|
70 |
-+++ httpd-2.4.3-1/modules/ssl/ssl_engine_io.c 2012-10-23 15:53:15.030424726 +0200 |
|
71 |
-@@ -28,6 +28,7 @@ |
|
72 |
- core keeps dumping.'' |
|
73 |
- -- Unknown */ |
|
74 |
- #include "ssl_private.h" |
|
75 |
-+#include "mod_ssl.h" |
|
76 |
- #include "apr_date.h" |
|
77 |
- |
|
78 |
- /* _________________________________________________________________ |
|
79 |
-@@ -297,6 +298,7 @@ |
|
80 |
- apr_pool_t *pool; |
|
81 |
- char buffer[AP_IOBUFSIZE]; |
|
82 |
- ssl_filter_ctx_t *filter_ctx; |
|
83 |
-+ int npn_finished; /* 1 if NPN has finished, 0 otherwise */ |
|
84 |
- } bio_filter_in_ctx_t; |
|
85 |
- |
|
86 |
- /* |
|
87 |
-@@ -1374,6 +1376,26 @@ |
|
88 |
- APR_BRIGADE_INSERT_TAIL(bb, bucket); |
|
89 |
- } |
|
90 |
- |
|
91 |
-+#ifdef HAVE_TLS_NPN |
|
92 |
-+ /* By this point, Next Protocol Negotiation (NPN) should be completed (if |
|
93 |
-+ * our version of OpenSSL supports it). If we haven't already, find out |
|
94 |
-+ * which protocol was decided upon and inform other modules by calling |
|
95 |
-+ * npn_proto_negotiated_hook. */ |
|
96 |
-+ if (!inctx->npn_finished) { |
|
97 |
-+ const unsigned char *next_proto = NULL; |
|
98 |
-+ unsigned next_proto_len = 0; |
|
99 |
-+ |
|
100 |
-+ SSL_get0_next_proto_negotiated( |
|
101 |
-+ inctx->ssl, &next_proto, &next_proto_len); |
|
102 |
-+ ap_log_cerror(APLOG_MARK, APLOG_DEBUG, APR_SUCCESS, f->c, |
|
103 |
-+ APLOGNO(02306) "SSL NPN negotiated protocol: '%*s'", |
|
104 |
-+ next_proto_len, (const char*)next_proto); |
|
105 |
-+ modssl_run_npn_proto_negotiated_hook( |
|
106 |
-+ f->c, (const char*)next_proto, next_proto_len); |
|
107 |
-+ inctx->npn_finished = 1; |
|
108 |
-+ } |
|
109 |
-+#endif |
|
110 |
-+ |
|
111 |
- return APR_SUCCESS; |
|
112 |
- } |
|
113 |
- |
|
114 |
-@@ -1855,6 +1877,7 @@ |
|
115 |
- inctx->block = APR_BLOCK_READ; |
|
116 |
- inctx->pool = c->pool; |
|
117 |
- inctx->filter_ctx = filter_ctx; |
|
118 |
-+ inctx->npn_finished = 0; |
|
119 |
- } |
|
120 |
- |
|
121 |
- /* The request_rec pointer is passed in here only to ensure that the |
|
122 |
-diff -Naur httpd-2.4.3/modules/ssl/ssl_engine_kernel.c httpd-2.4.3-1/modules/ssl/ssl_engine_kernel.c |
|
123 |
---- httpd-2.4.3/modules/ssl/ssl_engine_kernel.c 2012-05-05 10:44:19.000000000 +0200 |
|
124 |
-+++ httpd-2.4.3-1/modules/ssl/ssl_engine_kernel.c 2012-10-23 15:53:15.031424714 +0200 |
|
125 |
-@@ -29,6 +29,7 @@ |
|
126 |
- time I was too famous.'' |
|
127 |
- -- Unknown */ |
|
128 |
- #include "ssl_private.h" |
|
129 |
-+#include "mod_ssl.h" |
|
130 |
- #include "util_md5.h" |
|
131 |
- |
|
132 |
- static void ssl_configure_env(request_rec *r, SSLConnRec *sslconn); |
|
133 |
-@@ -2143,3 +2144,86 @@ |
|
134 |
- return -1; |
|
135 |
- } |
|
136 |
- #endif |
|
137 |
-+ |
|
138 |
-+#ifdef HAVE_TLS_NPN |
|
139 |
-+/* |
|
140 |
-+ * This callback function is executed when SSL needs to decide what protocols |
|
141 |
-+ * to advertise during Next Protocol Negotiation (NPN). It must produce a |
|
142 |
-+ * string in wire format -- a sequence of length-prefixed strings -- indicating |
|
143 |
-+ * the advertised protocols. Refer to SSL_CTX_set_next_protos_advertised_cb |
|
144 |
-+ * in OpenSSL for reference. |
|
145 |
-+ */ |
|
146 |
-+int ssl_callback_AdvertiseNextProtos(SSL *ssl, const unsigned char **data_out, |
|
147 |
-+ unsigned int *size_out, void *arg) |
|
148 |
-+{ |
|
149 |
-+ conn_rec *c = (conn_rec*)SSL_get_app_data(ssl); |
|
150 |
-+ apr_array_header_t *protos; |
|
151 |
-+ int num_protos; |
|
152 |
-+ unsigned int size; |
|
153 |
-+ int i; |
|
154 |
-+ unsigned char *data; |
|
155 |
-+ unsigned char *start; |
|
156 |
-+ |
|
157 |
-+ *data_out = NULL; |
|
158 |
-+ *size_out = 0; |
|
159 |
-+ |
|
160 |
-+ /* If the connection object is not available, then there's nothing for us |
|
161 |
-+ * to do. */ |
|
162 |
-+ if (c == NULL) { |
|
163 |
-+ return SSL_TLSEXT_ERR_OK; |
|
164 |
-+ } |
|
165 |
-+ |
|
166 |
-+ /* Invoke our npn_advertise_protos hook, giving other modules a chance to |
|
167 |
-+ * add alternate protocol names to advertise. */ |
|
168 |
-+ protos = apr_array_make(c->pool, 0, sizeof(char*)); |
|
169 |
-+ modssl_run_npn_advertise_protos_hook(c, protos); |
|
170 |
-+ num_protos = protos->nelts; |
|
171 |
-+ |
|
172 |
-+ /* We now have a list of null-terminated strings; we need to concatenate |
|
173 |
-+ * them together into a single string, where each protocol name is prefixed |
|
174 |
-+ * by its length. First, calculate how long that string will be. */ |
|
175 |
-+ size = 0; |
|
176 |
-+ for (i = 0; i < num_protos; ++i) { |
|
177 |
-+ const char *string = APR_ARRAY_IDX(protos, i, const char*); |
|
178 |
-+ unsigned int length = strlen(string); |
|
179 |
-+ /* If the protocol name is too long (the length must fit in one byte), |
|
180 |
-+ * then log an error and skip it. */ |
|
181 |
-+ if (length > 255) { |
|
182 |
-+ ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, c, APLOGNO(02307) |
|
183 |
-+ "SSL NPN protocol name too long (length=%u): %s", |
|
184 |
-+ length, string); |
|
185 |
-+ continue; |
|
186 |
-+ } |
|
187 |
-+ /* Leave room for the length prefix (one byte) plus the protocol name |
|
188 |
-+ * itself. */ |
|
189 |
-+ size += 1 + length; |
|
190 |
-+ } |
|
191 |
-+ |
|
192 |
-+ /* If there is nothing to advertise (either because no modules added |
|
193 |
-+ * anything to the protos array, or because all strings added to the array |
|
194 |
-+ * were skipped), then we're done. */ |
|
195 |
-+ if (size == 0) { |
|
196 |
-+ return SSL_TLSEXT_ERR_OK; |
|
197 |
-+ } |
|
198 |
-+ |
|
199 |
-+ /* Now we can build the string. Copy each protocol name string into the |
|
200 |
-+ * larger string, prefixed by its length. */ |
|
201 |
-+ data = apr_palloc(c->pool, size * sizeof(unsigned char)); |
|
202 |
-+ start = data; |
|
203 |
-+ for (i = 0; i < num_protos; ++i) { |
|
204 |
-+ const char *string = APR_ARRAY_IDX(protos, i, const char*); |
|
205 |
-+ apr_size_t length = strlen(string); |
|
206 |
-+ if (length > 255) |
|
207 |
-+ continue; |
|
208 |
-+ *start = (unsigned char)length; |
|
209 |
-+ ++start; |
|
210 |
-+ memcpy(start, string, length * sizeof(unsigned char)); |
|
211 |
-+ start += length; |
|
212 |
-+ } |
|
213 |
-+ |
|
214 |
-+ /* Success. */ |
|
215 |
-+ *data_out = data; |
|
216 |
-+ *size_out = size; |
|
217 |
-+ return SSL_TLSEXT_ERR_OK; |
|
218 |
-+} |
|
219 |
-+#endif |
|
220 |
-diff -Naur httpd-2.4.3/modules/ssl/ssl_private.h httpd-2.4.3-1/modules/ssl/ssl_private.h |
|
221 |
---- httpd-2.4.3/modules/ssl/ssl_private.h 2012-08-05 15:48:40.000000000 +0200 |
|
222 |
-+++ httpd-2.4.3-1/modules/ssl/ssl_private.h 2012-10-23 15:53:15.031424714 +0200 |
|
223 |
-@@ -139,6 +139,11 @@ |
|
224 |
- #define HAVE_FIPS |
|
225 |
- #endif |
|
226 |
- |
|
227 |
-+#if OPENSSL_VERSION_NUMBER >= 0x10001000L && !defined(OPENSSL_NO_NEXTPROTONEG) \ |
|
228 |
-+ && !defined(OPENSSL_NO_TLSEXT) |
|
229 |
-+#define HAVE_TLS_NPN |
|
230 |
-+#endif |
|
231 |
-+ |
|
232 |
- #if (OPENSSL_VERSION_NUMBER >= 0x10000000) |
|
233 |
- #define MODSSL_SSL_CIPHER_CONST const |
|
234 |
- #define MODSSL_SSL_METHOD_CONST const |
|
235 |
-@@ -820,6 +825,7 @@ |
|
236 |
- int ssl_callback_SessionTicket(SSL *, unsigned char *, unsigned char *, |
|
237 |
- EVP_CIPHER_CTX *, HMAC_CTX *, int); |
|
238 |
- #endif |
|
239 |
-+int ssl_callback_AdvertiseNextProtos(SSL *ssl, const unsigned char **data, unsigned int *len, void *arg); |
|
240 |
- |
|
241 |
- /** Session Cache Support */ |
|
242 |
- void ssl_scache_init(server_rec *, apr_pool_t *); |
... | ... |
@@ -0,0 +1,19 @@ |
1 |
+[Unit] |
|
2 |
+Description=The Apache HTTP Server |
|
3 |
+After=network.target remote-fs.target nss-lookup.target |
|
4 |
+ |
|
5 |
+[Service] |
|
6 |
+EnvironmentFile=/etc/conf.d/apache2 |
|
7 |
+ExecStart=/usr/sbin/apache2 $APACHE2_OPTS -DFOREGROUND |
|
8 |
+ExecReload=/usr/sbin/apache2 $APACHE2_OPTS -k graceful |
|
9 |
+ExecStop=/usr/sbin/apache2 $APACHE2_OPTS -k graceful-stop |
|
10 |
+# We want systemd to give httpd some time to finish gracefully, but still want |
|
11 |
+# it to kill httpd after TimeoutStopSec if something went wrong during the |
|
12 |
+# graceful stop. Normally, Systemd sends SIGTERM signal right after the |
|
13 |
+# ExecStop, which would kill httpd. We are sending useless SIGCONT here to give |
|
14 |
+# httpd time to finish. |
|
15 |
+KillSignal=SIGCONT |
|
16 |
+PrivateTmp=true |
|
17 |
+ |
|
18 |
+[Install] |
|
19 |
+WantedBy=multi-user.target |
... | ... |
@@ -0,0 +1,20 @@ |
1 |
+[Unit] |
|
2 |
+Description=The Apache HTTP Server |
|
3 |
+After=network.target remote-fs.target nss-lookup.target |
|
4 |
+ |
|
5 |
+[Service] |
|
6 |
+Type=notify |
|
7 |
+EnvironmentFile=/etc/conf.d/apache2 |
|
8 |
+ExecStart=/usr/sbin/apache2 $APACHE2_OPTS -DFOREGROUND |
|
9 |
+ExecReload=/usr/sbin/apache2 $APACHE2_OPTS -k graceful |
|
10 |
+ExecStop=/usr/sbin/apache2 $APACHE2_OPTS -k graceful-stop |
|
11 |
+# We want systemd to give httpd some time to finish gracefully, but still want |
|
12 |
+# it to kill httpd after TimeoutStopSec if something went wrong during the |
|
13 |
+# graceful stop. Normally, Systemd sends SIGTERM signal right after the |
|
14 |
+# ExecStop, which would kill httpd. We are sending useless SIGCONT here to give |
|
15 |
+# httpd time to finish. |
|
16 |
+KillSignal=SIGCONT |
|
17 |
+PrivateTmp=true |
|
18 |
+ |
|
19 |
+[Install] |
|
20 |
+WantedBy=multi-user.target |
... | ... |
@@ -0,0 +1,40 @@ |
1 |
+--- gentoo-apache-2.2.23/init/apache2.initd |
|
2 |
++++ gentoo-apache-2.2.23/init/apache2.initd |
|
3 |
+@@ -77,12 +77,16 @@ |
|
4 |
+ # Use start stop daemon to apply system limits #347301 |
|
5 |
+ start-stop-daemon --start -- ${APACHE2} ${APACHE2_OPTS} -k start |
|
6 |
+ |
|
7 |
+- i=0 |
|
8 |
+- while [ ! -e "${PIDFILE}" ] && [ $i -lt ${TIMEOUT} ]; do |
|
9 |
++ local i=0 retval=1 |
|
10 |
++ while [ $i -lt ${TIMEOUT} ] ; do |
|
11 |
++ if [ -e "${PIDFILE}" ] ; then |
|
12 |
++ retval=0 |
|
13 |
++ break |
|
14 |
++ fi |
|
15 |
+ sleep 1 && i=$(expr $i + 1) |
|
16 |
+ done |
|
17 |
+ |
|
18 |
+- eend $(test $i -lt ${TIMEOUT}) |
|
19 |
++ eend ${retval} |
|
20 |
+ } |
|
21 |
+ |
|
22 |
+ stop() { |
|
23 |
+@@ -101,13 +105,14 @@ |
|
24 |
+ ebegin "Stopping ${SVCNAME}" |
|
25 |
+ ${APACHE2} ${APACHE2_OPTS} -k stop |
|
26 |
+ |
|
27 |
+- i=0 |
|
28 |
+- while ( ! test -f "${PIDFILE}" && pgrep -P ${PID} apache2 >/dev/null ) \ |
|
29 |
++ local i=0 retval=0 |
|
30 |
++ while ( test -f "${PIDFILE}" && pgrep -P ${PID} apache2 >/dev/null ) \ |
|
31 |
+ && [ $i -lt ${TIMEOUT} ]; do |
|
32 |
+ sleep 1 && i=$(expr $i + 1) |
|
33 |
+ done |
|
34 |
++ [ -e "${PIDFILE}" ] && retval=1 |
|
35 |
+ |
|
36 |
+- eend $(test $i -lt ${TIMEOUT}) |
|
37 |
++ eend ${retval} |
|
38 |
+ } |
|
39 |
+ |
|
40 |
+ reload() { |
... | ... |
@@ -1,249 +0,0 @@ |
1 |
-diff -Naur httpd-2.2.16/modules/ssl/mod_ssl.c httpd-2.2.16-ecc/modules/ssl/mod_ssl.c |
|
2 |
---- httpd-2.2.16/modules/ssl/mod_ssl.c 2010-07-12 20:47:45.000000000 +0200 |
|
3 |
-+++ httpd-2.2.16-ecc/modules/ssl/mod_ssl.c 2011-01-04 21:54:17.587477515 +0100 |
|
4 |
-@@ -424,6 +424,9 @@ |
|
5 |
- */ |
|
6 |
- SSL_set_tmp_rsa_callback(ssl, ssl_callback_TmpRSA); |
|
7 |
- SSL_set_tmp_dh_callback(ssl, ssl_callback_TmpDH); |
|
8 |
-+#ifndef OPENSSL_NO_EC |
|
9 |
-+ SSL_set_tmp_ecdh_callback(ssl, ssl_callback_TmpECDH); |
|
10 |
-+#endif |
|
11 |
- |
|
12 |
- SSL_set_verify_result(ssl, X509_V_OK); |
|
13 |
- |
|
14 |
-diff -Naur httpd-2.2.16/modules/ssl/ssl_engine_init.c httpd-2.2.16-ecc/modules/ssl/ssl_engine_init.c |
|
15 |
---- httpd-2.2.16/modules/ssl/ssl_engine_init.c 2010-07-12 20:47:45.000000000 +0200 |
|
16 |
-+++ httpd-2.2.16-ecc/modules/ssl/ssl_engine_init.c 2011-01-04 21:56:05.611610901 +0100 |
|
17 |
-@@ -399,7 +399,11 @@ |
|
18 |
- * Check for problematic re-initializations |
|
19 |
- */ |
|
20 |
- if (mctx->pks->certs[SSL_AIDX_RSA] || |
|
21 |
-- mctx->pks->certs[SSL_AIDX_DSA]) |
|
22 |
-+ mctx->pks->certs[SSL_AIDX_DSA] |
|
23 |
-+#ifndef OPENSSL_NO_EC |
|
24 |
-+ || mctx->pks->certs[SSL_AIDX_ECC] |
|
25 |
-+#endif |
|
26 |
-+ ) |
|
27 |
- { |
|
28 |
- ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, |
|
29 |
- "Illegal attempt to re-initialise SSL for server " |
|
30 |
-@@ -554,6 +558,9 @@ |
|
31 |
- |
|
32 |
- SSL_CTX_set_tmp_rsa_callback(ctx, ssl_callback_TmpRSA); |
|
33 |
- SSL_CTX_set_tmp_dh_callback(ctx, ssl_callback_TmpDH); |
|
34 |
-+#ifndef OPENSSL_NO_EC |
|
35 |
-+ SSL_CTX_set_tmp_ecdh_callback(ctx,ssl_callback_TmpECDH); |
|
36 |
-+#endif |
|
37 |
- |
|
38 |
- SSL_CTX_set_info_callback(ctx, ssl_callback_Info); |
|
39 |
- } |
|
40 |
-@@ -821,9 +828,16 @@ |
|
41 |
- ssl_asn1_t *asn1; |
|
42 |
- MODSSL_D2I_PrivateKey_CONST unsigned char *ptr; |
|
43 |
- const char *type = ssl_asn1_keystr(idx); |
|
44 |
-- int pkey_type = (idx == SSL_AIDX_RSA) ? EVP_PKEY_RSA : EVP_PKEY_DSA; |
|
45 |
-+ int pkey_type; |
|
46 |
- EVP_PKEY *pkey; |
|
47 |
- |
|
48 |
-+#ifndef OPENSSL_NO_EC |
|
49 |
-+ if (idx == SSL_AIDX_ECC) |
|
50 |
-+ pkey_type = EVP_PKEY_EC; |
|
51 |
-+ else |
|
52 |
-+#endif /* SSL_LIBRARY_VERSION */ |
|
53 |
-+ pkey_type = (idx == SSL_AIDX_RSA) ? EVP_PKEY_RSA : EVP_PKEY_DSA; |
|
54 |
-+ |
|
55 |
- if (!(asn1 = ssl_asn1_table_get(mc->tPrivateKey, id))) { |
|
56 |
- return FALSE; |
|
57 |
- } |
|
58 |
-@@ -934,19 +948,39 @@ |
|
59 |
- modssl_ctx_t *mctx) |
|
60 |
- { |
|
61 |
- const char *rsa_id, *dsa_id; |
|
62 |
-+#ifndef OPENSSL_NO_EC |
|
63 |
-+ const char *ecc_id; |
|
64 |
-+#endif |
|
65 |
- const char *vhost_id = mctx->sc->vhost_id; |
|
66 |
- int i; |
|
67 |
- int have_rsa, have_dsa; |
|
68 |
-+#ifndef OPENSSL_NO_EC |
|
69 |
-+ int have_ecc; |
|
70 |
-+#endif |
|
71 |
- |
|
72 |
- rsa_id = ssl_asn1_table_keyfmt(ptemp, vhost_id, SSL_AIDX_RSA); |
|
73 |
- dsa_id = ssl_asn1_table_keyfmt(ptemp, vhost_id, SSL_AIDX_DSA); |
|
74 |
-+#ifndef OPENSSL_NO_EC |
|
75 |
-+ ecc_id = ssl_asn1_table_keyfmt(ptemp, vhost_id, SSL_AIDX_ECC); |
|
76 |
-+#endif |
|
77 |
- |
|
78 |
- have_rsa = ssl_server_import_cert(s, mctx, rsa_id, SSL_AIDX_RSA); |
|
79 |
- have_dsa = ssl_server_import_cert(s, mctx, dsa_id, SSL_AIDX_DSA); |
|
80 |
-+#ifndef OPENSSL_NO_EC |
|
81 |
-+ have_ecc = ssl_server_import_cert(s, mctx, ecc_id, SSL_AIDX_ECC); |
|
82 |
-+#endif |
|
83 |
- |
|
84 |
-- if (!(have_rsa || have_dsa)) { |
|
85 |
-+ if (!(have_rsa || have_dsa |
|
86 |
-+#ifndef OPENSSL_NO_EC |
|
87 |
-+ || have_ecc |
|
88 |
-+#endif |
|
89 |
-+)) { |
|
90 |
- ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, |
|
91 |
-+#ifndef OPENSSL_NO_EC |
|
92 |
-+ "Oops, no RSA, DSA or ECC server certificate found " |
|
93 |
-+#else |
|
94 |
- "Oops, no RSA or DSA server certificate found " |
|
95 |
-+#endif |
|
96 |
- "for '%s:%d'?!", s->server_hostname, s->port); |
|
97 |
- ssl_die(); |
|
98 |
- } |
|
99 |
-@@ -957,10 +991,21 @@ |
|
100 |
- |
|
101 |
- have_rsa = ssl_server_import_key(s, mctx, rsa_id, SSL_AIDX_RSA); |
|
102 |
- have_dsa = ssl_server_import_key(s, mctx, dsa_id, SSL_AIDX_DSA); |
|
103 |
-+#ifndef OPENSSL_NO_EC |
|
104 |
-+ have_ecc = ssl_server_import_key(s, mctx, ecc_id, SSL_AIDX_ECC); |
|
105 |
-+#endif |
|
106 |
- |
|
107 |
-- if (!(have_rsa || have_dsa)) { |
|
108 |
-+ if (!(have_rsa || have_dsa |
|
109 |
-+#ifndef OPENSSL_NO_EC |
|
110 |
-+ || have_ecc |
|
111 |
-+#endif |
|
112 |
-+ )) { |
|
113 |
- ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, |
|
114 |
-+#ifndef OPENSSL_NO_EC |
|
115 |
-+ "Oops, no RSA, DSA or ECC server private key found?!"); |
|
116 |
-+#else |
|
117 |
- "Oops, no RSA or DSA server private key found?!"); |
|
118 |
-+#endif |
|
119 |
- ssl_die(); |
|
120 |
- } |
|
121 |
- } |
|
122 |
-diff -Naur httpd-2.2.16/modules/ssl/ssl_engine_kernel.c httpd-2.2.16-ecc/modules/ssl/ssl_engine_kernel.c |
|
123 |
---- httpd-2.2.16/modules/ssl/ssl_engine_kernel.c 2010-02-27 22:00:58.000000000 +0100 |
|
124 |
-+++ httpd-2.2.16-ecc/modules/ssl/ssl_engine_kernel.c 2011-01-04 21:54:17.578477589 +0100 |
|
125 |
-@@ -1287,6 +1287,33 @@ |
|
126 |
- return (DH *)mc->pTmpKeys[idx]; |
|
127 |
- } |
|
128 |
- |
|
129 |
-+#ifndef OPENSSL_NO_EC |
|
130 |
-+EC_KEY *ssl_callback_TmpECDH(SSL *ssl, int export, int keylen) |
|
131 |
-+{ |
|
132 |
-+ conn_rec *c = (conn_rec *)SSL_get_app_data(ssl); |
|
133 |
-+ SSLModConfigRec *mc = myModConfig(c->base_server); |
|
134 |
-+ int idx; |
|
135 |
-+ static EC_KEY *ecdh = NULL; |
|
136 |
-+ static init = 0; |
|
137 |
-+ |
|
138 |
-+ /* XXX Uses 256-bit key for now. TODO: support other sizes. */ |
|
139 |
-+ ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, c, |
|
140 |
-+ "handing out temporary 256 bit ECC key"); |
|
141 |
-+ |
|
142 |
-+ if (init == 0) { |
|
143 |
-+ ecdh = EC_KEY_new(); |
|
144 |
-+ if (ecdh != NULL) { |
|
145 |
-+ /* ecdh->group = EC_GROUP_new_by_nid(NID_secp160r2); */ |
|
146 |
-+ EC_KEY_set_group(ecdh, |
|
147 |
-+ EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1)); |
|
148 |
-+ } |
|
149 |
-+ init = 1; |
|
150 |
-+ } |
|
151 |
-+ |
|
152 |
-+ return ecdh; |
|
153 |
-+} |
|
154 |
-+#endif |
|
155 |
-+ |
|
156 |
- /* |
|
157 |
- * This OpenSSL callback function is called when OpenSSL |
|
158 |
- * does client authentication and verifies the certificate chain. |
|
159 |
-diff -Naur httpd-2.2.16/modules/ssl/ssl_private.h httpd-2.2.16-ecc/modules/ssl/ssl_private.h |
|
160 |
---- httpd-2.2.16/modules/ssl/ssl_private.h 2010-07-12 20:47:45.000000000 +0200 |
|
161 |
-+++ httpd-2.2.16-ecc/modules/ssl/ssl_private.h 2011-01-04 21:54:17.577477597 +0100 |
|
162 |
-@@ -181,11 +181,21 @@ |
|
163 |
- #define SSL_ALGO_UNKNOWN (0) |
|
164 |
- #define SSL_ALGO_RSA (1<<0) |
|
165 |
- #define SSL_ALGO_DSA (1<<1) |
|
166 |
-+#ifndef OPENSSL_NO_EC |
|
167 |
-+#define SSL_ALGO_ECC (1<<2) |
|
168 |
-+#define SSL_ALGO_ALL (SSL_ALGO_RSA|SSL_ALGO_DSA|SSL_ALGO_ECC) |
|
169 |
-+#else |
|
170 |
- #define SSL_ALGO_ALL (SSL_ALGO_RSA|SSL_ALGO_DSA) |
|
171 |
-+#endif /* SSL_LIBRARY_VERSION */ |
|
172 |
- |
|
173 |
- #define SSL_AIDX_RSA (0) |
|
174 |
- #define SSL_AIDX_DSA (1) |
|
175 |
-+#ifndef OPENSSL_NO_EC |
|
176 |
-+#define SSL_AIDX_ECC (2) |
|
177 |
-+#define SSL_AIDX_MAX (3) |
|
178 |
-+#else |
|
179 |
- #define SSL_AIDX_MAX (2) |
|
180 |
-+#endif /* SSL_LIBRARY_VERSION */ |
|
181 |
- |
|
182 |
- |
|
183 |
- /** |
|
184 |
-@@ -589,6 +599,9 @@ |
|
185 |
- /** OpenSSL callbacks */ |
|
186 |
- RSA *ssl_callback_TmpRSA(SSL *, int, int); |
|
187 |
- DH *ssl_callback_TmpDH(SSL *, int, int); |
|
188 |
-+#ifndef OPENSSL_NO_EC |
|
189 |
-+EC_KEY *ssl_callback_TmpECDH(SSL *, int, int); |
|
190 |
-+#endif /* SSL_LIBRARY_VERSION */ |
|
191 |
- int ssl_callback_SSLVerify(int, X509_STORE_CTX *); |
|
192 |
- int ssl_callback_SSLVerify_CRL(int, X509_STORE_CTX *, conn_rec *); |
|
193 |
- int ssl_callback_proxy_cert(SSL *ssl, MODSSL_CLIENT_CERT_CB_ARG_TYPE **x509, EVP_PKEY **pkey); |
|
194 |
-diff -Naur httpd-2.2.16/modules/ssl/ssl_toolkit_compat.h httpd-2.2.16-ecc/modules/ssl/ssl_toolkit_compat.h |
|
195 |
---- httpd-2.2.16/modules/ssl/ssl_toolkit_compat.h 2010-07-12 20:47:45.000000000 +0200 |
|
196 |
-+++ httpd-2.2.16-ecc/modules/ssl/ssl_toolkit_compat.h 2011-01-04 21:55:26.583924797 +0100 |
|
197 |
-@@ -38,6 +38,13 @@ |
|
198 |
- #include <openssl/evp.h> |
|
199 |
- #include <openssl/rand.h> |
|
200 |
- #include <openssl/x509v3.h> |
|
201 |
-+ |
|
202 |
-+ |
|
203 |
-+/* ECC support came along in OpenSSL 1.0.0 */ |
|
204 |
-+#if (OPENSSL_VERSION_NUMBER < 0x10000000) |
|
205 |
-+#define OPENSSL_NO_EC |
|
206 |
-+#endif |
|
207 |
-+ |
|
208 |
- /** Avoid tripping over an engine build installed globally and detected |
|
209 |
- * when the user points at an explicit non-engine flavor of OpenSSL |
|
210 |
- */ |
|
211 |
-diff -Naur httpd-2.2.16/modules/ssl/ssl_util.c httpd-2.2.16-ecc/modules/ssl/ssl_util.c |
|
212 |
---- httpd-2.2.16/modules/ssl/ssl_util.c 2008-09-18 16:34:51.000000000 +0200 |
|
213 |
-+++ httpd-2.2.16-ecc/modules/ssl/ssl_util.c 2011-01-04 21:54:17.578477589 +0100 |
|
214 |
-@@ -150,6 +150,11 @@ |
|
215 |
- case EVP_PKEY_DSA: |
|
216 |
- t = SSL_ALGO_DSA; |
|
217 |
- break; |
|
218 |
-+#ifndef OPENSSL_NO_EC |
|
219 |
-+ case EVP_PKEY_EC: |
|
220 |
-+ t = SSL_ALGO_ECC; |
|
221 |
-+ break; |
|
222 |
-+#endif |
|
223 |
- default: |
|
224 |
- break; |
|
225 |
- } |
|
226 |
-@@ -174,6 +179,11 @@ |
|
227 |
- case SSL_ALGO_DSA: |
|
228 |
- cp = "DSA"; |
|
229 |
- break; |
|
230 |
-+#ifndef OPENSSL_NO_EC |
|
231 |
-+ case SSL_ALGO_ECC: |
|
232 |
-+ cp = "ECC"; |
|
233 |
-+ break; |
|
234 |
-+#endif |
|
235 |
- default: |
|
236 |
- break; |
|
237 |
- } |
|
238 |
-@@ -245,7 +255,11 @@ |
|
239 |
- apr_hash_set(table, key, klen, NULL); |
|
240 |
- } |
|
241 |
- |
|
242 |
-+#ifndef OPENSSL_NO_EC |
|
243 |
-+static const char *ssl_asn1_key_types[] = {"RSA", "DSA", "ECC"}; |
|
244 |
-+#else |
|
245 |
- static const char *ssl_asn1_key_types[] = {"RSA", "DSA"}; |
|
246 |
-+#endif |
|
247 |
- |
|
248 |
- const char *ssl_asn1_keystr(int keytype) |
|
249 |
- { |
... | ... |
@@ -0,0 +1,163 @@ |
1 |
+--- httpd-2.4.3/modules/arch/unix/config5.m4.systemd |
|
2 |
++++ httpd-2.4.3/modules/arch/unix/config5.m4 |
|
3 |
+@@ -18,6 +18,19 @@ APACHE_MODULE(privileges, Per-virtualhos |
|
4 |
+ fi |
|
5 |
+ ]) |
|
6 |
+ |
|
7 |
++ |
|
8 |
++APACHE_MODULE(systemd, Systemd support, , , $unixd_mods_enabled, [ |
|
9 |
++ AC_CHECK_LIB(systemd-daemon, sd_notify, SYSTEMD_LIBS="-lsystemd-daemon") |
|
10 |
++ AC_CHECK_HEADERS(systemd/sd-daemon.h, [ap_HAVE_SD_DAEMON_H="yes"], [ap_HAVE_SD_DAEMON_H="no"]) |
|
11 |
++ if test $ap_HAVE_SD_DAEMON_H = "no" || test -z "${SYSTEMD_LIBS}"; then |
|
12 |
++ AC_MSG_WARN([Your system does not support systemd.]) |
|
13 |
++ enable_systemd="no" |
|
14 |
++ else |
|
15 |
++ APR_ADDTO(MOD_SYSTEMD_LDADD, [$SYSTEMD_LIBS]) |
|
16 |
++ enable_systemd="yes" |
|
17 |
++ fi |
|
18 |
++]) |
|
19 |
++ |
|
20 |
+ APR_ADDTO(INCLUDES, [-I\$(top_srcdir)/$modpath_current]) |
|
21 |
+ |
|
22 |
+ APACHE_MODPATH_FINISH |
|
23 |
+--- httpd-2.4.3/modules/arch/unix/mod_systemd.c.systemd |
|
24 |
++++ httpd-2.4.3/modules/arch/unix/mod_systemd.c |
|
25 |
+@@ -0,0 +1,138 @@ |
|
26 |
++/* Licensed to the Apache Software Foundation (ASF) under one or more |
|
27 |
++ * contributor license agreements. See the NOTICE file distributed with |
|
28 |
++ * this work for additional information regarding copyright ownership. |
|
29 |
++ * The ASF licenses this file to You under the Apache License, Version 2.0 |
|
30 |
++ * (the "License"); you may not use this file except in compliance with |
|
31 |
++ * the License. You may obtain a copy of the License at |
|
32 |
++ * |
|
33 |
++ * http://www.apache.org/licenses/LICENSE-2.0 |
|
34 |
++ * |
|
35 |
++ * Unless required by applicable law or agreed to in writing, software |
|
36 |
++ * distributed under the License is distributed on an "AS IS" BASIS, |
|
37 |
++ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
|
38 |
++ * See the License for the specific language governing permissions and |
|
39 |
++ * limitations under the License. |
|
40 |
++ * |
|
41 |
++ */ |
|
42 |
++ |
|
43 |
++#include <stdint.h> |
|
44 |
++#include <ap_config.h> |
|
45 |
++#include "ap_mpm.h" |
|
46 |
++#include <http_core.h> |
|
47 |
++#include <http_log.h> |
|
48 |
++#include <apr_version.h> |
|
49 |
++#include <apr_pools.h> |
|
50 |
++#include <apr_strings.h> |
|
51 |
++#include "unixd.h" |
|
52 |
++#include "scoreboard.h" |
|
53 |
++#include "mpm_common.h" |
|
54 |
++ |
|
55 |
++#include "systemd/sd-daemon.h" |
|
56 |
++ |
|
57 |
++#if APR_HAVE_UNISTD_H |
|
58 |
++#include <unistd.h> |
|
59 |
++#endif |
|
60 |
++ |
|
61 |
++#define KBYTE 1024 |
|
62 |
++ |
|
63 |
++static pid_t pid; /* PID of the main httpd instance */ |
|
64 |
++static int server_limit, thread_limit, threads_per_child, max_servers; |
|
65 |
++static time_t last_update_time; |
|
66 |
++static unsigned long last_update_access; |
|
67 |
++static unsigned long last_update_kbytes; |
|
68 |
++ |
|
69 |
++static int systemd_pre_mpm(apr_pool_t *p, ap_scoreboard_e sb_type) |
|
70 |
++{ |
|
71 |
++ int rv; |
|
72 |
++ last_update_time = time(0); |
|
73 |
++ |
|
74 |
++ ap_mpm_query(AP_MPMQ_HARD_LIMIT_THREADS, &thread_limit); |
|
75 |
++ ap_mpm_query(AP_MPMQ_HARD_LIMIT_DAEMONS, &server_limit); |
|
76 |
++ ap_mpm_query(AP_MPMQ_MAX_THREADS, &threads_per_child); |
|
77 |
++ /* work around buggy MPMs */ |
|
78 |
++ if (threads_per_child == 0) |
|
79 |
++ threads_per_child = 1; |
|
80 |
++ ap_mpm_query(AP_MPMQ_MAX_DAEMONS, &max_servers); |
|
81 |
++ |
|
82 |
++ pid = getpid(); |
|
83 |
++ |
|
84 |
++ rv = sd_notifyf(0, "READY=1\n" |
|
85 |
++ "STATUS=Processing requests...\n" |
|
86 |
++ "MAINPID=%lu", |
|
87 |
++ (unsigned long) pid); |
|
88 |
++ if (rv < 0) { |
|
89 |
++ ap_log_perror(APLOG_MARK, APLOG_ERR, 0, p, |
|
90 |
++ "sd_notifyf returned an error %d", rv); |
|
91 |
++ } |
|
92 |
++ |
|
93 |
++ return OK; |
|
94 |
++} |
|
95 |
++ |
|
96 |
++static int systemd_monitor(apr_pool_t *p, server_rec *s) |
|
97 |
++{ |
|
98 |
++ int i, j, res, rv; |
|
99 |
++ process_score *ps_record; |
|
100 |
++ worker_score *ws_record; |
|
101 |
++ unsigned long access = 0; |
|
102 |
++ unsigned long bytes = 0; |
|
103 |
++ unsigned long kbytes = 0; |
|
104 |
++ char bps[5]; |
|
105 |
++ time_t now = time(0); |
|
106 |
++ time_t elapsed = now - last_update_time; |
|
107 |
++ |
|
108 |
++ for (i = 0; i < server_limit; ++i) { |
|
109 |
++ ps_record = ap_get_scoreboard_process(i); |
|
110 |
++ for (j = 0; j < thread_limit; ++j) { |
|
111 |
++ ws_record = ap_get_scoreboard_worker_from_indexes(i, j); |
|
112 |
++ if (ap_extended_status && !ps_record->quiescing && ps_record->pid) { |
|
113 |
++ res = ws_record->status; |
|
114 |
++ if (ws_record->access_count != 0 || |
|
115 |
++ (res != SERVER_READY && res != SERVER_DEAD)) { |
|
116 |
++ access += ws_record->access_count; |
|
117 |
++ bytes += ws_record->bytes_served; |
|
118 |
++ if (bytes >= KBYTE) { |
|
119 |
++ kbytes += (bytes >> 10); |
|
120 |
++ bytes = bytes & 0x3ff; |
|
121 |
++ } |
|
122 |
++ } |
|
123 |
++ } |
|
124 |
++ } |
|
125 |
++ } |
|
126 |
++ |
|
127 |
++ apr_strfsize((unsigned long)(KBYTE *(float) (kbytes - last_update_kbytes) |
|
128 |
++ / (float) elapsed), bps); |
|
129 |
++ |
|
130 |
++ rv = sd_notifyf(0, "READY=1\n" |
|
131 |
++ "STATUS=Total requests: %lu; Current requests/sec: %.3g; " |
|
132 |
++ "Current traffic: %sB/sec\n", access, |
|
133 |
++ ((float)access - last_update_access) / (float) elapsed, bps); |
|
134 |
++ if (rv < 0) { |
|
135 |
++ ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, APLOGNO(00000) |
|
136 |
++ "sd_notifyf returned an error %d", rv); |
|
137 |
++ } |
|
138 |
++ |
|
139 |
++ last_update_access = access; |
|
140 |
++ last_update_kbytes = kbytes; |
|
141 |
++ last_update_time = now; |
|
142 |
++ |
|
143 |
++ return DECLINED; |
|
144 |
++} |
|
145 |
++ |
|
146 |
++static void systemd_register_hooks(apr_pool_t *p) |
|
147 |
++{ |
|
148 |
++ /* We know the PID in this hook ... */ |
|
149 |
++ ap_hook_pre_mpm(systemd_pre_mpm, NULL, NULL, APR_HOOK_LAST); |
|
150 |
++ /* Used to update httpd's status line using sd_notifyf */ |
|
151 |
++ ap_hook_monitor(systemd_monitor, NULL, NULL, APR_HOOK_MIDDLE); |
|
152 |
++} |
|
153 |
++ |
|
154 |
++module AP_MODULE_DECLARE_DATA systemd_module = |
|
155 |
++{ |
|
156 |
++ STANDARD20_MODULE_STUFF, |
|
157 |
++ NULL, |
|
158 |
++ NULL, |
|
159 |
++ NULL, |
|
160 |
++ NULL, |
|
161 |
++ NULL, |
|
162 |
++ systemd_register_hooks, |
|
163 |
++}; |
|
0 | 164 |