re-do apache
Hanno Böck

Hanno Böck commited on 2014-05-04 11:45:42
Zeige 23 geänderte Dateien mit 252 Einfügungen und 4291 Löschungen.

... ...
@@ -1,34 +1,11 @@
1
+AUX 00_systemd.conf 88 SHA256 487e7451ce2d834d8af09a1db09bfe235fbc87b17b13a88bf849f0739b023ce3 SHA512 c510b77450f45d8ca5b8f00ebae5de9e3dc0ecb45f9857e391ac923dadb6b5193b13e9bc372790de20bb8829f2bee5bfc0e85ad03b3a72818c5dd6a0d7f45353 WHIRLPOOL 35ff7234f1ac513a522481ed08d2281dc331835cccd1049dbbadd9f2dff7fce1700a3ae9fd8f2f490f09d82edd960f4a0b4f00a91db2bafb7c647e3b54733cef
1 2
 AUX 2.2.22-envvars-std.in 1071 SHA256 1721b424f2335640e49d71e671a4be15424d29fe90f55fe4f52bd241a998d3ee SHA512 c18fd461f02ab79fc456a1ad99bf91c8891ecdabd90f41437ebf87e20b3d28d2006a10d6726164c2f0333e7aee350bd125838abaff3a188d8ab2f5f34d3e5466 WHIRLPOOL 59cbee68fc8012df01229b8d5e38045eb974bab3f08ebf5b01097dabb5275bb83e28cd09a058ce71949ca4a2439811cff457d4c7df88d7b3fc5318c6b7ef0075
2
-AUX apache-2.2.14-staticdhparameters.diff 11745 SHA256 1fecd496f7df6438cf44b331a0b15d6ceaa0522fcb20d7246772f10f7c3c41df SHA512 5c7fa11b29efd430ddc7144ed8d656c82d9609c9da720cd5d217626505b2257c074bea1ef0f4f2c50b123be58d82fbefac3240b71c3b8c3b9b087c30b090bcf9 WHIRLPOOL ced66883bd7fc4ec868a5d6091cdc765424541c183e53283749d73d4f4b53d0c9221950df816625de9bd115f610931e91b1fac819530294fcb12a0a39b7f6f2c
3
-AUX apache-2.2.23-tls-compression-option.diff 4211 SHA256 6ccc0003f486734e660292ac2640d99af830443c09a2d5c9d6aaf371b636d9bd SHA512 915044023b10afca9a67ca90fa4d1175d4d3ef7274308df74c78b0972fd7ec54e3fdb3f4b03ecbfc543b64153b232a140cc8e095b2f74abfcfa0cb86e21fb612 WHIRLPOOL 028be436ac78adcb631b109a23ab7f4b5c2349a95202f8ed33a111b9b2048675892b160ac737875ebe7a73937f8868d665d016a61bdbaec301eacbbad0d1cc05
4
-AUX apache-2.4.3-dhparam.diff 12684 SHA256 5185da7eecf04f26cc496a25fabe420db065e59dd088eca51b8c08f0238d12ad SHA512 c49e4c6e607cf5bf11e59c929791d806b15ff30d11e8473e633f2ef406e5d926a2ced1910672e5263f8ea45de6f30eb37048065c1d9fbd11fb7c52603e93bd4b WHIRLPOOL 41e2ac7c8c0734e3132639db7222e488b8ffd18a6c2f2e76b401fdc0b71fc528f3d80eb3d95710084b9fa88e29ce916df215c79b47d80c3ae25188f4cea79e9c
5
-AUX apache-2.4.6-modssl-dhparams.diff 48302 SHA256 529b747ab1858966011ed4ffab14bb8c1f015c98ecbdf72cd3a53c70a6a8f220 SHA512 9f8b0710c9b5134213415dc6dceaaad17536072250d403794b074fb690ad1168b9b408996a192017f988728b656d1cff2e18a66c5a9792580870970a6026a3f2 WHIRLPOOL 2252302acb1366c064a7f304282d480b7920989f2b0022ce8487a1da28b86164759f28fa57bd4d9ff0abf65550290e8feea4de4125bcd75cac35b7269d43a868
6 3
 AUX apache-fix-sni.diff 621 SHA256 272ea68c8af38fb48a805124e5e467448cfc9e1c4a00b8ceef7d84677c8eb1b7 SHA512 865f1148fd5f38dbbea1960275ac29764cfd36369d5df81e7c1029c4363fafdda8dacce760d6424664649df20f4e3bbc15afaa1de693e79605ce2472f721d38e WHIRLPOOL ef1dfd348871d0dd13071fddc74f348ab4ea5114b78fb8db22ccefb781f2f3ca600c18752c284ccb0c7f77783a7e2332865f35a38d4766636c772628874e459e
7
-AUX apache-noip.diff 417 SHA256 c9ed84fec20e69f711600261a395a3d4b3ae2685318f6354c4d2ebd01c0ec4cc SHA512 fa684688e707f5fb511b228b8fa9b0f996dbf615f2f9b6478ab478e801f14c65a7381137cdbda648d68f7818891085c744da3a8249843e73bdf5ef247a90d3fe WHIRLPOOL d2636a34b0d48139adef125e76ef477d84bf7cd9785f094fe57c1d81b45e7392622d232bee5f53896d8b48eb9b3241cd48cbb585ea70d97a872c5cd3f6bfe420
8
-AUX apache-npn 9799 SHA256 6e41b59680832b074246dd24a41aec56f9bb35ab4f34674cd20e32f1289c21ab SHA512 60d9c6f750562f087b607edf7939195f31b7e0101b9c8d1c883e3b01da192d354fc291d45832757ab50c029f99ac4ad06fa9b7ce4e5928367d1f89278fa79fa3 WHIRLPOOL 162dba8354efeccbb100a86cb61e47c0a96be11a057cfffccc194abd31721b99f4ef3e5fc9b4a7e82a7495d1369af1be3f7b3d4339ec33af24858a0049474331
9
-AUX httpd-2.2.16-ecc.diff 8236 SHA256 e7fe97852875de06372d8413248fa20419946e2ab7de5198c93bffa6b5a68461 SHA512 8b54c30f9edc76bd8969ee894038f267d722d1ab8c7332a84fe21704bde0451e1a27503252fa87bd0f749dac3281eb266cda36aa7faec1a36ee6e67a8f9ae6c7 WHIRLPOOL 2d8ad3cd12b27937dcafef31df8c9fa048fb4e1ed06109e745fbe12dc869ceaa21fa2e62aa9bcb729d7fb426c1ee0a82171b5038cac56f8b8ebbc3cd3569daa9
10
-DIST gentoo-apache-2.2.22-20120213.tar.bz2 64507 SHA256 737730dabf1e1ccfe9d409067dc3c4d37d16f7fa1e792f5bf39268d904ce1c31 SHA512 f364bdbee967b3bc797d2053b9eb347af963f99275441093930d0057465e1a12567106f5c5ac21a45a4bbd4b353ce67553038d6146f469a7bf980a9148471170 WHIRLPOOL f5a3ab44fc14ddf67ccf0785006b1d9f5c49b915114f9d7e97858fba447a5ee872c741e73c17e121b61cc0aa678b42dc154616cd64054461c552d3a8c29f4f17
11
-DIST gentoo-apache-2.2.23-20121012.tar.bz2 64135 SHA256 711a88f26c58b10b082f7ff411366cd768f9450101da050438a2f77abeab7333 SHA512 92a49f954b82d4427862f41977625a60641731cc25ab3efdd666be8db839038e7b1c2ef2f878d5efed243eaa63237e88ee4993cd25cca1dfbb0f56a6b2093d57 WHIRLPOOL 221d9c0cf999430afc11a8e48ae67019c7f31daca827a5db7615aca24859788743e5da00e4c99b7b7b375e58fafd6c148339e5671be939dbc30735031e12c49f
12
-DIST gentoo-apache-2.4.3-20121012.tar.bz2 24541 SHA256 aeed23c716f05d7430a6d905fb75c192418c9ba90feb96fcc474138c4addfd69 SHA512 fe37c91328bf090aacd4012030845b2e4461a116b9b60d95108c4a4749729bef5ac526d4bd3570406f3d7afe41b0f634c2e9a167ee416a56f5f82f46eb27cc26 WHIRLPOOL 421efb4a7940b52cbc2e054c5ef2f79ff19c13a3140941ec659da3ff61a70491485c1c375db29b1fa6c4dc45761df1f0fc63bd3d867c8937d33f5b6c948bade0
13
-DIST gentoo-apache-2.4.4-20130227.tar.bz2 24579 SHA256 cf27447dc87b4c145e50a6850245e3ed8d350bc3500bb249035322b23d03ccd2 SHA512 d6e8e37c53c37e9791c9d0ed3501d271212f0d2e2aac757a8a1914f20eb7b3dc0ca7e2d33a6f17dcb3572bc1f01b2c2f5876329ac8c2a4aaa7d2bca8e71f1d84 WHIRLPOOL 6364049b25c0aa21c4336dab7d1af8d3f3d06a60766fe401fc4f818f8ff7764564d136a414c444811612698221d830040ff4c5afb2a379607d5bd32b60260be6
14
-DIST gentoo-apache-2.4.4-20130725.tar.bz2 24525 SHA256 c155dae39d87acc43ef34b385a2eaf2a45ff9c11d31b1c1791a74f9946335c39 SHA512 95489af418e3674b9d20dc988f4473d5d088d892bb2e6660a46a225667b0427c904d883a19fa3a847778fa00eb8ac0f27e1a5f76f0d65a28eaf0a39747353bbb WHIRLPOOL 1fd36df2db6814d01846cb40be9443aa963a0df9b45647859e901981872f64a8b4ba95aff9a14a8985feb74d51c551ab10c6734a63d5e9d001c53ab3c4383c42
15
-DIST gentoo-apache-2.4.4-20130801.tar.bz2 24536 SHA256 bae819de1ded2104a65dabc759e8a7bc6b442d2588ffb99e563be8482b3d87bf SHA512 97474e7d7f17d6537337b51385be4d093f9a15cf3a0a5f567ad883c4cc653d9bd3bed6e5f308e1bb9cf648be2c4a67a3099a95bd36b1be7c15ca8c512e01b2b0 WHIRLPOOL 4b75f5477b601f4159cb1b12c5f76ae4f678c83cef4441eba0e90a9be8222e4abd981a0d2205a54ddeebd8276567670c5ad827aa19f22f17196986bfd5c05c73
4
+AUX apache.conf 55 SHA256 ea616c5cc37979a006d69c51bda43fca15a4327d33175762652b29f5cdea1c7b SHA512 3a53beb7a283d17c14383f16ad14c0602681ac1b193cce8f5aca50ae9d9af3a71054ce4a9ab11cbcb72fe913459e1b306fd54660154e66afe10272f8c0f149f3 WHIRLPOOL fa348414f320a9f70001386dfb77d57ca4836c3ef3d251976077b7ad545d7f6752e534efadbf28c7dcb777388e3d844eba84b939dcf48881983388daf6ac23f0
5
+AUX apache2.2.service 716 SHA256 e850ad73585fbba52ade58a39ca91adbfd52f56a0bbd426ebcadb340a7dcb62b SHA512 5f736c803772077598248bbb41f76dff396dfd2f11a60d1ba929a619275efb8c1b4c0dab78cbcdf83b9ec94db67b958b3333b01f67d71eb3b2e07dba4bca2a7c WHIRLPOOL 776a928422b8f37a12099111a1503674ca901934b60dca8596dc8bc287390be9a0e912d7ba6226dcb22eb7c669fa298ddc20fd7bf5c275b0cf019bae0d594839
6
+AUX apache2.4.service 728 SHA256 4420af10d1237f90ae519e56e75f1cc84e9f7c7b63aca9decf91a77f88ae0390 SHA512 6b43e5638d5da68a5408d45befd10a9e42197c1a393764e945ba22d47d0736e2b28bad36a96f4f4ad4ff928db6f2c1377bd22ce401056b2f21fb38933a3cd972 WHIRLPOOL 5526995c5f4772353fcccbd83ed93c8186cb47f80f5d1244dc454ca886189ac92539572c43978d2868b77002a2397ff4794b3c8f6c655fecb432b8013afaf38e
7
+AUX gentoo-apache-2.2.23-initd_fixups.patch 963 SHA256 ea8cdb5ad98416fcc3daf496bc996d23c09212f325980e0328da5e76deb8ad5d SHA512 3250d94e9fc5c3f921c756d3d5cfc670b0221a06dab376ef162cc8ecec8d1300cb95266b2a96d5a608a710326de2144662d450c8a2142a12200b1210fbc9cdb0 WHIRLPOOL 314e1d2c6d156cbf1a0330ab822f64a32d2b6b52adf46e1db4d8f148eb1e471712ebd65948056e4e2e85585499cbc1f9a0d0616f2a6c1ec9b382af35bdf8f194
8
+AUX httpd-2.4.3-mod_systemd.patch 5396 SHA256 d8f5c76dd5eb0edc9759ea300d3b320ee96b6e6f9fabb8a4043f8d1b77b646a2 SHA512 0db785fac6034aa431e9d816bd06020a5b287dbdae794f8b94eb267805981a1d2a97fdb92bd13e32d35329e6db3f799a03e98456329f6a80c5863e72a26e5c59 WHIRLPOOL 4016b9626af1a8ca001518e8a45262ca4dd27a998727db988a8f1234aa7c5d56d439f4ecfdc6219510f57c97991884a7f57eaa83535988cb72e9fd8ffdee7b6e
16 9
 DIST gentoo-apache-2.4.9-r2-20140421.tar.bz2 24952 SHA256 0494a3e2fbcfc2139b2edeeb04fa87e66d31e0335c22a47e93dbb24289f13a10 SHA512 19dabea049730ab0ea177ec95cc34364835ec11185e87851e1ad31a4b08e3a2855a79d4be0eef2c72fe07bc4647fcf1ffc444be57f7af92b798decc20270552f WHIRLPOOL 96210b689696214d689e4842da4b3795f02732abedb5b9508a3e0c881b8f8bf67a41cf06a8cb6a353f267ddad1af9202a32a0b1b41c9ad49dbc98e5c0841f1d5
17
-DIST httpd-2.2.22.tar.bz2 5378934 SHA256 dcdc9f1dc722f84798caf69d69dca78daa5e09a4269060045aeca7e4f44cb231 SHA512 b6901453aaef3cac31cf763f7748e06a2492e1f72e4158627f38e45423a9bcd9bea1f74ba1a1ec9a5c7fc554eb062ea61b944e2001f19825def2e530ce8a42bc WHIRLPOOL 32a03d638f82d791effdce888a02e66189d6fe87c2179ab9f3de034fbf5c8311d24835f28e9a18addb847aa6859ed817bf2e11833e315285474eefcea6f56891
18
-DIST httpd-2.2.23.tar.bz2 5485205 SHA256 14fe79bd6edd957c02cb41f4175e132c08e6ff74a7d08dc1858dd8224e351c34 SHA512 69b3bc942b2a91cdb57356a5c57078794db2d8404a23080a2621cdf33ae2d9bdbbacd0f6e95fd6e71fbfa87e94942be0a014c3e8709148f991e391d03aa6dee2 WHIRLPOOL 8d00184aff654b2d7f1c5ebd471f19ffcb57107ea37179fa05c424424d7b70ff0c9abf3be68ed9f0d091b3c057f1ba24cb989937e35087c3199f82e3dddbbd4f
19
-DIST httpd-2.2.24.tar.bz2 5490439 SHA256 0453f5d2d7e3b1975a1c6a8a22b6d6ff768715a3b0a89b51e5f7b5851628fad7 SHA512 e1c24535bb0ae309c249c0a6fbd390064a929d960241e5e68737744f120a88b615bd5d9065fc2f749ee664ed96621c9373576e6ca32bd189d625fcd4dc1b8f01 WHIRLPOOL b24bf388e1be29cc52341d66af00318b3a60ad6db6b4df8c6cc0abf496c4e603d3b733529d21d3d1c37dad0008cacafa8078abdff6c25cb42b3874b6e176713e
20
-DIST httpd-2.2.25.tar.bz2 5524905 SHA256 4bcaf3524796a514b31aa5c64ce80b0cdb484bab5735416de29d00f6d50fa65a SHA512 4750e79bdab4ca28c602a808531dfc1482e86bf425d5cb3bcb42a9ccfbbfde5bfd05e66649ea741523c96de6582f5e12facbb1e7d67257bcf78a3ed7a66f80d9 WHIRLPOOL 7ce37be9b66de24cc7259c6e8a0696b496c893933b1c5dbdff5147c279fb644b5d5fc77ed02531b0f081f0c217f684d1bcd98bac26938b23c1d7a4ec085162f6
21
-DIST httpd-2.4.3.tar.bz2 4559279 SHA256 d82102b9c111f1892fb20a2bccf4370de579c6521b2f172ed0b36f2759fb249e SHA512 d4501ae69aacb75d960bc8cb61c9e1ff52e6e42a37c37ca84c839262e183ca2f305794da28266aa2119d211ba0f4531705f66330079ab594c05e92ae8196d1ab WHIRLPOOL 4ffb7dc8057200f676557a70591d6938e92a8990d88dc88237d278f185290d260312dd8cfdd08994ffd7b7280502b3debea0f3e02acc718dd9db613222b6d2ae
22
-DIST httpd-2.4.4.tar.bz2 4780289 SHA256 92aabddeca76a4ac7330b143df1407bbf35574c7291c15172238ac598d97655c SHA512 d68789e1e585b4acf26e4e32d063fa512525f8fcc2077b1dbf573dd9f4b47667772d94bb65fefb354fbfae331e87b3fdea422a732838c86d8887eed4b3a76af0 WHIRLPOOL c2ec29a0d52ff1d674f103d0d59c0acd15b194b1102ba5078ef76b62aa959ff92adc5977e095b30c6a778cd9385f9c4ded9bfdc6ce8fba381735ca1aa84aa9f0
23
-DIST httpd-2.4.6.tar.bz2 4949897 SHA256 dc9f3625ebc08bea55eeb0d16e71fba656f252e6cd0aa244ee7806dc3b022fea SHA512 8ade7ec5291f07a60e279f7a73a79c11c150dbf09c9e7b059e136fcb250130aa0f381b118f84e230184b065d452d5e946df8a5766991be8cdc6e8f5d4c4bac01 WHIRLPOOL 81f036bb438afa30106a402e256d641a2687b619ef7f6ea3e4ab61f30715560e1c9dd3afa3e53c4d99c77de72f100e8a1894a5a898247c381100ceb165b8a146
24 10
 DIST httpd-2.4.9.tar.bz2 4994460 SHA256 f78cc90dfa47caf3d83ad18fd6b4e85f237777c1733fc9088594b70ce2847603 SHA512 3a66302e18a2d165b3851665dc73be7d3849fc3359c1ff9dd9e2eaebf1f1d8fb89b7b0a05929d6247750bf0ed1abf9cf3c236a373b2d99635c8ca41698719c96 WHIRLPOOL 735677695d3b1497d554dd3e8d97733359140f3bb524335ab474275ca2b5546ceab8f5f3778948fabee2d152bf5b096d99b3dabb1011a4b68905c7cd5012a648
25
-EBUILD apache-2.2.22-r1.ebuild 3206 SHA256 4c72b2164c32c34e85c6a8e99c68464e5505eeb79bf94eed7ad1d62ba2045c0e SHA512 bafab5ef6f8d8675614473c01ae71655b1cd94b75658353e8351df1cb8b9667b2164d501f98b4492810a2ec2d3415db6c5df416bc51aed4fc4ec6fc4a155288b WHIRLPOOL d6f4c9b06b3cfcad613084bb7902c7ba942848a8233b50ff48474e7407c3e1d4523f44a0ca9f0790510122719609ec767afbaf3fdd60b6dd7918fe409e9b08a2
26
-EBUILD apache-2.2.22.ebuild 3001 SHA256 cf930cea2f7e8a8bd2f7cabe7de9ecf56efb33d10bd3fe2d70acaa6e86cebb0c SHA512 1de2c503698334b00c3b44cad9680d8699e7ad21c80a746af4154d03433da4bcc072cf572d2ce9dbf478f6c97423ee2650521d877f2c62a27ec0189d5c66c045 WHIRLPOOL aadae0ae48a37cdd5ed3995c92fa5bf925fd2c12792cdcce08305191c09703a80bd7bc264c61165e8c26687bde97ad543722d04e090620cd7fe473c76688e233
27
-EBUILD apache-2.2.23.ebuild 3181 SHA256 b6502801683bcd8708e247fd11e8d7a639a7412f77d3a631827705f20e43c878 SHA512 860dce68ab969c4bacdedc3fec4d48937d7a331921e86fe02d6b1481a59cd8997d336b9c9bbc6cf9a69dd3719acc411abae1809e7770b42d31adb1cefd5dc560 WHIRLPOOL e2e128e74236c6a306d511cdc8d1e9799e9818fc842a1884eb48a8ef8683669ba321ca228ec780015e1c88044cff2904652c4a1c93a2f3af84e3552c8e7d3363
28
-EBUILD apache-2.2.24.ebuild 3102 SHA256 b751f4d8aa98faf4f78a695368cd294777084c1d0a7dce153fb48795dd4b05c8 SHA512 3f00a8ee05dd124ed85f152bd71a328c0d62901c4b39da59464fa31182dd492cb4c8109f23936a545b72bc0a8385219b858939664a914eb65a0a593bb02f318a WHIRLPOOL b70b72cd25136eda395e283e03f7aede0197fb5bc0f6a762f60b90b2e291f5e0a98065897a9a25e6d9cd172253eac6829952cca0a1bfde3adfbab3f0034c69e1
29
-EBUILD apache-2.2.25.ebuild 3297 SHA256 f2a97144d474359d89e67248fa1f7a58c22e1268357b1a9978800b8b8816767a SHA512 0f3af89b8d9a70b75e3888bfd110625875ed48aa9348033c9f316401b38468f34d11bd49e223e62b81d0a52abf4a94a5c44ea8c757e51a391d6dbd659c83c1c3 WHIRLPOOL 5608f8deaf9c90eb92a03237b3516af15c0a140f0decbc9a6e874b18e0135a8969435b3d85611ceb058453071e38ce2e3f0392e142843241c7040fecb8f072a6
30
-EBUILD apache-2.4.3.ebuild 7203 SHA256 082ee4bc36fe78621a32ad8ae3f3117943b5572e1456618d1b547cf344c4d687 SHA512 56786dc2e5f835e1894760ad85bfba6ffd531b50e7e9f782240ac2deb7464a2aa222cd04495ab7bd81f0e30c91972f417857c9fd4ee53587ebc91ba6a542c41e WHIRLPOOL 4e8e22861a21d8defd9c8eb57fc5548ba38a911db640fc63b6a15fdcfcf86c8fbf50b09f78321ea784bf81340718242d5a7fa6c6ed1c4e0c31a4e79affc64d24
31
-EBUILD apache-2.4.4-r1.ebuild 7252 SHA256 64b4537ade811698d002a19da3b32dc54fc590c76cab613095f7086502b34dca SHA512 30f72175c5093f6fcee56892b79e3c72106c7f160a5dff3f7f29c0be376ed94271b35f536ec4d3d539f352a90c9d741b368eb8aaeada501da8a22f1f8cfa67dc WHIRLPOOL 0bd24504dcbab1e364209e622f93a5baf78976761f9e4de7a85686417e6077829f8ca1ab7a87724f3c03362249de3fada01c06e9f553ec8bd24cf1bead516a4b
32
-EBUILD apache-2.4.6-r1.ebuild 7476 SHA256 6d6b9331dce777b11cfef9bd8b5e9ac006e93728f549225ab6945cb81037a1a9 SHA512 c5ceb713601e2372bb36bdb705d9a7d7dd8c76ffa09339124b11b0054c180606243b21e2c1e95346a7ac0d0ab302ff88e238a8447b553abf08b8a42b390d9e42 WHIRLPOOL 974cf7113269dfb87c138635abd610aaddf92aa94d9dad508b1c11c3636715d9dcce969e0d7e13db1bf854b0f9c2100c428c351795987708659d3ad3ab9ca9b1
33
-EBUILD apache-2.4.6-r2.ebuild 7487 SHA256 6d15eef1bc7ca1b70be5f61e2dfed5f8ae9feb5c3b42142c06ffc1c3a132c2cb SHA512 84d0cb9cf92a09775116702b65fc87cae08cdf0316602f9e1f05278414a9e3a9ebbbd05e4a6c2e61d7100dfb25db9b5535d3e6cc51f7294889ba370166c58be7 WHIRLPOOL 68b4c5223776d6e08c1da9e4caa93245fcf0a6f83327d6a719c0f202eb14b4a339e7105f872ca062e5f4f1f6fced87e6ddab6fc3c3f412fa6117d545e27a3dc2
34 11
 EBUILD apache-2.4.9-r2.ebuild 7545 SHA256 091b49a8545fca2d4cdc487e7df224a3d9006e899d7e8aa9f91aa7f87edd7467 SHA512 28c9cb35ab96a69b63f19ec62d5b95737da329981591502b1e4fed1038d203ef1a77673e446ee6cdff37e300bf5cbf8129f056550b05c2fa3553df068c9a6e8c WHIRLPOOL 5d55e4130a30261a0827f1a2f5925c7321a03b915b2f8cf9464762751d97b415e13f0cb6c42698b3d030e093d1021a038ee4dec6541493e4f5c401a146f568ad
... ...
@@ -1,113 +0,0 @@
1
-# Copyright 1999-2012 Gentoo Foundation
2
-# Distributed under the terms of the GNU General Public License v2
3
-# $Header: /var/cvsroot/gentoo-x86/www-servers/apache/apache-2.2.22-r1.ebuild,v 1.1 2012/04/20 04:22:46 patrick Exp $
4
-
5
-EAPI="2"
6
-
7
-# latest gentoo apache files
8
-GENTOO_PATCHSTAMP="20120213"
9
-GENTOO_DEVELOPER="jmbsvicetto"
10
-GENTOO_PATCHNAME="gentoo-apache-2.2.22"
11
-
12
-# IUSE/USE_EXPAND magic
13
-IUSE_MPMS_FORK="itk peruser prefork"
14
-IUSE_MPMS_THREAD="event worker"
15
-
16
-IUSE_MODULES="actions alias asis auth_basic auth_digest authn_alias authn_anon
17
-authn_dbd authn_dbm authn_default authn_file authz_dbm authz_default
18
-authz_groupfile authz_host authz_owner authz_user autoindex cache cern_meta
19
-charset_lite cgi cgid dav dav_fs dav_lock dbd deflate dir disk_cache dumpio
20
-env expires ext_filter file_cache filter headers ident imagemap include info
21
-log_config log_forensic logio mem_cache mime mime_magic negotiation proxy
22
-proxy_ajp proxy_balancer proxy_connect proxy_ftp proxy_http proxy_scgi rewrite
23
-reqtimeout setenvif speling status substitute unique_id userdir usertrack
24
-version vhost_alias"
25
-# The following are also in the source as of this version, but are not available
26
-# for user selection:
27
-# bucketeer case_filter case_filter_in echo http isapi optional_fn_export
28
-# optional_fn_import optional_hook_export optional_hook_import
29
-
30
-# inter-module dependencies
31
-# TODO: this may still be incomplete
32
-MODULE_DEPENDS="
33
-	dav_fs:dav
34
-	dav_lock:dav
35
-	deflate:filter
36
-	disk_cache:cache
37
-	ext_filter:filter
38
-	file_cache:cache
39
-	log_forensic:log_config
40
-	logio:log_config
41
-	mem_cache:cache
42
-	mime_magic:mime
43
-	proxy_ajp:proxy
44
-	proxy_balancer:proxy
45
-	proxy_connect:proxy
46
-	proxy_ftp:proxy
47
-	proxy_http:proxy
48
-	proxy_scgi:proxy
49
-	substitute:filter
50
-"
51
-
52
-# module<->define mappings
53
-MODULE_DEFINES="
54
-	auth_digest:AUTH_DIGEST
55
-	authnz_ldap:AUTHNZ_LDAP
56
-	cache:CACHE
57
-	dav:DAV
58
-	dav_fs:DAV
59
-	dav_lock:DAV
60
-	disk_cache:CACHE
61
-	file_cache:CACHE
62
-	info:INFO
63
-	ldap:LDAP
64
-	mem_cache:CACHE
65
-	proxy:PROXY
66
-	proxy_ajp:PROXY
67
-	proxy_balancer:PROXY
68
-	proxy_connect:PROXY
69
-	proxy_ftp:PROXY
70
-	proxy_http:PROXY
71
-	ssl:SSL
72
-	status:STATUS
73
-	suexec:SUEXEC
74
-	userdir:USERDIR
75
-"
76
-
77
-# critical modules for the default config
78
-MODULE_CRITICAL="
79
-	authz_host
80
-	dir
81
-	mime
82
-"
83
-
84
-inherit apache-2
85
-
86
-DESCRIPTION="The Apache Web Server."
87
-HOMEPAGE="http://httpd.apache.org/"
88
-
89
-# some helper scripts are Apache-1.1, thus both are here
90
-LICENSE="Apache-2.0 Apache-1.1"
91
-SLOT="2"
92
-KEYWORDS="alpha amd64 arm hppa ia64 ~mips ppc ppc64 s390 sh sparc x86 ~sparc-fbsd ~x86-fbsd"
93
-IUSE=""
94
-
95
-DEPEND="${DEPEND}
96
-	>=dev-libs/openssl-0.9.8m
97
-	apache2_modules_deflate? ( sys-libs/zlib )"
98
-
99
-# dependency on >=dev-libs/apr-1.4.5 for bug #368651
100
-RDEPEND="${RDEPEND}
101
-	>=dev-libs/apr-1.4.5
102
-	>=dev-libs/openssl-0.9.8m
103
-	apache2_modules_mime? ( app-misc/mime-types )"
104
-
105
-# init script fixup - should be rolled into next tarball #389965
106
-src_prepare() {
107
-	epatch "${FILESDIR}"/apache-noip.diff
108
-	#epatch "${FILESDIR}"/httpd-2.2.16-ecc.diff
109
-	#epatch "${FILESDIR}"/apache-2.2.14-staticdhparameters.diff
110
-	apache-2_src_prepare
111
-	sed -i -e 's/! test -f/test -f/' "${GENTOO_PATCHDIR}"/init/apache2.initd || die "Failed to fix init script"
112
-	cp ${FILESDIR}/2.2.22-envvars-std.in ${S}/support/envvars-std.in || die "Failed to apply LD_PRELOAD fix"
113
-}
... ...
@@ -1,110 +0,0 @@
1
-# Copyright 1999-2012 Gentoo Foundation
2
-# Distributed under the terms of the GNU General Public License v2
3
-# $Header: /var/cvsroot/gentoo-x86/www-servers/apache/apache-2.2.22.ebuild,v 1.3 2012/03/29 10:40:41 ago Exp $
4
-
5
-EAPI="2"
6
-
7
-# latest gentoo apache files
8
-GENTOO_PATCHSTAMP="20120213"
9
-GENTOO_DEVELOPER="jmbsvicetto"
10
-
11
-# IUSE/USE_EXPAND magic
12
-IUSE_MPMS_FORK="itk peruser prefork"
13
-IUSE_MPMS_THREAD="event worker"
14
-
15
-IUSE_MODULES="actions alias asis auth_basic auth_digest authn_alias authn_anon
16
-authn_dbd authn_dbm authn_default authn_file authz_dbm authz_default
17
-authz_groupfile authz_host authz_owner authz_user autoindex cache cern_meta
18
-charset_lite cgi cgid dav dav_fs dav_lock dbd deflate dir disk_cache dumpio
19
-env expires ext_filter file_cache filter headers ident imagemap include info
20
-log_config log_forensic logio mem_cache mime mime_magic negotiation proxy
21
-proxy_ajp proxy_balancer proxy_connect proxy_ftp proxy_http proxy_scgi rewrite
22
-reqtimeout setenvif speling status substitute unique_id userdir usertrack
23
-version vhost_alias"
24
-# The following are also in the source as of this version, but are not available
25
-# for user selection:
26
-# bucketeer case_filter case_filter_in echo http isapi optional_fn_export
27
-# optional_fn_import optional_hook_export optional_hook_import
28
-
29
-# inter-module dependencies
30
-# TODO: this may still be incomplete
31
-MODULE_DEPENDS="
32
-	dav_fs:dav
33
-	dav_lock:dav
34
-	deflate:filter
35
-	disk_cache:cache
36
-	ext_filter:filter
37
-	file_cache:cache
38
-	log_forensic:log_config
39
-	logio:log_config
40
-	mem_cache:cache
41
-	mime_magic:mime
42
-	proxy_ajp:proxy
43
-	proxy_balancer:proxy
44
-	proxy_connect:proxy
45
-	proxy_ftp:proxy
46
-	proxy_http:proxy
47
-	proxy_scgi:proxy
48
-	substitute:filter
49
-"
50
-
51
-# module<->define mappings
52
-MODULE_DEFINES="
53
-	auth_digest:AUTH_DIGEST
54
-	authnz_ldap:AUTHNZ_LDAP
55
-	cache:CACHE
56
-	dav:DAV
57
-	dav_fs:DAV
58
-	dav_lock:DAV
59
-	disk_cache:CACHE
60
-	file_cache:CACHE
61
-	info:INFO
62
-	ldap:LDAP
63
-	mem_cache:CACHE
64
-	proxy:PROXY
65
-	proxy_ajp:PROXY
66
-	proxy_balancer:PROXY
67
-	proxy_connect:PROXY
68
-	proxy_ftp:PROXY
69
-	proxy_http:PROXY
70
-	ssl:SSL
71
-	status:STATUS
72
-	suexec:SUEXEC
73
-	userdir:USERDIR
74
-"
75
-
76
-# critical modules for the default config
77
-MODULE_CRITICAL="
78
-	authz_host
79
-	dir
80
-	mime
81
-"
82
-
83
-inherit apache-2
84
-
85
-DESCRIPTION="The Apache Web Server."
86
-HOMEPAGE="http://httpd.apache.org/"
87
-
88
-# some helper scripts are Apache-1.1, thus both are here
89
-LICENSE="Apache-2.0 Apache-1.1"
90
-SLOT="2"
91
-KEYWORDS="~alpha amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~sparc-fbsd ~x86-fbsd"
92
-IUSE=""
93
-
94
-DEPEND="${DEPEND}
95
-	>=dev-libs/openssl-0.9.8m
96
-	apache2_modules_deflate? ( sys-libs/zlib )"
97
-
98
-# dependency on >=dev-libs/apr-1.4.5 for bug #368651
99
-RDEPEND="${RDEPEND}
100
-	>=dev-libs/apr-1.4.5
101
-	>=dev-libs/openssl-0.9.8m
102
-	apache2_modules_mime? ( app-misc/mime-types )"
103
-
104
-# init script fixup - should be rolled into next tarball #389965
105
-src_prepare() {
106
-	epatch "${FILESDIR}"/apache-noip.diff
107
-	epatch "${FILESDIR}"/httpd-2.2.16-ecc.diff
108
-	apache-2_src_prepare
109
-	sed -i -e 's/! test -f/test -f/' "${GENTOO_PATCHDIR}"/init/apache2.initd || die "Failed to fix init script"
110
-}
... ...
@@ -1,114 +0,0 @@
1
-# Copyright 1999-2012 Gentoo Foundation
2
-# Distributed under the terms of the GNU General Public License v2
3
-# $Header: /var/cvsroot/gentoo-x86/www-servers/apache/apache-2.2.23.ebuild,v 1.3 2012/10/13 18:57:10 blueness Exp $
4
-
5
-EAPI="2"
6
-
7
-# latest gentoo apache files
8
-GENTOO_PATCHSTAMP="20121012"
9
-GENTOO_DEVELOPER="patrick"
10
-#GENTOO_PATCHNAME="gentoo-apache-2.2.22"
11
-
12
-# IUSE/USE_EXPAND magic
13
-IUSE_MPMS_FORK="itk peruser prefork"
14
-IUSE_MPMS_THREAD="event worker"
15
-
16
-IUSE_MODULES="actions alias asis auth_basic auth_digest authn_alias authn_anon
17
-authn_dbd authn_dbm authn_default authn_file authz_dbm authz_default
18
-authz_groupfile authz_host authz_owner authz_user autoindex cache cern_meta
19
-charset_lite cgi cgid dav dav_fs dav_lock dbd deflate dir disk_cache dumpio
20
-env expires ext_filter file_cache filter headers ident imagemap include info
21
-log_config log_forensic logio mem_cache mime mime_magic negotiation proxy
22
-proxy_ajp proxy_balancer proxy_connect proxy_ftp proxy_http proxy_scgi rewrite
23
-reqtimeout setenvif speling status substitute unique_id userdir usertrack
24
-version vhost_alias"
25
-# The following are also in the source as of this version, but are not available
26
-# for user selection:
27
-# bucketeer case_filter case_filter_in echo http isapi optional_fn_export
28
-# optional_fn_import optional_hook_export optional_hook_import
29
-
30
-# inter-module dependencies
31
-# TODO: this may still be incomplete
32
-MODULE_DEPENDS="
33
-	dav_fs:dav
34
-	dav_lock:dav
35
-	deflate:filter
36
-	disk_cache:cache
37
-	ext_filter:filter
38
-	file_cache:cache
39
-	log_forensic:log_config
40
-	logio:log_config
41
-	mem_cache:cache
42
-	mime_magic:mime
43
-	proxy_ajp:proxy
44
-	proxy_balancer:proxy
45
-	proxy_connect:proxy
46
-	proxy_ftp:proxy
47
-	proxy_http:proxy
48
-	proxy_scgi:proxy
49
-	substitute:filter
50
-"
51
-
52
-# module<->define mappings
53
-MODULE_DEFINES="
54
-	auth_digest:AUTH_DIGEST
55
-	authnz_ldap:AUTHNZ_LDAP
56
-	cache:CACHE
57
-	dav:DAV
58
-	dav_fs:DAV
59
-	dav_lock:DAV
60
-	disk_cache:CACHE
61
-	file_cache:CACHE
62
-	info:INFO
63
-	ldap:LDAP
64
-	mem_cache:CACHE
65
-	proxy:PROXY
66
-	proxy_ajp:PROXY
67
-	proxy_balancer:PROXY
68
-	proxy_connect:PROXY
69
-	proxy_ftp:PROXY
70
-	proxy_http:PROXY
71
-	ssl:SSL
72
-	status:STATUS
73
-	suexec:SUEXEC
74
-	userdir:USERDIR
75
-"
76
-
77
-# critical modules for the default config
78
-MODULE_CRITICAL="
79
-	authz_host
80
-	dir
81
-	mime
82
-"
83
-
84
-inherit apache-2
85
-
86
-DESCRIPTION="The Apache Web Server."
87
-HOMEPAGE="http://httpd.apache.org/"
88
-
89
-# some helper scripts are Apache-1.1, thus both are here
90
-LICENSE="Apache-2.0 Apache-1.1"
91
-SLOT="2"
92
-KEYWORDS="~alpha amd64 ~arm ~hppa ~ia64 ~mips ppc ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd"
93
-IUSE=""
94
-
95
-DEPEND="${DEPEND}
96
-	>=dev-libs/openssl-0.9.8m
97
-	apache2_modules_deflate? ( sys-libs/zlib )"
98
-
99
-# dependency on >=dev-libs/apr-1.4.5 for bug #368651
100
-RDEPEND="${RDEPEND}
101
-	>=dev-libs/apr-1.4.5
102
-	>=dev-libs/openssl-0.9.8m
103
-	apache2_modules_mime? ( app-misc/mime-types )"
104
-
105
-# init script fixup - should be rolled into next tarball #389965
106
-src_prepare() {
107
-
108
-	epatch "${FILESDIR}"/apache-noip.diff
109
-	epatch "${FILESDIR}"/apache-2.2.23-tls-compression-option.diff
110
-
111
-	apache-2_src_prepare
112
-	sed -i -e 's/! test -f/test -f/' "${GENTOO_PATCHDIR}"/init/apache2.initd || die "Failed to fix init script"
113
-	cp ${FILESDIR}/2.2.22-envvars-std.in ${S}/support/envvars-std.in || die "Failed to apply LD_PRELOAD fix"
114
-}
... ...
@@ -1,111 +0,0 @@
1
-# Copyright 1999-2013 Gentoo Foundation
2
-# Distributed under the terms of the GNU General Public License v2
3
-# $Header: /var/cvsroot/gentoo-x86/www-servers/apache/apache-2.2.24.ebuild,v 1.12 2013/03/05 09:18:51 ago Exp $
4
-
5
-EAPI="2"
6
-
7
-# latest gentoo apache files
8
-GENTOO_PATCHSTAMP="20121012"
9
-GENTOO_DEVELOPER="patrick"
10
-GENTOO_PATCHNAME="gentoo-apache-2.2.23"
11
-
12
-# IUSE/USE_EXPAND magic
13
-IUSE_MPMS_FORK="itk peruser prefork"
14
-IUSE_MPMS_THREAD="event worker"
15
-
16
-IUSE_MODULES="actions alias asis auth_basic auth_digest authn_alias authn_anon
17
-authn_dbd authn_dbm authn_default authn_file authz_dbm authz_default
18
-authz_groupfile authz_host authz_owner authz_user autoindex cache cern_meta
19
-charset_lite cgi cgid dav dav_fs dav_lock dbd deflate dir disk_cache dumpio
20
-env expires ext_filter file_cache filter headers ident imagemap include info
21
-log_config log_forensic logio mem_cache mime mime_magic negotiation proxy
22
-proxy_ajp proxy_balancer proxy_connect proxy_ftp proxy_http proxy_scgi rewrite
23
-reqtimeout setenvif speling status substitute unique_id userdir usertrack
24
-version vhost_alias"
25
-# The following are also in the source as of this version, but are not available
26
-# for user selection:
27
-# bucketeer case_filter case_filter_in echo http isapi optional_fn_export
28
-# optional_fn_import optional_hook_export optional_hook_import
29
-
30
-# inter-module dependencies
31
-# TODO: this may still be incomplete
32
-MODULE_DEPENDS="
33
-	dav_fs:dav
34
-	dav_lock:dav
35
-	deflate:filter
36
-	disk_cache:cache
37
-	ext_filter:filter
38
-	file_cache:cache
39
-	log_forensic:log_config
40
-	logio:log_config
41
-	mem_cache:cache
42
-	mime_magic:mime
43
-	proxy_ajp:proxy
44
-	proxy_balancer:proxy
45
-	proxy_connect:proxy
46
-	proxy_ftp:proxy
47
-	proxy_http:proxy
48
-	proxy_scgi:proxy
49
-	substitute:filter
50
-"
51
-
52
-# module<->define mappings
53
-MODULE_DEFINES="
54
-	auth_digest:AUTH_DIGEST
55
-	authnz_ldap:AUTHNZ_LDAP
56
-	cache:CACHE
57
-	dav:DAV
58
-	dav_fs:DAV
59
-	dav_lock:DAV
60
-	disk_cache:CACHE
61
-	file_cache:CACHE
62
-	info:INFO
63
-	ldap:LDAP
64
-	mem_cache:CACHE
65
-	proxy:PROXY
66
-	proxy_ajp:PROXY
67
-	proxy_balancer:PROXY
68
-	proxy_connect:PROXY
69
-	proxy_ftp:PROXY
70
-	proxy_http:PROXY
71
-	ssl:SSL
72
-	status:STATUS
73
-	suexec:SUEXEC
74
-	userdir:USERDIR
75
-"
76
-
77
-# critical modules for the default config
78
-MODULE_CRITICAL="
79
-	authz_host
80
-	dir
81
-	mime
82
-"
83
-
84
-inherit apache-2
85
-
86
-DESCRIPTION="The Apache Web Server."
87
-HOMEPAGE="http://httpd.apache.org/"
88
-
89
-# some helper scripts are Apache-1.1, thus both are here
90
-LICENSE="Apache-2.0 Apache-1.1"
91
-SLOT="2"
92
-KEYWORDS="alpha amd64 arm hppa ia64 ~mips ppc ppc64 s390 sh sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd"
93
-IUSE=""
94
-
95
-DEPEND="${DEPEND}
96
-	>=dev-libs/openssl-0.9.8m
97
-	apache2_modules_deflate? ( sys-libs/zlib )"
98
-
99
-# dependency on >=dev-libs/apr-1.4.5 for bug #368651
100
-RDEPEND="${RDEPEND}
101
-	>=dev-libs/apr-1.4.5
102
-	>=dev-libs/openssl-0.9.8m
103
-	apache2_modules_mime? ( app-misc/mime-types )"
104
-
105
-# init script fixup - should be rolled into next tarball #389965
106
-src_prepare() {
107
-	epatch "${FILESDIR}"/apache-noip.diff
108
-	apache-2_src_prepare
109
-	sed -i -e 's/! test -f/test -f/' "${GENTOO_PATCHDIR}"/init/apache2.initd || die "Failed to fix init script"
110
-	cp ${FILESDIR}/2.2.22-envvars-std.in ${S}/support/envvars-std.in || die "Failed to apply LD_PRELOAD fix"
111
-}
... ...
@@ -1,120 +0,0 @@
1
-# Copyright 1999-2013 Gentoo Foundation
2
-# Distributed under the terms of the GNU General Public License v2
3
-# $Header: /var/cvsroot/gentoo-x86/www-servers/apache/apache-2.2.25.ebuild,v 1.5 2013/07/23 20:02:10 ago Exp $
4
-
5
-EAPI="2"
6
-
7
-WANT_AUTOMAKE="1.11"
8
-
9
-# latest gentoo apache files
10
-GENTOO_PATCHSTAMP="20121012"
11
-GENTOO_DEVELOPER="patrick"
12
-GENTOO_PATCHNAME="gentoo-apache-2.2.23"
13
-
14
-# IUSE/USE_EXPAND magic
15
-IUSE_MPMS_FORK="itk peruser prefork"
16
-IUSE_MPMS_THREAD="event worker"
17
-
18
-IUSE_MODULES="actions alias asis auth_basic auth_digest authn_alias authn_anon
19
-authn_dbd authn_dbm authn_default authn_file authz_dbm authz_default
20
-authz_groupfile authz_host authz_owner authz_user autoindex cache cern_meta
21
-charset_lite cgi cgid dav dav_fs dav_lock dbd deflate dir disk_cache dumpio
22
-env expires ext_filter file_cache filter headers ident imagemap include info
23
-log_config log_forensic logio mem_cache mime mime_magic negotiation proxy
24
-proxy_ajp proxy_balancer proxy_connect proxy_ftp proxy_http proxy_scgi rewrite
25
-reqtimeout setenvif speling status substitute unique_id userdir usertrack
26
-version vhost_alias"
27
-# The following are also in the source as of this version, but are not available
28
-# for user selection:
29
-# bucketeer case_filter case_filter_in echo http isapi optional_fn_export
30
-# optional_fn_import optional_hook_export optional_hook_import
31
-
32
-# inter-module dependencies
33
-# TODO: this may still be incomplete
34
-MODULE_DEPENDS="
35
-	dav_fs:dav
36
-	dav_lock:dav
37
-	deflate:filter
38
-	disk_cache:cache
39
-	ext_filter:filter
40
-	file_cache:cache
41
-	log_forensic:log_config
42
-	logio:log_config
43
-	mem_cache:cache
44
-	mime_magic:mime
45
-	proxy_ajp:proxy
46
-	proxy_balancer:proxy
47
-	proxy_connect:proxy
48
-	proxy_ftp:proxy
49
-	proxy_http:proxy
50
-	proxy_scgi:proxy
51
-	substitute:filter
52
-"
53
-
54
-# module<->define mappings
55
-MODULE_DEFINES="
56
-	auth_digest:AUTH_DIGEST
57
-	authnz_ldap:AUTHNZ_LDAP
58
-	cache:CACHE
59
-	dav:DAV
60
-	dav_fs:DAV
61
-	dav_lock:DAV
62
-	disk_cache:CACHE
63
-	file_cache:CACHE
64
-	info:INFO
65
-	ldap:LDAP
66
-	mem_cache:CACHE
67
-	proxy:PROXY
68
-	proxy_ajp:PROXY
69
-	proxy_balancer:PROXY
70
-	proxy_connect:PROXY
71
-	proxy_ftp:PROXY
72
-	proxy_http:PROXY
73
-	ssl:SSL
74
-	status:STATUS
75
-	suexec:SUEXEC
76
-	userdir:USERDIR
77
-"
78
-
79
-# critical modules for the default config
80
-MODULE_CRITICAL="
81
-	authz_host
82
-	dir
83
-	mime
84
-"
85
-
86
-inherit apache-2 systemd
87
-
88
-DESCRIPTION="The Apache Web Server."
89
-HOMEPAGE="http://httpd.apache.org/"
90
-
91
-# some helper scripts are Apache-1.1, thus both are here
92
-LICENSE="Apache-2.0 Apache-1.1"
93
-SLOT="2"
94
-KEYWORDS="~alpha amd64 arm hppa ~ia64 ~mips ppc ~ppc64 ~s390 ~sh ~sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd"
95
-IUSE=""
96
-
97
-DEPEND="${DEPEND}
98
-	>=dev-libs/openssl-0.9.8m
99
-	apache2_modules_deflate? ( sys-libs/zlib )"
100
-
101
-# dependency on >=dev-libs/apr-1.4.5 for bug #368651
102
-RDEPEND="${RDEPEND}
103
-	>=dev-libs/apr-1.4.5
104
-	>=dev-libs/openssl-0.9.8m
105
-	apache2_modules_mime? ( app-misc/mime-types )"
106
-
107
-# init script fixup - should be rolled into next tarball #389965
108
-src_prepare() {
109
-	apache-2_src_prepare
110
-	epatch "${FILESDIR}"/apache-noip.diff
111
-	sed -i -e 's/! test -f/test -f/' "${GENTOO_PATCHDIR}"/init/apache2.initd || die "Failed to fix init script"
112
-	cp "${FILESDIR}"/2.2.22-envvars-std.in "${S}"/support/envvars-std.in || die "Failed to apply LD_PRELOAD fix"
113
-}
114
-
115
-src_install() {
116
-	apache-2_src_install
117
-
118
-	systemd_newunit "${FILESDIR}/apache2.2.service" "apache2.service"
119
-	systemd_dotmpfilesd "${FILESDIR}/apache.conf"
120
-}
... ...
@@ -1,214 +0,0 @@
1
-# Copyright 1999-2012 Gentoo Foundation
2
-# Distributed under the terms of the GNU General Public License v2
3
-# $Header: /var/cvsroot/gentoo-x86/www-servers/apache/apache-2.4.3.ebuild,v 1.2 2012/10/13 03:13:09 mr_bones_ Exp $
4
-
5
-EAPI="2"
6
-
7
-# latest gentoo apache files
8
-GENTOO_PATCHSTAMP="20121012"
9
-GENTOO_DEVELOPER="patrick"
10
-#GENTOO_PATCHNAME="gentoo-apache-2.4.1"
11
-
12
-# IUSE/USE_EXPAND magic
13
-IUSE_MPMS_FORK="itk peruser prefork"
14
-IUSE_MPMS_THREAD="event worker"
15
-
16
-# << obsolete modules:
17
-# authn_default authz_default mem_cache
18
-# mem_cache is replaced by cache_disk
19
-# ?? buggy modules
20
-# proxy_scgi: startup error: undefined symbol "ap_proxy_release_connection", no fix found
21
-# >> added modules for reason:
22
-# compat: compatibility with 2.2 access control
23
-# authz_host: new module for access control
24
-# authn_core: functionality provided by authn_alias in previous versions
25
-# authz_core: new module, provides core authorization capabilities
26
-# cache_disk: replacement for mem_cache
27
-# lbmethod_byrequests: Split off from mod_proxy_balancer in 2.3
28
-# lbmethod_bytraffic: Split off from mod_proxy_balancer in 2.3
29
-# lbmethod_bybusyness: Split off from mod_proxy_balancer in 2.3
30
-# lbmethod_heartbeat: Split off from mod_proxy_balancer in 2.3
31
-# slotmem_shm: Slot-based shared memory provider (for lbmethod_byrequests).
32
-# socache_shmcb: shared object cache provider. Default config with ssl needs it
33
-# unixd: fixes startup error: Invalid command 'User'
34
-IUSE_MODULES="access_compat actions alias asis auth_basic auth_digest authn_alias authn_anon
35
-authn_core authn_dbd authn_dbm authn_file authz_core authz_dbm
36
-authz_groupfile authz_host authz_owner authz_user autoindex cache cache_disk cern_meta
37
-charset_lite cgi cgid dav dav_fs dav_lock dbd deflate dir dumpio
38
-env expires ext_filter file_cache filter headers ident imagemap include info
39
-lbmethod_byrequests lbmethod_bytraffic lbmethod_bybusyness lbmethod_heartbeat
40
-log_config log_forensic logio mime mime_magic negotiation proxy
41
-proxy_ajp proxy_balancer proxy_connect proxy_ftp proxy_http proxy_scgi rewrite
42
-reqtimeout setenvif slotmem_shm speling socache_shmcb status substitute unique_id userdir usertrack
43
-unixd version vhost_alias"
44
-# The following are also in the source as of this version, but are not available
45
-# for user selection:
46
-# bucketeer case_filter case_filter_in echo http isapi optional_fn_export
47
-# optional_fn_import optional_hook_export optional_hook_import
48
-
49
-# inter-module dependencies
50
-# TODO: this may still be incomplete
51
-MODULE_DEPENDS="
52
-	dav_fs:dav
53
-	dav_lock:dav
54
-	deflate:filter
55
-	cache_disk:cache
56
-	ext_filter:filter
57
-	file_cache:cache
58
-	lbmethod_byrequests:proxy_balancer
59
-	lbmethod_byrequests:slotmem_shm
60
-	lbmethod_bytraffic:proxy_balancer
61
-	lbmethod_bybusyness:proxy_balancer
62
-	lbmethod_heartbeat:proxy_balancer
63
-	log_forensic:log_config
64
-	logio:log_config
65
-	cache_disk:cache
66
-	mime_magic:mime
67
-	proxy_ajp:proxy
68
-	proxy_balancer:proxy
69
-	proxy_connect:proxy
70
-	proxy_ftp:proxy
71
-	proxy_http:proxy
72
-	proxy_scgi:proxy
73
-	substitute:filter
74
-"
75
-
76
-# module<->define mappings
77
-MODULE_DEFINES="
78
-	auth_digest:AUTH_DIGEST
79
-	authnz_ldap:AUTHNZ_LDAP
80
-	cache:CACHE
81
-	cache_disk:CACHE
82
-	dav:DAV
83
-	dav_fs:DAV
84
-	dav_lock:DAV
85
-	file_cache:CACHE
86
-	info:INFO
87
-	ldap:LDAP
88
-	proxy:PROXY
89
-	proxy_ajp:PROXY
90
-	proxy_balancer:PROXY
91
-	proxy_connect:PROXY
92
-	proxy_ftp:PROXY
93
-	proxy_http:PROXY
94
-	socache_shmcb:SSL
95
-	ssl:SSL
96
-	status:STATUS
97
-	suexec:SUEXEC
98
-	userdir:USERDIR
99
-"
100
-
101
-# critical modules for the default config
102
-MODULE_CRITICAL="
103
-	authn_core
104
-	authz_core
105
-	authz_host
106
-	dir
107
-	mime
108
-	unixd
109
-"
110
-# dependend criticals
111
-use ssl && MODULE_CRITICAL+=" socache_shmcb"
112
-use doc && MODULE_CRITICAL+=" alias negotiation setenvif"
113
-
114
-inherit eutils apache-2
115
-
116
-DESCRIPTION="The Apache Web Server."
117
-HOMEPAGE="http://httpd.apache.org/"
118
-
119
-# some helper scripts are Apache-1.1, thus both are here
120
-LICENSE="Apache-2.0 Apache-1.1"
121
-SLOT="2"
122
-KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~sparc-fbsd ~x86-fbsd"
123
-IUSE=""
124
-
125
-DEPEND="${DEPEND}
126
-	>=dev-libs/openssl-0.9.8m
127
-	apache2_modules_deflate? ( sys-libs/zlib )"
128
-
129
-# dependency on >=dev-libs/apr-1.4.5 for bug #368651
130
-RDEPEND="${RDEPEND}
131
-	>=dev-libs/apr-1.4.5
132
-	>=dev-libs/openssl-0.9.8m
133
-	apache2_modules_mime? ( app-misc/mime-types )"
134
-
135
-# init script fixup - should be rolled into next tarball #389965
136
-src_prepare() {
137
-	epatch "${FILESDIR}"/apache-npn
138
-	epatch "${FILESDIR}"/apache-2.4.3-dhparam.diff
139
-	# the following patch can be removed once it is included in
140
-	# GENTOO_PATCHNAME="gentoo-apache-2.4.1" ...
141
-	if [ -f "${FILESDIR}/${GENTOO_PATCHNAME}-${GENTOO_DEVELOPER}-${GENTOO_PATCHSTAMP}-${PVR}.patch" ]; then
142
-		cd "${GENTOO_PATCHDIR}" || die "Failed to cd to ${GENTOO_PATCHDIR}"
143
-		epatch "${FILESDIR}/${GENTOO_PATCHNAME}-${GENTOO_DEVELOPER}-${GENTOO_PATCHSTAMP}-${PVR}.patch" \
144
-			|| die "epatch failed"
145
-		cd "${S}" || die "Failed to cd to ${S}"
146
-	fi
147
-	apache-2_src_prepare
148
-	sed -i -e 's/! test -f/test -f/' "${GENTOO_PATCHDIR}"/init/apache2.initd || die "Failed to fix init script"
149
-}
150
-
151
-src_install() {
152
-	apache-2_src_install
153
-	for i in /usr/bin/{htdigest,logresolve,htpasswd,htdbm,ab,httxt2dbm}; do
154
-		rm "${D}"/$i || die "Failed to prune apache-tools bits"
155
-	done
156
-	for i in /usr/share/man/man8/{rotatelogs.8,htcacheclean.8}; do
157
-		rm "${D}"/$i || die "Failed to prune apache-tools bits"
158
-	done
159
-	for i in /usr/share/man/man1/{logresolve.1,htdbm.1,htdigest.1,htpasswd.1,dbmmanage.1,ab.1}; do
160
-		rm "${D}"/$i || die "Failed to prune apache-tools bits"
161
-	done
162
-	for i in /usr/sbin/{checkgid,fcgistarter,htcacheclean,rotatelogs}; do
163
-		rm "${D}/"$i || die "Failed to prune apache-tools bits"
164
-	done
165
-
166
-	# well, actually installing things makes them more installed, I guess?
167
-	cp "${S}"/support/apxs "${D}"/usr/sbin/apxs || die "Failed to install apxs"
168
-	chmod 0755 "${D}"/usr/sbin/apxs
169
-
170
-	# create dir defined in 40_mod_ssl.conf
171
-	if use ssl; then
172
-		dodir /var/run/apache_ssl_mutex || die "Failed to mkdir ssl_mutex"
173
-	fi
174
-}
175
-
176
-pkg_postinst()
177
-{
178
-	apache-2_pkg_postinst || die "apache-2_pkg_postinst failed"
179
-	# warnings that default config might not work out of the box
180
-	for mod in $MODULE_CRITICAL; do
181
-		if ! use "apache2_modules_${mod}"; then
182
-			echo
183
-			ewarn "Warning: Critical module not installed!"
184
-			ewarn "Modules 'authn_core', 'authz_core' and 'unixd'"
185
-			ewarn "are highly recomended but might not be in the base profile yet."
186
-			ewarn "Default config for ssl needs module 'socache_shmcb'."
187
-			ewarn "Enabling the following flags is highly recommended:"
188
-			for cmod in $MODULE_CRITICAL; do
189
-				use "apache2_modules_${cmod}" || \
190
-					ewarn "+ apache2_modules_${cmod}"
191
-			done
192
-			echo
193
-			break
194
-		fi
195
-	done
196
-	# warning for proxy_balancer and missing load balancing scheduler
197
-	if use apache2_modules_proxy_balancer; then
198
-		local lbset=
199
-		for mod in lbmethod_byrequests lbmethod_bytraffic lbmethod_bybusyness lbmethod_heartbeat; do
200
-			if use "apache2_modules_${mod}"; then
201
-				lbset=1 && break
202
-			fi
203
-		done
204
-		if [ ! $lbset ]; then
205
-			echo
206
-			ewarn "Info: Missing load balancing scheduler algorithm module"
207
-			ewarn "(They were split off from proxy_balancer in 2.3)"
208
-			ewarn "In order to get the ability of load balancing, at least"
209
-			ewarn "one of these modules has to be present:"
210
-			ewarn "lbmethod_byrequests lbmethod_bytraffic lbmethod_bybusyness lbmethod_heartbeat"
211
-			echo
212
-		fi
213
-	fi
214
-}
... ...
@@ -1,216 +0,0 @@
1
-# Copyright 1999-2013 Gentoo Foundation
2
-# Distributed under the terms of the GNU General Public License v2
3
-# $Header: /var/cvsroot/gentoo-x86/www-servers/apache/apache-2.4.4-r1.ebuild,v 1.1 2013/02/27 15:49:15 chainsaw Exp $
4
-
5
-EAPI="2"
6
-
7
-# latest gentoo apache files
8
-GENTOO_PATCHSTAMP="20130227"
9
-GENTOO_DEVELOPER="patrick"
10
-GENTOO_PATCHNAME="gentoo-apache-2.4.4"
11
-
12
-# IUSE/USE_EXPAND magic
13
-IUSE_MPMS_FORK="itk peruser prefork"
14
-IUSE_MPMS_THREAD="event worker"
15
-
16
-# << obsolete modules:
17
-# authn_default authz_default mem_cache
18
-# mem_cache is replaced by cache_disk
19
-# ?? buggy modules
20
-# proxy_scgi: startup error: undefined symbol "ap_proxy_release_connection", no fix found
21
-# >> added modules for reason:
22
-# compat: compatibility with 2.2 access control
23
-# authz_host: new module for access control
24
-# authn_core: functionality provided by authn_alias in previous versions
25
-# authz_core: new module, provides core authorization capabilities
26
-# cache_disk: replacement for mem_cache
27
-# lbmethod_byrequests: Split off from mod_proxy_balancer in 2.3
28
-# lbmethod_bytraffic: Split off from mod_proxy_balancer in 2.3
29
-# lbmethod_bybusyness: Split off from mod_proxy_balancer in 2.3
30
-# lbmethod_heartbeat: Split off from mod_proxy_balancer in 2.3
31
-# slotmem_shm: Slot-based shared memory provider (for lbmethod_byrequests).
32
-# socache_shmcb: shared object cache provider. Default config with ssl needs it
33
-# unixd: fixes startup error: Invalid command 'User'
34
-IUSE_MODULES="access_compat actions alias asis auth_basic auth_digest authn_alias authn_anon
35
-authn_core authn_dbd authn_dbm authn_file authz_core authz_dbm
36
-authz_groupfile authz_host authz_owner authz_user autoindex cache cache_disk cern_meta
37
-charset_lite cgi cgid dav dav_fs dav_lock dbd deflate dir dumpio
38
-env expires ext_filter file_cache filter headers ident imagemap include info
39
-lbmethod_byrequests lbmethod_bytraffic lbmethod_bybusyness lbmethod_heartbeat
40
-log_config log_forensic logio mime mime_magic negotiation proxy
41
-proxy_ajp proxy_balancer proxy_connect proxy_ftp proxy_http proxy_scgi proxy_fcgi rewrite
42
-reqtimeout setenvif slotmem_shm speling socache_shmcb status substitute unique_id userdir usertrack
43
-unixd version vhost_alias"
44
-# The following are also in the source as of this version, but are not available
45
-# for user selection:
46
-# bucketeer case_filter case_filter_in echo http isapi optional_fn_export
47
-# optional_fn_import optional_hook_export optional_hook_import
48
-
49
-# inter-module dependencies
50
-# TODO: this may still be incomplete
51
-MODULE_DEPENDS="
52
-	dav_fs:dav
53
-	dav_lock:dav
54
-	deflate:filter
55
-	cache_disk:cache
56
-	ext_filter:filter
57
-	file_cache:cache
58
-	lbmethod_byrequests:proxy_balancer
59
-	lbmethod_byrequests:slotmem_shm
60
-	lbmethod_bytraffic:proxy_balancer
61
-	lbmethod_bybusyness:proxy_balancer
62
-	lbmethod_heartbeat:proxy_balancer
63
-	log_forensic:log_config
64
-	logio:log_config
65
-	cache_disk:cache
66
-	mime_magic:mime
67
-	proxy_ajp:proxy
68
-	proxy_balancer:proxy
69
-	proxy_connect:proxy
70
-	proxy_ftp:proxy
71
-	proxy_http:proxy
72
-	proxy_scgi:proxy
73
-	proxy_fcgi:proxy
74
-	substitute:filter
75
-"
76
-
77
-# module<->define mappings
78
-MODULE_DEFINES="
79
-	auth_digest:AUTH_DIGEST
80
-	authnz_ldap:AUTHNZ_LDAP
81
-	cache:CACHE
82
-	cache_disk:CACHE
83
-	dav:DAV
84
-	dav_fs:DAV
85
-	dav_lock:DAV
86
-	file_cache:CACHE
87
-	info:INFO
88
-	ldap:LDAP
89
-	proxy:PROXY
90
-	proxy_ajp:PROXY
91
-	proxy_balancer:PROXY
92
-	proxy_connect:PROXY
93
-	proxy_ftp:PROXY
94
-	proxy_http:PROXY
95
-	proxy_fcgi:PROXY
96
-	socache_shmcb:SSL
97
-	ssl:SSL
98
-	status:STATUS
99
-	suexec:SUEXEC
100
-	userdir:USERDIR
101
-"
102
-
103
-# critical modules for the default config
104
-MODULE_CRITICAL="
105
-	authn_core
106
-	authz_core
107
-	authz_host
108
-	dir
109
-	mime
110
-	unixd
111
-"
112
-# dependend criticals
113
-use ssl && MODULE_CRITICAL+=" socache_shmcb"
114
-use doc && MODULE_CRITICAL+=" alias negotiation setenvif"
115
-
116
-inherit eutils apache-2
117
-
118
-DESCRIPTION="The Apache Web Server."
119
-HOMEPAGE="http://httpd.apache.org/"
120
-
121
-# some helper scripts are Apache-1.1, thus both are here
122
-LICENSE="Apache-2.0 Apache-1.1"
123
-SLOT="2"
124
-KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~sparc-fbsd ~x86-fbsd"
125
-IUSE=""
126
-
127
-DEPEND="${DEPEND}
128
-	>=dev-libs/openssl-0.9.8m
129
-	apache2_modules_deflate? ( sys-libs/zlib )"
130
-
131
-# dependency on >=dev-libs/apr-1.4.5 for bug #368651
132
-RDEPEND="${RDEPEND}
133
-	>=dev-libs/apr-1.4.5
134
-	>=dev-libs/openssl-0.9.8m
135
-	apache2_modules_mime? ( app-misc/mime-types )"
136
-
137
-# init script fixup - should be rolled into next tarball #389965
138
-src_prepare() {
139
-	#epatch "${FILESDIR}"/apache-npn
140
-	epatch "${FILESDIR}"/apache-2.4.3-dhparam.diff
141
-	# the following patch can be removed once it is included in
142
-	# GENTOO_PATCHNAME="gentoo-apache-2.4.1" ...
143
-	if [ -f "${FILESDIR}/${GENTOO_PATCHNAME}-${GENTOO_DEVELOPER}-${GENTOO_PATCHSTAMP}-${PVR}.patch" ]; then
144
-		cd "${GENTOO_PATCHDIR}" || die "Failed to cd to ${GENTOO_PATCHDIR}"
145
-		epatch "${FILESDIR}/${GENTOO_PATCHNAME}-${GENTOO_DEVELOPER}-${GENTOO_PATCHSTAMP}-${PVR}.patch" \
146
-			|| die "epatch failed"
147
-		cd "${S}" || die "Failed to cd to ${S}"
148
-	fi
149
-	apache-2_src_prepare
150
-	sed -i -e 's/! test -f/test -f/' "${GENTOO_PATCHDIR}"/init/apache2.initd || die "Failed to fix init script"
151
-}
152
-
153
-src_install() {
154
-	apache-2_src_install
155
-	for i in /usr/bin/{htdigest,logresolve,htpasswd,htdbm,ab,httxt2dbm}; do
156
-		rm "${D}"/$i || die "Failed to prune apache-tools bits"
157
-	done
158
-	for i in /usr/share/man/man8/{rotatelogs.8,htcacheclean.8}; do
159
-		rm "${D}"/$i || die "Failed to prune apache-tools bits"
160
-	done
161
-	for i in /usr/share/man/man1/{logresolve.1,htdbm.1,htdigest.1,htpasswd.1,dbmmanage.1,ab.1}; do
162
-		rm "${D}"/$i || die "Failed to prune apache-tools bits"
163
-	done
164
-	for i in /usr/sbin/{checkgid,fcgistarter,htcacheclean,rotatelogs}; do
165
-		rm "${D}/"$i || die "Failed to prune apache-tools bits"
166
-	done
167
-
168
-	# well, actually installing things makes them more installed, I guess?
169
-	cp "${S}"/support/apxs "${D}"/usr/sbin/apxs || die "Failed to install apxs"
170
-	chmod 0755 "${D}"/usr/sbin/apxs
171
-
172
-	# create dir defined in 40_mod_ssl.conf
173
-	if use ssl; then
174
-		dodir /var/run/apache_ssl_mutex || die "Failed to mkdir ssl_mutex"
175
-	fi
176
-}
177
-
178
-pkg_postinst()
179
-{
180
-	apache-2_pkg_postinst || die "apache-2_pkg_postinst failed"
181
-	# warnings that default config might not work out of the box
182
-	for mod in $MODULE_CRITICAL; do
183
-		if ! use "apache2_modules_${mod}"; then
184
-			echo
185
-			ewarn "Warning: Critical module not installed!"
186
-			ewarn "Modules 'authn_core', 'authz_core' and 'unixd'"
187
-			ewarn "are highly recomended but might not be in the base profile yet."
188
-			ewarn "Default config for ssl needs module 'socache_shmcb'."
189
-			ewarn "Enabling the following flags is highly recommended:"
190
-			for cmod in $MODULE_CRITICAL; do
191
-				use "apache2_modules_${cmod}" || \
192
-					ewarn "+ apache2_modules_${cmod}"
193
-			done
194
-			echo
195
-			break
196
-		fi
197
-	done
198
-	# warning for proxy_balancer and missing load balancing scheduler
199
-	if use apache2_modules_proxy_balancer; then
200
-		local lbset=
201
-		for mod in lbmethod_byrequests lbmethod_bytraffic lbmethod_bybusyness lbmethod_heartbeat; do
202
-			if use "apache2_modules_${mod}"; then
203
-				lbset=1 && break
204
-			fi
205
-		done
206
-		if [ ! $lbset ]; then
207
-			echo
208
-			ewarn "Info: Missing load balancing scheduler algorithm module"
209
-			ewarn "(They were split off from proxy_balancer in 2.3)"
210
-			ewarn "In order to get the ability of load balancing, at least"
211
-			ewarn "one of these modules has to be present:"
212
-			ewarn "lbmethod_byrequests lbmethod_bytraffic lbmethod_bybusyness lbmethod_heartbeat"
213
-			echo
214
-		fi
215
-	fi
216
-}
... ...
@@ -1,218 +0,0 @@
1
-# Copyright 1999-2013 Gentoo Foundation
2
-# Distributed under the terms of the GNU General Public License v2
3
-# $Header: /var/cvsroot/gentoo-x86/www-servers/apache/apache-2.4.6-r1.ebuild,v 1.2 2013/07/28 01:39:37 aballier Exp $
4
-
5
-EAPI="2"
6
-
7
-# latest gentoo apache files
8
-GENTOO_PATCHSTAMP="20130725"
9
-GENTOO_DEVELOPER="kensington"
10
-GENTOO_PATCHNAME="gentoo-apache-2.4.4"
11
-
12
-# IUSE/USE_EXPAND magic
13
-IUSE_MPMS_FORK="itk peruser prefork"
14
-IUSE_MPMS_THREAD="event worker"
15
-
16
-# << obsolete modules:
17
-# authn_default authz_default mem_cache
18
-# mem_cache is replaced by cache_disk
19
-# ?? buggy modules
20
-# proxy_scgi: startup error: undefined symbol "ap_proxy_release_connection", no fix found
21
-# >> added modules for reason:
22
-# compat: compatibility with 2.2 access control
23
-# authz_host: new module for access control
24
-# authn_core: functionality provided by authn_alias in previous versions
25
-# authz_core: new module, provides core authorization capabilities
26
-# cache_disk: replacement for mem_cache
27
-# lbmethod_byrequests: Split off from mod_proxy_balancer in 2.3
28
-# lbmethod_bytraffic: Split off from mod_proxy_balancer in 2.3
29
-# lbmethod_bybusyness: Split off from mod_proxy_balancer in 2.3
30
-# lbmethod_heartbeat: Split off from mod_proxy_balancer in 2.3
31
-# slotmem_shm: Slot-based shared memory provider (for lbmethod_byrequests).
32
-# socache_shmcb: shared object cache provider. Default config with ssl needs it
33
-# unixd: fixes startup error: Invalid command 'User'
34
-IUSE_MODULES="access_compat actions alias asis auth_basic auth_digest authn_alias authn_anon
35
-authn_core authn_dbd authn_dbm authn_file authz_core authz_dbm
36
-authz_groupfile authz_host authz_owner authz_user autoindex cache cache_disk cern_meta
37
-charset_lite cgi cgid dav dav_fs dav_lock dbd deflate dir dumpio
38
-env expires ext_filter file_cache filter headers ident imagemap include info
39
-lbmethod_byrequests lbmethod_bytraffic lbmethod_bybusyness lbmethod_heartbeat
40
-log_config log_forensic logio mime mime_magic negotiation proxy
41
-proxy_ajp proxy_balancer proxy_connect proxy_ftp proxy_http proxy_scgi proxy_fcgi
42
-rewrite ratelimit remoteip reqtimeout setenvif slotmem_shm speling socache_shmcb status substitute
43
-unique_id userdir usertrack unixd version vhost_alias"
44
-# The following are also in the source as of this version, but are not available
45
-# for user selection:
46
-# bucketeer case_filter case_filter_in echo http isapi optional_fn_export
47
-# optional_fn_import optional_hook_export optional_hook_import
48
-
49
-# inter-module dependencies
50
-# TODO: this may still be incomplete
51
-MODULE_DEPENDS="
52
-	dav_fs:dav
53
-	dav_lock:dav
54
-	deflate:filter
55
-	cache_disk:cache
56
-	ext_filter:filter
57
-	file_cache:cache
58
-	lbmethod_byrequests:proxy_balancer
59
-	lbmethod_byrequests:slotmem_shm
60
-	lbmethod_bytraffic:proxy_balancer
61
-	lbmethod_bybusyness:proxy_balancer
62
-	lbmethod_heartbeat:proxy_balancer
63
-	log_forensic:log_config
64
-	logio:log_config
65
-	cache_disk:cache
66
-	mime_magic:mime
67
-	proxy_ajp:proxy
68
-	proxy_balancer:proxy
69
-	proxy_connect:proxy
70
-	proxy_ftp:proxy
71
-	proxy_http:proxy
72
-	proxy_scgi:proxy
73
-	proxy_fcgi:proxy
74
-	substitute:filter
75
-"
76
-
77
-# module<->define mappings
78
-MODULE_DEFINES="
79
-	auth_digest:AUTH_DIGEST
80
-	authnz_ldap:AUTHNZ_LDAP
81
-	cache:CACHE
82
-	cache_disk:CACHE
83
-	dav:DAV
84
-	dav_fs:DAV
85
-	dav_lock:DAV
86
-	file_cache:CACHE
87
-	info:INFO
88
-	ldap:LDAP
89
-	proxy:PROXY
90
-	proxy_ajp:PROXY
91
-	proxy_balancer:PROXY
92
-	proxy_connect:PROXY
93
-	proxy_ftp:PROXY
94
-	proxy_http:PROXY
95
-	proxy_fcgi:PROXY
96
-	socache_shmcb:SSL
97
-	ssl:SSL
98
-	status:STATUS
99
-	suexec:SUEXEC
100
-	userdir:USERDIR
101
-"
102
-
103
-# critical modules for the default config
104
-MODULE_CRITICAL="
105
-	authn_core
106
-	authz_core
107
-	authz_host
108
-	dir
109
-	mime
110
-	unixd
111
-"
112
-# dependend criticals
113
-use ssl && MODULE_CRITICAL+=" socache_shmcb"
114
-use doc && MODULE_CRITICAL+=" alias negotiation setenvif"
115
-
116
-inherit eutils apache-2 systemd
117
-
118
-DESCRIPTION="The Apache Web Server."
119
-HOMEPAGE="http://httpd.apache.org/"
120
-
121
-# some helper scripts are Apache-1.1, thus both are here
122
-LICENSE="Apache-2.0 Apache-1.1"
123
-SLOT="2"
124
-KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd"
125
-IUSE=""
126
-
127
-DEPEND="${DEPEND}
128
-	>=dev-libs/openssl-0.9.8m
129
-	apache2_modules_deflate? ( sys-libs/zlib )"
130
-
131
-# dependency on >=dev-libs/apr-1.4.5 for bug #368651
132
-RDEPEND="${RDEPEND}
133
-	>=dev-libs/apr-1.4.5
134
-	>=dev-libs/openssl-0.9.8m
135
-	apache2_modules_mime? ( app-misc/mime-types )"
136
-
137
-# init script fixup - should be rolled into next tarball #389965
138
-src_prepare() {
139
-	epatch "${FILESDIR}"/apache-2.4.3-dhparam.diff
140
-	# the following patch can be removed once it is included in
141
-	# GENTOO_PATCHNAME="gentoo-apache-2.4.1" ...
142
-	if [ -f "${FILESDIR}/${GENTOO_PATCHNAME}-${GENTOO_DEVELOPER}-${GENTOO_PATCHSTAMP}-${PVR}.patch" ]; then
143
-		cd "${GENTOO_PATCHDIR}" || die "Failed to cd to ${GENTOO_PATCHDIR}"
144
-		epatch "${FILESDIR}/${GENTOO_PATCHNAME}-${GENTOO_DEVELOPER}-${GENTOO_PATCHSTAMP}-${PVR}.patch" \
145
-			|| die "epatch failed"
146
-		cd "${S}" || die "Failed to cd to ${S}"
147
-	fi
148
-	apache-2_src_prepare
149
-	sed -i -e 's/! test -f/test -f/' "${GENTOO_PATCHDIR}"/init/apache2.initd || die "Failed to fix init script"
150
-}
151
-
152
-src_install() {
153
-	apache-2_src_install
154
-	for i in /usr/bin/{htdigest,logresolve,htpasswd,htdbm,ab,httxt2dbm}; do
155
-		rm "${D}"/$i || die "Failed to prune apache-tools bits"
156
-	done
157
-	for i in /usr/share/man/man8/{rotatelogs.8,htcacheclean.8}; do
158
-		rm "${D}"/$i || die "Failed to prune apache-tools bits"
159
-	done
160
-	for i in /usr/share/man/man1/{logresolve.1,htdbm.1,htdigest.1,htpasswd.1,dbmmanage.1,ab.1}; do
161
-		rm "${D}"/$i || die "Failed to prune apache-tools bits"
162
-	done
163
-	for i in /usr/sbin/{checkgid,fcgistarter,htcacheclean,rotatelogs}; do
164
-		rm "${D}/"$i || die "Failed to prune apache-tools bits"
165
-	done
166
-
167
-	# well, actually installing things makes them more installed, I guess?
168
-	cp "${S}"/support/apxs "${D}"/usr/sbin/apxs || die "Failed to install apxs"
169
-	chmod 0755 "${D}"/usr/sbin/apxs
170
-
171
-	# Note: wait for mod_systemd to be included in the next release,
172
-	# then apache2.4.service can be used and systemd support controlled
173
-	# through --enable-systemd
174
-	systemd_newunit "${FILESDIR}/apache2.2.service" "apache2.service"
175
-	systemd_dotmpfilesd "${FILESDIR}/apache.conf"
176
-	#insinto /etc/apache2/modules.d
177
-	#doins "${FILESDIR}/00_systemd.conf"
178
-}
179
-
180
-pkg_postinst()
181
-{
182
-	apache-2_pkg_postinst || die "apache-2_pkg_postinst failed"
183
-	# warnings that default config might not work out of the box
184
-	for mod in $MODULE_CRITICAL; do
185
-		if ! use "apache2_modules_${mod}"; then
186
-			echo
187
-			ewarn "Warning: Critical module not installed!"
188
-			ewarn "Modules 'authn_core', 'authz_core' and 'unixd'"
189
-			ewarn "are highly recomended but might not be in the base profile yet."
190
-			ewarn "Default config for ssl needs module 'socache_shmcb'."
191
-			ewarn "Enabling the following flags is highly recommended:"
192
-			for cmod in $MODULE_CRITICAL; do
193
-				use "apache2_modules_${cmod}" || \
194
-					ewarn "+ apache2_modules_${cmod}"
195
-			done
196
-			echo
197
-			break
198
-		fi
199
-	done
200
-	# warning for proxy_balancer and missing load balancing scheduler
201
-	if use apache2_modules_proxy_balancer; then
202
-		local lbset=
203
-		for mod in lbmethod_byrequests lbmethod_bytraffic lbmethod_bybusyness lbmethod_heartbeat; do
204
-			if use "apache2_modules_${mod}"; then
205
-				lbset=1 && break
206
-			fi
207
-		done
208
-		if [ ! $lbset ]; then
209
-			echo
210
-			ewarn "Info: Missing load balancing scheduler algorithm module"
211
-			ewarn "(They were split off from proxy_balancer in 2.3)"
212
-			ewarn "In order to get the ability of load balancing, at least"
213
-			ewarn "one of these modules has to be present:"
214
-			ewarn "lbmethod_byrequests lbmethod_bytraffic lbmethod_bybusyness lbmethod_heartbeat"
215
-			echo
216
-		fi
217
-	fi
218
-}
... ...
@@ -1,219 +0,0 @@
1
-# Copyright 1999-2013 Gentoo Foundation
2
-# Distributed under the terms of the GNU General Public License v2
3
-# $Header: /var/cvsroot/gentoo-x86/www-servers/apache/apache-2.4.6-r2.ebuild,v 1.1 2013/08/01 07:16:18 kensington Exp $
4
-
5
-EAPI="2"
6
-
7
-# latest gentoo apache files
8
-GENTOO_PATCHSTAMP="20130801"
9
-GENTOO_DEVELOPER="kensington"
10
-GENTOO_PATCHNAME="gentoo-apache-2.4.4"
11
-
12
-# IUSE/USE_EXPAND magic
13
-IUSE_MPMS_FORK="itk peruser prefork"
14
-IUSE_MPMS_THREAD="event worker"
15
-
16
-# << obsolete modules:
17
-# authn_default authz_default mem_cache
18
-# mem_cache is replaced by cache_disk
19
-# ?? buggy modules
20
-# proxy_scgi: startup error: undefined symbol "ap_proxy_release_connection", no fix found
21
-# >> added modules for reason:
22
-# compat: compatibility with 2.2 access control
23
-# authz_host: new module for access control
24
-# authn_core: functionality provided by authn_alias in previous versions
25
-# authz_core: new module, provides core authorization capabilities
26
-# cache_disk: replacement for mem_cache
27
-# lbmethod_byrequests: Split off from mod_proxy_balancer in 2.3
28
-# lbmethod_bytraffic: Split off from mod_proxy_balancer in 2.3
29
-# lbmethod_bybusyness: Split off from mod_proxy_balancer in 2.3
30
-# lbmethod_heartbeat: Split off from mod_proxy_balancer in 2.3
31
-# slotmem_shm: Slot-based shared memory provider (for lbmethod_byrequests).
32
-# socache_shmcb: shared object cache provider. Default config with ssl needs it
33
-# unixd: fixes startup error: Invalid command 'User'
34
-IUSE_MODULES="access_compat actions alias asis auth_basic auth_digest authn_alias authn_anon
35
-authn_core authn_dbd authn_dbm authn_file authz_core authz_dbm
36
-authz_groupfile authz_host authz_owner authz_user autoindex cache cache_disk cern_meta
37
-charset_lite cgi cgid dav dav_fs dav_lock dbd deflate dir dumpio
38
-env expires ext_filter file_cache filter headers ident imagemap include info
39
-lbmethod_byrequests lbmethod_bytraffic lbmethod_bybusyness lbmethod_heartbeat
40
-log_config log_forensic logio mime mime_magic negotiation proxy
41
-proxy_ajp proxy_balancer proxy_connect proxy_ftp proxy_http proxy_scgi proxy_fcgi
42
-rewrite ratelimit remoteip reqtimeout setenvif slotmem_shm speling socache_shmcb status substitute
43
-unique_id userdir usertrack unixd version vhost_alias"
44
-# The following are also in the source as of this version, but are not available
45
-# for user selection:
46
-# bucketeer case_filter case_filter_in echo http isapi optional_fn_export
47
-# optional_fn_import optional_hook_export optional_hook_import
48
-
49
-# inter-module dependencies
50
-# TODO: this may still be incomplete
51
-MODULE_DEPENDS="
52
-	dav_fs:dav
53
-	dav_lock:dav
54
-	deflate:filter
55
-	cache_disk:cache
56
-	ext_filter:filter
57
-	file_cache:cache
58
-	lbmethod_byrequests:proxy_balancer
59
-	lbmethod_byrequests:slotmem_shm
60
-	lbmethod_bytraffic:proxy_balancer
61
-	lbmethod_bybusyness:proxy_balancer
62
-	lbmethod_heartbeat:proxy_balancer
63
-	log_forensic:log_config
64
-	logio:log_config
65
-	cache_disk:cache
66
-	mime_magic:mime
67
-	proxy_ajp:proxy
68
-	proxy_balancer:proxy
69
-	proxy_connect:proxy
70
-	proxy_ftp:proxy
71
-	proxy_http:proxy
72
-	proxy_scgi:proxy
73
-	proxy_fcgi:proxy
74
-	substitute:filter
75
-"
76
-
77
-# module<->define mappings
78
-MODULE_DEFINES="
79
-	auth_digest:AUTH_DIGEST
80
-	authnz_ldap:AUTHNZ_LDAP
81
-	cache:CACHE
82
-	cache_disk:CACHE
83
-	dav:DAV
84
-	dav_fs:DAV
85
-	dav_lock:DAV
86
-	file_cache:CACHE
87
-	info:INFO
88
-	ldap:LDAP
89
-	proxy:PROXY
90
-	proxy_ajp:PROXY
91
-	proxy_balancer:PROXY
92
-	proxy_connect:PROXY
93
-	proxy_ftp:PROXY
94
-	proxy_http:PROXY
95
-	proxy_fcgi:PROXY
96
-	socache_shmcb:SSL
97
-	ssl:SSL
98
-	status:STATUS
99
-	suexec:SUEXEC
100
-	userdir:USERDIR
101
-"
102
-
103
-# critical modules for the default config
104
-MODULE_CRITICAL="
105
-	authn_core
106
-	authz_core
107
-	authz_host
108
-	dir
109
-	mime
110
-	unixd
111
-"
112
-# dependend criticals
113
-use ssl && MODULE_CRITICAL+=" socache_shmcb"
114
-use doc && MODULE_CRITICAL+=" alias negotiation setenvif"
115
-
116
-inherit eutils apache-2 systemd
117
-
118
-DESCRIPTION="The Apache Web Server."
119
-HOMEPAGE="http://httpd.apache.org/"
120
-
121
-# some helper scripts are Apache-1.1, thus both are here
122
-LICENSE="Apache-2.0 Apache-1.1"
123
-SLOT="2"
124
-KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd"
125
-IUSE=""
126
-
127
-DEPEND="${DEPEND}
128
-	>=dev-libs/openssl-0.9.8m
129
-	apache2_modules_deflate? ( sys-libs/zlib )"
130
-
131
-# dependency on >=dev-libs/apr-1.4.5 for bug #368651
132
-RDEPEND="${RDEPEND}
133
-	>=dev-libs/apr-1.4.5
134
-	>=dev-libs/openssl-0.9.8m
135
-	apache2_modules_mime? ( app-misc/mime-types )"
136
-
137
-# init script fixup - should be rolled into next tarball #389965
138
-src_prepare() {
139
-	epatch "${FILESDIR}/apache-2.4.6-modssl-dhparams.diff"
140
-
141
-	# the following patch can be removed once it is included in
142
-	# GENTOO_PATCHNAME="gentoo-apache-2.4.1" ...
143
-	if [ -f "${FILESDIR}/${GENTOO_PATCHNAME}-${GENTOO_DEVELOPER}-${GENTOO_PATCHSTAMP}-${PVR}.patch" ]; then
144
-		cd "${GENTOO_PATCHDIR}" || die "Failed to cd to ${GENTOO_PATCHDIR}"
145
-		epatch "${FILESDIR}/${GENTOO_PATCHNAME}-${GENTOO_DEVELOPER}-${GENTOO_PATCHSTAMP}-${PVR}.patch" \
146
-			|| die "epatch failed"
147
-		cd "${S}" || die "Failed to cd to ${S}"
148
-	fi
149
-	apache-2_src_prepare
150
-	sed -i -e 's/! test -f/test -f/' "${GENTOO_PATCHDIR}"/init/apache2.initd || die "Failed to fix init script"
151
-}
152
-
153
-src_install() {
154
-	apache-2_src_install
155
-	for i in /usr/bin/{htdigest,logresolve,htpasswd,htdbm,ab,httxt2dbm}; do
156
-		rm "${D}"/$i || die "Failed to prune apache-tools bits"
157
-	done
158
-	for i in /usr/share/man/man8/{rotatelogs.8,htcacheclean.8}; do
159
-		rm "${D}"/$i || die "Failed to prune apache-tools bits"
160
-	done
161
-	for i in /usr/share/man/man1/{logresolve.1,htdbm.1,htdigest.1,htpasswd.1,dbmmanage.1,ab.1}; do
162
-		rm "${D}"/$i || die "Failed to prune apache-tools bits"
163
-	done
164
-	for i in /usr/sbin/{checkgid,fcgistarter,htcacheclean,rotatelogs}; do
165
-		rm "${D}/"$i || die "Failed to prune apache-tools bits"
166
-	done
167
-
168
-	# well, actually installing things makes them more installed, I guess?
169
-	cp "${S}"/support/apxs "${D}"/usr/sbin/apxs || die "Failed to install apxs"
170
-	chmod 0755 "${D}"/usr/sbin/apxs
171
-
172
-	# Note: wait for mod_systemd to be included in the next release,
173
-	# then apache2.4.service can be used and systemd support controlled
174
-	# through --enable-systemd
175
-	systemd_newunit "${FILESDIR}/apache2.2.service" "apache2.service"
176
-	systemd_dotmpfilesd "${FILESDIR}/apache.conf"
177
-	#insinto /etc/apache2/modules.d
178
-	#doins "${FILESDIR}/00_systemd.conf"
179
-}
180
-
181
-pkg_postinst()
182
-{
183
-	apache-2_pkg_postinst || die "apache-2_pkg_postinst failed"
184
-	# warnings that default config might not work out of the box
185
-	for mod in $MODULE_CRITICAL; do
186
-		if ! use "apache2_modules_${mod}"; then
187
-			echo
188
-			ewarn "Warning: Critical module not installed!"
189
-			ewarn "Modules 'authn_core', 'authz_core' and 'unixd'"
190
-			ewarn "are highly recomended but might not be in the base profile yet."
191
-			ewarn "Default config for ssl needs module 'socache_shmcb'."
192
-			ewarn "Enabling the following flags is highly recommended:"
193
-			for cmod in $MODULE_CRITICAL; do
194
-				use "apache2_modules_${cmod}" || \
195
-					ewarn "+ apache2_modules_${cmod}"
196
-			done
197
-			echo
198
-			break
199
-		fi
200
-	done
201
-	# warning for proxy_balancer and missing load balancing scheduler
202
-	if use apache2_modules_proxy_balancer; then
203
-		local lbset=
204
-		for mod in lbmethod_byrequests lbmethod_bytraffic lbmethod_bybusyness lbmethod_heartbeat; do
205
-			if use "apache2_modules_${mod}"; then
206
-				lbset=1 && break
207
-			fi
208
-		done
209
-		if [ ! $lbset ]; then
210
-			echo
211
-			ewarn "Info: Missing load balancing scheduler algorithm module"
212
-			ewarn "(They were split off from proxy_balancer in 2.3)"
213
-			ewarn "In order to get the ability of load balancing, at least"
214
-			ewarn "one of these modules has to be present:"
215
-			ewarn "lbmethod_byrequests lbmethod_bytraffic lbmethod_bybusyness lbmethod_heartbeat"
216
-			echo
217
-		fi
218
-	fi
219
-}
... ...
@@ -0,0 +1,2 @@
1
+# This file configures systemd module:
2
+LoadModule systemd_module modules/mod_systemd.so
... ...
@@ -1,314 +0,0 @@
1
-diff -ru httpd-2.2.14.orig/modules/ssl/mod_ssl.c httpd-2.2.14.new/modules/ssl/mod_ssl.c
2
---- httpd-2.2.14.orig/modules/ssl/mod_ssl.c	2009-05-19 13:44:59.000000000 +0200
3
-+++ httpd-2.2.14.new/modules/ssl/mod_ssl.c	2010-07-06 11:56:50.897588899 +0200
4
-@@ -108,6 +108,9 @@
5
-     SSL_CMD_SRV(CertificateKeyFile, TAKE1,
6
-                 "SSL Server Private Key file "
7
-                 "(`/path/to/file' - PEM or DER encoded)")
8
-+    SSL_CMD_SRV(DHParametersFile, TAKE1,
9
-+                "SSL Server Diffie-Hellman parameters file "
10
-+                "(`/path/to/file' - PEM or DER encoded)")
11
-     SSL_CMD_SRV(CertificateChainFile, TAKE1,
12
-                 "SSL Server CA Certificate Chain file "
13
-                 "(`/path/to/file' - PEM encoded)")
14
-diff -ru httpd-2.2.14.orig/modules/ssl/ssl_engine_config.c httpd-2.2.14.new/modules/ssl/ssl_engine_config.c
15
---- httpd-2.2.14.orig/modules/ssl/ssl_engine_config.c	2009-05-19 13:44:59.000000000 +0200
16
-+++ httpd-2.2.14.new/modules/ssl/ssl_engine_config.c	2010-07-06 11:56:50.897588899 +0200
17
-@@ -72,6 +72,7 @@
18
-     mc->tVHostKeys             = apr_hash_make(pool);
19
-     mc->tPrivateKey            = apr_hash_make(pool);
20
-     mc->tPublicCert            = apr_hash_make(pool);
21
-+    mc->tDHParams              = apr_hash_make(pool);
22
- #if defined(HAVE_OPENSSL_ENGINE_H) && defined(HAVE_ENGINE_INIT)
23
-     mc->szCryptoDevice         = NULL;
24
- #endif
25
-@@ -156,6 +157,9 @@
26
-     mctx->pks = apr_pcalloc(p, sizeof(*mctx->pks));
27
- 
28
-     /* mctx->pks->... certs/keys are set during module init */
29
-+
30
-+    mctx->pks->dhparams_file = NULL;
31
-+    mctx->pks->dhparams     = NULL;
32
- }
33
- 
34
- static SSLSrvConfigRec *ssl_config_server_new(apr_pool_t *p)
35
-@@ -246,6 +250,7 @@
36
- 
37
-     cfgMergeString(pks->ca_name_path);
38
-     cfgMergeString(pks->ca_name_file);
39
-+    cfgMergeString(pks->dhparams_file);
40
- }
41
- 
42
- /*
43
-@@ -762,6 +767,22 @@
44
-     return NULL;
45
- }
46
- 
47
-+const char *ssl_cmd_SSLDHParametersFile(cmd_parms *cmd,
48
-+    				        void *dcfg,
49
-+				        const char *arg)
50
-+{
51
-+    SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
52
-+    const char *err;
53
-+
54
-+    if ((err = ssl_cmd_check_file(cmd, &arg))) {
55
-+        return err;
56
-+    }
57
-+
58
-+    sc->server->pks->dhparams_file = arg;
59
-+
60
-+    return NULL;
61
-+}
62
-+
63
- const char *ssl_cmd_SSLCertificateKeyFile(cmd_parms *cmd,
64
-                                           void *dcfg,
65
-                                           const char *arg)
66
-diff -ru httpd-2.2.14.orig/modules/ssl/ssl_engine_init.c httpd-2.2.14.new/modules/ssl/ssl_engine_init.c
67
---- httpd-2.2.14.orig/modules/ssl/ssl_engine_init.c	2009-08-16 17:53:12.000000000 +0200
68
-+++ httpd-2.2.14.new/modules/ssl/ssl_engine_init.c	2010-07-06 11:56:50.897588899 +0200
69
-@@ -723,6 +723,42 @@
70
-     }
71
- }
72
- 
73
-+static int ssl_server_import_dhparams(server_rec *s,
74
-+                                      modssl_ctx_t *mctx,
75
-+                                      const char *id)
76
-+{
77
-+    SSLModConfigRec *mc = myModConfig(s);
78
-+    ssl_asn1_t *asn1;
79
-+    MODSSL_D2I_DHparams_CONST unsigned char *ptr;
80
-+    DH *dhparams = NULL;
81
-+
82
-+    if (!(asn1 = ssl_asn1_table_get(mc->tDHParams, id))) {
83
-+        return FALSE;
84
-+    }
85
-+
86
-+    ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
87
-+                 "Configuring server Diffie-Hellman parameters");
88
-+
89
-+    ptr = asn1->cpData;
90
-+    if (!(dhparams = d2i_DHparams(NULL, &ptr, asn1->nData))) {
91
-+        ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
92
-+                "Unable to import server Diffie-Hellman parameters");
93
-+        ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s);
94
-+        ssl_die();
95
-+    }
96
-+
97
-+    if (SSL_CTX_set_tmp_dh(mctx->ssl_ctx, dhparams) <= 0) {
98
-+        ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
99
-+                "Unable to configure server Diffie-Hellman parameters");
100
-+        ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s);
101
-+        ssl_die();
102
-+    }
103
-+
104
-+    mctx->pks->dhparams = dhparams;
105
-+
106
-+    return TRUE;
107
-+}
108
-+
109
- static int ssl_server_import_cert(server_rec *s,
110
-                                   modssl_ctx_t *mctx,
111
-                                   const char *id,
112
-@@ -882,16 +918,18 @@
113
-                                   apr_pool_t *ptemp,
114
-                                   modssl_ctx_t *mctx)
115
- {
116
--    const char *rsa_id, *dsa_id;
117
-+    const char *rsa_id, *dsa_id, *dh_id;
118
-     const char *vhost_id = mctx->sc->vhost_id;
119
-     int i;
120
-     int have_rsa, have_dsa;
121
- 
122
-     rsa_id = ssl_asn1_table_keyfmt(ptemp, vhost_id, SSL_AIDX_RSA);
123
-     dsa_id = ssl_asn1_table_keyfmt(ptemp, vhost_id, SSL_AIDX_DSA);
124
-+    dh_id = apr_pstrcat(ptemp, vhost_id, ":", "DH", NULL);
125
- 
126
-     have_rsa = ssl_server_import_cert(s, mctx, rsa_id, SSL_AIDX_RSA);
127
-     have_dsa = ssl_server_import_cert(s, mctx, dsa_id, SSL_AIDX_DSA);
128
-+    (void)ssl_server_import_dhparams(s, mctx, dh_id);
129
- 
130
-     if (!(have_rsa || have_dsa)) {
131
-         ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
132
-@@ -1265,6 +1303,7 @@
133
-         MODSSL_CFG_ITEM_FREE(EVP_PKEY_free,
134
-                              mctx->pks->keys[i]);
135
-     }
136
-+    MODSSL_CFG_ITEM_FREE(DH_free, mctx->pks->dhparams);
137
- }
138
- 
139
- apr_status_t ssl_init_ModuleKill(void *data)
140
-diff -ru httpd-2.2.14.orig/modules/ssl/ssl_engine_pphrase.c httpd-2.2.14.new/modules/ssl/ssl_engine_pphrase.c
141
---- httpd-2.2.14.orig/modules/ssl/ssl_engine_pphrase.c	2009-09-16 22:06:05.000000000 +0200
142
-+++ httpd-2.2.14.new/modules/ssl/ssl_engine_pphrase.c	2010-07-06 11:56:50.897588899 +0200
143
-@@ -144,6 +144,7 @@
144
-     unsigned char *ucp;
145
-     long int length;
146
-     X509 *pX509Cert;
147
-+    DH *pDHParams;
148
-     BOOL bReadable;
149
-     apr_array_header_t *aPassPhrase;
150
-     int nPassPhrase;
151
-@@ -192,8 +193,10 @@
152
-                          pServ->defn_name, pServ->defn_line_number);
153
-             ssl_die();
154
-         }
155
-+
156
-         algoCert = SSL_ALGO_UNKNOWN;
157
-         algoKey  = SSL_ALGO_UNKNOWN;
158
-+
159
-         for (i = 0, j = 0; i < SSL_AIDX_MAX && sc->server->pks->cert_files[i] != NULL; i++) {
160
- 
161
-             apr_cpystrn(szPath, sc->server->pks->cert_files[i], sizeof(szPath));
162
-@@ -517,6 +520,45 @@
163
-              */
164
-             EVP_PKEY_free(pPrivateKey);
165
-         }
166
-+
167
-+	/*
168
-+	 * Read in Diffie-Hellman parameters file if such a file is
169
-+	 * specified.
170
-+	 */
171
-+	if (sc->server->pks->dhparams_file) {
172
-+            apr_cpystrn(szPath, sc->server->pks->dhparams_file, sizeof(szPath));
173
-+            if ((rv = exists_and_readable(szPath, p, NULL)) != APR_SUCCESS) {
174
-+                ap_log_error(APLOG_MARK, APLOG_ERR, rv, s,
175
-+                             "Init: Can't open server Diffie-Hellman parameters file %s",
176
-+                             szPath);
177
-+                ssl_die();
178
-+            }
179
-+            if ((pDHParams = SSL_read_DHparams(szPath, NULL, NULL)) == NULL) {
180
-+                ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
181
-+                        "Init: Unable to read server Diffie-Hellman parameters from file %s", szPath);
182
-+                ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s);
183
-+                ssl_die();
184
-+            }
185
-+
186
-+            /*
187
-+	     * Insert the DH params into global module configuration
188
-+	     * to let it survive the processing between the 1st Apache
189
-+	     * API init round (where we operate here) and the 2nd
190
-+	     * Apache init round (where it will be actually used to
191
-+	     * configure mod_ssl's per-server configuration
192
-+	     * structures).
193
-+             */
194
-+            cp = asn1_table_vhost_key(mc, p, cpVHostID, "DH");
195
-+            length = i2d_DHparams(pDHParams, NULL);
196
-+            ucp = ssl_asn1_table_set(mc->tDHParams, cp, length);
197
-+            (void)i2d_DHparams(pDHParams, &ucp); /* 2nd arg increments */
198
-+
199
-+            /*
200
-+             * Free the DH structure
201
-+             */
202
-+            DH_free(pDHParams);
203
-+	}
204
-+
205
-     }
206
- 
207
-     /*
208
-diff -ru httpd-2.2.14.orig/modules/ssl/ssl_private.h httpd-2.2.14.new/modules/ssl/ssl_private.h
209
---- httpd-2.2.14.orig/modules/ssl/ssl_private.h	2009-05-19 13:44:59.000000000 +0200
210
-+++ httpd-2.2.14.new/modules/ssl/ssl_private.h	2010-07-06 11:56:50.897588899 +0200
211
-@@ -378,6 +378,7 @@
212
-     void           *pTmpKeys[SSL_TMP_KEY_MAX];
213
-     apr_hash_t     *tPublicCert;
214
-     apr_hash_t     *tPrivateKey;
215
-+    apr_hash_t     *tDHParams;
216
- #if defined(HAVE_OPENSSL_ENGINE_H) && defined(HAVE_ENGINE_INIT)
217
-     const char     *szCryptoDevice;
218
- #endif
219
-@@ -394,8 +395,10 @@
220
-      */
221
-     const char  *cert_files[SSL_AIDX_MAX];
222
-     const char  *key_files[SSL_AIDX_MAX];
223
-+    const char	*dhparams_file;
224
-     X509        *certs[SSL_AIDX_MAX];
225
-     EVP_PKEY    *keys[SSL_AIDX_MAX];
226
-+    DH		*dhparams;
227
- 
228
-     /** Certificates which specify the set of CA names which should be
229
-      * sent in the CertificateRequest message: */
230
-@@ -510,6 +513,7 @@
231
- const char  *ssl_cmd_SSLRandomSeed(cmd_parms *, void *, const char *, const char *, const char *);
232
- const char  *ssl_cmd_SSLEngine(cmd_parms *, void *, const char *);
233
- const char  *ssl_cmd_SSLCipherSuite(cmd_parms *, void *, const char *);
234
-+const char  *ssl_cmd_SSLDHParametersFile(cmd_parms *, void *, const char *);
235
- const char  *ssl_cmd_SSLCertificateFile(cmd_parms *, void *, const char *);
236
- const char  *ssl_cmd_SSLCertificateKeyFile(cmd_parms *, void *, const char *);
237
- const char  *ssl_cmd_SSLCertificateChainFile(cmd_parms *, void *, const char *);
238
-diff -ru httpd-2.2.14.orig/modules/ssl/ssl_toolkit_compat.h httpd-2.2.14.new/modules/ssl/ssl_toolkit_compat.h
239
---- httpd-2.2.14.orig/modules/ssl/ssl_toolkit_compat.h	2009-05-19 13:44:59.000000000 +0200
240
-+++ httpd-2.2.14.new/modules/ssl/ssl_toolkit_compat.h	2010-07-06 11:56:50.897588899 +0200
241
-@@ -100,9 +100,11 @@
242
- #if (OPENSSL_VERSION_NUMBER >= 0x00908000)
243
- # define MODSSL_D2I_PrivateKey_CONST const
244
- # define MODSSL_D2I_X509_CONST const
245
-+# define MODSSL_D2I_DHparams_CONST const
246
- #else
247
- # define MODSSL_D2I_PrivateKey_CONST
248
- # define MODSSL_D2I_X509_CONST
249
-+# define MODSSL_D2I_DHparams_CONST
250
- #endif
251
- 
252
- #if (OPENSSL_VERSION_NUMBER >= 0x00909000)
253
-@@ -117,8 +119,10 @@
254
- 
255
- #if (OPENSSL_VERSION_NUMBER < 0x00904000)
256
- #define modssl_PEM_read_bio_X509(b, x, cb, arg) PEM_read_bio_X509(b, x, cb)
257
-+#define modssl_PEM_read_bio_DHparams(b, x, cb, arg) PEM_read_bio_DHparams(b, x, cb)
258
- #else
259
- #define modssl_PEM_read_bio_X509(b, x, cb, arg) PEM_read_bio_X509(b, x, cb, arg)
260
-+#define modssl_PEM_read_bio_DHparams(b, x, cb, arg) PEM_read_bio_DHparams(b, x, cb, arg)
261
- #endif
262
- 
263
- #define modssl_PEM_X509_INFO_read_bio PEM_X509_INFO_read_bio 
264
-diff -ru httpd-2.2.14.orig/modules/ssl/ssl_util_ssl.c httpd-2.2.14.new/modules/ssl/ssl_util_ssl.c
265
---- httpd-2.2.14.orig/modules/ssl/ssl_util_ssl.c	2009-08-06 09:28:47.000000000 +0200
266
-+++ httpd-2.2.14.new/modules/ssl/ssl_util_ssl.c	2010-07-06 11:56:50.897588899 +0200
267
-@@ -115,6 +115,47 @@
268
-     return rc;
269
- }
270
- 
271
-+DH *SSL_read_DHparams(char* filename, DH **DHparams, modssl_read_bio_cb_fn *cb)
272
-+{
273
-+    DH  *rc;
274
-+    BIO *bioS;
275
-+    BIO *bioF;
276
-+
277
-+    /* 1. try PEM (= DER+Base64+headers) */
278
-+    if ((bioS=BIO_new_file(filename, "r")) == NULL)
279
-+        return NULL;
280
-+    rc = modssl_PEM_read_bio_DHparams (bioS, DHparams, cb, NULL);
281
-+    BIO_free(bioS);
282
-+
283
-+    if (rc == NULL) {
284
-+        /* 2. try DER+Base64 */
285
-+        if ((bioS=BIO_new_file(filename, "r")) == NULL)
286
-+            return NULL;
287
-+
288
-+        if ((bioF = BIO_new(BIO_f_base64())) == NULL) {
289
-+            BIO_free(bioS);
290
-+            return NULL;
291
-+        }
292
-+        bioS = BIO_push(bioF, bioS);
293
-+        rc = d2i_DHparams_bio(bioS, NULL);
294
-+        BIO_free_all(bioS);
295
-+
296
-+        if (rc == NULL) {
297
-+            /* 3. try plain DER */
298
-+            if ((bioS=BIO_new_file(filename, "r")) == NULL)
299
-+                return NULL;
300
-+            rc = d2i_DHparams_bio(bioS, NULL);
301
-+            BIO_free(bioS);
302
-+        }
303
-+    }
304
-+    if (rc != NULL && DHparams != NULL) {
305
-+        if (*DHparams != NULL)
306
-+            DH_free(*DHparams);
307
-+        *DHparams = rc;
308
-+    }
309
-+    return rc;
310
-+}
311
-+
312
- #if SSL_LIBRARY_VERSION <= 0x00904100
313
- static EVP_PKEY *d2i_PrivateKey_bio(BIO *bio, EVP_PKEY **key)
314
- {
... ...
@@ -1,128 +0,0 @@
1
-Index: modules/ssl/ssl_private.h
2
-===================================================================
3
---- modules/ssl/ssl_private.h	(revision 1395230)
4
-+++ modules/ssl/ssl_private.h	(revision 1395231)
5
-@@ -64,6 +64,11 @@
6
- #define HAVE_TLSV1_X
7
- #endif
8
- 
9
-+#if !defined(OPENSSL_NO_COMP) && !defined(SSL_OP_NO_COMPRESSION) \
10
-+    && OPENSSL_VERSION_NUMBER < 0x00908000L
11
-+#define OPENSSL_NO_COMP
12
-+#endif
13
-+
14
- #include "ssl_util_ssl.h"
15
- 
16
- /** The #ifdef macros are only defined AFTER including the above
17
-@@ -504,6 +509,9 @@
18
- #ifdef HAVE_FIPS
19
-     BOOL             fips;
20
- #endif
21
-+#ifndef OPENSSL_NO_COMP
22
-+    BOOL             compression;
23
-+#endif
24
- };
25
- 
26
- /**
27
-@@ -560,6 +568,7 @@
28
- const char  *ssl_cmd_SSLCARevocationPath(cmd_parms *, void *, const char *);
29
- const char  *ssl_cmd_SSLCARevocationFile(cmd_parms *, void *, const char *);
30
- const char  *ssl_cmd_SSLHonorCipherOrder(cmd_parms *cmd, void *dcfg, int flag);
31
-+const char  *ssl_cmd_SSLCompression(cmd_parms *, void *, int flag);
32
- const char  *ssl_cmd_SSLVerifyClient(cmd_parms *, void *, const char *);
33
- const char  *ssl_cmd_SSLVerifyDepth(cmd_parms *, void *, const char *);
34
- const char  *ssl_cmd_SSLSessionCache(cmd_parms *, void *, const char *);
35
-Index: modules/ssl/ssl_engine_init.c
36
-===================================================================
37
---- modules/ssl/ssl_engine_init.c	(revision 1395230)
38
-+++ modules/ssl/ssl_engine_init.c	(revision 1395231)
39
-@@ -533,6 +533,18 @@
40
-     }
41
- #endif
42
- 
43
-+
44
-+#ifndef OPENSSL_NO_COMP
45
-+    if (sc->compression == FALSE) {
46
-+#ifdef SSL_OP_NO_COMPRESSION
47
-+        /* OpenSSL >= 1.0 only */
48
-+        SSL_CTX_set_options(ctx, SSL_OP_NO_COMPRESSION);
49
-+#elif OPENSSL_VERSION_NUMBER >= 0x00908000L
50
-+        sk_SSL_COMP_zero(SSL_COMP_get_compression_methods());
51
-+#endif
52
-+    }
53
-+#endif
54
-+
55
- #ifdef SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION
56
-     if (sc->insecure_reneg == TRUE) {
57
-         SSL_CTX_set_options(ctx, SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION);
58
-Index: modules/ssl/ssl_engine_config.c
59
-===================================================================
60
---- modules/ssl/ssl_engine_config.c	(revision 1395230)
61
-+++ modules/ssl/ssl_engine_config.c	(revision 1395231)
62
-@@ -180,6 +180,9 @@
63
- #ifdef HAVE_FIPS
64
-     sc->fips                   = UNSET;
65
- #endif
66
-+#ifndef OPENSSL_NO_COMP
67
-+    sc->compression            = UNSET;
68
-+#endif
69
- 
70
-     modssl_ctx_init_proxy(sc, p);
71
- 
72
-@@ -278,6 +281,9 @@
73
- #ifdef HAVE_FIPS
74
-     cfgMergeBool(fips);
75
- #endif
76
-+#ifndef OPENSSL_NO_COMP
77
-+    cfgMergeBool(compression);
78
-+#endif
79
- 
80
-     modssl_ctx_cfg_merge_proxy(base->proxy, add->proxy, mrg->proxy);
81
- 
82
-@@ -711,6 +717,23 @@
83
- 
84
- }
85
- 
86
-+const char *ssl_cmd_SSLCompression(cmd_parms *cmd, void *dcfg, int flag)
87
-+{
88
-+#if !defined(OPENSSL_NO_COMP)
89
-+    SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
90
-+#ifndef SSL_OP_NO_COMPRESSION
91
-+    const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY);
92
-+    if (err)
93
-+        return "This version of openssl does not support configuring "
94
-+               "compression within <VirtualHost> sections.";
95
-+#endif
96
-+    sc->compression = flag ? TRUE : FALSE;
97
-+    return NULL;
98
-+#else
99
-+    return "Setting Compression mode unsupported; not implemented by the SSL library";
100
-+#endif
101
-+}
102
-+
103
- const char *ssl_cmd_SSLHonorCipherOrder(cmd_parms *cmd, void *dcfg, int flag)
104
- {
105
- #ifdef SSL_OP_CIPHER_SERVER_PREFERENCE
106
-Index: modules/ssl/mod_ssl.c
107
-===================================================================
108
---- modules/ssl/mod_ssl.c	(revision 1395230)
109
-+++ modules/ssl/mod_ssl.c	(revision 1395231)
110
-@@ -156,6 +156,9 @@
111
-                 "('[+-][" SSL_PROTOCOLS "] ...' - see manual)")
112
-     SSL_CMD_SRV(HonorCipherOrder, FLAG,
113
-                 "Use the server's cipher ordering preference")
114
-+    SSL_CMD_SRV(Compression, FLAG,
115
-+                "Enable SSL level compression"
116
-+                "(`on', `off')")
117
-     SSL_CMD_SRV(InsecureRenegotiation, FLAG,
118
-                 "Enable support for insecure renegotiation")
119
-     SSL_CMD_ALL(UserName, TAKE1,
120
-Index: .
121
-===================================================================
122
---- .	(revision 1395230)
123
-+++ .	(revision 1395231)
124
-
125
-Property changes on: .
126
-___________________________________________________________________
127
-Modified: svn:mergeinfo
128
-   Merged /httpd/httpd/trunk:r1345319,1348656
... ...
@@ -1,331 +0,0 @@
1
-diff -Naur httpd-2.4.3/modules/ssl/mod_ssl.c httpd-2.4.3-dh/modules/ssl/mod_ssl.c
2
---- httpd-2.4.3/modules/ssl/mod_ssl.c	2012-08-05 15:48:40.000000000 +0200
3
-+++ httpd-2.4.3-dh/modules/ssl/mod_ssl.c	2012-10-23 16:10:39.905810300 +0200
4
-@@ -88,6 +88,9 @@
5
-     SSL_CMD_SRV(CertificateKeyFile, TAKE1,
6
-                 "SSL Server Private Key file "
7
-                 "('/path/to/file' - PEM or DER encoded)")
8
-+    SSL_CMD_SRV(DHParametersFile, TAKE1,
9
-+                "SSL Server Diffie-Hellman parameters file "
10
-+                "(`/path/to/file' - PEM or DER encoded)")
11
-     SSL_CMD_SRV(CertificateChainFile, TAKE1,
12
-                 "SSL Server CA Certificate Chain file "
13
-                 "('/path/to/file' - PEM encoded)")
14
-diff -Naur httpd-2.4.3/modules/ssl/ssl_engine_config.c httpd-2.4.3-dh/modules/ssl/ssl_engine_config.c
15
---- httpd-2.4.3/modules/ssl/ssl_engine_config.c	2012-08-05 15:48:40.000000000 +0200
16
-+++ httpd-2.4.3-dh/modules/ssl/ssl_engine_config.c	2012-10-23 16:10:39.907810276 +0200
17
-@@ -67,6 +67,7 @@
18
-     mc->tVHostKeys             = apr_hash_make(pool);
19
-     mc->tPrivateKey            = apr_hash_make(pool);
20
-     mc->tPublicCert            = apr_hash_make(pool);
21
-+    mc->tDHParams              = apr_hash_make(pool);
22
- #if defined(HAVE_OPENSSL_ENGINE_H) && defined(HAVE_ENGINE_INIT)
23
-     mc->szCryptoDevice         = NULL;
24
- #endif
25
-@@ -182,6 +183,9 @@
26
- 
27
-     /* mctx->pks->... certs/keys are set during module init */
28
- 
29
-+    mctx->pks->dhparams_file = NULL;
30
-+    mctx->pks->dhparams     = NULL;
31
-+
32
- #ifdef HAVE_TLS_SESSION_TICKETS
33
-     mctx->ticket_key = apr_pcalloc(p, sizeof(*mctx->ticket_key));
34
- #endif
35
-@@ -302,6 +306,7 @@
36
- 
37
-     cfgMergeString(pks->ca_name_path);
38
-     cfgMergeString(pks->ca_name_file);
39
-+    cfgMergeString(pks->dhparams_file);
40
- 
41
- #ifdef HAVE_TLS_SESSION_TICKETS
42
-     cfgMergeString(ticket_key->file_path);
43
-@@ -783,6 +788,22 @@
44
- 
45
-     return NULL;
46
- }
47
-+
48
-+const char *ssl_cmd_SSLDHParametersFile(cmd_parms *cmd,
49
-+                                        void *dcfg,
50
-+					const char *arg)
51
-+{
52
-+    SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
53
-+    const char *err;
54
-+
55
-+    if ((err = ssl_cmd_check_file(cmd, &arg))) {
56
-+        return err;
57
-+    }
58
-+
59
-+    sc->server->pks->dhparams_file = arg;
60
-+
61
-+    return NULL;
62
-+}
63
- 
64
- const char *ssl_cmd_SSLCertificateKeyFile(cmd_parms *cmd,
65
-                                           void *dcfg,
66
-diff -Naur httpd-2.4.3/modules/ssl/ssl_engine_init.c httpd-2.4.3-dh/modules/ssl/ssl_engine_init.c
67
---- httpd-2.4.3/modules/ssl/ssl_engine_init.c	2012-08-05 15:48:40.000000000 +0200
68
-+++ httpd-2.4.3-dh/modules/ssl/ssl_engine_init.c	2012-10-23 16:11:28.481213388 +0200
69
-@@ -962,6 +962,42 @@
70
-     }
71
- }
72
- 
73
-+static int ssl_server_import_dhparams(server_rec *s,
74
-+                                      modssl_ctx_t *mctx,
75
-+                                      const char *id)
76
-+{
77
-+    SSLModConfigRec *mc = myModConfig(s);
78
-+    ssl_asn1_t *asn1;
79
-+    MODSSL_D2I_DHparams_CONST unsigned char *ptr;
80
-+    DH *dhparams = NULL;
81
-+
82
-+    if (!(asn1 = ssl_asn1_table_get(mc->tDHParams, id))) {
83
-+        return FALSE;
84
-+    }
85
-+
86
-+    ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
87
-+                 "Configuring server Diffie-Hellman parameters");
88
-+
89
-+    ptr = asn1->cpData;
90
-+    if (!(dhparams = d2i_DHparams(NULL, &ptr, asn1->nData))) {
91
-+        ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
92
-+                "Unable to import server Diffie-Hellman parameters");
93
-+        ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, s);
94
-+        ssl_die(s);
95
-+    }
96
-+
97
-+    if (SSL_CTX_set_tmp_dh(mctx->ssl_ctx, dhparams) <= 0) {
98
-+        ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
99
-+                "Unable to configure server Diffie-Hellman parameters");
100
-+        ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, s);
101
-+        ssl_die(s);
102
-+    }
103
-+
104
-+    mctx->pks->dhparams = dhparams;
105
-+
106
-+    return TRUE;
107
-+}
108
-+
109
- static int ssl_server_import_cert(server_rec *s,
110
-                                   modssl_ctx_t *mctx,
111
-                                   const char *id,
112
-@@ -1169,7 +1205,7 @@
113
-                                   apr_pool_t *ptemp,
114
-                                   modssl_ctx_t *mctx)
115
- {
116
--    const char *rsa_id, *dsa_id;
117
-+    const char *rsa_id, *dsa_id, *dh_id;
118
- #ifndef OPENSSL_NO_EC
119
-     const char *ecc_id;
120
- #endif
121
-@@ -1182,12 +1218,14 @@
122
- 
123
-     rsa_id = ssl_asn1_table_keyfmt(ptemp, vhost_id, SSL_AIDX_RSA);
124
-     dsa_id = ssl_asn1_table_keyfmt(ptemp, vhost_id, SSL_AIDX_DSA);
125
-+    dh_id = apr_pstrcat(ptemp, vhost_id, ":", "DH", NULL);
126
- #ifndef OPENSSL_NO_EC
127
-     ecc_id = ssl_asn1_table_keyfmt(ptemp, vhost_id, SSL_AIDX_ECC);
128
- #endif
129
- 
130
-     have_rsa = ssl_server_import_cert(s, mctx, rsa_id, SSL_AIDX_RSA);
131
-     have_dsa = ssl_server_import_cert(s, mctx, dsa_id, SSL_AIDX_DSA);
132
-+    (void)ssl_server_import_dhparams(s, mctx, dh_id);
133
- #ifndef OPENSSL_NO_EC
134
-     have_ecc = ssl_server_import_cert(s, mctx, ecc_id, SSL_AIDX_ECC);
135
- #endif
136
-@@ -1723,6 +1761,7 @@
137
-         MODSSL_CFG_ITEM_FREE(EVP_PKEY_free,
138
-                              mctx->pks->keys[i]);
139
-     }
140
-+    MODSSL_CFG_ITEM_FREE(DH_free, mctx->pks->dhparams);
141
- }
142
- 
143
- apr_status_t ssl_init_ModuleKill(void *data)
144
-diff -Naur httpd-2.4.3/modules/ssl/ssl_engine_pphrase.c httpd-2.4.3-dh/modules/ssl/ssl_engine_pphrase.c
145
---- httpd-2.4.3/modules/ssl/ssl_engine_pphrase.c	2012-08-04 23:22:38.000000000 +0200
146
-+++ httpd-2.4.3-dh/modules/ssl/ssl_engine_pphrase.c	2012-10-23 16:16:39.306422234 +0200
147
-@@ -147,6 +147,7 @@
148
-     unsigned char *ucp;
149
-     long int length;
150
-     X509 *pX509Cert;
151
-+    DH *pDHParams;
152
-     BOOL bReadable;
153
-     apr_array_header_t *aPassPhrase;
154
-     int nPassPhrase;
155
-@@ -162,6 +163,7 @@
156
-     char *an;
157
-     apr_time_t pkey_mtime = 0;
158
-     apr_status_t rv;
159
-+    const char *dhid;
160
-     /*
161
-      * Start with a fresh pass phrase array
162
-      */
163
-@@ -225,14 +227,14 @@
164
-                     ap_log_error(APLOG_MARK, APLOG_EMERG, rv, s, APLOGNO(02201)
165
-                                  "Init: Can't open server certificate file %s",
166
-                                  szPath);
167
--                    ssl_die(s);
168
-+                    ssl_die(pServ);
169
-                 }
170
-                 if ((pX509Cert = SSL_read_X509(szPath, NULL, NULL)) == NULL) {
171
-                     ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, APLOGNO(02241)
172
-                                  "Init: Unable to read server certificate from"
173
-                                  " file %s", szPath);
174
-                     ssl_log_ssl_error(SSLLOG_MARK, APLOG_EMERG, s);
175
--                    ssl_die(s);
176
-+                    ssl_die(pServ);
177
-                 }
178
-                 ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO(02202)
179
-                              "Init: Read server certificate from '%s'",
180
-@@ -550,6 +552,43 @@
181
-              */
182
-             EVP_PKEY_free(pPrivateKey);
183
-         }
184
-+	/*
185
-+         * Read in Diffie-Hellman parameters file if such a file is
186
-+         * specified.
187
-+         */
188
-+        if (sc->server->pks->dhparams_file) {
189
-+            apr_cpystrn(szPath, sc->server->pks->dhparams_file, sizeof(szPath));
190
-+            if ((rv = exists_and_readable(szPath, p, NULL)) != APR_SUCCESS) {
191
-+                ap_log_error(APLOG_MARK, APLOG_ERR, rv, s,
192
-+                             "Init: Can't open server Diffie-Hellman parameters file %s",
193
-+                             szPath);
194
-+                ssl_die(s);
195
-+            }
196
-+            if ((pDHParams = SSL_read_DHparams(szPath, NULL, NULL)) == NULL) {
197
-+                ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
198
-+                        "Init: Unable to read server Diffie-Hellman parameters from file %s", szPath);
199
-+                ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, s);
200
-+                ssl_die(s);
201
-+            }
202
-+
203
-+	    /*
204
-+             * Insert the DH params into global module configuration
205
-+             * to let it survive the processing between the 1st Apache
206
-+             * API init round (where we operate here) and the 2nd
207
-+             * Apache init round (where it will be actually used to
208
-+             * configure mod_ssl's per-server configuration
209
-+             * structures).
210
-+             */
211
-+            dhid = asn1_table_vhost_key(mc, p, cpVHostID, "DH");
212
-+            length = i2d_DHparams(pDHParams, NULL);
213
-+            ucp = ssl_asn1_table_set(mc->tDHParams, dhid, length);
214
-+            (void)i2d_DHparams(pDHParams, &ucp); /* 2nd arg increments */
215
-+
216
-+            /*
217
-+             * Free the DH structure
218
-+             */
219
-+            DH_free(pDHParams);
220
-+        }
221
-     }
222
- 
223
-     /*
224
-diff -Naur httpd-2.4.3/modules/ssl/ssl_private.h httpd-2.4.3-dh/modules/ssl/ssl_private.h
225
---- httpd-2.4.3/modules/ssl/ssl_private.h	2012-08-05 15:48:40.000000000 +0200
226
-+++ httpd-2.4.3-dh/modules/ssl/ssl_private.h	2012-10-23 16:10:39.911810230 +0200
227
-@@ -121,10 +121,12 @@
228
- #define MODSSL_D2I_ASN1_type_bytes_CONST const
229
- #define MODSSL_D2I_PrivateKey_CONST const
230
- #define MODSSL_D2I_X509_CONST const
231
-+#define MODSSL_D2I_DHparams_CONST const
232
- #else
233
- #define MODSSL_D2I_ASN1_type_bytes_CONST
234
- #define MODSSL_D2I_PrivateKey_CONST
235
- #define MODSSL_D2I_X509_CONST
236
-+#define MODSSL_D2I_DHparams_CONST
237
- #endif
238
- 
239
- #if OPENSSL_VERSION_NUMBER >= 0x00908080 && !defined(OPENSSL_NO_OCSP) \
240
-@@ -535,6 +537,7 @@
241
-      * example the string "vhost.example.com:443:RSA". */
242
-     apr_hash_t     *tPublicCert;
243
-     apr_hash_t     *tPrivateKey;
244
-+    apr_hash_t     *tDHParams;
245
- 
246
- #if defined(HAVE_OPENSSL_ENGINE_H) && defined(HAVE_ENGINE_INIT)
247
-     const char     *szCryptoDevice;
248
-@@ -561,11 +564,13 @@
249
-      * unordered lists. */
250
-     const char  *cert_files[SSL_AIDX_MAX];
251
-     const char  *key_files[SSL_AIDX_MAX];
252
-+    const char  *dhparams_file;
253
-     /* Loaded certs and keys; these arrays ARE indexed by the
254
-      * algorithm type, i.e.  keys[SSL_AIDX_RSA] maps to the RSA
255
-      * private key. */
256
-     X509        *certs[SSL_AIDX_MAX];
257
-     EVP_PKEY    *keys[SSL_AIDX_MAX];
258
-+    DH          *dhparams;
259
- 
260
-     /** Certificates which specify the set of CA names which should be
261
-      * sent in the CertificateRequest message: */
262
-@@ -723,6 +728,7 @@
263
- const char  *ssl_cmd_SSLRandomSeed(cmd_parms *, void *, const char *, const char *, const char *);
264
- const char  *ssl_cmd_SSLEngine(cmd_parms *, void *, const char *);
265
- const char  *ssl_cmd_SSLCipherSuite(cmd_parms *, void *, const char *);
266
-+const char  *ssl_cmd_SSLDHParametersFile(cmd_parms *, void *, const char *);
267
- const char  *ssl_cmd_SSLCertificateFile(cmd_parms *, void *, const char *);
268
- const char  *ssl_cmd_SSLCertificateKeyFile(cmd_parms *, void *, const char *);
269
- const char  *ssl_cmd_SSLCertificateChainFile(cmd_parms *, void *, const char *);
270
-diff -Naur httpd-2.4.3/modules/ssl/ssl_util_ssl.c httpd-2.4.3-dh/modules/ssl/ssl_util_ssl.c
271
---- httpd-2.4.3/modules/ssl/ssl_util_ssl.c	2012-02-28 13:07:31.000000000 +0100
272
-+++ httpd-2.4.3-dh/modules/ssl/ssl_util_ssl.c	2012-10-23 16:10:39.911810230 +0200
273
-@@ -156,6 +156,47 @@
274
-     return rc;
275
- }
276
- 
277
-+DH *SSL_read_DHparams(char* filename, DH **DHparams, void *cb)
278
-+{
279
-+    DH  *rc;
280
-+    BIO *bioS;
281
-+    BIO *bioF;
282
-+
283
-+    /* 1. try PEM (= DER+Base64+headers) */
284
-+    if ((bioS=BIO_new_file(filename, "r")) == NULL)
285
-+        return NULL;
286
-+    rc = PEM_read_bio_DHparams(bioS, DHparams, cb, NULL);
287
-+    BIO_free(bioS);
288
-+
289
-+    if (rc == NULL) {
290
-+        /* 2. try DER+Base64 */
291
-+        if ((bioS=BIO_new_file(filename, "r")) == NULL)
292
-+            return NULL;
293
-+
294
-+        if ((bioF = BIO_new(BIO_f_base64())) == NULL) {
295
-+            BIO_free(bioS);
296
-+            return NULL;
297
-+        }
298
-+        bioS = BIO_push(bioF, bioS);
299
-+        rc = d2i_DHparams_bio(bioS, NULL);
300
-+        BIO_free_all(bioS);
301
-+
302
-+        if (rc == NULL) {
303
-+            /* 3. try plain DER */
304
-+            if ((bioS=BIO_new_file(filename, "r")) == NULL)
305
-+                return NULL;
306
-+            rc = d2i_DHparams_bio(bioS, NULL);
307
-+            BIO_free(bioS);
308
-+        }
309
-+    }
310
-+    if (rc != NULL && DHparams != NULL) {
311
-+        if (*DHparams != NULL)
312
-+            DH_free(*DHparams);
313
-+        *DHparams = rc;
314
-+    }
315
-+    return rc;
316
-+}
317
-+
318
- /*  _________________________________________________________________
319
- **
320
- **  Smart shutdown
321
-diff -Naur httpd-2.4.3/modules/ssl/ssl_util_ssl.h httpd-2.4.3-dh/modules/ssl/ssl_util_ssl.h
322
---- httpd-2.4.3/modules/ssl/ssl_util_ssl.h	2012-01-08 11:12:18.000000000 +0100
323
-+++ httpd-2.4.3-dh/modules/ssl/ssl_util_ssl.h	2012-10-23 16:10:39.912810219 +0200
324
-@@ -62,6 +62,7 @@
325
- void        SSL_set_app_data2(SSL *, void *);
326
- X509       *SSL_read_X509(char *, X509 **, pem_password_cb *);
327
- EVP_PKEY   *SSL_read_PrivateKey(char *, EVP_PKEY **, pem_password_cb *, void *);
328
-+DH         *SSL_read_DHparams(char* filename, DH **DHparams, void *cb);
329
- int         SSL_smart_shutdown(SSL *ssl);
330
- BOOL        SSL_X509_isSGC(X509 *);
331
- BOOL        SSL_X509_getBC(X509 *, int *, int *);
... ...
@@ -1,1552 +0,0 @@
1
-diff -Naur httpd-2.4.6-orig/LAYOUT httpd-2.4.6/LAYOUT
2
---- httpd-2.4.6-orig/LAYOUT	2013-10-01 12:20:45.706812951 +0200
3
-+++ httpd-2.4.6/LAYOUT	2013-10-01 12:20:50.988746918 +0200
4
-@@ -108,7 +108,6 @@
5
-     mod_ssl.c ............... main source file containing API structures
6
-     mod_ssl.h ............... common header file of mod_ssl
7
-     ssl_engine_config.c ..... module configuration handling
8
--    ssl_engine_dh.c ......... DSA/DH support
9
-     ssl_engine_init.c ....... module initialization
10
-     ssl_engine_io.c ......... I/O support
11
-     ssl_engine_kernel.c ..... SSL engine kernel
12
-diff -Naur httpd-2.4.6-orig/modules/ssl/config.m4 httpd-2.4.6/modules/ssl/config.m4
13
---- httpd-2.4.6-orig/modules/ssl/config.m4	2013-10-01 12:20:45.774812101 +0200
14
-+++ httpd-2.4.6/modules/ssl/config.m4	2013-10-01 12:20:50.989746905 +0200
15
-@@ -20,7 +20,6 @@
16
- ssl_objs="dnl
17
- mod_ssl.lo dnl
18
- ssl_engine_config.lo dnl
19
--ssl_engine_dh.lo dnl
20
- ssl_engine_init.lo dnl
21
- ssl_engine_io.lo dnl
22
- ssl_engine_kernel.lo dnl
23
-diff -Naur httpd-2.4.6-orig/modules/ssl/mod_ssl.c httpd-2.4.6/modules/ssl/mod_ssl.c
24
---- httpd-2.4.6-orig/modules/ssl/mod_ssl.c	2013-10-01 12:20:45.775812088 +0200
25
-+++ httpd-2.4.6/modules/ssl/mod_ssl.c	2013-10-01 12:20:50.989746905 +0200
26
-@@ -148,7 +148,7 @@
27
-     SSL_CMD_SRV(StrictSNIVHostCheck, FLAG,
28
-                 "Strict SNI virtual host checking")
29
- 
30
--#ifndef OPENSSL_NO_SRP
31
-+#ifdef HAVE_SRP
32
-     SSL_CMD_SRV(SRPVerifierFile, TAKE1,
33
-                 "SRP verifier file "
34
-                 "('/path/to/file' - created by srptool)")
35
-@@ -471,15 +471,6 @@
36
- 
37
-     sslconn->ssl = ssl;
38
- 
39
--    /*
40
--     *  Configure callbacks for SSL connection
41
--     */
42
--    SSL_set_tmp_rsa_callback(ssl, ssl_callback_TmpRSA);
43
--    SSL_set_tmp_dh_callback(ssl,  ssl_callback_TmpDH);
44
--#ifndef OPENSSL_NO_EC
45
--    SSL_set_tmp_ecdh_callback(ssl, ssl_callback_TmpECDH);
46
--#endif
47
--
48
-     SSL_set_verify_result(ssl, X509_V_OK);
49
- 
50
-     ssl_io_filter_init(c, r, ssl);
51
-diff -Naur httpd-2.4.6-orig/modules/ssl/mod_ssl.dsp httpd-2.4.6/modules/ssl/mod_ssl.dsp
52
---- httpd-2.4.6-orig/modules/ssl/mod_ssl.dsp	2013-10-01 12:20:45.775812088 +0200
53
-+++ httpd-2.4.6/modules/ssl/mod_ssl.dsp	2013-10-01 12:20:50.989746905 +0200
54
-@@ -112,10 +112,6 @@
55
- # End Source File
56
- # Begin Source File
57
- 
58
--SOURCE=.\ssl_engine_dh.c
59
--# End Source File
60
--# Begin Source File
61
--
62
- SOURCE=.\ssl_engine_init.c
63
- # End Source File
64
- # Begin Source File
65
-diff -Naur httpd-2.4.6-orig/modules/ssl/ssl_engine_config.c httpd-2.4.6/modules/ssl/ssl_engine_config.c
66
---- httpd-2.4.6-orig/modules/ssl/ssl_engine_config.c	2013-10-01 12:20:45.776812076 +0200
67
-+++ httpd-2.4.6/modules/ssl/ssl_engine_config.c	2013-10-01 12:20:50.989746905 +0200
68
-@@ -75,8 +75,6 @@
69
-     mc->stapling_mutex         = NULL;
70
- #endif
71
- 
72
--    memset(mc->pTmpKeys, 0, sizeof(mc->pTmpKeys));
73
--
74
-     apr_pool_userdata_set(mc, SSL_MOD_CONFIG_KEY,
75
-                           apr_pool_cleanup_null,
76
-                           pool);
77
-@@ -150,7 +148,7 @@
78
-     mctx->stapling_force_url         = NULL;
79
- #endif
80
- 
81
--#ifndef OPENSSL_NO_SRP
82
-+#ifdef HAVE_SRP
83
-     mctx->srp_vfile =             NULL;
84
-     mctx->srp_unknown_user_seed = NULL;
85
-     mctx->srp_vbase =             NULL;
86
-@@ -208,7 +206,7 @@
87
-     sc->proxy_ssl_check_peer_expire = SSL_ENABLED_UNSET;
88
-     sc->proxy_ssl_check_peer_cn     = SSL_ENABLED_UNSET;
89
-     sc->proxy_ssl_check_peer_name   = SSL_ENABLED_UNSET;
90
--#ifndef OPENSSL_NO_TLSEXT
91
-+#ifdef HAVE_TLSEXT
92
-     sc->strict_sni_vhost_check = SSL_ENABLED_UNSET;
93
- #endif
94
- #ifdef HAVE_FIPS
95
-@@ -282,7 +280,7 @@
96
-     cfgMerge(stapling_force_url, NULL);
97
- #endif
98
- 
99
--#ifndef OPENSSL_NO_SRP
100
-+#ifdef HAVE_SRP
101
-     cfgMergeString(srp_vfile);
102
-     cfgMergeString(srp_unknown_user_seed);
103
- #endif
104
-@@ -338,7 +336,7 @@
105
-     cfgMerge(proxy_ssl_check_peer_expire, SSL_ENABLED_UNSET);
106
-     cfgMerge(proxy_ssl_check_peer_cn, SSL_ENABLED_UNSET);
107
-     cfgMerge(proxy_ssl_check_peer_name, SSL_ENABLED_UNSET);
108
--#ifndef OPENSSL_NO_TLSEXT
109
-+#ifdef HAVE_TLSEXT
110
-     cfgMerge(strict_sni_vhost_check, SSL_ENABLED_UNSET);
111
- #endif
112
- #ifdef HAVE_FIPS
113
-@@ -645,6 +643,9 @@
114
-     SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
115
-     SSLDirConfigRec *dc = (SSLDirConfigRec *)dcfg;
116
- 
117
-+    /* always disable null and export ciphers */
118
-+    arg = apr_pstrcat(cmd->pool, "!aNULL:!eNULL:!EXP:", arg, NULL);
119
-+
120
-     if (cmd->path) {
121
-         dc->szCipherSuite = arg;
122
-     }
123
-@@ -1384,6 +1385,9 @@
124
- {
125
-     SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
126
- 
127
-+    /* always disable null and export ciphers */
128
-+    arg = apr_pstrcat(cmd->pool, "!aNULL:!eNULL:!EXP:", arg, NULL);
129
-+
130
-     sc->proxy->auth.cipher_suite = arg;
131
- 
132
-     return NULL;
133
-@@ -1645,7 +1649,7 @@
134
- 
135
- const char  *ssl_cmd_SSLStrictSNIVHostCheck(cmd_parms *cmd, void *dcfg, int flag)
136
- {
137
--#ifndef OPENSSL_NO_TLSEXT
138
-+#ifdef HAVE_TLSEXT
139
-     SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
140
- 
141
-     sc->strict_sni_vhost_check = flag ? SSL_ENABLED_TRUE : SSL_ENABLED_FALSE;
142
-@@ -1804,7 +1808,7 @@
143
- 
144
- #endif /* HAVE_OCSP_STAPLING */
145
- 
146
--#ifndef OPENSSL_NO_SRP
147
-+#ifdef HAVE_SRP
148
- 
149
- const char *ssl_cmd_SSLSRPVerifierFile(cmd_parms *cmd, void *dcfg,
150
-                                        const char *arg)
151
-@@ -1828,7 +1832,7 @@
152
-     return NULL;
153
- }
154
- 
155
--#endif /* OPENSSL_NO_SRP */
156
-+#endif /* HAVE_SRP */
157
- 
158
- void ssl_hook_ConfigTest(apr_pool_t *pconf, server_rec *s)
159
- {
160
-diff -Naur httpd-2.4.6-orig/modules/ssl/ssl_engine_dh.c httpd-2.4.6/modules/ssl/ssl_engine_dh.c
161
---- httpd-2.4.6-orig/modules/ssl/ssl_engine_dh.c	2013-10-01 12:20:45.777812063 +0200
162
-+++ httpd-2.4.6/modules/ssl/ssl_engine_dh.c	2013-10-01 12:20:50.990746893 +0200
163
-@@ -1,244 +0,0 @@
164
--#if 0
165
--=pod
166
--#endif
167
--
168
--/* Licensed to the Apache Software Foundation (ASF) under one or more
169
-- * contributor license agreements.  See the NOTICE file distributed with
170
-- * this work for additional information regarding copyright ownership.
171
-- * The ASF licenses this file to You under the Apache License, Version 2.0
172
-- * (the "License"); you may not use this file except in compliance with
173
-- * the License.  You may obtain a copy of the License at
174
-- *
175
-- *     http://www.apache.org/licenses/LICENSE-2.0
176
-- *
177
-- * Unless required by applicable law or agreed to in writing, software
178
-- * distributed under the License is distributed on an "AS IS" BASIS,
179
-- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
180
-- * See the License for the specific language governing permissions and
181
-- * limitations under the License.
182
-- */
183
--
184
--/*                      _             _
185
-- *  _ __ ___   ___   __| |    ___ ___| |  mod_ssl
186
-- * | '_ ` _ \ / _ \ / _` |   / __/ __| |  Apache Interface to OpenSSL
187
-- * | | | | | | (_) | (_| |   \__ \__ \ |
188
-- * |_| |_| |_|\___/ \__,_|___|___/___/_|
189
-- *                      |_____|
190
-- * ssl_engine_dh.c
191
-- * Diffie-Hellman Built-in Temporary Parameters
192
-- */
193
--
194
--#include "ssl_private.h"
195
--
196
--/* ----BEGIN GENERATED SECTION-------- */
197
--
198
--/*
199
--** Diffie-Hellman-Parameters: (512 bit)
200
--**     prime:
201
--**         00:9f:db:8b:8a:00:45:44:f0:04:5f:17:37:d0:ba:
202
--**         2e:0b:27:4c:df:1a:9f:58:82:18:fb:43:53:16:a1:
203
--**         6e:37:41:71:fd:19:d8:d8:f3:7c:39:bf:86:3f:d6:
204
--**         0e:3e:30:06:80:a3:03:0c:6e:4c:37:57:d0:8f:70:
205
--**         e6:aa:87:10:33
206
--**     generator: 2 (0x2)
207
--** Diffie-Hellman-Parameters: (1024 bit)
208
--**     prime:
209
--**         00:d6:7d:e4:40:cb:bb:dc:19:36:d6:93:d3:4a:fd:
210
--**         0a:d5:0c:84:d2:39:a4:5f:52:0b:b8:81:74:cb:98:
211
--**         bc:e9:51:84:9f:91:2e:63:9c:72:fb:13:b4:b4:d7:
212
--**         17:7e:16:d5:5a:c1:79:ba:42:0b:2a:29:fe:32:4a:
213
--**         46:7a:63:5e:81:ff:59:01:37:7b:ed:dc:fd:33:16:
214
--**         8a:46:1a:ad:3b:72:da:e8:86:00:78:04:5b:07:a7:
215
--**         db:ca:78:74:08:7d:15:10:ea:9f:cc:9d:dd:33:05:
216
--**         07:dd:62:db:88:ae:aa:74:7d:e0:f4:d6:e2:bd:68:
217
--**         b0:e7:39:3e:0f:24:21:8e:b3
218
--**     generator: 2 (0x2)
219
--*/
220
--
221
--static unsigned char dh512_p[] = {
222
--    0x9F, 0xDB, 0x8B, 0x8A, 0x00, 0x45, 0x44, 0xF0, 0x04, 0x5F, 0x17, 0x37,
223
--    0xD0, 0xBA, 0x2E, 0x0B, 0x27, 0x4C, 0xDF, 0x1A, 0x9F, 0x58, 0x82, 0x18,
224
--    0xFB, 0x43, 0x53, 0x16, 0xA1, 0x6E, 0x37, 0x41, 0x71, 0xFD, 0x19, 0xD8,
225
--    0xD8, 0xF3, 0x7C, 0x39, 0xBF, 0x86, 0x3F, 0xD6, 0x0E, 0x3E, 0x30, 0x06,
226
--    0x80, 0xA3, 0x03, 0x0C, 0x6E, 0x4C, 0x37, 0x57, 0xD0, 0x8F, 0x70, 0xE6,
227
--    0xAA, 0x87, 0x10, 0x33,
228
--};
229
--static unsigned char dh512_g[] = {
230
--    0x02,
231
--};
232
--
233
--static DH *get_dh512(void)
234
--{
235
--    DH *dh;
236
--
237
--    if (!(dh = DH_new())) {
238
--        return NULL;
239
--    }
240
--
241
--    dh->p = BN_bin2bn(dh512_p, sizeof(dh512_p), NULL);
242
--    dh->g = BN_bin2bn(dh512_g, sizeof(dh512_g), NULL);
243
--    if (!(dh->p && dh->g)) {
244
--        DH_free(dh);
245
--        return NULL;
246
--    }
247
--
248
--    return dh;
249
--}
250
--
251
--static unsigned char dh1024_p[] = {
252
--    0xD6, 0x7D, 0xE4, 0x40, 0xCB, 0xBB, 0xDC, 0x19, 0x36, 0xD6, 0x93, 0xD3,
253
--    0x4A, 0xFD, 0x0A, 0xD5, 0x0C, 0x84, 0xD2, 0x39, 0xA4, 0x5F, 0x52, 0x0B,
254
--    0xB8, 0x81, 0x74, 0xCB, 0x98, 0xBC, 0xE9, 0x51, 0x84, 0x9F, 0x91, 0x2E,
255
--    0x63, 0x9C, 0x72, 0xFB, 0x13, 0xB4, 0xB4, 0xD7, 0x17, 0x7E, 0x16, 0xD5,
256
--    0x5A, 0xC1, 0x79, 0xBA, 0x42, 0x0B, 0x2A, 0x29, 0xFE, 0x32, 0x4A, 0x46,
257
--    0x7A, 0x63, 0x5E, 0x81, 0xFF, 0x59, 0x01, 0x37, 0x7B, 0xED, 0xDC, 0xFD,
258
--    0x33, 0x16, 0x8A, 0x46, 0x1A, 0xAD, 0x3B, 0x72, 0xDA, 0xE8, 0x86, 0x00,
259
--    0x78, 0x04, 0x5B, 0x07, 0xA7, 0xDB, 0xCA, 0x78, 0x74, 0x08, 0x7D, 0x15,
260
--    0x10, 0xEA, 0x9F, 0xCC, 0x9D, 0xDD, 0x33, 0x05, 0x07, 0xDD, 0x62, 0xDB,
261
--    0x88, 0xAE, 0xAA, 0x74, 0x7D, 0xE0, 0xF4, 0xD6, 0xE2, 0xBD, 0x68, 0xB0,
262
--    0xE7, 0x39, 0x3E, 0x0F, 0x24, 0x21, 0x8E, 0xB3,
263
--};
264
--static unsigned char dh1024_g[] = {
265
--    0x02,
266
--};
267
--
268
--static DH *get_dh1024(void)
269
--{
270
--    DH *dh;
271
--
272
--    if (!(dh = DH_new())) {
273
--        return NULL;
274
--    }
275
--
276
--    dh->p = BN_bin2bn(dh1024_p, sizeof(dh1024_p), NULL);
277
--    dh->g = BN_bin2bn(dh1024_g, sizeof(dh1024_g), NULL);
278
--    if (!(dh->p && dh->g)) {
279
--        DH_free(dh);
280
--        return NULL;
281
--    }
282
--
283
--    return dh;
284
--}
285
--
286
--/* ----END GENERATED SECTION---------- */
287
--
288
--DH *ssl_dh_GetTmpParam(int nKeyLen)
289
--{
290
--    DH *dh;
291
--
292
--    if (nKeyLen == 512)
293
--        dh = get_dh512();
294
--    else if (nKeyLen == 1024)
295
--        dh = get_dh1024();
296
--    else
297
--        dh = get_dh1024();
298
--    return dh;
299
--}
300
--
301
--DH *ssl_dh_GetParamFromFile(char *file)
302
--{
303
--    DH *dh = NULL;
304
--    BIO *bio;
305
--
306
--    if ((bio = BIO_new_file(file, "r")) == NULL)
307
--        return NULL;
308
--    dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL);
309
--    BIO_free(bio);
310
--    return (dh);
311
--}
312
--
313
--/*
314
--=cut
315
--##
316
--##  Embedded Perl script for generating the temporary DH parameters
317
--##
318
--
319
--require 5.003;
320
--use strict;
321
--
322
--#   configuration
323
--my $file  = $0;
324
--my $begin = '----BEGIN GENERATED SECTION--------';
325
--my $end   = '----END GENERATED SECTION----------';
326
--
327
--#   read ourself and keep a backup
328
--open(FP, "<$file") || die;
329
--my $source = '';
330
--$source .= $_ while (<FP>);
331
--close(FP);
332
--open(FP, ">$file.bak") || die;
333
--print FP $source;
334
--close(FP);
335
--
336
--#   generate the DH parameters
337
--print "1. Generate 512 and 1024 bit Diffie-Hellman parameters (p, g)\n";
338
--my $rand = '';
339
--foreach $file (qw(/var/log/messages /var/adm/messages
340
--                  /kernel /vmunix /vmlinuz /etc/hosts /etc/resolv.conf)) {
341
--    if (-f $file) {
342
--        $rand = $file     if ($rand eq '');
343
--        $rand .= ":$file" if ($rand ne '');
344
--    }
345
--}
346
--$rand = "-rand $rand" if ($rand ne '');
347
--system("openssl gendh $rand -out dh512.pem 512");
348
--system("openssl gendh $rand -out dh1024.pem 1024");
349
--
350
--#   generate DH param info
351
--my $dhinfo = '';
352
--open(FP, "openssl dh -noout -text -in dh512.pem |") || die;
353
--$dhinfo .= $_ while (<FP>);
354
--close(FP);
355
--open(FP, "openssl dh -noout -text -in dh1024.pem |") || die;
356
--$dhinfo .= $_ while (<FP>);
357
--close(FP);
358
--$dhinfo =~ s|^|** |mg;
359
--$dhinfo = "\n\/\*\n$dhinfo\*\/\n\n";
360
--
361
--my $indent_args = "-i4 -npsl -di0 -br -nce -d0 -cli0 -npcs -nfc1";
362
--
363
--#   generate C source from DH params
364
--my $dhsource = '';
365
--open(FP, "openssl dh -noout -C -in dh512.pem | indent $indent_args | expand |") || die;
366
--$dhsource .= $_ while (<FP>);
367
--close(FP);
368
--open(FP, "openssl dh -noout -C -in dh1024.pem | indent $indent_args | expand |") || die;
369
--$dhsource .= $_ while (<FP>);
370
--close(FP);
371
--$dhsource =~ s|(DH\s+\*get_dh)(\d+)[^}]*\n}|static $1$2(void)
372
--{
373
--    DH *dh;
374
--
375
--    if (!(dh = DH_new())) {
376
--        return NULL;
377
--    }
378
--
379
--    dh->p = BN_bin2bn(dh$2_p, sizeof(dh$2_p), NULL);
380
--    dh->g = BN_bin2bn(dh$2_g, sizeof(dh$2_g), NULL);
381
--    if (!(dh->p && dh->g)) {
382
--        DH_free(dh);
383
--        return NULL;
384
--    }
385
--
386
--    return dh;
387
--}
388
--|sg;
389
--
390
--#   generate output
391
--my $o = $dhinfo . $dhsource;
392
--
393
--#   insert the generated code at the target location
394
--$source =~ s|(\/\* $begin.+?\n).*\n(.*?\/\* $end)|$1$o$2|s;
395
--
396
--#   and update the source on disk
397
--print "Updating file `$file'\n";
398
--open(FP, ">$file") || die;
399
--print FP $source;
400
--close(FP);
401
--
402
--#   cleanup
403
--unlink("dh512.pem");
404
--unlink("dh1024.pem");
405
--
406
--=pod
407
--*/
408
-diff -Naur httpd-2.4.6-orig/modules/ssl/ssl_engine_init.c httpd-2.4.6/modules/ssl/ssl_engine_init.c
409
---- httpd-2.4.6-orig/modules/ssl/ssl_engine_init.c	2013-10-01 12:20:45.777812063 +0200
410
-+++ httpd-2.4.6/modules/ssl/ssl_engine_init.c	2013-10-01 12:20:50.990746893 +0200
411
-@@ -35,7 +35,7 @@
412
- **  _________________________________________________________________
413
- */
414
- 
415
--#ifndef OPENSSL_NO_EC
416
-+#ifdef HAVE_ECC
417
- #define KEYTYPES "RSA, DSA or ECC"
418
- #else 
419
- #define KEYTYPES "RSA or DSA"
420
-@@ -56,180 +56,6 @@
421
-                  modver, AP_SERVER_BASEVERSION, incver);
422
- }
423
- 
424
--
425
--/*
426
-- * Handle the Temporary RSA Keys and DH Params
427
-- */
428
--
429
--#define MODSSL_TMP_KEY_FREE(mc, type, idx) \
430
--    if (mc->pTmpKeys[idx]) { \
431
--        type##_free((type *)mc->pTmpKeys[idx]); \
432
--        mc->pTmpKeys[idx] = NULL; \
433
--    }
434
--
435
--#define MODSSL_TMP_KEYS_FREE(mc, type) \
436
--    MODSSL_TMP_KEY_FREE(mc, type, SSL_TMP_KEY_##type##_512); \
437
--    MODSSL_TMP_KEY_FREE(mc, type, SSL_TMP_KEY_##type##_1024)
438
--
439
--static void ssl_tmp_keys_free(server_rec *s)
440
--{
441
--    SSLModConfigRec *mc = myModConfig(s);
442
--
443
--    MODSSL_TMP_KEYS_FREE(mc, RSA);
444
--    MODSSL_TMP_KEYS_FREE(mc, DH);
445
--#ifndef OPENSSL_NO_EC
446
--    MODSSL_TMP_KEY_FREE(mc, EC_KEY, SSL_TMP_KEY_EC_256);
447
--#endif
448
--}
449
--
450
--static int ssl_tmp_key_init_rsa(server_rec *s,
451
--                                int bits, int idx)
452
--{
453
--    SSLModConfigRec *mc = myModConfig(s);
454
--
455
--#ifdef HAVE_FIPS
456
--
457
--    if (FIPS_mode() && bits < 1024) {
458
--        mc->pTmpKeys[idx] = NULL;
459
--        ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO(01877)
460
--                     "Init: Skipping generating temporary "
461
--                     "%d bit RSA private key in FIPS mode", bits);
462
--        return OK;
463
--    }
464
--
465
--#endif
466
--#ifdef HAVE_GENERATE_EX
467
--    {
468
--        RSA *tkey;
469
--        BIGNUM *bn_f4;
470
--        if (!(tkey = RSA_new())
471
--          || !(bn_f4 = BN_new())
472
--          || !BN_set_word(bn_f4, RSA_F4)
473
--          || !RSA_generate_key_ex(tkey, bits, bn_f4, NULL))
474
--        {
475
--            ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, APLOGNO(01878)
476
--                         "Init: Failed to generate temporary "
477
--                         "%d bit RSA private key", bits);
478
--            ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, s);
479
--            return !OK;
480
--        }
481
--        BN_free(bn_f4);
482
--        mc->pTmpKeys[idx] = tkey;
483
--    }
484
--#else
485
--    if (!(mc->pTmpKeys[idx] =
486
--          RSA_generate_key(bits, RSA_F4, NULL, NULL)))
487
--    {
488
--        ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, APLOGNO(01879)
489
--                     "Init: Failed to generate temporary "
490
--                     "%d bit RSA private key", bits);
491
--        ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, s);
492
--        return !OK;
493
--    }
494
--#endif
495
--
496
--    return OK;
497
--}
498
--
499
--static int ssl_tmp_key_init_dh(server_rec *s,
500
--                               int bits, int idx)
501
--{
502
--    SSLModConfigRec *mc = myModConfig(s);
503
--
504
--#ifdef HAVE_FIPS
505
--
506
--    if (FIPS_mode() && bits < 1024) {
507
--        mc->pTmpKeys[idx] = NULL;
508
--        ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO(01880)
509
--                     "Init: Skipping generating temporary "
510
--                     "%d bit DH parameters in FIPS mode", bits);
511
--        return OK;
512
--    }
513
--
514
--#endif
515
--
516
--    if (!(mc->pTmpKeys[idx] =
517
--          ssl_dh_GetTmpParam(bits)))
518
--    {
519
--        ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, APLOGNO(01881)
520
--                     "Init: Failed to generate temporary "
521
--                     "%d bit DH parameters", bits);
522
--        return !OK;
523
--    }
524
--
525
--    return OK;
526
--}
527
--
528
--#ifndef OPENSSL_NO_EC
529
--static int ssl_tmp_key_init_ec(server_rec *s,
530
--                               int bits, int idx)
531
--{
532
--    SSLModConfigRec *mc = myModConfig(s);
533
--    EC_KEY *ecdh = NULL;
534
--
535
--    /* XXX: Are there any FIPS constraints we should enforce? */
536
--
537
--    if (bits != 256) {
538
--        ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, APLOGNO(02298)
539
--                     "Init: Failed to generate temporary "
540
--                     "%d bit EC parameters, only 256 bits supported", bits);
541
--        return !OK;
542
--    }
543
--
544
--    if ((ecdh = EC_KEY_new()) == NULL ||
545
--        EC_KEY_set_group(ecdh, EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1)) != 1)
546
--    {
547
--        ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, APLOGNO(02299)
548
--                     "Init: Failed to generate temporary "
549
--                     "%d bit EC parameters", bits);
550
--        return !OK;
551
--    }
552
--
553
--    mc->pTmpKeys[idx] = ecdh;
554
--    return OK;
555
--}
556
--
557
--#define MODSSL_TMP_KEY_INIT_EC(s, bits) \
558
--    ssl_tmp_key_init_ec(s, bits, SSL_TMP_KEY_EC_##bits)
559
--
560
--#endif
561
--
562
--#define MODSSL_TMP_KEY_INIT_RSA(s, bits) \
563
--    ssl_tmp_key_init_rsa(s, bits, SSL_TMP_KEY_RSA_##bits)
564
--
565
--#define MODSSL_TMP_KEY_INIT_DH(s, bits) \
566
--    ssl_tmp_key_init_dh(s, bits, SSL_TMP_KEY_DH_##bits)
567
--
568
--static int ssl_tmp_keys_init(server_rec *s)
569
--{
570
--    ap_log_error(APLOG_MARK, APLOG_TRACE1, 0, s,
571
--                 "Init: Generating temporary RSA private keys (512/1024 bits)");
572
--
573
--    if (MODSSL_TMP_KEY_INIT_RSA(s, 512) ||
574
--        MODSSL_TMP_KEY_INIT_RSA(s, 1024)) {
575
--        return !OK;
576
--    }
577
--
578
--    ap_log_error(APLOG_MARK, APLOG_TRACE1, 0, s,
579
--                 "Init: Generating temporary DH parameters (512/1024 bits)");
580
--
581
--    if (MODSSL_TMP_KEY_INIT_DH(s, 512) ||
582
--        MODSSL_TMP_KEY_INIT_DH(s, 1024)) {
583
--        return !OK;
584
--    }
585
--
586
--#ifndef OPENSSL_NO_EC
587
--    ap_log_error(APLOG_MARK, APLOG_TRACE1, 0, s,
588
--                 "Init: Generating temporary EC parameters (256 bits)");
589
--
590
--    if (MODSSL_TMP_KEY_INIT_EC(s, 256)) {
591
--        return !OK;
592
--    }
593
--#endif
594
--
595
--    return OK;
596
--}
597
--
598
- /*
599
-  *  Per-module initialization
600
-  */
601
-@@ -367,10 +193,6 @@
602
-      */
603
-     ssl_pphrase_Handle(base_server, ptemp);
604
- 
605
--    if (ssl_tmp_keys_init(base_server)) {
606
--        return !OK;
607
--    }
608
--
609
-     /*
610
-      * initialize the mutex handling
611
-      */
612
-@@ -481,7 +303,7 @@
613
-      */
614
-     if (mctx->pks->certs[SSL_AIDX_RSA] ||
615
-         mctx->pks->certs[SSL_AIDX_DSA]
616
--#ifndef OPENSSL_NO_EC
617
-+#ifdef HAVE_ECC
618
-       || mctx->pks->certs[SSL_AIDX_ECC]
619
- #endif
620
-         )
621
-@@ -493,7 +315,7 @@
622
-     }
623
- }
624
- 
625
--#ifndef OPENSSL_NO_TLSEXT
626
-+#ifdef HAVE_TLSEXT
627
- static void ssl_init_ctx_tls_extensions(server_rec *s,
628
-                                         apr_pool_t *p,
629
-                                         apr_pool_t *ptemp,
630
-@@ -527,7 +349,7 @@
631
-     }
632
- #endif
633
- 
634
--#ifndef OPENSSL_NO_SRP
635
-+#ifdef HAVE_SRP
636
-     /*
637
-      * TLS-SRP support
638
-      */
639
-@@ -660,7 +482,7 @@
640
- #ifdef SSL_OP_NO_COMPRESSION
641
-         /* OpenSSL >= 1.0 only */
642
-         SSL_CTX_set_options(ctx, SSL_OP_NO_COMPRESSION);
643
--#elif OPENSSL_VERSION_NUMBER >= 0x00908000L
644
-+#else
645
-         sk_SSL_COMP_zero(SSL_COMP_get_compression_methods());
646
- #endif
647
-     }
648
-@@ -678,6 +500,9 @@
649
-      * Configure additional context ingredients
650
-      */
651
-     SSL_CTX_set_options(ctx, SSL_OP_SINGLE_DH_USE);
652
-+#ifdef HAVE_ECC
653
-+    SSL_CTX_set_options(ctx, SSL_OP_SINGLE_ECDH_USE);
654
-+#endif
655
- 
656
- #ifdef SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION
657
-     /*
658
-@@ -718,11 +543,7 @@
659
- {
660
-     SSL_CTX *ctx = mctx->ssl_ctx;
661
- 
662
--    SSL_CTX_set_tmp_rsa_callback(ctx, ssl_callback_TmpRSA);
663
-     SSL_CTX_set_tmp_dh_callback(ctx,  ssl_callback_TmpDH);
664
--#ifndef OPENSSL_NO_EC
665
--    SSL_CTX_set_tmp_ecdh_callback(ctx,ssl_callback_TmpECDH);
666
--#endif
667
- 
668
-     SSL_CTX_set_info_callback(ctx, ssl_callback_Info);
669
- }
670
-@@ -818,14 +639,16 @@
671
-                                       modssl_ctx_t *mctx)
672
- {
673
-     SSL_CTX *ctx = mctx->ssl_ctx;
674
--    const char *suite = mctx->auth.cipher_suite;
675
-+    const char *suite;
676
- 
677
-     /*
678
--     *  Configure SSL Cipher Suite
679
-+     *  Configure SSL Cipher Suite. Always disable NULL and export ciphers,
680
-+     *  see also ssl_engine_config.c:ssl_cmd_SSLCipherSuite().
681
-+     *  OpenSSL's SSL_DEFAULT_CIPHER_LIST already includes !aNULL:!eNULL,
682
-+     *  so only prepend !EXP in this case.
683
-      */
684
--    if (!suite) {
685
--        return;
686
--    }
687
-+    suite = mctx->auth.cipher_suite ? mctx->auth.cipher_suite :
688
-+            apr_pstrcat(ptemp, "!EXP:", SSL_DEFAULT_CIPHER_LIST, NULL);
689
- 
690
-     ap_log_error(APLOG_MARK, APLOG_TRACE1, 0, s,
691
-                  "Configuring permitted SSL ciphers [%s]",
692
-@@ -988,7 +811,7 @@
693
-     if (mctx->pks) {
694
-         /* XXX: proxy support? */
695
-         ssl_init_ctx_cert_chain(s, p, ptemp, mctx);
696
--#ifndef OPENSSL_NO_TLSEXT
697
-+#ifdef HAVE_TLSEXT
698
-         ssl_init_ctx_tls_extensions(s, p, ptemp, mctx);
699
- #endif
700
-     }
701
-@@ -1001,7 +824,7 @@
702
- {
703
-     SSLModConfigRec *mc = myModConfig(s);
704
-     ssl_asn1_t *asn1;
705
--    MODSSL_D2I_X509_CONST unsigned char *ptr;
706
-+    const unsigned char *ptr;
707
-     const char *type = ssl_asn1_keystr(idx);
708
-     X509 *cert;
709
- 
710
-@@ -1048,12 +871,12 @@
711
- {
712
-     SSLModConfigRec *mc = myModConfig(s);
713
-     ssl_asn1_t *asn1;
714
--    MODSSL_D2I_PrivateKey_CONST unsigned char *ptr;
715
-+    const unsigned char *ptr;
716
-     const char *type = ssl_asn1_keystr(idx);
717
-     int pkey_type;
718
-     EVP_PKEY *pkey;
719
- 
720
--#ifndef OPENSSL_NO_EC
721
-+#ifdef HAVE_ECC
722
-     if (idx == SSL_AIDX_ECC)
723
-       pkey_type = EVP_PKEY_EC;
724
-     else
725
-@@ -1157,30 +980,34 @@
726
-                                   modssl_ctx_t *mctx)
727
- {
728
-     const char *rsa_id, *dsa_id;
729
--#ifndef OPENSSL_NO_EC
730
-+#ifdef HAVE_ECC
731
-     const char *ecc_id;
732
-+    EC_GROUP *ecparams;
733
-+    int nid;
734
-+    EC_KEY *eckey;
735
- #endif
736
-     const char *vhost_id = mctx->sc->vhost_id;
737
-     int i;
738
-     int have_rsa, have_dsa;
739
--#ifndef OPENSSL_NO_EC
740
-+    DH *dhparams;
741
-+#ifdef HAVE_ECC
742
-     int have_ecc;
743
- #endif
744
- 
745
-     rsa_id = ssl_asn1_table_keyfmt(ptemp, vhost_id, SSL_AIDX_RSA);
746
-     dsa_id = ssl_asn1_table_keyfmt(ptemp, vhost_id, SSL_AIDX_DSA);
747
--#ifndef OPENSSL_NO_EC
748
-+#ifdef HAVE_ECC
749
-     ecc_id = ssl_asn1_table_keyfmt(ptemp, vhost_id, SSL_AIDX_ECC);
750
- #endif
751
- 
752
-     have_rsa = ssl_server_import_cert(s, mctx, rsa_id, SSL_AIDX_RSA);
753
-     have_dsa = ssl_server_import_cert(s, mctx, dsa_id, SSL_AIDX_DSA);
754
--#ifndef OPENSSL_NO_EC
755
-+#ifdef HAVE_ECC
756
-     have_ecc = ssl_server_import_cert(s, mctx, ecc_id, SSL_AIDX_ECC);
757
- #endif
758
- 
759
-     if (!(have_rsa || have_dsa
760
--#ifndef OPENSSL_NO_EC
761
-+#ifdef HAVE_ECC
762
-         || have_ecc
763
- #endif
764
- )) {
765
-@@ -1196,12 +1023,12 @@
766
- 
767
-     have_rsa = ssl_server_import_key(s, mctx, rsa_id, SSL_AIDX_RSA);
768
-     have_dsa = ssl_server_import_key(s, mctx, dsa_id, SSL_AIDX_DSA);
769
--#ifndef OPENSSL_NO_EC
770
-+#ifdef HAVE_ECC
771
-     have_ecc = ssl_server_import_key(s, mctx, ecc_id, SSL_AIDX_ECC);
772
- #endif
773
- 
774
-     if (!(have_rsa || have_dsa
775
--#ifndef OPENSSL_NO_EC
776
-+#ifdef HAVE_ECC
777
-         || have_ecc
778
- #endif
779
-           )) {
780
-@@ -1209,6 +1036,40 @@
781
-                 "Oops, no " KEYTYPES " server private key found?!");
782
-         ssl_die(s);
783
-     }
784
-+
785
-+    /*
786
-+     * Try to read DH parameters from the (first) SSLCertificateFile
787
-+     */
788
-+    if ((mctx->pks->cert_files[0] != NULL) &&
789
-+        (dhparams = ssl_dh_GetParamFromFile(mctx->pks->cert_files[0]))) {
790
-+        SSL_CTX_set_tmp_dh(mctx->ssl_ctx, dhparams);
791
-+        ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO(02540)
792
-+                     "Custom DH parameters (%d bits) for %s loaded from %s",
793
-+                     BN_num_bits(dhparams->p), vhost_id,
794
-+                     mctx->pks->cert_files[0]);
795
-+    }
796
-+
797
-+#ifdef HAVE_ECC
798
-+    /*
799
-+     * Similarly, try to read the ECDH curve name from SSLCertificateFile...
800
-+     */
801
-+    if ((mctx->pks->cert_files[0] != NULL) &&
802
-+        (ecparams = ssl_ec_GetParamFromFile(mctx->pks->cert_files[0])) &&
803
-+        (nid = EC_GROUP_get_curve_name(ecparams)) &&
804
-+        (eckey = EC_KEY_new_by_curve_name(nid))) {
805
-+        SSL_CTX_set_tmp_ecdh(mctx->ssl_ctx, eckey);
806
-+        ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO(02541)
807
-+                     "ECDH curve %s for %s specified in %s",
808
-+                     OBJ_nid2sn(nid), vhost_id, mctx->pks->cert_files[0]);
809
-+    }
810
-+    /*
811
-+     * ...otherwise, configure NIST P-256 (required to enable ECDHE)
812
-+     */
813
-+    else {
814
-+        SSL_CTX_set_tmp_ecdh(mctx->ssl_ctx,
815
-+                             EC_KEY_new_by_curve_name(NID_X9_62_prime256v1));
816
-+    }
817
-+#endif
818
- }
819
- 
820
- #ifdef HAVE_TLS_SESSION_TICKETS
821
-@@ -1516,7 +1377,7 @@
822
-         klen = strlen(key);
823
- 
824
-         if ((ps = (server_rec *)apr_hash_get(table, key, klen))) {
825
--#ifdef OPENSSL_NO_TLSEXT
826
-+#ifndef HAVE_TLSEXT
827
-             int level = APLOG_WARNING;
828
-             const char *problem = "conflict";
829
- #else
830
-@@ -1540,7 +1401,7 @@
831
-     }
832
- 
833
-     if (conflict) {
834
--#ifdef OPENSSL_NO_TLSEXT
835
-+#ifndef HAVE_TLSEXT
836
-         ap_log_error(APLOG_MARK, APLOG_WARNING, 0, base_server, APLOGNO(01917)
837
-                      "Init: You should not use name-based "
838
-                      "virtual hosts in conjunction with SSL!!");
839
-@@ -1689,7 +1550,7 @@
840
- {
841
-     MODSSL_CFG_ITEM_FREE(SSL_CTX_free, mctx->ssl_ctx);
842
- 
843
--#ifndef OPENSSL_NO_SRP
844
-+#ifdef HAVE_SRP
845
-     if (mctx->srp_vbase != NULL) {
846
-         SRP_VBASE_free(mctx->srp_vbase);
847
-         mctx->srp_vbase = NULL;
848
-@@ -1745,11 +1606,6 @@
849
-     ssl_scache_kill(base_server);
850
- 
851
-     /*
852
--     * Destroy the temporary keys and params
853
--     */
854
--    ssl_tmp_keys_free(base_server);
855
--
856
--    /*
857
-      * Free the non-pool allocated structures
858
-      * in the per-server configurations
859
-      */
860
-diff -Naur httpd-2.4.6-orig/modules/ssl/ssl_engine_io.c httpd-2.4.6/modules/ssl/ssl_engine_io.c
861
---- httpd-2.4.6-orig/modules/ssl/ssl_engine_io.c	2013-10-01 12:20:45.775812088 +0200
862
-+++ httpd-2.4.6/modules/ssl/ssl_engine_io.c	2013-10-01 12:20:50.991746880 +0200
863
-@@ -1048,7 +1048,7 @@
864
- 
865
-     server = sslconn->server;
866
-     if (sslconn->is_proxy) {
867
--#ifndef OPENSSL_NO_TLSEXT
868
-+#ifdef HAVE_TLSEXT
869
-         apr_ipsubnet_t *ip;
870
- #endif
871
-         const char *hostname_note = apr_table_get(c->notes,
872
-@@ -1056,7 +1056,7 @@
873
-         BOOL proxy_ssl_check_peer_ok = TRUE;
874
-         sc = mySrvConfig(server);
875
- 
876
--#ifndef OPENSSL_NO_TLSEXT
877
-+#ifdef HAVE_TLSEXT
878
-         /*
879
-          * Enable SNI for backend requests. Make sure we don't do it for
880
-          * pure SSLv3 connections, and also prevent IP addresses
881
-diff -Naur httpd-2.4.6-orig/modules/ssl/ssl_engine_kernel.c httpd-2.4.6/modules/ssl/ssl_engine_kernel.c
882
---- httpd-2.4.6-orig/modules/ssl/ssl_engine_kernel.c	2013-10-01 12:20:45.776812076 +0200
883
-+++ httpd-2.4.6/modules/ssl/ssl_engine_kernel.c	2013-10-01 12:20:50.992746868 +0200
884
-@@ -32,7 +32,7 @@
885
- #include "util_md5.h"
886
- 
887
- static void ssl_configure_env(request_rec *r, SSLConnRec *sslconn);
888
--#ifndef OPENSSL_NO_TLSEXT
889
-+#ifdef HAVE_TLSEXT
890
- static int ssl_find_vhost(void *servername, conn_rec *c, server_rec *s);
891
- #endif
892
- 
893
-@@ -119,7 +119,7 @@
894
-     SSLSrvConfigRec *sc = mySrvConfig(r->server);
895
-     SSLConnRec *sslconn;
896
-     const char *upgrade;
897
--#ifndef OPENSSL_NO_TLSEXT
898
-+#ifdef HAVE_TLSEXT
899
-     const char *servername;
900
- #endif
901
-     SSL *ssl;
902
-@@ -162,7 +162,7 @@
903
-     if (!ssl) {
904
-         return DECLINED;
905
-     }
906
--#ifndef OPENSSL_NO_TLSEXT
907
-+#ifdef HAVE_TLSEXT
908
-     if ((servername = SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name))) {
909
-         char *host, *scope_id;
910
-         apr_port_t port;
911
-@@ -329,7 +329,7 @@
912
-         return DECLINED;
913
-     }
914
- 
915
--#ifndef OPENSSL_NO_SRP
916
-+#ifdef HAVE_SRP
917
-     /*
918
-      * Support for per-directory reconfigured SSL connection parameters
919
-      *
920
-@@ -1101,7 +1101,7 @@
921
-     "SSL_SERVER_A_SIG",
922
-     "SSL_SESSION_ID",
923
-     "SSL_SESSION_RESUMED",
924
--#ifndef OPENSSL_NO_SRP
925
-+#ifdef HAVE_SRP
926
-     "SSL_SRP_USER",
927
-     "SSL_SRP_USERINFO",
928
- #endif
929
-@@ -1115,7 +1115,7 @@
930
-     SSLDirConfigRec *dc = myDirConfig(r);
931
-     apr_table_t *env = r->subprocess_env;
932
-     char *var, *val = "";
933
--#ifndef OPENSSL_NO_TLSEXT
934
-+#ifdef HAVE_TLSEXT
935
-     const char *servername;
936
- #endif
937
-     STACK_OF(X509) *peer_certs;
938
-@@ -1144,7 +1144,7 @@
939
-     /* the always present HTTPS (=HTTP over SSL) flag! */
940
-     apr_table_setn(env, "HTTPS", "on");
941
- 
942
--#ifndef OPENSSL_NO_TLSEXT
943
-+#ifdef HAVE_TLSEXT
944
-     /* add content of SNI TLS extension (if supplied with ClientHello) */
945
-     if ((servername = SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name))) {
946
-         apr_table_set(env, "SSL_TLS_SNI", servername);
947
-@@ -1287,117 +1287,70 @@
948
- */
949
- 
950
- /*
951
-- * Handle out temporary RSA private keys on demand
952
-- *
953
-- * The background of this as the TLSv1 standard explains it:
954
-- *
955
-- * | D.1. Temporary RSA keys
956
-- * |
957
-- * |    US Export restrictions limit RSA keys used for encryption to 512
958
-- * |    bits, but do not place any limit on lengths of RSA keys used for
959
-- * |    signing operations. Certificates often need to be larger than 512
960
-- * |    bits, since 512-bit RSA keys are not secure enough for high-value
961
-- * |    transactions or for applications requiring long-term security. Some
962
-- * |    certificates are also designated signing-only, in which case they
963
-- * |    cannot be used for key exchange.
964
-- * |
965
-- * |    When the public key in the certificate cannot be used for encryption,
966
-- * |    the server signs a temporary RSA key, which is then exchanged. In
967
-- * |    exportable applications, the temporary RSA key should be the maximum
968
-- * |    allowable length (i.e., 512 bits). Because 512-bit RSA keys are
969
-- * |    relatively insecure, they should be changed often. For typical
970
-- * |    electronic commerce applications, it is suggested that keys be
971
-- * |    changed daily or every 500 transactions, and more often if possible.
972
-- * |    Note that while it is acceptable to use the same temporary key for
973
-- * |    multiple transactions, it must be signed each time it is used.
974
-- * |
975
-- * |    RSA key generation is a time-consuming process. In many cases, a
976
-- * |    low-priority process can be assigned the task of key generation.
977
-- * |    Whenever a new key is completed, the existing temporary key can be
978
-- * |    replaced with the new one.
979
-- *
980
-- * XXX: base on comment above, if thread support is enabled,
981
-- * we should spawn a low-priority thread to generate new keys
982
-- * on the fly.
983
-- *
984
-- * So we generated 512 and 1024 bit temporary keys on startup
985
-- * which we now just hand out on demand....
986
-+ * Grab well-defined DH parameters from OpenSSL, see <openssl/bn.h>
987
-+ * (get_rfc*) for all available primes.
988
-  */
989
--
990
--RSA *ssl_callback_TmpRSA(SSL *ssl, int export, int keylen)
991
--{
992
--    conn_rec *c = (conn_rec *)SSL_get_app_data(ssl);
993
--    SSLModConfigRec *mc = myModConfigFromConn(c);
994
--    int idx;
995
--
996
--    ap_log_cerror(APLOG_MARK, APLOG_TRACE2, 0, c,
997
--                  "handing out temporary %d bit RSA key", keylen);
998
--
999
--    /* doesn't matter if export flag is on,
1000
--     * we won't be asked for keylen > 512 in that case.
1001
--     * if we are asked for a keylen > 1024, it is too expensive
1002
--     * to generate on the fly.
1003
--     * XXX: any reason not to generate 2048 bit keys at startup?
1004
--     */
1005
--
1006
--    switch (keylen) {
1007
--      case 512:
1008
--        idx = SSL_TMP_KEY_RSA_512;
1009
--        break;
1010
--
1011
--      case 1024:
1012
--      default:
1013
--        idx = SSL_TMP_KEY_RSA_1024;
1014
--    }
1015
--
1016
--    return (RSA *)mc->pTmpKeys[idx];
1017
-+#define make_get_dh(rfc,size,gen) \
1018
-+static DH *get_dh##size(void) \
1019
-+{ \
1020
-+    DH *dh; \
1021
-+    if (!(dh = DH_new())) { \
1022
-+        return NULL; \
1023
-+    } \
1024
-+    dh->p = get_##rfc##_prime_##size(NULL); \
1025
-+    BN_dec2bn(&dh->g, #gen); \
1026
-+    if (!dh->p || !dh->g) { \
1027
-+        DH_free(dh); \
1028
-+        return NULL; \
1029
-+    } \
1030
-+    return dh; \
1031
- }
1032
- 
1033
- /*
1034
-- * Hand out the already generated DH parameters...
1035
-+ * Prepare DH parameters from 1024 to 4096 bits, in 1024-bit increments
1036
-+ */
1037
-+make_get_dh(rfc2409, 1024, 2)
1038
-+make_get_dh(rfc3526, 2048, 2)
1039
-+make_get_dh(rfc3526, 3072, 2)
1040
-+make_get_dh(rfc3526, 4096, 2)
1041
-+
1042
-+/*
1043
-+ * Hand out standard DH parameters, based on the authentication strength
1044
-  */
1045
- DH *ssl_callback_TmpDH(SSL *ssl, int export, int keylen)
1046
- {
1047
-     conn_rec *c = (conn_rec *)SSL_get_app_data(ssl);
1048
--    SSLModConfigRec *mc = myModConfigFromConn(c);
1049
--    int idx;
1050
--
1051
--    ap_log_cerror(APLOG_MARK, APLOG_TRACE2, 0, c,
1052
--                  "handing out temporary %d bit DH key", keylen);
1053
-+    EVP_PKEY *pkey = SSL_get_privatekey(ssl);
1054
-+    int type = pkey ? EVP_PKEY_type(pkey->type) : EVP_PKEY_NONE;
1055
- 
1056
--    switch (keylen) {
1057
--      case 512:
1058
--        idx = SSL_TMP_KEY_DH_512;
1059
--        break;
1060
--
1061
--      case 1024:
1062
--      default:
1063
--        idx = SSL_TMP_KEY_DH_1024;
1064
-+    /*
1065
-+     * OpenSSL will call us with either keylen == 512 or keylen == 1024
1066
-+     * (see the definition of SSL_EXPORT_PKEYLENGTH in ssl_locl.h).
1067
-+     * Adjust the DH parameter length according to the size of the
1068
-+     * RSA/DSA private key used for the current connection, and always
1069
-+     * use at least 1024-bit parameters.
1070
-+     * Note: This may cause interoperability issues with implementations
1071
-+     * which limit their DH support to 1024 bit - e.g. Java 7 and earlier.
1072
-+     * In this case, SSLCertificateFile can be used to specify fixed
1073
-+     * 1024-bit DH parameters (with the effect that OpenSSL skips this
1074
-+     * callback).
1075
-+     */
1076
-+    if ((type == EVP_PKEY_RSA) || (type == EVP_PKEY_DSA)) {
1077
-+        keylen = EVP_PKEY_bits(pkey);
1078
-     }
1079
- 
1080
--    return (DH *)mc->pTmpKeys[idx];
1081
--}
1082
--
1083
--#ifndef OPENSSL_NO_EC
1084
--EC_KEY *ssl_callback_TmpECDH(SSL *ssl, int export, int keylen)
1085
--{
1086
--    conn_rec *c = (conn_rec *)SSL_get_app_data(ssl);
1087
--    SSLModConfigRec *mc = myModConfigFromConn(c);
1088
--    int idx;
1089
--
1090
--    /* XXX Uses 256-bit key for now. TODO: support other sizes. */
1091
-     ap_log_cerror(APLOG_MARK, APLOG_TRACE2, 0, c,
1092
--                  "handing out temporary 256 bit ECC key");
1093
-+                  "handing out built-in DH parameters for %d-bit authenticated connection", keylen);
1094
- 
1095
--    switch (keylen) {
1096
--      case 256:
1097
--      default:
1098
--        idx = SSL_TMP_KEY_EC_256;
1099
--    }
1100
--
1101
--    return (EC_KEY *)mc->pTmpKeys[idx];
1102
-+    if (keylen >= 4096)
1103
-+        return get_dh4096();
1104
-+    else if (keylen >= 3072)
1105
-+        return get_dh3072();
1106
-+    else if (keylen >= 2048)
1107
-+        return get_dh2048();
1108
-+    else
1109
-+        return get_dh1024();
1110
- }
1111
--#endif
1112
- 
1113
- /*
1114
-  * This OpenSSL callback function is called when OpenSSL
1115
-@@ -1938,7 +1891,7 @@
1116
-     }
1117
- }
1118
- 
1119
--#ifndef OPENSSL_NO_TLSEXT
1120
-+#ifdef HAVE_TLSEXT
1121
- /*
1122
-  * This callback function is executed when OpenSSL encounters an extended
1123
-  * client hello with a server name indication extension ("SNI", cf. RFC 4366).
1124
-@@ -2089,7 +2042,7 @@
1125
- 
1126
-     return 0;
1127
- }
1128
--#endif /* OPENSSL_NO_TLSEXT */
1129
-+#endif /* HAVE_TLSEXT */
1130
- 
1131
- #ifdef HAVE_TLS_SESSION_TICKETS
1132
- /*
1133
-@@ -2161,7 +2114,7 @@
1134
- }
1135
- #endif /* HAVE_TLS_SESSION_TICKETS */
1136
- 
1137
--#ifndef OPENSSL_NO_SRP
1138
-+#ifdef HAVE_SRP
1139
- 
1140
- int ssl_callback_SRPServerParams(SSL *ssl, int *ad, void *arg)
1141
- {
1142
-@@ -2185,4 +2138,4 @@
1143
-     return SSL_ERROR_NONE;
1144
- }
1145
- 
1146
--#endif /* OPENSSL_NO_SRP */
1147
-+#endif /* HAVE_SRP */
1148
-diff -Naur httpd-2.4.6-orig/modules/ssl/ssl_engine_pphrase.c httpd-2.4.6/modules/ssl/ssl_engine_pphrase.c
1149
---- httpd-2.4.6-orig/modules/ssl/ssl_engine_pphrase.c	2013-10-01 12:20:45.777812063 +0200
1150
-+++ httpd-2.4.6/modules/ssl/ssl_engine_pphrase.c	2013-10-01 12:20:50.992746868 +0200
1151
-@@ -708,7 +708,7 @@
1152
-                     ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, APLOGNO(01966)
1153
-                                  "Init: Failed to create pass phrase pipe '%s'",
1154
-                                  sc->server->pphrase_dialog_path);
1155
--                    PEMerr(PEM_F_DEF_CALLBACK,PEM_R_PROBLEMS_GETTING_PASSWORD);
1156
-+                    PEMerr(PEM_F_PEM_DEF_CALLBACK,PEM_R_PROBLEMS_GETTING_PASSWORD);
1157
-                     memset(buf, 0, (unsigned int)bufsize);
1158
-                     return (-1);
1159
-                 }
1160
-@@ -718,7 +718,7 @@
1161
-         }
1162
-         else { /* sc->server->pphrase_dialog_type == SSL_PPTYPE_BUILTIN */
1163
- #ifdef WIN32
1164
--            PEMerr(PEM_F_DEF_CALLBACK,PEM_R_PROBLEMS_GETTING_PASSWORD);
1165
-+            PEMerr(PEM_F_PEM_DEF_CALLBACK,PEM_R_PROBLEMS_GETTING_PASSWORD);
1166
-             memset(buf, 0, (unsigned int)bufsize);
1167
-             return (-1);
1168
- #else
1169
-@@ -769,7 +769,7 @@
1170
-                 i = EVP_read_pw_string(buf, bufsize, "", FALSE);
1171
-             }
1172
-             if (i != 0) {
1173
--                PEMerr(PEM_F_DEF_CALLBACK,PEM_R_PROBLEMS_GETTING_PASSWORD);
1174
-+                PEMerr(PEM_F_PEM_DEF_CALLBACK,PEM_R_PROBLEMS_GETTING_PASSWORD);
1175
-                 memset(buf, 0, (unsigned int)bufsize);
1176
-                 return (-1);
1177
-             }
1178
-diff -Naur httpd-2.4.6-orig/modules/ssl/ssl_engine_vars.c httpd-2.4.6/modules/ssl/ssl_engine_vars.c
1179
---- httpd-2.4.6-orig/modules/ssl/ssl_engine_vars.c	2013-10-01 12:20:45.775812088 +0200
1180
-+++ httpd-2.4.6/modules/ssl/ssl_engine_vars.c	2013-10-01 12:20:50.992746868 +0200
1181
-@@ -382,7 +382,7 @@
1182
-     else if (ssl != NULL && strcEQ(var, "COMPRESS_METHOD")) {
1183
-         result = ssl_var_lookup_ssl_compress_meth(ssl);
1184
-     }
1185
--#ifndef OPENSSL_NO_TLSEXT
1186
-+#ifdef HAVE_TLSEXT
1187
-     else if (ssl != NULL && strcEQ(var, "TLS_SNI")) {
1188
-         result = apr_pstrdup(p, SSL_get_servername(ssl,
1189
-                                                    TLSEXT_NAMETYPE_host_name));
1190
-@@ -395,7 +395,7 @@
1191
- #endif
1192
-         result = apr_pstrdup(p, flag ? "true" : "false");
1193
-     }
1194
--#ifndef OPENSSL_NO_SRP
1195
-+#ifdef HAVE_SRP
1196
-     else if (ssl != NULL && strcEQ(var, "SRP_USER")) {
1197
-         if ((result = SSL_get_srp_username(ssl)) != NULL) {
1198
-             result = apr_pstrdup(p, result);
1199
-@@ -879,7 +879,7 @@
1200
-  * success and writes the string to the given bio. */
1201
- static int dump_extn_value(BIO *bio, ASN1_OCTET_STRING *str)
1202
- {
1203
--    MODSSL_D2I_ASN1_type_bytes_CONST unsigned char *pp = str->data;
1204
-+    const unsigned char *pp = str->data;
1205
-     ASN1_STRING *ret = ASN1_STRING_new();
1206
-     int rv = 0;
1207
- 
1208
-@@ -975,7 +975,7 @@
1209
- static char *ssl_var_lookup_ssl_compress_meth(SSL *ssl)
1210
- {
1211
-     char *result = "NULL";
1212
--#if (OPENSSL_VERSION_NUMBER >= 0x00908000) && !defined(OPENSSL_NO_COMP)
1213
-+#ifndef OPENSSL_NO_COMP
1214
-     SSL_SESSION *pSession = SSL_get_session(ssl);
1215
- 
1216
-     if (pSession) {
1217
-diff -Naur httpd-2.4.6-orig/modules/ssl/ssl_private.h httpd-2.4.6/modules/ssl/ssl_private.h
1218
---- httpd-2.4.6-orig/modules/ssl/ssl_private.h	2013-10-01 12:20:45.774812101 +0200
1219
-+++ httpd-2.4.6/modules/ssl/ssl_private.h	2013-10-01 12:20:50.993746855 +0200
1220
-@@ -105,65 +105,55 @@
1221
- #include <openssl/engine.h>
1222
- #endif
1223
- 
1224
--#if (OPENSSL_VERSION_NUMBER < 0x0090700f)
1225
--#error mod_ssl requires OpenSSL 0.9.7 or later
1226
--#endif
1227
--
1228
--/* ...shifting sands of OpenSSL... */
1229
--#if (OPENSSL_VERSION_NUMBER >= 0x0090707f)
1230
--#define MODSSL_D2I_SSL_SESSION_CONST const
1231
--#else
1232
--#define MODSSL_D2I_SSL_SESSION_CONST
1233
--#endif
1234
--
1235
--#if (OPENSSL_VERSION_NUMBER >= 0x00908000)
1236
--#define HAVE_GENERATE_EX
1237
--#define MODSSL_D2I_ASN1_type_bytes_CONST const
1238
--#define MODSSL_D2I_PrivateKey_CONST const
1239
--#define MODSSL_D2I_X509_CONST const
1240
--#else
1241
--#define MODSSL_D2I_ASN1_type_bytes_CONST
1242
--#define MODSSL_D2I_PrivateKey_CONST
1243
--#define MODSSL_D2I_X509_CONST
1244
--#endif
1245
--
1246
--#if OPENSSL_VERSION_NUMBER >= 0x00908080 && !defined(OPENSSL_NO_OCSP) \
1247
--    && !defined(OPENSSL_NO_TLSEXT)
1248
--#define HAVE_OCSP_STAPLING
1249
--#if (OPENSSL_VERSION_NUMBER < 0x10000000)
1250
--#define sk_OPENSSL_STRING_pop sk_pop
1251
--#endif
1252
--#endif
1253
--
1254
--#if (OPENSSL_VERSION_NUMBER >= 0x009080a0) && defined(OPENSSL_FIPS)
1255
--#define HAVE_FIPS
1256
-+#if (OPENSSL_VERSION_NUMBER < 0x0090801f)
1257
-+#error mod_ssl requires OpenSSL 0.9.8a or later
1258
- #endif
1259
- 
1260
-+/**
1261
-+ * ...shifting sands of OpenSSL...
1262
-+ * Note: when adding support for new OpenSSL features, avoid explicit
1263
-+ * version number checks whenever possible, and use "feature-based"
1264
-+ * detection instead (check for definitions of constants or functions)
1265
-+ */
1266
- #if (OPENSSL_VERSION_NUMBER >= 0x10000000)
1267
- #define MODSSL_SSL_CIPHER_CONST const
1268
- #define MODSSL_SSL_METHOD_CONST const
1269
- #else
1270
- #define MODSSL_SSL_CIPHER_CONST
1271
- #define MODSSL_SSL_METHOD_CONST
1272
--/* ECC support came along in OpenSSL 1.0.0 */
1273
--#define OPENSSL_NO_EC
1274
- #endif
1275
- 
1276
--#ifndef PEM_F_DEF_CALLBACK
1277
--#ifdef PEM_F_PEM_DEF_CALLBACK
1278
--/** In OpenSSL 0.9.8 PEM_F_DEF_CALLBACK was renamed */
1279
--#define PEM_F_DEF_CALLBACK PEM_F_PEM_DEF_CALLBACK
1280
-+#if defined(OPENSSL_FIPS)
1281
-+#define HAVE_FIPS
1282
- #endif
1283
-+
1284
-+#if defined(SSL_OP_NO_TLSv1_2)
1285
-+#define HAVE_TLSV1_X
1286
- #endif
1287
- 
1288
--#ifndef OPENSSL_NO_TLSEXT
1289
--#ifndef SSL_CTRL_SET_TLSEXT_HOSTNAME
1290
--#define OPENSSL_NO_TLSEXT
1291
-+/**
1292
-+  * The following features all depend on TLS extension support.
1293
-+  * Within this block, check again for features (not version numbers).
1294
-+  */
1295
-+#if !defined(OPENSSL_NO_TLSEXT) && defined(SSL_set_tlsext_host_name)
1296
-+
1297
-+#define HAVE_TLSEXT
1298
-+
1299
-+/* ECC: make sure we have at least 1.0.0 */
1300
-+#if !defined(OPENSSL_NO_EC) && defined(TLSEXT_ECPOINTFORMAT_uncompressed)
1301
-+#define HAVE_ECC
1302
-+#endif
1303
-+
1304
-+/* OCSP stapling */
1305
-+#if !defined(OPENSSL_NO_OCSP) && defined(SSL_CTX_set_tlsext_status_cb)
1306
-+#define HAVE_OCSP_STAPLING
1307
-+#ifndef sk_OPENSSL_STRING_pop
1308
-+#define sk_OPENSSL_STRING_pop sk_pop
1309
- #endif
1310
- #endif
1311
- 
1312
--#ifndef OPENSSL_NO_TLSEXT
1313
--#ifdef SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB
1314
-+/* TLS session tickets */
1315
-+#if defined(SSL_CTX_set_tlsext_ticket_key_cb)
1316
- #define HAVE_TLS_SESSION_TICKETS
1317
- #define TLSEXT_TICKET_KEY_LEN 48
1318
- #ifndef tlsext_tick_md
1319
-@@ -174,26 +164,15 @@
1320
- #endif
1321
- #endif
1322
- #endif
1323
--#endif
1324
- 
1325
--#ifdef SSL_OP_NO_TLSv1_2
1326
--#define HAVE_TLSV1_X
1327
--#endif
1328
--
1329
--#if !defined(OPENSSL_NO_COMP) && !defined(SSL_OP_NO_COMPRESSION) \
1330
--    && OPENSSL_VERSION_NUMBER < 0x00908000L
1331
--#define OPENSSL_NO_COMP
1332
--#endif
1333
--
1334
--/* SRP support came in OpenSSL 1.0.1 */
1335
--#ifndef OPENSSL_NO_SRP
1336
--#ifdef SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB
1337
-+/* Secure Remote Password */
1338
-+#if !defined(OPENSSL_NO_SRP) && defined(SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB)
1339
-+#define HAVE_SRP
1340
- #include <openssl/srp.h>
1341
--#else
1342
--#define OPENSSL_NO_SRP
1343
--#endif
1344
- #endif
1345
- 
1346
-+#endif /* !defined(OPENSSL_NO_TLSEXT) && defined(SSL_set_tlsext_host_name) */
1347
-+
1348
- /* mod_ssl headers */
1349
- #include "ssl_util_ssl.h"
1350
- 
1351
-@@ -287,7 +266,7 @@
1352
- #define SSL_ALGO_UNKNOWN (0)
1353
- #define SSL_ALGO_RSA     (1<<0)
1354
- #define SSL_ALGO_DSA     (1<<1)
1355
--#ifndef OPENSSL_NO_EC
1356
-+#ifdef HAVE_ECC
1357
- #define SSL_ALGO_ECC     (1<<2)
1358
- #define SSL_ALGO_ALL     (SSL_ALGO_RSA|SSL_ALGO_DSA|SSL_ALGO_ECC)
1359
- #else
1360
-@@ -296,29 +275,13 @@
1361
- 
1362
- #define SSL_AIDX_RSA     (0)
1363
- #define SSL_AIDX_DSA     (1)
1364
--#ifndef OPENSSL_NO_EC
1365
-+#ifdef HAVE_ECC
1366
- #define SSL_AIDX_ECC     (2)
1367
- #define SSL_AIDX_MAX     (3)
1368
- #else
1369
- #define SSL_AIDX_MAX     (2)
1370
- #endif
1371
- 
1372
--
1373
--/**
1374
-- * Define IDs for the temporary RSA keys and DH params
1375
-- */
1376
--
1377
--#define SSL_TMP_KEY_RSA_512  (0)
1378
--#define SSL_TMP_KEY_RSA_1024 (1)
1379
--#define SSL_TMP_KEY_DH_512   (2)
1380
--#define SSL_TMP_KEY_DH_1024  (3)
1381
--#ifndef OPENSSL_NO_EC
1382
--#define SSL_TMP_KEY_EC_256   (4)
1383
--#define SSL_TMP_KEY_MAX      (5)
1384
--#else
1385
--#define SSL_TMP_KEY_MAX      (4)
1386
--#endif
1387
--
1388
- /**
1389
-  * Define the SSL options
1390
-  */
1391
-@@ -534,7 +497,6 @@
1392
-     apr_global_mutex_t   *pMutex;
1393
-     apr_array_header_t   *aRandSeed;
1394
-     apr_hash_t     *tVHostKeys;
1395
--    void           *pTmpKeys[SSL_TMP_KEY_MAX];
1396
- 
1397
-     /* Two hash tables of pointers to ssl_asn1_t structures.  The
1398
-      * structures are used to store certificates and private keys
1399
-@@ -656,7 +618,7 @@
1400
-     const char *stapling_force_url;
1401
- #endif
1402
- 
1403
--#ifndef OPENSSL_NO_SRP
1404
-+#ifdef HAVE_SRP
1405
-     char *srp_vfile;
1406
-     char *srp_unknown_user_seed;
1407
-     SRP_VBASE  *srp_vbase;
1408
-@@ -688,7 +650,7 @@
1409
-     ssl_enabled_t    proxy_ssl_check_peer_expire;
1410
-     ssl_enabled_t    proxy_ssl_check_peer_cn;
1411
-     ssl_enabled_t    proxy_ssl_check_peer_name;
1412
--#ifndef OPENSSL_NO_TLSEXT
1413
-+#ifdef HAVE_TLSEXT
1414
-     ssl_enabled_t    strict_sni_vhost_check;
1415
- #endif
1416
- #ifdef HAVE_FIPS
1417
-@@ -792,7 +754,7 @@
1418
- const char *ssl_cmd_SSLOCSPResponderTimeout(cmd_parms *cmd, void *dcfg, const char *arg);
1419
- const char *ssl_cmd_SSLOCSPEnable(cmd_parms *cmd, void *dcfg, int flag);
1420
- 
1421
--#ifndef OPENSSL_NO_SRP
1422
-+#ifdef HAVE_SRP
1423
- const char *ssl_cmd_SSLSRPVerifierFile(cmd_parms *cmd, void *dcfg, const char *arg);
1424
- const char *ssl_cmd_SSLSRPUnknownUserSeed(cmd_parms *cmd, void *dcfg, const char *arg);
1425
- #endif
1426
-@@ -823,11 +785,7 @@
1427
- extern const authz_provider ssl_authz_provider_verify_client;
1428
- 
1429
- /**  OpenSSL callbacks */
1430
--RSA         *ssl_callback_TmpRSA(SSL *, int, int);
1431
- DH          *ssl_callback_TmpDH(SSL *, int, int);
1432
--#ifndef OPENSSL_NO_EC
1433
--EC_KEY      *ssl_callback_TmpECDH(SSL *, int, int);
1434
--#endif
1435
- int          ssl_callback_SSLVerify(int, X509_STORE_CTX *);
1436
- int          ssl_callback_SSLVerify_CRL(int, X509_STORE_CTX *, conn_rec *);
1437
- int          ssl_callback_proxy_cert(SSL *ssl, X509 **x509, EVP_PKEY **pkey);
1438
-@@ -835,7 +793,7 @@
1439
- SSL_SESSION *ssl_callback_GetSessionCacheEntry(SSL *, unsigned char *, int, int *);
1440
- void         ssl_callback_DelSessionCacheEntry(SSL_CTX *, SSL_SESSION *);
1441
- void         ssl_callback_Info(const SSL *, int, int);
1442
--#ifndef OPENSSL_NO_TLSEXT
1443
-+#ifdef HAVE_TLSEXT
1444
- int          ssl_callback_ServerNameIndication(SSL *, int *, modssl_ctx_t *);
1445
- #endif
1446
- #ifdef HAVE_TLS_SESSION_TICKETS
1447
-@@ -873,7 +831,7 @@
1448
- void         ssl_stapling_ex_init(void);
1449
- int          ssl_stapling_init_cert(server_rec *s, modssl_ctx_t *mctx, X509 *x);
1450
- #endif
1451
--#ifndef OPENSSL_NO_SRP
1452
-+#ifdef HAVE_SRP
1453
- int          ssl_callback_SRPServerParams(SSL *, int *, void *);
1454
- #endif
1455
- 
1456
-@@ -906,8 +864,10 @@
1457
- void         ssl_pphrase_Handle(server_rec *, apr_pool_t *);
1458
- 
1459
- /**  Diffie-Hellman Parameter Support  */
1460
--DH           *ssl_dh_GetTmpParam(int);
1461
--DH           *ssl_dh_GetParamFromFile(char *);
1462
-+DH           *ssl_dh_GetParamFromFile(const char *);
1463
-+#ifdef HAVE_ECC
1464
-+EC_GROUP     *ssl_ec_GetParamFromFile(const char *);
1465
-+#endif
1466
- 
1467
- unsigned char *ssl_asn1_table_set(apr_hash_t *table,
1468
-                                   const char *key,
1469
-diff -Naur httpd-2.4.6-orig/modules/ssl/ssl_scache.c httpd-2.4.6/modules/ssl/ssl_scache.c
1470
---- httpd-2.4.6-orig/modules/ssl/ssl_scache.c	2013-10-01 12:20:45.776812076 +0200
1471
-+++ httpd-2.4.6/modules/ssl/ssl_scache.c	2013-10-01 12:20:50.993746855 +0200
1472
-@@ -148,7 +148,7 @@
1473
-     SSLModConfigRec *mc = myModConfig(s);
1474
-     unsigned char dest[SSL_SESSION_MAX_DER];
1475
-     unsigned int destlen = SSL_SESSION_MAX_DER;
1476
--    MODSSL_D2I_SSL_SESSION_CONST unsigned char *ptr;
1477
-+    const unsigned char *ptr;
1478
-     apr_status_t rv;
1479
- 
1480
-     if (mc->sesscache->flags & AP_SOCACHE_FLAG_NOTMPSAFE) {
1481
-diff -Naur httpd-2.4.6-orig/modules/ssl/ssl_util.c httpd-2.4.6/modules/ssl/ssl_util.c
1482
---- httpd-2.4.6-orig/modules/ssl/ssl_util.c	2013-10-01 12:20:45.775812088 +0200
1483
-+++ httpd-2.4.6/modules/ssl/ssl_util.c	2013-10-01 12:20:50.993746855 +0200
1484
-@@ -151,7 +151,7 @@
1485
-             case EVP_PKEY_DSA:
1486
-                 t = SSL_ALGO_DSA;
1487
-                 break;
1488
--#ifndef OPENSSL_NO_EC
1489
-+#ifdef HAVE_ECC
1490
-             case EVP_PKEY_EC:
1491
-                 t = SSL_ALGO_ECC;
1492
-                 break;
1493
-@@ -177,7 +177,7 @@
1494
-         case SSL_ALGO_DSA:
1495
-             cp = "DSA";
1496
-             break;
1497
--#ifndef OPENSSL_NO_EC
1498
-+#ifdef HAVE_ECC
1499
-         case SSL_ALGO_ECC:
1500
-             cp = "ECC";
1501
-             break;
1502
-@@ -253,7 +253,7 @@
1503
-     apr_hash_set(table, key, klen, NULL);
1504
- }
1505
- 
1506
--#ifndef OPENSSL_NO_EC
1507
-+#ifdef HAVE_ECC
1508
- static const char *ssl_asn1_key_types[] = {"RSA", "DSA", "ECC"};
1509
- #else
1510
- static const char *ssl_asn1_key_types[] = {"RSA", "DSA"};
1511
-diff -Naur httpd-2.4.6-orig/modules/ssl/ssl_util_ssl.c httpd-2.4.6/modules/ssl/ssl_util_ssl.c
1512
---- httpd-2.4.6-orig/modules/ssl/ssl_util_ssl.c	2013-10-01 12:20:45.777812063 +0200
1513
-+++ httpd-2.4.6/modules/ssl/ssl_util_ssl.c	2013-10-01 12:20:50.993746855 +0200
1514
-@@ -483,6 +483,38 @@
1515
- 
1516
- /*  _________________________________________________________________
1517
- **
1518
-+**  Custom (EC)DH parameter support
1519
-+**  _________________________________________________________________
1520
-+*/
1521
-+
1522
-+DH *ssl_dh_GetParamFromFile(const char *file)
1523
-+{
1524
-+    DH *dh = NULL;
1525
-+    BIO *bio;
1526
-+
1527
-+    if ((bio = BIO_new_file(file, "r")) == NULL)
1528
-+        return NULL;
1529
-+    dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL);
1530
-+    BIO_free(bio);
1531
-+    return (dh);
1532
-+}
1533
-+
1534
-+#ifdef HAVE_ECC
1535
-+EC_GROUP *ssl_ec_GetParamFromFile(const char *file)
1536
-+{
1537
-+    EC_GROUP *group = NULL;
1538
-+    BIO *bio;
1539
-+
1540
-+    if ((bio = BIO_new_file(file, "r")) == NULL)
1541
-+        return NULL;
1542
-+    group = PEM_read_bio_ECPKParameters(bio, NULL, NULL, NULL);
1543
-+    BIO_free(bio);
1544
-+    return (group);
1545
-+}
1546
-+#endif
1547
-+
1548
-+/*  _________________________________________________________________
1549
-+**
1550
- **  Extra Server Certificate Chain Support
1551
- **  _________________________________________________________________
1552
- */
... ...
@@ -1,11 +0,0 @@
1
---- server/log.c.1	2007-10-04 16:34:00.000000000 +0200
2
-+++ server/log.c	2007-10-04 16:35:46.000000000 +0200
3
-@@ -595,7 +595,7 @@
4
-          * first. -djg
5
-          */
6
-         len += apr_snprintf(errstr + len, MAX_STRING_LEN - len,
7
--                            "[client %s] ", c->remote_ip);
8
-+                            "[client 0.0.0.0] ");
9
-     }
10
-     if (status != 0) {
11
-         if (status < APR_OS_START_EAIERR) {
... ...
@@ -1,242 +0,0 @@
1
-diff -Naur httpd-2.4.3/modules/ssl/mod_ssl.c httpd-2.4.3-1/modules/ssl/mod_ssl.c
2
---- httpd-2.4.3/modules/ssl/mod_ssl.c	2012-08-05 15:48:40.000000000 +0200
3
-+++ httpd-2.4.3-1/modules/ssl/mod_ssl.c	2012-10-23 15:53:15.014424913 +0200
4
-@@ -263,6 +263,18 @@
5
-     AP_END_CMD
6
- };
7
- 
8
-+/* Implement 'modssl_run_npn_advertise_protos_hook'. */
9
-+APR_IMPLEMENT_OPTIONAL_HOOK_RUN_ALL(
10
-+    modssl, AP, int, npn_advertise_protos_hook,
11
-+    (conn_rec *connection, apr_array_header_t *protos),
12
-+    (connection, protos), OK, DECLINED);
13
-+
14
-+/* Implement 'modssl_run_npn_proto_negotiated_hook'. */
15
-+APR_IMPLEMENT_OPTIONAL_HOOK_RUN_ALL(
16
-+    modssl, AP, int, npn_proto_negotiated_hook,
17
-+    (conn_rec *connection, const char *proto_name, apr_size_t proto_name_len),
18
-+    (connection, proto_name, proto_name_len), OK, DECLINED);
19
-+
20
- /*
21
-  *  the various processing hooks
22
-  */
23
-diff -Naur httpd-2.4.3/modules/ssl/mod_ssl.h httpd-2.4.3-1/modules/ssl/mod_ssl.h
24
---- httpd-2.4.3/modules/ssl/mod_ssl.h	2011-09-23 15:38:09.000000000 +0200
25
-+++ httpd-2.4.3-1/modules/ssl/mod_ssl.h	2012-10-23 15:53:15.014424913 +0200
26
-@@ -63,5 +63,26 @@
27
- 
28
- APR_DECLARE_OPTIONAL_FN(int, ssl_engine_disable, (conn_rec *));
29
- 
30
-+/** The npn_advertise_protos optional hook allows other modules to add entries
31
-+ * to the list of protocol names advertised by the server during the Next
32
-+ * Protocol Negotiation (NPN) portion of the SSL handshake.  The hook callee is
33
-+ * given the connection and an APR array; it should push one or more char*'s
34
-+ * pointing to null-terminated strings (such as "http/1.1" or "spdy/2") onto
35
-+ * the array and return OK, or do nothing and return DECLINED. */
36
-+APR_DECLARE_EXTERNAL_HOOK(modssl, AP, int, npn_advertise_protos_hook,
37
-+                          (conn_rec *connection, apr_array_header_t *protos));
38
-+
39
-+/** The npn_proto_negotiated optional hook allows other modules to discover the
40
-+ * name of the protocol that was chosen during the Next Protocol Negotiation
41
-+ * (NPN) portion of the SSL handshake.  Note that this may be the empty string
42
-+ * (in which case modules should probably assume HTTP), or it may be a protocol
43
-+ * that was never even advertised by the server.  The hook callee is given the
44
-+ * connection, a non-null-terminated string containing the protocol name, and
45
-+ * the length of the string; it should do something appropriate (i.e. insert or
46
-+ * remove filters) and return OK, or do nothing and return DECLINED. */
47
-+APR_DECLARE_EXTERNAL_HOOK(modssl, AP, int, npn_proto_negotiated_hook,
48
-+                          (conn_rec *connection, const char *proto_name,
49
-+                           apr_size_t proto_name_len));
50
-+
51
- #endif /* __MOD_SSL_H__ */
52
- /** @} */
53
-diff -Naur httpd-2.4.3/modules/ssl/ssl_engine_init.c httpd-2.4.3-1/modules/ssl/ssl_engine_init.c
54
---- httpd-2.4.3/modules/ssl/ssl_engine_init.c	2012-08-05 15:48:40.000000000 +0200
55
-+++ httpd-2.4.3-1/modules/ssl/ssl_engine_init.c	2012-10-23 15:53:15.030424726 +0200
56
-@@ -693,6 +693,11 @@
57
- #endif
58
- 
59
-     SSL_CTX_set_info_callback(ctx, ssl_callback_Info);
60
-+
61
-+#ifdef HAVE_TLS_NPN
62
-+    SSL_CTX_set_next_protos_advertised_cb(
63
-+        ctx, ssl_callback_AdvertiseNextProtos, NULL);
64
-+#endif
65
- }
66
- 
67
- static void ssl_init_ctx_verify(server_rec *s,
68
-diff -Naur httpd-2.4.3/modules/ssl/ssl_engine_io.c httpd-2.4.3-1/modules/ssl/ssl_engine_io.c
69
---- httpd-2.4.3/modules/ssl/ssl_engine_io.c	2012-05-05 10:44:19.000000000 +0200
70
-+++ httpd-2.4.3-1/modules/ssl/ssl_engine_io.c	2012-10-23 15:53:15.030424726 +0200
71
-@@ -28,6 +28,7 @@
72
-                                   core keeps dumping.''
73
-                                             -- Unknown    */
74
- #include "ssl_private.h"
75
-+#include "mod_ssl.h"
76
- #include "apr_date.h"
77
- 
78
- /*  _________________________________________________________________
79
-@@ -297,6 +298,7 @@
80
-     apr_pool_t *pool;
81
-     char buffer[AP_IOBUFSIZE];
82
-     ssl_filter_ctx_t *filter_ctx;
83
-+    int npn_finished;  /* 1 if NPN has finished, 0 otherwise */
84
- } bio_filter_in_ctx_t;
85
- 
86
- /*
87
-@@ -1374,6 +1376,26 @@
88
-         APR_BRIGADE_INSERT_TAIL(bb, bucket);
89
-     }
90
- 
91
-+#ifdef HAVE_TLS_NPN
92
-+    /* By this point, Next Protocol Negotiation (NPN) should be completed (if
93
-+     * our version of OpenSSL supports it).  If we haven't already, find out
94
-+     * which protocol was decided upon and inform other modules by calling
95
-+     * npn_proto_negotiated_hook. */
96
-+    if (!inctx->npn_finished) {
97
-+        const unsigned char *next_proto = NULL;
98
-+        unsigned next_proto_len = 0;
99
-+
100
-+        SSL_get0_next_proto_negotiated(
101
-+            inctx->ssl, &next_proto, &next_proto_len);
102
-+        ap_log_cerror(APLOG_MARK, APLOG_DEBUG, APR_SUCCESS, f->c,
103
-+                      APLOGNO(02306) "SSL NPN negotiated protocol: '%*s'",
104
-+                      next_proto_len, (const char*)next_proto);
105
-+        modssl_run_npn_proto_negotiated_hook(
106
-+            f->c, (const char*)next_proto, next_proto_len);
107
-+        inctx->npn_finished = 1;
108
-+    }
109
-+#endif
110
-+
111
-     return APR_SUCCESS;
112
- }
113
- 
114
-@@ -1855,6 +1877,7 @@
115
-     inctx->block = APR_BLOCK_READ;
116
-     inctx->pool = c->pool;
117
-     inctx->filter_ctx = filter_ctx;
118
-+    inctx->npn_finished = 0;
119
- }
120
- 
121
- /* The request_rec pointer is passed in here only to ensure that the
122
-diff -Naur httpd-2.4.3/modules/ssl/ssl_engine_kernel.c httpd-2.4.3-1/modules/ssl/ssl_engine_kernel.c
123
---- httpd-2.4.3/modules/ssl/ssl_engine_kernel.c	2012-05-05 10:44:19.000000000 +0200
124
-+++ httpd-2.4.3-1/modules/ssl/ssl_engine_kernel.c	2012-10-23 15:53:15.031424714 +0200
125
-@@ -29,6 +29,7 @@
126
-                                   time I was too famous.''
127
-                                             -- Unknown                */
128
- #include "ssl_private.h"
129
-+#include "mod_ssl.h"
130
- #include "util_md5.h"
131
- 
132
- static void ssl_configure_env(request_rec *r, SSLConnRec *sslconn);
133
-@@ -2143,3 +2144,86 @@
134
-     return -1;
135
- }
136
- #endif
137
-+
138
-+#ifdef HAVE_TLS_NPN
139
-+/*
140
-+ * This callback function is executed when SSL needs to decide what protocols
141
-+ * to advertise during Next Protocol Negotiation (NPN).  It must produce a
142
-+ * string in wire format -- a sequence of length-prefixed strings -- indicating
143
-+ * the advertised protocols.  Refer to SSL_CTX_set_next_protos_advertised_cb
144
-+ * in OpenSSL for reference.
145
-+ */
146
-+int ssl_callback_AdvertiseNextProtos(SSL *ssl, const unsigned char **data_out,
147
-+                                     unsigned int *size_out, void *arg)
148
-+{
149
-+    conn_rec *c = (conn_rec*)SSL_get_app_data(ssl);
150
-+    apr_array_header_t *protos;
151
-+    int num_protos;
152
-+    unsigned int size;
153
-+    int i;
154
-+    unsigned char *data;
155
-+    unsigned char *start;
156
-+
157
-+    *data_out = NULL;
158
-+    *size_out = 0;
159
-+
160
-+    /* If the connection object is not available, then there's nothing for us
161
-+     * to do. */
162
-+    if (c == NULL) {
163
-+        return SSL_TLSEXT_ERR_OK;
164
-+    }
165
-+
166
-+    /* Invoke our npn_advertise_protos hook, giving other modules a chance to
167
-+     * add alternate protocol names to advertise. */
168
-+    protos = apr_array_make(c->pool, 0, sizeof(char*));
169
-+    modssl_run_npn_advertise_protos_hook(c, protos);
170
-+    num_protos = protos->nelts;
171
-+
172
-+    /* We now have a list of null-terminated strings; we need to concatenate
173
-+     * them together into a single string, where each protocol name is prefixed
174
-+     * by its length.  First, calculate how long that string will be. */
175
-+    size = 0;
176
-+    for (i = 0; i < num_protos; ++i) {
177
-+        const char *string = APR_ARRAY_IDX(protos, i, const char*);
178
-+        unsigned int length = strlen(string);
179
-+        /* If the protocol name is too long (the length must fit in one byte),
180
-+         * then log an error and skip it. */
181
-+        if (length > 255) {
182
-+            ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, c, APLOGNO(02307)
183
-+                          "SSL NPN protocol name too long (length=%u): %s",
184
-+                          length, string);
185
-+            continue;
186
-+        }
187
-+        /* Leave room for the length prefix (one byte) plus the protocol name
188
-+         * itself. */
189
-+        size += 1 + length;
190
-+    }
191
-+
192
-+    /* If there is nothing to advertise (either because no modules added
193
-+     * anything to the protos array, or because all strings added to the array
194
-+     * were skipped), then we're done. */
195
-+    if (size == 0) {
196
-+        return SSL_TLSEXT_ERR_OK;
197
-+    }
198
-+
199
-+    /* Now we can build the string.  Copy each protocol name string into the
200
-+     * larger string, prefixed by its length. */
201
-+    data = apr_palloc(c->pool, size * sizeof(unsigned char));
202
-+    start = data;
203
-+    for (i = 0; i < num_protos; ++i) {
204
-+        const char *string = APR_ARRAY_IDX(protos, i, const char*);
205
-+        apr_size_t length = strlen(string);
206
-+        if (length > 255)
207
-+            continue;
208
-+        *start = (unsigned char)length;
209
-+        ++start;
210
-+        memcpy(start, string, length * sizeof(unsigned char));
211
-+        start += length;
212
-+    }
213
-+
214
-+    /* Success. */
215
-+    *data_out = data;
216
-+    *size_out = size;
217
-+    return SSL_TLSEXT_ERR_OK;
218
-+}
219
-+#endif
220
-diff -Naur httpd-2.4.3/modules/ssl/ssl_private.h httpd-2.4.3-1/modules/ssl/ssl_private.h
221
---- httpd-2.4.3/modules/ssl/ssl_private.h	2012-08-05 15:48:40.000000000 +0200
222
-+++ httpd-2.4.3-1/modules/ssl/ssl_private.h	2012-10-23 15:53:15.031424714 +0200
223
-@@ -139,6 +139,11 @@
224
- #define HAVE_FIPS
225
- #endif
226
- 
227
-+#if OPENSSL_VERSION_NUMBER >= 0x10001000L && !defined(OPENSSL_NO_NEXTPROTONEG) \
228
-+    && !defined(OPENSSL_NO_TLSEXT)
229
-+#define HAVE_TLS_NPN
230
-+#endif
231
-+
232
- #if (OPENSSL_VERSION_NUMBER >= 0x10000000)
233
- #define MODSSL_SSL_CIPHER_CONST const
234
- #define MODSSL_SSL_METHOD_CONST const
235
-@@ -820,6 +825,7 @@
236
- int         ssl_callback_SessionTicket(SSL *, unsigned char *, unsigned char *,
237
-                                        EVP_CIPHER_CTX *, HMAC_CTX *, int);
238
- #endif
239
-+int ssl_callback_AdvertiseNextProtos(SSL *ssl, const unsigned char **data, unsigned int *len, void *arg);
240
- 
241
- /**  Session Cache Support  */
242
- void         ssl_scache_init(server_rec *, apr_pool_t *);
... ...
@@ -0,0 +1,2 @@
1
+d /run/apache2 710 root apache
2
+d /run/apache_ssl_mutex
... ...
@@ -0,0 +1,19 @@
1
+[Unit]
2
+Description=The Apache HTTP Server
3
+After=network.target remote-fs.target nss-lookup.target
4
+
5
+[Service]
6
+EnvironmentFile=/etc/conf.d/apache2
7
+ExecStart=/usr/sbin/apache2 $APACHE2_OPTS -DFOREGROUND
8
+ExecReload=/usr/sbin/apache2 $APACHE2_OPTS -k graceful
9
+ExecStop=/usr/sbin/apache2 $APACHE2_OPTS -k graceful-stop
10
+# We want systemd to give httpd some time to finish gracefully, but still want
11
+# it to kill httpd after TimeoutStopSec if something went wrong during the
12
+# graceful stop. Normally, Systemd sends SIGTERM signal right after the
13
+# ExecStop, which would kill httpd. We are sending useless SIGCONT here to give
14
+# httpd time to finish.
15
+KillSignal=SIGCONT
16
+PrivateTmp=true
17
+
18
+[Install]
19
+WantedBy=multi-user.target
... ...
@@ -0,0 +1,20 @@
1
+[Unit]
2
+Description=The Apache HTTP Server
3
+After=network.target remote-fs.target nss-lookup.target
4
+
5
+[Service]
6
+Type=notify
7
+EnvironmentFile=/etc/conf.d/apache2
8
+ExecStart=/usr/sbin/apache2 $APACHE2_OPTS -DFOREGROUND
9
+ExecReload=/usr/sbin/apache2 $APACHE2_OPTS -k graceful
10
+ExecStop=/usr/sbin/apache2 $APACHE2_OPTS -k graceful-stop
11
+# We want systemd to give httpd some time to finish gracefully, but still want
12
+# it to kill httpd after TimeoutStopSec if something went wrong during the
13
+# graceful stop. Normally, Systemd sends SIGTERM signal right after the
14
+# ExecStop, which would kill httpd. We are sending useless SIGCONT here to give
15
+# httpd time to finish.
16
+KillSignal=SIGCONT
17
+PrivateTmp=true
18
+
19
+[Install]
20
+WantedBy=multi-user.target
... ...
@@ -0,0 +1,40 @@
1
+--- gentoo-apache-2.2.23/init/apache2.initd
2
++++ gentoo-apache-2.2.23/init/apache2.initd
3
+@@ -77,12 +77,16 @@
4
+ 	# Use start stop daemon to apply system limits #347301 
5
+ 	start-stop-daemon --start -- ${APACHE2} ${APACHE2_OPTS} -k start
6
+ 
7
+-	i=0
8
+-	while [ ! -e "${PIDFILE}" ] && [ $i -lt ${TIMEOUT} ]; do
9
++	local i=0 retval=1
10
++	while [ $i -lt ${TIMEOUT} ] ; do
11
++		if [ -e "${PIDFILE}" ] ; then
12
++			retval=0
13
++			break
14
++		fi
15
+ 		sleep 1 && i=$(expr $i + 1)
16
+ 	done
17
+ 
18
+-	eend $(test $i -lt ${TIMEOUT})
19
++	eend ${retval}
20
+ }
21
+ 
22
+ stop() {
23
+@@ -101,13 +105,14 @@
24
+ 	ebegin "Stopping ${SVCNAME}"
25
+ 	${APACHE2} ${APACHE2_OPTS} -k stop
26
+ 
27
+-	i=0
28
+-	while ( ! test -f "${PIDFILE}" && pgrep -P ${PID} apache2 >/dev/null ) \
29
++	local i=0 retval=0
30
++	while ( test -f "${PIDFILE}" && pgrep -P ${PID} apache2 >/dev/null ) \
31
+ 		&& [ $i -lt ${TIMEOUT} ]; do
32
+ 		sleep 1 && i=$(expr $i + 1)
33
+ 	done
34
++	[ -e "${PIDFILE}" ] && retval=1
35
+ 
36
+-	eend $(test $i -lt ${TIMEOUT})
37
++	eend ${retval}
38
+ }
39
+ 
40
+ reload() {
... ...
@@ -1,249 +0,0 @@
1
-diff -Naur httpd-2.2.16/modules/ssl/mod_ssl.c httpd-2.2.16-ecc/modules/ssl/mod_ssl.c
2
---- httpd-2.2.16/modules/ssl/mod_ssl.c	2010-07-12 20:47:45.000000000 +0200
3
-+++ httpd-2.2.16-ecc/modules/ssl/mod_ssl.c	2011-01-04 21:54:17.587477515 +0100
4
-@@ -424,6 +424,9 @@
5
-      */
6
-     SSL_set_tmp_rsa_callback(ssl, ssl_callback_TmpRSA);
7
-     SSL_set_tmp_dh_callback(ssl,  ssl_callback_TmpDH);
8
-+#ifndef OPENSSL_NO_EC
9
-+    SSL_set_tmp_ecdh_callback(ssl, ssl_callback_TmpECDH);
10
-+#endif
11
- 
12
-     SSL_set_verify_result(ssl, X509_V_OK);
13
- 
14
-diff -Naur httpd-2.2.16/modules/ssl/ssl_engine_init.c httpd-2.2.16-ecc/modules/ssl/ssl_engine_init.c
15
---- httpd-2.2.16/modules/ssl/ssl_engine_init.c	2010-07-12 20:47:45.000000000 +0200
16
-+++ httpd-2.2.16-ecc/modules/ssl/ssl_engine_init.c	2011-01-04 21:56:05.611610901 +0100
17
-@@ -399,7 +399,11 @@
18
-      *  Check for problematic re-initializations
19
-      */
20
-     if (mctx->pks->certs[SSL_AIDX_RSA] ||
21
--        mctx->pks->certs[SSL_AIDX_DSA])
22
-+        mctx->pks->certs[SSL_AIDX_DSA]
23
-+#ifndef OPENSSL_NO_EC
24
-+      || mctx->pks->certs[SSL_AIDX_ECC]
25
-+#endif
26
-+        )
27
-     {
28
-         ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
29
-                 "Illegal attempt to re-initialise SSL for server "
30
-@@ -554,6 +558,9 @@
31
- 
32
-     SSL_CTX_set_tmp_rsa_callback(ctx, ssl_callback_TmpRSA);
33
-     SSL_CTX_set_tmp_dh_callback(ctx,  ssl_callback_TmpDH);
34
-+#ifndef OPENSSL_NO_EC
35
-+    SSL_CTX_set_tmp_ecdh_callback(ctx,ssl_callback_TmpECDH);
36
-+#endif
37
- 
38
-     SSL_CTX_set_info_callback(ctx, ssl_callback_Info);
39
- }
40
-@@ -821,9 +828,16 @@
41
-     ssl_asn1_t *asn1;
42
-     MODSSL_D2I_PrivateKey_CONST unsigned char *ptr;
43
-     const char *type = ssl_asn1_keystr(idx);
44
--    int pkey_type = (idx == SSL_AIDX_RSA) ? EVP_PKEY_RSA : EVP_PKEY_DSA;
45
-+    int pkey_type;
46
-     EVP_PKEY *pkey;
47
- 
48
-+#ifndef OPENSSL_NO_EC
49
-+    if (idx == SSL_AIDX_ECC)
50
-+      pkey_type = EVP_PKEY_EC;
51
-+    else
52
-+#endif /* SSL_LIBRARY_VERSION */
53
-+    pkey_type = (idx == SSL_AIDX_RSA) ? EVP_PKEY_RSA : EVP_PKEY_DSA;
54
-+
55
-     if (!(asn1 = ssl_asn1_table_get(mc->tPrivateKey, id))) {
56
-         return FALSE;
57
-     }
58
-@@ -934,19 +948,39 @@
59
-                                   modssl_ctx_t *mctx)
60
- {
61
-     const char *rsa_id, *dsa_id;
62
-+#ifndef OPENSSL_NO_EC
63
-+    const char *ecc_id;
64
-+#endif
65
-     const char *vhost_id = mctx->sc->vhost_id;
66
-     int i;
67
-     int have_rsa, have_dsa;
68
-+#ifndef OPENSSL_NO_EC
69
-+    int have_ecc;
70
-+#endif
71
- 
72
-     rsa_id = ssl_asn1_table_keyfmt(ptemp, vhost_id, SSL_AIDX_RSA);
73
-     dsa_id = ssl_asn1_table_keyfmt(ptemp, vhost_id, SSL_AIDX_DSA);
74
-+#ifndef OPENSSL_NO_EC
75
-+    ecc_id = ssl_asn1_table_keyfmt(ptemp, vhost_id, SSL_AIDX_ECC);
76
-+#endif
77
- 
78
-     have_rsa = ssl_server_import_cert(s, mctx, rsa_id, SSL_AIDX_RSA);
79
-     have_dsa = ssl_server_import_cert(s, mctx, dsa_id, SSL_AIDX_DSA);
80
-+#ifndef OPENSSL_NO_EC
81
-+    have_ecc = ssl_server_import_cert(s, mctx, ecc_id, SSL_AIDX_ECC);
82
-+#endif
83
- 
84
--    if (!(have_rsa || have_dsa)) {
85
-+    if (!(have_rsa || have_dsa
86
-+#ifndef OPENSSL_NO_EC
87
-+        || have_ecc
88
-+#endif
89
-+)) {
90
-         ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
91
-+#ifndef OPENSSL_NO_EC
92
-+                "Oops, no RSA, DSA or ECC server certificate found "
93
-+#else
94
-                 "Oops, no RSA or DSA server certificate found "
95
-+#endif
96
-                 "for '%s:%d'?!", s->server_hostname, s->port);
97
-         ssl_die();
98
-     }
99
-@@ -957,10 +991,21 @@
100
- 
101
-     have_rsa = ssl_server_import_key(s, mctx, rsa_id, SSL_AIDX_RSA);
102
-     have_dsa = ssl_server_import_key(s, mctx, dsa_id, SSL_AIDX_DSA);
103
-+#ifndef OPENSSL_NO_EC
104
-+    have_ecc = ssl_server_import_key(s, mctx, ecc_id, SSL_AIDX_ECC);
105
-+#endif
106
- 
107
--    if (!(have_rsa || have_dsa)) {
108
-+    if (!(have_rsa || have_dsa
109
-+#ifndef OPENSSL_NO_EC
110
-+        || have_ecc
111
-+#endif
112
-+          )) {
113
-         ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
114
-+#ifndef OPENSSL_NO_EC
115
-+                "Oops, no RSA, DSA or ECC server private key found?!");
116
-+#else
117
-                 "Oops, no RSA or DSA server private key found?!");
118
-+#endif
119
-         ssl_die();
120
-     }
121
- }
122
-diff -Naur httpd-2.2.16/modules/ssl/ssl_engine_kernel.c httpd-2.2.16-ecc/modules/ssl/ssl_engine_kernel.c
123
---- httpd-2.2.16/modules/ssl/ssl_engine_kernel.c	2010-02-27 22:00:58.000000000 +0100
124
-+++ httpd-2.2.16-ecc/modules/ssl/ssl_engine_kernel.c	2011-01-04 21:54:17.578477589 +0100
125
-@@ -1287,6 +1287,33 @@
126
-     return (DH *)mc->pTmpKeys[idx];
127
- }
128
- 
129
-+#ifndef OPENSSL_NO_EC
130
-+EC_KEY *ssl_callback_TmpECDH(SSL *ssl, int export, int keylen)
131
-+{
132
-+    conn_rec *c = (conn_rec *)SSL_get_app_data(ssl);
133
-+    SSLModConfigRec *mc = myModConfig(c->base_server);
134
-+    int idx;
135
-+    static EC_KEY *ecdh = NULL;
136
-+    static init = 0;
137
-+
138
-+    /* XXX Uses 256-bit key for now. TODO: support other sizes. */
139
-+    ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, c,
140
-+                  "handing out temporary 256 bit ECC key");
141
-+
142
-+    if (init == 0) {
143
-+        ecdh = EC_KEY_new();
144
-+        if (ecdh != NULL) {
145
-+            /* ecdh->group = EC_GROUP_new_by_nid(NID_secp160r2); */
146
-+            EC_KEY_set_group(ecdh, 
147
-+              EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1));
148
-+        }
149
-+        init = 1;
150
-+    }
151
-+    
152
-+    return ecdh;
153
-+}
154
-+#endif
155
-+
156
- /*
157
-  * This OpenSSL callback function is called when OpenSSL
158
-  * does client authentication and verifies the certificate chain.
159
-diff -Naur httpd-2.2.16/modules/ssl/ssl_private.h httpd-2.2.16-ecc/modules/ssl/ssl_private.h
160
---- httpd-2.2.16/modules/ssl/ssl_private.h	2010-07-12 20:47:45.000000000 +0200
161
-+++ httpd-2.2.16-ecc/modules/ssl/ssl_private.h	2011-01-04 21:54:17.577477597 +0100
162
-@@ -181,11 +181,21 @@
163
- #define SSL_ALGO_UNKNOWN (0)
164
- #define SSL_ALGO_RSA     (1<<0)
165
- #define SSL_ALGO_DSA     (1<<1)
166
-+#ifndef OPENSSL_NO_EC
167
-+#define SSL_ALGO_ECC     (1<<2)
168
-+#define SSL_ALGO_ALL     (SSL_ALGO_RSA|SSL_ALGO_DSA|SSL_ALGO_ECC)
169
-+#else
170
- #define SSL_ALGO_ALL     (SSL_ALGO_RSA|SSL_ALGO_DSA)
171
-+#endif /* SSL_LIBRARY_VERSION */
172
- 
173
- #define SSL_AIDX_RSA     (0)
174
- #define SSL_AIDX_DSA     (1)
175
-+#ifndef OPENSSL_NO_EC
176
-+#define SSL_AIDX_ECC     (2)
177
-+#define SSL_AIDX_MAX     (3)
178
-+#else
179
- #define SSL_AIDX_MAX     (2)
180
-+#endif /* SSL_LIBRARY_VERSION */
181
- 
182
- 
183
- /**
184
-@@ -589,6 +599,9 @@
185
- /**  OpenSSL callbacks */
186
- RSA         *ssl_callback_TmpRSA(SSL *, int, int);
187
- DH          *ssl_callback_TmpDH(SSL *, int, int);
188
-+#ifndef OPENSSL_NO_EC
189
-+EC_KEY      *ssl_callback_TmpECDH(SSL *, int, int);
190
-+#endif /* SSL_LIBRARY_VERSION */
191
- int          ssl_callback_SSLVerify(int, X509_STORE_CTX *);
192
- int          ssl_callback_SSLVerify_CRL(int, X509_STORE_CTX *, conn_rec *);
193
- int          ssl_callback_proxy_cert(SSL *ssl, MODSSL_CLIENT_CERT_CB_ARG_TYPE **x509, EVP_PKEY **pkey);
194
-diff -Naur httpd-2.2.16/modules/ssl/ssl_toolkit_compat.h httpd-2.2.16-ecc/modules/ssl/ssl_toolkit_compat.h
195
---- httpd-2.2.16/modules/ssl/ssl_toolkit_compat.h	2010-07-12 20:47:45.000000000 +0200
196
-+++ httpd-2.2.16-ecc/modules/ssl/ssl_toolkit_compat.h	2011-01-04 21:55:26.583924797 +0100
197
-@@ -38,6 +38,13 @@
198
- #include <openssl/evp.h>
199
- #include <openssl/rand.h>
200
- #include <openssl/x509v3.h>
201
-+
202
-+
203
-+/* ECC support came along in OpenSSL 1.0.0 */
204
-+#if (OPENSSL_VERSION_NUMBER < 0x10000000)
205
-+#define OPENSSL_NO_EC
206
-+#endif
207
-+
208
- /** Avoid tripping over an engine build installed globally and detected
209
-  * when the user points at an explicit non-engine flavor of OpenSSL
210
-  */
211
-diff -Naur httpd-2.2.16/modules/ssl/ssl_util.c httpd-2.2.16-ecc/modules/ssl/ssl_util.c
212
---- httpd-2.2.16/modules/ssl/ssl_util.c	2008-09-18 16:34:51.000000000 +0200
213
-+++ httpd-2.2.16-ecc/modules/ssl/ssl_util.c	2011-01-04 21:54:17.578477589 +0100
214
-@@ -150,6 +150,11 @@
215
-             case EVP_PKEY_DSA:
216
-                 t = SSL_ALGO_DSA;
217
-                 break;
218
-+#ifndef OPENSSL_NO_EC
219
-+            case EVP_PKEY_EC:
220
-+                t = SSL_ALGO_ECC;
221
-+                break;
222
-+#endif 
223
-             default:
224
-                 break;
225
-         }
226
-@@ -174,6 +179,11 @@
227
-         case SSL_ALGO_DSA:
228
-             cp = "DSA";
229
-             break;
230
-+#ifndef OPENSSL_NO_EC
231
-+        case SSL_ALGO_ECC:
232
-+            cp = "ECC";
233
-+            break;
234
-+#endif
235
-         default:
236
-             break;
237
-     }
238
-@@ -245,7 +255,11 @@
239
-     apr_hash_set(table, key, klen, NULL);
240
- }
241
- 
242
-+#ifndef OPENSSL_NO_EC
243
-+static const char *ssl_asn1_key_types[] = {"RSA", "DSA", "ECC"};
244
-+#else
245
- static const char *ssl_asn1_key_types[] = {"RSA", "DSA"};
246
-+#endif
247
- 
248
- const char *ssl_asn1_keystr(int keytype)
249
- {
... ...
@@ -0,0 +1,163 @@
1
+--- httpd-2.4.3/modules/arch/unix/config5.m4.systemd
2
++++ httpd-2.4.3/modules/arch/unix/config5.m4
3
+@@ -18,6 +18,19 @@ APACHE_MODULE(privileges, Per-virtualhos
4
+   fi
5
+ ])
6
+ 
7
++
8
++APACHE_MODULE(systemd, Systemd support, , , $unixd_mods_enabled, [
9
++  AC_CHECK_LIB(systemd-daemon, sd_notify, SYSTEMD_LIBS="-lsystemd-daemon")
10
++  AC_CHECK_HEADERS(systemd/sd-daemon.h, [ap_HAVE_SD_DAEMON_H="yes"], [ap_HAVE_SD_DAEMON_H="no"])
11
++  if test $ap_HAVE_SD_DAEMON_H = "no" || test -z "${SYSTEMD_LIBS}"; then
12
++    AC_MSG_WARN([Your system does not support systemd.])
13
++    enable_systemd="no"
14
++  else
15
++    APR_ADDTO(MOD_SYSTEMD_LDADD, [$SYSTEMD_LIBS])
16
++    enable_systemd="yes"
17
++  fi
18
++])
19
++
20
+ APR_ADDTO(INCLUDES, [-I\$(top_srcdir)/$modpath_current])
21
+ 
22
+ APACHE_MODPATH_FINISH
23
+--- httpd-2.4.3/modules/arch/unix/mod_systemd.c.systemd
24
++++ httpd-2.4.3/modules/arch/unix/mod_systemd.c
25
+@@ -0,0 +1,138 @@
26
++/* Licensed to the Apache Software Foundation (ASF) under one or more
27
++ * contributor license agreements.  See the NOTICE file distributed with
28
++ * this work for additional information regarding copyright ownership.
29
++ * The ASF licenses this file to You under the Apache License, Version 2.0
30
++ * (the "License"); you may not use this file except in compliance with
31
++ * the License.  You may obtain a copy of the License at
32
++ *
33
++ *     http://www.apache.org/licenses/LICENSE-2.0
34
++ *
35
++ * Unless required by applicable law or agreed to in writing, software
36
++ * distributed under the License is distributed on an "AS IS" BASIS,
37
++ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
38
++ * See the License for the specific language governing permissions and
39
++ * limitations under the License.
40
++ * 
41
++ */
42
++
43
++#include <stdint.h>
44
++#include <ap_config.h>
45
++#include "ap_mpm.h"
46
++#include <http_core.h>
47
++#include <http_log.h>
48
++#include <apr_version.h>
49
++#include <apr_pools.h>
50
++#include <apr_strings.h>
51
++#include "unixd.h"
52
++#include "scoreboard.h"
53
++#include "mpm_common.h"
54
++
55
++#include "systemd/sd-daemon.h"
56
++
57
++#if APR_HAVE_UNISTD_H
58
++#include <unistd.h>
59
++#endif
60
++
61
++#define KBYTE 1024
62
++
63
++static pid_t pid;	/* PID of the main httpd instance */
64
++static int server_limit, thread_limit, threads_per_child, max_servers;
65
++static time_t last_update_time;
66
++static unsigned long last_update_access;
67
++static unsigned long last_update_kbytes;
68
++
69
++static int systemd_pre_mpm(apr_pool_t *p, ap_scoreboard_e sb_type)
70
++{
71
++    int rv;
72
++    last_update_time = time(0);
73
++
74
++    ap_mpm_query(AP_MPMQ_HARD_LIMIT_THREADS, &thread_limit);
75
++    ap_mpm_query(AP_MPMQ_HARD_LIMIT_DAEMONS, &server_limit);
76
++    ap_mpm_query(AP_MPMQ_MAX_THREADS, &threads_per_child);
77
++    /* work around buggy MPMs */
78
++    if (threads_per_child == 0)
79
++        threads_per_child = 1;
80
++    ap_mpm_query(AP_MPMQ_MAX_DAEMONS, &max_servers);
81
++
82
++    pid = getpid();
83
++    
84
++    rv = sd_notifyf(0, "READY=1\n"
85
++                    "STATUS=Processing requests...\n"
86
++                    "MAINPID=%lu",
87
++                    (unsigned long) pid);
88
++    if (rv < 0) {
89
++        ap_log_perror(APLOG_MARK, APLOG_ERR, 0, p, 
90
++                     "sd_notifyf returned an error %d", rv);
91
++    }
92
++
93
++    return OK;
94
++}
95
++
96
++static int systemd_monitor(apr_pool_t *p, server_rec *s)
97
++{
98
++    int i, j, res, rv;
99
++    process_score *ps_record;
100
++    worker_score *ws_record;
101
++    unsigned long access = 0;
102
++    unsigned long bytes = 0;
103
++    unsigned long kbytes = 0;
104
++    char bps[5];
105
++    time_t now = time(0);
106
++    time_t elapsed = now - last_update_time;
107
++
108
++    for (i = 0; i < server_limit; ++i) {
109
++        ps_record = ap_get_scoreboard_process(i);
110
++        for (j = 0; j < thread_limit; ++j) {
111
++            ws_record = ap_get_scoreboard_worker_from_indexes(i, j);
112
++            if (ap_extended_status && !ps_record->quiescing && ps_record->pid) {
113
++                res = ws_record->status;
114
++                if (ws_record->access_count != 0 || 
115
++                    (res != SERVER_READY && res != SERVER_DEAD)) {
116
++                    access += ws_record->access_count;
117
++                    bytes += ws_record->bytes_served;
118
++                    if (bytes >= KBYTE) {
119
++                        kbytes += (bytes >> 10);
120
++                        bytes = bytes & 0x3ff;
121
++                    }
122
++                }
123
++            }
124
++        }
125
++    }
126
++
127
++    apr_strfsize((unsigned long)(KBYTE *(float) (kbytes - last_update_kbytes)
128
++                                 / (float) elapsed), bps);
129
++
130
++    rv = sd_notifyf(0, "READY=1\n"
131
++                    "STATUS=Total requests: %lu; Current requests/sec: %.3g; "
132
++                    "Current traffic: %sB/sec\n", access,
133
++                    ((float)access - last_update_access) / (float) elapsed, bps);
134
++    if (rv < 0) {
135
++        ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, APLOGNO(00000)
136
++                     "sd_notifyf returned an error %d", rv);
137
++    }
138
++
139
++    last_update_access = access;
140
++    last_update_kbytes = kbytes;
141
++    last_update_time = now;
142
++
143
++    return DECLINED;
144
++}
145
++
146
++static void systemd_register_hooks(apr_pool_t *p)
147
++{
148
++    /* We know the PID in this hook ... */
149
++    ap_hook_pre_mpm(systemd_pre_mpm, NULL, NULL, APR_HOOK_LAST);
150
++    /* Used to update httpd's status line using sd_notifyf */
151
++    ap_hook_monitor(systemd_monitor, NULL, NULL, APR_HOOK_MIDDLE);
152
++}
153
++
154
++module AP_MODULE_DECLARE_DATA systemd_module =
155
++{
156
++    STANDARD20_MODULE_STUFF,
157
++    NULL,
158
++    NULL,
159
++    NULL,
160
++    NULL,
161
++    NULL,
162
++    systemd_register_hooks,
163
++};
0 164